MPLS Module Installation and User Guide Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: February 2002 Part number: 100084-00 Rev.
©2002 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions. ExtremeWare, Extreme Standby Router Protocol, ESRP, Summit, and the Extreme Networks logo are trademarks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. Specifications are subject to change without notice.
Contents Preface Introduction Terminology xi xii Conventions xii Related Publications 1 xiii Overview Summary of Features MPLS IP Unicast Forwarding Destination-Sensitive Accounting 1-2 1-2 1-2 1-2 MPLS Module Physical Description MPLS Module LED Indicators Service Port Console Port 1-2 1-4 1-5 1-5 BlackDiamond 6800 Series Switch Overview About BlackDiamond Modules 1-5 1-5 About the MPLS Module 1-6 About MPLS 1-6 About MPLS Layer-2 VPNs 1-7 MPLS Module Installation and User Guide iii
2 3 About IP Unicast Forwarding 1-8 About Destination-Sensitive Accounting 1-8 Installing or Replacing an MPLS Module Preparing for Installation Software and Hardware Version Requirements Safety Information Tools MPLS Module Slot Locations 2-1 2-2 2-3 2-4 2-4 Inserting and Securing a Module 2-6 Verifying the Module Installation LED Indicators Displaying Slot Status Information 2-8 2-8 2-8 Troubleshooting Identifying Problem Categories Fixing Configuration Errors Upgrading the Switch Software Ima
MPLS Layer MPLS Label Stack Penultimate Hop Popping Label Binding Label Space Partitioning 3-8 3-8 3-10 3-10 3-10 Configuring MPLS Commands for MPLS Configuring Interfaces 3-12 3-12 3-15 Configuring the Maximum Transmission Unit Size Configuring the Propagation of IP TTL Configuring Penultimate Hop Popping Configuring QoS Mappings Dot1p-to-exp Mappings Exp-to-dot1p Mappings Resetting MPLS Configuration Parameter Values Displaying MPLS Configuration Information Displaying Displaying Displaying Displayi
5 Configuring RSVP-TE RSVP Elements Message Types 5-2 5-2 Path Message Reservation Message Path Error Message Reservation Error Message Path Tear Message Reservation Tear Message Reservation Confirm Message 5-3 5-4 5-4 5-4 5-4 5-5 5-5 Reservation Styles 5-5 Fixed Filter Shared Explicit Wildcard 5-6 5-6 5-6 Bandwidth Reservation 5-6 Bandwidth Accounting RSVP State 5-7 5-7 Traffic Engineering RSVP Tunneling RSVP Objects 5-8 5-8 5-9 Label Label Request Explicit Route Record Route Session Attribu
Configuring an RSVP-TE LSP Adding a Path to an RSVP-TE LSP Displaying RSVP-TE LSP Configuration Information Displaying the RSVP-TE Routed Path Displaying the RSVP-TE Path Profile Displaying the RSVP-TE LSP Configuration Example 6 7 5-23 5-23 5-24 5-25 5-25 5-25 5-26 MPLS and IP Routing Routing Using LSPs Routing Using Direct and Indirect LSPs LSP Precedence and Interaction Equal Cost LSPs Overriding IBGP Metrics for RSVP-TE LSPs 6-2 6-2 6-4 6-4 6-5 LSPs and IBGP Next Hops Multivendor Support for Indir
TLS VPN Configuration Examples Basic MPLS TLS Configuration Example Full Mesh TLS Configuration 7-10 7-11 7-12 mpls1 mpls2 mpls3 mpls4 7-13 7-13 7-13 7-13 Hub and Spoke TLS Configuration 7-14 mpls1 mpls2 mpls3 mpls4 7-15 7-15 7-15 7-15 Configuration Example Using PPP Transparent Mode Using ESRP with MPLS TLS Tunnel Endpoint VLANs LSP Tracking Configuration Example 8 7-17 7-18 7-21 7-22 Configuring Destination-Sensitive Accounting Overview of Destination-Sensitive Accounting 8-1 Basic Accounting
Route Map Operation Configuring the Accounting Bin Number for Route Map Entry Route Map Configuration Examples 8-13 8-13 8-13 Configuring Destination-Sensitive Accounting Based on Destination IP Subnets 8-14 Configuring Destination-Sensitive Accounting Based on BGP Community Strings 8-15 Applying the Route Map to the IP Routing Table 8-17 Displaying the Configured Route Maps for the IP Route Table 8-17 Retrieving Accounting Statistics Using the CLI to Retrieve Accounting Statistics Using SNMP to Retrie
A Supported MIBs and Standards Standards Supported for MPLS A-1 MIBs Supported for MPLS A-2 Index Index of Commands x MPLS Module Installation and User Guide
Preface This preface provides an overview of this guide, describes guide conventions, and lists other publications that may be useful. Introduction This guide provides the required information to install the MPLS module in a BlackDiamond® 6800 series switch from Extreme Networks and perform the initial module configuration tasks. This guide is intended for use by network administrators who are responsible for installing and setting up network equipment.
Terminology Switches and switch modules that use naming conventions ending in “i” have additional capabilities that are documented throughout this user guide. For the most current list of products supporting the “i” chipset, consult your release notes. Unless otherwise specified, a feature requiring the “i” chipset requires the use of both an “i” chipset-based management module, such as the MSM64i, and an “i” chipset-based I/O module, such as the G8Xi.
Related Publications Table 2: Text Conventions (continued) Convention Description [Key] names Key names are written with brackets, such as [Return] or [Esc]. If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). Example: Press [Ctrl]+[Alt]+[Del]. Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in the text.
xiv MPLS Module Installation and User Guide
1 Overview The MPLS module is a self-contained module for the BlackDiamond 6800 series chassis-based system. Unlike other BlackDiamond modules, there are no external network interfaces on the MPLS module. Instead, the MPLS module provides advanced IP services for the other input/output (I/O) modules installed in the chassis.
Overview Summary of Features The MPLS module includes the following features: • MPLS • IP unicast forwarding (longest prefix match) • Destination-sensitive accounting MPLS MultiProtocol Label Switching (MPLS) is a forwarding algorithm that uses short, fixed-length labels to make next-hop forwarding decisions for each packet in a stream. IP Unicast Forwarding IP unicast packets are forwarded in the hardware using the longest prefix match algorithm.
MPLS Module Physical Description switch. A maximum of four MPLS modules can be placed in a BlackDiamond 6800 series switch.
Overview The network processors are high-performance, programmable devices that enhance the Extreme “i” chipset to support expanded functionality, features, and flexibility. The GPP subsystem handles system control and MPLS module management functions. The GPP subsystem resides outside the packet-forwarding data path to optimize routing and billing performance. MPLS Module LED Indicators The MPLS module is equipped with two module-level LED indicators (STATUS and DIAG) (see Figure 1-2).
BlackDiamond 6800 Series Switch Overview Service Port The MPLS module is equipped with one front-panel service port. The port is reserved for use only by Extreme Networks technical support personnel for diagnostic purposes. Console Port The MPLS module is equipped with one front-panel serial port. The port is reserved for use only by Extreme Networks technical support personnel for diagnostic purposes.
Overview unconfig slot command. If you enter a new configuration for the new module, the module uses that configuration. If you clear the slot configuration, the new module type can use the default configuration ExtremeWare creates. See the ExtremeWare Software User Guide for more information on configuring BlackDiamond modules. About the MPLS Module The MPLS module contains a powerful set of network processors specifically programmed to implement the MPLS function.
About MPLS Layer-2 VPNs By mapping to a specific FEC, the MPLS label efficiently provides the router with all of the local link information needed for immediate forwarding to the next hop. MPLS creates a Label Switched Path (LSP) along which each Label Switch Router (LSR) can make forwarding decisions based solely upon the content of the labels. At each hop, the LSR simply strips off the existing label and applies a new one that tells the next LSR how to forward the packet.
Overview About IP Unicast Forwarding IP unicast forwarding is performed on the MPLS module to facilitate implementation of MPLS and accounting. When MPLS or accounting functions are enabled, the MPLS module, rather than the switch fabric hardware, performs layer-3 IP unicast forwarding. Layer-2 switching and Layer-3 IP multicast forwarding are unaffected.
About Destination-Sensitive Accounting You use accounting statistics to bill your customers. For a given set of statistics, the source VLAN ID identifies the customer and the accounting bin number corresponds to a billing rate. Use the ExtremeWare route-map function to configure policies that assign accounting bin numbers to IP routes. Bin 0 is the default bin. Any route that does not have an explicit bin assignment via the route-map function defaults to bin 0.
Overview 1-10 MPLS Module Installation and User Guide
2 Installing or Replacing an MPLS Module This chapter covers the following topics: • Preparing for Installation on page 2-1 • Inserting and Securing a Module on page 2-6 • Verifying the Module Installation on page 2-8 • Troubleshooting on page 2-9 • Removing and Replacing an MPLS Module on page 2-14 Preparing for Installation This section describes the preparation steps that you must perform before inserting and securing an MPLS module.
Installing or Replacing an MPLS Module Software and Hardware Version Requirements MPLS modules are compatible with “i” -series MSM modules, Summit and “i” -series I/O modules, and Packet over SONET (PoS) modules. For the most current list of I/O and PoS modules supported for use with the MPLS module, consult your release notes.
Preparing for Installation The MSM software package is compatible with the MPLS module software package when the following conditions are true: • Base ExtremeWare version numbers match. • Technology release names match. • Extended major version numbers match. • Extended minor version number of the MSM software package is equal to or greater than the extended minor version of the MPLS module software package. The extended build number is ignored for compatibility comparisons.
Installing or Replacing an MPLS Module The MPLS module uses electronic components that are sensitive to static electricity. Electrostatic discharge (ESD) originating from you or from objects around you can damage these components. Exercise every possible precaution to prevent ESD when working around printed-circuit assemblies. Keep all printed-circuit assemblies in protective ESD-preventive sacks or place them on antistatic mats until you are ready to install them.
Preparing for Installation MSM module slots I/O module slots ESD wrist strap connector 1 2 3 4 I/O module slots A B 5 50015 50015 51040 6 7 8 51032 52011 STATUS STATUS R ER G DIA S TU STA V EN R ST M S SY R ER V EN R ST M S SY 9 17 25 2 10 18 26 1 5 9 2 6 10 3 7 11 4 12 20 28 4 8 12 5 13 21 29 6 14 22 30 7 15 23 31 16 24 32 = ACTIVITY AMBER = LINK OK GREEN FLASHING GREEN = DISABLED DIAG DIAG 1 1 3 8 11 19 AMBER = ACTIVITY 27 GREEN = LIN
Installing or Replacing an MPLS Module Inserting and Securing a Module To insert and secure an MPLS module, follow these steps: MPLS modules must be installed in any of the BlackDiamond 6808 chassis slots labeled Slot 1 through Slot 8. MPLS modules do not fit in Slot A or Slot B. Forceful insertion can damage the MPLS module.
Inserting and Securing a Module (a) Loosen captive screws 1 2 3 4 A B 50015 50015 5 6 7 8 (b) Pivot ejector/injector handles POWER POWER DC OUT AC IN 50020 DC OUT AC IN 50020 PoS_0 MPLS_ Figure 2-2: Inserting and securing an MPLS module When the module is pushed into the chassis slot, the ejector/injector handles begin pivoting to their closed position. d Close the ejector/injector handles by pushing them toward the center of the module.
Installing or Replacing an MPLS Module e Use a #1 Phillips-head screwdriver to tighten the captive screw on each end of the module front panel to prevent the module from being dislodged from the backplane connectors and to ensure satisfactory protection from EMI. Repeat this procedure for additional modules, if applicable. Verifying the Module Installation After you install the MPLS module, verify that the module is working correctly.
Troubleshooting Troubleshooting This section describes how to isolate module-specific problems and determine when it is appropriate to remove and replace an MPLS module.
Installing or Replacing an MPLS Module Identifying Problem Categories Table 2-1 lists the color states of the MPLS module LEDs and describes their associated meanings. Table 2-1: MPLS Module LEDs LED Color Indicates Corrective action Normal operation No action required. Configuration error (configured slot type is different than inserted module type) See “Fixing Configuration Errors” on page 2-11.
Troubleshooting Fixing Configuration Errors If the STATUS LED on the MPLS module turns amber and blinks, use the show slot command to display the configured slot type. The output from this command also displays information about the module state, including the card mismatch message. This message indicates that the slot was previously configured for a module type different than the one you just installed.
Installing or Replacing an MPLS Module To download an MPLS module software image, use the following command: download image [ | | {primary | secondary} slot The download command verifies that the new code image is compatible with the card inserted into the specified slot. If the image is not compatible, the download is aborted.
Troubleshooting Identifying Conditions for Replacing an MPLS Module If the STATUS LED on the MPLS module turns amber and blinks, use the show slot command to display the slot status information. The show slot command also displays operational information related to the MPLS module. Information displayed includes the BlackDiamond switch fabric card state, Network Processor status, General Purpose Processor status, hardware serial number and type, and image version and boot settings.
Installing or Replacing an MPLS Module Removing and Replacing an MPLS Module MPLS modules can be installed in any of the BlackDiamond 6808 chassis slots labeled Slot 1 through Slot 8. MPLS module do not fit in Slot A or Slot B. Forceful insertion can damage the MPLS module. The MPLS module can be extracted from or inserted into the BlackDiamond 6808 chassis at any time without disrupting network services.
Removing and Replacing an MPLS Module 6 Grasp the module front panel with one hand and place your other hand under the metal card carrier to support the weight of the module. Slide the module completely out of the chassis slot. Place the module immediately into an antistatic sack to protect it from ESD damage and prevent dust from collecting on the module’s optical fiber connectors. 7 Install and secure the replacement module. See “Inserting and Securing a Module” on page 2-6 for more details.
Installing or Replacing an MPLS Module 2-16 MPLS Module Installation and User Guide
3 Configuring the MPLS Module This chapter describes general information about MPLS and the ExtremeWare commands that support the MPLS module. Other commands and background information used to configure I/O modules and switch behavior in a network are documented in the ExtremeWare Software User Guide. For hardware installation information for the BlackDiamond 6800 series switch, see the BlackDiamond Hardware Installation Guide.
Configuring the MPLS Module Conceptually, label switching is straightforward. A label is a relatively short, fixed-length identifier that is used to forward packets received from a given link. The label value is locally significant to a particular link and is assigned by the receiving entity. Because labels are relatively short (for example, 20 bits in a MPLS shim header), the label of a received packet can be used as an index into a linear array containing the forwarding database.
Overview of MPLS Table 3-1: MPLS Terms and Acronyms (continued) Term or Acronym Description DU Downstream Unsolicited. Distribution of labels downstream without an explicit label request. FEC Forward Equivalence Class. A group of packets that are forwarded in the same manner (for example, over the same Label Switched Path). Label A short, fixed-length identifier used to forward packets from a given link.
Configuring the MPLS Module Table 3-1: MPLS Terms and Acronyms (continued) Term or Acronym Description TLS Tunnel A specific type of VC tunnel that carries only VLAN tagged Ethernet traffic. Tunnel LSP Any active RSVP-TE LSP used to forward IP traffic through an MPLS network. VC Virtual Circuit. A logical point-to-point connection. VC Tunnel A two label stack LSP used to tunnel a specific type of traffic. The type of traffic carried over the VC tunnel is negotiated when VC tunnel is established.
Overview of MPLS binding for the FEC. The label mapping message then follows the routed path back to the ingress LSR, and a label binding is provided by each LSR along the path. LSP establishment is complete when the ingress LER receives the label mapping message. Conversely, using DU mode, an LSR may distribute label bindings to LSRs that have not specifically requested them. These bindings are distributed using the label mapping message, as in downstream-on-demand mode.
Configuring the MPLS Module LSP Control Modes MPLS provides two LSP control modes: • Independent • Ordered Using independent LSP control, each LSR makes independent decisions to bind labels to FECs. By contrast, using ordered LSP control, the initial label for an LSP is always assigned by the egress LSR for the associated FEC (either in response to a label request message or by virtue of sending an unsolicited label mapping message).
Overview of MPLS LSR for LSP A LSP A Ingress LER Source IP network LSP B LSR MPLS cloud Destination IP network for LSP B Egress LER for LSP B Egress LER for LSP A Destination IP network for LSP A MPLS_12 Figure 3-2: LSR types The functions of the LSR types are described in Table 3-2. Table 3-2: LSR Functions LSR Function Ingress LER Inserts one or more labels into packets transmitted onto an LSP. Intermediate LSR Forwards packets via label swapping.
Configuring the MPLS Module MPLS Layer MPLS can be thought of as a shim-layer between layer 2 and layer 3 of the protocol stack. MPLS provides connection services to layer-3 functions while making use of link-layer services from layer-2. To achieve this, MPLS defines a shim header that is inserted between the link layer header and the network layer header of transmitted frames. The format of a 32-bit MPLS shim header is illustrated in Figure 3-3.
MPLS Layer Figure 3-5 illustrates the format of a unicast MPLS frame on an Ethernet link. The MAC addresses are those of the adjacent MPLS router interfaces. The x8847 Ethertype value indicates that the frame contains a MPLS unicast packet. A different Ethertype value (x8848) is used to identify MPLS multicast packets.
Configuring the MPLS Module Penultimate Hop Popping Penultimate hop popping (PHP) is an LSR label stack processing optimization feature. When enabled, the LSR can “pop” (or discard) the remaining label stack and forward the packet to the last router along the LSP as a normal Ethernet packet. By popping the label stack one hop prior to the LSP egress router, the egress router is spared having to do two lookups.
MPLS Layer Table 3-3: MPLS Label Space Partitions Label Range Label Partition Description x00000-x0000F Defined/reserved by MPLS standards specified in RFC 3032. x00010-x0BBFF (48,112) LSR Partition — Used to identify intermediate LSR LSPs. x8C000-x8FFFF (16,384) TLS LER Partition — Used to identify the VLAN for which TLS traffic is destined when performing the egress LER function. xCBC00-xCBFFF (1024) IP LER Partition — Used for mappings to IP FECs when performing the egress LER function.
Configuring the MPLS Module maximally-sized label stack. For example, a jumbo frame size of at least 1530 bytes is needed to support a two-level label stack on a tagged Ethernet port and a jumbo frame size of at least 1548 bytes is needed to support a TLS encapsulated MPLS frame. Configuring MPLS This section describes how to configure: • MPLS interfaces • LDP • OSPF support • QoS support • Filter support Commands for MPLS Table 3-5 describes the ExtremeWare commands for configuring and monitoring MPLS.
Configuring MPLS Table 3-5: MPLS Configuration Commands (continued) Command Description config mpls propagate-ip-ttl [enabled | disabled] Enables or disables the propagation of the IP time-to-live (TTL) field for routed IP packets. Specify one of the following: config mpls qos-mapping [dot1p-to-exp | exp-to-dot1p] [all | ]/ ■ enabled — Each LSR is viewed as a router hop from an IP TTL perspective.
Configuring the MPLS Module Table 3-5: MPLS Configuration Commands (continued) Command Description show mpls forwarding {summary | detail | Displays information from the FEC-to-NHLFE inactive | host {detail | inactive} | database, used when forwarding non-MPLS prefix {detail | packets onto an LSP. Also displays information inactive} | rsvp-te {detail}} for RSVP-TE LSPs. Omitting all keywords causes summary information for all FECs to be displayed.
Configuring MPLS Table 3-5: MPLS Configuration Commands (continued) Command Description unconfig mpls Resets MPLS configuration parameters to the default settings. unconfig mpls qos-mapping [dotp-to-exp | exp-to-dot1p | lsp ] Restores the default values for the specified QoS mapping table.
Configuring the MPLS Module Configuring the Maximum Transmission Unit Size After you have enabled MPLS, you can configure the maximum transmission unit (MTU) size using the following command: config mpls vlan [ | all] ip-mtu This command configures the IP MTU for frames transmitted onto MPLS LSPs via the specified egress VLAN. The default settings is 1496 bytes. If all is selected, the configuring MTU applies to all MPLS-enabled VLANs.
Configuring MPLS decremented once by the ingress LSR and once by the egress LSR. When disabled, the MPLS TTL is set to 255 by the ingress LSR and is independent of the IP TTL. When propagate-ip-ttl is enabled, each LSR is viewed as a router hop (from an IP TTL perspective). When a packet traverses an LSP, it emerges with the same TTL value that it would have had if it had traversed the same sequence of routers without being label-switched.
Configuring the MPLS Module Two mappings are supported: • dot1p-to-exp • exp-to-dot1p Dot1p-to-exp Mappings The dot1p-to-exp mappings are used by the ingress LSR. When a non-MPLS ingress frame arrives at the MPLS module, the frame always contains an IEEE 802.1p priority field. The value of the priority field is set based on the QoS classification performed by the ingress I/O module. The ingress I/O modules assign each packet to a hardware queue, based on the configured ExtremeWare QoS policies.
Configuring MPLS The frame is then assigned to a QoS profile, based on the retrieved 802.1p priority value. The mappings between 802.1p priority values and QoS profiles are configured using the following command: config dot1p type For more information on QoS, see the ExtremeWare Software User Guide. For more information on the PoS module, see the PoS Module Installation and User Guide.
Configuring the MPLS Module Displaying MPLS Configuration Information You can display MPLS information about the following topics: • MPLS configuration information for the entire switch or for a specific VLAN • MPLS forwarding entry information • MPLS LDP peer information • MPLS RSVP-TE peer information • MPLS label mapping information • MPLS QoS mapping information Displaying MPLS Configuration Information To display MPLS configuration information, use the following command: show mpls {vlan } {deta
Configuring MPLS By default, the information displayed includes: • Next hop IP address • Outgoing label • Interface number of the outgoing VLAN If the detail keyword is specified, the following additional information is displayed: • Outgoing port number • Counts of packets and bytes that have been transmitted using the database entry By default, information is displayed for active mappings. To display information for liberally-retained inactive mappings, use the inactive keyword.
Configuring the MPLS Module • Interface number of the outgoing VLAN • FEC associated with the incoming label If the detail keyword is specified, the following additional information is displayed: • Outgoing port number • Counts of packets and bytes that have been received with the incoming label • Counts of packets and bytes that have been transmitted with the outgoing label • LSP type This command also displays information from the Incoming Label Map (ILM) for RSVP-TE LSPs.
4 Configuring the Label Distribution Protocol This chapter describes the Label Distribution Protocol (LDP) and covers the following topics: • Overview of LDP on page 4-1 • Configuring LDP on page 4-3 • Configuration Example on page 4-10 Overview of LDP The Label Distribution Protocol (LDP) is a protocol defined by the IETF for the purpose of establishing an MPLS LSP. Using LDP, peer LSRs exchange label binding information to create the LSP.
Configuring the Label Distribution Protocol Hello messages must continue to be received periodically for the hello-adjacency to be maintained. The hold time that specifies the duration for which a hello message remains valid defaults to 15 seconds in the basic discovery mechanism and can be negotiated by the peer LSRs as part of the HELLO exchange. During the HELLO exchange, each LSR proposes a value and the lower of the two is used as the hold time.
Configuring LDP Configuring LDP This section describes the following tasks: • Configuring LDP on a VLAN on page 4-6 • Configuring LDP Filters on page 4-6 • Configuring LDP Session Timers on page 4-8 • Restoring LDP Session Timers on page 4-9 • Displaying LDP Peer Information on page 4-9 Commands for LDP Table 4-1 describes the ExtremeWare commands for configuring and monitoring LDP. Each command is described in detail in the sections that follow.
Configuring the Label Distribution Protocol Table 4-1: LDP Configuration Commands Command Description config mpls [ldp | targeted-ldp] [hello | keep-alive] Configures LDP session timers. Specify one of the following: ■ ldp — Specifies an LDP session. ■ targeted-ldp — Specifies a targeted LDP session. ■ hello — The amount of time (in seconds) that a hello message received from a neighboring LSR remains valid.
Configuring LDP Table 4-1: LDP Configuration Commands (continued) Command Description config mpls ldp advertise [add | delete] vlan Configures LDP to originate an unsolicited label for the FECs associated with the directly attached routing interface of the specified VLAN. The delete keyword removes label origination of the direct route for the specified VLAN.
Configuring the Label Distribution Protocol Table 4-1: LDP Configuration Commands (continued) Command Description show mpls ldp {} {detail} Displays MPLS LDP session information for one or all LSP sessions. Omitting the ipaddress parameter displays LDP session information for all LDP sessions. Configuring LDP on a VLAN To configure LDP on a VLAN, use the following command: config mpls add vlan [ | all] {ldp} This command enables LDP on one of all VLAN.
Configuring LDP You can configure the propagation filter, as follows: • all — All unsolicited label mappings are propagated to the VLAN. This is the default setting. • none — No unsolicited label mappings are propagated to the VLAN. • route-map — The specified route map is used to permit or deny the propagation of unsolicited label mappings to the VLAN. The only supported route map match operation keyword is nlri-list.
Configuring the Label Distribution Protocol • route-map — The specified route map is used to permit or deny the origination of unsolicited label mappings for all routes of the specified type. The only supported route map match operation keyword is nlri-list. If selected, the access_profile parameter of the nlri-list keyword is compared to the FEC that is associated with each route. For more information on route maps, see the ExtremeWare Software Users Guide.
Configuring LDP The default values are as follows: • ldp hello – 15 • targeted-ldp hello – 45 • ldp hello – 5 • targeted-ldp hello – 15 • ldp keep-alive – 40 • targeted-ldp keep-alive – 60 • ldp keep-alive – 13 • targeted-ldp keep-alive – 20 This command can only be executed when MPLS is disabled.
Configuring the Label Distribution Protocol If you specify the detail keyword, the following additional information is displayed: • Discontinuity time • Negotiated label distribution • Next hop address Configuration Example The network configuration, shown in Figure 4-1, illustrates how to configure a BlackDiamond switch to support a routed MPLS network. 4 /2 . .0 n1 11 vla 11 .0 0 1. .3 an .0/2 4 3 vl LSR 3 Router ID =11.0.3.11 12.12.12.0/24 9.9.9.0/24 unc LSR 1 Router ID =11.0.1.
Configuration Example Ethernet to form the OSPF backbone area and the MPLS domain. In this example, two directly connected OSPF-disabled VLANs are shown: unc and duke. Traffic between unc and duke follows routed paths over indirect LSPs established between LSR 1 and LSR 4. The commands used to configure LSR 1 are described below. The remaining LSRs are configured similarly.
Configuring the Label Distribution Protocol The following commands enable IP forwarding on the configured VLANs.
5 Configuring RSVP-TE This chapter describes the Resource Reservation Protocol (RSVP), traffic engineering (TE) extensions to RSVP, and how you configure RSVP-TE using ExtremeWare.
Configuring RSVP-TE terms of peak data rate, average data rate, burst size, and minimum/maximum packet sizes. RSVP-TE is a set of traffic engineering extensions to RSVP. RSVP-TE extensions enable RSVP to be used for traffic engineering in MPLS environments. The primary extensions add support for assigning MPLS labels and specifying explicit paths as a sequence of loose and strict routes. These extensions are supported by including label request and explicit route objects in the path message.
RSVP Elements Previous hops A Incoming interfaces Data Outgoing interfaces a Path c Next hops Data C Path Resv Resv Router B Data b Path Resv B' d D Data Path Resv D' MPLS_27 Figure 5-1: RSVP Messages In addition to the path and reserve messages, RSVP has the following additional message types: • Path error message • Reservation error message • Path tear message • Reserve tear message • Reservation confirm message Path Message The RSVP path message is used to store state information
Configuring RSVP-TE Reservation Message Each receiver host transmits an RSVP reservation request to its upstream neighbor. Reservation messages follow the reverse path that the data packets use. The reservation message creates and maintains a reservation state in each node on the path. Reservation messages are eventually delivered to the sender, so that the sender can configure appropriate traffic control parameters for the first hop node.
RSVP Elements Reservation Tear Message The reservation tear message deletes the matching reservation state. If there is no matching reservation state, the message is discarded. The reservation tear message can delete any subset of the filter specification in FF-style or SE-style reservation state. Reservation styles are described in Table 5-2. Reservation tear messages are initiated explicitly by receivers or by a node in which the reservation state has timed out.
Configuring RSVP-TE The following sections describe the three reservation styles: • Fixed filter • Shared explicit • Wildcard Fixed Filter The fixed filter (FF) reservation style uses a distinct reservation and an explicit sender selection. A fixed filter reservation creates a distinct reservation for data packets for a particular sender. Shared Explicit The shared explicit (SE) reservation style uses a shared reservation and an explicit sender selection.
RSVP Elements LSRs make a bandwidth reservation on a per-LSP basis. Only Controlled-Load1 service requests are supported. When bandwidth is requested, it is possible for the the LSP to be established, even when the requested bandwidth is not reserved. You must verify that the requested bandwidth was actually reserved. In cases when the bandwidth reserved is less than the amount requested, you can manually tear down the LSP and resignal it using a different path. CSPF is not supported.
Configuring RSVP-TE as topology changes that alter the routed path for a flow. However, the increased control traffic load can be a scalability concern. For this reason, considerable work has been done towards reducing RSVP refresh overhead through the implementation of RFC 2961, RSVP Overhead Refresh Reduction Extensions. One aspect of RSVP refresh reduction enables a very long refresh timer by adding support for reliable delivery of RSVP control messages.
Traffic Engineering RSVP Objects This section describes the RSVP objects that are used to establish RSVP-TE LSPs: • Label • Label request • Explicit route • Record route • Session attribute Label The label object is carried in the reservation message and is used to communicate a next hop label for the requested tunnel endpoint IP address upstream to towards the sender. Label Request A label request object specifies that a label binding for the tunneled path is requested.
Configuring RSVP-TE If any of the above criteria are met, the sender can decide to use the explicit route for some or all of its sessions. To do this, the sender node adds an explicit route object to the path message. After the session has been established, the sender node can dynamically reroute the session (if, for example, if discovers a better route) by changing the explicit route object.
RSVP Features Route Recording The route a path takes can be recorded. Recording the path allows the ingress LER to know, on a hop-by-hop basis, which LSRs the path traverses. Knowing the actual path of an LSP can be especially useful for diagnosing various network issues. Network path recording is configurable per path. If enabled, the record route object (RRO) is inserted into the path message using a single RRO subobject, representing the ingress LER.
Configuring RSVP-TE An explicit routed path is encoded using the explicit route object (ERO) and is transmitted in the path message. The ERO consists of a list of subobjects, each of which describes an abstract node. By definition, an abstract node can be an IPv4 Prefix, IPv6 Prefix, or an autonomous system (AS) number. ExtremeWare RSVP-TE supports IPv4 abstract nodes, only. They can be an IP prefix interface address or an OSPF router-id.
RSVP Features configured metric that is less than, or equal to, the interior gateway protocol (IGP) metric. In both cases, a TE /32 route to the egress LER is installed in the route table of the ingress LER for all of the best equal-cost RSVP-TE paths. Traffic is distributed across up to four TE /32 routes based on a MAC and IP address hash algorithms. If one of the LSPs fail, the traffic is redistributed across the remaining active LSPs. In this example, no LSP secondary paths are required.
Configuring RSVP-TE is not enabled. The bundle-time value can be set to any value between zero and 30 (or 3 seconds).
Configuring RSVP-TE Table 5-2: RSVP-TE Configuration Commands (continued) Command Description config mpls rsvp-te add lsp path {} {primary | secondary} Adds an RSVP-TE LSP. config mpls rsvp-te add path [ | ] {from } Adds an RSVP-TE routed path.
Configuring RSVP-TE Table 5-2: RSVP-TE Configuration Commands (continued) Command Description config mpls rsvp-te profile {bandwidth } {setup-priority } {hold-priority } {retry-timeout } {hop-count } {ping-interval } {metric [ | igp-tracking} {record [enabled | disabled]} Configures RSVP-TE attributes for the specified profile.
Configuring RSVP-TE Configuring RSVP-TE Protocol Parameters To configure RSVP-TE protocol parameters, use the following command: config mpls rsvp-te vlan [ | all] {hello-interval } {refresh-time } {summary-refresh-time } {bundle-time } {keep-multiplier } This command configures the RSVP-TE protocol parameters for the specified VLAN. The RSVP-TE keyword all indicates that the configuration changes apply to all RSVP-TE enabled VLANs.
Configuring RSVP-TE summary-refresh-time value may be set to any value between zero to 100 (or 10 seconds). If configured, the bundled and summary refresh RSVP messages are only sent to RSVP-TE peers supporting RSVP refresh reduction. Configuring an RSVP-TE Path To add an RSVP-TE routed path, use the following command: config mpls rsvp-te add path [ | ] {from } The and or must be specified for the path.
Configuring RSVP-TE Configuring an Explicit Route To add an RSVP-TE explicit route, use the following command: config mpls rsvp-te path add ero [ipaddress | ] {strict | loose} {order } This command adds an IP address to the explicit route object (ERO) for the specified path name. The RSVP-TE routed path may be described by a configured sequence of the LSRs and/or subnets traversed by the path. Each defined LSR or subnet represents an ERO subobject.
Configuring RSVP-TE follows. Thus, the LSP path follows the configured path of the IP prefix with the order value from low to high. If the order keyword is not specified, the number value for the LSR defaults to a value 100 higher than the current highest number value. If the list of IP prefixes, added to the path, does not reflect an actual path through the network topology, the path message is returned with an error from a downstream LSR and the LSP is not established.
Configuring RSVP-TE A profile is a set of attributes that are applied to the LSP when the LSP is configured using the config mpls rsvp-te add lsp command. A default profile is provided which cannot be deleted, but can be applied to any configured LSP. The profile name for the default profile is default. The default profile parameter values are initially set to their respective default values. The maximum number of configurable profiles is 255 (one of which is reserved for the default profile).
Configuring RSVP-TE The valid metric values range from 1 to 65535. Specifying the igp-tracking keyword forces the route metric to track the underlying IGP metrics. If no IGP metric exists for the LSP (for example, the LSP traverses a RIP network), the metric is ignored. Tracking IGP metrics is the default behavior. The record keyword is used to enable hop-by-hop path recording. The enabled keyword causes the record route object (RRO) to be inserted into the path message.
Configuring RSVP-TE Configuring an RSVP-TE LSP To add an RSVP-TE LSP, use the following command: config mpls rsvp-te add lsp path {} {primary | secondary} Both the and must be specified. The parameter is a character string that is to be used to identify the LSP within the switch. The string must begin with an alphabetic character and can contain up to 31 additional alphanumeric characters. The is optional.
Configuring RSVP-TE All configured primary and secondary paths for the must have the same endpoint IP address. For example, three paths can be configured for the , but all paths should represent different topological paths through the network to the same LSP endpoint. Adding a secondary designates a path as a hot-standby redundant path, used in the event that the primary or secondary path cannot be established or fails.
Configuring RSVP-TE Displaying the RSVP-TE Routed Path To display the RSVP-TE routed path, use the following command: show mpls rsvp-te path {} {detail} This command displays the configuration and status information for MPLS RSVP-TE routed paths. Information is listed in tabular format and includes the path name, path endpoint LSR IP address, and local VLAN (if configured). If the path endpoint is specified as a host name, the host name and the DNS resolved IP address are both displayed.
Configuring RSVP-TE Configuration Example RSVP-TE LSPs comprise profiles, paths, and the actual LSP. This section describes how to configure an RSVP-TE LSP. Configuring RSVP LSPs is a multi-step process with some optional steps, depending on the specific requirements of the LSP. Conceptually, a number of mandatory elements must be configured to create an RSVP-TE LSP. In addition, you can also configure optional elements. In certain configurations, there are also order dependencies.
Configuration Example The typical steps used to configure and verify an RSVP-TE LSP are as follows: 1 Configure a path (mandatory). 2 Configure a profile (optional). 3 Configure an ERO for a path (optional). 4 Configure a primary/secondary LSP (mandatory). 5 Add a secondary LSP (optional). 6 Verify LSP status (recommended). London Router ID 1.0.0.0 0/3 0 yL SP 3.2 ar yL 0 17 6/3 2.2 3.3 5.2 5.2 im ar 2.2 Pr im SP Pr 17 172.25.23.8/30 Birmingham Router ID 4.0.0.0 2.
Configuring RSVP-TE The configuration example, shown in Figure 5-2, creates primary and secondary LSP between the node Glasgow and and the node Birmingham. The steps specifically create an LSP between Glasgow and Birmingham based on an explicitly routed path via London with bandwidth, and setup and hold priority profile requirements. A secondary path is also created which, in the event of failure of a link or node on the primary path, activates the secondary path for the LSP.
Configuration Example The following commands configure two RSVP-TE LSPs; one is the primary and the other is a secondary or backup LSP. Each LSP uses the same profile but different paths.
Configuring RSVP-TE 5-30 MPLS Module Installation and User Guide
6 MPLS and IP Routing This chapter describes how MPLS and IP routing work together to forward information on your network. This chapter covers the following topics: • Routing Using LSPs on page 6-2 • LSPs and IBGP Next Hops on page 6-5 • Optimized Forwarding of Non-MPLS IP Traffic on page 6-6 MPLS provides a great deal of flexibility for routing packets. Received IP unicast frames can be transmitted over LSPs or routed normally.
MPLS and IP Routing Routing Using LSPs This section describes the following topics: • Routing Using Direct and Indirect LSPs on page 6-2 • LSP Precedence and Interaction on page 6-4 • Equal Cost LSPs on page 6-4 • Overriding IBGP Metrics for RSVP-TE LSPs on page 6-5 Routing Using Direct and Indirect LSPs Using MPLS, two types of LSPs can be used to route a packet to its destination: • Direct LSP An LSP is considered direct with respect to an FEC if it has been associated with the FEC via LDP or RSVP-TE.
Routing Using LSPs Table 6-1 describes the label bindings in the MPLS forwarding table for LSR A that are maintained for FECs reachable via LSR A to LSR C, shown in Figure 6-1. Table 6-1: Label Bindings for LSR A Destination Next Hop Direct LSP Label Indirect LSP Label 10.1.1.1/32 10.2.1.1 31 30 10.0.1.0/24 10.2.1.1 32 31 10.0.2.0/24 10.2.1.1 33 31 10.0.3.0/24 10.2.1.1 34 31 A direct LSP is always preferred over an indirect LSP.
MPLS and IP Routing problem with using routes summarized by OSPF ABRs is that route summarization can prevent label mappings from being propagated for the links internal to the area being summarized, since a LSR will typically only propagate labels for FECs that exactly match a routing table entry. LSP Precedence and Interaction LSPs can be LDP or RSVP-TE based, and are either direct or indirect with respect to a given set.
LSPs and IBGP Next Hops TLS tunnels use a two-label stack to tunnel Layer 2 traffic across an IP MPLS domain. If multiple equal-cost LSPs exist to the egress tunnel LSR, TLS tunnel traffic is distributed across the LSPs using multiple two-label stack MPLS headers. Each two-label stack MPLS header has a different outer label, each outer label representing a different NHLFE, with the same inner label representing the TLS VLAN. TLS tunnels can be logically bound to multiple equal-cost LSPs.
MPLS and IP Routing Multivendor Support for Indirect LSPs To support the use of indirect LSPs, Extreme LSRs automatically advertise a label mapping for a /32 LSP to its OSPF router ID (configured using the config ospf routerid command). Unfortunately, some MPLS implementations do not support indirect LSPs, and they require that a label mapping be advertised for each FEC.
7 Configuring MPLS Layer-2 VPNs The chapter describes Layer-2 VPN services and the following topics: • Overview of MPLS Layer-2 VPNs on page 7-1 • TLS VPN Characteristics on page 7-5 • Configuring MPLS Layer-2 VPNs on page 7-6 • TLS VPN Configuration Examples on page 7-10 • Using ESRP with MPLS TLS on page 7-17 Overview of MPLS Layer-2 VPNs The basic idea behind transparent LAN services (TLS) over MPLS is to enable Layer-2 virtual private networking (VPN) service offerings in a simple manner that is easy
Configuring MPLS Layer-2 VPNs Layer-2 VPN Services There are two basic types of Layer-2 VPN services. The first is a VLAN service. This service transparently interconnects two or more VLAN segments together over an MPLS network. The configured VLAN IDs for the customer switch interfaces are not required to match, as long as the TLS egress LSR overwrites the VLAN tag with the locally defined VLAN ID, or if the local VLAN is untagged, strips the 802.1Q tag completely. The second service is a port service.
Overview of MPLS Layer-2 VPNs Transporting 802.1Q Tagged Frames When an 802.1Q Ethernet frame is encapsulated for transport over VC tunnel, the entire frame is included, except for the preamble and FCS. The 4-byte VLAN tag field is transmitted as is, but may be overwritten by the egress LER. The option to overwrite the VLAN tag allows two (possibly independently administered) VLAN segments with different VLAN IDs to be treated as a single VLAN.
Configuring MPLS Layer-2 VPNs LSP Selection By default, a TLS tunnel will use any available LSP to the TLS tunnel endpoint IP address. If there are multiple equal cost LSPs, the TLS tunnel is load shared across up to four LSPs. Optionally, a TLS tunnel can be configured to use a specific RSVP-TE LSP. If the RSVP-TE LSP metric is set higher than its underlying IGP metric, the LSP is not used to forward normal routed IP and is only used to forward TLS VLAN traffic.
TLS VPN Characteristics redundant configurations, it is possible for MAC addresses to become associated with an incorrect TLS tunnel. To prevent these scenarios from causing lengthy connectivity interruptions, the Extreme switch relearns source MAC addresses on all received packets and withdraws VC labels for the associated TLS tunnels when a local TLS VLAN port goes down. By always relearning MAC addresses, MAC addresses are more likely to be associated with the correct TLS tunnel.
Configuring MPLS Layer-2 VPNs ID (as specified in the martini IETF drafts) or using the manually configured ingress and egress VLAN labels. • All tunneled frames are in tagged Ethernet format. • Support is provided for tunneling frames received from Ethernet ports or PoS ports running the Bridge Control Protocol (BCP). • VLAN IDs can be different at each end of a TLS tunnel, the VLAN ID is set by the egress switch to match that of the locally configured VLAN.
Configuring MPLS Layer-2 VPNs Table 7-1: Layer-2 VPN Configuration Commands Command Description config mpls add tls-tunnel [lsp | | ] [tls-labels | vcid {} {from [ | ]}] Adds a TLS tunnel. Specify the following: ■ — Used to identify the TLS tunnel within the switch.
Configuring MPLS Layer-2 VPNs Adding a TLS Tunnel To add a static labeled TLS tunnel, use the following command: config mpls add tls-tunnel [lsp | | ] tls-labels To add a dynamic labeled TLS tunnel (martini-draft compliant), use the following command: config mpls add tls-tunnel [lsp | | ] vcid The parameter is a c
Configuring MPLS Layer-2 VPNs MPLS header of Layer-2 frames forwarded onto the tunnel LSP by this switch, and must be meaningful to the peer TLS node. All traffic received from the tunnel LSP that contains the is forwarded to the local VLAN identified by the parameter. When ingress traffic is forwarded to the local VLAN, the VLAN ID is set to the VLAN ID of the local VLAN, without regard to the VLAN ID in the MAC header of the frame received from the tunnel LSP.
Configuring MPLS Layer-2 VPNs tunnel and the local TLS VLAN are treated as separate bridge ports within a single layer 2 broadcast domain. When the mode is configured as hub, the TLS LSR behavior is similar to a repeater. All received broadcast and unknown unicast packets are flooded out every port, except for the port on which the packet was received. When the mode is configured as mesh, the TLS LSR only floods packets received from the local TLS VLAN for transmission onto every TLS tunnel.
TLS VPN Configuration Examples Basic MPLS TLS Configuration Example This MPLS TLS network configuration shown in Figure 7-1, is based on the routed MPLS network configuration example, shown in Figure 4-1. 24 0/ 1. 1 . .0 n 11 vla 11 .0 .3 an .0/2 4 3 vl LSR 3 Router ID =11.0.3.11 OSPF backbone area and MPLS domain 9.9.9.0/24 unc 9.9.9.0/24 uncwilmington TL .0 .4 vla .0/ n4 24 ne l LSR 4 Router ID =11.0.4.11 11 4 /2 .0 .2 .0 an2 vl Router ID =11.0.1.
Configuring MPLS Layer-2 VPNs The following command creates a TLS tunnel to the 11.0.1.11 network for traffic originating from VLAN unc-wilmington: config mpls add tls-tunnel rt40 11.0.1.11 unc-wilmington tls-labels 8f004 8f001 Full Mesh TLS Configuration The example, shown in Figure 7-2, configures a four-node full-mesh MPLS TLS configuration. Each LER MPLS configuration includes a TLS tunnel to every other LER. The egress VLAN for the VPN is called ncsu. The target IP address (10.100.100.
TLS VPN Configuration Examples mpls1 The following command configures the VPN VLAN ncsu for mesh mode. This instructs the LER to not flood packets received from a TLS tunnel onto any other TLS tunnel. config mpls tls-tunnel ncsu mode mesh Each of the following commands configure a TLS tunnel to an LER for which the VLAN ncsu has a PoP. Each TLS tunnel is represented by a unique VC ID.
Configuring MPLS Layer-2 VPNs Hub and Spoke TLS Configuration The following example, shown in Figure 7-3 , configures a four-node hub-and-spoke MPLS TLS configuration. The hub LER MPLS configuration includes a TLS tunnel to every other LER. Each spoke LER MPLS configuration includes a TLS tunnel to only the hub LER. The egress VLAN for the VPN is called ncsu. The target IP address (10.100.100.2) shown in each TLS configuration command must be either a Router ID or Loopback VLAN interface address.
TLS VPN Configuration Examples mpls1 The following command configures the VPN VLAN ncsu for hub mode. This instructs the LER to flood packets received from a TLS tunnel onto any other TLS tunnel. config mpls tls-tunnel ncsu mode hub Each of the following commands configure a TLS tunnel to an LER for which the VLAN ncsu has a PoP. Each TLS tunnel is represented by a unique VC ID.
Configuring MPLS Layer-2 VPNs 11 24 .0 11 4 n2 /2 .0 vla .2 .0 11 LSR 1 Router ID = 11.0.1.11 OSPF backbone area and MPLS domain TL ST un ne l .0. 4 vla .0/2 n4 4 SONET 1 LSR 3 Router ID =11.0.3.11 an vl 11 OC-3 4 /2 .0 .3 .0 an3 vl 0/ . .1 OC-3 SONET LSR 4 Router ID = 11.0.4.11 LSR 2 Router ID =11.0.2.11 MPLS_21 Figure 7-4: TLS configuration example using PPP transparent mode The configuration commands for this example follow.
Using ESRP with MPLS TLS The following commands disable BCP mode and enable POS transparent mode on the OC-3 interface that is a member of the TLS VLAN: config ppp bcp off port 1:1 config ppp pos transparent-mode on port 1:1 The following command creates the TLS tunnel to LSR 4 for SONET PPP traffic received on VLAN sonet: config mpls add tls-tunnel sonet 11.0.4.
Configuring MPLS Layer-2 VPNs ESRP is run over the Ethernet VLAN connecting the two hub-LSRs, and the redundant IP address configured for ESRP is also being used as the tunnel endpoint address. Using this configuration, the LSRs at the spoke sites automatically connect to the active hub-LSR and rapidly adapt to failures. If the master hub-LSR fails, ESRP activates the standby hub-LSR, which then responds by advertising a route and label mapping for the tunnel endpoint IP address.
Using ESRP with MPLS TLS CUSTOMER SITE 1 TLS command issued on LSR A & LSR B: config mpls add tls-tunnel tls1 IPT2 user tls-labels 8f002 81001 User VLAN (ESRP enabled) Tunnel Endpoint VLAN (ESRP enabled) IPU1 IPT1 IPT1 IPU1 LSR A ESRP master Active Tunnel LSPs LSR B ESRP slave Inactive Tunnel LSPs LSR C ESRP master IPU2 IPT2 MPLS NETWORK LSR D ESRP slave IPT2 IPU2 Tunnel Endpoint VLAN (ESRP enabled) User VLAN (ESRP enabled) CUSTOMER SITE 2 TLS command issued on LSR C & LSR D: config mpls add tl
Configuring MPLS Layer-2 VPNs on the user VLAN ensures that only one LSR (the ESRP master) forwards traffic for the VLAN at each site. The redundant IP address configured on the tunnel endpoint VLAN (IPT1) is also used as the tunnel endpoint address in the same manner as described for the preceding example.
Using ESRP with MPLS TLS LSP Tracking LSP tracking provides MPLS with specific ESRP selection criteria for determining the ESRP status of a VLAN. LSP tracking is similar to route tracking and ping tracking in ESRP. As shown in Figure 7-6, ESRP can be configured to protect the user VLAN from disruptions in the MPLS network core. For example, LSR A and LSR B can be configured to track an established LSP to IPT2.
Configuring MPLS Layer-2 VPNs Configuration Example The MPLS TLS ESRP configuration example, shown in Figure 7-7, illustrates how to configure a pair of BlackDiamond switches to provide redundant Layer-2 VPN services over an MPLS domain. Two additional switches have been added to the TLS MPLS network configuration example shown in Figure 7-1, LSR 5 and LSR 6. LSR 5 and LSR 6 provide redundant connectivity for TLS VLANs into the MPLS domain. 11 10.10.10.
Using ESRP with MPLS TLS The following commands create a tagged ESRP VLAN over which ESRP control packets flow. Tagging the VLAN separates the customer’s local traffic from the ESRP control packets and prevents OSPF routes from the MPLS service provider domain from leaking into the customer’s VLAN: create config config config vlan vlan vlan vlan mplsesrp mplsesrp tag 1234 mplsesrp ipaddress 10.10.10.
Configuring MPLS Layer-2 VPNs 7-24 MPLS Module Installation and User Guide
8 Configuring Destination-Sensitive Accounting This chapter covers the following topics: • Overview of Destination-Sensitive Accounting on page 8-1 • Basic Accounting Configuration Information on page 8-2 • Configuring Access Profiles on page 8-3 • Configuring Route Maps on page 8-9 • Retrieving Accounting Statistics on page 8-18 Overview of Destination-Sensitive Accounting Destination-sensitive accounting collects statistics that are maintained for forwarded IP traffic to support billing on a destinatio
Configuring Destination-Sensitive Accounting and the column index being a bin number. Thus, when an IP frame is forwarded, the input VLAN ID selects the row and the bin number from the forwarding database entry selects the column. The use of input VLAN ID enables billing statistics to be maintained on a per customer basis where the VLAN ID identifies the customer.
Configuring Access Profiles Configuring Access Profiles Destination-sensitive significance is assigned to specific accounting bin numbers through ExtremeWare route-map commands. To configure accounting route map access policies, it may be necessary to define an access profile. This section describes commands used to configure access profiles for MPLS modules.
Configuring Destination-Sensitive Accounting Table 8-2: Routing Access Policy Configuration Commands Command Description config access-profile add {} {permit | deny} [ipaddress {exact} | as-path | bgp-community [internet | no-advertise | no-export | no-export-subconfed | | number
Configuring Access Profiles Table 8-2: Routing Access Policy Configuration Commands Command Description create access-profile type [ipaddress | as-path | bgp-community] Creates an access profile. After the access profile is created, one or more addresses can be added to it, and the profile can be used to control a specific routing protocol. Specify one of the following: ■ ipaddress — A list of IP addresses and mask pairs. ■ as-path — A list of AS path expressions.
Configuring Destination-Sensitive Accounting Configuring an Access Profile Mode After the access profile is created, you must configure the access profile mode. The access profile mode determines whether the items in the list are to be permitted access or denied access. Three access profile modes are available: • Permit — The permit mode permits the operation, as long as it matches any entry in the access profile. If the operation does not match any entries in the list, the operation is denied.
Configuring Access Profiles Specifying Subnet Masks The subnet mask specified in the access profile command is interpreted as a prefix mask. A prefix mask indicates the bits that are significant in the IP address. In other words, a prefix mask specifies the part of the address that must match the IP address to which the profile is applied. If you configure an IP address that is an exact match that is specifically denied or permitted, use a mask of /32 (for example, 141.251.24.28/32).
Configuring Destination-Sensitive Accounting Autonomous System Expressions The AS-path keyword uses a regular expression string to match against the AS path. Regular expression notation can include any of the characteristics listed in Table 8-3. Table 8-3: Regular Expression Notation Character Definition [,] Specifies a range of numbers to be matched. . Matches any number. ^ Matches the beginning of the AS path. $ Matches the end of the AS path. — Matches the beginning or end, or a space.
Configuring Route Maps Configuring Route Maps Route maps are used to conditionally assign accounting bin numbers to route destinations. Route maps are used in conjunction with the match and set operations. A match operation specifies a criteria that must be matched. A set operation specifies a change that is made to the route when the match operation is successful. This section describes the commands you use to configure route map policies for MPLS modules.
Configuring Destination-Sensitive Accounting Table 8-4: Route Map Commands (continued) Command Description config route-map add match [nlri-list | as-path [ | | community [access-profile | ] | next-hop | med | origin [igp | egp | incomplete]] Configures a route map match statement. Specify the following: route-map — The name of the route map.
Configuring Route Maps Creating a Route Map To create a route map, use the following command: create route-map Adding Entries to the Route Map To add entries to the route map, use the following command: config route-map add [permit | deny] {match-one | match-all} Where the following is true: • The sequence number uniquely identifies the entry and determines the position of the entry in the route map. Route maps are evaluated sequentially.
Configuring Destination-Sensitive Accounting Where the following is true: • The route-map is the name of the route map. • The sequence number identifies the entry in the route map to which this statement is being added. • The match, set, and goto keywords specify the operations to be performed. Within an entry, the statements are sequenced in the order of their operation. The match statements are first, followed by set, and then goto.
Configuring Route Maps Route Map Operation The entries in the route map are processed in the ascending order of the sequence number. Within the entry, the match statements are processed first. When the match operation is successful, the set and goto statements within the entry are processed, and the action associated with the entry is either applied, or else the next entry is processed. If the end of the route map is reached, it is implicitly denied.
Configuring Destination-Sensitive Accounting Configuring Destination-Sensitive Accounting Based on Destination IP Subnets Figure 8-1 is an example of destination-sensitive accounting based on destination IP subnets. IP Subnet cloud 2 3 2 3 4 5 6 7 DSA VLAN 3 VLAN 2 VLAN 1 Data traffic VLAN default 1 192.168.102.0/24 1 192.168.102.0/24 0 192.168.101.0/24 192.168.100.0/24 192.168.101.0/24 192.168.100.
Configuring Route Maps create access-profile arm2 type ipaddress config access-profile arm2 mode none config access-profile arm2 add 10 permit ipaddress 192.168.101.0/24 create access-profile arm3 type ipaddress config access-profile arm3 mode none config access-profile arm3 add 10 permit ipaddress 192.168.102.0/24 2 Create a route map named ip_example.
Configuring Destination-Sensitive Accounting IP prefixes associated with BGP community string 1111:1, 2222:2 1111:1 1 default 2222:2 2 3 7 DSA VLAN 3 VLAN 2 VLAN 1 Data traffic VLAN Accounting Table Bins 1 2 3 4 5 6 BGP routes with community string 2222:2 0 BGP routes with community string 1111:1 BGP cloud Accounting table cell contains 64-bit packet and byte counts Packet count from VLAN 2 to BGP routes with community string 2222:2 Byte count from VLAN 2 to BGP routes with community strin
Configuring Route Maps 2 Apply the route map to the e-bgp routes.
Configuring Destination-Sensitive Accounting Retrieving Accounting Statistics Accounting statistics are used to bill your customers. Destination-sensitive accounting gives you the flexibility to bill your customers at predetermined and different rates. For a given set of counts, the source VLAN ID identifies the customer and the accounting bin number corresponds to a billing rate.
Retrieving Accounting Statistics See the ExtremeWare Software User Guide for more information related to configuring SNMP. See your SNMP Manager documentation for information on how to load MIBs for use within the network manager.
Configuring Destination-Sensitive Accounting 8-20 MPLS Module Installation and User Guide
9 Additional MPLS Module Support Topics This chapter describes command and configuration information related to the use of the MPLS module that is not covered in previous chapters of this document. This chapter covers the following topics: • General Switch Attributes on page 9-2 • Image and Configuration Attributes on page 9-4 • 802.1p and 802.
Additional MPLS Module Support Topics Commands that are not discussed in this chapter are supported without requiring any modification. General Switch Attributes Except as described below, the MPLS module supports all of the general ExtremeWare switch commands. Table 9-1 describes the changes to existing ExtremeWare general switch commands to support the MPLS module.
General Switch Attributes Table 9-1: Changes to General Switch Commands (continued) Command Description of Change show diag backplane utilization This command displays backplane link utilization information, including: ■ Real-time traffic utilization on configured backplane links between active modules and MSM modules. ■ The number of packets transmitted and received, ■ The percentage of bandwidth used on the link.
Additional MPLS Module Support Topics Table 9-1: Changes to General Switch Commands (continued) Command Description of Change unconfig switch {all} This command clears any previously configured MPLS module information Image and Configuration Attributes Except as described below, the MPLS module supports all of the ExtremeWare commands associated with managing image and configuration attributes.
VLAN Commands VLAN Commands Most of the VLAN commands are not directly applicable to the MPLS module. The two exceptions are: • The show vlan command has been enhanced to indicate whether MPLS is enabled or disabled on the VLAN. • Implementations of the config vlan delete port and unconfig vlan ipaddress commands have been augmented to support the MPLS module. All frames received and transmitted by the MPLS module include a VLAN tag.
Additional MPLS Module Support Topics • show iproute {priority | vlan | permanent | | route-map | origin [direct | static | blackhole | rip | bootp | icmp | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2]} {sorted} show ipconfig Command The output of the show ipconfig command has been enhanced to indicate the enable/disable status of the specified VLAN(s).
ICMP Commands The show iproute command has also been enhanced to include the RSVP-TE route table entry.
Additional MPLS Module Support Topics OSPF Commands The commands described in Table 9-3 have been added to control whether a route for the OSPF router ID is distributed by OSPF. Table 9-3: New OSPF Commands Command Description of Change enable ospf originate-router-id Enables distribution of a route for the OSPF router ID in the router LSA. When enabled, OSPF includes a link with the router ID IP address and a mask of 255.255.255.255 in the router LSA. The link type is stub and the metric is 0.
PPP Commands PPP Commands The output of the show ppp command has been enhanced to display MPLSCP status information. ESRP and VRRP Commands The MPLS module supports the ESRP and VRRP router redundancy protocols. These protocols are supported for native Ethernet ports, but not for Packet over SONET (PoS) ports or MPLS LSPs. ESRP should not be enabled on a VLAN that is also expected to exchange routes with other non-ESRP routers (for example, routers using OSPF or RIP).
Additional MPLS Module Support Topics Layer-2 and Layer-3 Switching Attributes The MPLS module relies on the MSM switch fabric to support the layer-2 switching functions. If MPLS is enabled, the switch fabric hardware does not perform layer-3 switching for any protocols. The MPLS module performs layer-3 forwarding for IP. All of the IP routing protocols are supported: RIP, OSPF, BGP, DVMRP, PIM. IPX routing is not supported when MPLS is enabled.
Attributes Not Directly Applicable to the MPLS Module • Differentiated services (diffserv) • Quality of Service (QoS) • Spanning Tree Protocol (STP) • RMON • Access list The MPLS module relies on the ingress switch fabric to support access list functions. Thus, access list functions are not applicable to MPLS-encapsulated packets. • IGMP snooping OSPF and LDP session establishment require the MSM to receive and process IP multicast frames. Therefore, IGMP snooping must be enabled to support MPLS.
Additional MPLS Module Support Topics 9-12 MPLS Module Installation and User Guide
A Supported MIBs and Standards This appendix lists the software standards and management information bases (MIBs) supported in relation to the MPLS module. For a broader list of the software standards supported by ExtremeWare as a whole, see the “Supported Standards” appendix in the ExtremeWare Software User Guide.
MIBs Supported for MPLS The initial Extreme MPLS implementation provides read-only (GET but not SET) support for a subset of the MPLS LSR MIB, as defined in the Internet Draft draft-ietf-mpls-lsr-mib-07.txt, and a subset of the MPLS LDP MIB, as defined in the Internet Draft draft-ietf-mpls-ldp-mib-07.txt.
Index Numerics 802.
D G debug trace support destination-sensitive accounting, definition of diagnostics, module direct LSP displaying MPLS information downstream unsolicited (DU), definition of downstream unsolicited mode downstream-on-demand mode DVMRP 9-10 1-8 2-13 6-2 3-20 3-3 3-4 3-4 9-10 E electrostatic discharge (ESD), preventing damage 2-4 equal cost LSPs 6-4 ESRP activating standby hub 7-18 and TLS 7-17 configuration example (figure) 7-22 failover 7-20 redundancy 7-18 route table tracking 7-20 tunnel endpoint VLAN
binding configuring label advertisement filters configuring propagation filters definition of displaying mappings length locally assigned NULL label, advertising popping propagating remotely assigned retention modes space partitioning swapping 3-2, label-switch forwarding algorithms layer-3 switching LDP advertising label mappings in TLS configuration commands (table) configuring filters definition of hello-adjacency message exchange neighbor discovery protocol propagation filters configuring route maps ses
O ordered LSP control OSPF MPLS domain new commands (table) SFP algorithm SPF recalculation 3-6 9-10 6-1 9-8 6-3 6-3 P path error message path message path tear message Penultimate Hop Popping. See PHP PHP configuring definition of implicit NULL labels PIM port commands power-related problems propagating labels 5-4 5-3 5-4 3-17 3-3, 3-10 3-10 9-10 9-10 2-12 4-2 Q QoS and RSVP configuring mapping DiffServ model displaying mapping information dot1p-to-exp EXP bits exp-to-dot1p Quality of Service.
software checking version compatibility downloading packages technology release version identifier upgrading version requirements space partitioning, labels switch commands, changes (table) switching, layer-3 2-2 2-2 2-2 2-11 2-2 3-10 9-2 9-10 verifying the installation virtual circuit, definition of virtual private LAN (VPN), definition of VLAN labels VPLS, definition of 2-8 3-4 3-4 7-5 3-4 W wildcard reservation style wrist strap 5-6 2-4 T technology release version identifier 2-2 TLS 802.
vi - Index MPLS Module Installation and User Guide
Index of Commands C clear accounting counters 8-2 clear counters 9-2 clear fdb 9-5 clear slot 2-11, 9-2 config access-profile add 8-4, 8-6 config access-profile delete 8-4, 8-8 config access-profile mode 8-4, 8-6 config debug-trace mpls 9-10 config debut-trace mpls-signalling 9-10 config dot1p type 3-19 config dot1q ethertype 9-4 config fdb agingtime 9-5 config ip-mtu vlan 3-16 config iproute route-map 8-17 config iproute-map 8-2, 8-9 config jumbo-frame size 9-10 config mpls 4-4 config mpls add tls-tunnel
D delete access-profile delete route-map disable accounting disable icmp redirects disable icmp time-exceeded disable icmp unreachables disable ipforwarding disable mpls disable ospf originate-router-id download image 8-5 8-10, 9-8 8-2 9-7 9-7 9-7 9-5 3-13 9-8 2-2, 2-12, 9-4 show mpls qos-mapping show mpls rsvp-te show mpls rsvp-te lsp show mpls rsvp-te path show mpls rsvp-te profile show mpls tls-tunnel show ppp show slot show version show vlan 3-14, 3-22 5-16, 5-24 5-16, 5-25 5-16, 5-25 5-16, 5-25 7-7,
