You are on page 1of 62

3FL 00327_D AAAA WBZZA Ed 01 1 © 2006 Alcatel Bell N.V.

, All rights reserved
1
IP in 7302 ISAM
7302/5523 advanced operator
3FL 00327_D AAAA WBZZA Ed 01 2 © 2006 Alcatel Bell N.V., All rights reserved
2
Objectives
After completing this section, you’ll be able to:
• Contrast IP aware bridging with IP routing
• Create a VRF with CLI (both on service hub and on asam-core)
• Create layer 3 interfaces and map interfaces to VRF
• Configure IP parameters
– Configure IP-addresses
– Specify routes in the VRF
– ARP proxy functionality parameters
3FL 00327_D AAAA WBZZA Ed 01 3 © 2006 Alcatel Bell N.V., All rights reserved
3
Table of contents
IP aware bridge mode
IP routed mode
IP related configuration
• General principles
• Overview commands ASAM-CORE
• Overview commands SHUB
3FL 00327_D AAAA WBZZA Ed 01 4 © 2006 Alcatel Bell N.V., All rights reserved
4
Forwarding modes – General
Different forwarding modes for different forwarding decisions:
Network
side User
side
ANT
Eth-VLAN
L3
+
L3
L2
+
L2
7302 ISAM
PPPoA to PPPoE translation
IP aware Bridge
L2+
PPP termination L3+
Routed L3
VLAN Cross-Connect (CC)
Intelligent Bridge (IB)
L2
Forwarding mode Decision
This chapter
> Different forwarding modes are supported in order to make it fit into different network models of
different operators.
> If the DSLAMs are mainly connected to a bridged metro(politan) ethernet network (E-MAN), the
MAC scalability may become an issue when only layer 2 forwarding is done in the DSLAM.
In that case the MAC addresses of all end-user terminals will have to be learned in the metro-
Ethernet network, while the MAC tables of bridges are quite limited. In that case, it will
probably be better to use the layer 2+ or L3 forwarding function of the ISAM.
> However, if IP routers are used in the metro Ethernet Network close to the DSLAMs, MAC
scalability will not be an issue, and layer 2 forwarding in the DSLAM may be an interesting
option, because in general layer 2 means less configuration effort. With 7302 ISAM, operators
have the flexibility to choose the forwarding mode which best fits in their network.
> In general, the previous layer 2 and layer 3 forwarding functions are an overkill for network-
VPN services towards business customers, given the number of connections to the same VPN
from one DSLAM will be mostly only one, or only very few connections per VPN. In such
cases, the VLAN cross-connect mode of the ISAM is much more appropriate for these business
users:
• less configuration effort,
• avoid too many bridges or routers in one VPN.
3FL 00327_D AAAA WBZZA Ed 01 5 © 2006 Alcatel Bell N.V., All rights reserved
5
IP aware bridging versus IP routing
IP aware bridging
IP routing: 2 VLANs
E-MAN
Network
IP
Network
NT
IB
IP
R
MAC
R
VRF
LT
FW
IP
B
MAC
B
IP
A
MAC
A
Edge Router
ISAM
No IP
LT
MAC
LT
Layer 2 terminated VLAN
E-MAN
IP
Network
NT
IP@ER
Layer 2 terminated
network port VLAN
R
VRF-Blue
LT
FW
VRF-yellow
V-VLAN
Layer 2 terminated VLAN
> In case of IP-aware bridging there’s only one VLAN. The VLAN mode is layer 2 terminated,
both at asam-core and at the service hub.
There’s only a VRF at the asam-core. The service hub remains an intelligent bridge. The
VLAN is associated to this VRF. The IP-interfaces in the VRF are unnumbered.
> In case of IP-routing, there are two VLANs: an internal VLAN, configured at service hub and
asam-core and an external VLAN, only to be configured at the service hub.
• external VLAN mode layer 2 terminated network port
• internal VLAN mode V-VLAN at SHUB; mode layer 2 terminated at asam-core
> Each VLAN will be associated to a VRF. In routed mode, the IP-interfaces will get IP-
addresses.
• The VRF on the service hub will be in fast path mode, which means it can transport data
traffic. Until now, there can only be one VRF on the service hub in fast path mode (so
only one “full” router). However, there can be additional VRFs that are used to transport
control traffic.
• On the asam-core you will typically define several VRFs (max. 127).
3FL 00327_D AAAA WBZZA Ed 01 6 © 2006 Alcatel Bell N.V., All rights reserved
IP aware bridge L2+ forwarding
7302/5523 Advanced operator
> IP aware bridging is considered to be layer 2+ forwarding. The forwarding decision is made
based upon the IP-address, but there’s no real routing. Based upon the IP-address, a certain
VLAN will be selected (layer 2!). Now there’s no mapping between a port and a VLAN (pure
layer 2 forwarding), but an IP-address and a VLAN (layer 2+ forwarding).
3FL 00327_D AAAA WBZZA Ed 01 7 © 2006 Alcatel Bell N.V., All rights reserved
7
General overview
The 7302 ISAM terminates:
• IP on the user side
• IP/Ethernet, on the ‘network’ side
Forwarding based on destination IP – address
Bridged like model
• From network viewpoint, users on ISAM and IP-edge belong to same subnet
User
side
7302 ISAM
Phys layer
ATM
Eth
IP
Phys layer
ATM
IP
Eth – (VLAN)
IP
Phys layer
Eth
IP
L2
+
Network
side
> VR = Virtual Router
3FL 00327_D AAAA WBZZA Ed 01 8 © 2006 Alcatel Bell N.V., All rights reserved
8
IP aware bridge
Simple network model - bridge like model
• edge router “thinks” that users on ISAMs are directly connected
• LT board no individual public IP-address
LT can’t be addressed as a next-hop by the edge router
Aggregation at DSLAM level within a VRF
• Forwarding based on IP addresses
• IP forwarder on LT, bridge on NT
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
NT
FW
IB
VRF-Blue
VRF-RED
Edge
Router
3FL 00327_D AAAA WBZZA Ed 01 9 © 2006 Alcatel Bell N.V., All rights reserved
9
E-MAN
Network
IP forwarding network model
Same network model as bridged
model for residential subscribers
• No IP-address allocated to ISAM
Forwarding on LT based on IP address
• Lightweight VRF
Unnumbered interfaces at ISAM
No routing protocols supported
EMAN Edge
ISAM
CPE
IP subnet
IP address 7302 ISAM
SHub
Eth
DSL
ATM
IP
DSL
ATM
IP
IP aware
Bridge
LT
IB
FW
3FL 00327_D AAAA WBZZA Ed 01 10 © 2006 Alcatel Bell N.V., All rights reserved
10
Principle
Upstream forwarding
• Based on static routes defined by operator
Downstream forwarding
• Statically defined by operator
• or automatically learned by looking at passing DHCP messages
E-MAN
Network
Edge
Router
IP
Network
ISP/Internet NT
IB
IPoE/IPoA
untagged
IPoE IPoE
Forwarding decision
based on IP DA (L2+)
Layer 2 forwarding
(normal bridging)
VLAN
VRF-Blue
LT
FW
> On the LT we have 2 forwarding information bases. One for the upstream forwarding decision
and one for the downstream forwarding decision. These two FIBs are totally independent of
each other, I.e. when a packet is forwarded in the upstream only the upstream FIB is looked at
and for the downstream direction only the downstream FIB is consulted
> With this mechanism when a packet is sent in the upstream and no specific route is defined,
the packet is always forwarded towards an edge router (next hop - default or specific). Or in
other words, packets are always sent to an ER i.e. forced to pass through ER independently of
the IP DA . This way user-to-user traffic is fully blocked.
> In the downstream direction the subscriber IP address is learned through DHCP snooping.
Manual configuration is possible but not common, needed for example when static IP
addresses are assigned at CPE side.
3FL 00327_D AAAA WBZZA Ed 01 11 © 2006 Alcatel Bell N.V., All rights reserved
11
ARP proxy (1/2)
E-MAN
Network
IP
Network
NT
IB
IP
R
MAC
R
VRF
LT
FW
IP
B
MAC
B
IP
A
MAC
A
Edge Router
ISAM
No IP
LT
MAC
LT
ISAM ARP reply: MAC
LT
has IP
R
ISAM has already
learned IP
A
user ARP: who has IP
R
ISAM ARP: who has IP
R
ER ARP reply: MAC
R
has IP
R
ISAM hasn´t yet
learned MAC
R
of IP
R
> ARP proxy on the LT on the user side
> LTs provide ARP proxy (for the user subnets) on the user interfaces
> When an ARP request is received from a subscriber line the LT will respond to the ARP
request with its own MAC-address when both users (IPDA and IPSA) are in the same subnet
or in case the target IP address is the gateway IP address of the end user (statically
configured or snooped). At the same time he will learn the MAC-address of the end user.
> If the user (IPSA) on the other hand is not learnt (statically configured or snooped) on the
incoming interface the LT will not reply to the ARP message and will discard the package
(anti-IP-spoofing)
> The LT will also discard the ARP message when source and target users are learnt on the
same interface since in that case the users can communicate via the internal interface at the
user side.
> When the ISAM initiates the ARP request it will use as an IP source address in the ARP
message the source IP address of the message that arrived in the ISAM triggering this ARP
request.
3FL 00327_D AAAA WBZZA Ed 01 12 © 2006 Alcatel Bell N.V., All rights reserved
12
ARP proxy (2/2)
ER ARP: who has IP
A
ISAM ARP reply: MAC
LT
has IP
A
ISAM has already
learned IP
A
E-MAN
Network
IP
Network
NT
IB
IP
R
MAC
R
VRF
LT
FW
IP
B
MAC
B
IP
A
MAC
A
Edge Router
ISAM
No IP
LT
MAC
LT
ISAM ARP: who has IP
A
user ARP reply: MAC
A
has IP
A
ISAM hasn´t yet
learned MAC
A
of IP
A
> ARP initiated by LT towards the end user
> The LT is going to send an ARP packet towards the end user if he receives an IP packet
destined for one of his users but he does not know the MAC address. The ARP request is
only sent on the relevant interface (no BC to all users)
> When the ISAM initiates the ARP request it will use as an IP source address in the ARP
message the source IP address of the message that arrived in the ISAM triggering this ARP
request.
3FL 00327_D AAAA WBZZA Ed 01 13 © 2006 Alcatel Bell N.V., All rights reserved
13
Basic configuration set-up
Basic topology
• Single service : e.g. HSI
• Single IP edge
• One single subscribers’ IP pool
• One VLAN in the access
network, shared by all ISAMs
ISAM configuration
• All ISAMs configured identically
• One IP Aware Bridge per ISAM
• One default route to the IP edge
• Subscriber’s configuration self-
learned
NT
NT
LT
LT
E-MAN
Network
ISAM 1
ISAM 2 IP11
WWW
IPW
One IP pool for the access network
(shared VLAN) : easy IP subnet
mgmt, efficient IP pool usage
IP subnet on VLAN X
> IP11 is the default router for each ISAM and for each residential gateway. There’s only one
single IP pool for the whole access network (shared VLAN): easy IP subnet management,
efficient IP pool usage.
3FL 00327_D AAAA WBZZA Ed 01 14 © 2006 Alcatel Bell N.V., All rights reserved
14
MAC
A
/IP
A
MAC
LT1
/IP
X
IP
IPA IPx: different subnets (upstream)
NT
LT
E-MAN
Network
ISAM 1
LT1
MAC
LT1
IPW
ISAM 2
Discard if IP
A
is not known on this interface.
Learn SRC-IP/SRC-MAC relation.
forwarding table: IP
X
next-hop IP-address?
ARP lookup or request next-hop MAC-address
MAC
X
IP
X
ARP: who has IP
R
IP
R
MAC
R
IP
A
MAC
A
ARP reply: MAC
LT
has IP
R
ARP reply: MAC
R
has IP
R
MAC
LT1
/IP
A
MAC
R
/IP
X
IP
X

ARP (from MAC
LT1
/IP
A
): who has IP
R
> One single IP pool (shared VLAN)
> SN1 = subnet 1
> LPM = Longest Prefix Match
> User sends ARP request to resolve the default router’s IP address (IP11).
• If the source IP-address is not learned on this interface, the LT will discard the ARP
request. (anti-IP-address spoofing)
• If the source IP-address is already learned on this interface, the LT will act as an ARP
proxy. The ARP reply contains the MAC-address of the LT and the IP-address of the
default gateway for subnet 1 (provider edge router).
> User sends frame to IP
x
in subnet 2. The MAC DA is the MAC-address of the LT.
> The LT receives the message and consults its statically configured upstream VRF FIB. That
way the next-hop IP-address is retrieved (= IP address of the provider edge router) The LT
looks up the entry in the ARP-table (if aged, then a new ARP request will be issued by the LT).
The LT will retrieve the next-hop MAC address and Provider VLAN on which the provider edge
resides.
> The LT forwards the frame on the P-VLAN to the edge router.
3FL 00327_D AAAA WBZZA Ed 01 15 © 2006 Alcatel Bell N.V., All rights reserved
15
IP
IPX IPA: different subnets (downstream)
NT
LT
E-MAN
Network
ISAM 1
LT1
MAC
LT1
IPW
MAC
X
IP
X
IP
R
MAC
R
IP
A
MAC
A
IP
X
IP
A
ARP: who has IP
A
MAC
A
?
ARP reply: MAC
LT1
has IP
A
IP
A
known?
ARP policy trusted?
Learn IP/MAC relation
MAC
R
/IP
X
MAC
LT1
/IP
A
MAC
A
?
ARP (from MAC
LT1
/IP
R
): who has IP
A
ARP reply: MAC
A
has IP
A
MAC
LT1
/IP
X
MAC
A
/IP
A
> As soon as the reply from IP x to IP A is received by the edge router, different lookups need to
be done:
• Longest prefix match in VRF to find the directly attached users
• ARP lookup or request to resolve IP A. The ARP request will be broadcast, so multiple
ISAMs may get it. All ISAM where IPA is not present in the downstream FIB, will discard
the ARP request. In this example IP A is known in ISAM 1. The ARP reply will provide the
MAC-address of the LT.
• Frame is sent to LT1 on ISAM1.
• Lookup in downstream FIB of VRF associated with the incoming Provider-VLAN. The
interface lookup results in:
– PVC (ATM)
– Physical port (EFM)
• ARP lookup or request (ARP request is not broadcast to all users, but only send on a
specific interface). The result is the MAC-address of the end-user.
• Finally, the frame is sent to the end user.
3FL 00327_D AAAA WBZZA Ed 01 16 © 2006 Alcatel Bell N.V., All rights reserved
16
IP
IPA IPB: same subnet
NT
LT
E-MAN
Network
ISAM 1
LT
MAC
LT1
IPW
MAC
X
IP
X
IP
A
MAC
A
LT
MAC
LT2
ISAM 2
IP
B
MAC
B
ARP: who has IP
B
ARP reply: MAC
LT
has IP
B
IP
B
& IP
A
in same network?
MAC
A
/IP
A
MAC
LT1
/IP
B
forwarding table: IPB next-hop IPaddress?
ARP lookup or request next-hop MACaddress
ARP reply: MAC
R
has IP
R
MAC
LT1
/IP
A
MAC
R
/IP
B
ARP (from MAC
LT1
/IP
A
): who has IP
R
MAC
B
?
ARP: who has IP
B
ARP reply: MAC
LT2
has IP
B
MAC
R
/ IP
B
MAC
LT1
/IP
A
MAC
B
?
etc. …
ARP (from MAC
LT2
/IP
R
): who has IP
B
IP
R
MAC
R
> Same mechanism when IPA and IPB are allocated to users on the same ISAM!
3FL 00327_D AAAA WBZZA Ed 01 17 © 2006 Alcatel Bell N.V., All rights reserved
17
IP
Configuration Multiple IP pools
Only one gateway defined on ISAMs:
• For example IP11
“Secured ARP” handling at IP edge must be disabled
• No check if ARP IPSA within same subnet as target IPDA
NT
NT
LT
LT
E-MAN
Network
ISAM 1
ISAM 2
IP11
IPW
PE
IP22
IP23
IP21
IP12
IP13
Disable secured ARP
Gateway for ISAMs!
IP subnets on VLAN X
> Subscribers’ IP pools
• IP pools requested in function of penetration
• Scattered IP pools and therefore different subnets
> For traffic coming from either subnet on the IP forwarder the ISAM looks at the same table.
With other words the ISAM might only have one default route but 2 or more subnet
> No IP address allocated to ISAM but Proxy ARP at ISAM level
> The edge equipment should disable secured ARP as it might get ARP requests originating from
an IP address in a different range.
• Example: when IP22 sends traffic the ISAM might trigger an ARP request to his gateway
which is clearly in a different subnet (IP11). See next slides
• No security issue : only known IP addresses are allowed to ARP
(anti IP@ -spoofing at ISAM)
> In this example IPA wants to send a packet to an IP-address in a different subnet
Default router of RG is IP11 for subscriber IP pool 1 (red subnet)
Default router of RG is IP12 for subscriber IP pool 2 (blue subnet)
Default router of the ISAM is IP11 (see ISAM upstream FIB).
3FL 00327_D AAAA WBZZA Ed 01 18 © 2006 Alcatel Bell N.V., All rights reserved
18
IP
User to user communication IPA(SN1) IPB (SN2)
NT
LT
E-MAN
Network
ISAM 1
LT
MAC
LT1
IPW
MAC
X
IP
X
IP
A
MAC
A
LT
MAC
LT2
ISAM 2
IP
B
MAC
B
ARP: who has IP
R1
ARP reply: MAC
LT1
has IP
R1
MAC
A
/IP
A
MAC
LT1
/IP
B
IP
B
next-hop IPaddress? (IP
R1
)
IP
R1
next-hop MACaddress?
ARP reply: MAC
R1
has IP
R1
MAC
LT1
/IP
A
MAC
R1
/IP
B
ARP (from MAC
LT1
/IP
A
): who has IP
R1
ARP: who has IP
B
ARP reply: MAC
LT2
has IP
B
ETC. …
IP
R1 /
MAC
R1
IP
R2
MAC
R2
IP routing from
SN1 to SN2
IP SN1
IP SN2
MAC
R2
/ IP
A
MAC
LT2
/IP
B
> In this example IP
A
wants to send a packet to IP
B
, which is in a different subnet but both are
transported over the same VLAN.
> IP
R2
is the known gateway for the end users residing in subnet 2 (SN2)
> IP
R1
is the known gateway for the end users residing in subnet 2 (SN1)
> IP
R1
is the default gateway of the forwarding table in the ISAMs
3FL 00327_D AAAA WBZZA Ed 01 19 © 2006 Alcatel Bell N.V., All rights reserved
19
Forwarding over subnets!
IP
User to user communication IPB(SN2) IPA (SN1)
NT
LT
E-MAN
Network
ISAM 1
LT
MAC
LT1
IPW
MAC
X
IP
X
IP
A
MAC
A
LT
MAC
LT2
ISAM 2
IP
B
MAC
B
ARP: who has IP
R2
ARP reply: MAC
LT2
has IP
R2
MAC
B
/IP
B
MAC
LT2
/IP
A
IP
A
next-hop IPaddress? (=IP
R1
)
IP
R1
next-hop MACaddress?
ARP reply: MAC
R1
has IP
R1
MAC
LT2
/IP
B
MAC
R1
/IP
A
ARP (from MAC
LT2
/IP
B
): who has IP
R1
ARP: who has IP
A
ARP reply: MAC
LT1
has IP
A
IP
R1 /
MAC
R1
IP
R2
MAC
R2
IP routing from
SN2 to SN1
IP SN1
IP SN2
MAC
R1
/ IP
B
MAC
LT1
/IP
A
ETC. …
Gateway for ISAMs!
> In this example IPA wants to send a packet to IPB, which is in a different subnet but both are
transported over the same VLAN.
> IP
R2
is the known gateway for the end users residing in subnet 2 (SN2)
> IP
R1
is the known gateway for the end users residing in subnet 2 (SN1)
> IP
R1
is the default gateway of the forwarding table in the ISAMs
> In above slide you will see that the ARP request from ISAM2 to discover the MAC address of
IPR1 is generated from IPB. This IPB belongs to a different IP subnet than IPR1 and the edge
device should be able to respond to this. In some devices this would mean that you need to
disable secured ARP.
3FL 00327_D AAAA WBZZA Ed 01 20 © 2006 Alcatel Bell N.V., All rights reserved
20
IP aware bridge, things to consider/ extra benefits
Scalability
• VLANs shared by N ISAMs:
• Network switches learn MAC addresses of LT cards
1:48 reduction factor easier for EMAN
• ARP proxy to network: ARP issued by ISAM, not by all subscribers
IP edge still learns all IP addresses of all end-users in ARP table
ISAM-1
ISAM-2
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
MAC
MAC-LT1
MAC-LT2
MAC-LT3

FW
FW
IP edge
ARP
IP1
IP2
IP3
IP101

HSIA
VoIP
BTV
VoD
VLAN 100
VLAN 200
VLAN 300
Common VLAN
per Service
VLAN 400
VLAN 100
VLAN 200
VLAN 300
VLAN 400
V
LA
N
1
0
0 V
LA
N
2
0
0 V
LA
N
3
0
0
V
LA
N
4
0
0
3FL 00327_D AAAA WBZZA Ed 01 21 © 2006 Alcatel Bell N.V., All rights reserved
21
IP aware bridge, things to consider/ extra benefits
Security
• MAC address translation
Subscriber’s MAC-address never seen by the network
full proof security
• user to user communication fully blocked even for shared VLANs
• ARP proxy to subscribers
No ARP broadcast to all subscribers
Downstream LT knows IP-subscriber – interface relationship
• Anti-IP address spoofing
ISAM responds to ARP request by its own MAC-address if target IP DA is
not associated with the originating DSL line and IP SA is learnt
3FL 00327_D AAAA WBZZA Ed 01 22 © 2006 Alcatel Bell N.V., All rights reserved
IP routing
L3
3FL 00327_D AAAA WBZZA Ed 01 23 © 2006 Alcatel Bell N.V., All rights reserved
23
L3 functionality - General overview
The 7302 ISAM terminates:
• IP from user side
• IP/Ethernet on the ‘network’ side
Forwarding based on IP destination address
• Full router on ISAM SHUB
ISAM is a next hop
• Directly connected subnets
• Most feature rich but also most complex access network model
• Automatic propagation or route configurations
Network
side User
side
Eth-VLAN
7302 ISAM
Phys layer
ATM
Eth
IP
Phys layer
ATM
IP
Eth – (VLAN)
IP
Phys layer
Eth
IP
L3
> VR = Virtual Router
3FL 00327_D AAAA WBZZA Ed 01 24 © 2006 Alcatel Bell N.V., All rights reserved
24
IP router in the 7302 ISAM
Directly connected subnets (to users and ER) configured on ISAM
• ISAM is next-hop
Aggregation at DSLAM level within a full featured VRF
• IP forwarder on LT , router on NT
Only one “full” router on ISAM
planned for future: multiple “full” virtual routers,
but requires new NT
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
FW
VRF-Green
VRF Blue
VRF-yellow
> Only one full router on the NT: only one VRF in fast path mode that can carry data traffic.
> Additional VRFs can be defined on the NT, but they can carry only control traffic.
3FL 00327_D AAAA WBZZA Ed 01 25 © 2006 Alcatel Bell N.V., All rights reserved
25
IP routing network model
Aggregation at DSLAM level
• Routing functionality on NT
• IP Forwarding on LT
• RIP and OSPF to the network (optional)
• RIP to the users (optional)
IP subnet
IP address
ISAM
IP Router
CPE
RIP
VRF
EMAN Edge
VRF
OSPF / RIP
OSPF / RIP
Bridge
Bridge
Eth
IPoE
IP
DSL
ATM
IP
Eth
DSL
ATM
IP
NT
LT
FW R
3FL 00327_D AAAA WBZZA Ed 01 26 © 2006 Alcatel Bell N.V., All rights reserved
26
Principle
LT behaves similar as in IP aware bridging
• Differences: NT is next hop & forwarding on internal VLAN only
• ARP proxy towards network and users
NT has complete routing functionalities
• Routing tables filled manually or via routing protocols
• Normal ARP behaviour
E-MAN
IP
Network
NT
IP
R
IPoA/IPoE untagged IPoE (V-VLAN) IPoE (VLAN)
Forwarding decision
based on IP DA (L2+)
Routed (L3)
R
LT
FW
VRF-yellow
VRF-Blue
V-VLAN
P-VLAN
3FL 00327_D AAAA WBZZA Ed 01 27 © 2006 Alcatel Bell N.V., All rights reserved
IP configuration
General Principles
3FL 00327_D AAAA WBZZA Ed 01 28 © 2006 Alcatel Bell N.V., All rights reserved
28
Multiple Routing and Forwardings VRFs
VRF
• Virtual routing and forwarding
• IP addresses are only unique within a VRF.
• a VRF can be seen as the layer 3 equivalent of a VLAN.
Each VRF consists out of
• One or more IP interfaces
• IP forwarding engine
• Entity performing adress resolution
Uses IP-net-to-media table
VRF-2
VRF 1
IP interface 1
Intf nr
VLANx-VLANy* 10.1.0.9
IP address VLAN ID
IP Interface table per VRF
* VLAN bundling
DA* – IPint1 10.1.0.0/16
10.1.0.1 Default
Subnet Next hop
* Directly attached – Direct route
IP Forwarding table per VRF
> A Virtual Routing and Forwarding (VRF) is a logical subdivision of the system resources that
provide transmission and forwarding of IP packets.
> So a VRF is an instance of a router with the exception that platform resources (backpanel,
power supplies, non-volatile memory, …) are typically shared between all VRFs within the
system.
As a consequence, IP addresses are only unique within a VRF.
> Within a single system, a VRF can be seen as the layer 3 equivalent of a VLAN.
3FL 00327_D AAAA WBZZA Ed 01 29 © 2006 Alcatel Bell N.V., All rights reserved
29
Virtual routers on the ISAM
Independent of each other
On ASAM CORE (LTs)
• 127 VRFs can be defined
On SHUB
• 127 VRFs can be created.
VRF 0 is a default one which can not be deleted, created
or modified.
• Only 1 VRF as a full router
LT
VRF-Green
VRF-RED
LT
VRF-Green
VRF-RED
VRF-B
VRF-A
NT
> On asam-core, there’s no default vrf 0. Only on the service hub, vrf 0 is a default. Vrf 0 can
neither be deleted nor modified.
> On the service hub, only one VRF can carry data traffic (fast path mode).
3FL 00327_D AAAA WBZZA Ed 01 30 © 2006 Alcatel Bell N.V., All rights reserved
30
configuration on VRF - General
Create VLANs
• VLAN mode i.f.o forwarding mode
Create VRF
• VRF mode i.f.o forwarding mode
Create L3 interface(s) & map interface(s) to VRF
• Interface can be on network side and/or user side
Configure IP parameters
• IP address on the interface
• Routing information in the VRF
• Configuration for
ARP proxy functionality
VRF
VLAN
.a interface
not explicitely mapped
on VLAN

.b interface
explicitely mapped
on VLAN
Create VLAN
3FL 00327_D AAAA WBZZA Ed 01 31 © 2006 Alcatel Bell N.V., All rights reserved
31
Interfaces – one-to-one mapping example
DA* – IPint2 10.39.0.2/16
DA* – IPint1 10.38.0.2/16
10.39.0.1 Default
Subnet Next hop
* Directly attached – Direct route
VLAN 1 10.38.0.2 IP interface 1
IP interface 2
Intf nr
VLAN 2 10.39.0.2
IP address VLAN ID
IP Interface table per VRF
MAC@edge-VLAN1 10.38.0.1
MAC@video-VLAN2 10.39.0.1
IP@ MAC@-VLAN-ID
IP net-to-media table - Layer 2 mapping table
IP Forwarding table per VRF
10.38.0.2/16
VRF
10.39.0.2/16
10.38.0.1/16
MAC@edge
10.39.0.1/16
MAC@edge
VLAN 1
VLAN 2
3FL 00327_D AAAA WBZZA Ed 01 32 © 2006 Alcatel Bell N.V., All rights reserved
IP on ASAM-CORE
Overview commands
3FL 00327_D AAAA WBZZA Ed 01 33 © 2006 Alcatel Bell N.V., All rights reserved
33
VLAN creation
VLAN mode i.f.o forwarding model
ASAM-CORE:
• configure vlan id <ID 1> mode layer2-terminated
SHUB:
• configure vlan shub id <ID 1> mode layer2-terminated
• configure vlan shub id <ID 1> mode v-vlan internal
• configure vlan shub id <ID 2> mode layer2-term-nwport external
Layer2 Terminated
Layer2
Terminated NW
port & v-vlan
Routed
Layer2 Terminated
Layer2
Terminated
IP aware Bridge
(forwarding)
LTs (ASAM-core) SHUB
VLAN
mode
FW Model

> How to create a VLAN in the correct mode with CLI and/or AWS, is explained in the
“7302/5523 Handson” course – chapter “VLAN creation”.
The “7302/5523 Handson” course is part of the 7302/5523 operator curriculum.
> On the ASAM core both for IP forwarding as for IP routing the VLAN mode is layer 2
terminated.
> On the SHUB we have seen in previous chapters the structure is different for both
• IP forwarding: one VLAN on SHUB > mode layer2-terminated (function has no real
difference with residential bridge on SHUB)
• IP routing: at least two VLANs on SHUB > one in mode V-vlan for forwarding of traffic
between NT and LTs, this V-vlan (virtual vlan) is using the same ID number as the layer2-
terminated vlan on the LTs. And another one on the SHUB in mode layer2-term-nwport for
forwarding of traffic between the NT and the network, the ID used by this one is different
than the one used by the v-vlan.
3FL 00327_D AAAA WBZZA Ed 01 34 © 2006 Alcatel Bell N.V., All rights reserved
34
VRF in ASAM-CORE
Creation of the VRF on ASAM-CORE (LTs)
• configure ip vrf <VRF-ID> name <VRF-name> mode <VRF-mode>
VRF mode: Forwarder = for IP aware bridge
router = for routed mode , LT’s are aware NT is next hop
Once VRF is created optional parameters become available:
• Route-destination: Route entries for the VRF step
• Network-itf: step
• User-itf: step
• Gateway-itf: step

> The “VRF-ID” is the ID that uniquely defines a certain VRF. In the ASAM-CORE the VRF-ID
can range from 1 to 127.
3FL 00327_D AAAA WBZZA Ed 01 35 © 2006 Alcatel Bell N.V., All rights reserved
35
LT
PC
Interfacing from the VRF
Create the L3 interfaces and mapping to VRF
• Create network interface:
Go to VRF
configure ip vrf <VRF-ID>
Create interface
network-itf <VLAN-ID> unnumbered
arp-policy trusted
• Create interfaces at user side:
Go to VRF
configure ip vrf <VRF-ID>
Create interface
user-itf (bridge)port <PORT-ID>
> bridgeport: IPoE
> port: IPoA
Network side User side
VRF
.IP interface
mapped on VLAN
Towards network
.IP interface
towards end user.

> Creation of the L3 interface on Network side and mapping to VRF.
The structure of the CLI is such that the creation of the IP interfaces in the ASAM-CORE is done at VRF
level. By creating the interface at that location the mapping of the interface to the VRF is done implicitely.
When you create the IP interface you need to define wether the interface is an unnumbered IP interface
or not and define its ARP policy.
In general the IP interface at network side on ASAM-CORE needs to be unnumbered and ARP policy
trusted
On the network side the IP interface is created (L3 point) and mapped to a VLAN(= creation of
VLAN-bind ) The VLAN-bind should appear when performing the command “configure ip # info detail”
> Creation of the L3 interface on user side
In the CLI, the user interface is – like the network interface – created at VRF level.
This interface is always unnumbered.
The (bridge)port has to be created prior to the L3 interface creation (via the AWS or CLI).
The <PORT-ID> is Rack/shelf/slot/port:VP:VC.
In case of EFM ofcourse, no VP:VC is defined
3FL 00327_D AAAA WBZZA Ed 01 36 © 2006 Alcatel Bell N.V., All rights reserved
36
IP VRF parameters
ARP proxy functionalities: define user gateway and network ID
• configure ip vrf <VRF-ID>
gateway-itf ip-address <ip-address/mask>
• Only needed in case of static IP address configuration of end users
Routing information upstream
• configure ip vrf <VRF-ID>
route-dest <network ID/mask> next-hop direct:network:<VLAN-ID>
Routing information downstream
• configure ip vrf <VRF-ID>
route-dest <network ID/mask> next-hop direct:user-(bridge)port:<port-ID>
• Only needed in case of static IP address configuration of end users

> Routing information upstream
<PORT-ID> in routing configuration command upstream, is Rack/shelf/slot/port:VP:VC.
In case of EFM, no VP:VC is defined
3FL 00327_D AAAA WBZZA Ed 01 37 © 2006 Alcatel Bell N.V., All rights reserved
37
AWS tools
AWS:
• Learned ARP entries & IP addresses
• Adding routes in routing table
• Select IP interface and then from menu
Service > Ethernet/IP > …
Double-click
3FL 00327_D AAAA WBZZA Ed 01 38 © 2006 Alcatel Bell N.V., All rights reserved
IP on SHUB
Overview commands
3FL 00327_D AAAA WBZZA Ed 01 39 © 2006 Alcatel Bell N.V., All rights reserved
39
VLAN creation
VLAN mode i.f.o forwarding model
ASAM-CORE:
• configure vlan id <ID 1> mode layer2-terminated
SHUB:
• configure vlan shub id <ID 1> mode layer2-terminated
• configure vlan shub id <ID 1> mode v-vlan internal
• configure vlan shub id <ID 2> mode layer2-term-nwport external
Layer2 Terminated
Layer2
Terminated NW
port & v-vlan
Routed
Layer2 Terminated
Layer2
Terminated
IP aware Bridge
(forwarding)
LTs (ASAM-core) SHUB
VLAN
mode
FW Model

> How to create a VLAN in the correct mode with CLI and/or AWS, is explained in the
“7302/5523 Handson” course – chapter “VLAN creation”.
The “7302/5523 Handson” course is part of the 7302/5523 operator curriculum.
> On the ASAM core both for IP forwarding as for IP routing the VLAN mode is layer 2
terminated.
> On the SHUB we have seen in previous chapters the structure is different for both
• IP forwarding: one VLAN on SHUB > mode layer2-terminated (function has no real
difference with residential bridge on SHUB)
• IP routing: at least two VLANs on SHUB > one in mode V-vlan for forwarding of traffic
between NT and LTs, this V-vlan (virtual vlan) is using the same ID number as the layer2-
terminated vlan on the LTs. And another one on the SHUB in mode layer2-term-nwport for
forwarding of traffic between the NT and the network, the ID used by this one is different
than the one used by the v-vlan.
3FL 00327_D AAAA WBZZA Ed 01 40 © 2006 Alcatel Bell N.V., All rights reserved
40
VRF in SHUB
Creation of a VRF on SHUB
• configure ip shub vrf <VRF ID> name <VRF name> <VRF-
mode>:<ena/dis-user-user-com>
• VRF-mode:
slow-path-mode: only for control functions (DHCP relay, RADIUS)
fast-path-mode: for data traffic and control functions
Only one VRF in fast-path-mode !
• Once VRF is created 2 optional commands are available
Definition of routing option
Configuration of routing information
refer to step

> Only one VRF can be in fast path mode, this is the VRF that you want to use for the forwarding
of data packets and possibly want to run routing protocols.
In the case a DHCP relay agent or external authentication is required in routed mode, the
respective IP configuration for these functions need to be done in the routed VRF.
> When you define a VRF, you specify if you want to allow user-to-user-communication or not:
ena/dis-user-user-com.
3FL 00327_D AAAA WBZZA Ed 01 41 © 2006 Alcatel Bell N.V., All rights reserved
41
Interfacing from the VRF
Creation of the L3 interface(s) & map interface(s) to VRF
• interfaces on VRF SHUB:
Network interfaces.
Interfaces towards LTs
• Interface directly created on top of VLAN
configure interface shub vlan-id <VLAN-ID> admin-status <up/down>
• Map interface to VRF
Configure interface shub ip <VLAN-ID> vrf-id <VRF-ID>

VRF
VLAN IP interface

Create VLAN
> Defining if the interface that you are creating on the Service Hub is a network interface or a
user interface is implicitely done when the VLAN is mapped on the interface
The interface that you define on the SHUB is a network interface in the following cases.
VLAN mode of the VLAN-ID to which the interface is mapped is:
- Residentiel bridge
- Layer2-Terminated
- Layer2-term-nwport
The interface that you define on the SHUB is a user interface when the
VLAN mode of the VLAN-ID to which the interface is mapped is v-vlan mode
> By performing the command “configure interface shub vlan-id <VLAN-ID>” you did not only
map the interface to the vlan, but implicitely created the L3 interface.
At this point when you perform the command “configure interface shub# info detail”, you will
not only see the interface “vlan-id <VLAN-ID>” with its parameters popping-up, but also the
interface “ip <VLAN-ID> .
At this point however the L3 interface is not yet mapped to a vrf. (no ver-id # value = 0)
The mapping to the VRF is done in the next step.
3FL 00327_D AAAA WBZZA Ed 01 42 © 2006 Alcatel Bell N.V., All rights reserved
42
IP VRF parameters
Configuration of IP parameters
• Step 1 : Configuration of IP address on the interface
• Step 2: Bring up the interface
Interface needs to be down for configuration of the IP address on the
interface.
• Step 3: Routing information on the VRF
• Step 4: Enabling routing protocols on the interfaces
ISAM supports RIPv2 and OSPF

>
3FL 00327_D AAAA WBZZA Ed 01 43 © 2006 Alcatel Bell N.V., All rights reserved
43
IP VRF parameters
Step 1: Configuration of IP address on the interface
• Configure interface shub ip <VLAN-ID> ip-addr <ip-address/mask>
Step 2: Bring up the interface
• Configure interface shub vlan-id <VLAN-ID> admin-status <up>
Vlan admin-status needs to be down for (re)configuration of IP address
Step 3: Routing information in VRF
• network side and user side
• Configure ip shub vrf <VRF-ID> route-dest x<network-ID/mask>
next-hop <GW IP-address> vlan-id <VLAN-ID>

> For default route, route-dest is 0.0.0.0/0
3FL 00327_D AAAA WBZZA Ed 01 44 © 2006 Alcatel Bell N.V., All rights reserved
44
AWS tools
Edit routes in the VRF of SHUB:
• EML USM: Views VRF Service Hub
Select VRF and edit routes:
• EML USM: Service Ethernet/IP IP route …
3FL 00327_D AAAA WBZZA Ed 01 45 © 2006 Alcatel Bell N.V., All rights reserved
Exercises
3FL 00327_D AAAA WBZZA Ed 01 46 © 2006 Alcatel Bell N.V., All rights reserved
46
IP routing: configuration
1. Create and configure VLAN
• On ASAM-CORE
• On service hub
2. Create VRF / interfaces + routes
• On service hub
• On ASAM-CORE
3. Configure user port
E-MAN
IP
Network
ISP/Internet
NT
IP@ER
VLAN 190
R
VRF-Blue
LT
FW
VRF-yellow
V-VLAN 666
Routed mode
(Of course, the VLANs can have other ids.)
> vlan 190 is external (from the service hub to the network); vlan 666 is internal.
3FL 00327_D AAAA WBZZA Ed 01 47 © 2006 Alcatel Bell N.V., All rights reserved
47
1. Create and configure VLAN
On ASAM-CORE
• Configure vlan id 666 name <…> mode layer2-terminated
>…# egress-port:lt:1/1/[4..19]
On SHUB
• Configure vlan shub id 190 name <..> mode layer2-term-nwport
>…# egress-port:network:2
• Configure vlan shub id 666 name <..> mode v-vlan
E-MAN
IP
Network
ISP/Internet
NT
IP@ER
VLAN 190
R
VRF-Blue
LT
FW
VRF-yellow
V-VLAN 666
Routed mode
> vlan 190 is external (from the service hub to the network); vlan 666 is internal. Vlan 190 only
needs to be created on the service hub, not on the ASAM-CORE.
3FL 00327_D AAAA WBZZA Ed 01 48 © 2006 Alcatel Bell N.V., All rights reserved
48
2a. Create VRF / interfaces + default route (SHUB)
• Configure ip shub vrf 30 name VRF30 fast-path-mode:dis-user-user-com
• Configure interface shub vlan id 190
• Configure interface shub ip 190 vrf 30 ip-addr 10.10.190.27/24
• Configure interface shub vlan id 190 admin-status auto-up
• Configure interface shub vlan-id 666
• Configure interface shub ip 666
– vrf 30
– ip-addr 27.27.190.1
• Configure interface shub vlan-id 666 admin-status auto-up
• Configure ip shub vrf 30
Route-dest 0.0.0.0/0 next-hop 10.10.190.1 vlan-id 190
E-MAN
IP
Network
NT
IP@ER
10.10.190.1
VLAN 190
R
VRF-Blue
LT
FW
VRF30
V-VLAN 666
10.10.190.27
> Here we need to create a VRF (called VRF30) on the service hub. We disallow user to user
communication (dis-user-user-com).
> Per ISAM, there can only be one VRF with fast path mode.
> By associating a VLAN to a VRF, we “upgrade” the VLAN to layer3 functionality (VRF).
> The sequence matters: first you associate a VLAN to a VRF and afterwards you can add the
IP-address (if you do in the reverse order, the IP-address you allocated earlier, will be deleted
when you associate the VRF).
3FL 00327_D AAAA WBZZA Ed 01 49 © 2006 Alcatel Bell N.V., All rights reserved
49
2b. Create VRF / interfaces (ASAM-CORE)
Configure ip vrf 27 name VRF27 mode router
Configure ip vrf 27
• network-itf 666 unnumbered arp-policy trusted
• Gateway-itf ip-address 27.27.190.1/24
E-MAN
IP
Network
NT
IP@ER
10.10.190.1
VLAN 190
R
VRF27
FW
VRF30
V-VLAN 666
10.10.190.27
2
7
.2
7
.1
9
0
.1
> Create VRF27 on the ASAM-CORE.
> On ASAM-CORE the IP-interface will automatically be ‘plugged into’ the VRF.
3FL 00327_D AAAA WBZZA Ed 01 50 © 2006 Alcatel Bell N.V., All rights reserved
50
3. Configure (user-)port
Configure user port (AWS or CLI)
• Configure port
• Create ATM TP
• Create IP-interface
Direct route to user (27.27.190.111/32)
E-MAN
IP
Network
ISP/Internet
NT
IP@ER
10.10.190.1
VLAN 190
R
VRF27
FW
VRF-30
V-VLAN 666
10.10.190.27
2
7
.2
7
.1
9
0
.1
27.27.190.111
> Unlike the previous steps, these steps can be done with AWS too.
> If you want to test the connection, don’t forget to change the IP-address, netmask and
gateway on your PC! In this case: IP-address 27.27.190.111 netmask 255.255.255.0,
gateway 27.27.190.1.
3FL 00327_D AAAA WBZZA Ed 01 51 © 2006 Alcatel Bell N.V., All rights reserved
IP aware bridge configuration
_______________________________________________________________
After completing the assignments in this chapter, you’ll be able to:
- Retrieve IP-related information:
- Which VRFs are created?
- What is the default GW of VRF0?
• - What are the IP interfaces on the Service hub associated to a particular VRF?
• - Create a VRF, associate an IP interface and enter routing entries.
_______________________________________________________________
Alcatel 5523/7302 Advanced Operator (3FL00327-D AAAA WBZZA)
Alcatel 5523 AWS: customer documentation
__________________________________________________________
> Perform these exercises with CLI
The first 4 questions are ment as a fast refresh of the knowledge gained in
the Basic Operator course (ref Basic course)
1. VLAN 170 is used for IP aware bridging mode . Is this correct ? What should
the configuration be ? Do you see any discrepancies ? Yes?No ? Why ?
Verify this with CLI and AWS
2 . Which logical ports (end-users) are associated to VLAN 170?
Verify this with AWS
3 . Explain the total configuration of the user logical ports on port TRAINING-d.
How is the forwarding done? To which VRF(s) are the logical ports mapped.
What is the difference between the configuration on logical port VP/VC 8/35 and
VP/VC 8/36
Verify this with AWS and CLI
4 . How many MAC-addresses can be learned on the connection 8/36? Explain !
Verify this with AWS
Reference
Objectives
IP aware
bridge
retrieval
exercises
3FL 00327_D AAAA WBZZA Ed 01 52 © 2006 Alcatel Bell N.V., All rights reserved
5. What are the VRF(s) configured on the ASAM-CORE?
Verify this with AWS and CLI
6. What is the index of the interface mapped to VLAN 170?
Verify this with CLI
7. What are the different interfaces that are used/configured in VRF 17? Verify
this with CLI
8. Is there an IP@ configured on the network interface mapped on
VLAN 170?
Verify this with CLI
9. Is there an IP@ configured on the network interface on port Training-d,
VP/VC 8/35 mapped on VLAN 170?
Verify this with CLI and AWS.
.
10. Are there any routes configured inside the ISAM which map on the
interface associated to VLAN 170. (direct routes and indirect routes)
Verify this with CLI.
3FL 00327_D AAAA WBZZA Ed 01 53 © 2006 Alcatel Bell N.V., All rights reserved
11. What is the default of the ISAM in VRF 17?
Is it correct to state that “ if you know the default GW of the ISAM, you also,
implicitely, know the default GW of the end-user” ? Explain why/why not Verify
this with CLI.
12. Are there gateway interfaces configured in this VRF?
When and why are they needed?
13. Are there any end user interfaces mapped to this VRF ?
Check out the configuration with CLl and AWS
When is this needed ?
14. When will a frame with VLAN170 will be sent to the network ?
3FL 00327_D AAAA WBZZA Ed 01 54 © 2006 Alcatel Bell N.V., All rights reserved
54
IP aware bridge - single pool – one VLAN – static IP
VRF with static route to user
VRF with static route to gateway
E-MAN
IP
LT
VRF
1X
SHUB
192.168.10.10
192.168.20.10
10.10.17X.1 10.10.17X.100 UNNUMBERED
BRIDGED
8/36
=> STATIC
FORWARDER
MODE
L2-TERMINATED
MODE
=> USER GW
VLAN
17X
ISP
GROUP X
ISAM Y
1. Configure your system for IP-aware bridge setup with following
configuration
Configure VRF 1x (x = adslx) on the ASAM-CORE which you will be using for
IP aware bridge . Give it a name of your choice.
The VLAN towards the network is VLAN 17x , The default gateway of the ISAM is
10.10.17x.1 .
Your end user is statically configured. He has IP@ 10.10.17x.100
Make this setup work.
Try to ping the gateway of the end-user. Also perform a traceroute. Explain
what you see. What is the scenario when you perform a ping to the user
gateway.
Configuration
of IP aware
bridging mode
3FL 00327_D AAAA WBZZA Ed 01 55 © 2006 Alcatel Bell N.V., All rights reserved
55
E-MAN
IP
LT
VRF
1X
SHUB
10.10.17X.1
10.10.17X.100
BRIDGED
8/36
=> STATIC
FORWARDER
MODE
=> USER GW
VLAN
17X
IP aware bridge - two IP pools - one VLAN – static IP
11.11.17X.100
11.11.17X.1
L2-TERMINATED
MODE
UNNUMBERED
ISP
192.168.10.10
192.168.20.10
GROUP X
ISAM Y
2. At this stage we add the setup with a second IP-pool 11.11.17x/24 for the end
users. . Towards the network we stay in the same VLAN.
End-user gateway is 11.11.17x.1, the gateway of the ISAM remains unchanged.
End user IP@ to use is 11.11.17x.100
What are the additional things you need to configure ?
Make this setup work.
Try to ping the Gateway of the ISAM and perform a traceroute.
Try to ping the gateway of the end-user and perform a traceroute towards is.
Explain what you see. What is the difference with scenario 1 .
3FL 00327_D AAAA WBZZA Ed 01 56 © 2006 Alcatel Bell N.V., All rights reserved
IP routed configuration
_______________________________________________________________
Alcatel 5523/7302 Basic Operator (3FL00278 AAAA WBAAA)
Alcatel 5523 AWS: customer documentation
__________________________________________________________
1. Check the VLAN configuration of VLAN 1190. What can you conclude ?
Verify this with AWS and CLI
2 . Check the VLAN configuration of VLAN 190.
Verify this with AWS and CLI
3. What is the first VRF-ID available on the Service hub. Check this.
Are there other VRF’s configured on the Service hub
Verify this with AWS and CLI
4. What is the routing mode of the default VRF? What does it mean ?
Verify this with CLI.
Reference
IP routed
retrieval
exercises
3FL 00327_D AAAA WBZZA Ed 01 57 © 2006 Alcatel Bell N.V., All rights reserved
5. Which interfaces are defined on the default VRF on the Service hub?
What are the IP addresses of the relevant interfaces?
Verify this with CLI
6 . What is the routing mode of the VRF 30 ? What does it mean ?
Verify this and CLI
7. Check the Interfaces mapped on VRF 30 on the SHUB
Which of the interfaces are interfaces to the user side.
Which of the interfaces are network interfaces ?
Verify this with AWS and CLI
8. Are there IP@ defined on the relevant interfaces found above ? Is this necessary
? Why ? Why not ?
Verify this with CLI
3FL 00327_D AAAA WBZZA Ed 01 58 © 2006 Alcatel Bell N.V., All rights reserved
9. What is the default gateway for VRF 30 on the SHUB. To which VLAN is it
mapped to?
Verify this with AWS the CLI.
10 . Check the configured administrative status of the interface on the SHUB
mapped on VLAN 190
Verify this with the CLI.
11. Check the actual status of the interface mentioned above.
| Verify this with the CLI.
12. What is the VRF on the ASAM-CORE to which the internal VLAN 1190 is
connected to.
Check out the configuration of the VRF. What do you notice ?
Verify this with the CLI.
13. On the ASAM-CORE, is there an IP@ configured on the network interface
mapped on VLAN 1190 ?
What is the IP-address of the network interface in VLAN 1190 ?
Verify this with CLI
3FL 00327_D AAAA WBZZA Ed 01 59 © 2006 Alcatel Bell N.V., All rights reserved
14. Are there any routes configured in the VRF on the ASAM-CORE on which
VLAN 1190 is mapped to ?
Which ones are relevant? When? Why? Why not
Verify this with CLI
15. Is there a Default GW defined on VRF 20 on the ASAM-CORE?
Why ? Why not ?
Verify this with AWS and CLI
3FL 00327_D AAAA WBZZA Ed 01 60 © 2006 Alcatel Bell N.V., All rights reserved
> Perform these excercices with the CLI
1. Configure VRF xx (x = adslx) on the SHUB. Give it a name of your choice.
2 . Create an interface on VLAN 10x0. Make sure this interface is a network
interface !
3. Make sure that the interface is administratively up.
4. What is the IP-address and the default GW of the interface you just created ?
5. Map your interface to the VRF that you just created.
6. Does this configuration change the settings in the VRF?
VRF
configuration
on SHUB
3FL 00327_D AAAA WBZZA Ed 01 61 © 2006 Alcatel Bell N.V., All rights reserved
7. Give the interface an IP address = 138.x0.x0.x0 netmask 255.255.255.0 and
map it to your VRF.
8 . Check the information configured on the interface and in the VRF. What do
you see?
9. Configure the default GW for the interface=138.x0.x0.1.
10 Check your configuration.
11. Is the interface at this stage ready to use? If an action is required,
perform it.
12. Delete the VRF that you just created. What are the steps to follow?
3FL 00327_D AAAA WBZZA Ed 01 62 © 2006 Alcatel Bell N.V., All rights reserved
62
IP routed – Configuration Case
E-MAN
IP
VLAN
119X
LT
VRF
2X
SHUB
VRF
30
VLAN 19X
192.168.10.10
192.168.20.10
10.10.19X.1 2Y.2Y.19X.100 2Y.2Y.19X.1 UNNUMBERED
ROUTED MODE
LAYER2-
TERM-
NWPORT
V-VLAN
& L2-T BRIDGED
8/36
=> STATIC
10.10.19X.2Y
ROUTED MODE
=> USER GW
ISP
GROUP X
ISAM Y
VRF ON SHUB IN “FAST-PATH-MODE”
1.Configure your system for IP-routing with following configuration
Configure VRF 2x (x = adslx) on the ASAM-CORE and use VRF 30 in the
SHUB . Give them a name of your choice.
The V-VLAN to use is 119x (x=adslx)
The VLAN towards the network is VLAN 19x , The default gateway of the SHUB is
10.10.19x.1 .
Your end user is statically configured. He has IP@ 2y.2y.19x.100
Make sure that from your en-user terminal, you can ping the gateway of the
ISAM.
Make this setup work.
IP routing
set-up
configuration