Professional Documents
Culture Documents
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Day 1
• General ASR9000 architecture – 9.00am – 10.30am
• General ASR9000 operation (theory & lab) – 10.30am – 1.00pm
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
ASR-9000 Architecture
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Ethernet Optimized Aggregation Routers
1, 6, 10, & 22 slot chassis
40 to 360 Gbps line cards
440 Gbps per slot switch fabric
Highly Available Hardware
IOS XR Operating System
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
1/2 Rack – 8 Line Cards
Fabric 16xTenGE
40xGE (4:3 Oversub)
Fabric
8xTenGE SIP-700
(4:3 Oversub) RSP1
Fans
Fans
Power Power Power
Power Power Power
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
1/4 Rack – 4 Line Cards
Fans Fans
RSP0
Line Line
Fabric
Cards Cards
Fabric
Fabric
Line Line
Fabric
Cards Cards
RSP1
Power Power Power
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
ASR 9010
Line RSP0 Future
Cards LCs
Fabric
20xGE +
4xTenGE Fabric 2xTenGE
Fabric 8xTenGE
40xGE
ASR 9010 Fan Tray Line Rate
Fabric
8xTenGE 20G
Fans unique to chassis (Oversub) RSP1 SIP-700
Variable speed for: Fans
Ambient temperature variation
DC Supplies Fans
Redundancy
Power Power Power
A
B 2.1 kW Power Power Power
A
B 2.1 kW 6 & 10 slot use same power supplies
Base 9006 system is ~650W
Any supply can power any card
AC Supplies Power draw shared evenly
Plan for both power feed and PS redundancy
1.5kW DC supply also available
A 3 kW Allows reduced breaker rating
AC is 220V Single Phase
Power Supply B 3 kW Power & Fans will support future cards
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
ASR 9006
Fans Fans
RSP0
Line Line
Fabric
Cards Fabric Cards
ASR 9006 Fan Tray Fabric Line
Line
Fabric
Fans unique to chassis Cards RSP1 Cards
Variable speed for: Power Power Power
Ambient temperature variation
Redundancy DC Supplies
Switch fabric bandwidth 184G/slot (with dual RSP) 440G/slot (with dual RSP)
RSP440
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
First-generation
LC (Trident NP)
MOD-80
ASR9K-24x10GE MOD-160
ASR9K-2x200GE
MPAs
20x1GE
2x10GE
4x10GE
1x40GE
2x40GE
ASR9K-36x10GE
© 2012 Cisco and/or its affiliates. All rights reserved. Module Port Adapters Cisco Confidential 10
High Level Packet Flow Ingress CEF, ACL,
QoS, & Stats
PHY NP3
400G LC Ready
Flexible Forwarding Architecture
Advanced Switch Fabric
Flexible Optics options
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
General ASR9000 Operation
Global configurations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Exec – Normal operations – monitoring interfaces, routing, CEF, VPNs, …
RP/0/RSP1/CPU0:viking-1#
show ipv4 interfaces brief show running-config
show install active show cef summary location 0/5/CPU0
show l2vpn xconnect
RP/0/RSP1/CPU0:viking-1(config)#
router bgp 100 l2vpn policy-map foo
mpls ldp ipv4 access-list block-junk
RP/0/RSP1/CPU0:viking-1(admin)#
Config-register <0x1922> show platform
Admin Config
RP/0/RSP1/CPU0:viking-1(admin-config)#
username admin-root
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Compare exec vs. admin mode
XR interfaces use 4-5 layer naming RP/0/RSP1/CPU0:viking-1#show platform
Rack Node Type State Config State
----------------------------------------------------------------
0 for standalone 0/RSP0/CPU0 A9K-RSP-4G(Standby) IOS XR RUN PWR,NSHUT,MON
> 0 for ASR 9000 for 2nd cluster router 0/RSP1/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
> 0 for some systems in CRS Multi-chassis 0/0/CPU0 A9K-40GE-E IOS XR RUN PWR,NSHUT,MON
0/1/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
Slot – LCs start with 0
Bay – within a modular LC or 9001 system
RP/0/RSP1/CPU0:viking-1#admin show platform
Port Wed Jul 22 09:23:32.482 EST
Sub-interface – L2 or L3 (optional) Node Type State Config State
----------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Standby) IOS XR RUN PWR,NSHUT,MON
0/FT0/SP 0/FT1/SP 0/RSP0/CPU0 0/RSP1/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/FT0/SP FAN TRAY READY
0/FT1/SP FAN TRAY READY
0/0/CPU0 A9K-40GE-E IOS XR RUN PWR,NSHUT,MON
Fans Fans
0/1/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
0/PM0/SP A9K-3KW-AC READY PWR,NSHUT,MON
RSP0 0/PM1/SP A9K-3KW-AC READY PWR,NSHUT,MON
Line Line
Fabric
Cards Cards
Fabric
interface ten[Rack/Slot/Bay/Port.Sub]
Fabric
Line Line
Fabric
Cards Cards
RSP1
0/PM1/SP
Power Power
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• Building blocks for on-box authorization scheme
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Read Write Execute Debug
aaa aaa aaa aaa
acl acl acl acl
admin admin admin admin
atm atm atm atm
basic-services basic-services basic-services basic-services
bcdl bcdl bcdl bcdl
bfd bfd bfd bfd
bgp bgp bgp bgp
taskgroup basic-admin
usergroup noc-staff
task read acl
taskgroup operator
task read bfd
taskgroup basic-admin
task read bgp
inherit usergroup all-users
task write acl
!
task write bfd
usergroup allusers
task write bgp
taskgroup basic-stuff
task debug bgp
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
RP/0/5/CPU0:iox(config)#describe router bgp 100
Package:
c12k-rout
c12k-rout V3.3.0[00] Routing protocols for 124xx
Vendor : Cisco Systems
Desc : Routing protocols for 124xx
Build : Built on Wed May 10 10:30:27 UTC 2006
Source : By edde-bld1 in /vws/aga/production/3.3.0…
Card(s): RP, DRP, DRPSC
Restart information:
Default:
parallel impacted processes restart
Component:
ipv4-bgp V[r33x/3] IPv4 Border Gateway Protocol (BGP)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
• Two Stage Commit
• Rollback
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
hostname Leif
line default
Active Configuration exec-timeout 1440 0
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
hostname Leif
line default
exec-timeout 1440 0
Enter Proposed Changes Active Configuration !
After Commit Interface gig 0/3/0/0
ipv4 address 9.9.9.9/24
!
taskgroup ops
interface gig 0/3/0/0 task read boot
ipv4 address 9.9.9.9/24 task write boot
task execute bgp
Commit !
router ospf 100 router ospf 100
area 0 area 0
interface gig 0/3/0/0 Changes take effect interface gig 0/3/0/0
area 1 area 1
interface ten 0/2/0/0.1 interface ten 0/2/0/0.1
!
router static
address-family ipv4 unicast
Target Configuration 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Syntax first, then full check during commit hostname Leif
line default
exec-timeout 1440 0
Active Configuration !
taskgroup ops
Before Commit task read boot
task write boot
task execute bgp
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
hostname Leif
line default
Syntax Check Active Configuration exec-timeout 1440 0
!
after each line After Commit Interface gig 0/3/0/0
ipv4 address 9.9.9.9/24
!
taskgroup ops
interface gig 0/3/0/0 task read boot
ipv4 address 9.9.9.9/24 task write boot
task execute bgp
router ospf 100
area 0
Semantic Check !
router ospf 100
interface gig 0/3/0/0 during commit area 0
interface gig 0/3/0/0
area 1 area 1
interface ten 0/2/0/0.1 interface ten 0/2/0/0.1
!
router static
address-family ipv4 unicast
Target Configuration 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Commit History Unique ID Automatically
Generated
interface gig 0/3/0/5
ipv4 address 9.9.9.9/24
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
(config)#load rollback changes BGP_Change (or commit id)
#3
ipv4 address 9.19.9.9/24 no ipv4 address 9.19.9.9/24
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
(config)#load rollback changes to BGP_Change (or commit id)
Commit History Rollback
interface gig 0/3/0/5 interface gig 0/3/0/5
All changes back to and
ipv4 address 9.9.9.9/24
#3
ipv4 address 9.19.9.9/24 no ipv4 address 9.19.9.9/24
#4
ipv4 address 9.9.9.9/24 no ipv4 address 9.9.9.9/24 task read boot
task write boot
task execute bgp
router ospf 100 router ospf 100
!
area 0 area 0
router ospf 100
interface gig 0/3/0/0 no interface gig 0/3/0/0 area 0
area 1
no router bgp 100
no router bgp 100 interface pos 0/4/0/0
interface gig 0/3/0/2
interface gig 0/3/0/2 !
#5
no ipv4 address 9.19.9.9/24
no ipv4 address 9.19.9.9/24 interface gig 0/3/0/0 router static
interface gig 0/3/0/0
no ipv4 address 9.9.9.9/24 address-family ipv4 unicast
no ipv4 address 9.9.9.9/24
router ospf 100
0.0.0.0/0 7.1.9.1
router ospf 100 7.7.7.77/32 7.1.9.1
area 0
area 0 no interface gig 0/3/0/2
no interface gig 0/3/0/2 hostname Leif
no router bgp 100 no interface gig 0/3/0/0
no interface gig 0/3/0/0
line default
exec-timeout 1440 0
Target Configuration
interface pos 0/4/0/0
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
(config)#load rollback changes last 2
#3
ipv4 address 9.19.9.9/24 no ipv4 address 9.19.9.9/24 hostname Leif
line default
router ospf 100 router ospf 100 exec-timeout 1440 0
area 0 area 0 !
interface gig 0/3/0/2 no interface gig 0/3/0/2 taskgroup ops
task read boot
task write boot
task execute bgp
interface gig 0/3/0/0 interface gig 0/3/0/0
#4
!
ipv4 address 9.9.9.9/24 no ipv4 address 9.9.9.9/24
router ospf 100
area 0
router ospf 100 router ospf 100 area 1
area 0 area 0 interface pos 0/4/0/0
interface gig 0/3/0/0 no interface gig 0/3/0/0 !
router static
address-family ipv4 unicast
interface gig 0/3/0/2 interface gig 0/3/0/2 0.0.0.0/0 7.1.9.1
ipv4 address 9.19.9.9/24
#5
no ipv4 address 9.19.9.9/24
interface gig 0/3/0/0 interface gig 0/3/0/0 7.7.7.77/32 7.1.9.1
no ipv4 address 9.9.9.9/24 ipv4 address 9.9.9.9/24 hostname Leif
router ospf 100
line default
router ospf 100
area 0 area 0 exec-timeout 1440 0
no interface gig 0/3/0/2 interface gig 0/3/0/2 !
no interface gig 0/3/0/0 interface gig 0/3/0/0
taskgroup ops
area 0 !
exec-timeout 1440 0
taskgroup ops
no interface gig 0/3/0/2 task read boot
task write boot
Target Configuration
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
All or Nothing – Any semantic failure stops commit
hostname odin
line default
Active Configuration exec-timeout 1440 0
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Syntax Check Active Configuration
after each line After Commit
PASSES hostname odin
No Change line default
exec-timeout 1440 0
!
taskgroup ops
task read boot
interface gig 0/3/0/0
ipv4 address 9.9.9.9/24 Semantic Check task write boot
task execute bgp
taskgroup bgp during commit !
router static
task read bgp FAILS address-family ipv4 unicast
task write bgp BGP cannot be 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
taskgroup name
Target Configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Commit as much as possible, even if semantic check fails
hostname Olav
line default
Active Configuration exec-timeout 1440 0
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Syntax Check Active Configuration
after each line After Commit hostname Olav
PASSES line default
exec-timeout 1440 0
Partial Commit !
interface gig 0/3/0/0
ipv4 address 9.9.9.9/24
!
interface gig 0/3/0/0 taskgroup ops
ipv4 address 9.9.9.9/24 Semantic Check task read boot
taskgroup bgp during commit task write boot
task execute bgp
task read bgp FAILS !
task write bgp BGP cannot be router static
address-family ipv4 unicast
taskgroup name 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Target Configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Two or more users in config mode at same time
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
From Exec Mode
RP/0/RSP1/CPU0:viking-1# show running-config
Building configuration...
!! IOS XR Configuration 3.9.0.08I
!! Last configuration change at Tue Jul 21 16:58:36 2009 by ww
!
hostname viking-1
…
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• Default configurations not shown
show running isn’t effective for system inventory
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
• commit confirmed - Automatic rollback if not confirmed
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
• Interfaces can be preconfigured
Configuration will become active when matching HW inserted
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
• show – Display target config for current sub-mode
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
RP/0/RP0/CPU0:CRS#show running-config
Building configuration...
!! Last configuration change at 12:17:03 UTC Wed Jun 28 2006 by ww
!
hostname CRS
line default
exec-timeout 1440 0
…
RP/0/RP0/CPU0:CRS#show config commit list
SNo. Label/ID User Line Client Time Stamp
~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~
1 1000000296 ww con0_RP0_C CLI 12:17:03 UTC Wed Jun 28 2006
2 1000000295 ww con0_RP0_C CLI 12:16:47 UTC Wed Jun 28 2006
3 1000000294 ww vty0 CLI 12:09:03 UTC Wed Jun 28 2006
4 1000000293 admin vty0 CLI 06:47:51 UTC Wed Jun 28 2006
5 1000000292 admin vty0 CLI 06:47:18 UTC Wed Jun 28 2006
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
General ASR9000 Operation
IOS-XR software upgrade
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Packages are components of the software Security
Forwarding Base
Routing Min-Boot
Infra Diags
+ several others
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• PIEs are a delivery mechanism for packages
For mini, optional packages, and patches
• Package additions will be done via 3 steps
Add PIEs
Activate Packages
Commit installed software
• Install operations are performed from admin mode
Package
PIE
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Checking Installed Software Version and Packages
show install active <detail>
• Examples
asr9k-base-3.7.2.CSCsy23972.pie
asr9k-base-3.7.2.CSCsy55726.pie
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
• Packages can be added or upgraded
All existing packages must be included in upgrades
• 3 phase install
1. Add – Copy PIE and unpack
2. Activate – Restart with new code
3. Commit – Lock activated packages through reset
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
install add Command
Copy image to disk, verify, and unpack
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
install commit Command
Lock in activated software
RP/0/RSP0/CPU0:Nevada# reload
Some active software packages are not yet committed. Proceed?[confirm]
Fail safe mechanism in the event that activated software is “really bad”
Reloading or power cycling system returns to last committed version
Normal reload will prompt if software is uncommitted
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
RP/0/RSP0/CPU0:Nevada# show install active
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /bootflash/disk0/asr9k-os-mbi-3.7.2/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-mpls-3.7.2
disk0:asr9k-base-3.7.2.CSCsy23972-1.0.0
disk0:comp-asr9k-mini-3.7.2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
RP/0/RSP0/CPU0:Nevada#install remove disk0:asr9k-mpls-3.7.2 sync
Install operation 9 'install remove disk0:asr9k-mpls-3.7.2 synchronous' started
by user 'ww' on SDR Owner via CLI at 22:35:08 EDT Sun Jul 26 2009.
Info: This operation will remove the following package:
Info: disk0:asr9k-mpls-3.7.2
Info: After this install remove the following install rollback point will
Info: no longer be reachable, as the required packages will not be present:
Info: 4
Proceed with removing these packages? [confirm]
Install operation 9 completed successfully at 22:35:12 EDT Sun Jul 26 2009.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
RP/0/RSP0/CPU0:Nevada# show install log
Install operation 1 started by user 'ww' on SDR Owner via CLI at 21:06:09 UTC
Wed Feb 02 2000.
install add /tftp://7.1.1.1/asr9k-base-3.7.2.CSCsy23972.pie activate
Install operation 1 failed at 21:06:34 UTC Wed Feb 02 2000.
--------------------------------------------------------------------------------
Install operation 2 started by user 'ww' on SDR Owner via CLI at 21:58:15 EDT
Sun Jul 26 2009.
install add /tftp://7.1.1.1/asr9k-base-3.7.2.CSCsy23972.pie activate
Install operation 2 completed successfully at 21:59:08 EDT Sun Jul 26 2009.
--------------------------------------------------------------------------------
Install operation 3 started by user 'ww' on SDR Owner via CLI at 22:21:54 EDT
Sun Jul 26 2009.
install add /tftp://7.1.1.1/asr9k-mpls-p.pie-3.7.2 synchronous
Install operation 3 completed successfully at 22:22:14 EDT Sun Jul 26 2009.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
RP/0/RSP0/CPU0:Nevada# show install log 6 detail
Install operation 6 started by user 'ww' on SDR Owner via CLI at 22:28:55 EDT
Sun Jul 26 2009.
install deactivate disk0:asr9k-mpls-3.7.2 synchronous
Install operation 6 completed successfully at 22:29:49 EDT Sun Jul 26 2009.
Install logs:
Install operation 6 'install deactivate disk0:asr9k-mpls-3.7.2 synchronous'
started by user 'ww' on SDR Owner via CLI at 22:28:55 EDT Sun Jul 26 2009.
Info: Install Method: Parallel Process Restart
Info: The changes made to software configurations will not be
Info: persistent across system reloads. Use the command '(admin)
Info: install commit' to make changes persistent.
Info: Please verify that the system is consistent following the
Info: software change using the following commands:
Info: show system verify
Info: install verify packages
Install operation 6 completed successfully at 22:29:49 EDT Sun Jul 26 2009.
Summary:
Sub-operation 1:
Install method: Parallel Process Restart
Summary of changes on node 0/RSP0/CPU0:
Deactivated: asr9k-mpls-3.7.2
6 asr9k-mpls processes affected (0 updated, 0 added, 6 removed, 0 impacted)
Summary of changes on node 0/0/CPU0:
Deactivated: asr9k-mpls-3.7.2
1 asr9k-mpls processes affected (0 updated, 0 added, 1 removed, 0 impacted)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Packages can be added or upgraded
All versions must be consistent
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
IOS-XR IPv4 Routing
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
• Key Changes from IOS
• Static Routes
• IGPs
OSPF
ISIS
EIGRP
• BGP
• RPL
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
• Protocols are Address Family Neutral
CLI commands don’t assume IPv4
Knobs to enable/disable things per Address Family
• All configuration for IGPs is under protocol config mode
No routing commands under interfaces
Enable IGP by specifying interfaces rather than network commands
• More concise BGP configuration
Neighbor based
Flexible templates for reuse
Efficient policy via Route Policy Language (RPL)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
• All configuration under router ospf
• Enable by assigning interfaces to areas
Additional configuration for interfaces under that level
• Top level router ospf for IPv4 router ospfv3 for IPv6
router ospf 100
area 0 area 1
interface gig 0/4/0/0 interface gig 0/3/0/0
cost 40
bfd fast-detect
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
router ospfv3 32
area 0
interface GigabitEthernet0/5/0/0
!
interface GigabitEthernet0/5/0/1
cost 30
!
!
area 1
interface GigabitEthernet0/5/0/2
cost 40
passive
!
router ospf 101
area 0
interface GigabitEthernet0/5/0/0
!
interface GigabitEthernet0/5/0/1
!
interface GigabitEthernet0/5/0/2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
show ospf neighbor (detail)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
show ospf interface (brief)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
show ospf database
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
show ospf database (LSA type)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
ISIS Configuration Basics
• Enable by assigning interfaces to ISIS
• All configuration under router isis
net 49.0001.0000.0000.000c.00
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
router isis 7
net 49.0001.0000.0000.000c.00
interface Loopback0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/4/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/4/0/2
address-family ipv4 unicast
!
!
interface GigabitEthernet0/4/0/3
address-family ipv4 unicast
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
show isis neighbor
IS-IS 7 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 27 L1L2 Capable
CRS Gi0/4/0/1 0050.2abe.8df9 Up 25 L1L2 Capable
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 29 L1L2 Capable
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
show isis neighbor detail
IS-IS 7 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 22 L1L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 11.1.1.7*
Topologies: 'IPv4 Unicast'
Uptime: 01:12:39
GSR2 Gi0/4/0/1 0050.2abe.8df9 Up 23 L1L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 12.1.2.2*
Topologies: 'IPv4 Unicast'
Uptime: 03:37:17
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 26 L1L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 12.1.3.2*
Topologies: 'IPv4 Unicast'
Uptime: 03:37:17
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
show isis adjacency
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
show isis ipv4 route
C 1.1.1.1/32
is directly connected, Loopback0
L1 7.7.7.7/32 [20/115]
via 11.1.1.7, GigabitEthernet0/4/0/3, gsr7-admin
C 11.1.1.0/24
is directly connected, GigabitEthernet0/4/0/3
L1 11.1.2.0/24 [20/115]
via 12.1.3.2, GigabitEthernet0/4/0/2, GSR2
via 12.1.2.2, GigabitEthernet0/4/0/1, GSR2
C 12.1.2.0/24
is directly connected, GigabitEthernet0/4/0/1
C 12.1.3.0/24
is directly connected, GigabitEthernet0/4/0/2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
show isis topology
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Address Family Specific Configuration Modes
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
8.8.8.1/32 GigabitEthernet0/5/0/1.101
8.8.8.1/32 GigabitEthernet0/5/0/1.102
8.8.8.2/32 5.1.1.2
8.8.8.2/32 5.2.1.2
2.0.0.0/24 GigabitEthernet0/0/0/13 5.5.5.5 bfd fast-detect
!
router static address-family ipv6 unicast
2001:01b2:8e23::/48 2001:1:1::1
…
vrf foo
address-family ipv4 unicast
23.0.0.0/8 3.3.3.3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
• Key Concepts
• Configuration Basics
• Configuration Templates
• Monitoring BGP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
• Address Families
Configure separately
Must be initialized
• Configuration Templates
Neighbor Group
Session Group
Address Family Group
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
• Most configuration is address family specific
• Must be initialized under bgp global configuration
router bgp 600
address-family ipv4 unicast
address-familty ipv6 unicast
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
IPv4 unicast
IPv4 labeled unicast
IPv4 multicast
IPv4 tunnel
VPNv4 unicast
IPv4 MDT
IPv6 unicast
IPv6 multicast
IPv6 labeled unicast
VPNv6 unicast
l2vpn vpls-vpws
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Minimal Configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
router bgp 1
nsr
!
bgp router-id 32.12.123.137
address-family ipv4 unicast neighbor 183.2.3.2
address-family vpnv4 unicast remote-as 64900
neighbor 22.125.3.87 bfd fast-detect
remote-as 2144 bfd multiplier 4
description dummy-desc-100 bfd minimum-interval 100
update-source Loopback0 address-family ipv4 unicast
address-family ipv4 unicast send-community-ebgp
route-policy PASS in route-policy big-filter in
route-policy PASS out route-policy bock-martians out
next-hop-self as-override
! send-extended-community-ebgp
address-family vpnv4 unicast
route-policy PASS in vrf V88431:ABCD_GR_0
route-policy PASS out rd 8134:33431
next-hop-self address-family ipv4 unicast
! maximum-paths ebgp 6
neighbor 222.231.0.89 dynamic-med interval 1
remote-as 8151 redistribute connected route-policy dummy-pol
description dummy-descr-8 redistribute static
update-source Loopback0 vrf costa-rica
address-family ipv4 unicast rd 321:1
route-policy PASS in address-family ipv4 unicast
route-policy PASS out redistribute connected
next-hop-self !
! vrf Juarez:aaab-GS_1
address-family vpnv4 unicast rd 811:32222
route-policy PASS in address-family ipv4 unicast
route-policy PASS out maximum-paths ebgp 6
next-hop-self dynamic-med interval 1
! redistribute connected route-policy block-venus
vrf aruba redistribute static
rd 8231:1 !
address-family ipv4 unicast neighbor 2.1.21.4
redistribute connected remote-as 64900
! bfd fast-detect
vrf 9111:DEFG_0 bfd multiplier 4
rd 82:321 bfd minimum-interval 100
address-family ipv4 unicast address-family ipv4 unicast
maximum-paths ebgp 6 send-community-ebgp
dynamic-med interval 1 route-policy special-policy in
redistribute connected route-policy dummy-policy route-policy set-med out
redistribute static as-override
© 2012 Cisco and/or its affiliates. All rights reserved. send-extended-community-ebgp Cisco Confidential 71
af-group, session-group, and neighbor-group
• Hierarchy is supported
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
Reusable template for Address Family specific parameters
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Reusable template for both AF and session parameters
Neighbor Groups
inherit from all types
AFG AFG SG SG SG NG
AFG SG AFG SG
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
• show bgp summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
RP/0/RSP0/CPU0:loki#show bgp summary
BGP router identifier 2.2.2.2, local AS number 12
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 5
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
RP/0/RSP0/CPU0:loki#show bgp ipv4 unicast summary
BGP router identifier 2.2.2.2, local AS number 12
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 3
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
RP/0/RSP0/CPU0:loki#show bgp vpnv4 unicast summary
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 68541
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
RP/0/RSP0/CPU0:loki#show bgp vrf t1 summary
BGP VRF t1, state: Active
BGP Route Distinguisher: 10.0.0.1:0
BGP router identifier 10.1.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 68541
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
Where (direct or templates) did the final config come from?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
• Policy required on eBGP connections
• Maximum limits by default to provide protection
4000 peers (up to 15000 via bgp max neighbor)
Prefixes per peer per AF (more via max-prefix)
512K (524,288) prefixes for IPv4 unicast.
128K (131,072) prefixes for IPv4 multicast.
128K (131,072) prefixes for IPv6 unicast.
128K (131,072) prefixes for IPv6 multicast
512K (524,288) prefixes for VPNv4 unicast
512K (524,288) prefixes for VPNv6 unicast
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
• Programming Language
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
Control Flow Sets Using RPL
if, then, else Named vs. Inline Attach Points
Boolean Types BGP
Order of Ops AS Path Process
Community VPN
Hierarchy
Extended Com Show CMDs
Parameters
VPN RD IGP
Actions
Default
Pass
Redistribution
Drop
Set Show Commands
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
Basic Control Flow
If, then, else, elseif, endif…
• Branching options
if med eq 150 then
set local-preference 10
elseif med eq 200 then
set local-preference 60
else
set local-preference 0
endif
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
Keyword to
• Basic conditional statement access object
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
Nested Conditionals
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
Boolean (Logical) Operations
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 89
apply keyword to call other policies
route-policy one
set weight 100
end-policy
route-policy two
set med 200
end-policy
route-policy three
apply two
set community (2:666)
additive
end-policy
route-policy four
apply one
apply three
pass
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
List of policy parameters
route-policy one ($med)
set med $med
end-policy
Accessing the
route-policy two passed parameter
apply one (10)
end-policy Calling policy with
parameter
route-policy three ($med,$origin)
set med $med
set origin $origin
end-policy
route-policy four
apply three (10, incomplete)
Multiple parameters
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
RPL Actions
Define action (default is drop) and may affect control flow
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
BGP Attribute RPL Attribute RPL Operation
next-hop source pass / drop
weight destination suppress-route
local-preference route-type unsuppress-route
med rib-has-route length, unique-length
origin traffic-index set
as-path Dampening apply
community label If, then
ext community tag else, elseif
rd and, or, not
eq, neq, le, gt
in, is
ios-regex
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
• All comparisons performed on original value
Values set by RPL policy are not used downstream
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
• Define values to compare route object against
AS Path
Prefix
Community
Extended Community
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
Named and Inline Set Example
Same behavior
as-path-set named_set
ios-regex '_42$',
ios-regex '_127$'
end-set
route-policy use_named
if as-path in named_set then
pass
else
drop
endif
end-policy
route-policy use_inline
if as-path in (ios-regex '_42$', ios-regex '_127$') then
pass
else
drop
endif
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96
Prefix Set
Match object IP address & mask
• Address
• Mask Length
• Min and Max matching length
prefix-set galaga
171.68.118.0/24,
192.168.0.0/16 ge 16 le 30
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
AS Path Set
Match BGP AS Path
as-path-set aset1
ios-regex ’_42$’,
ios-regex ’_127$’
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
Community Set
Match BGP Community
community-set cset1
12:34,
12:78,
internet
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99
Extended Community Set
Match BGP Extended Community
• 3 types
BGP Route Target
EIGRP Cost
BGP Site of Origin
• Syntax depends on type
extcommunity-set rt rt_ext
5.5.5.5:32,
6.3.2.1:323,
4322:3244
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100
Route Distinguisher Set
Match VPN RDs
rd-set rd-set
10.0.0.0/8:*,
10.0.0.0/8:777,
10.0.0.0:*,
10.0.0.0:777
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 101
Using RPL - Attach Points
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
Attach Point - Policy for EBGP Peers
Required for route EBGP prefix exchange
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 103
show rpl route-policy [attachpoint]
Display policy and its users
RP/0/RP0/CPU0:CRS#show rpl route-policy foo
route-policy foo
pass
end-policy
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 104
show bgp policy route-policy <name>
Only display prefixes matching policy – filter show command
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 105
Editing RPL
RPL is the only part of config that can be changed in editor
route-policy remove_bootnet
if destination in (223.255.254.254, 223.255.254.253) then
drop
else
pass
endif
end-policy
!
[ Read 8 lines ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 106
prefix-set AAAA route-policy IIII-IN
83.0.0.0/11 if destination in CCCC-deny-in or as-path length ge 50 then
end-set drop
! elseif destination in DDDD-permit-in then
prefix-set BBBB if as-path in aset150 then
0.0.0.0/0 le 24 drop
end-set elseif as-path in (ios-regex '^20423_') then
! if community matches-any (5511:70) then
prefix-set CCCC-deny-in set local-preference 70
0.0.0.0/0 le 7, elseif community matches-any (5511:80) then
10.0.0.0/8 le 32, set local-preference 80
81.22.116.0/21 le 32, elseif community matches-any (5511:90) then
12.0.0.0/8 le 32, set local-preference 90
169.114.0.0/16 le 32, else
182.16.0.0/12 le 32, set local-preference 100
18.31.147.0/24 le 32, endif
20.140.11.0/24 le 32, set community (55:540, 55:512, 5211:989) additive
20.171.214.0/24 le 32, endif
224.0.0.0/3 le 32 endif
end-set end-policy
!
prefix-set DDDD-peer-permit-in route-policy JJJJ-in
0.0.0.0/0 le 24 if destination in ebgp-peer-deny-in or as-path length ge 50 then
end-set drop
! elseif destination in ebgp-peer-permit-in then
prefix-set ebgp-EEEE-permit-in if as-path in aset160 then
0.0.0.0/0 le 32 drop
end-set elseif as-path in (ios-regex '^174_') then
! set med 100
prefix-set FFFF set local-preference 85
80.0.0.0/11 le 32 set community (5511:666, 5511:700)
end-set endif
! endif
as-path-set GGGG end-policy
ios-regex '^3775_'
end-set
!
as-path-set HHHH
ios-regex '_(6449[6-9]|64[5-9][0-9][0-9])_',
ios-regex '_(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_',
ios-regex '_3316_',
ios-regex '_1239_',
ios-regex '_172_'
end-set
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 107
IOS-XR IPv6 Routing
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 108
Agenda – Native IPv6
Operation
• Enable IPv6
• Neighbor Discovery (ND)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 109
Enable v6 Stack
• IPv6 and/or IPv4 stack selectively enabled allowing applications to
talk over v4 or v6 transport
• XR CLI groups features within the respective v4/v6 address family to
simplify and structure intf + protocol configs
interface GigE0/0/1/0
ipv4 address x.x.x.x/x
• AF specific CLI syntax ipv6 address X::X/X
!
interface GigE0/0/1/0
RP/0/RP0/CPU0:r# sh ipv6 interface ipv6 address X::X/X
RP/0/RP0/CPU0:r# sh ipv4 interface !
IPv6 Enabled router isis IGP
Application address-family ipv4 unicast
GigE0/0/1/0 address-family ipv6 unicast
!
interface GigE0/0/1/0
address-family ipv4 unicast
TCP UDP v4 v6 address-family ipv6 unicast
!
interface GigE0/0/2/0
address-family ipv6 unicast
IPv4 IPv6 v6 v4 !
interface PoS0/1/0/0
0x0800 0x86dd address-family ipv4 unicast
!
Data Link (Ethernet) POS0/1/0/0 !
GigE0/0/2/0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 111
• ‘ipv6 address’ command activates IPv6 processing and forwarding
(IOS cmd ‘ipv6 unicast-routing’ NOT required in XR)
interface GigE0/0/1/0
ipv6 address 2001:0420:100::1/64
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 112
Keeps existing int IPv6 address
across new address IPv6 Loopback w/128 mask
configurations. v6
IPv6 p2p link w/126 mask
!
ipv6 conflict-policy static GigE0/0/2/0
! Host ID derived from MAC
interface Loopback6
ipv6 address 2001:0420:100:0::1/128 Prefix not advertised by
! ND
interface GigabitEthernet0/0/2/0
mtu 1214
ipv6 address 2001:0420:100:A::1/64 valid/preferred lifetime
enables seamless host
ipv6 address 2001:0420:100:B:B::1/126 renumbering (old-depreciated
ipv6 address 2001:0420:100:C::/64 eui-64 prefix w/ liftime decreased
ipv6 nd prefix 2001:0420:100:A::/64 no-adv to zero)
ipv6 nd prefix 2001:0420:100:B:B::/64 300 300
ipv6 nd prefix 2001:0420:100:C::/64 no-autoconfig
ipv6 nd reachable-time 1500
Indicates to hosts that
ipv6 nd dad attempts 0 specified prefix cannot be used
! for IPv6 autoconfiguration.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 113
RP/0/RP0/CPU0:R11(config-if)#mtu 1240
RP/0/RP0/CPU0:R11(config-if)#comm
v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 115
RP/0/RP0/CPU0:R11# sh ipv6 int gig 0/0/2/0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 116
ND neighbor cache
entries
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 118
Neighbor Discovery
(ICMPv6 ND RFC2461)
v6 v6
v6 v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 120
RA!
v6 v6
RP/0/RP0/CPU0:R11(config)# do debug ipv6 nd events
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 121
MC
NS! FF02::1:FFb8:3764
v6 UC v6
FE08::21a:6dff:fe79:9e71 NA!
2001:420:100:c:21a:a1ff:feb8:3764
RP/0/RP0/CPU0:R11# debug ipv6 nd events MAC ?
RP/0/RP0/CPU0:R11# ping 2001:420:100:c:21a:a1ff:feb8:3764
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 122
Agenda – Native IPv6
Unicast Routing
• OSPFv3 (RFC5340)
• IS-IS (RFC5120/RFC5308)
• MP-BGP4 (RFC4760/2545)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 123
OSPFv3
(RFC5340)
OPSFv3 & v2 are indpendent processes that run concurrently
and operate as ships in the night
OSPFv3 based on v2 w/ enhancements1):
Neighbor discovery & adjacency formation mechanisms are
identical
Same interface types: P2P, P2MP, Broadcast, NBMA, Virtual
LSA flooding and aging mechanisms are identical
Nearly identical LSA types w/ two new types in addition
Same 5 packet types w/ some fields changed
Runs directly over IPv6 (port 89)
1) http://tools.ietf.org/html/rfc5340#page-5
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 125
Link-LSA (LSA Type 0x2008) link-local flooding scope:
1. Carries v6 link local address used for NH calculation
2. Advertise v6 global address to routers on the link (multi-access link)
3. Convey router options to DR on the link
RP/0/2/CPU0:R12# sh ospfv3 dat link
RP/0/2/CPU0:R12# sh ospfv3 dat dat
OSPFv3 Router with ID (144.254.100.2)
(Process ID 100)
OSPFv3 Router with ID (144.254.100.2) (Process ID 100)
Link (Type-8) Link States (Area 0)
Area 0 database summary
LSA Type Count Delete Maxage Checksum
LS age: 288
Router 2 0 0 0xefed
Options: (V6-Bit E-Bit R-Bit DC-Bit)
Network 1 0 0 0x71a6
LS Type: Link-LSA (Interface: GigabitEthernet0/1/0/0)
Link 3 0 0 0x162ba
Link State ID: 13 (Interface ID)
Prefix 3 0 0 0x174ff
Advertising Router: 144.254.100.1
Inter-area Prefix 2 0 0 0x10abc
LS Seq Number: 80000007
Inter-area Router 0 0 0 0x0
Checksum: 0x6e2a
Type-7 Ext 0 0 0 0x0
Length: 64
Grace 0 0 0 0x0
Router Priority: 1
Unknown Link 0 0 0 0x0
Link Local Address: fe80::21a:6dff:fe79:9e71
Unknown Area 0 0 0 0x0
Number of Prefixes: 1
Subtotal 11 0 0 0x54408
Prefix Address: 2001:420:100:a::
Prefix Length: 126, Options: None
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 126
Intra-Area-Prefix-LSA (LSA Type 0x2009) area flooding scope:
Carries all IPv6 prefix information that in OSPVv2 is included in
Router-LSAs and Network-LSAs (Link-Local addresses NOT
included)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 127
v4 v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 128
v4 v6
O 2001:420:100:f::2/128
[110/5400] via fe80::21a:a1ff:feb8:3764, 00:00:20,GigabitEthernet0/0/5/0
O 2001:420:100:f::4/128
[110/5400] via fe80::21a:a1ff:feb8:39bc, 00:00:19, GigabitEthernet0/0/5/2
Multi-Topology (MT)2)
Independent IPv4 and IPv6 topologies
[IOS]: multi-topology [transition]
Independent v4/v6 interface config + metrics
Transition mode3) during ST v6-to-v4/v6 MT migration
(i.e. single- and multi-topology TLVs advertised/accepted)
1) RFC 5308
2) RFC 5120
3)© 2012
IOS: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-is-is.html#wp1087840
Cisco and/or its affiliates. All rights reserved. Cisco Confidential 132
IS-IS MT default in IOS-XR with support to maintain a set of
independent topologies for:
IPv4 Unicast
IPv6 Unicast Routes from IS-IS multicast topology1) are inserted into
multicast-unicast Routing Information Base (muRIB)
IPv4 Multicast table for the corresponding address-family. PIM uses
IPv6 Multicast muRIB, i.e PIM uses routes from multicast topology
instead of unicast topology.
1) http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/routing/configuration/guide/rc37isis.html#wp1261281
2)© 2012
RFC5120
Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
v4 v6
Adjacencies
RP/0/RP0/CPU0:R11# sh isis nei det
MT interfaces
RP/0/RP0/CPU0:R11# sh isis interface brief
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 136
v4 v6
i L1 2001:420:100:f::2/128
[115/10] via fe80::21a:a1ff:feb8:3764, 01:02:25,
GigabitEthernet0/0/5/0
i L1 2001:420:100:f::4/128
[115/10] via fe80::21a:a1ff:feb8:39bc, 01:06:09,
© 2012 Cisco and/or its affiliates. All rights reserved. GigabitEthernet0/0/5/2 Cisco Confidential 137
Multi-Protocol BGP
(RFC4760/2545)
BGP-4 carries only 3 pieces of information which are truly
IPv4 specific:
1.) IPv4 Prefix (NLRI in UPDATE message)
2.) IPv4 Next-Hop (NEXT_HOP path attribute in UPDATE
message)
3.) BGP Identifier (OPEN message and AGGREGATOR attribute)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 139
MP-BGP capability negotiation during session establishment
using capability parameter in OPEN message:
RP/0/RP0/CPU0:R11# sh bgp neighbors
!
! No NH rewrite (see ff. slides)
neighbor 2001:420:100:b::2
remote-as 65100
address-family ipv6 unicast
route-policy pass-all in
route-policy pass-all out
RP/0/RP0/CPU0:R11#sh tcp brief v6/TCP
PCB VRF-ID R-Q S-Q Local Address Foreign Address State
!
0x482 0x6000 0 0 2001:420:100:b::1:51474 2001:420:100:b::2:179 ESTAB
!
0x482 0x6000 0 0 2001:420:100:f::1:51980 2001:420:100:f::2:179 ESTAB
neighbor 2001:420:100:f::2
remote-as 65000
RP/0/RP0/CPU0:R11#sh bgp ipv6 all sum | b Neigh
update-source Loopback0
Neighbor Spk AS MsgR MsgS TblVer InQ OutQ Up/Down St/PfxRcd
address-family ipv6 unicast
2001:420:100:b::2 0 65100 18 19 4 0 0 00:14:52 1
!
2001:420:100:f::2 0 65000 231 228 4 0 0 03:30:38 1
!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 141
Non-Link Local Peering using global unicast IPv6 addresses
router bgp 65000 …
! !
address-family ipv6 unicast neighbor 2001:420:100:f::2
! remote-as 65000
neighbor 2001:420:100:b::2 update-source Loopback0
remote-as 65100 address-family ipv6 unicast
address-family ipv6 unicast
route-policy pass-all in
route-policy pass-all out
!
…
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 142
v4 v6
route-policy AS65100-PASS …
pass !
end-policy neighbor-group IBGPv6-RR-CLIENTS
! use session-group IBGPv6
router bgp 65000 address-family ipv6 unicast
bgp router-id 144.254.100.1 use af-group IBGPv6
bgp graceful-restart graceful-reset !
bgp graceful-restart neighbor 2001:833::1:99
nsr Prefix Advertisement use neighbor-group IBGPv6-RR-CLIENTS
! ...
address-family ipv6 unicast !
network 2001:766:ffee:1::/64 neighbor 2001:934:1b:12aa::19 eBGP Inbound/
! remote-as 65100 outbund routing
af-group IBGPv6 address-family ipv6 unicast policy enforcement
password encrypted 061DDA3CE84D0C01232063D5A
next-hop-self address-family ipv6 unicast
route-reflector-client route-policy AS65100-PASS in
soft-reconfiguration inbound always route-policy AS65100-PASS out
! soft-reconfiguration inbound always
session-group IBGPv6
remote-as 65000 AF-Group: AF-specific neighbor command grouping
password encrypted 011EEE5C301C56221C644FDD18
description RR1 client
update-source Loopback0
! Inbound Route-Refresh Capability (RFC2918)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 143
v4 v6
Neighbors
RP/0/5/CPU0:3A# sh bgp ipv6 unicast sum
BGP router identifier 222.255.0.3, local AS number 65100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0800000
BGP main routing table version 2866
BGP scan interval 60 secs
BGP Table
RP/0/5/CPU0:3A# sh bgp ipv6 unicast
BGP router identifier 222.255.0.3, local AS number 65100
...
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i12::/48 222.255.0.1 0 100 0 ?
*>i 222:255::1 0 100 0 ?
* i22::/48 222.255.0.2 0 100 0 ?
...
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 144
v4 v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 147
LDPv4 Label
Outer label providing connectivity to destination 6PE
MP-BGP Label
Inner label used by egress 6PE for v6 forwarding (pop label + v6
lookup)
Referred to as ‘Aggregate IPv6 Label‘
MP-iBGP carries Length(8bit), Label(24bit) and v6 address(128bit)
AFI =2(IPv6), SAFI = 4(Labeled)
LDP Label MP-BGP Label IPv6 packet
To 10.0.0.101 To 2001:1::1 To 2001:1::1
::ffff:A.B.C.D (e.g.::ffff:141.244.100.1)
1) http://www.ietf.org/rfc/rfc4291.txt
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 148
MPLS IPv4 Core Network
6PE P P 6PE
CE v4 CE
v4/6 v4 v4 v4/6 v4/6
222.255.0.1
6PE P P 222.255.0.3
2001:DB8:100:beef::1
CE CE
v6 v4/6 v4 v4 v4/6 v6
6PE
6PE eBGP:
IPv6 Prefix (AFI2 / Sub-AFI1)
MP-iBGP: NH : IPv6 Address (A:B:C::D)
IPv6 Prefix + Label (AFI2 / Sub-AFI4)
NH : IPv4 Mapped IPv6 Address (::FFFF:a.b.c.d)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 149
v4 v6
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 150
v4 v6
AF Neighbors
RP/0/9/CPU0:1A# sh bgp ipv6 labeled-unicast sum
BGP router identifier 222.255.0.1, local AS number 65100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0800000
BGP main routing table version 2681
BGP scan interval 60 secs
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 151
6VPE – v6 VPN PE
(RFC4659)
v6 VPN connectivity over IPv4-MPLS core
Core uses IPv4 control plane (LDPv4, TEv4, IGPv4, MP-BGP)
v6 reachability exchanged via iBGP (MP-BGP)
v6 packets transported inside MPLS
v6 transit inherits benefits from v4 MPLS (e.g. FC, TE, etc.)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 153
Similar to 6PE: Use MP-BGP for Inner and LDP for Outer label
MP-BGP
RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address
MP-iBGP carries Length(8bit), Label(24bit) and VPNv6 address
(RD(64bit)+IPv6 address(128bit))
AFI =2(IPv6), SAFI = 128(VPN)
LDP Label MP-BGP Label IPv6 packet
To 10.0.0.101 To 2001:1::1 To 2001:1::1
::ffff:A.B.C.D (e.g.::ffff:141.244.100.1)
fixed v4 NH of 6PE Router
1) http://www.ietf.org/rfc/rfc4291.txt
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 154
MPLS IPv4 Core Network
6VPE P P 6VPE
CE v4 CE
v4/6 v4 v4 v4/6 v4/6
222.255.0.1
6PE P P 222.255.0.3
2001:DB8:100:beef::1
VRF VRF
CE CE
v6 v4/6 v4 v4 v4/6 v6
6VPE
6VPE eBGP:
IPv6 Prefix (AFI2 / Sub-AFI1)
MP-iBGP: NH : IPv6 Address (A:B:C::D)
VPNv6 Prefix (RD+IPv6) + Label (AFI2 / Sub-AFI128)
RT: Route-Target Extended Community
NH : IPv4 Mapped IPv6 Address (::FFFF:a.b.c.d)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 155
v4 v6
vrf 6VPE-RED
address-family ipv6 unicast
import route-target
v6 VRF Definition (name RT import/export) 6:4
!
export route-target
6:3
!
router bgp 65100
bgp router-id 222.255.0.3
!
address-family vpnv6 unicast
AF VPNv6 Initialization !
session-group IBGP_IPv6
remote-as 65100
update-source Loopback0
!
neighbor-group IBGP_6VPE
Enable VPNv6 AF under neighbor or neighbor-group
use session-group IBGP_IPv6
address-family vpnv6 unicast
!
neighbor 222.255.0.1
use neighbor-group IBGP_6VPE
!
neighbor 222.255.0.1
use neighbor-group IBGP_6VPE
v6 VRF Definition (RD) !
vrf 6VPE-RED
rd 6:3
address-family ipv6 unicast
Setup eBGP to v6 CE inside VRF redistribute connected
!
neighbor 222:0:31::2
remote-as 300
address-family ipv6 unicast
route-policy pass-all in
route-policy pass-all out
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 156
!
v4 v6
AF Neighbors
RP/0/9/CPU0:1A# sh bgp vpnv6 uni sum
BGP router identifier 222.255.0.1, local AS number 65100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0
BGP main routing table version 53
BGP scan interval 60 secs
VRF Status
RP/0/5/CPU0:3A# sh vrf 6VPE det
VRF Routes
RP/0/9/CPU0:1A# sh route vrf 6VPE ipv6
S 13::/48
[1/0] via 222:255:13::2, 1d10h
C 222:255:13::/64 is directly connected,
1d10h, GigabitEthernet0/0/0/2.121
L 222:255:13::1/128 is directly connected,
1d10h, GigabitEthernet0/0/0/2.121
B 2001:db8:100:beef::1/128
[200/0] via ::ffff:222.255.0.3 (nexthop in vrf default), 00:16:54
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 158
Thank you