ASR9k - QuickStart Day 1 PDF

Telefónica del Perú
ASR-9000 Quick Start – Day 1

Gianpietro Lavado
SP Systems Engineer Marzo 2013
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Day 1
•  General ASR9000 architecture – 9.00am – 10.30am
•  General ASR9000 operation (theory & lab) – 10.30am – 1.00pm
•  Lunch – 1.00pm – 2.30pm
•  Routing IPv4/IPv6 (theory & lab) – 2.30pm – 6.00pm
ASR-9000 Architecture
 Ethernet Optimized Aggregation Routers
  1, 6, 10, & 22 slot chassis
  40 to 360 Gbps line cards
  440 Gbps per slot switch fabric
 Highly Available Hardware
 IOS XR Operating System
1/2 Rack – 8 Line Cards
Line RSP0 20xGE +

Cards 2xTenGE
Fabric
4xTenGE Fabric 8xTenGE
Fabric 16xTenGE
40xGE (4:3 Oversub)
Fabric
8xTenGE SIP-700
(4:3 Oversub) RSP1
Fans
Fans
Power Power Power
Power Power Power
1/4 Rack – 4 Line Cards
Fans Fans
RSP0
Line Line
Fabric
Cards Cards
Fabric
Fabric
Line Line
Fabric
Cards Cards
RSP1
Power Power Power
Rear view showing exhaust

and AC power connections
ASR 9010
Line RSP0 Future
Cards LCs
Fabric
20xGE +
4xTenGE Fabric 2xTenGE
Fabric 8xTenGE
40xGE
ASR 9010 Fan Tray Line Rate
Fabric
8xTenGE 20G
 Fans unique to chassis (Oversub) RSP1 SIP-700
 Variable speed for: Fans
 Ambient temperature variation
DC Supplies Fans
 Redundancy
Power Power Power
A
B 2.1 kW Power Power Power
A
B 2.1 kW   6 & 10 slot use same power supplies
  Base 9006 system is ~650W
  Any supply can power any card
AC Supplies   Power draw shared evenly
  Plan for both power feed and PS redundancy
  1.5kW DC supply also available
A 3 kW   Allows reduced breaker rating
  AC is 220V Single Phase
Power Supply B 3 kW   Power & Fans will support future cards
ASR 9006
Fans Fans
RSP0
Line Line
Fabric
Cards Fabric Cards
ASR 9006 Fan Tray Fabric Line
Line
Fabric
 Fans unique to chassis Cards RSP1 Cards
 Variable speed for: Power Power Power
 Ambient temperature variation
 Redundancy DC Supplies
A  Modular Power Architecture (9006 & 9010)

B 2.1 kW  Number of Power Supplies based on
A  Number of line cards
B 2.1 kW  Type of line cards
 Power redundancy requirements
AC Supplies  Base 9006 system is ~550W
 40G LCs are ~310W
A 3 kW  80G Line Rate LC is ~565W
 Tools available for power planning
Power Supply B 3 kW
Original RSP2 RSP440
Processors 2 x 1.5GHz Freescale 8641D Intel x86 Jasper Forest 4 Core

CPU 2.27 GHz
RAM (user expandable) 4GB @133MHz SDR 6GB (RSP440-TR) and 12GB
(RSP440-SE) version
8GB
@1066MHz DDR3
Cache L1: 32KB L1: 32KB per Core
L2: 1MB L2: 8MB shared
Primary persistent storage 4GB 16GB - SDD
Secondary persistent 30GB - HDD 16GB - SDD

storage (HD/SSD)
USB 2.0 port No Yes
Acceleration / Security No Yes
HW assisted CPU queues No Yes
nV Cluster – EOBC ports No Yes, 2 x 1G/10G SFP+
Switch fabric bandwidth 184G/slot (with dual RSP) 440G/slot (with dual RSP)
RSP440
First-generation
LC (Trident NP)
A9K-40G A9K-4T A9K-8T/4 A9K-2T20G A9K-8T A9K-16T/8

Second-generation
LC (Typhoon NP)
MOD-80
ASR9K-24x10GE MOD-160
ASR9K-2x200GE
MPAs
20x1GE
2x10GE
4x10GE
1x40GE
2x40GE
ASR9K-36x10GE
© 2012 Cisco and/or its affiliates. All rights reserved. Module Port Adapters Cisco Confidential 10
High Level Packet Flow Ingress CEF, ACL,
QoS, & Stats
PHY Network Processor 0 Egress CEF, ACL,

QoS, & Stats
PHY NP1 Fabric
Interface
PHY NP2 ASIC Fabric 0
PHY NP3 Fabric 1

RSP0
PHY NP0 Fabric 0

Fabric 1
PHY NP1 Fabric RSP1
Interface
PHY NP2 ASIC
PHY NP3
Network Processors perform lookups and features on Ingress and Egress

All traffic passes through switch fabric
 Optimized Aggregation Routers
 Best in Class Infrastructure
 400G LC Ready
 Flexible Forwarding Architecture
 Advanced Switch Fabric
 Flexible Optics options
General ASR9000 Operation
Global configurations
Exec – Normal operations – monitoring interfaces, routing, CEF, VPNs, …
RP/0/RSP1/CPU0:viking-1#
show ipv4 interfaces brief show running-config
show install active show cef summary location 0/5/CPU0
show l2vpn xconnect
Config – Configuration for L3 Node
RP/0/RSP1/CPU0:viking-1(config)#
router bgp 100 l2vpn policy-map foo
mpls ldp ipv4 access-list block-junk
Admin – Chassis operations
RP/0/RSP1/CPU0:viking-1(admin)#
Config-register <0x1922> show platform
Admin Config
RP/0/RSP1/CPU0:viking-1(admin-config)#
username admin-root
Compare exec vs. admin mode
 XR interfaces use 4-5 layer naming RP/0/RSP1/CPU0:viking-1#show platform
 Rack Node Type State Config State
----------------------------------------------------------------
  0 for standalone 0/RSP0/CPU0 A9K-RSP-4G(Standby) IOS XR RUN PWR,NSHUT,MON
  > 0 for ASR 9000 for 2nd cluster router 0/RSP1/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
  > 0 for some systems in CRS Multi-chassis 0/0/CPU0 A9K-40GE-E IOS XR RUN PWR,NSHUT,MON
0/1/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
 Slot – LCs start with 0
 Bay – within a modular LC or 9001 system
RP/0/RSP1/CPU0:viking-1#admin show platform
 Port Wed Jul 22 09:23:32.482 EST
 Sub-interface – L2 or L3 (optional) Node Type State Config State
----------------------------------------------------------------
0/RSP0/CPU0 A9K-RSP-4G(Standby) IOS XR RUN PWR,NSHUT,MON
0/FT0/SP 0/FT1/SP 0/RSP0/CPU0 0/RSP1/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON
0/FT0/SP FAN TRAY READY
0/FT1/SP FAN TRAY READY
0/0/CPU0 A9K-40GE-E IOS XR RUN PWR,NSHUT,MON
Fans Fans
0/1/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON
0/PM0/SP A9K-3KW-AC READY PWR,NSHUT,MON
RSP0 0/PM1/SP A9K-3KW-AC READY PWR,NSHUT,MON
Line Line
Fabric
Cards Cards
Fabric
interface ten[Rack/Slot/Bay/Port.Sub]
Fabric
Line Line
Fabric
Cards Cards
RSP1
0/PM1/SP
Power Power
•  Building blocks for on-box authorization scheme
•  4 types of permissions per task

Read
Write Tasks
aaa config-services hsrp netflow sbc
Execute acl crypto interface network snmp
admin diag inventory ospf sonet-sdh
Debug
atm disallowed ip-services ouni static
basic-services drivers ipv4 pkg-mgmt sysmgr
bcdl eigrp ipv6 pos-dpt system
bfd ext-access isis ppp transport
bgp fabric logging qos tty-access
boot fault-mgr lpts rib tunnel
bundle filesystem monitor rip universal
cdp firewall mpls-ldp root-lr vlan
cef fr mpls-static root-system vrrp
cisco-support hdlc mpls-te route-map
config-mgmt host-services multicast route-policy
Read Write Execute Debug
aaa aaa aaa aaa
acl acl acl acl
admin admin admin admin
atm atm atm atm
basic-services basic-services basic-services basic-services
bcdl bcdl bcdl bcdl
bfd bfd bfd bfd
bgp bgp bgp bgp
taskgroup basic-admin
usergroup noc-staff
task read acl
taskgroup operator
task read bfd
taskgroup basic-admin
task read bgp
inherit usergroup all-users
task write acl
!
task write bfd
usergroup allusers
task write bgp
taskgroup basic-stuff
task debug bgp
RP/0/5/CPU0:iox(config)#describe router bgp 100
Package:
c12k-rout
c12k-rout V3.3.0[00] Routing protocols for 124xx
Vendor : Cisco Systems
Desc : Routing protocols for 124xx
Build : Built on Wed May 10 10:30:27 UTC 2006
Source : By edde-bld1 in /vws/aga/production/3.3.0…
Card(s): RP, DRP, DRPSC
Restart information:
Default:
parallel impacted processes restart
Component:
ipv4-bgp V[r33x/3] IPv4 Border Gateway Protocol (BGP)
User needs ALL of the following taskids:
bgp (READ WRITE)
•  Two Stage Commit
•  Config History Database
•  Rollback
•  Atomic vs. Best Effort
•  Multiple Config Sessions
hostname Leif
line default
Active Configuration exec-timeout 1440 0
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
hostname Leif
line default
exec-timeout 1440 0
Enter Proposed Changes Active Configuration !
After Commit Interface gig 0/3/0/0
ipv4 address 9.9.9.9/24
!
taskgroup ops
interface gig 0/3/0/0 task read boot
ipv4 address 9.9.9.9/24 task write boot
task execute bgp
Commit !
router ospf 100 router ospf 100
area 0 area 0
interface gig 0/3/0/0 Changes take effect interface gig 0/3/0/0
area 1 area 1
interface ten 0/2/0/0.1 interface ten 0/2/0/0.1
!
router static
Target Configuration 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Syntax first, then full check during commit hostname Leif
line default
exec-timeout 1440 0
Active Configuration !
taskgroup ops
Before Commit task read boot
task write boot
task execute bgp
!
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
hostname Leif
line default
Syntax Check Active Configuration exec-timeout 1440 0
!
after each line After Commit Interface gig 0/3/0/0
!
taskgroup ops
task execute bgp
router ospf 100
area 0
Semantic Check !
router ospf 100
interface gig 0/3/0/0 during commit area 0
interface gig 0/3/0/0
area 1 area 1
interface ten 0/2/0/0.1 interface ten 0/2/0/0.1
!
router static
7.7.7.77/32 7.1.9.1
Commit History Unique ID Automatically
Generated
router ospf 100

#1
area 0
interface gig 0/3/0/5 Earlier commit
with optional label
router bgp 100
neighbor 5.5.5.5
#2
remote-as 87
BGP_Change
Changes added to
commit history
router ospf 100

#3
area 0
hostname Leif
line default
Enter Proposed Changes
router ospf 100

#4 exec-timeout 1440 0
area 0
!
Interface gig 0/3/0/0
!
taskgroup ops
router ospf 100 task execute bgp
area 0 Commit !
router ospf 100
interface gig 0/3/0/0 area 0
area 1 interface gig 0/3/0/0
interface ten 0/2/0/0.1 area 1
interface ten 0/2/0/0.1
!
router static
Target Configuration address-family ipv4 unicast
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
(config)#load rollback changes BGP_Change (or commit id)
 Just a paste operation Commit History Rollback

 Can be edited
 Still requires commit interface gig 0/3/0/5
#1
no ipv4 address 9.9.9.9/24

area 0 area 0
interface gig 0/3/0/5 no interface gig 0/3/0/5
router bgp 100

neighbor 5.5.5.5
#2 no router bgp 100
Another entry in commit
remote-as 87
BGP_Change
history generated
interface gig 0/3/0/2 interface gig 0/3/0/2
#3
ipv4 address 9.19.9.9/24 no ipv4 address 9.19.9.9/24
router ospf 100

area 0
router ospf 100
area 0
hostname Leif
line default
exec-timeout 1440 0
#4

!
area 0
area 0
no interface gig 0/3/0/0
Interface gig 0/3/0/0
!
no router bgp 100 #5 router bgp 100
neighbor 5.5.5.5
taskgroup ops
remote-as 87
task read boot

task write boot
task execute bgp
!
router ospf 100
no router bgp 100 area 0
area 1
interface ten 0/2/0/0.1
Commit !
router static
7.7.7.77/32 7.1.9.1
(config)#load rollback changes to BGP_Change (or commit id)
Commit History Rollback
All changes back to and
router ospf 100

#1 no ipv4 address 9.9.9.9/24
router ospf 100

including those made with
the commit referenced
area 0 area 0
 Load multiple rollbacks

 Careful not to overshoot router bgp 100

neighbor 5.5.5.5
remote-as 87
BGP_Change
#3

area 0 area 0 hostname Leif
interface gig 0/3/0/2 no interface gig 0/3/0/2 line default
exec-timeout 1440 0
!
taskgroup ops
#4
ipv4 address 9.9.9.9/24 no ipv4 address 9.9.9.9/24 task read boot
task write boot
task execute bgp
!
area 0 area 0
router ospf 100
interface gig 0/3/0/0 no interface gig 0/3/0/0 area 0
area 1
no router bgp 100
no router bgp 100 interface pos 0/4/0/0
interface gig 0/3/0/2 !
#5
no ipv4 address 9.19.9.9/24 interface gig 0/3/0/0 router static
no ipv4 address 9.9.9.9/24 address-family ipv4 unicast
router ospf 100
0.0.0.0/0 7.1.9.1
router ospf 100 7.7.7.77/32 7.1.9.1
area 0
area 0 no interface gig 0/3/0/2
no interface gig 0/3/0/2 hostname Leif
no router bgp 100 no interface gig 0/3/0/0
line default
exec-timeout 1440 0

taskgroup ops
task read boot
no ipv4 address 9.19.9.9/24 task write boot
task execute bgp

router ospf 100
area 0
no ipv4 address 9.9.9.9/24 area 1
interface pos 0/4/0/0
!
router static
router ospf 100 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
area 0 hostname Leif

line default
exec-timeout 1440 0
no interface gig 0/3/0/2 !
no interface gig 0/3/0/0 Commit taskgroup ops

task read boot
task write boot
task execute bgp
!
router ospf 100
area 0
area 1
Target Configuration
!
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
(config)#load rollback changes last 2
Commit History Rollback

router ospf 100

#1 no ipv4 address 9.9.9.9/24
router ospf 100

area 0 area 0
router bgp 100

neighbor 5.5.5.5
remote-as 87
BGP_Change
#3
ipv4 address 9.19.9.9/24 no ipv4 address 9.19.9.9/24 hostname Leif
line default
router ospf 100 router ospf 100 exec-timeout 1440 0
area 0 area 0 !
interface gig 0/3/0/2 no interface gig 0/3/0/2 taskgroup ops
task read boot
task write boot
task execute bgp
#4
!
router ospf 100
area 0
router ospf 100 router ospf 100 area 1
area 0 area 0 interface pos 0/4/0/0
interface gig 0/3/0/0 no interface gig 0/3/0/0 !
router static
interface gig 0/3/0/2 interface gig 0/3/0/2 0.0.0.0/0 7.1.9.1
#5
interface gig 0/3/0/0 interface gig 0/3/0/0 7.7.7.77/32 7.1.9.1
no ipv4 address 9.9.9.9/24 ipv4 address 9.9.9.9/24 hostname Leif
router ospf 100
line default
router ospf 100
area 0 area 0 exec-timeout 1440 0
no interface gig 0/3/0/2 interface gig 0/3/0/2 !
no interface gig 0/3/0/0 interface gig 0/3/0/0
taskgroup ops

task write boot
task execute bgp
no ipv4 address 9.19.9.9/24 !
router ospf 100
interface gig 0/3/0/0 area 0

area 1
no ipv4 address 9.9.9.9/24 !
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
router ospf 100 hostname Leif
line default
area 0 !
exec-timeout 1440 0
taskgroup ops
no interface gig 0/3/0/2 task read boot
task write boot

Commit !
task execute bgp
router ospf 100

area 0
area 1
!
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
All or Nothing – Any semantic failure stops commit
hostname odin
line default
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Syntax Check Active Configuration
after each line After Commit
PASSES hostname odin
No Change line default
exec-timeout 1440 0
!
taskgroup ops
task read boot
ipv4 address 9.9.9.9/24 Semantic Check task write boot
task execute bgp
taskgroup bgp during commit !
router static
task read bgp FAILS address-family ipv4 unicast
task write bgp BGP cannot be 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
taskgroup name
Commit as much as possible, even if semantic check fails
hostname Olav
line default
Before Commit !
taskgroup ops
task read boot
task write boot
task execute bgp
!
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Syntax Check Active Configuration
after each line After Commit hostname Olav
PASSES line default
exec-timeout 1440 0
Partial Commit !
!
interface gig 0/3/0/0 taskgroup ops
ipv4 address 9.9.9.9/24 Semantic Check task read boot
taskgroup bgp during commit task write boot
task execute bgp
task read bgp FAILS !
task write bgp BGP cannot be router static
taskgroup name 0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
Two or more users in config mode at same time
Use config exclusive to block

other users from committing
Enter Proposed Changes Enter Proposed Changes

ipv4 address 9.9.9.9/24 ipv4 address 9.9.9.7/24

area 0 area 2
area 1 area 4
interface gig 0/4/0/0 interface gig 0/4/0/0 One or more commits have occurred from
other configuration sessions since this
session started or since the last commit
was made from this session.
First to Commit Second to Commit You can use the 'show configuration commit
changes‘ command to browse the changes.
Do you wish to proceed with this commit
Normal Commit anyway? [no]:
only first user’s changes
From Exec Mode
RP/0/RSP1/CPU0:viking-1# show running-config
Building configuration...
!! IOS XR Configuration 3.9.0.08I
!! Last configuration change at Tue Jul 21 16:58:36 2009 by ww
!
hostname viking-1
…
RP/0/RSP1/CPU0:viking-1# show config commit list

SNo. Label/ID User Line Client Time Stamp
~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~
1 1000000262 ww con0_RSP1_ CLI Tue Jul 21 16:58:36 2009
4 1000000259 ww con0_RSP0_ CLI Fri Jul 10 11:20:28 2009
5 1000000258 ww con0_RSP0_ CLI Fri Jul 10 11:19:35 2009
RP/0/RSP1/CPU0:viking-1# show config commit changes last 5

!! IOS XR Configuration 3.9.0.08I
route-policy out1
set community(1:1)
end-policy
RP/0/RSP1/CPU0:viking-1# show config sessions

Current Configuration Session Line User Date Lock
00000051-004c4104-00000000 con0_RSP1_ ww Tue Jul 21 16:58:22 2009
•  Default configurations not shown
show running isn’t effective for system inventory
•  Unconfigured interfaces not shown
•  Individual config blocks can be displayed
RP/0/RP0/CPU0:CRS#show run router bgp

router bgp 65000
!
neighbor 10.254.254.1
remote-as 1
route-policy inbound in
!
!
neighbor 192.168.0.1
remote-as 2
route-policy inbound in
•  commit confirmed - Automatic rollback if not confirmed
•  commit replace – Replaces active config with target (WARNING)
•  commit label – Adds label which can be used to reference commit
•  commit comment – Adds a comment (cannot be referenced)
•  clear – Clear target config, go to top level, stay in config mode
•  abort – Clear target config mode, exit config mode
•  Interfaces can be preconfigured
Configuration will become active when matching HW inserted
•  Future interface can be assigned to routing protocols
•  OIR moves configuration to preconfigured state
•  show – Display target config for current sub-mode
•  show config – Display entire target config
•  show config merged – Display target and active config together
•  show config running – Display active config
•  show config rollback – Display possible rollback options
•  show config failed – Display config that failed semantic check
RP/0/RP0/CPU0:CRS#show running-config
!! Last configuration change at 12:17:03 UTC Wed Jun 28 2006 by ww
!
hostname CRS
line default
exec-timeout 1440 0
…
RP/0/RP0/CPU0:CRS#show config commit list
SNo. Label/ID User Line Client Time Stamp
~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~
1 1000000296 ww con0_RP0_C CLI 12:17:03 UTC Wed Jun 28 2006
2 1000000295 ww con0_RP0_C CLI 12:16:47 UTC Wed Jun 28 2006
3 1000000294 ww vty0 CLI 12:09:03 UTC Wed Jun 28 2006
4 1000000293 admin vty0 CLI 06:47:51 UTC Wed Jun 28 2006
5 1000000292 admin vty0 CLI 06:47:18 UTC Wed Jun 28 2006
RP/0/RP0/CPU0:CRS#show config commit changes last 5

hostname CRS
policy-map edge
class prec_5
bandwidth remaining percent 50
RP/0/RP0/CPU0:CRS#show config sessions

Session Line User Date Lock
00000201-0014e0da-00000000 vty0 ww Wed Jun 28 12:58:14 2006 *
General ASR9000 Operation
IOS-XR software upgrade
  Packages are components of the software Security
  Modular install allows selective install Firmware
  Only required software is loaded Video
  Saves disk space Mgmt Optional Packages

Docs (installed separately)
  Mini is a group of the core packages
Services
  Must always be installed
Multicast
  Optional packages added as needed
MPLS
Forwarding Base
Routing Min-Boot
Infra Diags
+ several others
“Mini”- Required composite package
•  PIEs are a delivery mechanism for packages
For mini, optional packages, and patches
•  Package additions will be done via 3 steps
Add PIEs
Activate Packages
Commit installed software
•  Install operations are performed from admin mode
Package
PIE
Checking Installed Software Version and Packages
show install active <detail>
  Will be displayed for RP/RSP and line cards

  LC software will be different
e.g., No routing package
RP/0/RSP0/CPU0:Nevada#show install active detail

Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /bootflash/disk0/asr9k-os-mbi-3.7.2/mbiasr9k-rp.vm
Active Packages:
disk0:comp-asr9k-mini-3.7.2
disk0:asr9k-scfclient-3.7.2
disk0:asr9k-diags-3.7.2
disk0:asr9k-rout-3.7.2
disk0:asr9k-lc-3.7.2
disk0:asr9k-fwdg-3.7.2
disk0:asr9k-admin-3.7.2
disk0:asr9k-base-3.7.2
disk0:asr9k-os-mbi-3.7.2
•  SMUs allow fixes for specific bugs without full upgrade
•  Name includes platform, package, and bugId
•  Examples
asr9k-base-3.7.2.CSCsy23972.pie
asr9k-base-3.7.2.CSCsy55726.pie
•  Packages can be added or upgraded
All existing packages must be included in upgrades
•  3 phase install
1.  Add – Copy PIE and unpack
2.  Activate – Restart with new code
3.  Commit – Lock activated packages through reset
install add Command
Copy image to disk, verify, and unpack
RP/0/RSP0/CPU0:Nevada# admin install add tftp://7.1.1.1/asr9k-mpls-p.pie-3.7.2 sync

Install operation 3 'install add /tftp://7.1.1.1/asr9k-mpls-p.pie-3.7.2
synchronous' started by user 'ww' on SDR Owner via CLI at 22:21:54 EDT Sun Jul
26 2009.
Warning: This add operation will add the specified package to SDR: Owner only.
Warning: Any further operations on this package will only be allowed from SDR:
Warning: Owner.
Warning: If the package is meant to be added to the entire router, then please
Warning: stop this operation and perform the operation from the admin level.
Continue with the operation? [confirm]
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-mpls-3.7.2
Info:
Info: The package can be activated on the following SDR:
Info:
Info: Owner
Info:
Install operation 3 completed successfully at 22:22:14 EDT Sun Jul 26 2009.
 Copy pie from tftp, harddisk, flash, or other source

 Unpack pie into destination directory in disk
 Does not restart processes or trigger any changes to functionality
 Displays package name to activate in next step
Begin executing new software – start/restart processes
RP/0/RSP0/CPU0:Nevada# admin install activate disk0:asr9k-mpls-3.7.2 sync

Install operation 4 'install activate disk0:asr9k-mpls-3.7.2 synchronous'
started by user 'ww' on SDR Owner via CLI at 22:24:50 EDT Sun Jul 26 2009.
Info: Install Method: Parallel Process Restart
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
 Restart appropriate processes or nodes with new software

 May trigger reboot, depending on software being activated
 New functions will be available once activation completes
install commit Command
Lock in activated software
RP/0/RSP0/CPU0:Nevada# reload
Some active software packages are not yet committed. Proceed?[confirm]
RP/0/RSP0/CPU0:Nevada# admin install commit

Install operation 5 'install commit' started by user 'ww' on SDR Owner via CLI
at 22:27:13 EDT Sun Jul 26 2009.
 Fail safe mechanism in the event that activated software is “really bad”
 Reloading or power cycling system returns to last committed version
 Normal reload will prompt if software is uncommitted
RP/0/RSP0/CPU0:Nevada# show install active
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /bootflash/disk0/asr9k-os-mbi-3.7.2/mbiasr9k-rp.vm
Active Packages:
disk0:asr9k-mpls-3.7.2
disk0:asr9k-base-3.7.2.CSCsy23972-1.0.0
disk0:comp-asr9k-mini-3.7.2
RP/0/RSP0/CPU0:Nevada# install deactivate disk0:asr9k-mpls-3.7.2 sync

Install operation 6 'install deactivate disk0:asr9k-mpls-3.7.2 synchronous'
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
 Package’s features are no longer available

 Package is still “added” and on disk
 Package can be reactivated
RP/0/RSP0/CPU0:Nevada#install remove disk0:asr9k-mpls-3.7.2 sync
Install operation 9 'install remove disk0:asr9k-mpls-3.7.2 synchronous' started
by user 'ww' on SDR Owner via CLI at 22:35:08 EDT Sun Jul 26 2009.
Info: This operation will remove the following package:
Info: disk0:asr9k-mpls-3.7.2
Info: After this install remove the following install rollback point will
Info: no longer be reachable, as the required packages will not be present:
Info: 4
Proceed with removing these packages? [confirm]
 Package/PIE is completely removed

 install remove inactive available for cleaning up disk
RP/0/RSP0/CPU0:Nevada# show install log
Install operation 1 started by user 'ww' on SDR Owner via CLI at 21:06:09 UTC
Wed Feb 02 2000.
install add /tftp://7.1.1.1/asr9k-base-3.7.2.CSCsy23972.pie activate
Install operation 1 failed at 21:06:34 UTC Wed Feb 02 2000.
--------------------------------------------------------------------------------
Install operation 2 started by user 'ww' on SDR Owner via CLI at 21:58:15 EDT
Sun Jul 26 2009.
install add /tftp://7.1.1.1/asr9k-base-3.7.2.CSCsy23972.pie activate
--------------------------------------------------------------------------------
Sun Jul 26 2009.
install add /tftp://7.1.1.1/asr9k-mpls-p.pie-3.7.2 synchronous
RP/0/RSP0/CPU0:Nevada# show install log 6 detail
Sun Jul 26 2009.
install deactivate disk0:asr9k-mpls-3.7.2 synchronous
Install logs:
Install operation 6 'install deactivate disk0:asr9k-mpls-3.7.2 synchronous'
Info: The changes made to software configurations will not be
Info: persistent across system reloads. Use the command '(admin)
Info: install commit' to make changes persistent.
Info: Please verify that the system is consistent following the
Info: software change using the following commands:
Summary:
Sub-operation 1:
Install method: Parallel Process Restart
Summary of changes on node 0/RSP0/CPU0:
Deactivated: asr9k-mpls-3.7.2
6 asr9k-mpls processes affected (0 updated, 0 added, 6 removed, 0 impacted)
Summary of changes on node 0/0/CPU0:
Deactivated: asr9k-mpls-3.7.2
1 asr9k-mpls processes affected (0 updated, 0 added, 1 removed, 0 impacted)
  Packages can be added or upgraded
  All versions must be consistent
  Install from Admin Mode

  3 phase install
1.  Add – Copy package and unpack
2.  Activate – Start new code
3.  Commit – Lock down installed code
IOS-XR IPv4 Routing
•  Key Changes from IOS
•  Static Routes
•  IGPs
OSPF
ISIS
EIGRP
•  BGP
•  RPL
•  Protocols are Address Family Neutral
CLI commands don’t assume IPv4
Knobs to enable/disable things per Address Family
•  All configuration for IGPs is under protocol config mode
No routing commands under interfaces
Enable IGP by specifying interfaces rather than network commands
•  More concise BGP configuration
Neighbor based
Flexible templates for reuse
Efficient policy via Route Policy Language (RPL)
•  All configuration under router ospf
•  Enable by assigning interfaces to areas
Additional configuration for interfaces under that level
•  Top level router ospf for IPv4 router ospfv3 for IPv6
router ospf 100
area 0 area 1
interface gig 0/5/0/5 passive enable
cost 40
bfd fast-detect
router ospfv3 32
area 0
interface GigabitEthernet0/5/0/0
!
cost 30
!
!
area 1
cost 40
passive
!
router ospf 101
area 0
!
!
show ospf neighbor (detail)
RP/0/RSP0/CPU0:freya#show ospf neighbor

Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
1.1.3.3 1 FULL/DR 00:00:30 1.1.2.3 GigabitEthernet0/4/0/0
Neighbor is up for 2w5d
1.1.1.1 1 FULL/BDR 00:00:31 1.1.1.1 GigabitEthernet0/4/0/1
Total neighbor count: 2
RP/0/RSP0/CPU0:freya#show ospf neighbor detail

Neighbor 1.1.3.3, interface address 1.1.2.3
In the area 0 via interface GigabitEthernet0/4/0/0
Neighbor priority is 1, State is FULL, 6 state changes
DR is 1.1.2.3 BDR is 1.1.2.2
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:33
Number of DBD retrans during last exchange 0
Index 1/1, retransmission queue length 0, number of retransmission 1
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
show ospf interface (brief)
RP/0/RSP0/CPU0:freya#show ospf interface
GigabitEthernet0/4/0/0 is up, line protocol is up

Internet Address 1.1.2.2/24, Area 0
Process ID 1, Router ID 1.1.2.2, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 1.1.3.3, Interface address 1.1.2.3
Backup Designated router (ID) 1.1.2.2, Interface address 1.1.2.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Index 1/1, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 1 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.3.3 (Designated Router)
Suppress hello for 0 neighbor(s)
RP/0/RSP0/CPU0:freya#show ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C

Gi0/4/0/0 1 0 1.1.2.2/24 1 BDR 1/1
Gi0/4/0/1 1 0 1.1.1.2/24 1 DR 1/1
show ospf database
RP/0/5/CPU0:xr-router#show ospf database
OSPF Router with ID (1.1.2.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 1453 0x8000035a 0x004283 1
1.1.2.2 1.1.2.2 1773 0x8000035c 0x00c5db 2
1.1.3.3 1.1.3.3 751 0x80000362 0x002a86 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum

1.1.1.2 1.1.2.2 1773 0x8000035a 0x00efd8
1.1.2.3 1.1.3.3 751 0x8000035c 0x00efce
show ospf database (LSA type)
RP/0/5/CPU0:xr-router#show ospf database router
OSPF Router with ID (1.1.2.2) (Process ID 1)
Router Link States (Area 0)
Routing Bit Set on this LSA

LS age: 1390
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 1.1.1.1
Advertising Router: 1.1.1.1
LS Seq Number: 8000035a
Checksum: 0x4283
Length: 36
Number of Links: 1
Link connected to: a Transit Network

(Link ID) Designated Router address: 1.1.1.2
(Link Data) Router Interface address: 1.1.1.1
Number of TOS metrics: 0
TOS 0 Metrics: 1
ISIS Configuration Basics
•  Enable by assigning interfaces to ISIS
•  All configuration under router isis
router isis <label>
net 49.0001.0000.0000.000c.00
router isis 7
net 49.0001.0000.0000.000c.00
interface Loopback0
!
!
!
!
!
!
show isis neighbor
RP/0/RSP0/CPU0:loki#show isis neighbor
IS-IS 7 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 27 L1L2 Capable
CRS Gi0/4/0/1 0050.2abe.8df9 Up 25 L1L2 Capable
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 29 L1L2 Capable
show isis neighbor detail
RP/0/RSP0/CPU0:loki#show isis neighbor detail
IS-IS 7 neighbors:
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 22 L1L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 11.1.1.7*
Topologies: 'IPv4 Unicast'
Uptime: 01:12:39
GSR2 Gi0/4/0/1 0050.2abe.8df9 Up 23 L1L2 Capable
Uptime: 03:37:17
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 26 L1L2 Capable
Uptime: 03:37:17
show isis adjacency
RP/0/RSP0/CPU0:loki#show isis adjacency
IS-IS 7 Level-1 adjacencies:

System Id Interface SNPA State Hold Changed NSF BFD
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 20 01:13:58 Yes None
GSR2 Gi0/4/0/1 0050.2abe.8df9 Up 21 03:38:37 Yes None
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 29 03:38:37 Yes None
Total adjacency count: 3
IS-IS 7 Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF BFD
gsr7-admin Gi0/4/0/3 0005.dd32.5000 Up 25 01:13:59 Yes None
GSR2 Gi0/4/0/1 0050.2abe.8df9 Up 28 03:38:37 Yes None
GSR2 Gi0/4/0/2 0050.2abe.8dfa Up 24 03:38:37 Yes None
Total adjacency count: 3
show isis ipv4 route
RP/0/RSP0/CPU0:loki#show isis ipv4 route
IS-IS 7 IPv4 Unicast routes
Codes: L1 - level 1, L2 - level 2, ia - interarea (leaked into level 1)

df - level 1 default (closest attached router), su - summary null
C - connected, S - static, R - RIP, B - BGP, O - OSPF
i - IS-IS (redistributed from another instance)
Maximum parallel path count: 8
C 1.1.1.1/32
is directly connected, Loopback0
L1 7.7.7.7/32 [20/115]
via 11.1.1.7, GigabitEthernet0/4/0/3, gsr7-admin
C 11.1.1.0/24
is directly connected, GigabitEthernet0/4/0/3
L1 11.1.2.0/24 [20/115]
via 12.1.3.2, GigabitEthernet0/4/0/2, GSR2
via 12.1.2.2, GigabitEthernet0/4/0/1, GSR2
C 12.1.2.0/24
C 12.1.3.0/24
show isis topology
RP/0/RSP0/CPU0:loki#show isis topology
IS-IS 7 paths to IPv4 Unicast (Level-1) routers

System Id Metric Next-Hop Interface SNPA
gsr7-admin 10 gsr7-admin Gi0/4/0/3 0005.dd32.5000
GSR2 10 GSR2 Gi0/4/0/2 0050.2abe.8dfa
GSR2 10 GSR2 Gi0/4/0/1 0050.2abe.8df9
GSR1 --
IS-IS 7 paths to IPv4 Unicast (Level-2) routers

gsr7-admin 10 gsr7-admin Gi0/4/0/3 0005.dd32.5000
GSR2 10 GSR2 Gi0/4/0/2 0050.2abe.8dfa
GSR2 10 GSR2 Gi0/4/0/1 0050.2abe.8df9
GSR1 --
Address Family Specific Configuration Modes
router static
0.0.0.0/0 7.1.9.1
7.7.7.77/32 7.1.9.1
8.8.8.1/32 GigabitEthernet0/5/0/1.101
8.8.8.1/32 GigabitEthernet0/5/0/1.102
8.8.8.2/32 5.1.1.2
8.8.8.2/32 5.2.1.2
2.0.0.0/24 GigabitEthernet0/0/0/13 5.5.5.5 bfd fast-detect
!
router static address-family ipv6 unicast
2001:01b2:8e23::/48 2001:1:1::1
…
vrf foo
23.0.0.0/8 3.3.3.3
•  Key Concepts
•  Configuration Basics
•  Configuration Templates
•  Monitoring BGP
•  Address Families
Configure separately
Must be initialized
•  Neighbor Based Configuration
•  Configuration Templates
Neighbor Group
Session Group
Address Family Group
•  Route Policy Language

Note: Not BGP Specific
•  Most configuration is address family specific
•  Must be initialized under bgp global configuration
router bgp 600
address-familty ipv6 unicast
•  Configuration for all of an AF (but not neighbors) is under the AF

router bgp
address family ipv4 unicast
maximum-path ibgp 8
network 5.5.0.0/16
•  Additional configuration under neighbor mode or neighbor + AF

router bgp 600
neighbor 5.5.5.5
remote-as 1
route-policy filter_peers in
  IPv4 unicast
  IPv4 labeled unicast
  IPv4 multicast
  IPv4 tunnel
  VPNv4 unicast
  IPv4 MDT
  IPv6 unicast
  IPv6 multicast
  IPv6 labeled unicast
  VPNv6 unicast
  l2vpn vpls-vpws
Minimal Configuration
•  Assign BGP AS Number

•  Initialize an address family
•  Create a neighbor
•  Assign a remote AS
•  Enable an address family within the neighbor
•  Apply filters in and out on EBGP peers (not required for IBGP)
router bgp 100

!
neighbor 1.1.1.1
remote-as 200
route-policy filter-in in
route-policy filter-out out
http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.2/routing/configuration/guide/b_routing_cg42crs_chapter_01.html
router bgp 1
nsr
!
bgp router-id 32.12.123.137
address-family ipv4 unicast neighbor 183.2.3.2
address-family vpnv4 unicast remote-as 64900
neighbor 22.125.3.87 bfd fast-detect
remote-as 2144 bfd multiplier 4
description dummy-desc-100 bfd minimum-interval 100
update-source Loopback0 address-family ipv4 unicast
address-family ipv4 unicast send-community-ebgp
route-policy PASS in route-policy big-filter in
route-policy PASS out route-policy bock-martians out
next-hop-self as-override
! send-extended-community-ebgp
address-family vpnv4 unicast
route-policy PASS in vrf V88431:ABCD_GR_0
route-policy PASS out rd 8134:33431
next-hop-self address-family ipv4 unicast
! maximum-paths ebgp 6
neighbor 222.231.0.89 dynamic-med interval 1
remote-as 8151 redistribute connected route-policy dummy-pol
description dummy-descr-8 redistribute static
update-source Loopback0 vrf costa-rica
address-family ipv4 unicast rd 321:1
route-policy PASS in address-family ipv4 unicast
route-policy PASS out redistribute connected
next-hop-self !
! vrf Juarez:aaab-GS_1
address-family vpnv4 unicast rd 811:32222
route-policy PASS in address-family ipv4 unicast
route-policy PASS out maximum-paths ebgp 6
next-hop-self dynamic-med interval 1
! redistribute connected route-policy block-venus
vrf aruba redistribute static
rd 8231:1 !
address-family ipv4 unicast neighbor 2.1.21.4
redistribute connected remote-as 64900
! bfd fast-detect
vrf 9111:DEFG_0 bfd multiplier 4
rd 82:321 bfd minimum-interval 100
address-family ipv4 unicast address-family ipv4 unicast
maximum-paths ebgp 6 send-community-ebgp
dynamic-med interval 1 route-policy special-policy in
redistribute connected route-policy dummy-policy route-policy set-med out
redistribute static as-override
© 2012 Cisco and/or its affiliates. All rights reserved. send-extended-community-ebgp Cisco Confidential 71
af-group, session-group, and neighbor-group
•  Templates enable efficient configuration
•  Not required for run-time efficiency

Update groups are automatic
Software will find neighbors with duplicate configurations and group together for updates
•  use keyword to inherit from group
•  Hierarchy is supported
Reusable template for Address Family specific parameters
router bgp 1000 router bgp 1000

! !
neighbor 1.1.1.1 af-group wolfpack address-family ipv4 unicast
remote-as 100 route-policy foo in
address-family ipv4 unicast maximum-prefix 50000 75
route-policy foo in route-policy bar out
maximum-prefix 50000 75 capability orf prefix both
route-policy bar out remove-private-AS
capability orf prefix both !
remove-private-AS neighbor 1.1.1.1
! remote-as 200
neighbor 2.2.2.2 address-family ipv4 unicast
remote-as 200 use af-group wolfpack
address-family ipv4 unicast !
route-policy foo in neighbor 2.2.2.2
maximum-prefix 50000 75 remote-as 200
route-policy bar out address-family ipv4 unicast
capability orf prefix both use af-group wolfpack
remove-private-AS !
! neighbor 3.3.3.3
neighbor 3.3.3.3 remote-as 200
remote-as 300 address-family ipv4 unicast
address-family ipv4 unicast use af-group wolfpack
route-policy foo in
maximum-prefix 50000 75
route-policy bar out
capability orf prefix both
remove-private-AS
Reusable template for Address Family independent parameters

address-family ipv4 multicast address-family ipv4 multicast
! !
neighbor 8.1.1.1 session-group ibgp
remote-as 100 remote-as 100
password encrypted 0310541B150A225E4B1D password encrypted 0310541B150A225E4B1D
update-source Loopback0 update-source Loopback0
use af-group wolfpack neighbor 8.1.1.1
address-family ipv4 multicast use session-group ibgp
use af-group deacons address-family ipv4 unicast
! use af-group wolfpack
neighbor 8.1.1.2 address-family ipv4 multicast
remote-as 100 use af-group deacons
password encrypted 0310541B150A225E4B1D !
update-source Loopback0 neighbor 8.1.1.2
address-family ipv4 unicast use session-group ibgp
use af-group wolfpack address-family ipv4 unicast
address-family ipv4 multicast use af-group wolfpack
use af-group deacons address-family ipv4 multicast
! use af-group deacons
neighbor 8.1.1.3 !
remote-as 100 neighbor 8.1.1.3
password encrypted 0310541B150A225E4B1D use session-group ibgp
update-source Loopback0 address-family ipv4 unicast
address-family ipv4 unicast use af-group wolfpack
use af-group wolfpack address-family ipv4 multicast
address-family ipv4 multicast use af-group deacons
use af-group deacons
Reusable template for both AF and session parameters

! !
neighbor 8.1.1.1 neighbor-group cavs
remote-as 100 remote-as 100
password encrypted 01110A0553 password encrypted 01110A0553
update-source Loopback0 update-source Loopback0
route-policy foo in route-policy foo in
maximum-prefix 50000 75 maximum-prefix 50000 75
route-policy bar out route-policy bar out
capability orf prefix both capability orf prefix both
! !
neighbor 8.1.1.2 neighbor 8.1.1.1
remote-as 100 use neighbor-group cavs
password encrypted 01110A0553 !
update-source Loopback0 neighbor 8.1.1.2
address-family ipv4 unicast use neighbor-group cavs
route-policy foo in !
maximum-prefix 50000 75 neighbor 8.1.1.3
route-policy bar out use neighbor-group cavs
!
neighbor 8.1.1.3
remote-as 100
password encrypted 01110A0553
update-source Loopback0
route-policy foo in
•  Groups may call other template groups
use keyword within group configuration mode
•  Inheritance only from appropriate types

•  Topmost value used if variable set more than once
Neighbor Groups
inherit from all types
AF Group Session Group Neighbor Group
AFG AFG SG SG SG NG
AFG SG AFG SG
•  show bgp summary
•  show bgp ipv4 unicast summary
•  show bgp vpnv4 unicast summary
•  show bgp neighbors <IP> configuration
RP/0/RSP0/CPU0:loki#show bgp summary
BGP router identifier 2.2.2.2, local AS number 12
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 5
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

Speaker 5 5 5 5 5
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.1 0 12 20 21 5 0 0 00:16:15 1
11.1.2.7 0 7 26 24 5 0 0 00:17:38 1
RP/0/RSP0/CPU0:loki#show bgp ipv4 unicast summary

Speaker 3 3 3 3 3
1.1.1.1 0 12 8 8 3 0 0 00:04:42 1
11.1.2.7 0 7 11 8 3 0 0 00:06:04 1
RP/0/RSP0/CPU0:loki#show bgp vpnv4 unicast summary
Process Id RecvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

Speaker 1 1 1 0 0 0
Speaker 2 2115 2115 0 0 1595
bRIB 3 68541 68541 68541 68541 68541

11.0.4.2 2 1 1019 1180 1595 0 0 01:09:10 5
RP/0/RSP0/CPU0:loki#show bgp vrf t1 summary
BGP VRF t1, state: Active
BGP Route Distinguisher: 10.0.0.1:0
Process Id RecvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

Speaker 1 1 1 0 0 0
Speaker 2 2115 2115 0 0 1595

11.0.3.2 2 1001 1025 1023 1595 0 0 01:10:48 5
Where (direct or templates) did the final config come from?
RP/0/RSP0/CPU0:loki#show bgp neigh 4.4.4.4 configuration

neighbor 4.4.4.4
remote-as 701 [s:bar]
timers 10 30 []
address-family IPv4 Unicast []
maximum-prefix 50000 75 [a:n-group-alpha]
remove-private-AS [a:n-group-alpha]
soft-reconfiguration inbound always [a:n-group-alpha]
allowas-in 3 [a:n-group-alpha a:cayman]
•  Policy required on eBGP connections
•  Maximum limits by default to provide protection
4000 peers (up to 15000 via bgp max neighbor)
Prefixes per peer per AF (more via max-prefix)
512K (524,288) prefixes for IPv4 unicast.
128K (131,072) prefixes for IPv4 multicast.
128K (131,072) prefixes for IPv6 unicast.
128K (131,072) prefixes for IPv6 multicast
512K (524,288) prefixes for VPNv4 unicast
512K (524,288) prefixes for VPNv6 unicast
•  Programming Language
•  Used to filter routing information

Remove routes
Change attributes
•  Common tool for XR applications

BGP policy and show commands
IGPs
•  Replaces route maps (and more!)
•  Scalable – fewer CLI lines, improved clarity
Control Flow Sets Using RPL
if, then, else Named vs. Inline Attach Points
Boolean Types BGP
Order of Ops AS Path Process
Compound Prefix Neighbor
Community VPN
Hierarchy
Extended Com Show CMDs
Parameters
VPN RD IGP
Actions
Default
Pass
Redistribution
Drop
Set Show Commands
Basic Control Flow
If, then, else, elseif, endif…
•  Basic conditional statement
if as-path in as-path-set-1 then

drop
endif
•  Branching options
if med eq 150 then
set local-preference 10
elseif med eq 200 then
else
endif
Keyword to
•  Basic conditional statement access object
if as-path in as-path-set-1 then

drop
endif Action Named Set
•  Branching options Comparison operator
if med eq 150 then

elseif med eq 200 then
else
endif
Nested Conditionals
•  If statements within other if/elseif/else statements
•  Nesting can be any depth

Inline Set
if community matches-every(12:34, 56:78) then

if med eq 8 then
drop
endif
endif
Boolean (Logical) Operations
•  Comparison operators are context sensitive

Semantic check not done until RPL policy use is committed
•  Supported Operators - Not, And, & Or (in order of precedence)
RP/0/1/0:pod1(config-rpl)#if med eq 42 and next-hop in (1.1.1.1) then
•  Compound operators are supported

Parentheses may be used to override order of operations
Parentheses also useful to aid clarity Blue, then Green, then Black
med eq 10 and not destination in (10.1.3.0/24) or community is (56:78)
med eq 10 and (not destination in (10.1.3.0/24) or community is (56:78 ))
apply keyword to call other policies
route-policy one
set weight 100
end-policy
route-policy two
set med 200
end-policy
route-policy three
apply two
set community (2:666)
additive
end-policy
route-policy four
apply one
apply three
pass
end-policy
List of policy parameters
route-policy one ($med)
set med $med
end-policy
Accessing the
route-policy two passed parameter
apply one (10)
end-policy Calling policy with
parameter
route-policy three ($med,$origin)
set med $med
set origin $origin
end-policy
route-policy four
apply three (10, incomplete)
Multiple parameters
end-policy
RPL Actions
Define action (default is drop) and may affect control flow
•  Pass – prefix allowed if not later dropped

pass grants a ticket to defeat default drop
Execution continues after pass
•  Set – value changed, prefix allowed if not later dropped
Any set grants a ticket to defeat default drop
Execution continues after set
Values can be set more than once
Only original value is used in comparisons
•  Done – prefix allowed, stop execution
•  Drop – prefix is discarded immediately
Explicit drop stops policy execution
Implicit drop (if policy runs to end without getting a ticket)
BGP Attribute RPL Attribute RPL Operation
next-hop source pass / drop
weight destination suppress-route
local-preference route-type unsuppress-route
med rib-has-route length, unique-length
origin traffic-index set
as-path Dampening apply
community label If, then
ext community tag else, elseif
rd and, or, not
eq, neq, le, gt
in, is
ios-regex
•  All comparisons performed on original value
Values set by RPL policy are not used downstream
•  Only if/then/else control flow

No loops
No switch/case statements
•  No limit on number of parameters
•  Define values to compare route object against
AS Path
Prefix
Community
Extended Community
•  Values separated by commas
•  May be Named or Inline
Named and Inline Set Example
Same behavior
as-path-set named_set
ios-regex '_42$',
ios-regex '_127$'
end-set
route-policy use_named
if as-path in named_set then
pass
else
drop
endif
end-policy
route-policy use_inline
if as-path in (ios-regex '_42$', ios-regex '_127$') then
pass
else
drop
endif
end-policy
Prefix Set
Match object IP address & mask
•  Address
•  Mask Length
•  Min and Max matching length
prefix-set galaga
171.68.118.0/24,
192.168.0.0/16 ge 16 le 30
end-set
AS Path Set
Match BGP AS Path
•  Regular expression matching only
as-path-set aset1
ios-regex ’_42$’,
ios-regex ’_127$’
end-set
Community Set
Match BGP Community
•  Match by value, wildcard, or regular expression

•  2 16 bit values separated by colons
•  Support for common community keywords

internet
local-AS
no-advertise
no-export
private-as
community-set cset1
12:34,
12:78,
internet
end-set
Extended Community Set
Match BGP Extended Community
•  3 types
BGP Route Target
EIGRP Cost
BGP Site of Origin
•  Syntax depends on type
extcommunity-set rt rt_ext
5.5.5.5:32,
6.3.2.1:323,
4322:3244
end-set
Route Distinguisher Set
Match VPN RDs
•  For matching IPv4 VPN addresses
rd-set rd-set
10.0.0.0/8:*,
10.0.0.0/8:777,
10.0.0.0:*,
10.0.0.0:777
end-set
Using RPL - Attach Points
•  Attach points connect policies to things that use them

BGP neighbor policy (most common)
IGP redistribution
Show commands
Many others
•  Focus on common BGP attach points (in this prezo)
Attach Point - Policy for EBGP Peers
Required for route EBGP prefix exchange
router bgp 1000

!
neighbor-group titans
remote-as 100
password encrypted 01110A0553
route-policy foo in
show rpl route-policy [attachpoint]
Display policy and its users
RP/0/RP0/CPU0:CRS#show rpl route-policy foo
route-policy foo
pass
end-policy
RP/0/RP0/CPU0:CRS#show rpl route-policy foo attachpoints
BGP Attachpoint: Neighbor
Neighbor/Group type afi/safi in/out vrf name

--------------------------------------------------
cavs nbr IPv4/uni in default
show bgp policy route-policy <name>
Only display prefixes matching policy – filter show command
RP/0/0/1:XR#show bgp route-policy sample

Dampening enabled
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.13.0.0/16 192.168.40.24 0 1878 704 701 200 ?
* 10.16.0.0/16 192.168.40.24 0 1878 704 701 i
Editing RPL
RPL is the only part of config that can be changed in editor
RP/0/RP1/CPU0:Mets#edit route-policy remove_bootnet ?

emacs to use Emacs editor
nano to use nano editor
vim to use Vim editor
<cr>
route-policy remove_bootnet
if destination in (223.255.254.254, 223.255.254.253) then
drop
else
pass
endif
end-policy
!
[ Read 8 lines ]
^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text^T To Spell
prefix-set AAAA route-policy IIII-IN
83.0.0.0/11 if destination in CCCC-deny-in or as-path length ge 50 then
end-set drop
! elseif destination in DDDD-permit-in then
prefix-set BBBB if as-path in aset150 then
0.0.0.0/0 le 24 drop
end-set elseif as-path in (ios-regex '^20423_') then
! if community matches-any (5511:70) then
prefix-set CCCC-deny-in set local-preference 70
0.0.0.0/0 le 7, elseif community matches-any (5511:80) then
10.0.0.0/8 le 32, set local-preference 80
81.22.116.0/21 le 32, elseif community matches-any (5511:90) then
169.114.0.0/16 le 32, else
18.31.147.0/24 le 32, endif
20.140.11.0/24 le 32, set community (55:540, 55:512, 5211:989) additive
20.171.214.0/24 le 32, endif
224.0.0.0/3 le 32 endif
end-set end-policy
!
prefix-set DDDD-peer-permit-in route-policy JJJJ-in
0.0.0.0/0 le 24 if destination in ebgp-peer-deny-in or as-path length ge 50 then
end-set drop
! elseif destination in ebgp-peer-permit-in then
prefix-set ebgp-EEEE-permit-in if as-path in aset160 then
0.0.0.0/0 le 32 drop
end-set elseif as-path in (ios-regex '^174_') then
! set med 100
prefix-set FFFF set local-preference 85
80.0.0.0/11 le 32 set community (5511:666, 5511:700)
end-set endif
! endif
as-path-set GGGG end-policy
ios-regex '^3775_'
end-set
!
as-path-set HHHH
ios-regex '_(6449[6-9]|64[5-9][0-9][0-9])_',
ios-regex '_(65[0-4][0-9][0-9]|655[0-2][0-9]|6553[0-5])_',
ios-regex '_3316_',
ios-regex '_1239_',
ios-regex '_172_'
end-set
IOS-XR IPv6 Routing
Agenda – Native IPv6
Operation
•  Enable IPv6
•  Neighbor Discovery (ND)
Enable v6 Stack
•  IPv6 and/or IPv4 stack selectively enabled allowing applications to
talk over v4 or v6 transport
•  XR CLI groups features within the respective v4/v6 address family to
simplify and structure intf + protocol configs
interface GigE0/0/1/0
ipv4 address x.x.x.x/x
•  AF specific CLI syntax ipv6 address X::X/X
!
RP/0/RP0/CPU0:r# sh ipv6 interface ipv6 address X::X/X
RP/0/RP0/CPU0:r# sh ipv4 interface !
IPv6 Enabled router isis IGP
Application address-family ipv4 unicast
GigE0/0/1/0 address-family ipv6 unicast
!
TCP UDP v4 v6 address-family ipv6 unicast
!
IPv4 IPv6 v6 v4 !
interface PoS0/1/0/0
0x0800 0x86dd address-family ipv4 unicast
!
Data Link (Ethernet) POS0/1/0/0 !
GigE0/0/2/0
•  ‘ipv6 address’ command activates IPv6 processing and forwarding
(IOS cmd ‘ipv6 unicast-routing’ NOT required in XR)
ipv6 address 2001:0420:100::1/64
•  Applying global v6 address(es) automatically configures a link-local

address
•  v6-enabled interface automatically joins required multicast groups for
that link:
Fixed Scope Multicast Addresses
FF02::1 All Nodes Address [RFC4291]

FF02::2 All Routers Address [RFC4291]
FF02::5 OSPFIGP [RFC2328,Moy]
FF02::6 OSPFIGP Designated Routers [RFC2328,Moy]
FF02::A EIGRP Routers [Farinacci]
FF02::1:FFXX:XXXX Solicited-Node Address [RFC4291]

http://www.iana.org/assignments/ipv6-multicast-addresses
Keeps existing int IPv6 address
across new address IPv6 Loopback w/128 mask
configurations. v6
IPv6 p2p link w/126 mask
!
ipv6 conflict-policy static GigE0/0/2/0
! Host ID derived from MAC
interface Loopback6
ipv6 address 2001:0420:100:0::1/128 Prefix not advertised by
! ND
mtu 1214
ipv6 address 2001:0420:100:A::1/64 valid/preferred lifetime
enables seamless host
ipv6 address 2001:0420:100:B:B::1/126 renumbering (old-depreciated
ipv6 address 2001:0420:100:C::/64 eui-64 prefix w/ liftime decreased
ipv6 nd prefix 2001:0420:100:A::/64 no-adv to zero)
ipv6 nd prefix 2001:0420:100:B:B::/64 300 300
ipv6 nd prefix 2001:0420:100:C::/64 no-autoconfig
ipv6 nd reachable-time 1500
Indicates to hosts that
ipv6 nd dad attempts 0 specified prefix cannot be used
! for IPv6 autoconfiguration.
Disable DAD on p2p link
Tuning of Neighbor Unreachability Detection

Can you spot the mistake ? (NUD) used to detect failure of neighbor
node by probing w/ NS messages
RP/0/RP0/CPU0:R11(config-if)#mtu 1240
RP/0/RP0/CPU0:R11(config-if)#comm
v6
LC/0/0/CPU0:Mar 25 16:50:58.376 : ipv6_ma[158]: %IP-IPV6_MA-3-

ERR_MTU : The link MTU is below the minimum IPv6 link MTU (1280). GigE0/0/2/0
IPv6 may not work correctly on this interface. 86:
GigabitEthernet0/0/2/0
  RFC2460 specifies minimum link MTU

for IPv6 is 1280 octets (vs. 68 for IPv4)
  End-stations expected to perform Path
MTU Discovery (PMTU) or omit PMTU
and keep all packets ≤ 1280 octets
  hop-by-hop option supports
“jumbograms” up to 232 octets of
payload (normal payload up to 216 w/
16-bit length field)
  Use IPv6 Fragment header to fragment
the packet at the source and have it
reassembled at the destination.
  1500 or greater recommended to
accommodate possible encapsulations
RP/0/RP0/CPU0:R11# sh ipv6 int gig 0/0/2/0
GigabitEthernet0/0/2/0 is Up, line protocol is Up, Vrfid is default v6

(0x60000000)
IPv6 is enabled, link-local address is fe80::21a:6dff:fe79:9e71
Global unicast address(es): GigE0/0/2/0
2001:420:100:c:21a:6dff:fe79:9e71, subnet is 2001:420:100:c::/64
2001:420:100:a::1, subnet is 2001:420:100:a::/64
2001:420:100:b:b::1, subnet is 2001:420:100:b:b::/126
Joined group address(es):
ff02::1:ff00:1 Global Scope
ff02::1:ff79:9e71 Link-local Scope
ff02::2
ff02::1 Joined MC Groups:
MTU is 1514 (1500 is available to IPv6) FF02::1 All Nodes Address
ICMP redirects are disabled FF02::2 All Routers Address
FF02::1:FFXX:XXXX Solicited-Node Address(es)
ICMP unreachables are enabled
ND DAD is disabled, number of DAD attempts 0
ND reachable time is 1500 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Outgoing access list is not set
Inbound access list is not set
What‘s the interface MAC address ?
RP/0/RP0/CPU0:R11# sh ipv6 int gig 0/0/2/0
GigabitEthernet0/0/2/0 is Up, line protocol is Up, Vrfid is default v6

(0x60000000)
IPv6 is enabled, link-local address is fe80::21a:6dff:fe79:9e71
Global unicast address(es): GigE0/0/2/0
2001:420:100:c:21a:6dff:fe79:9e71, subnet is 2001:420:100:c::/64
2001:420:100:a::1, subnet is 2001:420:100:a::/64
2001:420:100:b:b::1, subnet is 2001:420:100:b:b::/126
Joined group address(es): IPv6 Host ID (64-bit)
ff02::1:ff00:1
02 1a 6d FF FE 79 9e 71
ff02::1:ff79:9e71
ff02::2
U-Bit flip 00000000 FF FE EUI-Identifier
ff02::1
MTU is 1514 (1500 is available to IPv6)
ICMP redirects are disabled
00 1a 6d 79 9e 71
ICMP unreachables are enabled MAC (48-bit)
ND DAD is disabled, number of DAD attempts 0
ND reachable time is 1500 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Outgoing access list is not set
RP/0/RP0/CPU0:R11# sh int gig 0/0/5/0
Inbound access list is not set GigabitEthernet0/0/5/0 is up, line protocol is up
Interface state transitions: 378
Hardware is GigabitEthernet, address is 001a.
6d79.9e71 (bia 001a.6d79.9e71)
ND neighbor cache
entries
RP/0/RP0/CPU0:R11# sh ipv6 neighbor

IPv6 Address Age Link-layer Addr State Interface
2001:420:100:a::2 4 001a.a1b8.3764 DELAY Gi0/0/2/0 v6
2001:420:100:b:b::2 6 001a.a1b8.3764 DELAY Gi0/0/2/0
2001:420:100:c:21a:a1ff:feb8:3764 1 001a.a1b8.3764 REACH Gi0/0/2/0
fe80::21a:a1ff:feb8:3764 3 001a.a1b8.3764 DELAY Gi0/0/2/0
[Mcast adjacency] - 0000.0000.0000 REACH Gi0/0/2/0 GigE0/0/2/0
RP/0/RP0/CPU0:R11# sh ipv6 traffic

IPv6 statistics: IPv6 Traffic statistics
Rcvd: 4897 total, 0 local destination
0 source-routed, 0 truncated
0 format errors, 0 hop count exceeded
0 bad header, 0 unknown option, 7 bad source
0 unknown protocol
0 fragments, 0 total reassembled
0 reassembly timeouts, 0 reassembly failures
0 reassembly max drop
Sent: 5010 generated, 0 forwarded
0 fragmented into 0 fragments, 0 failed
0 no route, 0 too big
Mcast: 428 received, 278 sent
Miscellaneous drops: 0
Neighbor Discovery ICMP statistics:
Rcvd: 0 router solicit, 206 router advert, 0 redirect
3314 neighbor solicit, 1362 neighbor advert
Sent: 0 router solicit, 240 router advert, 0 redirect
1398 neighbor solicit, 3307 neighbor advert
RP/0/RP0/CPU0:R11# sh interfaces gig 0/0/5/0 accounting

Protocol Pkts In Chars In Pkts Out Chars Out
IPV6_UNICAST 14001 1206302 13987 1012451
IPV6_MULTICAST 826 125732 749 99760
IPV6_ND 14486 1285836 14564 1094456 Cisco Confidential 117
© 2012 Cisco and/or its affiliates. All rights reserved.
•  Global IPv6 Reachability: v6
RP/0/RP0/CPU0:R11# ping 2001:420:100:a::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:420:100:a::2, timeout is 2 seconds: GigE0/0/2/0
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/4 ms
•  Directly connected IPv6 hosts “talk” on link local addresses (FE80::/10)
•  Output interface must be specified:

RP/0/RP0/CPU0:R11#sh ipv6 int brief
RP/0/RP0/CPU0:R11# ping fe80::21a:a1ff:feb8:3764
Output Interface: Gi0/0/2/0 GigabitEthernet0/0/2/0 [up/up]
Type escape sequence to abort. fe80::21a:6dff:fe79:9e71
Sending 5, 100-byte ICMP Echos to fe80::21a:a1ff:feb8:3764, Loopback6
timeout is 2 [up/up]
seconds: fe80::21a:6dff:fe79:9e71
!!!!! Tunnel0 [up/up]
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms
fe80::21a:6dff:fe79:9e71
Same fe80::/10 prefix on all interfaces!
Neighbor Discovery
(ICMPv6 ND RFC2461)
v6 v6
v6 v6
•  ICMPv6 Neighbor Discovery (ND) uses ICMP messages and

solicited-node multicast addresses for:
Link-layer address resolution (no ARP, no BC)
Network Unreachable Detection (NUD)
Duplicate Address Detection (DAD)
Stateless host address auto-configuration
•  Five ICMPv6 Message Types:

Router Solicitation (133) / Router Advertisements (134)
Neighbor Solicitation (135) / Neighbor Advertisements (136)
Redirect (137)
RA!
v6 v6
RP/0/RP0/CPU0:R11(config)# do debug ipv6 nd events
RP/0/RP0/CPU0:R11(config)# int gig 0/0/2/0

GigE0/0/2/0
RP/0/RP0/CPU0:R11(config-if)# no shut
RP/0/RP0/CPU0:R11(config-if)# commit
LC/0/0/CPU0:Mar 26 14:22:26.341 : ipv6_nd[160]: Sending RA to ff02::1 on GigabitEthernet0/0/2/0

LC/0/0/CPU0:Mar 26 14:22:26.343 : ipv6_nd[160]: MTU = 1500
LC/0/0/CPU0:Mar 26 14:22:26.344 : ipv6_nd[160]: Advertsing prefix = 2001:420:100:a::/64, flags: 1005
LC/0/0/CPU0:Mar 26 14:22:26.344 : ipv6_nd[160]: Skipped prefix, flags: 1005
LC/0/0/CPU0:Mar 26 14:22:26.346 : ipv6_nd[160]: Advertsing prefix = 2001:420:100:b::/64, flags: 4
LC/0/0/CPU0:Mar 26 14:22:26.346 : ipv6_nd[160]: prefix = 2001:420:100:b::/64 onlink autoconfig
LC/0/0/CPU0:Mar 26 14:22:26.347 : ipv6_nd[160]: 300/300 (valid/preferred)
LC/0/0/CPU0:Mar 26 14:22:26.347 : ipv6_nd[160]: Advertsing prefix = 2001:420:100:b:b::/126, flags: 401
LC/0/0/CPU0:Mar 26 14:22:26.348 : ipv6_nd[160]: prefix = 2001:420:100:b:b::/126 onlink autoconfig
LC/0/0/CPU0:Mar 26 14:22:26.348 : ipv6_nd[160]: Advertsing prefix = 2001:420:100:c::/64, flags: 5
LC/0/0/CPU0:Mar 26 14:22:26.349 : ipv6_nd[160]: prefix = 2001:420:100:c::/64 onlink
LC/0/0/CPU0:Mar 26 14:22:26.366 : ipv6_nd[160]: IPv6 ND: Received packet

LC/0/0/CPU0:Mar 26 14:22:26.408 : ipv6_nd[160]: Received ICMPv6 packet from fe80::21a:a1ff:feb8:3764,
type 134 (ND_ROUTER_ADVERT)
LC/0/0/CPU0:Mar 26 14:22:26.408 : ipv6_nd[160]: Received RA from fe80::21a:a1ff:feb8:3764 on
MC
NS! FF02::1:FFb8:3764
v6 UC v6
FE08::21a:6dff:fe79:9e71 NA!
2001:420:100:c:21a:a1ff:feb8:3764
RP/0/RP0/CPU0:R11# debug ipv6 nd events MAC ?
RP/0/RP0/CPU0:R11# ping 2001:420:100:c:21a:a1ff:feb8:3764
LC/0/0/CPU0:Mar 26 16:36:16.249 : ipv6_nd[160]:Sending NS for 2001:420:100:c:21a:a1ff:feb8:3764 to

ff02::1:ffb8:3764 from 2001:420:100:c:21a:6dff:fe79:9e71 on GigabitEthernet0/0/2/0
LC/0/0/CPU0:Mar 26 16:36:16.272 : ipv6_nd[160]: Received NA for 2001:420:100:c:21a:a1ff:feb8:3764

on GigabitEthernet0_0_5_0 from 2001:420:100:c:21a:a1ff:feb8:3764 with dest 2001:420:100:c:21a:
6dff:fe79:9e71
LC/0/0/CPU0:Mar 26 16:36:16.272 : ipv6_nd[160]:
ipv6_nd_receive_na(): Copying link-layer option into lla_addr.
RP/0/RP0/CPU0:R11#sh ipv6 neighbors 2001:420:100:c:21a:a1ff:feb8:3764

IPv6 Address Age Link-layer Addr State Interface
2001:420:100:c:21a:a1ff:feb8:3764 18 001a.a1b8.3764 REACH Gi0/0/5/0
Agenda – Native IPv6
Unicast Routing
•  OSPFv3 (RFC5340)
•  IS-IS (RFC5120/RFC5308)
•  MP-BGP4 (RFC4760/2545)
OSPFv3
(RFC5340)
  OPSFv3 & v2 are indpendent processes that run concurrently
and operate as ships in the night
  OSPFv3 based on v2 w/ enhancements1):
  Neighbor discovery & adjacency formation mechanisms are
identical
  Same interface types: P2P, P2MP, Broadcast, NBMA, Virtual
  LSA flooding and aging mechanisms are identical
  Nearly identical LSA types w/ two new types in addition
  Same 5 packet types w/ some fields changed
  Runs directly over IPv6 (port 89)
1) http://tools.ietf.org/html/rfc5340#page-5
  Link-LSA (LSA Type 0x2008) link-local flooding scope:
1.  Carries v6 link local address used for NH calculation
2.  Advertise v6 global address to routers on the link (multi-access link)
3.  Convey router options to DR on the link
RP/0/2/CPU0:R12# sh ospfv3 dat link
RP/0/2/CPU0:R12# sh ospfv3 dat dat
OSPFv3 Router with ID (144.254.100.2)
(Process ID 100)
OSPFv3 Router with ID (144.254.100.2) (Process ID 100)
Link (Type-8) Link States (Area 0)
Area 0 database summary
LSA Type Count Delete Maxage Checksum
LS age: 288
Router 2 0 0 0xefed
Options: (V6-Bit E-Bit R-Bit DC-Bit)
Network 1 0 0 0x71a6
LS Type: Link-LSA (Interface: GigabitEthernet0/1/0/0)
Link 3 0 0 0x162ba
Link State ID: 13 (Interface ID)
Prefix 3 0 0 0x174ff
Inter-area Prefix 2 0 0 0x10abc
LS Seq Number: 80000007
Inter-area Router 0 0 0 0x0
Checksum: 0x6e2a
Type-7 Ext 0 0 0 0x0
Length: 64
Grace 0 0 0 0x0
Router Priority: 1
Unknown Link 0 0 0 0x0
Link Local Address: fe80::21a:6dff:fe79:9e71
Unknown Area 0 0 0 0x0
Number of Prefixes: 1
Subtotal 11 0 0 0x54408
Prefix Address: 2001:420:100:a::
Prefix Length: 126, Options: None
  Intra-Area-Prefix-LSA (LSA Type 0x2009) area flooding scope:
Carries all IPv6 prefix information that in OSPVv2 is included in
Router-LSAs and Network-LSAs (Link-Local addresses NOT
included)
RP/0/2/CPU0:R12#sh ospfv3 dat prefix
RP/0/2/CPU0:R12# sh ospfv3 dat dat OSPFv3 Router with ID (144.254.100.2)

(Process ID 100)
OSPFv3 Router with ID (144.254.100.2) (Process ID 100)
Intra Area Prefix Link States (Area 0)
Area 0 database summary
LSA Type Count Delete Maxage Routing
ChecksumBit Set on this LSA
Router 2 0 0 0xefed
LS age: 684
Network 1 0 0 0x71a6
LS Type: Intra-Area-Prefix-LSA
Link 3 0 0 0x162ba
Link State ID: 0
Prefix 3 0 0 0x174ff
Inter-area Prefix 2 0 0 0x10abc
LS Seq Number: 80000002
Inter-area Router 0 0 0 0x0
Checksum: 0xa199
Type-7 Ext 0 0 0 0x0
Length: 52
Grace 0 0 0 0x0
Referenced LSA Type: 2001
Unknown Link 0 0 0 0x0
Referenced Link State ID: 0
Unknown Area 0 0 0 0x0
Referenced Advertising Router: 144.254.100.1
Subtotal 11 0 0 0x54408of Prefixes: 1
Number
Prefix Address: 2001:420:100:f::1
Prefix Length: 128, Options: LA , Metric: 0
v4 v6
32-bit Router-ID 32-bit Router-ID

OSPFv2 OSPFv3
router ospf 200 router ospfv3 200 High-Availability (HA)
router-id 144.254.100.1 High-Availability (HA) router-id 144.254.100.1
passive enable passive
nsf cisco enforce global graceful-restart
timers throttle lsa all 0 20 5000 timers throttle lsa all 0 20 5000
timers throttle spf 1 50 1000 timers throttle spf 1 50 1000
timers pacing flood 15 timers pacing lsa-group 15
area 0 area 0
interface Loopback0 Fast Convergence (FC) interface Loopback0 Fast Convergence (FC)
passive enable passive
! !
interface GigabitEthernet0/0/5/0 interface GigabitEthernet0/0/5/0
cost 5400 cost 5400
authentication-key encrypted <pw string> authentication ipsec spi 256 md5 <pw string>
authentication message-digest network point-to-point
network point-to-point passive disable
passive disable MD5 Authentication bfd fast-detect MD5 Authentication
bfd minimum-interval 50 bfd minimum-interval 50
bfd fast-detect bfd multiplier 3
bfd multiplier 3 !
! BFD ! BFD XR 3.8
! area 100
area 100 interface GigabitEthernet0/0/5/2
interface GigabitEthernet0/0/5/2 cost 5400
cost 5400 authentication ipsec spi 256 md5 <pw string>
authentication-key encrypted <pw string> network point-to-point
authentication message-digest passive disable
network point-to-point !
passive disable
!
v4 v6
  OSPFv2/v3 protocols and adjacencies

RP/0/RP0/CPU0:R11# sh ospfv3 nei
OSPFv3
Neighbors for OSPFv3 200
Neighbor ID Pri State Dead Time Interface ID Interface

144.254.100.2 1 FULL/ - 00:00:39 13 GigabitEthernet0/0/5/0
Neighbor is up for 00:00:48
144.254.100.4 1 FULL/ - 00:00:33 15 GigabitEthernet0/0/5/2
RP/0/RP0/CPU0:R11# sh ospf nei

OSPFv2

144.254.100.2 1 FULL/ - 00:00:32 145.254.200.2 GigabitEthernet0/0/5/0
144.254.100.4 1 FULL/ - 00:00:32 145.254.200.6 GigabitEthernet0/0/5/2
RP/0/RP0/CPU0:R11# sh protocols ipv6 ospfv3 RP/0/RP0/CPU0:R11# sh protocols ipv4 ospf
Routing Protocol OSPFv3 200 Routing Protocol OSPF 200

Router Id: 144.254.100.1 Router Id: 144.254.100.1
Distance: 110 Distance: 110
Graceful Restart: Enabled Non-Stop Forwarding: Enabled
Redistribution: None Redistribution: None
Area 0 Area 0
GigabitEthernet0/0/5/0 GigabitEthernet0/0/5/0
Loopback0 authentication md5
Area 100 Loopback0
GigabitEthernet0/0/5/2 Area 100
RP/0/RP0/CPU0:R11#sh ospfv3 int gig 0/0/5/0
AHAll Authentication
© 2012 Cisco and/or its affiliates. rights reserved. MD5, SPI 256 Cisco Confidential 129
authentication md5
v4 v6
  OSPFv3 Topology and Routes

RP/0/RP0/CPU0:R11# sh ospfv3 routes
Topology Table for OSPFv3 200 with ID 144.254.100.1
* 2001:420:100:a::/126, Intra, cost 5400/0 (stub), area 0

* 2001:420:100:b::/126, Intra, cost 5400/0 (stub), area
100
* 2001:420:100:f::1/128, Intra, cost 0/0 (stub), area 0
* 2001:420:100:f::2/128, Intra, cost 5400/0, area 0
GigabitEthernet0/0/5/0, fe80::21a:a1ff:feb8:3764 NH Link-local address
* 2001:420:100:f::4/128, Intra, cost 5400/0, area 100
GigabitEthernet0/0/5/2, fe80::21a:a1ff:feb8:39bc
RP/0/RP0/CPU0:R11# sh route ipv6 ospf
O 2001:420:100:f::2/128
[110/5400] via fe80::21a:a1ff:feb8:3764, 00:00:20,GigabitEthernet0/0/5/0
O 2001:420:100:f::4/128
[110/5400] via fe80::21a:a1ff:feb8:39bc, 00:00:19, GigabitEthernet0/0/5/2
  OSPFv2 Topology and Routes

RP/0/RP0/CPU0:R11# sh ospf routes
Topology Table for ospf 200 with ID 144.254.100.1
Codes: O - Intra area, O IA - Inter area

O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 144.254.100.1/32, metric 1
144.254.100.1, directly connected, via Loopback0
O 144.254.100.2/32, metric 5401
145.254.200.2, from 144.254.100.2, via GigabitEthernet0/0/5/0
...
Multi-Topology IS-IS
(RFC5120)
  Single-Topology (ST)1)
Potentially beneficial in saving resources (same v4/v6 SPF/topology)
Single SPF per level/area (i.e. all routers in an area must run the
same set of protocols [IPv4-only, IPv6-only, IPv4-IPv6])
Interface metric apply to both v4 and v6 CAUTION !
Adj. check could be disabled on L1 or L1/L2 [IOS-XR]: adjacency-check disable
[IOS]: no adjacency-check
links during ST v4-to-v4/6 ST migration
(no check on L2-only link by default)
  Multi-Topology (MT)2)
Independent IPv4 and IPv6 topologies
[IOS]: multi-topology [transition]
Independent v4/v6 interface config + metrics
Transition mode3) during ST v6-to-v4/v6 MT migration
(i.e. single- and multi-topology TLVs advertised/accepted)
1) RFC 5308
2) RFC 5120
3)© 2012
IOS: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-is-is.html#wp1087840
Cisco and/or its affiliates. All rights reserved. Cisco Confidential 132
  IS-IS MT default in IOS-XR with support to maintain a set of
independent topologies for:
IPv4 Unicast
IPv6 Unicast Routes from IS-IS multicast topology1) are inserted into
multicast-unicast Routing Information Base (muRIB)
IPv4 Multicast table for the corresponding address-family. PIM uses
IPv6 Multicast muRIB, i.e PIM uses routes from multicast topology
instead of unicast topology.
  New TLVs2) used to advertise neighbors and IP prefixes:

TLV-229: Multi-Topologies Identifier
TLV-222: Multi-Topologies intermediate system
TLV-235: Multi-Topologies Reachable IPv4 address
TLV-237: Multi-Topologies Reachable IPv6 address
1) http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/routing/configuration/guide/rc37isis.html#wp1261281
2)© 2012
RFC5120
Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
v4 v6
key chain ISIS interface Loopback0

key 1 passive
accept-lifetime 00:00:00 december 05 2008 address-family ipv6 unicast
infinite tag 17
key-string password cisco !
send-lifetime 00:00:00 december 05 2008 address-family ipv4 unicast
infinite tag 17
cryptographic-algorithm HMAC-MD5 !
! interface GigabitEthernet0/0/0/0
router isis IGP High-Availability (HA)
! IPv4/v6 Interface
set-overload-bit on-startup 360 circuit-type level-2-only
net 49.0800.1442.5410.0001.00 hello-password keychain ISIS
nsf cisco point-to-point
log adjacency changes address-family ipv4 unicast
AF specific metric
lsp-gen-interval maximum-wait 5000 initial- metric 140 level 2
wait 1 secondary-wait 50 mpls ldp sync
lsp-refresh-interval 65000 address-family ipv6 unicast
Fast Convergence (FC)
max-lsp-lifetime 65535 metric 200 level 2
! !
address-family ipv4 unicast interface GigabitEthernet0/1/0/0
metric-style wide ! IPv6-only Interface
spf-interval maximum-wait 7000 initial- hello-password keychain ISIS
wait 50 secondary-wait 1000 point-to-point
spf prefix-priority critical tag 17 address-family ipv6 unicast
maximum-paths 6 metric 50 level 1
! metric 200 level 2
address-family ipv6 unicast Prefix Prioritization!
metric-style wide interface GigabitEthernet0/2/0/0 MD5 Authentication
spf-interval maximum-wait 7000 initial- ! IPv4-only Interface
wait 50 secondary-wait 1000 circuit-type level-1
spf prefix-priority critical tag 17 hello-password keychain ISIS
maximum-paths 6 point-to-point
! address-family ipv4 unicast
... metric 50 level 1
mpls ldp sync
© 2012 Cisco and/or its affiliates. All rights reserved. ! Cisco Confidential 134
v4 v6
  Protocol and Topologies

RP/0/RP0/CPU0:R11#sh isis
IS-IS Router: IGP RP/0/RP0/CPU0:R11# sh isis topology
System Id: 1442.5410.0001
IS Levels: level-1-2 IS-IS IGP paths to IPv4 Unicast (Level-1) routers
Manual area address(es): System Id Metric Next-Hop Interface SNPA
49.0800 R11 --
Routing for area address(es): R12 16777214 R12 Gi0/0/5/0 *PtoP*
49.0800 R14 16777214 R14 Gi0/0/5/2 *PtoP*
Non-stop forwarding: Cisco Proprietary NSF Restart enabled
Most recent startup mode: Cold Restart IS-IS IGP paths to IPv4 Unicast (Level-2) routers
Topologies supported by IS-IS: System Id Metric Next-Hop Interface SNPA
IPv4 Unicast R11 --
Level-1 R12 16777214 R12 Gi0/0/5/0 *PtoP*
Metric style (generate/accept): Wide/Wide
ISPF status: Disabled
Level-2
RP/0/RP0/CPU0:R11# sh isis ipv6 topology
Metric style (generate/accept): Wide/Wide
IS-IS IGP paths to IPv6 Unicast (Level-1) routers
No protocols redistributed
Distance: 115
R11 --
IPv6 Unicast
R12 16777214 R12 Gi0/0/5/0 *PtoP*
Level-1
R14 16777214 R14 Gi0/0/5/2 *PtoP*
Level-2
IS-IS IGP paths to IPv4 Unicast (Level-2) routers
No protocols redistributed
R11 --
Distance: 115
R12 16777214 R12 Gi0/0/5/0 *PtoP*
Interfaces supported by IS-IS:
GigabitEthernet0/0/5/0 is running actively (active in configuration)
GigabitEthernet0/0/5/2 is running actively (active in configuration)
Loopback0 is running passively (passive in configuration)
v4 v6
  Adjacencies
RP/0/RP0/CPU0:R11# sh isis nei det
IS-IS IGP neighbors:

R12 Gi0/0/5/0 *PtoP* Up 27 L1L2 Capable
IPv4 Address(es): 145.254.200.2*
IPv6 Address(es): fe80::21a:a1ff:feb8:3764*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:43:30
R14 Gi0/0/5/2 *PtoP* Up 24 L1 Capable
IPv4 Address(es): 145.254.200.6*
IPv6 Address(es): fe80::21a:a1ff:feb8:39bc*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:47:09
  MT interfaces
RP/0/RP0/CPU0:R11# sh isis interface brief
IS-IS IGP Interfaces

Interface All Adjs Adj Topos Adv Topos CLNS MTU Prio
OK L1 L2 Run/Cfg Run/Cfg L1 L2
----------------- --- --------- --------- --------- ---- ---- --------
Gi0/0/5/0 Yes 1 1 2/2 2/2 Up 1497 - -
Gi0/0/5/2 Yes 1 - 2/2 2/2 Up 1497 - -
Lo0 Yes - - 0/0 2/2 No - - -
v4 v6
  Database and RIB

RP/0/RP0/CPU0:R11#sh isis database det
IS-IS IGP (Level-1) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R11.00-00 * 0x00000ce3 0x20ad 62236 0/0/0
Area Address: 49.0800
NLPID: 0xcc
NLPID: 0x8e
MT: Standard (IPv4 Unicast) RP/0/RP0/CPU0:R11#sh route isis
MT: IPv6 Unicast 0/0/0
Hostname: R11 i L1 144.254.100.2/32 [115/16777214] via
IP Address: 144.254.100.1 145.254.200.2, 00:59:29, GigabitEthernet0/0/5/0
IPv6 Address: 2001:420:100:f::1 i L1 144.254.100.4/32 [115/16777214] via
Metric: 16777214 IS-Extended R12.00 145.254.200.6, 01:03:06, GigabitEthernet0/0/5/2
Metric: 16777214 IS-Extended R14.00
Metric: 0 IP-Extended 144.254.100.1/32
Metric: 10 IP-Extended 145.254.200.0/30 IPv4
Metric: 10 IP-Extended 145.254.200.4/30
Metric: 10 MT (IPv6 Unicast) IS-Extended R12.00
Metric: 10 MT (IPv6 Unicast) IS-Extended R14.00
Metric: 10 MT (IPv6 Unicast) IPv6 2001:420:100:a::/126 IPv6
Metric: 10 MT (IPv6 Unicast) IPv6 2001:420:100:b::/126
Metric: 0 MT (IPv6 Unicast) IPv6 2001:420:100:f::1/128
...
RP/0/RP0/CPU0:R11#sh route ipv6 isis
i L1 2001:420:100:f::2/128
[115/10] via fe80::21a:a1ff:feb8:3764, 01:02:25,
i L1 2001:420:100:f::4/128
[115/10] via fe80::21a:a1ff:feb8:39bc, 01:06:09,
© 2012 Cisco and/or its affiliates. All rights reserved. GigabitEthernet0/0/5/2 Cisco Confidential 137
Multi-Protocol BGP
(RFC4760/2545)
  BGP-4 carries only 3 pieces of information which are truly
IPv4 specific:
1.) IPv4 Prefix (NLRI in UPDATE message)
2.) IPv4 Next-Hop (NEXT_HOP path attribute in UPDATE
message)
3.) BGP Identifier (OPEN message and AGGREGATOR attribute)
  RFC4760 defines Multiprotocol Extensions for BGP-4 (MP-

BGP) to carry routing information for other protocols (MPLS,
IPv6, etc.), i.e. protocol independent NEXT_HOP and NLRI
are inserted into optional and non-transitive attributes:
MP_REACH_NLRI – advertise reachable destination + NH
MP_UNREACH_NLRI – withdraw unreachable destination
  MP-BGP capability negotiation during session establishment
using capability parameter in OPEN message:
RP/0/RP0/CPU0:R11# sh bgp neighbors
BGP neighbor is 144.254.100.2

Remote AS 65000, local AS 65000, internal link
Remote router ID 144.254.100.2
BGP state = Established, up for 00:10:55
Last read 00:00:45, hold time is 180, keepalive interval is 60 seconds
Precedence: internet
Neighbor capabilities:
Route refresh: advertised and received
4-byte AS: advertised and received RP/0/RP0/CPU0:R11#debug bgp 2001:420:100:f::2
Address family IPv4 Unicast: advertised and received
Received 30 messages, 3 notifications, 0 in RP/0/RP0/CPU0:Apr
queue 27 16:07:11.302 : bgp[122]: [iord]:
Sent 27 messages, 0 notifications, 0 in queue
OPEN from 2001:420:100:f::2 has
Minimum time between advertisement runs is 0MULTIPROTOCOL_EXTENSION
seconds capability for afi/safi: 2/1
BGP neighbor is 2001:420:100:f::2 IPv6 Unicast

Remote AS 65000, local AS 65000, internal link
Remote router ID 144.254.100.2
BGP state = Established, up for 00:10:50
Last read 00:00:45, hold time is 180, keepalive interval is 60 seconds
Precedence: internet
Neighbor capabilities:
Route refresh: advertised and received
4-byte AS: advertised and received
Address family IPv6 Unicast: advertised and received
Received 30 messages, 3 notifications, 0 in queue
Sent 27 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 0 seconds
router bgp 65000
RP/0/RP0/CPU0:R11#sh tcp brief v4/TCP
PCB VRF-ID R-Q S-Q Local Address Foreign Address State
0x482 0x6000 0 0 145.254.200.5:34272 145.254.200.6:179 ESTAB
!
0x482 0x6000 0 0 144.254.100.1:37037 144.254.100.2:179 ESTAB
network 2001:420:100:beef::1/128
RP/0/RP0/CPU0:R11#sh bgp ipv4 all sum | b Neigh
!
Neighbor Spk AS MsgR Msg TblVer InQ OutQ Up/Down St/PfxRcd
neighbor 144.254.100.2
144.254.100.2 0 65000 237 234 1 0 0 03:37:43 0
remote-as 65000
145.254.200.6 0 65100 15 15 1 0 0 00:12:23 0
!
!
neighbor 145.254.200.6
remote-as 65100   Recommended option:
route-policy pass-all in v4/v6 Control-Plane Separation
route-policy pass-all out
!
! No NH rewrite (see ff. slides)
neighbor 2001:420:100:b::2
remote-as 65100
route-policy pass-all in
RP/0/RP0/CPU0:R11#sh tcp brief v6/TCP
PCB VRF-ID R-Q S-Q Local Address Foreign Address State
!
0x482 0x6000 0 0 2001:420:100:b::1:51474 2001:420:100:b::2:179 ESTAB
!
0x482 0x6000 0 0 2001:420:100:f::1:51980 2001:420:100:f::2:179 ESTAB
neighbor 2001:420:100:f::2
remote-as 65000
RP/0/RP0/CPU0:R11#sh bgp ipv6 all sum | b Neigh
Neighbor Spk AS MsgR MsgS TblVer InQ OutQ Up/Down St/PfxRcd
2001:420:100:b::2 0 65100 18 19 4 0 0 00:14:52 1
!
2001:420:100:f::2 0 65000 231 228 4 0 0 03:30:38 1
!
  Non-Link Local Peering using global unicast IPv6 addresses
router bgp 65000 …
! !
address-family ipv6 unicast neighbor 2001:420:100:f::2
! remote-as 65000
neighbor 2001:420:100:b::2 update-source Loopback0
remote-as 65100 address-family ipv6 unicast
!
…
  Recommended if peers are NOT directly connected

iBGP peering w/ Loopback
eBGP multihop
  For eBGP peering the global NH address is NOT changed

when advertising prefixes to iBGP peers (unless configured)
v4 v6
Neighbor-Group: AF-independent configuration grouping

Route Policy Language (RPL)
route-policy AS65100-PASS …
pass !
end-policy neighbor-group IBGPv6-RR-CLIENTS
! use session-group IBGPv6
router bgp 65000 address-family ipv6 unicast
bgp router-id 144.254.100.1 use af-group IBGPv6
bgp graceful-restart graceful-reset !
bgp graceful-restart neighbor 2001:833::1:99
nsr Prefix Advertisement use neighbor-group IBGPv6-RR-CLIENTS
! ...
network 2001:766:ffee:1::/64 neighbor 2001:934:1b:12aa::19 eBGP Inbound/
! remote-as 65100 outbund routing
af-group IBGPv6 address-family ipv6 unicast policy enforcement
password encrypted 061DDA3CE84D0C01232063D5A
next-hop-self address-family ipv6 unicast
route-reflector-client route-policy AS65100-PASS in
soft-reconfiguration inbound always route-policy AS65100-PASS out
! soft-reconfiguration inbound always
session-group IBGPv6
remote-as 65000 AF-Group: AF-specific neighbor command grouping
password encrypted 011EEE5C301C56221C644FDD18
description RR1 client
! Inbound Route-Refresh Capability (RFC2918)
Session-Group: AF-independent configuration grouping
v4 v6
  Neighbors
RP/0/5/CPU0:3A# sh bgp ipv6 unicast sum
Table ID: 0xe0800000

Speaker 2866 2866 2866 2866 2866

222:0:31::2 0 300 188 218 0 0 0 06:34:20 Active
222:255::1 0 65100 494 494 2866 0 0 08:07:51 6
222:255::2 0 65100 448 448 2866 0 0 07:21:46 6
  BGP Table
RP/0/5/CPU0:3A# sh bgp ipv6 unicast
...
* i12::/48 222.255.0.1 0 100 0 ?
*>i 222:255::1 0 100 0 ?
* i22::/48 222.255.0.2 0 100 0 ?
...
v4 v6
  Neighbor- / AF- / Session-Group

RP/0/5/CPU0:3A# sh bgp af-group IBGP_IPv6 users
IPv6 Unicast: 222:255::5 222:255::4 222:255::2 222:255::1 n:IBGP_IPv6
RP/0/5/CPU0:3A# sh bgp session-group IBGP_IPv6 configuration

session-group IBGP_IPv6
remote-as 65100 []
update-source Loopback0 []
RP/0/5/CPU0:3A# sh bgp neighbor-group IBGP_IPv6 inheritance

Session: s:IBGP_IPv6
IPv6 Unicast: a:IBGP_IPv6
RP/0/5/CPU0:3A# sh bgp neighbor-group IBGP_IPv6 users

Session: 222:255::5 222:255::4 222:255::2 222:255::1 Advertised routes after outbound policy
IPv6 Unicast: 222:255::5 222:255::4 222:255::2 222:255::1 (RPL policy preview w/
sh bgp policy route-policy command)
  Received / Advertised routes
RP/0/5/CPU0:3A# sh bgp ipv6 unicast neighbors 222:255::4 advertised-routes
Network Next Hop From AS Path
32::/48 222:255:32::2 Local ?
RP/0/5/CPU0:3A# sh bgp ipv6 unicast neighbors 222:255::4 received routes

Received routes before inbound policy
*>i42::/48 222:255::4 0 100 0 ?
*>i222:0:6::/64 222:255::4 0 100 0 ?
*>i222:0:7::/64 222:255::4 0 100 0 ?
*>i222:0:41::/64 222:255::4 0 100 0 ?
6PE – v6 Provider Edge
(RFC4798)
  v6 global connectivity over IPv4-MPLS core
  Core uses IPv4 control plane (LDPv4, TEv4, IGPv4, MP-BGP)
  v6 reachability exchanged via iBGP (MP-BGP)
  v6 packets transported inside MPLS
  v6 transit inherits benefits from v4 MPLS (e.g. FC, TE, etc.)
  PE routers must support Dual Stack / 6PE
  P routers untouched (no HW/SW/config change)
  6PE Transport Services:
Connect v6 islands over MPLS core
Transition mechanism for providing unicast IPv6 access
Coexistence mechanism for combining v4/v6 services
v6 Internet access, peer-to-peer, SP supplied v6 services
Inter-AS 6PE
  LDPv4 Label
Outer label providing connectivity to destination 6PE
  MP-BGP Label
Inner label used by egress 6PE for v6 forwarding (pop label + v6
lookup)
Referred to as ‘Aggregate IPv6 Label‘
MP-iBGP carries Length(8bit), Label(24bit) and v6 address(128bit)
AFI =2(IPv6), SAFI = 4(Labeled)
LDP Label MP-BGP Label IPv6 packet
To 10.0.0.101 To 2001:1::1 To 2001:1::1
  MP-BGP NH is a ‘Special Use’ v4 to v6 Mapped Address1)
::ffff:A.B.C.D (e.g.::ffff:141.244.100.1)
fixed v4 NH of 6PE Router
1) http://www.ietf.org/rfc/rfc4291.txt
MPLS IPv4 Core Network
6PE P P 6PE
CE v4 CE
v4/6 v4 v4 v4/6 v4/6
IPv6 16016 1048566
222.255.0.1
6PE P P 222.255.0.3
2001:DB8:100:beef::1
CE CE
v6 v4/6 v4 v4 v4/6 v6
6PE
6PE eBGP:
IPv6 Prefix (AFI2 / Sub-AFI1)
MP-iBGP: NH : IPv6 Address (A:B:C::D)
IPv6 Prefix + Label (AFI2 / Sub-AFI4)
NH : IPv4 Mapped IPv6 Address (::FFFF:a.b.c.d)
bgp[123]: Received UPDATE from 222.255.0.3 with attributes:

bgp[123]: nexthop 222.255.0.3/32, origin i, localpref 100, metric 0
bgp[123]: Received prefix 2001:db8:100:beef::1/128 with MPLS label 16016 from neighbor 222.255.0.3)
RP/0/9/CPU0:1A#sh cef ipv6 2001:db8:100:beef::1/128

Prefix Len 128, traffic index 0, precedence routine (0)
via ::ffff:222.255.0.3, 3 dependencies, recursive
LDP BGP
next hop ::ffff:222.255.0.3 via ::ffff:222.255.0.3:0
local label 16030
next hop 222.0.0.1 Gi0/0/0/0 labels imposed {1048566 16016}
v4 v6
router bgp 65100

! Allocates MPLS labels for specified (all) IPv6
address-family ipv6 unicast unicast prefixes.
redistribute connected A route-policy could be used for finer control to
allocate-label all filter prefixes.
!
remote-as 65100
!
neighbor-group IBGP_6PE
use session-group IBGP_IPv6 Enable labeled-unicast AF under neighbor or
address-family ipv6 labeled-unicast neighbor-group
!
use neighbor-group IBGP_6PE
!
!
neighbor <…> eBGP to v6 CE
!
neighbor 222:0:31::2
remote-as 300
description ### eBGP to CE
!
!
v4 v6
  AF Neighbors
RP/0/9/CPU0:1A# sh bgp ipv6 labeled-unicast sum
Table ID: 0xe0800000

Speaker 2681 2681 2681 2681 2681

222.255.0.2 0 65100 1682 1675 0 0 0 05:01:50 Idle (Admin)
222.255.0.3 0 65100 1983 1975 2681 0 0 03:07:59 1
222.255.0.4 0 65100 1666 1661 0 0 0 05:01:50 Idle (Admin)
  Routes in BGP Table

RP/0/9/CPU0:1A# sh bgp ipv6 labeled-unicast 2001:db8:100:beef::1/128
BGP routing table entry for 2001:db8:100:beef::1/128
Paths: (1 available, best #1)

Advertised to update-groups (with more than one peer):
0.4
Path #1: Received by speaker 0
Local
222.255.0.3 (metric 3) from 222.255.0.3 (222.255.0.3)
Received Label 16016
Origin IGP, metric 0, localpref 100, valid, internal, best
6VPE – v6 VPN PE
(RFC4659)
  v6 VPN connectivity over IPv4-MPLS core
  Core uses IPv4 control plane (LDPv4, TEv4, IGPv4, MP-BGP)
  v6 reachability exchanged via iBGP (MP-BGP)
  v6 packets transported inside MPLS
  v6 transit inherits benefits from v4 MPLS (e.g. FC, TE, etc.)
  PE routers must support Dual Stack / 6PE

  P routers untouched (no HW/SW/config change)
  For end-users: v6-VPN is same as v4-VPN services (hub and
spoke, ce-pe routing, internet access, etc.)
  6VPE Transport Services:
Connect v6 islands over MPLS core
Transition mechanism for providing VPN IPv6 access
Inter-AS 6VPE
  Similar to 6PE: Use MP-BGP for Inner and LDP for Outer label
  MP-BGP
RTs, VRFs, RDs are appended to IPv6 to form VPNv6 address
MP-iBGP carries Length(8bit), Label(24bit) and VPNv6 address
(RD(64bit)+IPv6 address(128bit))
AFI =2(IPv6), SAFI = 128(VPN)
LDP Label MP-BGP Label IPv6 packet
To 10.0.0.101 To 2001:1::1 To 2001:1::1
  MP-BGP NH is a ‘Special Use’ v4 to v6 Mapped Address1)
::ffff:A.B.C.D (e.g.::ffff:141.244.100.1)
fixed v4 NH of 6PE Router
1) http://www.ietf.org/rfc/rfc4291.txt
MPLS IPv4 Core Network
6VPE P P 6VPE
CE v4 CE
v4/6 v4 v4 v4/6 v4/6
IPv6 16016 1048566
222.255.0.1
6PE P P 222.255.0.3
2001:DB8:100:beef::1
VRF VRF
CE CE
v6 v4/6 v4 v4 v4/6 v6
6VPE
6VPE eBGP:
IPv6 Prefix (AFI2 / Sub-AFI1)
MP-iBGP: NH : IPv6 Address (A:B:C::D)
VPNv6 Prefix (RD+IPv6) + Label (AFI2 / Sub-AFI128)
RT: Route-Target Extended Community
NH : IPv4 Mapped IPv6 Address (::FFFF:a.b.c.d)
bgp[123]: [rtr] (vpn6u): Received UPDATE from 222.255.0.3 with attributes:

bgp[123]: [rtr] (vpn6u): nexthop 222.255.0.3/32, origin ?, localpref 100, metric 0, extended
community RT:6:2
bgp[123]: [rtr] (vpn6u): Received prefix 2ASN:6:3:2001:db8:100:beef::1/128 with MPLS label 16015
from neighbor 222.255.0.3
RP/0/9/CPU0:1A#sh cef vrf 6VPE ipv6 2001:db8:100:beef::1/128

via ::ffff:222.255.0.3, 3 dependencies, recursive
next hop ::ffff:222.255.0.3 via ::ffff:222.255.0.3:0 LDP BGP
v4 v6
vrf 6VPE-RED
import route-target
v6 VRF Definition (name RT import/export) 6:4
!
export route-target
6:3
!
router bgp 65100
!
AF VPNv6 Initialization !
remote-as 65100
!
neighbor-group IBGP_6VPE
Enable VPNv6 AF under neighbor or neighbor-group
use session-group IBGP_IPv6
!
use neighbor-group IBGP_6VPE
!
use neighbor-group IBGP_6VPE
v6 VRF Definition (RD) !
vrf 6VPE-RED
rd 6:3
Setup eBGP to v6 CE inside VRF redistribute connected
!
neighbor 222:0:31::2
remote-as 300
!
v4 v6
  AF Neighbors
RP/0/9/CPU0:1A# sh bgp vpnv6 uni sum
Table ID: 0x0

Speaker 53 53 53 53 53

222.255.0.2 0 65100 1682 1675 0 0 0 07:00:05 Idle (Admin)
222.255.0.3 0 65100 2142 2129 53 0 0 00:30:53 1
222.255.0.4 0 65100 1666 1661 0 0 0 07:00:05 Idle (Admin)
  VPNv6 Routes in BGP Table

RP/0/9/CPU0:1A# sh bgp vpnv6 unicast

Route Distinguisher: 6:1 (default for vrf 6VPE)
*> 13::/48 222:255:13::2 0 32768 ?
*> 222:255:13::/64 :: 0 32768 ?
*>i2001:db8:100:beef::1/128
222.255.0.3 0 100 0 ?
Route Distinguisher: 6:3
*>i2001:db8:100:beef::1/128
222.255.0.3 0 100 0 ?
Processed 4 prefixes, 4 paths

v4 v6
  VRF Status
RP/0/5/CPU0:3A# sh vrf 6VPE det
VRF 6VPE; RD not set; VPN ID not set

Description not set
Interfaces:
GigabitEthernet0/0/0/2.321
Address family IPV6 Unicast
Import VPN route-target communities:
RT:6:4
Export VPN route-target communities:
RT:6:3
No import route policy
No export route policy
  VRF Routes
RP/0/9/CPU0:1A# sh route vrf 6VPE ipv6
Gateway of last resort is not set
S 13::/48
[1/0] via 222:255:13::2, 1d10h
C 222:255:13::/64 is directly connected,
1d10h, GigabitEthernet0/0/0/2.121
L 222:255:13::1/128 is directly connected,
1d10h, GigabitEthernet0/0/0/2.121
B 2001:db8:100:beef::1/128
[200/0] via ::ffff:222.255.0.3 (nexthop in vrf default), 00:16:54
Thank you

ASR9k - QuickStart Day 1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASR9k - QuickStart Day 1 PDF

Uploaded by

Copyright:

Available Formats

Telefónica del Perú

ASR-9000 Quick Start – Day 1

• Lunch – 1.00pm – 2.30pm

• Routing IPv4/IPv6 (theory & lab) – 2.30pm – 6.00pm

Line RSP0 20xGE +

Rear view showing exhaust

A  Modular Power Architecture (9006 & 9010)

Processors 2 x 1.5GHz Freescale 8641D Intel x86 Jasper Forest 4 Core

Secondary persistent 30GB - HDD 16GB - SDD

Acceleration / Security No Yes

HW assisted CPU queues No Yes

nV Cluster – EOBC ports No Yes, 2 x 1G/10G SFP+

A9K-40G A9K-4T A9K-8T/4 A9K-2T20G A9K-8T A9K-16T/8

PHY Network Processor 0 Egress CEF, ACL,

PHY NP3 Fabric 1

PHY NP0 Fabric 0

Network Processors perform lookups and features on Ingress and Egress

Config – Configuration for L3 Node

Admin – Chassis operations

• 4 types of permissions per task

User needs ALL of the following taskids:

bgp (READ WRITE)

• Config History Database

• Atomic vs. Best Effort

• Multiple Config Sessions

router ospf 100

router ospf 100

router ospf 100

 Just a paste operation Commit History Rollback

router ospf 100 router ospf 100

router bgp 100

router ospf 100

router ospf 100 router ospf 100

task read boot

router ospf 100

router ospf 100

 Load multiple rollbacks

 Careful not to overshoot router bgp 100

router ospf 100 router ospf 100

interface gig 0/3/0/2 !

interface gig 0/3/0/0 !

area 0 hostname Leif

no interface gig 0/3/0/0 Commit taskgroup ops

Commit History Rollback

router ospf 100

router ospf 100

router bgp 100

interface gig 0/3/0/2 task read boot

interface gig 0/3/0/0 area 0

no interface gig 0/3/0/0

router ospf 100

Use config exclusive to block

Enter Proposed Changes Enter Proposed Changes

interface gig 0/3/0/0 interface gig 0/3/0/0

router ospf 100 router ospf 100

RP/0/RSP1/CPU0:viking-1# show config commit list

RP/0/RSP1/CPU0:viking-1# show config commit changes last 5

RP/0/RSP1/CPU0:viking-1# show config sessions

• Unconfigured interfaces not shown

• Individual config blocks can be displayed

RP/0/RP0/CPU0:CRS#show run router bgp

• commit replace – Replaces active config with target (WARNING)

• commit label – Adds label which can be used to reference commit

•  Lunch – 1.00pm – 2.30pm

•  Routing IPv4/IPv6 (theory & lab) – 2.30pm – 6.00pm

A  Modular Power Architecture (9006 & 9010)

•  4 types of permissions per task

•  Config History Database

•  Atomic vs. Best Effort

•  Multiple Config Sessions

 Just a paste operation Commit History Rollback

 Load multiple rollbacks

 Careful not to overshoot router bgp 100

•  Unconfigured interfaces not shown

•  Individual config blocks can be displayed

•  commit replace – Replaces active config with target (WARNING)

•  commit label – Adds label which can be used to reference commit

•  commit comment – Adds a comment (cannot be referenced)

•  clear – Clear target config, go to top level, stay in config mode

•  abort – Clear target config mode, exit config mode

•  Future interface can be assigned to routing protocols

•  OIR moves configuration to preconfigured state

•  show config – Display entire target config

•  show config merged – Display target and active config together

•  show config running – Display active config

•  show config rollback – Display possible rollback options

•  show config failed – Display config that failed semantic check

  Modular install allows selective install Firmware

  Only required software is loaded Video

  Saves disk space Mgmt Optional Packages

  Will be displayed for RP/RSP and line cards

•  Name includes platform, package, and bugId

 Copy pie from tftp, harddisk, flash, or other source

 Restart appropriate processes or nodes with new software

 Package’s features are no longer available

 Package/PIE is completely removed

  Install from Admin Mode

•  Neighbor Based Configuration