Professional Documents
Culture Documents
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Day 2
• MPLS/VPN (theory & lab) – 9.00am – 11.00am
• Carrier Ethernet (theory & lab) – 11.00am – 1.00pm
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
ASR-9000 - MPLS-VPN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
• Functionality Similar to IOS
No TDP
Traffic Engineering supported (not covered)
• L3 VPN support
• L2 VPN support
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Basic configuration
mpls ldp
router-id 6.6.6.6
!
interface GigabitEthernet0/4/0/0
interface GigabitEthernet0/4/0/1
interface GigabitEthernet0/4/0/2
interface GigabitEthernet0/4/0/3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Monitor LDP neighbors
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Monitor LDP bindings
1.1.1.1/32 , rev 36
local binding: label:IMP-NULL
remote bindings :
lsr:7.7.7.7:0, label:19
2.2.2.2/32 , rev 51
local binding: label:32
remote bindings :
lsr:7.7.7.7:0, label:16
3.3.3.3/32 , rev 2
local binding: label:16
remote bindings :
lsr:7.7.7.7:0, label:21
4.4.4.4/32 , rev 4
local binding: label:17
remote bindings :
lsr:7.7.7.7:0, label:22
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Other show commands
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
vrf <NAME> Create VRF
address-family ipv4 unicast
import route-target
<A:B>
export route-target
<C:D>
import route-policy <name> Attach to interface
export route-policy <name>
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Prefixes from VPN neighbor
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Import/Export parameters
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Reusable template for VPN
l2vpn type (MPLS or L2TPv3)
pw-class [class-name]
encapsulation mpls
protocol ldp Tunnel Parameters
interface GigabitEthernet0/1/0/0
l2transport
Put interface into
L2VPN mode
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
RP/0/0/CPU0:L2VPN-PE1#sh mpls ldp neighbor 12.12.12.12 detail
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Verify XConnect Status
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Detailed View of XConnect
RP/0/0/CPU0:L2VPN-PE1# sh l2vpn xconnect detail
Group VLAN100-VLAN200, XC 100, state is up
AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Tags: outer 100, inner 0; MTU 1500; XC ID 7
Statistics:
packet totals: send 2107000
byte totals: send 126420000
drops: illegal VLAN 0, illegal length 0
PW: neighbor 222.255.100.2, PW ID 100, state is up ( established )
PW class VLAN
Encapsulation MPLS, protocol LDP
PW type Ethernet VLAN, control word enabled, interworking none
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------------------
Label 16002 16009
Group ID 0x1000700 0x1000500
Interface GigabitEthernet0/0/0/2.100 GigabitEthernet0/0/0/2.200
MTU 1500 1500
Control word enabled enabled
PW type Ethernet VLAN Ethernet VLAN
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x3 0x3
(control word) (control word)
(router alert label) (router alert label)
------------ ------------------------------ ------------------------------
Create time: 04/04/2007 02:55:04 (1d11h ago)
Last time status changed: 04/04/2007 03:14:25 (1d11h ago)
Statistics:
packet totals: receive 2107000
byte totals: receive 143276000
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Pseudowire Ping
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
ASR-9000 Carrier Ethernet
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
ASR 9000 Flexible Ethernet SW Infrastructure
(“EVC” SW Infrastructure)
EoMPLS PW
(H-)VPLS
Bridging
EoMPLS PW
Flexible VLAN
tag classification IRB
Flexible VLAN
tag rewrite X EoMPLS PW
Flexible IRB
Bridging
Ethertype (.1Q, X
QinQ, .1ad) Routing and Bridging
L2 or L3 sub-interfaces
(802.1a/qinq/.1ad) Flexible service mapping and multiplexing. Support all standard based
services concurrently on the same port
2 L2 P2P local connect and EoMPLS
L2 Multi-point local bridging and H-VPLS&VPLS
Regular L3 sub-interface, and Integrated L2 and L3 - IRB
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Double tag
RP/0/RSP0/CPU0:PE2-asr(config)#int gig 0/0/0/4.100 l2transport
Single tag
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation ?
Multiple tag
default Packets unmatched by other service instances
dot1ad IEEE 802.1ad VLAN-tagged packets Range of tag
dot1q IEEE 802.1Q VLAN-tagged packets .1q and/or .1ad
untagged Packets with no explicit VLAN tag Loose or exact match
Untagged
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1q 100-200,205 ?
Default tag
comma comma
exact Do not allow further inner tags
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
RP/0/RSP0/CPU0:PE2-asr(config)#int gig 0/0/0/4.100 l2transport
Pop tag 1 or 2
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag ?
Push tag 1 or 2
pop Remove one or more tags
push Push one or more tags Tag translation
translate Replace tags with other tags
1-1
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag pop ? 1-2
1 Remove outer tag only 2-1
2 Remove two outermost tags
2-2
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag push ?
dot1ad Push a Dot1ad tag
dot1q Push a Dot1Q tag
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag push dot1q 100 ?
second-dot1q Push another Dot1Q tag
symmetric All rewrites must be symmetric
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
EFP configuration example
L2VPN P2P service configuration example
Interface gig 0/0/0/1.101 l2transport
encapsulation dot1q 101 second 10 l2vpn
rewrite ingress pop 2 Symmetric xconnect group cisco
p2p service1 local connect
Interface gig 0/0/0/2.101 l2transport interface gig 0/0/0/1.101
encapsulation dot1q 101 interface gig 0/0/0/2.101
rewrite ingress pop 1 Symmetric p2p service2 VPWS
interface gig 0/0/0/3.101
Interface gig 0/0/0/3.101 l2transport neighbor 1.1.1.1 pw-id 22
encapsulation dot1q 102 p2p service3 PW stitching
rewrite ingress push dot1q 100 Symmetric neighbor 2.2.2.2 pw-id 100
neighbor 3.3.3.3 pw-id 101
Two logical ports (EFP or PW) form one EVC (Ethernet virtual circuit)
No MAC learning/forwarding involved
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
L2VPN MP service configuration example
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
E-Tree Forwarding Rules:
• Root can talk with root
• Root can talk with leaf or leaf
can talk with root
• but leaf can’t talk with leaf
Leaf Leaf
L2VPN E-Tree service configuration example
l2vpn
L2 AC bridge group cisco
bridge-domain domain1
Root Interface gig 0/0/0/1.101
split-horizon group optionally on AC
VFI
VFI Interface gig 0/0/0/2.101
VPLS split-horizon group
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
ASR 9000 IRB/BVI Example
7600 SVI example
Interface gig 0/0/0/1.50 l2transport
encapsulation dot1q 50
rewrite ingress tag pop 1 Symmetric
interface gig 1/2
Interface gig 0/0/0/2.50 l2transport switchport
encapsulation dot1q 50 switchport mode trunk
rewrite ingress tag pop 1 Symmetric switchport trunk allow vlan 50-1000
interface GigabitEthernet4/1/0
l2vpn
service instance 2 ethernet
bridge group cisco
encapsulation dot1q 50
bridge-domain domain50
rewrite ingress tap pop 1 sym
Interface gig 0/0/0/1.50
bridge-domain 50
Interface gig 0/0/0/2.50
routed interface bvi 20
Interface vlan 50
ip address 1.1.1.1 255.255.255.0
Interface bvi 20
ipv4 address 1.1.1.1 255.255.255.0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Routed PW
L3 and PW exist in the
same bridge-domain/VLAN
ASR 9000 IRB/BVI Example
7600 SVI example
Interface gig 0/0/0/1.50 l2transport
encapsulation dot1q 50 interface gig 1/2
rewrite ingress tag pop 1 Symmetric switchport
switchport mode trunk
Interface gig 0/0/0/2.50 l2transport
encapsulation dot1q 50 switchport trunk allow vlan 50-1000
rewrite ingress tag pop 1 Symmetric
interface GigabitEthernet4/1/0
service instance 2 ethernet
l2vpn encapsulation dot1q 50
bridge group cisco rewrite ingress tap pop 1 sym
bridge-domain domain50 bridge-domain 50
Interface gig 0/0/0/1.50
Interface gig 0/0/0/2.50 L2 vfi myvfi manual
neighbor 1.1.1.1 pw-id 50 vpn id 50
vfi 50 neighbor 2.2.2.2 encap mpls
neighbor 2.2.2.2 pw-id 50 neighbor 3.3.3.3 encap mpls
neighbor 3.3.3.3 pw-id 50
routed interface bvi 20 Interface vlan 50
ip address 1.1.1.1 255.255.255.0
Interface bvi 20 xconnect vfi myvfi
ipv4 address 1.1.1.1 255.255.255.0
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Limits the number of source MAC addresses allowed per interface and Bridge-Domain/VFI.
Sets action to take on packets with a “blocked” source MAC.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
A traffic storm occurs when packets flood the LAN, creating excessive traffic and
degrading network performance. The traffic storm control feature prevents bridge
ports (ACs and PWs) from being disrupted by a broadcast, multicast, or unicast
traffic storm on these interfaces.
Traffic storm control limits the rate of broadcast, multicast, and unknown traffic.
The rate limit is done at ingress only, and is per interface/pw. No per-bridge or per-
output limit.
Storm control should be applied as close to the source as possible. So typically it’s
applied at access “interface”: L2 port or access PW. It’s not on the core PW. Thus
storm control is not supported on core PW on ASR 9000
l2vpn
bridge-group …
bridge-domain …
interface … limit per L2 port
storm-control broadcast pps {0-max}
storm-control multicast pps {0-max}
storm-control unknown-unicast pps {0-max}
neighbor … pw-id ... limit per access PW
storm-control broadcast pps {0-max}
storm-control multicast pps {0-max}
storm-control unknown-unicast pps {0-max}
vfi abc
neighbor … pw-id ... storm control is not supported for core/VFI PW
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
ASR-9000 High Availability
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
IGP and LDP
eBGP
P1 PE1 CE1
Traffic is forwarded
continuously
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
• Accelerates convergence by running fast keepalives in a consistent,
standardized mechanism across routing protocols
• Lightweight hello protocol
• Neighbors exchange hello packets at negotiated regular intervals
• Configurable transmit and receive time intervals
• Unicast packets, even on shared media
• No discovery mechanism
• BFD sessions are established by the clients e.g. OSPF, IS-IS, EIGRP, BGP, …
• Client hello packets transmitted independently
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
O(x00msec) Convergence for IP & MPLS
• Throttling
– Convergence times configurable down to 0ms for initial failures.
– Subsequent failures increment convergence times gradually to avoid
instability.
• Caveats
– For LSA/LSP/SPF (OSPF and ISIS only)
– Convergence times depend on number of nodes and prefixes.
• Applicability
– Simplest mechanism providing fast convergence everywhere.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
50 msec Convergence for IP & MPLS
• Key Features
– Fast Convergence for Link and Node Failures
– Supported Across all Network Topologies
– MPLS-TE Traffic Management
• SRLG
• BW Reservation Link
• Per Tunnel Traffic Statistics Failure
• Caveats
– Requires MPLS and MPLS-TE
– No Protection for Ingress or Egress Tunnel FRR LSP
Failures
Tunnel
– Requires Pre-Computed Backup Paths LSP
– Requires “(n-1)!” Tunnels for Full Protection
• Applicability VC
– Protecting Expensive Backbone Links LSPs
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
50 msec Convergence for IP & MPLS R5
Key Features
– 50 msec Convergence for Link and Node Failures
– Works for MPLS and IP Only Environments
– Simple
• Automatic configuration of “Loop Free R3 R4
Alternate Paths” via OSPF or ISIS Link Loop Free
• No Tunnels Failure Path
Caveats
– Requires a “Loop Free Path” for Protection
– No Bandwidth Reservation R1 R2
– No Support for SRLG
– New Feature
No Convergence Required on
Applicability
Routers R2, R3, R4 and R5 to
– Strong Solution for Deployments with Cost
Effective Bandwidth Maintain Green Traffic Flow!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
BGP Sub-Second Convergence
Optimizes BGP Convergence for IGP Path to BGP Next-Hop Change
– PE to P Link Failures
– P to P Link Failures
– P Node Failues
Enabled by Default in IOS-XR
– Supported for both IP and L3VPN BGP Prefixes
– Requires BGP Next-Hop Self and IGP Tuning for sub-second failover
– Utilizes hierarchical CEF to minimize forwarding plane updates
Core Failure!
Int1
VPN1 Int2 VPN1
CE1 PE1 PE2 CE2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Sub-second BGP Convergence for Multi-homed Customers
Optimizes BGP Convergence for BGP Next-Hop Change
– PE to CE Link Failures
– PE Node Failures
– CE Node Failures
Applicability
– PE Routers
– Requires “bgp advertise-best-external” to enable
Link
Failure
PE2
VPN1 VPN1
CE1 PE1 CE2
PE3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
L3 sub- L3 ECMP path, packet
black hole on red path
Design without IRB, the
interface
issue: When access
network split, there is
potential packet black hole
L3 IP/MPLS
L2 Aggregation for downstream traffic
CPE access
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Primary PW
Attachment
PE2 Circuit
Attachment Core/Transit Router
Circuit PE1
F1 F2 F3 F4
CE2
CE1
Backup PW
• If transit Router or transit link fail (for example, F1 and F2), IGP and MPLS LDP will
re-converge. With MPLS TE/FRR enabled, TE will failover to backup tunnel. The
PW will keep up as long as PE1 has available LSP path to PE2. PW service layer is
not impacted
• If AC or service node (F3 and F4 in the above picture) which terminate PW fail, then
EoMPLS PW will go down. Network transport layer (for example, IGP, MPLS LDP,
TE/FRR, etc) re-converge won’t help since the PW termination point is down To
provide service node or AC redundancy, it require new technology: PW redundancy
• With PW redundancy, same service node could have backup PW to different
remote service node or different AC
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Case 1: Service Node
and AC protection Case 2:
AC protection
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Active PW
Active PE Active PE
CE
l2vpn
xconnect group test
p2p test-125
interface GigabitEthernet0/0/0/10.25
neighbor 10.0.0.3 pw-id 25
backup neighbor 10.0.0.4 pw-id 25 could use different pw-id than primary PW
PE (MST gateway) send pre-canned BPDU into the access network every hello timer
In the BPDU message, primary gateway indicate it’s best root bridge. Secondary
gateway indicate it has zero cost to the root bridge
From access network point of view, the STP topology has “L2 loop”. Based on the BPDU
it receive from the MST gateway bridges, it will block one of access link
If it want to block specific access link, it can configure STP port cost explicitly on the
access switch.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Interface gig 0/0/0/10.1 l2 Interface gig 0/0/0/10.1 l2
Access switch configuration
encapsulation untagged encapsulation untagged
interface GigabitEthernet1/1/1
switchport mode trunk
spanning-tree mstag ring1 spanning-tree mstag ring1
spanning-tree mst 1 cost 100000
interface GigabitEthernet0/0/0/10.1 interface GigabitEthernet0/0/0/10.1
name cisco name cisco
MST root for
revision 1 revision 1
instance 0,2
bridge-id 0000.0000.0001 bridge-id 0000.0000.0002
instance 0 I’m the root VFI instance
VFI 0
root-id 0000.0000.0001 root-id 0000.0000.0001
priority 4096 priority 8192
root-priority 4096 VFI root-priority
VFI 4096
! !
instance 1 instance 1 I’m the root
vlan-ids 101,103,105,107 MST root for vlan-ids 101,103,105,107
root-id 0000.0000.0002 instance 1 root-id 0000.0000.0002
priority 8192 priority 4096
root-priority 4096 root-priority 4096
! !
instance 2 I’m the root instance 2
vlan-ids 102,104,106,108 vlan-ids 102,104,106,108
root-id 0000.0000.0001 Access switch configuration root-id 0000.0000.0001
priority 4096 interface GigabitEthernet1/1/1 priority 8192
root-priority 4096 switchport mode trunk root-priority 4096
spanning-tree mst 0,2 cost 100000
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
• MC-LAG & ICCP enable a switch/router to use standard Ethernet Link
Aggregation for device dual-homing, with active/standby redundancy
• Dual-homed Device (DHD) operates as if it is connected to single
virtual device and runs IEEE std. 802.1AX-2008 (LACP)
• Point of Attachment (PoA) nodes run Inter-chassis Communication
Protocol (ICCP) to synchronize state & form a Redundancy Group
(RG)
DHD Inter-chassis
Communication
Protocol (ICCP)
LACP
Active PoA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Virtual LACP Peer
Redundancy Group
Standby POA
1 LACP
Coupled or De-coupled
L2 and L3 service
3
2 ICCP
DHD
LACP (between DHD and virtual LACP peer) Negotiate which link is active or standby. At least one
member port on active POA is active. All member ports on standby POA must be standby
ICCP (between two POA) à exchange information and sync up the status
L2 & L3 service à LAG (sub-)interface is the service termination point. LAG member port state (active/
standby) could determine the service status (for example, PW redundancy status)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
• MC-LAG bundle (sub-)interface can be configured for both L2 and L3
service
• Service redundancy status may or may not be tied to PoA/bundle
active/standby status
– P2P PW (coupled mode): bundle state determine the PW state. If bundle is
in active state, then it advertise “active” PW status message. Otherwise it will
advertise “standby” PW status message to its peer Routers
– H-VPLS access P2P PW (coupled & one-way mode): PW and its backup
PW are in regular “one-way” PW redundancy mode on active POA. On the
standby POA, both of itse PWs are in standby state
– VPLS service (de-coupled mode): regardless if bundle is active or standby,
VPLS PWs are always in active forwarding state
– H-VPLS access PW (PW under bridge-domain): same de-coupled mode as
VPLS
– L3 service (coupled mode): bundle state determine the L3 sub-interface
state. If bundle is in active state, then bundle L3 interface/sub-interface keep
up. Otherwise, it keeps in protocol “down” state
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
On POA-1 (ASR 9000) On POA-2 (ASR 9000)
redundancy redundancy
iccp iccp
group 10 group 10 define ICCP group, two Routers per group
mlacp node 1 mlacp node 2 must be unique in the group
mlacp system mac 0000.0000.0001 mlacp system mac 0000.0000.0001 must be identical across POAs
mlacp system priority 5 mlacp system priority 5 must be identical across POAs
member member
neighbor 10.0.0.2 neighbor 10.0.0.1 define peer PoA
! !
backbone backbone uplink tracking
interface TenGigE0/2/0/0 interface TenGigE0/2/0/0
interface TenGigE0/2/0/1 interface TenGigE0/2/0/1
l2vpn l2vpn
pw-status pw-status
xconnect group 1 xconnect group 1
p2p 161-mlag-eompls p2p 161-mlag-eompls regular PW redundancy configuration
interface Bundle-Ether1.161 interface Bundle-Ether1.161 MC-LAG as AC
neighbor 10.0.0.3 pw-id 161 neighbor 10.0.0.3 pw-id 161
backup neighbor 10.0.0.4 pw-id 161 backup neighbor 10.0.0.4 pw-id 161
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
MoFRR: Multicast Only Fast Re-Route
MS
MoFRR allows fast reroute for multicast traffic on a PE
router by sending PIM joins from two Equal-Cost Multi- First Hop
Router
Path (ECMP) upstream interfaces towards the source
over disjoint paths
Thereby receiving two copies of the multicast traffic
on two
different ingress interfaces [two RPFs]
Pick the primary traffic stream to forward MoFRR at PE Router
downstream and
discard the backup stream at the ingress
MR
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
MoFRR Config commands
Configuring MoFRR address ranges (very specific (S,G))
ipv4 access-list flow_mofrr
10 permit ipv4 host 20.0.0.2 host 232.0.0.1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
MoFRR Show commands
PIM Commands
o show pim rpf summary
o show pim rpf hash <source/group> mofrr
o show pim topology detail
MRIB commands
o Show mrib route detail
MFIB Commands
o Show mfib route detail location <loc>
o show mfib hardware route mofrr location <loc>
o show mfib hardware route summary location <loc>
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
ASR-9000 QoS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
End-to-End priority (P1,P2, Best-effort) propagation
Guarantee bandwidth, low latency for high priority traffic One Queue set (4
at any congestion point queues) per each NP
3 strict priority level across all internal HW components on the LC
CPU CPU 4
PHY NP0 NP0 PHY
3
PHY NP1 2 NP1 PHY
FIA FIA
PHY NP2 NP2 PHY
Switch
1 Fabric
PHY NP3 NP3 PHY
3
2
1 Virtual Egress FIA 4
Ingress (sub-)interface Output Queues Egress (sub-)interface
QoS Queues Queues QoS Queues
Implicit Configuration
Configure with Ingress MQC 4-layer hierarchy Two strict high priority + Configure with Egress MQC 4-layer hierarchy
Two strict high priority + Normal priority
Two strict high priority + Normal priority Normal priority
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
3 strict priority scheduling/queueing
Back pressure and virtual output queue
Multicast and Unicast separation
(separated queues and fabric plane)
RSP0
Crossbar
Fabric 5: credit return
ASIC
1: Fabric Request
Crossbar
Ingress LC Fabric Egress LC
ASIC
Arbiter
FIA FIA
2: Arbitration
Crossbar
Fabric
ASIC
3: Fabric Grant
Crossbar
4: load-balanced Fabric
ASIC
transmission
across fabric links Arbiter
RSP1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
• Arbitration is being performed by a central high speed arbitration ASIC
on the RSP
• At any time a single arbiter is responsible for arbitration (active/active
“APS like” protection)
• The Arbitration algorithm is QOS aware and will ensure that P1 classes
have preference over P2 classes, both of which have preference over
non-priority classes
• Arbitration is performed relative to a given the egress VQI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Egress NP congestion backpressure to ingress FIA
Packet is en-queued in the dedicated VoQ
No impact of the packet going to different egress NP
One VoQ set (4 No head-of-line-block issue
queues) per each NP in
the system Backpressure: egress NP egress FIA
fabric Arbiter ingress FIA VoQ
CPU CPU 1
PHY
10Gbps NP0 NP0 PHY 2
5Gbps
PHY NP1 NP1 PHY
5Gbps
FIA FIA
PHY NP2 NP2 PHY 3
Switch
Fabric
PHY NP3 NP3 PHY
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Ingress linecard
egress linecard
QOS ACL
ACL action classification classification L2 rewrite Fwd lookup
To wire
QoS action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Ingress linecard
WRED
egress classifies on
linecard
marked/remarked values
QOS ACL
ACL action classification classification L2 rewrite
Queue/ Fwd lookup
Police Mark shape/
WRED
To wire
QoS action
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
• “Control Plane Policing” and “Local Packet Transport Service”
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
• For Bridged packets on ingress – outermost COS would be
treated as trusted.
• For Routed packets on ingress – DSCP/Precedence/
outermost EXP would be treated as trusted based on packet
type.
• Default QOS will be gleaned from ingress interface before
QOS marking is applied on the ingress policymap.
• By default ASR 9000 would never modify DSCP/IP
precedence of a packet without a policy-map configured.
• Default QOS information would be used for impositioned
fields only – not for VLAN translation/MPLS swapped labels.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Feature Typhoon Trident
32K egress + 32K ingress for 10G
line card
Queue scale 192K egress + 64K ingress
64K egress + 32K ingress for
40x1G line card
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
L1 L2 L3 L4
Port Subscriber Subscriber Class Note: We count
Level group Level Level Level
hierarchies as follows:
PQ1 VoIP – Bearer + Control 4L hierarchy = 3 Level
Business Critical nested p-map
EVC1
BW
Customer1 - egress
BW Internet – Best Effort 3L hierarchy = 2 level
nested p-map
EVC 2
PQ2 Telepresence
BW Internet – Best Effort implicitly assumed
EVC3
BW
Customer2 - egress
BW Internet – Best Effort policy-map is configured
for and applied to a
given subinterface
PQ1 VoIP – Bearer + Control
PQ2 Telepresence EVC 4 Max 8 classes (L4) per
BW Internet – Best Effort subscriber level (L3) are
supported
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
• Priority level 1 & 2 support:
• The high priority queue level 1 gets scheduled at strict priority, i.e. if it has not
met it’s configured maximum BW, determined by policing.
• The high priority queue level 2 gets scheduled at relative strict priority after PQ
level 1 has been scheduled, i.e. if it (PQ L2) has not met it’s configured maximum
BW, determined by policing or shaping.
• Priority propagation:
• means that strict priority scheduling (latency/priority behavior) is executed
throughout all layers of the hierarchy in case of congestion at any of the levels
Latency assurance at a child class is automatically assured at parent /
grandparent levels for traffic in that class
e.g. in congestion at parent / grandparent levels, traffic in this class will be
serviced first
• Unshaped Priority traffic for lowest latency:
• If priority traffic level 1 is scheduled into a parent shaper it will NOT actually be
shaped, but scheduled at linerate
• It will only be accounted for at the parent scheduler so that shapers will not be
overrun
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
policy parent
• Objective: Apply a SLA to an EFP with parent shape/
bandwidth/BRR and child class based queuing class-default
shape average 100 mbps
bandwidth 50 mbps
bandwidth-remaining-ratio 50
service-policy child
policy child
COS5 VoIP
PQ class-voip {classify on cos=5}
COS1 Internet
BW
priority level 1
police 20 mbps
class-internet {classify on cos=1}
bandwidth 10
EFP int GigE 0/1/2/3.4 l2transport
VLAN service-policy output parent
101
int GigE 0/1/2/3.5 l2transport
service-policy output parent
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
• Very flexible L2/L3 field classification on L2 interfaces
Inner/outer cos
Inner/Outer vlan *
DEI*
Outer EXP
Dscp/Tos
TTL, TCP flags, source/destination L4 ports
Protocol
Source/Destination IPv4
Source/Destination MAC address*
Discard-class
Qos-group
match all/match any
• Note:
Not all fields are supported on L3 interfaces*
Some fields don’t make sense on ingress (e.g. dicard-class, qos-group)
MPLS classification is based on EXP only
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
• Per Policy-map a given classification format is chosen by SW, i.e a
given policy-map can only classify based on a single format
Fields supported - IPV4 source address - Outer VLAN/COS/DEI - Outer VLAN/COS/DEI - Outer VLAN/COS/
(Specific/Range)[1] - Inner VLAN/COS - Inner VLAN/COS DEI
- IPV4 Destination address - IPV4 Source address - IPV4 Destination address - Inner VLAN/COS
(Specific/Range) (Specific/Range) (Specific/Range) - MAC Destination
- IPV4 protocol - IP DSCP / TOS / - IP DSCP / TOS / address
- IP DSCP / TOS / Precedence Precedence - MAC source
Precedence - QOS-group (output policy - QOS-group (output policy address
- IPV4 TTL only) only) - QOS-group (output
- IPV4 Source port - Discard-class (output - Discard-class (output policy only)
(Specific/Range) policy only) policy only) - Discard-class
- IPV4 Destination port (output policy only)
(Specific/Range)
- TCP Flags
- QOS-group (output policy
only)
- Discard-class (output-
policy only)
[1] All fields marked in blue are defined using an ACL used for QOS classification.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
• “settable” packet fields:
dscp/precedence
EXP imposition
EXP topmost
cos inner/outer
qos-group
discard-class
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
RFC 2698 supported (2r3c) and 64k policers per NP (shared for
1r2c ingress/egress) on extended
color blind mode linecards
Ingress & egress policing Policer actions supported:
supported • transmit
General Rule: Policing required • drop
on priority queues. • set (implicitly behaves like set
Priority level 2 classes can also accept and transmit)
shaping instead of policing. • each color can have two set
actions:
Granularity of 64Kbps
supported. Policy-map parent
Class class-default
2-level nested policy maps Police rate 10 Mbps peak-rate 20 mbps
conform-action set dscp af12
supported conform-action set cos 2
Note: policers at parent and child work exceed-action set dscp af13
independently exceed-action set cos 3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
policy-map child
class class1
police rate 20 mbps peak-rate 50 mbps
class class2
police rate 30 mbps peak-rate 60 mbps
policy-map parent
class class-default At parent level, if it’s over the CIR,
police rate 60 mbps packet will be dropped randomly.
service-policy child There is no awareness which packet
to be dropped
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
policy-map child
class class1
police rate 20 mbps peak-rate 50 mbps
class class2
police rate 30 mbps peak-rate 60 mbps
policy-map parent
class class-default
service-policy child Parent CIR must > aggregated child
CIR
police rate 60 mbps Parent police only support 1R2C, child
child-conform-aware police support all: 1R2C, 2R3C, or
1R3C
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
• “shape” for a shaped PIR for a graceful enforcement of a
maximum bandwidth“
• shaping at all configurable levels
• Min. granularity: 64kbps (L3, L4, 256kbps for L2)
• priority levels: priority level 1, priority 2, minBw/CIR and Bw
remaining
• “bandwidth” (minBw) for a CIR guarantee relative to the parent
hierarchy level
Min. Granularity: 64kbps
• bandwidth remaining ratio/percent” for the redistribution of excess
bandwidth that is available after PQ classes have been scheduled
configurable ratio values 1-1020
• Two parameter scheduler support at class level and subscriber
group level (L4, L2):
Shape & BwR (ratio / percent)
Shape & MinBw (absolute / percent)
Not supported: BwR & MinBw on the same class
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
• WRED based on: DSCP, IPP, EXP, COS, discard-class
• default queue-limit -to prevent buffer exhaustion- is 100ms of
service rate (service rate is the sum of guaranteed bw/bwr
assigned to a class)
• FCS software supports 2 curves/class*
• Per class one single classification field is supported, i.e one can’t use COS
and DSCP for the same class
Hint: Use ingress discard-class markings if you need to overload a given
class or WRED profile with multiple classifications, i.e mark discard-class on
ingress for both COS and DSCP
• WRED configuration unit options are: bytes, kbytes, mbytes, us,
ms, packets
• These values will be rounded up to a set of pre-defined profiles ranging
from 8 kB to 262144 kB
• The actual implementation uses 512 byte buffer particles
• Novelty: ASR 9000 supports WRED on shaped PQ2 classes.
Can be used for differentiation of two kinds of priority within the PQ2 class
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
• All relevant policy actions support both, absolute and percentage based
configuration:
• shape
• bandwidth
• Police
• bandwidth remaining*
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
QoS actions throughout the service provider network
are done based on customer network codepoint, and
any marking action within service provider network will
result in changes of customer network codepoint.
Uniform
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
show running-config
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
Displays the summary of all the resources used in hardware
show qoshal resource summary [np <np>] and software for QoS such number of policy instances,
queues, profiles
show qoshal fcu <limits|status|profile> Displays all Traffic Manager (TM) Flow control related info
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
ASR-9000 Multicast
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
2 FIA Replication replicate
single copy to Bridge which has
IGMP join, based on MGID
1 Fabric Replication 4 NP Replication replicate
replicate single copy to table in FIA copy per receiver based on
LCs which receive IGMP multicast FIB table
3 Bridge Replication similar
join, based on FGID table as FIA replication, single copy
in switch fabric to NP MFIB
IGMP joins
CPU 4
NP0 PHY
MGID
MGID
B0
3 NP1 PHY
2
IGMP joins CPU FIA
PHY NP0 B1 NP2 PHY
FGID/
3 FPOE
PHY NP1 2 NP3 PHY
B0 1 LC2
IGMP joins FIA
PHY NP2
B1 Switch
Multicast Fabric CPU
Source PHY NP3 NP0 PHY
B0 NP1 PHY
FGID – Fabric Group ID FIA
MGID – Multicast Group ID B1 NP2 PHY
MFIB – Multicast Forwarding Information Base
NP3 PHY
LC3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
• This enables multicast routing globally and on all interfaces except the
MgmtEth interfaces. PIM and IGMP are also enabled. Although this
command enables PIM on all interfaces, no specific PIM mode is
assumed at this time.
• Note: the enable keyword will be deprecated since it does not bring any
added value.
RP/0/0/CPU0:router(config)#multicast-routing ?
accounting Enable/disable Accounting
address-family Enter Address Family command mode
interface Multicast interface configuration subcommands
ipv4 Enter ipv4 Address Family command mode
maximum Maximum state limits
nsf Global multicast NSF configuration commands
ssm Configure a group range for Source-Specific use
static-rpf Configure a static RPF rule for a given prefix/mask
<cr>
RP/0/0/CPU0:router(config)#multicast-routing
RP/0/0/CPU0:router(config-mcast-ipv4)#interface all enable
RP/0/0/CPU0:router(config-mcast-ipv4)#interface MgmtEth0/1/CPU0/0 disable
RP/0/0/CPU0:router(config-mcast-ipv4)#interface MgmtEth0/0/CPU0/0 disable
RP/0/0/CPU0:router(config-mcast-ipv4)#commit
RP/0/0/CPU0:router(config-mcast-ipv4)#end
RP/0/0/CPU0:router#
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
• Enabled automatically on all interfaces where multicast-routing is
configured.
• Parameters are configured under “router pim”.
• Interface parameters are configured in the interface submode
under the “router pim” mode (so not in global interface config
mode)
• PIM mode (DM, SM, SSM) is configured by multicast group range
and not by interface.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
Dense Mode
• Not supported in IOS XR
• Only 2 groups are automatically configured in Dense Mode when
Auto-RP for PIM Sparse Mode is configured: 224.0.1.39 (RP-
Announce) and 224.0.1.40 (RP-Discovery).
Sparse Mode
• PIM Sparse Mode automatically enabled on all interfaces where
multicast-routing is configured.
• The mode is sparse mode by default except for the groups which
are part of the PIM SSM range (by default 232.0.0.0/8) and those
which are configured for PIM Bidir.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
• In global PIM config mode, we would typically configure the RP config
(static or auto-rp) and maybe some timers which would be applied to all
interfaces.
• Static RP:
RP/0/1/CPU0:router#sh run router pim
router pim address-family ipv4
rp-address 1.1.1.1 rp1-list
rp-address 2.2.2.2 rp2-list override
rp-address 3.3.3.3
!
RP/0/1/CPU0:router#sh run ipv4 access-list rp1-list
ipv4 access-list rp1-list
10 permit ip 225.0.0.0 0.255.255.255 any
!
RP/0/1/CPU0:router#sh run ipv4 access-list rp2-list
ipv4 access-list rp2-list
10 permit ip 226.0.0.0 0.255.255.255 any
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
• The PIM interface config can be used to configure timers,
DR priority or disable PIM on the interface:
RP/0/0/CPU0:router(config-pim-ipv4-if)#?
commit Commit the configuration changes to running
default Set a command to its defaults
describe Describe a command without taking real actions
disable Disable PIM processing on this interface
do Run an exec command
dr-priority PIM Hello DR priority
enable Enable PIM processing on this interface
exit Exit from this submode
hello-interval PIM neighbor Hello announcement interval
join-prune-interval PIM periodic Join-Prune announcement interval
no Negate a command or set its defaults
show Show contents of configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
• SSM is enabled by default for the range is 232.0.0.0/8. No
need to configure it.
• The default range can be changed with an ACL:
RP/0/0/CPU0:router(config-mcast-ipv4)#ssm ?
default-range Use the IANA default SSM group range (232/8)
disable Disable use of all SSM group ranges
range Provide ACL that specifies non-standard SSM range
RP/0/0/CPU0:router(config-mcast-ipv4)#ssm range ?
WORD Access list specifying SSM group range
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
• Used to learn unicast routes which will be used for RPF check on
multicast packets
• Using address-families under router bgp:
• Without MBGP, the RPF check falls through to the unicast RIB.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
• “ip msdp” commands replaced by similar commands
under “router msdp”
• Sample config:
router msdp
originator-id Loopback0
peer 11.0.0.1
connect-source Loopback0
description samael
!
peer 13.0.0.10
connect-source POS0/6/0/0
description izamiel
!
!
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
• IGMPv3 is enabled by default on all interfaces when multicast
routing is configured.
• “Old host compatibility" mode is turned on for IGMPv2 reports.
• When a host sends V2 report for group G, it is treated as (*,G)
EXCLUDE {none} report by IGMPv3 router. It means, that the
host is interested in EXCLUDing {none} sources for group G. i.e.
it is interested in all sources (*) for group G.
• New “router igmp” submode.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
• The include and exclude options allow to specify the sources to
join for IGMPv3.
RP/0/0/CPU0:router#conf t
RP/0/0/CPU0:router(config)#router igmp
RP/0/0/CPU0:router(config-igmp)#int lo0
RP/0/0/CPU0:router(config-igmp-if)#join-group ?
A.B.C.D IP group address
RP/0/0/CPU0:router(config-igmp-if)#join-group 224.5.5.5 ?
A.B.C.D Switch to include mode using given address
exclude Switch to exclude mode
include Switch to include mode
RP/0/0/CPU0:router(config-igmp-if)#join-group 224.5.5.5
RP/0/0/CPU0:router(config-igmp-if)#end
Uncommitted changes found, commit them? [yes]: yes
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
Receiver 4 Join high
bandwidth source
CE
A
CE Receiver 1 • Customer CE devices joins the
CE New York CE MPLS Core through provider’s
B2
B1
A PE PE devices
San PE
Francisco • The MPLS Core forms a Default
PE B MPLS VPN E E MDT for a given Customer
Core
Default
MDT • A High-bandwidth source for
that customer starts sending
For low
Bandwidth & CE traffic
control Data
traffic only. MDT F
• Interested receivers 1 & 2 join
PE For High that High Bandwidth source
Los Bandwidth
D traffic only.
Angele
CE s C
• Data-MDT is formed for this
PE Dallas
D High-Bandwidth source
CE
C
Receiver 3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
multicast-routing
mdt source Loopback0
!
vrf [name]
address-family ipv4
mdt default [group]
mdt data [group] threshold [value] [acl]
interface all enable
router igmp
vrf [name]
interface [subinterface]
version 2
!
router bgp [AS]
address-family mdt
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
IPv4 IPv6 IPv4 IPv6
VPLS
Native
Native
mVPN
mVPN
Service
PORT
C-Multicast PIM BGP
Signaling mLDP
Core Tree
PIM MLDP P2MP TE IR
Signaling
Encapsulation
IP/GRE LSM
/Forwarding
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
7600 ASR1k ASR9k CRS-1
Features (IOS) (IOS-XE) (IOS-XR) (IOS-XR)
MLDP
Signaling = BGP C-Route overlay signaling for GRE based mVPN RLS12 3.7 4.3 4.3
Discovery = BGP auto discovery for GRE based mVPN RLS12 3.7 4.3 4.3
Signaling = BGP C-Route overlay signaling for MLDP based mVPN RLS13 3.8 4.3 4.3
Discovery = BGP auto discovery for MLDP based mVPN RLS13 3.8 4.3 4.3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
ASR-9000 Advanced Features:
nV – network virtualization
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
System unification covering long distances
ASR 9000v
ASR 903
nV
ASR 901
Centralized management
OpEx reduction and network simplification
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
Universal redundancy scheme
Video
HE ASR9K Cluster
DCI
SAE
GW
Mobile RNC
BSC
GW’s
and more…
Always-On chassis
One control plane
One management plane
Distributed forwarding plane
Universal solution for every service
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96
OpEx Logical
Single reduction, unified
Network management and simplified port density
Element
Host: ASR 9xxx
• One network element
ASR 9000v • Part of ASR9000
• One management interface
ASR 9000v • One IOS-XR operating system
• HA – protocol complexity removed
ASR 9000v • Remote or collocated satellite
Key benefits
Accelerated deployment, scalable ports, 70% OpEx reduction
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
UNI NNI
L2: VLAN provisioning, S-tag, L2: MC-LAG, REP,
etc STP, etc
L3: routing, vrf, bfd, etc L3: IGP/LDP/BFD, etc
MPLS
2 • UNI configuration
Manual configuration or rely on good NMS for centralized provisioning
For L2 UNI, complex VLAN provisioning, often require double tag
For L3 UNI, additional routing protocols
3
• Individual device to manage and operate
Upgrade image individually, good NMS can help
Potential inter-operability issue or feature inconsistent between access/agg and edge system
• Satellite is intelligent
Need to run multiple L2 or L3 protocols
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
Satellite Protocol
4x10G SFP+
44x10/100/1000 Mbps
Pluggables • Initially used as Fabric Ports ONLY
(could be used as access port in the
• Full Line Rate Packet Processing future)
and Traffic Management
• Copper and fiber SFP+ optics
• Copper and fiber SFP optics
• Speed/duplex auto negotiation
Industrial Temp Rated
Max Power 210 Watts • -40C to +65C Operational
Nominal Power 159 Temperature
Watts
© 2012 Cisco and/or its affiliates. All rights reserved. • -40C to +70C Storage Temperature Cisco Confidential 100
nv
satellite 101 define satellite ID range <100-65534>
type asr9000v
ipv4 address 10.0.0.101 ß internal communication IP address
between host and satellite. This configuration will be optional in
the 4.3.1 release with the “auto-IP” feature
RP/0/RSP0/CPU0:R1#install nv satellite ?
<100-65534> Satellite ID
all All active satellites
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
Gracias.