ASR9k - QuickStart Day 2

Telefónica del Perú
ASR-9000 Quick Start – Day 2

Gianpietro Lavado
SP Systems Engineer Marzo 2013
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Day 2
•  MPLS/VPN (theory & lab) – 9.00am – 11.00am
•  Carrier Ethernet (theory & lab) – 11.00am – 1.00pm
•  Lunch – 1.00pm – 2.30pm
•  High Availability (theory & lab) – 2.30pm – 3.30pm
•  QoS (theory & lab) – 3.30pm – 4.30pm
•  Multicast (theory & lab) – 4.30pm – 5.30pm
•  Advanced features: nV (demo) – 5.30pm – 6.00pm
ASR-9000 - MPLS-VPN
•  Functionality Similar to IOS
No TDP
Traffic Engineering supported (not covered)
•  L3 VPN support
•  L2 VPN support
•  Basic configuration
mpls ldp
router-id 6.6.6.6
!
interface GigabitEthernet0/4/0/0
Monitor LDP neighbors
RP/0/7/CPU0:GSR1#show mpls ldp neighbor
Peer LDP Identifier: 7.7.7.7:0

TCP connection: 7.7.7.7:50744 - 1.1.1.1:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 6969/6974
Up time: 4d05h
LDP Discovery Sources:
GigabitEthernet0/4/0/3
Addresses bound to this peer:
11.1.1.7 11.1.2.7 11.1.3.7 11.1.4.7
11.1.5.7 11.1.6.7 7.7.7.7 50.1.1.7
Monitor LDP bindings
RP/0/7/CPU0:GSR1#show mpls ldp bindings
1.1.1.1/32 , rev 36
local binding: label:IMP-NULL
remote bindings :
lsr:7.7.7.7:0, label:19
2.2.2.2/32 , rev 51
local binding: label:32
remote bindings :
lsr:7.7.7.7:0, label:16
3.3.3.3/32 , rev 2
remote bindings :
lsr:7.7.7.7:0, label:21
4.4.4.4/32 , rev 4
remote bindings :
lsr:7.7.7.7:0, label:22
Other show commands
RP/0/7/CPU0:GSR1#show mpls ldp ?

backoff Session Backoff table information
bindings Label Information Base (LIB) information
discovery LDP Discovery Hello Information
forwarding Forwarding entries information
graceful-restart Graceful Restart feature information
igp IGP related information
neighbor Neighbor information
parameters Configuration parameter information
statistics Statistics information
summary Summarized information
tech-support Output show commands of interest for
MPLS LDP debugging
vrf <NAME> Create VRF
address-family ipv4 unicast
import route-target
<A:B>
export route-target
<C:D>
import route-policy <name> Attach to interface
export route-policy <name>
interface <INT> Initialize address

vrf <NAME> family
ipv4 address <ADDR/MASK> (note: must remove old address)
router bgp <AS>

address-family vpnv4 unicast
neighbor <neighbor>
address-family vpnv4 unicast Advertise Local
Route
vrf <NAME>
rd <E:F>
address-family ipv4 unicast

redistribute connected
Prefixes from VPN neighbor
RP/0/7/CPU0:GSR1#show bgp vpnv4 unicast summary

BGP router identifier 1.1.1.1, local AS number 7
BGP generic scan interval 60 secs
BGP table state: Active
BGP main routing table version 4 Route received
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

Speaker 4 4 4 4 4
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

2.2.2.2 0 7 0 0 0 0 0 00:00:00 Idle
3.3.3.3 0 7 6089 6091 4 0 0 4d05h 1
4.4.4.4 0 7 0 0 0 0 0 00:00:00 Idle
5.5.5.5 0 7 6110 6111 0 0 0 4d05h 0
7.7.7.7 0 7 6117 6110 0 0 0 4d05h 0
Import/Export parameters
RP/0/7/CPU0:GSR1#show vrf <NAME>
VRF RD RT AFI SAFI

<NAME> 1:3 import 1:3 IPV4 Unicast
export 1:3 IPV4 Unicast
Reusable template for VPN
l2vpn type (MPLS or L2TPv3)
pw-class [class-name]
encapsulation mpls
protocol ldp Tunnel Parameters
xconnect group [group-name]

p2p [circuit-name]
neighbor 12.12.12.12 pw-id 100
pw-class [class-name]
l2transport
Put interface into
L2VPN mode
RP/0/0/CPU0:L2VPN-PE1#sh mpls ldp neighbor 12.12.12.12 detail
Peer LDP Identifier: 12.12.12.12:0

TCP connection: 12.12.12.12:38367 - 10.10.10.10:646
Graceful Restart: Yes (Reconnect Timeout: 120 sec,Recovery: 180 sec)
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 4247/14253
Up time: 1d01h
LDP Discovery Sources:
Targeted Hello (10.10.10.10 -> 12.12.12.12, active)
Addresses bound to this peer:
5.36.19.85 12.12.12.12 185.40.8.2 185.40.9.2
185.30.1.2 185.30.6.2 185.10.10.2 185.23.10.1
192.3.1.1 185.40.101.1 185.30.7.2 185.30.8.2
Peer holdtime: 180 sec; KA interval: 60 sec; Peer state: Estab
Clients: AToM
Verify XConnect Status
RP/0/0/CPU0:L2VPN-PE1# sh l2vpn xconnect

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
LU = Local Up, RU = Remote Up, CO = Connected
XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
------------------------ ------------------------- -------------------------
G1 ToPE1 UP Gi0/6/0/0 UP 12.12.12.12 1 UP
--------------------------------------------------------------------------------
Detailed View of XConnect
RP/0/0/CPU0:L2VPN-PE1# sh l2vpn xconnect detail
Group VLAN100-VLAN200, XC 100, state is up
AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Tags: outer 100, inner 0; MTU 1500; XC ID 7
Statistics:
packet totals: send 2107000
byte totals: send 126420000
drops: illegal VLAN 0, illegal length 0
PW: neighbor 222.255.100.2, PW ID 100, state is up ( established )
PW class VLAN
Encapsulation MPLS, protocol LDP
PW type Ethernet VLAN, control word enabled, interworking none
Sequencing not set
MPLS Local Remote
------------ ------------------------------ ------------------------------
Label 16002 16009
Group ID 0x1000700 0x1000500
Interface GigabitEthernet0/0/0/2.100 GigabitEthernet0/0/0/2.200
MTU 1500 1500
Control word enabled enabled
PW type Ethernet VLAN Ethernet VLAN
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x3 0x3
(control word) (control word)
(router alert label) (router alert label)
------------ ------------------------------ ------------------------------
Create time: 04/04/2007 02:55:04 (1d11h ago)
Last time status changed: 04/04/2007 03:14:25 (1d11h ago)
Statistics:
packet totals: receive 2107000
byte totals: receive 143276000
Pseudowire Ping
RP/0/RP0/CPU0:L2VPN-PE2#ping pseudowire 10.10.10.10 1 reply mode control-channel
Sending 5, 100-byte MPLS Echos to 10.10.10.10 VC: 1,

timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/17/23 ms
RP/0/RP0/CPU0:L2VPN-PE2#
ASR-9000 Carrier Ethernet
ASR 9000 Flexible Ethernet SW Infrastructure
(“EVC” SW Infrastructure)
VLAN tag local L3 SubI/F

significant Routing
EoMPLS PW
(H-)VPLS
Bridging
EoMPLS PW
Flexible VLAN
tag classification IRB
Flexible VLAN
tag rewrite X EoMPLS PW
Flexible IRB
Bridging
Ethertype (.1Q, X
QinQ, .1ad) Routing and Bridging
L2 or L3 sub-interfaces
(802.1a/qinq/.1ad) Flexible service mapping and multiplexing. Support all standard based
services concurrently on the same port
2 L2 P2P local connect and EoMPLS
L2 Multi-point local bridging and H-VPLS&VPLS
Regular L3 sub-interface, and Integrated L2 and L3 - IRB
Double tag
RP/0/RSP0/CPU0:PE2-asr(config)#int gig 0/0/0/4.100 l2transport
Single tag
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation ?
Multiple tag
default Packets unmatched by other service instances
dot1ad IEEE 802.1ad VLAN-tagged packets Range of tag
dot1q IEEE 802.1Q VLAN-tagged packets .1q and/or .1ad
untagged Packets with no explicit VLAN tag Loose or exact match
Untagged
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1q 100-200,205 ?
Default tag
comma comma
exact Do not allow further inner tags
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1q 100 second-dot1q 10-20,35 ?

comma comma
RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1ad 20 dot1q 10-20 ?

comma comma
RP/0/RSP0/CPU0:PE2-asr(config)#int gig 0/0/0/4.100 l2transport
Pop tag 1 or 2
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag ?
Push tag 1 or 2
pop Remove one or more tags
push Push one or more tags Tag translation
translate Replace tags with other tags
1-1
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag pop ? 1-2
1 Remove outer tag only 2-1
2 Remove two outermost tags
2-2
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag push ?
dot1ad Push a Dot1ad tag
dot1q Push a Dot1Q tag
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag push dot1q 100 ?
second-dot1q Push another Dot1Q tag
symmetric All rewrites must be symmetric
RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag translate ?

1-to-1 Replace the outermost tag with another tag
1-to-2 Replace the outermost tag with two tags
2-to-1 Replace the outermost two tags with one tag
2-to-2 Replace the outermost two tags with two other tags
EFP configuration example
L2VPN P2P service configuration example
Interface gig 0/0/0/1.101 l2transport
encapsulation dot1q 101 second 10 l2vpn
rewrite ingress pop 2 Symmetric xconnect group cisco
p2p service1  local connect
Interface gig 0/0/0/2.101 l2transport interface gig 0/0/0/1.101
encapsulation dot1q 101 interface gig 0/0/0/2.101
rewrite ingress pop 1 Symmetric p2p service2  VPWS
interface gig 0/0/0/3.101
Interface gig 0/0/0/3.101 l2transport neighbor 1.1.1.1 pw-id 22
encapsulation dot1q 102 p2p service3  PW stitching
rewrite ingress push dot1q 100 Symmetric neighbor 2.2.2.2 pw-id 100
  Two logical ports (EFP or PW) form one EVC (Ethernet virtual circuit)
  No MAC learning/forwarding involved
L2VPN MP service configuration example
EFP configuration example l2vpn

bridge group cisco
Interface gig 0/0/0/1.101 l2transport bridge-domain domain1  local bridging
encapsulation dot1q 101 Interface gig 0/0/0/1.101
rewrite ingress pop 1 Symmetric Interface gig 0/0/0/2.101
Interface gig 0/0/0/2.101 l2transport bridge-domain domain2  vpls

encapsulation dot1q 101 Interface gig 0/0/0/1.101
rewrite ingress pop 1 Symmetric Interface gig 0/0/0/2.101
vfi cisco
Interface gig 0/0/0/3.101 l2transport neighbor 192.0.0.1 pw-id 100
encapsulation dot1q 102 neighbor 192.0.0.2 pw-id 100
rewrite ingress push dot1q 100 Symmetric
bridge-domain domain3  h-vpls
Interface gig 0/0/0/1.101
neighbor 192.0.0.3 pw-id 100  spoke PW
  More than two logical ports (EFP or PW) belong to the vfi cisco  core PWs
same bridge domain neighbor 192.0.0.1 pw-id 100  core PW
  MAC learning/forwarding involved neighbor 192.0.0.2 pw-id 100
  Bridge-domain is global significant, VLAN ID is local
port scope
E-Tree Forwarding Rules:
•  Root can talk with root
•  Root can talk with leaf or leaf
can talk with root
•  but leaf can’t talk with leaf
Leaf Leaf
L2VPN E-Tree service configuration example
l2vpn
L2 AC bridge group cisco
bridge-domain domain1
Root Interface gig 0/0/0/1.101
split-horizon group  optionally on AC
VFI
VFI Interface gig 0/0/0/2.101
VPLS split-horizon group
Root bridge-domain domain2

VFI
split-horizon group  optionally on access PW
Root
split-horizon group  optionally on access PW
H-VPLS vfi cisco  core PWs, split-horizon is default

spoke PW neighbor 192.0.0.1 pw-id 100
Leaf
Leaf
ASR 9000 IRB/BVI Example
7600 SVI example
encapsulation dot1q 50
rewrite ingress tag pop 1 Symmetric
interface gig 1/2

Interface gig 0/0/0/2.50 l2transport switchport

encapsulation dot1q 50 switchport mode trunk

rewrite ingress tag pop 1 Symmetric switchport trunk allow vlan 50-1000
interface GigabitEthernet4/1/0
l2vpn
service instance 2 ethernet
bridge group cisco
bridge-domain domain50
rewrite ingress tap pop 1 sym
bridge-domain 50
routed interface bvi 20
Interface vlan 50
ip address 1.1.1.1 255.255.255.0
Interface bvi 20
ipv4 address 1.1.1.1 255.255.255.0
Routed PW
L3 and PW exist in the
same bridge-domain/VLAN
ASR 9000 IRB/BVI Example
7600 SVI example
encapsulation dot1q 50 interface gig 1/2

rewrite ingress tag pop 1 Symmetric switchport

switchport mode trunk

encapsulation dot1q 50 switchport trunk allow vlan 50-1000
rewrite ingress tag pop 1 Symmetric
service instance 2 ethernet
l2vpn encapsulation dot1q 50
bridge group cisco rewrite ingress tap pop 1 sym
bridge-domain domain50 bridge-domain 50
Interface gig 0/0/0/2.50 L2 vfi myvfi manual
neighbor 1.1.1.1 pw-id 50 vpn id 50
vfi 50 neighbor 2.2.2.2 encap mpls
neighbor 2.2.2.2 pw-id 50 neighbor 3.3.3.3 encap mpls
routed interface bvi 20 Interface vlan 50
ip address 1.1.1.1 255.255.255.0
Interface bvi 20 xconnect vfi myvfi
ipv4 address 1.1.1.1 255.255.255.0
Limits the number of source MAC addresses allowed per interface and Bridge-Domain/VFI.
Sets action to take on packets with a “blocked” source MAC.
•  MAC limit per BD

l2vpn
bridge-group …
bridge-domain …
mac
limit
maximum <0-max>
action <flood | no-flood>
•  MAC limit per Interface

l2vpn
bridge-group …
bridge-domain …
interface …
mac
limit
maximum <0-max>
action <flood | no-flood>
A traffic storm occurs when packets flood the LAN, creating excessive traffic and
degrading network performance. The traffic storm control feature prevents bridge
ports (ACs and PWs) from being disrupted by a broadcast, multicast, or unicast
traffic storm on these interfaces.
Traffic storm control limits the rate of broadcast, multicast, and unknown traffic.
The rate limit is done at ingress only, and is per interface/pw. No per-bridge or per-
output limit.
Storm control should be applied as close to the source as possible. So typically it’s
applied at access “interface”: L2 port or access PW. It’s not on the core PW. Thus
storm control is not supported on core PW on ASR 9000
l2vpn
bridge-group …
bridge-domain …
interface …  limit per L2 port
storm-control broadcast pps {0-max}
storm-control multicast pps {0-max}
storm-control unknown-unicast pps {0-max}
neighbor … pw-id ...  limit per access PW
storm-control broadcast pps {0-max}
storm-control multicast pps {0-max}
storm-control unknown-unicast pps {0-max}
vfi abc
neighbor … pw-id ...  storm control is not supported for core/VFI PW
ASR-9000 High Availability
IGP and LDP
eBGP
P1 PE1 CE1
Traffic is forwarded
continuously
•  Routers to maintain routing state and forwarding state when communication

between them is lost
•  Routing sessions are maintained between processors on a failure, allowing

routing sessions to stay up with Peer.
•  Copy of FIB maintained on secondary and used on failure for continuously

traffic flow.
•  No need for neighboring routers to be NSF aware or capable.

Can give high reliability without upgrading CE.
•  Accelerates convergence by running fast keepalives in a consistent,
standardized mechanism across routing protocols
•  Lightweight hello protocol
•  Neighbors exchange hello packets at negotiated regular intervals
•  Configurable transmit and receive time intervals
•  Unicast packets, even on shared media
•  No discovery mechanism
•  BFD sessions are established by the clients e.g. OSPF, IS-IS, EIGRP, BGP, …
•  Client hello packets transmitted independently
EIGRP BFD Control Packets EIGRP

IS-IS IS-IS
BGP BFD BFD BGP
OSPF OSPF
O(x00msec) Convergence for IP & MPLS
•  Throttling
–  Convergence times configurable down to 0ms for initial failures.
–  Subsequent failures increment convergence times gradually to avoid
instability.
•  Caveats
–  For LSA/LSP/SPF (OSPF and ISIS only)
–  Convergence times depend on number of nodes and prefixes.
•  Applicability
–  Simplest mechanism providing fast convergence everywhere.
50 msec Convergence for IP & MPLS
•  Key Features
–  Fast Convergence for Link and Node Failures
–  Supported Across all Network Topologies
–  MPLS-TE Traffic Management
•  SRLG
•  BW Reservation Link
•  Per Tunnel Traffic Statistics Failure
•  Caveats
–  Requires MPLS and MPLS-TE
–  No Protection for Ingress or Egress Tunnel FRR LSP
Failures
Tunnel
–  Requires Pre-Computed Backup Paths LSP
–  Requires “(n-1)!” Tunnels for Full Protection
•  Applicability VC
–  Protecting Expensive Backbone Links LSPs
50 msec Convergence for IP & MPLS R5
  Key Features
–  50 msec Convergence for Link and Node Failures
–  Works for MPLS and IP Only Environments
–  Simple
•  Automatic configuration of “Loop Free R3 R4
Alternate Paths” via OSPF or ISIS Link Loop Free
•  No Tunnels Failure Path
  Caveats
–  Requires a “Loop Free Path” for Protection
–  No Bandwidth Reservation R1 R2
–  No Support for SRLG
–  New Feature
No Convergence Required on
  Applicability
Routers R2, R3, R4 and R5 to
–  Strong Solution for Deployments with Cost
Effective Bandwidth Maintain Green Traffic Flow!
BGP Sub-Second Convergence
  Optimizes BGP Convergence for IGP Path to BGP Next-Hop Change
–  PE to P Link Failures
–  P to P Link Failures
–  P Node Failues
  Enabled by Default in IOS-XR
–  Supported for both IP and L3VPN BGP Prefixes
–  Requires BGP Next-Hop Self and IGP Tuning for sub-second failover
–  Utilizes hierarchical CEF to minimize forwarding plane updates
Core Failure!
Int1
VPN1 Int2 VPN1
CE1 PE1 PE2 CE2
Sub-second BGP Convergence for Multi-homed Customers
  Optimizes BGP Convergence for BGP Next-Hop Change
–  PE to CE Link Failures
–  PE Node Failures
–  CE Node Failures
  Applicability
–  PE Routers
–  Requires “bgp advertise-best-external” to enable
Link
Failure
PE2
VPN1 VPN1
CE1 PE1 CE2
PE3
L3 sub- L3 ECMP path, packet
black hole on red path
Design without IRB, the
interface
issue: When access
network split, there is
potential packet black hole
L3 IP/MPLS
L2 Aggregation for downstream traffic
CPE access
Design with IRB: Create PW (or L2

Bridge- link) between two gateway Routers.
BVI
domain PW, L2 sub-interface and BVI are in
L2 sub- interface
the same bridge-domain. HSRP/
interface
VRRP runs over PW. If there is
BD
failure in the L2 access, L3 topology
won’t change. Downstream traffic is
PW or
L2
L2 link still forwarded to original gateway
CPE access
BD
Router. Then it’s forwarded via L2
L3 IP/MPLS
PW to the other gateway Router,
Aggregation and L2 forwarded to the CPE.
Block in normal condition,
unblock if there is failure in No packet black hole issue. No L3
the ring
topology changes
Primary Gateway Router Secondary Gateway Router
Interface gig 0/0/0/1.50 l2transport Interface gig 0/0/0/1.50 l2transport

encapsulation dot1q 50 encapsulation dot1q 50
rewrite ingress tag pop 1 Symmetric rewrite ingress tag pop 1 Symmetric
Interface loopback0 Interface loopback0

ipv4 address 1.1.1.1 255.255.255.255 ipv4 address 2.2.2.2 255.255.255.255
l2vpn l2vpn
bridge group l3-service bridge group l3-service
bridge-domain l3-vlan-50 bridge-domain l3-vlan-50
Interface gig 0/0/0/1.50 Interface gig 0/0/0/1.50
neighbor 2.2.2.2 pw-id 50 neighbor 1.1.1.1 pw-id 50  could be L2 link
routed interface bvi 20 routed interface bvi 20
Interface bvi 20 Interface bvi 20
ipv4 address 10.0.0.1 255.255.255.0 ipv4 address 10.0.0.2 255.255.255.0
router hsrp router hsrp

<snip> <snip>
Primary PW
Attachment
PE2 Circuit
Attachment Core/Transit Router
Circuit PE1
F1 F2 F3 F4
CE2
CE1
Backup PW
•  If transit Router or transit link fail (for example, F1 and F2), IGP and MPLS LDP will
re-converge. With MPLS TE/FRR enabled, TE will failover to backup tunnel. The
PW will keep up as long as PE1 has available LSP path to PE2. PW service layer is
not impacted
•  If AC or service node (F3 and F4 in the above picture) which terminate PW fail, then
EoMPLS PW will go down. Network transport layer (for example, IGP, MPLS LDP,
TE/FRR, etc) re-converge won’t help since the PW termination point is down  To
provide service node or AC redundancy, it require new technology: PW redundancy
•  With PW redundancy, same service node could have backup PW to different
remote service node or different AC
Case 1: Service Node
and AC protection Case 2:
AC protection
•  Allows dual-homing of one local PE to two remote PEs or two

different AC (attachment circuit) on the same remote PE
•  Two PWs: primary & backup provide redundancy for a single
AC/node
•  Faults on the primary PW cause failover to backup PW
Active PW
Active PE Active PE
CE
Standby AC Standby PE Standby PE

Standby PWs (3)
•  Allows dual-homing of two local PEs to two remote PEs
•  Four PWs: 1 primary & 3 backup provide redundancy for a dual-

homed device on both sides
•  Two-way PW redundancy require MC-LAG on the access side (please
refer to MC-LAG for more details).
•  If dual home CE device use different access redundancy solution (like
MST, etc) other than MC-LAG, then two-way PW redundancy won’t
work
ASR 9000 L2VPN PW Redundancy
CLI Examples (1) – cold standby
On Dual-home PE
interface GigabitEthernet0/0/0/10.25 l2transport
rewrite ingress tag pop 1 symmetric
l2vpn
xconnect group test
p2p test-125
interface GigabitEthernet0/0/0/10.25
backup neighbor 10.0.0.4 pw-id 25  could use different pw-id than primary PW
RP/0/RSP0/CPU0:PE1#sh l2vpn xconnect

<snip>
Group Name ST Description ST Description ST
------------------------ ------------------------- -------------------------
test test-125 UP Gi0/0/0/10.25 UP 10.0.0.3 25 UP
Backup
10.0.0.4 25 DN
--------------------------------------------------------------------------------
On the remote PE (regular EoMPLS configuration)
PE3#sh mpl l2 vc 25 detail
<snip>
Signaling protocol: LDP, peer 10.0.0.1:0 up
Targeted Hello: 10.0.0.3(LDP Id) -> 10.0.0.1, LDP is UP
Status TLV support (local/remote) : enabled/not supported
PE4#sh mpl l2 vc 25  on backup router

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi4/0/19 Eth VLAN 25
© 2012 Cisco and/or its affiliates. All rights reserved.
10.0.0.1 25 DOWN Cisco Confidential 41
ASR 9000 L2VPN PW Redundancy
CLI Examples (2) – warm standby
On Dual-home PE
l2vpn
pw-status  enable pw-status under l2vpn, apply to all PWs
xconnect group test
p2p test-125
interface GigabitEthernet0/0/0/10.25
backup neighbor 10.0.0.4 pw-id 25
RP/0/RSP0/CPU0:PE1#sh l2vpn xconnect

Mon Aug 16 14:42:02.965 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready

Group Name ST Description STDescription ST
------------------------ --------------------------------------------------
test test-125 UP Gi0/0/0/10.25 UP10.0.0.3 25 UP
Backup
10.0.0.4 25 SB
--------------------------------------------------------------------------------
On the remote PE (regular EoMPLS configuration)
PE3#sh mpl l2 vc 25 detail
<snip>
Signaling protocol: LDP, peer 10.0.0.1:0 up
Targeted Hello: 10.0.0.3(LDP Id) -> 10.0.0.1, LDP is UP
Status TLV support (local/remote) : enabled/supported
PE4#sh mpl l2 vc 25  on backup router

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi4/0/19 Eth VLAN 25 10.0.0.1 25 STANDBY
The key – how to make the Hi, access, I have zero
access switch STP block cost to best root bridge
this link or other internal
access link without L2 loop Cost “0” “link” to the
topology?
VFI best VFI
STP root bridge.
This link doesn’t exist
STP
MST VFI
Best Root VFI
The answer – Bridge

“Create” STP L2
loop topology
Hi, access, I ‘m the
best root bridge
  PE (MST gateway) send pre-canned BPDU into the access network every hello timer
  In the BPDU message, primary gateway indicate it’s best root bridge. Secondary
gateway indicate it has zero cost to the root bridge
  From access network point of view, the STP topology has “L2 loop”. Based on the BPDU
it receive from the MST gateway bridges, it will block one of access link
  If it want to block specific access link, it can configure STP port cost explicitly on the
access switch.
Interface gig 0/0/0/10.1 l2 Interface gig 0/0/0/10.1 l2
Access switch configuration
encapsulation untagged encapsulation untagged
switchport mode trunk
spanning-tree mstag ring1 spanning-tree mstag ring1
spanning-tree mst 1 cost 100000
interface GigabitEthernet0/0/0/10.1 interface GigabitEthernet0/0/0/10.1
name cisco name cisco
MST root for
revision 1 revision 1
instance 0,2
bridge-id 0000.0000.0001 bridge-id 0000.0000.0002
instance 0  I’m the root VFI instance
VFI 0
root-id 0000.0000.0001 root-id 0000.0000.0001
priority 4096 priority 8192
root-priority 4096 VFI root-priority
VFI 4096
! !
instance 1 instance 1  I’m the root
vlan-ids 101,103,105,107 MST root for vlan-ids 101,103,105,107
root-id 0000.0000.0002 instance 1 root-id 0000.0000.0002
priority 8192 priority 4096
root-priority 4096 root-priority 4096
! !
instance 2  I’m the root instance 2
vlan-ids 102,104,106,108 vlan-ids 102,104,106,108
root-id 0000.0000.0001 Access switch configuration root-id 0000.0000.0001
priority 4096 interface GigabitEthernet1/1/1 priority 8192
root-priority 4096 switchport mode trunk root-priority 4096
spanning-tree mst 0,2 cost 100000
•  MC-LAG & ICCP enable a switch/router to use standard Ethernet Link
Aggregation for device dual-homing, with active/standby redundancy
•  Dual-homed Device (DHD) operates as if it is connected to single
virtual device and runs IEEE std. 802.1AX-2008 (LACP)
•  Point of Attachment (PoA) nodes run Inter-chassis Communication
Protocol (ICCP) to synchronize state & form a Redundancy Group
(RG)
MC-LAG Standby PoA

Redundancy Group (RG)
DHD Inter-chassis
Communication
Protocol (ICCP)
LACP
Active PoA
Virtual LACP Peer
Redundancy Group
Standby POA
1 LACP
Coupled or De-coupled
L2 and L3 service
3
2 ICCP
DHD
4 Failure detection and

failover mechanism
Active POA
LACP (between DHD and virtual LACP peer) Negotiate which link is active or standby. At least one
member port on active POA is active. All member ports on standby POA must be standby
ICCP (between two POA) à exchange information and sync up the status
L2 & L3 service à LAG (sub-)interface is the service termination point. LAG member port state (active/
standby) could determine the service status (for example, PW redundancy status)
•  MC-LAG bundle (sub-)interface can be configured for both L2 and L3
service
•  Service redundancy status may or may not be tied to PoA/bundle
active/standby status
– P2P PW (coupled mode): bundle state determine the PW state. If bundle is
in active state, then it advertise “active” PW status message. Otherwise it will
advertise “standby” PW status message to its peer Routers
– H-VPLS access P2P PW (coupled & one-way mode): PW and its backup
PW are in regular “one-way” PW redundancy mode on active POA. On the
standby POA, both of itse PWs are in standby state
– VPLS service (de-coupled mode): regardless if bundle is active or standby,
VPLS PWs are always in active forwarding state
– H-VPLS access PW (PW under bridge-domain): same de-coupled mode as
VPLS
– L3 service (coupled mode): bundle state determine the L3 sub-interface
state. If bundle is in active state, then bundle L3 interface/sub-interface keep
up. Otherwise, it keeps in protocol “down” state
On POA-1 (ASR 9000) On POA-2 (ASR 9000)
redundancy redundancy
iccp iccp
group 10 group 10  define ICCP group, two Routers per group
mlacp node 1 mlacp node 2  must be unique in the group
mlacp system mac 0000.0000.0001 mlacp system mac 0000.0000.0001  must be identical across POAs
mlacp system priority 5 mlacp system priority 5  must be identical across POAs
member member
neighbor 10.0.0.2 neighbor 10.0.0.1  define peer PoA
! !
backbone backbone  uplink tracking
interface TenGigE0/2/0/0 interface TenGigE0/2/0/0
interface TenGigE0/2/0/1 interface TenGigE0/2/0/1
interface GigabitEthernet0/0/0/10 interface GigabitEthernet0/0/0/10  regular bundle configuration

bundle id 1 mode active bundle id 1 mode active
interface Bundle-Ether1 interface Bundle-Ether1

lacp switchover suppress-flaps 100 lacp switchover suppress-flaps 100  required for hot-standby LACP
bundle wait-while 0 bundle wait-while 0  must be less than the above suppress timer
mlacp iccp-group 10 mlacp iccp-group 10  tie bundle with ICCP for MC-LAG
mlacp port-priority 1 mlacp port-priority 2  optional, control the LACP port priority
l2vpn l2vpn
pw-status pw-status
xconnect group 1 xconnect group 1
p2p 161-mlag-eompls p2p 161-mlag-eompls  regular PW redundancy configuration
interface Bundle-Ether1.161 interface Bundle-Ether1.161  MC-LAG as AC
neighbor 10.0.0.3 pw-id 161 neighbor 10.0.0.3 pw-id 161
backup neighbor 10.0.0.4 pw-id 161 backup neighbor 10.0.0.4 pw-id 161
  MoFRR: Multicast Only Fast Re-Route
MS
  MoFRR allows fast reroute for multicast traffic on a PE
router by sending PIM joins from two Equal-Cost Multi- First Hop
Router
Path (ECMP) upstream interfaces towards the source
over disjoint paths
 Thereby receiving two copies of the multicast traffic
on two
different ingress interfaces [two RPFs]
  Pick the primary traffic stream to forward MoFRR at PE Router
downstream and
discard the backup stream at the ingress
MR
  A mechanism to detect the failure in the primary stream

and switch to the backup stream
  RIB and Flow based triggering mechanisms
MoFRR Config commands
Configuring MoFRR address ranges (very specific (S,G))
ipv4 access-list flow_mofrr
10 permit ipv4 host 20.0.0.2 host 232.0.0.1
Configuring MoFRR address ranges ((S,G) IP mask)

ipv4 access-list flow_mofrr
10 permit ipv4 20.20.20.0 0.0.0.255 225.0.0.0 0.255.255.255
Configuring RIB based MoFRR in PIM

router pim address-family ipv4
mofrr rib rib_mofrr
Configuring Flow based MoFRR in PIM

mofrr flow_mofrr
MoFRR Show commands
PIM Commands
o  show pim rpf summary
o  show pim rpf hash <source/group> mofrr
o  show pim topology detail
MRIB commands
o  Show mrib route detail
MFIB Commands
o  Show mfib route detail location <loc>
o  show mfib hardware route mofrr location <loc>
o  show mfib hardware route summary location <loc>
ASR-9000 QoS
End-to-End priority (P1,P2, Best-effort) propagation 
Guarantee bandwidth, low latency for high priority traffic One Queue set (4
at any congestion point queues) per each NP
3 strict priority level across all internal HW components on the LC
Ingress side of LC Egress side of LC
CPU CPU 4
PHY NP0 NP0 PHY
3
PHY NP1 2 NP1 PHY
FIA FIA
PHY NP2 NP2 PHY
Switch
1 Fabric
PHY NP3 NP3 PHY
3
2
1 Virtual Egress FIA 4
Ingress (sub-)interface Output Queues Egress (sub-)interface
QoS Queues Queues QoS Queues
Implicit Configuration
Configure with Ingress MQC 4-layer hierarchy Two strict high priority + Configure with Egress MQC 4-layer hierarchy
Two strict high priority + Normal priority
Two strict high priority + Normal priority Normal priority
  3 strict priority scheduling/queueing
  Back pressure and virtual output queue
  Multicast and Unicast separation
(separated queues and fabric plane)
RSP0
Crossbar
Fabric 5: credit return
ASIC
1: Fabric Request
Crossbar
Ingress LC Fabric Egress LC
ASIC
Arbiter
FIA FIA
2: Arbitration
Crossbar
Fabric
ASIC
3: Fabric Grant
Crossbar
4: load-balanced Fabric
ASIC
transmission
across fabric links Arbiter
RSP1
•  Arbitration is being performed by a central high speed arbitration ASIC
on the RSP
•  At any time a single arbiter is responsible for arbitration (active/active
“APS like” protection)
•  The Arbitration algorithm is QOS aware and will ensure that P1 classes
have preference over P2 classes, both of which have preference over
non-priority classes
•  Arbitration is performed relative to a given the egress VQI
Egress NP congestion   backpressure to ingress FIA 
Packet is en-queued in the dedicated VoQ 
No impact of the packet going to different egress NP 
One VoQ set (4 No head-of-line-block issue
queues) per each NP in
the system Backpressure: egress NP  egress FIA
 fabric Arbiter  ingress FIA  VoQ
Ingress side of LC1 Egress side of LC2
CPU CPU 1
PHY
10Gbps NP0 NP0 PHY 2
5Gbps
PHY NP1 NP1 PHY
5Gbps
FIA FIA
PHY NP2 NP2 PHY 3
Switch
Fabric
PHY NP3 NP3 PHY
Packet going to different egress NP put into different VoQ set 

Congestion on one NP won’t block the packet going to different NP
Ingress linecard
From wire I/F ACL QOS

classification classification classification Fwd lookup
IFIB action QoS action L2 rewrite ACL action IFIB lookup
To fabric From fabric
egress linecard
QOS ACL
ACL action classification classification L2 rewrite Fwd lookup
To wire
QoS action
Ingress linecard
From wire I/F ACL QOS

classification classification classification Fwd lookup
IFIB action QoS action L2 rewrite ACL action IFIB lookup
To fabric From fabric

QoS Action
WRED
egress classifies on
linecard
marked/remarked values
QOS ACL
ACL action classification classification L2 rewrite
Queue/ Fwd lookup
Police Mark shape/
WRED
To wire
QoS action
•  “Control Plane Policing” and “Local Packet Transport Service”
•  Policing of control plane protocols and punted packets is supported
•  CoPP is performed by NP, i.e in hardware
•  Policer Values configurable

  but with very sensible defaults that rarely need to be changed!
•  8 Priorities in towards CPU, CPU will honor priorities when accepting

packets for processing
•  Relevant show command: “show lpts pifib hardware police location”
•  For Bridged packets on ingress – outermost COS would be
treated as trusted.
•  For Routed packets on ingress – DSCP/Precedence/
outermost EXP would be treated as trusted based on packet
type.
•  Default QOS will be gleaned from ingress interface before
QOS marking is applied on the ingress policymap.
•  By default ASR 9000 would never modify DSCP/IP
precedence of a packet without a policy-map configured.
•  Default QOS information would be used for impositioned
fields only – not for VLAN translation/MPLS swapped labels.
Feature Typhoon Trident
32K egress + 32K ingress for 10G
line card
Queue scale 192K egress + 64K ingress
64K egress + 32K ingress for
40x1G line card
Policer scale 256K total 64K total
~ 226msec per port “IF” each

NP is mapped to 3x10G ports
Buffer size
~150msec
(-SE or -E card) ~ 339msec per port “IF” each

Buffer size NP is mapped to 3x10G ports
~50msec
(-TR or -B/-L card)
Minimal queue/police
8 Kbps 64 Kbps
bandwidth
L1 L2 L3 L4
Port Subscriber Subscriber Class Note: We count
Level group Level Level Level
hierarchies as follows:
PQ1 VoIP – Bearer + Control 4L hierarchy = 3 Level
Business Critical nested p-map
EVC1
BW
Customer1 - egress
BW Internet – Best Effort 3L hierarchy = 2 level
nested p-map
PQ1 VoIP – Bearer + Control

L1 level is not
configurable but is
EVC 2
PQ2 Telepresence
BW Internet – Best Effort implicitly assumed
Hierarchy levels used

PQ1 VoIP – Bearer + Control are determined by how
Business Critical many nested levels a
EVC3
BW
Customer2 - egress
BW Internet – Best Effort policy-map is configured
for and applied to a
given subinterface
PQ1 VoIP – Bearer + Control
PQ2 Telepresence EVC 4 Max 8 classes (L4) per
BW Internet – Best Effort subscriber level (L3) are
supported
•  Priority level 1 & 2 support:
• The high priority queue level 1 gets scheduled at strict priority, i.e. if it has not
met it’s configured maximum BW, determined by policing.
• The high priority queue level 2 gets scheduled at relative strict priority after PQ
level 1 has been scheduled, i.e. if it (PQ L2) has not met it’s configured maximum
BW, determined by policing or shaping.
•  Priority propagation:
• means that strict priority scheduling (latency/priority behavior) is executed
throughout all layers of the hierarchy in case of congestion at any of the levels
Latency assurance at a child class is automatically assured at parent /
grandparent levels for traffic in that class
e.g. in congestion at parent / grandparent levels, traffic in this class will be
serviced first
•  Unshaped Priority traffic for lowest latency:
• If priority traffic level 1 is scheduled into a parent shaper it will NOT actually be
shaped, but scheduled at linerate
• It will only be accounted for at the parent scheduler so that shapers will not be
overrun
policy parent
• Objective: Apply a SLA to an EFP with parent shape/
bandwidth/BRR and child class based queuing class-default
shape average 100 mbps
bandwidth 50 mbps
bandwidth-remaining-ratio 50
service-policy child
policy child
COS5 VoIP
PQ class-voip {classify on cos=5}
COS1 Internet
BW
priority level 1
police 20 mbps
class-internet {classify on cos=1}
bandwidth 10
EFP int GigE 0/1/2/3.4 l2transport
VLAN service-policy output parent
101
int GigE 0/1/2/3.5 l2transport
service-policy output parent
•  Very flexible L2/L3 field classification on L2 interfaces
Inner/outer cos
Inner/Outer vlan *
DEI*
Outer EXP
Dscp/Tos
TTL, TCP flags, source/destination L4 ports
Protocol
Source/Destination IPv4
Source/Destination MAC address*
Discard-class
Qos-group
match all/match any
•  Note:
Not all fields are supported on L3 interfaces*
Some fields don’t make sense on ingress (e.g. dicard-class, qos-group)
MPLS classification is based on EXP only
•  Per Policy-map a given classification format is chosen by SW, i.e a
given policy-map can only classify based on a single format
Format 0 Format 1 Format 2 Format 3
Fields supported - IPV4 source address - Outer VLAN/COS/DEI - Outer VLAN/COS/DEI - Outer VLAN/COS/
(Specific/Range)[1] - Inner VLAN/COS - Inner VLAN/COS DEI
- IPV4 Destination address - IPV4 Source address - IPV4 Destination address - Inner VLAN/COS
(Specific/Range) (Specific/Range) (Specific/Range) - MAC Destination
- IPV4 protocol - IP DSCP / TOS / - IP DSCP / TOS / address
- IP DSCP / TOS / Precedence Precedence - MAC source
Precedence - QOS-group (output policy - QOS-group (output policy address
- IPV4 TTL only) only) - QOS-group (output
- IPV4 Source port - Discard-class (output - Discard-class (output policy only)
(Specific/Range) policy only) policy only) - Discard-class
- IPV4 Destination port (output policy only)
(Specific/Range)
- TCP Flags
- QOS-group (output policy
only)
- Discard-class (output-
policy only)
[1] All fields marked in blue are defined using an ACL used for QOS classification.
•  “settable” packet fields:
dscp/precedence
EXP imposition
EXP topmost
cos inner/outer
qos-group
discard-class
•  ASR9K supports maximum of 2 fields per class-map.

The same 2 fields can be placed in any combination
below
- 2 sets per police-conform/exceed/violate
- 2 sets without policing.
Note: In MPLS context only EXP marking is supported
  RFC 2698 supported (2r3c) and   64k policers per NP (shared for
1r2c ingress/egress) on extended
 color blind mode linecards
  Ingress & egress policing   Policer actions supported:
supported • transmit
  General Rule: Policing required • drop
on priority queues. • set (implicitly behaves like set
Priority level 2 classes can also accept and transmit)
shaping instead of policing. • each color can have two set
actions:
  Granularity of 64Kbps
supported. Policy-map parent
Class class-default
  2-level nested policy maps Police rate 10 Mbps peak-rate 20 mbps
conform-action set dscp af12
supported conform-action set cos 2
Note: policers at parent and child work exceed-action set dscp af13
independently exceed-action set cos 3
policy-map child
class class1
police rate 20 mbps peak-rate 50 mbps
class class2
policy-map parent
class class-default At parent level, if it’s over the CIR,
police rate 60 mbps packet will be dropped randomly.
service-policy child There is no awareness which packet
to be dropped
policy-map child
class class1
class class2
policy-map parent
class class-default
service-policy child Parent CIR must > aggregated child
CIR
police rate 60 mbps Parent police only support 1R2C, child
child-conform-aware police support all: 1R2C, 2R3C, or
1R3C
If drop happen at parent level, it will

drop child out-of-profile packet, but
guarantee the child in-profile packet
•  “shape” for a shaped PIR for a graceful enforcement of a
maximum bandwidth“
• shaping at all configurable levels
• Min. granularity: 64kbps (L3, L4, 256kbps for L2)
•  priority levels: priority level 1, priority 2, minBw/CIR and Bw
remaining
•  “bandwidth” (minBw) for a CIR guarantee relative to the parent
hierarchy level
  Min. Granularity: 64kbps
•  bandwidth remaining ratio/percent” for the redistribution of excess
bandwidth that is available after PQ classes have been scheduled
  configurable ratio values 1-1020
•  Two parameter scheduler support at class level and subscriber
group level (L4, L2):
Shape & BwR (ratio / percent)
Shape & MinBw (absolute / percent)
Not supported: BwR & MinBw on the same class
•  WRED based on: DSCP, IPP, EXP, COS, discard-class
•  default queue-limit -to prevent buffer exhaustion- is 100ms of
service rate (service rate is the sum of guaranteed bw/bwr
assigned to a class)
•  FCS software supports 2 curves/class*
• Per class one single classification field is supported, i.e one can’t use COS
and DSCP for the same class
  Hint: Use ingress discard-class markings if you need to overload a given
class or WRED profile with multiple classifications, i.e mark discard-class on
ingress for both COS and DSCP
•  WRED configuration unit options are: bytes, kbytes, mbytes, us,
ms, packets
• These values will be rounded up to a set of pre-defined profiles ranging
from 8 kB to 262144 kB
• The actual implementation uses 512 byte buffer particles
•  Novelty: ASR 9000 supports WRED on shaped PQ2 classes.
 Can be used for differentiation of two kinds of priority within the PQ2 class
•  All relevant policy actions support both, absolute and percentage based
configuration:
•  shape
•  bandwidth
•  Police
•  bandwidth remaining*
•  For tri-rate Copper SFPs (10/100/1000) percentage based QOS will be

adjusted automatically based on the selected rate
Note: Bandwidth remaining supports ratio/

percent, not absolute bandwidth
QoS actions throughout the service provider network
are done based on customer network codepoint, and
any marking action within service provider network will
result in changes of customer network codepoint.
Uniform
QoS actions throughout service provider network will

be based on service provider network codepoint
independent of customer network codepoint, any
action in service provider network will not alter
Pipe customer network codepoint carried throughout the
network
behaves the same as pipe model except that egress

QoS action at UNI interface will be based on customer
network codepoint that is transparently carried
through service provider network.
Short Pipe
•  ASR 9000 supports all MPLS QOS tunneling modes
show running-config
show running-config policy-map <policyname> Policy map configuration

show running-config class-map <classmap> Class map configuration
show running-config interface <interface> Interface running configuration
Policy-map statistics on a particular non-bundle
show policy-map interface <interface> [iNPt | output]
interface
show policy-map interface <bundle-interface> [iNPt|
Policy-map statistics on a member of bundle interface
output] member
show qos interface <interface> <iNPt|output> Displays hardware and software configured values of
[member <interface>] each class for a service-policy on an interface
Displays the detailed information of hardware and
show qos-ea interface <interface> <iNPt|ouput>
software configured paramters in each class of a
[member <interface>] [detail]
service-policy on an interface
show qos summary <police|policy|queue> [interface Lists the summary of all queues or policers or interfaces
<interface>] [output|iNPt] [member <interface>] for a policy
show qoshal tm-config <all|counters|fcu|general|
priority|shape|topology|wfq|wred> np <np> tm Displays generic NP TM config
<tm>
show qoshal <wfq|wred|wred-scale|shape|police|
Displays various profiles configured in sw and hw and
police-node> np <np> tm <tm> level <level>
the values of each profile
profile <profile> <num-of-profiles> [hw|sw]
Displays the summary of all the resources used in hardware
show qoshal resource summary [np <np>] and software for QoS such number of policy instances,
queues, profiles
show qoshal fcu <limits|status|profile> Displays all Traffic Manager (TM) Flow control related info
show qoshal ha chkpt <all|<chkpt-tbl-name> {all|<recid>|

Display HA related info for PRM QoS HAL
info}
Displays the HA State of process QoS EA whether it can
show qos-ea ha state
accept the service-policies
show qos-ea ha chkpt <all|<chkpt-tbl-name> {all|<recid>| Display HA Chkpt related info for all the chkpt tables for QoS
info} EA
Displays the trace of errors or events or internal events of QoS
show qos-ea trace {all|errors|events|internal}
EA process
show prm server trace hal Displays all the trace info of PRM QoS HAL thread
debug qos-ea all Debug commands for qos ea process
debug qoshal <level|module|events> <word> Debug commands for PRM qos HAL
debug prm server hal <all|error|events> Debug commands for PRM qos HAL API
ASR-9000 Multicast
2 FIA Replication  replicate
single copy to Bridge which has
IGMP join, based on MGID
1 Fabric Replication  4 NP Replication  replicate
replicate single copy to table in FIA copy per receiver based on
LCs which receive IGMP multicast FIB table
3 Bridge Replication  similar
join, based on FGID table as FIA replication, single copy
in switch fabric to NP MFIB
IGMP joins
CPU 4
NP0 PHY
MGID
MGID
B0
3 NP1 PHY
2
IGMP joins CPU FIA
PHY NP0 B1 NP2 PHY
FGID/
3 FPOE
PHY NP1 2 NP3 PHY
B0 1 LC2
IGMP joins FIA
PHY NP2
B1 Switch
Multicast Fabric CPU
Source PHY NP3 NP0 PHY
B0 NP1 PHY
FGID – Fabric Group ID FIA
MGID – Multicast Group ID B1 NP2 PHY
MFIB – Multicast Forwarding Information Base
NP3 PHY
LC3
•  This enables multicast routing globally and on all interfaces except the
MgmtEth interfaces. PIM and IGMP are also enabled. Although this
command enables PIM on all interfaces, no specific PIM mode is
assumed at this time.
•  Note: the enable keyword will be deprecated since it does not bring any
added value.
RP/0/0/CPU0:router(config)#multicast-routing ?
accounting Enable/disable Accounting
address-family Enter Address Family command mode
interface Multicast interface configuration subcommands
ipv4 Enter ipv4 Address Family command mode
maximum Maximum state limits
nsf Global multicast NSF configuration commands
ssm Configure a group range for Source-Specific use
static-rpf Configure a static RPF rule for a given prefix/mask
<cr>
RP/0/0/CPU0:router(config)#multicast-routing
RP/0/0/CPU0:router(config-mcast-ipv4)#interface all enable
RP/0/0/CPU0:router(config-mcast-ipv4)#interface MgmtEth0/1/CPU0/0 disable
RP/0/0/CPU0:router(config-mcast-ipv4)#interface MgmtEth0/0/CPU0/0 disable
RP/0/0/CPU0:router(config-mcast-ipv4)#commit
RP/0/0/CPU0:router(config-mcast-ipv4)#end
RP/0/0/CPU0:router#
•  Enabled automatically on all interfaces where multicast-routing is
configured.
•  Parameters are configured under “router pim”.
•  Interface parameters are configured in the interface submode
under the “router pim” mode (so not in global interface config
mode)
•  PIM mode (DM, SM, SSM) is configured by multicast group range
and not by interface.
Dense Mode
•  Not supported in IOS XR
•  Only 2 groups are automatically configured in Dense Mode when
Auto-RP for PIM Sparse Mode is configured: 224.0.1.39 (RP-
Announce) and 224.0.1.40 (RP-Discovery).
Sparse Mode
•  PIM Sparse Mode automatically enabled on all interfaces where
multicast-routing is configured.
•  The mode is sparse mode by default except for the groups which
are part of the PIM SSM range (by default 232.0.0.0/8) and those
which are configured for PIM Bidir.
•  In global PIM config mode, we would typically configure the RP config
(static or auto-rp) and maybe some timers which would be applied to all
interfaces.
•  Static RP:
RP/0/1/CPU0:router#sh run router pim
rp-address 1.1.1.1 rp1-list
rp-address 2.2.2.2 rp2-list override
rp-address 3.3.3.3
!
RP/0/1/CPU0:router#sh run ipv4 access-list rp1-list
ipv4 access-list rp1-list
10 permit ip 225.0.0.0 0.255.255.255 any
!
RP/0/1/CPU0:router#sh run ipv4 access-list rp2-list
ipv4 access-list rp2-list
10 permit ip 226.0.0.0 0.255.255.255 any
•  Router listens to Auto-RP by default. To configure it to be the mapping

agent or candidate RP:
RP/0/1/CPU0:router#sh run router pim
router pim ipv4
auto-rp mapping-agent Loopback0 scope 4 interval 60
auto-rp candidate-rp Loopback0 scope 4 group-list 224/4 interval 60
!
•  The PIM interface config can be used to configure timers,
DR priority or disable PIM on the interface:
RP/0/0/CPU0:router(config-pim-ipv4-if)#?
commit Commit the configuration changes to running
default Set a command to its defaults
describe Describe a command without taking real actions
disable Disable PIM processing on this interface
do Run an exec command
dr-priority PIM Hello DR priority
enable Enable PIM processing on this interface
exit Exit from this submode
hello-interval PIM neighbor Hello announcement interval
join-prune-interval PIM periodic Join-Prune announcement interval
no Negate a command or set its defaults
show Show contents of configuration
•  SSM is enabled by default for the range is 232.0.0.0/8. No
need to configure it.
•  The default range can be changed with an ACL:
RP/0/0/CPU0:router(config-mcast-ipv4)#ssm ?
default-range Use the IANA default SSM group range (232/8)
disable Disable use of all SSM group ranges
range Provide ACL that specifies non-standard SSM range
RP/0/0/CPU0:router(config-mcast-ipv4)#ssm range ?
WORD Access list specifying SSM group range
•  Used to learn unicast routes which will be used for RPF check on
multicast packets
•  Using address-families under router bgp:
router bgp <as>

<global BGP config>
address-family ipv4 multicast
<global multicast BGP config>
neighbor <x.x.x.x>
address-family ipv4 multicast
<neighbor specific multicast BGP config>
•  Without MBGP, the RPF check falls through to the unicast RIB.
•  “ip msdp” commands replaced by similar commands
under “router msdp”
•  Sample config:
router msdp
originator-id Loopback0
peer 11.0.0.1
connect-source Loopback0
description samael
!
peer 13.0.0.10
connect-source POS0/6/0/0
description izamiel
!
!
•  IGMPv3 is enabled by default on all interfaces when multicast
routing is configured.
•  “Old host compatibility" mode is turned on for IGMPv2 reports.
•  When a host sends V2 report for group G, it is treated as (*,G)
EXCLUDE {none} report by IGMPv3 router. It means, that the
host is interested in EXCLUDing {none} sources for group G. i.e.
it is interested in all sources (*) for group G.
•  New “router igmp” submode.
•  The include and exclude options allow to specify the sources to
join for IGMPv3.
RP/0/0/CPU0:router#conf t
RP/0/0/CPU0:router(config)#router igmp
RP/0/0/CPU0:router(config-igmp)#int lo0
RP/0/0/CPU0:router(config-igmp-if)#join-group ?
A.B.C.D IP group address
RP/0/0/CPU0:router(config-igmp-if)#join-group 224.5.5.5 ?
A.B.C.D Switch to include mode using given address
exclude Switch to exclude mode
include Switch to include mode
RP/0/0/CPU0:router(config-igmp-if)#join-group 224.5.5.5
RP/0/0/CPU0:router(config-igmp-if)#end
Uncommitted changes found, commit them? [yes]: yes
Receiver 4 Join high
bandwidth source
CE
A
CE Receiver 1 •  Customer CE devices joins the
CE New York CE MPLS Core through provider’s
B2
B1
A PE PE devices
San PE
Francisco •  The MPLS Core forms a Default
PE B MPLS VPN E E MDT for a given Customer
Core
Default
MDT •  A High-bandwidth source for
that customer starts sending
For low
Bandwidth & CE traffic
control Data
traffic only. MDT F
•  Interested receivers 1 & 2 join
PE For High that High Bandwidth source
Los Bandwidth
D traffic only.
Angele
CE s C
•  Data-MDT is formed for this
PE Dallas
D High-Bandwidth source
CE
C
Receiver 3
High bandwidth Join high

bandwidth source Receiver 2
multicast source
multicast-routing
address-family ipv4
interface [interface]
enable
nsf
ssm range SSM-GROUP
!
ipv4 access-list SSM-GROUP
10 permit ipv4 [network]/[mask]
!
multicast-routing
mdt source Loopback0
!
vrf [name]
address-family ipv4
mdt default [group]
mdt data [group] threshold [value] [acl]
interface all enable
router igmp
vrf [name]
interface [subinterface]
version 2
!
router bgp [AS]
address-family mdt
IPv4 IPv6 IPv4 IPv6
VPLS
Native
Native
mVPN
mVPN
Service
PORT
C-Multicast PIM BGP
Signaling mLDP
Core Tree
PIM MLDP P2MP TE IR
Signaling
Encapsulation
IP/GRE LSM
/Forwarding
7600 ASR1k ASR9k CRS-1
Features (IOS) (IOS-XE) (IOS-XR) (IOS-XR)
MLDP
MLDP for global L3 mcast Radar Radar 4.2.1 4.1.1
MLDP for L3 mVPN RLS8 3.8 4.2.1 4.1.1
Transport = mVPNv4 and mVPNv6 over IP/GRE
Signaling = BGP C-Route overlay signaling for GRE based mVPN RLS12 3.7 4.3 4.3
Discovery = BGP auto discovery for GRE based mVPN RLS12 3.7 4.3 4.3
Transport = mVPNv4 and mVPNv6 over MLDPv4
Signaling = BGP C-Route overlay signaling for MLDP based mVPN RLS13 3.8 4.3 4.3
Discovery = BGP auto discovery for MLDP based mVPN RLS13 3.8 4.3 4.3
ASR-9000 Advanced Features:
nV – network virtualization
System unification covering long distances
ASR 9000 nV Edge

ASR 9000
nV System
ASR 9922/
9010
ASR 9000 9006 / 9001
nV
nV Satellite
ASR 9000 ASR 903
nV
ASR 903 nV Satellite
ASR 9000v
ASR 903
nV
ASR 901
Centralized management
OpEx reduction and network simplification
Universal redundancy scheme
Video
HE ASR9K Cluster
DCI
SAE
GW
Mobile RNC
BSC
GW’s
and more…
Always-On chassis
One control plane
One management plane
Distributed forwarding plane
Universal solution for every service
OpEx Logical
Single reduction, unified
Network management and simplified port density
Element
Host: ASR 9xxx
• One network element
ASR 9000v • Part of ASR9000
• One management interface
ASR 9000v • One IOS-XR operating system
• HA – protocol complexity removed
ASR 9000v • Remote or collocated satellite
Satellite is a virtual component of ASR9000

Like a distributed linecard
More platforms in the future

Today ASR9000v, also ASR901 and ASR903 (ethernet only)
Key benefits
Accelerated deployment, scalable ports, 70% OpEx reduction
UNI NNI
L2: VLAN provisioning, S-tag, L2: MC-LAG, REP,
etc STP, etc
L3: routing, vrf, bfd, etc L3: IGP/LDP/BFD, etc
MPLS
1 •  Manual NNI configuration, not plug-n-play

Multiple protocols, potential complex access multi-homing. Good NMS doesn’t help here
2 •  UNI configuration
Manual configuration or rely on good NMS for centralized provisioning
For L2 UNI, complex VLAN provisioning, often require double tag
For L3 UNI, additional routing protocols
3
•  Individual device to manage and operate
Upgrade image individually, good NMS can help
Potential inter-operability issue or feature inconsistent between access/agg and edge system
4 Different user CLI/management experience
•  Satellite is intelligent
Need to run multiple L2 or L3 protocols
Satellite Protocol
Satellite nv fabric links
One virtual system Host

1•  Satellite is plug-n-play for NNI
Automatic satellite uplink configuration
Avoid the complex satellite to host network transport protocols, including dual-homing protocols
Centralized provisioning for UNI

2• 
Centralized provisioning without advanced NMS system
Simple user VLAN provisioning on UNI
No L3 routing or L2 protocol running on satellite, centralized control plane on Host
3•  One virtual device to manage and operate
Simple image upgrade
Single IOS-XR user experience
No feature inconsistent or inter-operability issue between access/agg and edge system
4
•  Satellite is simple  stable and reliable
Satellite is much more stable than standalone deployment, much less chance of running into
software bug or need software upgrade
Satellite is plug-n-play, zero configuration for opex savings
Field Replaceable Fan Tray
Power Feeds
1 RU ANSI & ETSI •  Redundant Fans
•  Redundant -48vDC
Power Feeds Compliant •  ToD/PSS Output
•  Single AC power •  Bits Out
feed
LEDs
4x10G SFP+
44x10/100/1000 Mbps
Pluggables •  Initially used as Fabric Ports ONLY
(could be used as access port in the
•  Full Line Rate Packet Processing future)
and Traffic Management
•  Copper and fiber SFP+ optics
•  Copper and fiber SFP optics
•  Speed/duplex auto negotiation
Industrial Temp Rated
Max Power 210 Watts •  -40C to +65C Operational
Nominal Power 159 Temperature
Watts
© 2012 Cisco and/or its affiliates. All rights reserved. •  -40C to +70C Storage Temperature Cisco Confidential 100
nv
satellite 101  define satellite ID range <100-65534>
type asr9000v
ipv4 address 10.0.0.101 ß internal communication IP address
between host and satellite. This configuration will be optional in
the 4.3.1 release with the “auto-IP” feature
satellite 102  define satellite

ipv4 address 10.0.0.102
type asr9000v
interface TenGigE 0/2/0/2

ipv4 point-to-point Static pinning
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 101
remote-ports
GigabitEthernet 0/0/0-9
interface bundle-ethernet 1 Fabric link

ipv4 point-to-point
ipv4 unnumbered Loopback0 bundle
nv
satellite-fabric-link satellite 102
remote-ports
GigabitEthernet 0/0/0-43
RP/0/RSP0/CPU0:R1#sh install active
Node 0/RSP0/CPU0 [RP] [SDR: Owner]
Boot Device: disk0:
Boot Image: /disk0/asr9k-os-mbi-4.2.1.22K.CSCtz10483-0.0.4.i/0x100305/mbiasr9k-rsp3.vm
Active Packages:
disk0:asr9k-px-4.2.1.22K.CSCtz10483-0.0.4.i
disk0:asr9k-satellite-px-4.2.1.22K ß satellite image PIE
disk0:asr9k-mini-px-4.2.1.22K
disk0:asr9k-mpls-px-4.2.1.22K
disk0:asr9k-mcast-px-4.2.1.22K
disk0:asr9k-fpd-px-4.2.1.22K
RP/0/RSP0/CPU0:R1#install nv satellite ?
<100-65534> Satellite ID
all All active satellites
RP/0/RSP0/CPU0:R1#install nv satellite 100 ?

activate Install a new image on the satellite, transferring first if necessary
transfer Transfer a new image to the satellite, do not install yet
RP/0/RSP0/CPU0:R1#install nv satellite 100 active
Gracias.

ASR9k - QuickStart Day 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASR9k - QuickStart Day 2

Uploaded by

Copyright:

Available Formats

Telefónica del Perú

ASR-9000 Quick Start – Day 2

• Lunch – 1.00pm – 2.30pm

• High Availability (theory & lab) – 2.30pm – 3.30pm

• QoS (theory & lab) – 3.30pm – 4.30pm

• Multicast (theory & lab) – 4.30pm – 5.30pm

• Advanced features: nV (demo) – 5.30pm – 6.00pm

RP/0/7/CPU0:GSR1#show mpls ldp neighbor

Peer LDP Identifier: 7.7.7.7:0

RP/0/7/CPU0:GSR1#show mpls ldp bindings

RP/0/7/CPU0:GSR1#show mpls ldp ?

interface <INT> Initialize address

router bgp <AS>

address-family ipv4 unicast

RP/0/7/CPU0:GSR1#show bgp vpnv4 unicast summary

Process RecvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

RP/0/7/CPU0:GSR1#show vrf <NAME>

VRF RD RT AFI SAFI

xconnect group [group-name]

Peer LDP Identifier: 12.12.12.12:0

RP/0/0/CPU0:L2VPN-PE1# sh l2vpn xconnect

XConnect Segment 1 Segment 2

RP/0/RP0/CPU0:L2VPN-PE2#ping pseudowire 10.10.10.10 1 reply mode control-channel

Sending 5, 100-byte MPLS Echos to 10.10.10.10 VC: 1,

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

Type escape sequence to abort.

VLAN tag local L3 SubI/F

RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1q 100 second-dot1q 10-20,35 ?

RP/0/RSP0/CPU0:PE2-asr(config-subif)#encapsulation dot1ad 20 dot1q 10-20 ?

RP/0/RSP0/CPU0:PE2-asr(config-subif)#rewrite ingress tag translate ?

EFP configuration example l2vpn

Interface gig 0/0/0/2.101 l2transport bridge-domain domain2  vpls

Root bridge-domain domain2

H-VPLS vfi cisco  core PWs, split-horizon is default

• MAC limit per BD

• MAC limit per Interface

• Routers to maintain routing state and forwarding state when communication

• Routing sessions are maintained between processors on a failure, allowing

• Copy of FIB maintained on secondary and used on failure for continuously

• No need for neighboring routers to be NSF aware or capable.

EIGRP BFD Control Packets EIGRP

Design with IRB: Create PW (or L2

Interface gig 0/0/0/1.50 l2transport Interface gig 0/0/0/1.50 l2transport

Interface loopback0 Interface loopback0

router hsrp router hsrp

• Allows dual-homing of one local PE to two remote PEs or two

Standby AC Standby PE Standby PE

• Allows dual-homing of two local PEs to two remote PEs

• Four PWs: 1 primary & 3 backup provide redundancy for a dual-

RP/0/RSP0/CPU0:PE1#sh l2vpn xconnect

PE4#sh mpl l2 vc 25  on backup router

RP/0/RSP0/CPU0:PE1#sh l2vpn xconnect

XConnect Segment 1 Segment 2

PE4#sh mpl l2 vc 25  on backup router

The answer – Bridge

MC-LAG Standby PoA

4 Failure detection and

interface GigabitEthernet0/0/0/10 interface GigabitEthernet0/0/0/10  regular bundle configuration

interface Bundle-Ether1 interface Bundle-Ether1

 A mechanism to detect the failure in the primary stream

Configuring MoFRR address ranges ((S,G) IP mask)

Configuring RIB based MoFRR in PIM

Configuring Flow based MoFRR in PIM

•  Lunch – 1.00pm – 2.30pm

•  High Availability (theory & lab) – 2.30pm – 3.30pm

•  QoS (theory & lab) – 3.30pm – 4.30pm

•  Multicast (theory & lab) – 4.30pm – 5.30pm

•  Advanced features: nV (demo) – 5.30pm – 6.00pm

•  MAC limit per BD

•  MAC limit per Interface

•  Routers to maintain routing state and forwarding state when communication

•  Routing sessions are maintained between processors on a failure, allowing

•  Copy of FIB maintained on secondary and used on failure for continuously

•  No need for neighboring routers to be NSF aware or capable.

•  Allows dual-homing of one local PE to two remote PEs or two

•  Allows dual-homing of two local PEs to two remote PEs

•  Four PWs: 1 primary & 3 backup provide redundancy for a dual-

  A mechanism to detect the failure in the primary stream

•  Policing of control plane protocols and punted packets is supported

•  CoPP is performed by NP, i.e in hardware

•  Policer Values configurable

•  8 Priorities in towards CPU, CPU will honor priorities when accepting

•  ASR9K supports maximum of 2 fields per class-map.

•  For tri-rate Copper SFPs (10/100/1000) percentage based QOS will be

•  ASR 9000 supports all MPLS QOS tunneling modes

•  Router listens to Auto-RP by default. To configure it to be the mapping

1 •  Manual NNI configuration, not plug-n-play