Professional Documents
Culture Documents
31NAN0090
Issue Version 2.0, Aug. 5th, 2004
Application Note
Abstract:
This document provides detailed information on diagnosing faults in R2.0 of the 7750 SR
Table of contents
1. INTRODUCTION ............................................................................................................................................................... 5
1.1. INTENDED AUDIENCE FOR THIS GUIDE ......................................................................................................................... 5
1.2. HOW THIS DOCUMENT IS ORGANIZED ........................................................................................................................... 5
1.3. WHERE TO BEGIN?........................................................................................................................................................ 6
1.4. RELATED DOCUMENTS ................................................................................................................................................. 6
2. TROUBLESHOOTING PROCESS................................................................................................................................... 7
2.1. ESTABLISHING A BASELINE .......................................................................................................................................... 7
2.2. CHARACTERIZE THE PROBLEM...................................................................................................................................... 8
2.3. IDENTIFY THE ROOT CAUSE .......................................................................................................................................... 9
2.4. PLAN YOUR ACTIONS & RESOLVE THE PROBLEM ........................................................................................................ 10
2.5. VERIFY SOLUTIONS..................................................................................................................................................... 11
3. TROUBLE SHOOTING TOOLS .................................................................................................................................... 12
3.1. EVENT LOGS ............................................................................................................................................................... 12
3.1.1. Event logging overview ......................................................................................................................................... 12
3.1.1.1 Event Sources ................................................................................................................................................................ 13
3.1.1.2 Event Control ................................................................................................................................................................ 14
3.1.1.3 Log manager.................................................................................................................................................................. 17
3.1.1.4 Event Filter Policies ...................................................................................................................................................... 17
3.1.1.5 Log Destinations............................................................................................................................................................ 19
3.1.2. List of show commands for event logging ............................................................................................................. 22
3.2. SERVICE MIRRORING ................................................................................................................................................... 23
3.2.1. Service mirroring overview ................................................................................................................................... 23
3.2.2. Mirror implementation .......................................................................................................................................... 24
3.2.2.1 Mirror Source and Destinations..................................................................................................................................... 25
3.2.2.2 Mirroring performance .................................................................................................................................................. 27
3.2.3. Mirroring configuration ........................................................................................................................................ 27
3.2.3.1 Mirror configuration process overview ......................................................................................................................... 29
3.2.3.2 Mirror configuration components.................................................................................................................................. 29
3.2.3.3 Basic mirror configuration Example.............................................................................................................................. 30
3.2.3.4 Mirror configuration Notes............................................................................................................................................ 33
3.2.3.5 List of CLI commands to configure Mirroring parameters............................................................................................ 34
3.3. OA&M COMMANDS FOR TROUBLESHOOTING ............................................................................................................. 36
3.3.1. LSP Diagnostics .................................................................................................................................................... 36
3.3.2. SDP Diagnostics ................................................................................................................................................... 36
3.3.3. Service Diagnostics ............................................................................................................................................... 37
3.3.4. VPLS MAC Diagnostics ........................................................................................................................................ 38
3.3.5. OAM Command Summary..................................................................................................................................... 40
4. HARDWARE OPERATIONAL STATUS ...................................................................................................................... 42
4.1. 7750 SR-12 HARDWARE OVERVIEW........................................................................................................................... 42
4.2. VERIFYING ROUTER BOOT SEQUENCE ........................................................................................................................ 45
4.3. VERIFYING MANAGEMENT CONNECTION OPERATIONAL STATUS............................................................................... 45
4.3.1. Console Port Management Connection................................................................................................................. 45
4.3.2. Telnet Management Connection............................................................................................................................ 46
4.4. VERIFYING CHASSIS OPERATIONAL STATUS............................................................................................................... 46
4.4.1. Chassis Configurations ......................................................................................................................................... 46
4.4.2. Things to Check - Power Supply ........................................................................................................................... 48
4.4.3. Things to Check - Fans.......................................................................................................................................... 49
4.5. VERIFYING SF/CPM OPERATIONAL STATUS .............................................................................................................. 50
4.5.1. Minimum Configuration ........................................................................................................................................ 50
4.5.2. SF/CPM LED Status.............................................................................................................................................. 50
4.5.3. CLI commands for SF/CPM troubleshooting........................................................................................................ 51
4.5.4. CLI commands for SF/CPM health check ............................................................................................................. 53
4.6. VERIFYING IOM OPERATIONAL STATUS .................................................................................................................... 57
4.7. VERIFYING MDA OPERATIONAL STATUS ................................................................................................................... 58
2
31NAN0090 – 7750 Troubleshooting Guide Alcatel
3
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
TABLES
Table 1: Event Severity Levels .................................................................................................................. 14
Table 2: Valid Filter Policy Operators .......................................................................................................... 18
Table 3: 7750 SR OS to Syslog Severity Level Mappings ........................................................................... 22
Table 4: CLI Commands to Configure Mirroring Parameters ...................................................................... 35
Table 5: Chassis Front View Features .......................................................................................................... 43
Table 6: Chassis Rear View Features ........................................................................................................... 44
Table 7: Console Configuration Parameter Values....................................................................................... 46
Table 8: 7750 SR-12 Hardware Component Operating Requirements ......................................................... 47
Table 9: 7750 SR-12 AC Power Supply LED Descriptions ......................................................................... 48
Table 10: SF/CPM Field Descriptions .......................................................................................................... 51
Table 11: Index of system configuration verification tasks .......................................................................... 60
Table 12: Configuring Authentication .......................................................................................................... 74
Table 13: Configuring Authorization............................................................................................................ 75
Table 14: Configuring Accounting ............................................................................................................... 76
Table 15: Accounting Record Name and Collection Periods ................................................................ 97
FIGURES:
Figure 1: Event Logging Block Diagram...................................................................................................... 12
Figure 2: show log application command output .......................................................................................... 14
Figure 3: Service Mirroring ......................................................................................................................... 24
Figure 4: Local mirroring Example .............................................................................................................. 28
Figure 5: Remote mirroring Example ........................................................................................................... 29
Figure 6: Service mirror configuration and implementation flow ................................................................ 29
Figure 7: Local Service Mirroring Configuration ......................................................................................... 31
Figure 8: Remote Service Mirroring Configuration...................................................................................... 32
Figure 9: 7750 SR-12 Chassis Front View .................................................................................................. 43
Figure 10: 7750 SR-12 Chassis Rear View.................................................................................................. 44
Figure 11: Management Console Port Connection ...................................................................................... 45
Figure 12: Telnet Management Port Connection ......................................................................................... 46
Figure 13: 7750 SR-12 AC Power Supply LEDs......................................................................................... 48
Figure 14: SF/CPM Front Panel .................................................................................................................. 50
Figure 15: SNMPv1 and SNMPv2c Configuration and Implementation Flow .................................... 93
Figure 16: SNMP Configuration Components ......................................................................................... 93
Figure 17: Alarm relationships on the 5620 SAM GUI .............................................................................. 127
4
31NAN0090 – 7750 Troubleshooting Guide Alcatel
1. Introduction
5
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Note: The Alcatel 5620 SRM is now known as the Alcatel 5620 SAM
6
31NAN0090 – 7750 Troubleshooting Guide Alcatel
2. Troubleshooting Process
Troubleshooting and problem solving is basically the same thing. In either case, there is the
acknowledgment that something in the network, be that a component of the network or a service
within the network, is not operating within expected operating parameters. The problem can result
in a total or catastrophic failure in the network, or the problem can manifest itself intermittently, or
then again, the problem might have resulted in degradation of how the service is performing.
There are many accepted methodologies for troubleshooting a problem and they all must naturally
start with the identification that a problem exists. This implies a certain level of understanding of
the designed state and behavior of a network and the services that are using that network as well as
an identification of a symptom that the desired behavior is no longer there. This identification can
come in the form of an alarm received from a network component, through the analysis of network
capacity and performance data or even from a call from a customer reporting a problem with their
service.
The basis for effective troubleshooting is in having a well understood baseline for the network and
services, a detailed knowledge of the elements of the network, from transport to routing, a
thorough understanding of the services and how they operate, and finally, a degree of expertise in
the use of troubleshooting tools that are available in the network elements and the network
management systems. These elements are discussed in more details in the following sections of
this guide.
• Collecting and understanding statistics on traffic flows, router and trunk utilization levels
7
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
• Problem symptoms
• Type, version and configuration of hardware and software for the affected network
elements
• Problem resolution
• Alarm files
• Error logs
• Network statistics
• Core dumps
8
31NAN0090 – 7750 Troubleshooting Guide Alcatel
• Stack dumps
• Accounting logs
The more detailed the documented symptoms, the easier it is to identify the root cause of the
problem. It is important to remember that in many cases the individual or the team that is
recording the problem symptoms may not be the same people who will be finding the root cause
and resolving the problem, therefore close attention to detail in recording the problem symptoms is
crucial to rapid problem resolution.
Alarms can be viewed directly from the 7750 SR node alarm file or through the use of the fault
management features available in the 5620 SAM. The 5620 SAM converts SNMP traps from
network routers to events and alarms which can be easily correlated against the appropriate
managed equipment and configured services and policies.
Some questions to answer and conditions to investigate when characterizing the problem are:
• Identify and record any changes that have taken place since the network was last
functioning properly.
• Once the symptoms have been identified and thoroughly documented, first try to identify if
they have anything in common and focus on the common stuff first and work out from
there.
9
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
• Alarms available through the 5620 SAM contain vendor-specific and X.733 standardized
probable cause that can be very useful in identifying the root cause.
• Statistics on alarms available from the 5620 SAM tell you how often an alarm has been
raised based on specified scenarios that can be helpful in identifying the root cause of a
problem.
• If the symptoms are present in different areas of the network try to identify what is
common across these areas.
• Work on one problem at a time, fix that problem, then move on to the next.
• Divide the problem space into natural segments and try to isolate the problem to one of the
segments. One way of segmenting the network is:
o LAN switching (edge access).
o LAN routing (distribution, core).
o Metropolitan-area networks.
o WAN (national backbone).
o Partner services (extranet).
o Remote access services.
• Try to determine the precise network state that existed before the problem appeared.
• Identify which specific functions are not working properly and focus on those.
• Extrapolate from the network alarms and network events what conditions could result in
the observed symptoms. Test for these to see if the problem can be reproduced.
10
31NAN0090 – 7750 Troubleshooting Guide Alcatel
11
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Event logs are the means of recording system generated events for later analysis. Events are
messages generated by the system by applications or processes within the 7750 SR.
12
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The event sources are the main categories of events that feed the log manager. The 7750 SR
groups events into four major categories.
• Security events - Events that pertain to attempts to breach system security. The security
event source is all events that affect attempts to breach system security such as failed login
attempts, attempts to access MIB tables to which the user is not granted access or attempts
to enter a branch of the CLI to which access has not been granted. Security events are
generated by the SECURITY application.
• Change events - Events that pertain to the configuration and operation of the node. The
change activity event source is all events that directly affect the configuration or operation
of the node. Change events are generated by the USER application.
• Debug-trace events - Debug and trace messages that have been enabled for applications or
processes. The debug event source is all debugging and trace messages that have been
enabled on the system. Debug events are generated by the DEBUG application.
• Main events - Events that pertain to 7750 SR OS applications that are not assigned to other
event categories/sources.
Examples of applications within 7750 SR OS include IP, MPLS, OSPF, CLI, services, etc. Figure
2 displays the show log applications command output which displays all applications.
13
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Event control pre-processes the events generated by applications before the event is passed into the
main event stream. Event control assigns the severity for each application event and whether the
event should be generated or suppressed. The severity numbers and severity names supported in
7750 SR OS conform to ITU standards M.3100 X.733 & X.21 and are listed in Table 1.
14
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Events that are suppressed by event control will not generate any event log entries as it never
reaches the log manager. Event control maintains a count of the number of events generated
(logged) and dropped (suppressed) for each application event. The severity of an application event
can be configured in event control.
Application events contain an event number and description that explains why the event is
generated. The event number is unique within an application, but the number can be duplicated in
other applications.
The following example, generated by querying event control for application events, displays a
partial list of event numbers and names.
15
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
16
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Events that are forwarded by event control are sent to the log manager. The log manager manages
the event logs in the system and the relationships between the log sources, event logs and log
destinations, and log filter policies.
• A unique log ID
The source stream or streams to be sent to log destination can be specified. The source
must be identified before the destination can be specified. The events can be from the main
event stream, events in the security event stream, events in the user activity stream, or all
debug-trace messages in the debug stream.
A log can only have a single destination. The destination for the log ID destination can be
one of console, session, syslog, snmp-trap-group, memory, or a file on the local file system.
An event filter policy defines whether to forward or drop an event or trap based on match criteria.
The log manager uses event filter policies to allow fine control over which events are forwarded or
dropped based on various criteria. Filter policies have a default action. The default actions are to
either:
• Forward
• Drop
Filter policies also include a number of filter policy entries that are identified with an entry ID and
define specific match criteria and a forward or drop action for the match criteria.
Each entry contains a combination of matching criteria that define the application, event number,
severity, and subject conditions. The entry’s action determines how the packets should be treated if
they have met the match criteria.
Entries are evaluated in order from the lowest to the highest entry ID. The first matching event is
subject to the forward or drop action for that entry.
17
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following example shows the event filter policies configured on a 7750 SR.
18
31NAN0090 – 7750 Troubleshooting Guide Alcatel
An event log within 7750 SR OS associates the event sources with logging destination. 7750 SR
OS supports the following log destinations:
• Console
• Session
• Memory logs
• Log files
• Syslog
Only a single log destination can be associated with an event log or with an accounting log. An
event log can be associated with multiple event sources, but it can only have a single log
destination.
A file destination is the only type of log destination that can be configured for an accounting log.
Console
Sending events to a console destination means the message will be sent to all active console
sessions. If there are no active console sessions, the event log entries are dropped. The console
device can be used as an event log destination.
Session
A session destination is a temporary log destination which directs entries to the active console
session for the duration of the console session. When the session is terminated, the event log is
removed. Event logs with a session destination are not stored in the configuration file. Event logs
can direct log entries to the session destination.
19
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Memory Logs
A memory log is a circular buffer. When the log is full, the oldest entry in the log is replaced with
the new entry. When a memory log is created, the specific number of entries it can hold can be
specified, otherwise it will assume a default value. An event log can send entries to a memory log
destination.
Log 99 is a pre-configured memory-based log which logs from the main event source (not security,
debug/trace, etc.). Log 99 exists by default.
Log Files
Log files are stored on the compact flash devices (specifically cf1 or cf2) in the 7750 SR file
system.
A log file is identified with a single log file ID, but a log file will generally be composed of a
number individual files in the file system. A log file is configured with a rollover parameter which
determines how long in minutes an individual file which is a component of the log file should be
written to before a new file is created for the log file ID.
The retention time for a log file specifies the amount of time the file should be retained on the
system based on the creation date and time of the file. The retention time is used as a factor to
determine which files should be deleted first if the file system device nears 100% usage.
When a log file is created, only the compact flash device for the log file is specified. Log files are
created in specific subdirectories with standardized names depending on the type of information
stored in the log file.
Event log files are always created in the \log directory on the specified compact flash device.
20
31NAN0090 – 7750 Troubleshooting Guide Alcatel
An SNMP trap group can have multiple trap-receivers with different trap destinations. Each trap
receiver can have different operational parameters.
For SNMP traps that will be sent out-of-band through the Management Ethernet port on the SF/
CPM, the source IP address of the trap is the IP interface address defined on the Management
Ethernet port. For SNMP traps that will be sent in-band, the source IP address of the trap is the
system IP address of the 7750 SR.
Each trap destination of a trap group receives the identical sequence of events as defined by the log
ID and the associated sources and log filter applied.
Syslog
An event log can be configured to send events to one syslog destination. Syslog destinations have
the following properties:
• Syslog server IP address.
• The UDP port used to send the syslog message.
• The Syslog Facility Code (0 - 23) (default 23 - local7).
• The Syslog Severity Threshold (0 - 7) - events exceeding the configured level will be
sent.
Because syslog uses eight severity levels whereas the 7750 SR OS uses six internal severity levels,
the 7750 SR OS severity levels are mapped to syslog severities. Table 3 displays the 7750 SR OS
severity level mappings to syslog severities.
21
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Displays event control settings for events show log event-control [application [event-name |
including whether the event is suppressed event-number]]
or generated and the severity level for the
event.
Show log collector statistics for the main, show log log-collector
security, change and debug log
collectors.
Alcatel’s Service Mirroring extends and integrates these capabilities into the network and provides
significant operational benefits. Each 7750 SR can mirror packets from a specific service to any
destination point in the network, regardless of interface type or speed.
Alcatel’s 7750 SR routers support service-based mirroring. While some Layer 3 switches and
routers can mirror on a per-port basis within the device, Alcatel 7750 SR routers can mirror on an
n-to-1 unidirectional service basis and re-encapsulate the mirrored data for transport through the
core network to another location, using either IP or MPLS tunneling as required Figure 3).
Original packets are forwarded while a copy is sent out the mirrored port to the mirroring
(destination) port. Service mirroring allows an operator to see the actual traffic on a customer’s
service with a ‘sniffer’ sitting in a central location. In many cases, this reduces the need for a
separate, costly overlay sniffer network.
The mirrored frame size that is to be transmitted to the mirror destination can be explicitly
configured by using slicing features. This enables mirroring only the parts needed for analysis. For
example, only the headers can be copied for analysis, protecting the integrity and security of
customer data, or conversely, copying the full packet, including customer data.
Service mirroring is supported on any interface type and on mixed interface types. For example, a
service that uses only Ethernet service interfaces can be mirrored to a SONET/SDH network port,
transported across the core network and delivered on either Ethernet or SONET/SDH egress ports
at the location where service analysis is performed. The packet traffic is uninterrupted and packets
flow normally through the mirrored port.
23
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
• Ingress and egress packets are mirrored as they appear on the wire. This is important for
troubleshooting encapsulation and protocol issues.
o When mirroring at ingress, the Flexible Fast Path network processor array (NPA) sends
an exact copy of the original ingress packet to the mirror destination while normal
forwarding proceeds on the original packet.
o When mirroring is at egress, the NPA performs normal packet handling on the egress
packet, encapsulating it for the destination interface. A copy of the forwarded packet
(as seen on the wire) is forwarded to the mirror destination.
o Remote destinations are reached by encapsulating the ingress or egress packet within an
SDP, like the traffic for distributed VPN connectivity services. At the remote
destination, the tunnel encapsulation is removed and the packet is forwarded out a local
SAP.
24
31NAN0090 – 7750 Troubleshooting Guide Alcatel
• They can be on the same 7750 SR router (local) or on two different routers (remote).
• Mirror destinations can terminate on egress virtual ports which allow multiple mirror
destinations to send to the same packet decode device, delimited by IEEE 802.1Q (referred
to as dot1q) tags. This is helpful when troubleshooting a multi-port issue within the
network.
When multiple mirror destinations terminate on the same egress port, the individual dot1q
tags can provide a DTE/DCE separation between the mirror sources.
• Packets ingressing a port can have a mirror destination separate from packets egressing
another or the same port (the ports can be on separate nodes).
• A total of 255 mirror destinations are supported (local and/or remote), on a per chassis
basis.
The mirror egress port (local or remote) can be PoS or Ethernet. If an Ethernet frame is mirrored to
a PoS port, the frame is translated to PPP/BCP encapsulation. If a PoS frame is mirrored to an
Ethernet port, the frame is translated to PPPoE encapsulation. This allows the use of PoS or
Ethernet packet decode devices.
The 7750 SR allows multiple concurrent mirroring sessions so traffic from more than one ingress
mirror source can be mirrored to the same or different egress mirror destinations.
Remote mirroring uses a service distribution path (SDP) which acts as a logical way of directing
traffic from one SR-Series router to another through a uni-directional (one-way) service tunnel.
The SDP terminates at the far-end 7750 SR which directs packets to the correct destination on that
device.
The SDP configuration from the mirrored device to a far-end 7750 SR requires a return path SDP
from the far-end 7750 SR back to the mirrored router. Each device must have an SDP defined for
every remote router to which it wants to provide mirroring services. SDPs must be created first,
before services can be configured.
25
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Encapsulation Translation
Service mirroring can also map frames from a monitored service to another endpoint using a
different encapsulation type at the mirror destination. For example, a service using PPP over
Packet over SONET/SDH can have its traffic mirrored to an Ethernet port destination with an
Ethernet-attached analyzer. The 7750 SR router translates the PPP header into a PPPoE header so
the Ethernet-attached analyzer can properly decode the frames.
The automatic translation of PPP or Ethernet frames into PPPoE or BCP encapsulations can be
manually disabled. The type of translation depends on the type of the destination SDP or SAP
defined for the mirror destination. Translation is important to allow PoS packet-decoding devices
to receive Ethernet frames or Ethernet packet-decoding devices to receive PPP frames.
When translating an Ethernet frame for transmission to a SONET/SDH SAP or SDP, the Ethernet
frame gets encapsulated in a PPP/BCP frame format. When translating a SONET/SDH PPP frame
for transmission to an Ethernet SAP or SDP, the PPP frame gets encapsulated in a PPPoE frame
format.
Slicing
A further service mirroring refinement is ’slicing’ which copies a specified packet size of each
frame. This is useful to monitor network usage without having to copy the actual data. Slicing
enables mirroring larger frames than the destination packet decode equipment can handle. It also
allows conservation of mirroring resources by limiting the size of the stream of packet through the
7750 SR and the core network.
When a mirror slice-size is defined, a threshold that truncates a mirrored frame to a specific size
is created. For example, if the value of 256 bytes is defined, up to the first 256 bytes of the frame
are transmitted to the mirror destination. The original frame is not affected by the truncation.
Mirrored frames, most likely, will grow larger as encapsulations are added when packets are
transmitted through the network core or out the mirror destination SAP to the packet/protocol
decode equipment.
The transmission of a sliced or non-sliced frame is also dependent on the mirror destination SDP
path MTU and/or the mirror destination SAP physical MTU. Packets that require a larger MTU
than the mirroring destination supports are discarded if the defined slice size does not truncate the
packet to an acceptable size.
26
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Replication of mirrored packets can, typically, affect performance and should be used carefully.
Alcatel 7750 SR routers minimize the impact of mirroring on performance by taking advantage of
its distributed Flexible Fast Path technology. Flexible Fast Path forwarding allows efficient mirror
service scaling and, at the same time, allows a large amount of data to be mirrored with minimal
performance impact. When a mirror destination is configured, the packet slice option can truncate
mirrored packets to the destination, which minimizes replication and tunneling overhead. The
mirroring architecture also supports mirror rate limiting both at the ingress and egress Flexible Fast
Path NPA. This rate limiting is accomplished through a shaping queue and is settable according to
the maximum amount of mirroring desired.
• Port
• SAP
• MAC filter
• IP filter
• Ingress label
• Port 2/1/2 is specified as the source. Mirrored traffic ingressing and egressing this port will
be sent to port 2/1/3.
• SAP 2/1/3 is specified as the destination. The sniffer is physically connected to this port.
Mirrored traffic ingressing and egressing port 2/1/2 is sent here. SAP, encapsulation
requirements, packet slicing, and mirror classification parameters are configured. SDPs are
not used in local mirroring.
27
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Figure 5 depicts a remote mirror service configured as SR B as the mirror source and SR A as the
mirror destination. Mirrored traffic ingressing and egressing port 5/2/1 (the source) on SR B is
handled the following ways:
• Port 5/2/1 is specified as the mirror source port. Parameters are defined to select specific
traffic ingressing and egressing this port.
• Destination parameters are defined to specify where the mirrored traffic will be sent. In this
case, mirrored traffic will be sent to a SAP configured as part of the mirror service on port
3/1/3 on SR A (the mirror destination).
• SR A decodes the service ID and sends the traffic out of port 3/1/3.
• The sniffer is physically connected to this port (3/1/3). SAP, encapsulation requirements,
packet slicing, and mirror classification parameters are configured in the destination
parameters.
28
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The example below demonstrates the major components to configure service mirroring.
29
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
• Mirror destination — Sets up a service which allows the mirrored packets to be directed locally
or over the core of the network and have a far end 7750 SR decode the mirror encapsulation. The
service ID must match in the mirror-destination and the mirror-source context.
• SAP (mirror destination) — Creates a service access point (SAP), which defines the port and
encapsulation parameters to which the mirrored source packets are sent. The sniffer is physically
connected to this port.
• SDP — For remote mirrored service. Binds an existing (mirror) service distribution path (SDP)
to the mirror destination service ID to transport the source mirrored traffic to the destination.
• Remote source — For remote mirrored services. Specifies the remote (source) SR allowed to
mirror traffic to this device for mirror service egress.
• Mirror source — Configures packet mirroring match criteria for a mirror destination service. The
same mirror destination service ID and the mirror source service ID must be configured.
• Port — A packet mirroring option which defines ingress and/or egress traffic monitoring by port.
• SAP (mirror source) — A packet mirroring option which defines ingress and/or egress traffic
monitoring by SAP defined by the port-id:encap-val or portid.channel-
id:encap-val.
• IP filter — A packet mirroring option which specifies that packets matching the IP filter are
mirrored to a mirror destination.
• MAC filter — A packet mirroring option which specifies that packets matching the MAC filter
are mirrored to a mirror destination.
• Ingress label — A packet mirroring option which defines packets with a specific MPLS label to a
mirror destination.
Each local mirrored service (within the same router) requires the following configurations:
Note that the mirror source and mirror destination components must be configured under the same
service ID context.
30
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The following example displays a sample configuration for Figure 7 of a local mirrored service
where the source and destinations are on the same SR (SR1).
SRA>config>mirror# info
----------------------------------------------
mirror-dest 103 create
sap 2/1/3:0 create
egress
qos 1
exit
exit
no shutdown
exit
----------------------------------------------
SRA>config>mirror#
31
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following example displays a sample configuration of a remote mirrored service for Figure 8
where the source is a port on SRB and the destination is a SAP on SRA.
SRB>config>mirror# info
----------------------------------------------
mirror-dest 1000 create
sdp 2 egr-svc-label 7000
no shutdown
exit
----------------------------------------------
SRB>config>mirror# exit all
SRB# show debug
debug
mirror-source 1000
port 5/2/1 egress ingress
no shutdown
exit
exit
SRB#
SRA>config>mirror# info
----------------------------------------------
mirror-dest 1000 create
remote-source
far-end 10.10.10.104 ing-svc-label 7000
exit
sap 3/1/3:0 create
egress
qos 1
exit
exit
no shutdown
exit
----------------------------------------------
SRA>config>mirror#
32
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The source packet mirroring enabling criteria defined in debug mirror mirror-source
commands are not preserved in configuration saves.
• Physical layer problems such as collisions, jabbers, etc., are not mirrored. Typically, only
complete packets are mirrored. An exception to this is that packets with CRC errors are
mirrored. Complete stats are available on the interface for these physical layer problems.
• SONET ports or channels in access mode and with frame-relay encapsulation types cannot
be mirrored.
• Either LAG ports or LAG port members can be mirrored. If a LAG port member is being
mirrored, then the LAG port cannot be mirrored and vice-versa.
• Clear channel ports (TDM or SONET) that are being mirrored cannot be channelized until
the mirroring is disabled.
• Encap type on an access port/channel can not be changed to frame-relay if it is being
mirrored.
• Starting and shutting down mirroring:
Mirror destinations:
• The default state for a mirror destination service ID is shutdown. You must issue a
no shutdown command to enable the feature.
• When a mirror destination service ID is shutdown, mirrored packets associated with the
service ID are not accepted from its mirror source or remote source 7750 SR router.
The associated mirror source is put into an operationally down mode. Mirrored packets
are not transmitted out the SAP or SDP. Each mirrored packet is silently discarded. If
the mirror destination is a SAP, the SAP’s discard counters are incremented.
• Issuing the shutdown command causes the mirror destination service or its mirror
source to be put into an administratively down state. Mirror destination service IDsmust
be shut down first in order to delete a service ID, SAP, or SDP association from the
system.
Mirror sources:
• The default state for a mirror source for a given mirror-dest service ID is no
shutdown. You must enter a shutdown command to deactivate (disable) mirroring
from that mirror-source.
• Mirror sources do not need to be shutdown to remove them from the system. When a
mirror source is shutdown, mirroring is terminated for all sources defined locally for
the mirror destination service ID.
33
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Table 4 lists all the configuration commands to configure 7750 SR mirroring parameters,
indicating the configuration level at which each command is implemented with a short command
description. The command list is organized in the following task-oriented manner:
34
31NAN0090 – 7750 Troubleshooting Guide Alcatel
35
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Show command
show mirror mirror-dest [service- id] Displays mirror configuration and operation
information.
For in-band testing, the OAM packets closely resemble customer packets to effectively test the
customer’s forwarding path, but they are distinguishable from customer packets so they are kept
within the service provider’s network and not forwarded to the customer.
The 7750 SR OS suite of OAM diagnostics supplement the basic IP ping and traceroute operations
with diagnostics specialized for the different levels in the service delivery model. There are
diagnostics for MPLS LSPs, SDPs, Services and VPLS MACs within a service.
For a given FEC, LSP ping verifies whether the packet reaches the egress label edge router (LER),
while in LSP traceroute mode, the packet is sent to the control plane of each transit label switched
router (LSR) which performs various checks to see if it is actually a transit LSR for the path.
SDP Ping
SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP
Ping OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path as
traffic within the service. The SDP Ping response can be received out-of-band in the control plane,
or in-band using the data plane for a round-trip test.
36
31NAN0090 – 7750 Troubleshooting Guide Alcatel
For a round-trip test, SDP Ping uses a local egress SDP ID and an expected remote SDP ID. Since
SDPs are unidirectional tunnels, the remote SDP ID must be specified and must exist as a
configured SDP ID on the far-end 7750 SR. SDP round trip testing is an extension of SDP
connectivity testing with the additional ability to test:
The Path MTU Discovery tool provides a powerful tool that enables service provider to get the
exact MTU supported between the service ingress and service termination points (accurate to one
byte).
Service Ping operates at a higher level than the SDP diagnostics in that it verifies an individual
service and not the collection of services carried within an SDP.
Service Ping is initiated from a 7750 SR router to verify round-trip connectivity and delay to the
far-end of the service. Alcatel’s implementation functions for both GRE and MPLS tunnels and
tests the following from edge-to-edge:
• Tunnel connectivity
• VC label mapping verification
• Service existence
• Service provisioned parameter verification
• Round trip path verification
• Service dynamic configuration verification
37
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
It is conceivable, that while tunnels are operational and correctly bound to a service, an incorrect
Forwarding Information Base (FIB) table for a service could cause connectivity issues in the
service and not be detected by the ping tools. Alcatel has developed VPLS OAM functionality to
specifically test all the critical functions on a per-service basis. These tools are based primarily on
the IETF document draft-stokes-vkompella-ppvpn-hvpls-oam-00.txt.
• MAC Ping — Provides the ability to trace end-to-end switching of specified MAC addresses.
MAC ping provides an end-to-end test to identify the egress customer-facing port where a
customer MAC was learned. MAC ping can also be used with a broadcast MAC address to identify
all egress points of a service for the specified broadcast MAC.
• MAC Trace — Provides the ability to trace a specified MAC address hop-by-hop until the last
node in the service domain.
• MAC Populate — Allows specified MAC addresses to be injected in the VPLS service domain.
This triggers learning of the injected MAC address by all participating nodes in the service. This
tool is generally followed by MAC ping or MAC trace to verify if correct learning occurred.
• MAC Purge — Allows MAC addresses to be flushed from all nodes in a service domain.
MAC Ping
For a MAC ping test, the destination MAC address (unicast or multicast) to be tested must be
specified. A MAC ping packet can be sent through the control plane or the data plane. When sent
by the control plane, the ping packet goes directly to the destination IP in a UDP/IP OAM packet.
If it is sent by the data plane, the ping packet goes out with the data plane format.
In the control plane, a MAC ping is forwarded along the flooding domain if no MAC address
bindings exist. If MAC address bindings exist, then the packet is forwarded along those paths (if
they are active). Finally, a response is generated only when there is an egress SAP binding to that
MAC address. A control plane request is responded to via a control reply only.
In the data plane, a MAC ping is sent with a VC label TTL of 255. This packet traverses each hop
using forwarding plane information for next hop, VC label, etc. The VC label is swapped at each
service-aware hop, and the VC TTL is decremented. If the VC TTL is decremented to 0, the packet
is passed up to the management plane for processing. If the packet reaches an egress node, and
would be forwarded out a customer facing port, it is identified by the OAM label below the VC
label and passed to the management plane.
MAC pings are flooded when they are unknown at an intermediate node. They are responded to
only by the egress nodes that have mappings for that MAC address.
38
31NAN0090 – 7750 Troubleshooting Guide Alcatel
MAC Trace
A MAC trace functions like an LSP trace with some variations. Operations in a MAC trace are
triggered when the VC TTL is decremented to 0.
Like a MAC ping, a MAC trace can be sent either by the control plane or the data plane.
For MAC trace requests sent by the control plane, the destination IP address is determined from
the control plane mapping for the destination MAC. If the destination MAC is known to be at a
specific remote site, then the far-end IP address of that SDP is used. If the destination MAC is not
known, then the packet is sent unicast, to all SDPs in the service with the appropriate squelching.
A control plane MAC traceroute request is sent via UDP/IP. The destination UDP port is the LSP
ping port. The source UDP port is whatever the system gives (note that this source UDP port is
really the demultiplexor that identifies the particular instance that sent the request, when
correlating the reply). The source IP address is the system IP of the sender.
When a traceroute request is sent via the data plane, the data plane format is used. The reply can be
via the data plane or the control plane.
A data plane MAC traceroute request includes the tunnel encapsulation, the VC label, and the
OAM, followed by an Ethernet DLC, a UDP and IP header. If the mapping for the MAC address is
known at the sender, then the data plane request is sent down the known SDP with the appropriate
tunnel encapsulation and VC label. If it is not known, then it is sent down every SDP (with the
appropriate tunnel encapsulation per SDP and appropriate egress VC label per SDP binding).
The tunnel encapsulation TTL is set to 255. The VC label TTL is initially set to the min-ttl (default
is 1). The OAM label TTL is set to 2. The destination IP address is the all-routers multicast
address. The source IP address is the system IP of the sender.
The destination UDP port is the LSP ping port. The source UDP port is whatever the system gives
(note that this source UDP port is really the demultiplexor that identifies the particular instance
that sent the request, when correlating the reply).
The Reply Mode is either 3 (i.e., reply via the control plane) or 4 (i.e., reply via the data plane),
depending on the reply-control option. By default, the data plane request is sent with Reply Mode
3 (control plane reply).
The Ethernet DLC header source MAC address is set to either the system MAC address (if no
source MAC is specified) or to the specified source MAC. The destination MAC address is set to
the specified destination MAC. The ethertype is set to IP.
MAC Populate
MAC Populate is used to send a message through the flooding domain to learn a MAC address as
if a customer packet with that source MAC address had flooded the domain from that ingress point
in the service. This allows the provider to craft a learning history and engineer packets in a
particular way to test forwarding plane correctness.
39
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The MAC populate request is sent with a VC TTL of 1, which means that it is received at the
forwarding plane at the first hop and passed directly up to the management plane. The packet is
then responded to by populating the MAC address in the forwarding plane, like a conventional
learn although the MAC will be an OAM-type MAC in the FIB to distinguish it from customer
MACs addresses.
This packet is then taken by the control plane and flooded out the flooding domain (squelching
appropriately, the sender and other paths that would be squelched in a typical flood).
This controlled population of the FIB is very important to manage the expected results of an OAM
test.
The same functions are available by sending the OAM packet as a UDP/IP OAM packet. It is then
forwarded to each hop and the management plane has to do the flooding.
Options for MAC Populate are to force the MAC in the table to type OAM (in case it already
existed as dynamic or static or an OAM induced learning with some other binding), to prevent new
dynamic learning to over-write the existing OAM MAC entry, to allow customer packets with this
MAC to either ingress or egress the network, while still using the OAM MAC entry.
Finally, an option to flood the MAC Populate request causes each upstream node to learn the MAC
(i.e., populate the local FIB with an OAM MAC entry), and to flood the request along the data
plane using the flooding domain.
An age can be provided to age a particular OAM MAC after a different interval than other MACs
in a FIB.
MAC Purge
MAC Purge is used to clear the FIBs of any learned information for a particular MAC address.
This allows one to do a controlled OAM test without learning induced by customer packets. In
addition to clearing the FIB of a particular MAC address, the purge can also indicate to the control
plane not to allow further learning from customer packets. This allows the FIB to be clean, and be
populated only via a MAC Populate.
MAC Purge follows the same flooding mechanism as the MAC Populate.
A UDP/IP version of this command is also available that does not follow the forwarding notion of
the flooding domain, but the control plane notion of it.
40
31NAN0090 – 7750 Troubleshooting Guide Alcatel
oam sdp-mtu Performs in-band MTU Path tests on an SDP to determine the largest
path-mtu supported on an SDP.
oam sdp-ping Tests an SDP for in-band uni-directional or round trip connectivity
with a round trip time estimate.
oam svc-ping Tests a service ID for correct and consistent provisioning between
two service end points. The following information can be determined
from svc-ping:
• Local and remote service existence
• Local and remote service state
• Local and remote service type correlation
• Local and remote customer association
• Local and remote service-to-SDP bindings and state
• Local and remote ingress and egress service label association
41
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
42
31NAN0090 – 7750 Troubleshooting Guide Alcatel
3 MDA (installed)
5 SF/CPM
8 Air vent
9 ESD plug
43
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
1 Grounding studs
6 Safety cover
7 OFF/ON DC switch
44
31NAN0090 – 7750 Troubleshooting Guide Alcatel
If you are unable to bring up a management session through the console port connection, the most
likely source of the problem is the console configuration. It should be configured as in Table 7
below.
45
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
You should also verify the DTE/DCE setting of the terminal and select the appropriate setting for
the console port. The pinout assignment for the console port connector for both DTE and DCE
settings is available in the 7750_SR-12_Installation_Guide_Rev-02.
If you are unable to bring up a management session through the console port connection, verify
that the management port has been assigned an IP address by issuing a show bof command from a
management session established through the console port or an IP interface on the router.
46
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The 7750 SR-12 is equipped with critical, major and minor alarm LEDs that provide a visual
indication that a critical, major or minor alarm exists somewhere in the router, be that with either
with the hardware, hardware configuration, router sub-systems, routing or service environment.
The show chassis command can be used to display any current error conditions that may exist in
the router. The following is an example of the output for this command:
47
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
48
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The show chassis and show chassis power-supply commands will display the current status of the
router power supply indicating any error conditions. The following is an example of the output of
these commands:
49
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
50
31NAN0090 – 7750 Troubleshooting Guide Alcatel
3 Reference 1,2 Amber: The reference is enabled (no shutdown) but not
qualified.
Unlit: Not in use, not configured.
3 Power Supply 1,2,3,4 Amber: Indicates an error condition with an installed power
entry module in the associated slot.
Unlit: Indicates that a power entry module is not installed or
not recognized.
51
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
1. show card
===============================================================================
Card Summary
===============================================================================
slot card card card admin operational
allowed provisioned equipped state state
-------------------------------------------------------------------------------
1 all supported iom-20g iom-20g up up
2 all supported iom-20g up down
3 all supported iom-20g up down
6 all supported iom-20g up down
9 all supported iom-20g up down
A all supported sfm-400g sfm-400g up up/active
B all supported sfm-400g sfm-400g up up/standby
===============================================================================
===============================================================================
Card Summary
===============================================================================
slot card card card admin operational
allowed provisioned equipped state state
-------------------------------------------------------------------------------
1 all supported iom-20g iom-20g up up
2 all supported iom-20g up down
3 all supported iom-20g up down
6 all supported iom-20g up down
9 all supported iom-20g up down
A all supported sfm-400g sfm-400g up up/active
B all supported sfm-400g sfm-400g up up/standby
===============================================================================
52
31NAN0090 – 7750 Troubleshooting Guide Alcatel
===============================================================================
Card Summary
===============================================================================
slot card card card admin operational
allowed provisioned equipped state state
-------------------------------------------------------------------------------
1 all supported iom-20g iom-20g up up
2 all supported iom-20g up down
3 all supported iom-20g up down
6 all supported iom-20g up down
9 all supported iom-20g up down
A all supported sfm-400g sfm-400g up up/standby
B all supported sfm-400g sfm-400g up up/active
===============================================================================
1 To check the status of the SF/CPM card show card <slot-number> detail
===============================================================================
Card A
===============================================================================
slot card card card admin operational
allowed provisioned equipped state state
-------------------------------------------------------------------------------
A sfm-400g sfm-400g sfm-400g up up/active
sfm-200g
Flash - cf1:
Administrative State : up
Operational state : not equipped
Flash - cf2:
Administrative State : up
Operational state : not equipped
Flash - cf3:
Administrative State : up
Operational state : up
Serial number : 103616B2304W340
Firmware revision : HDX 2.1
Model number : SanDisk SDCFB-128
Size : 125,038 KB
Free space : 96,836 KB
Hardware Data
Part number : 3HE00018AAAA01
CLEI code :
Serial number : NS041410366
Manufacture date : 04112004
Manufacturing string :
Manufacturing deviations :
Administrative state : up
Operational state : up
Status : software running
Temperature : 44C
Temperature threshold : 68C
Software boot version : X-2.0.R1 on Tue May 4 15:07:26 PST 2004 by*
Software version : TiMOS-C-2.0.R4 cpm/hops ALCATEL SR 7750 Co*
Time of last boot : 2004/09/07 08:16:04
Current alarm state : alarm cleared
Base MAC address : 00:03:fa:0c:e4:4a
Memory capacity : 2,016 MB
===============================================================================
54
31NAN0090 – 7750 Troubleshooting Guide Alcatel
===============================================================================
Event Log 99
===============================================================================
Description : Default System Log
Memory Log contents [size=500 next event=20 (not wrapped)]
=========================================
CPU Utilization (Test time 1001407 uSec)
=========================================
Name CPU Time CPU Usage
(uSec)
-----------------------------------------
System 1427 0.14%
Icc 50 ~0.00%
RTM/Policies 0 0.00%
OSPF 0 0.00%
MPLS/RSVP 0 0.00%
LDP 0 0.00%
IS-IS 0 0.00%
RIP 0 0.00%
VRRP 0 0.00%
BGP 0 0.00%
Services 4 ~0.00%
IOM 5607 0.55%
SIM 79 ~0.00%
CFLOWD 0 0.00%
Idle 994240 99.28%
=========================================
===============================================================================
Memory Pools
===============================================================================
Name Max Allowed Current Size Max So Far In Use
-------------------------------------------------------------------------------
System No limit 118,489,688 118,489,688 114,333,488
Icc 8,388,608 1,048,576 1,048,576 33,616
RTM/Policies No limit 4,194,336 4,194,336 2,507,136
OSPF No limit 0 0 0
MPLS/RSVP No limit 1,048,576 1,048,576 76,000
LDP No limit 0 0 0
IS-IS No limit 0 0 0
RIP No limit 0 0 0
55
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
VRRP No limit 0 0 0
BGP No limit 0 0 0
Services No limit 2,097,152 2,097,152 1,700,136
IOM No limit 199,156,416 199,156,416 195,826,168
SIM No limit 1,048,576 1,048,576 392
CFLOWD No limit 0 1,048,576 0
-------------------------------------------------------------------------------
Current Total Size : 327,083,320 bytes
Total In Use : 314,476,936 bytes
Available Memory : 640,711,688 bytes
===============================================================================
======================================================================
System Information
======================================================================
System Name : sim9
System Contact :
System Location :
System Coordinates :
System Up Time : 3 days, 20:20:40.40 (hr:min:sec)
56
31NAN0090 – 7750 Troubleshooting Guide Alcatel
To reset an IOM as part of troubleshooting IOM, use the command: clear card <slot-number>.
This command reinitializes the card in the specified slot.
The following is an example of the result of reset an IOM.
===============================================================================
Event Log 99
===============================================================================
Description : Default System Log
Memory Log contents [size=500 next event=292 (not wrapped)]
To display the last time IOM was reset, use the show card <slot-number> detail command. The
following is an example of the output for this command:
57
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
===============================================================================
Card 1
===============================================================================
slot card card card admin operational
allowed provisioned equipped state state
-------------------------------------------------------------------------------
1 iom-10g iom-20g iom-20g up up
iom-20g
Hardware Data
Part number : 3HE00020AAAA01
CLEI code :
Serial number : NS041110257
Manufacture date : 03192004
Manufacturing string :
Manufacturing deviations :
Administrative state : up
Operational state : up
Status : software running
Temperature : 56C
Temperature threshold : 68C
Software boot version : X-2.0.R1 on Tue May 4 15:07:26 PST 2004 by*
Software version : TiMOS-I-2.0.R5 iom/hops ALCATEL SR 7750 Co*
Time of last boot : 2004/07/28 14:29:11
Current alarm state : alarm cleared
Base MAC address : 00:03:fa:0c:e6:88
===============================================================================
58
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The show mda <slot-id> detail will display any alarm conditions that exist for that MDA. The
following information on MDA error conditions can be obtained using this command:
59
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Reboot
60
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Cards, MDAs and display cards, MDAs and ports configuration 5.5
ports configuration
7750 SR hardware initialization takes place when a node is powered on or a running node is
rebooted.
By default, the system searches Compact Flash Slot #3 (cf3) for the boot.ldr file (also known
as the bootstrap file). The boot.ldr file is the image that reads and executes the system
initialization commands configured in the boot option file (bof.cfg). The default value to
initially search for the boot.ldr file on cf3 cannot be modified. Once the system executes the
boot.ldr file, it process the bof.cfg file which is stored on cf3, and by default, the system
looks for this file on cf3.
Troubleshooting Notes:
If the bof.cfg file is not found, the system initialization will fail.
The 7750 SR uses the Boot Option File (BOF) to start the system.
61
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
It’s not necessary to have all the above information configured in a BOF.
show version
62
31NAN0090 – 7750 Troubleshooting Guide Alcatel
• The BOF file must specify at least one location for the runtime image. If a runtime
image cannot be loaded, the system will fail to start, and user intervention is
required to correct the problem.
• If there is no configuration file found in the BOF, any configuration change to the
system can not be saved and will be lost when the system is rebooted or shutdown.
• Always be sure to save the BOF when any configuration change is made.
• Persistence on/off:
If a node reboots with persistence turned on, it must locate the persistence index file
and successfully process it before processing the system configuration file.
If the index file cannot be processed for some reason, the system performs a SNMP
shutdown. It requires a no shutdown snmp to reactivate full SNMP functionality.
The 7750 SR file system is based on a DOS file system. In the 7750 SR routers, each control
processor can have up to three compact flash devices (cf1:, cf2: or cf3:).
The above device names are relative device names as they refer to the devices local to the control
processor with the current console session. As in the DOS file system, the colon (“:”) at the end of
the name indicates it is a device.
The absolute device names for the compact flash devices are formed by appending, a dash and the
slot control processor slot number (“A” and/or “B”) to the device number and preceding the colon,
for example, “cf1-A:” is the absolute device name for compact flash device 1 in control processor
slot A.
63
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following commands can be used to navigate file structure on a compact flash device and look
at config file content.
1 To find the config file and the flash card (cf#) show bof
it is saved on
3 To find a file on the cf3 of slot B (whether the file dir cf3-B:
SF/CPM in Slot B is active or standby)
1. show bof
2. file dir
64
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Directory of cf3:\
Directory of cf3:\
65
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
4. file cd cf3-A:
Directory of cf3:\
66
31NAN0090 – 7750 Troubleshooting Guide Alcatel
exit all
configure
#------------------------------------------
echo "System Configuration"
#------------------------------------------
system
name "TOROONXNEC14"
no contact
no location
no clli-code
no coordinates
no config-backup
no boot-good-exec
no boot-bad-exec
power-supply 1 dc
power-supply 2 none
lacp-system-priority 32768
synchronize config
snmp
engineID "0000197f000000000003fa0b"
packet-size 9216
general-port 161
no shutdown
exit
login-control
ftp
inbound-max-sessions 3
.
.
.
show version
67
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Automatically config>system
synchronize [boot-env|config]
synchronize two
SF/CPMs
Change a timing
config>system>sync-if-timing# revert
reference input mode
to be revertive or
non-revertive
68
31NAN0090 – 7750 Troubleshooting Guide Alcatel
7750 SR routers supporting redundancy (on 7750 SR-7 & SR-12 models) use a 1:1
redundancy scheme. Redundancy methods facilitate system synchronization between the
active and standby Control Processor Modules (CPMs) so they maintain identical
operational parameters to prevent inconsistencies in the event of a CPM failure.
Although software configurations and images can be copied or downloaded from remote
locations, synchronization can only occur locally between compact flash drives (cf1:, cf2:,
and cf3:). Synchronization can occur either automatically or manually.
When automatic system synchronization is enabled for an entity, any save or delete file
operations configured on the primary, secondary or tertiary choices on the active CPM file
system are mirrored in the standby CPM file system.
69
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Automatic synchronization
Automatic synchronization is disabled by default. To enable automatic synchronization,
the config>system>synchronization command must be specified with either the boot-env
parameter or the config parameter.
When the boot-env parameter is specified, the BOF, boot.ldr, config, and image files are
automatically synchronized. When the config parameter is specified, only the config files
are automatically synchronized.
Automatic synchronization also occurs whenever the BOF is modified and when an
admin>save command is entered with no filename specified.
Manual synchronization
To execute synchronization manually, the admin>synchronization command must be
entered with the boot-env parameter or the config parameter.
When the boot-env parameter is specified, the BOF, boot.ldr, config, and image files are
synchronized. When the config parameter is specified, only the config files are
synchronized.
The following shows the output which displays during a manual synchronization:
70
31NAN0090 – 7750 Troubleshooting Guide Alcatel
You can force the system synchronous timing input to use a specific reference.
When the command is executed, the current system synchronous timing output is
immediately referenced from the specified reference input. If the specified input is not
available (shutdown), or in a disqualified state, the timing output will enter a holdover state
based on the previous input reference.
71
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
SNTP is a compact, client-only version of the NTP. SNTP can only receive the time from SNTP/
NTP servers; it cannot be used to provide time services to other systems. SNTP can be
configured in either broadcast or unicast client mode.
• SNMP – the 7750 is fully compliant with SNMPv3 and backward compliant with SNMPv1
and v2c.
Authentication is supported on local access, RADIUS, or TACACS+.
Authorization is supported on local access, RADIUS, or TACACS+.
Accounting is supported only on RADIUS and TACACS+.
The 7750 SR uses authentication, authorization, and accounting (AAA) to monitor and control
network access to the router.
The second step is authorization, which allows the user to access and execute commands at various
command levels based on profiles assigned to the user.
72
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Another step, accounting, keeps track of the activity of a user who has accessed the network. The
type of accounting information recorded can include a history of the commands executed, the
amount of time spent in the session, the services accessed, and the data transfer size during the
session. The accounting data can then be used to analyze trends, and also for billing and auditing
purposes.
Authentication
Authentication validates a user name and password combination when a user attempts to log in.
When a user attempts to log in through the console, Telnet, SSH, SCP, or FTP, the 7750 SR client
sends an access request to a RADIUS, TACACS+, or local database.
Transactions between the client and a RADIUS server are authenticated through the use of a
shared secret. The secret is never transmitted over the network. User passwords are sent encrypted
between the client and RADIUS server which prevents someone snooping on an insecure network
to learn password information.
If the RADIUS server does not respond within a specified time, the router issues the access request
to the next of the configured servers. Each RADIUS server must be configured identically to
guarantee consistent results.
If any RADIUS server rejects the authentication request, it sends an access reject message to the
router. In this case, no access request is issued to any other RADIUS servers. However, if other
authentication methods such as TACACS+ and/or local are configured, then these methods are
attempted. If no other authentication methods are configured, or all methods reject the
authentication request, then access is denied.
The user login is successful when the RADIUS server accepts the authentication request and
responds to the router with an access accept message.
Implementing authentication without authorization for the 7750 SR routers does not require the
configuration of VSAs (Vendor Specific Attributes) on the RADIUS server. However, users, user
access permissions, and command authorization profiles must be configured on each router.
Any combination of these authentication methods can be configured to control network access
from a 7750 SR router:
• Local Authentication
• RADIUS Authentication
• TACACS+ Authentication
73
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Authorization
7750 SR routers support local, RADIUS, and TACACS+ authorization to control the actions of
specific users by applying a profile based on user name and password configurations once network
access is granted. The profiles are configured on locally as well as VSAs (Vendor Specific
Attributes ) on the RADIUS server.
Once a user has been authenticated using RADIUS (or another method), the 7750 SR router
perform authorization if configured to do so. The RADIUS server can be used to:
Profiles consist of a suite of commands that the user is allowed or not allowed to execute. When a
user issues a command, the authorization server looks at the command and the user information
and compares it with the commands in the profile. If the user is authorized to issue the command,
the command is executed. If the user is not authorized to issue the command, then the command is
not executed.
Profiles must be created on each 7750 SR router and should be identical for consistent results.
If the profile is not present, then access is denied.
Accounting
When enabled, RADIUS accounting sends command line accounting from the 7750 SR router to
the RADIUS server. The router sends accounting records using UDP packets on port 1813
(decimal).
The router issues an accounting request packet for each event requiring the activity to be recorded
by the RADIUS server. The RADIUS server acknowledges each accounting request by sending an
accounting response after it has processed the accounting request. If no response is received in the
time defined in the timeout parameter, the accounting request must be retransmitted until the
configured retry count is exhausted. A trap is issued to alert the NMS (or trap receiver) that the
server is unresponsive. The router issues the accounting request to the next configured RADIUS
server (up to 5).
User passwords and authentication keys of any type are never transmitted as part of the accounting
request.
74
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Profiles • • • 5.4.3.3
Profiles • • • 5.4.3.3
75
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following sub-sections describe the details of the configuration of each component.
Creating and implementing management access filters is optional. Management access filters
control all traffic going in and out of the CPM, including all routing protocols. The filters can be
used to restrict management of the 7750 SR router by other nodes outside either specific
(sub)networks or through designated ports. By default, there are no filters associated with security
options. The management access filter and entries must be explicitly created on each router.
The 7750 SR OS implementation exits the filter when the first match is found and execute the
actions according to the specified action. For this reason, entries must be sequenced correctly from
most to least explicit.
An entry may not have any match criteria defined (in which case, everything matches) but must
have at least the keyword action to be considered complete. Entries without the action
keyword are considered incomplete and will be rendered inactive.
Use the following CLI commands to configure a management access filter. This example only
accepts packets matching the criteria specified in entries 1 and 2. Non-matching packets are
denied.
76
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The following displays an example of the management access filter command usage.
Password management parameters consists of defining aging, the authentication order and
authentication methods, password length and complexity, as well as the number of attempts a user
can enter a password.
77
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Profiles are used to deny or permit access to a hierarchical branch or specific commands. Profiles
are referenced in a user configuration. A maximum of sixteen user profiles can be defined. A user
can participate in up to sixteen profiles. Depending on the the authorization requirements,
passwords are configured locally or on the RADIUS server.
78
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Configure access parameters for individual users. For user, define the login name for the user and,
optionally, information that identifies the user.
79
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
RADIUS is disabled by default and must be explicitly enabled. The mandatory commands to
enable RADIUS on the local router are radius and server index address ip-addr
secret key. The other commands are optional. The server command adds a RADIUS server
and configures the RADIUS server’s IP address, index, and key values. The index determines the
sequence in which the servers are queried for authentication requests.
On the local router, use the following CLI commands to configure RADIUS authentication:
80
31NAN0090 – 7750 Troubleshooting Guide Alcatel
In order for RADIUS authorization to function, RADIUS authentication must be enabled first.
In addition to the local configuration requirements, VSAs must be configured on the RADIUS
server.
On the local router, use the following CLI commands to configure RADIUS authorization:
81
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
If all the above mentioned conditions are not met, then access to the router is denied and a failed
login event/trap is written to the security log.
82
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The command and all subordinate commands in subordinate command levels are specified.
Configure from most specific to least specific. The 7750 SR OS implementation exits on the first
match, subordinate levels cannot be modified with subsequent action commands. Subordinate level
VSAs must be entered prior to this entry to be effective.
All commands at and below the hierarchy level of the matched command are subject to the
timetra-action VSA.
Multiple match-strings can be entered in a single timetra-cmd VSA. Match strings must be
semicolon (;) separated (maximum string length is 254 characters).
1. The password authentication-order command on the 7750 SR router must include local.
2. The user name must be configured on the 7750 SR router.
3. The user must be successfully be authenticated by the RADIUS server
4. A valid profile must exist on the 7750 SR router for this user.
If all conditions listed above are not met, then access to the 7750 SR router is denied and a failed
login event/trap is written to the security log.
The following example displays a user-specific VSA configuration. This configuration shows
attributes for users named ruser1 and ruser2.
83
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following example shows that user ruser1 is granted console access. ruser1’s home
directory is in compact flash slot 3 and is limited to the home directory. The default action permits
all packets when matching conditions are not met. The timetra-cmd parameters allow the user
to use the tools;telnet;configure system security commands. Matching strings
specified in the timetra-action command are denied for this user.
The user ruser2 is granted FTP access.The default action denies all packets when matching
conditions are not met. The timetra-cmd parameters allow the user to use the configure,
show, and debug commands. Matching strings specified in the timetraaction
command are permitted for this user.
Timetra Dictionary
84
31NAN0090 – 7750 Troubleshooting Guide Alcatel
On the local router, use the following CLI commands to configure RADIUS accounting:
85
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
To use TACACS+ authentication on the router, configure one or more TACACS+ servers on the
network.
86
31NAN0090 – 7750 Troubleshooting Guide Alcatel
In order for TACACS+ authorization to function, TACACS+ authentication must be enabled first.
On the local router, use the following CLI commands to configure RADIUS authorization:
On the local router, use the following CLI commands to configure TACACS+ accounting:
87
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The ssh-server command starts the SSH server. There are no configurable parameters in the
SSH context. To enable SSH, enter the following CLI syntax.
Example: config>system>security#ssh-server
Configure login control parameters for console, Telnet, and FTP sessions.
SNMP Architecture
The Network Management System (NMS) is comprised of two elements: managers and agents.
The manager is the entity through which network management tasks are facilitated. Agents
interface managed objects. Managed devices, such as bridges, hubs, routers, and network servers
can contain managed objects. A managed object can be a configuration attribute, performance
statistic, or control action that is directly related to the operation of a device.
Managed devices collect and store management information and use Simple Network Management
Protocol (SNMP). SNMP is an application-layer protocol that provides a message format to
89
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
facilitate communication between SNMP managers and agents. SNMP provides a standard
framework to monitor and manage devices in a network from a central location.
An SNMP manager controls and monitors the activities of network hosts which use SNMP. An
SNMP manager can obtain (get) a value from an SNMP agent or store (set) a value in the agent.
The manager uses definitions in the management information base (MIB) to perform operations on
the managed device such as retrieving values from variables or blocks of data, replying to requests,
and processing traps.
Between the SNMP agent and the SNMP manager the following actions can occur:
• The manager can get information from the agent.
• The manager can set the value of a MIB object that is controlled by an agent.
• The agent can send traps to notify the manager of significant events that occur on the
7750 SR router.
SNMP Versions
• In SNMP Version 3 (SNMPv3), USM defines the user authentication and encryption features.
View Access Control MIB (VACM) defines the user access control features.
To implement SNMPv1 and SNMPv2c configurations, several access groups are predefined. These
access groups provide standard read-only, read-write, and read-write-all access groups and views
that can simply be assigned community strings. In order to implement SNMP with security
features, security models, security levels, and USM communities must be explicitly configured.
Optionally, additional views which specify more specific OIDs (MIB objects in the subtree) can be
configured.
90
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The use of community strings provide minimal security and context checking for both agents and
managers that receive requests and initiate trap operations. A community string is a text string that
acts like a password to permit access to the agent on the 7750 SR router.
User-based security model (USM) community strings associates a community string with an
SNMPv3 access group and its view. The access granted with a community string is restricted to the
scope of the configured group.
Views
Views control the access to a managed object. The total MIB of a 7750 SR router can be viewed as
a hierarchical tree. When a view is created, either the entire tree or a portion of the tree can be
specified and made available to a user to manage the objects contained in the subtree. Object
identifiers (OIDs) uniquely identify managed objects. A view defines the type of operations for the
view such as read, write, or notify.
OIDs are organized in a hierarchical tree with specific values assigned to different organizations. A
view defines a subset of the agent’s managed objects controlled by the access rules associated with
that view.
Pre-defined views are available that are particularly useful when configuring SNMPv1 and
SNMPv2c.
The Alcatel SNMP agent associates SNMPv1 and SNMPv2c community strings with a SNMPv3
view.
Access Groups
Access groups associate a user group and a security model to the views the group can access. An
access group is defined by a unique combination of a group name, security model (SNMPv1,
SNMPv2c, or SNMPv3), and security level (no-authorization-no privacy, authorization-no-
privacy, or privacy).
91
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
An access group, in essence, is a template which defines a combination of access privileges and
views. A group can be associated to one or more network users to control their access privileges
and views.
Additional access parameters must be explicitly configured if the preconfigured access groups and
views for SNMPv1 and SNMPv2c do not meet your security requirements.
Users
User access and authentication privileges must be explicitly configured. In a user configuration, a
user is associated with an access group, which is a collection of users who have common access
privileges and views (see Access Groups).
Many SNMPv1 and SNMPv2c implementations are restricted read-only access, which, in turn,
reduces the effectiveness of a network monitor in which network control applications cannot be
supported.
92
31NAN0090 – 7750 Troubleshooting Guide Alcatel
93
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
• Access group — The access group creates an association between a group of users, a security
model, and the views the group can access.
• User — Users are associated with an access group and, therefore, share common security models
and access views.
5.4.4.4 Commands displaying SNMP security configuration
List one or all views and permissions show system security view [view-name] [detail]
in the MIB-OID tree.
Check the user access settings for that user, modify if configuration is improper.
show users
1. CLI commands to view the
security settings for a user: configure system security user <user-name>
info detail
2. CLI commands to view/configure user access parameters for a specific user:
info detail
94
31NAN0090 – 7750 Troubleshooting Guide Alcatel
password
Configure user profile membership for
the console (either Telnet or a CPM configure system security user# console
serial port user). info detail
An event log within 7750 SR OS associates the event sources with logging destinations. Examples
of logging destinations include, all console sessions, a specific console session, memory logs, file
95
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
destinations, SNMP trap groups and syslog destinations. A log filter policy can be associated with
the event log to control which events will be logged in the event log based on combinations of
application, severity, event ID range and the subject of the event.
The 7750 SR accounting logs collect comprehensive accounting statistics to support a variety of
billing models. The 7750 SR collects accounting data on services and network ports on a per
service class basis. In addition to gathering information critical for service billing, accounting
records can be analyzed to provide insight about customer service trends for potential service
revenue opportunities. Accounting statistics on network ports can be used to track link utilization
and network traffic pattern trends. This information is valuable for traffic engineering and capacity
planning within the network core.
Accounting statistics are collected according to the parameters defined within the context of an
accounting policy. Accounting policies are applied to customer Service Access Points (SAPs) and
network ports. Accounting statistics are collected by counters for individual service queues defined
on the customer’s SAP or by the counters within forwarding class (FC) queues defined on the
network ports.
The type of record defined within the accounting policy determines where a policy is applied, what
statistics are collected and time interval at which to collect statistics.
The only supported destination for an accounting log is a compact flash system device (cf1 or cf2).
Accounting data is stored within a standard directory structure on the device in compressed XML
format.
Accounting log files
Before an accounting policy can be created a target log file must be created to collect the
accounting records. The files are stored in system memory on a compact flash (cf1 or cf2) in a
compressed (tar) XML format and can be retrieved using FTP or SCP.
A file ID can only be assigned to either one event log ID or one accounting log.
When a policy has been created and applied to a service or network port, the accounting file is
stored on the compact flash in a compressed XML file format. The 7750 SR creates two directories
on the compact flash to store the files. The following output displays a directory named act-
collect that holds accounting files that are open and actively collecting statistics. The directory
named act stores the files that have been closed and are awaiting retrieval.
96
31NAN0090 – 7750 Troubleshooting Guide Alcatel
Accounting files always have the prefix act followed by the accounting policy ID, log ID and
timestamp. The accounting log file naming convention and log file destination properties like
rollover and retention are similar with an event log file.
Accounting Records
The record name, sub-record types, and default collection period for service and network
accounting policies are shown below.
When creating accounting policies, one service accounting policy and one network accounting
policy can be defined as default. If statistics collection is enabled on a SAP or network port and no
accounting policy is applied, then the respective default policy is used. If no default policy is
defined, then no statistics are collected unless a specifically defined accounting policy is applied.
Each accounting record name is composed of one or more sub-records which is in turn composed
of multiple fields.
Design Considerations
97
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The 7750 SR has ample resources to support large scale accounting policy deployments. When
preparing for an accounting policy deployment, verify that data collection, file rollover, and file
retention intervals are properly tuned for the amount of statistics to be collected.
If the accounting policy collection interval is too brief there may be insufficient time to store the
data from all the services within the specified interval. If that is the case, some records may be lost
or incomplete. Interval time, record types, and number of services using an accounting policy are
all factors that should be considered when implementing accounting policies.
The rollover and retention intervals on the log files and the frequency of file retrieval must also be
considered when designing accounting policy deployments. The amount of data stored depends on
the type of record collected, the number of services that are collecting statistics, and the collection
interval that is used. For example, with a 1GB CF and using the default collection interval, the
system is expected to hold 48 hours worth of billing information.
98
31NAN0090 – 7750 Troubleshooting Guide Alcatel
99
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Show alarms of a particular MDA show log log-id 99 subject “Mda 1/1”
(ex. MDA 1/1)
100
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The following CLI commands are commonly used for checking the detailed configuration of cards,
MDAs or ports. Refer to Section 4 for more information on hardware operational status.
101
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
If a port is correctly configured but not up, most likely the port is administratively down.
Ethernet ports:
You can NOT loop Ethernet ports using CLI commands.
SONET/SDH ports:
You can use CLI command to loopback a SONET/SDH port.
NOTE:
102
31NAN0090 – 7750 Troubleshooting Guide Alcatel
1) The SONET/SDH port must be in a shut down state to activate any type of loopback.
2) When you loop back a SONET/SDH port, make sure it is not line timing.
3) The loopback setting is never saved to the generated/saved configuration file.
Description:
TDM ports:
You can use CLI to put a specified TDM port or channel into a loopback mode.
NOTE:
1) The corresponding port or channel must be in a shutdown state in order for the loopback mode
to be enabled. The upper level port or channel or parallel channels should not be affected by the
loopback mode.
2) When you loop back a port, make sure it is not line timeing.
3) The loopback setting is never saved to the generated/saved configuration file.
103
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
DS1 channel
To disable this specific config>port# tdm ds1 no loopback
loopback
The following commands are commonly used for checking OSPF related configuration:
To view the OSPF related alarms or log messages, use the command:
show log log-id 99 application ospf
104
31NAN0090 – 7750 Troubleshooting Guide Alcatel
The debug router ospf command allows the user to troubleshoot an OSPF related issue in many
circumstances. The following are the choices of events that can be logged:
SR12# debug router ospf
- no ospf
- ospf
Important Notes:
1) Before enabling “debug”, the user must make sure a log is created to view the debug result. The
following is an example log created to view debug results. Refer to
7750_SR_OS_System_Guide_2.0.pdf for more details.
Note that if the log destination is session, when the session is closed, the log (log-id) will not be
saved.
For example, log 3 is created to view the debug result:
SR12>config>log>log-id 3
SR12>config>log>log-id$ from debug-trace
SR12>config>log>log-id$ to session
SR12>config>log>log-id$ no exit
2) To stop the “debug”, use either of the following commands to stop the debug at different levels:
Command Explanation
105
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
or
config router interface <int-name>
config>router>if# port-id[:encap-val]
2. MTU Mismatch The MTU can be set at the port level or at the IP level. To view the
MTU settings, use the following commands:
show port displays MTU at the port level.
106
31NAN0090 – 7750 Troubleshooting Guide Alcatel
4. Mismatched subnet Check the router and its neighbor’s interface to see if the subnet mask
mask or IP address or IP address matches each other. Use the command:
show router interface
5. Interface not To verify if the interface has been configured in OSPF, use the
configured in OSPF commands:
show router interface to display router interfaces
107
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
8. Incorrect area To view the area of the interface, use the command:
show router ospf interface
9. Mismatched To display the interval timers setting for an interface, use the
hello/dead interval command:
timers
show router ospf interface <int-name> detail
===============================================================================
Interface Table (Router: Base)
===============================================================================
-------------------------------------------------------------------------------
Interface
-------------------------------------------------------------------------------
If Name : to-rtr22
Admin State : Up Oper State : Up
Protocols : OSPF
ICMP Details
Redirects : Number - 100 Time (seconds) - 10
Unreachables : Number - 100 Time (seconds) - 10
TTL Expired : Number - 100 Time (seconds) - 10
===============================================================================
109
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
----------------------------------------------
===============================================================================
OSPF Interface (Detailed) : to-rtr22
===============================================================================
-------------------------------------------------------------------------------
Configuration
-------------------------------------------------------------------------------
IP Address : 10.0.1.1/30 Interface Name : to-sim22
Area Id : 0.0.0.0 Priority : 1
Hello Intrvl : 10 sec Rtr Dead Intrvl : 40 sec
Retrans Intrvl : 5 sec Poll Intrvl : 120 sec
Metric : 1000 Advert Subnet : True
Transit Delay : 1 Auth Type : None
Passive : False MTU : 0
-------------------------------------------------------------------------------
State
-------------------------------------------------------------------------------
Admin Status : Enabled Oper State : Designated Rtr
Designated Rtr : 10.0.1.1 Backup Desig Rtr : 0.0.0.0
IF Type : Broadcast Network Type : Stub
Oper MTU : 1504 Last Enabled : 07/27/2004 12:19:27
Nbr Count : 0 If Events : 2
-------------------------------------------------------------------------------
Statistics
-------------------------------------------------------------------------------
Tot Rx Packets : 0 Tot Tx Packets : 623
Rx Hellos : 0 Tx Hellos : 623
Rx DBDs : 0 Tx DBDs : 0
Rx LSRs : 0 Tx LSRs : 0
Rx LSUs : 0 Tx LSUs : 0
Rx LS Acks : 0 Tx LS Acks : 0
Retransmits : 0 Discards : 0
Bad Networks : 0 Bad Virt Links : 0
Bad Areas : 0 Bad Dest Addrs : 0
Bad Auth Types : 0 Auth Failures : 0
Bad Neighbors : 0 Bad Pkt Types : 0
Bad Lengths : 0 Bad Hello Int. : 0
Bad Dead Int. : 0 Bad Options : 0
Bad Versions : 0 Bad Checksums : 0
===============================================================================
110
31NAN0090 – 7750 Troubleshooting Guide Alcatel
no mtu
no metric
no authentication-type
no authentication-key
no shutdown
----------------------------------------------
The following commands are commonly used for checking BGP related configuration:
The debug router bgp command allows the user to troubleshoot a BGP related issue in many
circumstances. The following are the choices of events can be logged:
SR12# debug router bgp
- bgp
- no bgp
111
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Important Notes:
1) Before enabling the “debug”, the user must make sure a log is created to view the debug result.
2) To stop the “debug”, use either of the following commands to stop the debug at different level:
Command Explanation
debug router bgp no keepalive Disable debugging for all BGP Keepalive messages
debug router no bgp Disable debugging for all BGP messages
no debug Disable debugging for all applications
1. MTU configuration To verify if the port MTU size is configured correctly, use command:
mismatch show port <port-id>
2. Local or Peer AS To verify if the local or Peer AS is configured correctly, use command:
configured improperly
show router bgp neighbor
112
31NAN0090 – 7750 Troubleshooting Guide Alcatel
To modify the (group level) AS number for the remote peer, use
command:
config router bgp group <name> peer-as <as-number>
===============================================================================
Ethernet Interface
===============================================================================
Description : 10/100 Ethernet TX
Interface : 1/1/1 Speed : 100 mbps
Link-level : Ethernet MTU : 1514
Admin state : up Duplex : full
Oper state : up Hold time up : 0 seconds
Physical Link : Yes Hold time down : 0 seconds
IfIndex : 18907136
===============================================================================
Ethernet Interface
===============================================================================
Description : 10/100 Ethernet TX
Interface : 1/1/1 Speed : 100 mbps
Link-level : Ethernet MTU : 1518
Admin state : up Duplex : full
Oper state : up Hold time up : 0 seconds
Physical Link : Yes Hold time down : 0 seconds
IfIndex : 18907136
113
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 5.5.5.5 Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 65531
Peer Address : 5.5.5.5 Peer Port : 179
Local AS : 65531
Local Address : 1.1.1.1 Local Port : 50742
Peer Type : Internal
State : Established Last State : OpenSent
Last Event : recvKeepAlive
Last Error : Hold Timer Expire
Local Family : IPv4 Remote Family : IPv4
Local Capability : RouteRefresh MP-BGP Remote Capability: RouteRefresh MP-BGP
Hold Time : 90 Keep Alive : 30
SR12>config>router>bgp# info
----------------------------------------------
import "import"
export "fromStatic"
local-as 65531
router-id 2.2.2.2
group "ibp"
exit
group "iBGP"
type internal
peer-as 65531
neighbor 5.5.5.5
exit
exit
----------------------------------------------
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 5.5.5.5 Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 65531
Peer Address : 5.5.5.5 Peer Port : 179
Local AS : 65531
Local Address : 1.1.1.1 Local Port : 50742
Peer Type : Internal
State : Established Last State : OpenSent
Last Event : recvKeepAlive
Last Error : Hold Timer Expire
Local Family : IPv4 Remote Family : IPv4
Local Capability : RouteRefresh MP-BGP Remote Capability: RouteRefresh MP-BGP
Hold Time : 90 Keep Alive : 30
SR12>config>router>bgp# info
----------------------------------------------
import "import"
114
31NAN0090 – 7750 Troubleshooting Guide Alcatel
export "fromStatic"
local-as 65531
router-id 2.2.2.2
group "ibp"
exit
group "iBGP"
type internal
peer-as 65531
neighbor 5.5.5.5
exit
exit
----------------------------------------------
When the BGP speaker receives updates from multiple ASs that describe different paths to the
same destination, it must choose the single best path for reaching that destination. Once chosen,
BGP propagates the best path to its neighbors. The process of selecting the best path is as below.
For each prefix in the routing table, the routing protocol selects the best path. Then, the best path is
compared to the next path in list until all paths in the list are exhausted. The following parameters
are used to determine the best path:
115
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Local Preference Attribute Local preference can be set at the global level:
or group level:
config>router>bgp>group name local-preference
[0..4294967295]
or neighbor level.
config>router>bgp>group name>neighbor ip-addr local-
preference [0..4294967295]
or group level:
config>router>bgp>group name med-out {number | igp-cost}
or neighbor level:
config>router>bgp>group name>neighbor ip-addr med-out
{number | igp-cost}
116
31NAN0090 – 7750 Troubleshooting Guide Alcatel
and assigns the value used for the path attribute for the MED advertised
to BGP peers if the MED is not already set.
The specified value can be overridden by any value set via a route policy.
This configuration parameter can be set at three levels: global level
(applies to all peers), group level (applies to all peers in peer-group) or
neighbor level (only applies to specified peer). The most specific value is
used.
Route policies allow you to configure routing according to specifically defined policies. You can
create policies and entries to allow or deny paths based on various parameters such as destination
address, protocol, packet size, and community list.
Policies can be as simple or complex as required. A simple policy can block routes for a specific
location or IP address. More complex policies can be configured using numerous policy statement
entries containing matching conditions to specify whether to accept or reject the route, control how
a series of policies are evaluated, and manipulate the characteristics associated with a route.
There are no default route policies. Each policy must be created explicitly and applied to a policy,
a routing protocol, or to the forwarding table. Policy parameters are modifiable.
Process of provisioning a basic router policy
The following diagram shows the process of how to provision a basic route policy. For more
detailed description on route policy concept and configuration guidance, please refer to
7750_SR_OS_Router_Guide_2.0.pdf.
117
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
The following example is focused on how prefix lists are configured and used in a route policy,
and how this route policy applied to BGP. Other parameters such as AS-path, community list and
damping parameters are disregarded.
1) create/edit route policy
SR12>config>router>policy-options#
SR12>config>router>policy-options# begin
118
31NAN0090 – 7750 Troubleshooting Guide Alcatel
5) Apply route policies created above as the import & export policy for BGP
SR12# config router
SR12>config>router# autonomous-system <as-number>
SR12>config>router# bgp
SR12>config>router# import "Service Provider-IN"
SR12>config>router# export "Service Provider-OUT"
SR12>config>router# exit
SR12#
The ‘begin’ command puts the node (not just the session) in a route policy edit mode.
Once ‘begin’ is entered, until a commit is executed, subsequent users executing the ‘begin’
command will be warned that a policy configuration is in progress.
“commit”
A ‘commit’ will save all policy configuration in progress on a node, this include all session
that have entered ‘begin’ without having exited with a ‘commit’ regardless of the state of the
route-policy under configuration.
A ‘commit’ terminates edit mode for all users that are currently in edit mode.
119
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
To verify how the policy is configured, use command: show router policy
To verify how prefix list is configured in the policy, use command: show router policy
prefix-list <name>
===============================================================================
Route Policies
===============================================================================
Policy Description
-------------------------------------------------------------------------------
Service Provider-IN
Service Provider-OUT
-------------------------------------------------------------------------------
Policies : 2
===============================================================================
SR12#
SR12# show router policy prefix-list
==================================
Prefix Lists
==================================
Prefix List Name
----------------------------------
Deny-routes
permit-routes
==================================
SR12# show router policy prefix-list Deny-routes
prefix 0.0.0.0/8 longer
. . .
SR12# show router policy prefix-list permit-routes
prefix 10.10.1.0/30 exact
prefix 10.10.2.0/24 exact
. . .
SR12#
120
31NAN0090 – 7750 Troubleshooting Guide Alcatel
2. Check if the route is in the FIB. Use command show router fib <slot-number> [<ip-
prefix/mask]> [longer]]
3. Verify the routing policies for inaccuracies to ensure that packets are not getting filtered.
- To check what policy is applied in IGP (ex. OSPF), use commands:
config router ospf
The debug router ldp command allows the user to troubleshoot a LDP related issue. The
following are the debugging choices.
SR12# debug router ldp
- ldp
- no ldp
121
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Important Notes:
1) Before enabling the “debug”, the user must make sure a log is created to view the debug result.
2) To stop the “debug”, use either of the following commands to stop the debug at different level
(more choices can be found by clicking “?” at any level of the CLI syntax):
Command Explanation
debug router ldp interface <int-name> Disables debugging for specific LDP packets
no packet
debug router ldp no interface <int- Disables debugging for LDP interface
name>
Command Explanation
show router ldp bindings
To display LDP bindings information
show router ldp discovery
To display LDP discovery information
show router ldp interface
To display LDP interface information
show router ldp parameters
To display LDP configured and operation parameters
show router ldp peer
To display LDP targeted peer information
show router ldp session
To display LDP session information
show router ldp status
To display LDP operational information
122
31NAN0090 – 7750 Troubleshooting Guide Alcatel
o You could create a management filter and logs that could help identify which excessive or
unwanted packets are reaching the 7750 SR and block such traffic by modifying the
management filter or by using mac/ip filtering.
• Excessive debugging.
o show debug commands will identify the debugging processes running on the 7750. The no
debug command is a quick method to stop all debugging.
• Functions such as SNMP MIB walks and large routing updates can cause the CPU to spike to
100%, but in general these functions are temporary and generally have no lasting affect on the
performance of the 7750 SR.
Before any service is provisioned, the corresponding IP routing protocols must have been
configured and running. The IES service could be down if it is related to a routing problem. Refer
to other sub-sections in Section 6 for troubleshooting a routing problem.
Verifying IES service configuration
The following table outlines where and how to verify an IES service configuration.
To view the configurations Use either of the following commands to view the IES service
related the IES service configuration in different level:
show service service-using
To view the port status If a port/channel is administratively shutdown, all SAPs on that
related to the SAP port/channel will be operationally out of service.
show port <port-id>
123
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
To delete a SAP on an When a SAP is deleted, all configuration parameters for the SAP
interface will also be deleted. For IES service, the IP interface must be
shutdown before the SAP on that interface may be removed.
config service ies <service-id> interface <ip-int-
name>
config>service>ies>if# shutdown
info detail
=============================================================================
Service Access Points(SAP)
=============================================================================
Service Id : 100
SAP : 1/1/4 Encap : null
Dot1Q Ethertype : 0x8100 QinQ Ethertype : 0x8100
Description : (Not Specified)
Split Horizon Group : (Not Specified)
124
31NAN0090 – 7750 Troubleshooting Guide Alcatel
==============================================================================
Interface Table
==============================================================================
Interface-Name Type IP-Address Adm Opr Type
------------------------------------------------------------------------------
to-web Pri 10.3.3.3/24 Up Down IES
------------------------------------------------------------------------------
Interfaces : 1
==============================================================================
===============================================================================
Interface Table
===============================================================================
-------------------------------------------------------------------------------
Interface
-------------------------------------------------------------------------------
If Name : to-web
Admin State : Up Oper State : Down
Protocols : None
ICMP Details
Redirects : Number - 100 Time (seconds) - 10
Unreachables : Number - 100 Time (seconds) - 10
TTL Expired : Number - 100 Time (seconds) - 10
-------------------------------------------------------------------------------
Interfaces : 1
===============================================================================
125
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
Event logs are the means of recording system generated events for later analysis. Should there
exist a fault within a 7750 SR system, event logs are often the first source of information in the
troubleshooting process. Events are messages generated by the system for applications or
processes within the 7750 SR.
Logs can be configured to collect log messages related to a specific item. When a new log is
created, it can be sent to one of the log destinations: Console, Session, Memory log, a Log file,
SNMP trap group or Syslog. The operators can then monitor the logs from there. The default log
log-id 99 is a memory log and contains all main events. The following is an example of how to
create a log and send it to a session.
Note that if the log destination is session, when the session is closed, the log (log-id) will not be
saved.
For more details of configuring a log, you can also refer to 7750_SR_OS_System_Guide_2.0.pdf.
The 5620 SAM converts SNMP traps from 7750 SR routers to events and alarms. These are then
correlated against the managed equipment and configured services and policies. Alarms are
applied against the appropriate equipment and services. From the GUI, operators have a number of
tools to fine-tune, define, and track alarms. They can:
• View the relationship between incoming alarms and the affected objects, such as the effect
of equipment alarms on service operation
• Determine and then set specific policies for each alarm type, for example, the alarm’s
incoming severity and its escalated severity
• Track the most important alarms using color codes, for example, sort all red critical alarms.
Figure 17 shows the alarm relationships and the GUI tools to manage them.
126
31NAN0090 – 7750 Troubleshooting Guide Alcatel
For more information on 5620 SAM fault management features, please refer to “Alcatel 5620
SAM (Release 2.0) General Information Book”.
127
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
7. Miscellaneous
Commonly Used Global CLI commands
The following is a list of the more commonly used global commands, which means these
commands can be executed at any level of the CLI hierarchy.
128
31NAN0090 – 7750 Troubleshooting Guide Alcatel
History
129
Alcatel 31NAN0090 – 7750 Troubleshooting Guide
This document contains confidential information which is proprietary to Alcatel. No part of its
contents may be used, copied, disclosed or conveyed to any party in any manner whatsoever
without prior written permission from Alcatel. Alcatel, the Alcatel logo and all 7750 SR products
are registered trademarks of Alcatel.
130