Nortel Secure Router 2330/4134 Configuration MPLS. Release: 10.2 Document Revision: NN

Transcription

1 Release: 10.2 Document Revision: NN

2 . Release: 10.2 Publication: NN Document release date: 7 September 2009 While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE. All other trademarks are the property of their respective owners.

3 . Contents 3 New in this release 11 Features 11 SR2330 hardware 11 HDLC over MPLS pseudowire 11 MPLS over VLAN 11 Other changes 11 Specifying controlled load traffic or guaranteed traffic for an LSP no longer supported 12 Introduction 13 Navigation 13 MPLS fundamentals 15 MPLS elements 15 Label switched path 15 LSRs and LERs 16 Supported interfaces 16 MPLS label 16 Label description 17 Label allocation 17 Operations on labels 17 NHLFE 18 ILM 18 FTN 18 Penultimate Hop Popping 18 Implicit null 18 Explicit null 19 PHP disabled 19 LSP routes 20 Routing traffic with policy-based redirection 20 Types of LSPs 20 Static LSP 21 LDP LSP 21 RSVP-TE-signaled LSPs 21 Standards compliance 22

4 4 LDP fundamentals 25 LDP overview 25 LDP identifier and label space 25 LDP discovery 25 LDP sessions 26 LDP message types 27 LDP operation modes 28 Label advertisement modes 28 Label retention mode 29 Label control mode 30 ACL configuration with LDP 31 LDP loop detection 31 Hop count limit 31 Path vector limit 31 RSVP-TE fundamentals 33 RSVP-TE overview 33 Control messages 33 RVSP-TE tunnel setup 34 OSPF-TE and CSPF 35 RSVP-TE resource reservation styles 35 Fixed filter 36 Shared explicit 36 Priority of signaled LSP 37 Setup priority 37 Hold priority 37 Explicitly routed LSPs 37 Route Recording 38 Refresh reduction 38 Reliable messaging 38 Fast reroute and node protection 39 Node protection 39 Secondary LSP (global repair) 40 Secondary LSP signaling 40 Secondary LSP with fast reroute 41 Administrative groups 41 MPLS QoS 41 Ingress LER- EXP marking 42 DSCP Marking on Egress LER 43 MPLS Pseudowire fundamentals 45 Layer 2 virtual circuits 45 Virtual circuit labelling 46 Binding an attachment circuit to the pseudowire 46

5 5 LDP requirement for dynamic virtual circuits 46 Static virtual circuits 47 Multiple virtual circuits 47 PPP over MPLS 47 HDLC over MPLS 48 Ethernet over MPLS 48 VLAN Rewrite 48 Static LSP configuration 49 Static LSP configuration procedures 49 Static LSP configuration task navigation 50 Configuring a static FTN entry on the ingress router 50 Configuring static ILM entries on transit and egress routers 51 Displaying the static FTN entry 52 Displaying the static ILM entry 52 Displaying static FTN statistics 53 Displaying static ILM statistics 53 LDP LSP configuration 55 LDP configuration procedures 55 LDP configuration task navigation 57 Configuring loopback interface and router ID 57 Enabling LDP at the router level 58 Configuring targeted LDP peer adjacency 58 Specifying a targeted LDP peer for extended discovery 58 Configuring the global targeted LDP peer hello interval 59 Configuring the interface targeted LDP peer hello interval 59 Configuring the global targeted LDP peer hold time 60 Configuring the interface targeted LDP peer hold time 61 Configuring LDP properties 61 Configuring explicit-null labels 61 Configuring the transport address for a label space 62 Configuring global loop detection 63 Configuring the global loop detection count 63 Configuring global request retries 64 Configuring the global request retry timeout 64 Propagating the global release of labels to downstream routers 65 Configuring the global label control mode 66 Applying ACL rules to LDP 66 Configuring the global label advertisement mode 67 Configuring the interface label advertisement mode 68 Configuring the global label retention mode 69 Configuring the interface label retention mode 69 Configuring the global LDP hello interval 70 Configuring the interface LDP hello interval 71

6 6 Configuring the global LDP hold time 72 Configuring the interface LDP hold time 72 Configuring the global keepalive interval 73 Configuring the interface keepalive interval 74 Configuring the global keepalive timeout 75 Configuring the interface keepalive timeout 75 Enabling LDP on an interface 76 Enabling auto-discovery of LDP peers 77 Configuring global multicast hellos 77 Configuring interface multicast hellos 77 Displaying LDP configuration and statistics 78 Displaying LDP adjacency 78 Displaying the IP access list of LDP advertise-labels 78 Displaying FECs known to the current LSR 78 Displaying detailed LDP information for interfaces 79 Displaying LDP LSP configuration 79 Displaying LDP LSP hosts corresponding to an FEC 79 Displaying LDP LSP host 80 Displaying LDP LSP prefix 80 Displaying LDP session 81 Displaying LDP packet statistics 81 Displaying LDP advertise-labels statistics 81 Clearing LDP adjacencies 82 Clearing LDP statistics 82 RSVP-TE LSP configuration 83 RSVP-TE configuration procedures 83 RSVP-TE configuration task navigation 85 Configuring loopback interface and router ID 85 Enabling RSVP-TE at the router level 86 Enabling RSVP-TE at the interface level 86 Creating an RSVP-TE LSP 87 Creating an RSVP-TE LSP 87 Configuring the ingress address for the LSP 87 Configuring the egress router for the LSP 88 Configuring an explicit path LSP 89 Disabling and enabling CSPF globally 89 Disabling and enabling CSPF on RSVP-TE LSPs 89 Create the explicit route and define the hops 90 Associate the RSVP-TE explicit route with an LSP 91 Specifying the Route Record List as an explicit route 91 Configuring constrained path LSP properties 92 Reserving bandwidth for RSVP-TE LSPs 92 Configuring the filter style for RSVP-TE LSP 93

7 7 Configuring retry limit for RSVP-TE LSP 93 Configuring retry timer for RSVP-TE LSP 94 Configuring setup priority for RSVP-TE LSP 95 Configuring the hold priority for RSVP-TE LSP 96 Configuring CSPF retry limit 96 Configuring CSPF retry timer 97 Configuring the hop limit for RSVP-TE LSP 98 Configuring label recording 99 Configuring route recording 99 Creating an MPLS administrative group 100 Adding an interface to an administrative group 100 Including administrative groups in an RSVP-TE LSP 101 Excluding administrative groups from an RSVP-TE LSP 102 Disabling affinity 103 Configuring Fast Reroute for constrained path LSP 103 Enabling and disabling one-to-one fast reroute protection 103 Configuring fast reroute node protection 104 Configuring fast reroute bandwidth 104 Specifying the administrative groups to include in the fast reroute 105 Excluding administrative groups from the fast-reroute 106 Configuring fast reroute setup priority 106 Configuring fast reroute hold priority 107 Configuring fast reroute hop limit 108 Configuring detour LSP identification method 108 Configuring RSVP-TE LSP properties 109 Configuring the extended tunnel ID in RSVP-TE messages 109 Configuring the creation and tear-down method for the RSVP-TE LSP 110 Restarting the RSVP-TE LSP 110 Configuring hello exchanges with a specific neighbor 111 Configuring RSVP-TE global and interface properties 112 Configuring the RSVP-TE source address 112 Configuring explicit-null labels 112 Configuring Penultimate-Hop-Popping 113 Configuring loop detection 113 Configuring MPLS tunnel-mode 114 Enabling the receipt of Hello messages globally 115 Enabling the receipt of Hello messages on the interface 115 Configuring the global Hello interval 116 Configuring the Hello interval and enabling Hello transmission on the interface 117 Configuring the global hello timeout 118 Configuring the interface hello timeout 118 Configuring the global RSVP keep multiplier 119 Configuring the interface RSVP keep multiplier 120

8 8 Configuring the global RSVP refresh time 121 Configuring the interface RSVP refresh time 121 Configuring the global refresh reduction advertisement 122 Configuring the interface refresh reduction advertisement 122 Configuring global message acknowledgement 123 Configuring interface message acknowledgement 124 Configuring the global acknowledgement wait timeout 124 Configuring the interface acknowledgement wait timeout 125 Mapping routes to RSVP-TE LSPs 125 Displaying RSVP-TE LSP configuration and statistics 126 Displaying session-related information for configured LSPs 126 Displaying LSP session count 127 Displaying session-related information for egress router 127 Displaying session-related information for specific egress router 127 Displaying session-related information for ingress router 128 Displaying session-related information for specific ingress router 128 Displaying session-related information for specific sessions 129 Displaying session-related information for transit router 129 Clearing traffic-engineered LSP data 130 Displaying RSVP-TE configuration and statistics 130 Displaying RSVP-TE interface information 130 Displaying RSVP-TE neighbors 131 Displaying next-hop data cached in RSVP-TE 131 Displaying RSVP-TE statistics 131 Displaying RSVP-TE summary refresh data 132 Displaying RSVP-TE version 132 Displaying traffic engineering path 132 Displaying MPLS tunnel mode 133 Displaying all configured MPLS administrative groups 133 Clearing RSVP sessions 133 Clearing RSVP statistics 134 MPLS Pseudowire configuration 135 Pseudowire configuration procedures 135 Pseudowire configuration task navigation 137 Configuring a pseudowire Layer 2 virtual circuit 137 Creating a Layer 2 virtual circuit 137 Binding an Ethernet interface to a Layer 2 virtual circuit 138 Binding a VLAN interface to a Layer 2 virtual circuit 138 Binding a WAN interface to a Layer 2 virtual circuit 139 Configuring a static FTN entry for ingress virtual circuit 140 Configuring a static ILM entry for egress virtual circuit 140 Displaying the pseudowire configuration and statistics 141 Displaying the static Layer 2-circuit FTN entry 141

9 9 Displaying the static L2-circuit ILM entry 141 Displaying the Layer 2 virtual circuit summary information 141 Displaying Layer 2 virtual circuit data 142 Displaying Layer 2 virtual circuit group data 142 Displaying Layer 2 virtual circuit statistics 142 Displaying Layer 2 virtual circuit table 143 Common procedures 145 Displaying MPLS-enabled interfaces 145 Displaying interface statistics 145 Displaying originating LSP statistics 146 Displaying MPLS forwarding table 146 Displaying incoming label map table 146 Clearing MPLS statistics 147 Configuration examples 149 Static LSP configuration 149 Static LSP configuration on Secure Router LSP configuration on Secure Router LDP-based LSP configuration 151 RSVP-TE LSP configuration 152 LSP1 configuration on SR LSP2 configuration on SR Configuring fast reroute for SR Configuring fast reroute for SR Configuring policy-based redirection into an RSVP-TE LSP 156 Ethernet over RSVP-TE pseudowire configuration 157 Ethernet over pseudowire configuration for SR Ethernet over pseudowire configuration for SR PPP over RSVP-TE pseudowire configuration 158 PPP over pseudowire configuration for SR PPP over pseudowire configuration for SR HDLC over MPLS pseudowire 160 HDLC over pseudowire configuration for SR Static L2VPN pseudowire configuration 162 SR configuration 163 SR configuration 164

10 10

11 . New in this release 11 The following section details what s new in Nortel Secure Router 2330/4134 (NN ) for Release Features See the following sections for information about feature changes: SR2330 hardware This document is updated to show support for the Nortel Secure Router 2330 (SR2330) chassis. HDLC over MPLS pseudowire Release 10.2 supports HDLC over MPLS pseudowire. With this feature, you can transmit HDLC traffic between sites over Ethernet packet-switched networks. For a configuration example, see HDLC over MPLS pseudowire (page 160). MPLS over VLAN Release 10.2 supports MPLS over VLAN interfaces. However, interface-specific parameter configurations are not supported for VLAN interfaces. In which case, the global MPLS parameters apply to MPLS over VLAN. For more information, see: Supported interfaces (page 16) Enabling LDP on an interface (page 76) Enabling RSVP-TE at the interface level (page 86) Adding an interface to an administrative group (page 100) Binding a VLAN interface to a Layer 2 virtual circuit (page 138) Other changes See the following sections for information about other changes.

12 12 New in this release Specifying controlled load traffic or guaranteed traffic for an LSP no longer supported The procedure for specifying controlled load traffic or guaranteed traffic for an LSP is removed. The SR2330/4134 supports only controlled-load service.

13 . Introduction 13 This document describes the operation and configuration of the MPLS features on the Secure Router 2330/4134 (Secure Router 2330/4134). Navigation MPLS fundamentals (page 15) LDP fundamentals (page 25) RSVP-TE fundamentals (page 33) MPLS Pseudowire fundamentals (page 45) Static LSP configuration (page 49) LDP LSP configuration (page 55) RSVP-TE LSP configuration (page 83) MPLS Pseudowire configuration (page 135) Configuration examples (page 149)

14 14 Introduction

15 . MPLS fundamentals 15 In traditional IP networks, each transit node makes an independent forwarding decision when transmitting packets through the network. MPLS defines a mechanism for forwarding traffic packets based on fixed-length labels instead of IP address-based routing at each hop. MPLS uses an underlying interior gateway protocol (IGP) to establish network reachability, and associates fixed-length labels with discovered routes to forward packets through the network. Packets are classified once, when they enter the MPLS domain, then travel along a predefined Label Switched Path (LSP) to the network egress. Transit nodes do not make any routing decisions when processing packets, but merely forward them based on the MPLS label, independent of the information in the encapsulated IP header. The ingress node assigns a fixed-length label to each packet as it enters the network, and forwards it to the next hop. As traffic moves through the network, each node swaps the incoming label for an outgoing label, based on a predefined label database on each node. MPLS elements The following sections describe the elements of MPLS networks. Label switched path A label switched path (LSP) is an end-to-end unidirectional tunnel set up between MPLS-enabled routers. Data travels through the MPLS network over LSPs from the network ingress to the network egress. The LSP is determined by a sequence of labels, initiated at the ingress node. Packets that require the same treatment for transport through the network are grouped into a forwarding equivalence class (FEC). The FECs are identified by the destination subnet of the packets to be forwarded. All packets within the same FEC use the same LSP to travel across the network. Packets are classified once, as they enter the network; all subsequent forwarding decisions are based on the FEC to which each

16 16 MPLS fundamentals packet belongs (that is, each label corresponds to a FEC). MPLS-enabled routers use a label distribution protocol (such as LDP or RSVP-TE) to generate and distribute label-to-fec bindings. Because LSPs are unidirectional, you must create a pair of LSPs to support bidirectional traffic. LSRs and LERs MPLS-enabled routers are grouped into two categories: label switching routers (LSRs), or provider (P) nodes label edge routers (LERs), or provider edge (PE) nodes LSRs reside in the network core, and provide high-speed switching functions for the network. LERs reside at the network edge, initiating and terminating LSPs and assigning packets to FECs as traffic enters the network. Each LSR and LER builds a Label Information Base (LIB) to map FECs to incoming and outgoing labels. Supported interfaces The Secure Router 2330/4134 supports MPLS on the following interfaces: WAN interfaces supporting PPP or HDLC encapsulation: T1/E1 interfaces CT3/DS3 interfaces Serial and HSSI interfaces WAN interfaces running MLPPP are not supported. All SR2330 Ethernet ports, and VLAN interfaces containing these ports. SR4134 Chassis Ethernet ports, and VLAN interfaces containing only Chassis Ethernet ports. SR4134 Module Ethernet ports and VLAN interfaces that contain any of these ports are not supported. Interface-specific MPLS parameter configurations are not supported for VLAN interfaces. In which case, the global MPLS parameters apply to MPLS over VLAN. MPLS cannot operate on IPSec-enabled (crypto) interfaces. MPLS label The following sections provide additional detail about the MPLS label distribution.

17 MPLS label 17 Label description As traffic enters the MPLS network, each packet is marked with a label. A label, in its simplest form, identifies the path a packet should traverse. An MPLS label is carried or encapsulated in between the Layer 2 and the Layer 3 header. The receiving router examines the packet for its label content to determine the next hop. Once a packet has been labeled, the rest of the journey of the packet through the MPLS network is based on label switching. The label values are of local significance only, meaning that they pertain only to hops between LSRs. Figure 1 MPLS label Label: Label carries the actual value of the Label. Exp: Experimental Use. Reserved for experimental use. S: Bottom of Stack. This bit is set to one for the last entry in the label stack, and zero for all other label stack entries TTL: Time to Live field is used to encode a time-to-live value. Label allocation As traffic enters the MPLS network, the ingress LSR groups traffic requiring similar treatment into forward equivalence classes (FECs). Each transit LSR maps the FECs to incoming and outgoing labels. Each downstream router advertise the FEC-to-label assignments to the upstream router. Operations on labels The Secure Router 2330/4134 supports the following label operations: Push: adds a new label onto the packet. Pop: removes the label from the packet. Swap: replaces the existing label with a new label.

18 18 MPLS fundamentals NHLFE The Next Hop Label Forwarding Entry (NHLFE) specifies the actions to take for each labeled packet. The details it provides include: next hop for the packet the operation to perform on the label: push, pop, swap ILM FTN The Incoming Label Map (ILM) maps each incoming label to a set of NHLFEs. MPLS uses the ILM to determine the action to perform on incoming labeled packets. The FEC-to-NHLFE (FTN) maps each FEC to a set of NHLFEs. MPLS uses FTN to determine the label to apply and the action to perform on incoming unlabeled packets. Penultimate Hop Popping Penultimate Hop Popping (PHP) provides a mechanism for improving label process efficiency at the LSP egress. With full PHP enabled, the egress LSR can save processing time on the outer label lookup by notifying its upstream neighbor to pop the outer label before forwarding the packet. Secure Router 2330/4134 supports three modes for Penultimate Hop Popping (PHP) behavior: Implicit null Explicit null PHP Disabled Implicit null In implicit null mode, the Secure Router 2330/4134 router advertises the implicit null label (label 3) for LSPs that it terminates. Label 3 indicates that the upstream router must remove the outer label before forwarding the packet to the egress router, without replacing it with another label. Upon receipt, the Secure Router 2330/4134 router does not have to process the outer label, and forwards the packet based on the next inner label or the destination address in the encapsulated IP header.

19 Penultimate Hop Popping 19 Figure 2 Implicit null Figure 3 Explicit null Explicit null In explicit null mode, the Secure Router 2330/4134 router advertises the explicit null label (label 0) for LSPs that it terminates. The upstream router uses label 0 as the outgoing label for the packet, which indicates to the Secure Router 2330/4134 router that it is the final hop on the LSP. Upon receipt, the Secure Router 2330/4134 router pops the label without performing a label lookup, and forwards the packet based on the next inner label or the destination address in the encapsulated IP header. In explicit-null mode, the system marks the EXP bits in the explicit-null label to match the EXP bits of the popped label, so that Diff-Serv treatment is preserved at the egress LER. PHP disabled If PHP is disabled, the Secure Router 2330/4134 router advertises a normal label (from the range ) for an LSP when sending a label mapping to the upstream router. Upon receipt of a packet, the

20 20 MPLS fundamentals Figure 4 PHP disabled Secure Router 2330/4134 router performs a label lookup, then pops the label and forwards the packet based on the next inner label (if present) or the destination address in the encapsulated IP header. Because each egress LSP is assigned a different label, this option allows traffic statistic collection for individual egress LSPs. LSP routes When you configure an LSP on an ingress router, the ingress router configures an associated host route toward the egress router. The host route address is the destination address of the LSP. The default administrative distance of the route is set to 10, which is higher than all routes other than direct interfaces and static routes. The route is configured with a 32-bit mask, which ensures that the route is a longer match and therefore more specific than all other subnet routes. Routing traffic with policy-based redirection To route traffic to LSPs, you can also use the QoS policy-based redirect feature. This feature allows you to redirect user-configured traffic flows to specific LSPs. For details, see Performance Management Quality of Service (NN ). Types of LSPs There are three types of LSP: Static LSP LDP LSP RSVP-signaled LSP

21 Types of LSPs 21 Figure 5 Static LSP Static LSP Static LSPs are manually configured LSPs. No label distribution protocol is enabled. For each LSR along the LSP path, you must manually configure LSP labels, similar to static routes. The following figure shows the label actions that each LSR must perform along the LSP path. LDP LSP LDP allows routers to discover neighbors and to establish LDP sessions with them so that they can exchange label mapping information. An LDP LSR identifies the best routes, as selected by the underlying IGP, and binds a locally significant label to each, then propagates this binding to neighbors. RSVP-TE-signaled LSPs Resource Reservation Protocol with traffic engineering extensions (RSVP-TE) is a label signaling protocol that allows you to set up traffic-engineered LSPs through the MPLS network. RSVP-TE allows an ingress router to set up traffic-engineered LSPs (also called tunnels) through the MPLS network. The intermediate and egress routers accept RSVP-TE signaling messages from the ingress router to set up and maintain the LSP and dynamically assign labels. Where LDP LSPs are dynamic, RSVP-TE tunnels are user-initiated: you need only configure the ingress router. You can use RSVP-TE to create tunnels that avoid points of congestion in the network. RSVP-TE-signaled LSPs can be one of two types: explicit-path LSP or constrained-path LSP.

22 22 MPLS fundamentals Explicit-path LSP With explicit-path LSPs, you can manually specify the intermediate hops along the LSP. Each hop in the explicit-path LSP is either strict or loose. If the hop is strict, the LSP must go to the specified address directly, without traversing any intermediary nodes. If the hop is loose, the RSVP-TE relies on IGP lookups to determine the best route to the specified address. Constrained-path LSP With constrained-path LSP, the router uses the Constrained Shortest Path First (CSPF) protocol to determine the LSP path. In this case, RSVP-TE and CSPF must be enabled on all routers along the LSP path. With CSPF LSPs, you can specify traffic engineering parameters that must be met by each LSR in order to create the LSP. Standards compliance The Secure Router 2330/4134 implementation of MPLS complies with the following RFCs: RFC 2702, Requirements for Traffic Engineering Over MPLS RFC 3031, MPLS Architecture RFC 3032, Label Stack Encoding RFC 3036, LDP Specification RFC 3215, LDP State Machine RFC 2205, Resource ReSerVation Protocol (RSVP)--Version 1 Functional Specifications RFC 2209, RSVP Version 1 Message Processing Rules RFC 2961, RSVP Refresh Overhead Reduction Extensions RFC 3209, RSVP-TE: Extensions to RSVP for LSP Tunnels RFC 3210, Applicability Statement for Extensions to RSVP for LSP-tunnels RFC 4090, Fast Reroute Extensions to RSVP-TE for LSP Tunnels The Secure Router 2330/4134 implementation of MPLS pseudowire complies with the following RFCs: draft-ietf-pwe3-arch-07.txt,sept-2004, PWE3 Architecture. draft-ietf-pwe3-requirements-08.txt,june-2004, Requirements for Pseudo-Wire Emulation Edge-to-Edge draft-ietf-pwe3-control-protocol-06.txt,sept-2004, Pseudowire Setup and Maintenance using LDP (draft-martini-l2circuit-trans-mpls-13.txt, June-2004)

23 Standards compliance 23 draft-ietf-pwe3-ethernet-encap-06.txt,june-2004, Encapsulation Methods for Transport of Ethernet Frames Over IP/MPLS Networks (draft-martini-l2circuit-encap-mpls-06.txt, May-2004) draft-ietf-pwe3-hdlc-ppp-encap-mpls-03.txt,oct-2004, Encapsulation Methods for Transport of PPP/HDLC Over IP and MPLS Networks

24 24 MPLS fundamentals

25 . LDP fundamentals 25 Label Distribution Protocol (LDP) provides a mechanism for dynamic hop-by-hop label distribution between routers in an MPLS network. LDP assigns labels to IGP-learned routes and distributes these label bindings to its peers, to establish label switched paths (LSPs) through the network. LDP overview LDP allows routers to discover neighbors and to establish LDP sessions so they can exchange label mapping information. Each LDP router identifies the best routes, as selected by the underlying IGP, and binds a locally significant label to each, then propagates this binding to neighbors. LDP identifier and label space When a router running LDP communicates with its peers, it identifies itself with a unique LDP identifier (ID). The LDP ID indicates the LSR s IP address (that is, the LSR ID) and the label space from which the LSR assigns its labels. Thus, the LSR advertises its LDP ID in the format <LSR ID>:<label space>. The Secure Router 2330/4134 LSR ID is the same as the node router ID. The router ID is a unique 32-bit address that identifies the router to routing protocols such as OSPF. The router ID is typically a local IP address, and therefore reachable by IP. The Secure Router 2330/4134 also uses its router ID for the LDP transport address, required for the TCP session over which LDP runs. The transport address must be one of the node s local IP addresses (preferably a loopback address) for LDP to operate; therefore, if LDP is running on the node, the router ID must be a local IP address. The Secure Router 2330/4134 supports a per-platform, or global, label space 0. LDP discovery LDP discovery is the process by which LDP routers discover neighboring routers, for the purpose of exchanging label-to-fec binding information. LDP routers exchange LDP Hello messages to form a Hello adjacency, prior to establishing an LDP session.

26 26 LDP fundamentals Figure 6 LDP discovery LDP uses two types of discovery to find LDP peers: Basic discovery LDP uses basic discovery to find directly-connected routers with which to exchange label information. The router transmits multicast UDP Hello messages to all routers on the subnet. When the neighbor responds with Hello messages to the local router, the two routers form a Hello adjacency. Extended discovery Extended discovery allows an LDP router to discover peers that are not directly connected to it, and to establish LDP sessions with them. The router transmits unicast UDP Hello messages to a specific peer router, which may or may not be directly connected to it. If the peer responds to these targeted Hello messages, the pair form an extended Hello adjacency and normal LDP session establishment procedures follow. LDP sessions When MPLS routers have formed an LDP Hello adjacency, they establish an LDP session. LDP sessions are bidirectional and allow LDP peers to learn each other s label-to-fec bindings. The LDP session is identified by the pair of LDP IDs: the LDP ID of the local router and LDP ID of the peer router. If the Secure Router 2330/4134 connects to a peer node over multiple interfaces, the LDP ID pair (that is, local LDP ID, peer LDP ID) is the same for each Hello adjacency between the two nodes. When this occurs, only one LDP session is established between the two LSRs, with all Hello adjacencies being part of that session. The LDP session remains active as long as at least one Hello adjacency to the peer router is up; thus, a link failure does not impact the LDP control path as long as there is at least one physical connection to the peer.

27 LDP overview 27 Figure 7 LDP sessions LDP message types The following table describes the LDP message types. Table 1 LDP message types Discovery Session Advertisement Notification Secure Router 2330/4134 uses discovery messages to announce its presence in a network by periodically transmitting multicast UDP Hello messages to all routers on the subnet or unicast UDP Hello messages to a specific router. Secure Router 2330/4134 uses session messages to establish, maintain, and terminate sessions between LDP peers. After MPLS routers have formed an LDP Hello adjacency, they establish an LDP session over Transmission Control Protocol (TCP). When the session is successfully established, the two routers can exchange advertisement messages. Secure Router 2330/4134 uses advertisement messages to advertise FEC-to-label bindings to LDP peers. Secure Router 2330/4134 sends LDP notification messages to report errors and events. Error notifications signal fatal errors. If a router receives an error notification from a peer for an LDP session, it terminates the LDP session by closing the TCP transport connection for the session and discarding all label mappings learned through the session. Advisory notifications, which pass information to a router about the LDP session or the status of some previous message received from the peer.

28 28 LDP fundamentals LDP operation modes LDP has several control modes that affect how labels are exchanged between LSRs: Label advertisement modes (page 28) Label retention mode (page 29) Label control mode (page 30) Label advertisement modes The label advertisement mode determines when an LSR advertises a FEC-to-label binding to its LDP peers. LDP has two label advertisement modes: downstream unsolicited (DU) and downstream-on-demand (DoD) mode. The Secure Router 2330/4134 only supports the downstream unsolicited mode. For any single LDP adjacency, the LDP peers must agree on a label distribution mode. Downstream-unsolicited label advertisement With downstream-unsolicited label advertisement, each LSR advertises its FEC-to-label assignments to upstream routers as soon as they are available; thus, upstream routers do not have to send label mapping requests for FECs. Downstream-unsolicited advertisement is typically used with the liberal label retention mode. Figure 8 Downstream-unsolicited label advertisement Downstream-on-demand label advertisement The Secure Router 2330/4134 does not support downstream-on-demand label advertisement. The following information is provided for reference only. With Downstream-on-demand label advertisement, LSRs only advertise a FEC-to-label assignment in response to a specific request from an upstream router.

29 LDP operation modes 29 Downstream-on-demand advertisement is typically used with the conservative label retention mode. Figure 9 Downstream-on-demand label advertisement Label retention mode The label retention mode determines which labels an LSR retains in its Label Information Base (LIB), particularly those FEC-to-label bindings that are learned from neighbors that are not next hops for the FEC. LDP provides supports two label retention modes: liberal and conservative. The Secure Router 2330/4134 only supports the liberal label retention mode. Liberal label retention In liberal label retention mode, the LSR accepts and retains all label mappings received from LDP peers, regardless of whether the neighboring router is actually the next hop for the FEC. This means that the router can quickly adapt to routing changes in the network because it already has alternate labels for the same FEC; however, it requires that the LSR maintain a much larger LIB and retain labels that it may never use. Figure 10 Liberal label retention

30 30 LDP fundamentals Conservative label retention The Secure Router 2330/4134 does not support conservative label retention. The following information is provided for reference only. In conservative label retention mode, the LSR discards any label mappings it receives that were not originated by the current next hop for the FEC. This means that the router has fewer labels to maintain in the LIB; however, if the next hop for a FEC changes, the router must request a new label mapping from new next hop, resulting in slower network convergence. Figure 11 Conservative label retention Label control mode The label control mode controls when labels are distributed between LDP peers when creating an LSP. The Secure Router 2330/4134 supports both LDP label control modes: ordered and independent. Independent In independent mode, an LSR advertises label mappings for FECs at any time, regardless of whether it is the egress for the FEC or has received a label mapping from the next hop for the FEC. FEC-to-label bindings are advertised as soon as the next hop has been recognized. In independent downstream-on-demand mode, an LSR can answer requests for label mappings immediately, without waiting for a label mapping from the next hop. In independent downstream unsolicited mode, an LSR can advertise a label mapping for an FEC to neighbors whenever it is prepared to label-switch that FEC.

31 LDP loop detection 31 Ordered In ordered mode, an LSR only advertises label mappings for an FEC when it is the egress router for the FEC, or when it has received a label mapping from the current next hop for the FEC. If neither of these conditions are met, the LSR must wait for a label mapping from a downstream neighbor before it can map the FEC to a label and advertise the binding to an upstream neighbor. In this way, an LSP is set up from egress to ingress, hop-by-hop. ACL configuration with LDP With LDP, you can use ACL to modify the routes to be distributed to peering neighbors. You can configure ACL rules to permit or deny the advertisement of labels for specific routes to a configured list of neighbors. After the routes are redistributed, denied routes are no longer advertised to the listed LDP neighbors. LDP loop detection LDP supports two mechanisms for LDP loop detection: Hop count limit Path vector limit The Secure Router 2330/4134 only supports the hop count limit mechanism for loop detection. Hop count limit With the hop count limit method, each LSR increments the hop count field in the LDP packet as it traverses the network. If the value in the hop count field exceeds a predetermined value (established by the router that initiates the LSP), the LSR assumes a routing loop and discards the packet. Path vector limit The Secure Router 2330/4134 does not support the path vector limit mechanism for loop detection. The following information is provided for reference only. With the path vector limit method, each LSR adds its router ID to the path vector field as it processes a packet. If an LSR sees its own router ID in the list of intermediate hops, or if the number of entries in the path vector field exceeds a predetermined value (established by the router that initiates the LSP), the LSR assumes a routing loop and discards the packet.

32 32 LDP fundamentals

33 . RSVP-TE fundamentals 33 Resource Reservation Protocol with traffic engineering extensions (RSVP-TE) is a label signaling protocol that allows you to set up traffic-engineered LSPs through the MPLS network. You can set up multiple RSVP LSPs to the same destination with the same or different traffic engineering parameters. RSVP-TE overview RSVP-TE allows an ingress router to set up traffic-engineered LSPs (also called tunnels) through the MPLS network. You can use RSVP-TE to create tunnels that avoid points of congestion in the network or load balance across of available network resources. Where LDP LSPs are dynamic, RSVP-TE tunnels are user-initiated. RSVP tunnels are persistent: that is, when an LSP goes down, the router attempts to re-establish the LSP, based on a configurable retry limit and retry interval. When the node reaches the retry limit without restoring the LSP, no further attempts are made to establish the LSP until it is administratively disabled and re-enabled. Control messages RSVP-TE is a soft-state protocol. LSRs exchange periodic control messages to refresh state information, and any non-refreshed states time out automatically. This allows RSVP-TE to adapt to changes in topology and resource availability, and to recover from any failures more quickly. RSVP-TE uses two primary messages to set up and maintain tunnels: the Path message, to request resources and label bindings, and the Resv message, to confirm available resources and distribute label-to-fec bindings. You can control how often the Path and Resv messages are sent, and how long the Secure Router 2330/4134 waits before removing forwarding states and resource reservations after receiving a control message.

34 34 RSVP-TE fundamentals Table 2 RSVP-TE message types Message Path Resv PathTear ResvTear PathErr ResvErr ResvConfirm Description Requests resources and label mapping for a new LSP, or refreshes path state information for an existing LSP. Reserves resources for a new LSP and specifies label mapping, or refreshes reservation state information for an existing LSP. Removes path states in routers along an LSP; usually initiated by the sender. Releases reservation states along an LSP; usually initiated by the receiver. Indicates a problem establishing a new path or refreshing existing state information (advisory message only). Indicates a problem reserving resources for a new LSP, or refreshing existing resource reservation information (advisory message only). Confirms that resources have been reserved for a new LSP. RVSP-TE tunnel setup RSVP-TE tunnels are source-routed. The ingress LER determines the path through the network to the destination, based on a user-provided list of explicit hops, or along the best route selected by the underlying IGP (calculated from local routing tables). LSRs exchange Path and Resv messages to set up and maintain RSVP-TE tunnels, using the Label Object in the Resv messages for label distribution. When setting up an RSVP-TE tunnel, the ingress LER sends a Path message to the egress LER, requesting resources and label mapping information. The Path message is propagated downstream through the network, and stores a path state (indicating the previous and next-hop address) in each transit node as it travels to the egress LER. The egress LER responds with a Resv message, confirming that resources are available for the LSP. The Resv message travels upstream to the ingress router, along the same route as the original Path message (in the reverse direction). The Resv message stores a reservation state in each transit node, and specifies the local label binding for the LSP to each successive upstream router. When the ingress LER receives the Resv message, the tunnel is established.

35 RSVP-TE resource reservation styles 35 Figure 12 RSVP-TE tunnel setup OSPF-TE and CSPF OSPF-TE is an extension to OSPF that can identify the shortest path to a destination node that can meet specific bandwidth requirements. It is used to identify and propagate bandwidth-constrained routes throughout the network. Using the routes provided by OSPF-TE, the Secure Router 2330/4134 uses the CSPF algorithm to compute the best paths for LSPs that are subject to various constraints such as: bandwidth, hop count, administrative groups, priority and explicit routes. When computing paths for LSPs, CSPF considers not only the topology of the network and the attributes defined for the LSP but also the links. It attempts to minimize congestion by intelligently balancing the network load. Using the information calculated with CSPF, the Secure Router 2330/4134 then uses RSVP-TE as the signaling protocol to set up and maintain the traffic-engineered LSPs through the MPLS network. RSVP-TE resource reservation styles Resource reservation provides control over bandwidth allocation during LSP setup. Secure Router 2330/4134 supports both RSVP-TE resource reservation styles: Fixed filter Shared explicit

36 36 RSVP-TE fundamentals Fixed filter A fixed filter (FF) reservation creates a distinct resource reservation for each sender in a specified list. Each reservation is specific to a sender, and is not shared with any other sender in the session. Fixed filter reservation is appropriate for traffic flows that are independent but likely to be transmitted at the same time (such as video applications). RSVP-TE tunnels reserved with fixed filter (FF) style never share bandwidth with other LSPs. The tunnel consumes its own share of the bandwidth on all links traversed. Figure 13 Fixed filter Shared explicit A shared explicit (SE) reservation creates a single resource reservation that is shared by all senders in a specified list. RSVP-TE tunnels reserved with shared explicit (SE) style in the same RSVP session can share bandwidth on common links. SE style is usually used when traffic can only flow on one of the LSPs in the session at a given time, for instance, for primary and backup LSPs, or when performing LSP optimization or modification. LSPs that belong to different sessions, even when SE style is used, cannot share bandwidth.

37 Explicitly routed LSPs 37 Figure 14 Shared explicit Priority of signaled LSP In cases where there is insufficient bandwidth to accommodate the creation of a new LSP, the Secure Router 2330/4134 can remove less important existing LSPs to free up the necessary bandwidth for the new LSP. This can be done by preempting one or more of the signaled LSPs. To specify the relative priority for the existing LSP and the new LSP, you can configure the following parameters: Setup priority The setup priority determines if a new LSP can preempt an existing LSP. The setup priority of the new LSP must be higher than the hold priority of an existing LSP for the existing LSP to be preempted. Please note that for a trunk, the setup priority should not be higher than the hold priority. Hold priority The hold priority determines the degree to which an LSP holds onto its reservation for a session after the LSP has been set up successfully. When the hold priority is high, the existing LSP is less likely to give up its reservation. Explicitly routed LSPs RSVP-TE tunnels can be configured to traverse specific nodes through the network. The Explicit Route Object (ERO) in the Path message defines one or more hops in the LSP, specified by an IP address. Each hop in the ERO is either strict or loose. If the hop is strict, the LSP must go to the specified address directly, without traversing any intermediary nodes. If the hop is loose, the RSVP-TE relies on IGP lookups to determine the best route to the specified address (either directly

38 38 RSVP-TE fundamentals or otherwise). If no ERO is specified, the tunnel destination is treated as a single loose hop. Secure Router 2330/4134 supports a combination of strict or loose hops in the ERO. A hop can identify a link or a loopback address (such as a router ID). To ensure that an RSVP-TE tunnel takes a specific link, you must specify the IP address of the link interface on the neighboring router; otherwise, specify the router loopback address, so that the LSP can be re-routed in the event of a link failure. Once established, explicitly routed RSVP-TE tunnels are pinned: changes in the network topology (for example, when the IGP learns of a better route) have no impact on the LSP path. If the LSP is torn down (for example, because of a link failure), the node attempts to re-establish the LSP and uses the most recent IGP information to setup the LSP path. Route Recording Route recording describes the actual path taken by an LSP, as a list of all the nodes traversed from ingress to egress. When route recording is enabled, each node records its LSR ID in the Route Record Object (RRO) of the Path message before forwarding it to the next hop. Route recording is a useful diagnostic tool when examining the path of an LSP (particularly for LSPs with loose hops, that rely on the IGP for the best path), or for loop detection. Refresh reduction Due to the soft-state nature of RSVP, LSRs must exchange control messages periodically to refresh installed state information in each node. Additionally, because control messages are sent as IP datagrams (with no guaranteed delivery), periodic refresh messages cover any lost messages. However, as the number of RSVP-TE sessions increases, so does the volume of control traffic between nodes. Refresh reduction allows you to reduce the amount of RSVP control traffic in the network. To provide RSVP refresh reduction, the Secure Router 2330/4134 supports reliable messaging. Reliable messaging Reliable messaging provides an acknowledgement mechanism between RSVP-TE neighbors to confirm that control messages have been delivered successfully. Since message loss can be detected independently, RSVP does not have to rely on periodic refresh messages to recover from any dropped messages, and the refresh interval can be longer. This reduces the amount of control traffic between RSVP-TE neighbors.

39 Fast reroute and node protection 39 A receiver acknowledges successful RSVP message delivery with either an ACK message (that references the original message s ID) or piggy-backed in another RSVP message. Fast reroute and node protection For an LSP to survive the failure of a node in the path, you can configure fast reroute one-to-one protection. Fast reroute protection provides an alternate path to a downstream router in case of a link failure. The alternate path uses a different interface to reach the same downstream router. The upstream router signals the ingress router about the failure to maintain the flow of traffic. Figure 15 Fast reroute If the failed LSR comes back up, the LSP reverts to the original protected path. Node protection The Secure Router 2330/4134 also supports fast reroute with node protection. In this case, if an LSR fails, the alternate path initiated by the upstream router bypasses the failed router completely, reconnecting to the original LSP path at the next downstream router. Figure 16 Fast reroute with node protection

40 40 RSVP-TE fundamentals Secondary LSP (global repair) The Secure Router 2330/4134 supports RSVP-TE LSP protection through primary and secondary paths. An LSP can have a primary path and (optionally) a secondary backup path. The secondary path is always pre-established, thus eliminating the need to calculate a new route and signal a new path during a failure. However, no traffic is allowed on the secondary LSP path until it is promoted to active LSP status. You only need to configure the secondary LSP on the ingress router. If the primary LSP fails, the ingress router automatically reroutes traffic over to the secondary LSP. When the primary LSP recovers, the traffic automatically reverts back to the primary LSP. Figure 17 Primary and secondary LSP Secondary LSP signaling The Secure Router 2330/4134 can perform Secondary LSP signaling using either of 2 independent methods: Sender-Template Identification method: In this method, a detour shares the RSVP Session object and LSPID with the protected LSP and changes the ingress IP address in the RSVP PATH message. According to the RSVP resource sharing rules, this LSP can be merged with the protected LSP as they have same session object. Path Specific method: In this method, a new RSVP object (DETOUR) is added to the PATH message to differentiate it from the protected LSP s path messages. Since, a detour has the same session object as the protected LSP, it can share common network resources.

41 MPLS QoS 41 Secondary LSP with fast reroute Fast reroute and secondary LSP are independent features which can be enabled for the LSP at the same time. In this case, if the primary LSP goes down, the route switches first to the fast reroute. Then, if a secondary LSP is configured, the LSP switches to the secondary LSP as the permanent LSP. Fast reroute is typically used only as a temporary entity, as the detour LSP is not necessarily traffic-engineering optimal, unlike the primary and secondary LSP, which are always optimal paths. Administrative groups Administrative groups are manually assigned attributes that describe the "color" of links, so that links with the same color are in one class. These groups are used to implement different policy-based LSP setups. With RSVP-TE, you can specify the administrative groups to include or exclude in the primary or secondary path for an LSP. The available options are: include-any: all links must belong to at least one of the administrative groups listed in the include-any list. include-all all links must belong to all of the administrative groups listed in the include-all list exclude-any none of the links must have a color found in the list of groups. MPLS QoS MPLS QoS provides support for global DSCP-to-EXP mapping on the ingress LER, and global EXP-to-DSCP mapping on the egress LER. On the ingress LER, MPLS QoS also supports flow-based EXP marking for inbound traffic, and class-based queueing for outbound traffic. The following sections provide an overview of the supported MPLS QoS features. For detailed QoS configuration information, see Configuration Traffic Management (NN ).

42 42 RSVP-TE fundamentals Ingress LER- EXP marking In order to give fair and expected QoS treatment for various traffic flows funneling through the MPLS LSP tunnels, each packet must be marked with the correct EXP value on the ingress LER. The following are the available methods of mapping/marking of the EXP value for packets on the ingress LER: Global DSCP-to-EXP Mapping Flow-based EXP Marking Table 3 Global DSCP to EXP mapping If provisioned, these methods can operate in tandem. Global DSCP-to-EXP Mapping In the ingress QoS processing stage of ingress LER, by default, every packet is marked with the EXP value based on the global DSCP-to-EXP mapping table shown below. For any packet, if DSCP is not applicable, then the EXP value in the global DSCP-to-EXP table, corresponding to the DSCP value of 0, is marked. Each MPLS per-exp flow is serviced at the defined priority and bandwidth. The peak rate allows LSP flows to utilize the unused bandwidth up to the full interface bandwidth. By default, this table is used on the ingress LER to map DSCP code points to EXP values. Class DSCP EXP Bandwidth allocated per EXP within LSP (specified as % of LSP, unless otherwise stated) Critical Control Traffic Class Selector 7 7 CR: 10%, PR: 100% of interface Tail Drop, Priority : 1 Network Control Traffic Class Selector 6 6 CR: 10%, PR: 100% of interface Tail Drop: Priority: 2 Real Time EF 5 CR= 35%, PR=50%, Tail Drop, Priority: 3 Class 1 AF 4X 4 CR=10%, PR: 100% of interface, Priority: 6 Class 2 AF 3X 3 CR=10%, PR: 100% of interface Class 3 AF 2X 2 CR=5%, PR: 100% of interface, Priority: 6 Class 4 AF 1X 1 CR=10%, PR: 100% of interface Priority: 7 Best Effort Default 0 CR=10%, PR: 100% of interface Priority: 8

43 MPLS QoS 43 Flow-based EXP Marking This method of EXP marking is optional and is user driven. The flow-based EXP marking is supported on inbound traffic only. You can use multifield classification to define traffic classes, and specify EXP marking as the action on leaf classes. Class-based queueing MPLS QoS also supports class based queuing of per-exp traffic, based on the EXP value of the data after applying the global DSCP-to-EXP mapping, and flow-based EXP marking, if applicable. DSCP Marking on Egress LER In order to give fair and expected QoS treatment for various traffic flows coming out of the MPLS LSP, each of the packets can remarked with proper DSCP code points in the egress LER. The following are the available methods of marking the DSCP code points for packets on the egress LER. Global EXP-to-DSCP marking Flow-based DSCP marking Table 4 Global EXP to DSCP mapping If provisioned, these methods can operate in tandem. Global EXP-to-DSCP Marking In the ingress QoS processing stage of egress LER, by default, every packet is re-marked with the DSCP value based on the global EXP-to-DSCP mapping table. The following table provides EXP-to-DSCP mapping per EXP class in a given LSP. By default, this table is used on the egress LER to map EXP values to DSCP code points. Class EXP DSCP Critical Control Traffic 7 Class Selector 7 Network Control Traffic 6 Class Selector 6 Premium, Real time 5 EF Platinum, Class 1 4 AF 41 Gold, Class 2 3 AF 31 Silver, Class 3 2 AF 21 Bronze, Class 4 1 AF 11 Best Effort 0 Class Selector 0, Default

44 44 RSVP-TE fundamentals The EXP-to-DSCP functionality depends on the configured MPLS tunnel mode. The tunnel modes control whether the DiffServ markings for IP packets remain independent from, or are a function of, the MPLS label EXP values. These modes are only applicable when labels are pushed or popped. They have no influence on the label swapping on intermediate LSRs. There are three tunnel modes that control the application of EXP values in various scenarios: Uniform mode Changes made to the EXP value on the uppermost label are applied to all labels in the stack, including the IP packet. In the egress LER, the changes to the EXP values along the MPLS network path are reflected into the packet by appropriately re-marking the DSCP value based on the global EXP-to-DSCP mapping table. Pipe mode Changes made to the EXP value on the uppermost label are propagated to other MPLS labels but not to the IP packet. Here, the DSCP value in the IP packet remains unchanged, but the PHB at the egress LER is chosen based on the removed EXP value. Short-pipe mode Changes made to the EXP value on the uppermost label are propagated to other MPLS labels but not to the IP packet. Here, the DSCP value in the IP packet remains unchanged, and the PHB at the egress LER is chosen based on the removed EXP value. Flow-based DSCP Marking This method of EXP marking is optional and is user driven. The flow-based DSCP marking is supported on inbound or outbound direction. You can use multifield classification to define traffic classes and assign DSCP marking as an action. This method of marking is useful in the inbound and outbound directions of egress LER.

45 . MPLS Pseudowire fundamentals 45 MPLS pseudowire (also known as MPLS L2VPN or Martini VPN) provides the ability to transport Layer 2 packets over MPLS-enabled Ethernet packet-switched networks. The MPLS pseudowire is a virtual point-to-point connection that can emulate Layer 2 protocols over MPLS tunnels. You can configure the Secure Router 2330/4134 MPLS pseudowire to provide support for one of the following types of traffic: PPP over MPLS Ethernet over MPLS HDLC over MPLS MPLS pseudowire provides a common infrastructure to encapsulate and transport the supported types of Layer 2 traffic over the MPLS network. Layer 2 virtual circuits An MPLS pseudowire consists of two Layer 2 virtual circuits, each operating over a single MPLS LSP tunnel. To configure the pseudowire, two LSPs must be established between the endpoints. As each LSP can only carry unidirectional traffic, one virtual circuit is configured on each LSP. From the perspective of each router, one virtual circuit carries the ingress traffic, and the other virtual circuit carries the egress traffic. To provide a bidirectional path, you must configure one virtual circuit with the same ID on each endpoint. The egress path and ingress path that are created with the same virtual circuit ID are then bound together into a single pseudowire. After you specify the desired encapsulation (HDLC, PPP, Ethernet, or VLAN) end to end, then the pseudowire is established. The following figure shows an Ethernet over MPLS Pseudowire emulating a VLAN between two endpoints.

46 46 MPLS Pseudowire fundamentals Figure 18 Ethernet over MPLS Virtual circuit labelling In addition to the standard MPLS label used to route packets across the MPLS network, virtual circuits support an additional VC label that identifies the egress Layer 2 interface that receives the VC traffic. The egress LER binds the VC label to a user-specified egress interface. When the egress router receives a VC-labeled packet, it forwards the packet to the interface associated with the VC label. The egress LER propagates the label binding to the ingress LER. Binding an attachment circuit to the pseudowire At each endpoint, you must bind a local Layer 2 interface to the virtual circuit to identify the source and destination for the virtual circuit traffic. This local interface, referred to as the attachment circuit, can be a PPPor HDLC-enabled WAN bundle or one of the Ethernet ports (including SR4134 module Ethernet ports). While the attachment circuit can be a module Ethernet port, on the SR4134, the underlying LSPs on which the virtual circuit operates can only be configured on WAN interfaces or chassis Ethernet ports. The SR2330 has no such limitation. LDP requirement for dynamic virtual circuits Like MPLS LSPs, you can create Layer 2 virtual circuits dynamically or statically. With dynamic virtual circuits, the LSP that is used to establish the virtual circuits can be a static LSP, RSVP-TE LSP, or an LDP LSP. However, to dynamically generate and transmit virtual circuit label mapping

47 PPP over MPLS 47 messages between the peers, MPLS pseudowire uses only LDP. As a result, in order to enable dynamic MPLS pseudowire, an LDP session must be configured between the peers regardless of the type of LSP that is used to establish the pseudowire. With remote peers, a targeted LDP session is required. With directly connected peers, a local LDP session is sufficient. If multiple LSPs are configured between the peers when a dynamic virtual circuit is enabled, the LER adheres to the following order of precedence to choose the LSP to use: 1. Static LSP 2. RSVP-TE LSP 3. LDP LSP Static virtual circuits To create static pseudowires, you must specify static VC-FTN and VC-ILM entries. The static VC-FTN entry specifies the source Layer 2 interface and outgoing LSP, while the static VC-ILM entry specifies the incoming LSP and destination Layer 2 interface. In this case, LDP is not required to establish the virtual circuits. Multiple virtual circuits One MPLS LSP can support multiple unidirectional virtual circuits. As a result, you can configure multiple pseudowires over one pair of LSPs. PPP over MPLS With MPLS pseudowire, you can direct PPP traffic over an MPLS tunnel. This allows you to transmit PPP traffic between sites over Ethernet packet-switched networks. The pseudowire encapsulates the Layer 2 PPP packets at the ingress and forwards them to the egress router. The egress router removes the encapsulation and forwards the Layer 2 packets. MPLS does not forward the entire PPP packet across the pseudowire. The PPP control and address information (0xff03, which is statically present in each PPP packet) is stripped from the transported PPP packet. The pseudowire egress endpoint resets this information in the packet before forwarding it to the destination interface.

48 48 MPLS Pseudowire fundamentals HDLC over MPLS With Release 10.2 and later, the Secure Router 2330/4134 supports HDLC over MPLS pseudowire. With this feature, you can transmit HDLC traffic between sites over Ethernet packet-switched networks. Ethernet over MPLS Ethernet over MPLS is also referred to as Transparent LAN Services (TLS). With TLS, you can connect two distant Ethernet networks together so that they function as a single logical Ethernet or VLAN domain. With Ethernet over MPLS, there are no changes to the transported Ethernet packet. MPLS pseudowire operates as a transparent transport protocol. Therefore, the pseudowire does not perform MAC learning, Layer 2 look ups, nor any interpretation of the forwarded packet for broadcasting. VLAN Rewrite Typically, when Ethernet over MPLS is emulating VLAN, the VLAN IDs at each end of the link must have the same value. The Secure Router 2330/4134 supports the VLAN rewrite feature, which allows you to use different VLAN IDs at each end of the link.

49 . Static LSP configuration 49 Configure a static LSP to set up a manually-configured, static path through the MPLS network. Static LSP configuration procedures The following task flow shows you the sequence of procedures you perform to configure a static LSP. To link to the referenced procedures, see Static LSP configuration task navigation (page 50)

50 50 Static LSP configuration Figure 19 Static LSP configuration procedures Static LSP configuration task navigation Configuring a static FTN entry on the ingress router (page 50) Configuring static ILM entries on transit and egress routers (page 51) Displaying the static FTN entry (page 52) Displaying the static ILM entry (page 52) Configuring a static FTN entry on the ingress router Configure a static FTN entry on an ingress LER to set a static MPLS action for a specific FEC.

51 Configuring static ILM entries on transit and egress routers 51 2 To configure a static FTN entry, enter: [no] mpls static-ftn <FEC/Mask> <outgoing-label> <next-hop> <outgoing-if-name> Table 5 definitions [no] <FEC/Mask> <outgoing-label> <next-hop> <outgoing-if-name> Deletes the specified static FTN entry. Specifies the Forwarding Equivalence Class, with mask (A.B.C.D/M). Specifies the outgoing label value: 0: explicit null 3: implicit null Specifies the next hop IPv4 address. Specifies the outgoing interface name. Configuring static ILM entries on transit and egress routers Configure a static ILM entry on a transit or egress LSR interface to set a static MPLS action for packets with a specific label. 2 To configure a static ILM entry, enter: [no] mpls static-ilm <label-in> <if-name-in> [pop] [swap <label-out> <next-hop> <if-name-out>]

52 52 Static LSP configuration Table 6 definitions [no] <label-in> <if-name-in> [pop] swap <label-out> <next-hop> <if-name-out> Deletes the specified static ILM entry. Specifies the incoming label value. ( ) Specifies the incoming interface name. Specifies to pop the incoming label. Specifies to swap the incoming label. Specifies the outgoing label value for swap: 0: explicit null 3: implicit null Specifies the next hop IP address. Specifies the outgoing interface name for swap: Displaying the static FTN entry Display the static FTN entry to verify the configuration. 1 To display the static FTN entry configurations, enter: show mpls static-ftn Displaying the static ILM entry Display the static ILM entry to verify the configuration. 1 To display the static ILM entry configurations, enter: show mpls static-ilm

53 Displaying static FTN statistics Display the statistics for the MPLS static FTN. Displaying static ILM statistics 53 1 To display the static FTN entries, enter: show mpls stats-ftn Displaying static ILM statistics Display the statistics for the MPLS static ILM. 1 To display the static ILM entries, enter: show mpls stats-ilm

54 54 Static LSP configuration

55 . LDP LSP configuration 55 Configure an LDP LSP to set up a best effort path through the MPLS network. LDP configuration procedures The following task flow shows you the sequence of procedures you perform to configure an LDP LSP. To link to the referenced procedures, see

56 56 LDP LSP configuration Figure 20 LDP configuration procedures ATTENTION If you configure ECMP using LDP LSPs, you must enable LDP (using the mpls protocol-ldp command) on all interfaces that are used in the ECMP configuration.

57 Configuring loopback interface and router ID 57 LDP configuration task navigation Configuring loopback interface and router ID (page 57) Enabling LDP at the router level (page 58) Configuring targeted LDP peer adjacency (page 58) Configuring LDP properties (page 61) Enabling LDP on an interface (page 76) Displaying LDP configuration and statistics (page 78) Configuring loopback interface and router ID Configure a loopback interface with an IP address and assign the interface as the router ID to enable the configuration of MPLS properties on the router. 2 To specify a bundle name for the loopback interface, enter: interface loopback <loopback-if-name> 3 To configure the loopback address, enter: ip address <loopback-ip> <subnet-mask> 4 To exit from the loopback configuration, enter: exit 5 To configure the router-id, enter: [no] router-id <router-id> Table 7 definitions <loopback-if-name> <loopback-ip> <subnet-mask> Specifies the loopback interface name. Specifies the loopback IP address and mask. Specifies the subnet mask for the loopback IP.

58 58 LDP LSP configuration Table 7 definitions (cont d.) [no] <router-id> Deletes the specified router ID. Specifies the router ID. This value must be a valid loopback address. Enabling LDP at the router level Enable LDP to allow configuration of LDP properties on the router. 2 To enable LDP, enter: router ldp Configuring targeted LDP peer adjacency Specifying a targeted LDP peer for extended discovery Specify a targeted LDP peer to send targeted hello messages to a specific IP address. This allows the router to establish an LDP session to a non-directly connected LSR. 2 To choose LDP configuration mode, enter: router ldp 3 To specify the targeted LDP peer, enter: targeted-peer <targeted-peer-ip>

59 Configuring targeted LDP peer adjacency 59 Table 8 definitions <targeted-peer-ip> Specifies the IPv4 address of the targeted peer. For the targeted peer IP, specify the address which is configured as the transport address on the peer side (preferably a loopback address). Configuring the global targeted LDP peer hello interval Configure the targeted peer hello interval for sending unicast hello packets through the interface to the targeted peer. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the targeted peer hello interval, enter: [no] targeted-peer-hello-interval < > Table 9 definitions [no] Sets the targeted peer hello interval to the default value. < > Specifies the targeted peer hello interval in seconds. Configuring the interface targeted LDP peer hello interval Configure the targeted peer hello interval for sending hello packets through the interface to the targeted peer. The targeted LDP peer hello interval configure for an interface overrides the global value.

60 60 LDP LSP configuration 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the targeted peer hello interval, enter: [no] ldp targeted-peer-hello-interval < > Table 10 definitions <bundle-name> Specifies the name of the WAN bundle. <0/1-0/4> Specifies the chassis Ethernet port number. [no] Sets the targeted peer hello interval to the default value. < > Specifies the targeted peer hello interval in seconds. Configuring the global targeted LDP peer hold time Configure the targeted LDP peer hold time to set time that the router waits before rejecting an adjacency with targeted peers. For optimal performance, set this value to no less than three times the hello interval value for targeted peers. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the targeted peer hold time, enter: [no] targeted-peer-hold-time < >

61 Configuring LDP properties 61 Table 11 definitions [no] Sets the hold time to the default value. < > Specifies the hold time in seconds. The default is 45 seconds. Configuring the interface targeted LDP peer hold time Configure the targeted LDP peer hold time to set time that the router waits before rejecting an adjacency with targeted peers. For optimal performance, set this value to no less than three times the hello interval value for targeted peers. The targeted LDP peer hold time you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the targeted peer hold time, enter: [no] ldp targeted-peer-hold-time < > Table 12 definitions [no] Sets the hold time to the global value. < > Specifies the hold time in seconds. Configuring LDP properties Configuring explicit-null labels Enable explicit null labels on router. By default, implicit null labels are advertised on the egress route.

62 62 LDP LSP configuration 2 To choose LDP configuration mode, enter: router ldp 3 To configure explicit null labels, enter: [no] explicit-null Table 13 definitions [no] Disables explicit null labels. Configuring the transport address for a label space Configure the transport address for a label space. The transport address is the address used for the TCP session over which LDP is running. If you manually configure the transport address for the label space, the transport address must be a loopback address. If you do not manually configure the transport address, LDP uses a physical interface address as the transport address. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the transport address, enter: [no] transport-address <transport-ip-address>

63 Configuring LDP properties 63 Table 14 definitions [no] <transport-ip-address> Deletes the transport address. Specifies the transport IP address. Configuring global loop detection Enable loop detection using the hop count limit method to detect looping LSPs. Loop detection ensures that a loop is detected while establishing a label switched path and before any data is passed over that LSP. 2 To choose LDP configuration mode, enter: router ldp 3 To configure loop detection, enter, enter: [no] loop-detection Table 15 definitions [no] Disables loop-detection. Configuring the global loop detection count Configure the loop detection count to set the maximum hop-count value for loop detection. An LSR that detects a maximum hop count behaves as if the containing message has traversed a loop. The use of the loop-detection-count ensures that a loop is detected while establishing a label switched path before any data is passed over that LSP.

64 64 LDP LSP configuration 2 To choose LDP configuration mode, enter: router ldp 3 To configure the loop detection count, enter, enter: [no] loop-detection-count <1-255> Table 16 definitions [no] Sets the loop detection count to the default value. <1-255> Specifies the loop detection count. Configuring global request retries Enable request retries to allow repeated requests for a label when it has been rejected for a valid reason. 2 To choose LDP configuration mode, enter: router ldp 3 To enable request retries, enter, enter: [no] request-retry Table 17 definitions [no] Disables request retries. Configuring the global request retry timeout Configure the request retry timeout to set the interval between request retries.

65 Configuring LDP properties 65 2 To choose LDP configuration mode, enter: router ldp 3 To configure the request retry timeout, enter: [no] request-retry-timeout < > Table 18 definitions [no] Sets the request retry timeout to the default value. The default timeout is 5 seconds. < > Specifies the interval between request retries in seconds. Propagating the global release of labels to downstream routers The label advertisement mode (downstream unsolicited) controls how labels are propagated to upstream routers. You can enable the propagation of labels to next-hop routers even if the upstream router does not hold a label for the specified FEC. In this case, the LSR can propagate the label to the Next Hop. 2 To choose LDP configuration mode, enter: router ldp 3 To propagate the release of labels to downstream routers, enter, enter: [no] propagate-release

66 66 LDP LSP configuration Table 19 definitions [no] Disables the release of labels to downstream routers. Configuring the global label control mode Set the control mode for label processing. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the label control mode, enter: [no] control-mode {independent ordered} Table 20 definitions [no] independent ordered Sets the label control mode to the default value (independent). Independent processing sets the mode to instant replies: the LSR advertises label mappings to neighbors at any time. In ordered mode, an LSR only advertises label mappings for an FEC when it is the egress router for the FEC, or when it has received a label mapping from the current next hop for the FEC. Applying ACL rules to LDP Configure ACL rules to permit or deny the advertisement of labels for specific routes to a configured list of neighbors. After the routes are redistributed, denied routes are no longer advertised to the listed LDP neighbors.

67 Configuring LDP properties 67 2 To choose LDP configuration mode, enter: router ldp 3 To configure label advertisement, enter, enter: [no] advertise-labels [for any to none] {for <prefix-acl> to [any <peer-acl>] } Table 21 definitions [no] [for any to none] <prefix-acl> [any <peer-acl>] Specifies destinations that do not advertise their labels to specified LDP neighbors. (When used together with for any to none, this enables the distribution of all locally assigned labels to all LDP neighbors.) Prevents the distribution of any locally assigned labels to any neighbors. Prefix access control list that specifies the destinations that have their labels advertised. Specifies the neighbors that receive label advertisements, using a peer access control list name. Enter any to specify all neighbors. Configuring the global label advertisement mode Configure the label advertisement mode to control how the router advertises FEC-to-label bindings to LDP peers. 2 To choose LDP configuration mode, enter: router ldp

68 68 LDP LSP configuration 3 To configure the label advertisement mode, enter: [no] advertisement-mode {downstream-unsolicited} Table 22 definitions [no] {downstream-unsolicited} Sets the default advertisement mode to the default value. (Default: downstream-unsolicited.) Specifies downstream-unsolicited mode: the router distributes labels to peers without waiting for a label request. This mode is typically used with the liberal label retention mode. Configuring the interface label advertisement mode Configure the label advertisement mode to control when the interface advertises FEC-to-label bindings to LDP peers. The label advertisement mode you configure for an interface overrides the global advertisement mode. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the label advertisement mode, enter: [no] ldp advertisement-mode {downstream-unsolicited}

69 Configuring LDP properties 69 Table 23 definitions [no] {downstream-unsolicited} Sets the interface label advertisement mode to the global value. Specifies downstream-unsolicited mode: the router distributes labels to peers without waiting for a label request. This mode is typically used with the liberal label retention mode. Configuring the global label retention mode Set the retention mode to be used for all labels exchanged through all interfaces. If an LDP session is already operational, any changes made to the retention mode apply only to labels received after the router processes the mode change command. All previously received labels remain unchanged. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the label retention mode, enter: [no] label-retention-mode {liberal} Table 24 definitions [no] {liberal} Sets the interface label advertisement mode to the default value. Specifies to retain all labels binding to FEC received from label distribution peers, even if the LSR is not the current next hop. Configuring the interface label retention mode Set the retention mode to be used for all labels exchanged through the specified interface.

70 70 LDP LSP configuration If an LDP session is already operational, any changes made to the retention mode apply only to labels received after the router processes the mode change command. All previously received labels remain unchanged. The label retention mode you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the label retention mode, enter: [no] ldp label-retention-mode {liberal} Table 25 definitions [no] {liberal} Sets the interface label retention mode to the global value. Specifies to retain all labels binding to FEC received from label distribution peers, even if the LSR is not the current next hop. Configuring the global LDP hello interval Configure the interval for sending hello packets through LSR interfaces to create and maintain adjacencies. Whenever a new router comes up, it sends out a hello packet to a specified, multicast address announcing itself to the network. Hello messages are sent to the All Routers Multicast Group ( ). Receipt of a hello packet from another LSR creates a hello adjacency with that LSR. For optimum performance, set the hello-interval value to no more than one-third the hold-time value.

71 Configuring LDP properties 71 2 To choose LDP configuration mode, enter: router ldp 3 To configure the hello interval, enter: [no] hello-interval < > Table 26 definitions [no] Sets the hello interval to the default value (2 seconds). < > Specifies the hello interval in seconds. Configuring the interface LDP hello interval Configure the interval for sending hello packets through the interface to create maintain adjacencies. Whenever a new router comes up, it sends out a hello packet to a specified, multicast address announcing itself to the network. Hello messages are sent to the All Routers Multicast Group ( ). Receipt of a hello packet from another LSR creates a hello adjacency with that LSR. For optimum performance, set the hello-interval value to no more than one-third the hold time value. The hello interval you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>]

72 72 LDP LSP configuration 3 To configure the hello interval, enter: [no] ldp hello-interval < > Table 27 definitions [no] Sets the hello interval to the global value. < > Specifies the hello interval in seconds. Configuring the global LDP hold time Configure the hold time value to set the maximum period that the LSR waits for a hello packet from a peer before it rejects an existing adjacency. The hold timer is reset every time a hello packet is received from the peer in question. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the hold time, enter: [no] hold-time < > Table 28 definitions [no] Sets the hold time to the default value (15 seconds). < > Specifies the hold time in seconds. Configuring the interface LDP hold time Configure the hold time value to set the maximum period that the interface waits for a hello packet from a peer before it rejects an existing adjacency. The hold time timer is reset every time a hello packet is received from the peer in question.

73 Configuring LDP properties 73 The hold time you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the hold time, enter: [no] ldp hold-time < > Table 29 definitions [no] Sets the hold time to the global value. < > Specifies the hold time in seconds. Configuring the global keepalive interval Set the interval at which the LSR sends keepalive messages to the peer in order to maintain an LDP session. Each LSR must send keepalive messages at regular intervals to LDP peers to keep the sessions active. The keepalive interval determines the time-interval between successive keepalive messages. 2 To choose LDP configuration mode, enter: router ldp 3 To configure the keepalive interval, enter: [no] keepalive-interval < >

74 74 LDP LSP configuration Table 30 definitions [no] Sets the keepalive interval to the default value (30 seconds). < > Specifies the keepalive interval in seconds. Configuring the interface keepalive interval Set the interval at which the LSR sends keepalive messages to the peer in order to maintain an LDP session. Each LSR must send keepalive messages at regular intervals to LDP peers to keep the sessions active. The keepalive interval determines the time-interval between successive keepalive messages. The keepalive interval you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the keepalive interval, enter: [no] ldp keepalive-interval < > Table 31 definitions [no] Sets the keepalive interval to the global value. < > Specifies the keepalive interval in seconds.

75 Configuring LDP properties 75 Configuring the global keepalive timeout Configure the keepalive timeout to set the maximum period that the LSR waits for a keepalive message from a peer before the LDP session times out. The keepalive timer is reset every time a keepalive packet is received from the peer in question. For optimum performance, set this value to no more than three times the keepalive interval value 2 To choose LDP configuration mode, enter: router ldp 3 To configure the keepalive timeout, enter: [no] keepalive-timeout < > Table 32 definitions [no] Sets the keepalive timeout to the default value. (30 seconds) < > Specifies the keepalive timeout in seconds. Configuring the interface keepalive timeout Configure the keepalive timeout to set the maximum period that the LSR waits for a keepalive message from a peer before the LDP session times out. The keepalive timer is reset every time a keepalive packet is received from the peer in question. For optimum performance, set this value to no more than three times the keepalive interval value When you configure this property at the interface level, the configured value overrides the value set using the global keepalive-timeout command. The keepalive timeout you configure for an interface overrides the global value.

76 76 LDP LSP configuration 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the keepalive timeout, enter: [no] ldp keepalive-timeout < > Table 33 definitions [no] Sets the keepalive timeout to the global value. < > Specifies the keepalive timeout in seconds. Enabling LDP on an interface Enable LDP on the interface. 2 To select the interface, enter: interface [bundle <wan_bundle_name> ethernet <0/1-0/4> vlan <vid>] 3 To enable MPLS on the interface, enter: mpls ip 4 To enable the LDP protocol for the interface, enter: mpls protocol-ldp

77 Enabling auto-discovery of LDP peers 77 Enabling auto-discovery of LDP peers Configuring global multicast hellos Enable multicast hello exchange on all interfaces to enable auto-discovery of LDP peers on directly connected networks. When LDP is enabled, Multicast hellos are enabled by default. 2 To choose LDP configuration mode, enter: router ldp 3 To enable multicast hellos on the interface, enter: [no] multicast-hellos Table 34 definitions [no] Disables multicast hellos on all interfaces. Configuring interface multicast hellos Enable multicast hello exchange on an interface to enable auto-discovery of LDP peers on directly connected networks. Multicast hellos are enabled by default. Enabling or disabling multicast hellos for an interface overrides the global state. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To enable multicast hellos on the interface, enter:

78 78 LDP LSP configuration [no] ldp multicast-hellos Table 35 definitions [no] Disables multicast hellos on the interface. Displaying LDP configuration and statistics Displaying LDP adjacency 1 To display the LDP adjacency, enter: show ldp adjacency Displaying the IP access list of LDP advertise-labels 1 To display the IP access list of LDP advertise-labels, enter: show ldp advertise-labels Displaying FECs known to the current LSR 1 To display the FECs known to the current LSR, enter: show ldp fec [A.B.C.D/M] If the IP address is not specified, all FECs are displayed.

79 Displaying LDP configuration and statistics 79 Displaying detailed LDP information for interfaces 1 To display the detailed LDP information for an interface, enter: show ldp interface <interface-name> Table 36 definitions <interface-name> Displays LDP information for the specified interface. If this value is not specified, information for all interfaces is displayed. Displaying LDP LSP configuration 1 To display the LDP LSP configuration, enter: show ldp lsp [detail] Table 37 definitions [detail] Displays advertise-label information in addition to LDP LSP information. Displaying LDP LSP hosts corresponding to an FEC 1 To display the configuration of the LDP LSP corresponding to a particular FEC, enter: show ldp lsp fec <A.B.C.D/M> [detail]

80 80 LDP LSP configuration Table 38 definitions <A.B.C.D/M> [detail] FEC with mask. Displays advertise-label information in addition to LDP LSP information. Displaying LDP LSP host 1 To display the LDP LSP host, enter: show ldp lsp host [detail] Table 39 definitions [detail] Displays advertise-label information in addition to LDP LSP host information. Displaying LDP LSP prefix 1 To display the LDP LSP prefix, enter: show ldp lsp prefix [detail] Table 40 definitions [detail] Displays advertise-label information in addition to LDP LSP prefix information.

81 Displaying LDP configuration and statistics 81 Displaying LDP session 1 To display LDP session, enter: show ldp session [<A.B.C.D> detail] Table 41 definitions <A.B.C.D> detail Displays information for established sessions with the peer specified by this IP address. If this value is not specified, information for all peers is displayed. Displays detailed information for all sessions established between the current LSR and other LSRs. Displaying LDP packet statistics 1 To display the LDP packet statistics, enter: show ldp statistics Displaying LDP advertise-labels statistics 1 To display the LDP advertise-labels statistics, enter: show ldp statistics advertise-labels

82 82 LDP LSP configuration Clearing LDP adjacencies 1 To clear LDP adjacencies, enter: clear ldp adjacency {<A.B.C.D> all} Table 42 definitions <A.B.C.D> all LDP adjacency address. Clears all LDP adjacencies. Clearing LDP statistics 1 To clear LDP adjacencies, enter: clear ldp statistics [advertise-labels for <prefix-list>] Table 43 definitions [advertise-labels for <prefix-list>] Clears IP prefix list of advertise-labels.

83 . RSVP-TE LSP configuration 83 Configure an RSVP-TE LSP to set up a traffic-engineered LSP through the MPLS network. RSVP-TE configuration procedures The following task flow shows you the sequence of procedures you perform to configure an RSVP-TE LSP. To link to the referenced procedures, see RSVP-TE configuration task navigation (page 85)

84 84 RSVP-TE LSP configuration Figure 21 RSVP-TE configuration procedures

85 Configuring loopback interface and router ID 85 RSVP-TE configuration task navigation Configuring loopback interface and router ID (page 85) Enabling RSVP-TE at the router level (page 86) Enabling RSVP-TE at the interface level (page 86) Creating an RSVP-TE LSP (page 87) Configuring an explicit path LSP (page 89) Configuring constrained path LSP properties (page 92) Configuring Fast Reroute for constrained path LSP (page 103) Configuring RSVP-TE LSP properties (page 109) Configuring RSVP-TE global and interface properties (page 112) Mapping routes to RSVP-TE LSPs (page 125) Displaying RSVP-TE LSP configuration and statistics (page 126) Displaying RSVP-TE configuration and statistics (page 130) Configuring loopback interface and router ID Configure a loopback interface with an IP address and assign the interface as the router ID to enable the configuration of MPLS properties on the router. 2 To specify a bundle name for the loopback interface, enter: interface loopback <loopback-if-name> 3 To configure the loopback address, enter: ip address <loopback-ip> <subnet-mask> 4 To exit from the loopback configuration, enter: exit 5 To configure the router-id, enter: [no] router-id <router-id>

86 86 RSVP-TE LSP configuration Table 44 definitions <loopback-if-name> <loopback-ip> <subnet-mask> [no] <router-id> Specifies the loopback interface name. Specifies the loopback IP address and mask. Specifies the subnet mask for the loopback IP. Deletes the specified router ID. Specifies the router ID. This value must be a valid loopback address. Enabling RSVP-TE at the router level Enable RSVP-TE to enable configuration of RSVP-TE properties on the router. 2 To enable RSVP-TE, enter: router rsvp Enabling RSVP-TE at the interface level Enable RSVP-TE on the interface. 2 To select the interface, enter: interface [bundle <wan_bundle_name> ethernet <chassis_ethernet_port> vlan <vid>] 3 To enable MPLS on the interface, enter: mpls ip 4 To enable the RSVP-TE protocol for the interface, enter:

87 Creating an RSVP-TE LSP 87 mpls protocol-rsvp Creating an RSVP-TE LSP Creating an RSVP-TE LSP Create a new RSVP traffic-engineered LSP. Once the traffic-engineered LSP is minimally configured with required attributes (ingress and egress IP addresses), an RSVP session is created for this LSP, which enables the exchange of messages and completes the LSP setup. 2 To configure the LSP name [no] mpls traffic-eng-lsp <LSP-name> Table 45 definitions [no] <LSP-name> Removes the traffic-engineering LSP and all the configured attributes, except the specified primary path. Specifies the name of the LSP. Configuring the ingress address for the LSP Specify the IPv4 address of the LSP ingress. This address is typically the router-id. 2 To select the traffic engineering LSP, enter: mpls traffic-eng-lsp <LSP-name>

88 88 RSVP-TE LSP configuration 3 To specify the IP address for tunnel ingress, enter: from <ingress-ip> Table 46 definitions <LSP-name> <ingress-ip> Specifies the traffic engineered LSP name. Specifies the IPv4 address for the LSP ingress router or interface. The address specified is uses as the sender address in the sender template object in Path messages. Configuring the egress router for the LSP When configuring a traffic-engineered LSP, you must specify the address of the egress router to create an RSVP session. This is a mandatory step in the creation of a traffic-engineered LSP. If an egress router is not defined, no RSVP-TE session can be created. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the egress address, enter: [no] to <egress-ip> Table 47 definitions <LSP-name> [no] <egress-ip> Specifies the traffic engineered LSP name. Deletes the specified LSP egress IP address. Specifies the IPv4 address for the LSP egress router.

89 Configuring an explicit path LSP 89 Configuring an explicit path LSP Disabling and enabling CSPF globally By default, CSPF is enabled for traffic-engineered LSPs. Disable CSPF when all nodes in the path do not support the required traffic engineering extensions. You must then manually configure LSPs to use an explicit path. The LSP is then established only along the manually configured path. 2 To choose RSVP configuration mode, enter: router rsvp 3 To enable or disable CSPF, enter: {no-cspf cspf} Disabling and enabling CSPF on RSVP-TE LSPs Disable or enable CSPF on a particular LSP. To enable CSPF on an LSP, CSPF must be globally enabled. CSPF is enabled by default for traffic-engineered LSPs. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure CSPF status, enter: {primary secondary} {no-cspf cspf}

90 90 RSVP-TE LSP configuration Table 48 definitions primary secondary no-cspf cspf Specifies the primary LSP. Specifies the secondary LSP. Disables CSPF on the LSP. Sets CSPF status to the default setting (enabled). Create the explicit route and define the hops When all nodes in the path do not support the required traffic engineering extensions to enable CSPF, configure an RSVP-TE explicit route. When you configure the explicit route, you can define all hops along the path, and specify for each hop whether it is loose or strict. 2 To select the traffic engineering path, enter: mpls traffic-eng-path <path-name> 3 To configure hop, enter: [no] hop-address <hop-address> [loose strict] Table 49 definitions [no] <hop-address> loose strict Removes the specified hop. IPv4 address of the hop. Specifies loose hops: the route taken form one router to the next need not be a direct path: messages exchanged between the two routers can pass through other routers. Specifies strict hops: the route taken from one router to the next must be a directly connected path. This ensures that routing is enforced on the basis of each link.

91 Configuring an explicit path LSP 91 Associate the RSVP-TE explicit route with an LSP After you define the path in the RSVP-TE explicit route, you can associate the route with a primary or secondary LSP. 2 To select the LSP, enter: mpls-traffic-eng-lsp <LSP-name> 3 To associate an explicit route with the LSP, enter: [no] {primary secondary} traffic-eng-path <path-name> Table 50 definitions [no] primary secondary <path-name> Removes the configured explicit route. Specifies the primary LSP. Specifies the secondary LSP. Specifies the name of the path. Specifying the Route Record List as an explicit route You can use the updated Route Record List as an Explicit Route (with all strict nodes) when a path message is sent out at the next refresh. Use the no parameter to disable the use of the Route Record List as the explicit route. The ERO list contains the hops to be taken to reach the egress from the current LSR. If CSPF is not available, to place an ERO with all strict routes, use this command to modify the ERO after receiving the Resv message. The future Path messages have the ERO with all strict nodes, identifying each and every node to be traversed.

92 92 RSVP-TE LSP configuration 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure route record list as an explicit route, enter: [no] {primary secondary} reuse-route-record Table 51 definitions [no] primary secondary Disables the route record list as an explicit route. Specifies the primary LSP. Specifies the secondary LSP. Configuring constrained path LSP properties Reserving bandwidth for RSVP-TE LSPs Specify the bandwidth for the RSVP-TE LSP to ensure the LSP meets desired traffic requirements. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To specify RSVP-TE LSP bandwidth, enter: [no] [primary secondary] {bandwidth <bandwidth> [k m g]} Table 52 definitions [no] primary Removes the specified configuration. Specifies the primary LSP.

93 Configuring constrained path LSP properties 93 Table 52 definitions (cont d.) secondary {bandwidth <bandwidth> [k m g]} Specifies the secondary LSP bits. You can also specify the bandwidth in terms of kilobits (k) megabits (m) or gigabits (g). For example, for 1 megabit, enter 1m Configuring the filter style for RSVP-TE LSP Configure the filter to fixed or shared filter style for RSVP-TE LSP. Use the fixed filter style to prevent rerouting of an LSP and to prevent other LSPs from using the bandwidth reserved for this LSP. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the filter style, enter: [no] {primary secondary} filter {fixed shared-explicit} Table 53 definitions primary secondary fixed shared-explicit Specifies the primary LSP. Specifies the secondary LSP. Specifies a distinct reservation. A distinct reservation request is created for data packets from this LSP. Specifies a shared reservation environment. It creates a single reservation into which flows from all LSPs are combined. Configuring retry limit for RSVP-TE LSP If a session is in a nonexistent state due to the receipt of a Path Error message, it tries to recreate the LSP for the number of times specified by the retry-limit command.

94 94 RSVP-TE LSP configuration Although the same retry command controls both the MPLS traffic engineering tunnel and the session, the retry-limit value affects only the session and not the traffic-engineering tunnel. If the traffic tunnel is in an incomplete state, the code keeps trying forever to bring it to a complete state, irrespective of the retry-limit value. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure retry limit, enter: [no] {primary secondary} retry-limit < > Table 54 definitions primary Specifies the primary LSP. secondary Specifies the secondary LSP. < > The number of times the system tries to set up the LSP. Default is 0 (indefinite). Configuring retry timer for RSVP-TE LSP Specify a retry interval for an RSVP-TE LSP. Use the no parameter to revert to the default. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the retry timer, enter:

95 Configuring constrained path LSP properties 95 [no] {primary secondary} retry-timer <1-600> Table 55 definitions [no] Reverts to the default value (30 seconds). primary Specifies the primary LSP. secondary Specifies the secondary LSP. <1-600> Time, in seconds, that the system waits before retrying LSP setup. Configuring setup priority for RSVP-TE LSP Configure the setup priority to determine whether a new LSP can preempt an existing LSP. The setup priority of the new LSP must be higher than the hold priority of an existing LSP for the existing LSP to be preempted. For RSVP-TE LSP, do not configure the setup priority to be higher than the hold priority. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the setup priority for RSVP-TE LSP, enter: [no] {primary secondary} setup-priority <0-7> Table 56 definitions [no] primary Sets the setup priority to the default value: 7 (lowest). Specifies the primary LSP.

96 96 RSVP-TE LSP configuration Table 56 definitions (cont d.) secondary Specifies the secondary LSP. <0-7> Specifies the setup priority, from highest priority (0) to lowest priority (7) Configuring the hold priority for RSVP-TE LSP Configure the hold priority value for the selected RSVP-TE LSP. The hold priority determines the degree to which an LSP holds onto its reservation for a session after the LSP has been set up successfully. When the hold priority is high, the existing LSP is less likely to give up its reservation. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the hold priority, enter: [no] {primary secondary} hold-priority <0-7> Table 57 definitions [no] primary secondary Sets the hold priority to the default value: 0 (highest). Specifies the primary LSP. Specifies the secondary LSP. <0-7> Specifies the hold priority, from highest priority (0) to lowest priority (7) Configuring CSPF retry limit Specify the number of retries that CSPF performs for a request received from RSVP.

97 Configuring constrained path LSP properties 97 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the CSPF retry limit, enter: [no] {primary secondary} cspf-retry-limit < > Table 58 definitions [no] primary secondary Sets the retry limit to the default value: 0 (indefinite). Specifies the primary LSP. Specifies the secondary LSP. < > Specifies the number of times CSPF tries to perform a request received from RSVP. Configuring CSPF retry timer Use this command to specify the time between each retry that CSPF performs for a request received from RSVP. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure CSPF retry timer, enter: [no] {primary secondary} cspf-retry-timer <1-600>

98 98 RSVP-TE LSP configuration Table 59 definitions [no] Sets the retry timer to the default value: 0 (indefinite). primary secondary Specifies the primary LSP. Specifies the secondary LSP. <1-600> Timeout between successive retries, in seconds. Configuring the hop limit for RSVP-TE LSP Specify the hop limit for an RSVP-TE LSP to place a limit on the number of hops in the LSP. If a primary path exists when you configure a hop limit, the hop limit is compared with the current number of hops in the primary path. If the number of hops in the primary path exceeds the configure hop limit, the existing session is torn down and no Path messages are sent out. The hop limit data is sent to the CSPF server, if CSPF is being used. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the hop limit, enter: [no] {primary secondary} hop-limit <1-255> Table 60 definitions [no] Sets the hop limit to the default value (255). primary Specifies the primary LSP. secondary Specifies the secondary LSP. <1-255> Specifies the acceptable number of hops.

99 Configuring constrained path LSP properties 99 Configuring label recording Configure label record to set whether to record all labels exchanged between RSVP enabled routers during the reservation setup process. Label recording can help in debugging problems. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure label recording, enter: [no] {primary secondary} label-record Table 61 definitions [no] primary secondary label-record Disables label recording. Specifies the primary LSP. Specifies the secondary LSP. Specifies to record all the labels exchanged for an LSP from the ingress to the egress. Configuring route recording You can disable recording of the route taken by PATH and RESV messages, which confirm the establishment of reservations and identify errors. Route recording is enabled by default. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure route recording, enter:

100 100 RSVP-TE LSP configuration {primary secondary} {no-record-route record-route} Table 62 definitions primary secondary no-record-route record-route Specifies the primary LSP. Specifies the secondary LSP. Disables route recording. Enables route recording. Creating an MPLS administrative group Create administrative groups to classify links or interfaces. Administrative groups are meaningful only when CSPF is enabled. You can use these groups to implement different policy-based LSP setups. Each interface can be a member of one or more, or no, administrative groups. 2 To create an administrative group, enter: [no] mpls admin-group <admin-group-name> <0-31> Table 63 definitions [no] <admin-group-name> Deletes the specified administrative group. Specifies the name or color of the administrative group. <0-31> Specifies the value of the administrative group to be added (0-31). Adding an interface to an administrative group Assign an interface to an administrative group to classify the interfaces.

101 Configuring constrained path LSP properties To select an MPLS interface, enter: interface [bundle <bundle-name> ethernet <0/1-0/4> vlan <vid>] 3 To assign the interface to an administrative group, enter: [no] mpls admin-group <admin-group-name> Table 64 definitions [no] <admin-group-name> Removes the interface from the specified administrative group. Specifies the name of the administrative group. Including administrative groups in an RSVP-TE LSP Configure the include-any parameter to set the administrative groups to include in an LSP. To be added to the LSP, links must belong to at least one of the administrative groups listed in the include-any list. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the administrative groups to include in the LSP, enter: [no] {primary secondary} include-any <admin-group-na me>

102 102 RSVP-TE LSP configuration Table 65 definitions [no] primary secondary <admin-group-name> Removes a previously configured group from the specified list. Specifies the primary LSP. Specifies the secondary LSP. Specifies the administrative group name. Excluding administrative groups from an RSVP-TE LSP Specify the administrative groups to be excluded from an LSP. If you specify an exclude-any list, any link that belongs to even one of the groups specified in the exclude list cannot be chosen for the LSP. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the administrative groups to exclude, enter: [no] {primary secondary} exclude-any <admin-group-na me> Table 66 definitions [no] primary secondary <admin-group-name> Removes the specified group from the exclude-any list. Specifies the primary LSP. Specifies the secondary LSP. Specifies the name of the administrative group to exclude from the LSP.

103 Configuring Fast Reroute for constrained path LSP 103 Disabling affinity Disable the use of sending out session attribute objects with resource affinity data. With affinity enabled, the LSP can match desired attributes, represented by affinity bits, to link attributes. This allows the LSP to include (include-any) or exclude (exclude-any) the configured administrative groups in the LSP. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure affinity, enter: {primary secondary} {no-affinity affinity} Table 67 definitions primary secondary no-affinity affinity Specifies the primary LSP. Specifies the secondary LSP. Disables affinity. Enables affinity. Configuring Fast Reroute for constrained path LSP Enabling and disabling one-to-one fast reroute protection Enable the local repair of explicit routes for which this router is a transit node. Use the no parameter with this command to disable local repair of explicit routes. 2 To select the LSP, enter:

104 104 RSVP-TE LSP configuration mpls traffic-eng-lsp <LSP-name> 3 To configure one-to-one fast reroute protection, enter: [no] primary fast-reroute protection one-to-one Table 68 definitions [no] Disables one-to-one fast reroute protection. Configuring fast reroute node protection Set node protection to bypass the failed node completely during fast reroute. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure node protection, enter: [no] primary fast-reroute node-protection Table 69 definitions [no] Disables node protection. Configuring fast reroute bandwidth Configure bandwidth for fast reroute.

105 Configuring Fast Reroute for constrained path LSP To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the fast reroute bandwidth, enter: [no] primary fast-reroute bandwidth <bandwidth> Table 70 definitions [no] <bandwidth> Deletes the fast reroute bandwidth configuration. Specifies the fast reroute bandwidth, from 1 to bits. You can also specify the bandwidth in units of kilobits, megabits, or gigabits (k, m, or g). For example, to specify 10 kilobits, enter 10k. Specifying the administrative groups to include in the fast reroute Specify the administrative groups to include in the fast reroute set up. To be added to the alternate route, links must belong to at least one of the administrative groups listed in the include-any list. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the administrative groups to include, enter: [no] primary fast-reroute include-any <groupname> Table 71 definitions [no] <groupname> Deletes the specified group from the include-any list. Specifies the administrative groups to include in the fast reroute set up.

106 106 RSVP-TE LSP configuration Excluding administrative groups from the fast-reroute Specify the administrative groups to be excluded from the fast reroute set up. When you specify the exclude-any list, any link that belongs to even one of the groups specified in the exclude list cannot be chosen for the alternate route. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the administrative groups to exclude, enter: [no] primary fast-reroute exclude-any <groupname> Table 72 definitions [no] <groupname> Deletes the specified group from the exclude-any list. Specify the administrative group to be excluded from the fast reroute set up. Configuring fast reroute setup priority Configure the setup priority to determine whether the alternate path can preempt an existing LSP. The setup priority of the alternate path must be higher than the hold priority of an existing LSP for the existing LSP to be preempted. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name>

107 Configuring Fast Reroute for constrained path LSP To configure fast reroute setup priority, enter: [no] primary fast-reroute setup-priority <0-7> Table 73 definitions [no] Sets the setup priority to the default value: 7 (lowest). <0-7> Specifies the fast-reroute setup priority, from highest priority (0) to lowest priority (7) Configuring fast reroute hold priority Set the hold priority for the detour LSP Configure the hold priority value for the alternate path. The hold priority determines the degree to which the alternate path holds onto its reservation for a session after the path has been set up successfully. When the hold priority is high, the existing path is less likely to give up its reservation. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the hold priority, enter: [no] primary fast-reroute hold-priority <0-7> Table 74 definitions [no] Sets the hold priority to the default value: 0 (highest). <0-7> Specifies the fast reroute hold priority, from highest priority (0) to lowest priority (7)

108 108 RSVP-TE LSP configuration Configuring fast reroute hop limit Specify the fast reroute hop limit to place a limit on the number of hops in the alternate path. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the fast reroute hop limit, enter: [no] primary fast-reroute hop-limit <1-255> Table 75 definitions [no] Sets the configured hop limit to the default value (255). <1-255> Specifies the maximum number of hops for fast reroute. Configuring detour LSP identification method Specify the detour LSP identification method, either path-specific or sender-template. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the LSP detour identification method, enter: [no] detour-identification {path sender-template}

109 Configuring RSVP-TE LSP properties 109 Table 76 definitions [no] path sender-template Sets the detour LSP identification method to the default value (sender-template). Sets path specific detour LSP identification method. In this method, a new RSVP object (DETOUR) is added to the PATH message to differentiate it from the protected LSP s path messages. Since, a detour has the same session object as the protected LSP, it might share common network resources. Sets sender-template specific detour LSP identification method. In this method, a detour shares the RSVP Session object and LSPID with the protected LSP and changes the ingress IP address in the RSVP PATH message. According to the RSVP resource sharing rules, this LSP can be merged with the protected LSP as they have same session object. Configuring RSVP-TE LSP properties Configuring the extended tunnel ID in RSVP-TE messages Configure the extended tunnel identifier used in RSVP messages. The extended tunnel ID specifies a unique 4 octet identifier for all sessions. If no extended tunnel ID is specified, the LSR-ID for the router is used as the extended tunnel ID for all LSPs. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the extended tunnel ID, enter: [no] ext-tunnel-id <A.B.C.D>

110 110 RSVP-TE LSP configuration Table 77 definitions [no] <A.B.C.D> Deletes the extended tunnel ID. IPv4 representation for extended tunnel ID. Configuring the creation and tear-down method for the RSVP-TE LSP Configure the method of creating and tearing down sessions (primary and secondary) when attributes for the MPLS traffic-engineering LSP are modified. 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To configure the LSP update method, enter: update-type {make-before-break break-before-make } Table 78 definitions make-before-break break-before-make Specifies that a new LSP is created for each attribute update. Once the new LSP becomes operational, the original LSP is torn down. (Default value) Specifies that, for each attribute update, the existing LSP is torn down and then re-created with the new attributes. Restarting the RSVP-TE LSP If the creation of an RSVP-TE LSP fails, you must restart the LSP setup procedure.

111 Configuring RSVP-TE LSP properties To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 Restart the LSP, enter: traffic-eng-lsp-restart Configuring hello exchanges with a specific neighbor Use this command to explicitly specify a neighbor to exchange Hello messages with. Any Hello messages from a neighbor that is not explicitly specified will be rejected. Use the no parameter to remove an IPv4 neighbor from the system. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure hello exchanges with a specific neighbor, enter: [no] neighbor <neighbor-ip-address> Table 79 definitions [no] <neighbor-ip-address> Removes an IPv4 neighbor from the system. IPv4 address of the neighbor.

112 112 RSVP-TE LSP configuration Configuring RSVP-TE global and interface properties Configuring the RSVP-TE source address Specify the source loopback address for IPv4 packets being sent out by the RSVP daemon. 2 To choose RSVP configuration mode, enter: router rsvp 3 To specify the source address, enter, enter: [no] from <loopback-ip-address> Table 80 definitions [no] <loopback-ip-address> Deletes the specified loopback address. Loopback IPv4 address. Configuring explicit-null labels Enable explicit null labels on the router. By default, implicit null labels are advertised on the egress router. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure explicit null labels, enter: [no] explicit-null

113 Configuring RSVP-TE global and interface properties 113 Table 81 definitions [no] Disable explicit null labels. Configuring Penultimate-Hop-Popping With the PHP state set to enabled on the router (the default state), an egress router sends either implicit null or explicit null labels for LSPs. If you disable PHP using the no-php command, the egress router sends neither implicit null nor explicit null labels. Rather, it sends non-reserved labels (labels from the label pool range allotted to RSVP) to the upstream router. Use the show rsvp command to display the status of Penultimate-Hop-P opping. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure PHP, enter: [php no-php ] Table 82 definitions php no-php Re-enables penultimate-hop-popping on the router. Disables penultimate-hop-popping on the router. Configuring loop detection Configure the loop detection mode to detect looping LSPs. Loop detection ensures that a loop is detected while establishing a label switched path and before any data is passed over that LSP.

114 114 RSVP-TE LSP configuration 2 To choose RSVP configuration mode, enter: router rsvp 3 To enable or disable loop detection, enter: [no-loop-detection loop-detection] Table 83 definitions loop-detection no-loop-detection Enables loop detection. Disables loop detection. Configuring MPLS tunnel-mode Configure the MPLS tunnel mode to determine the relationship between label EXP and IP packet DSCP values. 2 To specify the mpls tunnel-mode, enter, enter: [no] mpls tunnel-mode {pipe short-pipe uniform} Table 84 definitions [no] Sets the MPLS tunnel mode to the default value (uniform).

115 Configuring RSVP-TE global and interface properties 115 Table 84 definitions (cont d.) pipe short-pipe uniform Specifies that changes made to the EXP value on the uppermost label are propagated to other MPLS labels but not to the IP packet. Here, the DSCP value in the IP packet remains unchanged, but the PHB is chosen based on the removed EXP value. Specifies that changes made to the EXP value on the uppermost label are propagated to other MPLS labels but not to the IP packet. Here, the DSCP value in the IP packet remains unchanged, and the PHB is chosen based on the removed EXP value. Specifies that changes made to the EXP value on the uppermost label are applied to all labels in the stack, including the IP packet. Enabling the receipt of Hello messages globally Enable the receipt of Hello messages from peers connected through all RSVP interfaces. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the hello receipt, enter: [no] hello-receipt Table 85 definitions [no] Disables hello receipt. Enabling the receipt of Hello messages on the interface Enable the receipt of Hello messages from peers connected through this interface.

116 116 RSVP-TE LSP configuration 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the hello receipt, enter: [no] rsvp hello-receipt Table 86 definitions [no] Disables hello receipt. Configuring the global Hello interval Enable the sending of Hello packets on all interfaces and set the interval value between successive Hello packets to neighbors. Whenever a new router comes up, it sends out a hello packet to a specified, multicast address announcing itself to the network. Hello messages are sent to the All Routers Multicast Group ( ). Receipt of a hello packet from another LSR creates a hello adjacency with that LSR. For optimum performance, set the hello-interval value to no more than one-third the hold-time value. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the hello interval, enter:

117 Configuring RSVP-TE global and interface properties 117 [no] hello-interval < > Table 87 definitions < > Specifies the hello interval in seconds. Configuring the Hello interval and enabling Hello transmission on the interface Enable the sending of Hello packets on the interface and set the interval value between successive Hello packets to neighbors. For optimum performance, set the Hello interval value to no more than one-third the hold time value. The hello interval you configure for an interface overrides the global value. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the hello interval, enter: [no] rsvp hello-interval < > Table 88 definitions < > Specifies the hello interval in seconds. [no] Sets the hello interval to the default value (2 seconds).

118 118 RSVP-TE LSP configuration Configuring the global hello timeout Configure the global hello timeout to specify the interval that the LSR waits for a Hello message from a connected peer before the LSR resets all sessions shared with this particular peer. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the Hello timeout, enter: [no] hello-timeout < > Table 89 definitions [no] Sets the Hello timeout to the default value (10 seconds). < > Specifies the Hello timeout in seconds. Configuring the interface hello timeout Configure the hello timeout on the interface to specify the interval that the interface waits for a Hello message from a connected peer before the interface resets all sessions shared with this particular peer. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the Hello timeout, enter:

119 Configuring RSVP-TE global and interface properties 119 [no] rsvp hello-timeout < > Table 90 definitions [no] Sets the hello timeout to the default value (10 seconds). < > Specifies the hello timeout in seconds. Configuring the global RSVP keep multiplier Configure the keep multiplier to set the constant for calculating a valid reservation lifetime for an LSP for messages exchanged on this interface. The refresh time and keep multiplier are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an LSP. Use the following formula to calculate the reservation lifetime for an LSP: L >= (K + 0.5)* 1.5 * R K = keep-multiplier R = refresh timer Refresh messages are sent periodically so that the neighbors do not timeout. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the keep multiplier, enter: [no] keep-multiplier <1-255>

120 120 RSVP-TE LSP configuration Table 91 definitions [no] Sets the keep multiplier to the default value (3). <1-255> Sets the keep multiplier value. Configuring the interface RSVP keep multiplier Configure the keep multiplier to set the constant for calculating a valid reservation lifetime for an LSP for messages exchanged on this interface. The refresh time and keep multiplier are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an LSP. Use the following formula to calculate the reservation lifetime for an LSP: L >= (K + 0.5)* 1.5 * R K = keep-multiplier R = refresh timer Refresh messages are sent periodically so that the neighbors do not timeout. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the keep multiplier, enter: [no] rsvp keep-multiplier <1-255> Table 92 definitions [no] Sets the keep multiplier to the global value. <1-255> Sets the keep multiplier value.

121 Configuring RSVP-TE global and interface properties 121 Configuring the global RSVP refresh time The refresh time and keep multiplier are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an LSP. Refresh time regulates the interval between Refresh messages which include Path and Reservation Request (Resv) messages. Refresh messages are sent periodically so that the reservation does not timeout in the neighboring nodes. Each sender and receiver host sends Path and Resv messages, downstream and upstream respectively, along the paths. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the refresh time, enter: [no] refresh-time < > Table 93 definitions [no] Sets the global RSVP refresh time to the default value. < > Sets the global RSVP refresh time. Configuring the interface RSVP refresh time The refresh time and keep multiplier are two interrelated timing parameters used to calculate the valid Reservation Lifetime for an LSP. Refresh time regulates the interval between Refresh messages which include Path and Reservation Request (Resv) messages. Refresh messages are sent periodically so that the reservation does not timeout in the neighboring nodes. Each sender and receiver host sends Path and Resv messages, downstream and upstream respectively, along the paths.

122 122 RSVP-TE LSP configuration 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the refresh time, enter: [no] rsvp refresh-time < > Table 94 definitions [no] Sets the interface RSVP refresh time to the global value. < > Sets the interface RSVP refresh time. Configuring the global refresh reduction advertisement Enable Refresh Reduction capability advertisement to allow the LSR to advertise the refresh reduction capability. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure refresh reduction advertisement, enter: [no] refresh-reduction Table 95 definitions [no] Disables refresh reduction capability advertisement. Configuring the interface refresh reduction advertisement Enable Refresh Reduction capability advertisement to allow an interface to advertise the refresh reduction capability.

123 Configuring RSVP-TE global and interface properties To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure refresh reduction advertisement, enter: [no] rsvp refresh-reduction Table 96 definitions [no] Disable refresh reduction capability advertisement on the interface. Configuring global message acknowledgement Enable message acknowledgement to enable the reliable messaging form of refresh reduction for all messages being sent to the neighbors that have been detected on the LSR. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure message acknowledgement, enter: [no] message-ack Table 97 definitions [no] Disables message acknowledgement.

124 124 RSVP-TE LSP configuration Configuring interface message acknowledgement Enable message acknowledgement to enable the reliable messaging form of refresh reduction for all messages being sent to the neighbors that have been detected on the specified interface. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure message acknowledgement, enter: [no] rsvp message-ack Table 98 definitions [no] Disables message acknowledgement. Configuring the global acknowledgement wait timeout Configure the acknowledgement wait timeout for reliable messaging for all neighbors detected on the LSR. 2 To choose RSVP configuration mode, enter: router rsvp 3 To configure the acknowledgement wait timeout, enter: [no] ack-wait-timeout < >

125 Mapping routes to RSVP-TE LSPs 125 Table 99 definitions [no] Sets the acknowledgement wait timeout to the default value. (10 seconds) < > Specifies the acknowledgement wait timeout value in seconds. Configuring the interface acknowledgement wait timeout Configure the acknowledgement wait timeout for reliable messaging for all neighbors detected on the specified interface. 2 To select an MPLS interface, enter: interface [ bundle <bundle-name> ethernet <0/1-0/4>] 3 To configure the acknowledgement wait timeout [no] rsvp ack-wait-timeout < > Table 100 definitions [no] Sets the acknowledgement wait timeout to the default value. (10 seconds) < > Specifies the acknowledgement wait timeout value in seconds. Mapping routes to RSVP-TE LSPs Map routes to a given RSVP-TE LSP to forward traffic to the LSP. If the primary LSP goes down, all the mapped routes can automatically use a secondary LSP as a backup for the primary LSP, if the secondary LSP is configured.

126 126 RSVP-TE LSP configuration 2 To select the LSP, enter: mpls traffic-eng-lsp <LSP-name> 3 To map a route to the LSP, enter: [no] map-route <ipaddr/mask> Table 101 definitions [no] <ipaddr/mask> Removes the route mapping. Specifies the IP address to be mapped. The IP address and mask can be in format A.B.C.D X.X.X.X or A.B.C.D/X. Displaying RSVP-TE LSP configuration and statistics Displaying session-related information for configured LSPs Use this command to display the session-related information for configured LSPs. 1 To display the session-related information for LSPs, enter: show mpls traffic-eng-lsp session [up down] [detail] Table 102 definitions up down [detail] Displays sessions that are currently operational. Displays sessions that are currently not operational. Displays detailed session-related information.

127 Displaying RSVP-TE LSP configuration and statistics 127 Displaying LSP session count Use this command to display the count of existing sessions on the router. 1 To display the LSP session count, enter: show mpls traffic-eng-lsp session count Displaying session-related information for egress router Use this command to display the session-related information for an egress router. 1 To display the session-related information for egress router, enter: show mpls traffic-eng-lsp session egress [up down] [detail] Table 103 definitions up down [detail] Displays sessions that are currently operational. Displays sessions that are currently not operational. Displays detailed session-related information. Displaying session-related information for specific egress router Use this command to display the session-related information for a specified egress router. 1 To display the session-related information for the specified router, enter:

128 128 RSVP-TE LSP configuration show mpls traffic-eng-lsp session egress <A.B.C.D> Table 104 definitions <A.B.C.D> IPv4 address of the router being specified as the egress router. Displaying session-related information for ingress router Use this command to display the session-related information for an ingress router. 1 To display the session-related information for ingress router, enter: show mpls traffic-eng-lsp session ingress [up down] [detail] Table 105 definitions up down [detail] Displays sessions that are currently operational. Displays sessions that are currently not operational. Displays detailed session-related information. Displaying session-related information for specific ingress router Use this command to display the session-related information for a specified ingress router. 1 To display the session-related information for the specified router, enter:

129 Displaying RSVP-TE LSP configuration and statistics 129 show mpls traffic-eng-lsp session ingress <A.B.C.D> Table 106 definitions <A.B.C.D> IPv4 address of the router being specified as the ingress router. Displaying session-related information for specific sessions Use this command to display the information only for sessions with a specified name. 1 To display the session-related information for specific sessions, enter: show mpls traffic-eng-lsp session <lsp-name> [primary secondary] Table 107 definitions <lsp-name> primary secondary Specifies the name of the LSP to be displayed. Displays primary sessions. Displays secondary sessions. Displaying session-related information for transit router Use this command to display the session-related information for the transit or intermediate router. 1 To display the session-related information for specific sessions, enter:

130 130 RSVP-TE LSP configuration show mpls traffic-eng-lsp session transit [up down] [detail] Table 108 definitions up down [detail] Displays sessions that are currently operational. Displays sessions that are currently not operational. Displays detailed session-related information. Clearing traffic-engineered LSP data Use this command to clear data for MPLS traffic-engineered LSPs. 1 To clear enter: clear mpls traffic-eng-lsp [ingress non-ingress all <LSP-name>] Table 109 definitions ingress non-ingress all <LSP-name> Clears data for ingress LSP. Clears data for non-ingress LSP. Clears data for all configured LSPs. Clears data for the specifies LSP. Displaying RSVP-TE configuration and statistics Displaying RSVP-TE interface information 1 To display the RSVP-TE interface information, enter:

131 Displaying RSVP-TE configuration and statistics 131 show rsvp interface <interface-name> Table 110 definitions <interface-name> Displays RSVP-TE information for the specified interface. If this value is not specified, information for all interfaces is displayed. Displaying RSVP-TE neighbors 1 To display the list of IPv4 RSVP neighbors, enter: show rsvp neighbor <A.B.C.D> Table 111 definitions <A.B.C.D> Specifies the IPv4 address of the neighbor. Displaying next-hop data cached in RSVP-TE 1 To display the current next-hops being cached by RSVP-TE show rsvp nexthop-cache Displaying RSVP-TE statistics Use this command to display the counts for various messages exchanged by the daemon. This displays the list of packet types, the number of sent packets and the number of received packets.

132 132 RSVP-TE LSP configuration 1 To display the RSVP-TE statistics, enter: show rsvp statistics Displaying RSVP-TE summary refresh data 1 To display the summary refresh data, enter: show rsvp summary-refresh Displaying RSVP-TE version Use this command to display the version of the RSVP daemon. Current RSVP version is 1. 1 To display the RSVP version, enter: show rsvp version Displaying traffic engineering path Use this command to display the configured MPLS traffic engineering paths and their configured hops. Specify the path name to show hops related to a specific path. If no path name is specified all the mpls traffic engineering paths are displayed. 1 To display the traffic engineering path, enter:

133 Displaying RSVP-TE configuration and statistics 133 show mpls traffic-eng-path <path-name> Table 112 definitions <path-name> Specifies the path name. Displaying MPLS tunnel mode Use this command to display the tunnel mode information. 1 To display the MPLS tunnel mode, enter: show mpls tunnel-mode Displaying all configured MPLS administrative groups 1 To display all the configured administrative groups, enter: show mpls admin-groups Clearing RSVP sessions 1 To clear RSVP sessions, enter: clear rsvp session {<session-tunnel-id> all}

134 134 RSVP-TE LSP configuration Table 113 definitions <session-tunnel-id> all Specifies the session tunnel ID to clear. Clears all RSVP sessions configured. Clearing RSVP statistics 1 To clear all RSVP statistics, enter: clear rsvp statistics

135 . MPLS Pseudowire configuration 135 Configure an MPLS Pseudowire to provide a virtual point-to-point connection that can connect your Ethernet or PPP networks over an MPLS tunnel. Pseudowire configuration procedures The following task flow shows you the sequence of procedures you perform to configure an MPLS pseudowire. To link to the referenced procedures, see Pseudowire configuration task navigation (page 137)

136 136 MPLS Pseudowire configuration Figure 22 Pseudowire configuration procedures

137 Configuring a pseudowire Layer 2 virtual circuit 137 Pseudowire configuration task navigation Configuring a pseudowire Layer 2 virtual circuit (page 137) Binding an Ethernet interface to a Layer 2 virtual circuit (page 138) Binding a VLAN interface to a Layer 2 virtual circuit (page 138) Binding a WAN interface to a Layer 2 virtual circuit (page 139) Static LSP configuration (page 49) LDP LSP configuration (page 55) RSVP-TE LSP configuration (page 83) Configuring a static FTN entry for ingress virtual circuit (page 140) Configuring a static ILM entry for egress virtual circuit (page 140) Enabling LDP at the router level (page 58) Configuring targeted LDP peer adjacency (page 58) Configuring a pseudowire Layer 2 virtual circuit Creating a Layer 2 virtual circuit Create a Layer 2 virtual circuit. 2 To configure a Layer 2 virtual circuit, enter: [no] mpls l2-circuit <VC-name> <VC-ID> <peer-ip> [<VC-groupname>] Table 114 definitions <VC-name> Virtual circuit name. <VC-ID> Virtual circuit ID: <peer-ip> IPv4 address for the virtual circuit end point. [<VC-groupname>] Virtual circuit group name identifier. Not currently supported.

138 138 MPLS Pseudowire configuration Binding an Ethernet interface to a Layer 2 virtual circuit Bind an interface (attachment circuit) to an MPLS Layer 2 virtual circuit. This specifies the source interface where virtual circuit traffic is sent and received. You can choose to bind WAN bundles running HDLC or PPP or any Ethernet ports (including ports on Ethernet modules). However, on the Secure Router 4134, the virtual circuit peer must be reachable through a WAN interface or a chassis Ethernet port, otherwise, the pseudowire cannot be established. The Secure Router 2330 has no such limitation. 2 To select the interface, enter: interface ethernet <slot/port> 3 To configure the interface as a Layer 2 switchport, enter: switchport 4 To configure the Layer 2 interface mode as L2VPN, enter: switchport mode l2vpn 5 To bind the interface to the Layer 2 circuit, enter: mpls l2-circuit <VC-name> 6 Configure the encapsulation for the bound interface: encapsulation {ethernet vlan} Binding a VLAN interface to a Layer 2 virtual circuit Use the following procedure to bind a VLAN interface to a Layer 2 virtual circuit. Procedure 1 2 To select the interface, enter: interface vlan vlan<vid>

139 Binding a WAN interface to a Layer 2 virtual circuit To bind the interface to the Layer 2 circuit, enter: mpls l2-circuit <VC-name> 4 Configure the encapsulation for the bound interface: encapsulation {ethernet vlan} Binding a WAN interface to a Layer 2 virtual circuit Bind an interface (attachment circuit) to an MPLS Layer 2 virtual circuit. This specifies the source interface where virtual circuit traffic is sent and received. In addition to Ethernet ports, with the Secure Router 2330/4134, you can bind WAN bundles running HDLC or PPP. To bind a bundle to the Layer 2 virtual circuit, you must first encapsulate the bundle with HDLC or PPP. Then, after you bind the bundle to the circuit, you must also set the encapsulation for the bound WAN interface to HDLC or PPP, as required. 2 To select the interface, enter: interface bundle <wan-bundle> 3 Configure a link for the bundle: link [t1 e1 ct3 ds3 serial hssi] <slot/port> 4 Configure the encapsulation for the bundle: encapsulation {hdlc ppp} 5 To bind the interface to the Layer 2 circuit, enter: mpls l2-circuit <VC-name> 6 To configure the encapsulation for the bound virtual circuit interface, enter: encapsulation {hdlc ppp}

140 140 MPLS Pseudowire configuration Configuring a static FTN entry for ingress virtual circuit Create an MPLS Layer 2 Virtual Circuit static FTN entry for an interface. Note: The interface must be bound to the Virtual Circuit ID specified before this command is executed 2 To configure a static FTN entry for a Layer 2 virtual circuit, enter: [no] mpls static-l2-circuit-ftn <VC-ID> <label-out> <peer-ip> <incoming-l2-if-name> <outgoing-if-name> Table 115 definitions <VC-ID> Virtual circuit ID: <label-out> Outgoing label for the FEC. <peer-ip> IPv4 address for the virtual circuit peer. <incoming-l2-if-name> Specifies the incoming Layer 2 interface name. <outgoing-if-name> Specifies the outgoing MPLS tunnel interface name. Configuring a static ILM entry for egress virtual circuit Use this command to create an MPLS Layer 2 Virtual Circuit static ILM entry in the ILM table to which the incoming interface specified is bound. Upon receipt of a labeled packet on an MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match is found, the packet is forwarded directly to the bound Layer 2 interface (without further analysis). 2 To configure a static ILM entry for a Layer 2 virtual circuit, enter:

141 Displaying the pseudowire configuration and statistics 141 [no] mpls static-l2-circuit-ilm <VC-ID> <label-in> <peer-ip> <incoming-if-name> <outgoing-l2-if-name> Table 116 definitions <VC-ID> Virtual circuit ID: <label-in> Incoming VC label: <peer-ip> IPv4 address for the virtual circuit peer. <incoming-if-name> Specifies the incoming MPLS tunnel interface name. <outgoing-l2-if-name> Specifies the outgoing Layer 2 interface name. Displaying the pseudowire configuration and statistics Displaying the static Layer 2-circuit FTN entry Display the static Layer 2-circuit FTN entry. 1 To display the static Layer 2-circuit FTN entry, enter: show mpls static-l2-circuit-ftn Displaying the static L2-circuit ILM entry Display the static L2-circuit ILM entry. 1 To display the static Layer 2-circuit ILM entry, enter: show mpls static-l2-circuit-ilm Displaying the Layer 2 virtual circuit summary information Display the Layer 2 virtual circuit summary information.

142 142 MPLS Pseudowire configuration 1 To display the Layer 2-circuit virtual circuit summary, enter: show ldp mpls-l2-circuit [<VC-ID>] [detail] Displaying Layer 2 virtual circuit data Use this command to display the MPLS Layer 2 Virtual Circuit data. 1 To display the Layer 2 virtual circuit data, enter: show mpls l2-circuit [<VC-name>] Displaying Layer 2 virtual circuit group data Use this command to display the MPLS Layer 2 Virtual Circuit group data. 1 To display the Layer 2 virtual circuit group data show mpls l2-circuit-group [<VC-group-name>] Displaying Layer 2 virtual circuit statistics Display the Layer 2 virtual circuit statistics. 1 To display the Layer 2 virtual circuit statistics, enter:

143 Displaying the pseudowire configuration and statistics 143 show mpls stats-vc Displaying Layer 2 virtual circuit table Display the Layer 2 virtual circuit table. 1 To display the Layer 2 virtual circuit table, enter: show mpls table-vc

144 144 MPLS Pseudowire configuration

145 . Common procedures 145 The following sections describe common procedures that you use while configuring MPLS. Displaying MPLS-enabled interfaces (page 145) Displaying interface statistics (page 145) Displaying originating LSP statistics (page 146) Displaying MPLS forwarding table (page 146) Displaying incoming label map table (page 146) Displaying MPLS-enabled interfaces Use this command to display the summarized information of the MPLS-enabled interfaces. 1 To display the MPLS-enabled interfaces, enter: show mpls interface Displaying interface statistics Use this command to display the MPLS interface statistics. 1 To display the interface statistics, enter:

146 146 Common procedures show mpls stats-interface Displaying originating LSP statistics Use this command to display the originating LSP statistics 1 To display the originating LSP statistics, enter: show mpls stats-lsp Displaying MPLS forwarding table Use this command to display all the LSPs originating from this router. It also displays codes indicating the selected FTN (FEC to Next-Hop-Label-Forwarding-Entry). 1 To display the MPLS forwarding table, enter: show mpls table-forwarding Displaying incoming label map table Use this command to display the MPLS Incoming Label Map table. 1 To display the incoming label map table, enter: show mpls table-ilm

147 Clearing MPLS statistics 147 Clearing MPLS statistics Use this command to clear MPLS statistics. 1 To clear MPLS statistics, enter: clear mpls statistics [ftn ilm interface lsp vc] Table 117 definitions ftn ilm interface lsp vc Clears FTN Statistics Clears ILM Statistics Clears MPLS Interface Statistics Clears Originating LSP Statistics Clears VC Statistics

148 148 Common procedures

149 . Configuration examples 149 Static LSP configuration The following figure shows a sample static LSP configuration. Figure 23 Static LSP configuration Refer to the following sections for instructions to configure the static LSPs shown in this example. Static LSP configuration on Secure Router Configure the LSPs on Secure Router To enter configuration mode, enter:

150 150 Configuration examples 2 To configure an IP address for Ethernet 0/2, enter: interface ethernet 0/2 ip address exit 3 To configure an MPLS static FTN entry on Secure Router : mpls static-ftn / ethernet0/2 4 Configure an MPLS static ILM entry on Secure Router : mpls static-ilm 1020 ethernet0/2 swap ethernet5/4 5 To display the configured static FTN entry, enter: show mpls static-ftn 6 To display the configured static ILM entry, enter: show mpls static-ilm LSP configuration on Secure Router Configure the LSPs on Secure Router To enter configuration mode, enter: 2 To configure an IP address for Ethernet 0/3, enter: interface ethernet 0/3 ip address exit 3 To configure an MPLS static FTN entry on Secure Router , enter: mpls static-ftn / ethernet0/3 4 To configure an MPLS static ILM entry on Secure Router , enter: mpls static-ilm 1000 ethernet0/2 swap ethernet5/5 5 To display the configured static FTN entry, enter:

151 LDP-based LSP configuration 151 show mpls static-ftn 6 To display the configured static ILM entry, enter: show mpls static-ilm LDP-based LSP configuration Figure 24 LDP-based LSP 1 Configuring loopback address: interface loopback 0 ip address exit 2 Configure the router-id: router-id Configure LDP at router level: router ldp explicit-null exit 4 Configure LDP at interface level interface bundle WAN1

152 152 Configuration examples link t1 2/1 encapsulation ppp ip address Enable MPLS at interface level: mpls ip 6 Enable LDP at interface level: mpls protocol-ldp exit 7 Configure OSPF: router ospf 1 redistribute connected network /16 area 0 exit RSVP-TE LSP configuration The following figure shows a sample RSVP-TE configuration. Figure 25 RSVP-TE LSP configuration

153 RSVP-TE LSP configuration 153 Refer to the following sections for instructions on how to configure the RSVP-TE LSPs for the SR and SR shown in the preceding figure. LSP1 configuration on SR Configure LSP1 on SR To enter configuration mode, enter: 2 To configure a loopback address, enter: interface loopback 0 ip address exit 3 To configure the router-id, enter: router-id To configure RSVP at the router level, enter: router rsvp exit 5 To configure interface properties for LSP1, enter: interface ethernet 0/2 ip address To enable MPLS at the interface level, enter: mpls ip 7 To enable RSVP at the interface level, enter: mpls protocol-rsvp exit 8 To configure RSVP LSP1, enter: mpls traffic-eng-lsp LSP1 9 To specify the source address (usually the router-id), enter: from To specify the tunnel destination address, enter: to To map a route (FEC) to the LSP, enter:

154 154 Configuration examples map-route exit 12 To configure OSPF on the router, enter: router ospf 1 redistribute connected network /16 area 0 exit LSP2 configuration on SR Configure LSP2 on SR To enter configuration mode, enter: 2 To configure a loopback address, enter: interface loopback 1 ip address exit 3 To configure the router-id, enter: router-id To configure RSVP at router level, enter: router rsvp exit 5 To configure interface properties for LSP2, enter: interface ethernet 0/3 ip address To enable MPLS at the interface level, enter: mpls ip 7 To enable RSVP at the interface level, enter: mpls protocol-rsvp exit 8 To configure RSVP LSP2, enter: mpls traffic-eng-lsp LSP2

155 RSVP-TE LSP configuration To specify the source address (usually the router-id), enter: from To specify the tunnel destination address, enter: to To map route to the LSP, enter: map-route exit 12 To configure OSPF on the router, enter: router ospf 2 redistribute connected network /16 area 1 exit Configuring fast reroute for SR Enable fast reroute to recover from the failure of a node in the path of LSP1. 1 To enter configuration mode, enter: 2 To configure the RSVP LSP with one-to-one fast reroute: mpls traffic-eng-lsp LSP1 primary fast-reroute protection one-to-one exit Configuring fast reroute for SR Enable fast reroute to recover from the failure of a node in the path of LSP2. 1 To enter configuration mode, enter:

156 156 Configuration examples 2 To configure the RSVP LSP with one-to-one fast reroute: mpls traffic-eng-lsp LSP2 primary fast-reroute protection one-to-one exit Configuring policy-based redirection into an RSVP-TE LSP Configure policy-based redirection to direct traffic entering the Secure Router to LSP1. 1 To enter configuration mode, enter: 2 To configure an Ethernet module QoS policy map and class for redirection, enter: qos module policy-map rsvp-lsp class-map pbr-interface 3 To configure rules to classify packets to be re-directed to the specified interface, enter: match ipv4 src-address /24 4 To redirect packets matching the class to a specific RSVP LSP, enter: pbr-redirect lsp LSP1 pop 5 To apply the policy map to an Ethernet module interface, enter: interface ethernet 6/12 qos module service-policy input rsvp-lsp 6 To display the policy configuration, enter:

157 Ethernet over RSVP-TE pseudowire configuration 157 show qos module policy-map rsvp-lsp Ethernet over RSVP-TE pseudowire configuration The following figure shows a sample configuration for Ethernet over RSVP-TE LSP pseudowire. Figure 26 Pseudowire over RSVP Refer to the following sections for instructions to configure the pseudowire connections shown in this example. Ethernet over pseudowire configuration for SR Configure RSVP as stated in the preceding RSVP LSP example to establish a PSN tunnel. 2 To configure an MPLS pseudowire virtual circuit, enter: mpls l2-circuit PW To configure an Ethernet interface as an attachment circuit for the MPLS virtual circuit, enter: interface ethernet 5/4

158 158 Configuration examples switchport switchport mode l2vpn mpls l2-circuit PW1 4 To specify the encapsulation for the virtual circuit, enter: encapsulation ethernet exit exit Ethernet over pseudowire configuration for SR Configure RSVP as stated in the preceding RSVP LSP example to establish a PSN tunnel. 2 To configure an MPLS pseudowire virtual circuit, enter: mpls l2-circuit PW To configure an Ethernet interface as an attachment circuit for the MPLS virtual circuit, enter: interface ethernet 5/5 switchport switchport mode l2vpn mpls l2-circuit PW1 4 To specify the encapsulation for the virtual circuit, enter: encapsulation ethernet exit exit PPP over RSVP-TE pseudowire configuration The following figure shows a sample configuration for PPP over RSVP-TE LSP pseudowire.

159 PPP over RSVP-TE pseudowire configuration 159 Figure 27 Pseudowire over RSVP Refer to the following sections for instructions to configure the pseudowire connections shown in this example. PPP over pseudowire configuration for SR Configure RSVP as stated in the preceding RSVP LSP example to establish a PSN tunnel. 2 To configure an MPLS L2-circuit Pseudowire, enter: mpls l2-circuit PW To configure the WAN1 PPP bundle interface as the attachment circuit interface, enter: interface bundle WAN1 link t1 2/1 encapsulation ppp mpls l2-circuit PW1 4 To specify the encapsulation for the virtual circuit to PPP, enter: encapsulation ppp exit

160 160 Configuration examples exit PPP over pseudowire configuration for SR Configure RSVP as stated in the preceding RSVP LSP example to establish a PSN tunnel. 2 To configure an MPLS L2-circuit PW: mpls l2-circuit PW To configure the WAN2 PPP bundle interface as the attachment circuit interface, enter: interface bundle WAN2 link t1 2/2 encapsulation ppp mpls l2-circuit PW1 4 To specify the encapsulation for the virtual circuit to PPP, enter: encapsulation ppp exit exit HDLC over MPLS pseudowire The following figure shows a sample configuration for HDLC over RSVP-TE LSP pseudowire.

161 HDLC over MPLS pseudowire 161 Figure 28 HDLC over MPLS pseudowires A pseudowire is setup between SR 2330/ and SR 2330/ The RSVP-TE LSPs are used between the two routers, acting as the PSN. In SR 2330/4134 1, traffic from source interface WAN bundle (WAN1) is tunneled through PW1 and LSP1 to SR 2330/ The PW1 and LSP1 use the chassis Ethernet Interface 0/4 for signaling. HDLC over pseudowire configuration for SR Procedure 2 1 To enter configuration mode, enter: 2 To configure the loopback interface, enter: interface loopback 0 ip address /32 exit 3 To configure the router ID, enter: router-id To enable LDP, enter: router ldp exit 5 To enable RSVP, enter: router rsvp exit 6 To configure an MPLS L2-circuit PW, enter:

162 162 Configuration examples mpls l2-circuit PW control-word 7 To configure the WAN interface as the attachment circuit interface, enter: interface bundle WAN1 link t1 2/1 encapsulation hdlc mpls-l2-circuit PW1 encapsulation hdlc exit 8 To configure the Ethernet interface IP address and enable MPLS and RSVP on the interface, enter: interface ethernet 0/4 ip address /16 mpls ip mpls protocol-rsvp exit 9 To configure RSVP LSP1, enter: mpls label-switching-lsp LSP1 to exit 10 To configure OSPF, enter: router ospf 1 network redistribute connected network /16 area 0 exit Static L2VPN pseudowire configuration The following figure shows a sample static pseudowire configuration for PPP over MPLS.

163 Static L2VPN pseudowire configuration 163 Figure 29 Static pseudowire Refer to the following sections for instructions on how to configure the static pseudowire connections shown in this example. SR configuration 1 Configure an underlying LSP to SR4134 2, either using RSVP-TE, LDP, or static LSP, as described in the preceding examples. 2 To configure an MPLS Layer 2-circuit PW, enter: mpls l2-circuit PW To configure the WAN1 PPP bundle interface, enter: interface bundle WAN1 link t1 2/2 encapsulation ppp exit 4 To configure an MPLS static Layer 2-VPN FTN entry, enter: mpls static-l2-circuit-ftn WAN1 ethernet0/2 5 To configure an MPLS static Layer 2-VPN ILM entry, enter: mpls static-l2-circuit-ilm ethernet0/2 WAN1

164 164 Configuration examples 6 To display the configured static Layer 2-VPN FTN entry, enter: show mpls static-l2-circuit-ftn 7 To display the configured static Layer 2-VPN ILM entry, enter: show mpls static-l2-circut-ilm SR configuration 1 Configure an underlying LSP to SR4134 1, either using RSVP-TE, LDP, or static LSP, as described in the preceding examples. 2 To configure an MPLS Layer 2-circuit PW, enter: mpls l2-circuit PW To configure the WAN2 PPP bundle, enter: interface bundle WAN2 link t1 2/2 encapsulation ppp exit 4 To configure an MPLS static Layer 2-VPN FTN entry, enter: mpls static-l2-circuit-ftn WAN2 ethernet0/3 5 To configure an MPLS static Layer 2-VPN ILM entry, enter: mpls static-l2-circuit-ilm ethernet0/3 WAN2 6 To display the configured static Layer 2-VPN FTN entry, enter: show mpls static-l2-circuit-ftn 7 To display the configured static Layer 2-VPN ILM entry, enter: show mpls static-l2-circut-ilm

165

166 Release: 10.2 Publication: NN Document revision: Document release date: 7 September 2009 While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE. All other trademarks are the property of their respective owners. To provide feedback or to report a problem in this document, go to