Shasta 5000 Broadband Service Node Provisioning Subscribers

Release 4.3 Part No. 214664-B Rev 00 November 2003 2305 Mission College Blvd. Santa Clara, CA 95054 Shasta 5000 Broadband Service Node Provisioning Subscribers

2 Copyright 2003 Nortel Networks All rights reserved. November 2003. Originated in Canada and the USA The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc. The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that license. The software license agreement is included in this document. Trademarks Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, Contivity, Shasta, and other Nortel Networks trademarked product names are trademarks of Nortel Networks. Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation. Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated. Sun, Sun Microsystems, Java, Solaris, iplanet, all trademarks and logos that contain Sun, Solaris, or Java, are trademarks or registered trademarks of Sun Microsystems, Inc. Solid Embedded Engine is a trademark of Solid. HP and OpenView are registered trademarks of Hewlett-Packard Company. LINUX is a registered trademark of Linus Torvalds. Pentium is a registered trademark of Intel Corporation. Red Hat is a registered trademark of Red Hat, Inc. UNIX is a registered trademark of X/Open Company Limited. The asterisk after a name denotes a trademarked item. Restricted Rights Legend Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves the right to make changes to the products described in this document without notice. Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. Portions of the code in this software product may be Copyright 1988, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that such portions of the software were developed 214664-B Rev 00

3 by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission. SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties). Nortel Networks Inc. Software License Agreement This Software License Agreement ( License Agreement ) is between you, the end-user ( Customer ) and Nortel Networks Corporation and its subsidiaries and affiliates ( Nortel Networks ). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price. Software is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software. 1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ( CFE ), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software. 2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided AS IS without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply. 3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), Shasta 5000 Broadband Service Node Provisioning Subscribers

4 WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply. 4. General a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-dod entities) and 48 C.F.R. 227.7202 (for DoD entities). b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction. c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations. d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose. e. The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York. 214664-B Rev 00

5 Contents Preface.............................................................. 23 About BSN device provisioning................................................ 24 Using the BSN CLI while provisioning....................................... 25 Before you begin............................................................ 25 New in this Document........................................................ 26 Text conventions............................................................ 26 Related publications.......................................................... 28 Printed Technical Manuals................................................. 29 How to get help............................................................. 29 Chapter 1 Working with subscribers.............................................. 31 Subscriber types and access methods............................................ 31 Static subscribers........................................................ 32 Dynamic subscribers...................................................... 33 Subscriber requirements summary........................................... 34 Subscriber IP mux/demux on shared access connections............................. 36 Shared access ports and connections......................................... 36 IP demux components..................................................... 37 IP demux example configuration............................................ 40 Hidden IP demux static child subscribers...................................... 41 Hidden IP demux dynamic child subscribers................................... 42 IP demux configuration limits.............................................. 42 IP demux configuration summary........................................... 43 Subscriber templates......................................................... 44 Forced Subscriber templates................................................ 44 Matched subscriber templates............................................... 45 Subscriber access properties................................................... 46 Shasta 5000 Broadband Service Node Provisioning Subscribers

6 Contents Subscriber contexts, domains, and realms......................................... 46 Contexts............................................................... 46 Domains, subdomains, and realms........................................... 46 Domain groups...................................................... 47 Super domain groups.................................................. 48 Subscriber outbound tunneling................................................. 49 Subscriber routing protocols................................................... 49 Subscriber services.......................................................... 50 Subscriber access groups...................................................... 51 Subscriber VPRNs........................................................... 51 Subscriber authentication, authorization, and accounting............................. 52 Accounting for bulk configuration subscribers................................. 53 Subscriber data encryption..................................................... 53 Subscriber packet MTU size................................................... 54 Subscriber identification and operating parameters.................................. 54 Subscriber NetRIO access..................................................... 56 VC oversubscription......................................................... 56 Chapter 2 Working with subscriber access properties................................ 59 Access profiles.............................................................. 60 RADIUS profiles........................................................ 61 Authentication request options.......................................... 61 RADIUS Primary/Backup server configurations............................ 62 DHCP profiles.......................................................... 63 Remote ID (DHCP Option 82 Suboption 2)................................ 64 IPSec Profiles........................................................... 64 IKE Profiles............................................................ 65 PPP profiles............................................................ 65 PPP............................................................... 66 PPP session throttling.............................................. 66 MLPPP............................................................ 67 PPPoE............................................................. 67 PPPoEoA........................................................... 68 IGMP profiles........................................................... 68 214664-B Rev 00

Contents 7 Accounting profiles...................................................... 69 Layer 2 traffic shaping profiles.............................................. 69 Customer and subscriber groups................................................ 69 Chapter 3 Working with routing protocols, properties, and policies.................... 71 About routing on the Shasta BSN............................................... 72 Access-side routing....................................................... 73 Access side routing redundancy............................................. 73 Trunk-side routing....................................................... 74 Routing protocols and properties................................................ 74 Static routes............................................................ 75 Summary routes......................................................... 75 RIP routing............................................................. 76 OSPF routing........................................................... 76 BGP routing............................................................ 77 BGP peers and autonomous systems...................................... 78 IBGP and EBGP..................................................... 78 EBGP multihop...................................................... 79 Advertising and redistributing routes..................................... 79 Route reflectors...................................................... 80 Communities and Community lists....................................... 80 Prefixes............................................................ 82 Prefix lists.......................................................... 83 BGP messages....................................................... 83 BGP configuration for VPRN subscribers................................. 84 BGP - order of route preference......................................... 84 ISIS routing............................................................. 85 IGMP multicasting....................................................... 86 Multicast scaling..................................................... 87 IGMP join limits..................................................... 89 Route policies.............................................................. 90 Policy routing and packet forwarding......................................... 91 Route policy matching conditions........................................... 91 Route policy attributes to set on a matching condition............................ 92 Shasta 5000 Broadband Service Node Provisioning Subscribers

8 Contents Route policy actions...................................................... 93 Route importation........................................................... 93 Route aggregation........................................................... 93 BGP confederations.......................................................... 94 Chapter 4 Working with subscriber monitoring..................................... 95 Subscriber statistics -- device_owner view........................................ 95 Subscriber statistics -- ISP view................................................ 96 Chapter 5 Configuring customers, domains, and groups............................. 101 Creating a customer......................................................... 101 Creating a domain.......................................................... 103 Creating a domain group..................................................... 104 Creating a bridge group...................................................... 105 Creating a dial-out number group.............................................. 107 Chapter 6 Configuring IP demux................................................ 111 Create an IP demux container..................................................111 Configuring IP demux container addressing.......................................116 Configure IP demux container addressing for Ethernet subscribers.................116 Configure IP demux container addressing for LLC-B (bridged) subscribers...........118 Configure IP demux container addressing for LLC-R (routed) subscribers............119 Add reachable subnets to an IP demux container............................... 120 Chapter 7 Configuring trunk connections and interfaces............................ 123 Adding a trunk connection.................................................... 123 Adding a trunk interface..................................................... 125 Configuring a point-to-point trunk interface.................................. 126 Configuring a point-to-multipoint trunk interface.............................. 127 Configuring a broadcast interface........................................... 131 Configuring an LLC encapsulation on a trunk interface............................. 132 214664-B Rev 00

Contents 9 Chapter 8 Configuring static, summary, and RIP routes............................. 135 Configuring static routes..................................................... 135 Add a static route....................................................... 136 Edit a static route....................................................... 137 Delete a static route..................................................... 138 Configuring summary routes.................................................. 139 Add a summary route.................................................... 140 Edit a summary route.................................................... 141 Delete a summary route.................................................. 142 Configuring RIP routes...................................................... 143 Enable or disable the RIP global routing instance.............................. 143 Add RIP on a trunk Interface.............................................. 144 Edit RIP on a trunk interface.............................................. 149 Delete RIP from a trunk interface........................................... 151 Chapter 9 Configuring OSPF routes............................................. 153 Enable or disable the OSPF routing instance...................................... 153 Configure OSPF global parameters............................................. 154 Configuring OSPF areas..................................................... 155 Add an OSPF area...................................................... 156 Edit an OSPF area....................................................... 160 Delete an OSPF area..................................................... 162 Configuring OSPF area ranges................................................ 162 Add an area range to an OSPF area......................................... 162 Edit an area range of an OSPF area......................................... 166 Delete an OSPF area range................................................ 167 Enabling or disabling OSPF on a trunk interface.................................. 168 Enable OSPF on a trunk interface.......................................... 168 Edit OSPF settings on a trunk interface...................................... 172 Delete OSPF from a trunk interface......................................... 174 Shasta 5000 Broadband Service Node Provisioning Subscribers

10 Contents Chapter 10 Configuring BGP.................................................... 177 Enabling BGP............................................................. 177 Configuring an autonomous system............................................ 178 Configuring BGP peers...................................................... 181 Add a BGP peer........................................................ 181 Edit a BGP peer........................................................ 185 Delete a BGP peer...................................................... 186 Configuring BGP peer groups................................................. 186 Add a BGP peer group................................................... 187 Edit a BGP peer group................................................... 192 Delete a BGP peer group................................................. 192 Configuring BGP prefixes.................................................... 192 Add a BGP prefix....................................................... 193 Edit a BGP prefix....................................................... 196 Delete a BGP prefix..................................................... 197 Configuring BGP route importation............................................ 197 Configure BGP route importation.......................................... 197 Configuring BGP aggregates.................................................. 199 Add a BGP aggregate.................................................... 200 Edit a BGP aggregate.................................................... 203 Delete a BGP aggregate.................................................. 205 Configuring BGP confederations............................................... 205 Add a BGP confederation................................................. 205 Edit a BGP confederation................................................. 208 Delete a BGP confederation............................................... 208 Chapter 11 Configuring IS-IS.................................................... 209 Adding IS-IS.............................................................. 209 Configuring an IS-IS trunk interface.............................................211 Configuring a network entity title.............................................. 215 Configuring a summary address............................................... 216 Configuring an area authentication............................................. 217 Configuring domain authentication............................................. 220 214664-B Rev 00

Contents 11 Configuring ISIS route importation............................................. 222 Chapter 12 Configuring IGMP................................................... 225 Creating an ISP with IGMP services............................................ 226 Creating an IGMP profile.................................................... 229 Binding an IGMP profile to an access group...................................... 230 Creating a multicast subscriber or subscriber template.............................. 234 Enabling IGMP multicast on a trunk interface.................................... 237 Chapter 13 Configuring route policies and properties................................ 241 Opening the Route Properties Manager.......................................... 241 Configuring route policies.................................................... 242 Add a route policy...................................................... 242 Create a matching condition........................................... 244 Set parameters to modify packets on a policy match........................ 247 Set up a policy action................................................ 251 Enable policy event logging........................................... 253 Annotate a routing policy............................................. 256 Edit a route policy....................................................... 258 Delete a route policy..................................................... 263 Configuring prefix lists for BGP............................................... 263 Add a prefix list to BGP.................................................. 263 Edit a prefix list for BGP................................................. 267 Delete a prefix list from BGP.............................................. 269 Configuring autonomous system paths for BGP................................... 269 Add an AS path......................................................... 270 Edit an AS path......................................................... 272 Delete an AS path....................................................... 273 Configuring BGP communities and community lists............................... 273 Add a community to a community list....................................... 274 Edit a community list.................................................... 277 Delete a community list.................................................. 280 Shasta 5000 Broadband Service Node Provisioning Subscribers

12 Contents Chapter 14 Configuring subscribers.............................................. 281 Provisioning static subscribers................................................. 281 Add a static subscriber on a dedicated connection.............................. 282 Add a static subscriber to an IP demux container............................... 284 Provisioning dynamic subscribers.............................................. 285 Configuring subscriber templates........................................... 286 Create a forced subscriber template..................................... 287 Create a wildcard domain or subdomain matched template................... 288 Create a wildcard matched template..................................... 289 Configuring subscriber ID and operational parameters.............................. 290 Assign a subscriber name................................................. 291 Select an access group................................................... 292 Select a subscriber VPRN................................................. 294 Select a subscriber IP demux container...................................... 295 Specify subscriber packet MTU size........................................ 297 Configure subscriber backup/redundant routes................................ 298 Configuring an access method............................................. 299 Configure subscriber access by dedicated connection....................... 299 Configure subscriber access by username................................. 303 Configure subscriber access by IP address................................ 305 Enabling/disabling subscriber subdomain/realm login........................... 307 Configuring subscriber outbound trunking....................................... 308 Configure subscriber outbound trunking without tunnels........................ 309 Configure subscriber outbound trunking with tunnels........................... 310 Configuring subscriber addressing............................................. 313 Configure addressing for a static subscriber on a dedicated connection............. 313 Configure addressing for an IP demux static child subscriber..................... 314 Configure addressing for a subscriber behind an access router.................... 314 Configure addressing for a subscriber on a bridged subnet....................... 316 Configure addressing for a subscriber in a bridge group......................... 317 Configure addressing for a subscriber tunneling through an ATM bridge............ 319 Configuring a subscriber addressing pool.................................... 321 Create a subscriber addressing pool..................................... 322 Selecting a subscriber access routing protocol.................................... 323 214664-B Rev 00

Contents 13 Configuring subscriber services................................................ 328 Configuring subscriber NetRIO client access..................................... 328 Deleting subscribers......................................................... 329 Chapter 15 Configuring subscriber access profiles................................... 331 Adding a RADIUS profile.................................................... 332 Adding a DHCP profile...................................................... 334 Adding an IGMP profile..................................................... 336 Adding a PPP profile........................................................ 338 Creating an access group..................................................... 341 Configuring subscriber VPNs, VLANs, VRFs, and tunnels.......................... 344 Chapter 16 Configuring subscriber accounting..................................... 345 Creating an accounting element................................................ 345 Creating an accounting profile................................................. 347 Binding an accounting profile to a device........................................ 349 Enabling an accounting object................................................. 350 Viewing the accounting results in Log Manager................................... 351 Chapter 17 Monitoring subscribers............................................... 353 View aggregate statistics for all ISP subscribers................................... 353 Viewing detailed statistics for one or more subscribers.............................. 355 Open the Monitoring Subscribers dialog box.................................. 356 View general statistics for multiple subscribers................................ 358 View detailed statistics for one subscriber.................................... 360 View interface statistics for one subscriber................................... 361 View connection statistics for one subscriber.................................. 363 Appendix A Subscriber Logging.................................................. 365 Appendix B Shasta 5000 Broadband Service Node Provisioning Subscribers

14 Contents RFCs.............................................................. 371 Appendix C Supported SNMP MIBs, variables, and statistics.......................... 373 SNMP MIBs supported by the Shasta BSN....................................... 373 ATM-Forum-MIB variables................................................... 375 L2TP MIB................................................................ 376 Tunnel aggregate traffic statistics........................................... 377 Tunnel profile and aggregate PPP session statistics............................. 378 Tunnel individual PPP session statistics...................................... 380 Tunnel failure/recovery trap messages....................................... 382 Configuring L2TP MIB support and trap reporting............................. 382 Using the Shasta CLI to view L2TP statistics................................. 385 Examples:......................................................... 385 Appendix D List of Acronyms.................................................... 391 Glossary............................................................ 397 Index.............................................................. 409 214664-B Rev 00

15 Figures Figure 1 Shared access port and connection hierarchy............................ 36 Figure 2 IP demux functional operation (example).............................. 39 Figure 3 Example IP demux application -- cable modem subscribers................ 40 Figure 4 Multicast trunk-to-access forwarding (before SCS/iSOS 4.0)............... 88 Figure 5 Multicast trunk-to-access forwarding (SCS/iSOS 4.0 and later)............. 89 Figure 6 Subscriber statistics -- device_owner view............................. 96 Figure 7 Monitoring - Subscriber tab......................................... 97 Figure 8 Add Customer dialog box......................................... 102 Figure 9 Add Domain dialog box........................................... 103 Figure 10 Number Groups window with new number group....................... 108 Figure 11 Subscriber Configuration dialog box..................................113 Figure 12 Access Connection Selection dialog box...............................114 Figure 13 Access Connection Selection dialog box with device, card, and ports in the device list 115 Figure 14 Reachable Subnet Address Configuration dialog box.................... 121 Figure 15 Trunk Interface Configuration dialog box Point to Point/Broadcast Configuration area 127 Figure 16 Point to Multipoint trunk interface configuration with local IP address...... 129 Figure 17 Multi-Point Trunk Interface dialog box............................... 130 Figure 18 Static Route Configuration dialog box................................ 136 Figure 19 Summary Route Configuration dialog box............................ 140 Figure 20 RIP Configuration dialog box, Interface tab........................... 146 Figure 21 Trunk Interface Selection dialog box................................. 148 Figure 22 RIP Configuration dialog box showing interface name................... 148 Figure 23 RIP Interface dialog box showing interface information.................. 150 Figure 24 OSPF Configuration dialog box, Area tab............................. 157 Figure 25 OSPF Area dialog box............................................ 157 Figure 26 OSPF Area Configuration dialog box, Area Specific tab................. 158 Figure 27 OSPF Configuration dialog box with defined area...................... 159 Shasta 5000 Broadband Service Node Provisioning Subscribers

16 Figures Figure 28 OSPF Area Configuration dialog box, Area Specific dialog box........... 161 Figure 29 OSPF Area Configuration dialog box, Area Range tab................... 164 Figure 30 OSPF Area Range Configuration dialog box........................... 164 Figure 31 OSPF Area Configuration dialog box -- Area Range tab.................. 165 Figure 32 OSPF Area Configuration dialog box, Interface tab..................... 169 Figure 33 OSPF Area Interface Configuration dialog box......................... 170 Figure 34 Trunk Interface Selection dialog box................................. 171 Figure 35 OSPF Interface List dialog box..................................... 172 Figure 36 OSPF Area Interface Configuration dialog box, General tab showing existing settings for an interface 174 Figure 37 BGP Configuration dialog box, Peer tab.............................. 182 Figure 38 Input RouteMap Policy Selection dialog box.......................... 184 Figure 39 Output RouteMap Policy Selection dialog box......................... 184 Figure 40 BGP Configuration dialog box, Peer Group tab........................ 188 Figure 41 Input Route Policy Selection dialog box.............................. 190 Figure 42 Output Route Policy Selection dialog box............................. 190 Figure 43 BGP Configuration Peer Group dialog box showing new peer group..... 191 Figure 44 BGP Configuration dialog box, Network tab........................... 194 Figure 45 BGP Network Add dialog box...................................... 194 Figure 46 BGP Configuration dialog box, Network tab with new prefix displayed..... 195 Figure 47 BGP Network Edit dialog box...................................... 196 Figure 48 Connected Route Policy Selection dialog box.......................... 199 Figure 49 BGP Configuration dialog box, Aggregate tab......................... 201 Figure 50 BGP Aggregate Add dialog box.................................. 202 Figure 51 BGP Configuration dialog box, Aggregate tab with new aggregate entry..... 203 Figure 52 BGP Aggregate Edit dialog box.................................. 204 Figure 53 BGP Configuration dialog box, Confederation tab...................... 207 Figure 54 BGP Confederation Peer Add dialog box........................... 207 Figure 55 ISIS Configuration dialog box, General tab............................ 210 Figure 56 ISIS Configuration dialog box, Interface tab........................... 212 Figure 57 ISIS Interface Configuration dialog box.............................. 213 Figure 58 ISIS Net dialog box.............................................. 215 Figure 59 IS-IS Area Auth Add dialog box.................................... 218 Figure 60 IS-IS Configuration dialog box, Area Auth tab displaying net authorization entry 219 Figure 61 Domain Authentication Add dialog box.............................. 220 214664-B Rev 00

Figures 17 Figure 62 IS-IS Configuration dialog box, Domain Auth Tab displaying new domain authorization 221 Figure 63 Route Importation dialog box with route policy selected................. 223 Figure 64 ISP Manager window............................................. 227 Figure 65 New ISP dialog box.............................................. 227 Figure 66 ISP Configuration dialog box....................................... 228 Figure 67 Device selection dialog box........................................ 229 Figure 68 Configuration dialog box, Access Properties tab........................ 231 Figure 69 Access Groups table.............................................. 232 Figure 70 Access Group Configuration dialog box, Group Management tab.......... 233 Figure 71 IGMP Profile Selection dialog box.................................. 234 Figure 72 Subscriber dialog box, Multicast tab................................. 236 Figure 73 Configuration dialog box, Trunk Interfaces tab......................... 238 Figure 74 New Route Policy dialog box....................................... 243 Figure 75 Route Policy Configuration dialog box............................... 243 Figure 76 AS Path Prepend Object Insert dialog box............................. 246 Figure 77 Route Policy Configuration dialog box with as_patch matching condition and parameter name 247 Figure 78 Route policy parameters attributes................................... 248 Figure 79 As Path Prepend Object Insert dialog box............................. 250 Figure 80 Route Policy Configuration dialog box with policy parameter value in Set column 250 Figure 81 Route Policy Configuration actions.................................. 252 Figure 82 Route Policy Configuration dialog box with Permit as the action type....... 253 Figure 83 Route Policy Configuration dialog box with Trace options displayed....... 254 Figure 84 Route Policy Configuration dialog box with logging enabled.............. 255 Figure 85 Route Policy Configuration dialog box with Edit option.................. 257 Figure 86 Policy Rule Remark dialog box..................................... 257 Figure 87 Route Policy Configuration dialog box with remark added................ 258 Figure 88 Route Policy Configuration dialog box............................... 259 Figure 89 Route policy configuration Match Options Menu with active options....... 260 Figure 90 AS Path Object Edit dialog box..................................... 261 Figure 91 Replacing the current policy routing parameter for a match condition....... 262 Figure 92 Route Policy Configuration dialog box with changed as_path match condition 262 Figure 93 New Prefix List dialog box........................................ 264 Figure 94 Prefix List Configuration dialog box................................. 265 Shasta 5000 Broadband Service Node Provisioning Subscribers

18 Figures Figure 95 New Prefix dialog box............................................ 265 Figure 96 Prefix List Configuration dialog box with new prefix added............... 266 Figure 97 Prefix List Configuration dialog box................................. 268 Figure 98 Prefix Configuration dialog box..................................... 268 Figure 99 New AS Path List dialog box....................................... 270 Figure 100 AS Path List Configuration dialog box............................... 271 Figure 101 New AS Path dialog box.......................................... 271 Figure 102 New Community List dialog box.................................... 275 Figure 103 Community List Configuration dialog box............................ 275 Figure 104 Community List Configuration dialog box with new community value...... 276 Figure 105 Community List Configuration dialog box with new community value...... 277 Figure 106 Community List Configuration dialog box............................ 278 Figure 107 Community List Configuration dialog box with changed values........... 279 Figure 108 Subscriber Configuration dialog box................................. 283 Figure 109 Subscriber Advanced tab........................................ 290 Figure 110 Access Group Selection dialog box.................................. 293 Figure 111 VPRN Selection dialog box........................................ 295 Figure 112 Access Connection Selection dialog box.............................. 301 Figure 113 Subscriber *@* Outbound Tunneling dialog box....................... 304 Figure 114 Tunnel Set Selection dialog box..................................... 305 Figure 115 Outbound Tunneling tab........................................... 310 Figure 116 Subscriber *@* Outboard Tunneling dialog box........................ 312 Figure 117 Tunnel Set Selection dialog box..................................... 312 Figure 118 Independent bridged subnet........................................ 316 Figure 119 Subscribers with access through a bridge group........................ 318 Figure 120 Subscribers tunneled across an Ethernet LAN segment................... 320 Figure 121 Tunnel Set Selection dialog box..................................... 321 Figure 122 Routing Protocol tab with RIP fields displayed......................... 325 Figure 123 Routing Protocol tab with BGP fields displayed........................ 326 Figure 124 Routing Protocol tab with OSPF fields displayed....................... 327 Figure 125 New RADIUS Profile dialog box.................................... 332 Figure 126 IGMP Profile Configuration dialog box............................... 337 Figure 127 IGMP Profiles window with new profile.............................. 338 Figure 128 Access Group Configuration dialog box.............................. 341 Figure 129 Access Group Configuration dialog box, Group Management tab.......... 342 214664-B Rev 00

Figures 19 Figure 130 Accounting Element dialog box..................................... 346 Figure 131 New Accounting Profile dialog box.................................. 348 Figure 132 Accounting Element Selection dialog box............................. 348 Figure 133 Policy Edit: Security Policy dialog box............................... 351 Figure 134 Monitoring - ISP tab.............................................. 355 Figure 135 Monitoring - Subscriber tab........................................ 357 Figure 136 Enhanced logging implementation................................... 366 Figure 137 SNMP management configurations.................................. 383 Shasta 5000 Broadband Service Node Provisioning Subscribers

20 Figures 214664-B Rev 00

21 Tables Table 1 Static subscriber access methods..................................... 33 Table 2 Dynamic subscriber access methods.................................. 34 Table 3 Subscriber types and requirements.................................... 35 Table 4 Shasta BSN shared access connection types per physical port.............. 37 Table 5 IP demux components............................................. 38 Table 6 Port, access connection, and IP demux container configuration limits........ 42 Table 7 Elements configured for IP demux.................................... 43 Table 8 Forced subscriber template types..................................... 44 Table 9 Matched subscriber template types................................... 45 Table 10 SCS behavior when creating super domain groups (SDGs)................ 48 Table 11 Subscriber outbound tunneling implementations......................... 49 Table 12 Subscriber routing protocols on the Shasta BSN......................... 50 Table 13 Subscriber routing properties and policies on the Shasta BSN.............. 50 Table 14 Subscriber identification data........................................ 55 Table 15 Group-oriented objects configurable on the Shasta BSN................... 69 Table 16 Information contained by BGP messages.............................. 83 Table 17 Policy routing criteria.............................................. 92 Table 18 Monitoring subscribers -- ISP login................................... 98 Table 19 Access connections and IP demux container addressing requirements........116 Table 20 Static Route Configuration dialog box fields........................... 137 Table 21 RIP Interface Configuration dialog box fields.......................... 147 Table 22 OSPF Configuration dialog box, General Panel tab items................. 155 Table 23 OSPF Area Configuration dialog box, Area Specific tab items............. 158 Table 24 BGP Configuration dialog box, Global tab items....................... 179 Table 25 BGP Peer Add dialog box items.................................. 182 Table 26 BGP Peer Group Add dialog box items............................ 188 Table 27 BGP Configuration dialog box, Route Importation tab items.............. 198 Table 28 BGP Aggregate Add dialog box items............................. 202 Table 29 Columns in the Route Policy Configuration dialog box.................. 244 Shasta 5000 Broadband Service Node Provisioning Subscribers

22 Tables Table 30 Policy routing criteria............................................. 245 Table 31 Policy parameter attributes......................................... 249 Table 32 Route policy actions.............................................. 252 Table 33 Trace options................................................... 255 Table 34 Editing options for the Match and Set columns in the Route Policy Configuration dialog box 260 Table 35 New Prefix dialog box fields....................................... 266 Table 36 Properties to share across BGP communities........................... 273 Table 37 Tasks for configuring subscriber identification and operating parameters.... 291 Table 38 Subscriber access methods......................................... 299 Table 39 Encapsulations available for subscriber access connections............... 301 Table 40 Subscriber identification conditionally enabled parameters............... 302 Table 41 Subscriber outbound trunking per access method....................... 308 Table 42 ISP-configurable access profiles.................................... 331 Table 43 RADIUS Profile dialog box, General tab fields......................... 333 Table 44 RADIUS Server dialog box........................................ 334 Table 45 IGMP Profiles dialog box fields..................................... 337 Table 46 Add Access Group Settings dialog box............................... 342 Table 47 Configurable filtered views for subscriber statistics..................... 359 Table 48 Policy accounting log details....................................... 367 Table 49 Internet RFCs supported all or in part by the Shasta BSN................. 371 Table 50 ATM Forum MIB variables and descriptions........................... 375 Table 51 L2TP tunnel aggregate traffic statistics............................... 377 Table 52 L2TP tunnel profile and aggregate PPP session statistics................. 379 Table 53 L2TP individual PPP session statistics................................ 380 Table 54 UDP ports used by the Shasta BSN.................................. 384 Table 55 Show interface command syntax for viewing L2TP tunnel statistics........ 385 214664-B Rev 00

23 Preface This guide, Shasta 5000 Broadband Service Node, Provisioning Subscribers, Release 4.0 provides background information about subscriber provisioning on Shasta BSN devices, and includes provisioning procedures for a user of the Shasta Service Creation System (SCS). This preface includes the following topics: About BSN device provisioning on page 24 Before you begin on page 25 New in this Document on page 26 Text conventions on page 26 Related publications on page 28 How to get help on page 29 For each task or procedure, this guide also provides: A list of prerequisite tasks for you to accomplish before attempting the procedure. Next steps for you to take upon completion of the procedure. For more detailed descriptions of the configurable items in each SCS client GUI window or dialog box or tab mentioned herein, see the guide, Shasta 5000 Broadband Service Node, SCS GUI Overview and Reference, Release 4.0, or refer to the topic SCS windows and dialog boxes in the SCS client GUI online Help. Shasta 5000 Broadband Service Node Provisioning Subscribers

24 Preface About BSN device provisioning The Shasta 4.0 Service Creation System (SCS) software provides tools for configuring Shasta 5000 Broadband Service Nodes (BSNs). The SCS server runs on a UNIX platform. The SCS Client software used for provisioning can be deployed on a Windows or UNIX system. The SCS Client GUI is a program that enables PC and UNIX users to provision Shasta BSNs and subscribers by either of the two following methods: Structured provisioning -- SCS users preconfigure system resources (for example, access connections, access profiles, service policies, routing policies, and templates) necessary to create static or dynamic subscribers more efficiently at a later time. Upon creation of a new subscriber, the SCS user (for static subs) or the Shasta BSN (for dynamic subs) assigns preconfigured resources to the subscriber, as needed. This method uses many different SCS Managers and commits more BSN resources during initial system provisioning. Unstructured provisioning -- SCS users create create system resources when needed as an integral part of the process of creating subscribers from the SCS Subscriber Manager. This method commits fewer BSN resources during intial system provisioning, but may be less efficient as a way to create subscribers on an ongoing basis. The topics in this guide occur in a sequence associated with the structured method of subscriber provisioning. However, each topic also provides navigation information enabling you to provision subscribers using the unstructured method, should you prefer or require that approach. For general information about the Service Creation System, as well as an introduction to manager applications within the SCS software, see the guide, Shasta 5000 Broadband Service Node, SCS GUI Overview and Reference, Release 4.0. 214664-B Rev 00

Preface 25 Using the BSN CLI while provisioning Some procedures in this guide mention show commands that a Shasta BSN CLI user can run to verify provisioning performed by an SCS user. While some CLI users may verify Shasta BSN provisioning in this way, this guide does not describe how to use Shasta BSN CLI commands directly for provisioning or related tasks, except in cases where a feature can only be provisioned through CLI. Provisioning performed through the BSN CLI may not be reflected in the SCS GUI and may be lost upon a resync or reboot. For more information about conditions associated with the use of CLI commands for provisioning, monitoring, or debugging BSN device performance, see the following guides: Shasta 5000 Broadband Service Node Command Line Interface Guide-- Administration, Release 4.0 Shasta 5000 Broadband Service Node Command Line Interface Guide -- Protocols, Release 4.0 Shasta 5000 Broadband Service Node, Troubleshooting Guide, Release 4.0 Before you begin This guide is intended for users provisioning a Shasta 5000 Broadband Service Node network using the SCS client. Prior knowledge of SCS software is not required. This guide assumes that you have the following background: Experience with window systems or graphical user interfaces (GUIs). Understanding of the transmission and management protocols used on your network. Basic understanding of the technology deployed with the Shasta BSN. Shasta 5000 Broadband Service Node Provisioning Subscribers

26 Preface New in this Document The following changes have been made to this document for this release: New information on release 4.0 features that affect subscriber provisioning or performance: IGMP Multicast scaling SSM sparing DHCP option 82 suboption 2 (Remote ID) RADIUS enhancements: NAS Port Type and MAC address VSA, username trim VC oversubscription L2 traffic shaping profiles access-side routing redundancy Significant expansion of IP Demux overview and configuration information. Some expansion of overview information on BGP routing. Some expansion of overview information on ISP/subscriber domains, subdomains, and realms. New text conventions for features requiring the use of BSN CLI commands (next). Text conventions This guide uses the following text conventions: italic text separator ( > ) angle brackets (< >) Indicates new terms, book titles, and Web addresses. Shows menu paths. Example: File > SCS Configuration identifies the SCS Configuration option in the File menu. Indicate that you choose the text to enter based on the description inside the brackets. Do not type the brackets when entering the command. Example: If the command syntax is ping <ip_address>, you enter ping 192.32.10.12 214664-B Rev 00

Preface 27 bold Courier text braces ({}) brackets ([ ]) italic text plain Courier text vertical line ( ) Indicates command names and options and text that you need to enter. Example: Use the debug portal command. Example: Enter show interface. Indicate required elements in syntax descriptions where there is more than one option. You must choose only one of the options. Do not type the braces when entering the command. Example: If the command syntax is add loghost [server=]<addr> [[facility=]{local0,local1,local2,local3, local4,local5,local6,local7}], you can enter either add loghost server=10.11.12.10 facility=local2 or add loghost server=10.11.12.10 facility=local3. Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command. Example: If the command syntax is add user [name=]<username> [epwd=<epwd>] [priv={u,su,ssu}], you can enter add user name=james epwd=pword priv=u. Or you can enter add user james, leaving out the terms shown in brackets. Indicates new terms or book titles Indicates command syntax and system output, for example, prompts and system messages. Example: Set Trap Monitor Filters Separates choices for command keywords and arguments. Enter only one of the choices. Do not type the vertical line when entering the command. Example: If the command syntax is check sub [sub]=<subid> sub=<subname> [isp]=<ispname>, you can enter check sub sub=345 isp=blue or check sub sub=james isp=blue. * In command syntax the asterisk indicates that you can enter multiple instances of the preceding parameter. Shasta 5000 Broadband Service Node Provisioning Subscribers

28 Preface Related publications For more information about using SCS, refer to the following publications: Shasta 5000 Broadband Service Node, Concept Guide, Release 4.0 Shasta 5000 Broadband Service Node Hardware Installation and Maintenance, Release 4.0 Shasta 5000 Broadband Service Node Software Installation and Migration, Release 4.0 Shasta 5000 Broadband Service Node Service Creation System (SCS), Release Notes, Release 4.0 Shasta 5000 Broadband Service Node IP Services Operating System (isos), Release Notes, Release 4.0 Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0 Shasta 5000 Broadband Service Node, SNMP Configuration Guide, Release 4.0 Shasta 5000 Broadband Service Node, Provisioning Subscribers, Release 4.0 Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels, Release 4.0 Shasta 5000 Broadband Service Node Command Line Interface Guide-- Administration, Release 4.0 Shasta 5000 Broadband Service Node Command Line Interface Guide -- Protocols, Release 4.0 Shasta 5000 Broadband Service Node CORBA API Applications Installation Guide Shasta 5000 Broadband Service Node Service Creation System CORBA API Applications Guide 214664-B Rev 00

Preface 29 Shasta 5000 Broadband Service Node Personal Content Portals Implementation Guide, Release 4.0 Shasta 5000 Broadband Service Node, Troubleshooting Guide, Release 4.0 See the current Release Notes and About This Release document for the latest list of documentation. Printed Technical Manuals You can print selected technical manuals and release notes free, directly from the Internet. Go to the http://nortelnetworks.com/documentation URL. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe Acrobat Reader to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to the Adobe Systems URL at www.adobe.com to download a free copy of Acrobat Reader. How to get help If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Nortel Networks service program, contact Nortel Networks Technical Support. To obtain contact information online, go to the www.nortelnetworks.com/cgi-bin/comments/comments.cgi URL, then click on Technical Support. From the Technical Support page, you can open a Customer Service Request online or find the telephone number for the nearest Technical Solutions Center. If you are not connected to the Internet, you can call 1-800-4NORTEL (1-800-466-7835) to learn the telephone number for the nearest Technical Solutions Center. Shasta 5000 Broadband Service Node Provisioning Subscribers

30 Preface An Express Routing Code (ERC) is available for many Nortel Networks products and services. When you use an ERC, your call is routed to a technical support person who specializes in supporting that product or service. To locate an ERC for your product or service, go to the http://www.nortelnetworks.com/help/contact/ erc/index.html URL. 214664-B Rev 00

31 Chapter 1 Working with subscribers The following topics discuss subscriber type, identification, and configuration concerns: Subscriber types and access methods on page 31 Subscriber IP mux/demux on shared access connections on page 36 Subscriber templates on page 44 Subscriber access properties on page 46 Subscriber contexts, domains, and realms on page 46 Subscriber outbound tunneling on page 49 Subscriber routing protocols on page 49 Subscriber services on page 50 Subscriber access groups on page 51 Subscriber VPRNs on page 51 Subscriber authentication, authorization, and accounting on page 52 Subscriber data encryption on page 53 Subscriber packet MTU size on page 54 Subscriber identification and operating parameters on page 54 Subscriber NetRIO access on page 56 Subscriber types and access methods A subscriber is an individual site that connects to a Shasta BSN using a layer 2 access connection. A subscriber could be an individual, a home office, a small business, or an enterprise campus. In effect, each subscriber site has its own network, as simple as a single host, a local area network (LAN), a small network with multiple LANs connected through bridges and/or routers, or a very large network having thousands of hosts. Shasta 5000 Broadband Service Node Provisioning Subscribers

32 Chapter 1 Working with subscribers You use the Subscriber Manager within the SCS client GUI to set up or change subscriber information. The Subscriber Manager enables you to manage subscribers in a global manner on an ISP s virtual router, without directly interacting with each individual Shasta BSN in your network. The SCS client also has provisions for configuring subscribers from SCS Managers other than the Subscriber Manager You can provision static as well as dynamic subscribers on the Shasta BSN. Static subscribers A static subscriber is a subscriber that an SCS ISP-level user manually adds to the Shasta BSN device (or ISP virtual router) configuration. Using the SCS client, you manually configure a static subscriber, complete with an IP address, profiles for VPN and/or multicast group membership, and service policies for traffic management, accounting, and so on. The following table summarizes the different methods by which a static subscriber can access the Shasta BSN, which in turn provides access to the Internet, to a private network, or to both. 214664-B Rev 00

Chapter 1 Working with subscribers 33 Table 1 Static subscriber access methods Access method By Dedicated Connection By IP Address Description Supports static subscribers who must access the Shasta BSN over dedicated connections, for example: ATM virtual circuit (VPI/VCI) Point-to-point connection over a leased DS0/DS1/DS3 channel Frame relay connection over CT3 or COC3 PPPoE/PPPoEoA connection (for example, DSL subscribers) To configure, see Add a static subscriber on a dedicated connection on page 282. Supports static subscribers who access the Shasta BSN over a shared connection, for example: Ethernet (10/100 or Gigabit port) VLAN/802.1q (using a specific VLAN ID) ATM virtual circuit (using a specific VPI/VCI). To enable the Shasta BSN to demultiplex traffic for individual subscribers on each shared access connection, you add IP demux components to the connection. For more information, see Subscriber IP mux/demux on shared access connections on page 36.) Dynamic subscribers A dynamic subscriber is a subscriber that the Shasta BSN automatically creates and adds to the subscriber base of an ISP after verifying or authenticating certain information. For dynamic subscribers, an SCS ISP-level user manually configures a subscriber template containing information the BSN can use to authenticate and dynamically add remote or mobile subscribers. Each dynamic subscriber inherits a set of profiles and services bound to the subscriber template. The profiles are for subscriber authentication, IP address assignment, VPN membership, multicast group membership, and so on. The services are policies for subscriber traffic management, accounting, homepage redirection, and other functions. This is an efficient method for automatically adding many remote/mobile subscribers to the Shasta BSN device configuration using a template approach. Shasta 5000 Broadband Service Node Provisioning Subscribers

34 Chapter 1 Working with subscribers The following table summarizes the different Shasta BSN methods by which dynamic subscribers can access the Shasta BSN, which in turn provides access to the Internet, to a private network, or to both. Table 2 Dynamic subscriber access methods Access method By Username By IP Address Description Supports dynamic subscribers who must access the Shasta BSN by username (or more) identification, over BSN access connections of this type: L2TP tunnel (LAC/LNS, dial-up subscribers) PPPoE/PPPoEoA (broadband cable subscribers) Mobile subscribers These subscribers require authentication by a means appropriate for the networked organization or individual, for example, using LDAP, RADIUS, PAP/CHAP, IKE, or ACE/ SecurID. For server-based authentication methods, you configure server access profiles together in a subscriber access group. You then bind the access group to a matched subscriber template. For template information, see Subscriber templates on page 44. To configure, see Configure subscriber access by username on page 303 Note that you must also configure authentication servers with user data, and for interoperation with a Shasta BSN device. Supports dynamic subscribers (for example, cable modem users) who must access the Shasta BSN over a shared Ethernet (FELC/GELC) or ATM (OC3/OC12) port. The ISP must create one or more subscriber templates, enabling the Shasta BSN to automatically generate and apply services to these subscribers. These subscribers obtain an IP address indirectly from a DHCP server or from an address pool configured on the BSN, or they already have an IP address not previously registered on the BSN. To enable the Shasta BSN to demultiplex traffic for individual subscribers, you add IP demux components to the access connection. (For more information, see Subscriber IP mux/demux on shared access connections on page 36.) Subscriber requirements summary The following table summarizes various ways in which you can add static and dynamic subscribers to a Shasta BSN device. 214664-B Rev 00

Chapter 1 Working with subscribers 35 Table 3 Subscriber types and requirements Subscriber Type Access connection Access method IP demux IP address assignment Subscriber template Access group and Service profile Verification/ Authentication Static Any By Dedicated Connection Dynamic Ethernet (802.3/ 802.3u/ 802.3ae) VLAN (802.1q with VLAN ID) ATM VC (VPI/VCI) 1483-LLC-B 1483-LLC-R Ethernet (802.3/ 802.3u/ 802.3ae) Example: cable modem subscribers) L2TP tunnel (LAC/LNS) Example: dial-up subscribers) Mobile subscribers By IP Address By IP Address By Username None Required. (See Subscriber IP mux/ demux on shared access connections on page 36.) Required. (See Subscriber IP mux/ demux on shared access connections on page 36.) Configure directly in the subscriber record. By DHCP, address pool on the BSN, or statically assigned but not previously registered on the BSN None Required (forced template) Required (forced template) None None Required (matched template) Required and bound directly to the subscriber record. (See Subscribe r access groups on page 51.) Required and bound to the subscriber template. (See Subscribe r access groups on page 51.) Not required. IP address verified on login. IP address verified against the parent IP demux container on login. LDAP, RADIUS, PAP/CHAP, IKE, ACE/ SecurID Shasta 5000 Broadband Service Node Provisioning Subscribers

36 Chapter 1 Working with subscribers Subscriber IP mux/demux on shared access connections An ISP can configure the Shasta BSN to multiplex/demultiplex frames sent to or from different subscribers behind the same shared access connection. This configuration includes: Shared access ports and connections on page 36 IP demux containers Subscribers and subscriber templates Subscriber access profiles Subscriber service profiles Shared access ports and connections Each physical Ethernet or ATM access port on the Shasta BSN can support multiple independent access connections that you provision on the device. Each access connection supports traffic to and from static and/or dynamic subscribers. The subscribers may exist individually or in subnets behind an ISP-owned or CPE device. (See the following illustration.) Figure 1 Shared access port and connection hierarchy BSN Physical Access Port Configured Access Connection Configured Access Connection ISP device or CPE device Subscribers Subscribers Subscribers Subscribers 214664-B Rev 00

Chapter 1 Working with subscribers 37 A BSN device owner can use the SCS Connections Manager GUI to create and assign to an ISP any shared access connection described in the following table: Table 4 Shasta BSN shared access connection types per physical port BSN physical port Shared access connection type Encapsulation required FELC (10/100 Mbps) GELC (10 Gbps) OC3 OC12 Ethernet (Shared by all subscribers on the access connection.) VLAN (Shared by all VLAN members behind the access port, i.e., devices or subscribers using the same VLAN ID.) VC (Shared by all subscribers behind an ATM bridge on the access connection.) VC (Shared by all subscribers behind a CPE router on the access connection.) Ethernet (IEEE 802.3/802.3u/ 802.3ae) IEEE 802.1q RFC 1483-LLC-B RFC 1483-LLC-R Note that the Shasta BSN and the network device at opposite ends of a shared access connection must be configured with the same frame encapsulation type. For more information about access connections, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0 in the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. IP demux components To multiplex/demultiplex IP traffic to or from different subscribers using the same access connection to the Shasta BSN, an ISP can provision the IP demux components on the connection, as described in the following table. Shasta 5000 Broadband Service Node Provisioning Subscribers

38 Chapter 1 Working with subscribers Table 5 IP demux components Component Description Configuration IP demux container IP demux static child subscriber IP demux dynamic child subscriber A parent object that defines the IP address space (IP addresses and reachable subnets) of anticipated subscribers behind a shared access connection. A static subscriber manually added to the parent IP demux container on the access connection. A dynamic subscriber automatically generated and added to the parent IP demux container on the access connection. This subscriber: Dynamically acquires its IP address through a DHCP server, or through an IP address pool on the BSN device. Inherits all of the access profiles and services configured in a subscriber template. An ISP uses the SCS Subscriber Manager GUI to create an IP demux container on a shared access connection. (See Subscriber IP mux/ demux on shared access connections on page 36.) An ISP uses the following SCS GUIs to manually create -- or to configure the BSN to dynamically create -- IP demux child subscribers: Access Properties Manager -- The ISP creates profiles for DHCP, RADIUS, IGMP, and other subscriber access services. (See Working with subscriber access properties on page 59.) Service Policy Manager -- The ISP creates policies for subscriber traffic management, accounting, firewall, and other services. (See the guide, Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0.) Subscriber Manager -- The ISP creates static child subscribers. (See also next bullet.) Subscriber Manager -- The ISP creates a subscriber template, which in turn the BSN can use to generate dynamic child subscribers. Note that the IP address manually configured for an IP demux static child subscriber, or the IP address acquired by an IP demux dynamic child subscriber, must match an address in the IP demux container on the access connection. Otherwise, the BSN cannot join the child subscriber to its parent container. The following conceptual diagram illustrates by example the functional operation of IP demux parent container and child subscriber objects on access connections created on OC-3 and Ethernet shared ports, and shows remote static and dynamic subscribers logically attached to their respective IP demux containers. 214664-B Rev 00

Chapter 1 Working with subscribers 39 Figure 2 IP demux functional operation (example) IP Demux Container (parent object) Defines subscriber IP address space IP Demux Container (parent object) Defines subscriber IP address space Subscriber Template Subscriber Template Static Child Subscriber IP Demux Container (parent object) Defines subscriber IP address space Dynamic Child Subscriber Dynamic Child Subscriber Access Path Access Connection VC (VPI/VCI) Access Connection VC (VPI/VCI) Access Path Access Connection Ethernet Encaps: Ethernet Access Path Shasta 5000 BSN OC-3 Port on BSN FELC Port on BSN Encaps: 1483-LLC-B Encaps: 1483-LLC-R CMTS (headend) Customer ATM Bridge Customer Router DOCSYS Broadband Coax System Cable modem Static Subscriber Ethernet Reachable Subnet Ethernet Dynamic Subscriber Ethernet Dynamic Subscriber Shasta 5000 Broadband Service Node Provisioning Subscribers

40 Chapter 1 Working with subscribers IP demux example configuration In an example implementation (Figure 3), a device owner would configure three separate Ethernet (FELC) access connections between the Shasta BSN and two CMTS headend devices. Next, an ISP would configure on the Shasta BSN: An IP demux container on each access connection. Each container would define the IP address space of a specific subscriber group. An access group containing a DHCP server access profile for each subscriber group. One or more of the access groups may define membership in a VPN. A service profile (containing service policies) for each subscriber group. A subscriber template for each subscriber group. The ISP would bind an access group and service profile to each subscriber template, enabling the BSN to automatically generate IP demux dynamic child subscribers logging on from the three independent subscriber groups. All authorized subscribers may have access to the Internet and/or a private VPN. Figure 3 Example IP demux application -- cable modem subscribers IP Demux Container (Residential Subscribers) Residence Small Business 2 FELC ports IP Demux Container (Small Business Subscribers) ISP CMTS Headend 50-500 Subscribers Coax Coax ISP Cable Modem MFG HFC Plants Fiber CMTS Headend 1 FELC port Shasta 5000 BSN BNC Cable Operator Headend IP Demux Container (Mfg Plant Corporation Subscribers) 10129EA 214664-B Rev 00

Hidden IP demux static child subscribers Chapter 1 Working with subscribers 41 An ISP can apply an implicit NAT policy to an individual IP demux static child subscriber, hiding it from the FIB of any VPN or ISP to which the subscriber belongs. (This is directly connected NAT for individual static IP demux child subscribers.) An ISP can configure this feature by enabling the checkboxes Hidden from ISP and Hidden from VPN within the IP demux container record accessible through the SCS Subscriber Manager. (To configure, see Configuring IP demux container addressing on page 116.) Through this feature, an ISP can configure different customers with identical IP demux containers and bridged address ranges, since they can be hidden from the ISP and VPN FIBs by the implicit NAT policies. This allows more simplified and efficient configuration and management of customers with independent bridged subnets. This feature applies to all existing IP demux static subscriber environments, including 1483-LLC-B (bridged), 1483-LLC-R (routed), Ethernet (802.3x), and VLANs (802.1q). Additional behavior of this feature is as follows: An IP demux static child subscriber inherits Hidden from ISP information from its IP demux container. If an IP demux static child subscriber is a member of the same VPN with its parent IP demux container, the subscriber also inherits Hidden from VPN information configured within the container. If an IP demux static child subscriber is a member of a VPN different from that of its parent IP demux container, the static child uses its own Hidden from VPN information configured within the subscriber record. Shasta 5000 Broadband Service Node Provisioning Subscribers

42 Chapter 1 Working with subscribers Hidden IP demux dynamic child subscribers Note that the private IP addresses of dynamic subscribers autogenerated by means of a subscriber template cannot be hidden by the same method used to hide IP demux static child subscribers. To hide the private IP addresses of IP demux dynamic child subscribers, you must create and bind a Group NAT object to an access group, which in turn you bind to the subscriber template. For more information, see Group NAT in the guide, Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0. IP demux configuration limits Shasta BSN device owners and ISPs can use the configuration limits described in the following table when adding access connections, IP demux containers, and IP demux child subscribers to the BSN configuration. Table 6 Port, access connection, and IP demux container configuration limits Shasta BSN port type Port/connection/container configuration limits FELC/GELC/OC3/OC12 ports FELC/GELC ports only: Each port can support one or more independent access connections simultaneously. Each access connection can support one IP demux container created by the ISP to which the connection was assigned. Every IP demux container can support up to 512 child subscribers, depending on the current allocation of other BSN system resources. Each port can support up to 10 access connections, with each connection assigned to a different ISP. An ISP can create an IP demux container on: An Ethernet access connection using Ethernet encapsulation. (The BSN automatically detects and sets the encapsulation for 802.3 (10 Mbps), 802.3u (100 Mbps), or 802.3ae (10 Gbps), depending on the port type.) A VLAN access connection using 802.1q encapsulation ATM ports only: Each port can support one shared access connection per virtual circuit (VPI/VCI), with each connection assigned to a specific ISP. An ISP can create an IP demux container on an ATM VC access connection configured for RFC 1483-LLC-B (bridging) or 1483-LLC-R (routing) frame encapsulation. 214664-B Rev 00

IP demux configuration summary Chapter 1 Working with subscribers 43 To enable IP demux functionality, you must create the elements described in the following table: Table 7 Elements configured for IP demux Required element on the Shasta BSN: Purpose: For more description, see: To configure, see: Access connection Access profile Service profile Subscriber template IP demux container IP demux static and dynamic child subscribers A configured (logical) connection between subscribers and the Shasta BSN. The connection may coexist with other access connections over the same wire or optical fiber line. Defines access services (for example, DHCP and RADIUS) for static or dynamic child subscribers. Defines the service agreement (for example, firewall,tos mapping, QOS, homepage redirection, and accounting) for static or dynamic subscribers. Describes the access and service profiles to be applied to dynamic subscribers only. Defines the IP address space anticipated for static and dynamic child subscribers on the same access connection. Logical children of an IP demux container on the access connection. Shared access ports and connections on page 36 and the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0 Working with subscriber access properties on page 59 Subscriber services on page 50 Subscriber templates on page 44 Subscriber IP mux/ demux on shared access connections on page 36 Subscriber types and access methods on page 31 Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0 Configuring subscriber access profiles on page 331 Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 Create a forced subscriber template on page 287 Configuring IP demux on page 111 Configuring subscribers on page 281 Shasta 5000 Broadband Service Node Provisioning Subscribers

44 Chapter 1 Working with subscribers Subscriber templates A subscriber template is an SCS software entitiy that applies a set of predefined parameter values and services to: Any subscriber with a statically configured or dynamically assigned IP address, accessing the Shasta BSN over an Ethernet port. Any dynamic subscriber accessing the Shasta BSN on any port by means of username verification Note: SCS client GUI identifies subscriber templates by using the color magenta to display the username. You create a subscriber template in the same way as you would create any subscriber through the SCS Subscriber Manager. For this reason alone, the SCS client refers to any subscriber template as a template subscriber, although its function is nonetheless that of a template for creating subscribers with customized services. Forced Subscriber templates The Shasta BSN uses the forced subscriber template on all subscribers within a container, regardless of domain name. You can use the Subscriber Manager of the SCS client to configure any of the forced subscriber templates described in the following table to meet your specific site requirements: Table 8 Forced subscriber template types Forced template type Non-Authenticated Subscriber Template Non-Authenticated with Bridge Group Authenticated Function performed No authentication performed on subscribers. No authentication performed on subscribers that belong to a bridge group. Subscribers authenticated on a Radius server. (You must configure or select a Radius profile.) 214664-B Rev 00

Chapter 1 Working with subscribers 45 For instructions, see Create a forced subscriber template on page 287. Matched subscriber templates The Shasta BSN uses a matched subscriber template to automatically create any dynamic subscribers with a login string that contains: A specific username A nonspecific (wildcard) username A specific realm/domain name A specific subdomain/domain name. You can use the SCS Subscriber Manager to configure any of the matched subscriber templates described in the following table to meet your site requirements: Table 9 Matched subscriber template types Matched template type Full wildcard template Wildcard username and subdomain templates Functionality Matches all subscribers that do not match any other subscriber template. Consequently, any subscriber with a login string of the form <wildcard-user>@<wildcard-domain> matches a wildcard template of the form *@*. Matches the domain name of the subscriber s login string to the domain name of a subscriber template. For example, any subscriber with a login string <user_name>@aol.com matches a subscriber template of the form *@aol.com. As another example, any subscriber with a login string <user_name>@<subdomain_name>.aol.com matches a subscriber template of the form *@*.aol.com. For instructions on how to create or modify a matched subscriber template, see: Create a wildcard domain or subdomain matched template on page 288 Create a wildcard matched template on page 289. Shasta 5000 Broadband Service Node Provisioning Subscribers

46 Chapter 1 Working with subscribers Subscriber access properties See Working with subscriber access properties on page 59. Subscriber contexts, domains, and realms Contexts The Shasta BSN supports standardized methods to establish: Subscriber Contexts (or virtual routers) Subscriber Domains, subdomains, and realms The Shasta 5000 BSN is designed to allow many, distinct ISPs to each have a separate address space of its own. This address space is called a context. A context can also be considered a virtual router (or an independent routed IP address space). With ownership of a context, an ISP controls the routing services as well as subscribers within that context. Because each ISP owns a separate context (with a separate address space) in the Shasta BSN, conflicts or security issues that could arise from shared routing tables do not occur. The Shasta BSN maintains control over viewing and configuration capabilities as they pertain to contexts. No ISP can see another ISP configuration or subscriber base. The Shasta BSN optimizes security while minimizing administrative overhead. ISPs with limited PoP capability find virtual contexts especially useful. A context on a Shasta 5000 BSN offers these smaller ISPs a means of providing additional PoPs without requiring ownership of the platform. The Shasta 5000 BSN has the technical capacity to support 64 routed contexts (or 64 virtual routers) that can be either statically or dynamically configured to use Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), or Routing Information Protocol (RIP). Domains, subdomains, and realms A fully qualified domain name (FQDN) specifies the username and the name of the domain to which a subscriber belongs, expressed traditionally as user@domain. To configure a subscriber domain, see Creating a domain on page 103. 214664-B Rev 00

Chapter 1 Working with subscribers 47 A more recent prototype for the FQDN expands to include the concept of the subdomain or realm. The use of a realm name within the FQDN has applications in subscriber roaming, security, and vanity domains, for example. For more information about the use of realm names, see Shasta 5000 Broadband Service Node Planning Guide. The owner of a registered domain (such as nortelnetworks.com) has the freedom to create any realms (subdomains) they require, such as us.nortelnetworks.com or ca.nortelnetworks.com. Public DNS servers only look at the domain name for routing; private DNS servers within a domain can look at the subdomain (realm) name for routing. Adding a realm name to a subscriber FQDN typically results in the following login syntax: realm/user@domain For example: AOA/bob_user@bellnorth.net A Shasta BSN CLI superuser can set up the device to accept logins of this form. When configured in this way, the BSN device interprets realm/user@domain as user@realm.domain. The BSN can then authenticate the subscriber and match the subscriber to the correct subscriber template. To enable support for this feature, see Enabling/disabling subscriber subdomain/realm login on page 307. To trim the domain, user, or realm name from a subscriber FQDN for the purpose of authentication, see Adding a RADIUS profile on page 332. Domain groups A domain group is a named collection of domains. An ISP can bind a domain group to a specific access connection on the Shasta BSN. This enables the ISP to force subscribers within the group domains to use only that connection. To configure, see Creating a domain group on page 104. To bind a domain group to an access connection, see Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Shasta 5000 Broadband Service Node Provisioning Subscribers

48 Chapter 1 Working with subscribers Super domain groups Prior to release 2.5.7, SCS automatically created a super domain group (SDG) whenever multiple domain groups were bound to a single connection. SCS associated the unique SDG ID with the connection, enabling SCS to pass only one aggregate domain group attribute to the Shasta BSN along with other configuration data. However, if multiple domain groups were bound to a large number (for example, thousands) of connections, SCS created a unique SDG for every connection, resulting in thousands of SDGs. When SCS sent configuration information to a BSN, the BSN had to pull from the LDAP server the detailed configuration of thousands of SDGs. This consumed memory on the CMC as well as many CPU cycles, resulting in a problem for large-scale environments. Beginning with release 2.5.7, SCS behavior for creating and managing SDGs changed for more efficient BSN operation, as described in the following table: Table 10 SCS behavior when creating super domain groups (SDGs) Task Adding an SDG Modifying an SDG Deleting an SDG SCS behavior When two or more domain groups are added to a connection's list, SCS checks for existing super domain groups with the same domain group list (in any order). If a matching SDG is found, SCS associates the connection with the existing super domain group. When adding or deleting a domain group from a connection's list, SCS checks existing super domain groups for a match with the new connection domain group list: If new match is found, SCS associates the connection with the existing super domain group, and invalidates the connection to force the BSN to re-pull the domain group configuration. SCS deletes the old SDG if it is not used by any other connections. If no existing SDG matches the new combination of domain groups, SCS creates a new super domain group, and invalidates the connection as the domain group/ super domain group setting has changed on the connection. SCS deletes the old SDG if it is not used by any other connections. When deleting a connection, SCS performs a validation check to determine whether or not the super domain group (if any) is being used by any other connections (across all regions). If it is not, SCS deletes the super domain group. 214664-B Rev 00 The above behavior occurs automatically and requires no provisioning by an SCS or BSN user.

Chapter 1 Working with subscribers 49 Subscriber outbound tunneling In the most general sense, outbound tunneling refers to the trunk-side connection between an ISP s virtual router and a service provider s IP network. The actual implementation of outbound tunneling varies according to subscriber access method, as described in the following table: Table 11 Subscriber outbound tunneling implementations Access method By dedicated connection By IP address By username Outbound tunneling implementation A statically configured trunk channel or PVC An L2TP, PPPoE, GRE, or IPSec tunnel (depending on your networking requirements) For instructions, see Configuring subscriber outbound trunking on page 308 For more information about how to configure subscriber outbound tunneling, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Subscriber routing protocols The Shasta BSN supports routing on the access side (from the Shasta BSN toward the subscriber) and on the trunk side (from the Shasta BSN toward the ISP backbone or the corporate enterprise backbone). All routing protocols configurable for the trunk side are also configurable for the access side. For the Shasta BSN, routing applies to individual subscribers only. That is, you cannot configure routing within the context of a subscriber template. Shasta 5000 Broadband Service Node Provisioning Subscribers

50 Chapter 1 Working with subscribers The Shasta BSN supports the routing protocols listed in the following table: Table 12 Subscriber routing protocols on the Shasta BSN For overviews, see: To configure, see: Static routes on page 75 Configuring static, summary, and RIP routes on page 135 Summary routes on page 75 Configuring static, summary, and RIP routes on page 135 RIP routing on page 76 Configuring static, summary, and RIP routes on page 135 OSPF routing on page 76 Configuring OSPF routes on page 153 BGP routing on page 77 Configuring BGP on page 177 ISIS routing on page 85 Configuring IS-IS on page 209 IGMP multicasting on page 86 Adding an IGMP profile on page 336 The Shasta BSN also allows you to configure routing policies and other routing properties. Refer to the following table for more detailed information: Table 13 Subscriber routing properties and policies on the Shasta BSN For overviews, see: Working with routing protocols, properties, and policies on page 71 To configure, see: Configuring route policies and properties on page 241 Subscriber services The Shasta BSN enables you to configure various, value-added, IP services at the per-subscriber (per-ip address) level. You can apply services (service policies and profiles) directly to individual statically configured subscribers, or to an entire group of autocreated dynamic subscribers using a subscriber template. Service profiles and service policies influence how the Shasta BSN handles or responds to subscriber ingress traffic (traffic sent by the subscriber toward the network core), as follows: 214664-B Rev 00

Chapter 1 Working with subscribers 51 Service profile A collection of policies, for example, security, ingress antispoofing, and policing, that influence the response the subscriber receives from the Shasta 5000 BSN. Service policy An explicit policy that influences the response the subscriber will receive from the Shasta 5000 BSN. You add policies individually. Service policy with an unresolved object An explicit policy that can be customized for use by an individual subscriber. For information about subscriber services and how to configure them, see the following topics in the guide, Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 : Introduction to Service Policies Provisioning Services Subscriber access groups An access group is a configurable entity that enables you to associate a group of subscribers with a single or common set of access properties (for example, RADIUS, DHCP, and IGMP profiles, and session parameters). To configure, see Creating an access group on page 341. Subscriber VPRNs A Virtual private routed network (VPRN) is a collection of subscribers bundled together on a network that enables IP traffic to travel securely over a public TCP/ IP network. Within an ISP context, you can reallocate the same IP address space to different VPRNs. (This is otherwise known as an overlapping address space.) The VPRN uses tunneling protocols to send and receive IP traffic between networks. You can also optionally configure encryption/decryption services for any VPRN. Shasta 5000 Broadband Service Node Provisioning Subscribers

52 Chapter 1 Working with subscribers For more information about the implementation of subscriber VPRNs on the Shasta BSN, see Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Subscriber authentication, authorization, and accounting Service providers verify the identity of users requesting access to their networks. Information used for this identification process is commonly stored in an Authentication, Authorization, and Accounting (AAA) server, such as a RADUIS server. This information can include user names and passwords, SecureID tokens, and biometric devices such as fingerprint scanners. The Shasta 5000 BSN supports several forms of authentication, depending on the access method and protocol used, for example: For Point-to-Point Protocol (PPP) end-user authentication, the Shasta 5000 BSN supports PAP and CHAP password authentication. For Personal Content Portal and PPP authentication, the Shasta 5000 BSN supports PAP and CHAP password authentication as well as SecureID cards. The Shasta 5000 BSN also provides a single point of integration with existing back-office systems. The Shasta 5000 BSN uses back-office systems in the following ways for the technologies it supports: In PPPoE, PPPoA, and Layer 2 Tunneling Protocol (L2TP), the Shasta 5000 BSN acts as a RADIUS client. In 1483 bridged and routed environments, the Shasta 5000 BSN does not use RADIUS. Instead, to authenticate users, subscriber sessions are redirected to a Personal Content Portal server on the service provider premises. Through the user s HTTP connection, the Shasta 5000 BSN directs authentication to a Web page in which the user can enter user ID and password or SecureID card values. The Personal Content Portal server signals to the Shasta 5000 BSN successful authentication, if it occurs. For Virtual Private Networks (VPN) authentication, previously shared keys are used for Internet Key Exchange (IKE) authentication. 214664-B Rev 00

Chapter 1 Working with subscribers 53 IKE is defined in the Internet Protocol Security (IPSec) document, an IETF standard that provides encryption, host authentication, and data integrity for TCP IP. (For information about IPSec, see Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels.) Many ISPs might use extended RADIUS servers to provide authorization, authentication, and accounting, as well as to perform additional functions such as modem reservation for certain customers. The Shasta 5000 BSN makes extensive use of the RADIUS server to enable easy integration into existing back-office operations. In cases for which the ISP uses the Shasta 5000 BSN to aggregate both dial and broadband technologies, the Shasta 5000 BSN can leverage the optimized back-office infrastructure built around dial access for broadband access also. Accounting for bulk configuration subscribers As a means for correlating the accounting records for bulk connections with a physical PVC for an independently bridged (RFC 1483-LLC-B) subscriber, the Shasta BSN adds slot/port/vpi/vci information to the accounting logs reported to an accounting server. For more information about subscriber accounting, see Configuring subscriber accounting on page 345. Subscriber data encryption Encryption can be applied at the network endpoints to provide security necessary for VPNs. The encryption and decryption processes entailed in the Shasta 5000 BSN encryption feature require that compatible algorithms be used at all end devices. IPSec is supported for secure network connections between the Shasta 5000 BSN devices offering end-to-end tunnels independent of any interior topology or networking technology. Shasta 5000 Broadband Service Node Provisioning Subscribers

54 Chapter 1 Working with subscribers Encryption support for the Shasta 5000 BSN employs the following: TripleDES and 56-bit DES (3DES/DES) through the use of dedicated hardware coprocessors for encryption (up to four per SSC line card) for optimum performance Internet Key Exchange (IKE)-based keying through preshared keys For more information, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels, Release 4.0. Subscriber packet MTU size The subscriber layer 3 MTU size defines how large a packet can be transmitted over the connection between a subscriber and the Shasta BSN. Typically, the MTU is 1500 bytes, but can hold a value from 64 to 1500 bytes. Specifying an MTU forces the peer (ISP virtual router) to transmit packets no larger than the MTU size. For information about how to set the packet MTU size for any subscriber, see Specify subscriber packet MTU size on page 297. Subscriber identification and operating parameters You use the Subscriber Manager of the SCS client GUI to configure subscriber identification and operating parameters, including the types of information shown in the following table: 214664-B Rev 00

Chapter 1 Working with subscribers 55 Table 14 Subscriber identification data Parameters Account information Group membership Access method IP demux container Interface MTU size Description The name of the subscriber account, optionally including a billing number. The name of the access group or VPRN to which the subscriber belongs. For example, a department name might serve as an access group name. Group membership determines the resources and services available to all subscribers of the group specified. For more information, see: Subscriber access groups on page 51 Subscriber VPRNs on page 51 The method by which the subscriber establishes a connection with the Shasta 5000 BSN: By dedicated connection (for static subscribers) By username (for dynamic subscribers) By IP address (for IP demux static and dynamic subscribers) For more information, see Subscriber types and access methods on page 31. When the access method is by IP address, you must select an IP demux container to which a subscriber belongs. In selecting a specific IP demux container for each subscriber, you automatically apply any service profile bound to that container. For more information, see Subscriber IP mux/demux on shared access connections on page 36. The Layer 3 MTU (maximum transmission unit) size of packets sent over the subscriber s access connection to the Shasta BSN. For more information, see Subscriber packet MTU size on page 54. For instructions on how to enter this subscriber identification data, see Configuring subscribers on page 281. Shasta 5000 Broadband Service Node Provisioning Subscribers

56 Chapter 1 Working with subscribers Subscriber NetRIO access The Shasta BSN system allows any subscriber to use a web browser to view information about their own ISP or IP intranet access configuration, services, policies, logs, and account usage. This capability is supported by NetRIO software provided by Technica Corp. After logging on to a NetRIO server, a subscriber can navigate and view the NetRIO server web pages pertaining to their own accounts. The NetRIO system also provides links to an online Help system, enabling subscribers to learn more about NetRIO and the statistics displayed on each NetRIO server web page. For more information, see: Shasta 5000 Broadband Service Node NetRIO Service Management Center Installation and Configuration, isos v3.0 (part number 213824-A) Shasta 5000 Broadband Service Node NetRIO Service Management Center Scalability and Availability Approach, isos v3.0 (part number 213844-A) NetRIO online Help VC oversubscription An ISP can create (or autocreate) more subscribers than the maximum number of active subscriber sessions supported by the Shasta BSN, with the assumption that not all subscribers are active simultaneously. With this capability, the Shasta BSN tentatively identifies, but does not actually allocate, full system resources (for example, memory and bandwidth) for every statically configured or autocreated subscriber. Instead, the Shasta BSN allocates system resources only for active subscriber sessions on each ATM access VC. Useful for DSL subscriber access, this feature allows the Shasta BSN to support configurations in which not every subscriber is actively connected to the IP network ( always on ) at the same time. An oversubscription ratio defines the number of configured subscribers versus the number of subscribers actively connected to the IP network (for example, via PPP). On the Shasta BSN, this ratio can vary from 1 : 1 (all subscribers always on ) to 4 : 1 (only one out of four subscribers connected to the IP network at any given time). 214664-B Rev 00

Chapter 1 Working with subscribers 57 The capability to support VC oversubscription allows an ISP to configure more subscriber access VCs than the total projected number of subscribers actively connected to the IP network. With this feature, any access VC can have zero, one or many active subscribers, within the total number of subscribers supported by the Shasta BSN. Shasta 5000 Broadband Service Node Provisioning Subscribers

58 Chapter 1 Working with subscribers 214664-B Rev 00

Chapter 2 Working with subscriber access properties 59 Access properties configurable under the SCS client Access Properties Manager include a wide range of parameters that help to set the relationship between a Shasta BSN and subscribers accessing that device. You define access properties in a profile in which you set global parameters for a protocol such as RADIUS or DHCP, to determine BSN behavior required for subscriber access. Note: Users logged in as ISP or DO&ISP have full view privileges in Access Properties Manager, while users logged in with DO privileges have limited access to configuration windows, such as RADIUS and PPP Profiles. The following table introduces some common subscriber access properties configurable from the SCS client Access Properties Manager: Access property Relevance Refer to: Profiles RADIUS profiles Subscriber authentication RADIUS profiles on page 61 and authorization DHCP profiles Subscriber IP address DHCP profiles on page 63 assignments PPP profiles Subscriber access PPP profiles on page 65 connections IGMP profiles Multicasting to subscribers IGMP profiles on page 68 Accounting profiles Subscriber activity accounting Configuring subscriber accounting on page 345 L2 traffic shaping SFC traffic shaping Layer 2 traffic shaping profiles on page 69 Shasta 5000 Broadband Service Node Provisioning Subscribers

60 Chapter 2 Working with subscriber access properties Access property Relevance Refer to: Groups Access groups Dial-out number groups Subscriber common access properties Subscriber dial-out number groups Creating an access group on page 341 Creating a dial-out number group on page 107 Domain groups Subscriber domains Creating a domain group on page 104 Bridge groups Subscriber ATM and DSL bridge grouping Creating a bridge group on page 105 For information about how to provision access properties for subscribers who require access to a VPN, 802.1q VLAN, or MPLS VRF, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Topics covered in that guide include: Virtual Private Networks (VPNs, VPRNs, and VRFs) GRE tunnels Virtual Leased Lines (VLLs) IPSec tunnels Virtual Local Area Networks (VLANs) IPSec policies Connection templates IPSec profiles L2TP tunnels IKE profiles PPPoE tunnels Contivity Server Farm profiles For information about SNMP access properties also configurable from the SCS client Access Properties Manager, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Access profiles You can use the SCS Access Properties Manager to configure the following subscriber access property profiles: RADIUS profiles on page 61 DHCP profiles on page 63 214664-B Rev 00

Chapter 2 Working with subscriber access properties 61 PPP profiles on page 65 (includes PPP, PPPoE, and MLPPP) IGMP profiles on page 68 Accounting profiles on page 69 For information about the following additional profile types, see Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels, Release 4.0 : IKE profiles IPSec profiles RADIUS profiles The Remote Authentication Dial-In Service (RADIUS) is for authenticating and authorizing dial-up users. A typical site has an access server attached to a modem pool, and a RADIUS server is attached to the network as a third-party authentication service. Remote users dial in to the access server, and the access server requests authentication services from the RADIUS server. To implement RADIUS functionality, you must use the SCS Access Properties Manager to configure values for the following key parameters in a RADIUS profile: Server IP address Server type (authentication and/or accounting server) Server secret (a password to authenticate the Shasta BSN) Load sharing (establishes the specified server as the primary RADIUS server) For instructions on how to configure RADIUS attributes and options, see Adding a RADIUS profile on page 332. For information on RADIUS vendor-specific attributes, see RADIUS Dictionary in the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels, Release 4.0. Authentication request options Within a RADIUS server profile, you can configure these options for processing subscriber authentication requests: Shasta 5000 Broadband Service Node Provisioning Subscribers

62 Chapter 2 Working with subscriber access properties A Trim User (subscriber) Name option enables the Shasta BSN to strip the username from a fully-qualified domain name (FQDN) received from a PPP user, and only forward the domain name to the RADIUS server for authentication. A Trim Domain Name option enables the Shasta BSN strip the domain name from a subscriber s authentication request and forward only the subscriber s name to the RADIUS server. For example, if the subscriber is foo@bar.com, then BSN only forwards the subscriber name foo to the RADIUS server for authentication. A Trim Realm option enables the Shasta BSN strip the realm name from the FQDN before sending the request to the RADIUS server. For example, if the subscriber is ISPx/user, then the authentication request for user is sent to the ISPx RADIUS server. A Disconnect Listening option enables the Shasta BSN listen to a specified port for disconnect requests from the RADIUS server. See also Domains, subdomains, and realms on page 46. RADIUS Primary/Backup server configurations The Shasta 5000 BSN accesses one or more RADIUS servers to process RADIUS authentication requests. You can designate multiple primary and backup RADIUS servers, and you can designate the order in which these servers are accessed. A server can be configured as either a primary or a backup, but not both. Each RADIUS profile should have at least one primary server configured. An authentication request is initially sent to one of the primary servers; the server is chosen using a load-balancing algorithm. If the request times out before a reply is received, the request to sent to the next RADIUS server on the primary server list. In the event of additional timeouts, the request will be sent to each of the primary servers until either the authentication request is satisfied or the list is exhausted or the maximum retry count is reached (default is 3). If the list of primary servers is exhausted before the maximum retry count is reached, the request drops down to the list of backup RADIUS servers. Each server on the backup list is accessed, in order, until either the authentication request is satisfied or the backup list is exhausted or the maximum retry count is reached (default is 3). 214664-B Rev 00

Chapter 2 Working with subscriber access properties 63 After traversing both the primary and the backup list once, the request loops back and starts again with the primary server list and continues until the request is satisfied or the maximum retry count is reached. For instructions on how to configure RADIUS attributes and options, see Adding a RADIUS profile on page 332. DHCP profiles Dynamic Host Configuration Protocol (DHCP) allows successfully authenticated dynamic subscribers to obtain an IP address from a DHCP server, which can manage multiple IP address pools. This situation can exist, for example, when users on a LAN log on to an enterprise network. Since a subscriber must first connect to a Shasta BSN during login, the BSN serves as an agent to relay DHCP address assignment requests from the subscriber to a DHCP server. The BSN also relays the IP address assigned by the DHCP server to the subscriber. To support dynamic subscribers on a Shasta BSN Ethernet (FELC or GELC) port, you must use the SCS client Access Properties Manager to create a DHCP profile, and then: Bind the DHCP profile (along with other profiles) to a subscriber access group. Bind the access group to a subscriber template for dynamic subscribers Within a DHCP profile, you configure items such as: Profile name Hop limit Elapsed seconds allowed (for a session with a DHCP server) Relay agent options (circuit ID, remote ID, and subnet mask) DHCP server IP address For instructions on how to configure a DHCP profile, see Adding a DHCP profile on page 334. Shasta 5000 Broadband Service Node Provisioning Subscribers

64 Chapter 2 Working with subscriber access properties Remote ID (DHCP Option 82 Suboption 2) An ISP can configure the Shasta BSN to send to a DHCP server the name of a dedicated or autogenerated subscriber (by default, this is <subscriber_name>@<domain_name>). The DHCP server uses this value to allocate an IP address to the specifically named subscriber. The BSN sends this Remote ID value in the Suboption 2 field of Option 82 DHCP packets. Beginning with SCS/iSOS 4.0, an ISP can alternatively configure the BSN to send as the Remote ID an SCS subscriber template name (that is, <subscriber_template_name>@<domain>), instead of sending a subscriber name. Furthermore, by additionally configuring the DHCP server to allocate a specific range of IP addresses to subscribers autogenerated by a specific template, an ISP can control or segregate IP address assignments by template name. For example, an ISP who needs to limit the number of IP addresses allocated to a group of high-bandwidth BSN subscribers in a specific domain can: Create a template suitable for these subscribers. (For instructions, see Configuring subscriber templates on page 286.) Configure the Shasta BSN DHCP Relay Agent to send the subscriber template name as the Remote ID value. Configure the DHCP server to allocate a specific set and limited number of IP addresses to subscribers autogenerated by the BSN using this template. You configure the Remote ID in the DHCP Relay Agent Options area of the DHCP Profile dialog box (SCS client Access Properties Manager). (See Adding a DHCP profile on page 334). For information about how to configure your DHCP server to allocate IP addresses by Remote ID value, refer to your DHCP server user documentation. IPSec Profiles IPsec (Internet Protocol Security) is a developing standard for implementing security at the network layer. IPsec is particularly useful for implementing VPNs and for remote user access through a dial-up connection to a private network. 214664-B Rev 00

Chapter 2 Working with subscriber access properties 65 IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The Shasta BSN supports the IPSec protocol, and the ability to configure an IPSec profile. For information describing IPSec and how to configure an IPSec profile for subscribers on the Shasta BSN, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. If your Shasta BSN has SSC modules without the encryption engine, you can still configure VPRN tunnels, but you must use the null encryption (no encryption) option. (The null encryption option is not available for subscriber IPSec tunnels.) IKE Profiles The Shasta BSN supports the use of pre-shared keys, in which you establish a key at each device prior to the transaction. An IKE profile defines the properties that the Shasta BSN applies when working with IKE, a standard for authentication and key exchange for Internet Protocol Security (IPSec). For a more information about IKE and how to assign an IKE profile to a Shasta BSN, see Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. PPP profiles The Shasta BSN supports several variants of PPP on subscriber access connections: PPP on page 66 MLPPP on page 67 PPPoE on page 67 PPPoEoA on page 68 For the Shasta BSN to support PPP or MLPPP link negotiations, you must use the SCS client Access Properties Manager to configure a PPP profile and bind it to a specific access group. You then bind the access group to a subscriber or subscriber template. Shasta 5000 Broadband Service Node Provisioning Subscribers

66 Chapter 2 Working with subscriber access properties A PPP profile defines the properties that the Shasta BSN applies when negotiating PPP session runtime parameters, irrespective of the connection type. Whenever you configure a PPP profile, you can optionally require PAP/CHAP authentication of the subscriber. For instructions on how to configure a PPP profile, see Adding a PPP profile on page 338. PPP The Point-to-Point Protocol (PPP) enables subscribers to access a Shasta BSN over a single, synchronous or asynchronous, point-to-point link. You can configure PPP to run on the Shasta BSN over: A dial-up connection (PPP) An HDLC synchronous channel (PPP) An ATM virtual circuit (PPPoA or PPPoEoA) An L2TP tunnel (PPP/L2TP) PPP session throttling A Shasta BSN CLI superuser can configure throttling for PPP sessions. When configured, this mechanism automatically: Deletes new subscriber attach requests that exceed a configured threshold, until the outstanding number of attach requests declines to a (predetermined) serviceable level. Queues subscriber detach requests that exceed a configured threshold, until the BSN can catch up with the number of pending detach requests. For more information, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. 214664-B Rev 00

Chapter 2 Working with subscriber access properties 67 MLPPP Multilink Point-to-Point Protocol (MLPPP) enables an Internet Service Provider (ISP) to work with multiple PPP sessions that can be terminated and bound into a single IP session. This variant of PPP enables you to open multiple simultaneous channels between a Shasta 5000 BSN and a destination device, providing subscribers additional bandwidth on demand. MLPPP is enabled by default on the Shasta BSN, and can run over: Multiple CT3 channels Multiple ATM virtual circuits Multiple L2TP tunnels As a means for splitting, recombining, and resequencing datagram packets across multiple logical data links, MLPPP: Provides increased performance by binding multiple links. Provides subscribers with additional bandwidth on demand. Enables redundancy by distributing PPP sessions across multiple physical links. Enables ISPs to provide the same services to existing subscribers when they replace another vendor s remote access server with a Shasta 5000 BSN. Enables multiplexing and other traditional network layer functions to occur at the data link layer (layer 2). PPPoE Another variant of PPP is PPPoE (PPP over Ethernet), which establishes a tunnel between a subscriber and a Shasta BSN. The tunnel can span an Ethernet LAN or an Ethernet channel on a broadband DOCSIS-compliant cable system. For more information about configuring PPPoE tunnels, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Shasta 5000 Broadband Service Node Provisioning Subscribers

68 Chapter 2 Working with subscriber access properties PPPoEoA With the Shasta BSN, you can also create subscriber access configurations supporting PPPoE tunnels over ATM virtual circuits (PPPoEoA) provisioned as shown in Configure addressing for a subscriber on a bridged subnet on page 316. IGMP profiles IP multicasting provides services such as the delivery of information to multiple destinations with a single transmission and the solicitation of servers by clients. These services benefit applications such as video conferencing, dissemination of datagram information, and dissemination of mail or news to a large number of recipients. The Shasta BSN supports Internet Group Management Protocol (IGMPv1 and IGMP v2) proxy for hosts to report their multicast group memberships to neighboring multicast devices. For the Shasta BSN to support IGMP, you must configure an IGMP profile. You bind an IGMP profile to access groups and subscribers, thereby enabling an ISP to provide subscribers with IGMP multicasting services. Note also that a Shasta BSN superuser can configure multicast join limits across all SSPs in the device. (An SCS user cannot configure join limits on a BSN device.) For more information, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. For more information about IGMP, refer to the following table: For information about: See: IGMP services IGMP multicasting on page 86 How to configure an IGMP Adding an IGMP profile on page 336 profile How to configure IGMP Configuring IGMP on page 225 multicasting services for subscribers 214664-B Rev 00

Chapter 2 Working with subscriber access properties 69 Accounting profiles An accounting profile is a collection of accounting elements, each representing a different set of accounting statistics that you want to collect for a specific Shasta BSN device or ISP configured on that device. For more information, see Configuring subscriber accounting on page 345. Layer 2 traffic shaping profiles A device owner can create a Layer 2 traffic shaping profile for connections handled by the SFC2. The profile allows you to select: Port type using the profile Service type (CBR, VBR_RT, VBR_NRT, UBR, or GFR) Rate parameters (SCR, PCR, MCR, and/or MBS) For more information, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Customer and subscriber groups The following group-oriented entities on the Shasta BSN facilitate more efficient subscriber provisioning. The following table briefly describes these objects: Table 15 Group-oriented objects configurable on the Shasta BSN Group object: Description Refer to: Customer Domain A group of subscribers that can be associated with a domain name. A named set of network addresses, organized in levels (domain and subdomain). Creating a customer on page 101 Creating a domain on page 103 Domain group A named set of network domains. Creating a domain group on page 104 Shasta 5000 Broadband Service Node Provisioning Subscribers

70 Chapter 2 Working with subscriber access properties Table 15 Group-oriented objects configurable on the Shasta BSN (continued) Group object: Description Refer to: Bridge group Dial-out number group A network configuration in which all subscriber hosts on the access side reside on the same subnet, and connect to the Shasta BSN through an ATM or DSL bridge. Enables you to bind a subscriber template to a Dialed Number Identifier Service (DNIS) or to an MSID. Binding a subscriber template to a dial-out service enables the template to provide common settings for all subscribers using any configured dial-out numbers that you configured Creating a bridge group on page 105 Creating a dial-out number group on page 107 VPN Virtual Private Network Shasta 5000 Broadband VLAN Virtual Local Area Network Service Node, Provisioning VPNs, VLANs, and Tunnels NAT group Network Address Translation group Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0 214664-B Rev 00

71 Chapter 3 Working with routing protocols, properties, and policies The following topics explain : About routing on the Shasta BSN on page 72: Access-side routing on page 73 Access side routing redundancy on page 73 Trunk-side routing on page 74 Routing protocols and properties Static routes on page 75 Summary routes on page 75 RIP routing on page 76 OSPF routing on page 76 BGP routing on page 77 ISIS routing on page 85 IGMP multicasting on page 86 Route policies Policy routing and packet forwarding on page 91 Route policy matching conditions on page 91 Route policy attributes to set on a matching condition on page 92 Route policy actions on page 93 Route importation and aggregate advertising Route importation on page 93 Route aggregation on page 93 BGP confederations on page 94 Shasta 5000 Broadband Service Node Provisioning Subscribers

72 Chapter 3 Working with routing protocols, properties, and policies About routing on the Shasta BSN Routing is the process of identifying network topologies and the networks and links that are available in order to deliver packets in the fastest, most direct manner possible versus cost of delivery. This process entails assessment and use of information that describes paths to large numbers of endpoints and allows for decision making around what to do if a link fails. Routing relies on protocols (collectively referred to as routing protocols) that establish shared and consistent routing tables in a network s routers. Routers use these tables to determine (look up in a routing table) the next hop for a packet. Within the Internet, distinctions are made between interior and exterior routing protocols because of the different tasks these types of protocols carry out and impose on the routing system. The following three levels of routing each using a different type of routing protocol are distinguished: The top level of routing pertains to the Internet backbone, interconnecting multiple self-regulating systems called Autonomous Systems (AS). An AS is a domain of routers and networks that are administrated under a single authority for example, a corporate network. Routing between two ASs uses an exterior protocol. These discrete entities (ASs) have separate owners. Thus, there is no trust implicit to the interconnection between the routers of these entities, whereas a high degree of trust exists between mutually cooperating routers within a single AS. The middle level of routing consists of routers within an AS, such as a campus network, and these routers use an interior protocol. Because they belong to the same entity, routers within an AS cooperate. The bottom level of routing is comprised of routing within LANs, such as Ethernet-based LANs. Gateways mediate between interior and exterior routing. RIP and OSPF are commonly used as interior protocols. Border Gateway Protocol (BGP) is the protocol most commonly used for exterior routing. The Shasta 5000 BSN supports routing on the access side (from the Shasta 5000 BSN toward the subscriber) and on the trunk side (from the Shasta 5000 BSN toward the ISP backbone or the corporate enterprise backbone). All routing protocol parameters configurable for the trunk side are also configurable for the access side. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 73 For the Shasta 5000 BSN, routing applies to individual subscribers only. That is, routing is not supported as applied to subscriber templates. Access-side routing Either static or dynamic routing can be used on the access side, depending on the size of the network behind the subscriber and the individual subscriber s need. If the network behind the subscriber is not too extensive, static routing is commonly used on the access side. Dynamic routing eliminates the need to manually specify all of the networks statically reachable through the subscriber. The Shasta 5000 BSN supports reachability for multiple IP subnets behind the Customer Premises Equipment s (CPE s) router. The routing protocol used by the Shasta 5000 BSN is the protocol that the subscriber network supports. Routing Information Protocol (RIP) is commonly used on the access side because it is widely supported. For instance, a scenario in which RIP might be used is one in which the Shasta 5000 BSN uses dynamic routing to discover the network topology behind a subscriber host. The subscriber network might include branch sites and a headquarters site. The Shasta 5000 BSN supports OSPF and RIP on the access side for both ISP and VPRN subscribers. BGP is supported for ISP subscribers only. Intermediate System-Intermediate System (IS-IS) is not supported on the access side. Access side routing is supported on all types of access connections except for IP Demux. If supported by a peer router, routing over IPSec can run on access connections. Access side routing redundancy With this release, you can configure backup/redundant RIP and static access routing for ISP and VPN subscribers. This feature ensures that the Shasta BSN: Recognizes a backup or redundant access routing interface for a specific ISP or VPN subscriber. Automatically implements a higher administrative cost or distance for backup/redundant RIP and static access routes for the subscriber. (The BSN uses 247 as the cost for RIP backup/redundant access routes, and 244 as the cost for static backup/redundant access routes.) Shasta 5000 Broadband Service Node Provisioning Subscribers

74 Chapter 3 Working with routing protocols, properties, and policies Prefers routes learned over the subscriber s primary L3 interface, since these routes automatically have a lower administrative cost: 120 for RIP access routes, 1 for static access routes. Forwards packets over the backup/redundant L3 access interface when the primary L3 access interface is down. For instructions on how to use the SCS client to configure this feature, see Configure subscriber backup/redundant routes on page 298. Trunk-side routing On the trunk side, the Shasta 5000 BSN uses the routing protocol supported by the ISP core (or enterprise core) in order to discover the topology of the ISP (or enterprise) network and all possible routes to the network. Typically RIP or Open Shortest Path First (OSPF) is used on the trunk side because these protocols are widely used by ISP and enterprise networks. For instructions on how to use the SCS client to configure trunk-side routing, see: Configuring RIP routes on page 143 Enabling or disabling OSPF on a trunk interface on page 168 Routing protocols and properties The Shasta BSN supports: Static routes on page 75 Summary routes on page 75 RIP routing on page 76 OSPF routing on page 76 BGP routing on page 77 ISIS routing on page 85 IGMP multicasting on page 86 214664-B Rev 00

Static routes Chapter 3 Working with routing protocols, properties, and policies 75 Static routing is an internetworking method that typically consists of subnetworks on an internetworking device. Static routing is built into the Shasta 5000 BSN to accommodate packet redirections necessary between a subscriber and an ISP. Large networks typically have many different paths that packets can take to reach a destination. Routers are the switches that direct packets over one path or another based on information stored in routing tables that indicates the best path to a destination. Static routing implies that the paths are manually programmed into the Shasta 5000 BSN by a network administrator. If a path fails, the administrator must reprogram the Shasta 5000 BSN so packets follow other paths. In mission-critical environments, this is usually unacceptable, so the Shasta 5000 BSN also supports dynamic routing or routing that automatically locates and determines the best paths through the internetwork, recalculating in real-time, paths when lines fail, or when new devices are added to the network that create unexpected delays. To configure, see Configuring static routes on page 135. Summary routes Summary routing is a dynamic method of routing where paths are learned automatically by software that retrieves existing, efficient routes between devices. Summary routing uses two sources to determine inter-device paths: Address pool -- Typically, summary routing has a designated address pool containing an established group of addresses that devices typically contact to determine paths. Subscriber caches -- Summary routing also polls address tables, resident in caches on devices used by subscribers, to collect information about which routes are most effective between a subscriber device and a device on a service provider network. All summary routing information is stored in Forwarding Information Base (FIB) tables in the Shasta BSN. Shasta 5000 Broadband Service Node Provisioning Subscribers

76 Chapter 3 Working with routing protocols, properties, and policies When configuring a BSN device to learn summary routes, you can enter the destination IP address, netmask, and the desired metric value for the routes learned to each subscriber. Lower metric values correspond to more efficient routes. See Configuring summary routes on page 139. RIP routing The Routing Information Protocol (RIP) is an interior or intradomain routing protocol that uses the distance-vector routing algorithm. Distance-vector routing is a class of routing algorithms that iterate on the number of hops in a route to find a shortest-path spanning tree. RIP is used on the Internet and is common in network operating system environments as a method for exchanging routing information between routers. The RIP routing feature is available on access as well as trunk interfaces. To configure, see Configuring RIP routes on page 143. OSPF routing OSPF (Open Shortest Path First) is a link-state routing protocol used instead of RIP within large autonomous system networks. Link-state routing, as compared to RIP routing, requires more processing power but provides more control over the routing process and responds faster to changes. Like RIP, OSPF is an Interior Gateway Protocol (IGP). Using the OSPF link-state algorithm, each router can calculate and broadcast or multicast to other hosts information regarding the cost of reaching each of its neighbors. Link state algorithms create a consistent view of the network and are therefore not prone to routing loops. Unlike RIP, OSPF can operate within a hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common routing protocol. OSPF is an intra-as (interior gateway) routing protocol that is also capable of receiving routes from, and sending routes to, other autonomous systems. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 77 The AS can be divided into a number of areas. An area has a unique ID and consists of a group of contiguous networks and attached hosts. From Internet RFC 2178: The topology of an area is hidden from the rest of the Autonomous System. This information hiding enables a significant reduction in routing traffic. Also, routing within the area is determined only by the area's own topology, lending the area protection from bad routing data. An area is a generalization of an IP subnetted network. Routers with multiple interfaces can participate in multiple areas. These Area Border Routers maintain separate topological databases for each area. For more information about OSPF, see Internet RFC 2178 at the following URL: http://www.cis.ohio-state.edu/cs/services/rfc/rfc-text/rfc2178.txt For instructions on how to configure OSPF on the Shasta BSN, see Configuring OSPF routes on page 153. BGP routing Border Gateway Protocol (BGP) is a routing protocol that allows you to create routing between two sets of routers operating in different administrative systems, called autonomous systems (ASs). Some BGP features supported by the Shasta BSN are: Peer groups -- BGP peers with similar outgoing route policies can be configured as peer groups. BGP routers that exchange routing information between different autonomous systems are Exterior BGP (EBGP) peers. Route flap dampening -- Minimizes the impact of oscillating and fluctuating routes on the global Internet and large providers. Every time a route from an EBGP peer router goes down, a certain penalty is applied. If the penalty reaches a certain threshold, the route is not advertised to the provider s internal or external peers. Penalties are decreased over time, and the route is advertised again after a period of stability. IBGP Route reflectors -- BGP routers that exchange routing information only with other routers within the same AS. Inside a cluster of routers, one or more routers are IBGP (Interior BGP) route reflectors. Other routers in the cluster peer only with these route reflectors. Shasta 5000 Broadband Service Node Provisioning Subscribers

78 Chapter 3 Working with routing protocols, properties, and policies For information about how to use the SCS client to configure BGP on a Shasta BSN device, see Configuring BGP on page 177. BGP peers and autonomous systems An autonomous system (AS) is an independent system, generally a subnetwork. A BGP router can attempt to link up and form a peer relationship with another BGP router (that is, a BGP peer). When the router attempts to locate a peer AS, a route or path is traversed that becomes relevant to identifying the peer AS. Typically, an AS being contacted by a peer AS attempts to learn the peer AS s path before allowing packets it has generated to be received. This path is known as an AS path. (For information about how to use the SCS client Route Properties Manager to configure AS paths on a Shasta BSN device, see Configuring autonomous system paths for BGP on page 269.) Autonomous systems can use two kinds of BGP: Interior BGP (IBGP) This method refers to routers that use BGP within an autonomous system. BGP information is redistributed to Internal Gateway Protocols (IGPs) running in the AS path. Exterior BGP (EBGP) This method refers to routers that use BGP across two different AS paths. It is possible to have an AS with only two routers. These routers are directly connected and form a peering relationship, both running IBGP by definition. In this configuration, EBGP routing information can also be redistributed into IGPs if desired. IBGP and EBGP An ISP runs an Interior Gateway Protocol (IGP or IBGP) within its backbone to optimize the path traveled by packets from one point to another within a network. In addition to the IGP, an ISP runs an Exterior Gateway Protocol (EGP or EBGP) between its backbone and networks belonging to other ISPs or to customers to have full connectivity to the entire Internet. The area of network infrastructure over which an IGP runs is typically under the same technical and administrative control, falling under one region known as an autonomous system. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 79 An AS is essentially a collection of routers. The purpose of EGP is to allow two different ASs to exchange routing information so that data traffic can be forwarded across the AS border. Because an AS border straddles two different areas of technical and administrative control, the specifications and implementations of EGPs include mechanisms for performing policy routing, indicating that controls can be applied to determine which routing information crosses the border between two ASs. To configure IBGP attributes, see Configuring an autonomous system on page 178 To configure EBGP attributes, see Configuring BGP peers on page 181. EBGP multihop In some cases, a router may be running external BGP with a third-party device that does not allow two external peers to be directly connected. In these situations, EBGP has a technique, multihop, that allows two non-directly connected peers to reach each other and exchange the necessary information to become legal peers. The multihop feature directs traffic bound for a non-direct peer to be forwarded on from intervening routers until it reaches its peer destination router. To configure, see Configuring BGP peers on page 181. Advertising and redistributing routes One of the ways a router can initially contact a prospective peer router is to announce its presence by transmitting a specific type of packet that details its path between the local router and the prospective peer. This announcement is known as an advertisement. An advertisement announces a route between a the pair of BGP routers in a series of update messages. Another way that a router can contact a prospective peer router is to perform a task known as redistribution. Redistribution is the process of overlaying the existing internal routing protocols of one router into BGP. Examples of existing protocols are IGRP, OSPF, RIP, and EIGRP. All the routes that have been learned by these protocols can now be transmitted from one router to another using BGP. Shasta 5000 Broadband Service Node Provisioning Subscribers

80 Chapter 3 Working with routing protocols, properties, and policies If an AS is actually a stub network containing multiple routers, only one router runs BGP to connect the stub to other autonomous systems. In this configuration, all non-bgp routers within the stub network need to know how to reach hosts external to the AS. To address this requirement, you can either configure a default route or redistribute the BGP routes into the IGP. To configure advertising attributes, see Configuring BGP on page 177. Route reflectors A route reflector is: A mechanism for reducing the IBGP full mesh A router whose BGP implementation supports the readvertisement of routes between IBGP neighbors. A route reflector client is a router that depends on a route reflector to readvertise its routes to the entire autonomous system, and also depends on that route reflector to learn about routes from the rest of the network. Route reflectors in all clusters still require full-mesh peering between themselves. To configure route reflector attributes, see Configuring BGP on page 177 Communities and Community lists A BGP community is a group of destinations that share some common property. Using the SCS client, you can: Create a community list (a container or table of communities) Add entries (communities) to the community list Activate any of the following common properties across all members of the community list: 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 81 Property Local AS Internet No Advertise Description Routes must not be advertised to external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation). Routes must not be advertised to Internet BGP peers. Routes must not be advertised to other BGP peers No Export Routes must not be advertised outside a BGP confederation boundary (a stand-alone autonomous system that is not part of a confederation should be considered a confederation itself). You define each BGP community by means of a Community attribute, commonly used in policy-based routing. A BGP speaker: Receiving a route that contains this attribute can modify the attribute value according to the local routing policy. Receiving a route that does not have a Community attribute can append this attribute to the route when propagating the route to peers. Can use this attribute to control which routing information it accepts, prefers or distributes to other neighbors. You use the SCS client to configure any Community attribute value, which serves as a filter matching parameter within a routing policy. The Community attribute contains the following information: <AS_number>:<Community_string> Where: <AS_number> is the Autonomous System number <Community_string> uniquely identifies a particular BGP community with the autonomous system. On the Shasta BSN, the BGP Community attribute can have any value in this range: Shasta 5000 Broadband Service Node Provisioning Subscribers

82 Chapter 3 Working with routing protocols, properties, and policies 0:0 (0x00000000) to 65535:65535 (0xFFFFFFFF) To create community lists and communities on a Shasta BSN device, see Configuring BGP communities and community lists on page 273. For information about how to configure the Communities attribute as a filter within a routing policy, see Create a matching condition under Configuring route policies on page 242. Prefixes A BGP Prefix is an efficient method for specifying, in a single IP network address, an entire range of IP hosts on that network. The prefix has the form: <IP_address>/<prefix_length> For example: 140.250.0.0/16 In this example, the <prefix_length> determines how many contiguous leading bits of the 32-bit IP address represent the network portion of that address. The BGP Prefix 140.250.0.0/16 indicates that 16 contiguous bits of the 32-bit IP address represent a network number 140.250 (or, the 140.250 net ). All remaining bits in the Prefix can then represent the range of IP hosts on that network, from 140.250.0.0 to 140.250.255.255. The SCS client typically displays the <prefix_length> field in equivalent forms: /<number_of_bits> (<dotted_decimal_equivalent>) For example: /16 (255.255.0.0) Prefix information occupies two fields in a BGP packet: prefix and length, as described in the following table. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 83 Field Prefix Length Description A 32-bit IP address, representing mainly an IP network number and a range of IP hosts, as determined by the Length field. Identifies how many contiguous leading bits of the 32-bit Prefix represent the network portion of that address. You configure the number of bits as a Mask value on an SCS client. To configure a BGP prefix, see Configuring BGP prefixes on page 192. Prefix lists A prefix list consists of a set of BGP prefix addresses (networks) treated as an addressable group. By bundling networks into a prefix list, you can efficiently change attributes for all list members. For information about how to use the SCS client Route Properties Manager to configure Prefix lists on a Shasta BSN device, see Configuring prefix lists for BGP on page 263. BGP messages Similar to TCP/IP, BGP uses the OSI layer 4 Transport Control Protocol (TCP) as its transport mechanism. Two BGP routers form a TCP connection and transmit messages to one another to open and confirm this connection. The following table shows the types of information the messages contain. Table 16 Information contained by BGP messages Information Routing Tables Version Number Keepalive Packets Notification Packets Description Tables stored within a router that compute the next hop for a packet. The version number of the BGP table. Packets that maintain the BGP connection between the two routers. Packets generated indicating fault conditions. Shasta 5000 Broadband Service Node Provisioning Subscribers

84 Chapter 3 Working with routing protocols, properties, and policies Table 16 Information contained by BGP messages (continued) Information AS Number Hold Time Value BGP Router ID Description Values that identify the autonomous systems in which the routers are located. The amount of time a BGP router is designated to hold notifications before sending them on to a prescribed destination. The router ID number. BGP configuration for VPRN subscribers The Shasta BSN supports BGP routing on VPRN access connections. Access types include PPP, 1483 routed, 1483 bridged, 1490 routed, 1490 bridged, and IPSec. BGP - order of route preference BGP uses the following order of preference to discriminate between BGP learned routes: 1 Weight: The route with the highest weight is preferred. The weight is determined by the input policy. 2 Access versus Trunk: BGP prefers routes learned from an access peer over routes learned from a trunk peer. 3 Local Preference: The route with the highest local preference is preferred 4 AS Path Length: The route with the shortest AS Path is preferred. 5 Origin code: The route with the lowest origin code is preferred, as follows: a IGP (lowest) b EGP c Incomplete 6 Multi-exit Discriminator: The route with lowest MED value is preferred. 7 External: The route learned from an external peer is preferred over routes learned from IBGP peers. Confed External gets medium preference. 8 Next HOP: The route (with the lowest cost in the forwarding table) to the next hop is preferred. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 85 9 BGPID: The route learned from the peer with lowest ID is preferred. ISIS routing Intermediate System to Intermediate System (ISIS) is an OSI link-state hierarchical routing protocol based on previous routing protocols where routers exchange routing information based on a single metric to determine network topology. The basic functions of an IS-IS router are to: Send hello packets and build network adjacencies. Create a link state advertisement (LSA), a broadcast packet used by link-state protocols that contains information about neighbors and path costs. LSAs are used by the receiving routers to maintain their routing tables. Sometimes called a link state protocol (LSP). Receive LSPs from neighbor routers. Link state packets exist in the IS-IS environment as non-pseudo nodes that represent routers, or as pseudo nodes that represent local area networks. The Shasta 5000 BSN supports two IS-IS modes in IP environments by using each interface s native link layer directly and by IP encapsulation. IS-IS routers can be one of two types: Layer 1 Interfaces with only one area. A routing area is a logical clustering of routers that all share the same common area ID. Layer 2 Learns of intermediate systems in other areas and can connect to routing devices in more than one routing area. Many times layer 2 IS-IS routers must route inside their area as well so they do both layer 2 and layer 1 routing. Transit traffic requires IS inside the area to know about other areas. Layer 2 routers must form contiguous backbones. Shasta 5000 Broadband Service Node Provisioning Subscribers

86 Chapter 3 Working with routing protocols, properties, and policies IS-IS on the Shasta BSN also supports the Connectionless Network Service (CLNS), an OSI network layer service that does not require a circuit to be established before transmitting data. This method routes messages to their destinations independently of any other messages. CLNS networks support network entity title (NET) values. An NET is an ID that you supply to an IS-IS router that comprises both the ID of the area to which the router belongs and a system ID that identifies a unique ISP. For information about how to use the SCS client to configure ISIS routing, see Configuring IS-IS on page 209. IGMP multicasting Multicast Internet Group Management Protocol (IGMP) enables an ISP to proxy IGMP requests sent to the Shasta 5000 BSN from subscribers. This feature enables the ISP to send a single request to each subscriber group, despite multiple requests generated by many subscribers, minimizing traffic. Multicast IGMP accomplishes this by replicating traffic in the Shasta 5000 BSN to each member of a multicast subscriber group. One incoming data stream is sent to a multicast group, although it is replicated to many subscribers. In an IGMP proxy, all trunks (connections to the ISP from a Shasta 5000 BSN) are configured as multicast uplinks to identify adjacent multicast routers. Subscribers are then added as members of groups. The ISP then relays a single member of the multicast group. This information is then replicated. The replication process occurs in the following sequence: All multicast traffic is forwarded to a master multicast Shasta processor (SSP), regardless of to what ISP a subscriber belongs. The master multicast SSP then sends multicast traffic to an ATM P2MP VC that replicates traffic to all SSPs that have at least one multicast subscriber attached to it. SSPs replicate traffic to all connections that are members of the designated multicast group. 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 87 Multicast IGMP proxy enables: Replication to be done on a Shasta 5000 BSN, at the edge of the network, eliminating clutter from the core (a router or switch), freeing up bandwidth on a network, and increasing performance. A Shasta 5000 BSN administrator to dynamically maintain a group and the subscribers in it. Each ISP to support its own groups and subscriber members. For instructions on how to configure multicast IGMP proxy functionality, see Configuring IGMP on page 225. Multicast scaling In prior (pre-4.0) implementations of IGMP multicasting on the Shasta BSN, each SSP could become a leaf on a multicast distribution tree rooted at the BSN Multicast Master SSP (MMSSP) card. (All multicast sources used the same distribution tree.) From the MMSSP, individual leaf virtual circuits (leaf VCs) carried data across the fabric-to-ssm interface, to each SSP with subscribers who joined a multicast tree. With every leaf VC occupying a finite amount of the fabric-to-ssm interface bandwidth, the resulting congestion limited the bandwidth remaining on the interface to process unicast as well as multicast packets. (Follow the multicast stream arrows from their multicast source in the following illustration.) Shasta 5000 Broadband Service Node Provisioning Subscribers

88 Chapter 3 Working with routing protocols, properties, and policies Figure 4 Multicast trunk-to-access forwarding (before SCS/iSOS 4.0) SSM SSM SSM SSP SSP SSP SSP SSP SSP SSP SSP SSP SSP SSP MMSSP F A B R I C 155 Mbps 155 Mbps Leaf VC Leaf VC Leaf VC Leaf VC 155 Mbps 622 Mbps 622 Mbps 622 Mbps F A B R I C Access Interfaces Access Interfaces Trunk Interface Subscribers Multicast Source With Shasta SCS/iSOS release 4.0, instead of having the MMSSP source an independent leaf VC to every participating SSP, the MMSSP distributes only a single leaf VC to a leaf master SSP (LMSSP) on each SSM card with subscribers that have joined a multicast stream. The leaf master SSP, in turn, locally replicates and distributes multicast packets to all other leaf slave SSPs on the same SSM card, thereby eliminating that traffic from the fabric-to-ssm interface. (Follow the multicast stream arrows from their multicast source in the following illustration.) 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 89 Figure 5 Multicast trunk-to-access forwarding (SCS/iSOS 4.0 and later) SSM SSM SSM SSP SSP SSP LMSSP SSP SSP SSP LMSSP SSP SSP SSP MMSSP F A B R I C 155 Mbps 155 Mbps 155 Mbps Leaf VC Leaf VC 622 Mbps 622 Mbps 622 Mbps F A B R I C Access Interfaces Access Interfaces Trunk Interface Subscribers Multicast Source Hence, for a given multicast distribution, only one leaf VC must cross the fabric to each SSM. Reducing the number of leaf VCs necessary to distribute each multicast tree leaves more fabric-to-ssm interface bandwidth available for the BSN to process unicast as well as multicast traffic more efficiently. IGMP join limits If subscribers on a Shasta BSN join multicast groups in an unlimited fashion, the quality of the subscriber experience degrades as the finite bandwidth of the interface between the Switch Fabric Card (SFC) and any subscriber service module (SSM) gets used up. The IGMP join limits feature provides a mechanism for controlling the number of multicast joins allowed per SSP, thereby limiting the amount of fabric bandwidth consumed by multicast traffic. Shasta 5000 Broadband Service Node Provisioning Subscribers

90 Chapter 3 Working with routing protocols, properties, and policies The join limit is a parameter value configured by a BSN device owner to limit the maximum number of multicast joins per SSP. The total number of joins allowed across an entire BSN is the per-ssp join limit value, times the number of SSPs in the BSN. You set a join limit value for all SSPs simultaneously by using a single Shasta BSN CLI command. The join limit per SSP is an aggregate parameter value, comprising the number of multicast streams on an SSP, times the number of subscribers joined to each stream through that SSP, as follows: n1g1+ n2g2+ n3g3+. nngn Where: n1 is number of subscribers joined to group g1 on this SSP, n2 is number of subscribers joined to group g2 on this SSP, and so on. Once an SSP reaches its maximum limit of IGMP joins, the BSN silently refuses and logs any further subscriber attempts to join a multicast stream through that SSP. For information about how a BSN CLI superuser can configure IGMP join limits across all SSPs during device setup, see the guide Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Route policies The Route Properties Manager enables you to use policy-based routing to automate actions that the Shasta BSN will take with incoming packets based on whether prescribed conditions in various variables are met. Typically, an action implements a forwarding strategy, whether to inhibit forwarding a packet in some instances or to selectively cause packets to take different paths, depending on the needs of the environment. Examples of typical prescribed conditions that must be met for specific action to occur is whether an explicit hop count value is detected on a packet, an exact autonomous system path on a peer router is learned, or the route source of a packet matches an authorized device. Some of the strategies involved in policy routing include: 214664-B Rev 00

Chapter 3 Working with routing protocols, properties, and policies 91 Source Incited Conveyance Determinism. ISPs use policy routing to select appropriate connections or conveyances to direct different traffic flows based on the origination of the traffic. For example, more data-intensive traffic might flow out of a fat pipe, such as a Gigabit Ethernet connection while less weighty traffic might be directed to a simple 10BASE-T connection. This feature enables ISPs to make best use of their networking infrastructure to manage information flowing through their site. Quality of service (QoS). ISPs can weight different traffic by type, setting the precedence or Type of Service (ToS) values in the IP packet headers. Load sharing. Traffic can be distributed among multiple paths based on traffic characteristics. For information about how to configure routing policies, see Configuring route policies on page 242. Policy routing and packet forwarding Routers forward packets to a destination address based on information from static routes or dynamic routing protocols such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and BGP. Instead of routing by destination address, policy routing enables determination of paths based on: Name of an end node Application type Protocol Packet size Route policy matching conditions Route policies contain a matching condition, a rule applied to an incoming packet. If the packet contains information that meets the requirement of the rule, the packet is routed in a specific way. Typically the packet is forwarded to a desired destination. Matching conditions are the core of policy routing and are very powerful because they enable you to control behavior of packets traveling across the network. Shasta 5000 Broadband Service Node Provisioning Subscribers

92 Chapter 3 Working with routing protocols, properties, and policies The following table describes some matching conditions configurable using the SCS Route Properties Manager: Table 17 Policy routing criteria Criteria Protocol Description AS Path Any Values that represent the priority of servicing of a packet traveling from one autonomous system to another. Community List BGP A group of addresses with a common tag in their header frames, for example, no advertise. Metric Any A random value assigned to weight traffic. The lower the value, the more priority the traffic has. Interface Any The protocol and port number that comprise a network interface. Prefix List Any A list of subnets, aggregated together, to identify a group of networks. Prefix Any An explicit subnet. Next Hop Any The address of the adjacent network outside the current subnetwork. Route Source Any The address of a device where a packet originates. Route Type BGP, OSPF, IS-IS Any of several designations for route classes, including external routes (routes that use other protocols than the current one), internal routes (the current route), level 1, and level 2 routes. Route policy attributes to set on a matching condition After a policy match occurs, you can direct the packet to take on a specified attribute as a response to the match. For example, if the Shasta BSN detects that a packet has a desired Autonomous System path, you could direct the packet to prepend its AS Path variable with some new information. 214664-B Rev 00

Route policy actions Chapter 3 Working with routing protocols, properties, and policies 93 Once both a rule requirement has been met and a policy parameter value has been learned, then the packet can either be forwarded or rejected by the Shasta BSN. This response to the packet is known as an action. Actions are a key part of policy routing because they enable events to occur automatically based on preset circumstances. Route importation Route importation refers to a way to advertise routes learned from one protocol into another protocol. You can use the SCS client to configure route importation for RIP, OSPF, BGP, or ISIS on the Shasta BSN. Route importation uses route policies. For example, in some instances, BGP routers do not have enough information in their routing tables to determine the destination for which traffic is targeted. In these instances, you can create route policies (route maps) that enable you to control and alter routing information when needed. You define the conditions for redistributing routes from one routing protocol to another, or filtering routing data when it is transmitted to and from BGP. Route maps are used for outgoing traffic from a BGP router and for incoming traffic to the BGP router. To configure route importation, see: Configure BGP route importation on page 197 Configuring ISIS route importation on page 222 Route aggregation To efficiently advertise BGP routes and routing policies (routing maps) in summary or detailed form across a range of BGP hosts, you can create a global BGP routes aggregator on the Shasta BSN. For instructions, see Configuring BGP aggregates on page 199. Shasta 5000 Broadband Service Node Provisioning Subscribers

94 Chapter 3 Working with routing protocols, properties, and policies BGP confederations With the growth of the Internet, congestion has become a problem because all nodes on a network are able to connect to all other nodes, creating full mesh connectivity. As each node transmits data to another node, the network can become bottlenecked, but BGP provides ways to solve mesh connectivity/ bottleneck problems. One of these is the confederation. BGP confederations are subautonomous systems. A BGP confederation splits an existing AS into many subautonomous systems. To configure a BGP confederation, see Configuring BGP confederations on page 205. 214664-B Rev 00

95 Chapter 4 Working with subscriber monitoring With the Monitoring feature of the SCS Device Manager: SCS users with device_owner login privileges can view aggregate subscriber statistics across all ISPs on a specific Shasta BSN device. The device owner cannot view statistics associated with a specific subscriber or subscriber group (See Subscriber statistics -- device_owner view on page 95.) SCS users with ISP login privileges can view group as well as individually detailed subscriber statistics. The ISP user cannot view subscriber statistics associated with other ISPs. (See Subscriber statistics -- ISP view on page 96.) For information about other monitoring features of the SCS Device Manager, see the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. For information about how to monitor subscribers on a Shasta BSN on a per-ssm basis, also see the guide, Shasta 5000 Broadband Service Node, SNMP Configuration Guide, Release 4.0. Subscriber statistics -- device_owner view Using the Monitoring > ISPs feature of the SCS Device Manager, a Shasta BSN device owner can view the following aggregate subscriber-oriented statistics across ISPs configured on that device (Figure 6): Total subscribers Active subscribers Active PPP sessions PPP authentication failures Shasta 5000 Broadband Service Node Provisioning Subscribers

96 Chapter 4 Working with subscriber monitoring IP packets dropped IP packets forwarded Figure 6 Subscriber statistics -- device_owner view Subscriber statistics -- ISP view Using the Monitoring > Subscribers feature of SCS Device Manager, an ISP can view statistics accessible through the Subscribers tab of the Monitoring - Subscriber dialog box (Figure 7). 214664-B Rev 00

Figure 7 Monitoring - Subscriber tab Chapter 4 Working with subscriber monitoring 97 Specifically, an ISP can view and/or filter subscriber statistics described in the following table: Shasta 5000 Broadband Service Node Provisioning Subscribers

98 Chapter 4 Working with subscriber monitoring Table 18 Monitoring subscribers -- ISP login Subscriber monitoring view: Statistics displayed View type View filters (mutually exclusive) Configurable attributes All subscribers on a BSN, general stats Specific subscriber, detailed stats Subscriber Name Domain Name Connection Name Encaps Type Remote IP Address Status Subscriber Name Domain Name Up Since Autogenerated Template Interface Name Connection Name Status Interface Stats (button.) Connection Stats (button.) Snapshot triggered or refreshed by the Retrieve Subscribers button Snapshot triggered by the Detail button, and refreshed by the Refresh button Slot/Port VPI/VCI Slot Port VPI VCI Tunnel Name (name and tunnel type) Domain Name Template Subscriber Subscriber Name Subscriber State None Tunnel name PPPoE tunnel set LNS L2TP tunnel set LAC L2TP tunnel set Domain name Template family Subscriber name Subscriber state, plus enable one of the following: IP demux With config error Ready Up Down Unconfigured None 214664-B Rev 00

Table 18 Monitoring subscribers -- ISP login (continued) Chapter 4 Working with subscriber monitoring 99 Subscriber monitoring view: Statistics displayed View type View filters (mutually exclusive) Configurable attributes Specific subscriber, interface stats Last Poll Time Status Avg Packets Tx Avg Packets Rx Avg Bytes Tx Avg Bytes Rx Total Packets Tx Total Packets Rx Total Bytes Tx Total Bytes Rx In Packets Dropped Out Packets Dropped Automatic polling and refresh, with manual Start/Stop Modifiable polling/ refresh interval Polling interval Enable/disable multi-row display Save results to a file Shasta 5000 Broadband Service Node Provisioning Subscribers

100 Chapter 4 Working with subscriber monitoring Table 18 Monitoring subscribers -- ISP login (continued) Subscriber monitoring view: Statistics displayed View type View filters (mutually exclusive) Configurable attributes Specific subscriber, connection stats Connection: Last Poll Time Cells Tx CLP Cells Tx Cells Rx Status Type Slot Number Port Number VPI VCI VLAN ID ILMI Inv Arp Status Time Since Last Change Total State Transitions Automatic polling and refresh, with manual Start/Stop Modifiable polling/ refresh interval Polling interval Enable/disable multi-row display Save results to a file PPP: Last Poll Time Unknown Protocol Error Rx Packets Rx Bytes Rx Tx Packets Bytes Tx Shaper Packets Sent Shaper Packets Queued Shaper Packets Dropped LCP Rx LCP Tx NCP Rx NCP Tx Auth Rx Auth Tx 214664-B Rev 00

101 Chapter 5 Configuring customers, domains, and groups The following topics contain information about how to configure customers and subscriber group entities on the Shasta BSN. Creating a customer on page 101 Creating a domain on page 103 Creating a domain group on page 104 Creating a bridge group on page 105 Creating a dial-out number group on page 107 For information about customer NAT groups, which you configure mainly by creating NAT service policies using the Service Policy Manager in the SCS client, see Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0. For information about customer VPNs and VLANs, which you configure mainly through the VPN Manager in the SCS client, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Creating a customer In the Subscriber Manager, a customer is a group of subscribers that you can associate with a domain name. For example, you may want to create a customer called Engineering and associate that customer with a domain name such as eng-west. Prerequisites Log on to the SCS server with ISP priviledges. Open the SCS Subscriber Manager tool. Shasta 5000 Broadband Service Node Provisioning Subscribers

102 Chapter 5 Configuring customers, domains, and groups Procedure 1 In the Subscriber Manager window, select Browse by Customer from the navigation pane. A list of customers opens. 2 In the Customers area, click the Add button. The Add Customer dialog box opens (Figure 8). Figure 8 Add Customer dialog box 3 In the Customer field, type the name of the customer, or group of subscribers. 4 In the Domain field, type the name of the domain associated with the customer. 5 Click OK. The Subscriber Manager window is redisplayed with the new customer name in the Customers list. Note: You can set the number of subscribers to display in the Display per page field. If the number of subscribers is large, you can use the Next and Previous buttons to scroll through the list. Or you can enter a subscriber s name in the Name field, select the Begin With button to display a specific section of the list, and click Go. Next steps To create any other customer/subscriber group entities that you may require, see: Configuring customers, domains, and groups on page 101. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 214664-B Rev 00

Chapter 5 Configuring customers, domains, and groups 103 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Creating a domain Use this procedure to add a new domain name that you can associate with any customer. Prerequisites Log on to the SCS server with ISP priviledges. Open the SCS Subscriber Manager tool. Procedure 1 In the Subscriber Manager window, select Browse by Domain from the navigation pane. A list of domains opens. 2 In the Domains area, click the Add button. The Add Domain dialog box opens (Figure 9). Figure 9 Add Domain dialog box 3 In the Customer field, type the name of the customer. 4 In the Domain field, type the name of the domain you want to create. 5 Click OK. The Subscriber Manager window is redisplayed with the new domain name in the Domains list. Shasta 5000 Broadband Service Node Provisioning Subscribers

104 Chapter 5 Configuring customers, domains, and groups Next steps To create any other customer/subscriber group entities that you may require, see: Configuring customers, domains, and groups on page 101. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Creating a domain group Use this procedure to associate a set of customer domains with a specific domain group name. Prerequisites Log on to the SCS server with ISP priviledges. Open the SCS Access Properties Manager tool. Procedure To add a domain group: 1 In the Access Properties Manager window navigation tree, click Domain Groups. The Domain Groups folder opens with a list of configured domain groups, if any, shown on the right. 2 Click Add. The New Domain Group dialog box opens. 3 Type a name for the domain group and click OK. The Domain Group Configuration dialog box opens. 214664-B Rev 00

Chapter 5 Configuring customers, domains, and groups 105 4 In the Domain field, type a name for the domain. Note: Each subscriber needs a one-to-one association with an ISP domain. You must add at least one domain. 5 Click Add. The domain name is added to the Domains area. 6 Click OK. The Domain Groups folder is redisplayed with the new domain group added to the list. Next steps See also Domain groups on page 47. To create any other customer/subscriber group entities that you may require, see: Configuring customers, domains, and groups on page 101. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Creating a bridge group Using bridge groups, a service provider can segment groups of users based on policy. All traffic from one bridge group to the other is through layer 3 routing. For more information about bridge groups, see: Configure addressing for a subscriber in a bridge group on page 317 Configure addressing for a subscriber tunneling through an ATM bridge on page 319 Prerequisites Log on to the SCS server with ISP priviledges. Shasta 5000 Broadband Service Node Provisioning Subscribers

106 Chapter 5 Configuring customers, domains, and groups Open the SCS Device Manager tool. Procedure 1 In Device Manager, right-click the Shasta BSN on which you want to configure access properties and choose Configure > Access Properties from the shortcut menu. The Device Configuration dialog box opens with the Access Properties tab displayed. 2 Select Bridge Groups from the navigation pane. The Bridge Group window opens. 3 Click Add. The Bridge Group Configuration dialog box is displayed. 4 In the Bridge Group Name field, type a bridge group name. 5 Select the bridge group type: Regular -- Has a gateway IP address that is shared by subscriber PCs, each using the same gateway address as their local IP address. Super bridge -- Contains one or more normal bridge groups. As you add more address ranges to the same set of subscribers, you add a normal bridge group to the super bridge group. In this way, subscriber PCs may not be on the same subnet, but their access to the internet and to each other should continue to function during configuration. 6 In the Gateway Address field, type a gateway address. The subnet base is automatically inserted. 7 Set the netmask. 8 Click Select to choose an access group from the Access Group Selection dialog box. 9 Click Select to choose a DHCP profile from the DHCP Profile dialog box. 10 Click OK. The Bridge Groups window is redisplayed with the new bridge group in the list. 214664-B Rev 00

Chapter 5 Configuring customers, domains, and groups 107 Next steps To create any other customer/subscriber group entities that you may require, see: Configuring customers, domains, and groups on page 101. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Creating a dial-out number group A number group lets you bind a subscriber template to a Dialed Number Identifier Service (DNIS) or to an MSID. When you bind a subscriber template to a dial-out service, the template provides common settings for all subscribers using the dial-out numbers that you configured. Prerequisites Log on to the SCS server with ISP priviledges. Open the SCS Access Properties Manager tool. Procedure 1 In the Access Properties Manager window navigation tree, click Number Groups. The Number Groups folder opens with a list of configured number groups, if any, shown on the right. 2 Click Add. The Number Group dialog box opens. 3 In the Group Name field, type a name for the number group. 4 Select one of the following group types: DNIS DNIS lets you specify only one number. MSID MSID lets you specify ranges of numbers. Shasta 5000 Broadband Service Node Provisioning Subscribers

108 Chapter 5 Configuring customers, domains, and groups 5 Select the Subscriber Template, which provides common settings for the traffic of all subscribers on the dial-out number, by choosing a subscriber template from the PPP Subscriber Template Selection dialog box. 6 Click OK. 7 The Number Group dialog box is displayed. 8 Click Add. The Number Group Member dialog box opens. 9 In the Starting Number field, type an integer to indicate the identity of the first number. If you selected DNIS, this number is the only number that is used. If you selected MSID, this number is the first number in the range of values. Then type an upper range number in the Range field. 10 Click OK. The number group is added to the Number Groups dialog box. 11 Click OK The Number Groups folder is redisplayed with the new number group in the list (Figure 10). Figure 10 Number Groups window with new number group Next steps To create any other customer/subscriber group entities that you may require, see: 214664-B Rev 00

Chapter 5 Configuring customers, domains, and groups 109 Configuring customers, domains, and groups on page 101. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Shasta 5000 Broadband Service Node Provisioning Subscribers

110 Chapter 5 Configuring customers, domains, and groups 214664-B Rev 00

111 Chapter 6 Configuring IP demux You can add to an ISP context any subscribers that have an IP address matching those specified by the SCS ISP user. To implement this feature, the ISP creates parent (container) and child (subscriber) IP demux components on one of its assigned Ethernet or Ethernet VLAN (10/100 or Gigabit) or ATM (PVC) access connections. Configured attributes of the container define the IP address and subnet mask of static and dynamic subscribers that the BSN can accept and add to the ISP s subscriber list. The BSN rejects other subscribers attempting access by IP address on the same access connection. For more information about IP demux operation, see: Subscriber IP mux/demux on shared access connections on page 36 Static subscribers on page 32 Dynamic subscribers on page 33 The following topics describe how to: Create an IP demux container on page 111 Configuring IP demux container addressing on page 116 Add reachable subnets to an IP demux container on page 120 Create an IP demux container An ISP must create an IP demux container to enable the Shasta BSN to recognize or detect individual subscribers attempting access to the BSN by IP address over any of the following access connection types: Ethernet (10/100 or Gigabit) Ethernet VLAN (10/100 or Gigabit) Shasta 5000 Broadband Service Node Provisioning Subscribers

112 Chapter 6 Configuring IP demux ATM (VPI/VCI) access connection. Prerequisites Log on to your SCS server with ISP priviledges. Use the SCS Connections Manager to create any of the above access connections Use the Access Properties Manager to create a subscriber access group Use the SCS Service Policy Manager to create a service profile and bind it to the access group. Use the SCS Subscriber Manager tool to create a forced subscriber template for dynamic subscribers. Bind the access group to the forced subscriber template Other prerequisites must be satisfied when adding static subscribers to any IP demux container. (See Add a static subscriber to an IP demux container on page 284.) Procedure 1 In Subscriber Manager, double-click a customer in the Customers list. The customer and their respective domains are displayed in the Subscribers table. 2 Click Add. The Subscriber Configuration dialog box opens (Figure 11). 214664-B Rev 00

Figure 11 Subscriber Configuration dialog box Chapter 6 Configuring IP demux 113 3 In the username field, type the username with container as a suffix. (Adding the suffix container is a convention and not a requirement.) 4 Click OK. The Subscriber dialog box opens with the Identification tab displayed. 5 In the Access Method Binding area, select the Dedicated Connection option. The Connection ID field is activated. 6 Next to the Connection ID field, click the Select button. The Access Connection Selection dialog box opens (Figure 12). Shasta 5000 Broadband Service Node Provisioning Subscribers

114 Chapter 6 Configuring IP demux Figure 12 Access Connection Selection dialog box 7 From the device list, double-click a device to open its card list. 8 From the Card List, select the card on which you want to add the IP demux container. The SCS client displays all ports on the card and, in the area to the right of the card and port listing, displays a list of all access connections assigned to the SCS ISP user on this card. (Figure 13). 214664-B Rev 00

Chapter 6 Configuring IP demux 115 Figure 13 Access Connection Selection dialog box with device, card, and ports in the device list 9 Select the access connection on which you want to add the IP demux container. Configured details of the chosen access connection appear in the Connection Detail area of the Access Connection Selection dialog box. 10 Click OK. The Subscriber (in this case, subscriber container) Identification dialog box reappears with the selected access connection displayed in the Connection ID field. 11 In IP Demux area of the Subscriber Identification tab, click (enable) the IP Demux Container checkbox, and select a forced subscriber template previously configured for dynamic subscribers on this access connection. Shasta 5000 Broadband Service Node Provisioning Subscribers

116 Chapter 6 Configuring IP demux Next steps Configuring IP demux container addressing on page 116. This is a mandatory step in IP demux container configuration. Configuring IP demux container addressing The next step in setting up an IP demux container is to configure any IP addresses associated with static and dynamic (child) subscribers you want to access the Shasta BSN through the container. You configure this information in the Addressing tab of the Subscriber Identification dialog box. The active (configurable) fields in the Addressing tab depend on the encapsulation type used on the access connection, as shown in last column of the following table: Table 19 Access connections and IP demux container addressing requirements BSN physical port Access connection type Encapsulation To configure container addressing, see: FELC (10/100 Mbps) GELC (10 Gbps) Ethernet (Shared by all subscribers on the access connection.) Ethernet (IEEE 802.3/ 802.3u/802.3ae) Configure IP demux container addressing for Ethernet subscribers on page 116 VLAN (Shared by all VLAN members behind the access port, i.e., devices or subscribers using the same VLAN ID.) IEEE 802.1q Configure IP demux container addressing for LLC-B (bridged) subscribers on page 118. OC3 OC12 VC (Shared by all subscribers behind a bridge on the access connection.) RFC 1483-LLC-B VC (Shared by all subscribers behind a router on the access connection.) RFC 1483-LLC-R Configure IP demux container addressing for LLC-R (routed) subscribers on page 119. Configure IP demux container addressing for Ethernet subscribers 214664-B Rev 00 For Ethernet (10/100 or Gigabit) environments, configure addressing associated with subscribers attached to the Ethernet system.

Chapter 6 Configuring IP demux 117 Prerequisites Log on to the SCS server with ISP priviledges. Create an IP demux container on page 111 Procedure 1 In the Subscriber Manager dialog box, click on the container you created. 2 In the navigation bar, double-click a customer. The customers and their respective domains are displayed in the Subscribers list. 3 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 4 Click the Addressing tab. The Subscriber Container dialog box opens with the Addressing tab displayed. 5 In the Ethernet Parameters area, type a baseline IP address for subscribers on the local Ethernet segment, and select a Netmask value appropriate to express the address range you require. 6 If you need to hide the container addresses from the ISP, select Hidden from ISP. 7 If you need to hide the container addresses from a VPN, select Hidden from VPN. 8 If you need to add reachability information for static subscribers behind a router attached to the Ethernet segment, see Add reachable subnets to an IP demux container on page 120. Otherwise, click OK. Next steps If appropriate, add IP demux static child subscribers to the IP demux container you just created. (See Add a static subscriber to an IP demux container on page 284.) The Shasta BSN can now detect and autocreate IP demux dynamic child subscribers on the Ethernet segment. Shasta 5000 Broadband Service Node Provisioning Subscribers

118 Chapter 6 Configuring IP demux Configure IP demux container addressing for LLC-B (bridged) subscribers For bridged environments, configure addressing associated with an ATM bridge device between the Shasta BSN and your subscribers. Prerequisites Log on to the SCS server with ISP priviledges. Create an IP demux container on page 111 Procedure 1 In the Subscriber Manager dialog box, click on the container you created. 2 In the navigation bar, double-click a customer. The customers and their respective domains are displayed in the Subscribers list. 3 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 4 Click the Addressing tab. The Subscriber Container dialog box opens with the Addressing tab displayed. 5 In the Bridged Parameters area, type the IP address of the bridge behind which your subscribers exist, and select a Netmask value appropriate for the bridge. 6 If you need to hide the container addresses from the ISP, select Hidden from ISP. 7 If you need to hide the container addresses from a VPN, select Hidden from VPN. 8 If you need to add reachability information for subscribers behind the bridge, see Add reachable subnets to an IP demux container on page 120. Otherwise, click OK. 214664-B Rev 00

Chapter 6 Configuring IP demux 119 Next steps If appropriate, add IP demux static child subscribers to the IP demux container you just created. (See Add a static subscriber to an IP demux container on page 284.) The Shasta BSN can now detect and autocreate IP demux dynamic child subscribers behind the bridge device. Configure IP demux container addressing for LLC-R (routed) subscribers For routed environments, configure addressing associated with the CPE router device between the Shasta BSN and your subscribers. Prerequisites Log on to the SCS server with ISP priviledges. Create an IP demux container on page 111 Procedure 1 In the Subscriber Manager dialog box, click on the container you created. 2 In the navigation bar, double-click a customer. The customers and their respective domains are displayed in the Subscribers list. 3 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 4 Click the Addressing tab. The Subscriber Container dialog box opens with the Addressing tab displayed. 5 In the Routing Parameters area, click Unnumbered (Use Default Address). The address field under the Unnumbered (Use Default Address) check box is activated. 6 Type the IP address of a local interface on the device, for example 10.1.1.1. 7 From the Local Netmask list, select an appropriate subnet mask value. Shasta 5000 Broadband Service Node Provisioning Subscribers

120 Chapter 6 Configuring IP demux 8 Next to Peer Address, click Unspecified. The address field under the Unspecified check box is activated. 9 Type an available IP address range in the field, for example, 10.1.1.2. 10 From the Peer Netmask list, select an appropriate subnet mask value. 11 If you need to hide the container addresses from the ISP, select Hidden from ISP. 12 If you need to hide the container addresses from a VPN, select Hidden from VPN. 13 If you need to add reachability information for subscribers behind the router, see Add reachable subnets to an IP demux container on page 120. Otherwise, click OK. Next steps If appropriate, add IP demux child subscribers to the container. Add reachable subnets to an IP demux container Static subscribers can have reachability subnets, in which a subscriber is a routed CPE with networks behind the router. Reachability entries enable the Shasta BSN to forward packets to these networks through static routes. Note: The customer premises equipment (CPE) router should be configured to forward all packets to the BSN and not to perform any packet switching locally for the BSN s services to be applied. Prerequisites Log on to the SCS server with ISP priviledges. Create an IP demux container on page 111. Procedure 1 Create a subscriber container. See Create an IP demux container on page 111. 2 In the Subscriber dialog box, click the Addressing tab. 214664-B Rev 00

Chapter 6 Configuring IP demux 121 The Addressing tab opens. Note: The appearance of the Addressing tab depends on the Access Method you selected in the Subscriber (IP demux container) Identification tab. 3 In the Reachability region, click Add. The Reachable Subnet Address Configuration dialog box opens (Figure 14). Figure 14 Reachable Subnet Address Configuration dialog box 4 In the Base Address field, type the IP address of the reachable subnet. 5 In the Netmask field, type the Netmask of the reachable subnet. 6 In the Next Hop IP Address field, type the address of the device between the Shasta BSN and the subscriber. 7 Click OK. Next steps Repeat this procedure for any other reachable subnets that you want to include in the current IP demux container. Shasta 5000 Broadband Service Node Provisioning Subscribers

122 Chapter 6 Configuring IP demux 214664-B Rev 00

123 Chapter 7 Configuring trunk connections and interfaces The following topics contain information about: Adding a trunk connection on page 123 Adding a trunk interface on page 125 Configuring an LLC encapsulation on a trunk interface on page 132 Adding a trunk connection The virtual channel identifier (VCI) and virtual path identifier (VPI) are used in the switching environment to ensure that channels and paths are routed correctly, and they provide a way for the Shasta BSN to distinguish between different types of connections. Setting a trunk connection on a Shasta BSN lets you: Seamlessly connect to your service provider network. Select one of several encapsulation types to transmit data. Create either a dedicated device-to-device connection or a device-to-multiple devices connection. Conserve IP addresses by creating an unnumbered connection. Create a connection comprising multiple interfaces on the Shasta BSN and one port connection on the service provider device or devices. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Log on to your SCS server with ISP or ISP&DO priviledges. Shasta 5000 Broadband Service Node Provisioning Subscribers

124 Chapter 7 Configuring trunk connections and interfaces Procedure To create a trunk connection: 1 Select the Devices icon in the left column of your window. 2 In the Devices list, right-click on an active device, and choose Configure > Connections from the shortcut menu. The Configuration dialog box opens with the Connections tab displayed. 3 In the navigation pane, double-click a line card. The ports available on the card are displayed below the device. 4 Click Add. The Connection Configuration dialog box opens with the General tab displayed. In the Connection Type list, make sure the Trunk option is displayed. The default is set to Access. 5 Set the Connection Type option to Trunk. 6 Set the parameters for VPI and VCI. Note: You must enter all VPI and VCI values manually, or you can enter one value and click Apply to all VC s and the SCS automatically updates all fields with the value. 7 In the Encapsulation Type list, select an encapsulation type. For example, with RFC 1483 encapsulation, you can transport Ethernet frames over permanent virtual connections (PVCs). For RFC-1483 LLC encapsulation, you must bind PVCs to the VLAN, and the VLAN ID must match the VLAN used on the switch. You can logically group users on Ethernet and ATM networks by mapping VLANs on the Ethernet network to PVCs on the ATM network. 8 Click OK. The Configuration dialog box is redisplayed with a new connection in the connections list. 214664-B Rev 00

Chapter 7 Configuring trunk connections and interfaces 125 Next steps Adding a trunk interface on page 125 Adding a trunk interface Two types of trunk interfaces are available, point-to-point and Ethernet. A point-to-point trunk interface is a direct connection between an ISP and a service provider network. An Ethernet trunk interface, is a trunk interface that runs only on a 10BASE-T, 100BASE-T or 1000BASE-T connection and not others (for example, it does not run on an Asynchronous Transfer Mode (ATM) connection). Note: The Shasta BSN supports only one ISP when a trunk interface is configured on an ATM or Ethernet port. If you define a trunk as a port, then you can have several VPI/VCIs, configured as trunk connections on the Shasta BSN, assigned to a single ATM port with each VC belonging to a different ISP. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Log on to your SCS server with ISP or ISP&DO priviledges. Complete: Adding a trunk connection on page 123 Procedure 1 Select the Devices icon in the left column of your window. 2 In the Devices list, right-click on an active device, and choose Configure > Trunk Interfaces from the shortcut menu. The Configuration dialog box opens with the Trunk Interfaces tab displayed. 3 Click Add. The Trunk Interface Configuration dialog box opens. Shasta 5000 Broadband Service Node Provisioning Subscribers

126 Chapter 7 Configuring trunk connections and interfaces Based on the interface type you select, the lower part of the dialog box changes and displays items that correspond to choices you must make to configure that interface type. Note: If a router ID has not been assigned to this device within the IP context, then a message box will prompt you to enter a router ID. Next steps Choose the task appropriate for the type of trunk interface you require: Configuring a point-to-point trunk interface next Configuring a point-to-multipoint trunk interface on page 127 Configuring a broadcast interface on page 131 Configuring a point-to-point trunk interface A point-to-point trunk interface is a connection between the Shasta BSN and a specific device as opposed to a point-to-multipoint connection which is a connection between a Shasta BSN and multiple devices on a network. This connection typically will be between an interface, or a segmented portion of a port on the Shasta BSN and a port on a device on the service provider network. Point-to-point type is available only for an ATM port. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Log on to your SCS server with ISP or ISP&DO priviledges. Adding a trunk connection on page 123 Adding a trunk interface on page 125 Procedure 1 In the Trunk Interface Configuration dialog box, click Point-to-Point. The lower half of the dialog box (Figure 15) displays parameters necessary to configure a point-to-point interface. 214664-B Rev 00

Chapter 7 Configuring trunk connections and interfaces 127 Figure 15 Trunk Interface Configuration dialog box Point to Point/Broadcast Configuration area 2 To open the Trunk Interface Configuration dialog box, see Adding a trunk interface on page 125. 3 Set Unspecified remote address or InARP as necessary. 4 Click Select to choose a trunk connection to bind to the interface. Encapsulation type should auto-populate. The Trunk Interface Configuration dialog box opens. 5 Click OK. The Configuration dialog box opens with the new Trunk Interface. Next steps Configuring an LLC encapsulation on a trunk interface on page 132 Configuring a point-to-multipoint trunk interface A point-to-multipoint connection is a connection between the Shasta BSN and multiple network devices. Point-to-Multipoint type is available only for an ATM port. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Log on to your SCS server with ISP or ISP&DO priviledges. Shasta 5000 Broadband Service Node Provisioning Subscribers

128 Chapter 7 Configuring trunk connections and interfaces Adding a trunk connection on page 123 Adding a trunk interface on page 125 Procedure 1 In the Trunk Interface Configuration dialog box, Generic Configuration area, select the Point-to-Multipoint option, as shown in Figure 16. The lower half of the dialog box displays parameters necessary to configure a Point-to-Multipoint interface. To open the Trunk Interface Configuration dialog box, see Adding a trunk interface on page 125. 2 In the Local IP Address field, type the local IP address. 3 In the Netmask field, select the subnet mask. 214664-B Rev 00

Chapter 7 Configuring trunk connections and interfaces 129 Figure 16 Point to Multipoint trunk interface configuration with local IP address 4 In the Multipoint Connections area, click Add. Note: A Confirm Commit dialog box opens, which prompts you to save the multipoint configuration before proceeding. The Multi-Point Trunk Interface dialog box opens (Figure 17). Shasta 5000 Broadband Service Node Provisioning Subscribers

130 Chapter 7 Configuring trunk connections and interfaces Figure 17 Multi-Point Trunk Interface dialog box 5 Select the Use InARP option if you want the Shasta BSN to determine the IP address in the packet via Address Resolution Protocol (ARP), or type in the remote IP address. 6 Click Select to choose a Connection ID from the Connection Selection dialog box. 7 Click OK. The settings for the new Point-to-Multipoint interface are displayed in the Point-to-Multipoint Area of the Trunk Interface Configuration dialog box. 8 Repeat steps 2 through 7 to add other connections associated with devices on the service provider network. 9 Verify the configured VC Rules in the Bulk Connection Navigation Pane. The VC Rules contains the ranges of VPI and VCI. Note: The VC rules are read-only, and they are configured through the Bulk Connection Manager. 10 Click OK. The Configuration dialog box opens with the new Trunk Interface. 214664-B Rev 00

Chapter 7 Configuring trunk connections and interfaces 131 Next steps Configuring an LLC encapsulation on a trunk interface on page 132 Configuring a broadcast interface Before you configure the Ethernet Trunk Interface, you must create the corresponding Ethernet connection first and then configure the local and remote side of the interface. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Log on to your SCS server with ISP or ISP&DO priviledges. Adding a trunk connection on page 123 Adding a trunk interface on page 125 Procedure To configure a broadcast interface: 1 In the Name field, type the name for the interface. 2 In the Administrative Status field, select Up to enable the interface. 3 To specify the local IP address, do one of the following: Select the Unnumbered Address if you want the Shasta BSN use the default IP address In the Local IP Addr field, type the local IP address of the interface and, in the Netmask field, select a subnet mask. 4 In the MTU field, select the maximum transmission units, which can be 64 to 1500 bytes. The default is set to 1500. 5 To specify the remote IP address, do one of the following: Select the Unspecified Remote Address if you want the Shasta BSN to use the default IP address. Select the InARP option if you want the Shasta BSN to determine the IP address in the packet via Address Resolution Protocol (ARP). Shasta 5000 Broadband Service Node Provisioning Subscribers

132 Chapter 7 Configuring trunk connections and interfaces In the Remote IP Addr field, type the remote IP address of the interface. 6 Click Select to choose the Connection ID. 7 In the Encap. type field, select Ethernet from the pull-down list. 8 Click OK. Return to the Trunk Interfaces tab. The Trunk Interface is shown in the table. Next steps Configuring an LLC encapsulation on a trunk interface on page 132 Configuring an LLC encapsulation on a trunk interface The LLC encapsulation method allows multiplexing of multiple protocols over a single ATM virtual connection (VC) and is needed when more than one protocol might be carried over the same VC. The protocol type of each protocol data unit (PDU) is identified by a prefixed IEEE 802.2 Logical Link Control (LLC) header. Prerequisites Determine where and what kind of trunk interfaces you require between the Shasta BSN and an IP service provider s network. Adding a trunk connection on page 123 -- Device Owner priviledge Adding a trunk interface on page 125 -- ISP priviledge Log on to your SCS server with ISP priviledges. Procedure 1 Open the Connection Configuration dialog box in one of the following ways: In Device Manager, select the device for which you created a trunk interface connection and choose Configuration from the shortcut menu. The Configuration dialog box opens with the Connections tab displayed. In Connections Manager, select a device for which you created a trunk interface connection from the navigation pane. The available cards on the device appear in the device table view. 214664-B Rev 00

Chapter 7 Configuring trunk connections and interfaces 133 2 From the navigation bar, select an ALC. The ports on the line card you select are shown in the navigation bar. 3 Select a port from the navigation bar. The SCS GUI displays a list of trunk interfaces already configured on the port. 4 Select an interface for which you need to change the LLC encapsulation method. 5 Click Edit. The Trunk Interface Configuration dialog box opens. 6 For a Point-to-Point trunk, go to step 9. For a Point-to-Multipoint trunk, go to step 7. 7 Click the Point-to-MultiPoint interface type in the Generic Configuration area of the Trunk Interface Configuration dialog box. The SCS GUI enables the Point-to-Multipoint Connections list and displays the list of Point-to-Multipoint trunk connections. 8 Select the point-to-multipoint trunk connection you want to modify, and click Edit. The Point-to-multipoint Trunk interface configuration dialog box opens. 9 Select the Encapsulation Type you need from the pulldown list, for example: 1483-LLC-R 1483-LLC-B 1483-VCmux-R-IP PPP/ATM OPAQUE 10 Click OK. The SCS GUI redisplays the trunk list, showing a new encapsulation type for the trunk interface that you modified. Next steps Configure the encapsulation type on other trunk interfaces, as needed. See Configuring subscriber outbound trunking on page 308. Shasta 5000 Broadband Service Node Provisioning Subscribers

134 Chapter 7 Configuring trunk connections and interfaces 214664-B Rev 00

135 Chapter 8 Configuring static, summary, and RIP routes The following topics provide information about building static, summary, and RIP routes on a Shasta BSN, using the SCS Device Manager routing configuration tab: Configuring static routes, next Configuring summary routes on page 139 Configuring RIP routes on page 143 Note: Only ISP and DO&ISP users can set up or change routing information. DO type users do not have access to these features. Configuring static routes Static routes are fixed IP routes manually entered on an SCS server by a network administrator (an SCS user) by means of the SCS Device Manager tool. For more information about static routing, see Static routes on page 75. You can: Add a static route, next Edit a static route on page 137 Delete a static route on page 138 For information about additional ways for you to configure static routes, see: Configure addressing for a subscriber behind an access router on page 314 Add reachable subnets to an IP demux container on page 120 Shasta 5000 Broadband Service Node Provisioning Subscribers

136 Chapter 8 Configuring static, summary, and RIP routes Add a static route Use the SCS client to add a static route between the Shasta BSN and a aubscriber Prerequisites Determine what IP routes exist between the Shasta BSN and any subscriber for whom you want to configure a static route. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. 3 Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 4 In the Static Route area, click Add. The Static Route Configuration dialog box opens (Figure 18). Figure 18 Static Route Configuration dialog box The following table describes the items in the Static Route Configuration dialog box. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 137 Table 20 Static Route Configuration dialog box fields Item Default Route Destination Netmask Next Hop Address (default) Next Hop Interface Administrative Distance Description Selects whether or not this is the default route. Options are: Unchecked: a typical static route (default). Checked: a default route Type the destination IP address prefix of the route Select a subnet mask of the destination IP address from the list. Type the IP address of the next hop. This is the ID of the trunk interface used to reach the next hop. Click the Select button to open the Interface Selection dialog box, from which you can select an interface and click OK. An integer to specify the metric of this node. 5 Set the parameters as necessary and click OK. The Routing tab is redisplayed with the new static route shown in the Static Route area. Next steps Repeat this procedure to add as many static routes as you require to accommodate your subscriber base. Edit a static route Edit a previously configured IP static route between the Shasta BSN and any subscriber when the current route to that subscriber is no longer desireable or functioning properly. Prerequisites Determine what alternative IP routes exist between the Shasta BSN and any subscriber for whom you have already configured a static route. Log on to an SCS server with ISP or DO&ISP priviledges. Shasta 5000 Broadband Service Node Provisioning Subscribers

138 Chapter 8 Configuring static, summary, and RIP routes Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. 3 Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 4 In the Static Route area, do one of the following: Double-click the static route. Select the route and click Edit. The Static Route Configuration dialog box opens with the selected route. 5 Edit the static route parameters. 6 Click OK. The SCS GUI redisplays the Routing tab with the changed static route information. Next steps Repeat this procedure as needed to modify any existing static routes that are no longer desireable or functional between the Shasta BSN and any subscriber. Delete a static route Delete any static route that is no longer desireable or functional within your network configuration. Prerequisites Determine what existing IP static routes are undesireable, or are no longer required, between the Shasta BSN and any subscriber. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 139 Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Select a static route to be deleted. 4 Click Delete. The Routing tab is redisplayed with the selected static route removed from the Static Route area. Next steps Repeat this procedure as needed to remove any existing static routes that are no longer desireable or functional between a Shasta BSN and any subscriber. Configuring summary routes Summary routing is a method of dynamic routing by which the Shasta BSN automatically learns, from a designated address pool and/or subscriber routing tables, paths to IP destination addresses that you specify. You can specify an IP address, netmask, and desired metric value for the route to each destination. Lower metric values cause the BSN to find more efficient routes to a specified destination. You can: Add a summary route, next Edit a summary route on page 141 Delete a summary route on page 142 For more information about summary routing, see Summary routes on page 75. Shasta 5000 Broadband Service Node Provisioning Subscribers

140 Chapter 8 Configuring static, summary, and RIP routes Add a summary route Perform this procedure to enable the Shasta BSN to automatically/dynamically learns, from a designated address pool and/or subscriber routing tables, the paths to any IP destination addresses that you specify. Prerequisites Determine which of your subscribers require dynamically learned IP access routes to a Shasta BSN device. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 In the Summary Route area, click Add. The Summary Route Configuration dialog box opens (Figure 19). Figure 19 Summary Route Configuration dialog box The following table describes the items in the Summary Route Configuration dialog box. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 141 Field Destination Netmask Description Type the IP address for the route destination. Select the subnet mask of the destination address. Metric Type an integer between 1 and 15 for the cost of the route. The default is 1. 4 Set the parameters as necessary and click OK. The Routing tab is redisplayed showing the new summary route. Next steps Repeat this procedure to enable the BSN to dynamically learn routes to any other IP destination address that you specify. Edit a summary route Edit a previously configured IP summary route between the Shasta BSN and any subscriber when the destination IP address or netmask value for the subscriber changes, or when you want to use a different route cost metric for learned summary routes. Prerequisites Determine where existing learned IP routes between the Shasta BSN and any configured subscriber must change for any of the reasons mentioned above. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. Shasta 5000 Broadband Service Node Provisioning Subscribers

142 Chapter 8 Configuring static, summary, and RIP routes The Configuration dialog box opens with the Routing tab displayed. 3 In the Summary Route area, do one of the following: Double-click the static route. Select the route and click Edit. The Summary Route Configuration dialog box opens with the selected route. 4 Edit the parameters in the Summary Route Configuration dialog box. 5 Click OK. The Routing tab is redisplayed with the changed summary route information. Next steps Repeat this procedure as needed to automatically update existing summary access routes between any subscriber and a Shasta BSN device. Delete a summary route Delete any IP summary route that is no longer desireable or required between the Shasta BSN and any subscriber. Prerequisites Determine where existing IP summary routes are no longer required between the Shasta BSN and any subscriber. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Select a summary route to be deleted. 4 Click Delete. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 143 The Routing tab is redisplayed with selected summary route is removed from the Summary Route area. Next steps Repeat this procedure as needed to remove any IP summary routes no longer required between the Shasta BSN and any subscriber. Configuring RIP routes The Routing Information Protocol (RIP) is an interior or intradomain routing protocol that uses the number of hops to a destination IP address to find a shortest-path spanning tree. Note: You configure RIP routing only on trunk interfaces on the Shasta BSN. You can: Enable or disable the RIP global routing instance, next Add RIP on a trunk Interface on page 144 Edit RIP on a trunk interface on page 149 Delete RIP from a trunk interface on page 151 For more information about RIP routing, see RIP routing on page 76 Enable or disable the RIP global routing instance Before you configure RIP as a routing protocol on a specific trunk interface, you must first enable the global instance of RIP on the same Shasta BSN device. If you subsequently need to stop all RIP routing across all trunk interfaces on a Shasta BSN device, you can disable the global instance of RIP. Likewise, to restart RIP across all trunk interfaces, just reenable the RIP global routing instance on the BSN device. Shasta 5000 Broadband Service Node Provisioning Subscribers

144 Chapter 8 Configuring static, summary, and RIP routes Prerequisites Determine where you require RIP routing between a Shasta BSN trunk interface and an IP service provider s network. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Do one of the following: To enable the RIP routing instance, in the Routing Protocols area, do one of the following: Click RIP. If RIP is already checked, click Restart RIP. SCS starts or restarts this RIP routing instance on the Shasta 5000 BSN. To disable the RIP routing instance, in the Routing Protocols area, click the checked RIP box. SCS stops this RIP routing instance on the Shasta 5000 BSN node. Next steps Add RIP on a trunk Interface on page 144 Edit RIP on a trunk interface on page 149 Delete RIP from a trunk interface on page 151 Add RIP on a trunk Interface Enable RIP on any trunk interface for routing between the Shasta BSN and an IP service provider s network. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 145 Prerequisites Determine where you require RIP routing between a Shasta BSN trunk interface and an IP service provider s network. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing.The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure RIP. The RIP Configuration dialog box opens with the Interface tab displayed (Figure 20). Shasta 5000 Broadband Service Node Provisioning Subscribers

146 Chapter 8 Configuring static, summary, and RIP routes Figure 20 RIP Configuration dialog box, Interface tab 4 If you decide to turn on the Originate Default, click on Route Importation and do the following: Note: This is a global flag that applies to all interfaces in the list. 214664-B Rev 00 Click Should Originate Default. The Default Cost box is ON now. Set the Default Cost (an integer number, 15, for example). 5 If you configured the Route Importation tab in the above step, click on the Interface tab. 6 In the RIP Configuration -- Interface tab, click Add. The RIP Interface dialog box opens.

Chapter 8 Configuring static, summary, and RIP routes 147 The following table describes the items in the RIP Interface Configuration dialog box: Table 21 RIP Interface Configuration dialog box fields Area Item Description (Main-implicit) Interface The name of the interface previously selected by choosing an interface and selecting OK (Figure 21). Poison Reverse Select to enable or disable the poison reverse function, in which routers inform the network of subnets or networks that a packet could not reach. Listen to RIP Routes Turns on (checked) or turns off (unchecked). If enabled, the Shasta 5000 BSN pays attention to RIP routes. Incoming Filter Name of the route policy used for filtering incoming packets. The route policy determines the specific parameters needed for entry into the router. Outgoing Filter Name of the route policy used for filtering outgoing packets. Send Ver 1 Ver 2 (default) Receive Ver 1 Ver 2 (default) Sends RIP v1. Sends RIP v2. Note: multiple choices are allowed. Receives RIP v1. Receives RIP v2. Note: multiple choices are allowed. Authentication Authentication None -- Requires no authentication Simple -- Requires a password for authentication Crypto -- Requires a password and a crypto key for authentication Type any required password, and then reenter the password in the Retype Password field. Shasta 5000 Broadband Service Node Provisioning Subscribers

148 Chapter 8 Configuring static, summary, and RIP routes Figure 21 Trunk Interface Selection dialog box 7 Set the parameters as necessary and click OK. RIP Configuration dialog box is redisplayed with the new interface (Figure 22). Figure 22 RIP Configuration dialog box showing interface name 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 149 Next steps Repeat this procedure to enable or disable RIP on any trunk interface, for routing between the Shasta BSN and an IP service provider s network. Edit RIP on a trunk interface on page 149 Delete RIP from a trunk interface on page 151 Edit RIP on a trunk interface Edit the configuration of RIP on any trunk interface when any of the send, receive, or authentication parameter values need to be changed. Prerequisites Determine if any send, receive, or authentication parameters of the RIP routing instance on any Shasta BSN trunk interface must be modified. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure RIP. The RIP Configuration dialog box opens with the Interface tab displayed (Figure 23). Shasta 5000 Broadband Service Node Provisioning Subscribers

150 Chapter 8 Configuring static, summary, and RIP routes Figure 23 RIP Interface dialog box showing interface information 4 Select the interface you want to edit and click Edit. The RIP Interface Configuration dialog box opens. 5 Edit the parameters shown in Table 21 on page 147. 6 Click OK. The RIP Configuration dialog box is redisplayed with the edited interface shown in the Interface tab. 7 Click OK. The Configuration dialog box is redisplayed with the Routing tab. 8 Do one of the following: Click RIP to start the instance. Click Restart RIP to restart the RIP routing instance. 214664-B Rev 00

Chapter 8 Configuring static, summary, and RIP routes 151 Next steps Repeat this procedure as needed to update existing RIP trunk-side routes between a Shasta BSN device and an IP service provider s network Add RIP on a trunk Interface on page 144 Delete RIP from a trunk interface on page 151 Enable or disable the RIP global routing instance on page 143. Delete RIP from a trunk interface Delete RIP from a trunk interface when RIP routing capabilities are no longer required between the Shasta BSN and an IP service provider s network. Prerequisites Determine where RIP routing functionality is no longer required between a Shasta BSN trunk interface and an IP service provider s network. Log on to an SCS server with ISP or DO&ISP priviledges. Open the SCS Device Manager tool. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure RIP. The RIP Configuration dialog box opens with the Interface tab displayed (Figure 23 on page 150). 4 Select the interface to be deleted. 5 Click Delete. The Interface tab is redisplayed without the RIP Interface. Shasta 5000 Broadband Service Node Provisioning Subscribers

152 Chapter 8 Configuring static, summary, and RIP routes Next steps Repeat this procedure as needed to remove RIP services from any other Shasta BSN trunk interface. 214664-B Rev 00

153 Chapter 9 Configuring OSPF routes OSPF (Open Shortest Path First) is a link-state routing protocol used instead of RIP within large autonomous system networks. For more information about OSPF, see OSPF routing on page 76. The following topics describe how to: Enable or disable the OSPF routing instance Configure OSPF global parameters on page 154. Configuring OSPF areas on page 155 Configuring OSPF area ranges on page 162 Enabling or disabling OSPF on a trunk interface on page 168 Enable or disable the OSPF routing instance Before performing any OSPF configuration tasks, you must enable the OSPF routing instance on your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. Shasta 5000 Broadband Service Node Provisioning Subscribers

154 Chapter 9 Configuring OSPF routes 3 Do one of the following: To enable the OSPF routing instance, in the Routing Protocols area: Click OSPF. If OSPF is already checked, click Restart OSPF. SCS starts or restarts this OSPF routing instance on the Shasta 5000 BSN. To disable the OSPF routing instance, in the Routing Protocols area, click the OSPF check box. SCS sends a command to start or restart this OSPF routing instance on the Shasta 5000 BSN. Next steps Configure OSPF global parameters on page 154 Configure OSPF global parameters Use the SCS client to configure the global parameters of the OSPF routing instance on your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. 3 Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 4 Click Configure OSPF. The OSPF Configuration dialog box opens with the generalpanel tab displayed. The following table describes the configurable items there: 214664-B Rev 00

Chapter 9 Configuring OSPF routes 155 Table 22 OSPF Configuration dialog box, General Panel tab items Field Value Description OSPF Router Identifier Originate Default Route A valid IP address (e.g., 10.10.111.1) On Off (default) Specifies the OSPF router ID (an integer or an IP address) for this BSN node. The system displays the default IP address of the current ISP as the default value. Indicates whether the originate default route is enabled (perform as an AS border router) or disabled. Cost of Default Route Integer [1... 1000] (default = 10) Specifies the cost of default route. Imported Route Type Originate Always OSPF SPF Hold-Down Timer Type-1 Type-2 On Off (default) 3-120 (seconds) default = 3 Allows you to choose "Type-1" or "Type-2". Import OSPF routes Do not import OSPF routes Sets the OSPF Shortest Path First (SPF) timer, which determines how often the processor-intensive SPF algorithm runs to recalculate routes on the BSN device. Lower timer values could adversely affect performance in a network with frequently bouncing (intermittent) routes. 5 Do one of the following: Set the parameters as necessary and click OK. Click the Area tab to set the area-specific configuration. Next steps Configuring OSPF areas on page 155 Configuring OSPF areas You can use the SCS client to define OSPF areas associated with the current ISP. Specifically, you can: Add an OSPF area, next Edit an OSPF area on page 160 Delete an OSPF area on page 162 Shasta 5000 Broadband Service Node Provisioning Subscribers

156 Chapter 9 Configuring OSPF routes Add an OSPF area An OSPF area is a group of contiguous networks and attached hosts. For more information, see OSPF routing on page 76. Use the SCS client to add an area to the OSPF configuration of your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24). 214664-B Rev 00

Chapter 9 Configuring OSPF routes 157 Figure 24 OSPF Configuration dialog box, Area tab 5 Click Add. The OSPF Area dialog box opens (Figure 25). Figure 25 OSPF Area dialog box 6 Do one of the following: Click Area ID (Integer) and type an area ID as an integer ranging from 0 to 65536. Click Area ID (IP Address) and type an area ID in IP address format. Shasta 5000 Broadband Service Node Provisioning Subscribers

158 Chapter 9 Configuring OSPF routes 7 Click OK. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 26). Figure 26 OSPF Area Configuration dialog box, Area Specific tab The following table describes the items in the Area Specific tab. Table 23 OSPF Area Configuration dialog box, Area Specific tab items Field Area ID Type Description The integer or valid IP address for the OSPF area. The OSPF area type: Normal: An OSPF transit area, which can carry data traffic neither locally originated nor locally destined Stub: An OSPF area on the periphery of the AS, and having only a single entry/exit to the AS. NSSA: Not So Stubby Area -- Similar to the OSPF stub area, but can also import AS external routes. 214664-B Rev 00

Chapter 9 Configuring OSPF routes 159 Table 23 OSPF Area Configuration dialog box, Area Specific tab items Field Cost of Default Route Exclude Import Routes Report ISP IP Address Description An integer that defines an artificial cost of the default route. The default cost is 10. For normal/transit areas and NSSAs, you can specify the cost of a default route to a value between 1 and 1000000. Select to exclude import routes in the OSPF area. Default is unchecked. Select to log the ISPs IP address. 8 Click OK. The OSPF Configuration dialog box is redisplayed with the defined area (Figure 27). Figure 27 OSPF Configuration dialog box with defined area Shasta 5000 Broadband Service Node Provisioning Subscribers

160 Chapter 9 Configuring OSPF routes Next steps Repeat this procedure as needed to add more areas to the OSPF configuration of your Shasta BSN, or you can perform any of the following tasks: Edit an OSPF area on page 160 Add an area range to an OSPF area on page 162 Enable OSPF on a trunk interface on page 168 Edit an OSPF area You can use the SCS client to modify the parameters associated with any OSPF area configured on your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. Add one or more areas to the OSPF configuration of your Shasta BSN. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28). 214664-B Rev 00

Chapter 9 Configuring OSPF routes 161 Figure 28 OSPF Area Configuration dialog box, Area Specific dialog box For a description of the fields in the Area Specific tab, see the table under Add an OSPF area on page 156. 6 Set the parameters as necessary and click OK. The OSPF Configuration dialog box is redisplayed. Next steps Repeat this procedure as needed to modify the parameters associated with other OSPF areas defined on your Shasta BSN, or you can perform any of the following tasks: Add an area range to an OSPF area on page 162 Enable OSPF on a trunk interface on page 168 Shasta 5000 Broadband Service Node Provisioning Subscribers

162 Chapter 9 Configuring OSPF routes Delete an OSPF area To delete an OSPF area: 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Select the Area to be deleted and click Edit. The Area tab of the OSPF Area Configuration dialog box no longer contains the deleted area. Configuring OSPF area ranges If you want to enable or disable the advertising of entire ranges of OSPF areas to OSPF neighbors, you may want to configure area ranges. Specifically, you can: Add an area range to an OSPF area, next Edit an area range of an OSPF area on page 166 Delete an OSPF area range on page 167 Add an area range to an OSPF area Use the SCS client to add an OSPF area range. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. 214664-B Rev 00

Chapter 9 Configuring OSPF routes 163 Add one or more areas to the OSPF configuration of your Shasta BSN. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28). 6 Click the Area Range tab. The Area Range tab opens (Figure 29). Shasta 5000 Broadband Service Node Provisioning Subscribers

164 Chapter 9 Configuring OSPF routes Figure 29 OSPF Area Configuration dialog box, Area Range tab 7 Click Add. The OSPF Area Range Configuration dialog box opens (Figure 30). Figure 30 OSPF Area Range Configuration dialog box The following table describes the items in the OSPF Area Range Configuration dialog box. 214664-B Rev 00

Chapter 9 Configuring OSPF routes 165 Field Subnet Base Netmask Advertise Description Type the IP prefix of the area range as a valid IP address. Select the Subnet mask of this range. Enables (checked) or disables (unchecked) the advertisement of the OSPF node to its neighbors. 8 Set the parameters as necessary and click OK. The OSPF Area Configuration dialog box, Area Range tab is redisplayed with the new area range (Figure 31). Figure 31 OSPF Area Configuration dialog box -- Area Range tab Shasta 5000 Broadband Service Node Provisioning Subscribers

166 Chapter 9 Configuring OSPF routes Next steps Repeat this procedure as needed to enable/disable advertising of area ranges to OSPF neighbors, or you can: Enable OSPF on a trunk interface on page 168. Edit an area range of an OSPF area You can use the SCS client to modify the parameters associated with any OSPF area configured on your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. Add one or more areas to the OSPF configuration of your Shasta BSN. Create one or more OSPF area ranges on your Shasta BSNs. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the General tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28 on page 161). 6 Click the Area Range tab. The Area Range tab opens (Figure 29 on page 164). 214664-B Rev 00

Chapter 9 Configuring OSPF routes 167 7 Click Edit. The OSPF Area Range Configuration dialog box opens (Figure 30 on page 164). 8 Edit the parameters in the OSPF Area Range Configuration dialog box. The GUI redisplays the Area Range tab with the edited area range parameter values. Next steps Repeat this procedure as needed to modify other OSPF area ranges defined on your Shasta BSN, or you can enable OSPF on a trunk interface. (See Enabling or disabling OSPF on a trunk interface on page 168.) Delete an OSPF area range To delete an OSPF area: 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the General tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28 on page 161). 6 Click the Area Range tab. The Area Range tab opens (Figure 29 on page 164). 7 Select the area range to be deleted and click Delete. Shasta 5000 Broadband Service Node Provisioning Subscribers

168 Chapter 9 Configuring OSPF routes The OSPF Area Configuration dialog box, Area Range tab is redisplayed with the selected area range removed. Enabling or disabling OSPF on a trunk interface The OSPF Interface Configuration Window enables you to configure an OSPF interface of a selected area under the current ISP. Specifically, you can: Enable OSPF on a trunk interface, next Edit OSPF settings on a trunk interface on page 172 Delete OSPF from a trunk interface on page 174 Enable OSPF on a trunk interface You can use the SCS client to enable OSPF on a trunk interface. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. Add one or more areas to the OSPF configuration of your Shasta BSN. Create one or more OSPF area ranges on your Shasta BSNs. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: 214664-B Rev 00

Chapter 9 Configuring OSPF routes 169 Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28 on page 161). 6 Click the Interface Tab. The Interface tab opens (Figure 32). Figure 32 OSPF Area Configuration dialog box, Interface tab 7 Click Add. The OSPF Area Interface Configuration dialog box opens with the General tab displayed (Figure 33). Shasta 5000 Broadband Service Node Provisioning Subscribers

170 Chapter 9 Configuring OSPF routes Figure 33 OSPF Area Interface Configuration dialog box 8 Click Select to select an interface. The Trunk Interface Selection dialog box opens (Figure 34 on page 171). 9 Select the interface and click on OK. Return to the OSPF Area Interface Configuration dialog box, where the interface ID is shown. 10 Set values for any parameters with active fields in the OSPF Area Interface Configuration dialog box, described in the following table:. Field Interface Cost Authentication Password Description The name of the interface. Click Select to open the Trunk Interface Selection dialog box (Figure 34). Select the interface and click OK. Type an integer for the cost of this OSPF interface. The default is 1. Authentication type Type a password for interface authentication (active only for simple or crypto authentication) 214664-B Rev 00

Chapter 9 Configuring OSPF routes 171 Field Retype Password Key ID Retransmission Interval Estimated Transmission Delay Hello Interval Dead Interval DR Priority Type Description Retype the password (active only for simple or crypto authentication) An integer from 1 to 255, active only for Crypto/MD5 authentication A integer in seconds to specify the time interval between retransmissions. The default is 5 seconds. A integer in seconds to specify the estimated delay of transmissions. The default is 1 second. A integer in seconds to specify the time interval between Hello packets. The default is 10 seconds. A integer in seconds to specify the max. number of Hello packets without ack. The default is 40 seconds. A integer to specify the DR priority of this interface in current OSPF instance. Select the type of interface. The choices are: Point-to-point Point-to-Multipoint Broadcast Figure 34 Trunk Interface Selection dialog box 11 Click OK. The Interface tab is redisplayed showing the new interface (Figure 35). Shasta 5000 Broadband Service Node Provisioning Subscribers

172 Chapter 9 Configuring OSPF routes Figure 35 OSPF Interface List dialog box Next steps Whenever necessary, you can: Edit OSPF settings on a trunk interface on page 172. Edit OSPF settings on a trunk interface Use the SCS client to modify OSPF settings on a trunk interface of your Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Enable the OSPF routing instance on your Shasta BSN. Configure OSPF global parameters. Add one or more areas to the OSPF configuration of your Shasta BSN. Create one or more OSPF area ranges on your Shasta BSNs. 214664-B Rev 00

Chapter 9 Configuring OSPF routes 173 Enable OSPF on a trunk interface. Procedure 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the General tab displayed. 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28 on page 161). 6 Click the Interface Tab. The Interface tab opens (Figure 32 on page 169). 7 Select the interface to be edited and click Edit. The selected OSPF Interface Configuration dialog box opens with the General tab showing the settings for the interface (Figure 36). Shasta 5000 Broadband Service Node Provisioning Subscribers

174 Chapter 9 Configuring OSPF routes Figure 36 OSPF Area Interface Configuration dialog box, General tab showing existing settings for an interface 8 Edit the settings as shown in Table 10 on page 170. 9 Click OK. The Interface tab is redisplayed showing the edited interface. Next steps Repeat this procedure whenever necessary to update your OSPF configuration on a Shasta BSN trunk interface. Delete OSPF from a trunk interface To disable OSPF on a trunk interface: 1 In the SCS main window manager icon bar, click Devices. 2 Select a region from the Regions list. Right-click on a Shasta 5000 BSN and select Configure > Routing. The Configuration dialog box opens with the General tab displayed. 214664-B Rev 00

Chapter 9 Configuring OSPF routes 175 3 Click Configure OSPF. 4 Click the Area tab. The Area tab opens (Figure 24 on page 157). 5 Do one of the following: Double-click the area. Select the area and click Edit. The OSPF Area Configuration dialog box opens with the Area Specific tab displayed (Figure 28 on page 161). 6 Click the Interface Tab. The Interface tab opens (Figure 32). 7 Select the interface to be deleted and click Delete. The Interface tab is redisplayed showing that the interface has been removed from the list. Shasta 5000 Broadband Service Node Provisioning Subscribers

176 Chapter 9 Configuring OSPF routes 214664-B Rev 00

177 Chapter 10 Configuring BGP Border Gateway Protocol (BGP) is a routing protocol that allows you to create routing between two sets of routers operating in different administrative systems, called autonomous systems (ASs). For more information about BGP, see BGP routing on page 77. This following topics contain information about how to configure BGP on the Shasta BSN: Enabling BGP on page 177 Configuring an autonomous system on page 178 Configuring BGP peers on page 181 Configuring BGP peer groups on page 186 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Enabling BGP To configure BGP, you must first enable it on your Shasta BSN. Prerequisites Log in to your SCS server as an ISP or as a device owner + ISP. Procedure 1 With the Device Manager window open, right-click on a Shasta BSN. Shasta 5000 Broadband Service Node Provisioning Subscribers

178 Chapter 10 Configuring BGP A shortcut menu opens. 2 Click Configure. A shortcut menu opens. 3 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 4 In the Routing Protocols area, click BGP. Next steps Configuring an autonomous system on page 178 Configuring BGP peers on page 181 Configuring BGP peer groups on page 186 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Configuring an autonomous system An autonomous system (AS) is a distinct system, generally a subnetwork. A BGP router can attempt to link up and form a peer relationship with another BGP peer router. For more information about Autonomous Systems, see BGP peers and autonomous systems on page 78. Prerequisites Log on to the Shasta BSN with ISP or device owner + ISP priviledges. Enable BGP on the Shasta BSN device. Procedure To configure an autonomous system for the Shasta 5000 BSN: 1 Log in to the SCS as an ISP or as a device owner + ISP. The Device Manager window opens. 214664-B Rev 00

Chapter 10 Configuring BGP 179 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. The following table describes items in the Global tab. Table 24 BGP Configuration dialog box, Global tab items Item Autonomous System # Confederation ID Cluster ID Default Local Pref Default MED Max Equal Cost Routes Route Flap Dampening Route Filter IBGP Synchronization Description Type an integer between 1 and 65535 for the ID number of the autonomous system. Type an integer between 0 and 4294967295 for the subautonomous system. Displays the ID number of a cluster: a group of clients and route reflectors. Type an integer between 0 and 4294967295 for the default local preference used if BGP does not receive a value from its peer. Type an integer between 0 and 4294967295 for BGP to use as a default Multi-Exit Discriminator value if no value is received from a BGP peer. Type an integer between 1 and 6 for the maximum number of equal cost paths that BGP would keep. Directs BGP to keep track of route flap history (checked) or ignore route flap history (unchecked). Route flap is a detrimental advertisement and withdrawing of routes that are frequently unstable or oscillating up and down, thereby causing instability in the device routing table. Route flap dampening supresses these instabilities by ignoring unstable routes, as determined by their route flap history. Checking this box enables the Route Filter button. Button enables you to select a routing filter to assist route flap dampening performed by the Shasta BSN. BGP does (checked) or does not (unchecked) install IBGP routes unless there is an IGP route. Shasta 5000 Broadband Service Node Provisioning Subscribers

180 Chapter 10 Configuring BGP Table 24 BGP Configuration dialog box, Global tab items (continued) Item Route Reflector Originate Default Route Always Compare MEDISC Report Import Route to IBGP Reflect Client to Client Ignore Illegal Router ID Auto Peer Restart Description Turns on (checked) or off (unchecked) this BGP speaker as a route reflector which is an object that is responsible for passing IBGP routes to IBGP neighbors. Directs BGP to originate default routes (checked) or not (unchecked). Forces (checked) or does not force (unchecked) the Multi-exit discriminator attribute to be compared between paths received from any AS. Directs BGP to advertise (checked) or not advertise (unchecked) imported routes in IBGP. Directs the BGP route reflector (checked) to reflect routes received from a client to another client or not reflect routes (unchecked). Accepts (unchecked) or refuses (checked) an invalid router ID received in a BGP packet. Directs BGP to automatically restart an auto peer session (checked) or not (unchecked). Next steps Repeat this procedure as necessary to configure other Autonomous Systems on the Shasta BSN. Next, perform any of the following tasks: Configuring BGP peers on page 181 Configuring BGP peer groups on page 186 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 214664-B Rev 00

Chapter 10 Configuring BGP 181 Configuring BGP peers Within an Autonomous system, a BGP peer is a router that has a peer relationship with BGP peer routers in other Autonomous Systems. For more information about BGP peers, see BGP peers and autonomous systems on page 78. Using the SCS device routing configuration tab, you can: Add a BGP peer on page 181 Edit a BGP peer on page 185 Delete a BGP peer on page 186 Add a BGP peer You can add to a Shasta BSN configuration information about BGP peers that exist in other Autonomous Systems. Prerequisites Log in to your SCS server as device owner. Procedure 1 From the SCS Device Manager window, right-click on a Shasta BSN. A shortcut menu opens. 2 Click Configure. A shortcut menu opens. 3 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 4 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. 5 Click the Peer tab. The Peer tab opens (Figure 37). Shasta 5000 Broadband Service Node Provisioning Subscribers

182 Chapter 10 Configuring BGP Figure 37 BGP Configuration dialog box, Peer tab 6 Click Add. The BGP Peer Add dialog box opens. The following table describes the items in the BGP Peer Add dialog box. Table 25 BGP Peer Add dialog box items Item IP Address Autonomous System Group Name Description Takes the IP address of the BGP peer. Takes an integer between 1 and 65535 for the autonomous system in the BGP network. Displays the name of the BGP group. 214664-B Rev 00

Table 25 BGP Peer Add dialog box items (continued) Chapter 10 Configuring BGP 183 Item Input RouteMap Output RouteMap Keep Alive Interval Route Advertise Interval Weight Password Type Password Again Max Number of Prefix MED EBGP Multihop Next Hop Self Route Reflector Client Remove Private AS Number Neighbor Disable Description Takes a text string for the Input route Policy of the Shasta 5000 BSN, or click Select to open the Input RouteMap Policy Selection dialog box (Figure 38 on page 184). Select the policy and click OK. Takes a text string for name of the output route policy of the Shasta 5000 BSN, or click Select to open the Output RouteMap Policy Selection dialog box (Figure 39 on page 184). Select the policy and click OK. Takes an integer between 0 and 65536 for the number of seconds between transmissions of a BGP neighbor that indicate to its neighbor that it is still up and running. Takes an integer between 0 and 300 for the number of seconds between the points where a router sends information about its path to another router. Takes an integer between 0 and 65535 that represents the prioritized path between two BGP peers. Takes a string that enables you to gain access to the Shasta 5000 BSN. Takes the password as a confirmation of the initial password string you have entered. Takes an integer for the maximum number of BGP prefixes allowed. Multi-Exit Descriminator value. This value may be used in the tie-breaking process when selecting a preferred path to a given address space. The MED is used when comparing paths received from different external peers in the same AS to indicate the preference of the originating AS. Enables (checked) or disables (unchecked) External BGP multihopping on a packet. Enables (checked) or disables (unchecked) whether or not the packet should be forwarded in the situation where the next router is the current router. Advertises (checked) or does not advertise (unchecked) the address of the route reflector client to the entire autonomous system. When enabled, removes Private AS numbers. Directs BGP to connect (unchecked) not connect (checked) to the specified peer. Shasta 5000 Broadband Service Node Provisioning Subscribers

184 Chapter 10 Configuring BGP Table 25 BGP Peer Add dialog box items (continued) Item Description Originate Default Route Use ISP IP Address As Source Sends (checked) or does not send (unchecked) a default route to the peer. Uses (checked) or does not use (unchecked) the ISP IP address as the source instead of the interface address. 2547 VPN When enabled, indicates that the peer is part of an RFC 2547 VPN. Figure 38 Input RouteMap Policy Selection dialog box Figure 39 Output RouteMap Policy Selection dialog box 214664-B Rev 00

Chapter 10 Configuring BGP 185 7 Set the parameters as necessary and click OK. The Peer tab is redisplayed with the peer you added. Next steps Repeat this procedure as necessary to configure the Shasta BSN with information about other BGP peers in your network. Next, perform any of the following tasks: Edit a BGP peer on page 185 Configuring BGP peer groups on page 186 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Edit a BGP peer For a specific Shasta BSN, you can use the SCS client to edit information about BGP peers that exist in other Autonomous Systems. Prerequisites Log in to your SCS server as device owner. One or more BGP peers already exist in the configuration of the Shasta BSN. Procedure 1 From the SCS Device Manager window, right-click on a Shasta BSN. A shortcut menu opens. 2 Click Configure. A shortcut menu opens. 3 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 4 In the Routing Protocols area, click Configure BGP. Shasta 5000 Broadband Service Node Provisioning Subscribers

186 Chapter 10 Configuring BGP The BGP Configuration dialog box opens with the Global tab displayed. 5 Click the Peer tab. The Peer tab opens. 6 In the Peer tab, click a peer in the BGP Peer list and click Edit. The BGP Peer Edit dialog box opens. 7 Reset the parameters as necessary and click OK. The BGP Configuration Peer dialog box is redisplayed with the changed parameters. Next steps Repeat this procedure as necessary to edit information about other BGP peers in your network. Next, you can perform any of the following tasks: Configuring BGP peer groups on page 186 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Delete a BGP peer In the Peer tab, click a peer in the BGP Peer list and click Delete. (The SCS client displays an updated BGP Peer list, minus the deleted peer.) Configuring BGP peer groups A BGP peer group is a group of BGP peers that share the same outgoing route policy (route map). If you are sending the same advertisement to multiple peers, you can configure them as a peer group. Using the SCS device routing configuration tab, you can: 214664-B Rev 00

Chapter 10 Configuring BGP 187 Add a BGP peer group on page 187 Edit a BGP peer group on page 192 Delete a BGP peer group on page 192 Add a BGP peer group Instead of sending identical route advertisements to multiple BGP peers, you can create a BGP peer group. The Shasta BSN can then send advertisements simultaneously to all members of the BGP peer group. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add BGP peers. Procedure 1 Log in to the SCS as a device owner. The Device Manager window opens. 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. 6 Click the Peer Group tab. The Peer Group tab opens (Figure 40). Shasta 5000 Broadband Service Node Provisioning Subscribers

188 Chapter 10 Configuring BGP Figure 40 BGP Configuration dialog box, Peer Group tab 7 Click Add. The BGP Peer Group Add dialog box opens. The following table describes the items in the BGP Peer Group Add dialog box. Table 26 BGP Peer Group Add dialog box items Item Peer Group Name AS Number Incoming Route Policy Description The a string for the name of the BGP peer group. An integer that identifies the autonomous system. The name of the route policy of the BGP router going into the Shasta 5000 BSN. Or click Select to open the Input Route Policy Selection dialog box (Figure 41). Select a route policy and click OK. 214664-B Rev 00

Table 26 BGP Peer Group Add dialog box items (continued) Chapter 10 Configuring BGP 189 Item Description Outgoing Route Policy The name of the route policy of the BGP router going out of the Shasta 5000 BSN. Or click Select to open the Output Route Policy Selection dialog box (Figure 42). Select a route policy and click OK Keep Alive Interval Type an integer for the number of seconds between the sending of a BGP KEEPALIVE message that indicates that the BGP peer is still up and running. Weight Type an integer for the priority of a path between two BGP peers. Password Type a string that enables you to gain access to the Shasta 5000 BSN. Type Password Again Retype the password as a confirmation of the initial password string you have entered. MED Multi-Exit Descriminator value. This value may be used in the tie-breaking process when selecting a preferred path to a given address space. The MED is used when comparing paths received from different external peers in the same AS to indicate the preference of the originating AS. Route Advertise Interval Type an integer for the number of seconds between advertisements sent by a BGP peer announcing its presence. Multi-Hop This checkbox enables the Border Gateway Protocol Multihop facility. Originate Default Route Sends (checked) or does not send (unchecked) a default route to the peer. Next Hop Self Enables (checked) or disables (unchecked) whether or not the packet should be forwarded in the situation where the next router is the current router Remove Private AS Removes Private AS numbers associated with the peer group. Number Use ISP IP Address As Source Uses (checked) or does not use (unchecked) the ISP IP address as the source instead of the interface address. 2547 VPN Indicates that the peer group is part of an RFC 2547 VPN. Route Reflector Client Advertises (checked) or does not advertise (unchecked) the address of the route reflector client to the entire autonomous system. Candidates Non-Group Members Group Members A list of the names of all candidates to be a member of a BGP peer group. Move individual or All names back and forth to and from the Group Members list using the buttons in the middle. A list of the names all members of a peer group. Shasta 5000 Broadband Service Node Provisioning Subscribers

190 Chapter 10 Configuring BGP Figure 41 Input Route Policy Selection dialog box Figure 42 Output Route Policy Selection dialog box 8 Set the parameters as necessary and click OK. The Peer Group tab is redisplayed with the new peer group in the list (Figure 43). 214664-B Rev 00

Chapter 10 Configuring BGP 191. Figure 43 BGP Configuration Peer Group dialog box showing new peer group Next steps Repeat this procedure as necessary to create additional BGP peer groups. Next, perform any of the following tasks: Edit a BGP peer group on page 192 Add a BGP peer on page 181 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Shasta 5000 Broadband Service Node Provisioning Subscribers

192 Chapter 10 Configuring BGP Edit a BGP peer group Use this procedure to edit BGP peer entries in an existing BGP peer group. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add BGP peers. Create one or more BGP peer groups Procedure 1 In the Peer Group tab, select a BGP peer group from the list and click Edit. The SCS client displays the BGP peer group edit dialog box. 2 Reset the parameters as necessary and click OK. The BGP Configuration Peer Group dialog box is redisplayed with the changed parameters. Delete a BGP peer group In the BGP Peer Group tab, select a BGP peer group from the list and click Delete. (The SCS client displays the updated BGP peer group list, minus the deleted peer group.) Configuring BGP prefixes A BGP prefix is a convention for efficiently identifying a range of IP hosts on a specific network. The prefix has the form: <IP_address>/<length> For example: 140.250.0.0/16 214664-B Rev 00

Chapter 10 Configuring BGP 193 For more information, see Prefixes on page 82. Using the SCS device routing configuration tab, you can: Add a BGP prefix on page 193 Edit a BGP prefix on page 196 Delete a BGP prefix on page 197 Add a BGP prefix Use the SCS client to create a BGP prefix address that represents many IP hosts on the same network. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Procedure 1 Log in to the SCS as a device owner. The Device Manager window opens. 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. 6 Click the Network tab. The Network tab opens (Figure 44). Shasta 5000 Broadband Service Node Provisioning Subscribers

194 Chapter 10 Configuring BGP. Figure 44 BGP Configuration dialog box, Network tab 7 Click Add. The BGP Network Add dialog box opens (Figure 45). Figure 45 BGP Network Add dialog box 8 In the Prefix field, enter an IP address that will be the prefix value. 9 In the Mask list, select an appropriate mask value for the prefix. 214664-B Rev 00

Chapter 10 Configuring BGP 195 10 Click OK. The prefix and the mask values are added to the Network list in the Network tab (Figure 46). Figure 46 BGP Configuration dialog box, Network tab with new prefix displayed Next steps You can repeat this procedure as needed to create more BGP prefixes on the Shasta BSN, or you can continue with any of the following tasks: Edit a BGP prefix on page 196 Add a BGP peer on page 181 Configuring BGP prefixes on page 192 Configuring BGP route importation on page 197 Configuring BGP aggregates on page 199 Shasta 5000 Broadband Service Node Provisioning Subscribers

196 Chapter 10 Configuring BGP Configuring BGP confederations on page 205 Edit a BGP prefix Use this procedure to change the Prefix and Mask values configured for existing BGP prefix address. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Procedure 1 In the BGP Network tab, select a prefix and click Edit. The BGP Network Edit dialog box opens (Figure 47). (To open the Network tab, see Add a BGP prefix on page 193.). Figure 47 BGP Network Edit dialog box 2 Change the values in the fields and click OK. The Network tab is redisplayed with the changes to the prefix. Next steps Repeat this procedure to modify other existing BGP prefix addresses configured on the Shasta BSN, or you can continue with any of the following tasks: Add a BGP prefix on page 193 Add a BGP peer on page 181 Configuring BGP route importation on page 197 214664-B Rev 00

Chapter 10 Configuring BGP 197 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Delete a BGP prefix In the BGP Network tab, select a prefix and click Delete. (The SCS client displays the updated BGP prefix list, minus the deleted prefix.) Configuring BGP route importation Route importation refers to a way to advertise routes learned from one protocol into another protocol. Route importation uses route policies. For more information, see Route importation on page 93. Configure BGP route importation Use this procedure to import connected, static, RIP, and OSPF routes into BGP routes that the Shasta BSN can subsequently advertise. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add BGP peers. Create routing policies. Procedure 1 Log in to the SCS as a device owner. The Device Manager window opens. 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. Shasta 5000 Broadband Service Node Provisioning Subscribers

198 Chapter 10 Configuring BGP 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. 6 Click the Route Importation tab. The Route Importation tab opens. The following table describes the items in the Route Importation tab. Table 27 BGP Configuration dialog box, Route Importation tab items Item Description Import Connected Routes Imports connected routes from a peer router. Import Static Routes Imports all static routes from a peer router. Import OSPF Routes Imports OSPF routes from a peer router. Import RIP Routes Imports RIP routes from a peer router. Import ISIS Routes Imports ISIS routes from a peer router. 7 Click the route protocol for which you want packets imported into BGP. The Route Policy button under the route protocol you have checked is activated. 8 Click Route Policy. The Connected Route Policy Selection dialog box opens (Figure 48). 214664-B Rev 00

Chapter 10 Configuring BGP 199 Figure 48 Connected Route Policy Selection dialog box 9 Click a Connected Route Policy and click OK. The Route Importation tab is redisplayed with the name of the route policy you selected shown in the box under the protocol import field you selected. Next steps Repeat this procedure as needed to import other route types into advertised BGP routes, or you can continue with any of the following tasks: Add a BGP prefix on page 193 Add a BGP peer on page 181 Configuring BGP aggregates on page 199 Configuring BGP confederations on page 205 Configuring BGP aggregates A BGP aggregate is a software mechanism for efficiently advertising, from the Shasta BSN, BGP routes and routing policies (routing maps) to a range of BGP hosts. You can configure this mechanism to advertise BGP routes in summary or detailed form. For more information, see Route aggregation on page 93. Using the SCS device routing configuration tab, you can: Add a BGP aggregate on page 200 Shasta 5000 Broadband Service Node Provisioning Subscribers

200 Chapter 10 Configuring BGP Edit a BGP aggregate on page 203 Delete a BGP aggregate on page 205 Add a BGP aggregate Use the SCS client to create a BGP aggregate, or BGP routes aggregation mechanism, for advertising BGP routes in detailed or summary form, across a range of BGP hosts specified by a Prefix address. See the following topics for more information about: Route aggregation on page 93 Prefixes on page 82 Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add BGP peers. Add BGP routing policies Procedure 1 Log in to the SCS as a device owner. The Device Manager window opens. 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 In the Routing Protocols area, click Configure BGP. The BGP Configuration dialog box opens with the Global tab displayed. 6 Click the Aggregate Tab. 214664-B Rev 00

Chapter 10 Configuring BGP 201 The BGP Configuration dialog box opens with the Aggregate tab displayed (Figure 49). Figure 49 BGP Configuration dialog box, Aggregate tab 7 Click Add. The BGP Aggregate Add dialog box opens (Figure 50). Shasta 5000 Broadband Service Node Provisioning Subscribers

202 Chapter 10 Configuring BGP Figure 50 BGP Aggregate Add dialog box The following table describes the items in the BGP Aggregate Add dialog box. Table 28 BGP Aggregate Add dialog box items Field Choice/Value Description Prefix Net Mask AS Set Summary Only Suppress Route Policy Advertise Route Policy Attribute Route Policy A valid IP address in the form XXX.XXX.XXX.XXX. A valid network mask value in the form /<no._bits> (XXX.XXX.XXX.XXX) Checked (On) Unchecked (Off) Checked (On) Unchecked (Off) A valid input route map string. A valid output route map string. A valid output route map string. An IP network address used to define a range of IP hosts. The number of contiguous leading bits of the Prefix address that define the network portion of that address. Directs the routing module to advertise the autonomous system of more specific routes. Provides summary information about BGP only. Keeps the selected input route map from being active. Displays the current output route map to all nodes on the network. Displays the current output route map. 8 Set the parameters as necessary and click OK. The Aggregate tab is redisplayed with the new aggregate entry (Figure 51). 214664-B Rev 00

Chapter 10 Configuring BGP 203 Figure 51 BGP Configuration dialog box, Aggregate tab with new aggregate entry Next steps If necessary: Edit a BGP aggregate on page 203 Edit a BGP aggregate Use this procedure to modify aggregated BGP route advertisements issued by the Shasta BSN. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add BGP peers. Shasta 5000 Broadband Service Node Provisioning Subscribers

204 Chapter 10 Configuring BGP Add BGP routing policies Create one or more BGP aggregates on the Shasta BSN. Procedure 1 In the BGP Configuration dialog box, click the Aggregate tab. The Aggregate tab opens (Figure 49 on page 201). To open the BGP Configuration dialog box, see Configuring an autonomous system on page 178. 2 Click a BGP aggregate entry and click Edit. The BGP Aggregate Edit dialog box opens (Figure 52). Figure 52 BGP Aggregate Edit dialog box 214664-B Rev 00 3 Change any settings that need to be adjusted and click OK. The Aggregate tab is redisplayed, showing the entry you edited with the new changes.

Chapter 10 Configuring BGP 205 Next steps Repeat this procedure as needed to fine tune aggregated BGP route advertisements issued by the Shasta BSN. Delete a BGP aggregate 1 In the BGP Configuration dialog box, click the Aggregate tab. The Aggregate tab opens (Figure 49 on page 201). 2 Click a BGP aggregate entry and click Delete. The SCS client displays the updated BGP Aggregate list, minus the deleted aggregate. Configuring BGP confederations A BGP confederation is a set of subautonomous systems created by subdividing an existing AS. For more information, see BGP confederations on page 94. Using the SCS device routing configuration tab, you can: Add a BGP confederation on page 205 Edit a BGP confederation on page 208 Delete a BGP confederation on page 208 Add a BGP confederation Use the SCS client to create a BGP confederation from a single existing AS. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add autonomous systems to the device. Shasta 5000 Broadband Service Node Provisioning Subscribers

206 Chapter 10 Configuring BGP Procedure 1 Log in to the SCS as a device owner. The Device Manager window opens. 2 Right-click on a Shasta 5000 BSN. A shortcut menu opens. 3 Click Configure. A shortcut menu opens. 4 Click Routing. The Configuration dialog box opens with the Routing tab displayed. 5 Click Configure BGP. The BGP Configuration - Global dialog box appears. 6 Within the BGP Configuration dialog box, Click the Confederation tab. The Confederation tab opens (Figure 53). 214664-B Rev 00

Figure 53 BGP Configuration dialog box, Confederation tab Chapter 10 Configuring BGP 207 7 Click Add. The BGP Confederation Add dialog box opens (Figure 54). Figure 54 BGP Confederation Peer Add dialog box 8 In the AS Number field, type an integer that is the Autonomous System number of a BGP router you have configured for which you want to create a confederation and click OK. The Confederation tab is redisplayed with the autonomous number you specified in the AS Number list. Shasta 5000 Broadband Service Node Provisioning Subscribers

208 Chapter 10 Configuring BGP Next steps Repeat this procedure as neede to create additional BGP confederations Edit a BGP confederation Use this procedure to change the AS number associated with a BGP router that is part of a previously configured BGP confederation. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the Shasta BSN device. Add autonomous systems to the device. Create a BGP confederation on the Shasta BSN. Procedure 1 In the Confederation tab, click an AS number and click Edit. To open the Confederation tab, see Add a BGP confederation on page 205. 2 Type in a new number and click OK. The BGP Confederation tab is redisplayed with the new autonomous number you have specified. Next steps Repeat this procedure as needed to change the AS number associated with any existing BGP confederation configured on the Shasta BSN. Delete a BGP confederation In the Confederation tab, click the AS number of a BGP router and click Delete. (The SCS client displays an updated list, minus the deleted AS number.) 214664-B Rev 00

209 Chapter 11 Configuring IS-IS Intermediate System-to-Intermediate System (IS-IS) is routing protocol for exchanging routing information based on a single metric, to determine network topology. For more information about IS-IS routing, see ISIS routing on page 85. Using the SCS Device Manager tool, you can perform the following tasks: Adding IS-IS on page 209 Configuring a network entity title on page 215 Configuring an IS-IS trunk interface on page 211 Configuring a summary address on page 216 Configuring an area authentication on page 217 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 Adding IS-IS Before performing any other IS-IS configuration tasks, you must enable the IS-IS routing instance and configure its General parameters on your Shasta BSN. Prerequisites Log in your SCS server with ISP priviledges. Procedure 1 From the Device Manager window, right-click on a Shasta 5000 BSN. A shortcut menu opens. Shasta 5000 Broadband Service Node Provisioning Subscribers

210 Chapter 11 Configuring IS-IS 2 Click Configure > Routing. The device Configuration dialog box opens with the Routing tab displayed. 3 In the Routing Protocols area, click Configure ISIS. The ISIS Configuration dialog box opens with the General tab displayed (Figure 55). Figure 55 ISIS Configuration dialog box, General tab The following table describes the items in the General tab. Field Import Default Router Level Description Sets (checked) or unsets (unchecked) the default routing paths for the Shasta 5000 BSN. Type an integer, either 1 or 2, for whether the router can connect to devices in one or more areas. 214664-B Rev 00

Chapter 11 Configuring IS-IS 211 Field CSNP Interval Re-Transmit Interval Description Type an integer between 1 and 600 for the number of seconds specified as the Complete Sequence Numbers Protocol Data value sent by a designated router to maintain database synchronization. Period of time between packet retransmissions. 4 Set the parameters as necessary. The Routing tab is redisplayed with the new ISIS Configuration entry. Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring an IS-IS trunk interface on page 211 Configuring a network entity title on page 215 Configuring a summary address on page 216 Configuring an area authentication on page 217 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 Configuring an IS-IS trunk interface To fully configure IS-IS on a Shasta BSN, you need to configure IS-IS on the trunk interface for the connection between the BSN and an ISP. Prerequisites The Shasta BSN device owner must have created a trunk connection. (See the topic, Creating trunk connections in the guide, Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0.) Log in to your SCS server with ISP priviledges. Create a trunk interface. Enable the IS-IS routing instance on the Shasta BSN. Shasta 5000 Broadband Service Node Provisioning Subscribers

212 Chapter 11 Configuring IS-IS Procedure 1 From the ISIS Configuration dialog box, click the Interface tab. The Interface tab opens (Figure 56). (To open the ISIS Configuration dialog box, see Adding IS-IS on page 209.) Figure 56 ISIS Configuration dialog box, Interface tab 2 Click Add. The ISIS Interface Configuration dialog box opens (Figure 57). 214664-B Rev 00

Chapter 11 Configuring IS-IS 213 Figure 57 ISIS Interface Configuration dialog box 3 Next to the Trunk Interface field, click Select to open the Trunk Interface Selection dialog box, where you can select the trunk interface that connects to the ISP. 4 In the Authentication area, select from the following authentication types to make the IS-IS trunk connection secure: None No authentication of packets is employed. Simple The receiving device uses a text password to validate a packet. Crypto The receiving devices uses an MD5 algorithm to validate a packet. 5 If the authentication type is Simple or Crypto, type a password in the Password field. 6 If the authentication type is Simple or Crypto, retype the password in the Retype Password field to confirm your choice of password. 7 If the authentication type is Crypto, type an integer in the Key ID field. 8 In the L1 Metric field, accept the default value (20) or type an integer (1-63) for the route path cost assigned to a router from only one area that is connecting to an IS-IS neighbor. Shasta 5000 Broadband Service Node Provisioning Subscribers

214 Chapter 11 Configuring IS-IS 9 In the L1 Priority field, accept the default value (64) or type a value (0-127) for Ethernet/Broadband media use. 10 In the L2 Metric field, accept the default value (20) or type an integer (1-63) for the route path cost assigned to routers from more than one area that is connecting to an IS-IS neighbor. 11 In the L2 Priority field, accept the default value (64) or type an integer (0-127) to specify that the device with the highest priority becomes the designated intermediate system. 12 In the Hello Interval field, accept the default value (3) or type a value from 1 to 21845 (seconds) as the interval time between Hello packets. 13 Select the L2 Only option if you want the Shasta 5000 BSN to connect only to Level 2 interfaces. You can select this only if the General router level is 2. 14 Select the IP Encap option if you want IP encapsulation performed. This option can be selected/deselected only for Ethernet trunks, and does not apply to ATM trunks. 15 Click OK. The Interface tab is redisplayed with the new trunk interface. Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring a network entity title on page 215 Configuring a summary address on page 216 Configuring an area authentication on page 217 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 214664-B Rev 00

Chapter 11 Configuring IS-IS 215 Configuring a network entity title IS-IS supports a networking standard, Connectionless Network Service (CLNS). CLNS networks support network entity title (NET) values. An NET is an ID that you supply to an IS-IS router that comprises both the ID of the area to which the router belongs and a system ID that identifies a unique ISP. The NET comprises 10 pairs of hexadecimal numbers, entered without any delimiting characters. The first three pairs in the number comprise the area ID, and the next six pairs comprise the system ID. Two zeroes always follow the system ID portion of the NET. A typical NET number is: 30303033333333333300 Prerequisites Log in to your SCS server with ISP priviledges. Enable and configure the IS-IS routing instance on the target Shasta BSN. Configure an IS-IS trunk interface. Procedure 1 In the ISIS Configuration dialog box, click the NET tab. The NET tab opens. 2 Click Add. The ISIS Net dialog box opens (Figure 58). Figure 58 ISIS Net dialog box 3 In the NET field, type a valid NET value and click OK. The NET tab is redisplayed with new value in the ISIS NET list. Shasta 5000 Broadband Service Node Provisioning Subscribers

216 Chapter 11 Configuring IS-IS Next steps You can repeat this procedure as needed to add more NET values, but for IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring a summary address on page 216 Configuring an area authentication on page 217 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 Configuring a summary address You can use the SCS client to configure an IS-IS summary address that aggregates the routes to multiple subnets into a single route. Prerequisites Log in to your SCS server with ISP priviledges. Enable and configure the IS-IS routing instance on the target Shasta BSN. Configure an IS-IS trunk interface. Procedure 1 In the IS-IS Configuration dialog box, select the Summary Address tab and click Add. The IS-IS Summary Address dialog box opens. 2 In the IP Address field, type the IP address of the network through which the multiple independent subnets are connected to the Shasta 5000 BSN. 3 In the Netmask field, type the subnet mask of the IS-IS summary address. 4 In the Cost field, type the routing metric used in the link-state calculation for the aggregate route (an integer between 1 and 63). 5 Click OK. The Summary Address tab is redisplayed with the summary route. 214664-B Rev 00

Chapter 11 Configuring IS-IS 217 Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring a network entity title on page 215 Configuring an area authentication on page 217 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 Configuring an area authentication Area authentication is a process by which devices assigned to an IS-IS area can be verified for authenticity. Prerequisites Log in to your SCS server with ISP priviledges. Enable and configure the IS-IS routing instance on the target Shasta BSN. Configure an IS-IS trunk interface. Procedure 1 In Device Manager, select a device from the device list and choose Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 2 In the Routing tab, select the Configure IS-IS option. 3 In the Area Auth tab, click Add. The IS-IS Area Auth Add dialog box opens (Figure 59). Shasta 5000 Broadband Service Node Provisioning Subscribers

218 Chapter 11 Configuring IS-IS Figure 59 IS-IS Area Auth Add dialog box 4 In the Auth Type field, choose from the following options: None No authentication required. Simple Password authentication required. Crypto (MD5) Encoded checksum performed. 5 If you chose Simple or Crypto authentication, type the password in the Password field. 6 If you typed a password in step 5, retype the password in the Retype Password field. 7 If you selected Cypto/MD5 authentication, type the Key ID that you want other MD5 devices to use. 8 Click OK. The Area Auth tab is redisplayed, showing the new authorization entry in the Area Auth list (Figure 60). 214664-B Rev 00

Chapter 11 Configuring IS-IS 219 Figure 60 IS-IS Configuration dialog box, Area Auth tab displaying net authorization entry Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks:: Configuring a network entity title on page 215 Configuring domain authentication on page 220 Configuring ISIS route importation on page 222 Shasta 5000 Broadband Service Node Provisioning Subscribers

220 Chapter 11 Configuring IS-IS Configuring domain authentication You can use the SCS client to configure IS-IS domain authentication, which is a method for verifying Shasta BSN interfaces that have router connections to different IS-IS areas. Prerequisites Log in to your SCS server with ISP priviledges. Enable and configure the IS-IS routing instance on the target Shasta BSN. Configure an IS-IS trunk interface. Procedure 1 In Device Manager, select a device from the device list and choose Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 2 In the Routing tab, select the Configure IS-IS option. 3 In the Domain Auth tab, click Add. The IS-IS Domain Authentication Add dialog box opens (Figure 61). Figure 61 Domain Authentication Add dialog box 4 In the Auth Type field, choose from the following options: None No authentication required. Simple Password authentication required. Crypto (MD5) Encoded checksum performed. 5 If you chose Simple or Crypto authentication, type the password in the password field. 214664-B Rev 00

Chapter 11 Configuring IS-IS 221 6 If you typed a password in step 5, retype the password in the Retype Password field. 7 If you chose Crypto/MD5 authentication, type the Key ID that you want other MD5 devices to use. 8 Click OK. The Domain Authentication tab is redisplayed with the new authorization entry in the Domain Auth list (Figure 62). Figure 62 IS-IS Configuration dialog box, Domain Auth Tab displaying new domain authorization Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring a network entity title on page 215 Shasta 5000 Broadband Service Node Provisioning Subscribers

222 Chapter 11 Configuring IS-IS Configuring an area authentication on page 217 Configuring ISIS route importation on page 222 Configuring ISIS route importation You can use the SCS client to configure route importation, which is a mechanism for advertising routes learned from one protocol into another protocol. Route importation uses route policies. For more information, see Route importation on page 93. Prerequisites Log in to your SCS server with ISP priviledges. Enable and configure the IS-IS routing instance on the target Shasta BSN. Configure an IS-IS trunk interface. Procedure 1 In Device Manager, select a device from the device list and choose Configure > Routing. The Configuration dialog box opens with the Routing tab displayed. 214664-B Rev 00

Chapter 11 Configuring IS-IS 223 Figure 63 Route Importation dialog box with route policy selected 2 In the Routing tab, select the Configure ISIS option. 3 In the Route Importation Tab, click the checkboxes for the types of routes you want to import into ISIS. The SCS client GUI enables the Route Policy button next to each Routes type that you selected. 4 Click the Route Policy button for any Routes type that you selected in step 3. The Connection Route Policy Selection dialog box opens. 5 Select a route policy from the list, or click New to create a policy. For more information about routing policies, see: Route policies on page 90 Configuring route policies on page 242 Shasta 5000 Broadband Service Node Provisioning Subscribers

224 Chapter 11 Configuring IS-IS 6 Click OK. The policy that you selected appears in the field under the Routes policy type that you selected in step 3. 7 Repeat steps 4 through 6 until you have selected a routing policy for each Routes type selected in step 3. Next steps For IS-IS routing to work on your Shasta BSN, you must also complete the following tasks: Configuring a network entity title on page 215 Configuring an area authentication on page 217 Configuring domain authentication on page 220 214664-B Rev 00

225 Chapter 12 Configuring IGMP The multicast Internet Group Management Protocol (IGMP) enables an ISP to proxy IGMP requests sent from subscribers to the Shasta BSN. Multicast IGMP proxy enables: Multicast replication to be done on a Shasta BSN, at the edge of the network, eliminating clutter from the core (a router or switch), freeing up bandwidth on a network, and increasing performance. A Shasta BSN administrator to dynamically maintain a multicast group and the subscribers in it. Each ISP to support its own multicast groups and subscriber members. The following topics describe how to configure multicast IGMP proxy functionality: Creating an ISP with IGMP services, next Creating an IGMP profile on page 229 Binding an IGMP profile to an access group on page 230 Creating a multicast subscriber or subscriber template on page 234 Enabling IGMP multicast on a trunk interface on page 237 For more information about IGMP on the Shasta BSN, see IGMP multicasting on page 86. In addition, see the following guide for information about establishing IGMP join limits across all SSPs in a Shasta BSN device: Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Shasta 5000 Broadband Service Node Provisioning Subscribers

226 Chapter 12 Configuring IGMP Creating an ISP with IGMP services To support IGMP proxy services, you must enable IGMP on the ISP s Shasta BSN device. The procedure below enables you to create a new ISP with IGMP enabled. If you already have an ISP and you want to enable IGMP, select the ISP within the ISP Manager, click Edit, perform step 4 below, and click OK. Prerequisites Log on to your SCS server with Device Owner privileges. Procedure 1 In the SCS main window, click the ISP Manager icon in the icon bar. The ISP Manager window opens (Figure 64). 214664-B Rev 00

Chapter 12 Configuring IGMP 227 Figure 64 ISP Manager window 2 Click Add. The New ISP dialog box opens (Figure 65). Figure 65 New ISP dialog box 3 In the ISP Name field, type a string that identifies the ISP you are creating and click OK. The ISP Configuration dialog box opens (Figure 66). Shasta 5000 Broadband Service Node Provisioning Subscribers

228 Chapter 12 Configuring IGMP Figure 66 ISP Configuration dialog box 4 Click IGMP-proxy. This enables the IGMP proxy feature for the ISP, which indicates that IGMP proxy services will be enabled for any subscriber connecting to that ISP. 5 In the TTL Threshold field, type a value that represents the Time to Live, or limit of number of hops you want your transmissions to take, before timing out. 6 Click Add. The Device selection dialog box opens (Figure 67). 214664-B Rev 00

Chapter 12 Configuring IGMP 229 Figure 67 Device selection dialog box 7 Click a Shasta 5000 BSN and click OK. The ISP Configuration dialog box opens displaying the Shasta BSN you selected in the ISP s device list. 8 Click OK. The ISP Manager window is redisplayed, showing the new ISP you have created in the ISP list. Next steps See Creating an IGMP profile on page 229. Creating an IGMP profile After enabling IGMP proxy services on an ISP, you must create an IGMP profile to establish runtime parameter values. Prerequisites See Creating an ISP with IGMP services on page 226 Shasta 5000 Broadband Service Node Provisioning Subscribers

230 Chapter 12 Configuring IGMP Procedure See Adding an IGMP profile on page 336. Next steps See Binding an IGMP profile to an access group on page 230. Binding an IGMP profile to an access group After enabling IGMP proxy services on an ISP, and after creating an IGMP profile, you must bind the profile to a subscriber access group. Prerequisites Log on to your SCS server with Device Owner priviledges. Complete the task, Creating an IGMP profile on page 229 Procedure 1 Perform the steps described in Creating an access group on page 341. 2 In Device Manager, select a device from the device list and choose Configure > Access Properties from the shortcut menu. The Configuration dialog box opens with the Access Properties tab displayed (Figure 68). 214664-B Rev 00

Figure 68 Configuration dialog box, Access Properties tab Chapter 12 Configuring IGMP 231 3 In Access Properties tab, select Access Groups from the navigation pane. The Access Groups table opens (Figure 69). Shasta 5000 Broadband Service Node Provisioning Subscribers

232 Chapter 12 Configuring IGMP Figure 69 Access Groups table 4 In the access group list, double-click an access group you created to support IGMP multicast services. (You can alternatively select the access group and click the Edit button.) The Access Group Configuration -- Group Management tab opens (Figure 70). 214664-B Rev 00

Chapter 12 Configuring IGMP 233 Figure 70 Access Group Configuration dialog box, Group Management tab 5 In the Group Management tab, select a device for which you want to create an IGMP Multicast access group and click Edit. The Adding Access Group Settings for Device dialog box opens. 6 In the IGMP area of the Adding Access Group Settings for Device dialog box, click Select. The IGMP Profile Selection dialog box opens (Figure 71). Shasta 5000 Broadband Service Node Provisioning Subscribers

234 Chapter 12 Configuring IGMP Figure 71 IGMP Profile Selection dialog box 7 Click the IGMP profile you just created and click OK. The Adding Access Group Settings for Device dialog box opens displaying the IGMP profile you have selected inserted in the IGMP Profile box in the IGMP area. 8 Click OK. Next steps Creating a multicast subscriber or subscriber template on page 234. Creating a multicast subscriber or subscriber template After enabling and configuring IGMP proxy services for an ISP on the Shasta BSN, you can bind the resulting IGMP access group to a subscriber or subscriber template. Prerequisites See Binding an IGMP profile to an access group on page 230. Procedure 1 Create a subscriber or subscriber template as described in: 214664-B Rev 00

Chapter 12 Configuring IGMP 235 Provisioning static subscribers on page 281 or: Configuring subscriber templates on page 286 2 Configure key identification and runtime parameters associated with the subscriber or subscriber template that you created in step 1. (See Configuring subscriber ID and operational parameters on page 290.) 3 Bind to the subscriber or subscriber template an access group that has an IGMP profile. (See Select an access group on page 292.) 4 In the IGMP Parameters area of the subscriber (or subscriber template) Multicast tab (Figure 72), click Inherit IGMP profile from Access group. Shasta 5000 Broadband Service Node Provisioning Subscribers

236 Chapter 12 Configuring IGMP Figure 72 Subscriber dialog box, Multicast tab 5 In the Multicast Send Parameters area, click Enable send from subscriber. 6 In the Multicast Receive Parameters area, click Enable receive from subscriber. 7 Click Activity Logging. This indicates that all activity associated with the IGMP multicast session will be forwarded to a log. 8 Click Accounting. This indicates that accounting statistics can be generated if an accounting profile has been applied to the Shasta BSN device accessed by the subscriber. 214664-B Rev 00

Chapter 12 Configuring IGMP 237 9 To enable the subscriber or subscriber template to join an existing multicast group: a b Click Multicast Group at the bottom of the dialog box. Type the IP address of the multicast group, which must be in the range of 224.0.0.0-239.255.255.255. 10 Click Add. The IP address of the multicast group is displayed in the Static Multicast groups for Subscriber area. Next steps Enabling IGMP multicast on a trunk interface on page 237. Enabling IGMP multicast on a trunk interface After you finish creating your IGMP proxy environment, you must enable IGMP on a trunk interface. Prerequisites You must complete the following tasks: Adding a trunk interface on page 125 Creating an ISP with IGMP services on page 226 Creating an IGMP profile on page 229 Binding an IGMP profile to an access group on page 230 Creating a multicast subscriber or subscriber template on page 234 Log on to your SCS server with ISP priviledges. Procedure 1 In Device Manager, select a device from the device list and choose Configure > Route Properties from the shortcut menu. 2 Click Trunk Interfaces. The device Configuration dialog box displaying the Trunk Interfaces tab. Shasta 5000 Broadband Service Node Provisioning Subscribers

238 Chapter 12 Configuring IGMP 3 Select a trunk interface. The Trunk Interface Configuration dialog box opens. (Figure 73). Figure 73 Configuration dialog box, Trunk Interfaces tab 4 Select the Multicast Uplink option. This indicates that a multicast uplink has been created. Multicast traffic is forwarded to both the access and the trunk side from the Shasta 5000 BSN. 5 In the Multicast Preference field, type a value in the between 1 and 65535. This assigns the most preferable IGMP Multicast uplink (or trunk interface) for the ISP. The higher the value, the higher priority the trunk interface receives. 214664-B Rev 00

Chapter 12 Configuring IGMP 239 6 Select the Accounting Enabled option to activate account billing. 7 Click OK. Next steps None. Shasta 5000 Broadband Service Node Provisioning Subscribers

240 Chapter 12 Configuring IGMP 214664-B Rev 00

241 Chapter 13 Configuring route policies and properties The Route Properties Manager enables you to configure policy-based routing to automate actions that the Shasta BSN will take with incoming packets based on whether prescribed conditions in various variables are met. Table 30 on page 245 lists the policy routing variables configurable on the Shasta BSN. In addition, the Route Properties Manager allows you to configure efficient routing through the use of BGP prefix lists, community lists, and AS paths. The following topics describe how to use the SCS Route Properties Manager: Opening the Route Properties Manager on page 241 Configuring route policies on page 242 Configuring prefix lists for BGP on page 263 Configuring autonomous system paths for BGP on page 269 Configuring BGP communities and community lists on page 273 For more information about route policies and properties, see Working with routing protocols, properties, and policies on page 71. Opening the Route Properties Manager You must use the SCS Route Properties Manager to configure routing policies and other routing properties, such as BGP prefix lists, community lists, and AS paths. Prerequisites Log on to your SCS server with ISP priviledges. Shasta 5000 Broadband Service Node Provisioning Subscribers

242 Chapter 13 Configuring route policies and properties Procedure In the Manager icon bar, click the Route Properties icon. The default Route Properties window opens. Next steps From the Route Properites manager, you can perform any of the following tasks: Configuring route policies on page 242 Configuring prefix lists for BGP on page 263 Configuring autonomous system paths for BGP on page 269 Configuring BGP communities and community lists on page 273 Configuring route policies You can use the Route Properties manager to: Add a route policy next Edit a route policy on page 258 Delete a route policy on page 263 Add a route policy Add a route policy to automate how the Shasta BSN processes and acts upon incoming packets, based on the conditions that you set in various policy variables. Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Procedure 1 In the Route Properties Manager window, click Add. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 243 The New Route Policy dialog box opens (Figure 74). To open the Route Properties Manager window, see Opening the Route Properties Manager on page 241. Figure 74 New Route Policy dialog box 2 Type a name and click OK. The Route Policy Configuration dialog box opens (Figure 75). Figure 75 Route Policy Configuration dialog box Next steps To complete a new route policy, complete the following procedures: Create a matching condition, next Set parameters to modify packets on a policy match on page 247 Set up a policy action on page 251 Enable policy event logging on page 253 Annotate a routing policy on page 256 Shasta 5000 Broadband Service Node Provisioning Subscribers

244 Chapter 13 Configuring route policies and properties The following table describes the columns in the Route Policy Configuration dialog box. Table 29 Columns in the Route Policy Configuration dialog box Column name Match Set Action Trace Remark Content Shows the matching condition that is applied to the incoming packet. To create a match, see Create a matching condition, next. Contains the attributes for a match. To set up match attributes, see Set parameters to modify packets on a policy match on page 247. Contains the action that is taken when the conditions are met. To define the action, see Set up a policy action on page 251. Enables or disables event logging. To log events, see Enable policy event logging on page 253. Contains additional details about the policy. To enter a remark, see Annotate a routing policy on page 256. Create a matching condition Route policies contain a matching condition, a rule created that is applied to an incoming packet. If the packet contains information that satisfies (matches) the rule, the packet is routed in a specific way. Typically the packet is forwarded to a desired destination. Matching conditions within a route policy enable you to control the behavior of packets traveling across a network. Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Add a new route policy. Procedure 1 In the Route Policy Configuration dialog box, right-click a cell in the Match column. To open the Route Policy Configuration dialog box, refer to Add a route policy on page 242. A shortcut menu opens with only the Add option active. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 245 2 Click Add. The SCS client displays a list of policy criteria that you can use to set a matching condition for a future action to be taken on an incoming packet. The following table describes the matching criteria. Table 30 Policy routing criteria Criteria Protocol Description AS Path Any Values that represent the priority of servicing of a packet traveling from one autonomous system to another. Community List BGP A group of addresses with a common tag in their header frames, for example, no advertise. Metric Any A random value assigned to weight traffic. The lower the value, the more priority the traffic has. Interface Any The protocol and port number that comprise a network interface. Prefix List Any A list of subnets, aggregated together, to identify a group of networks. Prefix Any An explicit subnet. Next Hop Any The address of the adjacent network outside the current subnetwork. Route Source Any The address of a device where a packet originates. Route Type BGP, OSPF, IS-IS Any of several designations for route classes, including external routes (routes that use other protocols than the current one), internal routes (the current route), level 1, and level 2 routes. Match Logic Any Select And/Or for matching. 3 Choose a policy criteria. A dialog box opens for the policy parameter you chose. A sample dialog box for the AS Path is shown in Figure 76. Shasta 5000 Broadband Service Node Provisioning Subscribers

246 Chapter 13 Configuring route policies and properties Figure 76 AS Path Prepend Object Insert dialog box 4 Select an item in the Included or Not Included list and click the appropriate pointing-hand icon to move the selected item to the desired list. If the items you want to select do not appear in the dialog box, you must create them. 5 Click OK. The matching condition with the parameter name in parentheses is shown in the Match cell. Figure 77 shows an example using AS Path as a sample matching condition and aspath-1 as the parameter name. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 247 Figure 77 Route Policy Configuration dialog box with as_patch matching condition and parameter name In the example in Figure 77, when packets enter the Shasta 5000 BSN from external BGP devices, they must have Autonomous System paths that match the path detailed in aspath-1 or no action is taken. An Autonomous System path is the precise route taken by a packet since it was transmitted by a BGP peer. Next steps To complete this route policy, complete the following procedures: Set parameters to modify packets on a policy match on page 247 Set up a policy action on page 251 Enable policy event logging on page 253 Annotate a routing policy on page 256 Set parameters to modify packets on a policy match You can configure a Shasta BSN to add a specific attribute to a matched packet. For example, if SCS detects that a packet has a desired Autonomous System path, you could direct the BSN to prepend the packet s AS Path variable with some new information. Shasta 5000 Broadband Service Node Provisioning Subscribers

248 Chapter 13 Configuring route policies and properties Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Add a new route policy. Procedure 1 In the Route Policy Configuration dialog box, right-click a cell in the Set column. To open the Route Policy Configuration dialog box, refer to Add a route policy on page 242. A shortcut menu opens with only the Add option active. 2 Click Add. A list of policy parameters is displayed (Figure 78). Figure 78 Route policy parameters attributes The policy parameter attributes are described in the following table. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 249 Table 31 Policy parameter attributes Criteria Parameters supported Description AS Path Prepend Any Values that represent the priority of servicing of a packet traveling from one autonomous system to another. Automatic Tag Any A response to a condition where a rule requirement in the Match cell has been met, directing the packet to take on a specified attribute. Community List BGP A group of addresses with a common tag in their header frames, for example, no advertise. Community Any A single address with a tag in its header frame, for example, no advertise. Next Hop Any The address of the adjacent network outside the current subnetwork. Local Preference BGP Sets a priority level for a neighbor path. The higher the value, the more likely the path will be used. Metric Any A random value assigned to weight traffic. The lower the value, the more priority the traffic has. Tag Any A response to a condition where a rule requirement in the Match cell has been met, directing the packet to take on a specified attribute. Weight Any A value set locally for a local router to make a decision on what path to use. Level IS-IS Any of several designations for route classes, including external routes (routes that use other protocols than the current one), internal routes (the current route), level 1, and level 2 routes. Metric Type BGP A designation scheme for prioritization of routes. Includes External-1 and External-2 as levels of priority. Origin Any The address of a device where a packet originates. 3 Click a policy parameter that you want to modify. An Object Insert dialog box opens for the policy parameter you chose. Figure 79 shows the dialog box for AS Path Prepend. Shasta 5000 Broadband Service Node Provisioning Subscribers

250 Chapter 13 Configuring route policies and properties Figure 79 As Path Prepend Object Insert dialog box 4 Type a value in the policy parameter field and click OK. The policy parameter with the attribute is displayed in the Set cell (Figure 80). Figure 80 Route Policy Configuration dialog box with policy parameter value in Set column In Figure 80, when packets enter the Shasta 5000 BSN from external BGP devices, they recognize the Shasta 5000 BSN as having a more costly path and direct packets to a less costly path. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 251 Next steps To complete this route policy, you must Set up a policy action on page 251. Optionally, you can also: Enable policy event logging on page 253 Enable policy event logging on page 253 Annotate a routing policy on page 256 Set up a policy action Once both a rule requirement has been met and a policy parameter value has been learned, then the packet can be either be forwarded on or rejected by the Shasta BSN. This response to the packet is known as an action. Actions are a key part of policy routing because they enable events to occur automatically based on preset conditions. Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Add a new route policy. Set parameters to modify packets on a policy match on page 247 Procedure 1 In the Route Policy Configuration dialog box, right-click a cell in the Action column. To open the Route Policy Configuration dialog box, refer to Add a route policy on page 242. A shortcut menu opens with two options: Permit and Deny (Figure 81). Shasta 5000 Broadband Service Node Provisioning Subscribers

252 Chapter 13 Configuring route policies and properties Figure 81 Route Policy Configuration actions The following table describes the route policy actions. Table 32 Route policy actions Action Permit Deny Description Permits the packets and forwards them on to the destination for which they are intended. Denys the packets and forwards them on to the destination for which they are intended. 2 Click an action. The action option that you selected is displayed in the Action cell. Figure 82 shows Permit as an example. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 253 Figure 82 Route Policy Configuration dialog box with Permit as the action type In the example shown in Figure 82, when packets enter the Shasta 5000 BSN from external BGP devices and meet the requirements of the matching condition for an AS-Path, the Shasta 5000 BSN accepts the packets and forwards them on to the destination for which they are intended. Next steps Next, you can perform any of the following routing policy configuration tasks: Enable policy event logging on page 253 Enable policy event logging on page 253 Annotate a routing policy on page 256 Enable policy event logging You can direct SCS to log policy routing events. Depending on how you set up your logging facility, you can read a list of events in various locations. Shasta 5000 Broadband Service Node Provisioning Subscribers

254 Chapter 13 Configuring route policies and properties Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Add a new route policy or open an existing route policy. Procedure 1 In the Route Policy Configuration dialog box, right-click a cell in the Trace column. To open the Route Policy Configuration dialog box, refer to Add a route policy on page 242. A shortcut menu opens with two options: Yes and No (Figure 83).. Figure 83 Route Policy Configuration dialog box with Trace options displayed The following table describes the Trace options. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 255 Table 33 Trace options Option Yes No Description Allows policy events to be sent to your logging facility. Denys policy events to be sent to your logging facility. 2 Choose a Trace option. The Trace option that you selected is shown in the Trace cell (Figure 84). Figure 84 Route Policy Configuration dialog box with logging enabled In Figure 84, when packets enter the Shasta 5000 BSN, SCS logs any events associated with policy routing of the packet. Next steps You can optionally: Annotate a routing policy on page 256. Shasta 5000 Broadband Service Node Provisioning Subscribers

256 Chapter 13 Configuring route policies and properties Annotate a routing policy You can annotate a routing policy by entering a remark in the routing policy Remark column. Remarks are helpful when you want to provide more explanation about the policy routing entry you have created. An example of a helpful remark would be to indicate that the policy routing entry is being used to discourage traffic to the Shasta BSN. Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Add a new route policy or open an existing route policy. Procedure 1 In the Route Policy Configuration dialog box, right-click a cell in the Remark column. To open the Route Policy Configuration dialog box, refer to Add a route policy on page 242. A shortcut menu opens with the Edit option (Figure 85). 214664-B Rev 00

Chapter 13 Configuring route policies and properties 257 Figure 85 Route Policy Configuration dialog box with Edit option 2 Click Edit. The Policy Rule Remark dialog box opens (Figure 86). Figure 86 Policy Rule Remark dialog box 3 Type a remark and click OK. The Route Policy Configuration dialog box is displayed with the remark you just entered in the Remark cell of the current policy routing entry (Figure 87). Shasta 5000 Broadband Service Node Provisioning Subscribers

258 Chapter 13 Configuring route policies and properties Figure 87 Route Policy Configuration dialog box with remark added Next steps If necessary, you can: Edit a route policy on page 258. Edit a route policy Use this procedure if you need to change an existing route policy for any reason. Prerequisites Log on to your SCS server with ISP priviledges. Open the Route Properties manager. Procedure 1 In the Route Properties window, click a policy in the Route Policy list. 2 Click Edit. The Route Policy Configuration dialog box opens showing the policy you selected (Figure 88). 214664-B Rev 00

Chapter 13 Configuring route policies and properties 259 Figure 88 Route Policy Configuration dialog box 3 Click a cell. To change the conditions for the match, see Create a matching condition on page 244. Table 30 describes the editing options for this column. To set policy parameter attributes, see Set parameters to modify packets on a policy match on page 247. Table 31 describes the editing options for this column. To change the action, see Set up a policy action on page 251. To log the action, see Enable policy event logging on page 253. To change the remark, see Annotate a routing policy on page 256. The following table lists the editing options for the Match and Set columns in the Route Policy Configuration dialog box. Shasta 5000 Broadband Service Node Provisioning Subscribers

260 Chapter 13 Configuring route policies and properties Table 34 Editing options for the Match and Set columns in the Route Policy Configuration dialog box Option Add Edit Delete Copy Cut Paste Description Displays a popup menu containing routing policy parameters. By clicking on any of these parameters, SCS displays the Object Insert dialog box for the selected parameter, enabling you to add it as a matching condition or a set parameter. Displays the Object Edit dialog box, enabling you to change values set for the current routing policy parameter, replace the current routing policy parameter with a new parameter or delete the current routing policy parameter. Removes the current routing policy parameter. Creates a duplicate of the current routing policy parameter and stores it in a buffer for pasting. Removes the current routing policy parameter and stores it in a buffer for pasting. Copies the most recently cut routing policy paramter into the cell. An example of the shortcut menu for the Match column is shown in Figure 89. Figure 89 Route policy configuration Match Options Menu with active options 4 Click Edit. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 261 The Object Edit dialog box opens for the current route policy parameter in the Match or Set column. Note that the current route policy parameter appears in the Included list. A sample Object Edit dialog box using the as_path policy parameter in the Match column for policy-1 is shown in Figure 90. Figure 90 AS Path Object Edit dialog box 5 Change the current routing policy parameter in one or more of the following ways: To assign a second policy routing parameter, click another policy in the Not Included list and click on the right-pointing hand to add it to the Included list. In the Match or Set columns, click Reset to remove all policy routing parameters from the routing policy. In the Match or Set columns, click All to include all policy routing parameters in the routing policy. To remove the existing policy routing parameter, select it in the Included list and click the left-pointing hand to move it to the Not Included list. Figure 91 shows aspath-2 as the current policy routing parameter, replacing aspath-1. Shasta 5000 Broadband Service Node Provisioning Subscribers

262 Chapter 13 Configuring route policies and properties Figure 91 Replacing the current policy routing parameter for a match condition 6 When you are satisfied with the changes you have made, click OK. The Route Policy Configuration dialog box with the changed policy routing parameters is displayed as shown in Figure 92. Figure 92 Route Policy Configuration dialog box with changed as_path match condition Next steps None. 214664-B Rev 00

Delete a route policy To delete a route policy: Chapter 13 Configuring route policies and properties 263 1 In the Route Properties window, click a policy in the Route Policy list. 2 Select the route policy to be deleted, policy-1, for example, and click Delete. A warning message appears, asking if you really want to delete the route policy. 3 Click Yes. The Route Properties Manager window reappears with the selected route policy no longer displayed. Configuring prefix lists for BGP A prefix list consists of a set of BGP prefix addresses (networks) treated as an addressable group. By bundling networks into a prefix list, you can efficiently change attributes for all list members. For more information, see: Prefixes on page 82 Prefix lists on page 83 You can use the SCS client to perform the following tasks: Add a prefix list to BGP, next Edit a prefix list for BGP on page 267 Delete a prefix list from BGP on page 269 Add a prefix list to BGP Create a prefix list for any group of networks you need to bundle for more efficient BGP configuration. Prerequisites Log on to the Shasta BSN with device_owner privileges. Shasta 5000 Broadband Service Node Provisioning Subscribers

264 Chapter 13 Configuring route policies and properties Enable BGP on the device. Identify a group of networks for which you have previously created BGP prefix address entries. Procedure 1 In the Route Properties Manager window, click Prefix List in the navigation tree. 2 Click Add. The New Prefix List dialog box opens (Figure 93). Figure 93 New Prefix List dialog box 3 Type a name for the prefix list and click OK. The Prefix List Configuration dialog box opens (Figure 94). 214664-B Rev 00

Chapter 13 Configuring route policies and properties 265 Figure 94 Prefix List Configuration dialog box 4 Click Add. The New Prefix dialog box opens (Figure 95). Figure 95 New Prefix dialog box The following table describes the fields in the New Prefix dialog box. Shasta 5000 Broadband Service Node Provisioning Subscribers

266 Chapter 13 Configuring route policies and properties Table 35 New Prefix dialog box fields Field IP Address Netmask From Upto OrLonger Description Type the IP address of a prefix or subnetwork in dotted-decimal notation. Displays a list of subnet masks. Type a value between 1 and 32 to define the lower limit of the host portion of the subnetwork. Type a value between 1 and 32 to define the upper limit of the host portion of the subnetwork. If you do not want to provide an upper limit, click OrLonger to specify no upper limit. Specifies that there is no upper limit to the host portion of the subnetwork. 5 Set the parameters for the new prefix and click OK. The Prefix List Configuration dialog box is redisplayed with the new prefix information (Figure 96). Figure 96 Prefix List Configuration dialog box with new prefix added 214664-B Rev 00

Chapter 13 Configuring route policies and properties 267 6 Click OK. The Route Properties Manager window is redisplayed with the new prefix list in the Prefix List. Next steps Repeat this procedure as needed to create additional BGP prefix lists, or if necessary, you can: Edit a prefix list for BGP on page 267. Edit a prefix list for BGP You can use the SCS client to edit the name of a BGP prefix list, or to edit BGP prefix address entries. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Identify a group of networks for which you have previously created BGP prefix address entries. Procedure 1 In the Route Properties Manager window, click Prefix List in the navigation tree. A list of configured prefix lists, if any, is shown in the Prefix List. 2 Click a prefix and click Edit. The Prefix List Configuration dialog box opens with the prefix displayed in the prefix list (Figure 97). To change the name of the prefix list, type a new name in the Prefix List Name field. Shasta 5000 Broadband Service Node Provisioning Subscribers

268 Chapter 13 Configuring route policies and properties Figure 97 Prefix List Configuration dialog box 3 Click a Prefix and click Edit. The Prefix Configuration dialog box opens with the current settings (Figure 98). Figure 98 Prefix Configuration dialog box 4 Change the settings as appropriate and click OK. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 269 The fields are described in Table 35 on page 266. The Prefix List Configuration dialog box is redisplayed with the changed settings. 5 Click OK. The Route Properties Manager window is redisplayed. If you changed the prefix list name, it is shown in the Prefix List. Next steps Repeat this procedure as needed to modify existing BGP prefix lists in your Shasta BSN configuration. Delete a prefix list from BGP To delete a prefix list: 1 In the Route Properties Manager window, click Prefix List in the navigation tree. A list of configured prefix lists, if any, is shown in the Prefix List. 2 Click a prefix list to be deleted, and click Delete. A warning message box is displayed, asking if you really want to delete the selected prefix list. 3 Click Yes. The Route Properties Manager window is redisplayed and the prefix list you deleted is not shown in the Prefix List. Configuring autonomous system paths for BGP An autonomous system (AS) is a BGP router set that operates in a distinct system, generally a subnetwork. A BGP AS can attempt to link up with another AS and form a peer relationship with that AS. When it attempts to locate a peer AS, a route or path is traversed that becomes relevant to identifying the peer AS. Typically, an AS being contacted by a peer AS attempts to learn the peer AS s path before allowing packets it has generated to be received. This path is known as an AS path. Shasta 5000 Broadband Service Node Provisioning Subscribers

270 Chapter 13 Configuring route policies and properties You can use the SCS client to perform the following BGP AS configuration tasks: Add an AS path, next Edit an AS path on page 272 Delete an AS path on page 273 Add an AS path You can use the SCS client to define the path (AS path) between two BGP autonomous systems. You add these paths as entries in an AS Path List table. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Identify BGP autonomous systems for which you need to define a connecting AS path on the Shasta BSN. Procedure 1 In the Route Properties Manager window, click AS Path in the navigation tree. A list of configured AS paths, if any, is shown in the AS Path list. 2 Click Add. The New AS Path List dialog box opens (Figure 99). Figure 99 New AS Path List dialog box 3 In the AS Path List Name box, type a string you want to be the name of the new AS Path List and click OK. The AS Path List Configuration dialog box opens (Figure 100). 214664-B Rev 00

Chapter 13 Configuring route policies and properties 271 Figure 100 AS Path List Configuration dialog box 4 Click Add. The New AS Path dialog box opens (Figure 101). Figure 101 New AS Path dialog box 5 Enter an AS Path number (1-65535), with or without regular expression symbols for the desired meaning (for example, *, +,., -, _, {, }, (, ), <space_character>, ^, $, and? ), and click OK. The AS Path List Configuration dialog box reopens, displaying the new AS path identifier. 6 Click OK. The Route Properties Manager window reopens, displaying the new AS Path in the AS Path List. Shasta 5000 Broadband Service Node Provisioning Subscribers

272 Chapter 13 Configuring route policies and properties Next steps Repeat this procedure as neede to define more AS paths between BGP autonomous systems, or if necessary, you can: Edit an AS path on page 272. Edit an AS path You can use the SCS client to modify any AS path identifier in the AS Path List table. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Identify BGP AS paths for which you need to define a new AS path identifier. Procedure 1 In the Route Properties Manager window, click AS Path in the navigation tree. A list of configured AS paths, if any, appears in the AS Path list 2 Click an AS path and click Edit. The AS Path List Configuration dialog box opens with the selected AS path displayed in the AS Path Identifier List. 3 Click Edit. The AS Path Configuration dialog box opens displaying the identifier for the AS path you selected. 4 Type a new AS Path identifier (1-65535), with or without regular expression symbols for the desired meaning (for example, *, +,., -, _, {, }, (, ), <space_character>, ^, $, and? ), and click OK. The AS Path List Configuration dialog box reopens, displaying the new AS path identifier. 5 Click OK. 6 The Route Properties Manager window reopens, displaying the new AS Path in the AS Path List. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 273 Next steps Repeat this procedure as necessary to modify the AS path identifier associated with any AS path previously configured on your Shasta BSN device. Delete an AS path To delete an AS path: 1 In the Route Properties Manager window, click AS Path in the navigation tree. A list of configured AS paths, if any, is shown in the AS Path list. 2 Click a path you want to delete and click Delete. A warning message opens, asking if you really wish to delete the selected autonomous system path. 3 Click Yes. The Route Properties Manager window is redisplayed with the selected AS path deleted from the AS Path list. Configuring BGP communities and community lists The Shasta BSN supports community lists for BGP. Each community list is a table that contains community entries. Each entry is represented by unique numeric Community Value, which you can configure using the SCS client. You can also use the SCS client to activate the following properties across all members of a BGP community list. Table 36 Properties to share across BGP communities Property Local AS Internet Description Routes must not be advertised to external BGP peers (this includes peers in other members autonomous systems inside a BGP confederation). Routes must not be advertised to Internet BGP peers. Shasta 5000 Broadband Service Node Provisioning Subscribers

274 Chapter 13 Configuring route policies and properties Table 36 Properties to share across BGP communities Property No Advertise No Export Description Routes must not be advertised to other BGP peers Routes must not be advertised outside a BGP confederation boundary (a stand-alone autonomous system that is not part of a confederation should be considered a confederation itself). After creating community lists, you can also use the SCS client to configure any Community attribute value as a filter within a routing policy. Use the SCS client to perform the following BGP community list configuration tasks: Add a community to a community list, next Edit a community list on page 277 Delete a community list on page 280 Add a community to a community list Add a community list to efficiently define BGP communities that share certain routing properties in common. Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Identify BGP communities that can share any of these routing properties: Local AS Internet No Advertise No Export Procedure 1 In the Route Properties Manager window, click Community in the navigation tree. A list of configured community lists, if any, is shown in the Community List. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 275 2 Click Add. The New Community List dialog box opens (Figure 102). Figure 102 New Community List dialog box 3 Type a name for the community list you and click OK. The Community List Configuration dialog box opens (Figure 103). Figure 103 Community List Configuration dialog box 4 Click Add. The New Community dialog box opens. Shasta 5000 Broadband Service Node Provisioning Subscribers

276 Chapter 13 Configuring route policies and properties A community value field enables you to enter two-part value that will identify the community you are creating. The value is separated into a left and a right value. Both values on the left and right can be between 0 and 65535. 5 Type in a value in each field and click OK. The Community List Configuration dialog box is redisplayed with the new community value displayed in the Community Value list (Figure 104). Figure 104 Community List Configuration dialog box with new community value 6 In the upper portion of the dialog box, check one or more properties that you want to share across all members of the community list. Table 36 describes the available community attributes. Activate the appropriate attributes. The following figure shows the No Advertise and No Export properties selected. 214664-B Rev 00

Chapter 13 Configuring route policies and properties 277 Figure 105 Community List Configuration dialog box with new community value 7 Click OK. The Route Properties Manager window is redisplayed with the new community shown in the Community List. Next steps Configure any Community attribute value as a filter within a routing policy. See Configuring route policies on page 242. Edit a community list Edit a community list to modify the list name or common properties, or to modify Community entries. Shasta 5000 Broadband Service Node Provisioning Subscribers

278 Chapter 13 Configuring route policies and properties Prerequisites Log on to the Shasta BSN with device_owner privileges. Enable BGP on the device. Identify existing BGP community lists that you need to modify. Procedure 1 In the Route Properties Manager window, click Community in the navigation tree. A list of configured community lists is shown in the Community List. 2 Click a community and click Edit. The Community List Configuration dialog box opens (Figure 106). Figure 106 Community List Configuration dialog box 214664-B Rev 00

Chapter 13 Configuring route policies and properties 279 3 In the Community List Name field, type a new name if you want to change the current name of the community list. 4 Click a community value in the Community List and click Edit. The Community Configuration dialog box opens. 5 Type new values and click OK. The Community List Configuration dialog box is redisplayed with the new values shown in the Community Value list (Figure 107). Figure 107 Community List Configuration dialog box with changed values 6 To change the community attributes, do one of the following: Click a check mark to remove the attribute. Click a box to add the attribute. 7 Click OK. Shasta 5000 Broadband Service Node Provisioning Subscribers

280 Chapter 13 Configuring route policies and properties The Route Properties Manager window is redisplayed with the modified community. Next steps Repeat this procedure as needed to modify other BGP community lists or list entries. Delete a community list To delete a community list: 1 In the Route Properties Manager window, click Community in the navigation tree. A list of configured community lists is shown in the Community list. 2 Click a community list and click Delete. A warning message opens, asking if you really wish to delete the selected community list. 3 Click Yes. The Route Properties Manager window is redisplayed with the community removed from the Community list. 214664-B Rev 00

281 Chapter 14 Configuring subscribers The following topics describe how to add and provision subscribers on a Shasta BSN device: Provisioning static subscribers on page 281 Provisioning dynamic subscribers on page 285 Configuring subscriber ID and operational parameters on page 290 Configuring subscriber outbound trunking on page 308 Configuring subscriber addressing on page 313 Selecting a subscriber access routing protocol on page 323 Configuring subscriber services on page 328 Configuring subscriber NetRIO client access on page 328 Deleting subscribers on page 329 Provisioning static subscribers Note: In the following introduction to provisioning static subscribers, links and italicized words indicate elements an ISP must preconfigure on one or more Shasta BSN devices. Static subscribers can access the Shasta BSN by dedicated connection or by IP address. The subscriber access method (also called access method binding, or the access method bound to the subscriber) determines other Shasta BSN resources an ISP may need to configure directly in the subscriber record. After initially creating a subscriber, an ISP must complete the following configuration tasks directly in the subscriber record: Shasta 5000 Broadband Service Node Provisioning Subscribers

282 Chapter 14 Configuring subscribers Configuring subscriber ID and operational parameters on page 290 Configuring subscriber outbound trunking on page 308 Configuring subscriber addressing on page 313 Selecting a subscriber access routing protocol on page 323 For static subscribers who must access the Shasta BSN by dedicated connection, see Add a static subscriber on a dedicated connection, following. For static subscribers who must access the Shasta BSN by IP address, see Add a static subscriber to an IP demux container on page 284. Add a static subscriber on a dedicated connection Before you configure any subscriber fields, you need to assign a name to the subscriber. Prerequisites Log on to the SCS server as device owner. Create the subscriber access connection. Assign the access connection to the ISP. Log on to the SCS server with ISP privileges. Select the Subscriber Manager tool. Procedure 1 In the Subscriber Manager window, select a domain. The subscribers in the selected domain are displayed. 2 Click Add. The Subscriber Configuration dialog box opens (Figure 108). 214664-B Rev 00

Figure 108 Subscriber Configuration dialog box Chapter 14 Configuring subscribers 283 3 In the Username field, enter a subscriber name. 4 Next to the Customer field, click the Select button to select the Customer name previously associated with the domain and subscriber. 5 Click OK. The Subscriber dialog box opens with the Identification tab displayed. 6 In the Access Method Binding area, select Dedicated Connection. The Connection ID and Encapsulation fields become active. 7 Click Select to select a dedicated access connection. The SCS GUI opens a list of access connections available on the Shasta BSN. Choose a connection and click OK. 8 From the Encapsulation submenu, choose an encapsulation for subscriber packets on this connection. This selection affects the appearance of the Subscriber Addressing tab. 9 See Configuring subscriber ID and operational parameters on page 290. Shasta 5000 Broadband Service Node Provisioning Subscribers

284 Chapter 14 Configuring subscribers Next steps Configuring subscriber ID and operational parameters on page 290. Add a static subscriber to an IP demux container A static child subscriber in this context has a preconfigured IP address that falls within the range of IP addresses allocated to its parent IP demux container. Prerequisites Log on to the SCS server as device owner. Create the subscriber access connection. Assign the access connection to the ISP. Log on to the SCS server with ISP privileges. Create an IP demux container on the subscriber s access connection. Procedure 1 In Subscriber Manager, double-click a customer in the navigation pane. The customer s subscribers and their respective domains are displayed in the Subscribers list. 2 Click Add. The Subscriber Configuration dialog box opens (Figure 11 on page 113). 3 In the username (account identifier) field, type a name that contains the same prefix used in the Account Identifier for the subscriber s IP demux container, and that contains child and a static subscriber name for a suffix. (For example, container2-child-johnson. This is a suggested convention for easier container and subscriber identification, and is not a requirement. 4 Select a customer for the subscriber. 5 Click OK. The Subscriber dialog box opens with the Identification tab in the foreground. 6 In the Access Method Binding area, click By IP Address. 7 Click the Addressing tab. 214664-B Rev 00

Chapter 14 Configuring subscribers 285 The Addressing tab opens. 8 Click Select to the right of the IP Demux Subscriber field. The IP Demux Subscriber Selection dialog box is displayed. 9 Select the container that has the same prefix as the child you are creating. 10 Click OK. SCS displays the container you selected in the IP Demux Subscriber box. 11 If the subscriber is on a bridged subnet behind the access connection, add the subscriber s statically assigned IP address in the Bridged Addresses area of the Subscriber Addressing tab. If the subscriber is on a reachable subnet behind the access connection, add the address of that subnet in the reachability area of the Subscriber Addressing tab. 12 Click OK. SCS displays the Subscriber Manager window with the new static child subscriber in the list of subscribers 13 Configure any remaining subscriber access parameters. Next steps Configuring subscriber ID and operational parameters on page 290. Provisioning dynamic subscribers Note: In the following introduction to provisioning dynamic subscribers, links and italicized words indicate elements an ISP must preconfigure on one or more Shasta BSN devices. Dynamic subscribers can access the Shasta BSN by IP address or by username. Shasta 5000 Broadband Service Node Provisioning Subscribers

286 Chapter 14 Configuring subscribers The subscriber access method determines other Shasta BSN resources an ISP may need to provision in a subscriber template, which the BSN can apply to the subscriber. The template applied depends on whether the dynamic subscriber accessed the BSN by IP address or by username. By the first access method, a subscriber dynamically acquires an IP address assigned by a DHCP server, or by the Shasta BSN from a locally configured address pool. The Shasta BSN detects the newly assigned address, and if it exists within the address space configured for an IP demux container on the subscriber s access connection, the BSN automatically: Creates the IP demux dynamic child subscriber, adding it to the container and to the ISP s subscriber base. (See also Subscriber IP mux/demux on shared access connections on page 36.) Applies a forced subscriber template to the subscriber. For dynamic subscribers who access the Shasta BSN by IP address, the BSN generates the subscriber name by combining sub with the subscriber s IP address, for example: sub-10.10.118.60. By the second access method, at least the subscriber username or realm/username and domain must be authenticated against subscriber data stored on an LDAP server or RADIUS server. (Additional authentication factors may be required, for example, a SecurID token). Upon successfully authenticating a subscriber, the Shasta BSN automatically: Creates the dynamic subscriber, adding it to the ISP subscriber base. Applies a matched subscriber template to the subscriber. For dynamic subscribers who access the Shasta BSN by username, the BSN generates the subscriber name as <subscriber>@<domain>. Configuring subscriber templates for the Shasta BSN to automatically create dynamic subscribers, you must create and configure a subscriber template (also called a template subscriber, since you use the SCS Subscriber Manager to create one). The subscriber template provides a set of predefined parameters, profiles, and services to apply to dynamic subscribers attempting to access to the Shasta BSN. 214664-B Rev 00

Chapter 14 Configuring subscribers 287 After initially creating a subscriber template, an ISP must complete the following template configuration tasks: Configuring subscriber ID and operational parameters on page 290 Configuring subscriber outbound trunking on page 308 Configuring subscriber addressing on page 313 Selecting a subscriber access routing protocol on page 323 For dynamic subscribers who access the Shasta BSN by IP address, see Create a forced subscriber template on page 287 For dynamic subscribers who access the Shasta BSN by username, see: Create a wildcard domain or subdomain matched template on page 288 Create a wildcard matched template on page 289 Create a forced subscriber template The Shasta BSN applies the forced subscriber template to all subscribers within an IP demux container, regardless of the subscriber s domain name. Prerequisites Log on to the SCS server with ISP privileges. Procedure 1 In the manager icon bar, click Subscribers. The Subscriber Manager window opens. 2 To view subscribers, click the appropriate domain or customer from the navigation bar. 3 Click Add. The Subscriber Configuration dialog box opens (Figure 108 on page 283). 4 In the Username field, enter a name for the template. 5 Check the Subscriber Template checkbox. The Subscriber Template Settings fields are enabled. Shasta 5000 Broadband Service Node Provisioning Subscribers

288 Chapter 14 Configuring subscribers 6 In the Subscriber Template Settings region, select Forced Subscriber Template. 7 Select from the following types of forced templates: Non-authenticated subscriber template Non-authenticated with bridge group Authenticated 8 Click OK. The Subscriber dialog box opens. 9 To configure the forced subscriber template, use the same steps you use to configure access parameters for any subscriber. (See Configuring subscriber ID and operational parameters on page 290.) Note: When you create a subscriber template, the Addressing tab of the Subscriber Configuration dialog box is disabled. The addressing of a subscriber is determined by the IP demux container that you later bind to the template. Next steps Configuring subscriber ID and operational parameters on page 290. Create a wildcard domain or subdomain matched template Wildcard subscriber templates are used to autogenerate subscriber records by matching the domain name of the login string to the domain name of the template. For example, a subscriber logging in with a login string user@aol.com matches a subscriber template *@aol.com. A subdomain wildcard template matches subscribers based on their subdomains, for example, *@*.aol.com, corresponding to <anyuser>@<anysubdomain>.aol.com. Prerequisites Log on to the SCS server with ISP privileges. 214664-B Rev 00

Procedure Chapter 14 Configuring subscribers 289 1 In Subscriber Manager, select the appropriate domain or customer from the navigation bar. 2 Click Add. The Subscriber Configuration dialog box opens (Figure 108 on page 283). 3 In the Username field, enter a name for the template. 4 Check the Subscriber Template checkbox. The Subscriber Template Settings fields are enabled. 5 In the Subscriber Template Settings region, click Matched Subscriber template. 6 Click either Username Template or Subdomain template. 7 Use the same steps you use to configure subscriber access parameters to configure the wildcard domain or subdomain subscriber template. (See Configuring subscriber ID and operational parameters on page 290.) 8 In the Advanced tab (Figure 109 on page 290), select the Don t Pull option if you do not want the Shasta BSN to pull subscriber records that match this template from the SCS pull server. 9 Select the Use for ISP Selection to use the subscriber template when users try to log in on a connection that is not bound to the ISP. Next steps Configuring subscriber ID and operational parameters on page 290. Create a wildcard matched template A wildcard matched template is used as a default to catch all subscribers that do not match any other templates. The wildcard template is in the form *@*, simulating <anyuser>@<anydomain>. Prerequisites Log on to the SCS server with ISP privileges. Shasta 5000 Broadband Service Node Provisioning Subscribers

290 Chapter 14 Configuring subscribers Procedure 1 In the navigation bar of the Subscriber Manager window, select Browse by Customer or Browse by Domain. 2 In the *@* Subscriber region, click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 Follow the same steps you use to configure subscriber access parameters to configure the matched subscriber template. (See Configuring subscriber ID and operational parameters on page 290.) 4 Click Advanced. The Advanced tab opens. (Figure 109) Figure 109 Subscriber Advanced tab 5 Select the Don t Pull option if you do not want the Shasta BSN to pull subscriber records that match this template from the SCS pull server. Select the Use for ISP Selection to use the subscriber template when users try to log in on a connection that is not bound to the ISP. Next steps Configuring subscriber ID and operational parameters on page 290. Configuring subscriber ID and operational parameters To specify the detailed identification and operating parameters for a static subscriber, or in a subscriber template for dynamic subscribers, complete the tasks shown below, as required for each type of subscriber: 214664-B Rev 00

Chapter 14 Configuring subscribers 291 Table 37 Tasks for configuring subscriber identification and operating parameters Task: Static subscribers: Dynamic subscribers: Assign a subscriber name on page 291 Required N/A -- Subscriber names dynamically generated by the Shasta BSN. Select an access group on page 292 Select a subscriber VPRN on page 294 Required for non-tunneled access Required for tunneled and encrypted access to a VPRN. Select a subscriber IP demux container on page 295 Specify subscriber packet MTU size on page 297 Use when a dedicated access connection is not available or required. Required Required for any subscribers attempting access to the Shasta BSN by IP address. Configure subscriber backup/redundant routes on page 298 Configuring an access method on page 299 Optional for L3 backup/redundancy for subscriber RIP and static access routes. Required Prerequisites The prerequisites for all of the above tasks are: Log on to the SCS server with ISP privileges. Create a new static subscriber, or a subscriber template for dynamic subscribers. Assign a subscriber name If you have not already done so, you should determine and set an account name for each static subscriber, or subscriber template for dynamic subscribers, before you configure other subscriber parameters. Prerequisites Provisioning static subscribers on page 281. Configuring subscriber templates on page 286 Shasta 5000 Broadband Service Node Provisioning Subscribers

292 Chapter 14 Configuring subscribers Procedure 1 In Subscriber Manager, select a subscriber or subscriber template in the *@* Subscribers region. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Account Information area of the Identification tab, in the Account Identifier field, you can edit the name of the subscriber account. This value may include a billing number. 4 See Next Steps, below. Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Select an access group on page 292 Configuring an access method on page 299 Select a subscriber VPRN on page 294 Select a subscriber IP demux container on page 295 Specify subscriber packet MTU size on page 297 Configure subscriber backup/redundant routes on page 298 Select an access group An access group is a named set of preconfigured access profiles (for example, defining RADIUS, DHCP, or IGMP behavior) that an ISP can assign (bind) to a static subscriber, or to a subscriber template for autogenerating dynamic subscribers. Prerequisites Log on to the SCS server with ISP priviledges. Create a set of access profiles appropriate for your subscriber base. Complete other tasks mentioned in Configuring subscriber ID and operational parameters on page 290. 214664-B Rev 00

Chapter 14 Configuring subscribers 293 Procedure To assign an access group to a static subscriber or a subscriber template for dynamic subscribers: 1 Open the Subscriber Manager and select a static subscriber or a subscriber template for dynamic subscribers. The Subscriber dialog box opens with the Identification tab displayed. 2 In the Access Method Binding area of the Identification tab, select Dedicated Connection, By Username, or By IP Address. 3 In the Membership area, click Select to the right of the Group field. The Access Group Selection dialog box opens (Figure 110). Figure 110 Access Group Selection dialog box 4 From the list of access groups in the Access Group Selection dialog box, select an access group to which you want the subscriber to belong. 5 Click OK. The Access Group Selection dialog box is redisplayed with the access group name in the Group field. Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Shasta 5000 Broadband Service Node Provisioning Subscribers

294 Chapter 14 Configuring subscribers Select a subscriber VPRN on page 294 Specify subscriber packet MTU size on page 297 Configuring an access method on page 299 Select a subscriber IP demux container on page 295 Configure subscriber backup/redundant routes on page 298 Select a subscriber VPRN A VPRN is a network of subscribers on a public IP network, but their traffic travels from one network to another by using protocols that transparently tunnel through the public network, isolating and creating privacy for these subscribers. You can optionally configure encryption/decryption for traffic sent over a VPRN tunnel. You can bind a VPRN to a static subscriber or to a subscriber template for dynamic subscribers. Prerequisites See Configuring subscriber ID and operational parameters on page 290. Procedure 1 Open the Subscriber Manager and select a static subscriber or a subscriber template for dynamic subscribers. The Subscriber dialog box opens with the Identification tab displayed. 2 Click Member of VPRN. The Select button to the right of the field is activated. 3 Click Select. The VPRN Selection dialog box opens (Figure 111). 214664-B Rev 00

Chapter 14 Configuring subscribers 295 Figure 111 VPRN Selection dialog box 4 Select a VPRN from the list. 5 Click OK. The Access Group Selection dialog box is redisplayed with the VPRN name in the VPRN field. 6 See Next Steps, below. Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Specify subscriber packet MTU size on page 297 Configuring an access method on page 299 Select a subscriber IP demux container on page 295 Configure subscriber backup/redundant routes on page 298 Select a subscriber IP demux container You must select an IP demux container in the IP Demux area of the Subscriber Identification tab if you are configuring any of the following: Shasta 5000 Broadband Service Node Provisioning Subscribers

296 Chapter 14 Configuring subscribers A static child subscriber who must connect to the Shasta BSN on an Ethernet, VLAN, or ATM access connection, using the access method, by IP address. A subscriber template that the Shasta BSN applies to all automatically created dynamic child subscribers who may attempt to join an IP demux container configured on an Ethernet, VLAN, or ATM access connection. Prerequisites Create a subscriber or subscriber template, and see Configuring subscriber ID and operational parameters on page 290. Create and assign an Ethernet, VLAN, or ATM access connection to the ISP. Create access profiles and bind them to an access group. Create service profiles appropriate for the dynamic child subscribers. Bind the access group and the service profile to the subscriber or subscriber template. Create an IP demux container on the access connection to be shared by static and dynamic subscribers. Configure IP addressing for the IP demux container. Procedure 1 Open the Subscriber Manager and select a static subscriber or a subscriber template for dynamic subscribers. The Subscriber dialog box opens with the Identification tab displayed. 2 In the IP Demux area of the Identification tab, enable the IP Demux Container option and click Select to choose an existing container. 3 See Next Steps, below. Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Select a subscriber VPRN on page 294 Specify subscriber packet MTU size on page 297 Configuring an access method on page 299 Configure subscriber backup/redundant routes on page 298 214664-B Rev 00

Specify subscriber packet MTU size Chapter 14 Configuring subscribers 297 The MTU defines how large a packet can be transmitted between the subscriber and the Shasta BSN. The default MTU for any subscriber is 1500 bytes in length. You can set the MTU size for: An IP demux static child subscriber A subscriber template that the Shasta BSN can apply to all IP demux dynamic child subscribers. Prerequisites See Configuring subscriber ID and operational parameters on page 290. Procedure To configure interface information: 1 Open the Subscriber Manager and select a static subscriber or a subscriber template for dynamic subscribers. The Subscriber dialog box opens with the Identification tab displayed. 2 In the Interface area of the Identification tab, click in the (Layer 3) MTU area. 3 Type a number for the Maximum Transmission Unit (MTU) or accept the default value, 1500 bytes. 4 See Next Steps, below. Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Select a subscriber VPRN on page 294 Configuring an access method on page 299 Select a subscriber IP demux container on page 295 Configure subscriber backup/redundant routes on page 298 Shasta 5000 Broadband Service Node Provisioning Subscribers

298 Chapter 14 Configuring subscribers Configure subscriber backup/redundant routes You can configure backup/redundant routing for ISP and VPN subscriber RIP and static access routes. This feature ensures that the Shasta BSN: Recognizes a backup or redundant access routing interface for a specific ISP or VPN subscriber. Automatically implements a higher administrative cost or distance for backup/redundant RIP and static access routes for the subscriber. (The BSN uses 247 as the cost for RIP backup/redundant access routes, and 244 as the cost for static backup/redundant access routes.) Prefers routes learned over the subscriber s primary L3 interface, since these routes automatically have a lower administrative cost: 120 for RIP access routes, 1 for static access routes. Forwards packets over the backup/redundant L3 access interface when the primary L3 access interface is down. Prerequisites Log on to your SCS server with ISP access priviledges. Procedure 1 Create a subscriber or subscriber template as described in: Provisioning static subscribers on page 281 or: Configuring subscriber templates on page 286 2 Configure key identification and runtime parameters associated with the subscriber or subscriber template that you created in step 1. (See Configuring subscriber ID and operational parameters on page 290.) 3 In the Interface area of the Subscriber Identification tab, click Use as backup. 4 Click OK. 214664-B Rev 00

Chapter 14 Configuring subscribers 299 Next steps Follow the instructions for any of the following tasks, as appropriate for your provisioning requirements: Select a subscriber VPRN on page 294 Configuring an access method on page 299 Select a subscriber IP demux container on page 295 Specify subscriber packet MTU size on page 297 Configuring an access method If you have not already done so, you can configure a subscriber to access the Shasta BSN by any of the methods listed in the following table: Table 38 Subscriber access methods Access the Shasta BSN by: Dedicated connection To configure, see: Configure subscriber access by dedicated connection on page 299 Username Configure subscriber access by username on page 303 IP address Configure subscriber access by IP address on page 305 The method you choose causes the SCS client to activate or deactivate (gray-out) various configurable items on the subscriber dialog tabs. Configure subscriber access by dedicated connection This access method enables a static subscriber to connect to a Shasta BSN access port over: A dedicated layer-1 connection (for example, a leased line) A dedicated channel (for example, a DS-n or OC-n channel) A dedicated ATM PVC (VPI/VCI) Shasta 5000 Broadband Service Node Provisioning Subscribers

300 Chapter 14 Configuring subscribers Once an outbound trunk connection between the Shasta BSN and an IP network (internet or enterprise LAN) has been configured, this static subscriber can be connected continuously to a service provider s IP network. This access method also enables you to select an encapsulation type, allowing the subscriber to use different access protocols over the subscriber-side and trunk-side access connections, for example, PPPOE, 1483-LLC-B (bridging), or 1483-LLC-R (routing). Your choice of encapsulation type determines the appearance of the addressing tab in the subscriber or template dialog. Prerequisites Log on to the SCS server with ISP privileges. Create a static subscriber Provision a dedicated access connection (over a line, channel, or PVC). Procedure 1 Open the Subscriber Manager and select a static subscriber or a subscriber template for dynamic subscribers. The Subscriber dialog box opens with the Identification tab displayed. 2 In the Access Method Binding area of the Identification tab, next to the Connection ID field, choose Dedicated Connection. The Access Connection Selection dialog box opens (Figure 112). 214664-B Rev 00

Figure 112 Access Connection Selection dialog box Chapter 14 Configuring subscribers 301 3 Select an access connection from the table on the right, and click OK. The Identification tab is redisplayed with the Connection ID and Encapsulation type (if configured) of the selected Connection shown in the corresponding fields in the Access Method Binding area. 4 In the Encapsulation list, select one of the following types, click OK, and then refer to the indicated topic for more configuration instructions: Table 39 Encapsulations available for subscriber access connections Encapsulation type: 1483-LLC-R 1483R-VCmux-R-IP PPP/AAL5-VCmux-IP For applications, see: Configure addressing for a subscriber behind an access router on page 314 Shasta 5000 Broadband Service Node Provisioning Subscribers

302 Chapter 14 Configuring subscribers Table 39 Encapsulations available for subscriber access connections Encapsulation type: For applications, see: 1483-LLC-B Configure addressing for a subscriber on a bridged subnet on page 316 Opaque Configuring VLLs in the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. Note: If you do not want to select any of these encapsulations, click Always Proxy ARP. Depending upon the encapsulation type you select, the parameter boxes shown in the following table are activated or deactivated, requiring further configuration in various subscriber identification tabs. Table 40 Subscriber identification conditionally enabled parameters Field Value Description Authentication Authentication - Password Bridge Addr. Range - From Bridge Addr. Range - To Radius Local None (default) A text string A valid IP address, for example, 10.10.100.20. A valid IP prefix, for example, 10.10.100.30. Via a RADIUS server Via the Shasta 5000 BSN No authentication Password for authentication (for Local authentication only) Starting IP address of the Bridge Range Ending IP address of the Bridge Range Bridge Group A pre-defined Bridge Group Bridge group of the subgroup (via a selection mechanism) Local Address Local Address (Bridge/Gateway) A valid IP address, Unnumbered (default) A valid IP address, for example, 10.10.100.1. IP address of the local end on the Shasta 5000 BSN IP address of the gateway or local end on the Shasta 5000 BSN 214664-B Rev 00

Chapter 14 Configuring subscribers 303 Table 40 Subscriber identification conditionally enabled parameters (continued) Field Value Description Peer Address Reachability - Netmask Reachability - Prefix VLL Point A valid IP address, Unspecified (default) A valid netmask, for example, 255.255.255.02. A valid IP prefix, for example, 10.10.11.0. No Yes IP address of the remote end Netmask of the reachable IP subnet Reachable IP subnet prefix To be an end-point of VLL 5 Click OK. Next steps Configuring subscriber outbound trunking on page 308 Configure subscriber access by username This access method enables a subscriber to connect to a service provider s IP network upon verification of the subscriber s name (username), without having available any dedicated access connections. After successfully authenticating this subscriber, the Shasta BSN automatically creates or generates a dynamic child subscriber with the name, sub-<ip_address>. Prerequisites Log on to the SCS server with ISP privileges. Configure a means for subscriber authentication (for example, create a RADIUS or LDAP profile) Create an access tunnel set (for example, L2TP, IPSEC, or GRE). Create a subscriber template, and bind the RADIUS or LDAP profile, and the access tunnel set, to that template. Procedure 1 In Subscriber Manager, select a subscriber in the *@* Subscribers region. 2 Click Edit. Shasta 5000 Broadband Service Node Provisioning Subscribers

304 Chapter 14 Configuring subscribers The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area, click By Username. 4 Click the Outbound Tunneling tab. The Outbound Tunneling tab opens (Figure 116). Note that both the No Layer 2 Tunneling and Tunnel via L2TP (LAC) options are active and the Tunnel via L2TP (LAC) option is enabled. Figure 113 Subscriber *@* Outbound Tunneling dialog box 5 Click Select. The Tunnel Set Selection dialog box opens (Figure 117). 214664-B Rev 00

Chapter 14 Configuring subscribers 305 Figure 114 Tunnel Set Selection dialog box 6 Click a Tunnel Set and click OK. The Outbound Tunneling dialog box is redisplayed with the Tunnel Set field displaying the Tunnel Set you selected. Next steps Configuring subscriber outbound trunking on page 308 Configure subscriber access by IP address This access method enables a subscriber to connect to a service provider s IP network upon verification of the subscriber s IP address. The address must match within the range of addresses previously configured for an IP demux container of subscribers. The IP address can be statically configured for a static subscriber or dynamically assigned by a DHCP server to a dynamic subscriber. Prerequisites Log on to the SCS server with ISP privileges. Create an IP demux container Configure IP addressing for the IP demux container. Create an IP demux static child subscriber Configure IP addressing for the static child subscriber Shasta 5000 Broadband Service Node Provisioning Subscribers

306 Chapter 14 Configuring subscribers Procedure 1 In Subscriber Manager, double-click a customer in the navigation pane. The customers and their respective domains are displayed in the Subscribers list. 2 Click Add. The Subscriber Configuration dialog box opens (Figure 108 on page 283). 3 In the username field, type username with child as a suffix, using the same prefix as the one you used for the container you created. 4 Click OK. The Subscriber dialog box appears with the Identification tab in the foreground. 5 In the Access Method Binding area, click By IP Address. 6 Click the Addressing tab. The Addressing tab opens. 7 Click Select to the right of the IP Demux Subscriber field. The IP Demux Subscriber Selection dialog box is displayed. 8 Select the container that has the same prefix as the child you are creating. 9 Click OK. SCS displays the container you selected in the IP Demux Subscriber box in the Subscriber Addressing Window. 10 Add the subscriber s static IP address to the Bridged Addresses area and, if the subscriber is behind a CPE device (router), add a reachability address in the Reachability region. 11 Click OK. SCS displays the Subscriber Manager window with the new child subscriber list. Next steps Configuring subscriber outbound trunking on page 308 214664-B Rev 00

Chapter 14 Configuring subscribers 307 Enabling/disabling subscriber subdomain/realm login The owner of a registered domain (such as nortelnetworks.com) has the freedom to create any realms (subdomains) they require, such as us.nortelnetworks.com or ca.nortelnetworks.com. Adding a realm name to a subscriber FQDN typically results in the following login syntax: realm/user@domain For example: AOA/bob_user@bellnorth.net A Shasta BSN CLI superuser can set up each device to accept logins of this form. (An SCS user cannot configure this feature using the SCS client GUI at this time.) When configured in this way, the BSN device interprets realm/user@domain as user@realm.domain. The BSN can then authenticate the subscriber and match the subscriber to the correct subscriber template. For more information about subscriber domains, subdomains, and realms, see Domains, subdomains, and realms on page 46. Prerequisites Have BSN CLI superuser login priviledges. Log on to a BSN device. Procedure After logging on to a BSN device: 1 Enable the BSN to recognize subscriber logins of the form realm/ user@domain by entering the following command: set realm mode=domain 2 To retain this setting across BSN resync/reboot operations, save the change to BSN quickstart configuration file: save config qs1 Shasta 5000 Broadband Service Node Provisioning Subscribers

308 Chapter 14 Configuring subscribers 3 Repeat this procedure for each BSN device you want to recognize subscriber realm/user@domain logins. Next steps You can disable realm/user@domain recognition on the device by entering the following command: set realm mode=isp To retain this setting, repeat step 2 of the above procedure. Configuring subscriber outbound trunking After configuring the connection between the subscriber and the Shasta 5000 BSN, you must configure the outbound trunking method to use between the Shasta 5000 BSN and a service provider s IP network. Depending on the subscriber s access method, you can configure subscriber outbound trunking to be implemented with or without the use of tunnels (L2TP, PPPoE, GRE, or IPSec). Within the SCS client, you perform this task in the Outbound Tunneling tab of the Subscriber dialog box in the SCS Subscriber Manager. The subscriber access method you choose in the Subscriber Identification tab affects your available outbound trunking options. The following table directs you to a procedure appropriate for the access method you choose for each subscriber: Table 41 Subscriber outbound trunking per access method Subscriber s access method By dedicated connection By IP address By username Task/procedure reference Configure subscriber outbound trunking without tunnels on page 309 Configure subscriber outbound trunking with tunnels on page 310 For more information about outbound tunneling on the Shasta BSN, see Subscriber outbound tunneling on page 49. 214664-B Rev 00

Chapter 14 Configuring subscribers 309 Configure subscriber outbound trunking without tunnels When you configure a subscriber to access the Shasta BSN by dedicated connection or by IP address, you can only configure outbound trunking without the use of tunnels for this subscriber. Prerequisites Log on to the SCS server with ISP privileges. Provision either a dedicated access connection (for access by dedicated connection) or an IP demux container (for access by IP address) Provision an outbound trunk connection (over a dedicated channel or PVC) between the Shasta BSN and an IP service provider s network. Create either a static subscriber who can use the dedicated access connection, or create an IP demux container, which can accommodate one or more static child subscribers. Configure an access method for the subscriber. Procedure 1 In Subscriber Manager, select a subscriber in the *@* Subscriber region. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area, click Dedicated Connection. 4 Select the connection ID and encapsulation method as described in Configuring an access method on page 299. 5 Click the Outbound Tunneling tab. The Outbound Tunneling tab opens (Figure 115). Shasta 5000 Broadband Service Node Provisioning Subscribers

310 Chapter 14 Configuring subscribers Figure 115 Outbound Tunneling tab Note: The default setting for the No Layer 2 Tunneling option is enabled and you cannot disable it. This option results in an outbound trunking method that does not use any tunnel set, but instead uses either a dedicated trunk channel or PVC. Next steps Configuring subscriber addressing on page 313 Configure subscriber outbound trunking with tunnels When you configure a subscriber to access the Shasta BSN by username, you must select a tunnel set (PPPoE, L2TP, GRE, or IPSec) as the means to support outbound trunking for this subscriber. 214664-B Rev 00

Chapter 14 Configuring subscribers 311 Prerequisites Log on to the SCS server with ISP privileges. Configure a means for subscriber authentication (for example, create a RADIUS or LDAP profile) Create an access tunnel set (for example, L2TP, IPSEC, or GRE). Create a subscriber template for these dynamic subscribers, and bind the RADIUS or LDAP profile, as well as the access tunnel set, to that template. Configure the access method, by username in the subscriber template. Procedure 1 In Subscriber Manager, select a subscriber in the *@* Subscribers region. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area, click By Username. 4 Click the Outbound Tunneling tab. The Outbound Tunneling tab opens (Figure 116). Note that both the No Layer 2 Tunneling and Tunnel via L2TP (LAC) options are active and the Tunnel via L2TP (LAC) option is enabled. Shasta 5000 Broadband Service Node Provisioning Subscribers

312 Chapter 14 Configuring subscribers Figure 116 Subscriber *@* Outboard Tunneling dialog box 5 Click Select. The Tunnel Set Selection dialog box opens (Figure 117). Figure 117 Tunnel Set Selection dialog box 214664-B Rev 00

Chapter 14 Configuring subscribers 313 6 Click a Tunnel Set and click OK. The Outbound Tunneling dialog box is redisplayed with the Tunnel Set field displaying the Tunnel Set you selected. Next steps Configuring subscriber addressing on page 313 Configuring subscriber addressing The configuration context in which each subscriber resides substantially determines how you must configure addressing (IP, encapsulation type, and so on) for that subscriber on the Shasta BSN. For example, you can: Configure addressing for a static subscriber on a dedicated connection on page 313 Configure addressing for an IP demux static child subscriber on page 314 Configure addressing for a subscriber behind an access router on page 314 Configure addressing for a subscriber on a bridged subnet on page 316 Configure addressing for a subscriber in a bridge group on page 317 Configure addressing for a subscriber tunneling through an ATM bridge on page 319 Configure addressing for a static subscriber on a dedicated connection You must configure the IP address of any static subscriber on a dedicated connection. You perform this action directly in the subscriber record, using the Subscriber Manager. See Configure subscriber access by IP address on page 305. Shasta 5000 Broadband Service Node Provisioning Subscribers

314 Chapter 14 Configuring subscribers Configure addressing for an IP demux static child subscriber If you anticipate adding static child subscribers to an IP demux container on an Ethernet access port, you must configure the addressing of the container as well as the addressing for each of its static child subscribers. To configure the addressing for the subscribers IP demux container, see Configuring IP demux on page 111. To configure the addressing and encapsulation for any IP demux static child subscriber, see Add a static subscriber to an IP demux container on page 284. Configure addressing for a subscriber behind an access router With this procedure, you can configure the Shasta BSN to use the following addressing conventions for subscribers behind a router device: Use the default IP address or a specific IP address of the subscriber s local router An unspecified IP address (automatically assigned from an address pool) or a specific IP address at the peer (ISP) virtual router. Prerequisites A Shasta BSN device owner must create an access connection and assign it to the ISP for the subscriber. Log on to the SCS server with ISP privileges. Create an access group for the subscriber. Create a DHCP profile and bind it to the access group. Create a static subscriber. Bind the access group to the static subscriber. Procedure 1 In Subscriber Manager, select a Customer, then select the subscriber from the list of subscribers. 214664-B Rev 00

Chapter 14 Configuring subscribers 315 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area of the Subscriber Identification Window, click Dedicated Connection. 4 Select 1483-LLC-R from the Encapsulation list. 5 Click the Addressing tab. The Addressing tab opens. 6 In the Routing Parameters area of the Addressing tab, use one of the following configurations to establish the IP address of the subscriber s router at one end of the dedicated access connection: Leave Unnumbered (Use Default IP address) checked on. Uncheck Unnumbered (Use Default IP address) and enter the address of a specific IP interface on the subscriber s local router. Also select an appropriate Local Netmask value. If you want this address to be hidden from the ISP, additionally check Hidden from ISP. 7 In the Routing Parameters area of the Addressing tab, use one of the following configurations to establish the IP address of the ISP virtual router (Shasta BSN) at the opposite end of the subscriber s dedicated access connection: Leave Unspecified checked on, allowing the ISP s virtual router to assign an IP interface address and netmask value from its own address pool. Uncheck Unnumbered (Use Default IP address) and enter the address of a specific IP interface on the Shasta BSN. Also select an appropriate Local Netmask value. If you want this address to be hidden from the ISP, additionally check Hidden from ISP. 8 Click OK. Next steps Repeat this procedure for each subscriber that you have behind an access router. Selecting a subscriber access routing protocol on page 323 Shasta 5000 Broadband Service Node Provisioning Subscribers

316 Chapter 14 Configuring subscribers Configure addressing for a subscriber on a bridged subnet With this configuration, virtual circuits (VCs) connect the Shasta BSN to a subscriber location. Each VC connection supports an IP subnet owned by the subscriber. Each subnet can have a unique subnet mask. Each subscriber site can have as many subscriber hosts, compatible to the local subnet, as its IP address space allows. At the Shasta BSN, no preconfiguration of IP addresses is required. The following figure illustrates this scenario. Figure 118 Independent bridged subnet Subscriber 14.1.1.46/30 Internet 20.1.1.15/24 14.1.1.45/30 Shasta 5000 BSN DSL 20.1.1.16/24 Modem-Bridge 1483/R VC1 0/101 Router 10.1.1.41/24 10.1.1.12/24 VC1 0/102 14.1.1.20/28 1483/B DSL Modem- Bridge Subscriber Subscriber 14.1.1.21/28 14.1.1.22/28 Subscriber 14.1.1.46/30 SPM Server 10146EA Prerequisites You must be logged in as device-owner with an ISP profile. Create the 1483 Bridged connections for DSL access. (Repeat this step for each required 1483 Bridged connection.) Select the Connection Type as Access and the Encapsulation Type as 1483-LLC-B. Ensure that the VPI/VCI settings (0/101) match those in the ATM device at the other end of the connection. (VPI/VCI settings between two endpoints must be matched in the subscriber provisioning system.) 214664-B Rev 00

Chapter 14 Configuring subscribers 317 Procedure 1 In Subscriber Manager, select a Customer, then select the subscriber from the list of subscribers. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area of the Subscriber Identification Window, click Dedicated Connection. 4 Select 1483-LLC-B from the Encapsulation list. 5 Click the Addressing tab. The Addressing tab opens. 6 In the Bridged Parameters area of the Addressing tab, leave Independent Bridged Subnet checked on. 7 Enter the IP address of a specific bridged subnet and select a Netmask value appropriate for that subnet. If you want this address to be hidden from the ISP, additionally check Hidden from ISP. 8 In the Reachability area of the Addressing tab, enter the IP address and netmask value of any subscriber behind a router that is also connected to the independent bridged subnet. 9 Click OK. Next steps Selecting a subscriber access routing protocol on page 323 Repeat this procedure for each 1483 Bridged connection (per VC) that you require. Configure addressing for a subscriber in a bridge group In this configuration (Figure 119), all subscriber hosts on the access side reside on the same subnet. All subscriber traffic routes through the Shasta 5000 BSN as the default gateway for the subnet. Shasta 5000 Broadband Service Node Provisioning Subscribers

318 Chapter 14 Configuring subscribers Figure 119 Subscribers with access through a bridge group Subscriber Subscriber DSL Modem-Bridge Internet DSL Modem-Bridge Subscriber Subnet-A Shasta 5000 BSN (Aggregator) DSL Modem-Bridge Subscriber Subscriber Subscriber 10102EA 214664-B Rev 00 Prerequisites The Shasta BSN device owner must create access connections over ATM VCs for the DSL subscribers, and must assign those connections to the ISP for the subscribers. The Connection Type is Access and the Encapsulation Type is 1483-LLC-B (bridged encaps). Ensure that the VPI/VCI settings match those in the ATM-DSL bridge device at the other end of each connection. (VPI/VCI settings between two endpoints must be matched in the SCS configuration.) Log on to your SCS server with ISP priviledges. Create a bridge group for all subscribers using the Shasta BSN as the default gateway for the subnet. Procedure To configure the bridged subnets for each ATM virtual circuit: 1 In Subscriber Manager, select a Customer, then select the subscriber from the list of subscribers. 2 Click Edit.

Chapter 14 Configuring subscribers 319 The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area of the Subscriber Identification Window, click Dedicated Connection. 4 Select a VC access connection with LLC-1483-B encapsulation. 5 Click the Addressing tab. The Addressing tab opens. 6 In the Bridged Parameters area of the Addressing tab, select Member of Bridge Group. 7 Enter or Select the name of the bridge group. 8 In the Reachability area of the Addressing tab, enter the IP address and netmask value of any subscriber behind a router that is also connected to the bridge group. 9 Click OK. Next steps Selecting a subscriber access routing protocol on page 323 Repeat this procedure for each subscriber behind a 1483 Bridged access connection (per VC). Configure addressing for a subscriber tunneling through an ATM bridge With this configuration, you extend a subscriber s PPP session by means of a PPPoE tunnel across the subscriber s Ethernet segment (Figure 120). Shasta 5000 Broadband Service Node Provisioning Subscribers

320 Chapter 14 Configuring subscribers Figure 120 Subscribers tunneled across an Ethernet LAN segment Internet Shasta 5000 BSN (Aggregator) ATM VCs Ethernet Segment DSL Modem-Bridge ATM Bridge DSL Modem-Bridge DSL Modem-Bridge Subscriber PPPoE tunnel PPPoE tunnel PPPoE tunnel Subscriber Subscriber Subscriber Subscriber Subnet-A Subscriber Subscriber Subscriber Subscriber 10102EA 214664-B Rev 00 This process emulates the Internet dial model, with Authentication, Authorization, and Accounting (AAA) and dynamic destination capabilities. Prerequisites The Shasta BSN device owner must create an access connection between that device and the ATM bridge, and must assign the connection to the ISP for the subscriber. Log on to your SCS server with ISP priviledges. Create a subscriber template for dynamic subscribers accessing the Shasta BSN by username. Create a PPPoE tunnel set for each anticipated subscriber. Procedure 1 In Subscriber Manager, select a subscriber from the *@* list of dynamic subscribers. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Access Binding Method area, click by Username.

Chapter 14 Configuring subscribers 321 4 Click the Outbound Tunneling tab. The Outbound Tunneling tab opens. 5 Click Select. The Tunnel Set Selection dialog box opens (Figure 117). Figure 121 Tunnel Set Selection dialog box 6 Click a PPPoE Tunnel Set and click OK. The Outbound Tunneling dialog box is redisplayed with the Tunnel Set field displaying the Tunnel Set you selected. Next steps Selecting a subscriber access routing protocol on page 323 Repeat this procedure for each subscriber who needs to tunnel into the Shasta BSN from behind an ATM bridge. Configuring a subscriber addressing pool There are two ways to configure an address pool from which IP addresses can be requested and assigned to dynamic subscribers: Shasta 5000 Broadband Service Node Provisioning Subscribers

322 Chapter 14 Configuring subscribers Dynamic Host Control Protocol (DHCP) services -- A, method used to automatically request and receive IP address assignments from an address pool on a DHCP server. You must configure a DHCP server profile on the Shasta BSN to enable it to act as DHCP Relay Agent. For more information about DHCP, see DHCP profiles on page 63. For information about how to configure a DHCP profile, see Adding a DHCP profile on page 334. Shasta BSN device Access Properties -- See Create a subscriber addressing pool on page 322. Create a subscriber addressing pool Prerequisites See overview information about the two ways in which you can configure an IP addressing pool. Procedure 1 In Device Manager, right-click the Shasta BSN on which you want to configure access properties and choose Configure > Access Properties from the shortcut menu. The Device Configuration dialog box opens with the Access Properties tab displayed. 2 Select Address Pools from the navigation pane. The Address Pools window opens. 3 Click Add. The Address Pool Configuration dialog box is displayed. 4 In the Name field, type a name for the address pool. 5 In the Starting IP Address field, type an IP address. 6 In the Netmask field, select the netmask. 7 Click Select to choose an access group from the Access Group Selection dialog box, or click Clear to clear the information. 8 Click OK. 9 The Address Pools window is redisplayed with the new address pool in the list. 214664-B Rev 00

Chapter 14 Configuring subscribers 323 Next steps None. Selecting a subscriber access routing protocol The Shasta BSN supports routing on the access side (from the Shasta BSN toward the subscriber) and on the outbound trunking side (from the Shasta BSN toward the ISP backbone or the corporate enterprise backbone). All routing protocol parameters configurable for the trunk side are also configurable for the access side. For the Shasta BSN, routing applies to individual subscribers only. That is, you cannot configure routing within the context of a subscriber template. You can configure a routing protocol on the access side for each subscriber. (The default configuration is none, or no routing.) Any protocol that you choose should match the routing protocol used by the subscriber or the subscriber s subnet. Prerequisites The Shasta BSN device owner must create access connections for subscribers, and then assign those connections to subscriber ISPs. Log on to your SCS server with ISP priviledges. For any static or dynamic subscriber you want to add to an Ethernet connection, create an IP demux container on that connection. Create any of the following you require: A static subscriber (for dedicated access connections) An IP demux static child subscriber (for Ethernet/IP-demux access connections) A subscriber template for dynamic subscribers accessing the Shasta BSN by username. Create any access groups that you may require. Create access and service profiles and bind them to the appropriate access groups. Bind an access group to each subscriber or subscriber template. Shasta 5000 Broadband Service Node Provisioning Subscribers

324 Chapter 14 Configuring subscribers Procedure 1 In Subscriber Manager, select a dedicated subscriber or subscriber template for dynamic subscribers. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 3 In the Routing Protocol tab, select one of the following routing protocols: RIP BGFP OSPF None After you select a protocol, the tab is redisplayed with the fields associated with that routing protocol. Figure 122 shows the Routing Protocol tab with the RIP fields displayed. 214664-B Rev 00

Figure 122 Routing Protocol tab with RIP fields displayed Chapter 14 Configuring subscribers 325 Figure 123 shows the Routing Protocol tab with the BGP fields displayed. Shasta 5000 Broadband Service Node Provisioning Subscribers

326 Chapter 14 Configuring subscribers Figure 123 Routing Protocol tab with BGP fields displayed Figure 124 shows the Routing Protocol tab with the OSPF fields displayed. 214664-B Rev 00

Chapter 14 Configuring subscribers 327 Figure 124 Routing Protocol tab with OSPF fields displayed 4 In the Routing Protocol tab, configure values in the routing paramet fields as needed. 5 Click OK Next steps Configuring subscriber services on page 328 Configuring subscriber NetRIO client access on page 328 Shasta 5000 Broadband Service Node Provisioning Subscribers

328 Chapter 14 Configuring subscribers Configuring subscriber services For information about subscriber services and how to configure them, see the following topics in the guide, Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 : Introduction to Service Policies Provisioning Services Configuring subscriber NetRIO client access You can set parameters within the SCS Subscriber Manager to provide any subscriber with NetRIO (web-based) access to his or her own SCS usage statistics. Prerequisites You must be logged in as device-owner with an ISP profile. For any static or dynamic subscriber you may need to add to an Ethernet connection, create an IP demux container and configure its addressing as described in Configuring IP demux container addressing on page 116. Create any of the following you require: A static subscriber (for dedicated access connections) An IP demux static child subscriber (for Ethernet/IP-demux access connections) A subscriber template for dynamic subscribers accessing the Shasta BSN by username. For any subscriber template that you create, configure and bind to that template any service profiles appropriate for dynamic subscribers accessing the Shasta BSN by username. Procedure 1 In Subscriber Manager, select a subscriber in the *@* Subscribers region. 2 Click Edit. The Subscriber dialog box opens with the Identification tab displayed. 214664-B Rev 00

Chapter 14 Configuring subscribers 329 3 Select the Account tab. The Account tab is displayed. 4 In the Multicast area, select the Default NetRIO Account option. The device name that you are configuring is displayed in the NetRIO Username field. 5 In the NetRIO Password field, type the password of the Shasta 5000 BSN. 6 Click OK. Next steps Configure NetRIO access parameters for any subscriber who want to access their own statistics using the NetRIO application. Deleting subscribers Delete static and dynamic subscribers, as necessary. Prerequisites None. Procedure 1 In Subscriber Manager, select a subscriber from the Subscribers table. 2 Click Delete. A warning message opens asking if you wish to delete this subscriber. 3 Click Yes. The Subscriber Manager window is redisplayed and the subscriber is removed from the table. Shasta 5000 Broadband Service Node Provisioning Subscribers

330 Chapter 14 Configuring subscribers 214664-B Rev 00

Chapter 15 Configuring subscriber access profiles 331 You use the SCS Access Properties Manager to define access profiles in which you set global parameters for a specific protocol such as DHCP or RADIUS. These parameter settings are shared by interfaces or subscribers. Note: The Access Properties Manager is available only to users with ISP or DO&ISP access. The following table summarizes the access profiles configurable by an ISP or ISP&DO user. Table 42 ISP-configurable access profiles Profile Description To configure, see: RADIUS DHCP IGMP PPP Accounting Properties for applying RADIUS, a service for authenticating and authorizing dial-up services. Properties for using Dynamic Host Control Protocol (DHCP), a method used to automatically retrieve IP addresses from an address pool. Properties for working with Internet Group Management Protocol (IGMP), a method that hosts use to join or remove themselves from multicast groups. Properties for working with Point-to-Point Protocol (PPP) a method used to encapsulate and transmit IP datagrams over point-to-point links. Properties for IP billing and accounting of the subscriber. Adding a RADIUS profile, next. Adding a DHCP profile on page 334. Adding an IGMP profile on page 336. Adding a PPP profile on page 338 Configuring subscriber accounting on page 345 Shasta 5000 Broadband Service Node Provisioning Subscribers

332 Chapter 15 Configuring subscriber access profiles Table 42 ISP-configurable access profiles (continued) Profile Description To configure, see: IPSEC IKE Properties for using IPSec, a standard used for creating security protocols in a virtual private network. Properties for working with IKE, a standard used for providing security information for IPSec. Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Adding a RADIUS profile Remote Authentication Dial-In Service (RADIUS) is a service for authenticating and authorizing dial-up users. A typical site has an access server attached to a modem pool. A RADIUS server is attached to the network as a third-party authentication service. Remote users dial in to the access server, and the access server requests authentication services from the RADIUS server. Prerequisites Log on to the SCS server as an ISP or ISP&DO user. Procedure 1 In the Access Properties Manager window navigation tree, click RADIUS Profiles. The RADIUS Profiles window opens with a list of configured RADIUS profiles, if any, shown on the right. 2 Click Add. The New Radius Profile dialog box opens (Figure 125). Figure 125 New RADIUS Profile dialog box 3 Type a profile name and click OK. The RADIUS Profile dialog box opens with General tab displayed. 214664-B Rev 00

Chapter 15 Configuring subscriber access profiles 333 The following table describes the fields in the General tab. Table 43 RADIUS Profile dialog box, General tab fields Field Profile Name Timeout Retries Authentication UDP Port Accounting UDP Port Trim Username Trim Domain Name Trim Realm Enable Disconnect Listening Port Description Type a text string for the name of this profile. Type an integer for the number of seconds that can elapse before a session times out. The default is 3. Type an integer for the number of retries the system makes. The default is 3. Type an integer for the number of the UDP port that is used for authentication. The default is 1645. Type an integer for the number of the UDP port that is used for accounting. The default is 1646. When checked, the Shasta BSN removes the username portion of the FQDN before sending it to the RADIUS server. When checked, the Shasta BSN removes the domain portion of the FQDN before sending it to the RADIUS server When checked, the Shasta 5000 BSN removes the realm portion of the FQDN before sending it to the RADIUS server Check the box, the Shasta 5000 BSN listens to the specified port for disconnect requests from the Radius server. 4 Click the RADIUS Servers tab. The RADIUS Servers tab opens. 5 Click Add. The RADIUS Server dialog box opens. The following table describes the fields in the RADIUS Server dialog box. Shasta 5000 Broadband Service Node Provisioning Subscribers

334 Chapter 15 Configuring subscriber access profiles Table 44 RADIUS Server dialog box Field Server Address Server Type Server Secret Load Sharing Description Type the IP address of the server as a valid IP address such as 10.10.100.1. Select the server type. The options are: Authentication: When checked, the Radius server maintains authentication data Accounting: When checked, the server maintains accounting data. The default is for both options to be selected. Type a text string for the password for the server. When checked, the Radius server is the Primary server during load sharing. 6 Set the parameters as necessary, and click OK. The server is added to the server list in the RADIUS Profile dialog box, RADIUS Servers tab. 7 Add other RADIUS servers in the same manner, as needed. 8 Click OK. The Access Properties Manager window is redisplayed with the RADIUS profile added to the list. Next steps Add any other access profiles that you require. Bind each RADIUS profile to a subscriber access group. Bind the access group to a subscriber record or a subscriber template. Adding a DHCP profile You must create a DHCP profile to enable the Shasta BSN to obtain an IP address from a DHCP server, and assign that address to a dedicated or dynamically generated subscriber. 214664-B Rev 00

Chapter 15 Configuring subscriber access profiles 335 Prerequisites Log on to the SCS server as an ISP or ISP&DO user. Create an access group. Create a subscriber template. Procedure 1 In the Access Properties Manager window navigation tree, click DHCP Profiles. The DHCP Profiles window opens with a list of any DHCP profiles configured earlier. 2 Click Add. The New DHCP Profile dialog box opens. 3 Type a name for the profile and click OK. The DHCP Profile dialog box opens with the General tab displayed. 4 Configure the settings you need for Profile Name, Hop Limit, Seconds Allowed (session timeout), Circuit ID, Remote ID (subscriber or subscriber template name), and the Subnet Mask you want to apply to any IP address assigned by the DHCP server. 5 Click the DHCP Servers tab. The DHCP Servers tab opens. 6 Click Add. The DHCP Server dialog box opens. 7 Type the server address, for example, 10.10.20.1. 8 Click OK. The SCS client redisplays the General tab of the DHCP Profile dialog box, showing the new Server address. 9 Add more DHCP servers if required; otherwise, click OK. The SCS client redisplays the Access Property Manager window, showing the new DHCP profile. A Shasta BSN CLI user can verify the DHCP profile configuration by entering the show dhcp command and the CLI prompt. Shasta 5000 Broadband Service Node Provisioning Subscribers

336 Chapter 15 Configuring subscriber access profiles Next steps Repeat this procedure to create any other DHCP profiles that you may require. Bind each DHCP profile to a subscriber access group. Bind the access group to a subscriber record or a subscriber template. Adding an IGMP profile Internet Group Management Protocol is a method that hosts use to join or remove themselves from multicast groups. Prerequisites Log on to the SCS server as an ISP or ISP&DO user. Procedure 1 In the Access Properties Manager window navigation tree, click IGMP Profiles. The IGMP Profiles window opens with a list of configured IGMP profiles, if any, shown on the right. 2 Click Add. The IGMP Profile Configuration dialog box opens (Figure 126). 214664-B Rev 00

Chapter 15 Configuring subscriber access profiles 337 Figure 126 IGMP Profile Configuration dialog box The following table describes the fields in the IGMP Profile Configuration dialog box. Table 45 IGMP Profiles dialog box fields Area Field Description IGMP Attributes Name Type a text string for the name of the IGMP profile. IGMP version Type the version of IGMP being used. The default is 2. Query interval (sec) Type the number of seconds that can elapse between instances of the Shasta 5000 BSN performing IGMP polling. The default is 125. Query response interval (1/10 sec) Last member query interval (1/10 sec) Last member query count Robust count The default is 2 Type the number of one-tenth seconds that can elapse between instances of the Shasta 5000 BSN performing IGMP polling. The default is 100 Type the number of one-tenth seconds that can elapse between each instance of the Shasta 5000 BSN querying the last member of a multicast group. The default is 10. Type the number of queries performed by the Shasta 5000 BSN of the last member of a multicast group. The default is 2. 3 Set the parameters as necessary and click OK. Shasta 5000 Broadband Service Node Provisioning Subscribers

338 Chapter 15 Configuring subscriber access profiles The IGMP Profiles window is redisplayed showing the new IGMP profile (Figure 127). Figure 127 IGMP Profiles window with new profile Next steps See the procedure, Binding an IGMP profile to an access group on page 230. Adding a PPP profile Point-to-Point Protocol (PPP) supports the transmission and reception of encapsulated data over synchronous or asynchronous point-to-point links. Authentication is not required, but may be specified. 214664-B Rev 00

Chapter 15 Configuring subscriber access profiles 339 A PPP profile defines the properties that the Shasta BSN applies when negotiating with PPP. Prerequisites Determine line negotiation and authentication requirements for subscriber PPP access connections. Log on to your SCS server with DO or ISP + DO priviledges. Procedure 1 In the Access Properties Manager window, select PPP Profile from the navigation pane. The PPP Profiles folder opens with a list of configured PPP profiles, if any, shown on the right. 2 Click Add. The PPP Profile Configuration dialog box opens. 3 In the Name field, type a name for the PPP profile. 4 In the Authentication area, configure the following parameters: Protocol CHAP first Challenge Handshake Authentication Protocol, a type of authentication in which the authentication agent sends the client program a key to be used to encrypt the username and password, is performed first before attempting PAP authentication. PAP first Password Authentication Protocol, a type of authentication in which a user's name and password are transmitted in the clear over a network and matched against a table of known names and passwords, before attempting CHAP authentication. CHAP only The session is CHAP authenticated before being dropped. PAP only The session is PAP authenticated before being dropped. Restart Timer Number of seconds, from three to 30, in which the PPP link must be authenticated before resending the packet. The default is set to 10 seconds. Max Failure Number of failed authentication attempts (three to 30) allowed. Shasta 5000 Broadband Service Node Provisioning Subscribers

340 Chapter 15 Configuring subscriber access profiles The default is set to 6. 5 In the LCP area, configure the following parameters: Echo Interval Interval between each LCP echo request (1-30, default=10) Max Echo Number of consecutive echo requests (3 to 10, default=4) sent without receiving echo-replies before the Shasta BSN assumes the peer cannot respond. Max Configure Number of configure requests (3-30, default=10) that can go unacknowledged before assuming that the peer can not respond. Max Terminate Number of terminate requests (2-10, default=2) that can go unacknowledged before assuming that the peer cannot respond. Max Failure Number of failed authentication attempts (three to 30) allowed. The default is set to 10. Restart Timer Number of seconds (1-10, default=3) in which the PPP link must be authenticated before resending the packet. MTU Size Specifies the maximum data size (0-1500, default =1500) that can be transmitted over the interface, which forces the peer to transmit data less than the MTU size. Enable ACFC Enables the Shasta BSN to: Acknowledge ACFC option in the LCP Config-Request received from a peer. Send the ACFC option in its own LCP Config-Request to a peer. Enable PFC Enables the Shasta BSN to: Acknowledge the PFC option in the LCP Config-Request received from a peer. Send the PFC option in its own LCP Config-Request to a peer. Async Control Character Map Select to enable or disable flow control using Asynch Control Character Map (ACCM). Enables the Shasta BSN to negotiate MLPPP. Next steps Bind the PPP profile to a Shasta BSN device. 214664-B Rev 00

Creating an access group Chapter 15 Configuring subscriber access profiles 341 An access group is a collection of access properties bound to a single configurable element. For example, an access group may contain profiles for accessing DHCP and/or RADIUS servers. An ISP uses the SCS Access Properties Manager to create the access profiles and bind them to an access group. After you create an access group, you can bind it to a specific subscriber or subscriber template. This provides an efficient means for configuring the access properties of static and dynamic subscribers. Prerequisites Log on to the SCS server with ISP priviledges. Open the SCS Subscriber Manager tool. Procedure 1 In the Access Properties Manager window navigation tree, click Access Groups. The Access Groups window opens with a list of configured access groups. 2 Click Add. The Access Group Configuration dialog box opens (Figure 128). Figure 128 Access Group Configuration dialog box 3 Type in a name for the Access Group Configuration dialog box and click OK. The Access Group Configuration Group Management dialog box opens (Figure 129). Shasta 5000 Broadband Service Node Provisioning Subscribers

342 Chapter 15 Configuring subscriber access profiles Figure 129 Access Group Configuration dialog box, Group Management tab 4 In the Device Specific Settings list, select a device and click Edit. The Adding Access Group Settings for Device dialog box opens. The following table describes the items in the Add Access Group Settings dialog box. Table 46 Add Access Group Settings dialog box Item Value Description Servers RADIUS: Override for Device Checked or unchecked If checked, the RADIUS profile specified in this dialog box overrides the profiles assigned to the access group on the specified device. RADIUS Profile Alphanumeric string (read-only) RADIUS profile that overrides the default profile. Click Select to choose a profile from the RADIUS Profile Selection dialog box. 214664-B Rev 00

Table 46 Add Access Group Settings dialog box (continued) Chapter 15 Configuring subscriber access profiles 343 Item Value Description DHCP: Override for Device Checked or unchecked If checked, the DHCP profile specified in this dialog box overrides the profiles assigned to the access group on the specified device. DHCP Profile Alphanumeric string (read-only) DHCP profile that overrides the default profile. Click Select to choose a profile from the DHCP Profile Selection dialog box. IGMP IGMP Profile Alphanumeric string (read-only) IGMP profile that overrides the access group profile on this device. Click Select to choose an IGMP profile from the IGMP Profile Selection dialog box. Session Parameters Override for Device Checked or unchecked If checked, the specified session parameters override the parameters set for the access group. Enable the option to configure override parameters. DNS Primary Address DNS Secondary Address NBNS Primary Address NBNS Secondary Address IP address in dotted decimal notation (XXX.XXX.XXX.XXX) IP address in dotted decimal notation (XXX.XXX.XXX.XXX) IP address in dotted decimal notation (XXX.XXX.XXX.XXX) IP address in dotted decimal notation (XXX.XXX.XXX.XXX) The domain name server for the specified device. The alternate domain name server for the specified device. The NETBIOS Name Service server address. NBNS automatically matches a computer s address and domain name once the computer registers its name on the NBNS server. The backup address of the NBNS server. Idle Timeout (min) Integer (0-120) Number of minutes a PPP connection waits to receive traffic before timing out. Session Timeout (hours) Integer (0-48) Number of hours that a PPP connection is active before timing out, with or without receiving traffic. OK Action button Saves the data and returns screen to the Access Group Configuration dialog box. Shasta 5000 Broadband Service Node Provisioning Subscribers

344 Chapter 15 Configuring subscriber access profiles 5 Set the parameters as necessary and click OK. Next steps To create any other customer/subscriber group entities that you may require, see: Configuring subscriber access profiles on page 331. For NAT groups: Shasta 5000 Broadband Service Node, Provisioning Service Policies, Release 4.0 For VPNs and VLANs: Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels Configuring subscriber VPNs, VLANs, VRFs, and tunnels For detailed information on how to configure subscriber VPNs, VLANs, VRFs, and tunnels, see the guide, Shasta 5000 Broadband Service Node, Provisioning VPNs, VLANs, and Tunnels. 214664-B Rev 00

345 Chapter 16 Configuring subscriber accounting Accounting is a powerful tool that enables you to distill statistics based on conditions and objects that are built into the Shasta 5000 BSN. Within the Shasta 5000 BSN environment, there are two types of accounting: ISP A standard type of accounting used on one of the multiple ISP contexts bundled into a Shasta 5000 BSN. Device owner This type of accounting done only for a device owner. Every BSN has a default ISP called a device_owner. To configure accounting on a Shasta 5000 BSN, you need to perform several tasks to build a complete accounting environment. This chapter contain instructions on how to complete the following ISP-level accounting tasks: Creating an accounting element on page 345 Creating an accounting profile on page 347 Binding an accounting profile to a device on page 349 Enabling an accounting object on page 350 Viewing the accounting results in Log Manager on page 351 The main building blocks of accounting are the accounting element and the accounting profile. The accounting profile consists of one or many accounting elements. The accounting profile is then included in or bound to a Shasta 5000 BSN. Note that once each has been configured, any element can be mapped to any number of profiles and that any profile can be bound to any number of devices. Creating an accounting element An accounting element is a function that combines three accounting parameters that enable you to build an accounting profile. Shasta 5000 Broadband Service Node Provisioning Subscribers

346 Chapter 16 Configuring subscriber accounting Prerequisites Determine which Shasta BSN devices, and ISPs configured on those devices, require accounting services. Determine the categories of accounting statistics you want to collect (as defined by accounting elements configurable on the Shasta BSN). Log on to your SCS server with ISP or device owner priviledges, depending on what group of accounting statistics your want to create or view. Open the SCS Access Properties Manager tool. Procedure 1 In Access Properties Manager, select Accounting Elements from the navigation pane. The Accounting Elements table opens. 2 Click Add. The Accounting Element dialog box opens (Figure 130). Figure 130 Accounting Element dialog box 3 In the Name field, type the name of the accounting element. 4 In the Type field, select a network object for which you want to create an accounting element. The options are: Device Stats Shasta 5000 Broadband Service Node device management. Configurable only by SCS users logged in with device owner priviledges. ISP IP Stats ISP connections to the Shasta 5000 Broadband Service Node. Service Stats Service policies created in Shasta BSN on the Shasta 5000 Broadband Service Node. 214664-B Rev 00

Chapter 16 Configuring subscriber accounting 347 Trunk Stats Each trunk connected to the Shasta 5000 Broadband Service Node. VPRN Stats VPRNs on the Shasta 5000 Broadband Service Node. VPRN Link Stats VPRN links between two Shasta 5000 Broadband Service Nodes. VRF Stats VRFs on the Shasta BSN. 5 Click OK. The Account Elements dialog box is redisplayed, showing the new element in the Accounting Element Name column mapped to the object type in the Type column and the interval in the Interval (min.) column. Next steps Repeat this procedure to create as many of the available accounting element types as you require to collect device owner or ISP accounting statistics on any Shasta BSN device. Once you have the set of elements that you require, peform the next task: Creating an accounting profile on page 347. Creating an accounting profile An accounting profile is a collection of accounting elements, each representing a different set of accounting statistics that you want to collect for a specific Shasta BSN device or ISP configured on that device. Prerequisites Determine what accounting elements you want to combine into an accounting profile that you can later bind to any Shasta BSN device or ISP configured on that device. Log on to your SCS server with ISP or device owner priviledges. Open the SCS Access Properties Manager tool. Procedure 1 In Access Properties Manager, select Accounting Profiles from the navigation pane. The Accounting Profiles table opens. Shasta 5000 Broadband Service Node Provisioning Subscribers

348 Chapter 16 Configuring subscriber accounting 2 Click Add. The New Accounting Profile dialog box opens with the chosen login type active, and with the alternate login type greyed out (Figure 131). Figure 131 New Accounting Profile dialog box 3 In the Accounting Profile Name field, type a name for the accounting profile. 4 Click OK. The Accounting Profile dialog box opens. 5 Select an accounting object from the Accounting Elements list. 6 Click Add. The Accounting Element selection dialog box opens (Figure 132). Figure 132 Accounting Element Selection dialog box 7 Click an accounting element in the Accounting Element list and click OK. The Accounting Profile dialog box is redisplayed with the object you selected with the new accounting element mapped to it. 214664-B Rev 00

Chapter 16 Configuring subscriber accounting 349 Next steps Repeat this procedure to create any other types of accounting profiles you may require for your Shasta BSN devices or ISPs configured on those devices. When you finish creating accounting profiles, perform the next step: Binding an accounting profile to a device on page 349 Binding an accounting profile to a device For an accounting profile to perform for a Shasta BSN device or ISP configured on that device, you must bind it to the device. Prerequisites Determine which Shasta BSN devices, and ISPs configured on those devices, require accounting services. Log on to your SCS server with ISP or device owner priviledges. Open the SCS Access Properties Manager tool. Procedure 1 In Device Manager, select a device from the device list and choose Configure > Access Properties from the shortcut menu. The Access Properties tab opens. 2 To select the type of accounting profile, do one of the following: For a Device Owner type, click Select to the right of the Device Owner Accounting Profile field. The Device Owner Accounting Profile Selection dialog box opens. For an ISP type, click Select to the right of the ISP Accounting Profile field. The ISP Accounting Profile Selection dialog box opens. 3 Select the accounting profile you want to bind to the Shasta 5000 BSN. 4 Click OK. The Configuration Access Properties dialog box is redisplayed, showing the accounting profile name to the right of the field you selected. Shasta 5000 Broadband Service Node Provisioning Subscribers

350 Chapter 16 Configuring subscriber accounting 5 Click OK. Next steps Enabling an accounting object on page 350 Enabling an accounting object The final step in configuring accounting is ensuring you have enabled accounting on the service object or policy for which you built an accounting profile. This example procedure describes how to enable accounting on a security service policy, but the steps generically apply to all objects and policies. Prerequisites Determine the Shasta BSN service objects and policies on which you need to enable accounting services. Log on to your SCS server with ISP priviledges. Open the SCS Service Policy Manager tool. Procedure 1 In Service Policy Manager, select a service (for example, Security). The Security window opens. 2 In the Security Policy list, double-click a Security Policy. The Policy Edit: Security Policy dialog box opens. 3 Select the Accounting(Disable) menu, and then select Accounting(Enable) (Figure 133). 214664-B Rev 00

Chapter 16 Configuring subscriber accounting 351 Figure 133 Policy Edit: Security Policy dialog box Note: The Enable designation must occur to the right of the menu name. The default is for accounting to be disabled on all services. Next steps Viewing the accounting results in Log Manager on page 351 Viewing the accounting results in Log Manager After you configure the accounting environment, you can view the results of the statistics that have been generated through the SCS Log Manager. Prerequisites Determine the Shasta BSN device and ISP service objects and policies for which you need to view accounting statistics. Log on to your SCS server with ISP priviledges. Open the SCS Log Manager tool. Shasta 5000 Broadband Service Node Provisioning Subscribers

352 Chapter 16 Configuring subscriber accounting Procedure 1 In Log Manager, select the Accounting tab. 2 In the lower navigation pane, select the accounting object for which you want to view statistics from the lower area of the navigation bar. The Log Manager displays the statistics associated with the accounting object you selected. To refresh your view, click the Refresh button on the Accounting tab. Next steps Repeat this procedure for any other accounting statistics you may want to view for a BSN device or ISP configured on that device. See also: Subscriber Logging on page 365. Shasta 5000 Broadband Service Node, SNMP Configuration Guide, Release 4.0 -- Information on subscriber monitoring. 214664-B Rev 00

353 Chapter 17 Monitoring subscribers The following topics provide instructions on how to monitor subscriber statistics from various views: View aggregate statistics for all ISP subscribers on page 353 Viewing detailed statistics for one or more subscribers on page 355 In addition, for information about how use the System Monitor to monitor active subscribers per SSM on any BSN device, see the guide, Shasta 5000 Broadband Service Node, SNMP Configuration Guide, Release 4.0. View aggregate statistics for all ISP subscribers From the Monitoring ISP window, you can view values for the following aggregate subscriber statistics on any Shasta BSN used to implement your ISP virtual router context: Total subscribers Active subscribers Active PPP sessions PPP authentication failures IP packets dropped IP packets forwarded As aggregate statistics, the summarize in general the activity of all subscribers on the Shasta BSN, but without reference to any particular subscribers. Shasta 5000 Broadband Service Node Provisioning Subscribers

354 Chapter 17 Monitoring subscribers Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your ISP network and subscriber topology. Log on to your SCS server as a device owner or ISP user. Procedure 1 Open the Device Manager. 2 Right-click the icon for a Shasta BSN device. 3 Select Monitor > ISP from the submenu. After a slight delay, the Monitoring ISP dialog box opens with the ISP tab displaying aggregate subscriber statistics, as shown in the following example. 214664-B Rev 00

Chapter 17 Monitoring subscribers 355 Figure 134 Monitoring - ISP tab Next steps Viewing detailed statistics for one or more subscribers on page 355 Viewing detailed statistics for one or more subscribers Using the Monitoring > Subscribers feature of the SCS Device Manager, an ISP user of the SCS can: Open the Monitoring Subscribers dialog box on page 356 View general statistics for multiple subscribers on page 358 Shasta 5000 Broadband Service Node Provisioning Subscribers

356 Chapter 17 Monitoring subscribers View detailed statistics for one subscriber on page 360 View interface statistics for one subscriber on page 361 View connection statistics for one subscriber on page 363 Open the Monitoring Subscribers dialog box To monitor the statistics associated with one or more specific subscribers, you must first open the Monitoring - Subscriber dialog box. Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your network and subscriber topology. Log on to your SCS server as an ISP user. Procedure 1 Open the Device Manager. 2 Right-click a Shasta BSN device in the device view. 3 Select Monitor > Subscribers. The Monitoring dialog box opens with the Subscribers tab displayed as shown in the following example. 214664-B Rev 00

Chapter 17 Monitoring subscribers 357 Figure 135 Monitoring - Subscriber tab Next steps Using the Monitoring > Subscribers feature of the SCS Device Manager, you can: View general statistics for multiple subscribers on page 358 View detailed statistics for one subscriber on page 360 View interface statistics for one subscriber on page 361 View connection statistics for one subscriber on page 363 Shasta 5000 Broadband Service Node Provisioning Subscribers

358 Chapter 17 Monitoring subscribers View general statistics for multiple subscribers Using the Monitoring > Subscribers feature of the SCS Device Manager, an ISP user can obtain filtered views of various general statistics for multiple subscribers. You can filter your view by: Slot/Port VPI/VCI Tunnel Name Domain Name Template Subscriber Subscriber Name Subscriber State For each subscriber, you can view values for the following statistics: Subscriber Name Domain Name Connection Name Encaps Type Remote IP Address Status Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your network and subscriber topology. Log on to your SCS server as an ISP user. Procedure 1 Open the Device Manager. 2 Right-click a Shasta BSN device in the device view. 3 Select Monitor > Subscribers. The Monitoring dialog box opens with the Subscribers tab displayed. 214664-B Rev 00

Chapter 17 Monitoring subscribers 359 4 In the Filter by area of the Subscribers tab, select any one of the following six options from the submenu: by Slot/Port VPI/VCI by Tunnel Name by Domain Name by Template Subscriber by Subscriber Name by Subscriber State According to the filtering option you choose, you must also enter, enable, or select values for the parameters shown in the following table: Table 47 Configurable filtered views for subscriber statistics Filtering option Slot/Port VPI/VCI Tunnel Name Domain Name Template Subscriber Subscriber Name Subscriber State Configurable filtering parameters Enter a connection Slot, Port, VPI, and VCI configured on the Shasta BSN. Enter a tunnel name and/or select a specific tunnel set (PPPoE, LAC L2TP, or LNS L2TP) configured on the Shasta BSN. Enter all or part* of a domain name configured on the Shasta BSN. Enter or select by name any dynamic subscriber (a subscriber for whom the BSN applies a subscriber template for access) on the Shasta BSN. Enter all or part* of a subscriber s name to filter your view of subscribers on the Shasta BSN. Select any of of the following state-oriented statistics to filter your view of subscribers on the Shasta BSN: IP Demux With Config Error Ready Up Down Unconfigured * Entering a partial name enables you to view all list of all entries matching that partial subscriber or domain name string. Shasta 5000 Broadband Service Node Provisioning Subscribers

360 Chapter 17 Monitoring subscribers 5 Click the Retrieve Subscribers button. The Subscribers: Filtered by table displays statistics for subscribers, ordered according to the filtering option you chose, and according to any values you entered for filter parameters. Next steps Using the Monitoring > Subscribers feature of the SCS Device Manager, you can also: View detailed statistics for one subscriber on page 360 View interface statistics for one subscriber on page 361 View connection statistics for one subscriber on page 363 View aggregate statistics for all ISP subscribers on page 353 View detailed statistics for one subscriber Using the Monitoring > Subscribers feature of the SCS Device Manager, an ISP user can view values for the following more detailed single-subscriber statistics: Subscriber Name Domain Name Up Since Autogenerated Template Interface Name Connection Name Status Interface Stats (button.) Connection Stats (button.) Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your network and subscriber topology. Log on to your SCS server as an ISP user. 214664-B Rev 00

Chapter 17 Monitoring subscribers 361 Procedure 1 Follow the procedure to View general statistics for multiple subscribers, as described on page 358. 2 Double-click a specific subscriber from the list, or select a subscriber and click the Details button at the bottom of the Monitoring Subscribers dialog box. The Detailed Information dialog box opens, displaying additional statistics for the subscriber you chose in step 1. Next steps Using the Monitoring > Subscribers feature of the SCS Device Manager, you can also: View interface statistics for one subscriber on page 361 View connection statistics for one subscriber on page 363 View general statistics for multiple subscribers on page 358 View aggregate statistics for all ISP subscribers on page 353 View interface statistics for one subscriber Using the Monitoring > Subscribers feature of the SCS Device Manager, an ISP user can view values for the following single-subscriber interface statistics: Last Poll Time Status Avg Packets Tx Avg Packets Rx Avg Bytes Tx Avg Bytes Rx Total Packets Tx Total Packets Rx Total Bytes Tx Total Bytes Rx In Packets Dropped Out Packets Dropped Shasta 5000 Broadband Service Node Provisioning Subscribers

362 Chapter 17 Monitoring subscribers Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your network and subscriber topology. Log on to your SCS server as an ISP user. Procedure 1 Follow the procedure to View detailed statistics for one subscriber, as described on page 360. 2 Within the Detailed Information dialog box, click the Interface Stats button. The Interface Stats dialog box appears. 3 Within the Interface Stats dialog box, click the Start button to begin displaying interface statistics for the subscriber you selected, updated during each new polling interval. Slide the horizontal scroll bar to see values for all statistics within the Interface Statistics table. If you want the Shasta BSN to poll for updated Interface Stats values at a different rate, enter a suitable nondefault Polling Interval value, click Change, and then click the Start button. The Shasta BSN continues to poll this subscriber for interface statistics until you click the Stop button in the Interface Stats dialog box. 4 When you finish viewing subscriber interface statistics, click Stop. 5 Click the Close button to close the Interface Statistics dialog box. 6 Close the Monitoring Statistics Container Frame from the File menu in that frame, or by clicking the X box in the upper right corner of the frame. Next steps Using the Monitoring > Subscribers feature of the SCS Device Manager, you can also: View detailed statistics for one subscriber on page 360 View connection statistics for one subscriber on page 363 View general statistics for multiple subscribers on page 358 View aggregate statistics for all ISP subscribers on page 353 214664-B Rev 00

View connection statistics for one subscriber Chapter 17 Monitoring subscribers 363 Using the Monitoring > Subscribers feature of the SCS Device Manager, an ISP user can view values for the following single-subscriber connection (and PPP) statistics: Connection tab statistics Last Poll Time Cells Tx CLP Cells Tx Cells Rx Status Type Slot Number Port Number VPI VCI VLAN ID ILMI Inv Arp Status Time Since Last Change Total State Transitions PPP tab statistics Last Poll Time Unknown Protocol Error Rx Packets Rx Bytes Rx Tx Packets Bytes Tx Shaper Packets Sent Shaper Packets Queued Shaper Packets Dropped LCP Rx LCP Tx NCP Rx NCP Tx Auth Rx Auth Tx Prerequisites Be familiar with the background information in Working with subscriber monitoring on page 95. Have access to information about your network and subscriber topology. Log on to your SCS server as an ISP user. Procedure 1 Follow the procedure to View detailed statistics for one subscriber, as described on page 360. 2 From the Detailed Information dialog box, click the Connection Stats button. The Connection Stats dialog box appears, with a Connection Stats tab in the foreground and a PPP Stats tab in the background. Shasta 5000 Broadband Service Node Provisioning Subscribers

364 Chapter 17 Monitoring subscribers 3 From the Connection Stats dialog box, select either the Connection Stats tab or the PPP Stats tab. 4 Click the Start button to begin displaying values for single-subscriber connection or PPP statistics, polled at the default Polling Interval. Slide the horizontal scroll bar to see values for all statistics within either the Connection Stats tab or the PPP Stats tab. If you want the Shasta BSN to poll for updated Connection Stats values at a different rate, enter a suitable nondefault Polling Interval, click Change, and then click the Start button. The Shasta BSN continues to poll this subscriber for connection/ppp statistics until you click the Stop button in the Connection Stats dialog box. 5 Click the Stop button to stop polling and displaying new statistics. 6 Click the Close button to close the Connection Statistics dialog box. 7 Close the Monitoring Statistics Container Frame from the File menu within that frame, or by clicking the X box in the upper right corner of the frame. Next steps Using the Monitoring > Subscribers feature of the SCS Device Manager, you can also: View interface statistics for one subscriber on page 361 View general statistics for multiple subscribers on page 358 View aggregate statistics for all ISP subscribers on page 353 214664-B Rev 00

Appendix A Subscriber Logging 365 As of release 3.0, an enhanced logging implementation consists of Shasta BSNs, a log writer (an SCS log server), a log reader (SCSLogCat and the new SCS Monitoring Server), a Shasta BSN domain server, and SCS or NetRIO clients, as shown in the following illustration. Shasta 5000 Broadband Service Node Provisioning Subscribers

366 Subscriber Logging Figure 136 Enhanced logging implementation SCS Client NetRIO Client Display schema.text Schema Display schema.text Schema Log Read Requests and Replies SCS Domain Server Send ISP Log Files Send ISP Log Files Send ISP Log Files Shasta BSN Shasta BSN Shasta BSN SCS Monitoring Server XML Schema File schema.text Filter and Format Log Read Data Display SCS Log Server Log Read Data SCSLogCat Utility Read Binary ISP Log Files File system Write ISP log files 214664-B Rev 00 Shasta BSNs periodically send binary log files to the SCS Log Server, with each file containing entries for events logged for every subscriber of a specific ISP. The SCS Log Server writes the ISP binary log files to a file system managed by the SCS Monitoring Server. An SCS client, a customer NetRIO client, or the Monitoring Server can request to view ISP/subscriber log data. On request, the SCSLogCat utility reads a specific binary log file and sends an ASCII-readable result back to the requesting client or Monitoring Server display.

Subscriber Logging 367 Using a local XML-based schema file, the Monitoring Server, SCS client, or NetRIO client can pre-filter and format the log reader output by subscriber ID and service type. You can create different log output formats simply by modifying the XML schema files used by the Monitoring Server or the SCS or NetRIO clients. With this approach, third-party developers can more easily create programs to post-process log outputs, for streamlined accounting and other applications. With this implementation, the log reader displays several key elements in the output of any ISP/subscriber log: Log header -- Contains fields that define the context of the log entries that follow the header. For example, the header would define the region, device, ISP, and customer IDs associated with a specific log. Log entries -- Describe events logged for each subscriber and service supported by a specific ISP. Dropped log entries -- A count of subscriber events not logged because they occurred at a rate faster than the system logging rate. The following table shows an example of the enhanced subscriber statistics that you can view through the SCS Log Manager tool. Note that the actual statistics captured may vary somewhat for different subscriber services. The table describes common fields displayed for these services. Table 48 Policy accounting log details Parameter Value Definition Logging Header OPERATION Text The service policy associated with this log entry. VERSION Text Not used. RESERVED Reserved Reserved for future use. FILE_TYPE Integer Not applicable. Shasta 5000 Broadband Service Node Provisioning Subscribers

368 Subscriber Logging Table 48 Policy accounting log details (continued) Parameter Value Definition FLAGS Created The subscriber logged on, or a service was applied to the subscriber s account. Modified The subscriber s profile or a service associated with the subscriber s profile was modified. Cleared The counters have been cleared for this service only, and for this subscriber only. Following are the final statistical values prior to that operation. Deleted A subscriber logged off or a service was removed from the subscriber s account. SPM_REGIONID Integer The SCS Region served by the BSN that generated this log entry. SPM_DEVICEID Integer The ID of the BSN device that generated this log entry. SUB_INSTANCE Integer SCS ID of the subscriber associated with this log entry. SPM_SUBID Integer ID (slot/port/processor) of the interface used by the subscriber associated with this log entry. SPM_CUSTOMERID Integer The customer group to which a subscriber belongs. SPM_ISPID Integer Your The SCS-assigned ISP identifier. TIMESTAMP Brief TLV Logging Header SPM_CONVSRCADDR SPM_CONVDSTADDR <Day> <Month> <Date> <Time (HH:MM:SS)> <Timezone> <Year> A valid IP address (XXX.XXX.XXX.XXX) A valid IP address (XXX.XXX.XXX.XXX) The time when the Shasta BSN generated this log entry. The new source IP address assigned to a packet when a policy match requires conversion of the packet s existing source IP address. The new destination IP address assigned to a packet when a policy match requires conversion of the packet s existing destination IP address. SPM_CONVSRCPORT Integer The new UDP source port number assigned to a packet when a service policy match requires conversion of the packet s existing source UDP port number. SPM_CONVDSTPORT Integer The new UDP destination port number assigned to a packet when a service policy match requires conversion of the packet s existing destination UDP port number. 214664-B Rev 00

Subscriber Logging 369 Table 48 Policy accounting log details (continued) Parameter Value Definition Detail TLV Logging Header SPM_FLOWPROTO Text The Layer 4 protocol used to control the flow of packets associated with this log entry. SPM_FLOWSRCADDR SPM_FLOWDSTADDR IP address (XXX.XXX.XXX.XXX) IP address (XXX.XXX.XXX.XXX) The Layer 3 (IP) source address of the session assocated with this log entry. The Layer 3 (IP) destination address of the session assocated with this log entry. SPM_FLOWSRCPORT Integer The source UDP port number of the packet associated with this log entry. SPM_FLOWDSTPORT Integer The destination UDP port number of the packet associated with this log entry. Verbose TLV Logging Header SPM_13HDRLENGTH Integer The length, in bytes, of the Layer 3 header in the packet associated with this log entry. SPM_14HDRLENGTH Integer The length, in bytes, of the Layer 4 header in the packet associated with this log entry. SPM_PADDINGHEADER Integer The number of bytes padding in the packet heading associated with this log entry. SPM_RESERVED Reserved Reserved for future use. SPM_13_14_HEADER Char (Hexadecimal) The actual Layer 3 and Layer 4 headers of the packet associated with this log entry. For information about how to use the SCS Log Manager, see Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Shasta 5000 Broadband Service Node Provisioning Subscribers

370 Subscriber Logging 214664-B Rev 00

Appendix B RFCs 371 The Shasta BSN supports the Internet RFCs listed in the following table. Where noted, the BSN supports a specific subpart of an RFC.: Table 49 Internet RFCs supported all or in part by the Shasta BSN Functional area Relevant Internet RFC Alarms RFC 1212 -- Concise MIB Definitions Anti-spoofing RFC 2597 -- Assured Forwarding PHB Group Automatic Protection Switching (APS) See Bellcore standard GR-253-CORE. Border Gateway Protocol (BGP) RFC 1771 DiffServ RFC 2597 -- Assured Forwarding PHB Group RFC 2798 -- Network Policy and Services Dynamic Topology VPNs RFC 2547 RFC 2685 RFC 2764 RFC 2709 Firewalls RFC 2938 -- Security and Firewall Architecture L2TP tunnels RFC2291 -- L2TP Tunnels Multicast IGMP RFC 1585 RFC 1584 RFC 1112 RFC 1054 NAT RFC 2886 -- Network Address Translation Group Personal Content Portals RFC 2660 -- The Secure HyperText Transfer Protocol Policing RFC 2698 -- A Two Rate Three Color Marker RFC 2697 -- A Single Rate Three Color Marker RFC 2597 -- Assured Forwarding PHB Group Shasta 5000 Broadband Service Node Provisioning Subscribers

372 RFCs Table 49 Internet RFCs supported all or in part by the Shasta BSN (continued) Functional area Policy-based forwarding Service policies Traffic shaping VPRNs Relevant Internet RFC RFC 2750 -- RSVP Extensions for Policy Control RFC 2597 -- Assured Forwarding PHB Group RFC 2597 -- Assured Forwarding PHB Group RFC 2771 -- Virtual Private Networks 214664-B Rev 00

373 Appendix C Supported SNMP MIBs, variables, and statistics This appendix provides: A list of SNMP MIBs supported by the Shasta BSN ATM-Forum-MIB variables A full description of L2TP MIB support on the Shasta BSN SNMP MIBs supported by the Shasta BSN The Shasta BSN supports MIBs that an SNMP-based network management system (NMS) can access to view values for key MIB variables. Specifically, the Shasta BSN supports the following MIBs: RFC 1213 - SNMPv2 MIB RFC 2496 - DS3 MIB describes DS3 and E3 interfaces objects RFC2096-MIB - IP forward MIB RFC1595 - SONET MIB Shasta Chassis MIB (describes Shasta BSN device health information) RFC 2115 - MIB for Frame Relay interfaces on DTEs RFC 1604 - MIB for Frame Relay service MIB Information Supported in Release 1.5x RFC 2011 - SNMPv2 MIB for IP (updates RFC1213) RFC 2012 - SNMPv2 MIB for TCP (updates RFC 1213) RFC 2013 - SNMPv2 MIB for UDP (updates RFC 1213) RFC 1213 - SNMP V2 MIB RFC 2233 - The Interfaces Group MIB using SMIv2 (obsoletes RFC 1573-Evolution of the Interfaces Group of MIB-II) Shasta 5000 Broadband Service Node Provisioning Subscribers

374 Supported SNMP MIBs, variables, and statistics 214664-B Rev 00 RFC 1695 - Definitions of Managed Objects for ATM Management Version 8.0 using SMIv2 (draft-ietf-atommib-atm1ng-03), specifically these tables: (1) ATM Interface configuration group (atminterfaceconftable) (2) ATM Interface DS3 PLCP group (atminterfaceds3plcptable) (3) ATM Interface TC Sublayer group (atminterfacetctable) (4) ATM Interface VPL configuration group (atmtrafficdescrparamtable, atmvpitable) (5) ATM Interface VCL configuration group (atmvcitable) (6) ATM Interface AAL5 VCC performance statistics group (aal5vcctable) ATM-FORUM-MIB (ATM UNI 4.0), specifically these tables: (1) ATM Port Table, physical layer status and parameter information (atmporttable) (2) ATM-layer specific information (atmfatmlayertable) (3) The ATM Statistics Group (atmfatmstatstable) (4) Information concerning Virtual Channel Connections (atmfvcctable) ATM-FORUM-SRVC-REG (The Service Registry Table) ATM-FORUM-ADDR-REG, specifically these tables: (1) The Network Prefix Table (2) The Address Table (3) The Address Registration Admin Table RFC 1695 - Definitions of Managed Objects for ATM Management Version 8.0 using SMIv2 (draft-left-atommib-atm1ng-03) SONET-MIB (RFC 1595), specifically these tables: (1) sonetmediumtable (2) sonetsectioncurrenttable (3) sonetsectionintervaltable (4) sonetlinecurrenttable (5) sonetlineintervaltable (6) sonetpathcurrenttable (7) sonetpathintervaltable

L2TP MIB (See L2TP MIB on page 376.) Supported SNMP MIBs, variables, and statistics 375 ATM-Forum-MIB variables The following table describes ATM Forum MIB variables supported by the Shasta BSN. Table 50 ATM Forum MIB variables and descriptions Field MIB object ID Description SNMP_Cold_Start.1.3.6.1.6.3.1.1.5.1 A coldstart trap signifies that the sending protocol entity is reinitializing itself so that the agent s configuration or the protocol entity implementation may be altered. SNMP_Warm_Start.1.3.6.1.6.3.1.1.5.5 A warmstart trap signifies that the sending protocol entity is reinitializing itself so that neither the agent configuration nor the protocol entity implementation is altered SNMP_Authen_Failure.1.3.6.1.6.3.1.1.5.5 An authentication failure trap signifies that the sending protocol entity is the addressee of a protocol message that is not properly authenticated. While implementations of SNMP must be capable of generating this trap, they must also be capable of suppressing the emission of such traps via an implementation-specific mechanism. dsx3linestatuschange.1.3.6.1.2.1.10.30.15.1 Sent when the value of an instance of dsx3linestatus changes. It can be utilized by an NMS to trigger polls. When the line status change results in a lower level line status change (i.e., ds1), then no traps for the lower level are sent. dsx3linestatuschange variables Indicates the Line Status of the interface. It contains loopback state information and failure state information. The dsx3linestatus is a bit map ssg5000chassisfailur.1.3.6.1.4.1.3199.10.28.2.0.1 Indicates that the agent detects a change in the status of ps1, ps2, fan, chassis temperature. ssg5000sysalarmnotif.1.3.6.1.4.1.3199.10.28.2.0.2 Indicates the agent detects an alarm status in the system. Shasta 5000 Broadband Service Node Provisioning Subscribers

376 Supported SNMP MIBs, variables, and statistics Table 50 ATM Forum MIB variables and descriptions (continued) Field MIB object ID Description ssg5000portalarmnoti.1.3.6.1.4.1.3199.10.28.2.0.4 Indicates the agent detects an alarm status in the port. ssg5000ssmalarmnotif.1.3.6.1.4.1.3199.10.28.2.0.5 Indicates the agent detects an alarm status in the SSM. ssg5000pvcalarmnotif.1.3.6.1.4.1.3199.10.28.2.0.6 Indicates the agent detects an alarm status in a PVC. ssg5000ct3portalarmn.1.3.6.1.4.1.3199.10.28.2.0.7 Indicates the agent detects an alarm status for a CT3 port. ssg5000ct3ds2alarmn o.1.3.6.1.4.1.3199.10.28.2.0.9 Indicates the agent detects a DS2 alarm status on the CT3 port. L2TP MIB Internet service providers and wholesalers can use the Shasta BSN command line interface (CLI) or SNMP-based tools (for example, an SNMP-based network management system or NMS) to view values for the following L2TP tunnel statistics: Tunnel aggregate traffic statistics Tunnel profile and aggregate PPP session statistics Tunnel individual PPP session statistics To obtain these statistics using the Shasta CLI, enter the show interface command while logged in to a specific BSN. (For more information, see Using the Shasta CLI to view L2TP statistics on page 385.) To obtain these statistics using SNMP, an NMS must issue SNMP get and get-next commands to the Shasta BSN, requesting values for variables defined in the following MIBs: MIB document Request For Comments (RFC) 2863 draft-ietf-l2tpext-l2tp-mib-01.txt Title The Interfaces Group MIB Layer Two Tunneling Protocol L2TP Management Information Base 214664-B Rev 00

Supported SNMP MIBs, variables, and statistics 377 The Shasta BSN replies to each SNMP request, sending packets containing real-time values for the requested MIB variables. The Shasta BSN also sends SNMP trap messages to notify the NMS of tunnel failures and recoveries in real time. Each tunnel failure/recover trap message contains values for a subset of variables in the following Nortel proprietary MIB: MIB document ssg-5000-chassis-mib Title Shasta BSN chassis MIB For more information about the Shasta BSN chassis MIB, see the Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. Tunnel aggregate traffic statistics The table below describes the subset of variables from the Interfaces Group MIB (RFC 2233) used by the Shasta BSN to collect, in real time, aggregate statistics on traffic over a specific L2TP tunnel. Table 51 L2TP tunnel aggregate traffic statistics MIB variable Syntax Description iftable.iftype iftable.ifphyaddress iftable.ifoperstatus iftable.ifinoctets iftable.ifinucastpkts IANAifType (131) PhysAddress (integer or dotted decimal notation) Integer 1 -- Interface up (ready to pass packets) 2 -- Interface down (not ready to pass packets, or peer unreachable) Counter32 (0 to 4,294,967,295) Counter32 (0 to 4,294,967,295) Identifies the interface type (in this case, for L2TP), assigned by the Internet Assigned Numbers Authority (IANA). Contains the local tunnel identifier. Identifies the operational state of the local interface supporting this l2tp tunnel. Identifies the total number of control and payload octets received from the tunnel. Identifies the total number of control and payload packets received from the tunnel. Shasta 5000 Broadband Service Node Provisioning Subscribers

378 Supported SNMP MIBs, variables, and statistics Table 51 L2TP tunnel aggregate traffic statistics (continued) MIB variable Syntax Description iftable.ifindiscards iftable.ifoutoctets iftable.ifoutucastpkts iftable.ifoutdiscards Counter32 (0 to 4,294,967,295) Counter32 (0 to 4,294,967,295) Counter32 (0 to 4,294,967,295) Counter32 (0 to 4,294,967,295) Identifies the total number of control and payload packets received from the tunnel but subsequently discarded. Identifies the total number of control and payload octets transmitted over the tunnel. Identifies the total number of control and payload packets transmitted over the tunnel. Identifies the total number of control and payload packets discarded prior to transmission over the tunnel. These MIB variables together occupy one row entry (ifentry) in the interfaces table (iftable) in the Interfaces Group MIB. Each instance of an L2TP tunnel on a Shasta BSN results in a new row entry in the interfaces table. The NMS can use SNMP to request iftable statistics for: All instances of L2TP tunnels in the iftable A specific instance of an L2TP tunnel in the iftable To provision devices in your network to retrieve real-time values for these MIB variables, see Configuring L2TP MIB support and trap reporting on page 382. For information about how to use the show interface command to display real-time values for these MIB variables, see Using the Shasta CLI to view L2TP statistics on page 385. Tunnel profile and aggregate PPP session statistics The table below describes the set of MIB variables used by the Shasta BSN to collect, in real time, statistics profiling an L2TP tunnel, its operational status, and PPP sessions. The IETF draft, Layer Two Tunneling Protocol "L2TP" Management Information Base, contains more information about these MIB variables. 214664-B Rev 00

Supported SNMP MIBs, variables, and statistics 379 Table 52 L2TP tunnel profile and aggregate PPP session statistics MIB variable Syntax Description l2tptunnelstatsifindex InterfaceIndex Identifies the interface associated with this L2TP tunnel. l2tptunnelstatslocaltid Integer32 (0 to 65535) Contains the tunnel ID assigned locally. l2tptunnelstatsremotetid l2tptunnelstatsstate l2tptunnelstatsinitiated l2tptunnelstatsremotehostname l2tptunnelstatsremotevendorname l2tptunnelstatsinitialremoterws l2tptunnelstatscontrolrecvpackets l2tptunnelstatscontrolsendpackets l2tptunnelstatsactivesessions Integer32 (0 to 65535) Integer 1 -- Idle 2 -- Connecting 3 -- Established 4 -- Disconnecting Integer 1 -- Locally initiated 2 -- Remotely intiated DisplayString (Any alphanumeric string) DisplayString (Any alphanumeric string) Integer32 (0 to 65535) Counter32 (0 to 4,294,967,295) Counter32 (0 to 4,294,967,295) Gauge32 (Integer) Contains the tunnel ID assigned at the remote end of the tunnel. Describes the current operational state of the tunnel. Indicates whether the tunnel was initiated locally (by the LAC) or by the remote tunnel peer (the LNS). Identifies the name of the remote L2TP host, discovered using Host Name attribute-value pair (AVP) during tunnel establishment. If the tunnel is idle, this object retains its value from the previous L2TP connection. Identifies the vendor name of the peer L2TP implementation. If the tunnel is idle, this object retains its value from the previous L2TP connection. Identifies the initial receive window size used by the remote peer, as determined in the RWS AVP during tunnel establishment. If the tunnel is idle, this object retains its value from the previous L2TP connection. Indicates the number of control packets received from the tunnel. Indicates the number of control packets transmitted over the tunnel to the remote L2TP peer. Indicates the total number of PPP sessions in the established state for this tunnel. Shasta 5000 Broadband Service Node Provisioning Subscribers

380 Supported SNMP MIBs, variables, and statistics These MIB variables together occupy one row entry (l2tptunnelstatsentry) in the L2TP tunnel statistics table (l2tptunnelstatstable) in the L2TP MIB. Each instance of an L2TP tunnel on a Shasta BSN results in a new row entry in the L2TP tunnel statistics table. The NMS can request l2tptunnelstatstable statistics for: All instances of L2TP tunnels in the l2tptunnelstatstable A specific instance of an L2TP tunnel in the l2tptunnelstatstable To provision devices in your network to retrieve real-time values for these MIB variables, see Configuring L2TP MIB support and trap reporting on page 382. For information about how to use the show interface command to display real-time values for these MIB variables, see Using the Shasta CLI to view L2TP statistics on page 385. Tunnel individual PPP session statistics The table below describes the set of MIB variables used by the Shasta BSN to collect, in real time, statistics profiling specific PPP sessions and their operational status on an L2TP tunnel. The IETF draft, Layer Two Tunneling Protocol "L2TP" Management Information Base, contains more infomation about these MIB variables. Table 53 L2TP individual PPP session statistics MIB variable Syntax Description l2tpsessionstatstunnelifindex InterfaceIndex Identifies the L2TP tunnel ifindex value associated with these PPP sessions. l2tpsessionstatsifindex InterfaceIndex Identifies the ifindex value of the local interface tunneling PPP packets to a remote L2TP peer. For example, this could be the connection identifier on a LAC or the PPP ifindex on the LNS. l2tpsessionstatslocalsid l2tpsessionstatsremotesid Integer32 (1 to 65535) Integer32 (0 to 65535) Contains the locally assigned identifier for this PPP session. Contains the identifier assigned by the remote peer for this PPP session. 214664-B Rev 00

Supported SNMP MIBs, variables, and statistics 381 Table 53 L2TP individual PPP session statistics (continued) MIB variable Syntax Description l2tpsessionstatsusername l2tpsessionstatsstate l2tpsessionstatscalltype DisplayString (Any alphanumeric string) Integer 1 -- Idle 2 -- Connecting 3 -- Established 4 -- Disconnecting Integer 1 -- LAC incoming 2 -- LNS incoming 3 -- LAC outgoing 4 -- LNS outgoing Contains the peer session name on this interface. This is typically the login name of the remote user. If the user name is unknown to the local tunnel peer, then this object contains a null string. Identifies the current state of the PPP session. Identifies the type of call and the role served by the local tunnel peer for this PPP session. For example, the value 1 indicates that the local tunnel peer is acting as a LAC, and generated a Incoming-Call-Request to the remote tunnel peer (the LNS). Note that tunnel peers can be lnsincoming or lacoutgoing. l2tpsessionstatstxconnectspeed Integer32 Identifies the last known transmit baud rate for this PPP session. l2tpsessionstatsrxconnectspeed Integer32 Identifies the last known receive baud rate for this PPP session. l2tpsessionstatsphyschanid Integer32 Contains the physical channel identifier for this PPP session. These MIB variables together occupy one row entry (l2tpsessionstatsentry) in the L2TP session statistics table (l2tpsessionstatstable) in the L2TP MIB. Each instance of an PPP session on an L2TP tunnel results in a new row entry in the L2TP session statistics table. The NMS can request l2tpsessionstatstable statistics for: All instances of PPP sessions on active L2TP tunnels (all rows of the l2tpsessionstatstable) A specific instance of a PPP session on an active L2TP tunnel (one row of the l2tpsessionstatstable) To provision devices in your network to retrieve real-time values for these MIB variables, see Configuring L2TP MIB support and trap reporting on page 382. Shasta 5000 Broadband Service Node Provisioning Subscribers

382 Supported SNMP MIBs, variables, and statistics For information about how to use the show interface command to display real-time values for these MIB variables, see Using the Shasta CLI to view L2TP statistics on page 385. Tunnel failure/recovery trap messages The Shasta BSN generates and sends to a Network Management System (NMS) proprietary SNMP trap (notification) messages for L2TP tunnel failure and recovery events. The messages typically contain the following information: BSN identifier ISP name L2TP tunnel ifindex (for correlation to the Interface MIB and L2TP MIB) L2TP local tunnel name L2TP remote tunnel name L2TP tunnel type (LAC or LNS) Alarm Type = L2TP tunnel DOWN Occur Flag = A value of 1 indicates a tunnel failure; 2 indicates tunnel recovery To enable the Shasta BSN to send trap messages to a specific NMS, see Configuring L2TP MIB support and trap reporting (next). Configuring L2TP MIB support and trap reporting You can configure your network to allow the NMS to send SNMP requests and receive SNMP replies and trap messages directly from the BSN, or indirectly from the BSN through a Shasta SCS server (Figure 137). 214664-B Rev 00

Figure 137 SNMP management configurations Supported SNMP MIBs, variables, and statistics 383 Direct SNMP Management Shasta 5000 BSN SNMP Requests and Replies SNMP- Based NMS IP Network SNMP Trap Messages Indirect (Proxied) SNMP Management Shasta 5000 BSN SNMP Requests and Replies Shasta SCS Server SNMP Proxy Server SNMP Requests and Replies SNMP- Based NMS IP Network IP Network SNMP Trap Daemon SNMP Trap Messages SNMP Trap Messages (Relayed) 10286EA In the second configuration shown in Figure 137, the Shasta SCS server provides an SNMP proxy server to relay SNMP requests from the NMS to BSNs, and SNMP replies from BSNs back to the NMS. The SCS server also provides an SNMP trap daemon to relay SNMP trap messages from BSNs to the NMS. Shasta 5000 Broadband Service Node Provisioning Subscribers

384 Supported SNMP MIBs, variables, and statistics The following table identifies the UDP ports used by the Shasta BSN, the Shasta SCS server, and the NMS to send/receive SNMP requests, replies, and trap messages: Table 54 UDP ports used by the Shasta BSN UDP send/receive ports* System and SNMP functions Direct management Indirect (proxied) management Shasta BSN Requests/replies 161 5002 Trap messages 162 5003 Shasta SCS server (For indirect/proxied management only) Requests/replies N/A 5002 Trap messages 5003 SNMP NMS Requests/replies 161 5002 Trap messages 162 5003 * Default values. User can configure other values. You must use the SCS GUI to log on to the SCS server and: 1 Create an SNMP profile for your Shasta BSNs. (See the Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. 2 Bind the SNMP profile to each Shasta BSN, using one of the following two methods, as appropriate for your network configuration: SNMP direct management. (See the Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. SNMP indirect (proxied) management. (See the Shasta 5000 Broadband Service Node, Getting Started with the Service Creation System (SCS), Release 4.0. For general information about retrieving statistics over SNMP, refer to relevant RFCs and the NMS user documentation. 214664-B Rev 00

Supported SNMP MIBs, variables, and statistics 385 Using the Shasta CLI to view L2TP statistics To view statistics for L2TP tunnels (l2tptunnelstatstable entries) and PPP sessions on L2TP tunnels (l2tpsessionstatstable entries): 1 Log in to the Shasta BSN from which you need L2TP tunnel and PPP session statistics. 2 Enter the show interface command at the CLI prompt, using any of the options shown in the following table. Table 55 Show interface command syntax for viewing L2TP tunnel statistics Command show interface show interface isp=<ispname> show interface name=<ifname> show interface ifid=<ifid> Definition Shows statistics for all interfaces (including L2TP tunnels) on the BSN. Shows statistics for all interfaces (including L2TP tunnels) associated with a specific ISP on the BSN. Shows statistics for a specific L2TP tunnel identified by its interface name. Shows statistics for a specific L2TP tunnel identified by its tunnel ID. Examples: The following examples contain sample tunnel interface statistical values extracted by the show interfaces command on a specific Shasta BSN. For more information about the show interface command, see the Shasta 5000 Broadband Service Node Command Line Interface Guide-- Administration, Release 4.0. Shasta 5000 Broadband Service Node Provisioning Subscribers

386 Supported SNMP MIBs, variables, and statistics Example 1: Showing L2TP tunnels among all interface types Testnode (SSU)# show interface Name IP Address/Mask Type Connection Status mgmt-eth0(1) 192.32.207.58/26 mgmt Ethernet Up lo1(1) 127.0.0.1/8 mgmt Loopback Up if-cr-control:-192.32.168.1(67) 0.0.0.0/8 access IPSEC Up eth_to_v12k(3) 40.1.1.2/24 trunk Ethernet Down tp_v12k(3) 30.1.1.2/30 trunk ATM Up lt2p_trunk2(5) 10.1.0.2/24 trunk Ethernet Up if-l2tp-1(5) 0.0.0.1 access L2TP Tunnel Up if-8-0:0(5) (unnumbered) access L2TP Up Example 2: Showing L2TP tunnels associated with a specific ISP Testnode (SSU)# show interface isp=l2tp Name IP Address/Mask Type Connection Status lt2p_trunk2(5) 10.1.0.2/24 trunk Ethernet Up if-l2tp-1(5) 0.0.0.1 access L2TP Tunnel Up if-8-0:0(5) (unnumbered) access L2TP Up Example 3: Showing L2TP tunnels on a specific interface Testnode (SSU)# show interface ifid 5 if-l2tp-1 is Up, ISP: l2tp, interface type access, ifid: 135 Subscriber: 0 Layer-2 subnetwork type: L2TP Tunnel Local Tunnel Id: 1 MTU: 64000 Remote Tunnel Id: 1, Remote Host Name: l2tp-tunnel Remote Vendor Name: Nortel/ Shasta Networks Remote Peer Receive Window Size: 4 State: ESTABLISHED 39 packets received; 41 packets sent 0 discard packets received; 0 discard packets sent 994 bytes received; 895 bytes sent Number of Active Sessions: 1 Session: 16, Remote Session Id: 21, Ifid: 136 User Name: State: ESTABLISHED Call Type: LNS INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 214664-B Rev 00

Example 4: Showing a specific L2TP tunnel: Supported SNMP MIBs, variables, and statistics 387 Testnode(SSU)# show interface if-l2tp-1 if-l2tp-1 is Up, ISP: l2tp, interface type access, ifid: 135 Subscriber: 0 Layer-2 subnetwork type: L2TP Tunnel Local Tunnel Id: 1 MTU: 64000 Remote Tunnel Id: 1, Remote Host Name: l2tp-tunnel Remote Vendor Name: Nortel/Shasta Networks Remote Peer Receive Window Size: 4 State: ESTABLISHED 38 packets received; 40 packets sent 0 discard packets received; 0 discard packets sent 974 bytes received; 875 bytes sent Number of Active Sessions: 1 Session: 16, Remote Session Id: 21, Ifid: 136 User Name: State: ESTABLISHED Call Type: LNS INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 Shasta 5000 Broadband Service Node Provisioning Subscribers

388 Supported SNMP MIBs, variables, and statistics Example 5: Showing PPP sessions on a specific L2TP tunnel (call type -- LAC incoming) Testnode (SSU)# show interface if-l2tp-1 if-l2tp-1 is Up, ISP: isp04, VPN: 0, interface type access, ifid: 153 Subscriber: 0 Layer-2 subnetwork type: L2TP Tunnel Local Tunnel Id: 1 MTU: 64000 Remote Tunnel Id: 2, Remote Host Name: reg22 Remote Vendor Name: Nortel/Shasta Networks Remote Peer Receive Window Size: 4 State: ESTABLISHED 175 packets received; 186 packets sent 0 discard packets received; 0 discard packets sent 12351 bytes received; 13957 bytes sent Number of Active Sessions: 2 Session: 20, Remote Session Id: 34, connid: 0 User Name: margaret-l2tp@isp04 State: ESTABLISHED Call Type: LAC INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 Session: 148, Remote Session Id: 35, connid: 0 User Name: user1@isp04 State: ESTABLISHED Call Type: LAC INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 214664-B Rev 00

Supported SNMP MIBs, variables, and statistics 389 Example 6: Showing PPP sessions on a specific L2TP tunnel (call type -- LNS incoming) reg22(ssu)# show interface if-l2tp-2 if-l2tp-2 is Up, ISP: isp07, VPN: 0, interface type access, ifid: 205 Subscriber: 0 Layer-2 subnetwork type: L2TP Tunnel Local Tunnel Id: 2 MTU: 64000 Remote Tunnel Id: 1, Remote Host Name: reg21 Remote Vendor Name: Nortel/Shasta Networks Remote Peer Receive Window Size: 4 State: ESTABLISHED 653 packets received; 649 packets sent 0 discard packets received; 0 discard packets sent 56894 bytes received; 54967 bytes sent Number of Active Sessions: 2 Session: 34, Remote Session Id: 20, Ifid: 208 User Name: State: ESTABLISHED Call Type: LNS INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 Session: 35, Remote Session Id: 148, Ifid: 209 User Name: State: ESTABLISHED Call Type: LNS INCOMING Receive Connection Speed: 0, Sent Connection Speed: 0 Physical Channel Id: 0 Shasta 5000 Broadband Service Node Provisioning Subscribers

390 Supported SNMP MIBs, variables, and statistics 214664-B Rev 00

Appendix D List of Acronyms 391 ABR ACPS ADSL AF AIS ALC ANSI API ARP AS ATM BER BGP BOOTP BSN CBR CGI Cid CIDR CLEC CLI Available Bit Rate AC Power Shelf Asymmetric Digital Subscriber line Assured Forwarding Alarm Indication Signal ATM Line Card American National Standards Institute Application Programming Interface Address Resolution Protocol Autonomous Systems Asynchronous Transfer Mode Bit Error Rate Border Gateway Protocol Boot Protocol Broadband Service Node Constant Bit Rate Common Gateway Interface Connection Identifier Classless Inter-Domain Routing Competitive Local Exchange Carrier Command Line Interface Shasta 5000 Broadband Service Node Provisioning Subscribers

392 List of Acronyms CMC CMTS CNM CORBA CPE CT3 DARPA DHCP DIMM DNS DoS DP DSCP DSL DSLAM EF EGP EMS FCS FDDI FELC FQDN FTP GELC GFR GUI HDLC Control and Management Card Cable Modem Termination System Customer Network Manager Common Object Request Broker Architecture Customer Premise Equipment Channelized T3 Department of Defence Advanced Research Projects Agency Dynamic Host Configuration Protocol Dual in-line Memory Module Domain Name Server Denial of Service Drop Priority DiffServ Code Point Digital Subscriber Line Digital Subscriber Line Access Multiplexer Expedited Forwarding Exterior Gateway Protocol Element Manager System Field Check Sequence Fiber-Distributed Data Interface Fast Ethernet Line Card Fully Qualified Domain Name File Transfer Protocol Gigabit Ethernet Line Card Guaranteed Frame Rate Graphical User Interface High Speed Digital Subscriber Line 214664-B Rev 00

List of Acronyms 393 HTML HTTP ICMP ICP IDL IEC IETF IGMP IGP IIOP IKE ILEC ILMI inarp IOR IP IPSec ISDN IS-IS ISO isos ISP L2TP LAC LAN LDAP LNS Hypertext Mark-up Language Hypertext Transfer Protocol Internet Control Message Protocol Intelligent Cell Parser Interface Definition Language. Interexchange carrier Internet Engineering Task Force Internet Group Management Protocol Interior Gateway Protocol Internet Inter-ORB Protocol Internet Key Exchange Incumbent local exchange carrier Interim Local Management Interface Inverse ARP Interoperable Object Reference Internet Protocol IP Security Integrated Service Digital Network Intermediate System - Intermediate System International Standards Organization IP Services Operating System Internet Service Provider Layer 2 Tunneling Protocol L2TP Access Concentrator Local Area Network Lightweight Directory Access Protocol L2TP Network Server Shasta 5000 Broadband Service Node Provisioning Subscribers

394 List of Acronyms LSA MAC MIB MLPPP MPLS MRU MTU NAT NEBS NFS OMG ORB OSPF PCMCIA PCP PDSN PHB PID PING POP PPP PPPoE PUPS PVC QoS RADIUS RFC Link State Advertisement Media Access Control Management Information Base Multilink PPP Multi-protocol Label Switching Maximum Receive Unit Maximum Transmit Unit Network Address Translation Network Equipment Building Standards Network File System Object Management Group Object Request Broker Open Shortest Path First Personal Computer Memory Card International Association Personal Content Portal Packet Data Serving Node Per-Hop Behavior Process ID Packet Internet Groper Point of Presence Point-to-Point Protocol Point-to-Point Protocol over Ethernet Point of Use Power Supply Permanent Virtual Circuit Quality of Service Remote Authentication Dial-in User Service Request for Comment 214664-B Rev 00

List of Acronyms 395 RIP RSVP SCS SFC SLA SMTP SNMP SONET SPM SQL SRTCM SSC SSM SSP SVC TCP ToS TRTCM TTL UBR UDP UNI VBR VC VCC VCI VLAN Routing Information Protocol Resource Reservation Protocol Service Creation System Switch Fabric Card Service Level Agreement Simple Mail Transfer Protocol Simple Network Management Protocol Synchronous Optical Network Subscriber Policy Manager Structured Query Language Single Rate Three Color Marker Subscriber Service Card Subscriber Service Module Subscriber Service Processor Switched Virtual Circuit Transmission Control Protocol Type of Service Two Rate Three Color Market Time to Live Unspecified Bit Rate User Datagram Protocol User-to-Network interface Variable Bit Rate Virtual Circuit Virtual Circuit Connection Virtual Connection Indicator Virtual LAN Shasta 5000 Broadband Service Node Provisioning Subscribers

396 List of Acronyms VoIP VP VPC VPDN VPI VPN VPRN WAN WFQ WRED WWW Voice over IP Virtual Path Virtual Path Connection Virtual Private Dialed Network Virtual Path Indicator Virtual Private Network Virtual Private Routed Network Wide Area Network Weighted Fair Queueing Weighted Random Early Detection World Wide Web 214664-B Rev 00

Glossary 397 802.1q An IEEE standard that defines a method of establishing Virtual Local Area Networks (VLANs). This standard uses an established new frame type called a tagged frame that provides a way to maintain priority information across local area networks. An 802.1q encapsulation type is available for use when configuring the access (subscriber) side of the Shasta 5000 BSN. 1483-LLC-R An LLC routing protocol used as an encapsulation method when creating an access connection. 1483-LLC-B An LLC bridging protocol used as an encapsulation method when creating an access connection. 1483-VCmux-R-IP A virtual circuit IP routing protocol used as an encapsulation method when creating an access connection. access connection A dedicated connection between the Shasta 5000 BSN, typically located at an ISP, and a device at the location of subscriber, typically a private home or a corporation. accounting A process where the number of packets being transmitted to and from a device are tracked. assured forwarding (AF) classification A means for a provider to offer different levels of forwarding assurances for IP packets received from a customer domain. Four AF classes are defined. They are: Shasta 5000 Broadband Service Node Provisioning Subscribers

398 Glossary Class 1 Class 2 Class 3 Class 4 Each class has a priority level or weight assigned to it identifying a different amount of reliability that will be assigned to a packet to be forwarded. Within each AF class, IP packets are marked with one of three possible drop precedence values. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the AF class. There are three drop precedence values: Low drop precedence Medium drop precedence High drop precedence Each precedence level has a priority level of weight assigned to it identifying a different amount of disposability that will be assigned to a packet when it is being forwarded. The level of forwarding assurance of an IP packets depends on: How much forwarding resources have been allocated to the AF class that the packet belongs to The current load of the AF class The drop precedence of the class bonding bundle Synchronization between multiple streams at the bit level. A virtual link that has multiple PPP sessions between two systems. captive IP address The IP address of the designated Personal Content Portal Web server. captive mode A state where an HTTP request has been redirected to a designated Personal Content Portal Web site. card list 214664-B Rev 00

client Glossary 399 An area in the Device Manager window that lists all cards that are configured on a selected device (for example, an ATM-OC12, CT-3, FELC, or CMC). A Windows or UNIX computer that is connected to a Shasta 5000 BSN through an SCS server and runs the SCS GUI software. The client enables a network administrator to view and configure settings using the SCS. connection A logical or physical conduit between either an interface on the Shasta 5000 BSN and a port on a device on a service provider network or a port on the Shasta 5000 BSN and a port on a service provider network where transmission and receiving of data occur between both entities. The contact can be made between both the Shasta 5000 BSN and a dedicated device on the service provider network or between a Shasta 5000 BSN and a group of devices or a subnetwork on a service provider network. controller IP address The IP address of a device that is enabled to send confirmation messages to a Shasta 5000 BSN. device list An area in the Device Manager window that lists all Shasta 5000 BSNs that have been added to the current region. DiffServ A mechanism that enables the Shasta BSN to queue, forward, or drop packets with differentiated levels of service priority, as defined by the Shasta BSN Assured Forwarding classes for packets. drop priority A method for prioritizing packets such that conditions are established for dropping packets when needed. dynamic topology A category of VPN methods that presupposes VPNs only occurring between Shasta 5000 BSNs that have subscribers mapped to them. egress DiffServ Shasta 5000 Broadband Service Node Provisioning Subscribers

400 Glossary A policy that applies to traffic travelling from the ISP where the Shasta 5000 BSN is located toward the subscriber that defines Assured Forwarding classes for each packet. encapsulation A method of wrapping IP packets with a packet header (and other fields) associated with a different protocol, such as the L2TP, GRE, or PPPoE tunnelling protocols. endpoint discriminator event firewall An ID used to group multiple PPP sessions into a bundle. An SNMP message that indicates an irregular activity as defined by a threshold or by a hard system setting. A barrier that controls the flow of traffic between networks, typically between a corporate network and the Internet, but also between divisional networks or intercompany networks. full mesh topology A VPN topology where all Shasta 5000 BSNs in a network can connect to each other over IPSec tunnels bridging all device pairs. hijacking The process of redirecting an HTTP request to a designated Personal Content Portal Web site into a noncaptive mode state. HTTP request A packet sent to a Web server requesting transmission of information on the site. hub-and-spoke topology A VPN topology method that permits connections only between remote or spoke Shasta 5000 BSNs with a designated core or hub Shasta 5000 BSNs. icon bar 214664-B Rev 00

IGMP Glossary 401 An area to the left of a list in several of the manager windows that contains a navigation tree of the current manager s objects. Internet Group Management Protocol. A protocol used by IP hosts to report their host group memberships to any immediately neighboring multicast device. interception The process by which a Personal Content Portal server redirects a subscriber s HTTP request. interface A portion of a port that has been divided into multiple segments, each with its own distinct address. Typically, a logical entity. intruder detection A concept where unauthorized packets destined for an address are identified. A possible action can occur in response to the detection. IP address The 32-bit binary number that identifies a host connected to the Internet or to other Internet hosts, for the purposes of communication through the transfer of packets. An Internet Protocol network address in the standard form XXX.XXX.XXX.XXX where the left-most value is the network identification and the three right-most values, separated by periods, are the host identification. IPSec tunnel A tunnel that uses the Internet IP security protocol. In conjunction with a full suite of supporting cryptographic protocols and key management, it provides services such as privacy, authentication, and message integrity. L2TP tunnel A tunnel that uses the L2TP standard. LDAP server Lightweight Directory Access Protocol. An IEEE protocol for accessing certain online services such as searching directories over TCP/IP. Shasta 5000 Broadband Service Node Provisioning Subscribers

402 Glossary LLC LNS Logical Link Control protocol which is part of the data link layer in the OSI protocol stack. Provides a common interface and reliability and flow control features. When LLC receives information from the network layer, it frames the information for an appropriate port on the destination system. Logical Network Server. L2TP Layer 2 Tunneling Protocol Network Server. load balancing A way of distributing data evenly across various nodes. local address The address of the Shasta 5000 BSN. This can be the address of a port or an interface on the Shasta 5000 BSN. log server login An entity separate from the region server that is responsible for writing service logs and accounting information and sending the information to the Shasta 5000 Broadband Service Node. A string that, entered with the correct SCS password, enables you to access a Shasta 5000 BSN server, using the SCS software. Once connected to a server that connects to one or several Shasta 5000 BSNs, you can view and configure settings on a designated Shasta 5000 BSN. login rate The number of subscribers that can log in to a Shasta 5000 BSN per second. maximum-receive-reconstructed unit (MRRU) - LCP Option MIB A system that uses this to indicate that it wants to perform multilink PPP. Management Information Base. MIB variable A value in a MIB that enables the MIB to operate correctly. 214664-B Rev 00

Glossary 403 multicast The transmission of an IP packet to a subscriber group that contains a set of subscribers identified by a single IP destination address. A multicast packet is delivered to all members of its destination subscriber group with the same best-efforts reliability as regular unicast IP packets, in other words, the packet is not guaranteed to arrive intact at all subscribers in any prescribed sequence. multicast group A group of subscribers with similar properties that will have data replicated to them by multicast IGMP using one subscriber as the relay. multicast relay A method that allows subscribers to send multicast traffic. Multicast trafic is replicated internally to group subscribers and is also forwarded to multicast uplinks (trunks) connected to the core multicast enabled network. multicast subscriber A subscriber in a multicast group that will have a data stream replicated to it by a multicast relay. network address translation A method of translating private network addresses into unique public network addresses. network core The portion of the network where all the data is switched or routed to end nodes and other networks. This region is typically populated by backbone routers and switches. network edge The portion of the network that resides between the subscriber and the ISP. This region is typically populated by aggregation devices such as the Shasta 5000 BSN. non-captive mode A state where future HTTP requests by a subscriber are enabled to be directed to their intended site. Shasta 5000 Broadband Service Node Provisioning Subscribers

404 Glossary opaque Indicates no encapsulation method is used when creating an access connection. password A string that, entered with the correct SCS login name, enables you to access a Shasta 5000 BSN server, using the SCS software. The default string is do. The string can be changed to be any alphanumeric string from 1 to 32 characters. Examples of passwords are: colorado, 56789, spitfire14, gary, and kq7ii4f. SCS passwords are not case-sensitive. per connection rate limit The maximum bandwidth available for a single connection belonging to the traffic type. All of these parameters only take effect during times of link congestion. personal network portal service Redirects a subscriber s HTTP request from its intended site to a customized Web site, enabling the subscriber to access specific HTML pages from the Personal Content Portal Web site. point-to-point connection A type of connection where the Shasta 5000 BSN transmits and receives data to and from a dedicated device on the service provider network. point-to-multipoint connection policy A type of connection where the Shasta 5000 BSN transmits and receives data to and from a group of devices on a service provider network. A set of conditions, all or some of which must be met, for a packet to be transmitted or received. port limit The maximum PPP sessions in the bundle. PPP/ATM A Point-to-Point Protocol/Asynchronous Transfer Mode encapsulation type used as an encapsulation method when creating an access connection. 214664-B Rev 00

Glossary 405 Primary SCS server proxy The main SCS UNIX server that connects the client to the Shasta 5000 BSN. A device that acts as an agent of a network that requires services or management. pull server RADIUS A pull server polls the LDAP server to gain information about subscribers. An industry-standard authorization method. rate limit The maximum bandwidth available to a given traffic type across the link. rate weight region Determines what percent of the available bandwidth a given traffic type can use during times of congestion. An area of a server to which collections of Shasta 5000 BSNs are mapped for ease in locating them and increased performance. A region can contain up to 16 Shasta 5000 BSNs. regional SCS server A secondary SCS UNIX server that is dedicated to creating regions for device mapping. remote address The address of the device or group of devices on the service provider network. replication The process of distributing data to multiple subscribers within a subscriber group based on the data received by a single baseline subscriber. selective discard A packet dropping scheme used in Assurance Forwarding when attempting to minimize long-term congestion within each class, while allowing short-term Shasta 5000 Broadband Service Node Provisioning Subscribers

406 Glossary server congesting resulting from bursts for priority packets. An example of this type of scheme is Random Early Drop (RED). This is accomplished by detecting and responding to long-term congestion within each class by dropping packets while handling short-term congestion by queueing packets. This implies the presence of a smoothing or filtering function that monitors the instantaneous congestion level and computes a smoothed congestion level. The dropping scheme uses this smoothed congestion level to determine when packets should be discarded. Ranges of packet discard behaviors are defined. A UNIX computer that enables the Shasta 5000 BSN to communicate with the SCS client so that a network administrator can view and configure settings using the SCS. server domain name A text name of a Shasta 5000 BSN server. service policy A set of conditions that influences the way a Shasta 5000 BSN responds to a customer with respect to packet transmission. service profile A set of service policies. Shasta 5000 BSN Often called the device, this is the aggregation device to which SCS is connecting you (the client) through the platform of the SCS server. Shasta 5000 BSN server SNMP A UNIX computer that provides a conduit from an SCS client to view or configure a Shasta 5000 BSN. Simple Network Management Protocol. A method used to manage multiple devices in one or heterogeneous environments. 214664-B Rev 00

Glossary 407 SSP The fundamental subscriber processing unit in the Shasta BSN. It is responsible for all subscriber routing, termination, and application of IP services. trunk connection tunnel An aggregated or non-aggregated connection between the Shasta 5000 BSN, typically located at an ISP, and a device or multiple devices on a service provider network. An isolated, virtual path that extends across an intervening IP network. The virtual path is implemented by means of encapsulation protocols, such as L2TP, GRE, PPPoE and IPSec. Typically, a tunnel is used as a networking connection that permits a device using one protocol to connect to a device using another protocol. The Shasta 5000 BSN uses IPSec tunnels to create VPNs. unresolved object A placeholder that allows for a service policy to be customized to meet the needs of an individual subscriber. virtual private networks VPN A method of providing segmentation and optionally security across a common backbone infrastructure. Virtual private network. A private connection, typically on an organizational intranet that enables a subscriber to use the Internet to contact a destination, replacing the more cumbersome, more costly, and less reliable leased line method of accessing a remote site. Shasta 5000 Broadband Service Node Provisioning Subscribers

408 Glossary 214664-B Rev 00

409 Index Symbols /realm/user@domain. See FQDN Numbers 1483-LLC-B 397 1483-LLC-R 397 1483-VCmux-R-IP 397 802.1q 397 A AAA about 52 authentication supported 52 on bridged PPPoE tunnels 320 access about 299 connection 397 group 51, 341 configure 341 server settings 342 session parameters 343 properties about 59 configurable 59, 60 profiles 331 routing 73 BGP 73, 77 dynamic 73 OSPF 73, 76 policies 90 properties 71 RIP 73, 76 rules 90, 91 static 73, 75 summary 75 side, defined 49, 72, 323 subnet reachability 73 accounting 52 about 345, 397 configure 345 elements 345 objects 350 profiles 69, 331, 347, 349 viewing in Log Manager 351 addressing DHCP 63 for a static subscriber 313 for a subscriber behind an access router 314 for a subscriber on a bridge group 317 for a subscriber on a bridged subnet 316 for a subscriber tunnelling through an ATM bridge 319 for an IP demux static child subscriber 314 pool for dynamic subscribers 321 AS 72 assured forwarding 397 ATM-Forum MIBs ADDR-REG 374 MIB 374 SRVC-REG 374 attributes, SPM logging 367 authentication 52 for bridged and routed subscribers 52 for PPP subscribers 52 for VPN subscribers 52 request options 61 authorization 52 Shasta 5000 Broadband Service Node Provisioning Subscribers

410 Index autonomous system 72 B BGP about 73, 77 confederations 94, 205 configure 177 EBGP multihop 79 enable 177 prefix addresses 193 route advertising 93 aggregation 93 redistribution 79 bridge group 105 broadcast interface 131 bundle 398 C captive mode 398 CHAP 52 confederations, BGP 205 configure BGP 177 customers 101 domains 101 groups 101 IGMP 225 IP demux 111 IS-IS 209 OSPF 153 route policies 241 routing properties 241 subscriber access profiles 331 subscriber accounting 345 subscribers 281 trunk connections and interfaces 123 trunk interface 125 connection ID 283, 300, 301, 309 connections 399 access 397 dedicated 33 point-to-multipoint 404 point-to-point 404 trunk 123 contexts, defined 46 conventions, text 26 customer about 101 add 101 configure 101 customer support 29 D DHCP 63, 331, 343 adding a profile 334 Remote ID 64 Dialed Number Identifier Service (DNIS) 107 DiffServ about 399 egress 399 discriminator, endpoint 400 domain 46, 101 configure 101 group 104 Domain Name Service (DNS) 343 drop priority 399 dynamic topology 399 E egress DiffServ 399 encapsulation 300, 301, 400 endpoint discriminator 400 events 93, 244, 251, 253, 255, 366, 367, 400 F fabric-to-ssm interface 87 firewall 400 214664-B Rev 00

Index 411 flags 368 forwarding, assured 397 FQDN about 46 disconnect listening option 62 full mesh topology 400 G GR-253-CORE 371 groups access 51, 341 bridge 105 configure 101 domain 104 multicast 403 H hidden addresses for IP demux static child subscribers 41 I icon bar, SCS 400 ID BGP confederation 179 cluster 179 connection 283, 300, 301, 309 IS-IS NET 86 key IS-IS 213, 218, 221 OSPF 171 MIB object 375 OSPF area 77 router BGP 84 IP 126 OSPF 155 subscriber account 292 instance 368 system 86, 215 tunnel 377, 379, 385 VLAN 124, 363 IGMP about 86, 401 configure 225 multicast scaling enhancements 87 profile 68, 331, 343 IKE profile 65, 332 ingress 50 interception 401 interface broadcast 131 fabric to SSM 87 layer 1 85 layer 2 85 MTU size 55 network 92 routing backup 73 routing redundancy 73 subscriber stats 361 trunk 125 Intermediate System to Intermediate System. See IS-IS Internet Key Exchange. See IKE intruder detection 401 IP address 401 IP demux address range 116 configure 111 hiding static child subs 41 subscriber container 116 IPSec profile 332 tunnel 401 IS-IS about areas 85 authentication 217, 218, 220 configure 209 for Layer 1 devices 85 for Layer 2 devices 85 Shasta 5000 Broadband Service Node Provisioning Subscribers

412 Index J importing routes 222 summary routes 216 join limits IGMP 89 multicast 89 K key ID 171, 213, 218, 221 L L2TP MIB 376 tunnel 401 LAC 304 LDAP server 401 leaf master SSP 88 leaf slave SSP 88 leaf VCs 87 link state advertisement. See LSAs LLC 402 LMSSP 88 LNS 402 load balancing 402 local address 402 log attributes, SPM 367 header, TLV brief 368 detail 369 verbose 369 message timestamp 368 server 365, 402 subscriber 365 login rate 402 SCS 402 LSA M maximum-receive-reconstructed unit (MRRU) 402 messages BGP 83 SNMP trap 382 MIB 402 ATM 375 L2TP 376 object ID 375 ssg-5000-chassis-mib 377 statistics, type L2TP and PPP over L2TP 376 variable 402 MMSSP 87 mode captive 398 non-captive 403 monitor subscribers 353 MSID 107 MTU, subscriber access interface 55 multicast 403 about 86 configure 225 group 68, 403 IGMP 86 join limits 89 relay 403 scaling enhancements 87 stream 87, 88, 90 subscriber 403 tree 87 N NAT 403 directly connected, implicit 41 directly-connected, for IP demux static subs 41 for IP demux static child subscribers 41 network 214664-B Rev 00

Index 413 address translation (NAT) 403 core 403 edge 403 interface 92 non-captive mode 403 O object ID 375 object, unresolved 407 opaque 404 operation, policy 367 OSPF area 156, 160 area ID 77 area range 162, 166 configure 153 on a trunk interface 172 routing 76 outbound tunnels, configuring 308 P PAP 52 password, SCS 404 personal content portal (PCP) 52 personal network portal service (PNPS) 404 point-to-multipoint connection 404 trunk interface, configure 127 point-to-point connection 404 policies routing 90 policy 404 operation 367 routing 90 configure 242 service 50 port limit 404 PPP over ATM 404 profile 66, 331, 339 session throttling 66 PPPoEoA (PPPoE over ATM) 68 Primary SCS server 405 product support 29 profile access 331 accounting 331 adding PPP 339 DHCP 63, 331 IGMP 331 IKE 332 IPSec 332 PPP 66, 331 RADIUS 61, 331 profiles DHCP 334 properties, routing 71, 74 protocols DHCP 63 routing 74 proxy 225, 405 ARP 302 IGMP 86, 87, 226 SNMP 383 publications hard copy 29 related 28 pull server 289, 290, 405 R RADIUS 405 authentication 61 profile 61, 331 profile, override 342 server. See AAA rate limit 405 weight 405 Shasta 5000 Broadband Service Node Provisioning Subscribers

414 Index realm 46 region SCS 405 relay multicast 403 SNMP 383 remote address 405 Remote ID, DHCP 64 RFCs (Request For Comments) 371 RIP global instance, enable 143 interface 149 on a trunk interface 144 routing 76, 143 route policies, configure 241 properties, configure 241 reflectors 80 router ID 84, 126, 155 routes, importing 222 routing advertising and redistributing routes 79 aggregating routes 93 backup L3 interface 73 BGP 77 confederations 94 for VPRN subscribers 84 messages 83 BGP communities and community lists 80 BGP prefix addresses 82 defined 72 EBGP 78 multihop 79 IBGP 78 IGMP multicasting 86 importing routes from other protocols 93 interface 73 IS-IS 85 OSPF 76 policies 90 properties 71 protocols and properties 74 RIP 76, 143 route reflectors 80 rules 91 summary 75 rules, routing 90, 91 S SCS icon bar 400 login 402 password 404 region 405 server domain name 406 server IP address 401 SecureID 52 security, encryption 53 selective discard 405 Selective Discard, definition 405 server 406 configuration 342 domain name 406 LDAP 401 log 365 pull 289, 290 RADIUS 61 SCS primary 405 SNMP 383 service policies 50 services, contexts 46 session parameters, access group 343 Shasta 5000 BSN integration with back-office systems 52 services. See services SNMP relay 383 server 383 trap messages 377, 382 SONET-MIB 374 SPM logging attributes 367 214664-B Rev 00

Index 415 ssg-5000-chassis-mib 377 static subscribers 32 static route 75, 135, 136, 137 static subscriber 32 static subscribers hiding addresses (NAT) 41 statistics individual PPP sessions 380 L2TP 376 tunnel aggregate 377 tunnel profile and aggregate PPP sessions 378 subdomain 46 subscriber about 31 access interface MTU size 55 access methods 299 access profiles, configuring 331 account ID 292 configuration requirements 34 dynamic 33 instance ID 368 interface 361 interface MTU size 297 IP demux container 36 logging 365 multicast 403 static 32 template 108 types 31 Subscriber Manager access groups 51 subscribers hiding IP demux static subs 41 summary route 75, 216 add 140 configure 139 support, Nortel Networks 29 Switch Fabric Card (SFC) 89 system ID 86, 215 T technical publications 29 technical support 29 template, subscriber 108 text conventions 26 throttling, PPP session 66 timestamp, log message 368 TLV logging header brief 368 detail 369 verbose 369 topology, dynamic 399 traps reporting 382 SNMP 382 trunk configure 123 connection 124, 407 interface 125 broadcast 131 configure 125 Ethernet 131 point-to-multipoint 127 point-to-point 126 side defined 49, 72, 323 routing protocols supported 49, 72, 323 tunnel 407 ID 377, 379, 385 IPSec 401 L2TP 401 outbound connection 308 U unresolved object 407 V virtual circuit (VC), leaf 87 virtual private network 407 Shasta 5000 Broadband Service Node Provisioning Subscribers

416 Index VLAN ID 124, 363 VPN 407 IKE 52 security encryption 53 IPSec 53 214664-B Rev 00