76 8600 50122i 8600 smart routers IP forwarding and traffic management configuration guide

The followinginterface configuration guides are available: • 8600 Smart Routers Network Interfaces ConfigurationGuide 76.8600-50161 for 8602 Smart Router, 8615 SmartRouter and 8665 Smart

IP Forwarding and Traffic Management

Configuration Guide

76.8600-50122I 20.05.2015

Revision History Document No Date Description of Changes

76.8600-50122I 20.05.2015 Added 8665 Smart Router supported functionality in:

• 6.5 Platform ACL Support Summary

• 5 Network Level Policies

• 8.2.4 QoS Classification and Remarking in QinQ Interfacein

8.2.2 QoS Mapping Tables

• 8.5.3 Shaping in 8615 Smart Router and ELC1

Updates/changes applied in:

• 6 Access Control Lists

• 8.1 DiffServices Features

• 8.2.2 QoS Mapping Tables

• 8.3 QoS Policing

• 8.4.3 Maximum Configurable Queue Length

• Multi-VLANs Shaping Configuration

• 9.4.4 Port Shaping Configuration

Added:

• 8.2.3 QoS Classification

• 8.2.4 QoS Classification and Remarking in QinQ Interface

• 8.2.5 LU1 Ingress Overbooking Management

• 9.1.1 Configuring Hierarchical QoS Classification

76.8600-50122H 04.11.2014 Added 8615 Smart Router supported functionality in:

• 6.5 Platform ACL Support Summary

• 8 Differentiated Services

Reworked2.2 DHCP Support.Changes applied in6 Access Control Lists.Updated8.2.6 Graceful QoS

Added ELC1 support of QinQ and multi-VLANs shaping in

8.5.3 Shaping in 8615 Smart Router and ELC1.Updates applied in9 Differentiated Services ConfigurationExamplessection:

• 9.3 Queue Management and Scheduling Configuration

• VLAN Shaping Configuration

• Multi-VLANs Shaping Configuration

• 9.4.4 Port Shaping Configuration

The functionality described in this document for 8615 Smart Router is also applicable to 8615 Smart Router stacked, unless otherwise stated.

© 2015 Coriant All rights reserved.

This manual is protected by U.S and international copyright laws, conventions and treaties Your right to use this manual is subject to limitations and restrictions imposed by applicable licenses and copyright laws Unauthorized reproduction, modification,

distribution, display or other use of this manual may result in criminal and civil penalties.

The specifications and information regarding the products in this manual are subject to change without notice All statements, information, and recommendations in this manual are believed to be accurate but are presented without warranty of any kind,

express or implied Users must take full responsibility for their application of any products.

Adobe ® Reader ® are registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

Terms and Abbreviations Term Explanation

ACL Access Control ListAFx Assured Forwarding (x = 1 4)ARP Address Resolution ProtocolATM Asynchronous Transfer Mode

CIDR Classless Inter-Domain RoutingCIR Committed Information RateCLI Command Line InterfaceCoS Class of Service

CPU Central Processing UnitCS7 Class Selector 7C-VLAN Customer VLAN

DA Destination AddressDBA DiffServ Behavior AggregateDHCP Dynamic Host Configuration ProtocolDiffServ Differentiated Services

DS3 Digital Signal level 3 (T3)DSCP DiffServ Code PointECMP Equal-Cost Multi-Path

EF Expedited ForwardingELC1 Ethernet Line Card in 8630 Smart Router, 8665 Smart RouterELP Ethernet Link Protection

E-LSP EXP-Inferred-PSC LSPs, or Explicitly TC-Encoded-PSC LSPsFCS Frame Check Sequence

FIB Forwarding Information Base

FTP File Transfer Protocol

GE Gigabit Ethernet

ICMP Internet Control Message ProtocolIETF Internet Engineering Task ForceIFC Interface Module Concentrator is the line card baseboardIFC line card The IFC line card in 8630 Smart Router and 8660 Smart Router and consists of an

IFC and up to two IFMs There are two types of IFC line cards: IFC1 and IFC2IFM Interface Module

IGP Interior Gateway ProtocolINM 8000 Intelligent Network ManagerIOM Ingress Overbooking Management

IP Internet ProtocolIPv4 IP version 4IPv6 IP version 6IRB Integrated Routing and BridgingIS-IS Intermediate System to Intermediate Systemkbps Kilobit per Second

LDP Label Distribution Protocol (MPLS)L-LSP Label-Only-Inferred-PSC LSP

LSP Label Switched Path

Lx Layer in the OSI model, where x refers to the numberLU1 Line Unit in 8665 Smart Router

MAC Media Access ControlMbps Megabit per Second

MGMT Management PortMLPPP Multilink PPPMPLS Multiprotocol Label SwitchingMTU Maximum Transfer Unit aka Maximum Transmission Unit

NA Not Applicable/AppliedNBMA Nonbroadcast Multiaccess

NSSA OSPF Not-so-Stubby AreaOSPF Open Shortest Path FirstPBR Policy-Based Routing

PBS Peak Burst Size

PHB Per-Hop BehaviorPIR Peak Information RatePPP Point-to-Point ProtocolPOS Packet over SDH/SONETPSC PHB Scheduling ClassPSN Packet-Switched NetworkPTP Precision Time ProtocolPWE3 Pseudowire Emulation Edge to EdgeQinQ IEEE 802.1 QinQ

QoS Quality of ServiceRAL Reverse Address LookupRED Random Early DetectionRIB Routing Information BaseRIP Routing Information ProtocolRNC Radio Network Controller

TCP Transmission Control ProtocolTDM Time Division Multiplexingtr-TCM two-rate Three-Color MarkerUDP User Datagram ProtocolVCI Vendor Class IdentifierVGS VLANs Group ShapingVoIP Voice over IP

VPN Virtual Private NetworkVRF VPN Routing and Forwarding

VRRP Virtual Router Redundancy ProtocolVSI Virtual Switching Instance

WAN Wide Area NetworkWFQ Weighted Fair QueuingWRED Weighted Random Early Detection

Table of Contents

About This Manual 13

Objectives 13

Audience 13

8600 Smart Routers Technical Documentation 13

Interface Numbering Conventions 17

Document Conventions 17

Documentation Feedback 17

8600 Smart Routers Discontinued Products 18

1 Internet Protocol 19

1.1 Overview 19

1.2 IP Addressing 19

1.2.1 IPv4 Addressing 19

1.3 Neighbor Maintenance 20

1.3.1 Address Resolution Protocol (ARP) 20

1.4 IP References 23

2 Dynamic Host Configuration Protocol (DHCP) 24

2.1 Overview 24

2.2 DHCP Support 24

2.3 DHCP Client 25

2.3.1 8600 NEs Behavior 26

2.3.2 DHCP Client Vendor Class Identifier (Option 60) 26

2.4 DHCP Relay Agent 26

2.4.1 DHCP Relay Agent Information Option (Option 82) 27

2.4.2 DHCP Relay-Server Configuration 28

2.5 NE Autoconfiguration 28

2.5.1 Enabling Autoconfiguration 29

2.5.2 Interface Scanning 29

2.5.3 Automatic Configurations 30

2.6 DHCP References 30

3 IP Static Routing 31

3.1 Static Route Configuration 31

3.2 Static Routes 32

3.2.1 Null Static Route 35

3.3 Recursive Routes 36

3.4 MPLS Recursive Routes 38

3.5 IP Static Routes References 39

4 IP Configuration Examples 40

4.1 IP Basic Configuration 40

4.1.1 Configuring an IPv4 Address 40

4.1.2 Configuring Static ARP entry 40

4.2 DHCPv4 Configuration 41

4.2.1 DHCP Manual Autoconfiguration 41

4.2.2 DHCP Relay Configuration 42

4.2.3 DHCP Configuration Status 43

4.3 IP Static Routing Configuration Examples 44

4.3.1 IPv4 Static Routing 44

4.3.2 Management Network Connectivity with Static Routes 47

4.3.3 Inter VRF Static Routing 48

4.3.4 Recursive Static Routing 50

5 Network Level Policies 53

5.1 Overview 53

5.2 Concept of MTU 53

5.3 References 55

6 Access Control Lists 56

6.1 Hidden Rules 56

6.2 Packet Handling 57

6.2.1 Action QoS 57

6.2.2 Action Map-Route 57

6.2.3 Action Service-Policer 58

6.3 Filter 58

6.3.1 Address Fields 59

6.3.2 TCP Code Bits 59

6.3.3 Source and Destination Port Fields 60

6.3.4 Fragments Field 63

6.3.5 Simple Fields 63

6.4 ACL Resources 64

6.4.1 ACL Resources Usage Behavior 64

6.4.2 ACL Resources Optimization 64

6.5 Platform ACL Support Summary 64

6.6 ACL Statistics 65

7 Access Control Lists Configuration Examples 66

7.1 ACL Entries 66

7.2 ACL Configuration 68

7.3 CodeBits Field 70

7.4 Port Fields 71

7.5 Fragments Field 72

7.6 Action QoS 74

7.7 Action Map-Route 74

7.8 Action Service-Policer 74

8 Differentiated Services 76

8.1 DiffServices Features 76

8.2 Classification 78

8.2.1 Multi-Field Classification 79

8.2.2 QoS Mapping Tables 79

8.2.3 QoS Classification 80

8.2.4 QoS Classification and Remarking in QinQ Interface 81

8.2.5 LU1 Ingress Overbooking Management 82

8.2.6 Graceful QoS 83

8.3 QoS Policing 84

8.3.1 QinQ Interface 88

8.3.2 Limitations and Restrictions 88

8.4 Queue Management and Scheduling 89

8.4.1 Queue Management 89

8.4.2 Scheduling 93

8.4.3 Maximum Configurable Queue Length 95

8.5 Shaping 96

8.5.1 Levels of Shaping 96

8.5.2 Shaping in IFC Line Cards and 8620 Smart Router 98

8.5.3 Shaping in 8615 Smart Router and ELC1 102

8.5.4 Shaping in LU1 105

8.5.5 Shaping in 8605 Smart Router and 8607 Smart Router 106

8.5.6 Shaping in 8602 Smart Router and 8609 Smart Router 107

8.5.7 Shaping in 8611 Smart Router 109

8.6 References 109

9 Differentiated Services Configuration Examples 110

9.1 Classification Configuration 110

9.1.1 Configuring Hierarchical QoS Classification 113

9.2 QoS Policers Configuration 114

9.2.1 Policing High Priority Traffic 114

9.2.2 Policing AFx Traffic 115

9.2.3 Policing BE Traffic 115

9.2.4 Removing QoS Policer 116

9.3 Queue Management and Scheduling Configuration 116

9.3.1 Port Queues Configuration 116

9.3.2 Single Interface Queues Configuration 118

9.4 Shaping Configuration Examples 120

9.4.1 Port Queue Shaping Configuration 120

9.4.2 VLAN Queue Shaping Configuration 121

9.4.3 Group Shaping Configuration Examples 121

9.4.4 Port Shaping Configuration 125

About This Manual

This chapter discusses the objectives and intended audience of this manual, 8600 Smart Routers

IP Forwarding and Traffic Management Configuration Guide and consists of the following

Audience

This manual is designed for administration personnel for configuring 8600 Smart Routers functionswith CLI On the other hand, 8000 Intelligent Network Manager provides access to equal

functionality for administration personnel with a graphical user interface

It is assumed that the readers have a basic understanding of Ethernet, POS, IP, MPLS, VPN andDifferentiated Services concepts This manual also assumes that the readers are familiar with thefollowing protocol concepts:

• IP and host functions

• IP routing and ACL

• UDP

• TCP

• ICMP

8600 Smart Routers Technical Documentation

The document numbering scheme consists of the document ID, indicated by numbers, and thedocument revision, indicated by a letter The references in the Related Documentation table beloware generic and include only the document ID To make sure the references point to the latestavailable document versions, please refer to the relevant product document program on the Tellabsand Coriant Portal by navigating towww.portal.tellabs.com> Product Documentation & Software

> Data Networking > 8600 Smart Routers > Technical Documentation

Document Title Description

8600 Smart RoutersATM and TDM Configuration Guide(76.8600-50110)

Provides an overview of 8600 NEs PWE3 applications,including types, Single-Segment and Multi-Segment; PWE3Redundancy; ATM applications, including PWE3 tunnelling,Traffic Management, Fault Management OAM, protection andTDM applications as well as instructions on how to configurethem with CLI

8600 Smart RoutersBoot and Mini-ApplicationsEmbedded Software Release Notes(76.8600-50108)

Provides information related to the boot and mini-applicationssoftware of 8605 Smart Router, 8607 Smart Router, 8609Smart Router, 8611 Smart Router, 8620 Smart Router, 8630Smart Router and 8660 Smart Router as well as the installationinstructions

8600 Smart RoutersCLI Commands Manual(76.8600-50117)

Provides commands available to configure, monitor and maintain

8600 system with CLI

8600 Smart RoutersEmbedded Software Release Notes

8600 Smart Routers SR7.0 Embedded Software Release Notes(76.8670-50177) for the following products:

Provides an overview of 8600 system HW inventory, softwaremanagement, equipment protection 1+1 (CDC and SCM) as well

as instructions on how to configure them with CLI

8600 Smart RoutersEthernet Configuration Guide (76

8600-50133)

Provides an overview of 8600 system Ethernet applications,including interfaces; Ethernet forwarding (MAC Switching,Ethernet PWE3, IRB, VLAN, VPLS); Ethernet OAM; LAG;ELP as well as instructions on how to configure them with CLI

8600 Smart Routers Smart RoutersFault Management ConfigurationGuide (76.8600-50115)

Provides an overview of 8600 system fault management,including fault source, types and status as well as instructions onhow to configure it with CLI

8600 Smart RoutersFrame Relay Configuration Guide(76.8600-50120)

Provides an overview of 8600 system Frame Relay applications,including interfaces; Performance Monitoring; protection; TrafficManagement as well as instructions on how to configure themwith CLI

8600 Smart RoutersHardware Installation Guide(76.8600-40039)

Provides guidance on mechanical installation, cooling,grounding, powering, cabling, maintenance, commissioning andESW downloading

Document Title Description

8600 Smart RoutersInterface Configuration Guides The Interface Configuration Guides provides an overview of the8600 NEs interface functions, including NE supported interface

types and equipping; interface features; configuration options andoperating modes; fault management; performance monitoring;interface configuration layers and port protocols as well asinstructions on how to configure them with CLI The followinginterface configuration guides are available:

• 8600 Smart Routers Network Interfaces ConfigurationGuide (76.8600-50161) (for 8602 Smart Router, 8615 SmartRouter and 8665 Smart Router)

• 8609 Smart Router and 8611 Smart Router FP7.0 InterfaceConfiguration Guide (76.8670-50179)

• 8600 Smart Routers FP7.0 Interface Configuration Guide(76.8670-50180) (for 8630 Smart Router and 8660 SmartRouter)

8600 Smart Routers

IP Forwarding and TrafficManagement Configuration Guide(76.8600-50122)

Provides an overview of 8600 NEs IP, forwarding and trafficmanagement functionality, including: IP addressing; IP hosting(ARP, DHCP); IP routing (static); ACL; Differentiated Services(Policing, Queue Management, Shaping) as well as instructions

on how to configure them with CLI

8600 Smart RoutersManagement CommunicationsConfiguration Guide

(76.8600-50125)

Provides an overview of 8600 system managementcommunications functions, including communication protocols:BMP; FTP; RADIUS; SNMP; SSH; TELNET as well asinstructions for configuring them with CLI

8600 Smart RoutersMobile Optimization ConfigurationGuide (76.8600-50100)

Provides an overview of 8600 system Mobile Optimizationapplications as well as instructions on how to configure themwith CLI

8600 Smart RoutersMPLS Applications ConfigurationGuide (76.8600-50123)

Provides an overview of 8600 NEs MPLS applications (includingFRR (one-to-one and facility backup); LDP; protection andTraffic Engineering), MPLS-TP applications (including OAM,linear protection), S-MPLS applications as well as instructions

on how to configure them with CLI

8600 Smart RoutersPerformance Counters ReferenceGuide (76.8600-50143)

Provides an overview of 8600 system supported performancecounters

Document Title Description

8600 Smart RoutersReference Manuals The reference manuals describe the 8600 network elementfeatures including:

• NE enclosure, baseboard, power supply modules, andinterfaces in 8602 Smart Router FP7.0 Reference Manual(76.8670-40130)

• NE enclosure, baseboard, power supply modules, interfacesand physical LM types in 8609 Smart Router FP7.0 Refer-ence Manual

• NE enclosure, baseboard, power supply modules, SCMs, HMand LM types in 8611 Smart Router FP7.0 Reference Manual

• NE enclosure, baseboard, power supply modules, and terfaces in 8615 Smart Router FP7.0 Reference Manual(76.8670-40132)

in-• NE subrack, fan modules, CDCs, line cards and IFMs in 8630Smart Router FP7.0 Reference Manual

• NE subrack, fan modules, CDCs, line cards and IFMs in 8660Smart Router FP7.0 Reference Manual

• NE subrack, fan modules, line unit and switch unit in 8665Smart Router FP7.0 Reference Manual (76.8670-40128)

8600 Smart RoutersRouting Protocols ConfigurationGuide (76.8600-50121)

Provides an overview of 8600 NEs routing protocols, includingBFD; BGP; BGP MP; ECMP; IS-IS; OSPF and VRRP as well asinstructions on how to configure them with CLI

8600 Smart RoutersScalability Reference Manual(76.8600-50160)

Provide a summary of tested scalability limits of the 8600 SmartRouters

8600 Smart RoutersSNMP MIB Support(76.8600-50116)

Describes SNMP MIB support by the 8600 NEs and providesinformation on the supported objects and traps For furtherinformation on SNMP MIBs, see the related RFCs

8600 Smart RoutersStatistic Counters Reference Guide(76.8600-50142)

Provides an overview of 8600 system supported statistic counters

8600 Smart RoutersSynchronization ConfigurationGuide (76.8600-50114)

Provides an overview of 8600 NEs synchronization functionality,including physical layer Frequency Synchronization (SEC, EEC);PTP Frequency Synchronization; Phase-Time Synchronization(L2 and L3 applications) as well as instructions on how toconfigure them with CLI

8600 Smart RoutersTest and Measurement ConfigurationGuide (76.8600-50124)

Provides an overview of 8600 NEs measurement and connectivityverification tools, including Ethernet loopback; IP ping andtraceroute; MAC swap loopback; MPLS ping and traceroute;PLT; PWE3 loopback; VCCV (BFD, LSP ping) as well asinstructions on how to configure them with CLI

8600 Smart RoutersVPNs Configuration Guide(76.8600-50128)

Provides an overview of 8600 system virtual private network(VPN) layer 3 applications as well as instructions on how toconfigure them with CLI

8000 Intelligent Network ManagerOnline Help Provides instructions on how different operations are performedwith the 8000 Intelligent Network Manager Describes also

different parameters and controls of the 8000 Intelligent NetworkManager dialogs and windows

Note that the Online Help is not available on the Portal but it isincorporated in the 8000 Intelligent Network Manager

Interface Numbering Conventions

To be able to follow more easily the feature descriptions and configuration examples given in this

document, see also the 8600 system interface numbering and related figures described in 8600

Smart Routers CLI Commands Manual.

Document Conventions

This is a note symbol It emphasizes or supplements information in the document.

This is a caution symbol It indicates that damage to equipment is possible if the instructions are not followed.

This is a warning symbol It indicates that bodily injury is possible if the instructions are not followed.

Documentation Feedback

Please contact us to suggest improvements or to report errors in our documentation:

Email: fi-documentation@tellabs.com

8600 Smart Routers Discontinued Products

8600 Smart Routers Manufacture Discontinued (MD) notifications are available on the Tellabsand Coriant Portal,www.portal.tellabs.com > Product Documentation & Software > Data Networking > [8600 Smart Router product name] > Product Notifications.

An IPv4 provides a unique logical IP address space used to identify each TCP/IP host and networkcomponent The IPv4 uses a 32-bit address space that is composed by two parts [RFC1812].

• One representing a host number on the network and must be unique;

• One representing the network prefix

Classless Inter-Domain Routing (CIDR notation)

CIDR is a simplified method of representing an IPv4 address by using a subnet mask The CIDRnotation identifies which bits in a 32-bit IPv4 address space are interpreted as the network number(or prefix) and which are used to identify a particular host within the network In CIDR notation,

a prefix is shown as an IPv4 address or network number, followed by the “/” (slash) characterand a decimal value between 0 and 32 that describes the number of significant bits [RFC4632].For example, network 186.10.10.0 with a network mask of 255.255.255.0 is defined as the prefix

186.10.10.0/24 The “/24” indicates the mask to extract the network portion.

A subnet or network address and a broadcast address are reserved on each network for a special use.These addresses cannot be assigned to a host device

Addresses with a network part that has 31 or 32 bits are used for special purposes For example:

• Addresses of type /32 can only be assigned to loopback interfaces.

• Addresses of type /31 are used for point-to-point links (as recommended in RFC3021), but are

not supported in the 8600 system

1.3 Neighbor Maintenance

Address Resolution Protocol (ARP) [RFC826] is a network-specific protocol used for mapping an

IP address into a physical network address (MAC address in case of Ethernet networks) IP trafficforwarding through Ethernet networks requires a MAC address of the destination host This meansthat if for example a static route is configured with the next-hop address, then the host must knowthe MAC address of the next-hop in order to forward traffic to the destination A router uses ARP toresolve and map the IP address into the next-hop MAC address on an Ethernet LAN

Address Resolution

ARP uses a pair of messages (request and reply) that are exchanged by the hosts in order to acquirethe neighbor link layer (MAC) address The process of resolving a destination MAC address of thepeer host depends on whether these hosts reside or not on the same subnet

An application where the hosts are on the same subnet is shown inFig 1with a detailed illustration

of how ARP address resolution process is performed by the two hosts

Fig 1 ARP Address Resolution with Hosts on the same Subnet

The following diagram illustrates ARP address resolution process for a case where the two hosts arenot on the same subnet, i.e they are connected through a gateway (R10 in this example)

Fig 2 ARP Address Resolution via a Gateway

InFig 2the resolution process is performed as follows:

• Host A transmits a broadcast ARP request to R10 (gateway) The IP Destination Address (IPDA) in the broadcast ARP request is the IP address of R10 interface connected to Host A

• After receiving the request from Host A, R10 will perform the following actions:

• Adds the IP Source Address (IP SA) and the MAC SA to the ARP table;

• Encapsulates a reply message where the SA MAC and IP are addresses of the interface necting to Host A;

con-• Sends the message as unicast ARP reply to Host A

• After receiving reply from R10, Host A will add the MAC address of R10 to its ARP table and

as result Host A will forward IP packets to R10

• If R10 has the ARP entries of Host B, then packets are forwarded Otherwise, R10 will bufferthese packets and broadcast an ARP request to Host B instead, in which the IP DA is the address

• Conflict identification – by using gratuitous ARP a router can determine if its IP address is beingused by another router That is, if the IP address is already in use, a router sending a gratuitousARP request will receive an ARP reply, notifying that there is a conflict.

• Change notification – when there is an IP or MAC address change In this case, a router can usegratuitous ARP to notify other routers so that they can update their ARP entries

• ARP table refresh – when a link or an IP interface goes up A gratuitous ARP can be used in thiscase to refresh the ARP table of peer routers

In 8600 NEs, gratuitous ARP messages are sent whenever an interface is coming up, either when

an interface’s MAC address changes, or when there is a protection switchover of the MGMT port(CDC or SCM) and of the ELP (if L2 learning is enabled in the protection configuration) GratuitousARP is also used in VRRP applications where the master router of a VRRP group sends periodicallygratuitous ARP to the hosts on the local network, thus preventing the virtual IP address of VRRP

group from being used by other hosts For more details about VRRP, please refer to 8600 Smart

Routers Routing Protocols Configuration Guide.

ARP Table

The ARP table (also may be referred as ARP cache) is a table that contains a detailed IP into MACaddresses mapping of hosts and their connectivity Every host on the network maintains andmanages own ARP table Packet forwarding is based on the mapping entries of the ARP table TheARP table can contain both static and dynamic ARP entries

Dynamic ARP entries are automatically created and maintained by ARP processing, i.e they donot require an intervention from the network administrator They are added into the ARP table as aresult of successfully ARP resolution Dynamic ARP entries may be aged out, or updated (by newARP), or can also be overwritten by a static ARP entries Usual dynamic ARP entries are removedwhen their age timers expire, or if an interface goes down

In 8600 NEs, the only configurable parameter for dynamic ARP entries is arp timeout, whichspecifies the life time of an entry in the ARP table (please see the parametric range details in

8600 Smart Routers CLI Commands Manual) However, if there has been traffic to a particular

destination, ARP refresh is always performed before an ARP entry ages out

Static ARP entries are manually added to the ARP table and are maintained by the networkadministrator The main advantage of static entries is security, i.e the communication betweenhosts is always protected, due to the fact that IP to MAC mapping cannot be modified by anyprotocol, or by external attacks Also static entries do not age out and cannot be overwritten bydynamic ARP entries

Stateful ARP Entries

Stateful ARP is used to provide security of the ARP table by keeping track of an IP to MAC addressmapping behavior and thus preventing ARP cache poisoning All new ARP entries must be checkedand their previous states closely tracked before they can be accepted in the ARP table The rulesused for tracking ARP entries include the following:

• Existing ARP entry is not allowed to be updated until the timeout expires;

• An ARP entry addition and/or refresh are only made from valid ARP reply after an ARP request;

• Stateful ARP entries are not updated from gratuitous ARP entries

The 8600 NEs by default use stateful ARP However, it is also possible to disable stateful ARP with

no arp stateful command A typical use case for disabling stateful ARP are management routes,

e.g with connectivity to the MGMT ports of 8600 NEs

[RFC791] RFC791 (1981–09), Internet Protocol[RFC826] RFC826 (1982–11), Ethernet Address Resolution Protocol: Or

Converting Network Protocol Addresses to 48.bit Ethernet Addressfor Transmission on Ethernet Hardware

[RFC1812] RFC1812 (1995–06), Requirements for IP Version 4 Routers[RFC4632] RFC4632 (2006–08), Classless Inter-Domain Routing (CIDR): The

Internet Address Assignment and Aggregation Plan

2 Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) [RFC2131] is a protocol that allows a centralizedmanagement of IP addresses assignment to the hosts or nodes in the network The operation ofDHCP can be seen as client-server model where a DHCP client can request an IP address and othernetwork configuration information, and a DHCP server available in the network is responsible ofgrating IP address and other configuration information to the client Automatic address allocationcapability provided by the DHCP, allows hosts and nodes to receive automatically IP addressfrom a DHCP server without a need for a network administrator or an operator to set the addressmanually Typically, a DHCP server provides network configuration parameters like IP addressand DNS server to the requesting DHCP client

A DHCP relay agent is a network node, e.g router or gateway, which is placed between the DHCPclient and server The main function of a relay agent is to forward the messages exchanged betweenthe DHCP client and the server A DHCP relay agent is mainly used to avoid deploying multipleDHCP servers in the network Every gateway or router in a LAN segment can be made as a relayagent and can be connected to a single DHCP server

Address Configura- tion

8615 Smart Router, 8615 SmartRouter stacked

8630 SmartRouter

8660 Smart

8665 SmartRouter

Fig 3 DHCP Client-Server Handshake Sequence

Fig 4 DHCP Client Topology

2.3.1 8600 NEs Behavior

The DHCP client operation supported in 8600 NEs is as follows:

• Address allocation

• Address configuration

Address allocation for a DHCP client is configured with ip dhcp-client require-address command

and it is intended for an IP address allocation and monitoring via the DHCP server Require-addressmeans that the DHCP client is expecting to lease the given IP address from the DHCP server.However, the allocated IP address is not configured to the interface In cases where the expectedaddress and the server allocated address do not match, a fault will be raised The NEs supportingDHCP address allocation are presented in2.2 DHCP Support

Address configuration for a DHCP client is configured with ip dhcp-client enable command.

In address configuration, a DHCP client requests an IP address from the DHCP server and thenconfigures the offered address to the interface Address configuration is intended to be used inautoconfiguration applications, please see the details in2.5 NE Autoconfiguration The NEssupporting DHCP address configuration are presented in2.2 DHCP Support

This DHCP option [RFC2132] is supported in the 8600 NEs and it is also known as DHCP ClientVendor Class Identifier (VCI) The VCI option should be set before enabling the DHCP client on theinterface and it is used as an identification of the DHCP client to the DHCP server The VCI option

is added by the DHCP client to the packet broadcasted into the network

A DHCP client VCI option is enabled with ip dhcp-client vci option command The actual VCI value is set with ip dhcp-client vci command.

A DHCP client uses broadcast messages in the local subnet during the discovery phase Due to thefact that broadcast messages normally do not traverse routers, a DHCP server needs to be deployed

in each LAN However, this requirement can be met only on a very small scale network

A DHCP relay agent resolves the restriction described above by intercepting the DHCP clientmessages (broadcast and unicast) and then forwarding these messages to the DHCP servers acrosssubnet boundaries Every LAN segment can deploy a relay agent, which accepts the client messagesand forwards them to one or more DHCP servers as unicast messages In this case, a DHCP servercan be used by all LAN segments in the network, where the server can be configured to reachmultiple IP subnetworks

When a DHCP relay agent receives a broadcast packet from a client, the corresponding relayinterface IP address is stored as a gateway address in the DHCP packet The DHCP server will usethis gateway address to identify the IP subnetwork to be allocated

The following diagram explains the transactions performed by the DHCP relay agent

Fig 5 DHCP Relay Agent Sequence Diagram

Fig 6 DHCP Relay Agent Topology

The DHCP Relay Agent Information option [RFC3046] is added by the DHCP relay agent to theDHCP packets originated from the DHCP client and forwarded to a DHCP server, i.e upstreamcommunication The DHCP server uses this information when assigning IP address and otherrelated parameters In the downstream communication, i.e replies from server to the client, theserver will send this option back to the relay agent The relay agent in turn will remove the optionbefore forwarding the DHCP reply packets to the client This option is required in the absence of agateway address, typically on a network where L2 nodes forward DHCP client packets

The DHCP Relay Agent Information option defines two sub-options, namely:

• The remote-id, which identifies the relay agent (NE) The value is the same as the configured

NE router ID If a router ID is not configured (i.e is dynamically calculated value), then theremote-idsub-option has no value

• The circuit-id, which identifies the interface where the DHCP client-to-server packet wasreceived The value is not configurable and is the same as the interface name in CLI (e.g

If there is no server IP address configured in the global list, the packet is dropped An interfacespecific server list takes precedence over the global server list

Global Mode

DHCP relay agent performs a lookup in the global server list only when the interface specific serverconfiguration is not present When multiple server IP addresses are configured in the global list,the DHCP relay agent forwards client packets to all servers available in the global server list Ifthe global server list is empty and no interface specific server list is available, the DHCP relayagent will drop the client packets

The autoconfiguration functionality allows a NE to be automatically taken into use via the 8000Intelligent Network Manager without a need for NE pre-provisioning with CLI, which reducessignificantly the rollout time

In autoconfiguration, the 8000 Intelligent Network Manager uses its Automated Deployment feature

to provide required configurations to the NE This chapter describes only the NE behavior duringautoconfiguration

When a NE is being installed for the first time (power and link cables connected) to the site withautoconfiguration capability, after power up the NE will use DHCP to request an IP address fromthe 8000 Intelligent Network Manager hosted DHCP server After the IP address is assigned bythe DHCP server and configured on the interface, the 8000 Intelligent Network Manager willattempt to communicate with the NE and if the communication succeeds, the 8000 IntelligentNetwork Manager will start configuring the NE as described in2.5.3 Automatic Configurations.However, in this application the DHCP client functionality is not intended to be directly configured

by the user, instead it is automatically configured when autoconfiguration is enabled as described in2.5.1 Enabling Autoconfiguration

2.5.1 Enabling Autoconfiguration

Before enabling autoconfiguration, it is recommended that the NE is in factory default settings.

There are two ways to enable NE autoconfiguration:

• Using the autoconfiguration dongle, i.e a physical plug attached to the CLI console port duringthe NE boot up (plug and play)

• Using the CLI autoconfig command This allows either to start scanning interfaces as described

in2.5.2 Interface Scanning, or to define a specific interface that can be used to connect to 8000Intelligent Network Manager However, this is only recommended to be used as a backup incases where the autoconfiguration dongle is not available, or if one of the predefined VLANs isnot used

If the physical plug is used (i.e attached to the CLI console port), then during the NE boot up theinventory is created (NE may reboot if necessary), the dongle (physical plug) is checked and ifpresent the autoconfiguration will be triggered This allows the NE to start interface scanning, asdescribed in2.5.2 Interface Scanning

The physical plug is intended to trigger autoconfiguration, and it must be present during a

NE boot up, i.e attached to the CLI console port After the scanning has started (which is indicated by a LED blinking) the physical plug can be detached from the CLI console port.

When autoconfiguration is triggered, the NE Online or Ready LED is bilking depending on whichone is supported After the 8000 Intelligent Network Manager has established a connection to the

NE, the LED will stop blinking, which indicates that the NE is being controlled by 8000 IntelligentNetwork Manager

A NE may have several interfaces that potentially can establish connectivity to 8000 IntelligentNetwork Manager Therefore, a detection mechanism (i.e interface scanning) is required todetermine which link can be used for autoconfiguration During interface scanning the NE searches

a potential link connectivity to the 8000 Intelligent Network Manager hosted DHCP server

The scanning algorithm will search the DHCP server from every Ethernet interface that is in UPstate using native Ethernet and VLANs: 1, 100, 200, and 300 The search is performed from thelowest module starting from the lowest interface number, then continues up to the highest moduleand/or the highest interface number In a typical case, the scanning time may take seconds to fewminutes depending on the amount of scanned interfaces To minimize the scanning time, it isrecommended to use the lowest module and/or lowest interface number for network connectivity

The 8600 NEs will auto scan the native interface (untagged) and VLANs 1, 100, 200 and 300 If

a VLAN is used other than the ones listed the CLI autoconfig interface command must be entered manually and the dongle cannot be used.

2.5.3 Automatic Configurations

On the NE side, once the interface connecting to the 8000 Intelligent Network Manager hostedDHCP server is determined, interface scanning will be stopped A DHCP client on the interfacewill configure on the same interface the offered IP address by DHCP server and a route is alsoadded to the routing table The CLI and BMP server are enabled automatically to allow accessvia the network

On the 8000 Intelligent Network Manager side, as soon as the IP address has been configured tothe interface, a communication between the NE and 8000 Intelligent Network Manager will beestablished The 8000 Intelligent Network Manager takes the NE into use and starts automaticallymaking the necessary configurations to the NE, which also includes overwriting all the DHCPclient settings

[RFC2131] RFC2131 (1997–03), Dynamic Host Configuration Protocol[RFC2132] RFC2132 (1997–03), DHCP Options and BOOTP Vendor Extensions[RFC3046] RFC3046 (2001–01), DHCP Relay Agent Information Option

3 IP Static Routing

An IP route is used to control the forwarding of IP packets from one network to another An IProute can be added either statically or dynamically Static routes are installed manually by thenetwork administrator (described in this section), whereas dynamic routes are learned via routing

protocols, for more details about routing protocols see 8600 Smart Routers Routing Protocols

Configuration Guide.

The terminology used in this section is defined in the following table

Default route A route that is used by a router to forward traffic, if no other more specific routes

to the destination are available

FIB Forwarding Information Base (FIB) is routing table used to make packet

forwarding decisions This table contains all the necessary routing informationwithin a router

Gateway A routing term that indicates the next-hop (router or interface) to which the IP

packet should be forwarded

Next-hop address The IP address of the next router that an IP packet should be forwarded to.Outgoing interface An interface through which the IP packet should be forwarded

RIB Routing Information Base (RIB) is a routing table where complete routing

information (routes, policy, network connectivity) is stored RIB is used amongother functions (filter routing information, best routes calculation, routesdistribution) to build and update FIB

Routing table A conceptual data structure used in a router to hold a complete routing

information

Static routing A manual method of setting up a routing between interconnected networks

The 8600 NEs allow static IP routes to be administratively configured in certain network scenarios

In such cases statically configured routing offers sufficient functionality at least for some portion ofthe total IP Routing topology design The actual configuration is carried out by using either CLI or

8000 Intelligent Network Manager

As an example, when attaching single-homed customer sites to a service provider network, theinherent capability of the IP Routing protocols to dynamically learn multiple paths to reach eachdestination is clearly not that critical In order to correctly route the traffic destined to the customersite, a static route towards the network prefixes of the customer site can be configured into theProvider Edge (PE) node For routing the outgoing traffic originating from the customer site, adefault route pointing towards the PE node can be configured into the Customer Edge (CE) node.This type of static configuration is a very straightforward way to arrange the IP routing between the

PE and the CE node

The use of static routing for single-homed customer sites also reduces the processing load of theCentral Processing Unit (CPU) on the PE nodes, which might become a scalability bottleneck, ifseparate peering relationships had to be maintained with all CEs on the directly attached sites Thiswould especially be the case with the [RFC4364] Virtual Private Networks (VPNs), if the BorderGateway Protocol 4 (BGP-4) could not be used for most of the dynamic PE to CE routing, and aseparate, VPN-specific Interior Gateway Protocol (IGP) process would have to be run for most ofthe directly attached CEs.

In the 8600 system it is possible to configure static routes with recursive next hops These may beuseful e.g in situations where the static route points to the loopback address of the peer router,but there are more than one physical or Label Switched Path (LSP) paths available for reachingthe peer router

Related topics:

• Routing protocols including BFD, ECMP and VRRP refer to 8600 Smart Routers Routing

Pro-tocols Configuration Guide.

• Layer 3 VPNs refer to 8600 Smart Routers VPNs Configuration Guide.

• Network testing and measurement tools refer to 8600 Smart Routers Test and Measurement

or failure conditions

Depending upon their configuration and network connectivity static routes can be classified into:

• Interface specific - these are static routes configured to point to an outgoing interface, which isconnected to the next-hop towards the destination network, e.g in point-to-point connectivitylike ATM, PPP

• Gateway based - these are static routes where the gateway is configured to point to a specifiednext-hop This is the case for static routes over multi-access networks like Ethernet

In the 8600 system, static routes are created with the ip route command The full syntax is presented

below for both interface and gateway based routes:

ip route [vrf vrf-name] A.B.C.D/M interface [distance]

ip route [vrf vrf-name] A.B.C.D/M gateway-ip vrf|_global_}] bfd [distance]

[dst-vrf{dest-Where the parameters specified in the above commands are:

• vrf-name specifies the name identifying a VRF

• A.B.C.D/M is the IP address and network mask specifying the destination network

• interface an interface into which traffic is routed

• gateway-ip specifies the IP gateway address

• dest-vrf specifies the destination VRF

• _global_ specifies global routing table

• bfd enables BFD session for the route

• distance specifies the administrative distance of a route

A configured static route can be installed either into the global routing table (when using the ip

route command), or into the VRF routing table (when using the ip route vrf command) In the

routing table, a route may be marked as inactive when the gateway cannot be resolved, e.g next-hop

unreachable, physical interface down, BFD monitoring (see BFD details in 8600 Smart Routers

Routing Protocols Configuration Guide), among other qualifiers An active route will be placed in

FIB, if it is the best route for a given prefix In the case of ECMP (see details in 8600 Smart Routers

Routing Protocols Configuration Guide) multiple static routes may simultaneously exist in the FIB

for the same prefix Static routes may be deleted from both the configuration and routing table (andalso from FIB if they are active), when their configuration becomes ineligible, i.e the interface or apart of the VRF (to which the routes belong) is deleted

By default static routes have an administrative distance “1” that is, indeed better than the defaultdistance of any routing protocols However, the user can specify an administrative distance perstatic route to overwrite the default precedence

Fig 7 IP Static Route

InFig 7it is presented a topology where static routing entries are to be configured A configuredstatic route tells a router how to forward traffic with the specified destination prefix Therefore, eachrouter requires a route for each network address throughout the internetwork There are several ways

to set up static routes for this topology As an example, the following sample configuration withthe next-hop IP address is illustrated:

R10

ip route 186.50.20.0/24 186.20.10.20

ip route 186.50.10.0/24 186.20.10.20

to 0.0.0.0/0 destination to which the IP traffic is forwarded to A router sending traffic relies on thedownstream router(s) to route traffic to the destination Therefore, the destination network must bereachable Routes with specific destination take precedence over the default route.

A default route sample configuration for the example above is shown below:

R10

ip route 0.0.0.0/0 186.20.10.20 5

ip route 0.0.0.0/0 186.20.20.20 100

In VRF routing, static VRF routes are created with ip route vrf <vrf-name> command and are

installed into the VRF routing table The following topology presents an application of VRF staticrouting at the edge of the network

Fig 8 VRF Static Routing

InFig 8a static PE to CE routing is set In this example, a static VRF route to 10.10.1.0/24 network

is configured on PE30, while for CE9 a static default route is usually used A sample configuration

of the PE30 is presented below

PE30

ip route vrf VRF1 10.10.1.0/24 9.9.9.9

A null static route is route to a virtual interface, i.e null interface (Null0) The Null0 is alwayscreated by default in the system However, additional null interfaces may be configured on demand,for example, for collecting statistics The user can set the rules for discarding traffic and byconfiguring a Null0 for each rule, allow statistics monitoring for each discarding rule separately.The Null0 only receives traffic that is explicitly routed to it Traffic destined to Null0 is usuallyintentionally discarded to either prevent denial-of-service attacks or mitigate routing loops,e.g in applications where route aggregation is used Also ICMP behavior of a null interface isconfigurable, i.e., whether the packets to null interface are discarded silently or ICMP error message

is generated for a discarded packet

Fig 9illustrates the problem of routing loops in configurations using BGP route aggregation (details

of BGP route aggregation are covered in the 8600 Smart Routers Routing Protocols Configuration

Guide) and its prevention with the use of static route to Null0 [RFC4632].

Fig 9 IP Static Route to Null Interface

InFig 9, RB is set as the default router for RA (announces 0.0.0.0/0) As an example, let’s assumethat RB has a packet (172.10.12.1) destined to 172.10.12.0/24 network, which falls inside the172.10.0.0/16 range In this case, RB will forward the packet to RA However, since RA does nothave a route for the specified destination network, it will send the packet back to RB resulting in arouting loop To solve this problem RA inserts a route to Null0 for the aggregate route itself and thepacket to 172.10.12.0/24 will be routed to Null0 and stopped from causing routing loops

“recursive” in the ip route command and in that the gateway does not need to be directly connected

to the router Instead, the destination prefix is tied to the best route that can reach a particulardestination Recursive lookup takes place in RIB and when it is resolved, the route entries (that arenot recursive) are installed in FIB, i.e the routing table is searched for a route that can be used toroute to the destination IP address in the packet Self-recursive routes are not allowed If any routebecomes self-recursive, it will be marked as inactive in the RIB

Recursive route next-hop cannot be resolved via the route itself If the next-hop of recursive route falls within the route prefix, there must be other more specific routes that can be used to resolve the next-hop.

In recursive routing, each router on the network may use the same gateway but the path to reach thespecified gateway may differ and it may also change over time, with recursive route switching topick up the best path to use as its own gateway Thus, recursive routing can be used as protectionmechanism to avoid a single point of failure and provide network stability

In 8600 NEs, recursive static routes are entered with ip route command using the key word

recursive and the full syntax is presented below:

ip route [vrf vrf-name] A.B.C.D/M vrf|_global_}][recursive][distance]

gateway-ip[dst-vrf{dest-Where the parameters specified in the above command are:

• vrf-name specifies the name identifying a VRF

• A.B.C.D/M is the IP address and network mask specifying the destination network

• gateway-ip specifies the IP gateway address

• dest-vrf specifies the destination VRF

• _global_ specifies global routing table

• distance specifies the administrative distance of a routeThe following topology illustrates an example of recursive IP static routing

Fig 10 IP Recursive Static Route

To set up static routing for the example above two static routes need to be configured, one being arecursive static route pointing to the gateway address (the loopback of the router in this case) andanother static route telling R1/R4 how to reach the gateway address

If the IP address used to configure a recursive static route becomes unreachable, so will the recursivestatic route and it will be marked as inactive Once the route is activated, the recursive route will bereactivated without any additional configuration.

Static MPLS recursive routes are used to route IP packets through an MPLS network The concept ofMPLS recursive routing is similar to recursive static routing discussed in3.3 Recursive Routes Inrecursive static routes, raw IP packets are forwarded after resolving the next-hop address Whereas

in MPLS recursive routing, labelled MPLS packets are sent after resolving the Label-Switched Path(LSP) where traffic can be forwarded

In MPLS recursive routing when LSP is set up, the decision of what labels will be assigned is madeeither by signaling protocols, or by manual configuration and the label values change via swapoperation performed in each Label Switch Router (LSR) MPLS recursive route also can imposeadditional labels to the packet

When recursive MPLS lookup is resolved, i.e the PSN LSP is present then FIB entry will beinstalled in LSR The ingress LSR receiving an IP packet of the route will apply MPLS labels packetforwarding across the PSN In the case when the PSN LSP is not present, or the FIB entry doesnot match (or the FIB entry cannot be installed), then a route does not match due to e.g usage ofthe less specific routes has changed Therefore, decision on whether or not to drop or forward thepacket will depend solely on what entries are present in FIB, e.g if there is a default route set, itcould be used instead to forward the packet

In 8600 NEs, MPLS recursive static routes are entered with the ip-route command using the key word recursive-mpls and the full syntax is presented below:

ip route [vrf vrf-name] A.B.C.D/M gateway-ip vrf|_global_}] recursive-mpls[label label][distance]

[dst-vrf{dest-Where the parameters specified in the above command are:

• vrf-name specifies the name identifying a VRF

• A.B.C.D/M is the IP address and network mask specifying the destination network

• gateway-ip specifies the gateway IP address

• dest-vrf specifies the destination VRF

• _global_ specifies global routing table

• label specifies the MPLS label used at egress for PSN LSP monitoring

• distance specifies the administrative distance of the routePSN LSP monitoring for MPLS recursive routes allows a connectivity verification of LSPs It is

enabled by using key word label and specifying the numeric value in the ip route command When

monitoring is enabled, if the LSP tears down a route associated with that LSP will be removedfrom FIB and marked as inactive in the routing table When the LSP is available again it will beautomatically activated and reinstalled in FIB

Static MPLS recursive routes do not perform PSN LSP monitoring in the 8607 Smart Router These routes are always considered to be available and are present in routing table No forwarding occurs if the underlaying PSN LSP to the next-hop is not present.

The following topology presents an example of MPLS recursive routing in dual-homed connectivitywith the PSN LSP monitoring.

Fig 11 MPLS Recursive Routing

The example inFig 11uses two recursive routes for protection purposes with the PSN LSPmonitoring In this case, if the LSP associated with the primary route tears down, the secondaryrecursive route will be used instead A sample configuration of static MPLS recursive routes for thetopology above is presented below

[RFC4364] RFC4364 (2006–02), BGP/MPLS IP Virtual Private Networks (VPNs)[RFC4632] RFC4632 (2006–08), Classless Inter-Domain Routing (CIDR): The Internet Address

Assignment and Aggregation Plan

The following is an example showing how to configure an IPv4 address.

Step 1 Entering configuration mode

router> enable

router# configure terminal

Step 2 Configure an IP address on interface fe0/2

router(config)# interface fe 0/2

router(cfg-if[fe0/2])# ip address 186.10.1.1/24

This section shows an example on how to configure a static ARP entry

Step 1 Configuring static ARP entry for destination 186.10.10.20 on interface fe0/2 The entry is permanent

and it will not expire

router(config)# arp 186.10.10.20 00B0.C78D.BE9F fe 0/2

Use the following show command to verify ARP table

Step 1 Displays ARP table

router# show arp

Address Expires (min) Hardware Address Interface