• networks.nokia.com/src/exemptions

    • ATM is a circuit switched protocol. POS is a point-to-point technology, IP is packet switched, and Ethernet is a broadcast technology.

    • When a switch receives a frame with an unknown destination MAC address it floods the frame to all ports except the one the frame was received on. ICMP messages are used by routers rather than switches.

    • A router must be used to route the packets at the IP layer in order to facilitate communication accomplished between two users on separate VLANs.

    • TDM was initially developed for the PSTN reason.

    • The majority of ATM adaptation layer traffic today is AAL5, which is a simple, connection-less, non-real-time service data such as IP.

    • Application, Presentation, Session, Transport, Network, Data Link, and Physical are all valid an OSI layers.

    • A corrupted frame is typically detected in Ethernet by using the FCS field in the Layer 2 header.

    • The source MAC address is stored in the FDB along with the port the frame arrive on when a frame arrives at a port on an Ethernet switch.

    • The purpose of VLANs is to separate broadcast domains.

    • When VLANs need to span more than one switch, a VLAN tag is attached to the Ethernet frame to indicate VLAN membership. There is no per MAC address signaling done between switches.

    • The outer tag is commonly used by the service provider, and the inner tag is commonly used by the customer regarding the use of Ethernet Q-in-Q.

    • IP is encapsulated in PPP and transported over SONET regarding POS.

    • One of the reasons for ATM's fixed 53-byte cell size was to have a relatively small size to minimize delay and jitter for voice services. Another reason was to simplify high-speed switching requirements for optical networks.

    • Five service classes are defined by ATM. The different service classes are AAL1 (CBR), AAL2 (VBR-rt), AAL2 (VBR-nrt), AAL3/4 (ABR) and AAL5 (UBR).

    • IOMs are configured first, followed by MDAs, followed by ports regarding the required order for configuration of Alcatel-Lucent 7750 SR ports.

    • nbctcp.wordpress.com/2015/01/14/alcatel-lucent-vsr-os-in-gns3

    • Display and examine the current card configuration with the show card command.

      A:vRR# show card

      Card Summary
      Slot   Provisioned Type                            Admin Operational   Comments
                 Equipped Type (if different)            State State
      1      (not provisioned)                           up    unprovisioned
      A      sfm4-12                                     up    up/active
      B      sfm4-12                                     up    down/standby
                 (not equipped)

    • The example output given in the shows exactly two cards present. They can be easily identified physical cards in the chassis since they have a (not equipped) name in the "Equipped Type" column. Any card appearing Slot "A" or "B" is an SF/CPM card; the example shows only one in Slot A. The example shows one IOM card, of type iom3-xp-b.

    • The slots reserved for SF/CPM cards are always identified by a letter, either A or B.

    • IOM cards are referred to by the slot that they occupy in the chassis. Generally, there are either five or 10 slots for IOMs, so cards will have numeric labels from 1 to 10.

    • The first character in the prompt identifies which SF/CPM card is active, either Slot A or Slot B.

    • Configure the IOM card to the same type as Equipped. The specific card type may be different on the router.

      A:vRR# configure card 1 card-type iom3-xp-b

      Wait a few moments, and repeat the show card command to see the IOM in its final state

      *A:vRR# show card

      Card Summary
      Slot   Provisioned Type                            Admin Operational   Comments
                 Equipped Type (if different)            State State
      1      iom3-xp-b                                   up    up
      A      sfm4-12                                     up    up/active
      B      sfm4-12                                     up    down/standby
                 (not equipped)

    • Configuring an IOM card only changes the "Operational State" making a card available. It does not change the number of physical cards, as seen by the absence of any changes in the "Equipped Type" column.

    • The "*" reappeared to indicate an unsaved configuration change. Issuing the admin save command would make it disappear (until the next configuration change).

    • Have a look at the main log to see if anything has been recorded as a result of these last few configuration changes. Use the command show log log-id 99.
  • 13 Comments sorted by
    • Display and examine the current MDA configuration using the show mda command.

      *A:vRR# show mda

      MDA Summary
      Slot  Mda   Provisioned Type                            Admin     Operational
                      Equipped Type (if different)            State     State
      1     1     (not provisioned)                           up        unprovisioned

    • Cannot see any MDAs for IOMs that are not configured. Unless an IOM has been configured, it is not possible to get any information about the MDAs that it contains.

    • In the example, the IOM only has a single MDA plugged into it. At most, two MDAs can fit into an IOM.

    • The MDA is plugged into the IOM in Slot 1. This is determined by the value in the Slot column in the command output. The MDA is plugged into the first of the two available MDA slots on the IOM. This is determined by the value in the Mda column in the command output.

    • Generally, an MDA will always be configured to be the same as shown in the Equipped Type column. Configure the available MDA(s). Note that the exact command will depend on the physical hardware; follow the rule of configuring the type to be the same as shown in the show command.
      *A:vRR# configure card 1 mda 1 mda-type m5-1gb-sfp-b

    • In the command configure card 1 mda 1, the parameter card 1 identifies the IOM in Slot 1; the parameter mda 1 identifies the first of the two available MDA slots on the IOM card.

    • Display and examine all MDAs that are now visible.
      *A:vRR# show mda

      MDA Summary
      Slot  Mda   Provisioned Type                            Admin     Operational
                      Equipped Type (if different)            State     State
      1     1     m5-1gb-sfp-b                                up        up

    • Configuring an MDA only changes the "Operational State" making an MDA available. It does not change the number of physical cards, as seen in" the absence of any changes in the Equipped Type column.

    • Have a look at the main log to see what has been recorded as a result of this configuration change.
      *A:vRR# show log log-id 99

    • and are not used as host addresses on the IP network with a subnet mask of because they are reserved as the subnet and broadcast addresses for the subnet.

    • Display and examine the current port configuration with show port command.

    • The first section is all the physical ports for the MDA(s) in IOM 1, as indicated by the section heading "Ports on Slot 1."

    • Ports on an MDA are named using three numeric values, for example, 1/1/5. The first value identifies the IOM, the second value identifies the MDA, and the third value identifies the actual port. The (management) ports on an SF/CPM card are named using two values - for example, A/1. The first value identifies the SF/CPM card, and the second value is always a "1" since there is only a single Ethernet port on each SF/CPM card.

    • By default, ports start in the Down state. This is an important point to remember since IOMs and MDAs automatically go to an Up state as soon as their type is configured.

    • The default MTUs for each type of port: 1514 for 10/100 FastE ports and 9212 for GigE ports.

    • Configure a single port to a functional state using configure port x/x/x no shutdown command.

    SR - OS Fundamentals

    High Leverage Network (HLN)

    What is HLN?

    HLN = A platform for innovation

      • Leverage your assets to create personalized content and conversation experiences
      • Capture the creativity of open innovation
      • Develop new business models, increase ARPU, reduce churn
      • Extend always-on broadband to everyone, everything, everywhere
      • Expand customer base, make high-speed broadband affordable
      • Enable open access, bridge fixed and mobile worlds
      • Evolve to a scalable, efficient and intelligent service delivery network
      • Leverage technical innovations in IP and optics
      • Enable new service value, manage capacity and scale at low cost
      • Unify network, IT and business systems
      • Enhance service agility, reduce costs
      • Reduce OPEX, increase efficiency, enhance quality of experience

    Tackle Today's Network Challenges


    • Revenue/subscriber
      Increase revenue:
      • Leverage network intelligence
      • Deliver differentiated services
      • Develop new business models
      • Monetize assets
    • Cost/subscriber
      Reduce costs:
      • Scale bandwidth dynamically
      • Manage capacity effectively
      • Transform operations efficiently
      • Harness technical innovation

    IES Routed Connectivity Service Example

    • Since the traffic in an IES service communicates using an IP interface for the core routing instance, there is no need for the concept of tunneling traffic to a remote router
      • A basic IES does not require the configuration of any SDPs

      configure service ies 1000 customer 1 create
        description "IES training"
        interface "to_CE" create
          sap 1/2/8 create
        no shutdown

    • There are two new pieces of information, both related to the physical cabling attached to the port. The Link column identifies whether cables are connected and attached to equipment at both ends, that is, Yes. The SFP/XFP/MDIMDX column identifies whether the cabling is connected as straight through (i.e., "MDI") or cross-over (i.e., "MDX").

    • Configure all ports Up that need or want to use. Configure the ports as a range, using a single command using configure port x/x/[2..10] no shutdown command.

    • Configure the system IP address of a router using configure router interface "system" address x.x.x.x/32 command. Verify by show router interface command.

    • The system interface is present by default.

    • The system interface cannot be removed.

    • The system interface admin status is up before and after an IP address is assigned. It can, however, be explicitly shut down.

    • The operational status of the system interface is down before an IP address is assigned. The operational status of the system interface will change to up after an IP address is assigned as long as the admin status of the system interface is also up.

    • A physical port cannot be assigned to the system interface. The system interface is similar to a loopback interface because its operational status is not affected by the state of any particular port. This makes the system address ideal for communication with other devices.

    • Avoids fluctuation of traffic/LSPs in the event of a flapping link or a link with a high error rate.
      configure port <port-id> Ethernet hold-time up 50 (second)

    • Auto-negotiation should be disabled on Ethernet or Gigabit Ethernet links that are physical members of an 802.3ad Link Aggregation Group (LAG).
      configure port <port-id> ethernet no autonegotiate

    • The maximal MTU value available to services will be lower than the physical (or port) MTU value, due to MPLS encapsulation overhead when transporting user frames/packets over the network.
      configure port <port-id> ethernet mtu 9212

    • Enabling dynamic costing causes the physical link metrics used by IGP to be applied based on the operational or aggregate link bandwidth in the LAG that is available at the time.
      configure lag <lag-id> dynamic-cost

    • Multi Chassis LAG (MC-LAG):
      On AC-1 and AC-2, identical LAG configuration will be applied.
        lag <lag-id>
          description <lag-description>
            mode access
            port <port-id> priority <priority>
            no shutdown

      On CE, following configuration will be applied.
      configure redundancy
          peer <peer-system-ip> create
              lag <lag-id> lacp-key <lacp-key> system-id <system-id> system-priority <system-priority>
              no shutdown
            no shutdown

    • The IEEE 802.1ab Link Layer Discovery Protocol (LLDP) standard defines protocol and management elements that are suitable for advertising information to stations attached to the same LAN for the purpose of populating physical or logical topology and device discovery management information database.
      configure port <port-id>
            dest-mac nearest-bridge
              admin-status tx-rx
              tx-tlvs port-desc sys-name sys-desc sys-cap
      < port description, system name, system descriptions and system capabilities
              tx-mgmt-address system

    • Configure the router interfaces required for the point-to-point links. Point-to-point links generally use /30 subnet marks for efficient use of IP address space.
      configure router interface toR5
        address x.x.x.x/30
        port 1/1/4

    • When a router interface is created, the default admin state is up regardless of any IP address configuration.

    • If a router interface is created and an IP address is assigned but no other actions are taken, the operational status will be down.

    • The router interface used on the physical links are not loopback or system interfaces. Therefore, a physical port must be bound to the interface to bring it operationally up. Note that the physical state of the port will also affect the state of the router interface.

    • The principle of IS-IS management model is divided into 2 levels (two level hierarchies). If domain is large may be divided into small management area. Level 1 routing is to find path within area. Level 2 routing is to find path between areas.

    • At L2 router can optimize IGP to reduce the number of SPF calculation by configure ISIS multiple instance and performing route summarization.

    • In IS-IS, if the metric is not configured, a default cost of 10 is used. Originally, the maximum metric for a link was limited to 63 (6 bits), with a total path metric of 1023 (10 bits). These limits were not considered granular enough for modern networks, especially with traffic engineering, so a new "wide metric" was defined. The wide metric uses 24 bits to support a link metric of 16,777,215 and a total path metric of 4,261,412,864. A path that has a greater cost than the limit is considered unreachable.

    • On point-to-point adjacencies, the election of a Designated Intermediate System (DIS) and regular generation of CNSPs is an unnecessary function.
      configure router isis
        interface <interface_name>
          interface-type point-to-point

    • Configure interface into IS-IS area 49.01 as a Layer 2 point-to-point interface.
      configure router isis
        area-id 49.01
        level-capability level-2
        interface "toR2" interface-type point-to-point
      Verify by show router isis adjacency and show router route-table protocol isis

    • Verify LSPs database by show router isis database and show router isis database <hostname>.00-00 detail
      Because router has been configured as an L2 only router, there are no L1 LSPs in IS-IS database. There is one L2 LSP in the IS-IS database that includes the network of interface toR2.
      Note that the L2 LSP is created even though there are no IS-IS adjacencies on which to send the LSP to other routers.

    • Advertise the system interface into IS-IS
      configure router isis interface "system"

    • If passive interface is configured, all same Level IS-IS routers will aware of it and have a corresponding route in their route tables.

    • Configure MD5 authentication type
      configure router isis
        authentication-type message-digest
        authentication-key <ISIS authen-key>
      The advantage of MD5 authentication is that the authentication keys are encrypted rather than sent in plaintext.
    • Configure the router to use wide metrics and a reference bandwidth so that IS-IS computes link metrics the same way as OSPF.
      configure router isis
        reference-bandwidth 10000000
        level 2 wide-metrics-only

    • Multiple IS-IS areas can be used to improve scalability and convergence time.

    • An L1 adjacency will not form in different areas. They must be L2-capable to form an adjacency with a router in a different area.

    • Configure router to summarise address
      configure router isis summary-address <IP/24> level-2

    • RFC 5130 defines the ability to add an additional attribute to IS-IS routes - the administrative route tag. This can be used to identify certain routes that are to receive some special treatment at another point in the network. This might be for routes that are to be exported to another protocol such as BGP (Border Gateway Protocol) or to control leaking between levels in IS-IS.

    • Bidirectional Forwarding Detection (BFD) offers a light-weight, low-overhead, short-duration detection of failures in the path between two systems.
      configure router isis
        interface <interface_name>
          bfd-enable ipv4

    • Transport Tunnels and Service Tunnels:
      • MPLS or GRE tunnels are used to transmit customer data across the service provider network
      • Multiple service tunnels can be carried within a transport tunnel
      • Multiple transport tunnels can be configured on a single network port
      • Inner service label defines the service tunnel; outer transport label defines the transport tunnel

    • Transport and Service Label Encapsulation:
      MPLS encapsulation of VPN service traffic:
      • DLC header - Layer 2 header used to transport the MPLS packet
      • MPLS transport (outer) / tunnel label - The label signalled by the next-hop PE
      • Service (inner) label - The service, or virtual circuit (VC) label that identifies the service the packet belongs to
      • Control word - Optional and primarily used for ATM or Frame Relay services
      • Service packet - The customer data being transported by the service

    • GRE encapsulation of VPN service traffic:
      • IP header and the GRE header are used instead of the MPLS transport label
      • A service label is still required to demultiplex the packet to the appropriate service
      • The service provider routers use the GRE header to route the packet across the network

    • MPLS transport tunnel signalling protocols:
      • LDP or RSVP-TE are used to set up LSPs
      • Provide a means to set up label-switched paths, also known as LSPs, that can carry many other service tunnels

    • Service tunnel signalling protocols:
      • Service labels, or VC labels, are used to encapsulate and identify customer traffic that belongs to a particular service
      • A service label is applied to the customer traffic before the transport label, or LSP label is applied
      • VPLS and VPWS services are signalled using targeted LDP, also known as T-LDP
      • VPRN service is signalled by MP-BGP, based on RFC 4364 (formerly RFC 2547bis)

    • Service Label Signalling:
      • An IGP is used to provide IP reachability to the routers
      • LDP or RSVP-TE is used to signal the transport tunnel label. Once LDP/RSVP-TE converges end-to-end, an LSP is created
      • T-LDP or MP-BGP is used for service signalling. This provides the inner/service label

      • The exchange of service labels occurs when the pseudowire is created
      • The following outlines the service label signalling process:
        1. PE2 sends PE1 a service label (11350)
        2. PE1 sends PE2 a service label (21350)
        3. Unidirectional service tunnels are created
        4. PE1 uses the label (11350) to send traffic towards PE2
        5. Likewise, PE2 uses label (21350) to send traffic towards PE1

    • Distributed Service:
      • A distributed service has components on multiple routers and uses the IP/MPLS network to connect the service and deliver data
      • SDP binding is required to signal the service labels and define the transport to the remote router

    • Binding an SDP to a Service:
      • SDPs provide the binding between the control plane signalling of service labels and the transport tunnels (LDP/RSVP or GRE)
      • To direct a service to use an SDP for distribution, the service is joined to the SDP using SDP binding
      • A service label is not signalled unless the service is bound to an SDP
      • Because all service distribution relies on the SDP, the transport is most often RSVP with fast rerouting capabilities

    • Distributed Service Configuration:
      The following steps must be completed for a successful distributed service operation:
      • IGP configuration - ensure that routing tables have system addresses
      • Signalling transport labels are enabled for either LDP or RSVP
        • LDP has to be enabled for dynamic signalling of service labels using T-LDP
      • Creation of a path - if using RSVP
      • Creation of LSP and bind path - if using RSVP
      • Creation and binding of SDP to LSP - if using RSVP or select LDP

    • Service Verification:
      • Once the service is configured on the remote router with a matching VC ID, a service label is signalled and the service is up:
        PE# show service id 50 base
        Provides a summary status of all services
      • A service label is signalled and the CE routers can connect to each other through the epipe:
        PE# show router ldp binding fec-type services
        CE# ping size 1472 do-not-fragment count 2

    • An example of SDP Path and Network Port MTU:
      • For a gigabit Ethernet network port with an MTU of 9212 (default on the 7750 SR)
      • If SDP uses MPLS encapsulation:
        • SDP path MTU = 9212 (network port MTU) - 14 (Ethernet header) - 8 (two MPLS labels) = 9190 bytes
      • If SDP uses GRE encapsulation:
        • SDP path MTU = 9212 (network port MTU) - 14 (Ethernet header) - 4 (GRE header) - 20 (IP header) - 4 (service label) = 9170 bytes

    • VPLS vs. Epipe/VPWS:
      • Encapsulation and transport mechanism
      • The signalling of transport and service labels
      • They both use SAPs as the demarcation point between the customer and the provider
      • They both support SAP encapsulations of null, dot1Q and Q-in-Q
      • The treatment of customer data at the SAP
      • A VPLS supports multipoint-to-multipoint connections; epipe is a point-to-point service
      • The VPLS appears as a single switched LAN to the customer; the epipe appears as a direct Ethernet connection
      • A VPLS performs MAC learning to build a forwarding database (FDB) containing the addresses of customer-attached devices, but not by E-pipes

    • VPLS Label Signalling:
      • All PE routers in the VPLS are T-LDP peers and exchange labels for the service
      • The VC-ID configured for the service must match among targeted LDP peers
      • Customer frames are encapsulated with a service label and a transport label
      • The VPLS instance on each PE router is often referred to as a virtual switch (VS)

    • Verify the Mesh SDPs:
      • The mesh SDPs are operationally up
      • An ingress and an egress service label have been signalled

      PE# show service id 1000 sdp

    • VPRN Control Plane Tasks:
      • The MPLS/VPRN control plane consists of routing information and label exchange
      • Distinct sets of routes must be exchanged
        • Provider core routing
        • Customer VPRN routing
      • Distinct sets of labels must be exchanged
        • VPN service labels

    • VPN Service Labels via MP-BGP:
      • Inner MPLS (VPN) label is included in the MP-BGP update
      • Tells the far-end PE which label push on the stack such that VPRN data is encapsulated to the correct VRF

    • 6VPE Data Plane - Ingress 6VPE Router:
      • When the ingress 6VPE router receives an IPv6 packet, it looks for the destination address in the VRF table
        • This destination prefix is either local to the 6VPE (which is another interface participating in the VPN) or a remote ingress 6VPE router
      • For the prefix learned through the remote 6VPE router, the ingress router does a lookup in the VPN-IPv6 forwarding table
      • The VPN-IPv6 route has an associated MPLS label to an MBGP next-hop and an associated VPRN service label
      • The ingress 6VPE router needs to push two MPLS labels in order to send the packets to the egress 6VPE router
        • The top label is an MPLS IPv4 label that is used to reach the egress 6VPE router
        • The bottom label is an MPLS label that is advertised in MBGP by the remote 6VPE router for the IPv6 prefixes in the VRF

    • 6VPE Data Plane - Egress 6VPE Router:
      • The provider core (P) routers label switch the packets to the correct egress 6VPE via the transport label
      • The egress 6VPE router receives label-stacked packets from the core
      • The egress 6VPE router pops the top transport label
      • The egress 6VPE router pops the bottom IPv6 VPRN service label and identifies the target VRF and the address family
      • A further Layer 3 lookup is performed in the target VRF and the IPv6 packet is sent toward the proper customer edge router in the IPv6 domain
      • The egress 6VPE forwards unlabeled packets to the customer

    • Types of VPWS:
      • Epipe - emulates a point-to-point Ethernet service
      • Apipe - emulates a point-to-point ATM service
      • Fpipe - emulates a point-to-point Frame Relay circuit
      • Cpipe - emulates a point-to-point TDM circuit
      • Ipipe - provides IP interworking capabilities between different Layer 2 technologies

    • Service Configuration:
      • Once the service infrastructure has been configured, the distributed service can be provisioned
      • The configuration of an epipe is shown below:
        # configure service customer 100 create
        >config>service>cust$ exit
        # configure service epipe 50 customer 100 create
        >config>service>epipe$ sap 1/1/3:50 create
        >config>service>epipe>sap$ back
        >config>service>epipe# spoke-sdp 2:50 create
        >config>service>epipe>spoke-sdp$ back
        >config>service>epipe# no shutdown

         epipe 50 customer 100 create
        service-mtu 1518
        1/1/4:50 create
        2:50 create
          no shutdown

      # show service id 50 base

    • Local epipe service configuration on a single router:
      # configure service epipe 50 customer 100 create
      >config>service>epipe# sap 1/1/1 create
      >config>service>epipe>sap$ exit
      >config>service>epipe# sap 1/1/2 create
      >config>service>epipe>sap$ exit

      No SDP need to be created

    • Distributed Service Configuration - Continued:
      • Customer-facing ports must be changed to access mode and encapsulation must be changed as required to any of the following: null, dot1Q or q-in-q
      • Creation of the service and selection of the service type, including any of the following: epipe, fpipe, apipe, ipipe or cpipe. In addition, the following must also be done:
        • Add SAPs to service
        • Add SDPs to service with VC ID

    • Epipe service does not perform any MAC learning

    • Epipe SAP Encapsulation:
      • SAP encapsulation provides the router with a way of delineating services
      • Ethernet encapsulation:
        • Null - supports a single service on a port
          No VLAN tag
          Example - Port 1/1/1
          • Service is delimited by the port (SAP 1/1/1)
          • The physical port belongs to a single service and a single customer
          • Tags are treated as customer data and are transparent on the network
        • Dot1Q(802.1q) - supports multiple services for a single customer or multiple services for multiple customers
          1 VLAN tag
          Example - port 1/1/1:10
          • Service is delimited by the VLAN tag (SAP 1/1/1:10)
          • Allows more than one SAP to be configured on each physical port
        • Q-in-Q - provides a way to differentiate between customer services based on Q-tags
          2 VLAN tags
          Example - port 1/1/1:10.100
          • Service is delimited by two VLAN tags as port:outer.inter (SAP 1/1/1:10.100)
          • Can specify a top and bottom VLAN ID to be matched
      • VLAN tag is used to determine which service the frame belongs to
      • Multiple SAPs can be defined on a single port for different services

    • Ethernet Frame Encapsulation in an Epipe Service:
      • On the 7750 SR, VLAN tags are stripped at the SAP ingress by default
      • The FCS for the frame is also removed
    • Verify Path MTU Using RSVP ADSPEC:
      • If ADSPEC is configured on the LSP used as the transport for the SDP, the SDP path-MTU is derived from the path MTU signalled in RSVP using the ADSPEC object
      • Negotiated MTU for the LSP is set to the smallest MTU value found on the path
      • configure router mpls
          lsp "
            primary "loose"
            no shutdown
      • show router mpls lsp "to-PE2" path detail
      • The SDP path MTU:
        show service sdp 2
      • The service will down if the SDP path-MTU less than the service MTU
        show service id
        50 sdp 2:50 detail

    • Verification:
      • The command show service id 50 all displays detailed information related to all aspects of the service

    • SDP and VC Type:
      • RFC 4448 defines two VC types for the Ethernet pseudowire
      • The VC type is specified when the SDP is bound to the service and is signalled by T-LDP
        • Ether - specifies raw mode (default)
          • The service delimiting VLAN tag is stripped at the ingress and is not carried across the epipe
        • VLAN - specifies tagged mode
          • A VLAN tags is carried in the frame

    • VC Type Configuration:
      • The epipe which is configured with type VLAN:
        configure service epipe 50
          service-mtu 9000
          sap 1/1/4:50 create
        2:50 vc-type vlan create
          no shutdown

      • The epipe which is using type Ether:
        configure service epipe 50
          service-mtu 9000
          sap 1/1/4:50 create
        1:50 create
          no shutdown
      • T-LDP will not make a pseudowire operational unless the VC ID and VC type match
        show service service-using epipe
      • Change type Ether to VLAN:
        configure service epipe 50
          spoke-sdp 1:50 shutdown
        1:50 vc-type vlan create
            no shutdown

    • Fpipe Common Configuration Tasks:
      • The fpipe uses the same provisioning steps as an epipe, with the following exceptions:
        • The service type is fpipe
        • The physical port or channel is a SONET port set for Frame Relay framing
        • SAP is in the form of port:DLCI (example - 1/1/1:65)

    • The Interworking VPWS capabilities are:
      • ATM:
        • ATM: Apipe
        • Frame Relay: Apipe (FRF.5 interworking)
        • Ethernet: Epipe (bridged) / Ipipe (routed)
      • Frame Relay:
        • Frame Relay: Fpipe
        • Ethernet: Epipe (bridged) / Ipipe (routed)
      • Ethernet:
        • Ethernet: Epipe

    • An ethernet VPN service, such as an epipe service, has a default service MTU of 1514 bytes

    • Spoke SDP Termination on VPWS:
      • Connect a spoke SDP of a VPLS service (mesh-sdp) with an epipe service (spoke-sdp)
      • The VC-ID of the spoke SDPs on the epipe service and the VPLS service must match
      • VC-ID does not have to match the service ID of either the epipe or the VPLS
      • The service MTU of the VPLS and epipe service must match
      • Configuration:
        configure service vpls 1000
        1/1/4 create
        1:100 create
        3:1000 create
        4:1000 create
          no shutdown

    • The example of svc-ping:
      oam svc-ping service 100 local-sdp
      oam svc-ping service 100 local-sdp remote-sdp
      • The svc-ping output shows the service MTU as the configured value for the epipe

    • The example of Local Mirror Configuration:
      • The mirror destination is configured on SAP 1/1/2
      • The mirror source is configured on SAP 1/1/4 of the epipe to mirror both ingress and egress traffic

      configure mirror mirror-dest 99
        sap 1/1/2 create
        no shutdown

      debug mirror-source
        sap 1/1/4 ingress egress
        no shutdown

    • Create a sniffer using IP filter on an epipe SAP configuration:
      • Define the filter:
        Sniffer> configure filter
          log 111 create
            destination memory 100
        11 create
        10 create

              action forward

      • Applying the filter
        configure service epipe
        1/1/1 create

        1/1/2 create

              filter ip


          no shutdown
      • configure service epipe show filter log 111

    • Layer 3 Service Spoke SDP Termination Overview:
      • Introduces the ability to connect the spoke SDP of a Layer 2 service with a Layer 3 service
      • The spoke is tied to a Layer 2 Service (VPLS or epipe)
      • A Layer 3 (IES or VPRN) IP interface terminates the spoke SDP

    • Spoke SDP Termination: MTU Considerations:
      • By default, epipe and VPLS services are configured with a service MTU of 1514. By default, the signalled VC-MTU is 1500.
      • IES and VPRN services have no service MTU configured. By default, there is also no SDP path MTU configured.

    • 3 Epipe services and 2 VPLS services have been configured between two PE routers. 10 service labels will be signalled in total.

    • The following types of service are offered:
      • VPN services
        • Virtual private wire service (VPWS) - provides a point-to-point service that emulates a leased line
        • Virtual private LAN service (VPLS) - provides a multipoint Ethernet service similar to an Ethernet switch
        • Virtual private routed network service (VPRN) - provides a multipoint IP routed service
      • Internet Enhanced Service (IES)
        • Provides the customer with a Layer 3 IP interface to send and receive Internet traffic
      • Mirroring services

    • Virtual Private LAN Service (VPLS):
      • VPLS is an Ethernet service that connects multiple sites in a single switched domain over a provider-managed IP/MPLS network
    • VPLS Advantages:
      Customer's perspective:
      • It looks as if all sites appear to be connected to a single-switched VLAN
      • Transparent to the customer's data
      • Can operate over a single, local site or over multiple, geographically-dispersed sites
      • Fames are only forwarded across the required links in the network

      Service provider's perspective:

      • The advantages to the service provider are similar to those of a VPWS service

    • VPRN Advantages:
      Customer's perspective:
      • Sites are connected to a private routed network administered by the service provider for that customer only
      • Separate and independent IP address plan per VPRN
      • The VPRN can operate over a single local site or over multiple geographically-dispersed sites

      Service provider's perspective:

      • The advantages to the service provider are the same advantages as for a VPWS or VPLS service

    • VPLS Overview:
      • VPLS is an Ethernet service that connects multiple sites in a single switched domain over the provider-managed IP/MPLS network
      • VPLS is essentially an enhancement of the VPWS
      • Multiple VPLS services can be deployed using the same IP/MPLS core

    • VPLS: Customer Operation:
      • Customers maintain complete control over routing
      • Adding new sites requires minimal reconfiguration at existing sites

    • Virtual Switch (VS) Functionality:
      • VPLS connects the customer's multiple locations like a virtual Ethernet switch
      • All SAPs belong to the same broadcast domain in a VPLS, regardless of the VLAN tags

    • VPLS Flooding Behaviour:
      • Known unicast traffic is sent to the destination
      • Traffic to multicast, broadcast or unknown unicast addresses is flooded to all local SAPs and remote PEs in the service
      • In a basic VPLS, the SDP is bound to the service as a mesh SDP
      • Mesh SDP floods frames received from a SAP or from a spoke SDP but does not flood frames received from another mesh SDP
      • Mesh SDPs prevent loops
      • Spoke SDP floods frames received from a SAP, spoke SDP or mesh SDP

    • On a dot1Q encapsulated port, frames with a VLAN tag of 0 and untagged frames are forwarded to the null SAP

    • By default, a PE Maintain a different Forwarding Data Base for each service and Mac learning to support VPLS services for different customers

    • Like any IP interface, the customer can use the IES interface as a neighbour for a routing protocol such as OSPF, IS-IS or BGP

    • A CE 6VPE deployment using a VPRN:
      configure router bgp
        group "group"
          family ipv6
            export "direct-bgp"
        no shutdown

    • Epipe services do not consume any MAC resources because MAC learning is disabled

    • A VLAN tag of 0 is added as the provider VLAN tag when a packet without a VLAN tag is received on a SAP provisioned with null encapsulation while an SDP vc-type is provisioned as vlan

    • SDP path MTU:
      • The network port MTU between P is required to support a service MTU
      • To determine the effective path MTU of the SDP, the command oam sdp-mtu is used
        oam sdp-mtu 2 size-inc 1450 1500 step 10
        The effective path MTU for SDP is the link MTU - 22 bytes transport encapsulation overhead

    • Fragmentation is not supported on a Layer 2 service

    • config>service# epipe service-id no shutdown commands is used to enable an Epipe service

    • config>service>ies# interface "to-CE" create command syntax would be used to create a new routed interface on an existing IES service

    • A separate MAC FDB is used on the PE for each VPLS service

    • 6VPE:
      • 6VPE does not require an IPv6-aware MPLS core
      • 6VPE is a tunnelling technology that makes use of MPLS tunnels to transport IPv6 information over an IPv4 MPLS infrastructure
      • On the PE router, the next hop for a VPN IPv6 address is an IPv6 address, regardless of the nature of the network between the PEs
      • Customers connected to 6VPE could run native IPv6 or IPv4

    • VPRN:
      • Each VPRN consists of a set of customer sites connected to one or more PE routers
      • Each customer router becomes a routing peer of the provider router that is directly connected to, not a peer to the other customer routers
      • VPRN is an IP service that connects multiple sites in a single routed domain over the provider-managed IP/MPLS network
      • VPRN provides customer routers with transparent IP connectivity without knowledge of the MPLS core

    • The show router <service id> fib command can be used to verify the contents of the FIB
      Prefixes learned from traditional routing mechanisms are listed and associated with the traditional IP forwarding parameters of the next-hop address and egress interface
      Prefixes learned from MP-BGP as VPN-IPv4 routes are listed and associated with the egress label and MPLS forwarding and LSP parameters

    • The basic idea behind lsp-ping and lsp-trace tests is to verify that packets that belong to a particular FEC actually end their MPLS path on an LSR that is an egress for that FEC
      # oam lsp-ping prefix
      • The test fails if the LSP is not operationally up
      • Echo reply packets may not take the same path as the LSP
      • An echo request is sent based on the LSP's label stack
      # oam lsp-trace prefix detail

    • configure service epipe service-id customer customer-id create command is used to create a new Epipe service

    • The default 7750 SR behaviour describes all routes in a VRF that are advertised to other PE routers, does not advertise all routes in the VRF to a CE router

    • C-pipe service type would be used to provide a bi-directional Layer 2 connection of TDM circuits over an IP/MPLS network

    • The router reads the source MAC address of frames passing through the service describes how a MAC FDB is populated in a VPLS service

    • On a Nokia 7750 SR, by default, T-LDP is used for signalling service labels, the VC ID on the mesh SDPs of a VPLS are set to the service ID, and Mesh SDPs are used for VPLSes to avoid loops

    • Example of Remote Mirror Configuration - Mirror Source:
      PE2# configure mirror mirror-dest [999] create
      1:999 create
        no shutdown

      # debug mirror-source [999]
        sap 1/1/4 egress ingress
        no shutdown

      Mirror Destination:
      PE1>config>mirror# mirror-dest [999] create
      1/1/2 create
        no shutdown

      PE2# show service sdp-using

    • lsp lsp-name and ldp are used to configure an MPLS signalling type to be used on an SDP

    • sdp-ping:
      • Tests ability to reach the far-end IP address of an SDP ID within the SDP encapsulation
      • Provides in-band uni-directional connectivity tests
      • Provides in-band round-trip connectivity tests
    • VPRN data plane:
      • A data packet arrives at the ingress PE and is encapsulated with both the outer/transport label, learned through LDP, as well as the service label, learned through T-LDP or MP-BGP
      • As the data packet traverses the P routers, the outer label is swapped while the inner label remains unchanged
      • Upon receiving the data packet, the receiving/egress PE removes the outer LDP label. Then, prior to removing the inner label, the receiving PE maps it to the appropriate service
      • The result is the original data packet, which is then forwarded to correct interface for the service, and then on to the CE

    • The two PEs are providing 6VPE and IPv4 VPRNs. The core network is IPv4/MPLS. family vpn-ipv4 vpn-ipv6 is the BGP family configuration for the MP-BGP on the PEs

    • Traffic is flooded to all SAPs, spoke SDPs, and mesh SDPs in the service describes the flooding of traffic on a PE when traffic is received on a spoke SDP

    • FRF.5 is a standard that describes Frame Relay tunnelling over an ATM core network

    • VPRN Architecture:
      • Label Stack:
        • A VPRN service uses a label stack consisting of two labels
          Layer 2 | LSP Label | VPN Label | IP Data
        • The outer label is known as the top, transport or LSP label and identifies the transport tunnel between PEs
          Allows traffic to transit across the MPLS network
        • The inner label is known as the service or VPN label and identifies the customer VPRN service
          MP-BGP is used to signal
      • Only the IP packet that is encapsulated for transmission across the VPRN

    • A Cpipe supports both structured and unstructured frames

    • Maximum Transmission Unit (MTU):
      • MTU is an important issue in both Layer 2 and Layer 3 services
      • For an IP/MPLS network, the following MTU entities must be considered:
        • Access port, or SAP MTU
        • Service and VC MTU
        • SDP path MTU
        • Network port MTU
      • Oversized frames arriving at a Layer 2 interface are not fragmented
      • Layer 3 services will fragment oversized packets for transmission

    • sap 1/1/1:4.* defines a SAP that will select frames with an outer tag of '4' and ignore any inner tag on a Q-in-Q encapsulated port

    • OAM tools are useful in managing and troubleshooting a network
      • MPLS paths diagnostic tools:
        • lsp-ping and lsp-trace
      • SDP diagnostic tools:
        • sdp-ping and sdp-mtu
      • Service diagnostic tools:
        • svc-ping

    • SVC-ping or Service ping:
      • Verify the round-trip/end-to-end connectivity and delay to the far-end of the service and test the SDPs of a service in both directions
      • Verify the correct and consistent provisioning of a service between two service end points

    • Service Distribution Point (SDP) Characteristics:
      • A service distribution point (SDP) is a logical entity used to direct traffic for a service from one router to another through a unidirectional service tunnel
      • SDPs are locally unique; the same SDP ID can be used on another router
      • SDPs use the system IP address to identify far-end destination
      • An SDP is not specific to one service; many services can use the same SDP
      • All services bound to the same SDP will have the same transport encapsulation
      • Any operations on an SDP will affect all services that are bound to that SDP

    • Configuring the physical port in access mode and Enabling the port using the no shutdown command need to be configured before a SAP appears

    • Set the ip-mtu of the IES to match the service MTU of the VPLS is the recommended approach for making sure that MTUs between a VPLS and its spoke IES termination match

    • Topology:
      CE1 - PE1 - P1 - P2 - PE2 - CE2 -
      A: CE1# traceroute
      traceroute to, 30 hops max, 40 byte pakets
        <output omitted>
      PE1 and PE2 are providing a VPRN for the CEs. The traceroute run on CE1 will only show 3 hops: CE1-PE1, PE1-PE2 and PE2-CE2

      A routing policy is not required on PE1 to advertise a CE1's system interface to PE2; the default behaviour on the 7750 SR is to advertise all VPRN routes between PE routers

    • IES Spoke SDP Termination to a VPLS - IP MTU:
      The MTU values can be made to match by:
      • Changing the VC-MTU of the IES using the ip-mtu command (preferred method)
        • For Layer 3 service: the signalled VC-MTU = configured IP-MTU
          A: PE-1# configure service ies 100 interface "To_VPLS_1000"
            ip-mtu 1500
      • Adjusting the SDP path MTU (not recommended)
      • Adjusting the network port MTU (not recommended)

      Whereas in epipe and VPLS services the signalled VC-MTU = configured service-mtu - 14 (Ethernet header)

    • If the router is rebooted after an "admin save" has been performed, Only the mirror source must be re-configured

    • A network consists of four PE routers. A customer requires a VPLS and has sites connected to each PE. The VPLS is fully meshed using IP/MPLS. 3 SDPs must be configured on each PE

    • Hierarchical VPLS (H-VPLS):
      • Enables VPLS services to span multiple metro networks
      • Creates scalable VPLS. They allow a VPLS to scale more easily. They simplify the configuration required when adding new PEs
      • A spoke SDP is used to connect smaller meshed VPLSs together

    • The purpose of an MP-BGP in a VPRN:
      • The service provider uses MP-BGP to distribute the routes for the different customer networks
      • In a VPRN service, MP-BGP is used to exchange customer routes across the VPRN
      • Targeted (targeted) LDP/T-LDP or MP-BGP is used to establish/creates an end-to-end connection-oriented session between PEs, and providing/propagates the inner/service label

    • Transport tunnels:
      • RSVP-TE or LDP signalled LSP:
        • Labels are signalled using RSVP-TE or LDP
        • The MPLS-encapsulated data is forwarded to the egress PE for the service
      • GRE tunnel:
        • The data is encapsulated with an IP header
        • The source IP address is the ingress PE router and the destination address is the egress PE router
        • Typically used when there are routers in the transport network that do not support MPLS label switching

    • Service tunnels:
      • MP-BGP or T-LDP are used to set up per-VPN service tunnels

    • Multiprotocol BGP (MP-BGP):
      • Multiprotocol BGP (MP-BGP) extensions allow VPN-IPv4 prefixes to distribute VPRN routing information across the service provider's network
      • The VPN-IPv4 address family is only used in the provider core control plane when exchanging MP-BGP routing updates

    • Virtual Private Routed Network (VPRN):
      • VPRN is an IP (Layer 3) service that connects multiple sites in a single routed domain over the provider-managed IP/MPLS network
    • Spoke SDP Termination: MTU Considerations:
      • The VC-MTU is derived from the configured service MTU (VC-MTU = configured service MTU - 14 (Ethernet overhead, FCS not counted)
      • Service MTU cannot be configured on IES or VPRN service
      • If no service MTU is configured, the VC-MTU is derived from the configured SDP path MTU (VC-MTU = configured SDP path MTU - 14 (Ethernet overhead, FCS not counted)
      • If the SDP path MTU is not configured, the SDP path MTU and the VC-MTU are derived from the network port MTU
        • SDP path MTU = network port MTU - 4 (transport label) - 4 (VC-label) - port encapsulation (14 in case of null encapsulation, 18 in case of dot1Q...)
        • VC-MTU = network port MTU - 14 (port encap) - 4 (transport label) - 4 (VC-label) - 14 Ethernet overhead

    • VPRN Features:
      • VPRN site additions or removals can be accomplished with minimal additional configuration
      • VPRN utilizes MPLS label stacking:
        • The outer label allows traffic to transit across the MPLS network
        • The inner label determines the VPRN
      • Provides connectivity among any number of customer sites
      • Provides customer routers with transparent IP connectivity without knowledge of the core router

    • Enable MPLS:
      • Network ports and system interfaces are added to MPLS
      • Enable RSVP with the no shutdown command

      A: PE-1# configure router mpls
        interface "system"
        interface "
        no shutdown
      configure router rsvp no shutdown

      show router mpls interface

    • SDP Encapsulation Types:
      MPLS encapsulation:
      • Uses LDP or RSVP-TE for label signalling
      • LDP relies on an IGP to find its path
      • RSVP-TE requires additional configuration
      • RSVP-TE allows finer control paths
      GRE encapsulation:
      • Encapsulates traffic in an IP/GRE header, appears as an IP packet
      • Low control plane overhead
      • GRE uses normal IP routing to find a path

    • Multiprotocol BGP (MP-BGP):
      • The sending PE will add the RD to the IPv4 prefixes before sending the VPN-IPv4 prefixes in MP-BGP updates
      • MP-BGP updates include VPN-IPv4 unique addressing for customer routes and the RT to identify VPRN membership at the receiving PE
      • The route target identifies to the receiving PE the VRF that a VPN-IPv4 prefix is associated with
      • MP-BGP is an enhanced version of BGP that can carry customer route prefixes for multiple VPRNs

    • Signalling is required between the PE routers in order to provide the necessary connectivity information throughout the VPN. Two approaches exist to provide this end-to-end signalling information.
      • The Draft-Martini uses T-LDP between the PE routers to distribute VC labels. This mechanism contains information such as the unique VC ID, the specific interface parameters and the VC Type, such as ATM, Frame Relay and Ethernet. The PE routers use this information to build the forwarding tables and set up the VC LSPs.
      • The Draft-Kompella approach makes use of BGP between the PE routers to advertise route distinguishers and route targets. This enables the receiving PE to determine if the incoming BGP update is relevant for its VPN clients. If so, the receiving PE accepts the update and populates the forwarding tables accordingly.

      Martini draft was standardized under RFC 4096. Draft-Kompella is obsolete and was not standardized

    • Service Access Point (SAP):
      • A SAP is the subscriber's point of interface/entry to the service network
      • A SAP is specified as a physical port and an encapsulation identifier
      • To be used as a SAP, a port must/can only be configured/created on a port configured as "access"
      • A SAP is created by specifying a physical port and an encapsulation type

    • SAP Configuration Considerations:
      • A SAP ID is locally unique - the same SAP ID value can be used on another service router
      • A SAP is associated with a single service and can only be configured on an access port
        • A port or channel can have more than one SAP configured on it
      • All SAPs must be explicitly created and are administratively enabled at the time of creation - there are no default SAPs
      • VLAN IDs have local port significance
      • A SAP can be configured with any of the following:
        • Ingress and egress filter policy
        • Ingress and egress QoS policy
        • Ingress and egress scheduler policy
        • Accounting policy
      • SAPs can be defined on Ethernet, POS, SONET/SDH, or TDM channels
      • Multiple SAPs can be defined on the same port

    • An Internet Enhanced Service is a routed service where the CE communicates with a Layer 3 interface to send and receive traffic

    • SDP IDs are locally unique and SDPs are a logical way to direct traffic from one router to another

    • VPN labels:
      • They are signalled between PE devices using MP-BGP
      • They are also known as the inner label or service label
      • They indicate to the egress PE the VPRN to which a packet belongs

    • An E-pipe is configured with a service MTU of 5000. 5004 is the minimum MTU value that should be set on an access port for a dot1q encapsulated SAP on this service

    • An E-pipe service configured with SAP 1/1/1:5 and SAP 1/1/1:6. If the SAP 1/1/1:5 accepts an ingress frame, the frame egresses from 1/1/1:6 with VLAN tag 6

    • In a VPLS service, the mesh-sdp vc-id is identical to the service id by default

    • 6VPE Routers MP-BGP Configuration:
      PE1> configure router bgp
        group "
      vpn-ipv4 vpn-ipv6
            peer-as 64496

    • A CE is connected to an IES interface must be on the same subnet as the IES

    • When configuring an IES spoke termination to a VPLS, Spoke-SDP with matching vc-id configured and MTU must match on both services must be explicitly configured in order for the service to come up

    • Must be configured when configuring an Epipe service:
      • Binding to an SDP if it is a distributed service
      • Enabling the service using the no shutdown command
      • Defining a SAP or SAPs
      • Configuring an Epipe service with a customer ID

    • Fpipe is a VPWS service would be used to create a point-to-point Frame Relay service

    • A VPLS receives a frame with the single VLAN tag 35 on the Q-in-Q SAP 1/1/1:35.*. Default behaviour is the VLAN tag is removed, and the frame is transported over the network

    • 1540 is the minimum Ethernet physical network MTU required for a Layer 2 service on an MPLS encapsulated SDP with a service MTU of 1518

    • Tree config>service# in the CLI would need to be in to add a QoS policy to a SAP

    • The oam vprn-ping command is used to verify that the customer VPRN service is operational
      PE1> oam vprn-ping <vprn-id> source <lan-ce1-ip> destination <lan-ce2-ip>

    • When a Router is rebooted the mirror source must be re-configured and a mirror destination is shut down by default
    • Complete the VPRN service configuration on PE for Customer Blue:
      A: PE# configure service vprn 10 customer 10 create
        description "
      Customer Blue"
        autonomous-system 64496
        auto-bind ldp
        vrf-target target:
        interface "toR3" create
          sap 1/1/3 create
          group "
              export "mbgp-bgp"
              peer-as 64497
        no shutdown

    • MP-BGP protocol is used to signal the service label for a Layer 3 VPRN service

    • A service:
      • Provides connectivity between customer access points
      • A logical entity that provides a uniform, end-to-end configuration, management and billing model for provisioning either the Internet or VPN connectivity
      • A service that can either be local or distributed

    • adspec command is used in an RSVP signalled MPLS tunnel to validate the path MTU based on signalling across the LSP

    • Conditions are necessary in order for service labels to be signalled between two PE routers:
      • LDP must be enabled on both PE routers
      • The transport tunnel must be operationally up between the two PE routers in both directions
      • The VC-ID must match between the two PE routers in both directions

    • # show service id 333 base command can indicate that an SDP is up or down
      # show router ldp bindings service-id 333 command
      • Can show the service MTU on peer has been set to a different value or not
      • Can be used to compare the VC MTU signalled between two PE routers
      • RMTU = 0 means peer has not sent a label to this router yet

    • An IES must have at least one SAP defined

    • In a Layer 2 encapsulation, using Martini, the first (top) label represent Tunnel Label

    • Configuring an SDP between an IES and a VPLS, the SDP must be a spoke and the layer 2 MTUs must match between the IES and the VPLS

    • In a Layer 2 VPN service, the FCS is stripped when a customer packet arrives at the ingress PE and regenerated on egress

    • VPN-IPv4 address family:
      • A VPN-IPv4 prefix is composed of a route distinguisher (RD) and an IPv4 address
      • PE routers are responsible for creating VPN-IPv4 prefixes
      • VPN-IPv4 allows multiple customers to have overlapping IP addresses

    • On the spoke SDP in the E-pipe component is vc-type configured to create an E-pipe service that preserves the VLAN tag during transport

    • The OAM command svc-ping can be used with options local-sdp and remote-sdp, local-sdp indicates that the ping is sent in-band, and remote-sdp indicates the return ping is in-band

    • 6 service labels must be signalled to bring up a fully-meshed VPLS among three PE routers (3x(3-1))

    • A route target is:
      • Route target attributes are earned in an MP-BGP as attributes of the route
      • Used by the PE router to identify the VRF that a VPN-IPv4 prefix is associated with
      • A mechanism from which VPRN controls the distribution of VPN routing information
      • A BGP extended community used to identify the VRF table for a prefix at the receiving PE

    • Routing information between the CE and PE can be exchanged using the BGP, RIP, OSPF, static routes, and OSPF3 methods

    • SAPs:
      • VPWS: SAPs can be defined on Ethernet, POS, SONET/SDH, or TDM channels
      • VPWS: Two SAPs can be defined for a service that originates and terminates on the same router
      • VPLS: More than two SAPs can be defined in a service

    • By default, Maintains a different MAC Forwarding Database for each service does a router do to support VPLS services for different customers

    • Flood the frame to all PEs participating in the service does a PE do when a frame is received in a VPLS service with an unknown destination address by default

    • Routes are exchanged between CE1 and PE1 using BGP. CE2 and PE2 use static routes to forward traffic to and from the VPRN:
      • An export policy is required on PE1 to advertise routes to CE1
      • An export policy is required on CE1 to advertise local routes to PE1
      • No export policy is required on PE2 or CE2 due to the static routes

    • A customer has sites on three different routers. The customer requires a fully-meshed VPLS. Each router requires 2 SDPs

    • When configuring distributed services across a network, it is considered best practice to configure Customer ID and Service ID parameters as globally significant

    • The keys benefit of a VPLS service:
      • The customer maintains complete control over routing
      • The clear demarcation of functionality between service provider and customer makes troubleshooting easier
      • The adding of new sites is simplified; no re-configuration is required at existing sites

    • Dot1Q SAPs:
      • The dot1Q default SAP (port:*) accepts all untagged frames and any frames with tag values that are not used as a service-delimiting value on another SAP
      • A dot1q null SAP (port:0) and a dot1q default SAP (port:*) cannot both be defined on the same port
      • The dot1Q default SAP (port:*) can be used to pass VLAN tags transparently through a network

    • Customers can connect to the same service using different subnets is a benefit of VPRN as compared to VPLS

    • A SAP configured in the form of 1/1/1:0/32 would be used for A-pipe type of VPWS

    • 20 service labels must be signalled to bring up a fully-meshed VPLS among five PE routers

    • A separate FDB is maintained for each VPLS service to track MAC addresses learned from each service

    • An IES interface has an IP address assigned to it and IES has a configurable IP-MTU are the two major differences between configuring an IES service and configuring VPWS or VPLS services

    • Example of IES Configuration:

      A: PE-1# configure service ies 100
        interface "to-Site1" create
      1/1/4:1 create
        interface "
      to-Site2" create
      1/1/4:2 create
        no shutdown

      A: CE1# configure router
        interface "
        interface "

    • A fully meshed VPLS service with a default setting:
      • The signalling on all PE routers will default to TLDP in the configuration of the SDPs; therefore, no configuration change is required for dynamic signalling
      • The vc-id on the mesh-sdp must be explicitly configured
      • The VPLS service id, on all PE routers, must match

    • Ingress label, MAC filter, and IP filter can be used as a mirror source, Egress label CANNOT
    • Customer 'A' has sites on 3 different PE routers. The routers are connected to each other through an IP/MPLS network in a full mesh fashion. Customer 'A' requires a VPLS service. Each router requires 2 SDPs with 1 VPLS service

    • VPRN VRF tables:
      • Each VRF table contains routes for a single VPRN
      • VPN labels identify which VRF table should be used for a packet
      • Route targets are used to determine if a prefix belongs to a VRF

    • F-pipes:
      • F-pipes use SAPs in the form of port: DLCI (e.g. 1/2/3:65)
      • The MPLS control word is required because the Frame Relay header is not encapsulated in the frame
      • To the customer, the PE appears as a native Frame Relay UNI (User Network Interface)

    • CF3 is the BOF.cfg file normally stored

    • When using a network manager, need to enable persistence

    • If node has two SF/CPM cards, the first one to boot up becomes the primary card

    • The help command:
      • help [ edit | globals ]

      When entering a CLI command, context-sensitive help is accessed using the question mark (?), it will list all the options for the command

      A: R1# configure r?  # Tab or Space would have had
      redundancy  router  # the same effect in this case

      A: R1# configure router interface ?
        - interface <interface-name> [unnumbered-mpls-tp]
        - no interface <interface-name>
        - interface <interface-name> gmpls-loopback

    • admin display-config command is used to display the complete configuration of an SR!

    • Working from a particular CLI context & want to see the commands available from current context. tree command can issue to view this information

    • Rollback allows one to undo software changes without rebooting the node

    • config.rb is the newer rollback file

    • Default: 10 and Max: 50 number of local checkpoints that can be configured

    • Location where the checkpoint/rollback files are saved/stored (can be local or remote) needs to be configured

    • admin rollback view or file type cf:3\rollbacks\config.rb name the command to examine a checkpoint

    • configure card <slot-number> card-type <card-type> : enable IOM card
      configure card 1 card-type iom3-xp-c
      configure card <slot-number> mda <mda-slot> mda-type <mda-type> : enable MDA card
      configure card 1 mda 1 mda-type m20-1gb-sfp
      show card [state]
      show mda

    • configure port 1/1/1 no shutdown
      configure port 1/1/[1..7] no shutdown
      show port

    • configure router interface <name> loopback
      configure router interface loopback loopback
      configure router interface <name>
      configure router interface <name> address <IP-address>
      configure router interface <name> port <port>[:<vlan-tag>]
      configure router interface toR2
        port 1/1/2
        no shutdown
      show router interface : can be used to verify that an interface has been properly configured

    • admin display-config, show card, show mda, show port commands can be used to verify that cards, MDAs and ports are properly configured

    • For a system interface, the parameters needed are the reserved name system and a /32 IP address
      For a loopback interface, the parameters needed are a name, an IP address and the keyword loopback instead of a port association
      For a physical interface, the parameters needed are a name, an IP address and a port association; if the port uses dot1Q encapsulation, the VLAN tag value needs to be specified along with the port Id

    • If have not configured any routing protocol, can ping IP addresses that belong to the same sub-network as the local interfaces. IP sub-networks corresponding to local interfaces are automatically added to the route table

    • Provides an unreliable, connectionless data transmission service is a characteristic of the IP layer

    • Every Host device must have a unique L3 @ in order to access the Internet

    • The packet is dropped & an ICMP Destination Unreachable message is returned does a router handle a packet when there is no entry in the Routing Table for the packet's destination

    • A static route type:
      • Next-hop: specifies the IP address of the interface of the next hop router on a directly connected link
      • Indirect: specifies the IP address of the interface of the next hop router, not directly connected, but at least 1 hop away
      • Black Hole: used to silently discard an IP packet with the specified IP-DA

    • The administrator must configure the static routes manually

    • Characteristics of a static route:
      • Less memory & processing requirements than a dynamic routing protocol
      • Used for routers that connect to stub networks
      • Used to indicate a default route or a Gateway of Last Resort

    • configure router static-route/-entry <remote network/mask> next-hop <next-hop-address> {preference} <value>
      configure router static-route next-hop no shut
      show router static-route
      show router route-table
      show router route-table protocol static
      ping <ip-address>
      traceroute <ip-address>

    • The algorithm used to calculate shortest paths is known as Shortest Path First (SPF) or Dijkstra's algorithm

    • Two optimizations are introduced to reduce the protocol related communication among the routers due to SPF algorithm and to decrease the convergence time : sub-dividing the network into areas, and electing designated routers on broadcast links

    • Adjacency, Link-state, and Forwarding databases name the DBs any router running a Link-State routing protocol will maintain

    • OSPF area types:
      • Stub: No External Routes from every where
      • Stub No Summary (Totally stub): No External Routes & No Routes from other Areas
        Area in which routers want to know explicitly only about networks directly attached to routers within the same OSPF area, but not about OSPF networks in other areas or about external networks; they rely on ABRs to reach unknown networks by means of a default route installed in the routing table pointing to an ABR
      • NSSA: No External Route from other Areas but External Routes are allowed within Area
      • NSSA No Summary: No External Routes from Another Area as well as No Routes from Another Area But External Routes are allowed if there are generated within my Area

    • In broadcast networks the DR sends Link-state advertisements describing the network
    • Properly configure a single/multiple-area OSPF instance:
      • Enable the OSPF context
      • Create an area/many areas as needed
      • Add to this/each area the system and the physical interfaces on which OSPF is to be spoken
      • Select the proper interface type (point-to-point or broadcast)
      • Specify the type needed for each area

    • configure router ospf area <area-id>
      configure router ospf area <area-id> interface <interface-name> [interface-type <type>]
      configure router ospf area 0 interface toR2 interface-type point-to-point
      configure router policy-options
        prefix-list loopback
          prefix-list exact
        policy-statement from-direct-to-ospf
          entry 10
              protocol direct
              prefix-list loopback
              protocol ospf
            action accept
      configure router ospf export <policy-name>
      configure router ospf export from-direct-to-ospf
      configure router ospf asbr
      configure router ospf
      [no] shutdown
      show router ospf status
      : provides information as to whether the protocol is operational
      show router ospf <instance-number> interface : lists the interfaces that are running OSPF and whether they are operational; it also displays the area that the interface belongs to
      show router ospf <instance-number> neighbors : displays a list of neighbours that have been discovered and the status of the adjacency that is being formed with each of them; it also displays the area that the adjacency belongs to
      show router ospf <instance-number> database : displays the list of LSAs (Link State Advertisements) that have been exchanged with adjacent neighbours; it also displays the area that each LSA belongs to
      show router ospf routes : displays the list of IP sub-networks that have been discovered as well as the calculated next hop for each one of them

    • Loop Free Alternate (LFA) or IP Fast ReRoute:
      The goal is to reduce failure reaction time to 10s of milliseconds by using a pre-computed alternate next-hop, in the event that the currently selected primary next-hop fails so that the alternate can be rapidly used when the failure is detected

    • LFA is based on two principles:
      • local rerouting
      • pre-computed detours

    • LFA paths can only be calculated when the router works in chassis mode d, default is a
      show chassis
      configure system chassis-mode d
      : no service impact
      configure router ospf loopfree-alternate
      show router route-table

        Flags: L = LFA
      show router route-table alternative

    • show router fib <slot-number>
      show router fib 1
      To allow the router to use the alternative paths found, the following command needs to be issued:
      configure router ip-fast-reroute

    • The primary path and the LFA path do not constantly share the traffic load. Only the primary path is active and the LFA path will only become active if the primary one fails. The goal of enabling LFA is resiliency, not load-balancing

    • An OSPF ASBR does not need interface in the backbone area

    • configure router ospf area <area-id> stub
      configure router ospf area <area-id> stub no summaries
      configure router ospf area
      <area-id> nssa
      configure router ospf area <area-id> nssa originate-default-route

    • Features are supported by IS-IS:
      • The ability to customize the link cost metric
      • PDU authentication
      • Classless routing

    • IS-IS packet types:
      • Hello: discover neighbouring routers, assess if they are compatible to establish an adjacency, elect the DIS on broadcast links, As keep-alive after an adjacency has been formed
      • Partial Sequence Number PDU - PSNP describes contents of the local LSDB in a condensed manner, partial list of the LSPs included in LSDB
      • Complete Sequence Number PDU - CSNP describes contents of the local LSDB in a condensed manner complete list of the LSPs included LSDB
      • Link-State PDU - LSP share topology & IPv6 reachability info to calculate the shortest path to any sub-network

    • IS-IS adjacency states:

      • Down:
        • If neighbour has not been discovered
      • INIT:

        • one-way communication has been verified via Hello messages
        • If adjacency is stuck either Down or INIT state, some parameters are not compatible (area for L1, authentication, interface types - point-to-point vs. broadcast)
      • UP:
        • two-way communication has been verified via Hello messages
        • If adjacency is UP, but routing info is not shared, authentication for Hello messages is properly configured, but authentication for other types of messages is misconfigured

    • Properly configure a single-area/multiple areas IS-IS instance:
      • Enable the IS-IS context
      • Associate the router to the proper area
      • Add to the IS-IS context the system and the physical interfaces on which IS-IS is to be spoken (remember that in IS-IS it is the router which belongs to one area or another, not the interfaces)
      • Select the proper interface type (point-to-point or broadcast)
      • Make sure that routers at the border between two areas are L1/L2 capable and that there is a continuous backbone of L1/L2-capable routers in the network

    • configure router isis area-id <area-id>
      configure router isis area-id 49.00
      configure router isis interface <interface-name> [interface-type <type>]
      configure router isis interface system
      configure router isis interface toR2 interface-type point-to-point
      configure router isis export <policy-name>
      configure router isis [no] shutdown
      show router isis
      <instance-number> status : provides information as to whether the protocol is operational
      show router isis <instance-number> interface : lists the interfaces that are running IS-IS and whether they are operational; it also displays if the interface is L1- or L2-capable (or both)
      show router isis
      <instance-number> adjacency : displays a list of neighbours that have been discovered and the status of the adjacency that is being formed with each of them; it also displays the level that the adjacency belongs to (L1, L2 or both)
      show router isis
      <instance-number> database : displays the list of LSPs (Link State PDUs) that have been exchanged with adjacent neighbours; it also displays the level that the LSP belongs to (L1 or L2)
      show router isis <instance-number> routes : displays the list of IP sub-networks that have been discovered as well as the calculated next hop for each one of them

    • configure router isis loopfree-alternate
      required: configure router ip-fast-reroute
    • configure router isis interface <interface-name> [level-capability <level-2 | level-1 | level-1/2>]
      configure router isis interface toR7 level-capability level-1
      configure router isis [level-capability <level-2 | level-1 | level-1/2>] : default is level-1/2
      configure router isis level-capability level-1

    • There is only one IS-IS area type. In IS-IS all areas are the same. L2-capable routers are aware of every IP sub-network (internal or external) advertised by all IS-IS routers, while L1-only routers are aware only of internal IP sub-network advertised by routers within the same area

    • A L1-only router will choose a L2-capable router as its gateway to all unknown IP sub-networks, whether sitting in a different IS-IS area or outside the IS-IS domain

    • MPLS transport signalling protocols used to set up LSPs is the definition for LDP or RSVP-TE

    • Processes create and maintain link LDP sessions:
      • Peer discovery
      • Session establishment
      • Label management
      • Notification

    • Properly configure LDP:
      • Enable the LDP context
      • Add to the interface-parameters context the physical interfaces on which LDP is to be spoken

    • configure router ldp interface-parameters interface <name>
      configure router ldp interface-parameters interface toR2
      show router ldp session : displays a list of LDP speakers that have been discovered on the different interfaces and with which an LDP session has been established
      show router ldp bindings : lists the prefixes that the router is talking about with each of its peers, along with the negotiated label values
      show router ldp bindings active : from all the prefixes and label values that the router is talking about with its peers, this command display the ones this router is actually willing to use to forward packets
      oam lsp-ping prefix <ip-address/mask>
      oam lsp-trace prefix <ip-address/mask>
      show router tunnel-table

    • configure router ldp fast-reroute
      required: configure router isis/ospf loopfree-alternate

    • Preliminary configuration steps are needed before being able to configure any RSVP-TE transport tunnels (LSPs):
      configure router mpls interface
      <interface name> : Physical IP interfaces need to be added to the MPLS context, interfaces are also automatically added to the RSVP context
      configure router mpls no shutdown

      configure router rsvp no shutdown
      : Both MPLS and RSVP need to be enabled since they are disabled by default
      show router mpls interface
      : displays a list of interfaces running MPLS and whether they are operational
      show router rsvp interface
      : displays a list of interfaces running RSVP and whether they are operational

    • configure router rsvp
        keep-multiplier 3 : refresh-time and keep-multiplier should be configured consistently on adjacent routers to avoid LSP flapping
        interface system
        no shutdown

    • We mentioned that it is the routing protocol the one in charge of advertising TE parameters associated with the different interfaces or links. Such detailed topology information is only shared among routers within the same area, in the routing-protocol sense is why we need to do things differently when we need to create a TE-constrained LSP in a network with two or more routing-protocol areas

    • configure service sdp <sdp-id> [gre | mpls] create
      configure service sdp
      <sdp-id> far-end <ip-address>
      configure service sdp <sdp-id> no shutdown
      configure service sdp 1 create # GRE is implicitly chosen by not selecting MPLS
        no shutdown
      configure service sdp <sdp-id> ldp
      configure service sdp 2 mpls create
        ldp  # LDP tunnel selected
        no shutdown
      configure service sdp <sdp-id> lsp <lsp-name>
      configure service sdp 3 mpls create
        lsp toPE2_strict  # Specific RSVP-TE LSP identified
        no shutdown
      show service sdp
      oam sdp-ping <sdp-id> [resp-sdp <sdp-id>]
      oam sdp-ping 3
      oam sdp-ping 3 resp-sdp 1
      oam sdp-mtu <sdp-id> size-inc <initial-size> <final-size> step <increment>
      oam sdp-mtu 3 size-inc 8600 8700 step 10

    • MINOR: PMGR #1106 There is an interface on port/channel - 1/1/5
      • Lag is used by router interface:
        configure router interface toR6 shutdown
        configure router no interface
      • Port is used by router interface:
        configure router interface toR5 no port

    • configure port 1/1/5
          mode access
          encap-type dot1q
        no shutdown

    • Configuration of 802.1Q sub interface:
      configure port 1/1/1 encap-type dot1q
      configure router interface toSR_p1:vX port 1/1/1: X : X is VLAN number

    • Epipe MTU Case Study:
      • The core network is configured with OSPF as the routing protocol
      • The customer sites connect to the PE nodes using dot1Q Ethernet encapsulation
      • The SDP between the PE routers uses RSVP-signaled LSPs for transport
      • Epipe service is configured between PE1 and PE2

      Port Configuration:

      • PE# configure port 1/1/4

            mode access

            encap-type dot1q


          no shutdown

      • CE# configure port 1/1/3

            encap-type dot1q


          no shutdown

      • # show port

      MPLS and SDP Configuration:

      • PE# configure router mpls
          interface "system"


          interface "
          path "loose"
            no shutdown

            cspf : when there are constraints related to links belonging to admin groups (to be included and/or excluded), number of hops or SRLG, make sure CSPF is enabled for the LSP. If were not enabled, the LSP would have followed the (shortest) path chosen by IGP
            fast-reroute facility : required cspf
            primary "loose"
              bandwidth 200 : required cspf; otherwise we rely on luck. If CSPF is not enabled, the LSP will be signalled over the path chosen by IGP; if bandwidth is available by chance on that path, LSP will be successfully signalled
              exclude red
              include green

            no shutdown


          no shutdown

      • PE# configure service sdp 2
          lsp "to-PE2"



          no shutdown

      • # show service sdp
    • Changing the SAP & Network Port MTU:
      configure port 1/1/4 shutdown
      configure port
      1/1/4 ethernet mtu 1522
      configure port 1/1/4 no shutdown

      show service sap-using

    • L3VPN Configuration:

      configure service customer
      2100 create
                  description "

    • The primary objective for SR (Segment Routing) is source routing what is the ability for a node to specify a unicast forwarding path, other than the normal shortest path, that a particular packet will traverse

    • The segment can be thought of as a set of instructions from ingress PE such as "to go node N using the shortest path", or "follow the shortest path for prefix P", or "use link/node/explicit-route "L" etc.

    • SR cannot be implemented without an IGP (OSPF or IS-IS)

    • Commands to enable Segment Routing:
      configure router isis/ospf traffic-engineering : must be enabled on all routers
      configure router mpls-labels sr-labels start <start label> end <end label> : After specify that will build the Segment Routing Global Block or SRGB, could use as well 262087 labels out of the Dynamic range. If not configure, no label is in use for Segment Routing
      configure router mpls-labels sr-labels start 262201 end 524287
      configure router isis advertise-router-capability as : advertise the IGP SR-Capabilities Sub-TLV in case of IS-IS or the SID/Label Range TLV in case of OSPF throughout the Autonomous System
      configure router isis segment-routing prefix-sid-range start-label <start label> max-index <index>
      configure router isis segment-routing no shutdown
      show router mpls-labels label-range : verify that the labels used for Segment Routing are used from the dynamic MPLS label range
      configure router isis interface system ipv4-node-sid label <label>
      show router isis database detail
      configure router isis segment-routing tunnel-table-pref 6
      configure router isis level 1/2 wide-metrics-only : can turn on what gives more granularity, but what is not required

    • www.incapsula.com/blog/mtu-mss-explained.html

    • Terminal Monitor on Cisco:
      configure log log-id 10 from main security change
      configure log log-id
      10 to session : session = telnet