SROS 9.0 Lab Guide

All Rights Reserved 2011, Alcatel-Lucent

7750 Service Router
7750SR Services Implementation
Course v1
TRAINING MANUAL
3FL30710AAAAZZZZ
Edition 1
Lab Guide
SROS 9.0
Copyright 2011 by Alcatel-Lucent - All rights reserved
Passing on and copying of this document, use and
communication of its contents not permitted without written
authorization from Alcatel-Lucent
All Rights Reserved Alcatel-Lucent 2011
2
Empty Page
3
Table of Contents
Switch to notes view!
Lab Exercises
1. Basic Configuration
2. System and Network Configuration
3. IGP Configuration
4. MPLS Configuration
5. Services Configuration
6. ePipe Configuration
7. VPLS Configuration
8. IES Configuration
9. VPRN Configuration
10. Basic QoS Configuration
4
Empty Page
Module 1
Basic Configuration
Lab Exercises
6
Objectives
Upon successful completion of this module, the student will be
familiar with CLI navigation and be able to perform the following
operations:
Log in to the system
Change the system time and date
Change the system name
Manipulate the BOF
Saving the configuration
Operate the File system
Activate the IOMs, MDAs, and ports
7
Introduction
Lab Instruction Format
Note: The following information explains the format used for the labs and is for information
purposes only.
The CLI system prompt is shown in bolded text followed by # or $, for example:
Node#
or
Node>config>system>security#
The CLI command string is shown in unbolded text.
Node# show time
The symbol indicates that the Enter key should be pressed.
As shown above, system commands such configure, show, security, etc. are shown as unbolded. These
commands can be typed in or partially typed in and completed by pressing the Tab, Space or Enter
key. Text that must be manually entered is shown delimited by the < and > symbols.
Node# admin set-time <YYYY/MM/DD hh:mm>
This indicates that the year, month, day, and time must be entered manually.
Note: Network nodes store the BOF and configuration files on Compact Flash 3 (CF3). Simulators
store the BOF file on the floppy drive (CF1); configuration files can be stored on CF1 or the hard
drive (CF2), if so equipped.
Try the help commands ( ? ) and auto-completion commands as much as possible. This will greatly
improve your CLI configuration skills and understandings.
8
Log In to Your Node
1. Fill in the IP addresses of the management Ethernet ports and the port numbers of the network
ports for each PE in the network diagram drawing at the end of the module. Make sure these
Management IP-addresses, provided by the instructor, match the respective Node. You can ping
the address from you workstation and verify the activity on the management Ethernet port that
was assigned to you.
2. Check the wiring on the hardware to find the network port numbers.
3. Telnet from your workstation to your assigned Node using the management Ethernet port IP
address configured in the BOF.
Note: By default, Telnet is disabled. This means that the attempt to connect to the PE using Telnet
will fail. Use SSH to connect to your PE. The username and password is admin.
4. Verify your SSH connection. Can you see your connection? Does the Remote address match your
workstations IP-address?
Node# show system security ssh
Node# show system connections
5. After the SSH connection is established, enable the Telnet-server and retry Step 2. The Telnet
connection should now be allowed.
Node# configure
Node>config# system
Node>config>system# security
Node>config>system>security# telnet-server
6. Verify your configuration.
Node>config>system>security# info
Note: The info command shows the most important, often non-default, settings within a
configuration context. The info detail command shows ALL settings, including the default,
within a configuration context.
7. Verify your Telnet connection (see step 4). What has changed in the Connections-list?
9
Set the Login Settings
1. Disable the login idle timeout (default 30 minutes).
Node# configure system login-control idle-timeout 5
<minutes> : [1..1440]
<disable> : keyword
2. Set the number of incoming telnet sessions to the maximum.
Node# configure system login-control telnet inbound-max-sessions 7
Set the System Time and Date
1. Set the time and date to the local time and date. Verify your configuration.
Node# admin set-time <YYYY/MM/DD hh:mm>
Node# show time
Change the System Name
1. Change the system name to PE<x> (<x> = your PE number).
Node# configure system name PE<x>
Note: After you have successfully changed the system name the CLI system prompt will now display
the new system name.
PEx#
10
Save the BOF and Configuration File
Note: When a 7750 SR boots up, it will execute the bootloader (boot.ldr) on the Compact Flash card
CF3 (CF1 for a simulator), then load the BOF (bof.cfg), also on CF3 (CF1 for a simulator), which
indicates where to find the image (.tim files) and configuration files (.cfg files), installs the
management Ethernet and serial console port (default value 115200) and (de)activates
persistence, used for the SAM application.
1. View the BOF and verify the configuration and image files and their location on the flash cards
using the file structure. What is the image file used, and where is it stored?
PEx# show bof
PEx# file
PEx>file cf3: \# dir
2. Create your personal directory that will contain your configuration file.
PEx>file cf3: \# md <your_directory>
3. Change the configuration file in the BOF to a filename of your choice in the directory created in
step 2.
PEx# bof
PEx>bof# primary-config cf3:\<your_directory>\<your_filename>.cfg
11
Activate the IOMs, MDAs and MDA ports
1. Verify the state of the IOMs. How many IOMs are provisioned?
PEx# show card
Note: The show card detail command provides more detail information and includes detail
information on the flash cards as well.
2. Provision the IOMs and verify the new state as shown in step 1. What is the state now?
PEx# configure card <1>
PEx>config>card# card-type <equipped card-type>
3. Verify the state of the MDAs. How many MDAs are provisioned?
PEx>config>card# show mda
4. Provision the MDAs and verify the new state as shown in step 1. What is the state now?
PEx>config>card# mda <1>
PEx>config>card>mda# mda-type <equipped mda-type>
5. Verify the state of the ports. What is their state?
PEx# show port
6. Enable the ports.
PEx# configure port <X/X/X> no shutdown
Note: you can enable each port one by one, or use a range command to enable a series of ports.
PEx# configure port <X/X/[Y..Z]> no shutdown
Note: The brackets denoting the range of ports. Auto-completion does not work after closing the
bracket.
7. Verify that all the ports shown in the network diagram are Administratively and Operationally UP
and are configured as network ports (mode) (see step 5). What is their MTU size?
12
1.1.1.1/32
PE 1
2.2.2.2/32
PE 2
3.3.3.3/32
PE 3
4.4.4.4/32
PE 4
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
Network Diagram
.1 .1
.1
.2 .2
.2
.3
.3
.3
.4
.4
.4
13
Empty Page
14
End of Module
Lab Exercises Basic Configuration
Module 2
System And Network Configuration
Lab Exercises
16
Objectives
Upon successful completion of this module, the student will be able
to provision system physical and logical interfaces and be able to
perform the following operations:
Configure the system and network interfaces
Ping a neighbor
Debug the ICMP and ARP messages
17
Configure the System Interface
Note: The system interface identifies each node within a network as a logical entity. It is a loopback
interface with no physical port assigned to it. This way, when a port should go down, the system
interface can still be available in the network.
1. Configure the System Interface (system is a fixed reserved name to identify the node in a
network topology).
PEx# configure router
PEx>config>router# interface system
PEx>config>router>if# address <X.X.X.X>/32
Note: <X.X.X.X> = your assigned PE number as shown on the lab diagram.
2. Verify the state of the configured system interface. Make sure that the interface is
administratively and operationally UP.
PEx# show router interface
Configure the Network Interfaces
1. Configure the network interfaces as shown in the lab diagram.
PEx>config>router# interface <topex>
Note: Use a name that will easily identify the interface, for example <topex> where x is the PE
number of the neighboring router.
PEx>config>router>if# address <X.X.X.X/X>
PEx>config>router>if# port <Y/Y/Y>
Note: Use the IP-addresses and port numbers as shown on the lab diagram.
<X.X.X.X/X> = the IP-address and subnet mask of the interface.
<Y/Y/Y> = the port number of the interface.
2. Check the router interfaces, they should all be administratively and operationally UP.
PEx# show router interface
18
Ping a neighbour
1. Verify the routing table that should now contain the locally attached networks, including the
system interfaces IP-address. What is the preference and metric of the locally connected
networks?
PEx# show router route-table
Note: these local destinations were manually configured, no remote addresses are known at this
point.
2. Activate the debug-trace session for the ICMP and ARP packets.
PEx# configure log log-id 10
PEx>config>log>log-id$ from debug-trace
PEx>config>log>log-id$ to session
PEx# debug router ip arp
Pex# debug router ip icmp
Clear and view the ARP cache.
PEx# clear router arp all
PEx# show router arp
4. Ping the network interfaces of the neighbouring routers. Is the ping successful if you change the
source IP-address to your system address? If not, why not?
PEx# ping X.X.X.X
Note: the ARP and ICMP messages are going in two directions and the routers ARP cache will be
updated with a new entry.
5. Re-evaluate the ARP cache. What is the new entry? Where is this entry coming from, verify with
your neighbour.
Note: these messages will only be displayed for the duration of this session. To deactivate the
debug:
PEx# no debug
Note: To see the MAC-address of a port:
PE<x># show port <X/X/X> detail
19
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
20
End of Module
Lab Exercises System And Network Configuration
Module 3
IGP Configuration
Lab Exercises
22
Objectives
to configure the static and dynamic interior routing protocols on a
node and be able to perform the following operations:
Configure static and default routes
Configure OSPF
Configure IS-IS
Influence metrics
Enable route redistribution using route policies
23
Configure static and default routes
1. Configure a static route to the system interface of your clockwise neighbor.
PEx# configure router static-route <X.X.X.X>/32 next-hop <Y.Y.Y.Y>
Note: <X.X.X.X> = the system IP address of your clockwise neighbor
<Y.Y.Y.Y> = the IP-address of this neighbors network interface on the connecting link.
2. View the routing table. Which routes are added and what is different compared to the local
attached destinations?
Note: a static route will only be active in the routing table if its next-hop is valid.
3. Ping the system address of your neighbor with the source IP-address of your network interface on
the connecting link. Why is it necessary to change the source IP-address?
4. Remove the static route configured in Step 1 and configure a default route to your clockwise
neighbor.
PEx# configure router no static-route <X.X.X.X>/32 next-hop <Y.Y.Y.Y>
PEx# configure router static-route 0.0.0.0/0 next-hop Y.Y.Y.Y
Note: <X.X.X.X> = the system IP address of your clockwise neighbor
<Y.Y.Y.Y> = the IP-address of the neighbors network interface on the connecting link.
5. When all the nodes have completed Step 4, ping the opposite router using his system interface IP-
address. Will the ICMP reply use the same path as the ICMP request?
6. Perform a trace-route to an unused IP-address, for example 10.10.10.10. What is the result?
PEx# traceroute 10.10.10.10
7. Remove all remaining static and default routes.
PEx# configure router no static-route 0.0.0.0/0 next-hop <Y.Y.Y.Y>
24
Configure OSPF
Note: In this course only single hierarchical topologies are used. Disable IS-IS when enabled.
1. Configure OSPF using area 0.0.0.0 as the backbone-area.
PEx# configure router ospf
PEx>config>router>ospf$ area 0.0.0.0
2. Configure OSPF on the system interface and all the network interfaces in the area 0.0.0.0.
PEx>config>router>ospf>area$ interface system
PEx>config>router>ospf>area>if$ back
PEx>config>router>ospf>area# interface <topex>
(PEx>config>router>ospf>area>if$ interface-type point-to-point )
Note: It is common practice to configure the interfaces point-to-point rather than the default
broadcast to avoid the DR/BDR overhead.
PEx>config>router>ospf>area>if$ back
Note: the last 2 (3) commands must be entered for all the network interfaces.
PEx# show router ospf status
PEx# show router ospf area
PEx# show router ospf interface
Note: There is one area and 4 interfaces, that can be DR (Designated Router) or BDR (Backup
Designated Router) when configured as broadcast interfaces.
4. When all the nodes have finished Step 3, view the OSPF forwarding database. Make sure all the
networks and system addresses are included and reachable, use Ping to verify. What is the
preference and metric to reach the other Pes?
PEx# show router route-table protocol ospf
5. View the OSPF adjacency database.
PEx# show router ospf neighbor
25
6. View the OSPF link state database. What does this database represent?
PEx# show router ospf database
7. Turn on simple authentication (password) with a matching authentication key (choose one to use
with your neighbour).
PEx>config>router>ospf>area>if# authentication-type password
PEx>config>router>ospf>area>if# authentication-key <your_password>
Note: this configuration must match between neighbours interfaces or the adjacency will fail.
8. Debug the OSPF packets. Perform a shut/no shut on OSPF and evaluate the packets. What is the
difference between Hello-packets with and without authentication.
PEx# debug router ospf packets
9. Turn debug off.
PEx# no debug
26
Configure ISIS
Note: In this course only single hierarchical topologies are used. Disable OSPF when enabled.
1. Configure IS-IS using area 49.0051.
PEx# configure router isis
PEx>config>router>isis# area-id 49.0051
2. Configure IS-IS on the system interface and all the network interfaces.
PEx>config>router>isis# interface system
PEx>config>router>isis>if# back
PEx>config>router>isis# interface <topex>
(PEx>config>router>isis>if$ interface-type point-to-point )
Note: It is common practice to configure the interfaces point-to-point rather than the default
broadcast to avoid the DIS overhead.
PEx>config>router>isis>if# back
Note: The last 2 (3) lines must be entered for all the network interfaces.
PEx>config>router>isis# reference-bandwidth 100000000
Note: With this command the reference bandwidth can be set and the metrics of the links will be
calculated: reference-bandwidth/bandwidth (In OSPF this is done by default).
3. Special case for IS-IS: In regular IS-IS SPF operation, narrow metrics are used, meaning the
maximum metric value of any given link will be limited to 63, regardless of the result of
calculation in relation to the reference bandwidth given above.
To overcome this restriction, wide metrics can be enabled, which is an additional attribute
carried in the so called traffic engineering TLVs (Type-Length-Value packet field formats).
Wide metric support necessitates the support for traffic engineering extensions on the IGP, which
is an optionally enabled feature. Some other uses of traffic engineering is discussed further in the
next MPLS section.
PEx>config>router>isis# traffic engineering
PEx>config>router>isis# level 1 wide-metrics-only
PEx>config>router>isis# level 2 wide-metrics-only
27
PEx# show router isis status
Note: this command shows the area-ids this node belongs to. There can be up to 3 area-ids
configured.
PEx# show router isis interface
Note: There are 4 interfaces. The system interface has a metric of 0, all the links have a metric of 10
by default. A reference bandwidth can be configured (same as OSPF by default).
5. When all the nodes have finished step 3, view the ISIS forwarding database. Make sure all the
networks and system addresses are included and reachable, use Ping to verify. What is the
preference and metric to reach the other PEs?
PEx# show router route-table protocol isis
6. View the Is-IS adjacency database.
PEx# show router isis adjacency
7. View the IS-IS link state database.
PEx# show router isis database
8. Turn on simple authentication (password) with a matching authentication key (choose one with
your neighbour).
PEx>config>router>isis>if# hello-authentication-type password
PEx>config>router>isis>if# hello-authentication-key <your_password>
Note: this configuration must match between neighbours interfaces or the adjacency will fail.
9. Debug the IS-IS packets. Perform a shut/no shut on IS-IS and evaluate the packets. What is the
difference between Hello-packets with and without authentication?
PEx# debug router isis packets ptop-hello detail
10.Turn debug off.
PEx# no debug
28
Metrics
1. Verify that the routing table contains all the destinations. What is the metric of the system
interface of the opposite router? Trace the route to this IP-address. What path is taken?
2. Adjust the metric of the outgoing interface used by the path in Step 1 to 5000.
PEx# configure router ospf area 0 interface <topex> metric 5000
PEx# configure router isis interface <topex> level 1 metric 5000
3. Repeat Step 1. What has changed?
Note: When a router learns more then one route to a certain destination, the best route will be
selected. First the preference of the routing protocol the destination was learned on is compared
and the lowest preference is selected. Then, if this routing protocol still offers more then one
route to the destination, the route with the lowest metric will be selected and inserted into the
routing table. The administrator can influence this process by changing the preference and the
metrics as demonstrated in this lab exercise (metric). When a prefix has multiple routes with
equal preferences and metrics, only one is selected except when ECMP is activated.
4. Turn on ECMP up to 2 possible routes and evaluate the routing table once more. Are there routes
occurring twice in the routing table now? How is this possible?
PEx# configure router ecmp 2
5. Set the metrics back to the default value and disable ECMP.
PEx# configure router ospf area 0 interface <topex> no metric
PEx# configure router isis interface <topex> level 1 no metric
PEx# configure router no ecmp
29
Route Policies and Redistribution
1. Create a new interface <toce>, on your PE router as displayed below. This interface will be a loopback
interface, meaning it is not attached to any physical ports, but merely a logical entity that is always up and
running as long as the router itself is operational.
PEx# configure router interface toce
PEx>config>router>if$ address 192.168.<XX>.1/30
Note: <XX> = your PE number.
PEx>config>router>if$ loopback
2. Check if this new IP address has been added to the route-table of your PE as a Local entry.
3. Ask your neighbors to ping this IP address. Also try to ping their newly created loopback interface IP
addresses. Why doesnt this work?
4. Create a policy on your PE that will accept the directly connected (sub)networks.
PEx>config>router# policy-options
PEx>config>router>policy-options# begin
PEx>config>router>policy-options# policy-statement <policy_name>
PEx>config>router>policy-options>policy-statement# default-action reject
PEx>config>router>policy-options>policy-statement# entry 10
PEx>config>router>policy-options>policy-statement>entry# from protocol direct
PEx>config>router>policy-options>policy-statement>entry# action accept
PEx>config>router>policy-options>policy-statement>entry>action# back
PEx>config>router>policy-options>policy-statement>entry# back
PEx>config>router>policy-options>policy-statement># back
PEx>config>router>policy-options># commit
30
5. Verify the policy.
PEx>show router policy
Note: Until now, only a policy statement has been configured. It is not yet assigned to a routing
protocol and is therefore not used yet.
6. Apply the policy as an export policy to your IGP. This will redistribute the connected (sub)network
into your IGP domain.
PEx>config>router>ospf># export <policy_name>
PEx>config>router>isis># export <policy_name>
7. In the case of OSPF, the PE router needs to be marked as an ASBR (Autonomous System Boundary
Router) in order to get redistribution to work. This is not required for IS-IS.
PEx>config>router>ospf># asbr
8. When all the nodes have finished step 6, verify the routing table. You should have 4 new entries:
the added local directly connected (sub)network and the others learned remotely over your IGP.
9. Repeat step 3. Are the pings successful now?
31
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
32
End of Module
Lab Exercises IGP Configuration
Module 4
MPLS Configuration
Lab Exercises
34
Objectives
to configure:
Static LSPs
LDP
RSVP-TE with bandwidth constraints
MPLS Fast Reroute
35
Switch to notes view! Configure static LSPs
Note: In this lab exercise, you will create a static LSP from your router to the router opposite you
(see lab network diagram).
2 Verify the label range for static labels. What labels can be uses for static LSPs?
PEx# show router mpls label-range
3 Verify the available labels, the ones in use (should not be any for the moment) cannot be used for
this lab exercise.
PEx# show router mpls label 32 131071 in-use
Note: for now, no labels have been used.
4 Configure a static LSP to your opposite router.
PEx>config>router>mpls># static-lsp <static_lsp_name>
PEx>config>router>mpls>static-lsp# to <Y.Y.Y.Y>
Note: Y = your opposite PE number.
PEx>config>router>mpls>static-lsp# push <XY1> nexthop <Z.Z.Z.Z>
Note: X = your PE number.
Y = your opposite PE number.
Z = the IP-address of the connected interface of your clockwise neighbour.
PEx>config>router>mpls>static-lsp# no shutdown
36
5. Configure the swap action for the transit LSP, originating from your counter-clockwise router and
terminating on your clockwise router.
PEx>config>router>mpls# interface <topex>
PEx>config>router>mpls>if# label-map <XY1>
PEx>config>router>mpls>if>label-map# swap <XY2> next-hop <10.Z.1.Z>
PEx>config>router>mpls>if>label-map# no shutdown
Note: <topex> = your interface to your counter clockwise PE neighbour.
X = your counter clockwise PE number.
y = your clockwise PE number.
Z = the IP-address of the connected interface of your clockwise neighbour.
6. Configure the pop action for the terminating LSP, originating from your opposite router and
terminating on your router.
PEx>config>router>mpls>if# label-map <XY2>
PEx>config>router>mpls>if>label-map# pop
PEx>config>router>mpls>if>label-map# no shutdown
Note: <topex> = your interface to your counter clockwise PE neighbour.
X = your opposite PE number.
y = your PE number.
7. Repeat step 2 and 3, how many labels are being used now?
8. Verify the three static LSPs on your router: the originating static LSP, the transiting static LSP and
the terminating LSP.
PEx# show router mpls status
PEx# show router mpls static-lsp
PEx# show router mpls static-lsp transit
PEx# show router mpls static-lsp terminate
37
Configure LDP
1. Enable and provision LDP on all your network interfaces.
PEx# configure router ldp
PEx>config>router>ldp$ interface-parameters
PEx>config>router>ldp>if-params$ interface <topex>
PEx>config>router>ldp>if-params>if$ back
Note: repeat the last 2 commands for all the network interfaces.
PEx>config>router>ldp# no shutdown
Note: when LDP is enabled, by default targeted LDP is also enabled. This will be used later on by the
service and can be disabled at this point, but this is not necessary. It must be reactivated later
when Layer 2 VPNs are configured.
2. Verify the state of the LDP parameters. How many sessions are active? What is the label
distribution, the label retention and control mode? Are the interfaces up?
PEx# show router ldp status
PEx# show router ldp discovery
PEx# show router ldp session
PEx# show router ldp parameters
PEx# show router ldp interface
3. Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?
PEx# show router ldp bindings
Note: By default LDP will signal labels for the system address of the PE. To have labels distributed
for directly connected networks, an export policy is needed (see Step 8).
4. Verify the Label Forwarding Information Base (LFIB). What label will your router use to send a
packet to the system address (FEC) of your own router, your clockwise router, your opposite router
and your counter clockwise router?
PEx# show router ldp bindings active
38
5. Verify the LSP across the network.
PEx# oam lsp-ping prefix <X.X.X.X>/32
PEx# oam lsp-trace prefix <X.X.X.X>/32
Note: <X.X.X.X> = the IP-address of the system interface of your opposite router.
6. Change the metric of the IGP interface on the diagonal link to your opposite router to 5000 and
retry step 5. Why is the LSP trace different now?
7. Set the metric of the IGP back to its default value (no metric).
8. Export the directly connected networks into LDP with an export policy. Verify the LIB and LFIB.
Note: You can use the policy defined in the IGP Lab.
PEx>config>router>ldp# export <policy>
9. Verify again the LIB and LFIB. Which additional entries do you see now in the databases?
PEx# show router ldp bindings active
10.Remove the export policy.
PEx>config>router>ldp# no export
39
Configure RSVP-TE with Bandwidth Constraints
1. Enable traffic-engineering on your IGP.
PEx# configure router ospf traffic-engineering
PEx# configure router isis traffic-engineering
2. Verify the status of traffic-engineering on your IGP. Where can you see that traffic-engineering is
enabled?
PEx# show router ospf status
PEx# show router isis status
3. If not previously configured, enable MPLS on your system and the network interfaces.
PEx# configure router mpls
PEx>config>router>mpls>if# back
Note: repeat the last two commands for all the network interfaces. The system interface is added by
default.
4. The previous step automatically enables RSVP on the interfaces. Verify.
PEx# show router mpls interface
PEx# show router rsvp interface
5. Verify the capacity of your port facing your clockwise neighbour. What is the operational speed?
PEx# show port <X/X/X>
Note: <X/X/X> = the port number facing your clockwise neighbour
6. Set the total maximum amount of reservable bandwidth by RSVP to 100% on the RSVP interface.
Verify the available bandwidth.
PEx# configure router rsvp interface <topex>
PEx>config>router>rsvp>if# subscription 100
Note: you can oversubscribe the interface up to 1000 percent.
PEx# show router rsvp interface <topex> detail
40
7. Verify in the Traffic Engineering Database how the traffic engineering extensions of the IGP
configured in step 1 flood the available bandwidth capacities of the link through the network.
PEx# show router ospf opaque-database detail
PEx# show router isis database level 1 detail
8. Create a strict path to the other routers using the long way around the outer ring.
PEx>config>router>mpls# path <p-topex>
PEx>config>router>mpls>path# hop <Y> <X.X.X.X> strict
PEx>config>router>mpls>path# no shutdown
Note: <Y> = increments per hop (e.g. 10,20,30, or 1,2,3,).
Note: repeat the last command for every hop to form the path.
Note: repeat the last 2 commands for all the paths to the other PEs.
9. Create a loose path.
PEx>config>router>mpls# path <p-loose>
PEx>config>router>mpls>path# no shutdown
10.Verify your configured paths.
PEx# show router mpls path
11. Configure an LSP to all the other PEs in the network with the strict path as the primary and the
loose path as the secondary. Enable CSPF and set the bandwidth for the primary path to 10% of the
available bandwidth (see step 4).
PEx>config>router>mpls# lsp <l-topex>
PEx>config>router>mpls>lsp# to <X.X.X.X>
Note: <X.X.X.X> = the IP-address of the system interface of the LSPs tail PE.
PEx>config>router>mpls>lsp# cspf
PEx>config>router>mpls>lsp# primary <p-topex>
PEx>config>router>mpls>lsp>primary# bandwidth <10%_of_Total_BW>
PEx>config>router>mpls>lsp>primary# exit
PEx>config>router>mpls>lsp# secondary <p-loose>
PEx>config>router>mpls>lsp>secondary# exit
PEx>config>router>mpls>lsp# no shutdown
41
12.Verify the LSP configuration. How much bandwidth is reserved for the primary paths? How much
bandwidth is reserved for the secondary paths? What is the status of the secondary paths?
PEx# show router mpls path lsp-binding
PEx# show router mpls lsp detail
PEx# show router mpls lsp path detail
13.Perform an OAM LSP ping and trace on the primary and secondary path of the LSPs. Are the pings
successful? What path is taken by the primary path of the LSP? Does it follow the strict path as
configured? Are the OAM LSP ping and trace successful over the secondary path of the LSP?
PEx# oam lsp-ping <l-topex> path <p-topex>
PEx# oam lsp-ping <l-topex> path <p-loose>
PEx# oam lsp-trace <l-topex> path <p-topex>
PEx# oam lsp-trace <l-topex> path <p-loose>
14.Change the secondary path to standby mode and repeat step 13. Why are the OAM ping and trace
over the secondary path successful now?
PEx# configure router mpls lsp <l-topex> secondary <p-loose> standby
15.Verify the state of MPLS and repeat step 7. What is the published bandwidth now?
42
Configure one-to-one Fast Reroute
1. Configure Fast Reroute using the one-to-one method with node protection on the LSP to your
opposite router.
PEx# configure router mpls lsp <l-topex> fast-reroute one-to-one
Note: at this time the primary path should have a bandwidth reservation of 10% and the secondary
path is in standby mode.
PEx# show router mpls path lsp-binding
2. When all the nodes have finished step 1, verify how many detour LSPs are created on your router.
PEx# show router rsvp session (detail)
3. Verify the LSP to your opposite router. What kind of detours are available? Is the detour active?
PEx# show router mpls lsp <l-topex> path detail
4. What label will be used to go to the next hop of the primary path? What label will be used to go to
the detour if the primary path fails?
5. Deactivate the secondary path of your LSP to your opposite router.
PEx# configure router mpls lsp <l-topex> secondary <p-loose> shutdown
Note: this action is necessary to show the active detour. Otherwise the
secondary path will take over.
6. Shut the port facing the next hop of your LSP to your opposite router down to enable the detour to
take over. Repeat step 3. Is the detour active now?
43
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
44
End of Module
Lab Exercises MPLS Configuration
Module 5
Services Configuration
Lab Exercises
46
Objectives
to perform the following operations:
Configure a customer
Configure an SDP
Perform an SDP Ping
Perform an SDP MTU Test
Mirror a Local Network Port
Mirror a Remote Network Port
47
Configure a Customer
1. Create two customers (100 and 200). Provide the customer a description, contact information and a
phone number.
Note: A customer is locally significant, but it is advisable to be consistent throughout the network
(SAM).
PEx# configure service customer 100 create
Pex>config>service>cust# description <customer_name>
Pex>config>service>cust# contact <customer_contact>
Pex>config>service>cust# phone <customer_phone>
Prepare the Ports
1. Change the port facing the customer (see lab diagram) to an access port.
PEx# configure port X/X/X
Pex>port# shutdown
Pex>port# ethernet mode access
Pex>port# no shutdown
2. Change the Maximum Transmission Unit (MTU) size of each network port. What minimum value is
necessary?
Note: Since MPLS has been configured on the network interfaces, the port that supports that interface
must have its MTU changed to 1540 bytes. If GRE were used the MTU would have to be changed to
1560. Configure the MTU size on both network ports on each of the nodes in your network.
PEx# configure port <X/X/[1..4]> ethernet mtu 1600
PEx# show port <X/X>
48
Configure a full mesh of SDPs
1. Configure a full mesh of SDPs to the other PEs in the network using LDP.
Note: In the following lab exercises these SDPs will be used for L3 VPNs (VPRN). Therefore TLDP
signaling must be disabled. By default TLDP signaling is enabled.
PEx# configure service sdp <1X> mpls create
PEx>config>service>sdp$ far-end <X.X.X.X>
PEx>config>service>sdp$ description <SDP to PE X over LDP>
PEx>config>service>sdp$ ldp
PE>config>service>sdp$ signaling off
PEx>config>service>sdp$ no shutdown
PEx>config>service>sdp$ exit all
Note: Repeat the above steps for all the other PEs where X is the PE number.
2. Configure a full mesh of SDPs to the other PEs in the network using RSVP-TE
Note: In the following lab exercises these SDPs will be used for L2 VPNs (ePipe, VPLS). Therefore TLDP
signaling must be enabled. This is the default setting.
PE# configure service sdp <2X> mpls create
PE>config>service>sdp$ far-end <X.X.X.X>
PE>config>service>sdp$ description <SDP to PE X over RSVP-TE>
PE>config>service>sdp$ lsp <l-topex>
PE>config>service>sdp$ signaling tldp
PE>config>service>sdp$ no shutdown
PE>config>service>sdp$ exit all
Note: Repeat the above steps for all the other PEs where X is the PE number.
3. Verify the configured SDPs.
PE# show service sdp (detail)
Note: In case the SDPs are remaining in the operationally down state, check
the detail command output carefully to look for some clues.
49
OAM Tools
Note: SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP Ping
OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path as traffic
within the service. The SDP Ping response can be received out-of-band in the control plane, or in-
band using the data plane for a round-trip test.
1. Perform a uni-directional SDP Ping. What is the Path MTU? Why is there no Remote SDP-ID?
PEx# oam sdp-ping <XX>
Note: You have tested the local SDP but have not performed a round-trip test.
<XX> is the local SDP.
2. Perform a round-trip SDP Ping Test. What is the Remote SDP-ID?
PEx# oam sdp-ping <XX> resp-sdp <YY>
Note: This is a round-trip test, both directions are using the SDP.
<XX> is the local SDP and <YY> is the remote SDP.
3. Discover the MTU size supported over your SDPs. What is the MTU?
Note: The Path MTU Discovery tool provides a powerful tool that enables a service provider to get the
exact MTU supported between the service ingress and service termination points (accurate to one
byte). It is important to understand the MTU of the entire path end-to-end when provisioning
services, especially for virtual leased line (VLL) services where the service must support the ability
to transmit the largest customer packet.
PEx# oam sdp-mtu <XX> size-inc 1500 1600 step 10
Note: <XX> is the local SDP.
50
Local Mirror Service
Note: The mirror service feature provides a way to capture packets from a port on a router, and sends
a copy of the traffic to another port on the same router or a port on a remote router where they
can be captured by a packet analyzer or sniffer. Each router can mirror packets from a specific port
or service to any destination point in the network, regardless of interface type or speed.
1. Mirror locally a network port of your choice to your access port.
PEx# configure mirror
PEx>config>mirror# mirror-dest 1000 create
Note: The mirror destination defines a mirror service ID and a destination for copies of the packets.
The mirrored frame size that is to be transmitted to the mirror destination can be explicitly
configured by using slicing features. This enables mirroring only the parts needed for analysis.
PEx>config>mirror>mirror-dest$ sap X/X/X create
Note: The SAP is your access port (see lab diagram).
PEx>config>mirror>mirror-dest>sap$ exit
PEx>config>mirror>mirror-dest# no shutdown
2. Verify that the mirror service is operational.
Pex# show mirror mirror-dest 1000
3. Mirror the ingress and egress traffic on a local network port, the mirror source. Use a sniffer
connected to the SAP to verify if the mirror service works.
PEx# debug mirror-source 1000 port X/X/X ingress egress
4. Remove the local mirror service.
PEx# configure mirror mirror-dest 1000 shutdown
PEx# configure mirror no mirror-dest 1000
51
Remote Mirror Service
Note: A port can be mirrored to any of the devices in the network. The mirrored frames are sent from
the source over an SDP service tunnel to a destination node, where they can be analyzed. The
mirror SDP uses static label assignments. This static label must match the static label that you are
going to assign on the remote node.
1. Configure your PE to accept mirrored frames from your clockwise neighbor.
PEx# configure mirror mirror-dest 1001 create
PEx>config>mirror>mirror-dest# remote-source far-end <system address of remote
mirror source PE> ing-svc-label 2048
PEx>config>mirror>mirror-dest$ sap <X/X/X> create
Note: A packet analyser (sniffer) can be connected on the SAP to monitor the
traffic.
PEx>config>mirror>mirror-dest>sap$ back
PEx>config>mirror>mirror-dest# no shutdown
2. Verify that the mirror service is operational.
PEx# show mirror mirror-dest 1001
3. Configure your PE as a remote mirror source for your opposite neighbour. Direct the ingress and
egress traffic from the source port to the SDP and assign an egress label.
Note: The mirror services uses an SDP as a tunnel for mirrored frames. Because the mirror service only
sends traffic in one direction, it is not strictly necessary to create a bi-directional SDP.
PEx# configure mirror mirror-dest 1002 create
PEx>config>mirror>mirror-dest$ sdp <XX> egr-svc-label 2048
Note: <XX> is the SDP configured earlier to your counter clockwise neighbour.
PEx>config>mirror>mirror-dest$ no shutdown
PEx# debug mirror-source 1002 port X/X/X ingress egress
4. Verify that the mirror service works.
PEx# show mirror mirror-dest 1002
52
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
53
End of Module
Lab Exercises Services Configuration
Module 6
ePipe Configuration
Lab Exercises
55
Objectives
Configure an ePipe (VLL) service
Verify an ePipe
56
Configure an ePipe
Note: Create an ePipe according to the lab diagram at the end of this module.
1. Configure an ePipe 500 between your PE and your neighbour PE (according to lab diagram).
PEx# config service epipe 500 customer 100 create
PEx>config>service>epipe$ sap <X/X/X>:0 create
Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used
on the port. Null encapsulation is used if there is only one service being used on the port. If
multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.
Now an access port has been assigned to this service on which customer equipment can be
connected.
PEx>config>service>epipe>sap$ back
PEx>config>service>epipe$ spoke-sdp <2X>:500 create
Note: Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the previous lab exercise. The :500
binds the SDP to the service. At this point TLDP labels are signalled to identify the service on each
side of the ePipe.
PEx>config>service>epipe>spoke-sdp$ back
PEx>config>service>epipe$ no shutdown
2. Verify the ePipe. What is the label used to reach the remote PE? What is the label used to reach the
ePipe service on the remote PE?
PEx# show service sap-using
PEx# show service service-using
PEx# show service id 500 all
PEx# show service id 500 labels
3. Connect two CPEs to the SAPs of the ePipe Service and test your ePipe by passing traffic across it
such as a video file or a Ping test.
Note: An ePipe is the equivalent of a wire connecting the two laptops. In order to ping successfully,
both laptops will have to be members of the same subnet.
57
OAM Tools
1. Verify the operation of your ePipe service using the Service Ping utility.
Note: Alcatel-Lucents Service Ping feature provides end-to-end connectivity testing for an individual
service. The Service Ping operates at a higher level than the SDP diagnostics in that it verifies an
individual service and not the collection of services carried within an SDP. The Service Ping is
initiated from a router to verify round-trip connectivity and delay to the far-end of the service.
Alcatel-Lucents implementation functions for both GRE and MPLS tunnels and tests the following
from edge-to-edge:
Tunnel connectivity
VC label mapping verification
Service existence
Service provisioned parameter verification
Round trip path verification
Service dynamic configuration verification
PEx# oam svc-ping <X.X.X.X> service 500
Note: in this service ping test the actual data path that customer traffic would take through the
service was not used. OAM messages were sent and received over the control plane rather than the
data plane. You can use the local-sdp and remote-sdp parameters to send the oam packets over the
same path as customer traffic.
PEx# oam svc-ping <X.X.X.X> service 500 local-sdp remote-sdp
Note: <X.X.X.X> is the system IP address of the remote PE.
Note: The SVC-Ping is a useful OAM feature for a VLL but it does require that the port out to the CPE is
up, i.e. there is something connected to the port such as a PC NIC card, when a service is first
configured this may not be the case and so a VCCV-Ping is a better test of a VLL when first
configured.
58
2. Verify the operation of your ePipe service using the VCCV Ping utility.
Note: Alcatel-Lucents VCCV Ping feature provides end-to-end connectivity verification for an
individual ePipe and is used to check connectivity of a VLL in-band. It checks that the destination
(target) PE is the egress for the Layer 2 FEC. It provides a cross-check between the data plane and
the control plane. It is in-band, meaning that the VCCV ping message is sent using the same
encapsulation and along the same path as user packets in that VLL. This is equivalent to the LSP
ping for a VLL service. VCCV ping reuses an LSP ping message format and can be used to test a VLL
configured over an MPLS and GRE SDP. VCCV creates an IP control channel within the ePipe between
PE1 and PE2. PE2 should be able to distinguish, on the receive side, VCCV control messages from
user packets on that VLL.The 7750 SR uses the router alert label immediately above the VC label to
identify the VCCV-ping message. This method has a drawback that if ECMP is applied to the outer
LSP label, such as the transport label, the VCCV message will not follow the same path as the user
packets. When sending the label mapping message for the VLL, PE1 and PE2 include an optional
VCCV TLV in the PW FEC interface parameter field. The TLV indicates that the control channel will
make use of the router alert label method.
PEx# oam vccv-ping <2X>:500 reply-mode ip-routed
59
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
ePipe 500
ePipe 500
60
End of Module
Lab Exercises ePipe Configuration
Module 7
VPLS Configuration
Lab Exercises
62
Objectives
Configure a VPLS
Verify a VPLS
63
VPLS Configuration
1. Configure a VPLS service 600 according to the lab diagram at the end of this module.
Note: Remove the SAP from the ePipe service to use it for this lab exercise (VPLS service).
PEx# configure service vpls 600 customer 100 create
PEx>config>service>vpls# sap <X/X/X>:0 create
Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used
on the port. Null encapsulation is used if there is only one service being used on the port. If
multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.
Now an access port has been assigned to this service on which customer equipment can be
connected.
PEx>config>service>vpls>sap$ back
PEx>config>service>vpls# mesh-sdp <2X>:600 create
PEx>config>service>vpls>mesh-sdp$ back
Note: Repeat the last two commands for all the remote PEs. The SDPs must form a full mesh to al the
participants in the VPLS service. Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the
previous lab exercise. The :600 binds the SDP to the service. At this point TLDP labels are signalled
to identify the service on all the participants of the VPLS service.
PEx>config>service>vpls# no shutdown
2. Verify the VPLS. What are the labels used to reach the other PEs? What are the labels used to reach
the VPLS service on these remote PEs?
PEx# show service sap-using
PEx# show service service-using
PEx# show service id 600 labels
3. Connect CPEs to the SAPs of the VPLS Service and test your VPLS by passing traffic across it such as a
video file or a Ping test. Disconnect a network link and see if traffic gets lost. Verify if the RSVP-TE
backup scenarios are operational.
Note: An VPLS is the equivalent of a VLAN connecting one or more switches. In order to ping
successfully, all CPEs will have to be members of the same subnet.
64
4. 4. Verify the forwarding database. What are the age timers? How can Verify the forwarding database. What are the age timers? How can you verify the age timer per you verify the age timer per mac mac
entry? entry?
PEx# show service fdb-info
PEx# show service fdb-mac
PEx# show service fdb-mac expiry
OAM Tools
1. Perform a MAC Ping and a MAC Trace to a remote CPE. What information is gained from this OAM
tool? Verify the forwarding database. What MAC address is added from this operation? Is the
information aging out as it is supposed to?
PEx# oam mac-ping service 600 destination <XX:XX:XX:XX:XX:XX>
PEx# oam mac-trace service 600 destination <XX:XX:XX:XX:XX:XX>
Note: <XX:XX:XX:XX:XX:XX> is the MAC address of a remotely connected CPE.
PEx# show service fdb-mac
PEx# show chassis
Note: This command shows the CPM MAC address.
2. Populate and Purge a random MAC address. What command can flood this information to the remote
PEs participating in the VPLS? Is the information aging out as it is supposed to?
PEx# oam mac-populate 600 mac <00:XX:XX:XX:XX:XX> (flood)
PEx# oam mac-purge 600 target <XX:XX:XX:XX:XX:XX> (flood)
3. Activate a continuous Ping form one CPE to another. Next, perform a CPE Ping to one of the CPEs as
the destination IP-address and the other CPE as the source IP-address. Is the initial continuous Ping
still operational? Why not? How can we resolve this?
PEx# oam cpe-ping service 600 destination <X.X.X.X> source <Y.Y.Y.Y>
65
192.168.4.4/32 192.168.3.3/32
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
VPLS 600
66
End of Module
Lab Exercises VPLS Configuration
Module 9
iPipe Configuration
Lab Exercises
68
Configure a ipipe Ethernet to Ethernet
1. Configure a iPipe for one of the two customers you created. The iPipe VLLs you create will be from
your SR node to any 7750 SR Core node. See diagram above. The iPipe VLL will connect an
Ethernet port your SR, to an Ethernet port on the far end SR.
2. You will have to come to an agreement about IP addresses and service ids with the operator
configuring the far end.
3. The Ethernet ports should be configured with DOT1Q encapsulation.
Create the iPipe VLL for Ethernet to Ethernet Endpoint
3. Create the iPipe service on the SR
SRx# configure service ipipe 300 customer 100 create
SRx>config>service>ipipe# sap 1/1/3:1 create
SRx>config>service>ipipe>sap$ ce-address 192.0.10.2
(192.0.11.2 is the IP address associated with the SR Ethernet port)
SRx>config>service>ipipe>sap$ exit
SRx>config>service>ipipe> spoke-sdp <sdp-id:service-id> create
SRx>config>service>ipipe> spoke-sdp> ce-address 192.0.10.1
(192.0.11.2 is the IP address associated with far end Ethernet port)
SRx>config>service>ipipe> spoke-sdp> exit
SRx>config>service>ipipe> no shutdown
69
4. Create the iPipe service on the SR
SRx# configure service ipipe 300 customer 100 create
SRx>config>service>ipipe# sap 1/1/1:1 create
SRx>config>service>ipipe>sap$ ce-address 192.0.10.1
(192.0.11.2 is the IP address associated with the SR Ethernet port)
SRx>config>service>ipipe>sap$ exit
SRx>config>service>ipipe> spoke-sdp <sdp-id:service-id> create
SRx>config>service>ipipe> spoke-sdp> ce-address 192.0.10.2
(192.0.11.2 is the IP address associated with SR Ethernet port)
SRx>config>service>ipipe> spoke-sdp> exit
SRx>config>service>ipipe> no shutdown
5. Verify the service is up:
6. SRx# show service id 300 base
The service should be ADMIN and Opr UP
70
End of Module
Lab Exercises iPipe Configuration
Module 9
IES Configuration
Lab Exercises
72
Module Objectives
to configure and test a basic Internet Enhanced Service (IES).
IES Lab
Internet Enhanced Service (IES) is a routed connectivity service where the subscriber
communicates with an IP router interface to send and receive Internet traffic.

IP interfaces defined within the context of an IES service must have a SAP associated as the
access point to the subscriber network.

Since the traffic in an IES service communicates using an IP interface for the core routing
instance, there is no need for the concept of tunneling traffic to a remote router. As such, IES
does not require the configuration of any 7750 SR SDPs when configuring the service.

The following labs assumes that an IGP (OSPF, IS-IS) is running between all nodes in the
network.

In the following lab we will create an IES on each node (see network diagram)::

The following example shows the configuration for Node 201.

1. Create a customer and the IES

SR# configure service customer 500 create

SR>config>service>cust$ exit

SR# configure service ies 100 customer 500 create

SR>config>service>ies$ description Web Service

SR>config>service>ies$

2. Create the customer interface to the Web service

SR>config>service>ies$ interface toClient create

SR>config>service>ies>if$ address xxx.xxx.xxx.xxx/24

3. Associate a SAP with the client interface

Note: ensure that the port that you want to create the SAP on is configured as an
access port.

SR# show port

Associate the SAP to the port :

SR# configure service ies 100 interface toClient

SR>config>service>ies>if# sap 1/1/1 create

SR>config>service>ies>if>sap# exit all

4. Enable the IES

SR# configure service ies 100

SR>config>service>ies# no shutdown

Verify that the service is administratively and operationally UP.

SR# show service service-using ies

5. Distribute the routing information

SR# configure router ospf

SR>config>router>ospf# area 0.0.0.0

SR>config>router>ospf>area# interface toClient

SR>config>router>ospf>area>if$ no shutdown

To prevent sending LSAs to the client , put the interface into passive mode for OSPF.

SR>config>router>ospf>area>if$ passive

SR>config>router>ospf>area>if$ exit all

6. Test the IES

Test each service by successfully pinging from each client laptop to every other client
laptop.
Accounting Policies
This lab will apply an accounting policy to the service ingress of the IES.

Before an accounting policy can be created a target log file must be created to collect the
accounting records.

1. Create a log file to collect the accounting records

SR# configure log

SR>config>log# file-id 10

SR>config>log>file-id$ description Accounting for IES 100
Ingress

SR>config>log>file-id$ location cf1:

Check your configuration. Leave the rollover and retention settings at the default
values.

SR>config>log>file-id$ info detail

----------------------------------------------
description "Accounting for IES 100 Ingress"
location cf1:
rollover 1440 retention 12
----------------------------------------------

Rollover = how long (minutes) a file will be used before it is closed.

Retention = how long (hours) a file will be stored before it is deleted.

SR>config>log>file-id$ exit

SR>config>log#

2. Create an accounting policy

Accounting policies must be configured in the config>log context before they can be
applied to a service SAP, interface, or an Ethernet or SONET/SDH network port.

An accounting policy must define a record type and collection interval. Only one record type
can be configured per accounting policy.

When creating accounting policies, one service accounting policy and one network accounting
policy can be defined as default. If statistics collection is enabled on a SAP or network port
and no accounting policy is applied, then the respective default policy is used. If no default
policy is defined, then no statistics are collected unless a specifically defined accounting
policy is applied.

SR>config>log# accounting-policy 10

SR>config>log>acct-policy$ description IES Service 100
Ingress

SR>config>log>acct-policy$ record service-ingress-packets

SR>config>log>acct-policy$ to file 10

SR>config>log>acct-policy$ no shutdown

Check your configuration

SR>config>log>acct-policy$ info

----------------------------------------------
description "IES Service 100 Ingress"
record service-ingress-packets
to file 10
no shutdown
----------------------------------------------

SR>config>log>acct-policy$ exit all

3. Enable statistics collection on the IES SAP and apply your accounting policy to
the IES SAP

Enable statistics collection on the SAP

SR# configure service ies 100

SR>config>servce>ies# interface toClient sap 1/1/1

SR>config>servce>ies>if>sap# collect-stats

Apply the accounting policy created in Step 2

SR>config>servce>ies>if>sap# accounting-policy 10

SR>config>servce>ies>if>sap# back


Verify that stats collection is on and your accounting policy has been applied to
the SAP.

SR>config>servce>ies>if# info

----------------------------------------------
address 10.10.10.1/24
sap 1/1/1 create
collect-stats
accounting-policy 10
exit
----------------------------------------------

4. Remove the accouting policy.

Lab Diagram
L
a
p
t
o
p
1
0
.
1
0
.
1
0
.
1
0
/
2
4
1
0
.
1
0
.
1
3
.
1
3
/
2
4
1
0
.
1
0
.
1
2
.
1
2
/
2
4
1
0
.
1
0
.
1
1
.
1
1
/
2
4
1
/
1
/
1
1
/
1
/
3
1
/
1
/
1
1
/
1
/
3
1
/
1
/
2
1
/
1
/
2
1
/
1
/
2
1
/
1
/
2
1
/
1
/
3
1
/
1
/
3
1
/
1
/
1
1
/
1
/
1
N
o
d
e

2
0
1
N
o
d
e

2
0
5
N
o
d
e

2
1
3
N
o
d
e

2
0
9
S
y
s
t
e
m
1
7
2
.
0
.
0
.
2
0
1
/
3
2
S
y
s
t
e
m
1
7
2
.
0
.
0
.
2
0
5
/
3
2
S
y
s
t
e
m
1
7
2
.
0
.
0
.
2
1
3
/
3
2
S
y
s
t
e
m
1
7
2
.
0
.
0
.
2
0
9
/
3
2
1
0
.
1
0
.
1
0
.
1
/
2
4
1
0
.
1
0
.
1
3
.
1
/
2
4
1
0
.
1
0
.
1
1
.
1
/
2
4
1
0
.
1
0
.
1
2
.
1
/
2
4
1
9
2
.
1
6
8
.
0
.
2
1
4
/
3
0
1
9
2
.
1
6
8
.
0
.
2
0
1
/
3
0
1
9
2
.
1
6
8
.
0
.
2
0
2
/
3
0
1
9
2
.
1
6
8
.
0
.
2
0
5
/
3
0
1
9
2
.
1
6
8
.
0
.
2
1
3
/
3
0
1
9
2
.
1
6
8
.
0
.
2
0
6
/
3
0
1
9
2
.
1
6
8
.
0
.
2
1
0
/
3
0
1
9
2
.
1
6
8
.
0
.
2
0
9
/
3
0
E
t
h
e
r
n
e
t

M
a
n
a
g
e
m
e
n
t

P
o
r
t
1
9
2
.
1
6
8
.
1
6
1
.
2
0
1
/
2
4
E
t
h
e
r
n
e
t

M
a
n
a
g
e
m
e
n
t

P
o
r
t
1
9
2
.
1
6
8
.
1
6
1
.
2
1
3
/
2
4
E
t
h
e
r
n
e
t

M
a
n
a
g
e
m
e
n
t
P
o
r
t
:
1
9
2
.
1
6
8
.
1
6
1
.
2
0
5
/
2
4
E
t
h
e
r
n
e
t

M
a
n
a
g
e
m
e
n
t

P
o
r
t
1
9
2
.
1
6
8
.
1
6
1
.
2
0
9
/
2
4
L
a
p
t
o
p
L
a
p
t
o
p
L
a
p
t
o
p
1
9
2
.
1
6
8
.
1
6
1
.
9
1
/
3
2
C
o
n
s
o
l
e

P
o
r
t

(
S
e
r
i
a
l
)
1
9
2
.
1
6
8
.
1
6
1
.
9
4
/
3
2
C
o
n
s
o
l
e

P
o
r
t

(
S
e
r
i
a
l
)
1
9
2
.
1
6
8
.
1
6
1
.
9
3
/
3
2
C
o
n
s
o
l
e

P
o
r
t

(
S
e
r
i
a
l
)
1
9
2
.
1
6
8
.
1
6
1
.
9
2
/
3
2
C
o
n
s
o
l
e

P
o
r
t

(
S
e
r
i
a
l
)
80
End of Module/Lesson
IES Configuration
Module 10
VPRN Configuration
Lab Exercises
82
Objectives
Configure a global Autonomous System (AS) number.
Configure a global Border Gateway Protocol (BGP) routing instance
Configure a Customer
Configure MPLS for Label Distribution Protocol (LDP)
Configure a routing policy for router redistribution.
Configure a Service Distribution Point
Configure the Virtual Private Network Service (VPRN)
83
VPRN Configuration
1. Configure a global AS number (65530 public AS number) on each PE router. This number will be
used by BGP for advertisement purposes.
PEx# configure router autonomous-system 65530
2. Configure a global BGP routing instance. This must be configured to support the MP-BGP and
establish communications between Provider Edge (PE) devices.
PEx# configure router bgp
PEx>config>router>bgp$ group VPRN
PEx>config>router>bgp>group$ peer-as 65530
PEx>config>router>bgp>group$ family vpn-ipv4
Note: This enables MP-BGP.
PEx>config>router>bgp>group$ neighbor <X.X.X.X>
PEx>config>router>bgp>group>neighbor$ back
Note: <X.X.X.X> is the system IP-address of all participating PEs in the VPRN. Repeat the 2 steps
above for every PE.
PEx>config>router>bgp>group# back
Note: After all the PEs have completed Step 2, a full mesh of iBGP sessions should be established.
3. Verify the BGP configuration.
PEx# show router bgp summary
PEx# show router bgp neighbor
PEx# show router bgp group
Note: As a quick check, see if the show router bgp neighbor command output displays the state of
the BGP session as Established for each of the neighboring PEs:
Peer : 2.2.2.2
Group : VPRN
---------------------------------------------------------------
<.......>
State : Established Last State : Connect
84
4. Configure the VPRN service.
PEx# configure service vprn 700 customer 100 create
PEx>config>service>vprn$ route-distinguisher 65530:700
PEx>config>service>vprn$ spoke-sdp <1X> create
PEx>config>service>vprn>sdp$ back
Note: Use the SDPs based on LDP created in a previous Lab Exercise. Repeat
the last two steps for every other PE in the VPRN.
Note: In VRPN, a shortcut exists to alleviate these last steps. The auto-bind
command creates the LDP SDPs in one command. When this option is used,
there is no need to explicitly specify the SDPs as done in the previous
step.
( PEx>config>service>vprn$ auto-bind ldp )
PEx>config>service>vprn# vrf-target target:65530:700
Note: In VRPN, the vrf-target command is a combination of the vrf-import and
vrf-export command in one command.
PEx>config>service>vprn# interface <tocex> create
PEx>config>service>vprn>if$ address 192.168.<XX>.1/30
Note: <X> = your PE number (see lab diagram).
PEx>config>service>vprn>if$ sap x/x/x create
Note: This commands binds the SAP to the VPRN interface. Remove the SAP from other services if not
already done.
PEx>config>service>vprn# no shutdown
5. Verify your VPRN Service and the VRF.
PEx# show router 700 route-table
85
6. Connect a PC Workstation on the access port and make sure that the PC has an IP address on the
same network as the CE Interface of the matching PE in your VPRN. Point the default gateway to
this CE interface (lab diagram at the end of this module). Ping another CPE PC Workstation in the
VPRN. Is the Ping successful?
7. Verify the BGP Table. Are the routes visible? What is the Inner Label or VPN Label? What is the
outer Label or Transport Label?
PEx# show router bgp routes
PEx# show router bgp neighbor <ip-address> advertised-routes
PEx# show router ldp bindings (active)
OAM Tools
1. Perform a VPRN Ping from your directly connected VPRN interface to a remotely connected PC.
PEx# oam vprn-ping 700 source <X.X.X.X> destination <Y.Y.Y.Y>
2. Perform a VPRN Trace from your directly connected VPRN interface to a remotely connected PC.
PEx# oam vprn-trace 700 source <X.X.X.X> destination <Y.Y.Y.Y>
86
VPRN 20
Network Diagram
1.1.1.1/32
PE 1 1/1/2
1/1/3
1/1/1
1/1/4
2.2.2.2/32
PE 2 1/1/1
1/1/3
1/1/2
1/1/4
3.3.3.3/32
PE 3
1/1/3
1/1/1
1/1/2
1/1/4
4.4.4.4/32
PE 4 1/1/2
1/1/3
1/1/1
1/1/4
.1
.1
.1 .2 .2
.3 .4
.4
.4
.2
.3
.3
10.12.1.0/29
10.34.1.0/29
1
0
.
1
4
.
1
.
0
/
2
9
1
0
.
2
3
.
1
.
0
/
2
9
1
0
.
1
3
.
1
.
0
/
2
9
1
0
.
2
4
.
1
.
0
/
2
9
192.168.11.0/30
192.168.44.0/30
192.168.22.0/30
192.168.33.0/30
.1
.1
.1
.1
.2
.2
.2
.2
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
CE1
CE2
CE3
CE4
192.168.1.1/32
192.168.4.4/32
192.168.2.2/32
192.168.3.3/32
VPRN 700
87
End of Module
Lab Exercises VPRN Configuration
Module 11
Basic QoS Configuration
Lab Exercises
89
Objectives
Create a basic QoS Policy
90
Basic Quality of Service Lab
Configure QoS policies to achieve the following:
Most traffic ingressing on SAP 1/1/1 on VPLS Service XXX should pass through the 7750 unshaped and
enter the MPLS network core with a forwarding class of EF.
Web traffic (going from the customer to the web needs to be shaped to a maximum rate of 20Mb/s. The
first 10Mb/s of Web traffic should egress the node into the MPLS core network with a QoS FC = BE in-
profile, the remainder of the Web traffic should exit with FC = BE out-ot-profile.
The following steps assume a working VPLS Service (ID of XXX) on your node.
1 Display the settings for SAP QoS ingress policy 1 (default policy).
SR# show qos sap-ingress 1
Note: The default qos ingress policy classifies all incoming traffic as FC BE regardless of the settings of
any DSCP, 802.1p bits etc.
Sap ingress traffic can be classified into one of eight internal forwarding classes (FC) based on several
match criteria (MAC, 802.1p, or L3-L7).
All traffic is marked internally as having come from a SAP or network port.
91
QoS Lab
SAP
Queue 2
Queue 3
FC=Be
FC=Ef
CIR=10000
PIR=20000
CIR=0
PIR=Max
Be in-profile
Be out-of-profile
lsp-exp-in-profile 5
lsp-exp-out-profile 0
Network Egress Port
Port 1/1/1
Internet
Web Traffic
Non-Web
Traffic
(BE in-profile)
(Be out-of-profile default)
Egress Queue 4
CIR=10000
PIR=20000
92
Switch to notes view! 2. Display the settings for the default SAP ingress and network policies.
SR# configure qos
SR>config>qos# info detail
#------------------------------------------
echo "QoS Policy Configuration"
#------------------------------------------
sap-ingress 1 create
description "Default SAP ingress QoS policy."
scope template
queue 1 auto-expedite create
no parent
adaptation-rule pir closest cir closest
rate max cir 0
mbs default
cbs default
high-prio-only default
exit
network 1 create
description "Default network QoS policy."
scope template
ingress
default-action fc be profile out
Note: By default all incoming traffic is classified as BE out-of-profile.
Default queue settings: PIR(rate) = MAX and CIR = 0
3. Create a new SAP ingress policy, policy #10. The default SAP ingress QoS policy (#1) has two queues associated
with it, Queue 1 (unicast) and Queue 11 (multipoint). We will be creating two new queues, queues 2 and 3.
SR# configure qos sap-ingress 10 create
SR>config>qos>sap-ingress$ description Web Traffic Ingress QoS Policy
SR>config>qos>sap-ingress$ info
description "Web Traffic Ingress QoS Policy"
queue 1 create
exit
queue 11 multipoint create
exit
93
3. Create new queues for your SAP ingress policy.
SR>config>qos>sap-ingress$ queue 2 create
SR>config>qos>sap-ingress>queue$ rate 20000 cir 10000
SR>config>qos>sap-ingress>queue$ back
SR>config>qos>sap-ingress$ queue 3 create
SR>config>qos>sap-ingress# info
description "Web Traffic Ingress QoS Policy"
queue 1 create
exit
queue 2 create
exit
queue 3 create
exit
exit
4. Create a QoS traffic filter to separate incoming Web traffic from other traffic.
SR>config>qos>sap-ingress# ip-criteria
SR>config>qos>sap-ingress>ip-criteria# entry 10 create
SR>config>qos>sap-ingress>ip-criteria>entry$ description
www_ingress_filter
Note: use IP criteria to identify the web traffic going to a web server.
Note: Protocol 6 identifies TCP in the protocol field of the Ip header
Port 80 is HTTP at the application layer.
SR>config>qos>sap-ingress>ip-criteria>entry$ match protocol 6 dst-port eq 80
94
Switch to notes view! SR>config>qos>sap-ingress>ip-criteria>entry$ info
description "www_ingress_filter"
match protocol 6
dst-port eq 80
exit
action
Note: mark all ingress web traffic as best effort.
SR>config>qos>sap-ingress>ip-criteria>entry$ action fc be
SR>config>qos>sap-ingress>ip-criteria>entry$ info
description "www_ingress_filter"
match protocol 6
dst-port eq 80
exit
action fc be
SR>config>qos>sap-ingress>ip-criteria# back
Note: set the default FC mapping for traffic that does not match your IP criteria for web traffic.
SR>config>qos>sap-ingress# default-fc ef
95
Switch to notes view! SR>config>qos>sap-ingress# info
description "Web Traffic QoS Ingress Policy
queue 1 create
exit
queue 2 create
exit
queue 2 create
exit
exit
ip-criteria
entry 10 create
description "www_ingress"
match protocol 6
dst-port eq 80
exit
action fc be
exit
exit
default-fc ef
5. Configure the FC to queue mappings
SR>config>qos>sap-ingress# fc ef create
SR>config>qos>sap-ingress>fc# queue 3
SR>config>qos>sap-ingress>fc# back
SR>config>qos>sap-ingress# info
96
Switch to notes view! description "Web Traffic QoS Ingress Policy"
queue 1 create
exit
queue 2 create
exit
queue 2 create
exit
exit
fc ef create
queue 3
exit
ip-criteria
entry 10 create
match protocol 6
dst-port eq 80
exit
action fc be
exit
exit
default-fc ef
SR>config>qos>sap-ingress# fc be create
SR>config>qos>sap-ingress>fc# queue 2
SR>config>qos>sap-ingress>fc# back
97
Switch to notes view! SR>config>qos>sap-ingress# info
description "Web Traffic QoS Ingress Policy"
queue 1 create
exit
queue 2 create
exit
queue 3 create
exit
exit
fc be create
queue 2
exit
fc ef create
queue 3
exit
ip-criteria
entry 10 create
match protocol 6
dst-port eq 80
exit
action fc be
exit
exit
default-fc ef
6. Create a SAP egress policy
SR# configure qos sap-egress 11 create
SR>conf>qos>sap-egress$ description QoS Egress Traffic
SR>conf>qos>sap-egress$ queue 4 create
SR>conf>qos>sap-egress>queue$ rate 20000 cir 10000
SR>conf>qos>sap-egress>queue$ back
SR>conf>qos>sap-egress$ fc be create
SR>conf>qos>sap-egress>fc$ queue 4
SR>conf>qos>sap-egress>fc$ exit all
98
7. Apply your SAP policies to the SAP on port 1/1/1/ for VPLS Service XXX
SR# configure service vpls XXX
SR>config>service>vpls# sap 1/1/1
SR>config>service>vpls>sap# ingress qos 10
SR>config>service>vpls>sap# egress qos 11
SR>config>service>vpls>sap# exit
SR>config>service>vpls# info
description "VPLS XXX"
stp
no shutdown
exit
sap 1/1/1 create
ingress
qos 10
egress
qos 11
exit
exit
mesh-sdp x:xxx create
exit
exit
exit
no shutdown
SR>config>service>vpls# exit all
8. Remap the in-profile Web traffic from the BE queue to an MPLS EXP value of 5 in the MPLS header.
This EXP value identifies in-profile Web traffic leaving the node from Queue 2 on a network egress
interface.
SR# configure qos network 10 create
SR>config>qos>network$ description Remark In-Profile Web Traffic
SR>config>qos>network$ egress fc be lsp-exp-in-profile 5

99
Switch to notes view! SR>config>qos>network$ info
description "Remark In-Profile Web Traffic"
ingress
exit
egress
fc be
lsp-exp-in-profile 5
exit
exit
100
End of Module
Lab Exercises Quality of Service

SROS 9.0 Lab Guide

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SROS 9.0 Lab Guide

Transféré par

Droits d'auteur :

Formats disponibles

All Rights Reserved 2011, Alcatel-Lucent

All Rights Reserved 2011, Alcatel-Lucent

SR>config>qos>network$ egress fc be lsp-exp-in-profile 5

Vous aimerez peut-être aussi