OptiSwitch 9000

Metro Ethernet Services Platform

Models OS9024-4C, OS9024-M, OS9024FX-4GC, OS9012C-10Gx, OS9012-M

User Manual

MRV Communications, Inc.

URL: http://www.mrv.com

ML48261, Rev. 02

Contents

Standards Compliance
This equipment is designed to comply with the following standards: UL 1950; CSA 22.2 No 950; FCC Part 15 Class B; CE-89/336/EEC, 73/23/EEC.

FCC Notice
WARNING: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct for the interference at his/her own expense. The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the users authority to operate this equipment. It is suggested that the user use only shielded and grounded cables when appropriate to ensure compliance with FCC Rules.

Disclaimer
MRV reserves the right to make changes to any technical specifications in order to improve reliability, function, or design. MRV reserves the right to modify the equipment at any time and in any way it sees fit in order to improve it. MRV provides this document without any warranty of any kind, whether expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. The user is advised to exercise due discretion in the use of the contents of this document since the user bears sole responsibility.

Trademarks
All trademarks are the property of their respective holders.

Copyright 2005 by MRV

All rights reserved. No part of this document may be reproduced without prior permission of MRV. This document and the information contained herein are proprietary to MRV and are furnished to the recipient solely for use in operating, maintaining and repairing MRV equipment. The information within may not be utilized for any purpose except as stated herein, and may not be disclosed to third parties without written permission from MRV.
Document Number: ML48261 Document Revision: Rev. 02 Release Date: April 2006

Contact Information
For customer support, you can: Contact your local MRV representative E-mail us at [email protected] Visit our MRV Web site at http://www.mrv.com

April 2006

ML48261, Rev. 02

Contents

Contents
About this Manual .............................................. 23
Audience ..................................................................................................................................23 Latest Revision ........................................................................................................................23 Related Documents.................................................................................................................23 Organization.............................................................................................................................23 Typographical Conventions ...................................................................................................26 Acronyms .................................................................................................................................26

Safety Requirements.......................................... 30
Before Installing ......................................................................................................................30 Before Powering On................................................................................................................30 During Operation.....................................................................................................................30 Servicing ..................................................................................................................................31

Chapter 1: Overview......................................... 32
General .....................................................................................................................................32 Application ...............................................................................................................................32 Advantages ..............................................................................................................................33 Features....................................................................................................................................33 Hardware..............................................................................................................................33 Software ...............................................................................................................................33 System Architecture ...............................................................................................................34 General.................................................................................................................................34 Back-to-back Installation in Telco Racks .............................................................................34 Front-end Access .................................................................................................................34 Fiber Guard ..........................................................................................................................34 Optical SFP Interfaces .........................................................................................................35 SFP/XFP Optical Performance Monitoring (Digital Diagnostics) .........................................35 Software Architecture ...........................................................................................................35 Quality of Service ....................................................................................................................36 Security ....................................................................................................................................36 Access Lists (ACLs)................................................................................................................37 Statistics...................................................................................................................................37 Management.............................................................................................................................37 Virtual Cable Diagnostics .......................................................................................................38

April 2005

ML48261, Rev. 02

Contents

Installation................................................................................................................................39 Operation..................................................................................................................................39 Models ......................................................................................................................................39 Layout.......................................................................................................................................39 General.................................................................................................................................39 Power Pushbutton ................................................................................................................41 Reset Pushbutton.................................................................................................................41 Ports/Slots ............................................................................................................................41 LEDs.....................................................................................................................................42 Earthing ................................................................................................................................42 Power Supplies ....................................................................................................................42 Blank Panels ........................................................................................................................44 Options .....................................................................................................................................45 Software ...............................................................................................................................45 SFPs.....................................................................................................................................45 WDM Interface .....................................................................................................................45 Power Supply .......................................................................................................................46 Fiber Guard ..........................................................................................................................46

Chapter 2: Applications.................................... 47
General .....................................................................................................................................47 Ethernet in the First/Last Mile Aggregation..........................................................................47 IP DSLAM Optical Aggregation..............................................................................................47 Multimedia Aggregation Services .........................................................................................48 Intelligent Multiplexing over WDM Channels .......................................................................49 Network Management .............................................................................................................50

Chapter 3: Installation ..................................... 51

General .....................................................................................................................................51 Safety........................................................................................................................................51 Package Contents ...................................................................................................................51 Essentials .............................................................................................................................51 Options .................................................................................................................................51 Requirements ..........................................................................................................................51 Tools.....................................................................................................................................51 Data Equipment....................................................................................................................51 Management Equipment ......................................................................................................52 Mounting...............................................................................................................................53 Environmental ......................................................................................................................53 Power ...................................................................................................................................54 Grounding.............................................................................................................................54 Procedure.................................................................................................................................55

April 2006

ML48261, Rev. 02

Contents

Component Insertion ............................................................................................................55 Mounting...............................................................................................................................55 Earthing ................................................................................................................................59 Network Connection .............................................................................................................59 Fiberoptic Cable Protection..................................................................................................60 Power Line Connection ........................................................................................................60

Chapter 4: Startup, Setup, and Operation ....... 61

Startup ......................................................................................................................................61 Setup.........................................................................................................................................61 Operation..............................................................................................................................61 Management ........................................................................................................................61 Operation..................................................................................................................................62 Monitoring.............................................................................................................................62 Reset ....................................................................................................................................63 Shutdown .............................................................................................................................63

Chapter 5: CLI Management ............................ 64

General .....................................................................................................................................64 CLI Access ...............................................................................................................................64 General.................................................................................................................................64 Access Levels ......................................................................................................................64 Preparation...........................................................................................................................64 First Time Access Root and Admin Passwords Configuration .........................................65 Standard Access ..................................................................................................................66 Passwords................................................................................................................................66 Changing the Root Password (and Admin Password).........................................................66 Changing only the Admin Password ....................................................................................67 Configuring/Changing/Deleting the Enable Password .........................................................68 Viewing Installed Components ..............................................................................................68 Enabling Remote Management ..............................................................................................69 Out-of-band ..........................................................................................................................69 Inband ..................................................................................................................................70 CLI Modes ................................................................................................................................70 Viewing CLI Commands .........................................................................................................70 Conventions for CLI Commands ...........................................................................................70 Symbols in CLI Commands....................................................................................................70 Functional Keys for Commands ............................................................................................71 Help...........................................................................................................................................72 Listing CLI Commands ...........................................................................................................73 Invoking a CLI Command .......................................................................................................73

April 2006

ML48261, Rev. 02

Contents

General.................................................................................................................................73 Procedure.............................................................................................................................73 Example ...............................................................................................................................74 Quick Entry of a CLI Command .............................................................................................76 CLI Command Negation..........................................................................................................76 View Modes ..............................................................................................................................76 Paging ..................................................................................................................................76 No Paging.............................................................................................................................76 Pipelining a CLI Command.....................................................................................................76 Accessing an enable Mode Command from any Mode.......................................................77 Copy-Paste Mode ....................................................................................................................77 Entry and Usage...................................................................................................................77 Example ...............................................................................................................................78 Exit .......................................................................................................................................79 Linux Mode...............................................................................................................................79 General.................................................................................................................................79 Entry .....................................................................................................................................79 Exit .......................................................................................................................................79 Hostname .................................................................................................................................79 Banner ......................................................................................................................................80 Definition ..............................................................................................................................80 Default ..................................................................................................................................80 Viewing.................................................................................................................................80 Configuration ........................................................................................................................80 Date...........................................................................................................................................81 Time ..........................................................................................................................................81 Location....................................................................................................................................81 Saving Configuration ..............................................................................................................81 Method 1 ..............................................................................................................................81 Method 2 ..............................................................................................................................81 Method 3 ..............................................................................................................................82 Viewing Configuration Information .......................................................................................82 Restoration of Factory Default Configuration ......................................................................83 Restoration of Erased Configuration ....................................................................................83 Rebooting.................................................................................................................................84 Modes...................................................................................................................................84 Methods................................................................................................................................84 Access Security.......................................................................................................................85 General.................................................................................................................................85 Procedure.............................................................................................................................85 Learn Table ..............................................................................................................................86

April 2006

ML48261, Rev. 02

Contents

Definition ..............................................................................................................................86 Viewing.................................................................................................................................86 Aging ....................................................................................................................................86 Limiting .................................................................................................................................87 Entries ..................................................................................................................................87 Flushing................................................................................................................................88 Maximum Transmission Unit (MTU) ......................................................................................88 Definition ..............................................................................................................................88 Procedure.............................................................................................................................88 Syslog.......................................................................................................................................89 Definition ..............................................................................................................................89 Requirements .......................................................................................................................89 Setup ....................................................................................................................................90 File Location .........................................................................................................................90 Logging for Operative Software Events ...............................................................................90 No Logging for Operative Software Events..........................................................................90 No Logging for CLI Commands............................................................................................90 Logging for CLI Commands .................................................................................................91 Messages to the CLI ............................................................................................................91 Viewing.................................................................................................................................91 Clearing ................................................................................................................................92 SNMP Management .................................................................................................................92 Requirements .......................................................................................................................92 Enabling ...............................................................................................................................92 Commands ...........................................................................................................................92 Management Functions........................................................................................................92 System Identification ............................................................................................................92 Access Control .....................................................................................................................93 Trap Generation ...................................................................................................................97 Viewing.................................................................................................................................99 Scripts ......................................................................................................................................99 Definition ..............................................................................................................................99 Purpose ................................................................................................................................99 Structure.............................................................................................................................100 Creating..............................................................................................................................100 Parameters.........................................................................................................................100 Lines...................................................................................................................................102 Viewing...............................................................................................................................104 Executing............................................................................................................................105 Deleting ..............................................................................................................................105 Example .............................................................................................................................107

Chapter 6: Ports ............................................. 109

General ...................................................................................................................................109 Status......................................................................................................................................109 Brief ....................................................................................................................................109 Detailed ..............................................................................................................................109

April 2006

ML48261, Rev. 02

Contents

Comment Adding ..................................................................................................................110 Physical Interface..................................................................................................................111 Default ................................................................................................................................111 Custom ...............................................................................................................................111 Speed......................................................................................................................................111 Default ................................................................................................................................111 Custom ...............................................................................................................................111 Viewing...............................................................................................................................112 Duplexity ................................................................................................................................112 Default ................................................................................................................................112 Custom ...............................................................................................................................112 Viewing...............................................................................................................................112 Enabling/Disabling ................................................................................................................112 Default ................................................................................................................................112 Custom ...............................................................................................................................112 Outbound Tag Mode .............................................................................................................113 Tagged ...............................................................................................................................113 Untagged............................................................................................................................113 Hybrid .................................................................................................................................114 Q-in-Q (VMAN)...................................................................................................................114 Viewing...............................................................................................................................114 Statistics.................................................................................................................................115 Viewing...............................................................................................................................115 Clear...................................................................................................................................116 Digital Diagnostics ................................................................................................................116 SFP Parameters.................................................................................................................116 SFP Diagnostics.................................................................................................................117

Chapter 7: Interfaces ..................................... 118

General ...................................................................................................................................118 Number ...................................................................................................................................118 IDs ...........................................................................................................................................118 Configuring ............................................................................................................................119 Name.......................................................................................................................................120 Description.............................................................................................................................120 Default Forwarding VLAN Interface.....................................................................................121 General...............................................................................................................................121 Viewing...............................................................................................................................121 Tag Modification .................................................................................................................121 Disabling.............................................................................................................................122 Enabling .............................................................................................................................123 Drop Tag.................................................................................................................................123 Viewing...............................................................................................................................123

April 2006

ML48261, Rev. 02

Contents

Changing ............................................................................................................................123 Viewing ...................................................................................................................................124 Modifying................................................................................................................................125 Disabling ................................................................................................................................125 Enabling .................................................................................................................................126 CPU Membership...................................................................................................................126 Excluding the CPU .............................................................................................................127 Including the CPU ..............................................................................................................127 Checking for CPU Membership..........................................................................................127 Management...........................................................................................................................128 Enabling .............................................................................................................................128 Disabling.............................................................................................................................129 TFTP Server Mode.................................................................................................................129 Enabling .............................................................................................................................129 Disabling.............................................................................................................................130 Statistics.................................................................................................................................130 Deleting ..................................................................................................................................131

Chapter 8: Local and Remote Management .. 132

General ...................................................................................................................................132 Configuration Management..................................................................................................132 Performance Management ...................................................................................................132 Service Level Agreement (SLA).........................................................................................132 Performance Monitoring, Measurement, and Reporting ....................................................132 Security Management ...........................................................................................................132 Accounting Management......................................................................................................133 Fault Management.................................................................................................................133 MIBs ........................................................................................................................................133 Remote Management Setup .................................................................................................133 Out-of-band Ethernet Management ...................................................................................134 Inband Management ..........................................................................................................134 SNMP or Web-Based Management......................................................................................136

Chapter 9: Multiple-Instance Spanning-Tree Protocol (MSTP)................................................ 137

General ...................................................................................................................................137 Definition ................................................................................................................................137 Purposes ................................................................................................................................137

April 2006

ML48261, Rev. 02

Contents

MSTIs ......................................................................................................................................137 General...............................................................................................................................137 Default MSTI ......................................................................................................................138 Regions ..................................................................................................................................139 Principle of Operation...........................................................................................................140 Bridge Roles.......................................................................................................................140 Port Roles...........................................................................................................................141 Physical and Active Topologies .........................................................................................141 Rules.......................................................................................................................................142 Applications ...........................................................................................................................142 Single MSTI........................................................................................................................143 Multiple MSTIs without Load Balancing .............................................................................144 Multiple MSTIs with Load Balancing ..................................................................................147 Configuration Example .........................................................................................................150 Viewing Spanning-Tree State...............................................................................................154 Viewing Port States...............................................................................................................154

Chapter 10: Tunneling of Layer 2 Protocols .. 155

General ...................................................................................................................................155 Principle of Operation...........................................................................................................155 Configuration .........................................................................................................................156 Viewing ...................................................................................................................................156 Deleting ..................................................................................................................................156 Example..................................................................................................................................157

Chapter 11: Rate-Limiting of Flood Packets.. 158

Definition ................................................................................................................................158 Purpose ..................................................................................................................................158 Applicability ...........................................................................................................................158 Usage......................................................................................................................................158 Rate-limiting Broadcast Packets ........................................................................................158 Rate-limiting Broadcast and Multicast Packets together....................................................159

Chapter 12: Service VLANs/VMANs /Stacked VLANs/Q-in-Q .................................................... 161

Definition ................................................................................................................................161 Purpose ..................................................................................................................................161 Number of VMANs.................................................................................................................161

April 2006

10

ML48261, Rev. 02

Contents

VMAN Ethertype ....................................................................................................................161 VMAN Tag...............................................................................................................................161 Principle of Operation...........................................................................................................161 Rules.......................................................................................................................................162 Configuration .........................................................................................................................162 Viewing ...................................................................................................................................163 Example..................................................................................................................................163 Pre-configuration (Planning the VMANs) ...........................................................................164 Configuration (Implementing the VMANs) .........................................................................165

Chapter 13: Port Trunking.............................. 167

Definition ................................................................................................................................167 Purpose ..................................................................................................................................167 Number ...................................................................................................................................167 Principle of Operation...........................................................................................................167 Frame Transfer...................................................................................................................167 MSTP Action ......................................................................................................................167 Rules.......................................................................................................................................167 Configuration .........................................................................................................................168 Viewing ...................................................................................................................................168 Deletion ..................................................................................................................................168

Chapter 14: Port Mirroring ............................. 170

Definition ................................................................................................................................170 Purpose ..................................................................................................................................170 Applicability ...........................................................................................................................170 Types of Ports........................................................................................................................170 Ingress Traffic Mirroring.......................................................................................................170 Egress Traffic Mirroring........................................................................................................170 Analyzer Port .........................................................................................................................171 Rules for Mirroring ................................................................................................................171 Usage......................................................................................................................................171 Ingress Traffic Mirroring .....................................................................................................171 Egress Traffic Mirroring......................................................................................................172 Ingress & Egress Traffic Mirroring......................................................................................172

Chapter 15: Quality of Service (QoS) ............. 174

April 2006 11

ML48261, Rev. 02

Contents

Service Levels (SLs) .............................................................................................................174 SL Mapping ............................................................................................................................174 VPT ....................................................................................................................................174 Port-of-Entry to SL Mapping...............................................................................................176 DSCP .................................................................................................................................176

Chapter 16: Access Lists (ACLs) ................... 179

Extended Access Lists .........................................................................................................179 Definition ............................................................................................................................179 Applicability ........................................................................................................................179 Number...............................................................................................................................179 Creating/Accessing ............................................................................................................179 Configuring .........................................................................................................................180 Comment Adding................................................................................................................190 Binding ...............................................................................................................................190 Unbinding ...........................................................................................................................190 Deleting ..............................................................................................................................191 Example .............................................................................................................................191 Flow-based Access-Lists .....................................................................................................193 General...............................................................................................................................193 Configuring .........................................................................................................................193 Viewing...............................................................................................................................203 Comment Adding................................................................................................................204 Binding ...............................................................................................................................205 Unbinding ...........................................................................................................................205 Deleting ..............................................................................................................................206 Example .............................................................................................................................206

Chapter 17: Traffic Conditioner ..................... 209

Definition ................................................................................................................................209 Purpose ..................................................................................................................................209 Number ...................................................................................................................................209 Action List ..............................................................................................................................209 Creation/Access .................................................................................................................209 Viewing...............................................................................................................................209 Functions ...............................................................................................................................210 Metering..................................................................................................................................210 Models................................................................................................................................210 Configuration ......................................................................................................................212 Policing...................................................................................................................................213 CL Remarking ........................................................................................................................214 Default Map ........................................................................................................................214 Custom Map .......................................................................................................................215 View Map............................................................................................................................215

April 2006

12

ML48261, Rev. 02

Contents

Activation............................................................................................................................216 Deactivation........................................................................................................................216 Accounting.............................................................................................................................217 Counters.............................................................................................................................217 Activation............................................................................................................................218 Viewing...............................................................................................................................218 Clearance ...........................................................................................................................219 Aggregation ........................................................................................................................219 Activation ...............................................................................................................................222

Chapter 18: Egress-Queue Manager (EQM) ... 223

Definition ................................................................................................................................223 Purpose ..................................................................................................................................223 Port Configuration.................................................................................................................223 Queue Configuration.............................................................................................................223 Congestion Avoidance .........................................................................................................223 Scheduling .............................................................................................................................224 General...............................................................................................................................224 Scheduling Modes..............................................................................................................224 Configuration ......................................................................................................................225 Viewing...............................................................................................................................227 Shaping (Rate Limiting) ........................................................................................................228 General...............................................................................................................................228 Configuration ......................................................................................................................228 Example .............................................................................................................................229 Egress Queue Counters .......................................................................................................229 Activate...............................................................................................................................229 Viewing...............................................................................................................................230 Queue Status Broadcasting .................................................................................................230

Chapter 19: Static and Dynamic Routing ...... 231

General ...................................................................................................................................231 Static Routes..........................................................................................................................231 Dynamic Routes ....................................................................................................................232 Routing Information Protocol (RIP) ....................................................................................232 Open Shortest Path First (OSPF) ......................................................................................234 Border Gateway Protocol (BGP) ........................................................................................235

Chapter 20: Dynamic Host Configuration Protocol (DHCP)................................................ 240

Protocol ..................................................................................................................................240 April 2006 13

ML48261, Rev. 02

Contents

General...............................................................................................................................240 Usage .................................................................................................................................240 Relay .......................................................................................................................................241 General...............................................................................................................................241 Usage .................................................................................................................................241 Directing DHCP Requests to the CPU.................................................................................242

Chapter 21: MultiProtocol Label Switching (MPLS)............................................................... 245

General ...................................................................................................................................245 Label Distribution Protocol (LDP)........................................................................................246 General...............................................................................................................................246 Usage .................................................................................................................................246 Traffic Engineering (TE)........................................................................................................247 General...............................................................................................................................247 CR-LDP ..............................................................................................................................248 RSVP-TE............................................................................................................................248 Virtual Circuits .......................................................................................................................249 Definition ............................................................................................................................249 Creating a VC.....................................................................................................................249 Binding a VC ......................................................................................................................250 Example..................................................................................................................................250 MPLS DiffServ........................................................................................................................253 Viewing Commands ..............................................................................................................255 Counters.............................................................................................................................255 Cross-connect Table ..........................................................................................................255 Forwarding Table ...............................................................................................................256 FTN Table ..........................................................................................................................256 ILM Table ...........................................................................................................................257 In-segment Table ...............................................................................................................257 Out-segment Table.............................................................................................................258 L2 Circuits ..........................................................................................................................258 L2 Circuit Groups ...............................................................................................................258 LDP Parameters.................................................................................................................259 VC Table ............................................................................................................................259 Administrative Groups........................................................................................................260 Mapped Routes ..................................................................................................................260 MPLS Counters......................................................................................................................260 General...............................................................................................................................260 Assignment.........................................................................................................................260 Viewing...............................................................................................................................261 Configuration Commands ....................................................................................................261 TTL at Ingress Interface .....................................................................................................261 TTL at Egress Interface......................................................................................................262

April 2006

14

ML48261, Rev. 02

Contents

MPLS Route Map ...............................................................................................................262 Creating a VC.....................................................................................................................262 Upper-limit MPLS Labels ...................................................................................................262 Lower-limit MPLS Labels ...................................................................................................263 Creating LDP Path .............................................................................................................263 Creating LDP Trunk (Group) ..............................................................................................263 Creating RSVP Path...........................................................................................................263 Creating RSVP Trunk (Group) ...........................................................................................264 Activating MPLS .................................................................................................................264 Defining Administrative Group ...........................................................................................264

Chapter 22: Authentication, Authorization, and Accounting (AAA) ...................................... 265

General ...................................................................................................................................265 Principles of Operation.........................................................................................................265 Configuring the RADIUS Server Host .................................................................................265 Configuring the OS9000 .......................................................................................................266 General...............................................................................................................................266 Setting Authentication Criteria............................................................................................266 Setting Authentication Modes and Sources .......................................................................269 Activating Accounting .........................................................................................................271 Viewing Accounting ............................................................................................................271 Configuration Example .........................................................................................................273

Chapter 23: Network Time Protocol (NTP) and Timezone ................................................... 274
General ...................................................................................................................................274 Configuration .........................................................................................................................274 Viewing ...................................................................................................................................276 NTP Status .........................................................................................................................276 NTP Associations ...............................................................................................................277 Time and Date....................................................................................................................278

Chapter 24: IGMP IP Multicast....................... 279

Terminology ...........................................................................................................................279 Definition ................................................................................................................................279 Compliance ............................................................................................................................279 Purpose ..................................................................................................................................280 Applications ...........................................................................................................................280 Functions ...............................................................................................................................281

April 2006

15

ML48261, Rev. 02

Contents

Principle of Operation...........................................................................................................282 Port States..........................................................................................................................282 Leave Modes......................................................................................................................283 Rules.......................................................................................................................................283 Usage......................................................................................................................................284 Entering IGMP Mode..........................................................................................................284 Enabling IGMP Multicast....................................................................................................284 Disabling IGMP Multicast ...................................................................................................284 Enabling IGMP Multicast for an Interface ..........................................................................285 Disabling IGMP Multicast for an Interface..........................................................................285 Changing Query Interval ....................................................................................................285 Changing Aging Time.........................................................................................................285 Preventing Aging ................................................................................................................286 Selecting Fast Leave Mode................................................................................................286 Selecting Regular Leave Mode ..........................................................................................286 Creating Static Multicast Group(s) .....................................................................................286 Deleting Static Multicast Group(s)......................................................................................288 Setting Querier Port State in Dynamic Mode .....................................................................288 Setting Server Port State in Dynamic Mode ......................................................................289 Setting Querier Port State in Static Mode ..........................................................................289 Setting Server Port State in Static Mode ...........................................................................290 Viewing IGMP Settings ......................................................................................................290 Viewing Port Modes and States .........................................................................................291 Viewing Multicast Groups...................................................................................................292 Viewing Number of Multicast Groups and Entries .............................................................293 Configuration .........................................................................................................................293 General...............................................................................................................................293 Procedure...........................................................................................................................294 Example .............................................................................................................................294

Chapter 25: Service Assurance PING ............ 299

Definition ................................................................................................................................299 Purposes ................................................................................................................................299 Scope......................................................................................................................................299 Principle of Operation...........................................................................................................299 Commands .............................................................................................................................300 Creating an SA PING Probe ..............................................................................................300 Viewing an SA PING Probe ...............................................................................................300 Viewing SA PING Events as CLI Traps .............................................................................300 Usage......................................................................................................................................301 Creating and Operating an SA PING Probe ......................................................................301 Viewing an SA PING Probe ...............................................................................................302 Viewing SA PING Events as CLI Traps .............................................................................305 Stopping SA PING..............................................................................................................305 Commands in Mode SA PING ..............................................................................................305

April 2006

16

ML48261, Rev. 02

Contents

Chapter 26: Scheduler.................................... 307

Definition ................................................................................................................................307 Purpose ..................................................................................................................................307 Types of Scheduler Commands...........................................................................................307 Single-Execution Scheduler Command ..............................................................................307 Purpose ..............................................................................................................................307 Syntax ................................................................................................................................307 Periodic-Execution Scheduler Command...........................................................................308 Purpose ..............................................................................................................................308 Syntax ................................................................................................................................308 No-Execution Scheduler Command ....................................................................................309 Purpose ..............................................................................................................................309 Syntax ................................................................................................................................309 Show Scheduler Configuration Command .........................................................................309 Purpose ..............................................................................................................................309 Syntax ................................................................................................................................309

Chapter 27: Transparent Mode Media Cross Connect ............................................................ 310

General ...................................................................................................................................310 Migration ................................................................................................................................310 Principle of Operation...........................................................................................................310 MTU Support ..........................................................................................................................311 Examples................................................................................................................................311

Chapter 28: Firmware Upgrade/Download..... 314

General ...................................................................................................................................314 Downloading a New Image ...................................................................................................314 Rerunning the Previous OS9000 Image ..............................................................................315 General...............................................................................................................................315 Procedure...........................................................................................................................315

Chapter 29: Configuration Files Upload/Download.............................................. 318

General ...................................................................................................................................318 Upload ....................................................................................................................................318 Download ...............................................................................................................................318

April 2006

17

ML48261, Rev. 02

Contents

Chapter 30: Forwarding Information Base (FIB) .................................................................. 320

General ...................................................................................................................................320 What is FIB .............................................................................................................................320 Adjustment of FIB Parameters according to Router Application.....................................321 Adjusting FIB Table Size....................................................................................................321 Adjusting Network Processors Memory Partition Sizes: ...................................................321 FIB Caching........................................................................................................................322 FIB Static Entry......................................................................................................................322 Static Entry Configuration ..................................................................................................323 Static Entry Deletion...........................................................................................................323 Static Entry Viewing ...........................................................................................................323 Static Entry Types ..............................................................................................................323

Chapter 31: Hierarchical VPLS (H-VPLS)....... 324

General...............................................................................................................................324 Purpose ..............................................................................................................................324 Advantages ........................................................................................................................324 Principle of Operation.........................................................................................................324 Dual Homing (Redundant Spoke Connection)...................................................................324 Application..........................................................................................................................324 Configuration ......................................................................................................................325 Viewing...............................................................................................................................326 Compliance ........................................................................................................................326

Chapter 32 IEEE 802.3ah OAM for Ethernet in the First Mile ................................................ 327
General ...................................................................................................................................327 Terminology ...........................................................................................................................327 Purpose ..................................................................................................................................328 Application .............................................................................................................................328 Advantages ............................................................................................................................328 Remote OAM Device Requirements ....................................................................................329 CLI Commands ......................................................................................................................329 Setting OAM Status............................................................................................................329 Viewing OAM Status ..........................................................................................................335 Events.....................................................................................................................................341 Remote Firmware Upgrade/Download ................................................................................343 General...............................................................................................................................343 Viewing Data on an OESD Image in an OESD..................................................................343 Viewing Data on an OESD Image in an OS9000...............................................................343

April 2006

18

ML48261, Rev. 02

Contents

Procedure...........................................................................................................................343 Failure Messages ...............................................................................................................345

Appendix A: Configuration ............................. 346

General ...................................................................................................................................346 Steps.......................................................................................................................................346 Example..................................................................................................................................347

Appendix B: Utilities ...................................... 349

General ...................................................................................................................................349 Domain Name System/Server (DNS) ...................................................................................349 General...............................................................................................................................349 Configuration ......................................................................................................................349 Querying.............................................................................................................................350 Deleting ..............................................................................................................................350 Traceroute ..............................................................................................................................350 Definition ............................................................................................................................350 Purpose ..............................................................................................................................350 Range.................................................................................................................................350 Principle of Operation.........................................................................................................350 Usage .................................................................................................................................351 Example .............................................................................................................................351 TCP Dump ..............................................................................................................................351 Definition ............................................................................................................................351 Purpose ..............................................................................................................................351 Usage .................................................................................................................................351 Example .............................................................................................................................351 TELNET...................................................................................................................................352 Definition ............................................................................................................................352 Purpose ..............................................................................................................................352 Usage .................................................................................................................................352 Example .............................................................................................................................352 Secure Shell (SSH) ................................................................................................................353 Address Resolution Protocol (ARP)....................................................................................353 General...............................................................................................................................353 Principle of Operation.........................................................................................................353 Adding/Modifying an ARP Table Entry...............................................................................353 Deleting an ARP Table Entry .............................................................................................354 Viewing the ARP Table ......................................................................................................354 Virtual Cable Diagnostics (VCD) ..........................................................................................354 General...............................................................................................................................354 Benefits ..............................................................................................................................355 Principles of Operation.......................................................................................................355 Procedure...........................................................................................................................355

April 2006

19

ML48261, Rev. 02

Contents

Example .............................................................................................................................355 Configuration File Location..................................................................................................356 Editing & Saving Configuration File ....................................................................................356 Memory Management............................................................................................................356 Viewing Memory.................................................................................................................356 Viewing Processes .............................................................................................................358 Multicast Destination MAC Addresses ...............................................................................360 Debug Information ................................................................................................................360 Purpose ..............................................................................................................................360 System Events ...................................................................................................................360 Routing Events ...................................................................................................................361

Appendix C: Flush-conf.sh Script................... 362 Appendix D: Cleaning Optical Connectors .... 363
General ...................................................................................................................................363 Tools and Equipment............................................................................................................363 Procedure...............................................................................................................................363

Appendix E: Small Form-factor Pluggables (SFPs)................................................................ 364 Appendix F: Cable Wiring ............................... 365 Appendix G: Troubleshooting......................... 366 Appendix H: Data Paths in WDM Networks ... 368
General ...................................................................................................................................368 Point-to-Point Topology .......................................................................................................368 Multipoint Topology ..............................................................................................................369 Ring Topology .......................................................................................................................369

Appendix I: Product Specification ................. 371

April 2006

20

ML48261, Rev. 02

Contents

Figures
Figure 1: System Software Architecture............................................................................ 36 Figure 2: Layout of OS9000 Models.................................................................................. 41 Figure 3: AC Power Supply Module Front End ................................................................. 43 Figure 4: AC Power Supply Module Rear End .................................................................. 43 Figure 5: DC Power Supply Module Front End ................................................................. 44 Figure 6: DC Power Supply Module Rear End.................................................................. 44 Figure 7: WDM Module (Model 09ADCD) ......................................................................... 46 Figure 8: Fiber Guard ........................................................................................................ 46 Figure 9: Ethernet in the First/Last Mile Aggregation........................................................ 47 Figure 10: IP DSLAM Optical Aggregation and inter-PoP Multi-Gbps WDM .................... 48 Figure 11: Multimedia Aggregation Services..................................................................... 48 Figure 12: Intelligent Multiplexing over ITU-T Grid (G.694.2) WDM Channels ................. 49 Figure 13: Network Management ...................................................................................... 50 Figure 14: Fastening Brackets for Mounting the OS9000 in a 19-inch Rack .................... 56 Figure 15: Fiber Guard and Parts...................................................................................... 58 Figure 16: Mounted Fiber Guard with Fiberoptic Cables .................................................. 58 Figure 17: ASCII Craft Terminal/Emulator Connection to OS9000 ................................... 60 Figure 18: TELNET, SSH, or SNMP Station Connection to OS9000 ............................... 60 Figure 19: MSTIs on a Physical Network ........................................................................ 138 Figure 20: CIST (Default MSTI) on a Physical Network.................................................. 139 Figure 21: Regions on a Physical Network ..................................................................... 140 Figure 22: Network Running MSTP................................................................................. 142 Figure 23: CIST-configured Network............................................................................... 143 Figure 24: Multiple-MSTI Network without Load Balancing ............................................ 145 Figure 25: Multiple-MSTI Network with Load Balancing ................................................. 147 Figure 26: Layer 2 Protocol Tunneling ............................................................................ 156 Figure 27: VMAN Mode ................................................................................................... 164 Figure 28: srTCM Operation............................................................................................ 211 Figure 29: trTCM Operation............................................................................................. 212 Figure 30: Network on which BGP is Configured ............................................................ 237 Figure 31: Traffic Flow in an MPLS Network................................................................... 246 Figure 32: MPLS Signaling.............................................................................................. 247 Figure 33: VCs running through an LSP Tunnel ............................................................. 249 Figure 34: Network used to Demonstrate VC Configuration ........................................... 251 Figure 35: MPLS and QoS Functionality ......................................................................... 254 Figure 36: IP Multicast Application Example ................................................................... 281 Figure 37: IP Multicast Principle-of-Operation Network Example ................................... 282 Figure 38: IP Multicast Configuration Network Example................................................. 295 Figure 39: Examples of Media Cross Connections in the OS9000 ................................. 311 Figure 40: Traffic Flow from the Data Plane to the Control Plane via FIB ...................... 320 Figure 41: H-VPLS Network ............................................................................................ 325 Figure 42: EFM Link Running the IEEE 802.3ah OAM Protocol..................................... 328 Figure 43: Null-Modem RS-232 Cable Wiring ................................................................. 365 Figure 44: Ethernet Straight Cable Wiring....................................................................... 365 Figure 45: Ethernet Cross Cable Wiring.......................................................................... 365 Figure 46: Data Flow in a Point-to-Point Topology ......................................................... 368 Figure 47: Data Flow in a Multipoint Topology ................................................................ 369 Figure 48: Data Flow in a Ring Topology having Fiber Redundancy.............................. 370

April 2006

21

ML48261, Rev. 02

Contents

Tables
Table 1: Models of the OS90000....................................................................................... 39 Table 2: Models of CWDM Modules.................................................................................. 41 Table 3: Models of Power Supply...................................................................................... 42 Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management ............................... 61 Table 5: Front Panel LEDs ................................................................................................ 62 Table 6: Conventions for CLI Commands ......................................................................... 70 Table 7: Symbols in CLI Commands................................................................................. 70 Table 8: Functional Keys for CLI Commands.................................................................... 71 Table 9: Default Map of Original VPT to SL and SL to New VPT ................................... 174 Table 10: Default Map of Original DSCP to SL and SL to New DSCP ........................... 177 Table 11: Color Marking of Packets by srTCM and trTCM Models................................. 212 Table 12: Default CL Remarking Map ............................................................................. 214 Table 13: Local Flag Bits Values and Significances .................................................... 336 Table 14: Failure Messages and their Significances....................................................... 345 Table 15: Memory Space Usage..................................................................................... 357 Table 16: Startup and Operation Troubleshooting .......................................................... 366

April 2006

22

ML48261, Rev. 02

About this Manual

About this Manual

Audience
This manual is intended for the use of network administrators who wish to apply, install, setup, operate, manage, and troubleshoot the OptiSwitch 9000. The network administrator is expected to have working knowledge of:

Networking Switches Routers

Latest Revision
The latest revision of the user manual can be found at: ftp.international.mrv.com/support/tech_data

Related Documents
Release Notes for OptiSwitch 9000 (produced if warranted): Contains information not found in the User Manual and/or overriding information. MegaVision User Manual: Describes how to manage the OptiSwitch 9000 and other MRV SNMP-manageable products using MRVs MegaVisionPro WebBased Network Management application. Outdoor Cabinets User Manual: Describes how to install equipment in an MRV Outdoor Cabinet for protecting them under hazardous environmental conditions.

Organization
This manual is organized into the following topics: Safety Requirements specifies the safety requirements that must be met all times. Chapter 1: Overview introduces the OS90001; noting its key features, advantages, architecture, models, etc. Chapter 2: Applications presents typical networks built with the OS9000. Chapter 3: Installation shows how to mount and network connect the OS9000. Chapter 4: Startup, Setup, and Operation describes how to start, set up, and run the OS9000. Chapter 5: CLI Management describes how the CLI can be used to manage the OS9000. Chapter 6: Ports describes how to configure ports of the OS9000. Chapter 7: Interfaces describes how to configure interfaces for the OS9000.

OptiSwitch 9000

April 2005

23

ML48261, Rev. 02

About this Manual

Chapter 8: Local and Remote Management provides an introduction to the general management functions of the OS9000. Chapter 9: Multiple-Instance Spanning-Tree Protocol (MSTP) describes how to configure the OS9000 so that it can participate in the spanning-tree protocols legacy STP (IEEE 802.1D), RSTP (IEEE 802.1w ), and MSTP (IEEE 802.1s). Chapter 10: Tunneling of Layer 2 Protocol shows how to create tunnel ports for interconnecting several sites of the same customer that are distributed across a shared service provider network. Chapter 11: Rate-Limiting of Flood Packets describes how to configure the OS9000 so that it limits the transmission and reception data rates at ports on an interface. Chapter 12: Service VLANs/VMANs shows how to configure the OS9000 so that IEEE 802.1Q standard VLANs can be used to interconnect remote sites of an enterprise scattered across a service provider network. Chapter 13: Port Trunking Port Trunking is the parallel interconnection of two or more ports to form a single logical communication channel whose bandwidth is the sum total of the bandwidths of the individual ports. Chapter 14: Port Mirroring describes how to configure the OS9000 so that it can replicate traffic received on one physical port at another physical port for the purpose of analysis. Chapter 15: Quality of Service (QoS) shows how to set rules to be applied to a traffic conditioner, an interface (VLAN), or subscriber (flow) for policing purposes. Chapter 16: Access Lists (ACLs) describes how to configure the OS9000 so that it can handle ingress and egress traffic at each OS9000 interface. Chapter 17: Traffic Conditioner describes how to configure the OS9000 so that it can regulate the flow of ingress and egress traffic according to one or more packet attributes and/or conditions. Chapter 18: Egress-Queue Manager (EQM) describes how to configure the OS9000 so that it can
manage outbound traffic queues.

Chapter 19: Static and Dynamic Routing shows how static and dynamic routes can be configured on the OS9000. Chapter 20: Dynamic Host Configuration Protocol (DHCP) describes how the OS9000 can be configured to provide addresses to hosts on its network dynamically (automatically and for a specific time duration). Chapter 21: MultiProtocol Label Switching (MPLS) describes the technology that uses labels to direct traffic (e.g., Ethernet packets) to their destination. Chapter 22: Authentication, Authorization, and Accounting (AAA) describes the UDP-based clientserver security service for restricting access to the OS9000 CLI agent (via TELNET or Serial/RS-232).

April 2006

24

ML48261, Rev. 02

About this Manual

Chapter 23: Network Time Protocol (NTP) shows how to use the Internet standard protocol for synchronizing clocks of network devices. Chapter 24: IGMP IP Multicast shows how to direct selective IP multicast traffic (data, video, voice, etc.) to ports belonging to a particular IP Multicast group. Chapter 25: Service Assurance PING describes the service assurance function of the OS9000 for monitoring network performance, resources, and applications. Chapter 26: Scheduler shows how to schedule execution of administrator-selected commands at times pre-set by the administrator. Chapter 27: Transparent Mode Media Cross Connect shows how to use the intelligent patch panel functionality of the OS9000. Chapter 28: Firmware Upgrade/Download provides a detailed procedure for upgrading/downloading firmware to the OS9000. Chapter 29: Configuration Files Upload/Download describes how to save an OS9000 configuration in a file and how to upload and download an OS9000 configuration using FTP. Chapter 30: Forwarding Information Base (FIB) describes the Forwarding Information Base (FIB) in the OS9000. Chapter 31: Hierarchical VPLS (H-VPLS) shows how the OS9000 can be used in an H-VPLS network. Chapter 32 IEEE 802.3ah OAM for Ethernet in the First Mile shows how the OS9000 can be used to perform IP-less management over an EFM link. Appendix A: Configuration describes the general steps to be performed for configuring the OS9000 and gives an example. Appendix B: Utilities describes and shows how to use the various network utilities of the OS9000. Appendix C: Flush-conf.sh Script describes a script that copies all the configuration files from the RAM disk to the flash memory (embedded). Appendix D: Cleaning Optical Connectors describes a recommended procedure for cleaning optical connectors on the OS9000. Appendix E: Small Form-factor Pluggables (SFPs) provides general information on SFPs that can be installed in the OS9000. Appendix F: Cable Wiring shows the wiring for the null-modem RS-232, Ethernet straight, and Ethernet cross cables. Appendix G: Troubleshooting is a guide for troubleshooting the OS9000 on the operative level. Appendix H: Data Paths in WDM Networks describes the data paths in WDM networks built with OS9000s.

April 2006

25

ML48261, Rev. 02

About this Manual

Appendix I: Product Specification provides the general specifications of the OS9000.

Typographical Conventions
The typographical conventions used in this document are as follows: Convention Courier Bold Courier Plain Italics Enter Explanation This typeface represents information provided to the system. This typeface represents information provided by the system. This typeface is used for emphasis. This format represents the key name on the keyboard or keypad. This icon represents important information.

This icon represents risk of personal injury, system damage, or data loss.

Acronyms
AAA ACL ARP ASIC ATM BER BOOTP BPDU BRAS BSD CBS CIDR CIR CIST CL CLI CoS CO CPE CR-LDP CSPF CTS CWDM dB DCD Authentication, Authorization, and Accounting ACcess List (service) Address Resolution Protocol (For getting MAC address) Application-Specific Integrated Circuit Asynchronous Transfer Mode Bit-Error Rate BOOTstrap Protocol Bridge Protocol Data Unit Broadband Remote Access Server Berkley Software Distribution Committed Burst Size Classless Inter-Domain Routing Committed Information Rate Common and Internal Spanning Tree Conformance Level Command Line Interpreter (Interface) Class of Service Central Office Customer Premises Equipment Constrained Routing LDP Constrained Shortest Path First Clear To Send Coarse Wavelength-Division Multiplexing deciBel Data Carrier Detect

April 2006

26

ML48261, Rev. 02 DES DHCP DiffServ DMZ DNS DoS DSCP DSR DTE DTR EBS EFM EIA EPL ETSI FEC FPGA FTN FTP FTTX GMT Gnd GPS H-VPLS ICMP IGMP ILM IP ISDN ISP ITU LAN LDP LER LSR LSP MAN MD5 MDI Data Encryption Standard (code/algorithm) Dynamic Host Configuration Protocol Differentiated Services DeMilitarized Zone Domain Name Server/System Denial of Service Differentiated Services Code Point Data Set Ready Data Terminal Equipment Data Terminal Ready Excess Burst Size Ethernet in the First Mile Electronic Industries Alliance Ethernet Private Line European Telecommunications Standards Institute

About this Manual

Forwarding Equivalence Class or Fast Ethernet Channel Field-Programmable Gate Array FEC To NHLFE File Transfer Protocol Fiber To The X (Home/Business/etc.) Greenwich Mean Time Ground Global Positioning System/Satellite Hierarchical VPLS Internet Control Message Protocol Internet Group Management Protocol Incoming Label Map Internet Protocol Integrated Services Digital Network Internet Service Provider International Telecommunications Union Local Area Network Label Distribution Protocol Label Edge Router Label Switch Router Label Switch Path Metropolitan Area Network Message Digest 5 (code/algorithm) Media Dependent Interface Pinout: 1 Tx+, 2 Tx-, 3 Rx+, 6 Rx-. Connected to DTE with a cross-wired cable. Media Dependent Interface X (with cross-wiring) Pinout: 1 Rx+, 2 Rx-, 3 Tx+, 6 Tx-. Connected to DCE with a cross-wired cable.

MDIX

April 2006

27

ML48261, Rev. 02 MIB MPLS MSTI MTU NAS NAT NEBS NHLFE NMS NTP OADM OAM OID OSC PHB PIM-SM PING PIR PoP QoS RADIUS RARP RED RI RIP RLB RMON RSVP-TE RTR RTS RxD SCADA SDH SFP SL SLA SNMP SONET SP srTCM SSH SST Management Information Base MultiProtocol Label Switching Multiple Spanning-Tree Instance Multi-Tenant Unit or Maximum Transmission Unit Network Access Server Network Address Translation Network Equipment Building System Next-Hop Label Forwarding Entry Network Management Station Network Time Protocol Optical Add-Drop Multiplexer

About this Manual

Operations, Administration, and Maintenance (Tools/utilities for installing, monitoring, and troubleshooting a network.) Object IDentifier Optical Service Channel Per-Hop Behavior Protocol Independent Multicast Sparse-Mode Packet Inter-Network Groper Peak Information Rate Point-of-Presence Quality of Service Remote Authentication Dial-In User Service Reverse ARP (For getting IP address) Random Early Discard Ring Ignore Routing Information Protocol Remote LoopBack Remote MONitoring Resource Reservation Protocol Traffic Engineering Response Time Reporter Request To Send Receive Data Supervisory Control And Data Acquisition Synchronous Digital Hierarchy Small Form-factor Pluggable Service Level Service Level Agreement Simple Network-Management Protocol Synchronous Optical NETwork Strict Priority single-rate Three Color Marker Secure SHell Single Spanning Tree

April 2006

28

ML48261, Rev. 02 STM TC TCP TDM TDR TELNET TFTP trTCM TTL TxD UDP UP UPS URL UTC VC VCD VID VLAN VPLS VPN VPT WAN WDM WRR Synchronous Transfer Mode Traffic Conditioner Transmission Control Protocol Time-Division Multiplexer Time-Domain Reflectometry (dial-up) TELephone NETwork (connection protocol) Trivial-File Transfer Protocol two-rate Three Color Marker Time-To-Live Transmit Data User Datagram Protocol User Priority Uninterruptible Power Supply Universal Resource Location Coordinated Universal Time Virtual Circuit Virtual Cable Diagnostics VLAN ID Virtual LAN Virtual Private LAN Service Virtual Private Network VLAN Priority Tag Wide Area Network Wavelength-Division Multiplexing Weighted Round Robin

About this Manual

April 2006

29

ML48261, Rev. 02

Safety Requirements

Safety Requirements
Caution! To reduce risk of electrical shock and fire and to maintain proper operation, ensure that the safety requirements stated hereunder are met!

Before Installing
Power Inspection Covers Site Ensure that all power to the OS9000 is cut off. Specifically, disconnect the OS9000 power cord(s) from the power line (mains). Ensure by inspection that no part is damaged. Leave the protective covers (e.g., dust caps on optical connectors, etc.) on the OS9000 at all times until it is about to be installed. Reserve one of the following sites for the OS9000:

Space in a 19-inch rack:

Model OS9024-M: 485 x 185 x 300 mm 3 (19 x 3U2 x 12 in 3) Other Models: 485 x 90 x 350 mm 3 (20 x 2U x 14 in 3)

Flat, stable, non-conductive static-free surface

Before Powering On
Temperature Humidity Dust Cooling Air Operate the OS9000 only at a location where the ambient temperature is in the range 0 to 50 oC (32 to 122 oF). Operate the OS9000 only at a location where the ambient humidity is non-condensing and between 10 and 95%. Ensure that the site for the OS9000 is dust-free. (Less than 1,000,000 particles per cubic meter or 30,000 particles per cubic foot is OK.) Ensure that the air-flow around the OS9000 and through the air vents is not obstructed. In addition, ensure that there is a clearance of at least 25 mm (1 inch) between the air vents and nearby objects. Ensure that the power is 90 to 240 Vac 60/50Hz or -36 to -72 Vdc. The AC power cord of the OS9000 must have either of the following specifications: 115V AC Power Cord: The power cord to be used with a 115 Volt AC configuration must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320 attachment plug, the other in a NEMA 515P plug. 230V AC Power Cord: The power cord to be used with a 230 Volt AC configuration must be a minimum type SJT (SVT) 18/3, rated 250 Volts AC, 10 Amps with a maximum length of 4.5 meters (15 feet). One end is terminated in an IEC 320 attachment plug. The other end is terminated as required by the recognized safety organization of the country in which it is to be installed.

Line Power Power Cord

During Operation
Do not connect or disconnect cables and/or power cords during lightning strikes or thunderstorms.
2

1U = 1 inch or 44.45 mm

April 2005

30

ML48261, Rev. 02

About this Manual

Servicing
All servicing must be carried out only by qualified service personnel. Before servicing, ensure that all power to the OS9000 is cut off!

April 2006

31

ML48261, Rev. 02 Overview

Chapter 1:

Chapter 1:

Overview
General
The OS9000 is an intelligent, versatile, and powerful carrier-class/metro Ethernet access/aggregation platform with a comprehensive traffic management suite. Distributive architecture and the incorporation of cutting-edge technology in its design and construction enable it to meet current and future needs. Robust and highly flexible, it can readily be applied to provide Ethernet IP multimedia services, intelligent Layer 2 switching, and advanced QoS to enable metro-optimized Service Level Agreements. Designed as a high-end optical aggregation-switching platform for telecommunication applications, the OS9000 is suited for next generation inter-converged IP and Ethernet networks. The OS9000 is targeted for provider Central Offices, street cabinets, and Multi-Tenant Units (MTUs) and is the ideal solution for deployments where utilization of minimal rack space is crucial. Carriers can operate the OS9000 in three stages of increasing order of advancement. Initially, as a physical-layer Ethernet-over-WDM (eWDM) cross-connect relay system by using its Media Cross Connect capability see section Chapter 27: Transparent Mode Media Cross Connect, page 310. It can then be moved up to provide enhanced Ethernet switching services, and subsequently, through simple software upgrade, to provide MPLS services. Key benefits include shortened time-to-market of new services and reduction in technical risks common to products with an evolving number of interconnection layers. The OS9000 offers: Metro Ethernet E-Line, E-LAN, and EPL services Up to 64,000 traffic management profiles QoS compliance to latest IETF/MEF standards and specifications IP/MPLS services High availability protocols at Layers 2 and 3 Modular Master-OS software for demanding current and future services

Application
OS9000 can be applied for: The following first and second mile services (optical switched or transparent):

Ethernet according to IEEE 802.3ah for the first mile Intelligent service multiplexing & bandwidth provisioning
Inter-PoP WDM connectivity services IP DSLAM Gigabit Ethernet Optical Aggregation Point-to-point and multi-point Layer 2 services for business subscribers E-Line services E-LAN services Private-Line services

April 2005

32

ML48261, Rev. 02 Overview

Chapter 1:

Advantages
Comprehensive repertoire of operation, service, and security functions Provides flexible and secure connectivity Available in a wide range of physical interfaces to suitably integrate in a network. Deployable in street cabinets, at a central office, or in MTUs Low heat and power consumption signature Withstands high ambient temperatures All user interfaces at front end Efficient Robust

Features
Hardware
Small form factor (3U high for OS9024-M and OS9012-M, 2U high for others) ideal for small and medium PoP installations Efficient rack-space saving form factor with front-end interfaces to allow back-toback placement with full access without having to move them Aggregation flavors: 4, 12, and 24 Combo3 ports with WDM interface option Module for inter-PoP WDM connectivity services Hot-swappable SFP optics support SX, LX, ZX and WDM Gigabit Ethernet 10 Gbps LAN/WAN PHY in model OS9012c-10Gx AC and/or DC redundant (1+1) hot-swappable power supplies Redundant cooling fan Environmental monitoring with built-in temperature sensors and alarms Auto-MDI/MDIX, i.e., each 10/100/1000Base-T port can be connected to an Ethernet MDI or MDIX port with a straight or cross-over cable since the port automatically configures itself to suit the cable type and co-port interface.

Software
Intelligent Layer 2 switching

Provider bridges concept Customer VLAN and Service VLAN (VLAN and CoS4 preservation) Per-VLAN non-learning transparent mode Support for jumbo frames up to 9K bytes long Multicast, broadcast service control, delivery, and filtering Layer 2 control protocols (discard and tunnel) processing Ethernet OAM (Operation, Administration, and Management) Fault tolerance and loop protection Multiple Instance Spanning Tree per IEEE 802.1s Link Aggregation per IEEE 802.3ad

MPLS L2 VPN LER & LSR

3 4

Combo ports are dual PHY ports, i.e., either fixed 10/100/1000Base-X or SFP. SL

April 2006

33

ML48261, Rev. 02 Overview

Chapter 1:

IP Service Delivery Complete routing set of IGP and EGP * Software-based NAT, PAT, and SNAT (Internal IP header translation) * IP Multicast Services IGMP v1/v2/v3 Multicast router functionality PIM-SM Link Aggregation (802.3ad) Classification and Marking according to VLAN priority/IP ToS/MPLS EXP Class-aware bandwidth profiles Per inbound interface Per VLAN/subscriber Per Class (CoS ID) Layer 3 and/or Layer 4 packet headers Security ACLs (Access Control and Layer 2 filtering) Enhanced secure management IP auto-configuration services (DHCP server, client, and relay) Enhanced secure management (SSHv2 and SNMPv3) Statistics per subscriber Statistics used by subscriber/VLAN service or per application class Counters per physical port per CoS Counters per queue Security logs/traps Service Assurance PING (Round-Trip Reporter) Optical performance monitoring (digital diagnostics) via SFPs Virtual Cable Diagnostics (VCD) using TDR for copper cables/connections

System Architecture
General
OS9000 is a high-performance system with a non-blocking hardware and software architecture engineered for deployment in new and demanding Ethernet network environments to support the providers value-added service offerings. The platform offers a unique combination of features and optical interfaces that enable easy and flexible field configurations while making it ideal for maintenance and inventory.

Back-to-back Installation in Telco Racks

The OS9000 10-inch deep design enables installation of two units back-to-back in standard 19-inch Telco racks. This feature enables doubling the 'port-per-rack density.

Front-end Access
This feature obviates dismounting of the units for maintenance or installation of new hardware following initial installation.

Fiber Guard
The front-end fiber tray protrudes relative to the front panel to allow additional space for connectors and cabling to be conveniently connected to the rack. This protrusion is ideal for installation of high-density fiberoptic cables, where connector space is crucial for connector integrity.

April 2006

34

ML48261, Rev. 02 Overview

Chapter 1:

Optical SFP Interfaces

SFP interfaces provide unmatched deployment flexibility to enable versatile multimode, singlemode, and single fiber connections, or even shared physical fiber CWDM or DWDM connections simply by means of the use of an appropriate SFP. In addition, the OS9000 offers the optional MultiService optical WDM module (described in the section WDM, page 41) for Add/Drop and aggregation from its optical interfaces to a single outgoing fiber. Such a function offers better fiber utilization and physical separation of services with dedicated Gigabit rate for premium services for businesses that are geographically dispersed.

SFP/XFP Optical Performance Monitoring (Digital Diagnostics)

The OS9000 complies with the SFP digital diagnostics standard SFF-8472 to provide a powerful OPM tool for accessing a number of real-time SFP operation information, such as, optical Tx/Rx power, voltage, temperature as well as manufacture information, such as, vendor code, serial number, and wavelength. The information provided through the digital diagnostics, along with alarm and warning thresholds, enables the network administrator to identify potential problems in optical transmission and take preemptive action before any service outage actually occurs.

Software Architecture
General The OS9000 software, based on the Linux modular operating system, is architectured using breakthrough technology that ensures system stability as additional features, protocols, and functionality are incorporated into the system by a straightforward add-on technique. It does this by allocating each task to a separate process providing efficient scheduling of processes. Flexibility The OS9000 softwares enforcement of strict communication between processes allows straightforward addition of new or modification of existing features, functions, and protocols. Memory Protection and Fault Isolation In monolithic operating systems features, protocols, and functions are run as a single instance making the prevention of the introduction of bugs an almost impossible task. These bugs cause memory overwrites and leaks. The OS9000 through its modular operating system eliminates these problems by separating each process to run in its own virtual space using a pre-allocated memory area. This prevents overwriting of memory areas of other processes, improves reliability, and prevents system collapse. Automated Process Restart The monitoring and defense mechanism of the OS9000 provides for advance detection of adverse processes so that failures may be addressed in time to prevent system downtime. The OS9000 system monitors each process and restarts any that is found to be hazardous in order to avoid system reboot. Individual functions can be seen and restarted manually if needed without impacting others. Security The OS9000 provides several safeguards against attacks such as Denial-of-Service (DoS). In the event such an attack is successful, only part of the control plane is affected and the process running there is impacted. However, the processes in the rest of the control plane run unaffected.

April 2006

35

ML48261, Rev. 02 Overview

Chapter 1:

Figure 1: System Software Architecture

Quality of Service
Carriers can offer different types of traffic/services over IP/Ethernet networks with better control in order to reduce the load on their core networks using the following features: Layer 2, 3, and 4 packet classification using QoS ACLs CoS mapping according to 802.1p VLAN tag, IP ToS, or MPLS EXP) Traffic management using ingress rate limit & policing and egress traffic shaping Bandwidth enforcement per flow with single/dual rate 3-color marking Congestion management Scheduling of flows to interfaces

Congestion avoidance RED (Random Early Detection) and WRED (class-based RED) for advance packet discarding The OS9000 enables a value-added network infrastructure, with end-to-end QoS. The OS9000 advanced ASIC design supports full CoS and QoS including classification, rate limiting, shaping, weighted round-robin scheduling, and strict priority. This provides for reduced delay, low jitter and guaranteed throughput in real-time applications, including voice-over-IP, video-on-demand, and IP TV services. The network burst-control enforced by RED and WRED congestion-avoidance mechanisms monitor network traffic load and discard packets at the congestion threshold. The discarding action is detected at the client side and, as a result, transmission is slowed down. For network convergence applications that have a clear boundary between the customers and carriers networks, Layer 3 (IP ToS) and Layer 2 (802.1p CoS) packets can be mapped/marked to preserve priorities or mapped into predefined profiles set by the carrier.

Security
OS9000 offers advanced security capabilities that can provide protection against malicious attacks while enabling Authentication, Authorization and Accounting (AAA). The internal security engine can administer comprehensive Access Lists and advanced features, such as port security, and can set Layer 2-4 network traffic security policies according to the following attributes: Layer 2 security: Management VLAN Isolation of Customer VLAN from Provider VLAN

April 2006

36

ML48261, Rev. 02 Overview Layer 2 filtering and tunneling of management protocols MAC flood protection security

Chapter 1:

Port-based authorization/control per the IEEE 802.1x standard Layer 2-4 profiles: Access Lists inspect each incoming packet and permit/deny according to predefined rules. Rate limit for protection against Denial-of-Service (DoS) attacks IP spoofing protection in ASIC Filtering of incoming packets spoofed from an indirect network connection by an IP source CPU DoS protection and Internal firewall

Access Lists (ACLs)

The OS9000 ASIC-based technology enables a secure environment, preventing DoS attacks by using a range of layer-independent ACLs together with QoS protective techniques such as rate-limit-per-service streams, source MAC address learning limit, and comprehensive IP ACL rules. Each ACL has a rule action that determines whether a packet will be forwarded or dropped in the event of a misdirected hit. A wide range of handling actions can be set for a packet that meets pre-specified conditions.

Statistics
The OS9000 enables collection of extensive statistics and diagnostics to enable flexible accounting and billing, traffic planning and rapid troubleshooting. Thanks to its wide range of statistical tools, service providers can better tune their network operation (in particular, bandwidth) and charge customers accordingly. The range of statistical tools includes: Statistical profiles (packet and byte counters) Ingress and egress statistics per subscriber/service or per class Counters per physical port per CoS Counters per queue

Management
To address carrier-class management needs, OS9000 incorporates a wide-ranging repertoire of standard and advanced management & security functions, features, and protocols. The OS9000 can be custom set up and managed with any one or more of the following: Craft terminal (asynchronous ASCII terminal, e.g., VT100 terminal or emulator) For local out-of-band management over a network running Serial/EIA-2325 from a distance of up to 15m (~ 50 ft). TELNET station For remote inband management using TELNET over a network running TCP/IP. With a TELNET connection, you can log on to one of the OS9000 IP interfaces. After you enter and log on, all commands operate as if the serial interface is being used. SSH For secure remote inband management using SSH over a network running TCP/IP. It is widely used by network administrators to control Web and other kinds of servers remotely. Using an SSH connection, you can log on to one of the IP interfaces. After you enter and log in, all commands operate as if the serial interface (CLI) is being used. The OS9000 can operate in server or client mode. MIB browser For performing rudimentary SNMP management. SNMP NMS6 For remote inband management using SNMP over a network running TCP/IP.
5

EIA-232 is also referred to as RS-232.

April 2006

37

ML48261, Rev. 02 Overview

Chapter 1:

Using MRVs powerful SNMP management application software package MegaVision, the entire system of devices on a network can be centrally managed from a single host (e.g., PC) via a LAN or the World Wide Web. Central management by MegaVision allows network managers to access their managed elements via any browser console through an authentication control interface and to have complete control of an entire map of devices for configuration, performance analysis, inventory control, accounting and billing. The MegaVision application software package includes: MRVs Web-based MegaVisionPro Full-featured SNMP-based application providing complete network management and control for all MRV SNMP-manageable products. MRVs MegaVision Configurator MegaVision Web-based element manager for configuring and monitoring a single device in a real network environment. The Configurator can be downloaded for free from: ftp.international.mrv.com/support/tech_data/MegaVision/mvconf MRVs MegaVision Demo Comprehensive simulator of the MegaVision real-device network management application. To run this application, no password is required. The OS9000 has the following management enhancing features: Industry Standard CLI Out-of-band management Serial/EIA-232 port Out-of-band management dedicated Ethernet port In-band Management via Ethernet ports TELNET, SSH v2, SNMPv1,v2c,v3, RMON (per-port Ethernet statistics, History, Alarm, and Events) Ping, Traceroute, DNS lookup, TCP dump (built-in sniffer) Port mirroring/monitoring of ingress and egress traffic Port trunking Management ACL for trusted connections Hierarchical administration policy RADIUS AAA for management sessions Statistics for accounting information Configuration load/save via FTP Remote firmware download via FTP Network Time Protocol Logging Syslog Events Scheduler (scheduling of execution of administrator-specified commands at times/dates pre-defined by the administrator) Prevention of loading of the CPU with non-ARP packets Advanced Ethernet OAM (discovery, continuity, and connectivity testing) Link OAM per IEEE 802.3ah Virtual Cable Diagnostics on Ethernet RJ45 ports Digital Diagnostics (optical performance monitoring) for SFPs per MSA SFF8472 VPN connectivity testing Layer 2 Traceroute and Service Assurance PING

Virtual Cable Diagnostics

The OS9000s Virtual Cable Diagnostics feature enables the administrator to test electrical data cables attached to its ports for a physical fault, to identify the fault type, and to pinpoint its location all this with a single command. The technology used in devising VCD is Time-Domain Reflectometry (TDR), which works on the same principle as radar.
6

For example, PC running MRVs MegaVision Network Management application.

April 2006

38

ML48261, Rev. 02 Overview

Chapter 1:

In Ethernet networks, Layer 1 and Layer 2 elements are so closely coupled that it is often impossible to determine at what layer the fault is present. Without VCD, isolation of the fault would involve rolling out of burdensomely numerous cables and other equipment without knowing what or where the fault is, thereby dramatically increasing maintenance costs and downtime! Detectable faults are opens, shorts, bad connectors, impedance mismatch, and polarity mismatch.

Installation
The OS9000 is installed simply by plugging it into existing infrastructures. OS9000s are robust and can withstand extremes of temperature and humidity see Appendix I: Product Specification for details. In even more extreme environmental conditions (e.g., UV radiation, rain, dust, humidity, corrosion, etc.) the OS9000s can be placed in MRV protective Outdoor Cabinets. The Outdoor Cabinets have a robust and stable mechanical structure. All control and movable parts (hinges, fans, etc.) maintain operational integrity even under maximum stress. They can be installed indoors or outdoors, on the floor, or on a wall. Because of their polyester packaging, Outdoor Cabinets are superior to metal cabinets in most respects. Further information can be obtained by contacting your local MRV representative or e-mailing us at [email protected].

Operation
Operation is autonomous once the OS9000 is powered on.

Models
The OS9000 is available in various models, each having one or more unique features so that a model can be selected to tailor-fit an application. The models are described in Table 1, below. Table 1: Models of the OS90000 Model OS9024-4C OS9024-M Description Multi-layer system with 24 x 1Gbps Ethernet SFP ports (4 of which are Combo) + 1 x WDM multi-service port. Multi-layer Telco-compliant system with 24 x 1Gbps Ethernet
10/100/1000Base-T (all 24 of which are Combo) + 1 x WDM multi-

service port. Back-to-back mountable in Telco rack. Echelon shaped front end provides convenience in cabling. OS9024FX-4GC OS9012-M Multi-layer system with 24 x 100Mbps Ethernet SFP ports (4 of which are Combo) + 1 x WDM multi-service port. Multi-layer Telco-compliant system with 12 x 1Gbps Ethernet
10/100/1000Base-T (all 12 of which are Combo) + 1 x WDM multi-

service port. OS9012C-10Gx Multi-layer system with 12 x 1Gbps Ethernet Combo ports + 1 x 10Gbps Ethernet XFP uplink port + 1 x WDM multi-service port.

Layout
General
The layout is such that all user access is front-end, and is shown in Figure 2, below.

April 2006

39

ML48261, Rev. 02 Overview

Chapter 1:

Model: OS9024-4C

Model: OS9024FX-4GC

Model: OS9024-M

April 2006

40

ML48261, Rev. 02 Overview

Chapter 1:

Model: OS9012C-10Gx Figure 2: Layout of OS9000 Models

Power Pushbutton
Pushbutton PWR for powering ON/OFF the OS9000 system.

Reset Pushbutton
Pin pushbutton RST for restarting the OS9000 system.

Ports/Slots
LAN/WAN Fixed Four fixed 10/100/1000Base-T ports. Each port can be independently configured to operate in any of a wide range of modes. For more information on configuration of ports, refer to Chapter 5: CLI Management. SFP Up to 24 Gigabit Ethernet SFP ports. Each port can be independently configured to operate in any of a wide range of modes. For more information on configuration of ports, refer to Chapter 5: CLI Management. Management MGT ETH Ethernet 10/100Base-TX interface (port) for TELNET, SSH, and/or SNMP out-of-band connection. It is directly connected to the CPU and is not affected by inband traffic. It is an IP interface that is used only for connecting a management LAN. Management stations on the LAN can be used to manage the OS9000 out-of-band (using a TELNET, SSH, or SNMP connection over Ethernet). Alternately, a TFTP client can be connected to the outof-band interface to access the configuration files stored in the OS9000. CONSOLE EIA-232 Serial/RS-232 port for out-of-band connection of craft terminal (direct or via a modem). The baud rate of the port is 9600 baud. WDM One WDM connection multi-service slot for a CWDM module. The models of CWDM modules are described in Table 2, below. Table 2: Models of CWDM Modules Model Description

April 2006

41

ML48261, Rev. 02 Overview O9ADCxxyyzzww O9ADCxxyyzz O9ADCxxyy O9ADCxx O9ADCDxxyyzzww O9ADCDxxyyzz O9ADCDxxyy O9ADCDxx O9-Mux/Demux8 O9ADCDSxxyyzzww O9ADCDSxxyyzz O9ADCDSxxyy O9ADCDSxx

Chapter 1: 4 CWDM wavelengths DF OADM module for OS9000 3 CWDM wavelengths DF OADM module for OS9000 2 CWDM wavelengths DF OADM module for OS9000 1 CWDM wavelength DF OADM module for OS9000 4 CWDM wavelengths DF Dual-Sided OADM module for OS9000 3 CWDM wavelengths DF Dual-Sided OADM module for OS9000 2 CWDM wavelengths DF Dual-Sided OADM module for OS9000 1 CWDM wavelength DF Dual-Sided OADM module for OS9000 8 wavelengths CWDM Multiplexer/Demultiplexer module for OS9000 4 CWDM wavelengths SF Dual Sided OADM module for OS9000 3 CWDM wavelengths SF Dual Sided OADM module for OS9000 2 CWDM wavelengths SF Dual Sided OADM module for OS9000 1 CWDM wavelength SF Dual Sided OADM module for OS9000

xx, yy, zz, and ww represent the two middle digits of the channel wavelength. For e.g., if the wavelengths are 1410, 1430, 1450, and 1470, then xx is 41, yy is 43, zz is 45, and ww is 47.

Power Supply Two slots for installing power supplies.

LEDs
Global and per-port status-indicator LEDs. The LEDs are described in Table 5, page 62.

Earthing
Butterfly nut on screw for earthing the OS9000 chassis.

Power Supplies
Up to two AC or DC power supplies can be installed although only one power supply is required to power the OS9000. Two power supplies provide a continued supply of the requisite power if either one fails or is removed during operation (possibly for maintenance purposes). Features Models Table 3: Models of Power Supply Model EM9005-PS/AC EM9005-PS/DC Description AC power supply auto-adaptive to all line/mains inputs in the range 90 to 240 Vac DC power supply auto-adaptive to all line/mains inputs in the range -36 to -72 Vdc Universal Hot-swappable Mutually redundant External Pluggable

April 2006

42

ML48261, Rev. 02 Overview Layout

Chapter 1:

AC Power Supply Front End Switch For switching power ON/OFF from the AC line (mains) to the Power Supply. Screw For fastening the Power Supply in the OS9000. Receptacle For connection to the line(mains) with a power cord having a 3-prong plug. The power cord specification is given in the section Power Cord, page 30. Handle For handling the Power Supply. Fan For cooling the Power Supply.

Figure 3: AC Power Supply Module Front End Rear End Connector For connection to the Power Supply motherboard 6-pin socket.

Figure 4: AC Power Supply Module Rear End DC Power Supply Front End Switch For switching power ON/OFF from the DC line (mains) to the Power Supply. Screw For fastening the Power Supply in the OS9000.

April 2006

43

ML48261, Rev. 02 Overview

Chapter 1:

DC Power Input 3-Termination Block For connection to the line(mains) with a power cord having a 3-prong plug. The power cord specification is given in the section Power Cord, page 30. Positive Positive terminal of 3-Termination Block. Earthing Earthing terminal of 3-Termination Block. Negative Negative terminal of 3-Termination Block. Handle For handling the Power Supply. Fan For cooling the Power Supply.

Figure 5: DC Power Supply Module Front End Rear End Connector For connection to the Power Supply motherboard 6-pin socket.

Figure 6: DC Power Supply Module Rear End

Blank Panels
WDM Blank Panel Covers the WDM slot if no CWDM module is installed. Power Supply Blank Panel Covers the power supply slot if no Power Supply module is installed.

April 2006

44

ML48261, Rev. 02 Overview

Chapter 1:

Options
Software
SW-UPG-9SL3 enhanced software upgrade package that includes OSPF, IS-IS, BGP4, ECMP, PIM-SM. SW-UPG-9MPLS enhanced software upgrade package for creating MPLS Virtual Circuits.

SFPs
Up to 24 Gigabit/Fast Ethernet SFP transceivers can be fitted to the OS9000, depending on the model. The SFPs can be fiberoptic or electrical.

WDM Interface
A passive unit for adding or dropping optical data carrier wavelengths can be fitted to the OS9000. Such a unit can be any of the following WDM modules: OADM Scalable, passive optical add and drop multiplexer/demultiplexer that can add and/or drop a specific channel (wavelength) to/from an optical WDM signal, while all other channels are routed from the input to the output with minimal attenuation. OADMs are required in ring and multipoint network topologies. OADMs can be used to create a network topology in which a single wavelength can be added or dropped on demand, allowing an Optical Service Channel (OSC) to be provided at any point along a trunk. The technology enables flexible and intelligent planning and provisioning of optical services while at the same time simplifying deployment and maintenance of optical networks. Dual-interface OADMs are available for building carrier networks protected by redundancy. Models with 1 to 8 channels are available. The modules are passive and use optics only for their operation. EXP ports IN and OUT carry only channels to be continued to the next OS9000, and are used only in ring network topologies. Mux Multiplexes egress data coming over WDM channels7 onto a single physical fiber. The module can multiplex up to 8 channels. The modules are passive and use optics only for their operation.

Demux Demultiplexes ingress8 data coming over WDM channels onto a single physical fiber. The multiplexer can demultiplex up to 8 channels. The modules are passive and use optics only for their operation.

7 8

WDM channels carry data from one WDM unit (e.g., OS9000, LambdaDriver) to another. Data entering the OS9000.

April 2006

45

ML48261, Rev. 02 Overview Figure 7: WDM Module (Model 09ADCD)

Chapter 1:

Power Supply
A second AC or DC power supply can be installed in the OS9000. Two power supplies provide a continued supply of the requisite power if either one fails or is removed during operation (possibly for maintenance purposes).

Fiber Guard
The Fiber Guard is a tray for protectively supporting fiberoptic cables connected to the OS9000. It can be assembled on OS9000 models OS9024-4C, OS9024FX-4GC, OS9012M, and OS9012C-10Gx.

Figure 8: Fiber Guard

April 2006

46

ML48261, Rev. 02 Applications

Chapter 2:

Chapter 2:

Applications
General
This chapter gives examples of how the OS9000 can be applied.

Ethernet in the First/Last Mile Aggregation

This application is used to provide Ethernet services in the first/last mile of an aggregation segment connected to a metro network while freeing the metro network from the task of handling traffic between the hosts on the segment. The FiberDriver is a copper-to-fiber media converter for converting 10/100/1000Base-T interface to a 1000Base-LX/SX interface. VLANs can be built at the first/last mile side to isolate users from one another if required and to provide q-in-q VMANs and security. In addition, a 10G uplink can be used to connect the OS9000 network to the metro network for metro network services. A second 10G uplink can be used as metro network link protection.

Figure 9: Ethernet in the First/Last Mile Aggregation

IP DSLAM Optical Aggregation

This application is used to interconnect subscribers at the IP/DSLAM side and Video Servers while freeing the metro network from the task of handling traffic between them. VLANs can be built at the IP/DSLAM side to isolate users from one another if required and to provide q-in-q VMANs and security.

April 2005

47

ML48261, Rev. 02 Applications

Chapter 2:

Figure 10: IP DSLAM Optical Aggregation and inter-PoP Multi-Gbps WDM

Multimedia Aggregation Services

The OS9000 can be used to deliver triple-play separate or integrated data, voice, and video-streaming services from BRAS and Video Servers to MTU and MDU premises without the intervention of the core network. An uplink connection can be made to the core network for special services.

Figure 11: Multimedia Aggregation Services

April 2006

48

ML48261, Rev. 02 Applications

Chapter 2:

Intelligent Multiplexing over WDM Channels

The following application shows how the OS9000 can be used to provide services over as many as eight WDM channels both inband and out-of-band. In inband modes, switching and routing functions are performed on ingress and egress traffic. In out-of-band modes, no switching and routing functions are performed on ingress and egress traffic; traffic is transmitted as it is received and without processing. In inband and out-of-band modes, OS9000s can be interconnected in Point-to-Point or Multipoint (Ring or Star) physical topologies: Each topology can be link-protected using redundancy.

Figure 12: Intelligent Multiplexing over ITU-T Grid (G.694.2) WDM Channels

April 2006

49

ML48261, Rev. 02 Applications

Chapter 2:

Network Management
Figure 13, below, shows that MRVs MegaVisionPro SNMP network management application can be used on various platforms for management of the OS9000 (and other SNMP-manageable devices) via a LAN or the World Wide Web. In addition, digital diagnostics per the SFF-8472 standard can be performed for SFP transceivers of the OS9000. Layer 1 cable diagnostics (VCD) can be performed to identify and locate faults in copper cables/connections.

Figure 13: Network Management

April 2006

50

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 3:

Installation
General
This chapter provides a detailed step-by-step procedure for installing the OS9000.

Safety
Before installing the OS9000, ensure that the requirements noted in the section, from page 30, are met.

Package Contents
Essentials
OS9000 chassis (as many as ordered by the customer) Power Supply (1 per chassis) Blank Panel (1 per vacant slot) EIA-232 Cable (1 per chassis) Power Cord (1 per power supply) CD containing the OS9000 User Manual (1)

Options
Brackets for mounting the OS9000 in a 19-inch rack (2 per chassis) Fiber Guard (1 per chassis) Redundant Power Supply (1 per chassis) MegaVisionPro Web-based server SNMP network management application (on CD) Outdoor Cabinet (1 for up to 2 chassis)

Requirements
Tools
Philips screwdriver no. 1 (for Power Supplies) Philips screwdriver no. 2 (for Mounting Brackets)

Data Equipment
DTEs/DCEs Compliant to IEEE 802.3, IEEE 802.3u, and/or IEEE 802.3z. Cabling WDM Module Ports Inband OS9000 LAN/WAN ports to the WDM Module Access ports If data is to be carried through the OS9000 over WDM channels, jumper fiberoptic cables for connecting the OS9000 LAN/WAN ports to the WDM module Access ports April 2005 51

ML48261, Rev. 02 Installation

Chapter 3:

are required. (The OS9000 LAN/WAN ports are identified in Figure 2. The WDM module Access ports are identified in Figure 7.) These cables are provided by MRV. Their specification is as follows: Cable Type: Singlemode 9/125 m Cable Connectors: MiniSC (MU) Cable Length: 1 m (~ 3 ft) WDM Module WDM ports Fiberoptic cables for connecting the WDM module WDM ports must be supplied by the customer. Their specification is as follows: Cable Type: Singlemode 9/125 m Cable Connector: Dual SC Cable Length: Per the devices driving the data through the WDM Module Out-of-band If data is to bypass the OS9000 but carried through the WDM Module over WDM channels, fiberoptic cables for connecting the WDM module ports must be supplied by the customer. Their specification is as follows: Cable Type: Singlemode 9/125 m Cable Connectors: Access ports: MiniSC (MU) WDM ports: Dual SC Cable Length: Per the devices driving the data through the WDM Module 10/100/1000Base-T Ports Cable Type: Category 5. Cable Connector Type: RJ45 8-pin male Cable Length: Up to 100 m (330 ft) Cable Impedance: 100 Cable Wiring: Straight (Figure 44, page 365) or Cross (Figure 45, page 365) Note Each 10/100/1000Base-T port may be connected with a straight-wired or cross-wired cable irrespective of whether the co-port is that of a DCE (e.g., switch) or DTE (e.g., PC) since the OS9000 port automatically configures its interface to be Ethernet MDI or MDIX in order to communicate via the co-port. 100/1000Base-X Ports Per the SFP. The cable length can be up to:
[Output power of SFP transmitter Sensitivity of SFP receiver] - Path losses (in dB) km Cable Attenuation (in dB/km)

The path losses include losses due to interposing devices, splices, etc. plus a safety margin of 3 dB. Cable Fiber Marking For each cable fiber, attach a label with the marking TX at one end and another label with the marking RX at the other end.

Management Equipment
Out-of-band Management using Serial/RS-232 Connection Craft terminal: Asynchronous ASCII terminal, e.g., VT100 terminal or Craft terminal emulator: For e.g., PC with asynchronous ASCII terminal emulation software application such as Microsoft Windows HyperTerminal or

April 2006

52

ML48261, Rev. 02 Installation UNIX workstation or Linux workstation Operating System: For e.g., Microsoft Windows 95/98/2000/NT/XP

Chapter 3:

Cable (supplied by MRV): Null-modem RS-232, with RJ45 8-pin male connector and DB9 9-pin female connector, and not longer than 15 m (50 ft) for connecting the OS9000 CONSOLE EIA-232 port to the management station. The cable wiring is shown in Figure 43 on page 365. TELNET or SSH station: For e.g., PC with TELNET or SSH application or SNMP NMS: For e.g., MRVs MegaVisionPro Web-based network management application running on a PC. For details, refer to the MegaVision User Manual. Operating System: For e.g., Microsoft Windows 95/98/2000/NT/XP. Interface to the Web: Optional, for Web-Based Management. Cable: Category 5, with RJ45 male 8-pin connector, up to 100 m (330 ft) long for connecting the OS9000 MGT ETH port to the network via which the management station can be accessed. The cable must be cross-wired as shown in Figure 45, page 365. IP Address: If an IP address is to be assigned to the OS9000 for the first time, the interconnection shown in Figure 17, page 60 is used.

Out-of-band Management using TELNET, SSH, or SNMP Connection

Mounting
If rack-mountable units are installed in a closed or multi-unit rack assembly, they may require further evaluation by certification agencies. Installation should be such that a hazardous instability condition is not developed due to uneven loading. Ensure that the OS9000 will be within reach of the necessary connections, namely, line/mains power outlet, Ethernet networks, and a craft terminal/emulator or a UNIX workstation if the OS9000 is to be managed via its CONSOLE EIA-232 port. For mounting an OS9000, any one of the following may be used: Rack, Outdoor Cabinet, or Desktop. Details are given below. Desktop: Flat, stable, non-conductive static-free surface Rack Mount: Two brackets with six philips screws (supplied by MRV) Space in 19-inch rack: Model OS9024-M: 485 x 185 x 300 mm 3 (19 x 3U9 x 12 in 3) Other Models: 485 x 90 x 350 mm 3 (20 x 2U x 14 in 3) Outdoor Cabinet: For mounting up to two OS9000s indoors or outdoors (supplied by MRV).

Environmental
Temperature: Humidity: Cooling air: 0 to 50 oC (32 to 122 oF). Non-condensing, 10 to 95%. Flowing around the OS9000 and through the air vents unobstructed. In addition, there must be a clearance of at least 25 mm (1 inch) between the air vents and nearby objects.

1U = 1 inch or 44.45 mm

April 2006

53

ML48261, Rev. 02 Installation

Chapter 3:

Power
The line (mains) should be able to supply power to the OS9000 as specified in the label on the unit. Check nameplate ratings on the OS9000 to assure there will be no overloading of supply circuits that could have an adverse effect on overcurrent protection and supply wiring. AC Source The AC power source (line/mains) should be able to supply power to the OS9000 according to the following specification: 100 to 120 Vac, 2 A, 60 Hz or 200 to 240 Vac, 1 A, 50 Hz The power cord for 115 Vac input from a power source must be a minimum-type SJT (SVT) 18/3, rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC 320 attachment plug, the other end must terminate in a NEMA 5-15P plug. (The power cord supplied by MRV meets these requirements.) The power cord for 230 Vac input from a power source must be a minimum-type SJT (SVT) 18/3, rated 250 Vac, 10 A with a maximum length of 4.5 m or 15 ft. One end must terminate in an IEC 320 attachment plug, the other end must terminate as required by the recognized safety organization of the country in which it is installed. (The power cord supplied by MRV meets these requirements.) DC Source DC rated equipment must be installed under the following conditions: 1. The DC supply source to which the OS9000 is to be connected must be isolated from the alternating current source and reliably connected to earth or to a DC (SELV) source. 2. The OS9000 must be installed only in restricted access areas (Dedicated Equipment Rooms, Equipment Closets, or the like) in accordance with Articles 110-16, 110-17, and 110-18 of the National Electrical Code, ANSI/NFPA 70. 3. Input wiring to a terminal block must be routed and secured in such a manner that it is protected from damage and stress. Do not route wiring past sharp edges or moving parts. 4. A readily accessible disconnect device, with a 3 mm minimum contact gap shall be incorporated in the fixed wiring. 5. A listed circuit breaker suitable for protection of the branch circuit wiring and rated 60 Vdc minimum must be provided. Note To ensure continued operation even when the line (mains) power is cut off, it is recommended to connect the OS9000 through a UPS. Power Supplies One power supply is sufficient for the OS9000. Insertion of a second power supply ensures continued supply of requisite power even if a power supply fails.

Grounding
Reliable earthing of the OS9000 must be maintained. Particular attention should be paid to supply connections when connecting to power strips, rather than to direct connections to the branch circuit.

April 2006

54

ML48261, Rev. 02 Installation

Chapter 3:

Procedure
Component Insertion
SFP 1. Choose the SFP receptacle into which the SFP is to be inserted. 2. Holding the SFP with the right side up, slide it about half-way into the SFP receptacle. 3. If the SFP has a latching mechanism, while holding the SFP with one hand gently release the latch with the other hand. Usually, the latch handle is a wire frame around the SFP. To release the latch, swing down the wire frame. 4. With both thumbs pressed against the face edges of the SFP, gently slide it as far into the SFP receptacle as possible. Holding the SFP in this position, swing up the latch handle around the SFP in order to latch it. WDM Module 1. If a Blank Panel is covering the slot, using a philips screwdriver no. 1 remove it by undoing the two philips screws. 2. Holding the module by the panel, place it between the top and bottom rails in the slot. Then slide it until its panel is almost level with the front panel of the OS9000. (This assures that the modules connector is inserted into place.) Pull up the handle (ejector/extractor) to lock the module in position. 3. Using a philips screwdriver no. 1, fasten the module with the two captive screws that are located on its edges. Power Supply 1. If only one Power Supply is to be inserted choose the left slot. The Power Supply in this slot is identified as 1 by management. 2. If a Blank Panel is present, using a philips screwdriver no. 1 remove it by undoing the two philips screws. 3. Remove the foam packing, if present, from the Power Supply slot. 4. Carefully insert one or both Power Supplies so that the connector on the rear fits into the connector in the OS9000 chassis. 5. Fasten each Power Supply with its two captive screws. WDM Module Blank Panel If a WDM module is not installed in the OS9000, with two screws and a philips screwdriver no. 1, fasten the WDM Module Blank Panel to the chassis of the OS9000. Power Supply Blank Panel If a second Power Supply is not installed in the OS9000, with two screws and a philips screwdriver no. 1, fasten the Power Supply Blank Panel to the chassis of the OS9000.

Mounting
Desktop Place the OS9000 on a flat, stable, non-conductive static-free surface. Outdoor Cabinet Refer to the Outdoor Cabinets User Manual, Publication No. ML46852. Rack Model OS9024-M is mountable in a Telco rack. 1. If a Fiber Guard10 also is to be mounted, first do the following:
10

A Fiber Guard can be mounted on models OS9024-4C, OS9024FX-4GC, OS9012-M, and OS9012C-10Gx.

April 2006

55

ML48261, Rev. 02 Installation

Chapter 3:

a. On one mounting bracket11, locate the Fiber Guard hole (the lower of two small holes, as shown in Figure 14, below).

Figure 14: Fastening Brackets for Mounting the OS9000 in a 19-inch Rack b. From the rear of the mounting bracket, insert a philips screw (supplied) through the Fiber Guard hole. c. From the front of the mounting bracket, fasten a nut spacer (supplied) to the philips screw. d. On the second mounting bracket, locate the Fiber Guard hole. e. Fasten the nut spacer as described in steps b and b, above. 2. With the six screws (supplied) and a philips screwdriver no. 2, fasten the two mounting brackets12 to the sides of the OS9000 as shown in Figure 14, above. 3. Mount the OS9000 in a 19-inch rack. Fiber Guard Assembly 1. Ensure that the two mounting brackets are fastened to the OS9000 as described in the section Rack, page 55. 2. If the Fiber Guard is supplied in two pieces, connect the pieces together as follows: a. Position the two pieces as shown below:

Piece 1

Piece 2 b. Connect one end of Piece 2 to the hinge at the end of Piece 1 as shown below:

11 12

Either bracket may be mounted on either side. Either bracket may be mounted on either side.

April 2006

56

ML48261, Rev. 02 Installation

Chapter 3:

Piece 2 hinged to Piece 1 at one End c. Connect the other end of Piece 2 to the hinge at the other end of Piece 1 as shown below:

Piece 2 hinged to Piece 1 at both Ends Top View

Piece 2 hinged to Piece 1 at both Ends Side View d. Swing Piece 2 up by 90o and push it slightly down to lock it in position as shown below.

Velcro Strips Pass each Velcro13 strip through a pair of holes, shown in Figure 15, below.

13

Velcro is the brand name for hook & loop fasteners.

April 2006

57

ML48261, Rev. 02 Installation

Chapter 3:

Figure 15: Fiber Guard and Parts Fastening to OS9000 1. Position the Fiber Guard so that its two captive screws (shown in Figure 15, above) at the ends are directly opposite the two nut spacers fastened to the mounting brackets. 2. Fasten the two captive screws to the nut spacers. 3. Fasten the other two captive screws on the Fiber Guard to the holes in the OS9000 chassis. Cable Laying 1. If the OS9000 has a WDM module (e.g., OADM) with an upper and lower row of connectors (as shown in Figure 16, below), connect the fiberoptic cables to the upper row. 2. Lay the fiberoptic cables on the Fiber Guard, and carefully pass the free ends of the fiberoptic cables through the oval holes in the Fiber Guard. 3. Pull the free ends along the underside of the Fiber Guard in the direction of the WDM module until the right edge of the Fiber Guard. 4. Bring the free ends up and connect them to the upper row of the WDM module connectors. 5. Connect the other fiberoptic cables to the other connectors and lay them on the tray of the Fiber Guard. 6. Harness the fiberoptic cables. Figure 16, below, shows a Fiber Guard mounted on an OS9000 and laid fiberoptic cables.

Figure 16: Mounted Fiber Guard with Fiberoptic Cables

April 2006

58

ML48261, Rev. 02 Installation

Chapter 3:

Earthing
With an insulated copper wire of gage up to #18 AWG, connect the OS9000 to an earthing point.

Network Connection
Data Equipment (DTE or DCE) Connect the LAN/WAN ports of the OS9000 to the data equipment with cables as follows: Electrical Ports Use a straight-wired or cross-wired cable (specified in the section , page 51) to connect each OS9000 electrical data port to a DTE or DCE. Fiberoptic Ports Perform the steps below making sure that: A port on one device is to be connected to a port on another device as follows: The end marked TX14 of one fiber of a cable is connected to the TX port of a device and the end marked RX to an RX port of another device. For the other fiber of the cable, the end marked RX is connected to an RX port of the first device and the end marked TX to a TX port of the second device. 1. If data is to be carried through the OS9000 over WDM channels, connect the OS9000 LAN/WAN ports (shown in Figure 2, page 41) to the WDM module Access ports (shown in Figure 7, page 46) with jumper fiberoptic cables. If data is to bypass the OS9000 but carried through the WDM Module over WDM channels, connect the external device(s) to the WDM module Access ports. 2. Connect the WDM module ports as follows: a. COM OUT port to the EXP IN port of the downstream device. b. COM IN port to the EXP OUT port of the upstream device. c. EXP OUT port to the COM IN port of the downstream device. d. EXP IN port to the COM OUT port of the upstream device. Management Station Connect at least one of the following to the OS9000: Craft terminal, TELNET station (with or without SSH), or SNMP NMS, as described below. Craft Terminal/Emulator (For Out-of-band Management) With a null-modem RS-232 cable having an RJ45 8-pin male connector, connect the OS9000s RJ45 8-pin female connector marked EIA-232 to a craft terminal/emulator serial port as shown in Figure 17, below.

14

Marking of the fibers is described in the section Cable Fiber Marking, page 52.

April 2006

59

ML48261, Rev. 02 Installation

Chapter 3:

Figure 17: ASCII Craft Terminal/Emulator Connection to OS9000 TELNET/SSH Station or SNMP NMS (For Out-of-band Management) As shown in Figure 18, below, connect the OS9000 to a TELNET, SSH, or SNMP station in either of the following ways: With a Category 5 cable (straight-wired or cross-wired) having an RJ45 8-pin male connector, at the dedicated out-of-band management port CONSOLE EIA-232 or at a 10/100/1000Base-T port With a fiberoptic cable having an LC connector, at a 100/1000Base-X SFP port.

Figure 18: TELNET, SSH, or SNMP Station Connection to OS9000

Fiberoptic Cable Protection

If a fiber guard is assembled on the OS9000, carefully place the fiberoptic cables on the guide (tray) and harness them to it.

Power Line Connection

1. Connect the OS9000 Power Supplies to the line (mains) with the supplied power cords. 2. At each Power Supply, set the switch in the I (ON) position.

April 2006

60

ML48261, Rev. 02 Startup, Setup, and Operation

Chapter 4:

Chapter 4:

Startup, Setup, and Operation

Startup
To start up the OS9000, press the pushbutton PWR continuously for at least 2 seconds. This causes the OS9000 to undergo a sequence of operationality and initialization tests. At the end of the tests, which last a few seconds, the OS9000 becomes fully operational.

Setup
Operation
Default The OS9000 is set up at the factory before it is shipped out. The default setup is a collection of settings assumed by the OS9000 when settings are not assigned by the administrator. Each default setting can be changed by invoking its associated CLI command. The section Invoking a CLI Command, page 73, shows how to invoke CLI commands. If the factory default settings are not changed, the OS9000 operates as a standard switch. If the factory default settings are changed, they can be restored using the CLI as follows: 1. Enter enable mode15 by invoking the command enable 2. Restore the factory settings by invoking the command write erase 3. Reeboot the OS9000 by invoking the command reboot Custom A setup can be changed using any of the management stations described in the section Management, page 37. Chapter 5: CLI Management, page 64, shows how to change the setup of the OS9000 using a craft terminal or TELNET station. Their connection is described in the section Management Station, page 59. Their setup is described in the section Remote Management , page 133.

Management
Local Management (Craft Terminal) Make sure that a connection exists between the management station and the OS9000 EIA-232 port. The connection is shown in section Craft Terminal/Emulator (For Out-ofband Management), page 59. If you are using a PC, run the emulation software application (e.g., Microsoft Windows HyperTerminal or TeraTermPro), and set up the craft terminal/emulator as shown in Table 1, below. Table 4: ASCII Craft Terminal/Emulator Setup for CLI Management Transmit/Receive Rate (Baud) 9600 Data Length (Bits) 8 Parity None Stop Bits 1 Flow Control None

15

A CLI mode is a CLI node or level.

April 2005

61

ML48261, Rev. 02 Startup, Setup, and Operation

Chapter 4:

Remote Management (TELNET/SSH/SNMP) For remote management setup, familiarity is required with the CLI and with interface configuration. Accordingly, remote management setup is postponed to the chapter following interfaces. Setup details are given in the section Remote Management Setup, page 133.

Operation
Monitoring
OS9000 becomes fully operational within a few seconds after being powered ON. Its operation can be monitored either by interpreting the status of its LEDs with the aid of Table 5, below, or with a management station (e.g., craft terminal, TELNET station, SSH host, or SNMP NMS). Table 5: Front Panel LEDs Level Global LED SD-RST (ShutdownReset). The LED is unmarked and located near pushbutton PWR. PWR (Power) Status ON-Green Significance While the OS9000 was powered ON, either pushbutton RST or pushbutton PWR was pressed continuously for at least 2 seconds. Normal operation.

OFF

ON-Green ON-Amber

PS1 (Power Supply 1)

OFF ON-Green

OFF

PS2 (Power Supply 2)

ON-Green

OFF

FAN (Fan) TMP (Temperature)

ON-Green ON-Amber OFF ON-Green

Power into the OS9000 system OK. Power present at the entrance to but not in the OS9000 system. (When pushbutton PWR is pressed continuously for at least 2 seconds, LED SD-RST turns ONGreen. When power to the OS9000 system is shutdown, LED PWR turns ON-Amber.) No power at the entrance to the OS9000 system. Power distribution to OS9000 system from Power Supply 1 OK. That is, power cord connecting Power Supply 1 to line/mains, and Power Supply 1 switch in position I. Power distribution to OS9000 system from Power Supply 1 faulty. That is, power cord disconnected or Power Supply 1 switch in position O. Power distribution to OS9000 system from Power Supply 2 OK. That is, power cord connecting Power Supply 2 to line/mains, and Power Supply 2 switch in position I. Power distribution to OS9000 system from Power Supply 2 faulty. That is, power cord disconnected or Power Supply 2 switch in position O. OS9000 system internal fans OK. One or more OS9000 system internal fans faulty. No power into the OS9000 system. Internal temperature of operating OS9000 system OK.

April 2006

62

ML48261, Rev. 02 Startup, Setup, and Operation ON-Amber

Chapter 4: Internal temperature of operating OS9000 system too high. (The internal temperature can be displayed by invoking the CLI command show version. Also, the threshold temperature for triggering this status for the LED TMP can be changed by CLI command.) No power into OS9000 system. Management traffic flowing to/from CPU. No management traffic flowing to/from CPU. CPU watchdog active.

TR (Traffic) WD (Watchdog) Per Port L (Link)

OFF ON-Green OFF ON-Green and OFF alternating ON-Green ON-Amber

A (Activity)

OFF ON-Green OFF

Port link integrity to network OK. Port link integrity to network OK. (Applicable only for the 10/100/1000-T ports 2124.) Port link integrity to network broken or faulty. Port receiving or transmitting data. Port not receiving or transmitting data.

Reset
The reset function is used to restart the OS9000 system without powering it OFF and ON. To reset the OS9000, press pin pushbutton RST.

Shutdown
The shutdown function is used to shut down operation of the OS9000 system. To shutdown the OS9000, press the pushbutton marked PWR until the LED SD-RST turns ON-Green, i.e., for at least 2 seconds. On completion of the process, the LED PWR turns ON-Amber.

April 2006

63

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 5:

CLI Management
General
This chapter describes the following: Generic custom setup/management of the OS9000 using CLI commands. For custom setup/management to operate with specific protocols (e.g., DHCP) and utilities (e.g., ACL), refer to the relevant chapters. The OS9000 is shipped out of the factory already set up. The setup is only partial and allows basic Layer 2 switching between the ports. However, additional settings may be required such as, for example, an IP address for the OS9000. For SNMP management using a PC running MRVs Web-Based Network Management application, refer to the MegaVision Network Management User Manual.

Command Line Interpreter (CLI) management widgets

CLI Access
General
The CLI can be accessed via a Serial/RS-232, TELNET, SSH, or SNMP connection even while the OS9000 is under normal operation!

Access Levels
The OS9000 has three levels of access to the CLI, each appropriate to the knowledge, expertise, and authority of the user. The user accesses a level by entering the password associated with the level. The access levels are listed below. Root Level: At this level, the OS9000 operating system, Linux, is accessible. To enter root level, at login enter the relevant password, and then enter the command linux. To become a root user (super user), enter the command su followed by the root password. Details are given in the section Linux Mode, page 79. Admin Level: At this level, only a limited subset of available commands can be accessed. These commands can be used to monitor system operation status but cannot be used to change system operation configuration. To enter this level, at login enter the relevant password. Enable Level: At this level, most of the system commands can be accessed. These commands can be used to monitor the network, change system operation configuration, upgrade software, save configurations, etc. To enter this level, after login at the Admin Level, invoke the CLI command enable, followed by an additional password if set by the administrator. To access configuration commands, enter the command configure terminal.

Preparation
The following prerequisite information is required to configure the OS9000 A map of your network topology VLAN assignment to ports/interfaces The IP addressing plan for each network interface The protocols required by the network The protocols to be used

April 2005

64

ML48261, Rev. 02 CLI Management Location and IP address of each remote management station

Chapter 5:

First Time Access Root and Admin Passwords Configuration

Passwords are encrypted to provide added security against unauthorized access and configuration changes. A password can contain numerical characters (e.g., 1, 2, 3, etc.), symbols (e.g., $, %, @, etc.) uppercase letters (A, B, C), and lowercase letters (e.g., a, b, c, etc.). When accessing the OS9000 CLI for the first time, both the root (SuperUser-level) password and the admin (administrator-level) password need to be configured. The root password is for accessing the OS9000 Operating System (Linux) in order to change its operating functions. The admin password is for accessing the OS9000 CLI in order to configure operation of the OS9000. The procedure for configuring root and admin passwords is as follows: 1. Power up the OS9000. 2. When the prompt:
MRV OptiSwitch 9000 version d0920-13-07-05 OS9000 login:

appears, type root and press Enter . 3. When the prompt:

You are required to change your password immediately (root enforced) Enter new UNIX password:

appears, type a root password that is six or more characters long and press Enter . 4. When the prompt:
Retype new UNIX password:

appears, retype the root password and press Enter . 5. Type exit and press Enter . 6. When the prompt:
logout MRV OptiSwitch 9000 version d0920-13-07-05 OS9000 login:

appears, type admin and press Enter . 7. When the prompt:

You are required to change your password immediately (root enforced) Enter new UNIX password:

appears, type an admin password that is six or more characters long and press Enter . 8. When the prompt:
Retype new UNIX password:

appears, retype the admin password and press Enter . The system responds with:
Last login: Wed Jul 13 09:51:59 2005 on ttyS0 OS9000>

indicating that CLI is ready for access. These passwords are stored in flash (permanent) memory. They can be changed as described in the section Passwords, page 66. Below, is an example showing the user inputs (in bold) for configuring the root and admin passwords and OS9000 outputs on the CLI screen. The strings of asterisks shown as user

April 2006

65

ML48261, Rev. 02 CLI Management

Chapter 5:

passwords are only representations of the passwords; the passwords (including their length) are actually hidden from view during entry.
MRV OptiSwitch 9000 version d0920-03-07-05 OS9000 login: root You are required to change your password immediately (root enforced) Enter new UNIX password: ****** Retype new UNIX password: ****** # exit logout MRV OptiSwitch 9000 version d0920-03-07-05 OS9000 login: admin You are required to change your password immediately (root enforced) Enter new UNIX password: ****** Retype new UNIX password: ****** Last login: Wed Jul 13 09:51:59 2005 on ttyS0 OS9000>

Standard Access
Follow the steps below if the OS9000 CLI has been accessed before. 1. Power up the OS9000. After initialization is completed (in about one minute), the following prompt will appear: MRV OptiSwitch 9000 version 1_0_10 OS9000 login: 2. Enter the login name admin. The following prompt will appear: Password: 3. Type in the admin password (created as described in the section First Time Access Root and Admin Passwords Configuration, page 65). The system prompt OS9000> will appear to indicate that connection to the CLI is established and the OS9000 is ready for local management. For remote management setup, refer to the section Remote Management Setup, page 133.

Passwords
Three passwords can be configured for the OS9000, each corresponding to a different access level. The access levels are described in the section Access Levels, page 64. The passwords are: Root Password Enables access to the (Linux) operating system of the OS9000 Admin Password Enables access to some CLI commands of the OS9000 Enable Password Enables access to all CLI commands of the OS9000

Root and Admin passwords, by default, are encrypted. Encryption of an Enable password is optional.

Changing the Root Password (and Admin Password)

The root and admin passwords are configured at first time login as described in the section First Time Access Root and Admin Passwords Configuration, page 65. To change the root and admin passwords: 1. Boot or reboot the OS9000. 2. Enter enable mode.

April 2006

66

ML48261, Rev. 02 CLI Management 3. Type linux16. 4. When the prompt $ appears, type su (SuperUser). 5. When the prompt password: appears, type the root password. 6. When the prompt # appears, type set_fb.

Chapter 5:

The OS9000 starts rebooting. At the end of the reboot process, the following prompt is displayed:
MRV OptiSwitch 9000 version 1_0_10 OS9000 login:

7. Configure new root and admin passwords as described in the section First Time Access Root and Admin Passwords Configuration, page 65. Below, is an example showing the user inputs (in bold) for changing the root and admin passwords and OS9000 outputs on the CLI screen. The string of asterisks shown as user password is only a representation of the password; the password is actually hidden from view during entry.
OS9000> enable OS9000# linux $ su Password: ****** # set_fb #reboot .. MRV OptiSwitch 9000 version 1_0_10 OS9000 login:

Changing only the Admin Password

The Admin password is configured the first time the OS9000 is accessed, as described in the section First Time Access Root and Admin Passwords Configuration, page 65. To change the password: 1. Enter mode enable as follows: OS9000> enable OS9000# 2. Enter mode configure terminal as follows: OS9000# configure terminal OS9000(config)# 3. Type password and press Enter. The following prompt appears: OS9000(config)# password Changing password for admin (current) UNIX password: 4. Enter the old (current) password and press Enter. The following prompt appears: Enter new UNIX password: 5. Enter your new password. The following prompt appears: Retype new UNIX password: 6. Re-enter the new password. The password is authenticated and, if accepted by the system, the following prompt appears: OS9000(config)# The password is stored in permanent memory.

16

Entry to the linux mode is indicated by the prompt $. To exit linux mode, invoke the command exit.

April 2006

67

ML48261, Rev. 02 CLI Management

Chapter 5:

Configuring/Changing/Deleting the Enable Password

1. Enter enable mode. OS9000> enable OS9000# 2. Type configure terminal. OS9000# configure terminal OS9000(config)# 3. Type enable password. Type the password. OS9000(config)# enable password myEnablePass 4. To encrypt the enable password, type service password-encryption. 5. To save the password to the configuration files, type write file or write memory. The command write terminal shows the password. To remove encryption, enter mode configure terminal and type the command: no service password-encryption. To delete the enable password, enter mode configure terminal and type the command no enable password. To implement deletion of enable password in permanent memory do write file or write memory. Below, is an example showing the user inputs (in bold) for configuring the enable password and OS9000 outputs on the CLI screen.
MRV OptiSwitch 9000 version 1_0_10 OS9000 login: admin Password: Last login: Thu Sep 1 06:58:43 2005 on ttyS0 OS9000> enable OS9000# configure terminal WORD The HIDDEN 'enable' password string OS9000(config)# enable password myEnablePass OS9000(config)# service password-encryption OS9000(config)# OS9000(config)# write terminal Building configuration... Current configuration: ! version 1_0_10 enable password 8 iBZPg9fiHT9RQ service advanced-vty service password-encryption OS9000(config)#

The example above shows the password myEnablePass encrypted as iBZPg9fiHT9RQ.

Viewing Installed Components

To view what hardware and software components are installed in the OS9000, invoke the command: show version Example
OS9000(config)# show version MRV OptiSwitch 9000 =================== Hardware --------

April 2006

68

ML48261, Rev. 02 CLI Management

Board serial number: 0123456789 Unit serial number : 0123456789 CPU serial number : 0000000001 CPU: MPC8245, 266MHz with 64MB flash and 128MB Dram memory Hardware version: 1 Device temperature: 34 C (normal) Power Supplies: unit 1: ACTIVE unit 2: ACTIVE Fans: Fan 1: NOT ACTIVE Fan 2: NOT ACTIVE Fan 3: NOT ACTIVE Valid ports: 1-24 Software -------MasterOS version: 1_0_11 Build time: Tue Aug 2 17:26:45 IDT 2005 Based on: Linux OS9000 2.4.30-mrv-hf3b #1 Sun Jul 31 12:49:16 IDT 2005 ppc ZebOS 5.2 (powerpc-603-linux-gnu). Driver v1.3.2 s1014 Base MAC address: 00:0F:BD:00:05:B8 up 0:01, 1 user OS9000(config)#

Chapter 5:

The command show version can be invoked from any mode. To view information about the OS9000 CPU: 1. Enter mode configure terminal. 2. Invoke the command show cpu. Example
OS9000(config)# processor cpu revision bogomips vendor machine show cpu : 0 : 82xx : 16.20 (pvr 8081 1014) : 175.71 : Motorola SPS : MRV SBC

Enabling Remote Management

Management access to the OS9000 can be gained via one or more interfaces, e.g., Serial/RS-232 interface CONSOLE EIA-232, out-of-band IP interface MGT ETH, or an inband IP interface. Remote management (SNMP, TELNET, or SSH) access to the OS9000 via the IP interfaces is, by default, disabled. It may be enabled out-of-band and/or inband selectively on one or more specific interfaces as shown below.

Out-of-band
Refer to the section Out-of-band Ethernet Management, page 134.

April 2006

69

ML48261, Rev. 02 CLI Management

Chapter 5:

Inband
Refer to the section Inband Management, page 134.

CLI Modes
Modes are groups of CLI commands available on the OS9000. To enter a mode, type its name and press Enter . The system prompt includes the mode name to signify entry into the mode. A mode itself may contain other modes (in addition to commands). On accessing the CLI (as described in the section CLI Access, page 64), the modes (and commands) in each mode can be displayed by pressing Shift ? .

Viewing CLI Commands

On accessing the CLI (as described in the section CLI Access, page 64), the commands in a mode together with their description can be viewed as follows: 1. Type the name of the mode containing the CLI command to be viewed. 2. Press Shift ? .

Conventions for CLI Commands

Table 6, below, describes the conventions used for CLI commands as presented in the manual. Table 6: Conventions for CLI Commands Convention Courier Bold Courier Argument Description This typeface represents information provided to the system. This typeface represents information provided by the system. Part of a command.

Symbols in CLI Commands

Table 7, below, describes the symbols used in CLI commands. Table 7: Symbols in CLI Commands Symbol argument in lower case (keyword) ARGUMENT IN UPPER CASE (VALUEWORD) Significance Argument to be entered as is. Argument to be replaced with a value. To specify number values: Type the individual numbers separated by commas and/or Type the lowest and highest number separated by a hyphen (-) to specify a range of consecutive numbers. Example: To specify numbers 1, 3, 4 to 7, and 9, type 1, 3, 47, 9 Optional command argument enclosure. Do not type this symbol with the command argument! Typed command can be invoked by pressing Enter . Process the output of a CLI command by any Linux command (e.g., wc, grep, tail, etc.). mode disable prompt.

(CR) | OS9000>

April 2006

70

ML48261, Rev. 02 CLI Management OS9000# OS9000(config)# mode enable prompt. mode configure terminal prompt.

Chapter 5:

Functional Keys for Commands

Table 8: Functional Keys for CLI Commands Key Tab Function Used to complete a keyword after its first few letters are typed. Tab adds letters to a partially typed keyword that are common to all keywords beginning with the partially typed keyword. If the partially typed keyword is unique to a keyword, Tab completes the keyword. If the partially typed keyword is not unique to a keyword, additional letters will have to be typed in order for Tab to complete the keyword. (After the first few letters are typed) Executes the command if these letters are a complete command. Displays the message % Command incomplete if the letters are not a complete command. Displays the message % Unknown command if the first letters are not those of any command. (After the system prompt) Displays all the modes/commands selectable at the current CLI level. (After the first few letters are typed) Displays selectable modes/commands/arguments beginning with these letters. (After a word [mode, command, or argument] is typed) Displays a set of arguments from which one is selectable. Scrolls displayed list. Changes access to the higher mode. Jumps to the first character on the line. Moves the cursor back one character. Escapes from and terminates prompts and lengthy tasks. Deletes the character to the left of the cursor. Deletes the character at the cursor. Deletes all characters from the cursor to the end of the word. Deletes the last word typed. Deletes all characters from the cursor to the beginning of the command line. Deletes all characters from the cursor to the end of the command line. Jumps to the end of the current command line.

Enter

Shift ?

Spacebar Q Ctrl A Ctrl B or Ctrl C Del or Backspace Ctrl D Esc D Ctrl W Ctrl U or Ctrl X Ctrl K Ctrl E

April 2006

71

ML48261, Rev. 02 CLI Management Ctrl F or Ctrl L or Ctrl R Ctrl Z Esc B Esc F Moves the cursor forward one character. Repeats the current command on a new line. Returns to enable mode from any other mode. Moves the cursor back one word. Moves the cursor forward one word. Displays earlier invoked commands. Displays later invoked commands.

Chapter 5:

Help
By pressing Shift ? when the cursor is in differing positions in a command, different information on the command/argument can be obtained. Note ? does not appear in the CLI window when Shift ? is pressed. However, it is shown in the following example (and elsewhere) for clarity. CLI Help: Press Shift ? at the system prompt of any mode to see the commands available for that mode. The following example displays the available options when you press Shift ? in the User mode.
OS9000> ? clear enable exit help list logout ping quit show traceroute OS9000> clear ip nat rules Turn on privileged mode command Exit current mode and down to previous mode Description of the interactive help system Print command list Logout from this current session Send echo messages Exit current mode and down to previous mode Show running system information Trace route to destination

Partial Keyword Help: To view the list of commands that begin with a partial keyword you have typed, without inserting a space after the last character of the partial keyword, press Shift ? . For example, when you type qu and press Shift ? , the following results are displayed:
OS9000(config)# qu? queueing Set the system's queues scheduling mode quit Exit current mode and down to previous mode OS9000(config)# qu

Keyword Definition Help: To view the definition of a command or keyword that you have typed, without inserting a space after the last character of the keyword, press Shift ? . For example, when you type the command port and press Shift ? , the following results are displayed:
OS9000(config)# port port Port configuration OS9000(config)# port

April 2006

72

ML48261, Rev. 02 CLI Management

Chapter 5:

Command Syntax Help: To view a list of valid keywords and arguments for a command you have typed, insert a space after the last character of the command and press Shift ? . This list contains all the relevant commands, keywords, and arguments relating to the command you have typed. For example, when you type port and press Shift ? , the following results are displayed:
OS9000(config)# port ? core-ethertype-1 core-ethertype-2 default description duplex egress-shaping flood-limiting media-select mirror priority-queuing priority-queuing-group sl speed state tag-outbound-mode trunk OS9000(config)# port Set ethertype-1 mode Set ethertype-2 mode Set port speed and duplex to default value Set port description Port duplex mode Egress rate shaping Enable limiting the rate received on a port. Select media for the port Mirroring packets received to the analyzer port Set port scheduling parameters Config port priority-queuing groups Port service-level Port speed configuration Port state Set port outbound tag mode Create a port trunk entry

Listing CLI Commands

To display the list of all CLI commands in all valid syntaxes that are available at any mode: 1. Enter the mode. 2. Invoke the command list. The CLI commands in a list are displayed in alphabetical order.

Invoking a CLI Command

General
A CLI command consists of a name and none, one, or several arguments. The name may be one word (e.g., interface) or hyphenated words (e.g., radius-server). An argument must be preceded by a blank space. It may be a keyword (identified by lowercase text) or a valueword (identified by uppercase text). If a keyword is selected, it must be typed in as is. If a valueword is selected, a value must be typed instead of it. The value may be just a number or a string consisting of letters, number digits, and other symbols. Valid values are either displayed or can be determined from the description of the valueword.

Procedure
To invoke a CLI command: 1. Enter the mode containing the command. 2. Type the command name. (If you are not sure of the full name of the command, type its first few letters and press Shift ? . Command names beginning with these letters are displayed. Identify the command name you need, and type in one or more additional letters of the command name until the letters are now unique to the command. To complete the command name, press Tab .) 3. Press Shift ? to display arguments (if any) that need to be entered. Identify the argument you need. If the argument is a keyword (identified by lowercase text), April 2006 73

ML48261, Rev. 02 CLI Management

Chapter 5:

type the first few letters that are unique to the argument. If the argument is a valueword, type a value for it using the description given for the value as a guide. 4. Repeat Step 3, until the symbols (CR) and | appear. 5. Press the Enter to invoke the command.

Example
The following example illustrates how a CLI command can be invoked. The procedure is described in considerable detail to serve as a guide for invoking other CLI commands and to show how various functional keys can be used when invoking a CLI command. These functional keys help in using the exact syntax of a command while minimizing typing. Suppose the aim is to invoke the command interface vlan IFNAME. Access the CLI (as described in the section Standard Access, page 66). When the prompt OS9000> is displayed, press Shift ? to display the commands available at this level. The CLI response is shown below.
OS9000> ? enable exit help list logout monitor nslookup ping quit show telnet traceroute OS9000> Turn on privileged mode command Exit current mode and down to previous mode Description of the interactive help system Print command list Logout from this current session Monitor Name server query Send echo messages Exit current mode and down to previous mode Show running system information Open a telnet connection Trace route to destination

Notice that the symbol ? does not actually appear on the screen. Still, it is shown to indicate that Shift ? was pressed after the CLI prompt OS9000>. Also, notice that a description appears against each command. Type e and press Shift ? . The CLI response is shown below.
OS9000> e? enable Turn on privileged mode command exit Exit current mode and down to previous mode OS9000> e

Notice that the two commands enable and exit are displayed because both these commands begin with e. To select the command enable type n (after the e to get en, which is different from ex in the command exit), and press Tab . Then press Enter . The CLI response is shown below.
OS9000> enable OS9000#

Notice that the system prompt has changed from OS9000> to OS9000#. #indicates entry into enable mode. Next, type con and press Tab . The CLI response is shown below.
OS9000# configure

Press Shift ? to determine possible argument choices. The CLI response is shown below.
OS9000# configure? terminal Configuration terminal OS9000# configure

April 2006

74

ML48261, Rev. 02 CLI Management

Chapter 5:

The only argument is terminal. Type t, press Tab , and then press Shift ? . The CLI response is shown below.
OS9000# configure terminal ? <cr> | Output modifiers OS9000# configure terminal

Notice that only the symbols <cr> and | appear. This indicates that there are no more arguments to enter. Invoke the command configure terminal by pressing Enter . The CLI response is shown below.
OS9000(config)#

Notice that the system prompt has changed from OS9000# to OS9000(config)#. You now have access to mode configure terminal. You can now press Shift ? to determine possible command choices. Type i and press Shift ? . The CLI response is shown below.
OS9000(config)# i? interface Interface infomation ip IP information OS9000(config)# i

Notice that the two commands interface and ip are displayed because both these commands begin with i. To select the command interface type the letter n,so as to have in which distinguishes it from ip, and press Tab . The CLI response is shown below.
OS9000(config)# interface

Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS9000(config)# interface ? IFNAME Existing interface device-name (i.e vif3,...) out-of-band New or existing out-of-band interface configuration vlan New or existing vlan interface configuration OS9000(config)# interface

Select vlan by typing v and pressing Tab . The CLI response is shown below.
OS9000(config)# interface vlan

Press Shift ? to display the selectable arguments. The CLI response is shown below.
OS9000(config)# interface vlan ? IFNAME Device name (e.g., vif3) OS9000(config)# interface vlan

Type an interface ID, e.g., vif7, and press Shift ? to display the selectable arguments. The CLI response is shown below.
OS9000(config)# interface vlan vif7 ? <cr> | Output modifiers OS9000(config)# interface vlan vif7

Notice that only the symbols <cr> and | appear. This indicates that there are no more arguments to enter. To invoke the command, press the Enter . The CLI response is shown below.
OS9000(config)# interface vlan vif7 OS9000(config-vif7)#

Notice that the system prompt has changed from OS9000(config)# to OS9000(configvif7)#, indicating that the command was successfully executed and that the system has entered interface mode.

April 2006

75

ML48261, Rev. 02 CLI Management

Chapter 5:

Quick Entry of a CLI Command

For convenience, to invoke a command it is sufficient to type only the first few letters of the command that are different from the other commands. Example: For e.g., if the only commands in a mode (node or level) that begin with the letter e are enable and exit, to invoke enable it is enough to type en; to invoke exit it is enough to type ex.

CLI Command Negation

Many commands may be prefixed with no in order to disable the feature or function enabled by the command. By invoking the command without the prefix no, the function (not data) that you disabled or that was disabled is re-enabled. Example: The command no ip route disables the static route established by the command ip route.

View Modes
Viewing of system information on the screen can be set to either of the following modes:

Paging

Paging (display one full screen of information at a time) No paging (display all information without interruption until its end)

This is the default mode. 1. Enter mode enable. 2. Invoke the command cli-paging.

No Paging
1. Enter mode enable. 2. Invoke the command no cli-paging.

Pipelining a CLI Command

The pipe | is used to process the output of a CLI command (e.g., show lt) by any Linux command (e.g., wc, grep, tail, etc.). Example: OS9000(config)# show lt | ? .. Shell command to process the output begin Begin with the line that matches end End with the line that matches exclude Exclude line that match include Include line that match write Write output to file OS9000(config)# show lt | begin B8 2 3 00:0F:BD:00:05:B8 1 Intern STATIC 7 FF:FF:FF:09:BD:5C 1 Intern STATIC OS9000(config)# where,

April 2006

76

ML48261, Rev. 02 CLI Management

Chapter 5:

B8 is the pattern that a line must contain in order to be displayed. 2 is the number of lines to be displayed. Example: OS9000# show lt | wc 18 78 933 OS9000# where, lt is Learn Table, wc is word count, 18 is the number of lines, 78 is the number of words, 933 is the number of characters. Example: To display the lines containing the string FF:FF:FF:FF:FF:FF in the output of the command show lt, and to show the word count of these lines. OS9000# sh lt | grep 7C:22:8A:B5:16:CE 2 7C:22:8A:B5:16:CE 1 Intern STATIC 4 7C:22:8A:B5:16:CE 100 Intern STATIC 42 7C:22:8A:B5:16:CE 4095 Intern STATIC OS9000# sh lt | grep 7C:22:8A:B5:16:CE | wc 3 15 150 OS9000# where, lt is Learn Table, wc is word count, 3 is the number of lines, 15 is the number of words, 150 is the number of characters. Example: To display the first 10 entries of the MAC table containing the string 00:60, do: OS9000# show lt | include 00:60 | head n 10 OS9000#

Accessing an enable Mode Command from any Mode

From any mode, any command in enable mode can be accessed by prefixing the command with do. Example To invoke the command show time (which belongs to enable mode) from the mode interface, invoke do show time as shown below:
OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif7 OS9000(config-vif7)# do show time Mon Sep 5 02:59:15 GMT 2005 OS9000(config-vif7)#

Copy-Paste Mode
Entry and Usage
The command copy-paste is used to execute a set of CLI commands simply by pasting them onto a CLI window. The procedure for using the command copy-paste is as follows: 1. Enter mode enable. 2. Invoke the command copy-paste. 3. Paste the CLI commands onto the CLI window.

April 2006

77

ML48261, Rev. 02 CLI Management

Chapter 5:

Example
The example below shows how the command copy-paste can be used. The steps in the configuration are as follows:

User invokes command show interface. System shows just one interface, namely, vif0. User invokes commands copy-paste and configure terminal, and pastes the following group of CLI commands for configuring the interfaces vif1 and vif2:
! interface vlan vif1 tag 10 ip 193.218.67.55/24 ports 1-3 ! interface vlan vif2 tag 20 ip 193.88.67.55/24 ports 4-7 !

System executes the CLI commands as indicated by its response shown on the screen and marked in color blue. User invokes the commands exit and show interface to verify that the system has indeed configured the two interfaces.

OS9000# show interface INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif0 vif0 DO 00:0F:BD:00:05:B8 0001 1-24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9000# copy-paste OS9000# configure terminal OS9000(config)# OS9000(config)# ! OS9000(config)# interface vlan vif1 !OS9000(config-vif1)# tag 10 OS9000(config-vif1)# ip 193.218.67.55/24 OS9000(config-vif1)# ports 1-3 Event: Ethernet tagged interface 'vif1' ADDED Interface is activated. OS9000(config-vif1)# ! OS9000(config-vif1)# interface vlan vif2 OS9000(config-vif2)# tag 20 OS9000(config-vif2)# ip 193.88.67.55/24 OS9000(config-vif2)# ports 4-7 Interface is activated. Event: Ethernet interface 'vif0' MODIFIED Event: Ethernet tagged interface 'vif2' ADDED OS9000(config-vif2)# ! OS9000(config-vif2)# exit OS9000(config)# show interface INTERFACES TABLE ================ Name M Device

IP

State MAC

Tag

Ports

April 2006

78

ML48261, Rev. 02 CLI Management

Chapter 5:

------------------------------------------------------------------------------vif1 vif1 193.218.67.55/24 DO 00:0F:BD:00:05:B8 0010 1-3 vif2 vif2 193.88.67.55/24 DO 00:0F:BD:03:05:B8 0020 4-7 vif0 vif0 DO 00:0F:BD:00:05:B8 0001 1-3,8-24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9000(config)#

Exit
To exit mode copy-paste, invoke the command no copy-paste.

Linux Mode
General
The OS9000 MasterOS software runs over the Linux operating system. The user can access the Linux operating system shell in order to perform advanced functions and to monitor internal MasterOS operations and parameter values.
Caution!

Before accessing the Linux operating system shell, it is advisable to consult Customer Support at MRV. Improper use of the shell/Linux commands at the SuperUser level may cause damage to the OS9000 MasterOS software and OS9000 File System!

Entry
The procedure for accessing the Linux operating system shell is as follows: 1. Enter enable mode. 2. To enter Linux mode, type linux. 3. When the prompt $ appears, invoke the command su for superuser privileges. 4. When the prompt Password: appears, type the root password. Example
OS9000> enable OS9000# linux $ su Password: #

Exit
To exit the Linux operating system shell, type exit twice as shown in the example below. Example
# exit exit $ exit exit OS9000#

Hostname
To configure/change a new network name for the OS9000, from configure terminal mode type hostname and the hostname as shown in the example below. Only a single word is allowed however, underscores can be used.

April 2006

79

ML48261, Rev. 02 CLI Management Example

OS9000(config)#hostname zeus_2 zeus_2(config)

Chapter 5:

Banner
Definition
A banner is text indicating the OS9000s association. The banner can consist of one or more text lines and appears on the console at login.

Default
The default banner is the factory-set banner that usually identifies the vendor name, product, and operative software version as shown in the example below:
MRV OptiSwitch 9024 version d1734-22-09-05

Viewing
To view the current banner, from configure terminal mode invoke the command show banner.

Configuration
Method 1 To configure the first line of the banner: 1. Enter configure terminal mode. 2. Invoke the command banner TEXT where, TEXT Text to be entered in the banner line. To configure additional lines in the banner: 1. Invoke the command banner-line NUMBER TEXT where, NUMBER Number of banner line. TEXT Text to be entered in the banner line. 2. Repeat the above command for each banner line you want. Example
OS9000(config)# banner MRV OptiSwitch 9024 version d1734-22-09-05 OS9000(config)# banner-line 2 Hamlyn Town OS9000(config)# banner-line 3 Building Complex 25G OS9000(config)# show banner Line 1 : MRV OptiSwitch 9024 version d1734-22-09-05 Line 2 : Hamlyn Town Line 3 : Building Complex 25G OS9000(config)#

Method 2 To configure a banner consisting of multiple lines: 1. Enter configure terminal mode. 2. Enter banner mode. 3. Type text to be entered in the first, second, etc. banner line making sure to press Enter at the end of each line. Example
OS9000(config)# show banner banner is default

April 2006

80

ML48261, Rev. 02 CLI Management

OS9000(config)# banner OS9000(config-banner)# MRV OptiSwitch 9024 version d1734-22-09-05 OS9000(config-banner)# Hamlyn Town OS9000(config-banner)# Building Complex 25G OS9000(config-banner)# exit OS9000(config)# show banner Line 1 : MRV OptiSwitch 9024 version d1734-22-09-05 Line 2 : Hamlyn Town Line 3 : Building Complex 25G OS9000(config)#

Chapter 5:

Date
To configure/change the date, from enable mode type date and enter the month, day, and year.
OS9000# date December 17 2005 Thu Oct 17 11:41:28 EDT 2005

Time
To configure/change the local time, from enable mode type time and enter the time in the format hh:mm.
OS9000# time 13:47 Thu Oct 17 13:47:00 EDT 2005

Location
To configure/change the location record of the OS9000: 1. Enter the following modes in succession: enable configure terminal snmp OS9000(config)#snmp OS9000(config-snmp) 2. Type location and the location description. The description can be any alphanumeric string; a single word or several words separated by blank spaces or interconnected by hyphens or underscores. OS9000(config-snmp)location main_building_second_floor OS9000(config-snmp)

Saving Configuration
To save the run-time configuration to the Startup configuration file (in flash permanent memory), use any one of the following methods:

Method 1
1. Enter the enable mode or any other mode under it. 2. Invoke the following command: write file Example:
OS9000# write file Building Configuration... [OK] OS9000#

Method 2
1. Enter the enable mode or any other mode under it.

April 2006

81

ML48261, Rev. 02 CLI Management 2. Invoke the following command: write memory Example:
OS9000# write memory Building Configuration... [OK] OS9000#

Chapter 5:

Method 3
1. Enter the enable mode or any other mode under it. 2. Invoke the following command: copy running-config startup-config where, running-config Copy from Run-time configuration file. startup-config Copy to Startup configuration file. Example:
OS9000# copy running-config startup-config Building Configuration... [OK] OS9000#

Viewing Configuration Information

To view all the configuration information on the management console, enter the enable mode or any other mode under it, and invoke the command: write terminal as shown below:
OS9000# write terminal Building configuration... Current configuration: ! version d1734-22-09-05 ! port tag-outbound-mode tagged 3 ! action-list ACN1 tc-action account packet-counters counter-set-number 2 rate single-leaky-bucket cir 5m cbs 10K ebs 5K ! action-list ACN2 tc-action drop-red rate dual-leaky-bucket cir 1m cbs 100K pir 2m pbs 200K ! action-list ACN3 ! tc-counters-group WaterPark action-list ACN1 action-list ACN2 ! access-list extended ACL1 rule 10 action deny source-ip eq 32.32.32.32/32 rule 20 action permit

April 2006

82

ML48261, Rev. 02 CLI Management

dest-ip eq 31.31.31.0/24 rule 30 action list ACN1 mark sl 7 rule 40 action list ACN1 protocol eq icmp ! access-list extended ACL2 rule 10 action deny source-ip eq 35.35.35.35/32 dest-ip eq 36.36.36.36/32 rule 20 action mirror-to-cpu source-ip eq 192.7.7.0/24 ! interface vlan vif7 tag 100 ip 192.1.3.4/24 ports 1-3 ! interface vlan vif8 tag 200 ip 192.2.3.4/24 ports 3-6 access-group ACL2 5-6 ! interface vlan vif9 tag 78 ip 192.3.28.205/24 ports 10-12 ! OS9000#

Chapter 5:

Restoration of Factory Default Configuration

To restore the factory default configuration to the OS9000 (and to save the current configuration): 1. Enter the enable mode. 2. Invoke the command: write erase as shown in the example below:
OS9000# write erase Restore factory defaults and backup current configuration. Ok. OS9000#

To make the factory default configuration run-time, invoke the command reboot.

Restoration of Erased Configuration

To restore the OS9000 configuration that existed prior to erasure by the command write erase: 1. Enter the enable mode. 2. Invoke the command: write old-configuration as shown in the example below: OS9000> enable OS9000# write old-configuration

April 2006

83

ML48261, Rev. 02 CLI Management

Chapter 5:

Restore last erased configuration. OS9000# This action will delete all the user-configurations performed after the command write erase was invoked.

Rebooting
Rebooting restarts the OS9000 with the new image (operative firmware) if one was downloaded.

Modes
The OS9000 can be set so that at reboot it is either configured or not configured according to its configuration file System.conf. With Configuration File By default, the OS9000 is configured according to its configuration file at reboot. To set the OS9000 so that it is not configured according to its configuration file at reboot: 1. Enter enable mode. 2. Invoke the command: default boot-config-file Without Configuration File To set the OS9000 so that it is configured according to its configuration file at reboot: 1. Enter enable mode. 2. Invoke the command: boot-config-file empty-configuration

Methods
The OS9000 can be rebooted at any time using any of the following methods: Normal 1. Enter enable mode. 2. Invoke the command: 3. reboot if you want to reconsider whether to reboot. 4. In response to the prompt: Would you like to reboot the system now ? (y|n) Type y if you want to reboot now. Type: n if you do not want to reboot. Or reboot-force if you want rebooting to be done straightaway, i.e., without prompts. Warm To restart the OS9000 system without powering it OFF and ON press pushbutton PWR. Cold To restart the OS9000 system with powering it OFF, press pin pushbutton RST. Scheduler Use the Scheduler utility Scheduler, page 307. This utility can be used to automatically trigger rebooting at a preset date and time.

April 2006

84

ML48261, Rev. 02 CLI Management

Chapter 5:

Access Security
General
Illegal access to networks and Denial-of-Service (DoS) attacks are real threats to provider networks and their customers. Access Security provides security against unauthorized access to the OS9000 through multiple security checks. Any number of interfaces can be set for access to the OS9000 CLI. Access Security together with CPU Firewall, VLAN management, RADIUS, SSHv2, ACLs, and SNMPv3 provide the network administrator improved and secure access to the OS9000.

Procedure
To set attributes which a host must have in order to be able to access the OS9000 for management: 1. Enter configure terminal mode. 2. Create a VLAN interface by invoking, the command: interface vlan IFNAME where, vlan VLAN IFNAME Interface ID having the format vifX, where X is a decimal number in the range 1-4095 as shown in the example below: Example OS9000(config)# interface vlan vif7 OS9000(config-vif7)# ports 1-3 OS9000(config-vif7)# tag 10 Interface is activated. OS9000(config-vif7)# ip 193.27.248.65/24 OS9000(config-vif7)# 3. Select the protocol and IP address (for the created interface) with which the OS9000 will be accessible by invoking the following command: management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS] where, snmp Enable SNMP management telnet Enable TELNET management ssh Enable SSH management tftp Enable the OS9000 to operate as a TFTP server from which the configuration files stored in the OS9000 can be accessed [SOURCE_IPV4_ADDRESS] IP address/mask of hosts allowed to access the OS9000. If no value is entered for this argument, the IP address of the host attached to the interface is ignored by the OS9000. as shown in the example below: Example OS9000(config-vif3)# management telnet 11.10.10.10/32 OS9000(config-vif3)# Note More than of the management protocols (SNMP, SSH, and TELNET) may be selected with which the OS9000 will be accessible by repeating the command management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS].

April 2006

85

ML48261, Rev. 02 CLI Management

Chapter 5:

Learn Table
Definition
The Learn Table is a map of currently connected stations17 to ports. The Learn Table is dynamically updated and can maintain as many as 16K unicast entries (MAC addresses) for an OS9000.

Viewing
All or selective entries of the Learn Table can be displayed according to one or more of the following attributes: port number, tag number, interface ID. To view Learn Table entries: 1. Enter configure terminal mode. 2. To view entries using interface ID: Invoke the command: show lt port PORT|all interface IFNAME|all where, PORT Port number. all (first) All ports. IFNAME ID of an existing device/interface (e.g., vif3) all (second) All interfaces. To view entries using interface Tag: Invoke the command: show lt port PORT|all tag TAG|all where, PORT Port number. all (first) All ports. TAG Tag of existing device/interface (e.g., vif3) all (second) All tags.

Aging
Aging is a mechanism that clears entries of stations that are not active, shutdown, or moved to another location. The default aging time is 300 seconds. To change the aging time: 1. Enter configure terminal mode. 2. Invoke the command: lt aging <10-630>|default where, <10-630> Aging time in seconds. The aging time must be a number that is a multiple of 10 and in the range 10-630. default Default aging time, which is 300 seconds. Example OS9000(config)# lt aging 370 OS9000(config)# To disable aging: 1. Enter configure terminal mode. 2. Invoke the command:
17

The stations are identified by their MAC address.

April 2006

86

ML48261, Rev. 02 CLI Management no lt aging Example OS9000(config)# no lt aging OS9000(config)#

Chapter 5:

Limiting
Logging of entries in the Learn Table can be limited in number with respect to prespecified ports of entry and VLAN tags. To limit entries with respect to ports: 1. Enter configure terminal mode. 2. Invoke the command: lt limit port PORTS-GROUP entries ENTRIES-LIMIT where, PORTS-GROUP Group of ports. ENTRIES-LIMIT Maximum number of entries in the range 0-16k that can be logged in the Learn Table. To revoke the above command, invoke the command: no lt limit port PORTS-GROUP Example OS9000(config)# lt limit port 4-7 entries 6k OS9000(config)# To limit entries with respect to VLAN tags: 1. Enter configure terminal mode. 2. Invoke the command: lt limit tag TAGS-GROUP entries ENTRIES-LIMIT where, TAGS-GROUP VLAN tags in the range 0-4095. ENTRIES-LIMIT maximum number of entries in the range 0-16k that can be logged in the Learn Table. To revoke the above command, invoke the command: no lt limit tag TAGS-GROUP Example OS9000(config)# lt limit tag 2-10 entries 5k OS9000(config)# To view the limits on entries (with respect to ports and VLAN tags): 1. Enter configure terminal mode. 2. Invoke the command: show lt limit Example OS9000(config)# show lt limit NO PORTS TAGS LIMIT 1 2-10 5120 2 4-7 6144 OS9000(config)#

Entries
Entries may be manually logged in the Learn Table as follows: 1. Enter configure terminal mode. 2. Invoke the command: lt entry MAC_ADDRESS PORT TAG dynamic|static [<1-8>]

April 2006

87

ML48261, Rev. 02 CLI Management

Chapter 5:

where, MAC_ADDRESS Learned MAC address in the format xx:xx:xx:xx:xx:xx, where xx is a double-digit hexadecimal number. PORT Physical port number. TAG Interface VLAN tag in the range 1-4095. dynamic Dynamic entry. static Static entry. [<1-8>] Service Level (SL) To revoke the above command, invoke the command: no lt entry MAC_ADDRESS TAG Example OS9000(config)# lt entry 7b:22:c9:3d:5e:ab 6 30 dynamic 4 OS9000(config)#

Flushing
Port Entries To delete port-related entries in the Learn Table: 1. Enter configure terminal mode. 2. Invoke the command: clear lt port NUMBER where, NUMBER is physical port number. Example OS9000(config)# clear lt port 3 OS9000(config)# VLAN Entries To delete VLAN-related entries in the Learn Table: 1. Enter configure terminal mode. 2. Invoke the command: clear lt vlans TAGS-LIST port NUMBER where, TAGS-LIST is list of interface VLAN tags. A tag can be any number in the range 0-4095. NUMBER is the number of a physical port that is a member of the VLAN(s). Example OS9000(config)# clear lt vlans 10,30 port 2 OS9000(config)#

Maximum Transmission Unit (MTU)

Definition
Maximum Transmission Unit (MTU) is the largest physical packet size (including jumbo packet size), measured in bytes, that the OS9000 can forward.

Procedure
The default MTU size is 1552. To change an MTU size: 1. Enter the configure terminal mode. 2. Enter the boot mode.

April 2006

88

ML48261, Rev. 02 CLI Management 3. Invoke the command: mtu-size SIZE

Chapter 5:

where, SIZE is a number specifying the largest physical packet size, in bytes, that the OS9000 can transmit. The valid sizes are 1518, 1522, 1552 (default), 9022, and 9192. 4. Invoke the command write file or write memory to save the new setting in permanent memory. 5. Invoke the command reboot or reboot-force for the MTU size to become runtime. Below, is an example showing the user inputs (in bold) for limiting the packet size and OS9000 outputs on the CLI screen.
MRV OptiSwitch 9024 version d0733-08-01-06 OS9024F login: admin Password:

OS9024F> enable OS9024F# configure terminal OS9024F(config)# boot OS9024F(config-boot)# mtu-size 1518 1522 1552 9022 9192 MTU size: 1518 MTU size: 1522 MTU size: 1552 (default) MTU size: 9022 MTU size: 9192

OS9024F(config-boot)# mtu-size 9192 Action will come into effect after rebooting OS9024F(config-boot)# write file Building Configuration... [OK] OS9000(config-boot)# do reboot-force

Syslog
Definition
Syslog is a standard login mechanism that stores system messages and events. Events for all processes except for the Operative Software are, by default, logged in Syslog. The procedure for enabling the OS9000 to log Operative Software events as well in the Syslog is given in the section Logging for Operative Software Events, page 90. Syslog is maintained in the OS9000 RAM and is erased on power off or reboot. To keep a permanent record of the Syslog, a Remote Syslog server can be used, such as, a PC running a Syslog application program.

Requirements
The following are required for Remote Syslog: Syslog Server (For e.g., PC with the following:

Operating System: For e.g., Microsoft Windows 95/98/2000/NT/XP

April 2006

89

ML48261, Rev. 02 CLI Management

Chapter 5:

Syslog application program: For e.g., 3Com 3CSyslog

Connectivity to the Syslog server, for e.g., by invoking the command ping in enable mode

Setup
The procedure for enabling Remote Syslog is as follows: 1. Verify connectivity to the Syslog server, for e.g., by invoking the command ping in enable mode 2. Enter configure terminal mode. 3. Invoke the command: rsyslog IPV4_ADDRESS where, IPV4_ADDRESS IP address of Syslog server

File Location
The Syslog file is stored at: /var/log/messages.

Logging for Operative Software Events

By default, events are logged in Syslog for all processes except for the Operative Software. To enable logging of Operative Software events as well: 1. Enter configure terminal mode. 2. Invoke the command: log syslog [trap alerts|critical|debugging|disable|emergencies|errors| informational|notifications|warnings] where, alerts Log alerts, emergencies Log critical errors, alerts, emergencies

critical

debugging Log debugging messages, informational messages, notifications, warnings, errors, critical errors, alerts, emergencies disable Log nothing emergencies errors Log emergencies Log errors, critical errors, alerts, emergencies

informational Log informational messages, notifications, warnings, errors, critical errors, alerts, emergencies notifications Log notifications, warnings, errors, critical errors, alerts, emergencies warnings Log warnings, errors, critical errors, alerts, emergencies

No Logging for Operative Software Events

To stop logging of Operative Software events in Syslog: 1. Enter configure terminal mode. 2. Invoke the command: no log syslog

No Logging for CLI Commands

To stop logging of executed CLI commands in Syslog: 1. Enter configure terminal mode.

April 2006

90

ML48261, Rev. 02 CLI Management 2. Invoke the command: no log commands

Chapter 5:

Logging for CLI Commands

By default, all executed CLI commands are logged in Syslog. To enable logging of executed CLI commands: 1. Enter configure terminal mode. 2. Invoke the command: log commands

Messages to the CLI

Syslog messages can be sent to the CLI as follows: 1. Enter enable mode. 2. Invoke the command: log stderr [trap alerts|critical|debugging|disable|emergencies|errors| informational|notifications|warnings] where, alerts Log alerts, emergencies Log critical errors, alerts, emergencies

critical

debugging Log debugging messages, informational messages, notifications, warnings, errors, critical errors, alerts, emergencies disable Log nothing emergencies errors Log emergencies Log errors, critical errors, alerts, emergencies

informational Log informational messages, notifications, warnings, errors, critical errors, alerts, emergencies notifications Log notifications, warnings, errors, critical errors, alerts, emergencies warnings Log warnings, errors, critical errors, alerts, emergencies 3. Invoke the command: write file

Viewing
To view Syslog messages: 1. Enter enable mode. 2. Invoke the command: show syslog [all|debug|info|warning|error] [START_DATE] [END_DATE] where, all Show all messages debug info error fatal Show messages with level from debug to fatal Show messages with level from info to fatal Show messages with level warning, error and fatal Show messages with level error and fatal Show only messages with level fatal

warning

START_DATE The start date. Format: mm-dd-hh:mm:ss, e.g., 04-0109:00:00 or start for messages from the beginning.

April 2006

91

ML48261, Rev. 02 CLI Management

Chapter 5:

END_DATE The end date. Format: mm-dd-hh:mm:ss, e.g., 04-0109:00:00 or exclude for messages ending at current time.

Clearing
To clear the Syslog: 1. Enter enable mode. 2. Invoke the command: clear syslog

SNMP Management
Requirements
For SNMP management of the OS9000, you need to: Define a round-trip route from the OS9000 to the SNMP manager Verify connectivity between the OS9000 and the SNMP manager Enable SNMP management Configure SNMP parameters (e.g., SNMP NMS IP address, community names, etc.)

Enabling
The procedure for enabling SNMP management is described in the section Remote Management Setup, page 133.

Commands
All SNMP commands are accessible at the snmp mode. To access snmp mode: 1. Enter configure terminal mode. 2. Invoke the command: snmp

Management Functions
In snmp mode, CLI commands can be invoked to perform the following SNMP management functions:

System Identification Access Control Trap Generation Display

System Identification
The following system MIB objects can be set for the OS9000: SysContact Used to set contact information, e.g., about system administrator sysLocation Used to set location information, e.g., about the OS9000s location To set the sysContact object, invoke the command: contact .. where, .. Contact information text. To set the sysLocation object, invoke the command: location ..

April 2006

92

ML48261, Rev. 02 CLI Management where, .. Location information text. To display the sysContact and sysLocation objects, invoke the command: show snmp system Following is a configuration example:
MRV OptiSwitch 9000 version d0907-21-07-05 OS9000 login: admin Password: Last login: Thu Sep 1 01:26:19 2005 on ttyS0 OS9000> enable OS9000# configure terminal OS9000(config)# snmp OS9000(config-snmp)# contact [email protected] OS9000(config-snmp)# location Paradise Island (P.O.B. 123) OS9000(config-snmp)# show snmp system location location Paradise Island (P.O.B. 123) contact [email protected] OS9000(config-snmp)#

Chapter 5:

Access Control
The OS9000 can be used to perform access control with the following SNMP versions:

SNMP version 1/2c SNMP version 3

SNMP Version 1/2c General Access control in SNMPv1/2c is based both on Community String and on Source IP Address of the request. Community Strings Description Community strings (names) function like passwords. They are used to authenticate SNMP requests to monitor and/or configure the OS9000. Each SNMP request packet that is received is checked for a community string, the associated access privilege, and the Source IP address of the request. Only if these present in the packet match those in the OS9000 database, access is permitted. The same community string from different administrators can mean different access privileges (e.g., write-read, read-only, etc.), as can be seen in the examples that follow. There are three access privileges:

NotConfig Configuration Write-read The write-read privilege permits the settings of the OS9000 to be viewed and changed. To set up a community string for the write-read privilege in the OS9000 database, invoke the command: community [1-10000000] write-read SOURCE COMMUNITY where, [1-10000000] (optional) Index of the entry. This option can be used to modify an existing entry (by entering the same index and then the other attributes, e.g., access privilege, IP source, etc.) and to provide convenience in placing the entry in a specific position of order.

Write-read Read-only

April 2006

93

ML48261, Rev. 02 CLI Management

Chapter 5:

SOURCE can be: default Any Source IP address A.B.C.D Source IP address A.B.C.D/M Source IP prefix (address and mask) COMMUNITY is community string Read-only The read-only privilege permits the settings of the OS9000 only to be viewed. To set up a community string for the read-only privilege in the OS9000 database, invoke the command: community [1-10000000] read-only SOURCE COMMUNITY where, [1-10000000] (optional) Index of the entry. This option can be used to modify an existing entry (by entering the same index and then the other attributes, e.g., access privilege, IP source, etc.) and to provide convenience in placing the entry in a specific position of order. SOURCE can be: default Any Source IP address A.B.C.D Source IP address A.B.C.D/M Source IP prefix (address and mask) COMMUNITY is community string NotConfig The notConfig privilege permits viewing only the basic settings of the OS9000, i.e., MIB-II System objects (mib-2 1) and SNMP objects (mib-2 11). This enables users to verify whether the OS9000 is alive and to draw the network-map from the OS9000 without affecting its operation. To set up a community string for the notConfig privilege in the OS9000 database, invoke the command: community [1-10000000] notConfig SOURCE COMMUNITYwhere, [1-10000000] (optional) Index of the entry. This option can be used to modify an existing entry (by entering the same index and then the other attributes, e.g., access privilege, IP source, etc.) and to provide convenience in placing the entry in a specific position of order. SOURCE can be: default Any Source IP address A.B.C.D Source IP address A.B.C.D/M Source IP prefix (address and mask) COMMUNITY is community string To display the community object, invoke the command: show snmp community Below, is an example showing the user inputs (in bold) for configuring community strings for the three access privileges write-read, read-only, and notConfig, and OS9000 outputs on the CLI screen.
OS9000> enable OS9000# configure terminal OS9000(config)# snmp OS9000(config-snmp)# community OS9000(config-snmp)# community OS9000(config-snmp)# community OS9000(config-snmp)# show snmp ## -10 20 User ------------write-read read-only

write-read 153.70.131.222 public read-only 153.70.131.0/24 private notConfig default public community Community Description ---------- -------------public private

Source -----------------153.70.131.222 153.70.131.0/24

April 2006

94

ML48261, Rev. 02 CLI Management

30 notConfig default public -- ------------- ------------------ ---------- -------------OS9000(config-snmp)#

Chapter 5:

Note If the same community string is assigned to two (or more) Source IP addresses belonging to the same subnet (even if different privileges are assigned to the Source IP addresses), an SNMP request will be processed only for the Source IP address entered first18 using one of the community commands described above. Requests by the other Source IP address(es) will be ignored! The example below clarifies this point. It shows that the same community string, namely, public is assigned to two Source IP addresses belonging to the same subnet. The Source IP address entered first is 153.70.131.222, as indicated by a lower index value, namely, 10 in the first column. As a result, SNMP requests from the source with this IP address will be processed. SNMP requests from the source with the IP address 153.70.131.0/24 will be ignored.
OS9000(config-snmp)# community write-read 153.70.131.222 public OS9000(config-snmp)# community read-only 153.70.131.0/24 public OS9000(config-snmp)# community notConfig default public OS9000(config-snmp)# show snmp community

## User

Source

Community

Description

-- ------------- ------------------ ---------- -------------10 write-read 20 read-only 30 notConfig 153.70.131.222 153.70.131.0/24 default public public public

-- ------------- ------------------ ---------- -------------OS9000(config-snmp)#

Deletion To delete a community string: 1. Enter configure terminal mode. 2. Invoke the command: snmp 3. Invoke the command no community INDEX where, INDEX Index of the community entry. (The index of an entry can be found by invoking the command show snmp community.) SNMP Version 3 General Access control in SNMPv3 is based on two security passwords that can be defined for each of the access privileges (write-read, read-only, and notConfig) by the user.

Authorization Password Privacy Password

18

That is, with a lower index value in the display obtained when the command show snmp users is invoked (at the mode snmp).

April 2006

95

ML48261, Rev. 02 CLI Management

Chapter 5:

The Authorization password entered by the user is encrypted in either MD5 or SHA code (algorithm), per the user choice. In addition, the password can be hidden. The password must be at least 10 characters long. The Privacy password is optional. If entered it is encrypted in des code. The password must be at least 10 characters long. Configuration To set up the passwords in the OS9000 database, invoke the command: user wruser|rouser|ncuser [8] md5|sha AUTHPASSWORD des PRIVPASSWORDwhere, wruser Write-read privileged user (can access all MIBs) rouser Read-only privileged user (can access all MIBs) ncuser Basic read-only privileged user (can access only system MIB) 8 (optional) Hides the authorization password md5 MD5 code sha SHA code AUTHPASSWORD Authorization password des DES privacy code PRIVPASSWORD Privacy password Viewing SNMP Configuration To view the SNMPv3 passwords configured by the user: 1. Enter configure terminal mode. 2. Invoke the command: snmp 3. Invoke the command: show snmp configuration Viewing SNMP Users To view the users assigned SNMPv3 passwords: 1. Enter configure terminal mode. 2. Invoke the command: snmp 3. Invoke the command: show snmp users Below, is an example showing the user inputs (in bold) and OS9000 outputs on the CLI screen. The user inputs include: SNMPv3 passwords configuration for the access privilege write-read, SNMP configuration display command, and SNMP users display command.
OS9000(config-snmp)# user wruser md5 ZorroTheFox des CondorBird OS9000(config-snmp)# show snmp configuration ! ! SNMP configuration snmp contact [email protected] location Paradise Island (P.O.B. 123) community 10 write-read 153.70.131.222 public community 20 read-only 153.70.131.0/24 public community 30 notConfig default public user rouser 8 sha 0xfc2684ca3353ec5c29fb2788aa0005c38438e1b1 user wruser 8 md5 0xd2a56a2972f6dd9719f5aa1bdf80cab5 des 0xac7aa70a22e2df6c2e74b8331 a41d5ec ! OS9000(config-snmp)# show snmp users !

April 2006

96

ML48261, Rev. 02 CLI Management

### userName Auth --- ------------ ---1 rouser sha 2 wruser md5 --- ------------ ---OS9000(config-snmp)# Priv PublicString ---- -----------none des ---- ------------

Chapter 5:

Trap Generation
General Traps are SNMP packets sent by the OS9000 agent to one or more SNMP managers when certain events external to the OS9000 are detected or when the condition of the OS9000 has changed significantly. A trap may be a cold or warm reset, detection of an interface link status change, an SNMP authentication failure due to an incorrect community string, etc. The OS9000 can be configured to send traps to several pre-specified IP destination addresses (trap hosts). Trap Host Specification To specify what hosts are to receive traps: 1. Enter configure terminal mode. 2. Invoke either of the following commands: Command for SNMPv1/2 trapsess19 TARGET 1|2 COMMUNITY [inform] where, TARGET = Hostname (ID address or DNS name). 1 = SNMPv1 trap 2 = SNMPv2 trap COMMUNITY = community string inform (optional) Get acknowledgement of receipt of trap from the host Command for SNMPv3 trapsess TARGET 3 wruser|rouser|ncuser [inform] where, TARGET = Hostname (ID address or DNS name). 3 SNMPv3 trap wruser Write-read privileged user (can access all MIBs) rouser Read-only privileged user (can access all MIBs) ncuser Basic read-only privileged user (can access only system MIB) inform (optional) Get acknowledgement of receipt of trap from the host Trap Host Display To display specification of trap hosts: 1. Enter configure terminal mode. 2. Invoke the command: show snmp traps Enabling/Disabling Authentication Traps To enable or disable sending of authentication traps to hosts:
19

Trapsess designates SNMPv3 traps.

April 2006

97

ML48261, Rev. 02 CLI Management 1. Enter configure terminal mode. 2. Invoke the command: authtrap enable|disable where, enable Send authentication traps disable Do not send authentication traps Trap Host Deletion To delete specification of a trap host: 1. Enter configure terminal mode. 2. Invoke the command: no trapsess TARGET

Chapter 5:

where, TARGET Hostname (ID address or DNS name). Below, is an example showing the user inputs (in bold) and OS9000 outputs on the CLI screen. The user inputs include:

Specification of trap hosts for SNMPv1, 2, and 3 The command to display the specifications Deletion of the trap host 174.59.33.88, and The command to redisplay the specifications

OS9000(config-snmp)# trapsess 173.57.32.104 1 ZorroTheFox inform OS9000(config-snmp)# trapsess 174.59.33.88 2 LionTheKing inform OS9000(config-snmp)# trapsess 176.58.34.249 3 wruser inform OS9000(config-snmp)# show snmp traps ! !trap HostName Vers Community/User IsInform !---- --------------- ---- ---------------- -----trap 173.57.32.104 1 ZorroTheFox inform trap 174.59.33.88 2 LionTheKing inform trap 176.58.34.249 3 wruser inform OS9000(config-snmp)# no trapsess 174.59.33.88 OS9000(config-snmp)# show snmp traps ! !trap HostName Vers Community/User IsInform !---- --------------- ---- ---------------- -----trap 173.57.32.104 1 ZorroTheFox inform trap 176.58.34.249 3 wruser inform OS9000(config-snmp)#

Trap Source Address Specification To specify the srcIP (IP address of the OS9000 interface via which traps are to be sent out): 1. Enter configure terminal mode. 2. Invoke the command: source ip A.B.C.D where, A.B.C.D IP address of the OS9000 interface via which traps are to be sent out. Below, is an example showing the user inputs (in bold) and OS9000 outputs on the CLI screen. The user inputs include:

Specification of the trap source IP address Display of the trap source IP address.

OS9000(config-snmp)# source ip 195.86.224.1 OS9000(config-snmp)# show snmp srcIP

April 2006

98

ML48261, Rev. 02 CLI Management

source ip 195.86.224.1 OS9000(config-snmp)#

Chapter 5:

Viewing
To view SNMP information, invoke the command: show snmp [all]|authtrapmode|community|engineID|objectID|srcIP|srcIP| system|traps|users|configuration where, [all] (optional) All SNMP information (default) authtrapmode Authentication traps mode (enabled or disabled) community Community objects engineID Engine ID. (Needed by SNMP-enabled devices in the datapath of SNMP traffic from a device.) objectID SNMP OID of OS9000. srcIP IP address of source (VLAN/interface in OS9000) from which Trap was sent. system MIB-II system data traps Trap hosts users SNMPv3 user privilege and encryption modes configuration = Run-time configuration Below, is an example showing the user input (in bold) and OS9000 outputs on the CLI screen.
OS9000(config-snmp)# show snmp all SNMP Object ID: 1.3.6.1.4.1.629.22.1.1 engineID 0x800007e503000fbd0005b8 ## User Source Community Description -- ------------- ------------------ ---------- -------------10 write-read 153.70.131.222 public 20 read-only 153.70.131.0/24 public 30 notConfig default public -- ------------- ------------------ ---------- -------------### userName Auth Priv PublicString --- ------------ ---- ---- -----------1 wruser md5 none --- ------------ ---- ---- -----------!trap HostName Vers Community/User IsInform !---- --------------- ---- ---------------- -----trap 173.57.32.104 1 ZorroTheFox inform trap 176.58.34.249 3 wruser inform authtrap enabled OS9000(config-snmp)#

Scripts
Definition
A Script is a set of factory CLI commands that the OS9000 can execute in succession without user intervention. Once a script is defined, it can be used just like any other CLI command.

Purpose
The Script utility is used to make the configuration procedure for the OS9000 simpler and quicker for technicians in the field.

April 2006

99

ML48261, Rev. 02 CLI Management

Chapter 5:

Structure
A script consists of the following:

Parameters (script arguments) Lines (a sequence of CLI commands that may include script Parameters as arguments)

Creating
To create a script, you basically need to do the following:

Create Parameters Create Lines (that contain factory CLI commands) with the appropriate Parameters

A Script is created as follows: 1. Enter configure terminal mode. 2. Assign a name to the script by invoking the command: script NAME where, NAME Name of script. String of up to thirteen alphanumeric characters. Letter characters must be lowercase only and must not be blanks, e.g., ipiface01.

3. Optionally, enter a textual description of the script by invoking the command: description TEXT where, TEXT Description of script. Text that can include blanks.

4. Create the parameters as described in the section Create Parameter, page 100. 5. Create the lines with CLI commands as described in the section Create Line, page 102.

Parameters
Parameters are script arguments. The user can define a list of Parameters that can be later used in Lines of a script. The actions that can be performed on a parameter are as follows:

Create Parameter View Parameter Modify Parameter Delete Parameter

Create Parameter To create a parameter: 1. Enter configure terminal mode. 2. Enter the mode of a script (existing or new) by invoking the command: script NAME where, NAME Name of script. String of up to thirteen alphanumeric characters. Letter characters must be lowercase only and must not be blanks, e.g., ipiface01. 3. Invoke the command: parameter [NUMBER] NAME type TYPE description TEXT where,

April 2006

100

ML48261, Rev. 02 CLI Management NUMBER

Chapter 5: (optional) Index of parameter. Set the order of the parameter. If not specified, a number that is a multiple of 10 (e.g., 10, 20, 30, etc.) is assigned. Name for the parameter. Type for parameter. Description for parameter.

NAME TYPE TEXT Example

OS9000# configure terminal OS9000(config)# script ipiface01 OS9000(script-ipiface01)# parameter 10 ID OS9000(script-ipiface01)#

IFID type vifN description Vlan Interface

View Parameter The procedures for viewing a Parameter are the same as those given for viewing a Script see section Viewing, page 104. Modify Parameter To modify the name, type, or description of a parameter: 1. Enter the mode of the script containing the parameter to be modified by invoking the command: script NAME where, NAME Name of script.

2. Invoke the command: parameter NUMBER NAME type TYPE description TEXT where, NUMBER Number of the parameter whose name, type, or description is to be changed. NAME New name for the parameter. TYPE TEXT New Type for parameter. New description for script.

Delete Parameter To delete a parameter from an existing script: 1. Enter configure terminal mode. 2. Enter the mode of the script containing the parameter to be deleted by invoking the command: script NAME where, NAME Name of script.

3. Invoke the command: no parameter NUMBER where, NUMBER Example

OS9000(script-IpInterface01)# no parameter 30 OS9000(script-IpInterface01)#

Number of the parameter to be deleted.

Renumber Parameters To renumber all Parameters (and Lines) of a script with the sequence 10, 20, 30, etc.: 1. Enter the mode of the script by invoking the command:

April 2006

101

ML48261, Rev. 02 CLI Management script NAME

Chapter 5:

where, NAME Name of script. Text string of up to thirteen characters without blanks. 2. Renumber the Parameters (and Lines) by invoking the command renumerate Example The example below shows that the numbers of the parameters before the command renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.
OS9000(script-IpInterface01)# show script 'IpInterface01' : Play Dome at Tensa. Parameters ---- -------------- -------------- ----------Num. Name Type Description ---- -------------- -------------- ----------5 vifID vifN Param for interface ID. 17 portID ports Group of Ports 23 tagID tag ID of Tag OS9000(script-IpInterface01)# renumerate OS9000(script-IpInterface01)# show script 'IpInterface01' : Play Dome at Tensa. Parameters ---- -------------- -------------- ----------Num. Name Type Description ---- -------------- -------------- ----------10 vifID vifN Param for interface ID. 20 portID ports Group of Ports. 30 tagID tag ID of Tag.

Lines
Lines are a sequence of CLI commands that include script Parameters. The actions that can be performed on a line are as follows:

Create Line View Line Modify Line Delete Line

Create Line To create a line: 1. Enter configure terminal mode. 2. Enter the mode of a script (existing or new) by invoking the command: script NAME where, NAME Name of script. String of up to thirteen alphanumeric characters. Letter characters must be lowercase only and must not be blanks, e.g., ipiface01. 3. Invoke the command: line [NUMBER] COMMAND where, NUMBER (optional) Number for the line.

April 2006

102

ML48261, Rev. 02 CLI Management

Chapter 5:

COMMAND CLI command in the regular format with the exception that instead of a value argument, a parameter preceded by $ is entered. Example
OS9000# configure terminal OS9000(config)# script ipiface01 OS9000(script-ipiface01)# line OS9000(script-ipiface01)#

10

interface vlan vif$IFID

Note When creating a script, there is no need to use exit command in order to return to previous CLI modes. View Line The procedures for viewing a Line are the same as those given for viewing a Script see section Viewing, page 104. Modify Line To modify a line re-enter it with the same line number as follows: 1. Enter the mode of the script containing the line to be modified by invoking the command: script NAME where, NAME Name of script.

2. Invoke the command: line NUMBER COMMAND where, NUMBER COMMAND Number for the line. New CLI command.

Delete Line To delete a line from an existing script: 1. Enter configure terminal mode. 2. Enter the mode of the script containing the parameter to be deleted by invoking the command: script NAME where, NAME Name of script.

3. Invoke the command: no line NUMBER where, NUMBER Example

OS9000(script-ipiface01)# no line 50 OS9000(script-ipiface01)#

Number of the line to be deleted.

Renumber Lines To renumber all Lines (and Parameters) of a script with the sequence 10, 20, 30, etc.: 1. Enter the mode of the script by invoking the command: script NAME where,

April 2006

103

ML48261, Rev. 02 CLI Management

Chapter 5:

NAME Name of script. Text string of up to thirteen characters without blanks. 2. Renumber the Parameters (and Lines) by invoking the command renumerate Example The example below shows that the numbers of the parameters before the command renumerate is invoked are 5, 17, and 23. The numbers after are 10, 20, and 30.
OS9000(script-IpInterface01)# show script 'IpInterface01' : Play Dome at Tensa. Parameters ---- -------------- -------------- ----------Num. Name Type Description ---- -------------- -------------- ----------5 vifID vifN Param for interface ID. 17 portID ports Group of Ports 23 tagID tag ID of Tag OS9000(script-IpInterface01)# renumerate OS9000(script-IpInterface01)# show script 'IpInterface01' : Play Dome at Tensa. Parameters ---- -------------- -------------- ----------Num. Name Type Description ---- -------------- -------------- ----------10 vifID vifN Param for interface ID. 20 portID ports Group of Ports. 30 tagID tag ID of Tag.

Viewing
In Script Mode To view a script in its mode: 1. Enter configure terminal mode. 2. Enter the mode of the script whose parameters are to be viewed by invoking the command: script NAME where, NAME Name of script.

3. Invoke the command: show Example

OS9000# configure terminal OS9000(config)# script ipiface01 OS9000(script-ipiface01)# show script 'ipiface01' ---Num. ---10 20 30 40 Parameters -------------- -------------Name Type -------------- -------------IFID ifname POID ports TGID tag IPID ipv4_pref ----------Description ----------Vlan Interface ID Group of Ports ID of Tag IP Prefix of Interface

April 2006

104

ML48261, Rev. 02 CLI Management

Lines ---- ----------------------------------------Num. Line ---- ----------------------------------------10 interface vlan vif$IFID 20 ports $POID 30 tag $TGID 40 ip $IPID OS9000(script-ipiface01)#

Chapter 5:

In Enable Mode To view a script in enable mode: Per Script 1. Enter enable mode. 2. Invoke the command: show script NAME where, NAME Name of script.

All Scripts 1. Enter enable mode. 2. Invoke the command: show scripts [configuration] where, configuration (optional) In the format used to configure the parameters. If this keyword is not entered, the parameters are displayed in tabular format.

Executing
A Script can be executed like any other CLI command. To execute a script 1. Enter enable mode. 2. Invoke the command: NAME where, NAME Name of script.

3. Press Shift ? to display the parameter value to be entered, and enter the value prompted by the system. 4. Repeat step 3, above, until the prompt <cr> appears.

Deleting
To delete a script: 1. Enter configure terminal mode. 2. To display the list of existing scripts, type the partial command: no script ? 3. Complete the partial command by typing the name of the script to be deleted. Example
OS9000# configure terminal OS9000(config)# no script ? NAME Config07 *Script* IpInterface01 *Script* Play Dome at Tensa.

April 2006

105

ML48261, Rev. 02 CLI Management

OS9000(config)# no script Config07 OS9000(config)#

Chapter 5:

April 2006

106

ML48261, Rev. 02 CLI Management

Chapter 5:

Example
The example below shows how a script is created that can be used to configure an interface. Custom entries are shown in the color red. Parameter names are in upper case, e.g., IFID, POID, TGID. Notice that in each line, a regular CLI command (e.g., tag 27) is entered with the exception that a parameter (e.g., TGID) preceded by $ is entered instead of a value (e.g., 27).
MRV OptiSwitch 9024 version d1734-22-09-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# script ? NAME Script name OS9000(config)# script ipiface01 OS9000(script-ipiface01)# ID OS9000(script-ipiface01)# OS9000(script-ipiface01)# OS9000(script-ipiface01)# of Interface OS9000(script-ipiface01)# OS9000(script-ipiface01)# OS9000(script-ipiface01)# OS9000(script-ipiface01)# parameter 10 parameter 20 parameter 30 parameter 40 line line line line 10 20 30 40 IFID type vifN description Vlan Interface POID type ports description Group of Ports TGID type tag description ID of Tag IPID type ipv4_pref description IP Prefix interface vlan vif$IFID _ports $POID _tag $TGID _ip $IPID

OS9000(script-ipiface01)# show script 'ipiface01' Parameters ---- -------------- -------------Num. Name Type ---- -------------- -------------10 IFID ifname 20 POID ports 30 TGID tag 40 IPID ipv4_pref

----------Description ----------Vlan Interface ID Group of Ports ID of Tag IP Prefix of Interface

---Num. ---10 20 30 40

Lines ----------------------------------------Line ----------------------------------------interface vlan vif$IFID ports $POID tag $TGID ip $IPID

OS9000(script-ipiface01)# exit OS9000(config)# exit OS9000# ipiface01 ? IFNAME Vlan Interface ID OS9000# ipiface01 201 ? PORT_GROUP_STR Group of Ports OS9000# ipiface01 201 19-23 ? <1-4095> ID of Tag OS9000# ipiface01 201 19-23 2001 ? A.B.C.D/M IP Prefix of Interface OS9000# ipiface01 201 19-23 2001 192.4.4.4/24 ?

April 2006

107

ML48261, Rev. 02 CLI Management

<cr> | Output modifiers OS9000# ipiface01 201 19-23 2001 192.4.4.4/24 execute: interface vlan vif201 execute: ports 19-23 execute: tag 2001 Interface is activated. execute: ip 192.4.4.4/24 OS9000#

Chapter 5:

April 2006

108

ML48261, Rev. 02 Ports

Chapter 6:

Chapter 6:

Ports
General
This chapter shows how to configure and monitor the physical ports of the OS9000 in the following respects:

Display status Add a comment Select the interface media type (copper or fiber) Speed Duplexity Enabling/Disabling Tagged/untagged outbound mode Statistics Digital Diagnostics

Status
Brief
To view the configuration status of one or more ports in brief, invoke the command: show port [PORTS-GROUP|all] where, show Display port Port related action PORTS-GROUP Group of Ports. (If no port number is entered, all ports are displayed.) all All ports as shown in the example below: OS9000(config)# show port 1,22,24 PORTS CONFIGURATION =================== PORT LAN_TYPE LINK PHY SPEED_SEL LAN_SPEED DUPLEX STATE SL -----------------------------------------------------------------------------1 ETH1000 OFF SFP AUTO - N/A ENABLE 1 22 ETH10/100/1000 - - COMBO AUTO - N/A ENABLE 1 24 ETH10/100/1000 - - COMBO AUTO - N/A ENABLE 1 OS9000(config)#

Detailed
To view the configuration status of one or more ports in detail, invoke the command: show port details [PORTS-GROUP]

April 2005

109

ML48261, Rev. 02 Ports

Chapter 6:

where, show Display port Port-related action details Detailed information PORTS-GROUP is the Group of Ports (If no port number is entered, all ports are displayed.) as shown in the example below:
OS9000(config)# show port details 3 Port 3 details: ---------------Description: N/A Type: ETH100/1000 Link OFF Duplex state: N/A PHY: SFP port_phy: 25 Speed selected: AUTO State: ENABLE Priority: 1 Flow control mode: off Ethertype: CORE1:0x8100 Broadcast Rate Limiting is disabled for this port. OS9000(config)#

Comment Adding
To enter a textual description of one or more ports, invoke the command: port description PORTS-GROUP|all .. where, port Port-related action description Textual description PORTS-GROUP Group of Ports all All ports .. represents textual description as shown in the example below:
OS9000(config)# port description 10 This port is for new customers. OS9000(config)# show port details 10 Port 10 details: ---------------Description: This port is for new customers. Type: ETH100/1000 Link OFF Duplex state: N/A PHY: SFP port_phy: 25 Speed selected: AUTO State: ENABLE Priority: 1 Flow control mode: off Ethertype: CORE1:0x8100 Broadcast Rate Limiting is disabled for this port. OS9000(config)#

April 2006

110

ML48261, Rev. 02 Ports

Chapter 6:

Physical Interface
Default
By default, the type of physical interface selected for a combo LAN/WAN port depends on the type that is connected first.

Custom
The type of physical interface for a combo port can be selected independently of other ports. To select the interface medium for one or more ports, invoke the following command: port media-select sfp|sfp100|copper|auto PORT-GROUP|all where, port Port-related action media-select Port activation/deactivation sfp SFP interface(s) sfp100 Set the port to operate as a 100Base-FX interface copper Electrical interface(s) auto Select type of interface connected first. (This option cannot be selected for 100Base-FX SFPs.) PORT-GROUP Group of Ports all All ports as shown in the example below:
OS9000(config)# port media-select copper 22-24 port 22 media mode set to: COPPER port 23 media mode set to: COPPER port 24 media mode set to: COPPER OS9000(config)#

Speed
Default
The default speed of an electrical LAN/WAN port is according to auto-negotiation. (LAN/WAN ports are shown in Figure 2, page 41.)

Custom
The speed of each port can be set independently of other ports. To set a speed for one or more ports, invoke the following command: port speed 10|100|1000|auto PORTS-GROUP|all where, port Port-related action speed Speed to be set 10 10 Mbit/sec 100 100 Mbit/sec 1000 1000 Mbit/sec auto Auto-Negotiation PORTS-GROUP Group of Ports all All ports as shown in the example below: OS9000(config)# port speed 100 22-24 port 22 speed set to: FORC100 April 2006 111

ML48261, Rev. 02 Ports port 23 speed set to: FORC100 port 24 speed set to: FORC100 OS9000(config)#

Chapter 6:

To save the configuration changes to the configuration files, invoke the command write file or write memory.

Viewing
To view the speed configurations for ports, invoke a show command as described in the section Status, page 109.

Duplexity
Default
The default duplexity mode of transmission of a copper interface LAN/WAN port is according to auto-negotiation.

Custom
The duplexity of each port can be set independently of other ports. To set half- or fullduplexity for one or more ports, invoke the following command: port duplex half|full PORTS-GROUP|all where, port Port-related action duplex Duplexity to be set half Half-duplex full Full-duplex PORTS-GROUP Group of Ports all is all ports as shown in the example below: OS9000(config)# port duplex half 22-24 port 22 duplex set to: HALF port 23 duplex set to: HALF port 24 duplex set to: HALF OS9000(config)# To save the configuration changes to the configuration files, invoke the command write file or write memory.

Viewing
To view the speed configurations for ports, invoke a show command as described in the section Status, page 109.

Enabling/Disabling
Default
By default, each LAN/WAN port is enabled.

Custom
Each port can be enabled or disabled independently of other ports. To enable/disable one or more ports, invoke the following command: port state enable|disable PORTS-GROUP|all

April 2006

112

ML48261, Rev. 02 Ports where, port Port-related action state Port activation/deactivation enable is a keyword for Activate the port(s) disable is a keyword for Deactivate the port(s) PORTS-GROUP is the Group of Ports all is all ports as shown in the example below:
OS9000(config)# port state disable 6 port 6 state set to: DISABLE OS9000(config)#

Chapter 6:

Outbound Tag Mode

One or more ports can be set to handle frames with IEEE 802.1Q encapsulation in one of the following modes:

Tagged Untagged Hybrid Q-in-Q

Tagged
To set a port to handle only tagged ingress/egress frames: 1. Enter configure terminal mode. 2. Invoke the command: port tag-outbound-mode tagged PORTS-GROUP where, port Port-related action tag-outbound-mode IEEE 802.1Q encapsulation of ingress/egress frames tagged Tagged ingress/egress frames PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) Note The argument tagged must be selected for Q-in-Q (VMAN) core ports.

Untagged
This is the default mode for ports. To set a port to handle only untagged frames: 1. Enter configure terminal mode. 2. Invoke the command: port tag-outbound-mode untagged PORTS-GROUP where, port Port-related action tag-outbound-mode IEEE 802.1Q encapsulation of ingress/egress frames untagged Untagged ingress/egress frames PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.)

April 2006

113

ML48261, Rev. 02 Ports

Chapter 6:

Hybrid
To set a port to handle hybrid (tagged and untagged) ingress/egress frames: 1. Enter configure terminal mode. 2. Invoke the command: port tag-outbound-mode hybrid PORTS-GROUP TAG where, port Port action tag-outbound-mode IEEE 802.1Q encapsulation of ingress/egress frames hybrid Tagged and untagged ingress/egress frames PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) TAG User-selectable default tag for the interface

Q-in-Q (VMAN)
Set port outbound mode to q-in-q access mode To set a port to only handle ingress/egress frames: 1. Enter configure terminal mode. 2. Invoke the command: port tag-outbound-mode q-in-q PORTS-GROUP where, port Port configuration. tag-outbound-mode IEEE 802.1Q encapsulation of ingress/egress frames q-in-q Untagging of ingress/egress frames. PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) Note The argument q-in-q must be selected for Q-in-Q (VMAN) access ports.

Viewing
To view the tags of one or more ports: 1. Enter enable mode. 2. Invoke the command: show port tag [PORT-GROUP|all] where, PORTS-GROUP is the Group of Ports (If no port number is entered, all ports are displayed.) all All ports
OS9000# show port tag 1-4 VMAN mode is disable Value of ethertype 1 is 0x8100 Value of ethertype 2 is 0x8100 PORT TAG CONFIGURATION ====================== port OUTBOUND-TAGGED DEF-TAG NUM-TAGS ETHERTYPE -----------------------------------------------------1 tagged 0 2 CORE1:0x8100

April 2006

114

ML48261, Rev. 02 Ports

2 untagged 3 untagged 4 untagged OS9000# 2007 2007 2007 1 1 1 CORE1:0x8100 CORE1:0x8100 CORE1:0x8100

Chapter 6:

The NUM-TAGS column shows the number of VLAN interfaces of which a port is a member.
DEF-TAG

is the tag that will be pushed in an untagged egress packet.

Statistics
Viewing
To view the statistics on one or more ports: 1. Enter mode enable or mode configure terminal. 2. Invoke either of the commands: monitor port statistics PORTS-GROUP [packets] monitor port statistics table [PORTS-GROUP] monitor port statistics PORTS-GROUP [packets] where, monitor Display with refresh20 port Port related action statistics Statistics related action PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) table Tabular format packets Packet counters only as shown in the example below: OS9000# monitor port statistics 5 PORTS STATISTICS ================ Port 5 Ethernet counters --------------------------Good bytes received : 45198670 Good packets received : 2791284 Good unicast packets received : 1895642 Good broadcast packets received : 364301 Good multicast packets received : 531341 Bytes transmitted : 51006743 Packets transmitted : 115672 Unicast packets transmitted : 85475 Broadcast packets transmitted : 20344 Multicast packets transmitted : 65131 CRC or Alignment error received :0 Undersize received :0 Oversize received :0 Fragments received :0 Jabber received :0
20

Automatic continuous update

April 2006

115

ML48261, Rev. 02 Ports Collisions received and transmitted : 15 Port 5 RMON Packet Size Distribution Counters ------------------------------------------------ 64 Octets : 3012 65- 127 Octets : 90258 128- 255 Octets : 248021 256- 511 Octets : 720915 512-1023 Octets : 108839 1024- Octets : 4203 OS9000# To exit monitoring, press Ctrl C or Ctrl Z .

Chapter 6:

Clear
To clear the statistical counters of one or more ports: 1. Enter enable mode. 2. Invoke the command: clear ports statistics [PORTS-GROUP] where, PORTS-GROUP is the Group of Ports (If no port number is entered, all ports are cleared.) as shown in the example below:
OS9000# clear ports statistics 1-4 OS9000#

Digital Diagnostics
SFP Parameters
To view information on the parameters of SFPs in ports, invoke the command: show port sfp-params [PORTS-GROUP] where, show Display port Port related action sfp-params SFP parameters PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) as shown in the example below:
OS9000# show port sfp-params 7 SFP ports internal EEPROM data =============================== SFP EEPROM Diagnostics: (Port 7) ************************************* Identifier is SFP. Connector code is LC. Transceiver subcode is 1000Base-SX. Serial encoding mechanism is 8B10B. The nominal bit rate is 2100 Megabits/sec. Link length using single mode (9 micron) is not supported. Link length using 50 micron multi-mode fiber is greater than 300m.

April 2006

116

ML48261, Rev. 02 Ports

Link length using 62.5 micron multi-mode fiber is greater than 150m. Link length using cooper cable is not supported. Vendor name is FINISAR CORP. Vendor PN is FTRJ8519P1BNL Vendor revision is A Nominal transmitter output wavelength at room temperature is 850.00 nm. ======================================================================

Chapter 6:

SFP Diagnostics
To view real-time diagnostic information on SFPs, invoke the command: show port sfp-diag [PORTS-GROUP] where, show Display port Port related action sfp-diag SFP diagnostics PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) as shown in the example below:
OS9000# show port sfp-diag 9 SFP ports internal EEPROM data =============================== SFP Digital Diagnostics: (Port 9) ************************************* Description Real-Time Value -------------------- --------------Temperature (C)/(F): 44/111 Voltage (V): 3.2998 TX Bias (mA): 4.836 TX Power (dBm)/(mW): -5.4/0.290 RX Power (dBm)/(mW): -23.8/0.004 ************************

April 2006

117

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 7:

Interfaces
General
Interfaces are needed for VLANs, Access Lists, management, and protocols of various OSI layers, e.g., Layer 2, Layer 3, etc. The OS9000 has two types of user interface. They are:

Dummy interfaces VLAN interfaces are user-creatable VLANs, each of which can be assigned an IP address. A VLAN is a user-configurable logical grouping of one or more ports to form an isolated communication domain. Communication between ports of the same VLAN occurs as if they are connected to the same physical LAN. The Out-of-band interface is described in the section MGT ETH, page 41. The procedure for configuring an interface is given in section Out-of-band Ethernet Management, page 134. A dummy interface is a software-only loopback interface. It emulates an interface that is always up and has connectivity to all VLAN interfaces of the OS9000. Up to 4095 dummy interfaces can be configured. To configure a dummy interface: 1. Enter the following modes in succession: enable configure terminal 2. Invoke the command: interface dummy IFNAME where, IFNAME ID of interface/device. (The ID must have the format dummyX, where X can be any integer in the range 1-4095, e.g., dummy3000.) Example
OS9024-4C(config)# interface dummy dummy3000 OS9024-4C(config-dummy3000)#

VLAN interfaces Out-of-band interface

This chapter is devoted to VLAN interfaces.

Number
The maximum number of VLAN interfaces that can be configured is 4K.

IDs
An Interface ID must be assigned to each VLAN interface using the format vifX, where X is a decimal number in the range 1-4095. Examples of Interface IDs are: vif1, vif2, vif3, vif4095. vif0 is reserved for the Default Forwarding VLAN interface described in the section Default Forwarding VLAN Interface, page 121.

April 2005

118

ML48261, Rev. 02 Interfaces

Chapter 7:

Configuring
To configure a VLAN interface: 1. Enter configure terminal mode. Example:
OS9000# configure terminal OS9000(config)#

2.

(Optional) Set the modes of the ports (that are to be included in the interface) as described in the section Outbound Tag Mode, page 113. To include a port in two or more VLAN interfaces, the port must first be set as tag or hybrid type in outbound tag mode. This is so because it is not possible to create overlapping VLANs with untagged ports, i.e., an untagged port can be a member of only one VLAN interface. Example:
OS9000(config)# port tag-outbound-mode tagged 4-7 OS9000(config)#

3. Assign an Interface ID to the VLAN interface by invoking the command: interface vlan IFNAME where, vlan VLAN

IFNAME Interface ID having the format vifX, where X is a decimal number in the range 1-4095 Example:
OS9000(config)# interface vlan vif2005 OS9000(config-vif2005)#

4. Assign ports to the VLAN interface by invoking the command: ports PORTS-GROUP where, PORTS-GROUP Example:
OS9000(config-vif2005)# ports 3-5 OS9000(config-vif2005)#

Group of ports to be members of the interface.

5. Define a tag (VID) for the VLAN interface by invoking the command: tag TAG where, TAG is the user-selectable tag (VID) for the VLAN interface. The tag can have any value in the range 1-4095. Example:
OS9000(config-vif2005)# tag 3000 Interface is activated.

Note When valid ports and a tag are assigned to an interface, the VLAN interface automatically becomes active as shown in the example above. An interface can be in either one of the following three states:

NA: Not Active, possibly because one or both port(s) and tag are not
assigned

UP: Link exists on one or more ports that are members of the VLAN
interface

DO: No link on any of the ports that are members of the VLAN interface
April 2006 119

ML48261, Rev. 02 Interfaces

Chapter 7:

6. (Optional) For inband management, assign an IP address to the VLAN interface by invoking the command: ip A.B.C.D/M where, A.B.C.D/M is the IP address/Mask of the VLAN interface. Valid values are up to 223.255.255.254. 223.255.255.255 is the broadcast value. 224.0.0.0 to 239.255.255.255 is the multicast range. Example:
OS9000(config-vif2005)# ip 193.86.205.47/24 OS9000(config-vif2005)#

The above command will include the CPU as a member of the VLAN interface. The CPU can be excluded from the VLAN interface as described in the section Excluding the CPU, page 127.

Name
The default name of a VLAN interface is the same as its Interface ID. To change the default name of an interface: 1. Enter the configure terminal mode. 2. Access the mode of an existing VLAN interface by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing interface (e.g., vif1, vif2, etc.) 3. Change the name of the VLAN interface by invoking the command: name NAME where, name NAME Name. Name for VLAN interface.

as shown in the example below:

OS9000# configure terminal OS9000(config)# interface vif7 OS9000(config-vif7)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif7 vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3 OS9000(config-vif7)# name Tiger OS9000(config-vif7)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3 OS9000(config-vif7)#

Description
To enter a textual description of an interface: 1. Enter the configure terminal mode. 2. Access the mode of an existing VLAN interface by invoking the command:

April 2006

120

ML48261, Rev. 02 Interfaces interface IFNAME where, IFNAME

Chapter 7:

Interface ID of an existing interface (e.g., vif1, vif2, etc.)

3. Enter a textual description of the interface by invoking the command: description .. where, description .. Textual description.

Textual description.

as shown in the example below:

OS9000(config-vif2005)# description This interface is for Customer 10 OS9000(config-vif2005)# show detail vif2005 is DOWN (No state changes have occurred) Description: This interface is for Customer 10 Active: Yes Ports: 6-8,10 Interface type is Vlan Encapsulation: 802.1Q, Tag 3000 MAC address is 00:0F:BD:02:05:B8 IP address is 193.86.205.47/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is not defined OS9000(config-vif2005)#

Default Forwarding VLAN Interface

General
The Default Forwarding VLAN interface is a broadcast domain for all ports not included in user-defined VLAN interfaces. That is, any packet entering one such port is flooded to all other such ports. In the factory default setting, only the default VLAN interface (vif0) exists and all the physical data ports of the OS9000s are untagged members of it. The default VLAN interface cannot be deleted, but any port can be removed from it in order to become part of a user-defined VLAN interface. The default tag (VID) for vif0 is 1.

Viewing
To view the default tag: 1. Enter mode enable. 2. Invoke the command: show default-fwd as shown in the example below:
OS9000> enable OS9000# show default-fwd default forwarding tag : 1 OS9000#

Tag Modification
The default tag (or any other tag assigned to vif0) can be changed as follows: 1. Enter mode configure terminal. 2. Change the default VID of the VLAN interface by invoking the command: April 2006 121

ML48261, Rev. 02 Interfaces default-fwd tag TAG where, TAG is VID. It can be any number in the range 1-4095. Below, is an example showing:

Chapter 7:

Display of the tag of vif0 using the command show interface. The tag ID is shown in the Tag column. In the example, the tag ID is 0001. Change of the default tag to 2007 using the command default-fwd tag 2007. Display of the new tag of vif0 using the command show interface. The system shows that it is 2007.

OS9000(config)# show interface INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif0 vif0 DO 00:0F:BD:00:05:B8 0001 1-24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9000(config)# default-fwd tag 2007 OS9000(config)# show interface INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif0 vif0 DO 00:0F:BD:00:05:B8 2007 1-24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9000(config)#

Disabling
The Default Forwarding VLAN Interface is by default enabled. To disable it: 1. Enter configure terminal mode. 2. Disable the Default Forwarding VLAN Interface by invoking the command: no default-fwd Below, is an example showing:

That the Default Forwarding VLAN Interface is initially enabled (by default) as indicated by the response default forwarding tag : 1 to the command do show default-fwd. (The prefix do is used with show default-fwd because the command show default-fwd, which belongs in the enable mode, is invoked in another mode, namely, configure terminal mode.) Disabling the Default Forwarding VLAN Interface by invoking the command no default-fwd. Verifying that the Default Forwarding VLAN Interface is disabled as indicated by the response default forwarding is disabled to the command do show defaultfwd.
show default-fwd tag : 1 default-fwd show default-fwd is disabled

OS9000(config)# do default forwarding OS9000(config)# no OS9000(config)# do default forwarding

April 2006

122

ML48261, Rev. 02 Interfaces

OS9000(config)#

Chapter 7:

Enabling
The Default Forwarding VLAN Interface is by default enabled. To enable it: 1. Enter configure terminal mode. 2. Enable the Default Forwarding VLAN Interface by invoking the command: default-fwd tag TAG where, TAG is VID. It can be any number in the range 1-4095. Below, is an example showing:

That the Default Forwarding VLAN Interface is initially disabled as indicated by the response default forwarding is disabled to the command do show default-fwd. (The prefix do is used with show default-fwd because the command show defaultfwd, which belongs in the enable mode, is invoked in another mode, namely, configure terminal mode.) Enabling the Default Forwarding VLAN Interface by invoking the command defaultfwd tag 1. Verifying that the Default Forwarding VLAN Interface is enabled as indicated by the response default forwarding tag : 1 to the command do show default-fwd.

OS9000(config)# do show default-fwd default forwarding is disabled OS9000(config)# default-fwd tag 1 OS9000(config)# do show default-fwd default forwarding tag : 1 OS9000(config)#

Drop Tag
Drop Tag is a VLAN interface tag for internal use of the OS9000. The default value is 4094.

Viewing
To view the (current) Drop Tag: 1. Enter mode configure terminal 2. Display the drop tag by invoking the command: show interface Below, is an example showing the (current) Drop Tag.
OS9000(config)# show interface INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3 vif0 vif0 DO 00:0F:BD:00:05:B8 0001 4-24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9000(config)#

Changing
To change the (current) Drop Tag:

April 2006

123

ML48261, Rev. 02 Interfaces

Chapter 7:

1. Enter mode configure terminal 2. Change the value of the Drop Tag VLAN interface by invoking the command: drop-tag TAG where, TAG is VID. It can be any number in the range 2-4095. The number 1 is, by default, the tag of the Default Forwarding VLAN interface vif0. To change the value of the Drop Tag VLAN interface to the default value, i.e., 4094, invoke either of the following commands: no drop-tag default drop-tag Below, is an example showing how to change the current Drop Tag (displayed in the above example as 4094) and the changed Drop Tag (38).
OS9000(config)# drop-tag 38 OS9000(config)# show interface INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------Tiger vif7 192.2.2.2/24 DO 00:0F:BD:00:05:B8 0010 1-3 vif0 vif0 DO 00:0F:BD:00:05:B8 0001 4-24 - 'vif0' is the default forwarding interface. - drop-tag is 38. OS9000(config)#

Viewing
To view an existing interface: 1. Enter enable or configure terminal mode. 2. Display information on the interface by invoking the command: show interface [INTERFACE|configuration|detail|statistics] where, INTERFACE is Interface ID of an existing interface (e.g., vif1, vif2, etc.) configuration is run-time configuration of interface detail is details on interfaces is statistics on interface

statistics

Below, is an example showing display of a specific interface.

OS9000(config)# show interface vif2005 Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif2005 vif2005 193.86.205.47/24 DO 00:0F:BD:02:05:B8 3000 3-5 OS9000(config)#

Below, is an example showing display of details on a specific interface.

OS9000(config)# show interface detail vif8 vif8 is DOWN (No state changes have occurred) Active: Yes Ports: 3-6 Interface type is Vlan Encapsulation: 802.1Q, Tag 200

April 2006

124

ML48261, Rev. 02 Interfaces

MAC address is 00:0F:BD:02:05:B8 IP address is 192.2.3.4/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is active: ACL2 Ports: 5-6 OS9000(config)#

Chapter 7:

Below, is an example showing display of statistics of a port that is a member of a specific interface. The display applies to packets received or sent by the CPU.
OS9000(config)# show interface statistics vif7 3 vif7 Link encap:Ethernet HWaddr 00:0F:BD:00:05:B8 inet addr:192.2.2.2 Bcast:192.2.2.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:59 TX packets:0 errors:0 dropped:0 overruns:0 carrier:17 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) OS9000(config)#

Modifying
To modify any one or more characteristics (e.g., port membership, tag, IP address, etc.) of an existing VLAN interface: 1. Enter the configure terminal mode. 2. Access the mode of the VLAN interface by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing interface (e.g., vif1, vif2, etc.) 3. Set the new characteristic(s). Below, is an example showing the current member ports of a specific interface, e.g., vif7, how ports can be added and deleted, and the final member ports of the interface.
OS9000(config-vif7)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------Tiger vif7 192.88.22.234/24 DO 00:0F:BD:15:05:B8 0100 22-24 OS9000(config-vif7)# ports add 3-7 OS9000(config-vif7)# ports del 22-24 OS9000(config-vif7)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------Tiger vif7 192.88.22.234/24 DO 00:0F:BD:15:05:B8 0100 3-7 OS9000(config-vif7)#

Disabling
An existing VLAN interface can be disabled for administrative reasons or in order to be able to modify several of its characteristics together. A VLAN interface is enabled by

April 2006

125

ML48261, Rev. 02 Interfaces

Chapter 7:

default when member ports and a tag is defined for the interface. To disable an existing interface: 1. Enter the configure terminal mode. 2. Enter the mode of the VLAN interface that is to be disabled by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing interface (e.g., vif1, vif2, etc.) 3. Disable the VLAN interface by invoking the command no enable. as shown in the example below:
OS9000# configure terminal OS9000(config)# interface vif2005 OS9000(config-vif2005)# no enable OS9000(config-vif2005)#

Enabling
To enable an existing interface: 1. Enter the configure terminal mode. 2. Enter the mode of the VLAN interface that is to be enabled by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing interface (e.g., vif1, vif2, etc.) 3. Enable the VLAN interface by invoking the command enable. as shown in the example below:
OS9000# configure terminal OS9000(config)# interface vif2005 OS9000(config-vif2005)# enable OS9000(config-vif2005)#

4. Verify that the VLAN interface is active in the interface mode by invoking the command show detail as shown in the example below:
OS9000(config-vif7)# show detail vif7 is DOWN (No state changes have occurred) Name: Tiger Active: Yes Ports: 1-3 Interface type is Vlan Encapsulation: 802.1Q, Tag 10 MAC address is 00:0F:BD:00:05:B8 IP address is 192.2.2.2/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is not defined OS9000(config-vif7)#

CPU Membership
The CPU can be a member of several VLAN interfaces. The purpose in including the CPU in a VLAN interface is to enable the CPU to send and receive VLAN packets and to enable IP management (e.g., TELNET, SSH, SNMP). April 2006 126

ML48261, Rev. 02 Interfaces

Chapter 7:

The CPU is automatically included in a VLAN interface when an IP address is assigned to the VLAN interface. (Step 0, page 119, in section Configuring, page 119, shows how to assign an IP address.)

Excluding the CPU

To exclude the CPU from a VLAN interface having an IP address: 1. Enter the configure terminal mode. 2. Enter the mode of the VLAN interface that is to exclude the CPU by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing VLAN interface (e.g., vif1, vif2, etc.) 3. To exclude the CPU from the VLAN interface, invoke the command: no cpu-membership Note The CPU can be excluded from a VLAN interface also by deleting the IP address assigned to the VLAN interface using the command no ip in the mode of the interface.

Including the CPU

To include the CPU in a VLAN interface that does not have an IP address: 1. Enter the configure terminal mode. 2. Enter the mode of the VLAN interface that is to include the CPU by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing VLAN interface (e.g., vif1, vif2, etc.) 3. To include the CPU in the VLAN interface, invoke the command cpumembership. Example
OS9000# configure terminal OS9000(config)# interface vif1 OS9000(config-vif1)# cpu-membership OS9000(config-vif1)#

Checking for CPU Membership

To check whether the CPU is a member of a particular VLAN interface: 1. Enter the configure terminal mode. 2. Enter the mode of the VLAN interface that is to be viewed for CPU membership by invoking the command: interface IFNAME where, IFNAME is the Interface ID of an existing VLAN interface (e.g., vif1, vif2, etc.) 3. To view whether or not the CPU is a member of the VLAN interface, invoke the command show detail. Example
OS9000# configure terminal OS9000(config)# interface vif1

April 2006

127

ML48261, Rev. 02 Interfaces

OS9000(config-vif1)# show detail vif1 is DOWN (No state changes have occurred) Active: Yes Ports: 1-4 Interface type is Vlan Encapsulation: 802.1Q, Tag 2005 MAC address is 00:0F:BD:00:05:B8 IP address is 195.88.75.103/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is not defined OS9000(config-vif1)#

Chapter 7:

Management
Management access to the OS9000 can be gained via one or more interfaces, e.g., Serial/RS-232 interface CONSOLE EIA-232, out-of-band interface MGT ETH, or a VLAN interface. For security reasons, remote management (SNMP, TELNET, or SSH) access to the OS9000 via the out-of-band and VLAN interfaces is, by default, disabled.

Enabling
To allow management via a specific interface (VLAN or out-of-band): 1. Enter the configure terminal mode. Example
OS9000# configure terminal OS9000(config)#

2. Select the existing interface via which management is to be enabled by invoking one of the following commands: Out-of-band Interface interface out-of-band eth0 Example
OS9000(config)# interface out-of-band eth0 OS9000(config-eth0)#

VLAN Interface interface IFNAME where, IFNAME is the ID of an existing VLAN interface (e.g., vif1, vif2, etc.). Example
OS9000(config)# interface vif2 OS9000(config-vif2)#

3. Enable a management type (SNMP, TELNET, or SSH) for a specific host/subnet by invoking the command: management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] is IP address of the management host or management subnet (IP address/mask). Example
OS9000# configure terminal OS9000(config)# interface vif2 OS9000(config-vif2)# management snmp 193.222.48.105/24 OS9000(config-vif2)#

April 2006

128

ML48261, Rev. 02 Interfaces

Chapter 7:

Disabling
To disable management via a specific VLAN interface for a host: 1. Enter the configure terminal mode. Example
OS9000# configure terminal OS9000(config)#

2. Select the existing interface via which management is to be disabled by invoking one of the following commands: Out-of-band Interface interface out-of-band eth0 Example
OS9000(config)# interface out-of-band eth0 OS9000(config-eth0)#

VLAN Interface interface IFNAME where, IFNAME is the ID of an existing VLAN interface (e.g., vif1, vif2, etc.). Example
OS9000(config)# interface vif2 OS9000(config-vif2)#

3. Disable a management type (SNMP or TELNET or etc.) by invoking the command: no management snmp|telnet|ssh| [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] is IP address of the management host. Example
OS9000# configure terminal OS9000(config)# interface vif2 OS9000(config-vif2)# no management snmp 193.222.48.105/24 OS9000(config-vif2)#

TFTP Server Mode

A TFTP client can be connected to an OS9000 interface in order to back up the configuration files stored in the OS9000. The OS9000 operates as a TFTP server.

Enabling
To enable access via a specific interface for a TFTP client: 1. Enter the configure terminal mode. Example
OS9000# configure terminal OS9000(config)#

2. Select the existing interface via which access is to be enabled for a TFTP client by invoking one of the following commands: Out-of-band Interface interface out-of-band eth0 Example
OS9000(config)# interface out-of-band eth0 OS9000(config-eth0)#

VLAN Interface interface IFNAME where, IFNAME is the ID of an existing VLAN interface (e.g., vif1, vif2, etc.).

April 2006

129

ML48261, Rev. 02 Interfaces Example

OS9000(config)# interface vif2 OS9000(config-vif2)#

Chapter 7:

3. Enable access for a TFTP client by invoking the command: management tftp [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] is IP address (with or without mask) of the TFTP client. Example
OS9000# configure terminal OS9000(config)# interface vif2 OS9000(config-vif2)# management tftp 193.222.48.105/24 OS9000(config-vif2)#

Disabling
To disable access via a specific interface for a TFTP client: 1. Enter the configure terminal mode. 2. Select the existing interface via which access is to be disabled for a TFTP client by invoking one of the following commands: Out-of-band Interface interface out-of-band eth0 Example
OS9000(config)# interface out-of-band eth0 OS9000(config-eth0)#

VLAN Interface interface IFNAME where, IFNAME is the ID of an existing VLAN interface (e.g., vif1, vif2, etc.). Example
OS9000(config)# interface vif2 OS9000(config-vif2)#

3. Disable access for a TFTP client by invoking the command: no management tftp [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] is IP address (with or without mask) of the TFTP client. Example
OS9000# configure terminal OS9000(config)# interface vif2 OS9000(config-vif2)# no management tftp 193.222.48.105/24 OS9000(config-vif2)#

Statistics
To view the statistics on one or more interfaces: 1. Enter enable mode or configure terminal mode. 2. Invoke the command: monitor interface statistics INTERFACE where, monitor Display with refresh interface Interface related action statistics Statistics related action

April 2006

130

ML48261, Rev. 02 Interfaces

Chapter 7:

INTERFACE Interface ID having the format vifX, where X is a decimal number in the range 1-4095 as shown in the example below: OS9000(OS9000# monitor interface statistics vif7 The following counters count only frames received and transmitted by the CPU !!! vif7 Link encap:Ethernet HWaddr 00:0F:BD:00:05:B8 inet addr:192.28.173.56 Bcast:192.83.173.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:348209 errors:0 dropped:0 overruns:0 frame:0 TX packets: 348209 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:72045813 (0.0 B) TX bytes: 72045813 (0.0 B)

To exit monitoring, press Ctrl C or Ctrl Z .

Deleting
To delete an existing VLAN interface: 1. Enter the configure terminal Example
OS9000# configure terminal OS9000(config)#

2. Delete the existing interface by invoking one of the following commands:: Out-of-band Interface no interface out-of-band eth0 Example
OS9000(config)# no interface out-of-band eth0 OS9000(config-eth0)#

VLAN Interface no interface IFNAME where, IFNAME Example is the ID of the existing interface (e.g., vif1, vif2, etc.).

OS9000(config)# no interface vif1 interface vif1 was deleted OS9000(config)#

April 2006

131

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 8:

Local and Remote Management

General
This chapter introduces the general management functions of the OS9000. In particular, the SNMP protocol versions SNMPv1, SNMPv2, and SNMPv3 are supported. SNMP can be used to manage the OS9000 using an NMS application particularly MRVs MegaVisionPro, which provides complete management. Standard MIBs as well as MRV Private MIBs are supported. These MIBs include: MIB-II, RMON MIB (Statistics, History, Alarms, and Events), etc. The following types of OS9000 management can be performed: Configuration Management Performance Management Security Management Accounting Management Fault Management

Configuration Management
Configuration management is used to monitor and modify network and system configuration data so that the effects on network operation can be tracked and managed.

Performance Management
Service Level Agreement (SLA)
Various interface statistics can be collected from the OS9000 to measure the performance level. These statistics can be included as metrics in the SLA. Statistics are provided by counters which give readings of conforming byte rates and excess byte rates as determined by policing (data rate limit) for diagnosing performance-related problems.

Performance Monitoring, Measurement, and Reporting

The polling mechanism in an NMS can be utilized for data collection purposes. MRVs MegaVisionPro SNMP application is capable of collecting, storing, and presenting polled data.

Security Management
Extensive security tools of the OS9000 include: Access Security a security feature that allows access to the OS9000 management agent only with user-specified IP addresses and management protocols (e.g., SNMP or TELNET) via user-specified interfaces. Details are given in Chapter 5: CLI Management. DoS Prevention Prevention of flooding of a network with undesired traffic to the extent that the network is no longer able to provide services. DoS attacks can be prevented directly or indirectly using a combination of one or more of the following capabilities of the OS9000. SNMPv3 MD5 and DES encryption techniques for security provision

April 2005

132

ML48261, Rev. 02 Local and Remote Management SSH remote management security

Chapter 8:

Access List (ACL) (Chapter 16: Access List, page 179) for preventing DoS attacks by using a range of layerindependent access and QoS protective techniques Access Security (Access Security, page 85) for restricting access according to IP Address and application Internal CPU firewall protection blocks all unauthorized management connections by default, allowing only PING (Chapter 25: Service Assurance PING, page 299) Remote Authentication Dial-In User Service (RADIUS) authentication of user name, password, and privilege level (Chapter 22: Authentication, Authorization, and Accounting (AAA), page 265) Rate-limiting of flood packets (Chapter 11: Rate-Limiting of Flood Packets, page 158)

Accounting Management
Accounting Management is used to measure network utilization parameter values so that individual or group users on the network can be regulated appropriately for the purposes of accounting. OS9000 provides the regulatory service Rate Limit (Policing) and accounting service described in Chapter 16: Access List, page 179.

Fault Management
Fault management is used to detect, log, and notify administrators to correct faults so that the network can keep running efficiently. The OS9000 is capable of alerting stations running a management application (e.g., MRVs MegaVisionPro) when a fault occurs in the system. Fault detection is accomplished when the OS9000 sends SNMP trap messages, SNMP polling, remote monitoring (RMON) thresholds, and system log messages. The application alerts the end user to a fault and the OS9000 can be configured to trigger corrective actions.

MIBs
The OS9000 has an SNMP agent that reports MIB information to the SNMP NMS when requested. The OS9000 supports the standard and private MIBs. Details are given in Appendix I: Product Specification, page 371.

Remote Management Setup

For remote management (TELNET/SSH/SNMP), do the following using a craft terminal: 1. Enter passwords as described in the section First Time Access Root and Admin Passwords Configuration, page 65. 2. Configure the out-of-band or VLAN interface as described below. Configuration must include IP address, enabling management, and, in the case of the VLAN interface, including ports and assigning a tag. Details are given below. Next, make sure that a connection exists between the management station and the OS9000 MGT ETH port (out-of-band interface) or a LAN/WAN port (VLAN interface) see Figure 2, page 41. The connection is shown in the section TELNET/SSH Station or SNMP NMS (For Out-of-band Management), page 60.

April 2006

133

ML48261, Rev. 02 Local and Remote Management

Chapter 8:

Out-of-band Ethernet Management

The procedure applies for a management station connected to the OS9000 MGT ETH interface (port). Details on how to enter modes and invoke commands are given in Chapter 5: CLI Management, page 64. 1. Enter the configure terminal mode. Example: OS9000# configure terminal OS9000(config)# 2. Enter the out-of-band interface mode by invoking the command: interface out-of-band eth0 Example: OS9000(config)# interface out-of-band eth0 OS9000(config-eth0)# 3. Assign an IP address to the out-of-band interface by invoking the command: ip A.B.C.D/M where, A.B.C.D/M Example:
OS9000(config-eth0)# ip 193.07.222.11/24 OS9000(config-eth0)#

is the IP address/Mask of the interface.

4. Enable a management type (SNMP or TELNET or etc.) by invoking the command: management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] (optional) IP address (with or without mask) of the management host or management subnet (IP address/mask). Example OS9000(config-eth0)# management telnet 192.88.102.57/24 OS9000(config-eth0)# Perform the PING test at the management station to determine whether there is IP connectivity to the remote OS9000 as follows: 5. Enter enable mode, and check for communication between the management station and the OS9000 by invoking the CLI command: ping WORD [COUNT] where, WORD is Ping destination address or hostname

[COUNT] (optional) Number of ping requests to send (use 0 for unlimited number)

Inband Management
The procedure applies for a management station connected to an OS9000 LAN/WAN port. (Details on how to enter modes and invoke commands are given in Chapter 5: CLI Management, page 64.) 1. Make sure that a VLAN interface exists. If it does not exist, configure a VLAN interface as described in the section Configuring, page 119. 2. Enter the mode of the VLAN interface. The mode is indicated by the ID (i.e., vifX, where X represents a number) of the VLAN interface in the system prompt. To enter the mode of the (existing) VLAN interface, enter configure terminal mode and then invoke the command: interface IFNAME

April 2006

134

ML48261, Rev. 02 Local and Remote Management where, IFNAME is the ID (e.g., vif1) of the VLAN interface.

Chapter 8:

Example: OS9000(config)# interface vif1 OS9000(config-vif1)# 3. Ensure that an IP address is assigned to the VLAN interface. This can be done by invoking the command: show Example OS9000(config-vif1)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif1 vif1 192.12.13.14/24 DO 00:0F:BD:00:05:B8 2005 1-4 OS9000(config-vif1)# To assign an IP address (possibly new) to the VLAN interface, invoke the command ip A.B.C.D/M where, A.B.C.D/M is the IP address/Mask of the interface.

Example: OS9000(config-vif1)# ip 192.11.88.114/24 OS9000(config-vif1)# OS9000(config-vif1)# 4. Ensure that management is enabled for the IP address assigned to the VLAN interface. This can be done by invoking the command: 5. Enable a management type (SNMP or TELNET or etc.) by invoking the command: management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS] where, [SOURCE_IPV4_ADDRESS] (optional) is IP address of the management host or management subnet (IP address/mask). Example OS9000(config-vif1)# management telnet 192.11.88.114/24 OS9000(config-vif1)# show Name M Device IP State MAC Tag Ports ------------------------------------------------------------------------------vif1 * vif1 192.12.13.14/24 DO 00:0F:BD:00:05:B8 2005 1-4 OS9000(config-vif1)# The asterisk (*) in the column M indicates that management has been enabled. Perform the PING test at the management station to determine whether there is IP connectivity to the remote OS9000 as follows: 6. Enter enable mode, and check for communication between the management station and the OS9000 by invoking the CLI command: ping WORD [COUNT] where, WORD is Ping destination address or hostname

[COUNT] (optional) is Number of ping requests to send (use 0 for unlimited number)

April 2006

135

ML48261, Rev. 02 Local and Remote Management

Chapter 8:

SNMP or Web-Based Management

For SNMP and Web-based management of the OS9000 (and other MRV SNMPmanageable products) using MRVs MegaVisionPro Web-Based Network Management application, refer to MRVs MegaVision NMS User Manual.

April 2006

136

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Chapter 9:

Multiple-Instance Spanning-Tree Protocol (MSTP)

General
The newest spanning-tree protocol MSTP (IEEE 802.1s standard) is implemented in the OS9000. MSTP is backward compatible with the spanning-tree protocols STP (IEEE 802.1D standard) and RSTP (IEEE 802.1w standard) so that the OS9000 can be used in a network consisting of devices operating in STP, RSTP, and MSTP.

Definition
MSTP allows for the creation of multiple MSTIs on a network with network inter-node links that can be shared by any number of MSTIs. An MSTI is a mechanism that creates traffic bridges between devices on a network in the spanning-tree topology21 while permitting redundant links that it may use as new bridges in the event of a change in the networks topology.

Purposes
To: 1. Prevent collapse of communication over a network whose topology is changed dynamically. 2. Address the needs of increasingly faster Ethernet networks with mission critical applications requiring fast convergence/recovery. (The convergence/recovery time is 50 to 200ms, depending on the network). 3. Maximize traffic flow across a network by optimizing resource utilization (for e.g., by utilizing unused inter-node links). 4. Balance traffic flow across the network. 5. Improve fault tolerance by enabling traffic to flow unaffected in MSTIs even when failure occurs in one or more other MSTIs.

MSTIs
General
An MSTI consists of a grouping of VLANs. Up to 64 MSTIs can be created by the user. Each MSTI has the functionality, capabilities, and advantages of RSTP. Traffic belonging to the VLANs of an MSTI flow through the MSTI path, which is constructed by MSTP. Traffic of MSTIs flow independently of one another. Accordingly, if, for example, a specific port is in the blocking state for MSTI I1 and not for MSTI I2, traffic with tags of I1 will be blocked at the port while traffic with tags of I2 will be forwarded at the port. Figure 19, below, shows three active MSTIs on a network. The MSTI paths may be changed by MSTP when a port is blocked for certain VLANs or when a link in the path is broken.

A tree topology ensures that only one path exists between any two endstations on the network. Closed loops are opened and a redundant standby path is made available to traffic in the event that the primary (active) path is disrupted.

21

April 2005

137

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 19: MSTIs on a Physical Network RSTP switches are able to process MSTP BPDUs as if they are RSTP BPDUs. Also, MSTP switches are able to process RSTP BPDUs as if they are MSTP BPDUs. Accordingly, MSTP switches send MSTP BPDUs to RSTP switches, and RSTP switches send RSTP BPDUs to MSTP switches. However, if an MSTP switch is connected to an STP switch, the MSTP switch sends STP BPDUs to the STP switch.

Default MSTI
The default MSTI is called CIST (Common and Internal Spanning Tree). This MSTI is preconfigured and cannot be deleted. All VLANs that are not members of other MSTIs, are members of CIST. Its ID is 0. When VLANs are created, they are automatically included in the CIST. To remove a VLAN from the CIST another MSTI must be created by the user and the VLAN tag must be moved to this MSTI. In addition to its role as the default MSTI, CIST interconnects regions and single-instance spanning-tree entities (such as STP and RSTP switches), relating to each region (described in the section Regions, page 139) and STP/RSTP device as a single virtual bridge. MSTP uses CIST in creating a spanning tree path interconnecting MST regions and SST22 entities. In a network of regions and SST entities, each region or SST entity views another region or SST entity that is directly connected to it as a single spanning-tree bridge. In a region, the SST entity that directly connects to another region is the CIST regional root bridge. One of the CIST regional root bridges is set by MSTP as the CIST root bridge.

22

SST is STP or RSTP.

April 2006

138

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 20: CIST (Default MSTI) on a Physical Network

Regions
A region is a set of interconnected switches all of which have the same values for the following MST parameters: Name of the MST region Revision number of the current MST configuration (default 0) Digest, i.e., VLANs-to-MSTI mappings Note A region may include one or more MSTIs as shown in Figure 21, page 140. Each region is seen as a single bridge by other regions. In configuring multiple regions, it must be noted that any MSTI in one region is completely independent of any MSTI in another region even if the MSTIs have the same ID! That is, traffic in one region is directed independently of traffic in another region.

April 2006

139

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 21: Regions on a Physical Network

Principle of Operation
Bridge Roles
In MSTP, a switch can have one of the following roles: Root Bridge The bridge that is at the root of a logical tree-topology interconnection of bridges created by the MSTP. The bridge that has the lowest bridge ID in the network is selected as the Root Bridge. Designated Bridge The bridge that can provide the best route to the Root Bridge. April 2006 140

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Port Roles
In MSTP, a port can have one of the following roles: Root Port The port via which the best route (having the lowest path-cost) is taken to the Root Bridge. The Root Port can be in any of the following states: Forwarding, Learning, or Discarding. Designated Port A port of a bridge that internally sends/receives to/from the Root Port of the same bridge. Several Designated Ports may exist in an active MSTP configuration. The Designated Port can be in any of the following states: Forwarding, Learning, or Discarding. Alternate Port Standby to the Root Port. In discarding state, the port to which it is linked is always Designated Port. Several Alternate Ports may exist in an active MSTP configuration. The Alternate Port can be only in the following state: Discarding. Backup Port Backup to the Designated Port. The Backup Port and Designated Port are connected to a device (e.g., hub) that provides traffic sharing on a LAN media segment. The Backup Port can be only in the following state: Discarding. Disabled Port Does not participate in MSTP.

Physical and Active Topologies

Figure 22, below, shows a network of interconnected bridges (physical topology) participating in MSTP. The active topology excludes the direct connection between bridge B and C and between the Hub and Backup Port. If any one of the four physical links interconnecting B, C, D, and E, fails MSTP will activate the other three to maintain the requisite spanning-tree bridging topology.

April 2006

141

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 22: Network Running MSTP

Rules
The following rules apply to MSTP. 1. Up to 64 MSTIs can be created per region. 2. A VLAN can be included in only one MSTI. 3. Regions are automatically created if the values of the three region parameters (specified in the section Regions, page 139) are not identical on all the OS9000s in the network. 4. A region can include several MSTIs. 5. Traffic in one region is directed independently of traffic in another region. 6. The ID of CIST (default MSTI) is 0 and cannot be changed. 7. A user-created MSTI may be assigned any ID in the range 1 to 255. 8. All VLANs assigned to the same instance will have the same active topology. 9. A network including STP- or RSTP-activated switches (in addition to MSTP-activated switches) must use CIST.

Applications
This section presents three typical MSTI applications in networks to show the scope of MSTP. They are:

April 2006

142

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Single MSTI Multiple MSTIs without Load Balancing Multiple MSTIs with Load Balancing

Single MSTI
General In this application, the default MSTI (CIST) is used to interconnect the whole network. Only the single command enable needs to be invoked to actively sustain the spanning tree topology for the entire network. Example Figure 23, below, shows a network using CIST to interconnect OS9000s. The simple topology of the network makes it easier to understand the application. In one of possible active CIST configurations, port blocking prevents traffic flow on the link between OS9000 C and OS9000 D . However, traffic can flow on all the other links. OS9000 A is shown as the current CIST Root Bridge.

Figure 23: CIST-configured Network Configuration Procedure To use CIST to interconnect the switches of a network, simply invoke the following command: enable as shown in the example below: Example:
OS9000> enable OS9000# configure terminal OS9000(config)# spanning-tree OS9000(config-mstp) enable

The command enables MSTP, which prevents traffic flow between OS9000 C and OS9000 D . A spanning tree is configured on the network according to default values (e.g., bridge priority, port pathcost, etc.). CIST is the only active MSTI and includes all VLANs.

April 2006

143

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP) View

Chapter 9:

To view which ports are blocking and which are forwarding, invoke the command: show spanning-tree port 1-2 To view which OS9000 is the root bridge, invoke the command: show spanning-tree instance 0 Note By default, the port on the OS9000 that has the longest distance to the root is blocked.

Multiple MSTIs without Load Balancing

General In this application, multiple MSTIs (each having several VLANs) are applied to a network without utilizing the traffic load balancing capability of multiple MSTIs. Example Figure 24, below, shows a network built with four OS9000s: OS9000 A , OS9000 B , OS9000 C , and OS9000 D . On each OS9000, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4. vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned tag 140. Two MSTIs are configured on each of the OS9000s: 1 and 2. MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on these interfaces. By default, the OS9000 with lowest MAC address is set as the root bridge by MSTP. Since the two MSTIs 1 and 2 are configured on all the OS9000s in the network, the OS9000 with the lowest MAC address is set as the common root bridge for the MSTIs. OS9000 A is shown as the common root bridge. In one of several possible active MSTI 1 or MSTI 2 configurations, the link between OS9000 A and OS9000 D is blocked for all traffic. As a result, both MSTI 1 and MSTI 2 traffic entering OS9000 A is directed over the same link (between OS9000 A and OS9000 B ).

April 2006

144

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 24: Multiple-MSTI Network without Load Balancing Configuration Procedure The procedure for configuring multiple MSTIs on OS9000s without traffic load balancing is described using the network in Figure 24 as an example. Perform the procedure for each OS9000. 1. Create the interfaces (VLANs, i.e., vif1, vif2, vif3, and vif4) to be included in MSTIs using either of the following commands, once for each interface: For Tag-based, Non-IP type interfaces23 interface vlan IFNAME where, vlan VLAN

IFNAME Interface ID having the format vifX, where X is a decimal number in the range 1-4095 as shown in the example below: Example:
OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated.

23

A tag-based interface has a unique IEEE 802.1Q VLAN ID. A Non-IP type interface has no IP address.

April 2006

145

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4 OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)#

Chapter 9:

2. Enter the spanning-tree mode using the command: spanning-tree as shown below: Example:
OS9000(config-vif4)# exit OS9000(config)# spanning-tree OS9000(config-mstp)#

3. Create MSTIs using the command: instance <0-64> vlan TAGS-LIST where, instance MSTI <0-64> Range of valid MSTI IDs from which one ID is to be selected. vlan VLANs are to be mapped to the MSTI. TAGS-LIST List of VLAN tags to be members of the specific MSTI. as shown in the example below: Example:
OS9000(config-mstp)# instance 1 vlan 110,120 OS9000(config-mstp)# instance 2 vlan 130,140 OS9000(config-mstp)#

4. Enable MSTP for the OS9000 using the command: enable Example:
OS9000(config-mstp) enable OS9000(config-mstp)#

View To view which ports are blocking and which are forwarding, invoke the command: show spanning-tree port 1-2 To view which OS9000 is the root bridge, invoke the commands: show spanning-tree instance 1 show spanning-tree instance 2 Note By default, the port on the OS9000 that has the longest distance to the root is blocked.

April 2006

146

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Multiple MSTIs with Load Balancing

General In this application, multiple MSTIs (each having several VLANs) are applied to a network utilizing the traffic load balancing capability of multiple MSTIs. Example Figure 25, below, shows a network built with four OS9000s: OS9000 A , OS9000 B , OS9000 C , and OS9000 D . On each OS9000, four interfaces (VLANs) are configured: vif1, vif2, vif3, and vif4. vif1 is assigned tag 110. vif2 is assigned tag 120. vif3 is assigned tag 130. vif4 is assigned tag 140. Two MSTIs are configured on each of the OS9000s: 1 and 2. MSTI 1 contains the interfaces vif1 and vif2, and serves as a pathway for traffic on these interfaces. MSTI 2 contains the interfaces vif3 and vif4, and serves as a pathway for traffic on these interfaces. Bridge priority is configured for each instance on the OS9000s (using the command instance INSTANCE_ID priority NUMBER in the mode spanning-tree). The two OS9000s with the lowest bridge priority in each MSTI are set as the root bridge by MSTP. OS9000 B is shown as the root bridge in MSTI 1. OS9000 D is shown as the root bridge in MSTI 2. In one of several possible active MSTI 1 or MSTI 2 configurations, vif1 and vif2 traffic entering OS9000 A is directed on the link between OS9000 A and OS9000 B while vif3 and vif4 traffic entering OS9000 A is directed on the link between OS9000 A and OS9000 D . That is, MSTI 1 and MSTI 2 traffic is divided between links. Thus, load balancing of traffic entering OS9000 A is achieved.

Figure 25: Multiple-MSTI Network with Load Balancing Configuration Procedure The procedure for configuring multiple MSTIs on OS9000s with traffic load balancing is described using the network in Figure 25 as an example.

April 2006

147

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP) Perform the procedure for each OS9000.

Chapter 9:

1. Create the interfaces (VLANs, i.e., vif1, vif2, vif3, and vif4) to be included in MSTIs as follows, noting that the assignment of IP address is optional since it is not required for MSTIs: a. Invoke the commands: interface vlan vif1, ports 1-3, tag 110, and ip 20.30.30.34/24. b. Invoke the commands: interface vlan vif2, ports 4-6, tag 120, and ip 60.10.10.10/24. c. Invoke the commands: interface vlan vif3, ports 7-9, tag 130, and ip 70.30.30.34/24.

d. Invoke the commands: interface vlan vif2, ports 10-12, tag 140, and ip 80.30.30.34/24. as shown in the example below: Example
OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif4)# ip 20.30.30.34/24 OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated. OS9000(config-vif4)# ip 60.10.10.10/24 OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif4)# 70.30.30.34/24 OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4 OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)# ip 80.30.30.34/24 OS9000(config-vif4)#

2. Enter the spanning-tree mode using the command: spanning-tree as shown below: Example:
OS9000(config-vif4)# exit OS9000(config)# spanning-tree OS9000(config-mstp)#

April 2006

148

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

3. Create MSTIs using the command: instance <0-64> vlan TAGS-LIST where, instance MSTI <0-64> Range of valid MSTI IDs from which one ID is to be selected. vlan VLANs are to be mapped to the MSTI. TAGS-LIST List of VLAN tags to be members of the specific MSTI. as shown in the example below: Example:
OS9000(config-mstp)# instance 1 vlan 110,120 OS9000(config-mstp)# instance 2 vlan 130,140 OS9000(config-mstp)#

4. Set the bridge priority using the command: instance <0-64> priority NUMBER where, instance MSTI <0-64> Range of valid MSTI IDs from which one ID is to be selected. priority Bridge priority of the OS9000. NUMBER Value of the priority. Any value in the range <0-61440> may be selected provided it is a multiple 4096. as shown in the example below: Example:
OS9000(config-mstp)# instance 1 priority 4096 accepted: dec=4096 or hex=0x1000 OS9000(config-mstp)#

5. Option: Set the port priority using the command: instance <0-64> port PORTS-GROUP priority NUMBER where, instance MSTI <0-64> Range of valid MSTI IDs from which one ID is to be selected. port Port configuration. PORTS-GROUP Group of Ports. priority Bridge priority of the OS9000. NUMBER Value of the priority. Any value in the range <0-240> may be selected provided it is a multiple 16. as shown in the example below: Example:
OS9000(config-mstp)# instance 1 port 1-3 priority 80 OS9000(config-mstp)#

6. Option: Set the port path cost using the command: instance <0-64> port PORTS-GROUP path-cost NUMBER|auto where, instance MSTI <0-64> Range of valid MSTI IDs from which one ID is to be selected. port Port configuration. PORTS-GROUP Group of Ports. path-cost Port path cost of the OS9000. NUMBER Value of the priority. Any value in the range 1-200000000 may be selected.

April 2006

149

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP) auto Automatic setting of port path cost. as shown in the example below: Example:
OS9000(config-mstp)# instance 1 port 1-3 path-cost 800000 OS9000(config-mstp)#

Chapter 9:

Note To make OS9000 B the root bridge of MSTI 1, set its bridge priority to the lowest among the other OS9000s for MSTI 1. To make OS9000 D the root bridge of MSTI 2, set its bridge priority to the lowest among the other OS9000s for MSTI 2. 7. Enable MSTP for the OS9000 using the command: enable Example:
OS9000(config-mstp) enable OS9000(config-mstp)#

Configuration Example
The following example shows how to configure the in the network of Figure 25 for traffic load balancing. Configuration of the remaining OS9000s is similar. OS9000 A Configuration
MRV OptiSwitch 9024 version d1734-22-09-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan ? IFNAME Interface device-name as vif# (i.e vif3 ) OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif1)# ip 20.30.30.35/24 OS9000(config-vif1)# name Jojo1 OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated. OS9000(config-vif2)# ip 60.10.10.11/24 OS9000(config-vif2)# name Jojo2 OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif3)# ip 70.30.30.35/24 OS9000(config-vif3)# name Jojo3 OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4

April 2006

150

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)# ip 80.30.30.35/24 OS9000(config-vif4)# name Jojo4 OS9000(config-vif4)# exit OS9000(config)# spanning-tree OS9000(config-mstp)# instance 1 priority 16384 accepted: dec=4096 or hex=0x1000 OS9000(config-mstp)# instance 2 priority 20480 accepted: dec=8192 or hex=0x2000 OS9000(config-mstp)# instance 1 port 1-3 priority 64 OS9000(config-mstp)# instance 1 port 4-6 priority 80 OS9000(config-mstp)# instance 1 port 7-9 priority 96 OS9000(config-mstp)# instance 1 port 10-12 priority 112 OS9000(config-mstp)# instance 1 port 1-12 path-cost auto OS9000(config-mstp)# instance 2 port 1-12 path-cost auto OS9000(config-mstp)# enable OS9000(config-mstp)#

Chapter 9:

OS9000 B Configuration
MRV OptiSwitch 9024 version d1734-22-09-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan ? IFNAME Interface device-name as vif# (i.e vif3 ) OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif1)# ip 20.30.30.34/24 OS9000(config-vif1)# name Zorro1 OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated. OS9000(config-vif2)# ip 60.10.10.10/24 OS9000(config-vif2)# name Zorro2 OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif3)# ip 70.30.30.34/24 OS9000(config-vif3)# name Zorro3 OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4 OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)# ip 80.30.30.34/24 OS9000(config-vif4)# name Zorro4 OS9000(config-vif4)# exit OS9000(config)# spanning-tree

April 2006

151

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

OS9000(config-mstp)# instance 1 priority 4096 accepted: dec=4096 or hex=0x1000 OS9000(config-mstp)# instance 2 priority 8192 accepted: dec=8192 or hex=0x2000 OS9000(config-mstp)# instance 1 port 1-3 priority 16 OS9000(config-mstp)# instance 1 port 4-6 priority 32 OS9000(config-mstp)# instance 1 port 7-9 priority 48 OS9000(config-mstp)# instance 1 port 10-12 priority 64 OS9000(config-mstp)# instance 1 port 1-12 path-cost auto OS9000(config-mstp)# instance 2 port 1-12 path-cost auto OS9000(config-mstp)# enable OS9000(config-mstp)#

Chapter 9:

OS9000 C Configuration
MRV OptiSwitch 9024 version d1734-22-09-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan ? IFNAME Interface device-name as vif# (i.e vif3 ) OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif1)# ip 20.30.30.33/24 OS9000(config-vif1)# name Lupo1 OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated. OS9000(config-vif2)# ip 60.10.10.9/24 OS9000(config-vif2)# name Lupo2 OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif3)# ip 70.30.30.33/24 OS9000(config-vif3)# name Lupo3 OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4 OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)# ip 80.30.30.33/24 OS9000(config-vif4)# name Lupo4 OS9000(config-vif4)# exit OS9000(config)# spanning-tree OS9000(config-mstp)# instance 1 priority 20480 accepted: dec=4096 or hex=0x1000 OS9000(config-mstp)# instance 2 priority 24576 accepted: dec=8192 or hex=0x2000 OS9000(config-mstp)# instance 1 port 1-3 priority 80 OS9000(config-mstp)# instance 1 port 4-6 priority 96 OS9000(config-mstp)# instance 1 port 7-9 priority 112 OS9000(config-mstp)# instance 1 port 10-12 priority 128

April 2006

152

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

OS9000(config-mstp)# instance 1 port 1-12 path-cost auto OS9000(config-mstp)# instance 2 port 1-12 path-cost auto OS9000(config-mstp)# enable OS9000(config-mstp)#

Chapter 9:

OS9000 D Configuration
MRV OptiSwitch 9024 version d1734-22-09-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan ? IFNAME Interface device-name as vif# (i.e vif3 ) OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1-3 OS9000(config-vif1)# tag 110 Interface is activated. OS9000(config-vif1)# ip 20.30.30.33/24 OS9000(config-vif1)# name Lupo1 OS9000(config-vif1)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 4-6 OS9000(config-vif2)# tag 120 Interface is activated. OS9000(config-vif2)# ip 60.10.10.9/24 OS9000(config-vif2)# name Lupo2 OS9000(config-vif2)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 7-9 OS9000(config-vif3)# tag 130 Interface is activated. OS9000(config-vif3)# ip 70.30.30.33/24 OS9000(config-vif3)# name Lupo3 OS9000(config-vif3)# exit OS9000(config)# interface vlan vif4 OS9000(config-vif4)# ports 10-12 OS9000(config-vif4)# tag 140 Interface is activated. OS9000(config-vif4)# ip 80.30.30.33/24 OS9000(config-vif4)# name Lupo4 OS9000(config-vif4)# exit OS9000(config)# spanning-tree OS9000(config-mstp)# instance 1 priority 8192 accepted: dec=4096 or hex=0x1000 OS9000(config-mstp)# instance 2 priority 4096 accepted: dec=8192 or hex=0x2000 OS9000(config-mstp)# instance 1 port 1-3 priority 16 OS9000(config-mstp)# instance 1 port 4-6 priority 32 OS9000(config-mstp)# instance 1 port 7-9 priority 48 OS9000(config-mstp)# instance 1 port 10-12 priority 64 OS9000(config-mstp)# instance 1 port 1-12 path-cost auto OS9000(config-mstp)# instance 2 port 1-12 path-cost auto OS9000(config-mstp)# enable OS9000(config-mstp)#

April 2006

153

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Viewing Spanning-Tree State

To display information on the ports participating in a specific MSTI, invoke the command: show spanning-tree instance <0-64> where, <0-64> is the range of valid MSTI IDs from which one ID is to be selected. as shown in the example below: Example:
OS9000(config-mstp)# show spanning-tree instance 1 Instance: id=1 name='MSTi1' Ports: Tags: 999 BridgeId: 1001-000fbd0005b2 Designated Root: 1001-000fbd0005b2 Root Port: none (RootBridge) Designated Brdg: 1001-000fbd0005b2 remainingHops: 14 Topology Change Count: Time Since Topology Change: OS9000(config-mstp)#

Bridge Priority:

4096 (0x1000)

Instance MaxHops: 0 00:06:28

14

Viewing Port States

To display information on the ports participating in a specific MSTI, invoke the command: show instance <0-64> [ports PORTS-GROUP] where, <0-64> is the range of valid MSTI IDs from which one ID is to be selected. ports is a keyword which must be typed in if information is to be displayed on selective ports participating in the specific MSTI. PORTS-GROUP is the group of ports participating in the specific MSTI. as shown in the example below: Example:
OS9000(config-mstp)# show instance 1 port 3 Instance: 1 Tags: 110,120 Stp Port: 3 PortId: 1003 in 'MSTi1' Priority: 16 Uptime: 00:30:45 State: Disabled Int. PortPathCost: admin: Auto oper: 20000000 Point2Point: admin: ForceYes oper: Yes Partner: oper: MSTP Edge: admin: N auto oper: N MSTI msgs: rx: 0 tx: 0 OS9000(config-mstp)#

April 2006

154

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Chapter 10:

Tunneling of Layer 2 Protocols

General
Tunneling of Layer 2 Protocols is a technology for providing separate instances of MAC services to multiple independent users of a carrier network (shared service provider network). Each instance is an interconnection of several sites of the same customer that are distributed across a carrier network. The interconnection is made possible using the same VLAN ID for the sites. The carrier network is utilized as a completely transparent transport medium between the sites so that the sites appear to be directly interconnected. In addition to its Q-in-Q capability, tunneling can be used to send Layer 2 protocol PDUs, such as, MSTP BPDUs or CDP PDUs that scale the provider network in order to bridge the customer sites into one network under a single domain of the protocol. For example, a group of sites can be bridged into one VLAN under a single MSTP domain. There are currently two models for implementing Layer 2 tunneling: IEEE 802.1ad Provider Bridges The OS9000 uses Ciscos model and is, therefore, compatible with Cisco devices. Note Traffic from ports configured as tunnel ports do not participate in MSTP.

Cisco Layer 2 Protocol Tunneling

Principle of Operation
Layer 2 PDUs entering an Edge switch from its access (customer) side have their Destination MAC address changed to a special MAC address. This new MAC address makes the PDUs appear as ordinary data packets to the carrier network. The PDUs are then forwarded on the carrier network using their VLAN ID. Core switches in the carrier network forward these PDUs to the Edge switches at the other sites of the customer without processing them. The PDUs at these switches have their Destination MAC address changed back to the previous Destination MAC address, and identical copies are delivered to all customer ports in the same VLAN.

April 2005

155

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Figure 26: Layer 2 Protocol Tunneling

Configuration
The procedure for configuring edge OS9000s (that have ports connected to the sites of a customer) to provide Layer 2 tunneling over a carrier network is as follows: At each customer site (OS9000 site): 1. Connect the customer 802.1Q VLAN trunk ports to the Edge OS9000 ports (called tunnel ports). 2. Create a VLAN (as described in the Chapter 7: Interfaces, page 118) on the Edge OS9000 that includes the tunnel ports. 3. In the spanning-tree mode, invoke the command: tunnel-ports PORTS-GROUP where, PORTS-GROUP is the group of ports to be configured as tunnel ports

Viewing
To display the tunneling configuration, invoke the command: 1. Enter configure terminal mode. 2. Enter spanning-tree mode. 3. Invoke the command: show tunnel-ports

Deleting
To delete tunneling on one or more ports, invoke the command: 1. Enter configure terminal mode. 2. Enter spanning-tree mode. 3. Invoke the command: no tunnel-ports

April 2006

156

ML48261, Rev. 02 Multiple-Instance Spanning-Tree Protocol (MSTP)

Chapter 9:

Example
Below, is an example showing the user inputs (in bold) for configuring tunnel ports and OS9000 outputs on the CLI screen.
OS9000> enable OS9000# configure terminal OS9000(config)# spanning-tree OS9000(config-mstp)# tunnel-ports ? PORTS-GROUP Group of Ports OS9000(config-mstp)# tunnel-ports 2-5,8 OS9000(config-mstp)# show tunnel-ports Tunnel-ports: 2-5,8 OS9000(config-mstp)#

April 2006

157

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 11:

Rate-Limiting of Flood Packets

Definition
A service for limiting the rate of ingress packets at ports on interfaces. (To limit the rate of egress packets, the traffic shaping function, described in the section Shaping (Rate Limiting) on page 228, can be used.)

Purpose
To prevent excessively high packet rates at ports that are potentially hazardous to the operation of bridged networks.

Applicability
Rate Limiting can be applied to broadcast as well as to multicast packets, and can be set to any value in the range 640K to 1G bits/sec. (To apply Rate Limiting to unicast packets, the Destination Address classification can be used, by invoking the command mac-datype arp-broadcast|broadcast|multicast|unicast, as described in Chapter 16: Access Lists (ACLs), page 179.) Applying Rate Limiting to broadcast and multicast packets in effect also prevents broadcast/multicast storms that may be caused by faulty hardware or software. Broadcast/multicast packets that exceed the set limit are discarded. Note Broadcast/multicast rate limiting is the only OSI Layer 2 mechanism that can override a control packet, causing it to be dropped before it reaches the CPU.

Usage
Rate-limiting Broadcast Packets
Configure To limit the rate of broadcast packets at one or more ports: 1. Enter configure terminal mode. 2. Invoke the following command: port flood-limiting broadcasts rate VALUE PORTS-GROUP where, port Action on port. flood-limiting The flood/rate limiting mechanism. broadcasts Rate limiting of broadcast packets. rate Rate of broadcast packets. VALUE Rate value to be entered from the range <640 Kbps to 1 Gbps>. Examples are: 800k, 50m, and 1g. PORTS-GROUP Group of ports to which rate-limiting is to be applied. as shown in the example below.

April 2005

158

ML48261, Rev. 02 Rate-Limiting of Flood Packets Example

OS9000> enable OS9000# configure terminal OS9000(config)# port flood-limiting broadcasts rate 25m 3-8 Please wait. It will take up to 30 seconds OS9000(config)#

Chapter 11:

View To view the rate-limiting configured, enter enable mode and invoke the command: show port flood-limiting [PORTS-GROUP] where, [PORTS-GROUP] Group of ports for which rate-limiting is configured. as shown in the example below. Example
OS9000# show port flood-limiting 3-8 Including MAC multicasts packets in the Broadcast Rate Limiting feature is ENABLED. Including ARP broadcast packets in the Broadcast Rate Limiting feature is DISABLED. Unicast Rate Limiting is disabled Configuration of Broadcast Rate Limiting ========================================= PORT RVAL WIN RATE (bits/sec) ----------------------------------------3 1 20971 25.001m 4 1 20971 25.001m 5 1 20971 25.001m 6 1 20971 25.001m 7 1 20971 25.001m 8 1 20971 25.001m OS9000#

Rate-limiting Broadcast and Multicast Packets together

Configure To limit the rate of broadcast together with multicast packets (at one or more ports), 1. Ensure that the rate-limiting command for broadcast packets as described in the section Rate-limiting Broadcast Packets, page 158, has been executed. 2. Invoke the following command in the configure terminal mode: port flood-limiting broadcasts counted-with multicast where, port Rate-limiting as it applies to ports. flood-limiting The flood/rate limiting mechanism. broadcasts Rate limiting of broadcast packets. counted-with Additional types of packets to be counted with broadcast packets. multicast Multicast packets. as shown in the example below. Example
OS9000> enable OS9000# configure terminal OS9000(config)# port flood-limiting broadcasts counted-with multicast OS9000(config)#

April 2006

159

ML48261, Rev. 02 Rate-Limiting of Flood Packets

Chapter 11:

View To view the rate-limiting configured, enter enable mode and invoke the command: show port flood-limiting [PORTS-GROUP] where, [PORTS-GROUP] Group of ports for which rate-limiting is configured.

April 2006

160

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Chapter 12:

Chapter 12:

Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Definition
Service VLAN, VMAN, Stacked VLAN, or Q-in-Q is an IEEE 802.1ad standard mechanism that uses an extra service provider tag as part of the Ethernet frame header in order to provide IEEE 802.1Q standard VLAN interconnectivity between remote sites of a customer scattered across a service provider network.

Purpose
The purpose of Service VLANs is twofold: 1) To isolate different types of traffic from one another (on the basis of service and/or customer) in a manner that is transparent to customer VLAN traffic. 2) To bridge customers or groups of customers scattered across the service provider network Q-in-Q fulfills these purposes without interfering with the client VLAN structure while hiding the internal VLAN structure of the customer network from others.

Number of VMANs
The maximum number of VMANs that can be configured is 4K.

VMAN Ethertype
A VMAN Ethertype (service provider Ethertype or TPID24) is a value in the hex range 0 to FFFF. Two VMAN Ethertype values can be set for the OS9000. Either VMAN Ethertype can be set for each OS9000 core port25 independently. If no Ethertype is set for a core port, by default, the OS9000 uses the IEEE 802.1Q standard Ethertype 0x8100 for the port.

VMAN Tag
A VMAN (provider) tag is a value in the decimal range 0 to 4095. The VMAN tag for an access port26 is the tag of the VLAN interface of which the port is a member.

Principle of Operation
Both VMAN Ethertype and VMAN tag are required for VMAN operation. The whole range of IEEE 802.1Q VLAN tags (4K) can be tunneled via the OS9000. There is no conflict in using the same VLAN ID by different customers. A packet (tagged or untagged) entering an access port is directed to a core port. At the core port, the packet is pushed with both the VMAN Ethertype (pre-assigned by the user to the core port) and VMAN tag (tag of VLAN interface of which the access port is a member) and then forwarded on the provider network to the other networks of the customer.
24 25 26

The IEEE 802.1ad standard refers to a VMAN Ethertype as TPID (Tag Protocol IDentification). Core port is also known as provider network port. Access port is also known as provider edge port.

April 2005

161

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Chapter 12:

A packet entering a core port from the provider network is forwarded to the access port whose VLAN tag matches VMAN tag of the packet. The access port pops the VMAN Ethertype and VMAN tag and forwards the packet on the access network.

Rules
1. A VLAN interface can have several access ports as members. 2. An access port can be a member of only one VLAN interface. 3. A core port can be a member of several VLAN interfaces. (This means that packets of several VMANs can be forwarded via the same core port.)

Configuration
To configure access and core ports to operate in Q-in-Q mode: 1. Enter the configure terminal mode. 2. Ensure that the ports are members of a VLAN interface. (Configuring, page 119, shows how to configure a VLAN interface. The configuration example at the end of this chapter also shows how to configure a VLAN interface.) 3. Set each core (provider network) port of the OS9000 that is to participate in Q-inQ, using the following command: port tag-outbound-mode tagged PORTS-GROUP where, port Port configuration tag-outbound-mode Mode for egress packets tagged Tagged egress packets. (This setting is required for VMAN core ports.) PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) as shown in the example below.
OS9000(config)# port tag-outbound-mode tagged 9-11 OS9000(config)#

4. Enable VMAN operation mode for the OS9000 by invoking the command: vman-mode where, as shown in the example below.
OS9000(config)# vman-mode OS9000(config)#

5. [If only the default VMAN Ethertype (0x8100) is to be used, skip this step.] Define the VMAN Ethertypes using the command: vman core-ethertype-1 ETHERTYPE core-ethertype-2 ETHERTYPE where, vman VMAN configuration. core-ethertype-1 First VMAN Ethertype. ETHERTYPE (first) First VMAN Ethertype value in hexadecimal code. core-ethertype-2 Second VMAN Ethertype. ETHERTYPE (second) Second VMAN Ethertype value in hexadecimal code. as shown in the example below. Example
OS9000> enable OS9000# configure terminal

April 2006

162

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Chapter 12:

OS9000(config)# vman core-ethertype-1 9100 core-ethertype-2 8c5a OS9000(config)#

6. [If only the default VMAN Ethertype (0x8100) is to be used, skip this step.] To each OS9000 port connected to the provider network, assign either of the two VMAN Ethertypes by invoking the command: port core-ethertype-1|core-ethertype-2 PORTS-GROUP where, port Port configuration. core-ethertype-1 First VMAN Ethertype value. core-ethertype-2 Second VMAN Ethertype value. PORTS-GROUP Group of ports. as shown in the example below.
OS9000(config)# port core-ethertype-1 1-3 OS9000(config)#

7. If required, assign the second VMAN Ethertype value to one or more other ports by invoking the command in step 6, above. 8. Set each access (provider edge) port of the OS9000 that is to participate in Q-inQ, using the following command: port tag-outbound-mode q-in-q PORTS-GROUP where, port Port configuration. tag-outbound-mode Mode for egress packets q-in-q Untagging of egress packets. (This setting is required for VMAN access ports.) PORTS-GROUP Group of Ports (If no port number is entered, all ports are displayed.) as shown in the example below.
OS9000(config)# port tag-outbound-mode q-in-q 5-8 OS9000(config)#

Viewing
To view VMAN configuration for a port: 1. Enter enable mode. 2. Invoke the command show vman as shown in the example below:
OS9000# show vman VMAN mode is enable Value of ethertype 1 is 0x8100 Value of ethertype 2 is 0x9100 Core ports with ethertype=1 (it is default ethertype): 1-2,4-7,9-24 Core ports with ethertype=2: 3,8 OS9000#

Example
The purpose of the example here is to show how VMANs, in general, can be configured. For simplicity, only three VMANs are configured, one for each customer. However, this number should be sufficient to indicate the scope of VMAN configuration. The configuration is performed in two stages:

Pre-configuration (Planning the VMANs) Configuration (Implementing the VMANs)

April 2006

163

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Chapter 12:

Pre-configuration (Planning the VMANs)

Figure 27, page 164, illustrates the pre-configuration plan for the VMANs. Assignments Ports 1, 2, and 3 are access ports belonging to customers 1, 2, and 3, respectively. Ports 7 and 8 are core ports. Port 1 packets are to be directed via port 7. Accordingly, ports 1 and 7 must belong to the same VLAN interface (tag). Let the VLAN interface be 91. Port 2 packets are required to be directed via port 7. Accordingly, ports 2 and 7 must belong to the same VLAN interface (tag). Let the VLAN interface be 92. Port 3 packets are required to be directed via port 8. Accordingly, ports 2 and 8 must belong to the same VLAN interface (tag). Let the VLAN interface be 93. Suppose that two different VMAN Ethertypes are to be used for the core ports. So let core port 8 have VMAN Ethertype 0x8100, and core port 9 have VMAN Ethertype 0x9100.

Figure 27: VMAN Mode Packet Data Path and Processing Packets from the access port 1 are forwarded to the core port 7. Here, each is pushed with the VMAN Ethertype 0x8100 and the VLAN tag 91 and forwarded on the provider network. Packets from the access port 2 are forwarded to the core port 7. Here, each is pushed with the VMAN Ethertype 0x8100 and the VLAN tag 92 and forwarded on the provider network. Packets from the access port 3 are forwarded to the core port 8. Here, each is pushed with the VMAN Ethertype 0x9100 and the VLAN tag 93 and forwarded on the provider network. Packets entering core port 7 from the provider network are checked. If the VMAN Ethertype is 0x8100 and VMAN tag 91, the packet is directed to access port 1. If the VMAN Ethertype is 0x8100 and VMAN tag 92, the packet is directed to access port 2. Otherwise, the packet is dropped. At ports 1 and 2, the VMAN Ethertype and VMAN tag are popped and the packet is forwarded to the network of customers 1 and 2, respectively.

April 2006

164

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Chapter 12:

Packets entering core port 8 from the provider network are checked. If the VMAN Ethertype is 0x9100 and VMAN tag 93, the packet is directed to access port 3. Otherwise, the packet is dropped. At port 3, the VMAN Ethertype and VMAN tag are popped and the packet is forwarded to the network of customer 3.

Configuration (Implementing the VMANs)

Below, is an example showing the user inputs (in bold) and OS9000 outputs on the CLI screen. The user inputs include:

Setting core ports 7 and 8 to tagged mode Specification of VLAN interface containing Ports 1 and 7 Specification of VLAN interface containing Ports 2 and 7 Specification of VLAN interface containing Ports 3 and 8 Enabling VMAN mode Setting Ethertype tags 0x8100 and 0x9100 Assignment of Ethertype tags 0x8100 and 0x9100 to core ports 7 and 8, respectively Setting access ports 1, 2, and 3 to q-in-q mode Displaying the VMAN configuration

MRV OptiSwitch 9000 version d1320-22-08-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# port tag-outbound-mode tagged 7,8 OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 1,7 OS9000(config-vif1)# tag 91 Interface is activated. OS9000(config-vif1)# exit OS9000(config)# OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 2,7 OS9000(config-vif2)# tag 92 Interface is activated. OS9000(config-vif2)# exit OS9000(config)# OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 3,8 OS9000(config-vif3)# tag 93 Interface is activated. OS9000(config-vif3)# exit OS9000(config)# OS9000(config)# vman-mode OS9000(config)# OS9000(config)# vman core-ethertype-1 8100 core-ethertype-2 9100 OS9000(config)# OS9000(config)# port core-ethertype-1 7 OS9000(config)# port core-ethertype-2 8 OS9000(config)# OS9000(config)# port tag-outbound-mode q-in-q 1-3 OS9000(config)# exit OS9000# OS9000# show vman VMAN mode is enable Value of ethertype 1 is 0x8100

April 2006

165

ML48261, Rev. 02 Service VLANs/VMANs /Stacked VLANs/Q-in-Q

Value of ethertype 2 is 0x9100 Core ports with ethertype=1 (it is default ethertype): 1-2,4-7,9-24 Core ports with ethertype=2: 3,8 OS9000#

Chapter 12:

April 2006

166

ML48261, Rev. 02 Port Trunking

Chapter 13:

Chapter 13:

Port Trunking
Definition
Port Trunking is the parallel interconnection of two or more ports to form a single logical communication channel whose bandwidth is the sum total of the bandwidths of the individual ports. Implementation is compliant to IEEE 802.3ad Link Aggregation standard.

Purpose
A Port Trunk between two switches increases traffic throughput capacity among stations connected to the ports that are members of the trunk. For example, the interconnection of eight full-duplex Gigabit ports of one OS9000 unit to eight full-duplex Gigabit ports of another OS9000 unit, serves as an 8-Gbps full-duplex Ethernet trunk.

Number
The maximum number of Port Trunks that can be configured is 7.

Principle of Operation
Frame Transfer
All source addresses received by any of the ports in a Port Trunk will be replicated to all the other ports of the Port Trunk for learning. Replication is done in round-robin fashion (in respect to the number of addresses) to all ports that have a link. A Port Trunk transmits all unknown, broadcast, and multicasts packets, including BPDUs (which are multicast frames), via one port only. Port Trunks transmit all known27 packets according to the learned addresses.

MSTP Action
All ports of a Port Trunk participate as one port in MSTP. A Port Trunk has a lower path cost than a single port. This is an important factor when designing a ring topology network in which the Root switch participates in MSTP. BPDUs in a Port Trunk participating in MSTP are sent by the member port that has the lowest number.

Rules
The following rules must be used when configuring a port trunk: Each Port Trunk must be formed with two or more ports. The maximum number of ports that can be included in a Port Trunk is 8. A Port Trunk may consist of fixed ports and pluggable (SFP) ports. A port that has been configured as an analyzer port cannot be a member of a Port Trunk. The two ends of a Port Trunk must be symmetric in regard to the number of ports at each end and the bandwidth of each port. The ports of a trunk must all be either MSTP enabled or disabled. A port may be a member of only one Port Trunk.
27

Packets whose Destination Address is in the Learn Table.

April 2005

167

ML48261, Rev. 02 Port Trunking

Chapter 13:

A trunk port may be connected only to a trunk port of another switch. One trunk port on one OS9000 may be connected to any one (and only one) trunk port on another OS9000. To be able to modify or delete a Port Trunk of an OS9000 participating in MSTP, all member ports that have an active link must first be disconnected.

Configuration
To configure a Port Trunk, 1. Enter configure terminal mode. 2. Create a port trunk by invoking the command: port trunk NAME PORTS-GROUP where, port Port action. trunk Trunking. NAME Trunk name. It must have the format tX, where X represents any number in the range 1-7. PORTS-GROUP Group of ports to be trunked. Any number of ports may be selected. as shown in the example below. Example
OS9000(config)# port trunk t6 4-7 OS9000(config)#

Viewing
To view a configured Port Trunk, 1. Enter the configure terminal mode. 2. Invoke the following command: show port trunk [INDEX] where, show Display. port Port action. trunk Trunking. [INDEX] (optional) ID of trunk. If no value is entered for this argument, all Port Trunks will be shown. as shown in the example below. Example
OS9000(config)# show port trunk 6 NAME PORTS LINKED-PORTS -----------------------------------------------------------t6 4-7 OS9000(config)#

Deletion
To delete a Port Trunk, 1. Enter the configure terminal mode. 2. Invoke the following command: no port trunk NAME where, no Negation.

April 2006

168

ML48261, Rev. 02 Port Trunking

Chapter 13:

port Port action. trunk Trunking. NAME Trunk name. It must have the format tX, where X represents any number in the range 1-7. as shown in the example below. Example
OS9000(config)# no port trunk t6 OS9000(config)#

April 2006

169

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 14:

Port Mirroring
Definition
Port mirroring is the replication of traffic received on one physical port (called the mirrored port) at another physical port (called the analyzer or probe port).

Purpose
Port mirroring provides for the connection of a network protocol analyzer to an analyzer port to identify the types of traffic passing through particular ports. The data thus obtained can be used for statistical analyses to determine how to improve network operation as well as for troubleshooting a network on a port-by-port basis.

Applicability
Port mirroring can be applied per-port to ingress, egress, or ingress & egress traffic.

Types of Ports
Three types of port can be set for port mirroring: Mirrored Ingress traffic port A port whose ingress traffic is mirrored to an analyzer port. Any number of ports can have their ingress traffic mirrored. Mirrored Egress traffic port A port whose egress traffic is mirrored to an analyzer port. Up to 8 ports can have their egress traffic mirrored. Analyzer port A port that receives ingress and/or egress traffic from mirrored ports. Two analyzer ports can be set; one for ingress traffic, the other for egress traffic.

Ingress Traffic Mirroring

The OS9000 can mirror ingress traffic received on one or more of its network ports. Each ingress packet is duplicated. One of the duplicate packets is sent towards its destination and the other to the ingress analyzer port. Mirroring is not performed on ingress traffic that does not pass MAC level checking. Accordingly, bad CRC packets, fragmented packets, etc. will not be mirrored. All ingress packets pass through the ingress control pipe in the OS9000. Some of these packets may be dropped or trapped to the CPU. Such packets are still forwarded to the analyzer port.

Egress Traffic Mirroring

OS9000 can mirror traffic transmitted on any one of its network ports. Up to eight ports can be mirrored on egress traffic. The egress mechanism is responsible for duplicating the packet. One of the duplicate packets is sent towards its destination and the other to the egress analyzer port. The packet is mirrored only after verifying that there is no egress filtering to be applied to it and that it is not to be dropped on the egress transmit queues due to congestion. To enable egress traffic mirroring, simply set all OS9000s in the network with the Port-ID and Device-ID of this port.

April 2005

170

ML48261, Rev. 02 Port Mirroring

Chapter 14:

Analyzer Port
Each OS9000 has two analyzer ports for mirroring; one for ingress traffic, the other for egress traffic. The ID of these ports can be set by the administrator. Different port analyzers can be connected to multiple OS9000s in a network. These port analyzers can run at any speed. Their speed is independent of the ingress and egress mirrored port(s) speed. In some MSTIs, the analyzer port may be over-subscribed if the aggregate bandwidth of the mirrored traffic exceeds the analyzer port link bandwidth. The congestion is handled in the same way as a regular transmit port congestion.

Rules for Mirroring

1. Only one port can be set as an analyzer port for ingress packets. 2. Only one port can be set as an analyzer port for egress packets. 3. Only one port can be set as an analyzer port for ingress & egress packets. This means that if an analyzer port is configured for ingress & egress packets, the configurations for analyzer ports for ingress and egress packets separately will be removed. 4. The analyzer port must be different from the mirrored ports. 5. Any number of ingress ports can be mirrored. 6. Up to eight egress ports can be mirrored. 7. The analyzer port must not be a trunk port. 8. The mirrored port and analyzer port may be of different bandwidth (e.g., 10 Mbps and 1000 Mbps) and/or different interface type (e.g., 100Base-TX and 100BaseFX). However, if the bandwidth of the analyzer port is smaller than that of the mirrored port, only part of the data traffic can be analyzed.

Usage
Ingress Traffic Mirroring
Configure To mirror ingress traffic entering one or more ports invoke the following command in the configure terminal mode: port mirror ingress PORTS-GROUP to <1-24> tagged|untagged where, port Mirroring as it applies to ports. mirror Mirroring utility. ingress Ingress packets. PORTS-GROUP Group of ports to be mirrored. Any number of ports may be selected. to To mirror port. <1-24> Range of mirror (analyzer) ports from which one is to be selected. tagged Analyzer port in tagged outbound mode. untagged Analyzer port in untagged outbound mode. as shown in the example below. Example
OS9000> enable OS9000# configure terminal OS9000(config)# port mirror ingress 3-8 to 2 tagged OS9000(config)#

April 2006

171

ML48261, Rev. 02 Port Mirroring

Chapter 14:

View To view which ports are configured to be mirrored and which port is the analyzer port, invoke the command show port mirror as shown in the example below. Example
OS9000(config)# show port mirror Ingress traffic is mirrored from ports 3-8 to analyzer port 2 (tagged) Mirroring is not defined for egress traffic OS9000(config)#

Egress Traffic Mirroring

Configure To mirror egress traffic exiting one or more ports invoke the following command in the configure terminal mode: port mirror egress PORTS-GROUP to <1-24> tagged|untagged where, port Mirroring as it applies to ports. mirror Mirroring utility. egress Egress packets. PORTS-GROUP Group of ports to be mirrored. Up to eight ports can be selected. to To mirror port. <1-24> Range of mirror (analyzer) ports from which one is to be selected. tagged Analyzer port in tagged outbound mode. untagged Analyzer port in untagged outbound mode. as shown in the example below. Example
OS9000> enable OS9000# configure terminal OS9000(config)# show port mirror Ingress traffic is mirrored from ports 3-8 to analyzer port 2 (tagged) Egress traffic is mirrored from ports 5-10 to analyzer port 20 (untagged) OS9000(config)#

View To view which ports are configured to be mirrored and which port is the analyzer port, invoke the command show port mirror as shown in the example below. Example
OS9000(config)# show port mirror Ingress traffic is mirrored from ports 3-8 to analyzer port 2 (tagged) Egress traffic is mirrored from ports 5-10 to analyzer port 20 (untagged) OS9000(config)#

Ingress & Egress Traffic Mirroring

Configure To mirror ingress & egress traffic entering/exiting one or more ports invoke the following command in the configure terminal mode: port mirror both PORTS-GROUP to <1-24> tagged|untagged where, port Mirroring as it applies to ports. mirror Mirroring utility. both Ingress & egress packets.

April 2006

172

ML48261, Rev. 02 Port Mirroring

Chapter 14:

PORTS-GROUP Group of ports to be mirrored. Up to eight ports can be selected. to To mirror port. <1-24> Range of mirror (analyzer) ports from which one is to be selected. tagged Analyzer port in tagged outbound mode. untagged Analyzer port in untagged outbound mode. as shown in the example below. Example
OS9000> enable OS9000# configure terminal OS9000(config)# port mirror both 3-5 to 22 tagged OS9000(config)#

View To view which ports are configured to be mirrored and which port is the analyzer port, invoke the command show port mirror as shown in the example below. Example
OS9000(config)# show port mirror Ingress traffic is mirrored from ports 3-5 to analyzer port 22 (tagged) Egress traffic is mirrored from ports 3-5 to analyzer port 22 (tagged) OS9000(config)#

April 2006

173

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 15:

Quality of Service (QoS)

Service Levels (SLs)
The user can set the OS9000 to give preferential treatment to each ingress packet by mapping (assigning) a DiffServ Service Level (SL) to the packet. SL = 8 has highest service priority. SL = 1 has lowest service priority.

SL Mapping
SL mapping can be performed according to one of the following criteria:

VPT

VPT [Layer 2] Port-of-Entry [Layer 2] DSCP [Layer 3]

For VPT, there are two maps:

Original VPT to SL Map SL to New VPT Map

Original VPT to SL Map Default If the user does not create a map of Original VPT to SL, the OS9000 uses the map in Table 9, page 174. Table 9: Default Map of Original VPT to SL and SL to New VPT Original VPT
0 1 2 3 4 5 6 7 1 2 3 4 5 6 7 8

SL
0 1 2 3 4 5 6 7

New VPT

Custom The user can change the default map of Original VPT to SL as follows: 1. Enter the configure terminal mode. 2. Invoke the following command: diffserv orig-vpt RANGE sl <1-8>|default where, diffserv Differentiated Services. orig-vpt VPT value of ingress packet. RANGE Range of VPT values to be mapped to an SL. Any one or more VPT values 0-7 can be selected.

April 2005

174

ML48261, Rev. 02 Quality of Service (QoS)

Chapter 15:

sl SL. <1-8> Range of SLs from which one is to be selected. default Default SL for the VPT value. (Table 9, page 174, shows the default SL for each VPT value.) To revoke the above command, invoke the command: no diffserv orig-vpt RANGE Example:
OS9000(config)# diffserv orig-vpt 0-3 sl 8 OS9000(config)# diffserv orig-vpt 4-7 sl 1

View To view the Original VPT to SL map, invoke the command do show diffserv. Example:
OS9000(config)# do show diffserv VPT Classification & Marking Table ================================== orig-vpt service-level mark-vpt ================================== 4-7 1 0 2 1 3 2 4 3 5 4 6 5 7 6 0-3 8 7 OS9000(config)#

SL to New VPT Map Default If the user does not create a map of SL to New VPT, the OS9000 uses the map in Table 9, page 174. Custom The user can change the default map of SL to New VPT as follows: 1. Enter the configure terminal mode. 2. Invoke the following command: diffserv sl <1-8>|all mark-vpt default|<0-7> where, diffserv Differentiated Services. sl SL. <1-8> Range of SLs from which one is to be selected for mapping to a VPT value. all All eight SLs. mark-vpt VPT value to be changed. default Default VPT value for the SL. (Table 9, page 174, shows the default VPT value for each SL.) <0-7> Range of VPT values from which one is to be selected. To revoke the above command, invoke the command: no diffserv sl <1-8>|all mark-vpt The values in the New VPT column can be changed again with the command action mark sl <1-8> vpt <0-7> under rule under access-list under configure terminal. Example:

April 2006

175

ML48261, Rev. 02 Quality of Service (QoS)

OS9000(config)# diffserv sl all mark-vpt 5 OS9000(config)#

Chapter 15:

View To view the SL to New VPT map, invoke the command do show diffserv. Example:
OS9000(config)# do show diffserv VPT Classification & Marking Table ================================== orig-vpt service-level mark-vpt ================================== 0 1 5 1 2 5 2 3 5 3 4 5 4 5 5 5 6 5 6 7 5 7 8 5 OS9000(config)#

Port-of-Entry to SL Mapping
1. Enter the configure terminal mode. 2. Invoke the following command: port sl <1-8> PORTS-GROUP|all where, port Port action. sl SL. <1-8> Range of SLs from which one is to be selected. PORTS-GROUP Group of ports to which the SL is to be assigned. all All ports Example
OS9000(config)# port sl 7 3-8 port 3 priority set to: 7 port 4 priority set to: 7 port 5 priority set to: 7 port 6 priority set to: 7 port 7 priority set to: 7 port 8 priority set to: 7 OS9000(config)#

DSCP
Original DSCP to SL Map The Original DSCP to SL map is used only for packets sent from the CPU. (SLs can be assigned to packets according to DSCPs, as described in Chapter 16: Access Lists (ACLs).) Default If the user does not create a map of Original DSCP to SL, the OS9000 uses the map in Table 10, page 177.

April 2006

176

ML48261, Rev. 02 Quality of Service (QoS)

Chapter 15:

Table 10: Default Map of Original DSCP to SL and SL to New DSCP Original DSCP
0-9,11-17,19,21,23-25,27,29,31-33,35,37,39-45,47-63 10 20,22 18 28,30 26 36,38 34,46

SL
1 2 3 4 5 6 7 8

New DSCP
12 10 20 18 28 26 36 34

Custom The user can change the default map of Original DSCP to SL as follows: 1. Enter the configure terminal mode. 2. Invoke the following command: diffserv orig-dscp RANGE sl <1-8>|default where, diffserv Differentiated Services. orig-dscp DSCP value of ingress packet. RANGE Range of DSCP values to be mapped to an SL. Any one or more DSCP values 0-63 can be selected. sl SL. <1-8> Range of SLs from which one is to be selected. default Default SL for the DSCP value. (Table 10, page 177, shows the default SL for each DSCP value.) To revoke the above command, invoke the command: no diffserv orig-dscp RANGE Example
OS9000(config)# diffserv orig-dscp 4-7,19 sl 3 OS9000(config)#

View To view the Original DSCP to SL map, invoke the command do show diffserv. Example
OS9000(config)# do show diffserv DSCP Marking Table ================== orig-dscp service-level mark-dscp ============================================================================ 0-3,8-9,11-17,20-25,27,29,31-33,35,37,39-45,47-63 1 12 10 2 10 4-7,19 3 20 18 4 18 28,30 5 28 26 6 26 36,38 7 36 34,46 8 34 DSCP to Service Level mapping is used only for packets sent from the CPU. Service Level to DSCP mapping is used for access-list's actions.

Notice that as a result of the mapping, DSCP values 20 and 22 that map to SL3 in the default map are transferred to SL1.

April 2006

177

ML48261, Rev. 02 Quality of Service (QoS)

Chapter 15:

SL to New DSCP Map The SL to New DSCP map is used only if the comand action mark sl under rule # under access-list is invoked for details, see Chapter 16: Access Lists (ACLs), page 179. Default If the user does not create a map of SL to New DSCP, the OS9000 uses the map in Table 10, page 177. Custom The user can change the default map of SL to New DSCP as follows: 1. Enter the configure terminal mode. 2. Invoke the following command: diffserv sl <1-8>|all mark-dscp <0-63>|default where, diffserv Differentiated Services. sl SL. <1-8> Range of SLs from which one is to be selected. all All eight SLs. mark-dscp New DSCP value(s) for ingress packet. <0-63> Range of DSCP values to be mapped to an SL. Any one of the DSCP values 0-63 can be selected. default Default DSCP value for the SL. (Table 10, page 177, shows the default DSCP value for each SL.) To revoke the above command, invoke the command: no diffserv sl <1-8>|all mark-dscp Example
OS9000(config)# diffserv sl 7 mark-dscp 0 OS9000(config)#

View To view the SL to New DSCP map, invoke the command do show diffserv. Example
OS9000(config)# do show diffserv DSCP Marking Table ================== orig-dscp service-level mark-dscp ============================================================================ 0-3,8-9,11-17,20-25,27,29,31-33,35,37,39-45,47-63 1 12 10 2 10 4-7,19 3 20 18 4 18 28,30 5 28 26 6 26 36,38 7 0 34,46 8 34 DSCP to Service Level mapping is used only for packets sent from the CPU. Service Level to DSCP mapping is used for access-list's actions.

April 2006

178

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Chapter 16:

Access Lists (ACLs)

This chapter presents two mechanisms for handling ingress and egress traffic:

Extended Access Lists Flow-based Access Lists

Extended Access Lists

Definition
An Access List (ACL) is a set of rules for handling ingress and egress traffic at each OS9000 port or VLAN interface. Each rule is a set of user-selectable criteria values and actions. The actions depend on whether one or more criteria values are met or violated. Examples of criteria are: protocol, Source IP address, Destination IP address, Source port, Destination port, Destination MAC address type (broadcast, multicast, unicast), ToS, etc. Examples of actions are: drop packet, forward packet, mirror packet to CPU, handle according to an Action List, etc.

Applicability
An ACL can be applied to one or more interfaces or to specific ports of interfaces. The advantage in applying one ACL to several interfaces/ports (sharing mode) materializes when the ACL needs to be modified. The ACL needs to be modified only once rather than several times, once for each interface/port.

Number
The maximum number of ACLs that can be configured is 64.

Creating/Accessing
To create or access an ACL: 1. Enter mode configure terminal 2. Invoke the command: access-list extended WORD where, WORD Name of the ACL (new or existing) as shown in the example below: Example:
OS9000> enable OS9000# configure terminal OS9000(config)# access-list extended ACL1 OS9000(config-access-list)#

The ACL named ACL1 becomes the instance (current) and the CLI enters ACL mode (as indicated by the prompt OS9000(config-access-list)#). If this ACL has just been created, it does not contain rules. To create, display, edit, move, and delete rules, refer to the section Configuring, page 180.

April 2005

179

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Configuring
General The following actions are involved in configuring an ACL: create rule, view rule, edit rule, move rule, and delete rule, and default, i.e., if no rule applies. Number of Rules The maximum number of rules that can be configured per ACL is 16. Order of Rules The order of rules can affect packet handling! For e.g., if one rule dictates dropping of a packet while the following rule dictates mirroring to the CPU, the packet will be dropped without mirroring. If the order of these two rules is reversed, the packet will be mirrored before it is dropped. Creating Rule An ACL rule for packet handling is created in two stages: Stage 1 Packet Classification Stage 2 Actions on Packet

Stage 1 Packet Classification Packet Classification is the selection of attributes of a packet according to which the packet is to be forwarded or dropped. Examples of these attributes are: protocol, Source IP address, Destination IP address, Source port, Destination port, etc. Following are the steps for classifying ingress packets: 1. Create or access an ACL as described in the section Creating/Accessing, page 179. 2. Create a rule index28 by invoking the following command: rule [RULE_NUM] where, [RULE_NUM] (optional) Index of rule. If this argument is not entered, the rule is indexed automatically, i.e., it gets a number that is a multiple of 10. This number is the smallest that is larger than the highest in the group of rules created for the ACL. On creation of the rule, the rule mode is entered as indicated by the prompt OS9000(config-rule)#. The rule just created does not contain packet classification (or actions). To include packet classification in the rule, continue with the steps below. 3. Select the protocol of the packets by invoking the command: protocol eq <0-255>|icmp|igmp|ip|ospf|tcp|udp where, eq Equal to <0-255> Range of IDs of protocols from which one can be selected. The protocols associated with these IDs can be obtained using the Internet link http://www.iana.org/assignments/protocol-numbers. icmp Internet Control Message Protocol (ID = 1) igmp Internet Gateway Message Protocol (ID = 2) ospf Open Shortest Path First routing protocol (ID = 89) tcp Transmission Control Protocol (ID = 6) udp User Datagram Protocol (ID = 17) 4. Select the source IP address of the packets by invoking the command: source-ip eq A.B.C.D/M|any
28

Index means assigned an ID.

April 2006

180

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

where, eq Equal to A.B.C.D./M is source prefix (IP address/mask) to be matched any is any prefix to match 5. Select the destination IP of the packets by invoking the command: dest-ip eq A.B.C.D/M|any where, eq Equal to A.B.C.D./M Destination prefix (IP address/mask) to be matched any Any prefix to match. 6. Select the TCP/UDP source port of the packets by invoking the command: source-port eq PORT_RANGE where, eq Equal to PORT_RANGE Port range. The valid range is 0 to 65535. The acceptable formats are: numeric for specifying one port, e.g., 327 numeric/mask for specifying several ports. The mask can have any value in the range 0-16. Example: 31897/16. 7. Select the TCP/UDP destination port(s) of the packets by invoking the command: dest-port eq PORT_RANGE where, eq Equal to PORT_RANGE Port range. The valid range is 0 to 65535. The acceptable formats are: a numeric for specifying one port, e.g., 25 numeric/mask for specifying several ports. The mask can have any value in the range 0-16. Example: 31897/16. 8. Select the Destination MAC address type of the packets by invoking the command: mac-da-type arp-broadcast|broadcast|multicast|unicast where, arp-broadcast ARP-broadcast destination MAC address broadcast Broadcast destination MAC address multicast Multicast destination MAC address unicast Unicast destination MAC address 9. Relate to whether Destination MAC address exists in the Learn Table by invoking the command: mac-lookup-results found|not-found where, found Destination MAC address exists in the Learn Table not-found Destination MAC address absent from the Learn Table 10. Relate to ToS by invoking the command: tos eq TOS_HEX_VALUE [MASK_HEX_VALUE] where, eq Equal to TOS_HEX_VALUE ToS value. Any hexadecimal number in the range 0x0 to 0xFF can be entered. [MASK_HEX_VALUE] Mask of ToS value. Any hexadecimal number in the range 0x0 to 0xFF can be entered. The mask is used to select several ToS values. The mask in binary format is compared to the ToS value in

April 2006

181

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

binary format. In the positions of the 0s of the mask, the ToS bits are permitted to be 0 or 1. For e.g., a ToS value 0x 9C ( = 10011100) and mask FD ( = 11101101) together are equivalent to the 22 ToS values: 10011100, 10001110, 10011110, 10001100. 11. Relate to VPT by invoking the command: vpt eq <0-7> where, eq Equal to <0-7> Range of VPT values. Any value between 0 and 7 can be entered. 12. If required, create additional rules by repeating steps 2 to 11 above for each rule. 13. To save the ACL in permanent memory, invoke the command write memory or write file. Stage 2 Actions on Packet Actions for a rule consist of selecting one or more actions (to be performed on a packet) conditional on the packet classification (Stage 1). Stage 2 may be performed immediately after completing Stage 1, above, while in rule mode. rule mode is indicated by the prompt OS9000(config-rule)#, and is applicable for the rule that is the instance (current). The SL value assigned in this stage (in any of actions Four to Seventeen, below) overrides the SL assigned as described in the section Custom Map, page 215. During Stage 2, an action (or Action List) that is the instance (current) can be deleted, by invoking the command: no action as shown in the example below:
OS9000(config-rule)# action mark sl 7 dscp 38 vpt 5 OS9000(config-rule)# show detail Rule index: 1 Action:mark sl 7, dscp 38 and vpt 5 ---------OS9000(config-rule)# no action OS9000(config-rule)# show detail Rule index: 1 Action: ---------OS9000(config-rule)#

To perform Stage 2 for any rule: 1. Enter rule mode for the specific rule. This may require performance of the following sequence of actions: entry into enable mode, entry into configure terminal mode, entry into access-list mode for the specific ACL (as described in the section Creating/Accessing, page 179), entry into rule mode for the specific rule (as described in step 2, page 180). 2. Select any one of the following actions: One: Forward/drop packets that meet the criteria of the rule by invoking the command: action deny|permit where, deny Deny (drop) packets that violate one or more criteria of the rule of the ACL. permit Permit (forward) packets that meet all the criteria of the rule of the ACL. Two: Trap/copy packets that meet the criteria of the rule to the CPU by invoking the command:

April 2006

182

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

action trap-to-cpu|mirror-to-cpu where, trap-to-cpu Trap packets that violate one or more criteria of the rule of the ACL to the CPU. mirror-to-cpu Copy packets that meet all the criteria of the rule of the ACL to the CPU. Three: Assign a specific Action List by invoking the command: action list NAME where, NAME Action List name. Four: Assign a specific Action List and mark packet with an SL value by invoking the command: action list NAME mark sl <1-8> where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) Five: Assign a specific Action List and mark packet with an SL and DSCP value by invoking the command: action list NAME mark sl <1-8> dscp <0-63> where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. <0-63> Range of DSCP values from which one can be selected. (If a DSCP value already exists, it is overwritten.) Six: Assign a specific Action List and mark packet with an SL, DSCP, and VPT value by invoking the command: action list NAME mark sl <1-8> dscp <0-63> vpt <0-7> where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. <0-63> Range of DSCP values from which one can be selected. (If a DSCP value already exists, it is overwritten.) vpt VPT. <0-7> Range of VPT values from which one can be selected. (If a VPT value already exists, it is overwritten.) Seven: Assign a specific Action List and mark packet with an SL value but DSCP value according to the SL-to-DSCP map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> dscp by-diffserv-mapping

April 2006

183

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. by-diffserv-mapping DSCP values from which one can be selected according to the SL-to-DSCP map. If a DSCP value already exists, it is overwritten. Eight: Assign a specific Action List and mark packet with an SL value but mark DSCP value according to the SL-to-DSCP map and VPT value according to the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> dscp by-diffserv-mapping vpt by-diffserv-mapping where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. (If a DSCP value already exists, it is overwritten.) vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. (If a VPT value already exists, it is overwritten.) Nine: Assign a specific Action List and mark packet with an SL value and a VPT value by invoking the command: action list NAME mark sl <1-8> vpt <0-7> where, NAME Action List name. mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) vpt VPT. <0-7> Range of VPT values from which one can be selected. (If a VPT value already exists, it is overwritten.) Ten: Assign a specific Action List and mark packet with an SL value and a VPT value using the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> vpt by-diffserv-mapping where, NAME Action List name. mark Marking. sl SL.

April 2006

184

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

<1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) vpt VPT. by-diffserv-mapping VPT values from which one can be selected using the SL to VPT map. (If a VPT value already exists, it is overwritten.) Eleven: Mark packet with an SL value by invoking the command: action mark sl <1-8> where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) Twelve: Mark packet with an SL and DSCP value by invoking the command: action mark sl <1-8> dscp <0-63> where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. If an SL value already exists, it is overwritten. dscp DSCP. <0-63> Range of DSCP values from which one can be selected. (If a DSCP value already exists, it is overwritten.) Thirteen: Mark packet with an SL, DSCP, and VPT value by invoking the command: action mark sl <1-8> dscp <0-63> vpt <0-7> where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp is a keywork signifying DSCP. <0-63> DSCP values from which one can be selected. (If a DSCP value already exists, it is overwritten.) vpt is a keywork signifying VPT. <0-7> Range of VPT values from which one can be selected. If a VPT value already exists, it is overwritten. Fourteen: Mark packet with an SL value but DSCP value according to the SL-toDSCP map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> dscp by-diffserv-mapping where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. (If a DSCP value already exists, it is overwritten.)

April 2006

185

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Fifteen: Mark packet with an SL value but mark DSCP value according to the SLto-DSCP map and VPT value according to the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> dscp by-diffserv-mapping vpt bydiffserv-mapping where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. (If a DSCP value already exists, it is overwritten.) vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. (If a VPT value already exists, it is overwritten.) Sixteen: Mark packet with an SL and VPT value by invoking the command: action mark sl <1-8> vpt <0-7> where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) vpt VPT. <0-7> Range of VPT values from which one can be selected. (If a VPT value already exists, it is overwritten.) Seventeen: Mark packet with an SL value but VPT value according to the SL-toVPT map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> vpt by-diffserv-mapping where, mark Marking. sl SL. <1-8> Range of SL values from which one can be selected. (If an SL value already exists, it is overwritten.) vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. (This map can be displayed using the command do show diffserv. If a VPT value already exists, it is overwritten.) 3. To save the configured actions in permanent memory, invoke the command write memory or write file. Viewing Rule To view a specific rule of an ACL: 1. Enter configure terminal mode. 2. Enter the mode of the ACL whose rule(s) is/are to be viewed by invoking the command: access-list extended WORD where,

April 2006

186

ML48261, Rev. 02 Access Lists (ACLs) WORD Name of the ACL 3. Invoke the command: show rule RULE_NUM where, [RULE_NUM] Index of rule. as shown in the example below: Example:
OS9000# configure terminal OS9000(config)# access-list extended ACL1 OS9000(config-access-list)# show rule 10 Rule index: 10 Action:deny Source ip:32.32.32.32/32 ---------OS9000(config-access-list)#

Chapter 16:

To view all rules of an ACL: 1. Enter configure terminal mode. 2. Enter the mode of the ACL whose rule(s) is to be viewed by invoking the command: access-list extended WORD where, WORD Name of the ACL 3. Invoke the command: show as shown in the example below: Example:
OS9000# configure terminal OS9000(config)# access-list extended ACL1 OS9000(config-access-list)# show Access List Extended ACL1 ========================= state: NOT ACTIVE ---------Rule index: 10 Action:deny Source ip:32.32.32.32/32 ---------Rule index: 20 Action:permit Destination ip:31.31.31.0/24 ---------Rule index: 30 Action:action-list ACN1 with mark sl 7 ---------Rule index: 40 Action:action-list ACN1 Protocol:icmp ---------default policy: deny all OS9000(config-access-list)#

Editing Rule To edit an existing or new rule, 1. Invoke the command:

April 2006

187

ML48261, Rev. 02 Access Lists (ACLs) rule RULE_NUM as shown in the example below: Example:
OS9000(config)# access-list extended Sales OS9000(config-access-list)# OS9000(config-access-list)# rule 2 OS9000(config-rule)#

Chapter 16:

2. Invoke any one or more of the following commands: action, dest-ip, dest-ports, protocol, source-ip, sourceport Moving Rule To move a rule, invoke the command: rule RULE_NUM move NEW_RULE_NUM where, RULE_NUM Index of the rule to be moved NEW_RULE_NUM New index to be assigned to the rule. The rule is moved to a position so that the indexes of all the rules are in ascending order from top to bottom. as shown in the example below: Example:
OS9000(config-access-list)# OS9000(config-access-list)# rule 3 move 1 OS9000(config-access-list)#

Deleting Rule To delete a specific rule: 1. Enter the access-list mode of the ACL. 2. Invoke the command: no rule RULE_NUM where, RULE_NUM Index of the rule. as shown in the example below: Example:
OS9000(config-access-list)# OS9000(config-access-list)# no rule 2 OS9000(config-access-list)#

To delete all rules of an ACL: 1. Enter the access-list mode of the ACL. 2. Invoke the command: flush as shown in the example below: Example:
OS9000(config)# access-list extended ACL1 OS9000(config-access-list)# flush OS9000(config-access-list)#

Default It is possible that no rule will apply to certain packet types. Such packets, by default, are dropped. To enable forwarding (or dropping) of all such packets:

April 2006

188

ML48261, Rev. 02 Access Lists (ACLs) 1. Enter the access-list mode of the ACL. 2. Invoke the command: default policy permit|deny where, permit Permit forwarding of a packet if no rule applies. Deny Drop (deny forwarding of) a packet if no rule applies. as shown in the example below: Example:
OS9000(config-access-list)# default policy permit OS9000(config-access-list)#

Chapter 16:

Viewing Configured ACLs can be viewed from any of the following modes: enable mode access-list mode Only the current ACL can be displayed from this mode. To display the ACL, invoke the command: show [detail] where, detail (optional) Information in detail. The command without this argument displays abbreviations used by the OS9000 in displaying rule actions. as shown in the example below: Example:
OS9000(config-access-list)# show Access List Extended ACL2 ========================= state: NOT ACTIVE ---------default policy: deny all OS9000(config-access-list)#

access-list mode

enable mode Any one or more ACLs can be displayed from this mode. show access-list [NAME|configuration] where, NAME (optional) Name of an existing ACL. The command displays a specific ACL if the ACL name is typed in place of this argument. The command without this argument displays all the ACLs in memory. configuration ACLs in run-time memory. as shown in the example below: Example:
OS9000# show access-list ACL2 Access List Extended ACL2 ========================= state: NOT ACTIVE ---------default policy: deny all OS9000#

April 2006

189

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Comment Adding
A user comment on an ACL can be entered with the ACL as follows: 1. Enter the access-list mode of the ACL 2. Invoke the command: remark LINE where, LINE Comment on the current ACL. as shown in the example below: Example:
OS9000> enable OS9000# configure terminal OS9000(config)# access-list extended ACL1 OS9000(config-access-list)# remark This ACL is to be used for the Sales Dept. OS9000(config-access-list)# show Access List Extended ACL2 ========================= This ACL is to be used for the Sales Dept. state: NOT ACTIVE ---------default policy: deny all OS9000(config-access-list)#

Binding
Up to two ACLs can be bound to an interface, one ACL to one group of ports of the interface and the other ACL to another group, provided the two groups have no port in common. To bind an existing ACL to an interface: 1. Invoke the command: interface vlan IFNAME where, IFNAME ID of the interface, e.g., vif1, vif2, etc. 2. Invoke the command: access-group WORD PORTS-GROUP where, WORD Name of the ACL. PORTS-GROUP Ports to which the ACL is to be applied. as shown in the example below: Example:
OS9000(config)# interface vlan vif200 OS9000(config-vif200)# access-group ACL1 3-8 OS9000(config-vif200)#

Unbinding
To unbind an existing ACL from an interface: 1. Invoke the command: interface vlan IFNAME where, IFNAME ID of the interface, e.g., vif1, vif2, etc. 2. Invoke the command: no access-group WORD PORTS-GROUP April 2006 190

ML48261, Rev. 02 Access Lists (ACLs) where, WORD Name of the ACL. PORTS-GROUP Ports to which the ACL is to be applied. as shown in the example below: Example:
OS9000(config-vif2005)# no access-group Zorro 3 OS9000(config-vif2005)#

Chapter 16:

Deleting
To delete an ACL: 1. Unbind the ACL from each interface to which it has been bound as described in the section Unbinding, page 190. 2. Enter configure terminal mode. 3. Invoke the command: no access-list WORD where, WORD Name of the ACL as shown in the example below: Example:
OS9000(config)# no access-list ACL1 Access List ACL1 was deleted. OS9000(config)#

Example
Below, is configuration example showing the user inputs (in bold) and OS9000 outputs on the CLI screen. The user inputs include:

ACL creation Adding a comment (remark) on the ACL Creation of rules. Each rule consists of a criterion (condition) and the action for the criterion. Creation of an interface to which the ACL is to be applied Activation of the ACL using the command access-group ACL1 ACL status display Interface status display

OS9000> enable OS9000# configure terminal OS9000(config)# access-list extended ACL1 OS9000(config-access-list)# remark This ACL is for Sales Dept. OS9000(config-access-list)# rule 1 OS9000(config-rule)# source-ip eq 10.10.10.10/32 OS9000(config-rule)# action permit OS9000(config-rule)# exit OS9000(config-access-list)# rule OS9000(config-rule)# source-ip eq 4.4.4.4/32 OS9000(config-rule)# action mirror-to-cpu OS9000(config-rule)# exit OS9000(config-access-list)# rule

April 2006

191

ML48261, Rev. 02 Access Lists (ACLs)

OS9000(config-rule)# source-ip eq 1.1.1.1/32 OS9000(config-rule)# action mark sl 7 OS9000(config-rule)# exit OS9000(config-access-list)# exit OS9000(config)# interface vlan vif2005 OS9000(config-vif2005)# ports 3-8 OS9000(config-vif2005)# tag 100 Interface is activated. OS9000(config-vif2005)# ip 193.88.88.234/24 OS9000(config-vif2005)# access-group ACL1 OS9000(config-vif2005)# OS9000(config-vif2005)# show access-group Access List ACL1 is activated on inteface vif2005 OS9000(config-vif2005)# show detail vif2005 is DOWN (No state changes have occurred) Active: Yes Ports: 3-8 Interface type is Vlan Encapsulation: 802.1Q, Tag 100 MAC address is 00:0F:BD:02:05:B8 IP address is 193.88.88.234/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is active: ACL1 Ports: all OS9000(config-vif2005)#

Chapter 16:

April 2006

192

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Flow-based Access-Lists
General
Flow-based ACLs (Flow-ACLs) provide per-flow actions and enhanced classification scalability. A Flow-ACL uses a mechanism which associates frames with flow entry based on selected criteria. The "matching" flow entry contains information about the particular handling and processing of frames, which match the flow. For example, frames matching a flow entry may be dropped, trapped to the CPU, or assigned a Class of Service. They may undergo re-marking and, optionally, be assigned to a Traffic Conditioner, which is responsible for metering (single or dual rate) and accounting. Flow-ACLs are different from Extended ACLs in the following respects: 1. No limitation on the number of rules per flow access-list. 2. Classification fields must match the flow template. 3. No default rule per access-list (see global flow default rule) 4. Currently limited classification fields. 5. No sharing Flow-ACLs can be applied only on a single interface/port. On the other hand, TC (Traffic Conditioner) actions can be shared between ACLs whether extended or flow-based. 6. Option to classify according to frame tag useful for VMAN mode. Each Flow-ACL uses a flow template. The flow template defines which frame fields will be used for classification. Currently there are 4 options: 1. Frame tag. 2. Frame VPT. 3. Both Frame tag & VPT. 4. None of the above, i.e., every frame that is received on the interface/ports matches. Multiple Flow entries may be assigned to the same Traffic Conditioner (TC), which operates on the aggregate of flows directed to it.

Configuring
General A Flow-ACL is configured in the following stages:

Flow template selection Flow default policy ACL creation Binding an ACL to an interface/ports

Flow Template Selection To select a flow template, do the following: 1. Enter configure terminal mode. 2. Invoke the command boot to enter boot mode. 3. Select a flow template by invoking the command: acl-flow-template none|tag|vpt|tag-vpt where, none No field classification, i.e., every ingress frame (default) tag IEEE 802.1Q VLAN tag vpt VLAN Priority tag-vpt IEEE 802.1Q VLAN tag & VLAN Priority

April 2006

193

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

To select the default template, i.e., the value none in the above command, invoke the command: default acl-flow-template 4. To save the selected flow template in permanent memory, invoke the command write file or write memory. 5. To enable the Flow Template to become effective, invoke the command reboot or reboot-force. Flow Default Policy The policy for handling frame types for which no rule applies is global. That is, all such frames are dropped or all forwarded for all Flow-ACLs. In other words, it is not possible to drop such frames for one Flow-ACL and forward such frames for another Flow-ACL. Such frames, by default, are dropped. To enable forwarding (or dropping) of all such frames: 1. Enter configure terminal mode. 2. Invoke the command: access-list flow-default-policy deny|permit where, deny Drop (deny forwarding of) a frame if no rule applies. permit Permit forwarding of a frame if no rule applies. as shown in the example below: Example:
OS9000# configure terminal OS9000(config)# access-list flow-default-policy permit OS9000(config)#

To revert to the default global policy (i.e., to deny), invoke the command: default access-list flow-default-policy as shown in the example below: Example: OS9000(config)# default access-list flow-default-policy OS9000(config)# Creating/Accessing To create or access a Flow-ACL: 1. Enter mode configure terminal 2. Invoke the command: access-list flow WORD where, WORD Name of the Flow-ACL (new or existing) as shown in the example below: Example: OS9000# configure terminal OS9000(config)# access-list flow F-ACL1 OS9000(config-access-list)# The Flow-ACL named F-ACL1 becomes the instance (current) and the CLI enters FlowACL mode (as indicated by the prompt OS9000(config-access-list)#). If this Flow-ACL has just been created, it does not contain rules. To create, view, edit, move, and delete rules, refer to the section Configuring, page 193.

April 2006

194

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

Rules Creation To create Flow-ACL rules (for actions to be performed), do the following: 1. Create or access a Flow-ACL as described in the section Creating/Accessing, page 194. 2. Create one or more rules for the Flow-ACL as follows: a. Create a rule index29 by invoking the following command: rule [RULE_NUM] where, [RULE_NUM] Index of rule. If this optional argument is not entered, the rule is indexed automatically, i.e., it gets a number that is a multiple of 10. This number is the smallest that is larger than the highest in the group of rules created for the ACL. On creation of the rule, the rule mode is entered as indicated by the prompt OS9000(config-rule)#. b. Assign a tag, vpt, or tag & vpt value depending on the flow template selected in step 3 above, by invoking the command: tag eq <1-4095> and/or vpt eq <0-7> where, <1-4095> is the range of IEEE 802.1Q VLAN tags from which one is to be selected <0-7> is the range of VLAN Priority tags from which one is to be selected c. Select any one of the following actions noting the following: One: Forward/drop frames that match all field values specified in the rule by invoking the command: action deny|permit where, deny Deny (drop) frames that match all field values specified in the rule of the Flow-ACL. permit Permit (forward) frames that meet all the criteria of the rule of the Flow-ACL. Two: Trap/copy frames that meet the criteria of the rule to the CPU by invoking the command: action trap-to-cpu|mirror-to-cpu where, trap-to-cpu Trap frames that meet all the criteria of the rule of the Flow-ACL to the CPU. mirror-to-cpu Copy frames that meet all the criteria of the rule of the Flow-ACL to the CPU. Three: Assign a specific Action List by invoking the command: action list NAME where, NAME Action List name. Four: Assign a specific Action List and set frames internal Service Level (SL) by invoking the command: action list NAME mark sl <1-8> where, NAME Action List name.
29

Index means an assigned ID.

April 2006

195

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16: mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected.

Five: Assign a specific Action List and mark frame with an SL and DSCP value by invoking the command: action list NAME mark sl <1-8> dscp <0-63> where, NAME Action List name. mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. <0-63> Range of DSCP values from which one can be selected. Six: Assign a specific Action List and mark frame with an SL, DSCP, and VPT value by invoking the command: action list NAME mark sl <1-8> dscp <0-63> vpt <0-7> where, NAME Action List name. mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. <0-63> Range of DSCP values from which one can be selected. vpt VPT. <0-7> Range of VPT values from which one can be selected. Seven: Assign a specific Action List and mark frame with an SL value but DSCP value according to the SL-to-DSCP map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> dscp by-diffservmapping where, NAME Action List name. mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. by-diffserv-mapping DSCP values from which one can be selected according to the SL-to-DSCP map. If a DSCP value already exists, it is overwritten. Eight: Assign a specific Action List to a Flow-ACL rule and mark frame with an SL value but mark DSCP value according to the SL-to-DSCP map and VPT value according to the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> dscp by-diffservmapping vpt by-diffserv-mapping where, NAME Action List name. mark Marking.

April 2006

196

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. Nine: Assign a specific Action List and mark frame with a specific SL value and VPT value by invoking the command: action list NAME mark sl <1-8> vpt <0-7> where, NAME Action List name. mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. vpt VPT. <0-7> Range of VPT values from which one can be selected. Ten: Assign a specific Action List and mark frame with an SL value and a VPT value using the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action list NAME mark sl <1-8> vpt by-diffservmapping where, NAME Action List name. mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. vpt VPT. by-diffserv-mapping VPT value according to SL-to-VPT map. Eleven: Assign Service Level to frame by invoking the command: action mark sl <1-8> where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. Twelve: Assign Service Level to frame and mark DSCP value by invoking the command: action mark sl <1-8> dscp <0-63> where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. If an SL value already exists, it is overwritten. dscp DSCP. <0-63> Range of DSCP values from which one can be selected. Thirteen: Mark frame with an SL, DSCP, and VPT value by invoking the command:

April 2006

197

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

action mark sl <1-8> dscp <0-63> vpt <0-7> where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp is a keywork signifying DSCP. <0-63> DSCP values from which one can be selected. vpt is a keywork signifying VPT. <0-7> Range of VPT values from which one can be selected. If a VPT value already exists, it is overwritten. Fourteen: Mark frame with an SL value but DSCP value according to the SL-toDSCP map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> dscp by-diffserv-mapping where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. Fifteen: Mark frame with an SL value but mark DSCP value according to the SL-toDSCP map and VPT value according to the SL-to-VPT map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> dscp by-diffserv-mapping vpt by-diffserv-mapping where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. dscp DSCP. by-diffserv-mapping Range of DSCP values from which one can be selected using the SL to DSCP map. vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. Sixteen: Mark frame with an SL and VPT value by invoking the command: action mark sl <1-8> vpt <0-7> where, mark Marking. sl Service Level (SL). <1-8> Range of SL values from which one can be selected. vpt VPT. <0-7> Range of VPT values from which one can be selected. Seventeen: Mark frame with an SL value but VPT value according to the SL-toVPT map (displayable using the command do show diffserv) by invoking the command: action mark sl <1-8> vpt by-diffserv-mapping where, mark Marking.

April 2006

198

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16: sl Service Level (SL). <1-8> Range of SL values from which one can be selected. vpt VPT. by-diffserv-mapping Range of VPT values from which one can be selected using the SL to VPT map. (This map can be displayed using the command do show diffserv. If a VPT value already exists, it is overwritten.) Note An action (or Action List) that is the instance (current) can be deleted, by invoking the command: no action

d. If required, create additional rules by first exiting the mode of the current rule and repeating steps a, b, and c, above. 3. To save the configured Flow-ACL in permanent memory, invoke the command write memory or write file. Viewing Rule To view a specific rule of a Flow-ACL: 1. Enter configure terminal mode. 2. Enter the mode of the Flow-ACL whose rule(s) is/are to be viewed by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL (new or existing) 3. Invoke the command: show rule RULE_NUM where, [RULE_NUM] Index of rule. as shown in the example below: Example:
OS9000# configure terminal OS9000(config)# access-list flow F-ACL1 OS9000(config-access-list)# show rule 35 Rule index: 35 Action:mark sl 7 by-diffserv-mapping vpt(6) VPT value: 5 ---------OS9000(config-access-list)#

To view all rules of a Flow-ACL, invoke the command: Enter configure terminal mode. 1. Enter the mode of the ACL whose rule(s) is to be viewed by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL 2. Invoke the command: show as shown in the example below: Example:
OS9000# configure terminal

April 2006

199

ML48261, Rev. 02 Access Lists (ACLs)

OS9000(config)# access-list flow F-ACL1 OS9000(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 35 Action:mark sl 7 by-diffserv-mapping vpt(6) VPT value: 5 ---------Rule index: 40 Action:mirror to cpu Tag value: 207 ---------OS9000(config-access-list)#

Chapter 16:

Editing Rule To edit a rule, 1. Enter the mode of the Flow-ACL whose rule is to be edited by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL 2. Invoke the command: rule RULE_NUM as shown in the example below: Example:
OS9000(config)# access-list flow F-ACL1 OS9000(config-access-list)# rule 10 OS9000(config-rule)# show Rule index: 10 Action:permit Tag value: 378 ---------OS9000(config-rule)# action deny OS9000(config-rule)# show Rule index: 10 Action:deny Tag value: 378 ---------OS9000(config-rule)#

3. Invoke any one or more of the following commands: action, tag, vpt Moving Rule To move a rule, 1. Enter the mode of the Flow-ACL whose rule is to be moved by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL 2. Invoke the command: rule RULE_NUM move NEW_RULE_NUM where,

April 2006

200

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

RULE_NUM Index of the rule to be moved NEW_RULE_NUM New index to be assigned to the rule. The rule is moved to a position so that the indexes of all the rules are in ascending order from top to bottom. as shown in the example below: Example:
OS9000(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 10 Action:permit VPT value: 5 ---------Rule index: 20 Action:mirror to cpu Tag value: 1207 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ----------

OS9000(config-access-list)# rule 10 move 25 OS9000(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 20 Action:mirror to cpu Tag value: 1207 ---------Rule index: 25 Action:permit VPT value: 5 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ---------OS9000(config-access-list)#

Deleting Rule To delete a specific rule: 1. Enter the mode of the Flow-ACL whose rule is to be deleted by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL 2. Invoke the command: no rule RULE_NUM where, RULE_NUM Index of the rule.

April 2006

201

ML48261, Rev. 02 Access Lists (ACLs) as shown in the example below: Example:
OS9000(config)# access-list flow F-ACL1 OS9000(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 20 Action:mirror to cpu Tag value: 1207 ---------Rule index: 25 Action:permit VPT value: 5 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ---------Rule index: 40 Action:trap to cpu Tag value: 382 ---------OS9000(config-access-list)# no rule 20 OS9000(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 25 Action:permit VPT value: 5 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ---------Rule index: 40 Action:trap to cpu Tag value: 382 ---------OS9000(config-access-list)#

Chapter 16:

To delete all rules of an ACL: 1. Enter the mode of the Flow-ACL whose rules are to be deleted by invoking the command: access-list flow WORD where, WORD Name of the Flow-ACL 2. Invoke the command: flush as shown in the example below: Example:
OS9000(config-access-list)# show

April 2006

202

ML48261, Rev. 02 Access Lists (ACLs)

Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 25 Action:permit VPT value: 5 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ---------Rule index: 40 Action:trap to cpu Tag value: 382 ---------OS9000(config-access-list)# flush OS9000(config-access-list)# show Access List Extended F-ACL1 =========================== state: NOT ACTIVE ---------default policy: deny all OS9000(config-access-list)#

Chapter 16:

Viewing
Configured Flow-ACLs can be viewed from any of the following modes:

access-list mode enable mode

access-list mode Only the current ACL can be displayed from this mode. To display the ACL, invoke the command: show as shown in the example below: Example:
OS9000(config)# access-list flow F-ACL2 OS9000(config-access-list)# show Access List Flow F-ACL2 =========================== state: NOT ACTIVE ---------Rule index: 10 Action:deny Tag value: 28 ---------Rule index: 20 Action:permit Tag value: 29 ---------Rule index: 30 Action:mark sl 4 and vpt 3 Tag value: 30 ---------OS9000(config-access-list)#

April 2006

203

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

enable mode Any one or more ACLs (Flow-ACLs or Extended-ACLs) can be displayed from this mode. In this mode, the current flow template and default rule also are displayed. show access-list [NAME|configuration] where, NAME Name of an existing ACL. The command displays a specific ACL if the ACL name is typed in place of the optional argument NAME. The command without the optional argument NAME displays all the ACLs. configuration ACLs in running-config format. as shown in the example below: Example:
OS9000# show access-list F-ACL1 Access List Flow Template classification fields: Tag & VPT Access List Flow default policy: Deny Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 10 Action:deny Tag value: 378 ---------Rule index: 20 Action:mirror to cpu Tag value: 1207 ---------Rule index: 25 Action:permit VPT value: 5 ---------Rule index: 30 Action:mark sl 3 and vpt 4 VPT value: 7 ---------OS9000#

Comment Adding
A user comment on an ACL can be added as follows: 1. Enter the access-list mode of the ACL. 2. Invoke the command: remark LINE where, LINE Comment on the current ACL. as shown in the example below: Example:
OS9000> enable OS9000# configure terminal OS9024F(config)# access-list flow F-ACL2 OS9024F(config-access-list)# remark This ACL is to be used for the Sales Dept. OS9024F(config-access-list)# show Access List Flow F-ACL2 =========================== This ACL is to be used for the Sales Dept.

April 2006

204

ML48261, Rev. 02 Access Lists (ACLs)

state: NOT ACTIVE ---------Rule index: 10 Action:deny Tag value: 28 ---------Rule index: 20 Action:permit Tag value: 29 ---------Rule index: 30 Action:mark sl 4 and vpt 3 Tag value: 30 ---------OS9024F(config-access-list)#

Chapter 16:

Binding
Up to two ACLs (Flow-ACLs and/or Extended-ACLs) can be bound to a VLAN interface, one ACL to one group of ports of the VLAN interface and the other ACL to another group, provided the two groups have no port in common. To bind an existing Flow-ACL to a VLAN interface: 1. Invoke the command: interface vlan IFNAME where, IFNAME ID of the interface, e.g., vif1, vif2, etc. 2. Invoke the command: access-group WORD PORTS-GROUP where, WORD Name of the Flow-ACL. PORTS-GROUP Ports to which the Flow-ACL is to be applied. (If no port is specified, the ACL is bound to all ports of the interface.) as shown in the example below: Example:
OS9000(config)# interface vlan vif200 OS9000(config-vif200)# access-group ACL1 3-8 OS9000(config-vif200)#

Unbinding
To unbind an existing Flow-ACL from a VLAN interface: 1. Invoke the command: interface vlan IFNAME where, IFNAME ID of the interface, e.g., vif1, vif2, etc. 2. Invoke the command: no access-group WORD [PORTS-GROUP] where, WORD Name of the ACL. PORTS-GROUP Ports to which the ACL is to be applied. as shown in the example below: Example:
OS9024F# configure terminal OS9024F(config)# interface vlan vif7

April 2006

205

ML48261, Rev. 02 Access Lists (ACLs)

OS9024F(config-vif7)# no access-group F-ACL1 2,3 OS9024F(config-vif7)#

Chapter 16:

Deleting
To delete a Flow-ACL: 1. Unbind the Flow-ACL from the VLAN interface to which it has been bound as described in the section Unbinding, page 190. 2. Enter configure terminal mode. 3. Invoke the command: no access-list WORD where, WORD Name of the Flow-ACL as shown in the example below: Example:
OS9024F# configure terminal OS9024F(config)# no access-list F-ACL1 Access List F-ACL1 was deleted. OS9024F(config)#

Example
The following example details a typical procedure for configuring a flow ACL.
----------------------------Selection of Flow Template----------------------------OS9024F(config)# boot OS9024F(config-boot)# acl-flow-template ? none No Classification fields tag Vlan identifier is used as classification field tag-vpt Both Vlan identifier & User Priority are used as classification fields vpt Vlan User Priority is used as classification field OS9024F(config-boot)# acl-flow-template tag-vpt --------------------Saving the Flow Template in permanent memory------------------OS9024F(config-boot)# write file Building Configuration... [OK] OS9024F(config-boot)# exit OS9024F(config)# exit -------------Rebooting to enable the Flow Template to become effective------------OS9024F# reboot-force . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MRV OptiSwitch 9024 version OS9024F login: admin Password: ********** OS9024F> enable

. . . . . . . . . . . . . . . . . . d0733-08-01-06

------------------------------Viewing the Flow Template---------------------------OS9024F# show access-list Access List Flow Template classification fields: Tag & VPT Access List Flow default policy: Deny

April 2006

206

ML48261, Rev. 02 Access Lists (ACLs)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS9024F# configure terminal

Chapter 16:

----------------------------Configuring a Flow Access List------------------------OS9024F(config)# access-list flow ? WORD Access-list name OS9024F(config)# access-list flow F-ACL1 OS9024F(config-access-list)# rule 10 OS9024F(config-rule)# tag eq ? <1-4095> Tag value OS9024F(config-rule)# tag eq 28 OS9024F(config-rule)# vpt eq ? <0-7> Tag User Priority value OS9024F(config-rule)# vpt eq 4 OS9024F(config-rule)# action trap-to-cpu OS9024F(config-rule)# show Rule index: 10 Action:trap to cpu VPT value: 4 Tag value: 28 ---------OS9024F(config-rule)# exit OS9024F(config-access-list)# OS9024F(config-rule)# tag eq OS9024F(config-rule)# vpt eq OS9024F(config-rule)# action <1-8> Sevice-level value OS9024F(config-rule)# action <cr> dscp Specify dscp value vpt Specify vpt value | Output modifiers OS9024F(config-rule)# action OS9024F(config-rule)# exit rule 20 29 5 mark sl ? mark sl 8 ?

mark sl 8

----------------------------Viewing the Flow Access List--------------------------OS9024F(config-access-list)# show Access List Flow F-ACL1 =========================== state: NOT ACTIVE ---------Rule index: 10 Action:trap to cpu VPT value: 4 Tag value: 28 ---------Rule index: 20 Action:mark sl 8 VPT value: 5 Tag value: 29 ---------OS9024F(config-access-list)# exit -------------Binding the Flow Access List to an existing VLAN Interface-----------OS9024F(config)# show interface

April 2006

207

ML48261, Rev. 02 Access Lists (ACLs)

Chapter 16:

INTERFACES TABLE ================ Name M Device IP State MAC Tag Ports ----------------------------------------------------------------------------------vif3 vif3 DO 00:0F:BD:06:05:B8 0130 7-9 vif7 vif7 192.1.3.4/24 DO 00:0F:BD:00:05:B8 0100 1-3 vif8 vif8 192.2.3.4/24 DO 00:0F:BD:02:05:B8 0200 3-6 vif9 vif9 192.3.28.205/24 DO 00:0F:BD:09:05:B8 0078 10-12 vif201 vif201 192.4.4.4/24 DO 00:0F:BD:12:05:B8 2001 19-23 vif0 vif0 DO 00:0F:BD:00:05:B8 0001 13-18,24 - 'vif0' is the default forwarding interface. - drop-tag is 4094. OS9024F(config)# interface vlan vif7 OS9024F(config-vif7)# access-group ? WORD Access-list name OS9024F(config-vif7)# access-group F-ACL1 2,3 OS9024F(config-vif7)# ------Viewing information on the Flow Access List bound to the VLAN Interface-----OS9024F(config-vif7)# show detail vif7 is DOWN (No state changes have occurred) Active: Yes Ports: 1-3 Interface type is Vlan Encapsulation: 802.1Q, Tag 100 MAC address is 00:0F:BD:00:05:B8 IP address is 192.1.3.4/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is active: F-ACL1 Ports: 2-3 OS9024F(config-vif7)#

April 2006

208

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

Chapter 17:

Traffic Conditioner
Definition
Traffic Conditioner (TC) is a set of tools that complement the flow classification process described in Chapter 15: Quality of Service (QoS), page 174.

Purpose
A TC is used to provide two key services related to aggregate flow:

SLA enforcement: This service is implemented using single or dual-rate metering and also policing or CoS marking/re-marking

Accounting and billing: For this service, flow aggregate counters are maintained These two services are needed to limit ingress traffic, typically at access points, such as, an Ethernet-to-the-Subscriber access box. By combining the services with egress traffic shaping, they form a complete SLA enforcement set of tools for service providers.

Number
Up to 64K TCs can be configured on an OS9000.

Action List
An action list is a set of TC actions. Any number of Action Lists can be bound to a TC. To activate a configured TC, its Action List must be included in an ACL rule as described in the section Stage 2 Actions on Packet, page 182.

Creation/Access
To create/access an Action List, invoke the following command in the configure terminal mode: action-list NAME where, NAME Name of the action list. (The name can be any string of alphanumeric characters.) as shown in the example below. Example
OS9000> enable OS9000# configure terminal OS9000(config)# action-list ActionList1 OS9000(config-action-list)#

Viewing
To view an Action List, invoke the following command in the configure terminal mode: show action-list [detail] [NAME] where,

April 2005

209

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

detail Details on the action list. NAME Name of the action list. (The name can be any string of alphanumeric characters. If no name is entered, all the configured action lists are displayed.) as shown in the example below. Example
OS9000(config)# show action-list detail ACN1 action-list ACN1 ================ Status: not active Number of actions: 1 TC ---Accounting: enabled, packet-counters Drop packets marked Red: disabled Conformance counter set number is #2 Single Leaky Bucket parameters: cir=5m bits/sec, cbs=10K bytes, ebs=5K bytes OS9000(config)#

Functions
The TC can perform the following functions on traffic:

Metering Policing Remarking

Metering
Models
Packets entering the OS9000 can be metered according to either of the following models: trTCM (2-rate 3-Color Marking) Either model assigns one of the following three Conformance Levels (CLs) to each ingress packet: Green conforming Yellow partially conforming

srTCM (1-rate 3-Color Marking)

Red non-conforming Traffic Metering (see RFC 2475, An Architecture for Differentiated Services) is the process of measuring the time-involved properties (e.g., speed) of a traffic stream selected by a classifier. A TC may be configured to meter an aggregate flow according to one of the following models: srTCM trTCM

srTCM (1-rate 3-Color Marking) srTCM (see RFC 2697) meters a traffic flow aggregate and marks its packets according to the three parameters Committed Information Rate (CIR), Committed Burst Size (CBS), and Excess Burst Size (EBS), to be either Green, Yellow, or Red. srTCM is useful, for example, for ingress policing of a service, where only the length, not the peak rate, of the burst determines service eligibility. The single rate used by srTCM is CIR. CBS extends the CIR limit (which applies to green packets) by adding to it.

April 2006

210

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

CIR is expressed in Kbits/sec, and includes the IP header but not link-specific headers. CBS and EBS are measured in bytes. The CBS and EBS must be so configured that at least one of them is greater than 0. It is recommended that when the value of the CBS or the EBS is greater than 0, it is greater than or equal to the size of the largest possible IP packet in the stream. srTCM assumes that the packet stream is uncolored. A packet is marked with the Conformance Level as follows:

Red otherwise Figure 28, below, shows how a packet is handled by the srTCM model.

Green if it does not exceed the CBS Yellow if it does exceed the CBS but not the EBS

Figure 28: srTCM Operation TB (Rate, BurstSize) is a Leaky Bucket function with two arguments: Rate and Maximal Burst Size. The output of this function is a Yes/No decision regarding conformance of the packet to this Leaky Bucket function. trTCM (2-rate 3-Color Marking) trTCM (see RFC 2698) meters an IP packet aggregate flow and marks its packets either Green, Yellow, or Red. A packet is marked Red if it exceeds the PIR. Otherwise, it is marked either Yellow or Green depending on whether it exceeds or doesn't exceed the CIR. trTCM is useful, for example, for ingress policing of a service, where a peak rate needs to be enforced separately from a committed rate. The two rates used by srTCM is CIR and PIR. CBS extends the CIR limit (which applies to green packets) by adding to it. PBS extends the PIR limit (which applies to yellow packets) by adding to it. CIR and PIR are expressed in Kbits/sec, and both include the IP header but not linkspecific headers. The PIR must be equal to or greater than the CIR. CBS and PBS are measured in bytes, and both must be configured to be greater than 0. It is recommended that they be configured to be equal to or greater than the size of the largest possible IP packet in the stream. As in the single rate model, trTCM uses the packets Drop Precedence as the indicator of the pre-color. A packet is marked with the Conformance Level (CL) as follows:

Green if it does not exceed either the PIR or the CIR Figure 29, below, shows how a packet is handled by the trTCM model.

Red if it exceeds the PIR Yellow if it does not exceed the PIR but exceeds the CIR

April 2006

211

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

Figure 29: trTCM Operation

Configuration
To configure srTCM or trTCM: 1. Enter the configure terminal mode. Example
OS9000> enable OS9000# configure terminal

2. Create/access an Action List by invoking the following command. action-list NAME where, NAME is the name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.) Example
OS9000(config)# action-list ACN1 OS9000(config-action-list)#

3. Enter the TC mode by invoking the command: tc-action Example

OS9000(config-action-list)# tc-action OS9000(config-tc-action)#

4. Using Table 11, below, select one of the metering/marking models30: Table 11: Color Marking of Packets by srTCM and trTCM Models Color Marked Green srTCM Model Traffic rate < CIR + CBS Yellow CIR + CBS < Traffic rate < CIR + CBS + EBS CIR + PBS < Traffic rate < PIR + PBS Red CIR + EBS < Traffic rate PIR + PBS < Traffic rate

trTCM

Traffic rate < CIR + PBS

30

The metering/marking model determines the color (green yellow, or red) with which a packet is to be marked and marks the packet accordingly.

April 2006

212

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

5. Select the metering model srTCM or trTCM as follows: srTCM rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE ebs INTEGER where, rate Traffic speed. single-leaky-bucket Metering/marking algorithm srTCM whose coloring action depends on the traffic parameters CIR, CBS, and EBS according to Table 11, page 212. cir Committed Information Rate (CIR) RATELIMIT CIR value. The value may be any number in the range 64K-1G bits/sec. Valid units are: k, m, g. Examples: 100k, 10m, 1g. cbs Committed Burst Rate (CBS) BURSTSIZE CBS value. The value may be any number in the range 1K-16M bytes. Valid units are: k, m. Examples: 7k, 2m. ebs Excess Burst Rate (EBS) BURSTSIZE EBS value. The value may be any number in the range 1K-16M bytes. Valid units are: k, m. Examples: 3k, 5m. trTCM rate dual-leaky-bucket cir RATELIMIT cbs BURSTSIZE pir RATELIMIT pbs BURSTSIZE where, rate Traffic speed. dual-leaky-bucket metering/marking algorithm trTCM whose coloring action depends on the traffic parameters CIR, CBS, PIR, and PBS according to Table 11, page 212. cir Committed Information Rate (CIR) RATELIMIT CIR value. The value may be any number in the range 64K-1G bits/sec. Valid units are: k, m, g. Examples: 100k, 10m, 1g. cbs Committed Burst Rate (CBS) BURSTSIZE CBS value. The value may be any number in the range 1K-16M bytes. Valid units are: k, m. Examples: 7k, 2m. pir Peak Information Rate (PIR) RATELIMIT PIR value. The value may be any number in the range 64K-1G bits/sec. Valid units are: k, m, g. Examples: 100k, 10m, 1g. pbs Peak Burst Rate (PBS) BURSTSIZE PBS value. The value may be any number in the range 1K-16M bytes. Valid units are: k, m. Examples: 7k, 2m.

Policing
To perform policing for a specific TC: 1. Enter the Action List mode by invoking the command: action-list NAME where, NAME Name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.) 2. Enter the TC mode by invoking the command:

April 2006

213

ML48261, Rev. 02 Traffic Conditioner tc-action 3. Select policing by invoking the command: drop-red Drop red applies to all ingress traffic.

Chapter 17:

CL Remarking
CL remarking is the changing of a packet SL (that was assigned in the marking/mapping stage described in the section SL Mapping, page 174) according to the CL. The CL is assigned to packets by one of the metering models srTCM or trTCM of the TC. CL remarking overrides the SL assigned as described in the section SL Mapping, page 174 but is overridden by the SL assigned as described in the section Stage 2 Actions on Packet, page 182. Re-marking can be used for two purposes: To modify the handling of a packet by downstream devices in the network. Remarking applies to all ingress traffic.

To modify the internal forwarding priority within the egress queues.

Default Map
To view the current CL remarking map, invoke the command do show cl-mapping. Table 12, below, shows the default CL mapping. Table 12: Default CL Remarking Map
ORIG-SL 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 8 Green Yellow Red Green Yellow Red Green Yellow Red Green Yellow Red Green Yellow Red Green Yellow Red Green Yellow Red Green Yellow Red CL 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 8 NEW-SL

April 2006

214

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

Custom Map
To change an existing CL remarking map: 1. Enter configure terminal mode. 2. Invoke the command: cl-mapping orig-sl <1-8> green|yellow|red new-sl <1-8> where, <1-8> (first) Range of SL values 1-8, from which one value is to be selected. The value is the SL marked as described in the section SL Mapping, page 174. green CL green yellow CL yellow red CL red <1-8> (second) Range of SL values 1-8, from which one new value is to be selected. as shown in the example below: Example OS9000(config)# cl-mapping orig-sl 8 red new-sl 6 OS9000(config)# 3. If required, repeat step 1, above for other SL values.

View Map
To view the existing CL remarking map: 1. Enter configure terminal mode. 2. Invoke the command: show cl-mapping Example OS9000(config)# show cl-mapping ORIG-SL CL NEW-SL ---------------------------------------------1 green 1 1 yellow 1 1 red 1 2 green 2 2 yellow 2 2 red 2 3 green 3 3 yellow 3 3 red 3 4 green 4 4 yellow 4 4 red 4 5 green 5 5 yellow 5 5 red 5 6 green 6 6 yellow 6 6 red 6 7 green 7 7 yellow 7

April 2006

215

ML48261, Rev. 02 Traffic Conditioner 7 red 7 8 green 8 8 yellow 8 8 red 6 OS9000(config)#

Chapter 17:

Activation
For remarking to take effect, a metering model (srTCM or trTCM) must be assigned to the Action List (using the command rate single-leaky-bucket cir RATELIMIT cbs BURSTSIZE ebs INTEGER or the command rate dual-leaky-bucket cir RATELIMIT cbs BURSTSIZE pir RATELIMIT pbs BURSTSIZE as described in the subsection Configuration, page 212 of the section Metering.) To activate CL remarking: 1. Enter the Action List mode by invoking the command: action-list NAME where, NAME Name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.) 2. Enter the TC mode by invoking the command: tc-action 3. Activate remarking by invoking the command: remark-by-cl [remark-vpt-dscp] [remark-cos] where, remark-by-cl Enable changing of SL of traffic according to conformance level mapping table remark-vpt-dscp Enable changing of VPT and DSCP according to the new SL in the CL mapping table. (If an MPLS action is included in the Action List [e.g., by binding a VC to the Action List], EXP bits in the header of the MPLS packet are remarked according to the SL of the packet.) remark-cos For an MPLS packet: Enable changing of the SL according to the EXP bits in the header of the MPLS packet. For a non-MPLS packet: Enable changing of the SL according to the DSCP bits in the IP header. If the egress port is set to tag, the VPT also is changed.

Deactivation
To deactivate remarking: 1. Enter the Action List mode by invoking the command: action-list NAME where, NAME Name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.) 2. Enter the TC mode by invoking the command: tc-action 3. Activate remarking by invoking the command: no remark-by-cl

April 2006

216

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

Accounting
Counters
The following sets of counters are available for each TC: Global Counter Set A Specific Counter Set is automatically assigned to each TC. Optionally, a Global Counter Set also can be assigned to each TC. The TC counters count all packets that have arrived at the TC and that have not been dropped by it. Packets might still be dropped further on at the egress queues. Specific Counter Set A Specific Counter Set consists of four byte counters. They are:

Specific Counter Set

Admitted aggregate Counter The first three counters count according to the selected metering model srTCM or trTCM described in the section Models, page 210. Green CL Counter counts green packets. Yellow CL Counter counts yellow packets. Red CL Counter counts red packets. The Admitted aggregate counter shows the total of the Green CL, Yellow CL, and, if the dropred TC action was not selected by the user, Red CL. This counter is needed for accounting and billing for services. Global Counter Set There are three Global Counter Sets. Each Global Counter Set consists of six counters. They are:

Green CL Counter Yellow CL Counter Red CL Counter

Red CL packet Counter Each TC may be assigned one (or none) of these three sets of counters as follows: 1. Enter configure terminal mode. 2. Enter the mode of the specific Action List by invoking the command. action-list NAME where, NAME Name of the action list.

Green CL byte Counter Green CL packet Counter Yellow CL byte Counter Yellow CL packet Counter Red CL byte Counter

3. Enter the TC mode by invoking the command: tc-action 4. Assign a global counter set by invoking the command: counter-set-number <1-3> where, <1-3> Global counter sets 1 to 3 from which one is to be selected.

To replace a selected global counter set with another for a specific TC, invoke the counter-set-number <1-3> using the new global counter set number instead of <13>.

April 2006

217

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

To dissociate a selected global counter set from a specific TC, invoke the no counterset-number. Each counter shows the aggregate of counts for all the TCs assigned to the counter. The counters may count either the entire Layer 2 packet bytes, or just the Layer 3 packet bytes which exclude the MAC header and CRC. Global Counter Sets are used for statistical analyses and troubleshooting.

Activation
To activate accounting for a specific TC: 1. Enter configure terminal mode. Example
OS9000# configure terminal OS9000(config)#

2. Enter the mode of the specific Action List by invoking the command: action-list NAME where, NAME Name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.) Example
OS9000(config)# action-list ACN1 OS9000(config)#

3. Enter the mode of TC by invoking the command: tc-action 4. Select the counting mode by invoking the command: account byte-counters|packet-and-byte-counters|packetand-byte-counters where, byte-counter Byte counting. In this mode, the counter can count up to 248 1 bytes. packet-and-byte-counter Packet-&-byte counting. In this mode, the counter can count up to 226 1 bytes and 222 1 packets. packet-counter Packet counting. In this mode, the counter can count up to 248 1 packets. Example
OS9000(config-tc-action)# account ? <cr> byte-counters All 48 bits assigned for byte counter packet-and-byte-counters 26 bits assigned for byte counter and 22 bits for packet counter packet-counters All 48 bits assigned for packet counter | Output modifiers OS9000(config-tc-action)# account packet-and-byte-counters OS9000(config-tc-action)#

Viewing
Method 1 To view the counter readings for a specific TC in TC mode: 1. Enter the TC mode as described in the section Activation, page 218. 2. To display counter readings with refresh (continual update), invoke the command: monitor tc-counters

April 2006

218

ML48261, Rev. 02 Traffic Conditioner To display counter readings without refresh, invoke the command: show tc-counters Example
OS9000# configure terminal OS9000(config)# action-list ACN1 OS9000(config-action-list)# tc-action OS9000(config-tc-action)# show tc-counters Traffic Conditioner ACN1 Counters: ================================= 51098 - Metering bytes with Green conformance 2341 - Metering bytes with Yellow conformance 67 - Metering bytes with Red conformance 51506 - Admitted bytes for flow aggregate 349 - Admitted packets for flow aggregate TC Conformance Counter Set#1: -------------------------------1478934 - Number of bytes marked green 9008 - Number of packets marked green 5752 - Number of bytes marked yellow 299 - Number of packets marked yellow 381 - Number of bytes marked red 5 - Number of packets marked red OS9000(config-tc-action)#

Chapter 17:

Notice that since the Admitted bytes for flow aggregate count (51506) = the total of the above three counts (51098 + 2341 + 67). This means that drop-red TC action was not set by the user. Method 2 To view the counter readings for a specific TC from enable mode: 1. Enter enable mode. 2. Invoke the command: show tc-counters AL_NAME where, AL_NAME Name of the action list. (The name can be any string of alphanumeric characters up to 20 characters long.)

Clearance
To clear the Specific Counter Set of a TC: 1. Enter the TC mode as described in the section Activation, page 218. 2. Invoke the command: clear tc-counters Example
OS9000# configure terminal OS9000(config)# action-list ACN1 OS9000(config-action-list)# tc-action OS9000(config-tc-action)# clear tc-counters

Aggregation
Configuration Accounting for several existing TCs (assigned using action lists) can be unified as follows: 1. Enter configure terminal mode.

April 2006

219

ML48261, Rev. 02 Traffic Conditioner 2. To enter the tc-counters-group mode, invoke the command: tc-counters-group NAME

Chapter 17:

where, NAME Name for the group of existing TCs whose accounts are to be unified. (To cancel aggregate accounting, invoke the command no tc-countersgroup NAME.) 3. To provide a textual description for the group of TCs, invoke the command: description TEXT where, TEXT Textual description for the group.

(To delete the textual description for the group of TCs, invoke the command no description.) 4. To include an existing TC in the joint accounting, invoke the command: action-list NAME where, NAME Name for the action list assigned to the existing TC whose account is to be unified with those of other TCs. (To delete the action list, invoke the command no action-list NAME.) 5. Repeat the above step for each action list assigned to an existing TC whose account is to be unified with those of other TCs. Example
OS9000# configure terminal OS9000(config)# tc-counters-group ? NAME Name of the group OS9000(config)# tc-counters-group WaterPark OS9000(config-tc_group-WaterPark)# description Customers are C118, C119, C120. OS9000(config-tc_group-WaterPark)# action-list ACN1 OS9000(config-tc_group-WaterPark)# action-list ACN2 OS9000(config-tc_group-WaterPark)#

Viewing Groups To view configured groups of Action Lists: 1. Enter enable mode. 2. Invoke either of the following commands: show tc-counters-group [configuration] Example
OS9000> enable OS9000# show tc-counters-group configuration ! ! TCGROUP configuration ! tc-counters-group JurassicPark action-list ACN3 ! tc-counters-group WaterPark action-list ACN1 action-list ACN2 ! OS9000#

April 2006

220

ML48261, Rev. 02 Traffic Conditioner

Chapter 17:

Aggregate Counts Method 1 To view the aggregate counts of a specific group of TCs, whose accounting has been unified, in tc-counters-group mode: 1. Enter configure terminal mode. 2. Invoke the command: tc-counters-group NAME where, NAME Name for the group of TCs whose accounts have been unified.

3. Invoke either of the following commands: show monitor where, show Example
OS9000# configure terminal OS9000(config)# tc-counters-group WaterPark OS9000(config-tc_group-WaterPark)# show Traffic conditioner counters groups: Flags: a - absent; i - inactive; m - metering; p - aggr packets; b - aggr bytes; <1-3> - conformance counter set number Group:WaterPark; desription:Customers are C118, C119, C120. Action-list |Flags| Green | Yellow | Red | Aggr pkts | ACN1 i 68902 ACN2 i 8014163 OS9000(config-tc_group-WaterPark)# 375 909 28 0 0 0

Display without refresh. Display with refresh.

monitor

Aggr bytes 0 0

Method 2 To view the aggregate counts of the group of TCs, whose accounting has been unified, in enable mode: 1. Enter enable mode. 2. Invoke either of the following commands: show tc-counters-group [NAME] monitor tc-counters-group [NAME] where, show NAME Example
OS9000> enable OS9000# show tc-counters-group configuration ! ! TCGROUP configuration ! tc-counters-group JurassicPark action-list ACN3 ! tc-counters-group WaterPark action-list ACN1 action-list ACN2 !

Display without refresh. Display with refresh. Name of the group of TCs whose accounts have been unified.

monitor

April 2006

221

ML48261, Rev. 02 Traffic Conditioner

OS9000#

Chapter 17:

Activation
To activate a configured TC, include its Action List in an ACL rule as described in the section Stage 2 Actions on Packet, page 182.

April 2006

222

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 18:

Egress-Queue Manager (EQM)

Definition
The Egress Queue Manager (EQM) is used to provide traffic control and monitoring services on outbound traffic queues.

Purpose
The purpose of the EQM is to perform the following functions at each physical port:

Prevent congestion in queues Ensure that at least the minimum bandwidth allocated to each queue is provided Limit rate to the allocated bandwidth and shape individual queues Schedule flows from multiple queues

Port Configuration
The EQM maintains the following per egress port: Maximum number of packet descriptors allowed for the port. (This constraint prevents a congested port from consuming all egress descriptors in the shared link-list pool.) Number of Drop Precedence levels supported for the ports queues. Maximum egress rate set for the port for Token Bucket shaping, in addition to the per-queue shaping. (This is useful for limiting the egress bandwidth for each port.) Scheduling modes (SP, WRR1, WRR0) for the ports queues see the section Scheduling, page 224, for details.

Queue Configuration
The EQM maintains the following configuration parameters per queue per egress port: Queue enable/disable Maximum number of descriptors allowed for the queue. (This constraint prevents a congested queue from consuming all descriptors allocated for queues at the port.) RED parameters:

Weight Drop Factor Thresholds (minimum and maximum)

Queue shaping parameters, including Token Bucket profile Weight for WRR scheduler (if the queue is scheduled according to WRR)

Congestion Avoidance
Congestion is a condition in which the OS9000 is unable to receive and process all packets arriving at its ports. It can occur when: The data speed on the transmission link remains smaller than the data speed on the reception link over a period of time

April 2005

223

ML48261, Rev. 02 Egress-Queue Manager (EQM) The bandwidth provided for a low(er) priority queue is too small

Chapter 18:

Flow Control is activated by a device at the other end of the transmission link This problem is resolved by the OS9000 using a congestion avoidance mechanism called Tail-Drop. Tail drop is applied to each egress queue. It forms three queues, one for green packets, one for green+yellow packets, and one for green+yellow+red packets. (The packets are marked green, yellow, or red using the command rate in mode tc-action under mode action-list under mode configure terminal.) Three fixed byte-count thresholds are maintained, one for each color. The threshold for green is highest. The threshold for red is lowest. If no threshold is crossed, packets are placed in the egress queues of the flow scheduler. If the threshold for red is crossed, packets are dropped from the red queue while packets from the yellow and green queues are forwarded. When the threshold for yellow is crossed, packets are dropped from the red and possibly yellow queues while packets from the green queue are forwarded. When the threshold for green is crossed, all packets from all three queues may be dropped. Packets are dropped, starting from the tail end of the queue. Once a packet is placed in an egress queue of the flow scheduler it will not be dropped even if congestion occurrs. Tail Drop uses the actual queue length and not the average queue length.

Scheduling
General
Scheduling is the process of selecting packets from egress queues for placement on a transmission link. Scheduling depends on the scheduling mode (described below) and QoS factors such as traffic shaping (described in the section Shaping (Rate Limiting, page 228).

Scheduling Modes
There are three scheduling modes for queues. They are:

Weighted Round Robin 0 (WRR0) The general relationship between the modes is as follows: SP queues are scheduled before WRR1 queues and WRR0 queues. WRR1 queues are scheduled before WRR0 queues. The user can set each queue at each port in any one of the scheduling modes. The user can also set a further relationship between these modes such as rate limit per queue as described in the section Shaping (Rate Limiting, page 228. The general relationship between the modes, the capability to set a queue in any one of the modes, and the capability to set a rate limit per queue enables support for the IETF DiffServ standardized PHBs such as Assured Forwarding (AF), Expedited Forwarding (EF), Best Effort, etc. Scheduling queues in both SP and WRR modes enables handling of highly time-sensitive traffic (such as VoIP and mission critical protocols) and other traffic on the same link bandwidth. Strict Priority (SP) SP has higher scheduling priority than WRR1 and WRR0. At each port, a queue in SP mode that has higher SL31 is scheduled before queues in SP mode that have lower SL. Accordingly, if, for e.g., queues 6 to 8 are in SP mode, queue 8 (SL8) is scheduled before queue 7 (SL7), and queue 7 before queue 6.
31

Strict Priority (SP) Weighted Round Robin 1 (WRR1)

SL is DiffServ Service Level or Class of Service (CoS). SL can have any value from 1 to 8.

April 2006

224

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

Weighted Round Robin 1 (WRR1) WRR1 has higher scheduling priority than WRR0. At each port, queues in WRR1 mode share the available link bandwidth in proportion to the weights assigned to them. The weights can have any value in the range 1 and 255 so that the weight ratio of two queues in WRR1 mode can be as high as 255:1. If a weight W is assigned to a queue W x 256 bytes will be transmitted from the queue in burst mode, i.e., before transmission begins from another queue. Accordingly, weight 1 is equivalent to 256 bytes, weight 2 is equivalent to 2 x 256 bytes, etc., so that weight 255 is 63.75 Kbytes. Weighted Round Robin 0 (WRR0) WRR0 has lower scheduling priority than WRR1 and SP. Other than this, the description given for WRR1 in the section just above applies for WRR0 just as well.

Configuration
General This section shows how to configure scheduling for each queue by setting it into one of the three modes and assigning to the queue a weight if it is set in WRR1 or WRR0 mode. To avoid confusion, ensure that:

Queues in SP mode have higher SL values than queues in WRR1 mode and WRR0 mode, and

Queues in WRR1 mode have higher SL values than queues in WRR0 mode. For example, queue 6 should not be set in SP if queue 7 is set in WRR1. Setting all queues in SP mode without traffic shaping may prevent progress of lower SL queues. The default weights for the eight queues in WRR1 or WRR0 mode are as follows:
Queue Weight 1
1 (= 256 bytes)

2
16 (= 4K bytes)

3
32 (= 8K bytes)

4
48 (= 12K bytes)

5
64 (= 16K bytes)

6
80 (= 20K bytes)

7
96 (= 24K bytes)

8
112 (= 28K bytes)

Scheduling can be configured for a queue using any of the following methods:

Default Method SP Method WRR Method SP&WRR Method

Default Method To configure the default scheduling32 for one or more queues, invoke the command: port priority-queuing sl <1-8|all> default PORTS-GROUP|all where, port Action on port(s). priority-queuing Priority queuing. sl SL. 1-8 Eight queues from which one is to be selected. Queue 1 has SL 1 (lowest priority). Queue 8 has SL 8 (highest priority). all All SLs (queues). default Default scheduling, i.e., an SL (selected using a value for the argument 1-8, above) will be scheduled in SP mode. PORTS-GROUP Group of ports one or more of whose SLs (queues) are to be assigned the default scheduling.
32

Configuring the default scheduling for a queue assigns the queue to SP mode.

April 2006

225

ML48261, Rev. 02 Egress-Queue Manager (EQM) all All ports.

Chapter 18:

SP Method To configure the SP scheduling for one or more queues, invoke the command: port priority-queuing sl <1-8|all> sp PORTS-GROUP|all where, port Action on port(s). priority-queuing Priority queuing. sl SL. 1-8 Eight queues from which one is to be selected. Queue 1 has SL 1 (lowest priority). Queue 8 has SL 8 (highest priority). all All SLs (queues). sp SP scheduling. PORTS-GROUP Group of ports one or more of whose SLs (queues) are to be assigned the SP scheduling. all All ports. WRR Method To configure the WRR1 or WRR0 scheduling for one or more queues, invoke the command: port priority-queuing sl <1-8|all> <wrr1|wrr0> weight <1-255> PORTS-GROUP|all where, port action on port(s). priority-queuing Priority queuing. sl SL. 1-8 Eight queues from which one is to be selected. Queue 1 has SL 1 (lowest priority). Queue 8 has SL 8 (highest priority). all All SLs (queues). wrr1 WRR1 scheduling. The queues in the WRR1 group are scheduled in WRR mode in relation to one another. wrr0 WRR0 scheduling. The queues in the WRR0 group are scheduled in WRR mode in relation to one another. The queues in WRR1 (higher priority) are scheduled in SP mode in relation to the queues in WRR0 (lower priority). weight WRR weight. <1-255> Range of WRR weights from which one weight is to be selected. Weight 1 is equivalent to 256 bytes, weight 2 is equivalent 2 x 256 bytes, and so on, so that weight 255 is equivalent to 63.75 Kbytes. (1 Kbyte = 1024 bytes) PORTS-GROUP Group of ports one or more of whose SLs (queues) are to be assigned the WRR scheduling. all All ports. SP&WRR Method To configure SP, WRR1, and WRR0 scheduling for one or more queues, invoke the command: port priority-queuing-group [default|{last-sp-sl <1-8>|none last-wrr1-sl <1-8>|none}] PORTS-GROUP|all where, port Action on port(s). priority-queuing-group Priority queuing for queue groups. default Default scheduling.

April 2006

226

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

last-sp-sl Lowest number queue in SP mode. <1-8> Eight queues from which one is to be selected. The number selected will cause all queues with this or a higher number to be in SP mode. none No queues in SP mode. last-wrr1-sl the lowest number queue in WRR1 mode. The queues within WRR1 are scheduled in WRR mode in relation to one another. <1-8> Eight queues from which one is to be selected. The number selected will cause all queues with this or a higher number to be in the WRR1 group. A higher number is at least one lower than the lowest number SP queue selected for the argument <1-8> for last-sp-sl above. The remaining queues will be assigned to the WRR0 group. The queues in WRR1 (higher priority) are scheduled in SP mode in relation to the queues in WRR0 (lower priority). none No queues in WRR1 mode. PORTS-GROUP Group of ports one or more of whose queues are to be assigned the SP, WRR1, or WRR0 scheduling. all All ports one or more of whose queues are to be assigned the SP, WRR1, or WRR0 scheduling. Example The example below shows how to configure scheduling having the following specifications:

Queues 6 to 8 in SP Queues 3 to 5 in WRR1 Queues 3, 4, and 5 having 5 Kbytes (weight 20), 7.5 Kbytes (weight 30), and 15 Kbytes (weight 60), respectively of the bandwidth for WRR1, which Queues 1 and 2 in WRR0 Queues 1 and 2 having 10 Kbytes (weight 40) and 12.5 Kbytes (weight 50), respectively of the bandwidth for WRR0

Applicable to ports 4 and 5. Packets entering queues 6 to 8 will be forwarded first. Packets entering queues 3 to 5 will be forwarded provided the queues 6 to 8 are empty. Packets entering queues 1 and 2 will be forwarded provided the queues 3 to 8 are empty. Packets in queue 7 will be forwarded provided queue 8 is empty. Packets in queue 6 will be forwarded provided queue 7 and 8 are empty. The user inputs are shown in bold.
OS9000> enable OS9000# configure terminal OS9000(config)# port priority-queuing OS9000(config)# port priority-queuing OS9000(config)# port priority-queuing OS9000(config)# port priority-queuing Set weight 60 (15k bytes) OS9000(config)# port priority-queuing Set weight 30 (7.5k bytes) OS9000(config)# port priority-queuing Set weight 20 (5k bytes) OS9000(config)# port priority-queuing Set weight 50 (12.5k bytes) OS9000(config)# port priority-queuing Set weight 40 (10k bytes) OS9000(config)#

sl sl sl sl

8 7 6 5

sp 4,5 sp 4,5 sp 4,5 wrr1 weight 60 4,5

sl 4 wrr1 weight 30 4,5 sl 3 wrr1 weight 20 4,5 sl 2 wrr0 weight 50 4,5 sl 1 wrr0 weight 40 4,5

Viewing
To view a configured Flow Scheduler, invoke the command: show port priority-queuing PORTS-GROUP April 2006 227

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

where, show Display information. port Port attribute. priority-queuing Queuing priority in respect to queues. PORTS-GROUP Group of ports for which the configured Flow Schedulers information is to be displayed.
OS9000(config)# show port priority-queuing 4,5 PORTS PRIORITY-QUEUING ====================== COS GROUP WRR-WEIGHT --------------------------Port 4 --------1 wrr0 40 (10k) 2 wrr0 50 (12.5k) 3 wrr1 20 (5k) 4 wrr1 30 (7.5k) 5 wrr1 60 (15k) 6 sp 7 sp 8 sp Port 5 --------1 wrr0 40 (10k) 2 wrr0 50 (12.5k) 3 wrr1 20 (5k) 4 wrr1 30 (7.5k) 5 wrr1 60 (15k) 6 sp 7 sp 8 sp OS9000(config)#

Shaping (Rate Limiting)

General
Shaping or Rate Limiting is the delaying of egress traffic in order to regulate/smoothen traffic flow. Shaping can be used to limit the rate for queues scheduled in SP mode, thereby allowing queues in WWR mode to share what remains of the link bandwidth. Traffic rate per queue is limited by the per-queue Token Bucket mechanism. Traffic that is in-profile with the Token Bucket parameters is transmitted on the link. Out-of-profile traffic remains in the queue until it becomes in-profile. When operating in this mode, the queuescheduling algorithm is considered non-work-conserving, i.e., queued packets are not transmitted at every opportunity, but only when the packets match the Token Bucket profile. A global token rate shaper is available per port and a token rate shaper is available per queue. The Token Bucket shaper is enabled per queue and per port.

Configuration
To configure traffic shaping & bandwidth limitation for one or more queues at one or more ports, invoke the command: port egress-shaping [per-queue <1-8>] rate RATELIMIT burst-size BURSTSIZE PORTS-GROUP|all where,

April 2006

228

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

port action on port(s). egress-shaping Shaping of egress traffic. per-queue (optional) Specific queue. If this argument is skipped, the rate limitation will be applied on the port level. <1-8> Eight queues from which one is to be selected. Queue 1 has CoS/service level 1 (lowest priority). Queue 8 has CoS/service level 8 (highest priority). rate Rate (bandwidth) limitation. RATELIMIT Rate limitation. This can be any value in the range <648k-1g bits/sec>. The format is a number indexed with k, m, or g where, k = kilo, m = mega, g = giga. For example, 200m , which means 200 Mbps. The number is rounded down to a multiple of 648k bits/sec. burst-size Burst size. BURSTSIZE Burst size. This can be any value in the range <4k-16m bytes>. The format is a number indexed with k or m where, k = kilo, m = mega. For example, 11k , which means 11k bytes. The number is rounded down to a multiple of 4k bytes. PORTS-GROUP Group of ports at which the queue(s) is(are) to be rate limited. all All ports at which the queue(s) is(are) to be rate limited.

Example
Below, is an example showing the user inputs (in bold) and OS9000 outputs on the CLI screen.
MRV OptiSwitch 9000 version 1_0_11 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal OS9000(config)# port egress-shaping per-queue 7 rate 200m burst-size 18k 3-5 Note that machine limitation is rate in steps of 648k bits/sec Note that machine limitation is burst in steps of 4k bytes port 3 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes port 4 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes port 5 queue 7 egress shaping set to: 199.584m bits/sec 16k bytes OS9000(config)#

Egress Queue Counters

An Egress Queue Counter is used to count packets in an egress queue according to one or more of the following attributes:

Physical ports VLAN tag (Interface ID) Service Level Conformance Level

Activate
To activate the egress queue counters: 1. Enter configure terminal mode. Example
OS9000# configure terminal OS9000(config)#

2. Invoke the command:

April 2006

229

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

egress-counters set1 port <1-24>|all tag <1-4096>|all sl <1-8>|all cl all|green|red|yellow where, set1 port all tag First egress counters set Egress port Range of port numbers from which one can be selected (first) All ports VLAN interface tag

<1-24>

<1-4096> Range of VLAN Interface IDs from which one can be selected all (second) All VLAN Interface IDs sl all cl all red Egress traffic service level Range of service levels from which one can be selected (third) All service levels Egress traffic conformance level (fourth) All conformance levels Conformance level green Conformance level yellow Conformance level red <1-8>

green yellow

To revoke the above command, invoke the command: no egress-counters Example

OS9000(config)# egress-counters set1 port 7 tag 2006 sl 5 cl yellow OS9000(config)#

Viewing
To view the egress queue counters 1. Enter configure terminal mode. 2. Invoke either of the following commands: show egress-counters monitor egress-counters where, show Example
OS9000(config)# monitor egress-counters Egress counters group is active for port 7, tag 2006, sl 5, cl yellow SENT SENT SENT UNICAST MCAST/UNKNOWN BCAST 23067 190 22 OS9000(config)# DROP TxQ Congest 54

Display without refresh. Display with refresh.

monitor

Queue Status Broadcasting

The OS9000 tracks the congestion level of each queue by comparing the queue length (in bytes) to the DPx_Max_Threshold (where x = 0, 1 and 2), and periodically sends a broadcast message to all other OS9000s that contains congestion level status information. This period can be set to any value in the range 256 to 4096 clock cycles.

April 2006

230

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 19:

Static and Dynamic Routing

General
Routing protocols are the formulas used by routers to determine where to forward the data packets. The routing protocol determines the path and specifies how routers communicate and share information with each other. If you do not use a static, predetermined route, various routing protocols exist that enable the network to act dynamically and switch paths when necessary. IP routing is the selection of a preferred path for forwarding packets from one IP network to another. IP networks are logical networks, therefore associations of one or more IP networks with an interface is possible. When a host on an IP network needs to send a data packet to a host on another IP network, the originating host sends the packet to an IP router or gateway on its local network. The IP router forwards the packet to the destination host's network, or to an intermediary router along the path to the destination. The packet may be handled by several routers before it reaches the destination network.

Static Routes
A static route is a permanent transmission path for sending data packets to another network. The route remains in IP routing tables until either of the following occurs: The interface used to reach the next hop in the static route becomes disabled. To configure a static route for an OS9000: 1. Enter configure terminal mode. 2. Invoke the command: ip route A.B.C.D/M A.B.C.D [1-255] where, A.B.C.D/M IP destination prefix (address)/mask A.B.C.D IP gateway address (next hop IP address) [1-255] Distance value for this route as shown in the example below: Example
OS9000> enable OS9000# configure terminal OS9000(config)# ip route ? default-gateway Default gateway A.B.C.D/M IP destination prefix (e.g. 10.0.0.0/8) A.B.C.D IP destination prefix OS9000(config)# ip route 39.1.2.3/18 ? A.B.C.D IP gateway address INTERFACE IP gateway interface name null Blackhole route OS9000(config)# ip route 39.1.2.3/18 44.44.44.44 ? <cr> <1-255> Distance value for this route | Output modifiers OS9000(config)# ip route 39.1.2.3/18 44.44.44.44 7 OS9000(config)#OS9000(config)#

The administrator deletes it

3. Type write file or write memory to save the configuration changes to the configuration files. April 2005 231

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

Dynamic Routes
A dynamic route is a temporary transmission path to another network. The route remains in IP routing tables until the routing protocol decides on a better route.

Routing Information Protocol (RIP)

Configuration RIP is used for managing routing information within a self-contained network, such as a corporate local area network (LAN) or an interconnected group of LANs. Using RIP, the router maintains a routing table and sends it periodically to the closest neighboring routers, so that all the routers running RIP will have the same routing information. RIP, a distance-vector routing protocol, measures the shortest path between two points on a network, using a hop count as a way to determine network distance. Each host can then use the routing information to determine where to send the packet next. The OS9000 supports both RIP I, and RIP II, which includes subnet masking. To configure an OS9000 to operate with RIP protocol: 1. Enter configure terminal mode. 2. Type router rip at the (config)# prompt. This defines RIP as the routing protocol and begins the RIP routing process.
OS9000(config)# router rip OS9000(config-rip-router)#

3. Type network followed by the subnet IP or interface name to enable RIP on the specified network. RIP begins processing packets on the specified network using the appropriate address.
OS9000(config-rip-router)# network 33.3.3.3/16 OS9000(config-rip-router)#

4. Type version by the version number (1 or 2) to specify RIP version. (2 is

OS9000(config-rip-router)# version 1 OS9000(config-rip-router)#

5. Type redistribute connected to redistribute the router's local connected interface.

OS9000(config-rip-router)# redistribute connected OS9000(config-rip-router)#

6. Type redistribute static to redistribute the router's local static routes.

OS9000(config-rip-router)# redistribute static OS9000(config-rip-router)#

7. Type default-information originate to advertise the static route.

OS9024-4C(config-router)# default-information originate OS9024-4C(config-router)#

8. Type write file to save the configuration changes to the configuration files. The following displays a sample command line for configuring RIP:
OS9000# configure terminal OS9000(config)# router ? rip Routing Information Protocol (RIP) OS9000(config)# router rip OS9000(config-router)# network ? A.B.C.D/M IP prefix <network>/<length>, e.g., WORD Interface name OS9000(config-router)# network 25.3.4.7/18 OS9000(config-router)# version ? <1-2> version OS9000(config-router)# version 1 OS9000(config-router)# redistribute connected OS9000(config-router)# redistribute static

35.0.0.0/8

April 2006

232

ML48261, Rev. 02 Egress-Queue Manager (EQM)

OS9000(config-router)#

Chapter 18:

Authentication Customization The OS9000 provides per interface authentication for RIP messages sent and received by the router. The router reads the RIP message and if the correct authentication string or password is included, then the message is authenticated. This prevents unauthorized packets that do not have the required authentication string from being processed. To activate RIP authentication for an OS9000: 1. Enter configure terminal mode. 2. Type interface and enter the name of the interface that you are configuring. interface IFNAME
OS9000(config)# interface vif3 OS9000(config-vif3)#

as shown in the following example: 3. Invoke the command ip rip authentication key-chain|mode|string LINE where, key-chain is key-chain method for authentication of RIP messages to the router mode is mode method for authentication of RIP messages to the router string is string method for authentication of RIP messages to the router LINE is name of key-chain as shown in the following example:
OS9000(config-if)# ip rip authentication key-chain Key_Chain_1 OS9000(config-if)#

4. Type write file to save the configuration changes to the configuration files. The following is a sample RIP message authentication command line:
OS9000> enable OS9000# configure terminal OS9000(config)# interface OS9000(config)# interface vif1 OS9000(config-if)# ip rip authentication key-chain 22 OS9000(config-if)# ip rip authentication mode Main_Floor OS9000(config-if)# ip rip authentication string 12345 OS9000(config-if)#

April 2006

233

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

Open Shortest Path First (OSPF)

The OSPF routing protocol is an Internet Gateway Protocol that determines routes based on the number of routers, transmission speed, delays, and route cost. OSPF is a link-state protocol, meaning that it updates neighboring routers as soon as a change is made to a link of a router rather than wait until timeout for hello packets as in RIP, for example. OSPF, therefore, provides faster convergence. Additionally OSPF is more scalable and does not have the RIP limitation of 15 nodes per ring. To configure an OS9000 to operate with OSPF: 1. Enter configure terminal mode. 2. To enter OSPF configuration mode, invoke the command router ospf [0-65535] where, [0-65535] Range of OSPF process ID.

3. Set the Router ID of the LambdaDriver router to participate in the OSPF protocol by invoking the command: router-id IP_ADDRESS where, IP_ADDRESS IP address identifying the router. Note A dummy interface is always up and has connectivity to all the other VLAN interfaces of the LambdaDriver. Accordingly, to increase accessibility to the LambdaDriver set the router ID of the LambdaDriver to be the same as the IP address of the dummy interface. Example
OS9000(config-router)# area auto-cost bandwidth compatible default-information default-metric distance distribute-list end exit help list neighbor network no opaque opaque-lsa-capable ospf overflow passive-interface quit redistribute protocol refresh router-id summary-address timers write or terminal ? OSPF area parameters Calculate OSPF interface cost according to OSPF compatibility list Control distribution of default information Set metric of redistributed routes Define an administrative distance Filter networks in routing updates End current mode and down to previous mode Exit current mode and down to previous mode Description of the interactive help system Print command list Specify neighbor router Enable routing on an IP network Negate a command or set its defaults Opaque Enable Opaque-LSA capability OSPF specific commands Control overflow Suppress routing updates on an interface Exit current mode and down to previous mode Redistribute information from another routing Adjust refresh parameters router-id for the OSPF process Create aggregate addresses Adjust routing timers Write running configuration to memory, network,

April 2006

234

ML48261, Rev. 02 Egress-Queue Manager (EQM)

OS9000(config-router)# router-id ? A.B.C.D OSPF router-id in IP address format OS9000(config-router)# router-id 192.168.53.10 OS9000(config-router)#

Chapter 18:

4. Set the OSPF network IP prefix and area ID by invoking the command: network NETWORK_PREFIX area AREA_ID where, NETWORK_PREFIX Network prefix address, which may or may not include a subnet mask, to specify a directly connected network on which the OSPF routing protocol runs and processes packets. AREA_ID OSPF area ID. It can be specified either as a decimal value or as an IP address. Example
OS9000(config-router)# network ? A.B.C.D Network number A.B.C.D/M OSPF network prefix OS9000(config-router)# network 192.168.53.10/24 ? area Set the OSPF area ID OS9000(config-router)# network 192.168.53.10/24 area ? <0-4294967295> OSPF area ID as a decimal value A.B.C.D OSPF area ID in IP address format OS9000(config-router)# network 192.168.53.10/24 area 0 OS9000(config-router)#

5. Invoke the command redistribute static to redistribute the router's local static interface. The following is an example of the procedure for configuring an OS9000 router to function with the OSPF protocol using the CLI.
OS9000> enable OS9000# configuration terminal OS9000(config)# router ospf OS9000(config-router)# router-id ? A.B.C.D OSPF router-id in IP address format OS9000(config-router)# router-id 194.90.140.1 OS9000(config-router)# network ? Area Set the OSPF area ID OS9000(config-router)# network 194.90.140.1 area 0 OS9000(config-router)#

Note The OS9000 sends syslog messages on OSPF state machine transitions to "Full" or "Down" states. Example:
2003/05/19 07:24:43 OSPF : NFSM[vif34:172.28.12.1-172.28.2.2]: Status change Full -> Down 2003/05/19 07:27:56 OSPF : NFSM[vif34:172.28.12.1-172.28.2.2]: Status change Loading -> Full

Border Gateway Protocol (BGP)

The Border Gateway Protocol (BGP) is a routing protocol whose primary function is to designate reachability within and between autonomous systems33. This function is
33

An Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Since this definition, it has become common for a single AS to use several interior gateway

April 2006

235

ML48261, Rev. 02 Egress-Queue Manager (EQM)

Chapter 18:

performed by exchanging routing information between routers in the network of autonomous systems. The information is sufficient to construct a graph of AS connectivity from which routing loops can be opened and some policy decisions at the AS level can be enforced. To characterize the set of policy decisions that can be enforced using BGP, the rule that a BGP operating system advertise to its peers in neighboring ASs only those routes that it itself uses has to be applied. This rule reflects the hop-by-hop routing paradigm generally used throughout the current Internet. Note that some policies cannot be supported by the hop-by-hop routing paradigm and thus require techniques such as source routing to enforce them. For example, BGP does not enable one AS to send traffic to a neighboring AS intending that the traffic take a different route from that taken by traffic originating in the neighboring AS. On the other hand, BGP can support any policy conforming to the hop-by-hop routing paradigm. Since the current Internet uses only the hop-by-hop routing paradigm and since BGP can support any policy that conforms to that paradigm, BGP is highly applicable as an inter-AS routing protocol for the current internet as well as for very large private IP networks. BGP runs over the reliable transport protocol TCP. This eliminates the need to implement explicit update fragmentation, retransmission, acknowledgement, and sequencing. Any authentication scheme used by the transport protocol may be used in addition to BGP's own authentication mechanisms. The error notification mechanism used in BGP assumes that the transport protocol supports a "graceful" close, i.e., that all outstanding data will be delivered before the connection is closed. TCP meets BGP's transport requirements and is present in virtually all commercial routers and hosts. In the following descriptions, the phrase "transport protocol connection" can be understood to refer to a TCP connection. BGP uses TCP port 179 for establishing its connections. Hosts using BGP communicate using the Transmission Control Protocol (TCP) and send updated router table information only when a host has detected a change. Only the affected part of the routing table is sent. The OS9000 implements BGP-4, the latest BGP version. BGP-4 lets adminstrators configure cost metrics based on policy statements. The routers inside the autonomous network maintain two routing tables; one for IBGP and one for EBGP. BGP-4 makes it easy to use Classless Inter-Domain Routing (CIDR), which is a way to have more addresses within the network than with the current IP address assignment scheme. To configure an OS9000 to operate with BGP: 6. To enable BGP to function, set the FIB as described in Chapter 30: Forwarding Information Base (FIB), page 320. 7. Enter configure terminal mode. 8. Configure VLAN interfaces with IP addresses to enable router-to-router and router-to-networks communication. (The procedure for configuring VLAN interfaces is given in Chapter 7: Interfaces, page 119.) 9. Assign a BGP ID to the OS9000 by invoking the command: router bgp <1-65535> where, <1-65535> BGP Router ID of the OS9000

10. Assign a BGP ID to each neighbor router by invoking the command: neighbor A.B.C.D remote-as <1-65535>

protocols and sometimes several sets of metrics within an AS. The use of the term Autonomous System here stresses the fact that, even when multiple IBGPs and metrics are used, the administration of an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it.

April 2006

236

ML48261, Rev. 02 Egress-Queue Manager (EQM) where, A.B.C.D Neighbor address BGP Router ID of the neighbor

Chapter 18:

<1-65535>

11. Assign a BGP ID to each neighbor router by invoking the command: neighbor A.B.C.D remote-as <1-65535> where, A.B.C.D Neighbor address BGP Router ID of the neighbor

<1-65535>

12. If required, disable the next hop calculation for this neighbor router by invoking the command: neighbor A.B.C.D next-hop-self where, A.B.C.D Neighbor address

13. Specify the IP addresses of the OS9000 interfaces connected to networks by repeatedly invoking the command: network A.B.C.D/M where, A.B.C.D/M Interface IP address

Following is an example in which the primary function of BGP is designated, namely, reachability between and within Autonomous systems.

Figure 30: Network on which BGP is Configured Router 1

OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 7 OS9000(config-vif1)# tag 3007 Interface is activated. OS9024-4C(config-vif1)# name R1_to_R2 OS9024-4C(config-vif1)# ip 192.168.1.1/24 OS9000(config-if)# exit

April 2006

237

ML48261, Rev. 02 Egress-Queue Manager (EQM)

OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 6 OS9000(config-vif2)# tag 3006 Interface is activated. OS9024-4C(config-vif2)# name R1_to_R3 OS9024-4C(config-vif2)# ip 192.168.2.1/24 OS9000(config-if)# exit OS9000(config)# interface vlan vif3 OS9000(config-vif3)# ports 5 OS9000(config-vif3)# tag 3005 Interface is activated. OS9024-4C(config-vif3)# ip 192.168.10.1/24 OS9000(config-if)# exit OS9000(config)# router OS9000(config-router)# OS9000(config-router)# OS9000(config-router)# OS9000(config-router)# OS9000(config-router)# bgp 100 neighbor 192.168.1.2 remote-as 100 neighbor 192.168.1.2 next-hop-self network 192.168.10.0/24 neighbor 192.168.2.3 remote-as 300

Chapter 18:

Router 2
OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 8 OS9000(config-vif1)# tag 3008 Interface is activated. OS9024-4C(config-vif1)# name R2_to_R1 OS9024-4C(config-vif1)# ip 192.168.1.2/24 OS9000(config-if)# exit OS9000(config)# interface vlan vif2 OS9000(config-vif2)# ports 6 OS9000(config-vif2)# tag 3006 Interface is activated. OS9024-4C(config-vif2)# name R2_to_Net2 OS9024-4C(config-vif2)# ip 192.168.20.2/24 OS9000(config-if)# exit OS9000(config)# router bgp 100 OS9000(config-router)# neighbor 192.168.1.1 remote-as 100 OS9000(config-router)# network 192.168.20.0/24 OS9000(config-router)#

Note The router bgp ID between two routers in the same Autonomous System (AS) must be the same. This example shows the router bgp ID as 100 between the two routers in the same AS. Router 3
OS9000> enable OS9000# configure terminal OS9000(config)# interface vlan vif1 OS9000(config-vif1)# ports 8 OS9000(config-vif1)# tag 3008 Interface is activated.

April 2006

238

ML48261, Rev. 02 Egress-Queue Manager (EQM)

OS9024-4C(config-vif1)# name R3_to_R1 OS9024-4C(config-vif1)# ip 192.168.2.3/24 OS9000(config-if)# exit OS9000(config)# router bgp 300 OS9000(config-router)# neighbor 192.168.2.1 remote-as 100 OS9000(config-router)#

Chapter 18:

Note The OS9000 sends syslog messages on BGP state machine transitions to "Established" or "Idle" states. Example:
2003/05/19 07:27:15 BGP : 172.28.2.2 [FSM] Hold_Timer_expired (Established->Idle) 2003/05/19 07:29:20 BGP : 172.28.2.2 [FSM] Receive_KEEPALIVE_message (OpenConfirm->Established)

April 2006

239

OptiSwitch 9000 User Manual

Product Version 1.0

Chapter 20:

Dynamic Host Configuration Protocol (DHCP)

Protocol
General
DHCP is an IP protocol that enables you to manage a network by automatically giving each host or machine an IP address for a specific duration of time. The amount of time, or "lease", determines how long an IP address remains valid for a host in the network, with the default value being one day. Using DHCP, you can dynamically configure network clients with leased IP addresses for varying amounts of time.

Usage
To configure DHCP: 1. From the enable mode, type configure terminal to begin configuration. 2. Type dhcp to enter the DHCP Configuration mode. 3. Type default-lease-time and enter the time, in seconds, if no specific lease time is assigned. default-lease-time time 4. Type max-lease-time and enter the time, in seconds, for a client requesting a specific lease time. max-lease-time time 5. Type domain at the prompt, and then enter the domain name. domain domain name 6. Type dns and then enter the server IP address, to be used by DHCP clients. dns server ip 7. Type exit to return to the previous mode. 8. Type write file to save the configuration changes to the configuration files. The following example displays a portion of the command line for DHCP configuration. You can type show dhcp configuration to display the various DHCP parameters configured for the specific client.
OS9000# configure terminal OS9000(config)# dhcp OS9000(config-dhcp)# domain ? NAME The domain name (e.g. opticalaccess.com) OS9000(config-dhcp)# domain coco.com OS9000(config-dhcp)# show dhcp configuration DHCP CONFIGURATION: entry: device = vif1:1 entry: device = vif3 entry: device = vif1 entry: device = vif2 dhcp status = disable OS9000(config-dhcp)#

When utilizing DHCP protocol, you must configure the subnet and interfaces for the OS9000. To configure interfaces with DHCP:

April 2005

240

ML48261, Rev. 02

Chapter 20:

1. From the enable mode, type configure terminal to begin configuration. 2. Type dhcp to enter the DHCP Configuration mode. 3. Type entry to define the subnet entry configuration and enter the interface name or the subnet IP address and mask. entry {interface name/subnet ip and mask} 4. Type range to define the range of IP addresses from which the server allocates addresses to clients, and then enter the lower and upper range values. range lower-range upper-range 5. Type router and enter the router IP address to define the router being used. router router ip address 6. Type subnet-mask and enter the relevant mask. subnet-mask mask 7. Type exit to return to the previous mode. 8. Type write file to save the configuration changes to the configuration files. The following is a sample of a DHCP interface configuration:
OS9000# configure terminal OS9000(config)# dhcp OS9000(config-dhcp)# entry ? ENTRY Interface name or remote subnet IP address and mask (a.b.c.d/mask) OS9000(config-dhcp)# entry 168.110.21.1/23 OS9000(config-dhcp-subnet)#range ? LOWER_RANGE The lower range ip OS9000(config-dhcp-subnet)# range 194.90.140.3 194.90.140.10 OS9000(config-dhcp-subnet)# router ? ROUTER-IP The router IP OS9000(config-dhcp-subnet)# router 194.90.140.1 OS9000(config-dhcp-subnet)# subnet-mask 24

Relay
General
DHCP Relay sends DHCP requests from a subnet not connected to a DHCP server to one or more DHCP servers on other subnets. Using the entry command in dhcp relay mode can specify on which interfaces the relay agent will listen for requests.

Usage
To configure DHCP relay: 1. From the enable mode, type configure terminal to begin configuration. 2. Type dhcprelay to enter the DHCP Relay Configuration mode. 3. For each DHCP server, type server to allocate a server for DHCP requests and enter the server IP address. server server ip Note Either perform both Steps 4 and 5 (below) or skip them. If you skip them, all the IP interfaces of the OS9000 will be listened on for DHCP requests. 4. To define the interface on which server replies are to be received, for each server interface, invoke the command entry <INTERFACE>

April 2006

241

ML48261, Rev. 02 where, <INTERFACE> ID of DHCP server interface as shown in the example below:
OS9000(config-dhcprelay)# entry vif5 OS9000(config-dhcprelay)#

Chapter 20:

5. To define an interface from which DHCP requests are to be forwarded, for each client interface, invoke the command entry <INTERFACE> where, <INTERFACE> ID of DHCP client interface as shown in the example below:
OS9000(config-dhcprelay)# entry vif6 OS9000(config-dhcprelay)#

6. Invoke the command exit or press <Ctrl-Z> to return to the previous mode. 7. Invoke the command write file to save the configuration changes to the configuration files. The following is a sample DHCP Relay command line including a display of available commands:
OS9000(config)#dhcprelay OS9000(config-dhcprelay)#server SERVER The server IP to be added OS9000(config-dhcprelay)#? disable Disable the DHCP Relay Agent enable Enable the DHCP Relay Agent end End current mode and down to previous mode entry Add an interface from which to forward dhcp requests exit Exit current mode and down to previous mode help Description of the interactive help system list Print command list no Negate a command or set its defaults quit Exit current mode and down to previous mode server Add a server to which to forward dhcp requests show Show running system information write Write running configuration to memory, network, or terminal OS9000(config-dhcprelay)#server 178.180.12.3 OS9000(config-dhcprelay)# enable OS9000(config-dhcprelay)#enable dhcprelay

Directing DHCP Requests to the CPU

In order to prevent DoS attacks, the OS9000, by default, blocks non-ARP broadcasts to the CPU. To enable DHCP broadcasts requests to reach the DHCP server or relay, the packets must be explicitly trapped to the CPU using an ACL. The procedure for creating such an ACL and binding it to an interface is as follows: 1. Create an extended ACL using the command: access-list extended WORD where, WORD Name of the ACL 2. Create a rule as follows: a) Create a rule that characterizes the packet as being of UDP protocol, with destination port DHCP server (67), and destination MAC address type broadcast using the commands: rule [RULE_NUM]

April 2006

242

ML48261, Rev. 02

Chapter 20: where, [RULE_NUM] (optional) Index of rule. If this argument is not entered, the rule is indexed automatically, i.e., it gets a number that is a multiple of 10. This number is the smallest that is larger than the highest in the group of rules created for the ACL. protocol eq udp dest-port eq 67 where, 67 is DHCP server port mac-da-type broadcast

b) Select the action that traps packets to the CPU using the command: action trap-to-cpu 3. Set the default policy to permit packet forwarding (in case no rule applies for the packet type) using the command: default policy permit 4. Bind the ACL to each interface for which DHCP broadcast packets are to be trapped to the CPU. Following is an example of the procedure.
MRV OptiSwitch 9024 version 1_1_6 OS9024F login: admin Password: OS9024F> enable OS9024F# configure terminal ---------------Creating an ACL that will trap DHCP packets to the CPU------------OS9024F(config)# access-list extended toCPU OS9024F(config-access-list)# default policy permit OS9024F(config-access-list)# rule 10 OS9024F(config-rule)# action trap-to-cpu OS9024F(config-rule)# protocol eq udp OS9024F(config-rule)# dest-port eq ? PORT_RANGE Single port number [0..65535] or PORT/MASK OS9024F(config-rule)# dest-port eq 67 OS9024F(config-rule)# mac-da-type broadcast OS9024F(config-rule)# exit OS9024F(config-access-list)# exit ---------------Binding the ACL to (ports of) an existing interface---------------OS9024F(config)# interface vif201 OS9024F(config-vif201)# access-group toCPU 19-22 ---------------------Viewing interface configuration details---------------------OS9024F(config-vif201)# show detail vif201 is DOWN (No state changes have occurred) Active: Yes Ports: 19-23 Interface type is Vlan Encapsulation: 802.1Q, Tag 2001 MAC address is 00:0F:BD:12:05:B8 IP address is 192.4.4.4/24 Cpu-membership is enable Management access is denied TFTP access is denied. Access-group is active:

April 2006

243

ML48261, Rev. 02
toCPU Ports: 19-22

Chapter 20:

OS9024F(config-vif201)#

April 2006

244

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

Chapter 21:

MultiProtocol Label Switching (MPLS)

General
MPLS is a technology that uses labels to direct traffic (e.g., Ethernet packets) to their destination. With MPLS it is possible to overcome the following major drawbacks of conventional routing: No support for traffic engineering because IP networks are connectionless. Difficulty in implementing complex QoS architectures. While overcoming the abovementioned drawbacks, MPLS has the following additional advantages: Scalable solution - Labels are local and several IP addresses can be associated with one or more labels. Simple solution The interior Label Switch Routers perform simple label switching. Only the Label Edge Routers perform the more complicated task of classifying the packets into FEC and binding a label. Lower latency Usually label-switching is a simple task comparing to the longest prefix match and IP forwarding. The amount of per-packet processing is reduced. More importantly, provides capabilities of connection-oriented technologies, notably ATM, that include:

Traffic engineering (optimization of network utilization, dynamic definition

of routes, resource allocation according to demand and availability)

QoS VPNs
An MPLS domain is built of LERs (Label Edge Routers) that reside at the edge of MPLS domain and interior LSRs (Label Switch Routers) that are located within the MPLS domain see Figure 31. The LERs need to deal with both MPLS frames and native protocol traffic while Interior LSRs needs to forward only MPLS frames. Following are the main functions performed on a flow in an MPLS network: 1. The Ingress Label Edge Router (LER) examines each inbound packet, classifies the packet according to a Forwarding Equivalence Class (FEC), generates an MPLS header and assigns (binds) initial label. 2. All the other routers inside the MPLS domain (interior LSRs) examine only the MPLS labels in order to make forwarding decisions while performing label switching. 3. The Egress LER removes the label and forwards the packet based on the native protocol address.

April 2005

245

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

Figure 31: Traffic Flow in an MPLS Network

Label Distribution Protocol (LDP)

General
The Label Distribution Protocol (LDP) is a protocol for distributing labels among LSRs. It contains a set of procedures and messages by which Label Switching Routers (LSRs) establish Label Switched Paths (LSPs) through a network by mapping network-layer routing information directly to data-link layer switched paths. LDP associates a Forwarding Equivalence Class (FEC) [RFC3031] with each LSP it creates. The FEC associated with an LSP specifies which packets are "mapped" to that LSP. LDP's hello protocol is UDP-based and is sent periodically. Upon receipt of the hello, LDP establishes a TCP session to the sender. Once established, FEC and label-binding information is exchanged. LDP uses both UDP and TCP port 646.

Usage
A minimal LDP configuration requires the following: Enabling OSPF protocol that updates the routing table. Enabling Router LDP.

Enabling Label switching and LDP for each interface on which LDP is to be run. Following is an example of how to set up an OS9000 to run LDP. To configure LDP on interface vif2:
interface vlan vif2 tag 3 ip 10.1.7.1/24 ports 26 label-switching ldp ! interface dummy dummy1

April 2006

246

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

ip 3.3.3.3/32 ! router ospf ospf router-id 3.3.3.3 passive-interface dummy1 network 3.3.3.3/32 area 0 network 10.1.7.0/24 area 0 ! router ldp router-id 3.3.3.3 transport-address 3.3.3.3 0 !

Chapter 21:

Traffic Engineering (TE)

General
Traffic Engineering (TE) can be used to resolve congestion and improve network utilization. Routing protocols usually create a single shortest path and all the traffic is sent through that path. The consequence is that the shortest path becomes congested while in the same time longer paths become underutilized. Now instead of adding more and more bandwidth to avoid congestion, the TE approach is to put the traffic where the bandwidth is see Figure 32.

Customer 1

OSM

OSM Customer 1

Tunnel

OSM

OSM

Customer 1

OSM

OSM

Layer 3 Routing

Traffic Engineering

Figure 32: MPLS Signaling MPLS Traffic Engineering allows explicit routing and set-up of LSPs with bandwidth reservation. It also provides control over how LSPs are recovered in the event of failure. Such functionality enables value-added services like Traffic engineered VPNs, Service Level Agreements (SLA) and Multi-media over IP solution (VoIP). In order to implement MPLS Traffic Engineering, enhancements were added to the routing protocols and to the MPLS signaling protocols. The traditional routing protocol is extended to provide explicit route selection while preserving predefined constraints. Examples for such constraints are bandwidth requirements, include or exclude nodes, include or exclude specific links. The goal of constraint-based routing is to compute a path from a given node to another, such that the path doesnt violate the constraints and is still optimal. The enhancements to the MPLS signaling protocols to allow explicit constraint-based routing produced the following extended protocols: Resource Reservation Protocol Traffic Engineering (RSVP-TE) Constrained Routing enabled Label Distribution Protocol (CR-LDP).

The enhanced Signaling protocol can provide:

April 2006

247

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

1. Coordinate label distribution 2. Explicit routes (strict & loose) 3. Bandwidth reservation 4. Class of Service 5. Preemption of existing LSPs 6. Loop prevention 7. Protection LSP Using the above technology and protocols the OS9000 is able to provide many of the new services that Service Providers seek to offer rely on TE functions. Examples are bandwidth assurance, diverse routing, load balancing, path redundancy, preparing alternative path for fast recovery and other services necessary for providing QoS. As explained in the previous paragraph, the OS9000 has the ability to create traffic engineered LSP called tunnels34. These tunnels can be created using either CR-LDP (LDP tunnels) or RSVP-TE (RSVP tunnels). One of the important constrains that the administrator can define for a tunnel is the amount of bandwidth needed for the tunnel. While the tunnel is established the bandwidth is reserved on all the OS9000s along the path. If according to the internal admission control there isnt enough bandwidth available on one of the OS9000s, that tunnel would either fail or replace an existing tunnel with lower priority. After tunnel creation, the rate-limit can be configured to police the traffic sent through the tunnel and to make sure it doesnt cross the reserved bandwidth boundary as specified in the tunnel definition.

CR-LDP
Constrained-Routing LDP (CR-LDP) is LDP extended to meet Traffic Engineering requirements in setting up routing paths. For example, an LSP can be set up based on explicit route constraints, QoS constraints, etc. Following is an example of a trunk (tunnel) configuration using CR-LDP: The trunk allocates 10 Mbps and is destined to LER with transport address 3.3.3.3 and passes through interior LSRs with transport addresses 1.1.1.1 and 2.2.2.2.
ldp-trunk MyTrunk primary MyPath bandwidth 10m to 3.3.3.3 enable ! ldp-path MyPath 1.1.1.1 loose 2.2.2.2 loose !

RSVP-TE
The RSVP-TE protocol is an extension of RSVP for establishing LSPs in MPLS networks while meeting traffic engineering requirements. RSVP allows the use of source routing where the ingress router determines the complete path through the network. The ingress router can use CSPF computation to determine a path to the destination, ensuring that any QoS and TE requirements are met. The resulting path is then used to establish the LSP. The OS9000 RSVP-TE implementation provides smooth rerouting of LSPs, preemption, and loop detection. It can be used for QoS and load balancing across the network core. RSVP is enabled as shown below:
interface vlan vif2 tag 3 ip 10.1.5.3/24

34

Also called trunks.

April 2006

248

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

ports 2 label-switching ldp rsvp ! router rsvp ! router ospf ospf router-id 3.3.3.3 passive-interface dummy1 network 3.3.3.3/32 area 0 network 10.1.5.0/24 area 0 network 10.1.7.0/24 area 0 te cspf

Chapter 21:

Following is an example of a trunk (tunnel) configuration using RSVP-TE: The trunk allocates 10 Mbps and is destined to LER with transport address 2.2.2.2 and passes through interior LSRs with transport addresses 3.3.3.3.
rsvp-trunk t1 primary path p1 primary bandwidth 10m to 2.2.2.2 ! rsvp-path p1 3.3.3.3 loose !

Virtual Circuits
Definition
A Virtual Circuit (VC) is a point-to-point bi-directional pseudo-wire interconnection for transporting OSI Layer-2 frames of a customer transparently. Several VCs can coexist along a single LSP tunnel like wires in a cable as shown in Figure 33.

Figure 33: VCs running through an LSP Tunnel

Creating a VC
The following VC command (in the mode configure terminal) is used to configure a VC: mpls l2-circuit NAME <1-1000000> A.B.C.D [GROUPID] where, mpls Configure MPLS specific attributes

April 2006

249

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

l2-circuit Specify an MPLS Layer-2 Virtual Circuit NAME Identifying string for MPLS Layer-2 Virtual Circuit. (It has local significance only.) <1-1000000> Identifying value for MPLS Layer-2 Virtual Circuit. This value is used by LDP to assign an MPLS label to a packet. A.B.C.D IPv4 Address for end-point for MPLS Layer-2 Virtual Circuit (LDP transport address of target router) GROUPID Group identifier (arbitrary 32 bit value) Note In order to complete configuration of the VC, an equivalent configuration must be made on the router at the other end of the VC. Example:
OS9000> enable OS9000# configure terminal OS9000(config)# OS9000(config)# mpls l2-circuit Sales_VC 1 192.168.11.10

Binding a VC
The OS9000 provides for binding a VC to an interface or a specific user-defined flow. In both cases an MPLS action-list should be defined. This action-list must then be used with a specific ACL rule that classifies the flow. Next, the ACL must be assigned to an interface or to user-specified ports of an interface. The following example shows how to bind VC vc1 in interface vif4 to port 23.
action-list vc1 mpls-action l2-circuit vc1 vlan tc-action rate single-leaky-bucket cir 1m cbs 50k ebs 10k account packet-counters ! access-list flow vc1 rule 10 action list vc1 ! interface vlan vif4 tag 5 ports 23 access-group vc1 23

Note If a VC is to go through a CR-LDP or RSVP-TE trunk, it should be destined to the same IP destination as the trunk.

Example
Figure 34, below, is a network used to demonstrate configuration of a VC. The network consists of three OS9000s (A, B, and C) interconnected in a triangular topology. The VC is to be established between A and B with the aid of the OS9000s traffic engineering capabilities in the sense that the VC tunnel goes from A to B via C and not through the shortest path, i.e., from A to B via the link directly connecting them).

April 2006

250

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

Figure 34: Network used to Demonstrate VC Configuration The user inputs and system response via the CLI are shown below:
=================================================================================== OS9000

A configuration (OS9024FX-4GC with 28 ports)

=================================================================================== mpls l2-circuit vc1 22 2.2.2.2 ! action-list vc1 mpls-action l2-circuit vc1 vlan ! access-list flow vc1 rule 10 action list vc1 ! interface vlan vif1 tag 2 ip 10.1.4.1/24 ports 25 label-switching ldp rsvp ! interface vlan vif2 tag 3 ip 10.1.7.1/24 ports 26 label-switching ldp rsvp ! interface vlan vif4 tag 6 ports 28 access-group vc1 28 ! interface dummy dummy1 ip 1.1.1.1/32 ! router rsvp ! router ospf ospf router-id 1.1.1.1 passive-interface dummy1 network 1.1.1.1/32 area 0

April 2006

251

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

network 10.1.4.0/24 area 0 network 10.1.7.0/24 area 0 te cspf ! router ldp router-id 1.1.1.1 transport-address 1.1.1.1 0 ! rsvp-trunk t1 primary path p1 from 1.1.1.1 to 2.2.2.2 ! rsvp-path p1 3.3.3.3 loose

Chapter 21:

=================================================================================== OS9000

B configuration (OS9024-M with 24 ports)

=================================================================================== ! version d0949-02-08-05 ! mpls l2-circuit vc1 22 1.1.1.1 ! action-list vc1 mpls-action l2-circuit vc1 vlan ! access-list flow vc1 rule 10 action list vc1 ! interface vlan vif1 tag 2 ip 10.1.4.2/24 ports 2 label-switching ldp rsvp ! interface vlan vif2 tag 4 ip 10.1.5.2/24 ports 1 label-switching ldp rsvp ! interface vlan vif4 tag 5 ports 24 access-group vc1 24 ! interface dummy dummy1 ip 2.2.2.2/32 ! router rsvp ! router ospf ospf router-id 2.2.2.2 passive-interface dummy1 network 2.2.2.2/32 area 0

April 2006

252

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

network 10.1.4.0/24 area 0 network 10.1.5.0/24 area 0 te cspf ! router ldp router-id 2.2.2.2 transport-address 2.2.2.2 0 ! rsvp-trunk tt1 primary path pp1 from 2.2.2.2 to 1.1.1.1 ! rsvp-path pp1 3.3.3.3 loose

Chapter 21:

=================================================================================== OS9000

C configuration (OS9024-M with 24 ports)

=================================================================================== ! version d1851-22-03-06 ! interface vlan vif1 tag 2 ip 10.1.7.3/24 ports 1 label-switching ldp rsvp ! interface vlan vif2 tag 3 ip 10.1.5.3/24 ports 2 label-switching ldp rsvp ! interface dummy dummy1 ip 3.3.3.3/32 ! router rsvp ! router ospf ospf router-id 3.3.3.3 passive-interface dummy1 network 3.3.3.3/32 area 0 network 10.1.5.0/24 area 0 network 10.1.7.0/24 area 0 te cspf ! router ldp router-id 3.3.3.3 transport-address 3.3.3.3 0 mtu 1500 !

MPLS DiffServ
MPLS DiffServ provides the following:

April 2006

253

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

1. Bandwidth reservation for CR-LDP and RSVP-TE trunks. 2. Policing MPLS VPN bandwidth reservation. 3. Support for E-LSPs35. 4. Option to map DSCP bits to MPLS EXP bits. 5. Option to mark MPLS EXP bits to specific value. 6. EXP bits are marked on both Tunnel and VC labels (important for PHP). 7. VC ingress/egress accounting. An important feature of the OS9000 is its ability to provide differentiated service levels to specific flows that use the same Virtual Circuit (VC). By default, the DSCP bits of an ingress frame at an OS9000 LER are mapped to MPLS EXP bits of the MPLS header. To enable marking of the EXP bits of a frame according to the SL of the frame, an Action List must be configured using the TC action remark-by-cl remark-vpt-dscp. By default, when a frame is label switched from one interior OS9000 LSR to another, it receives priority based on the VPT bits value.

MPLS
OptiSwitch OSM
Label Switch Router

OSM

Tunnel OSM

LSR

OSM

LER Label Edge Router OSM Set Tunnel and VC Label EXP to high priority
IP Header Ethernet Header ToS VPT /Data Tunnel label EXP VC label EXP IP Header Ethernet Header /Data IP Header Ethernet Header ToS VPT /Data

Treat according to VC Label EXP

Figure 35: MPLS and QoS Functionality For a frame to receive priority based on the EXP bits value, an Action List must be configured using the TC action remark-by-cl remark-cos. The example below shows the use of the TC actions. Example
OS9000(config)# action-list mark OS9000(config-action-list)# tc-action OS9000(config-tc-action)# remark-by-cl ? <cr> remark-vpt-dscp Enable remarking of DSCP, EXP, UP | Output modifiers OS9000(config-tc-action)# remark-by-cl remark-vpt-dscp <cr> remark-cos Enable remarking of CoS according to EXP | Output modifiers OS9000(config-tc-action)# remark-by-cl remark-vpt-dscp <cr> | Output modifiers OS9000(config-tc-action)# remark-by-cl remark-vpt-dscp OS9000(config-tc-action)#

? or DSCP remark-cos ?

remark-cos

An E-LSP is an LSP on which routers (LER or LSR) provide QoS handling of MPLS packets according to the 3 EXP field in the MPLS header. Since the EXP field is 3 bits long, up to 2 (eight) classes of traffic can be defined. This allows for up to 8 classes of traffic using the same label to be concurrently carried over a single LSP.

35

April 2006

254

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

For additional details on remarking, refer to the section CL Remarking on page 214.

Viewing Commands
MPLS information can be viewed by invoking the following commands:

Counters
To view the MPLS Counters (after proper setting see MPLS Counters, page 260): 1. Enter enable mode. 2. Invoke the command: show mpls counters set1|set2|set3 where, mpls Configure MPLS specific attributes counters Counters groups set1 First MPLS counters set set2 Second MPLS counters set set3 Third MPLS counters set
R2# show mpls counters Mpls counters set1 is active on mpls label/flow_id 640 Rx Bytes Drop Bytes Trap Bytes Invalid Bytes = = = = 4889744 0 0 0 Rx Packets Drop Packets Trap Packets Invalid Packets = = = = 71908 0 0 0

Mpls counters set2 is active on mpls label/flow_id 641 Rx Bytes Drop Bytes Trap Bytes Invalid Bytes = = = = 5460672 0 0 0 Rx Packets Drop Packets Trap Packets Invalid Packets = = = = 80304 0 0 0

Mpls counters set3 isn't defined.

Cross-connect Table
To view the MPLS Cross-connect table: 1. Enter enable mode. 2. Invoke the command: show mpls cross-connect-table where, mpls Configure MPLS specific attributes cross-connect-table MPLS Cross-connect table
R2# show mpls cross-connect-table Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640 Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push Cross connect ix: 2, in intf: vif4010, in label: 1282, out-segment ix: 2 Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 2, owner: LDP VC, out intf: vif2, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 2, op code: Pop for VC Cross connect ix: 3, in intf: vif4010, in label: 1283, out-segment ix: 3 Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up

April 2006

255

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Out-segment with ix: 3, owner: LDP VC, out intf: vif3, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 3, op code: Pop for VC

Chapter 21:

Forwarding Table
To view the MPLS Forwarding table: 1. Enter enable mode. 2. Invoke the command: show mpls forwarding-table where, mpls Configure MPLS specific attributes forwarding-table MPLS Forwarding table
R2# show mpls forwarding-table Codes: > - selected FTN, B - BGP FTN, C - CR-LDP FTN, K - CLI FTN, L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, U - unknown FTN Code R> L L> L> FEC 1.1.1.1/32 1.1.1.1/32 3.3.3.3/32 192.169.1.0/24 Nexthop 192.170.1.3 192.168.1.1 192.170.1.3 192.168.1.1 Out-Label 640 3 3 3 Out-Intf vif4011 vif4010 vif4011 vif4010

FTN Table
To view the MPLS FTN table: 1. Enter enable mode. 2. Invoke the command: show mpls ftn-table where, mpls Configure MPLS specific attributes ftn-table MPLS FEC-To-NHLFE table. The table (stored in LERs) contains maps of Destination IP addresses to MPLS labels for ingress packets.
R2# show mpls ftn-table Primary FTN entry with FEC: 1.1.1.1/32, ix 3, row status: Active Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Resource_id: 30 Description: T1 Cross connect ix: 1, in intf: -, in label: 0, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: vif4011, out label: 640 Nexthop addr: 192.170.1.3, cross connect ix: 1, op code: Push Non-primary FTN entry with FEC: 1.1.1.1/32, ix 1, row status: Active Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Resource_id: 0 Description: N/A Cross connect ix: 1003, in intf: -, in label: 0, out-segment ix: 1003 Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1003, owner: LDP, out intf: vif4010, out label: 3 Nexthop addr: 192.168.1.1, cross connect ix: 1003, op code: Swap Primary FTN entry with FEC: 3.3.3.3/32, ix 4, row status: Active Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Resource_id: 0 Description: N/A Cross connect ix: 1004, in intf: -, in label: 0, out-segment ix: 1004 Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1004, owner: LDP, out intf: vif4011, out label: 3

April 2006

256

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Nexthop addr: 192.170.1.3, cross connect ix: 1004, op code: Swap

Chapter 21:

Primary FTN entry with FEC: 192.169.1.0/24, ix 2, row status: Active Owner: LDP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Resource_id: 0 Description: N/A Cross connect ix: 1003, in intf: -, in label: 0, out-segment ix: 1003 Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1003, owner: LDP, out intf: vif4010, out label: 3 Nexthop addr: 192.168.1.1, cross connect ix: 1003, op code: Swap

ILM Table
To view the MPLS ILM table: 1. Enter enable mode. 2. Invoke the command: show mpls ilm-table where, mpls Configure MPLS specific attributes ilm-table MPLS Incoming Label Map table. The table (stored in LSRs) contains maps of ingress packet MPLS labels to egress packet MPLS labels for LSPs.
R2# show mpls ilm-table In-Label Out-Label In-Intf 640 0 vif4010 641 0 vif4010 642 0 vif4010 643 0 vif4010 644 0 vif4010 645 0 vif4010 646 0 vif4010 647 0 vif4010 648 0 vif4010 Out-Intf vif640 vif641 vif642 vif643 vif644 vif645 vif646 vif647 vif648 Nexthop 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 FEC 0.0.2.128/32 0.0.2.129/32 0.0.2.130/32 0.0.2.131/32 0.0.2.132/32 0.0.2.133/32 0.0.2.134/32 0.0.2.135/32 0.0.2.136/32

In-segment Table
To view the MPLS In-segment table: 1. Enter enable mode. 2. Invoke the command: show mpls in-segment-table where, mpls Configure MPLS specific attributes in-segment-table MPLS In-segment table.
R2# show mpls in-segment-table In-segment entry with in label: 640, in intf: vif4010, row status: Active Owner: LDP VC, # of pops: 1, fec: 0.0.2.128/32 Cross connect ix: 641, in intf: vif4010, in label: 640, out-segment ix: 641 Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 641, owner: LDP VC, out intf: vif640, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 641, op code: Pop for VC In-segment entry with in label: 641, in intf: vif4010, row status: Active Owner: LDP VC, # of pops: 1, fec: 0.0.2.129/32 Cross connect ix: 642, in intf: vif4010, in label: 641, out-segment ix: 642 Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 642, owner: LDP VC, out intf: vif641, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 642, op code: Pop for VC In-segment entry with in label: 642, in intf: vif4010, row status: Active

April 2006

257

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

Owner: LDP VC, # of pops: 1, fec: 0.0.2.130/32 Cross connect ix: 643, in intf: vif4010, in label: 642, out-segment ix: 643 Owner: LDP VC, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 643, owner: LDP VC, out intf: vif642, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 643, op code: Pop for VC

Out-segment Table
To view the MPLS Out-segment table: 1. Enter enable mode. 2. Invoke the command: show mpls out-segment-table where, mpls Configure MPLS specific attributes out-segment-table MPLS Out-segment table.
R2# show mpls out-segment-table Out-segment with ix: 2, owner: LDP VC, out intf: vif2, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 2, op code: Pop for VC Out-segment with ix: 3, owner: LDP VC, out intf: vif3, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 3, op code: Pop for VC Out-segment with ix: 4, owner: LDP VC, out intf: vif4, out label: 0 Nexthop addr: 0.0.0.0, cross connect ix: 4, op code: Pop for VC

L2 Circuits
To view the MPLS Layer 2 Circuit: 1. Enter enable mode. 2. Invoke the command: show mpls l2-circuit where, mpls Configure MPLS specific attributes l2-circuit MPLS Layer-2 Virtual Circuit data.
R2# show mpls l2-circuit MPLS Layer-2 Virtual Circuit: VC2, id: 2 Endpoint: 1.1.1.1 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: vif2, Port 1 Virtual Circuit Type: Ethernet VLAN MPLS Layer-2 Virtual Circuit: VC3, id: 3 Endpoint: 1.1.1.1 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: vif3, Port 1 Virtual Circuit Type: Ethernet VLAN MPLS Layer-2 Virtual Circuit: VC4, id: 4 Endpoint: 1.1.1.1 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: vif4, Port 1 Virtual Circuit Type: Ethernet VLAN

L2 Circuit Groups
To view the MPLS Layer 2 Circuit Group: 1. Enter enable mode.

April 2006

258

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

Chapter 21:

2. Invoke the command: show mpls l2-circuit-group where, mpls Configure MPLS specific attributes l2-circuit-group MPLS Layer-2 Virtual Circuit group data.
R2# show mpls l2-circuit-group MPLS Layer-2 Virtual Circuit Group: 1, id: 1 Virtual Circuits configured: 1. VC1000

LDP Parameters
To view the MPLS LDP information: 1. Enter enable mode. 2. Invoke the command: show mpls ldp where, mpls Configure MPLS specific attributes ldp Label Distribution Protocol (LDP).
R2# show mpls ldp parameter Router ID : 2.2.2.2 LDP Version : 1 Global Merge Capability : N/A Label Advertisement Mode : Downstream Unsolicited Label Retention Mode : Liberal Label Control Mode : Independent Loop Detection : Off Loop Detection Count : 0 Request Retry : Off Propagate Release : Disabled Hello Interval : 5 Targeted Hello Interval : 15 Hold time : 15 Targeted Hold time : 45 Keepalive Interval : 10 Keepalive Timeout : 30 Request retry Timeout : 5 Targeted Hello Receipt : Disabled Transport Address data : Labelspace 0 : 2.2.2.2 (in use) Import BGP routes : No PHP mode : Yes Global MTU : 0 MD5 mode : Off

VC Table
To view the MPLS VC table: 1. Enter enable mode. 2. Invoke the command: show mpls vc-table where, mpls Configure MPLS specific attributes vc-table MPLS Virtual Circuit table.
R2# show mpls vc-table VC-ID In Intf Out Intf 2 vif2 vif4010 Out Label 1280 Nexthop 1.1.1.1 Status Active

April 2006

259

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

3 4 5 6 7 8 9 10 vif3 vif4 vif5 vif6 vif7 vif8 vif9 vif10 vif4010 vif4010 vif4010 vif4010 vif4010 vif4010 vif4010 vif4010 1281 1282 1283 1284 1285 1286 1287 1288 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 Active Active Active Active Active Active Active Active

Chapter 21:

Administrative Groups
To view the MPLS Administrative Groups: 1. Enter enable mode. 2. Invoke the command: show mpls admin-groups where, mpls Configure MPLS specific attributes admin-groups Administrative Groups. Each administrative group is designated (at the local router) by an ID in the range 0-31. The ID represents one or more interfaces. The ID is distributed to all the other routers in the MPLS network if TE is activated (by selecting CR-LDP or RSVP-TE).
R2# show mpls admin-groups Admin group detail: Value of 1 associated with admin group 'G1'

Mapped Routes
To view the MPLS Mapped Routes: 1. Enter enable mode. 2. Invoke the command: show mpls mapped-routes where, mpls Configure MPLS specific attributes mapped-routes Mapped MPLS routes. Shows subnets assigned to each MPLS label. The command can be used to save on MPLS labels.
R2# show mpls mapped-routes Mapped-route IPv4 FEC 192.170.1.3/32 3.3.3.3/32

MPLS Counters
General
Three global MPLS counters are available. Each counter can be set to count in frames and bytes for a specific MPLS label (assigned using the command mpls counters [set1|set2|set3 LABEL_ID ftn|global] described below).

Assignment
To set a global MPLS counter to count for a specific MPLS label: 1. Enter enable mode. 2. Invoke the command: mpls counters [set1|set2|set3 LABEL_ID ftn|global] where, set1 First MPLS counters set

April 2006

260

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS) set2 Second MPLS counters set set3 Third MPLS counters set LABEL_ID MPLS label or flow id ftn FTN ILM-table global Global ILM-table
R2# mpls counters set1 640 global set2 641 global R2#

Chapter 21:

Viewing
To view the reading of a specific MPLS counter, invoke the command: 1. Enter enable mode. 2. Invoke the command show mpls counters set1|set2|set3 where, set1 First MPLS counters set set2 Second MPLS counters set set3 Third MPLS counters set Example
OS9000# show mpls counters set1 Mpls counters set1 is active on mpls label/flow_id 1 Rx Bytes Drop Bytes Trap Bytes Invalid Bytes = = = = 2580 0 0 0 Rx Packets Drop Packets Trap Packets Invalid Packets = = = = 60 0 0 0

To view the reading of all the MPLS counters, invoke the command: show mpls counters Example
OS9000# show mpls counters set1 Mpls counters set1 is active on mpls label/flow_id 1 Rx Bytes Drop Bytes Trap Bytes Invalid Bytes = = = = 2580 0 0 0 Rx Packets Drop Packets Trap Packets Invalid Packets = = = = 60 0 0 0

Mpls counters set2 isn't defined. Mpls counters set3 isn't defined.

Configuration Commands
TTL at Ingress Interface
To set the Time-To-Live (TTL) at an ingress Interface: 1. Enter configure terminal mode. 2. Invoke the command: mpls ingress-ttl <0-255> where, mpls Configure MPLS specific attributes ingress-ttl Specify a TTL value for LSPs for which this LSR is the ingress <0-255> TTL value to be used

April 2006

261

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS)

R2(config)# mpls ingress-ttl 255 R2(config)#

Chapter 21:

TTL at Egress Interface

To set the Time-To-Live (TTL) at an egress Interface: 1. Enter configure terminal mode. 2. Invoke the command: mpls egress-ttl <0-255> where, mpls Configure MPLS specific attributes egress-ttl Specify a TTL value for LSPs for which this LSR is the egress <0-255> TTL value to be used
R2(config)# mpls egress-ttl 255 R2(config)#

MPLS Route Map

To set an IP4 Route Map: 1. Enter configure terminal mode. 2. Invoke the command: mpls map-route A.B.C.D A.B.C.D A.B.C.D where, mpls Configure MPLS specific attributes map-route Map an IPv4 route A.B.C.D IPv4 prefix to be mapped A.B.C.D Mask for IPv4 address to be mapped A.B.C.D IPv4 Forwarding Equivalence Class to which route is to be mapped
R2(config)# mpls map-route 192.170.1.3 192.170.1.0 192.169.1.254 192.169.1.0 R2(config)#

Creating a VC
To set a VC: 1. Enter configure terminal mode. 2. Invoke the command: mpls l2-circuit NAME <1-1000000> A.B.C.D GROUPID where, mpls Configure MPLS specific attributes l2-circuit Specify an MPLS Layer-2 Virtual Circuit NAME Identifying string for MPLS Layer-2 Virtual Circuit <1-1000000> Identifying value for MPLS Layer-2 Virtual Circuit. This value is used by LDP to assign an MPLS label to a packet. A.B.C.D IPv4 Address for end-point for MPLS Layer-2 Virtual Circuit (LDP transport address of target router) GROUPID Group identifier (arbitrary 32 bit value)
R2(config)# mpls l2-circuit VC1000 1000 1.1.1.1 1 R2(config)#

Upper-limit MPLS Labels

To set the maximum value for an MPLS Label:

April 2006

262

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS) 1. Enter configure terminal mode.

Chapter 21:

2. Invoke the command: mpls max-label-value <16-1048575> [LABELSPACE] where, mpls Configure MPLS specific attributes max-label-value Specify a maximum label value <16-1048575> Maximum size to be used for all label pools [LABELSPACE] Label-space for which maximum label value needs to be modified
R2(config)# mpls max-label-value 10000 R2(config)#

Lower-limit MPLS Labels

To set the minimum value for an MPLS Label: 1. Enter configure terminal mode. 2. Invoke the command: mpls min-label-value <16-1048575> [LABELSPACE] where, mpls Configure MPLS specific attributes min-label-value Specify a minimum label value <16-1048575> Minimum size to be used for all label pools LABELSPACE Label-space for which minimum label value needs to be modified
R2(config)# mpls min-label-value 100 R2(config)#

Creating LDP Path

To set an LDP path: 1. Enter configure terminal mode. 2. Invoke the command: ldp-path PATHNAME where, PATHNAME Name to be used for path
R2(config)# ldp-path P1 R2(config-path)#

Creating LDP Trunk (Group)

To set an LDP trunk: 1. Enter configure terminal mode. 2. Invoke the command: ldp-trunk TRUNKNAME TRUNKNAME Name to be used for trunk
R2(config)# ldp-trunk T1 R2(config-trunk)#

Creating RSVP Path

To set an RSVP path: 1. Enter configure terminal mode. 2. Invoke the command:

April 2006

263

ML48261, Rev. 02 MultiProtocol Label Switching (MPLS) rsvp-path PATHNAME where, PATHNAME Name to be used for path
R2(config)# rsvp-path P1 R2(config-path)#

Chapter 21:

Creating RSVP Trunk (Group)

To set an RSVP trunk: 1. Enter configure terminal mode. 2. Invoke the command: rsvp-trunk TRUNKNAME TRUNKNAME Name to be used for trunk
R2(config)# rsvp-trunk T1 R2(config-trunk)#

Activating MPLS
To activate MPLS, select a routing protocol as follows: 1. Enter configure terminal mode. 2. Invoke the command: router ldp|rsvp
R2(config)# router ldp R2(config-router)# R2(config)# router rsvp R2(config-router)#

Defining Administrative Group

To set an Administrative Group: 1. Enter configure terminal mode. 2. Invoke the command: mpls admin-group NAME <0-31> where, mpls Configure MPLS specific attributes admin-group Add a new Administrative Group NAME Name of administrative group to be added <0-31> Value of administrative group to be added
R2(config)# mpls admin-group G2 2 R2(config)#

April 2006

264

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

Chapter 22:

Authentication, Authorization, and Accounting (AAA)

General
Multiple administrators can access the management interfaces of the OS9000. The best way to manage access (especially remote access) is to have a single database of administrators and a service mechanism that can perform the following functions with this database:

Authentication: Identification of requester profile [username, password, application port36, and privilege level] on a per-request basis. Authorization: Permission/denial of access subject to authentication success/failure.

Accounting: Reporting of information on requesters (identities, number of access attempts per requester, start and stop times, executed commands, etc.) RADIUS, a UDP-based client-server security service, is such a service mechanism.

Principles of Operation
When an attempt is made to access the OS9000 while RADIUS is enabled, the request together with the encrypted password of the requester is sent to the RADIUS authentication server, which checks the requesters authenticity. The OS9000 acts as a Network Access Server (NAS) for requesters, and therefore functions as a RADIUS client. The OS9000 is responsible for passing requester information (e.g. username, password, etc.) and then, based on the RADIUS server response, allows/prevents the requester from logging onto the OS9000. The RADIUS server, on the other hand, is responsible for receiving requester connection requests, authenticating or disqualifying the requester, and sending the permit or deny response to the client OS9000. Transactions between the OS9000 and the RADIUS server are authenticated by shared secrets, which are never sent over the network. In addition, every administrator password is encrypted before it is sent between the OS9000 and the RADIUS server in order to prevent deciphering. The RADIUS server can also provide accounting of requester commands and of changes in authorization level. This information is recorded in a special log file that enables a supervisor to view the activities of all the administrators. Accounting can include logging of commands or logging of transitions from one mode to another. There are many RADIUS servers available on the market with differing methods for their configuration. Accordingly, documentation specifically suited to the server must be used.

Configuring the RADIUS Server Host

To configure a RADIUS Server host37 to communicate with an OS9000, do the following: 1. At the RADIUS Server host, configure the OS9000 as a NAS.

36 37

protocol or service

The RADIUS server host may be the RADIUS server itself or a device via which the OS9000 communicates with the RADIUS server.

April 2005

265

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

2. Set up shared secrets. In particular, enter the same encryption/decryption key on the RADIUS Server host as that (or to be) entered on the OS9000. 3. If RADIUS is to mediate when an attempt is made to access the OS9000 at login mode, log the username & associated password of each administrator. If RADIUS is to be applied when an attempt is made to access the OS9000 at enable mode, log a username and password for enable mode. If RADIUS is to mediate when an attempt is made to access the OS9000 at debug mode, log a username and password for debug mode.

Configuring the OS9000

General
To configure an OS9000 to communicate with a RADIUS Server host, the following need to be done: 1. Setting Authentication Criteria This includes: a. RADIUS-server host. This can be the IP address or the name on the DNS that can be accessed by the OS9000. b. Encryption/decryption key global or per server. This is a text of the shared encryption key between the OS9000 and the RADIUS server host. c. Timeout (optional) Global or per server. This is the time the OS9000 waits for a response from the RADIUS server host. d. Application port (optional) Per server. This is the protocol or service used by the OS9000 to access the RADIUS server. e. If RADIUS is to be applied when an attempt is made to access the OS9000 at enable mode, the username and password that are configured for enable mode on the server. If RADIUS is to be applied when an attempt is made to access the OS9000 at debug mode, the username and password that are configured for debug mode on the server. On the OS9000, only one username can be defined for enable mode and only one username can be defined debug mode. Each of these usernames is generic, meaning that, administrators with different login usernames can access these modes. This is so because the OS9000 sends the generic username and not the login username to the Authentication Server. 2. Setting Authentication Modes and Sources The authentication modes are: login, enable, or debug. The authentication sources are: OS9000 only, RADIUS Server host, or both. 3. Activating Accounting 4. Viewing Accounting

Setting Authentication Criteria

To set the authentication criteria: 1. Enter configure terminal mode. 2. To set authentication criteria for specific RADIUS Server hosts, invoke any one of the following commands: a. This command is used to specify the RADIUS Server IP address or DNS name. The default encryption/decryption key is testing123. The default timeout is 3 seconds. The default application port is 1812. radius-server host <A.B.C.D|HOSTNAME> where,

April 2006

266

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

A.B.C.D IP address of the RADIUS server host HOSTNAME Name of RADIUS server on the DNS that can be accessed by the OS9000. b. This command is used to specify the RADIUS Server IP address or DNS name and encryption/decryption key. The default timeout is 3 seconds. The default application port is 1812. radius-server host <A.B.C.D|HOSTNAME> key LINE where, A.B.C.D IP address of the RADIUS server host HOSTNAME Name of RADIUS server on the DNS that can be accessed by the OS9000. LINE Text of shared encryption key between the OS9000 and the RADIUS server. Any alphanumeric unbroken string may be entered. The default encryption/decryption key is testing123. c. This command is used to specify the RADIUS Server IP address or DNS name, encryption/decryption key, and timeout. The default application port is 1812. radius-server host <A.B.C.D|HOSTNAME> key LINE timeout NUMBER where, A.B.C.D IP address of the RADIUS server host HOSTNAME Name of RADIUS server on the DNS that can be accessed by the OS9000. LINE Text of shared encryption key between the OS9000 and the RADIUS server. Any alphanumeric unbroken string may be entered. The default encryption/decryption key is testing123. NUMBER Timeout time, i.e., the time (in seconds) the OS9000 waits for a response from the RADIUS server host. If the host gives a negative response or if it does not a respond within this time, access to the OS9000 is denied. The default timeout is 3 seconds. d. This command is used to specify the RADIUS Server IP address or DNS name and timeout. The default encryption/decryption key is testing123. The default application port is 1812. radius-server host <A.B.C.D|HOSTNAME> timeout NUMBER where, A.B.C.D IP address of the RADIUS server host HOSTNAME Name of RADIUS server on the DNS that can be accessed by the OS9000. NUMBER Timeout time, i.e., the time (in seconds) the OS9000 waits for a response from the RADIUS server host. If the host gives a negative response or if it does not a respond within this time, access to the OS9000 is denied. The default timeout is 3 seconds. e. This command is used to specify the RADIUS Server IP address or DNS name and application port. The default timeout is 3 seconds. The default encryption/decryption key is testing123. radius-server host <A.B.C.D|HOSTNAME> port PORT where, A.B.C.D Name of RADIUS server on the DNS that can be accessed by the OS9000. PORT Application port (protocol or service) to be authenticated. The default application port is 1812. To display the port numbers and associated services, enter linux mode (by first entering enable mode and then typing linux), type /etc/services.

April 2006

267

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

3. To enable RADIUS to permit access to the OS9000 enable mode by an authorized requester, invoke the command: radius-server enable user NAME where, enable Set the OS9000 to request authentication from the RADIUS server when an attempt is made to access the OS9000 enable mode. NAME Username. This username must be the same as that on the RADIUS Server host. When an attempt is made to access the OS9000 at enable mode, the OS9000 sends this username to the RADIUS Server host. The RADIUS Server host finds the associated password, which it sends to the OS9000. The OS9000 then prompts the requester to enter a password. Only if the passwords match, access is granted. On the OS9000, only one username can be defined for enable mode. This means that the same username must be configured on all RADIUS Server hosts if they are to provide their service to the OS9000. This username is generic, meaning that, administrators with different login usernames can access this mode. This is so because the OS9000 sends the generic username and not the login username to the RADIUS Server host. Note Invocation of the command radius-server enable user NAME is a prerequisite for the RADIUS-involving commands in step 3, page 269. 4. To enable RADIUS to permit access to the OS9000 debug mode by an authorized requester, invoke the command: radius-server debug user NAME where, debug Set the OS9000 to request authentication from the RADIUS server when an attempt is made to access the OS9000 at debug mode. NAME Username. This username must be the same as that on the RADIUS Server host. When an attempt is made to access the OS9000 at debug mode, the OS9000 sends this username to the RADIUS Server host. The RADIUS Server host finds the associated password, which it sends to the OS9000. The OS9000 then prompts the requester to enter a password. Only if both the username and password match, access is granted. On the OS9000, only one username can be defined for debug mode. This means that the same username must be configured on all RADIUS Server hosts if they are to provide their service to the OS9000. This username is generic, meaning that, administrators with different login usernames can access this mode. This is so because the OS9000 sends the generic username and not the login username to the RADIUS Server host. Note Invocation of the command radius-server debug user NAME is a prerequisite for a RADIUS-involving command in step 5, page 271. 5. To set a common key for all RADIUS Server hosts, invoke the command: radius-server key LINE where, LINE Text of shared encryption key between the OS9000 and any RADIUS server. Any alphanumeric unbroken string may be entered. The default encryption/decryption key is testing123. April 2006 268

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

6. To set a common timeout for all RADIUS Server hosts, invoke the command: radius-server timeout NUMBER where, NUMBER Timeout time, i.e., the time (in seconds) the OS9000 waits for a response from the RADIUS server host. If the host gives a negative response or if it does not a respond within this time, access to the OS9000 is denied. The default timeout is 3 seconds.

Setting Authentication Modes and Sources

The authentication modes are: login, enable, and debug. The authentication sources are: OS9000 and RADIUS Server host. For each mode (login, enable, or debug), any one of the following authentication options can be selected: local Perform authentication locally and without RADIUS Server mediation, i.e., using only the login username and password stored in the OS9000s memory.

radius local Perform authentication with RADIUS server host first. If no response is received from the RADIUS Server within the timeout time, perform authentication using only the login username and password stored in the OS9000s memory. radius Perform authentication with RADIUS server host. (Access to the OS9000 is denied if the server gives a negative response or if no response is received from the RADIUS server within the timeout time.) none Prevent login. To set the authentication modes and sources: 1. Enter configure terminal mode. 2. Enter aaa mode. 3. To cause the OS9000 to try to get a permit or deny response from a RADIUS server host first when an attempt is made to access the OS9000 at login mode, and, if no response is received within the timeout time, perform authentication using the login username and password stored only in the OS9000s memory, invoke the command: authentication login default radius local To cause the OS9000 to try to get a permit or deny response from a RADIUS server host when an attempt is made to access the OS9000 at login mode, and, if no response is received within the timeout time, deny access, invoke the command: authentication login default radius

April 2006

269

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

WARNING! Before selecting the argument radius, ensure that the RADIUS Server host is operational and that at least the following parameters are set correctly on the OS9000: RADIUS server host IP address, server UDP authentication port number, and encryption/decryption key. You can make sure using the following safe method: Open a CLI session38 and a TELNET session. In the TELNET session, enter the mode configure terminal, and invoke the command authentication login default radius. Now close the TELNET session and then attempt to reopen another. This way, if the attempt fails (possibly because of an incorrect RADIUS parameter setting) access to the CLI agent is retained (via the CLI session) and any RADIUS parameter setting can be corrected in the CLI session. To cause the OS9000 to perform authentication using the login username and password stored only in the OS9000s memory, when an attempt is made to access the OS9000 at login mode, invoke the command: authentication login default local To cause the OS9000 to prevent login, invoke the command: authentication login default none WARNING! Invoking the command authentication login default none will lock the OS9000, preventing any access to it. 4. To cause the OS9000 to try to get a permit or deny response from a RADIUS server host first when an attempt is made to access the OS9000 at enable mode, and, if no response is received within the timeout time, perform authentication using the enable password stored only in the OS9000s memory, invoke the command: authentication enable default radius local To cause the OS9000 to try to get a permit or deny response from a RADIUS server host when an attempt is made to access the OS9000 at enable mode, and, if no response is received within the timeout time, deny access, invoke the command: authentication enable default radius WARNING! Before selecting the argument radius, ensure that the RADIUS Server host is operational and that at least the following parameters are set correctly on the OS9000: RADIUS server host IP address, server UDP authentication port number, and encryption/decryption key. You can make sure using the following safe method: Open a CLI session and a TELNET session. In the TELNET session, enter the mode configure terminal, and invoke the command authentication enable default radius. Now close the TELNET session and then attempt to reopen another. This way, if the attempt fails (possibly because of an incorrect RADIUS parameter setting) access to the CLI agent is retained (via the CLI session) and any RADIUS parameter setting can be corrected in the CLI session. To cause the OS9000 to perform authentication using the enable password stored only in the OS9000s memory, when an attempt is made to access the OS9000 at enable mode, invoke the command: authentication enable default local To cause the OS9000 to prevent login, invoke the command:
38

Using a serial/RS-232 connection.

April 2006

270

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA) authentication enable default none

Chapter 22:

WARNING! Invoking the command authentication enable default none will allow access to the OS9000 without the need for entering the enable mode password. 5. To cause the OS9000 to try to get a permit or deny response from a RADIUS server host first when an attempt is made to access the OS9000 at debug mode, and, if no response is received within the timeout time, perform authentication using the debug password stored only in the OS9000s memory, invoke the command: authentication debug default radius local To cause the OS9000 to try to get a permit or deny response from a RADIUS server host when an attempt is made to access the OS9000 at debug mode, and, if no response is received within the timeout time, deny access, invoke the command: authentication debug default radius WARNING! Before selecting the argument radius, ensure that the RADIUS Server host is operational and that at least the following parameters are set correctly on the OS9000: RADIUS server host IP address, server UDP authentication port number, and encryption/decryption key. You can make sure using the following safe method: Open a CLI session and a TELNET session. In the TELNET session, enter the mode configure terminal, and invoke the command authentication debug default radius. Now close the TELNET session and then attempt to reopen another. This way, if the attempt fails (possibly because of an incorrect RADIUS parameter setting) access to the CLI agent is retained (via the CLI session) and any RADIUS parameter setting can be corrected in the CLI session. To cause the OS9000 to perform authentication using the debug password stored only in the OS9000s memory, when an attempt is made to access the OS9000 at debug mode, invoke the command: authentication debug default local To cause the OS9000 to prevent login, invoke the command: authentication debug default none WARNING! Invoking the command authentication debug default none will allow access to the OS9000 without the need for entering the debug mode password. 6. To save the RADIUS configuration in permanent memory, invoke the command write file or write memory.

Activating Accounting
To activate accounting: 1. Enter configure terminal mode. 2. Enter aaa mode. 3. Invoke the command: accounting exec radius

Viewing Accounting
1. To view RADIUS accounting: 2. Enter the enable mode. April 2006 271

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA) Invoke the command show syslog.

Chapter 22:

April 2006

272

ML48261, Rev. 02 Authentication, Authorization, and Accounting (AAA)

Chapter 22:

Configuration Example
For convenience, the parts of the configuration example are headed with a number (1, 2, etc.). The description of each part is given below: 1. Setting of host criteria: IP address, key, timeout. 2. Setting of application port (protocol or service) that will be common to all hosts. 3. Setting the OS9000 to request authentication from the RADIUS server when an attempt is made to access the OS9000 enable mode and debug mode. 4. Setting the authentication sources for login, enable, debug mode. 5. Activating accounting. 6. Displaying configuration. 7. Saving configuration in permanent memory.
MRV OptiSwitch 9000 version d0907-21-07-05 OS9000 login: admin Password: OS9000> enable OS9000# configure terminal 1. OS9000(config)# radius-server host 193.85.1.67 key testing6789 timeout 5 2. OS9000(config)# radius-server host 193.85.1.67 port 3444 3. OS9000(config)# radius-server enable user TigerEnable OS9000(config)# radius-server debug user TigerDebug 4. OS9000(config-aaa)# authentication login default radius local OS9000(config-aaa)# authentication enable default local OS9000(config-aaa)# authentication debug default radius 5. OS9000(config-aaa)# accounting exec radius 6. OS9000(config-aaa)# write terminal Building configuration... Current configuration: ! version d0907-21-07-05 ! radius-server enable user TigerEnable radius-server debug user TigerDebug radius-server host 193.85.1.67 port 3444 radius-server host 193.85.1.67 key testing6789 timeout 5 ! aaa authentication login default radius local authentication enable default local authentication debug default radius accounting exec radius 7. OS9000(config-aaa)# write file

April 2006

273

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 23:

Network Time Protocol (NTP) and Timezone

General
Network Time Protocol (NTP) is an Internet standard protocol (built on top of TCP/IP) for synchronizing clocks of network devices (PCs, routers, switches, etc.) to Standard Time (ST). ST is a combination of Universal Time (UT), zonetime, and summertime. UT is the time for points located at longitude zero on the Earth (e.g., Greenwich). It is usually based on UTC39. UT can be accessed from any of a large number of NTP servers available on the Internet or GPS, for e.g., MRVs NTP server. Zonetime is the number of hours offset from UT. It depends on the zone (geographical location) in which the device is located. Summertime is an integral number of hours offset from the zonetime. It depends on whether it is currently in force for the country/zone. Coded zonetime merged with summertime can be accessed from MRVs FTP server. NTP runs in the background as a continuous client program sending periodic requests to the UT server for timestamps, which it uses to adjust the OS9000s system clock. The NTP versions (1, 2, or 3) running on the OS9000 are based on RFC 1305. Version 3 is accurate to the millisecond.

Configuration
To configure the OS9000 to run NTP, do the following: 1. Enter configure terminal mode. 2. Get the Zonetime and summertime information by invoking the command: clock timezone ftp FTP-SERVER REMOTE-DIR REMOTE-FILENAME [USERNAME] [PASSWORD] where, clock Clock timezone Time zone. ftp FTP. FTP-SERVER IP address or DNS name of the zonetime NTP server (e.g., MRVs FTP server). REMOTE-DIR Name of the directory containing the file that contains the zone information. REMOTE-FILENAME Name of the file containing the zone information. [USERNAME] (optional) Username that will be requested when attempting to access the NTP server on reentry to configure terminal mode. [PASSWORD] (optional) Password that will be requested when attempting to access the NTP server on reentry to configure terminal mode. As a result, a binary file with filename localtime is created containing zonetime and summertime information. The file is located in the directory /etc.
39

UTC is a time scale that couples GMT, which is based solely on the Earth's varying rotation rate, with the time of highly accurate atomic clocks.

April 2005

274

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Below, is an example showing the administrator inputs (in bold) for obtaining a zonetime information.
OS9000(config)# clock timezone ftp 194.90.136.190 ./File Tiger MyPassWord OS9000(config)#

3. Enter ntp mode. 4. Set the OS9000 to operate in either of the following modes: Client Mode In this mode, the OS9000 can be synchronized to the remote NTP server but not vice versa. To set the OS9000 to operate in client mode with a remote NTP server, invoke the command: server IPADDR [key KEYNUM] [version VERNUM] [prefer] where, IPADDR IP address of the remote NTP server that is to provide UT timestamps to the OS9000. key Authentication key. KEYNUM Code number with which authentication fields of each packet sent to a remote NTP server are to be encrypted. (This number must match the code number configured on the NTP server.) version NTP version. VERNUM NTP Version number to be used with outgoing NTP packets. Valid numbers are 1 to 3. prefer Mark the remote NTP server as the preferred source. Below, is an example showing the administrator inputs (in bold) for obtaining a UT timestamp.
OS9000(config-ntp)# server 194.90.136.183 key 213213587 version 3 prefer OS9000(config-ntp)#

Peer Mode In this mode, the OS9000 can be synchronized to the NTP server or vice versa. The OS9000 operates in symmetric active mode with the remote NTP server. To set the OS9000 to operate in peer mode with a remote NTP server, invoke the command: peer IPADDR [key KEYNUM] [version VERNUM] [prefer] where, IPADDR IP address of the remote NTP server that is to provide UT timestamps to the OS9000 or vice versa. key Authentication key. KEYNUM Code number with which authentication fields of each packet sent to a remote NTP server are to be encrypted. (This number must match the code number configured on the NTP server.) version NTP version. VERNUM NTP Version number to be used with outgoing NTP packets. Valid numbers are 1 to 3. prefer Mark the remote NTP server as the preferred source. 5. (Optional) Include additional remote NTP servers by repeating step 4, above. 6. (Optional) Enable the NTP authentication feature of the OS9000 by invoking the command: authenticate 7. (Optional) Define an authentication key by invoking the command: authentication-key KEYNUM md5 KEYVALUE where,

April 2006

275

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

KEYNUM Code number for accessing the remote NTP server in order to synchronize with it. (This number must match the code number configured on the remote NTP server.) md5 Message Digest 5 encryption code/algorithm. KEYVALUE Authentication key value. 8. (Optional) Specify an encryption key that is trusted for the purpose of authenticating peers suitable for synchronization by invoking the command: trusted-key KEYNUM where, KEYNUM Code number to be used with the NTP xntpc query/control program that diagnoses and fixes problems that affect the xntpd daemon operation. (This number must match the code number configured on the remote NTP server.) 9. Run NTP by invoking the command: enable

Viewing
NTP Status
To view the status of the NTP on the OS9000, invoke the command: show ntp status There are three possible statuses: 1. ntp status = disable. This means that NTP is not running. 2. ntp status = enable but not running. This means that the OS9000 cannot access the NTP server. In such case, there is no need to re-invoke the command enable (in step 9, above) since the OS9000 will attempt to connect to the NTP server about once every minute. 3. ntp status = enable and running. This means that the OS9000 cannot access the NTP server and NTP is running. Below, are three examples, one for each status. The administrator inputs are marked bold. The line applicable to the status is marked red. Example 1
OS9000(config-ntp)# show ntp status The answer may take some seconds. NTP STATUS: SERVERS: server=194.90.136.183 PEERS: peers are not defined BROADCAST SERVER: broadcast is disable BROADCAST CLIENT: broadcast client is disable AUTHENTICATE: authentication parameters are not defined MISCELANIOUS: broadcast delay is not defined NTP ACTIVE MODE: ntp status = disable OS9000(config-ntp)#

Example 2
OS9000(config-ntp)# show ntp status The answer may take some seconds. NTP STATUS:

April 2006

276

ML48261, Rev. 02 Network Time Protocol (NTP)

SERVERS: server=194.90.136.254 PEERS: peers are not defined BROADCAST SERVER: broadcast is disable BROADCAST CLIENT: broadcast client is disable AUTHENTICATE: authentication parameters are not defined MISCELANIOUS: broadcast delay is not defined NTP ACTIVE MODE: ntp status = enable but not running (no defined servers are accessible). OS9000(config-ntp)#

Chapter 23:

Example 3
OS9000(config-ntp)# show ntp status The answer may take some seconds. NTP STATUS: SERVERS: server=194.90.136.183 PEERS: peers are not defined BROADCAST SERVER: broadcast is disable BROADCAST CLIENT: broadcast client is disable AUTHENTICATE: authentication parameters are not defined MISCELANIOUS: broadcast delay is not defined NTP ACTIVE MODE: ntp status = enable and running. OS9000(config-ntp)#

NTP Associations
To view the NTP associations, invoke the command: show ntp associations If the OS9000 cannot access an NTP server, the message ntpq: read: Connection refused is displayed. If the OS9000 is connected to an NTP server, the NTP associations are displayed as shown in the example below:
OS9000(config-ntp)# show ntp associations remote refid st t when poll reach delay offset jitter =============================================================================== 194.90.136.183 128.139.6.30 2 u 7 64 7 0.634 385.097 37.608 OS9000(config-ntp)#

NTP associations are displayed with variables and indicators, as shown in the example above. Variables remote (peer) IP address of peer. refid (reference clock) IP address of the server from which the NTP server obtained its timestamp (for the OS9000). st (Peers stratum) The downstream order of the peer. The stratum of the primary peer (source) is 1. Accordingly, if a peer stratum is 2, it means that it receives directly from the

April 2006

277

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

primary peer. If a peer stratum is 3, it means that it receives from the peer whose stratum is 2. t Time scale. (The value u designates UTC scale) when Time since last NTP packet received from peer. poll Polling interval (seconds) reach Peer reachability (bit string, octal) delay Round-trip delay to peer (milliseconds) offset Relative time of peers clock to local time (milliseconds) jitter Short-time variation in frequency with components greater than 10 Hz Indicators Following are indicators and a * (if present) Synchronized to this peer (NTP server). # (if present) Almost synchronized to this peer. + (if present) Peer selected for possible synchronization. - (if present) Peer is a candidate for selection. ~ (if present) Peer is statically configured.

Time and Date

To display the time, invoke the command: show time (or do show time if not in enable mode). To display the date, invoke the command: show date (or do show date if not in enable mode).

April 2006

278

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 24:

IGMP IP Multicast
Terminology
Message sent by an OS9000 to learn which groups have members on an attached network. Group-specific Query: Message sent by an OS9000 to learn if a particular group has members on an attached network. Membership Report: Message sent by a client (e.g., switch): Requesting to join a multicast group, or In response to a query (general or group-specific). Leave: Message sent when a client attempts to terminate the service provided. Querier Port State: The capability of an OS9000 port to assume either of the following values: Querier Port Sends queries. Non-Querier Port Does not send queries. A value of a querier port state can be changed in dynamic mode (default mode) or static mode. In dynamic mode, the value is assigned to the querier port state according to the rules stated in RFC 2236. In this mode, the default value of querier port state is Querier Port. In static mode, the value is assigned to the querier port state by the user with the aid of a CLI command. Server Port State: The capability of an OS9000 port to assume either of the following values: Server Port Sends membership reports. Non-Server Port Does not send membership reports. A value of a server port state can be changed in dynamic mode (default mode) or static mode. In dynamic mode, the value assigned to the Server Port state depends on the: 1) Result of the comparison between the OS9000s IP address and its neighbor. 2) Value of the querier port state (Querier Port or NonQuerier Port) of the OS9000 port. In this mode, the default value of server port state is Non-Server Port. In static mode, the value is assigned to the server port state by the user with the aid of a CLI command. General Query:

Definition
IGMP IP Multicast is the direction of selective IP multicast traffic (data, video, voice, etc.) to ports belonging to a particular IP Multicast group.

Compliance
IGMP IP Multicast implementation in the OS9000 complies IGMPv2 (IETC RFC 2236).

April 2005

279

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Purpose
IGMP IP Multicast has the following purposes: Selective Homing: Direction of selective IP traffic to intended clients only! This has the following two advantages over the broadcast mode:

IP traffic does not reach unintended clients. This is useful in respect to

discretion, billing, security, etc.

It does not load ports that are not required to receive the IP traffic.
Minimal Loading: Forwarding of only a single copy of the IP traffic over the network! This has the following advantage over unicast mode: It does not send multiple copies of the IP traffic over the network to multiple clients belonging to the same multicast group; just one copy. This considerably reduces traffic load on the network. Thus a network could continue to function properly even for a large number of such groups.

Applications
IP Multicast provides the most network bandwidth efficient means of source-to-destination trafficking in one-to-many and many-to-many applications, such as for example Multimedia (streaming media, remote education, audio/video conferencing, etc.) Figure 36 is an example of an application of IP Multicast.

April 2006

280

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Figure 36: IP Multicast Application Example

Functions
The OS9000 uses the IGMP Snooping and Proxy functions for IP multicast. IGMPv2 is superior to IGMPv1 because it allows termination of group membership to be immediately reported by the IGMP protocol. This capability is important for large-bandwidth multicast groups and subnets with highly volatile group membership. IGMP Snooping: The OS9000 uses the IGMP Snooping function to examine IGMP packets (e.g., query and report) to learn dynamically about multicast group membership and to make forwarding decisions accordingly. The OS9000 features a new level of efficient IP Multicast support by examining all IGMP traffic in hardware at wire speed, and eliminating unwanted data streams so that they cannot impact network or endstation performance. IGMP Proxy: The IGMP proxy function is used by the OS9000 to identify members of a multicast group on a per-port basis, send query messages, and sense report (join) and leave messages by which clients can join and leave multicast groups. IGMP Proxy has the functionality of IGMP querier interfaces (ports) as well as client interfaces. IGMP Proxy performs the router part of the IGMP protocol on its client April 2006 281

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

interfaces, and the client part of the IGMP protocol on its querier interface. On receiving IP multicast data on a querier or client interface, the OS9000 forwards the data only to client interfaces that are members of the specific multicast group. The OS9000 forwards IGMP report and leave messages received from client interfaces to the querier interfaces.

Principle of Operation
Port States
The setting of states to OS9000 ports by IGMP (when all the ports of OS9000 A and OS9000 B are set in dynamic mode) is described with the aid of the sample network in Figure 37, below. This network was chosen for its simplicity in order to facilitate explanation of the state setting principle.

Figure 37: IP Multicast Principle-of-Operation Network Example Query When IGMP is enabled, all the ports of the OS9000 are initially set as querier ports. When a neighbor OS9000 receives a query from any of these ports, the neighbor compares the IP address in the query with its own. If its own IP address is lower, the port at which it received the query remains as a querier port. If its own IP address is higher, the port at which it received the query becomes a non-querier port, i.e., it will not send query packets. According to Figure 37, Port 12 remains a querier port because the Multicast Server does not send queries and therefore IP addresses are not compared. When Port 9 receives a query from Port 5 it remains as a querier port because the IP address of OS9000 A is lower than the IP address of OS9000 B. When Port 5 receives a query from Port 9 it changes its state from a querier port into a non-querier port because the IP address of OS9000 B is higher than the IP address of OS9000 A. Since ports 1, 6, and 8 are connected to clients, they will not receive queries and, therefore, will continue to remain as querier ports. Server When IGMP is enabled, all the ports of the OS9000 are initially set as Non-Server Ports. In dynamic mode, when a port whose server port state is:

April 2006

282

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Non-Server Port changes its querier port state from Querier Port to Non-Querier Port, the port will change its server port state from Non-Server Port to Server Port.

Server Port changes its querier port state from Non-Querier Port to Querier Port, the port will change its server port state from Server Port to Non-Server Port. According to Figure 37, when Port 5 (after it has changed to Non-Querier Port) receives a query from Port 9, it changes its server port state to Server Port. Summary: Ports that transmit queries in the direction of multicast clients will become querier ports. Ports that respond to a query with a report message sent in the direction of multicast servers will become server ports. For Figure 37, Ports 1, 6, 8, 9, and 12 become querier ports; Port 5 becomes a server port.

Leave Modes
The OS9000 can be configured to respond to a client requesting to leave a multicast group in either of the following modes:

Regular (per the standard) Fast

Regular In regular leave mode, when an OS9000 receives a leave message from a client, it sends a group-specific query to the client and waits until the end of the standard response time. If no report is received from this client during this wait, the specific client is removed from the multicast group. If a report is received from this client during this wait, the client is retained in the multicast group. This mode may delay a client by a few seconds from joining another multicast group. Fast In fast leave mode, unlike in regular leave mode, a client can switch to another multicast group immediately. The OS9000 sends the group-specific query afterward. Fast leave mode is the default mode.

Rules
1. If dynamic mode (i.e., IGMP mode of registration) is selected for querier port state and server port state, mediation devices (e.g., OS9000s) in any path from a multicast server to a multicast client must have progressively higher IP addresses. 2. In static mode:

Ports that are to direct traffic to multicast clients must be configured as

query and non-server ports. non-querier ports. IGMP does this automatically in dynamic mode (default mode) of the OS9000. For each port, either both querier port state and server port state must be set to dynamic mode or both must be set to static state. no aging of a port of a Multicast group can be selected only for fast-leave mode (and not for regular). If IGMP is disabled (using the command no enable in igmp mode), static multicast entries can be viewed using the command write terminal or show running-config in enable mode. The multicast group IP address must be in the range 224.0.0.0 to 239.255.255.255. To distinguish between two multicast groups, their two IP addresses must differ from each other in their 23 LSBs.

Ports that are to direct reports to servers must be configured as server and

3. 4. 5.

6. 7.

April 2006

283

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

8. A static multicast group can be created (using the command mc-group address) if all of the following conditions are met:

An interface with a tag matching the tag of the multicast group (to be
created) exists.

An IP address is assigned to this interface. IGMP is enabled on this interface.

9. A single or a range of multicast groups is automatically deleted if any of the following occurs:

An interface with a tag matching the tag of the multicast group created
(using the command mc-group address) is deleted.

The IP address of the interface is deleted. IGMP is disabled on the interface

10. Multicast groups must not overlap. 11. For a client to be able to receive traffic addressed to a multicast group, the client needs to use an IP multicast support application that implements IGMP on networks that support IGMP. (Such networks effectively eliminate multicast traffic on segments that are not destined to receive this traffic.) 12. For a client to receive traffic addressed to a multicast group, it must be a member of the group. 13. Traffic is sent to clients that joined the multicast group so long as there is at least one member that has not requested to leave the group.

Usage
Entering IGMP Mode
To enter the mode in which the OS9000 can be configured for IGMP multicast operation: 1. Enter configure terminal mode. 2. Invoke the command igmp. Example
MRV OptiSwitch 9024 version d0733-08-01-06 OS9000 login: admin Password: ****** OS9000> enable OS9000# configure terminal OS9000(config)# igmp OS9000(config-igmp)#

Enabling IGMP Multicast

To enable IGMP Multicast: 1. Enter igmp mode. 2. Invoke the command enable. Example
OS9000# configure terminal OS9000(config)# igmp OS9000(config-igmp)# enable OS9000(config-igmp)#

Disabling IGMP Multicast

By default, IGMP Multicast is disabled (for all interfaces). To disable IGMP Multicast (for all interfaces): April 2006 284

ML48261, Rev. 02 Network Time Protocol (NTP) 1. Enter igmp mode. 2. Invoke the command no enable. Example
OS9000# configure terminal OS9000(config)# igmp OS9000(config-igmp)# no enable OS9000(config-igmp)#

Chapter 23:

Enabling IGMP Multicast for an Interface

To enable IGMP Multicast for a specific interface: 1. Enter the mode of the interface for which IGMP Multicast is to be enabled. 2. Invoke the command igmp-enable. Example
OS9000(config)# interface vif7 OS9000(config-vif7)# igmp-enable OS9000(config-vif7)#

Note The command igmp-enable can enable IGMP Multicast for an interface provided IGMP is globally enabled as described the section IGMP Multicast, page 284.

Disabling IGMP Multicast for an Interface

By default, IGMP Multicast is disabled for an interface. To disable IGMP Multicast for a specific interface: 1. Enter the mode of the interface for which IGMP Multicast is to be disabled. 2. Invoke the command no igmp-enable. Example
OS9000(config)# interface vif7 OS9000(config-vif7)# no igmp-enable OS9000(config-vif7)#

Changing Query Interval

The query interval is the wait period (in seconds) between queries sent by a querier. By default, the query interval is 60 seconds. To change the query interval: 1. Enter igmp mode. 2. Invoke the command query TIME where, TIME = Query interval in seconds; a number selectable from the range 30 to 6000. Example
OS9000(config)# igmp OS9000(config-igmp)# query 285 OS9000(config-igmp)#

Changing Aging Time

Aging time is the time the OS9000 will wait for a report from a multicast client before it removes membership of the client port from the multicast group.

April 2006

285

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

By default, the aging time for any multicast group is 60 seconds. To change the current aging time: 1. Enter igmp mode. 2. Invoke the command aging TIME. where, TIME = Aging time (in seconds). Valid values are in the range 30 to 6000. Example
OS9000# configure terminal OS9000(config)# igmp OS9000(config-igmp)# aging 120 OS9000(config-igmp)#

Preventing Aging
To prevent aging: 1. Enter igmp mode. 2. Invoke the command no aging. Example
OS9000# configure terminal OS9000(config)# igmp OS9000(config-igmp)# no aging OS9000(config-igmp)#

Selecting Fast Leave Mode

Fast leave mode of the OS9000 enables a client to delete a multicast group immediately. By default, the OS9000 operates in fast leave mode. To select fast leave mode: 1. Enter igmp mode. 2. Invoke the command fast-leave. Example
OS9000(config)# igmp OS9000(config-igmp)# fast-leave OS9000(config-igmp)#

Selecting Regular Leave Mode

Regular leave mode is complaint to IETC RFC 2236 standard. It forces a client attempting to leave a multicast group to wait until the end of the standard response time. When an OS9000 receives a leave message, it sends a group-specific query to determine whether the leave message can be ignored. To set fast leave mode: 1. Enter igmp mode. 2. Invoke the command no fast-leave. Example
OS9000(config)# igmp OS9000(config-igmp)# no fast-leave OS9000(config-igmp)#

Creating Static Multicast Group(s)

The maximum number of multicast groups that can be created is 1000. Multicast groups must not overlap.

April 2006

286

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

To distinguish between two multicast groups, their two IP addresses must differ from each other in their 23 LSBs. A multicast group can be created if all of the following conditions are met:

A VLAN interface with a tag matching the tag of the multicast group (to be created) exists. (Configuration of VLAN interfaces is described in Chapter 7: Interfaces, in the section Configuring, page 119.) An IP address is assigned to this interface. (Assignment of an IP address to a VLAN interface is described in Chapter 7: Interfaces, in the section Configuring, page 119.) IGMP is enabled on this interface using the igmp-enable command as described in the section Enabling IGMP Multicast for an Interface, page 285.

Single To create a single static multicast group: 1. Enter igmp mode. 2. Invoke the command: mc-group address GROUP-IP tag TAG ports PORTS-GROUP. where, GROUP-IP = IP address of multicast group. Valid IP addresses are in the range 224.0.0.0 to 239.255.255.255. (The range 224.0.0.0 to 224.0.0.255 is reserved by IANA for use by network protocols on a local network segment. Packets with an IP address in this range are local in scope and are not forwarded by IP routers. As a result, the packets will not leave the local network.) TAG = Tag of the interface containing the ports to be members of the multicast group. PORTS-GROUP = Group of ports to be members of the multicast group. Example
OS9000(config)# igmp OS9000(config-igmp)# mc-group address 224.1.1.5 tag 300 ports 6-8 Number of multicast groups is 1. OS9000(config-igmp)#

Multiple To create multiple static multicast groups: 1. Enter igmp mode. 2. Invoke the command: mc-group address FIRST-GROUP-IP last-address LAST-GROUP-IP tag TAG ports PORTS-GROUP where, FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses to be assigned to the multicast groups. Valid IP addresses are in the range 224.0.0.0 to 239.255.255.255. LAST-GROUP-IP = Highest IP address in the sequence of IP addresses to be assigned to the multicast groups. TAG = Tag of the interface containing the ports to be members of the multicast groups. PORTS-GROUP = Group of ports to be members of the multicast groups. Example
OS9000(config)# igmp OS9000(config-igmp)# mc-group address 225.1.2.1 last-address 225.1.3.15 tag 10 ports 8

April 2006

287

ML48261, Rev. 02 Network Time Protocol (NTP)

Number of multicast groups is 271. OS9000(config-igmp)#

Chapter 23:

Deleting Static Multicast Group(s)

A single or a range of multicast groups is automatically deleted if any of the following occurs:

An interface with a tag matching the tag of the multicast group created (using the command mc-group address) is deleted. The IP address of the interface is deleted. IGMP is disabled on the interface

Single To delete a single static multicast group: 1. Enter igmp mode. 2. Invoke the command: no mc-group address GROUP-IP tag TAG ports PORTS-GROUP. where, GROUP-IP = IP address of multicast group. TAG = Tag of the interface containing the ports that are members of the multicast group. PORTS-GROUP = Group of ports that are members of the multicast group. Example
OS9000(config)# igmp OS9000(config-igmp)# no mc-group address 224.1.1.5 tag 300 ports 6-8 OS9000(config-igmp)#

Multiple To delete multiple static multicast groups: 1. Enter igmp mode. 2. Invoke the command: no mc-group address FIRST-GROUP-IP last-address LAST-GROUP-IP tag TAG ports PORTS-GROUP where, FIRST-GROUP-IP = Lowest IP address in the sequence of IP addresses assigned to the multicast groups. LAST-GROUP-IP = Highest IP address in the sequence of IP addresses assigned to the multicast groups. TAG = Tag of the interface containing the ports that are members of the multicast groups. PORTS-GROUP = Group of ports that are members of the multicast groups. Example
OS9000(config)# igmp OS9000(config-igmp)# no mc-group address 225.1.2.1 last-address 225.1.3.15 tag 10 ports 8 OS9000(config-igmp)#

Setting Querier Port State in Dynamic Mode

In dynamic mode (default mode), a querier port state can set to Non-Querier Port or Querier Port depending on the network topology. To set dynamic querier port state for any port:

April 2006

288

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

1. Enter igmp mode. 2. Invoke the command port querier dynamic PORTS-GROUP|all where, PORTS-GROUP = Group of ports to be set in dynamic querier port state. all = All ports to be set in dynamic querier port state. The default value of querier port state in dynamic mode is Querier Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port querier dynamic 5-8 OS9000(config-igmp)#

Setting Server Port State in Dynamic Mode

In dynamic mode (default mode), a server port state port can set to Non-Server Port or Server Port depending on the network topology. To set dynamic server port state for any port: 1. Enter igmp mode. 2. Invoke the command port server dynamic PORTS-GROUP|all where, PORTS-GROUP = Group of ports to be set in dynamic server port state. all = All ports to be set in dynamic server port state. The default value of server port state in dynamic mode is Non-Server Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port server dynamic 4-7 OS9000(config-igmp)#

Setting Querier Port State in Static Mode

Querier port state in static mode can be changed or freed to change only by the user. Querier port state of a port may be changed from dynamic mode to static mode by setting either one of the following values to the port:

Querier Port Non-Querier Port

Querier Port To set static Querier Port to a port: 1. Enter igmp mode. 2. Invoke the command port querier static PORTS-GROUP|all where, PORTS-GROUP = Group of ports to be set to static Querier Port. all = All ports to be set to static Querier Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port querier static 2-5 OS9000(config-igmp)#

Non-Querier Port To set static Non-Querier Port to a port: 1. Enter igmp mode. 2. Invoke the command port not-querier static PORTS-GROUP|all

April 2006

289

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

where, PORTS-GROUP = Group of ports to be set to static Non-Querier Port. all = All ports to be set to static Non-Querier Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port not-querier static 6-9 OS9000(config-igmp)#

Setting Server Port State in Static Mode

Server port state in static mode can be changed or freed to change only by the user. Server port state of a port may be changed from dynamic mode to static mode by setting either one of the following values to the port:

Server Port Non-Server Port

Server Port To set static Server Port to a port: 1. Enter igmp mode. 2. Invoke the command port server static PORTS-GROUP|all where, PORTS-GROUP = Group of ports to be set to static Server Port. all = All ports to be set to static Server Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port server static 10-12 OS9000(config-igmp)#

Non-Server Port To set static Non-Server Port to a port: 1. Enter igmp mode. 2. Invoke the command port not-server static PORTS-GROUP|all where, PORTS-GROUP = Group of ports to be set to static Non-Server Port. all = All ports to be set to static Non-Server Port. Example
OS9000(config)# igmp OS9000(config-igmp)# port not-server static 4-11 OS9000(config-igmp)#

Viewing IGMP Settings

To view the current IGMP settings: 1. Enter igmp mode. 2. Invoke the command show Example
OS9000(config)# igmp OS9000(config-igmp)# show fast leave : query : aging : lastMemberQueryInterval :

Yes 100 220 10

April 2006

290

ML48261, Rev. 02 Network Time Protocol (NTP)

query response report time enable OS9000(config-igmp)# : 100 : 10 : Yes

Chapter 23:

Viewing Port Modes and States

Single Port To view the current mode and state of a single port: 1. Enter igmp mode. 2. Invoke the command show igmp-port PORT where, PORT = Number of port. Example
OS9000(config)# igmp OS9000(config-igmp)# show igmp-port 5 Ports QUERIER SERVER ----------------------------------5 YES (dynamic) NO (dynamic) OS9000(config-igmp)#

All Ports To view the current modes and states of all the ports: 1. Enter igmp mode. 2. Invoke the command show igmp-port Example
OS9000(config)# igmp OS9000(config-igmp)# show igmp-port Ports QUERIER SERVER ----------------------------------1 YES (dynamic) NO (dynamic) 2 YES (dynamic) NO (dynamic) 3 YES (dynamic) NO (dynamic) 4 YES (dynamic) NO (dynamic) 5 YES (dynamic) NO (dynamic) 6 YES (dynamic) NO (dynamic) 7 YES (dynamic) NO (dynamic) 8 YES (dynamic) NO (dynamic) 9 YES (dynamic) NO (dynamic) 10 YES (dynamic) NO (dynamic) 11 YES (dynamic) NO (dynamic) 12 YES (dynamic) NO (dynamic) 13 YES (dynamic) NO (dynamic) 14 YES (dynamic) NO (dynamic) 15 YES (dynamic) NO (dynamic) 16 YES (dynamic) NO (dynamic) 17 YES (dynamic) NO (dynamic) 18 YES (dynamic) NO (dynamic) 19 YES (dynamic) NO (dynamic) 20 YES (dynamic) NO (dynamic) 21 YES (dynamic) NO (dynamic) 22 YES (dynamic) NO (dynamic) 23 YES (dynamic) NO (dynamic) 24 YES (dynamic) NO (dynamic)

April 2006

291

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9000(config-igmp)#

Chapter 23:

Viewing Multicast Groups

Single Entry To view settings of one current IP multicast group: 1. Enter igmp mode. 2. Make sure that IGMP is enabled (using the command enable). 3. Invoke the command show mc-ip entry IP-ADDRESS. where, IP-ADDRESS = IP address of multicast group. The headings of the entry (see example below) have following significance:
Group-IP: IP address of multicast group. num-Ifs: Number of VLAN interfaces one or more of whose ports are members of the multicast group. Flags: (Applies for all the VLAN interfaces.) Types of registration in the multicast groups. Possible types are: I = IGMP-implemented registration S = User-implemented registration SI or SI means that there are ports that have been registered by IGMP and ports that have been registered by a user. Tag: Tag of VLAN interface one or more of whose ports are in the multicast group. Vidx: Index of multicast group. Flags: (Applies for specific VLAN interfaces.) Type of registration in the multicast group. Possible types are: I or S. num-Ports: Number of ports (of the specific interface) that are members of the multicast group. PORTs: ID of ports (of the specific interface) that are members of the multicast group.

Example
OS9000(config)# igmp OS9000(config-igmp)# show mc-ip entry 225.1.1.1 Codes of the Flags: I - IGMP registration, S - Static registration. Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs ----------------------------------------------------------------225.1.1.1 2 SI 10 4097 S 4 1-4 20 4098 I 1 6 OS9000(config-igmp)#

All Entries To view settings of all current IP multicast groups: 1. Enter igmp mode. 2. Make sure that IGMP is enabled (using the command enable). 3. Invoke the command show mc-ip table. Example
SW-3(config-igmp)# show mc-ip table Codes of the Flags: I - IGMP registration, S - Static registration. Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs -------------------------------------------------------------------225.1.1.1 3 I 50 4567 I 1 23 25 4844 I 1 21 16 4841 I 1 22 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -225.1.1.2 2 I 50 4568 I 1 23 25 4845 I 1 21 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -225.1.1.3 2 I

April 2006

292

ML48261, Rev. 02 Network Time Protocol (NTP)

50 4569 I 1 23 25 4846 I 1 21 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -225.1.1.4 2 I 50 4570 I 1 23 25 4847 I 1 21 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -225.1.1.5 2 I 50 4571 I 1 23 25 4848 I 1 21 SW-3(config-igmp)#

Chapter 23:

Group-IP designates multicast group. Tag designates multicast interface ID.

Viewing Number of Multicast Groups and Entries

The number of multicast groups is the number of IP addresses assigned to all the multicast groups. This is the number of IP addresses under the heading Group-IP in the Multicast IP table shown in the example in section All Entries, page 292. The number of multicast groups in the example is 5. The number of multicast entries is the number of IP address assignments to all the multicast interfaces. The IDs of the multicast interfaces appear under the heading Tag in the Multicast IP table shown in the example in section All Entries, page 292. The number of multicast entries in the example is 3 (for 225.1.1.1 due to tags 50, 25, and 16) + 1 (for 225.1.1.2 due to tags 50 and 25) + 1 (for 225.1.1.3 due to tags 50 and 25) +1 (for 225.1.1.4 due to tags 50 and 25) +1 (for 225.1.1.5 due to tags 50 and 25) = 11 (multicast entries). The maximum possible number of multicast entries is 1020. To view the number of current IP multicast groups: 1. Enter igmp mode. 2. Make sure that IGMP is enabled (using the command enable). 3. Invoke the command show mc-ip number. Example
OS9000(config-igmp)# show mc-ip number Numbers of SW-entries: 800, HW-entries: 1000 OS9000(config-igmp)#

SW-entries designates multicast groups. HW-entries designates multicast entries.

Configuration
General
Setting of states to ports can be done in dynamic or static mode. In dynamic mode, IGMP sets the states automatically. In static mode, the user sets the states. The state set to a port in static mode can be changed or freed to change only by the user. Dynamic mode has two advantages over static mode:

It relieves the user of the burden of configuring each OS9000 port individually in a network that could possibly have hundreds of ports.

It automatically (and within a few seconds) accomplishes network convergence (recovery) when mediation devices (e.g., switches or routers) are added or removed from the network. Dynamic mode is the default mode.

Procedure
The detailed configuration procedure for an OS9000 to operate in the IGMP multicast protocol is as follows: April 2006 293

ML48261, Rev. 02 Network Time Protocol (NTP) 1. Create a VLAN interface that has: a. Ports that are to be made members of a multicast group. b. A VLAN tag. c. An IP address.

Chapter 23:

2. 3. 4. 5.

6. 7. 8.

For details, refer to Chapter 7: Interfaces, page 118. Enable IGMP on the VLAN interface as described in the section Enabling IGMP Multicast for an Interface, page 285. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page 284. If required, create a static multicast group containing ports to be members as described in the section Creating Static Multicast Group(s), page 286. For each path from a server to a client, if an OS9000 has an IP address lower than any upstream OS9000 in the path, the following must be done: a. The port of its immediate upstream neighbor (to which it is connected) must be set to static Query Port (as described in the section Querier Port, page 289). b. Its own port must be set to static Server Port (as described in the section Server Port, page 290). (Optional) Change the query interval as described in the section Changing Query Interval, 285. (Optional) Change the aging time as described in the section Changing Aging Time, page 285. (Optional) Change the leave mode as described in the section Leave Modes, 283.

Example
Referring to Figure 37, page 282, server port state and querier port state of the OS9000 ports will be correctly set in dynamic mode by IGMP since the OS9000s in any path from the multicast server to a multicast client have progressively higher IP addresses. If, however, in a path from a multicast server to a multicast client there is an OS9000 with an IP address lower than an upstream OS9000 in the path, the setting by IGMP would be incorrect. Figure 38, below, shows OS9000s with IP addresses that do not get progressively higher in all the paths from the multicast server to the multicast clients. For e.g., in the path to C4, C5, or C6, the IP address gets higher in going from OS9000 A to OS9000 B (which complies with IGMP) but gets lower in going from OS9000 B to OS9000 C (which conflicts with IGMP). Accordingly, IGMP will succeed in correctly configuring the ports for the paths from the multicast server to C1, C2, and C3. However, IGMP will fail to correctly configure the ports for the paths to C4, C5, and C6. Specifically, Port 6 will set to Non-Query Port (although it is required to set to Query Port) because the IP address of OS9000 B is higher than that of OS9000 C. Port 8 will set to Query Port and Non-Server Port (although it is required to set to Server Port). To resolve this problem, Port 6 and Port 8 have to be set statically. Port 6 must be set using the procedure described in the section Querier Port, page 289. Port 8 must be set using the procedure described in the section Server Port, page 290.

April 2006

294

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Figure 38: IP Multicast Configuration Network Example The detailed configuration procedure for each OS9000 in Figure 38, page 295, is given below. OS9000 A Configuration 1. Create a VLAN interface (e.g., vif10) that includes: a. Ports 1, 2, 3, and 4 (These ports are to be members of a multicast group. Other ports as well may be included in the VLAN interface.) b. A VLAN tag (e.g., 30) c. An IP address (e.g., 195.1.1.5/24). 2. Enable IGMP on the interface, as described in the section Enabling IGMP Multicast for an Interface, page 285. 3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast, page 284. 4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 2 and 4, as described in the section Creating Static Multicast Group(s), page 286. OS9000 B Configuration 1. Create a VLAN interface (e.g., vif20) that includes: a. Ports 5, 6, and 7 (These ports are to be members of a multicast group. Other ports as well may be included in the VLAN interface.) b. A VLAN tag (e.g., 30) c. An IP address (e.g., 195.3.1.7/24).

April 2006

295

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

2. Enable IGMP on the interface, as described in the section Enabling IGMP Multicast for an Interface, page 285. 3. Enable IGMP multicast, as described in the section Enabling IGMP Multicast, page 284. 4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and port 7, as described in the section Creating Static Multicast Group(s), page 286. 5. Set Port 6 to Query Port, as described in the section Querier Port, page 289. 6. Set Port 6 to static Non-Server Port, as described in the section Non-Server Port, page 290. OS9000 C Configuration 1. Create a VLAN interface (e.g., vif30) that includes: a. Ports 8, 9, 10, and 11 (These ports are to be members of a multicast group. Other ports as well may be included in the VLAN interface.) b. A VLAN tag (e.g., 30) c. An IP address (e.g., 195.2.1.6/24). 2. Enable IGMP on the interface, as described in the section Enabling IGMP Multicast for an Interface, page 285. 3. Enable IGMP multicast as described in the section Enabling IGMP Multicast, page 284. 4. Create a multicast group with IP address (e.g., 234.1.8.6), tag 30, and ports 9, 10, and 11, as described in the section Creating Static Multicast Group(s), page 286. 5. Set port 8 to static Server Port, as described in the section Server Port, page 290. Execution of the procedure using the OS9000 CLI is as follows:

------------------------------------OS9000-A------------------------------------MRV OptiSwitch 9024 version d0733-08-01-06 OS9000-A login: admin Password: OS9000-A> enable OS9000-A# configure terminal OS9000-A(config)# interface vlan vif10 OS9000-A(config-vif10)# ports 1-4 OS9000-A(config-vif10)# tag 30 Interface is activated. OS9000-A(config-vif10)# ip 195.1.1.5/24 OS9000-A(config-vif10)# igmp-enable OS9000-A(config-vif10)# exit OS9000-A(config)# igmp OS9000-A(config-igmp)# enable OS9000-A(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 2,4 Number of multicast groups is 1. OS9000-A(config-igmp)# exit OS9000-A(config-igmp)# show igmp-port 3 Ports QUERIER SERVER

April 2006

296

ML48261, Rev. 02 Network Time Protocol (NTP)

----------------------------------3 YES (dynamic) NO (dynamic) OS9000-A(config-igmp)# show igmp-port 4 Ports QUERIER SERVER ----------------------------------4 YES (dynamic) NO (dynamic) OS9000-A(config-igmp)# exit OS9000-A(config)#

Chapter 23:

------------------------------------OS9000-B------------------------------------MRV OptiSwitch 9024 version d0733-08-01-06 OS9000-B login: admin Password: OS9000-B> enable OS9000-B# configure terminal OS9000-B(config)# interface vlan vif20 OS9000-B(config-vif20)# ports 5-7 OS9000-B(config-vif20)# tag 30 Interface is activated. OS9000-B(config-vif20)# ip 195.1.1.7/24 OS9000-B(config-vif20)# igmp-enable OS9000-B (config-vif20)# exit OS9000-B(config)# igmp OS9000-B(config-igmp)# enable OS9000-B(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 7 OS9000-B(config-igmp)# port querier static 6 OS9000-B(config-igmp)# port not-server static 6 OS9000-B(config-igmp)# show igmp-port 6 Ports QUERIER SERVER ----------------------------------6 YES (static) NO (static) OS9000-B(config-igmp)# exit OS9000-B(config)#

------------------------------------OS9000-C------------------------------------MRV OptiSwitch 9024 version d0733-08-01-06 OS9000-C login: admin Password: OS9000-C> enable OS9000-C# configure terminal OS9000-C(config)# interface vlan vif30 OS9000-C(config-vif30)# ports 8-11 OS9000-C(config-vif30)# tag 30 Interface is activated. OS9000-C(config-vif30)# ip 195.1.1.6/24 OS9000-C(config-vif30)# igmp-enable

April 2006

297

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9000-C(config-vif30)# exit OS9000-C(config)# igmp OS9000-C(config-igmp)# enable OS9000-C(config-igmp)# mc-group address 234.1.8.6 tag 30 ports 9-11 OS9000-C(config-igmp)# port server static 8 OS9000-C(config-igmp)# show igmp-port 8 Ports QUERIER SERVER ----------------------------------8 YES (dynamic) YES (static) OS9000-C(config-igmp)# show mc-ip table Codes of the Flags: I - IGMP registration, S - Static registration. Group-IP num-IFs Flags Tag Vidx Flags num-Ports PORTs -------------------------------------------------------------------234.1.8.6 1 S 30 4097 S 3 9-11 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -Number of entries: 1 OS9000-C(config-igmp)# exit OS9000-C(config)#

Chapter 23:

April 2006

298

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 25:

Service Assurance PING

Definition
Service Assurance PING (SA PING) is an ICMP application protocol for monitoring network performance, resources, and applications. It complies with RFC 2925.

Purposes
To: Test connectivity between the OS9000 and other devices. Determine whether a target (destination) device is active Determine the RTT40 in communicating with a target device Collect probe history Collect statistical data for predicting and remodeling network operation Generate SNMP traps and SNA Alerts/Resolutions when a connection is lost, a connection is reestablished, a timeout occurs, or a user-configured threshold is exceeded. (Thresholds can also be used to trigger the collection of additional statistics.)

Scope
Echo probes are available for use in SA PING. From the same OS9000, several administrators can send SA PING requests and each administrator can send several probes. Set a udpEcho probe Reset a probe

Principle of Operation
SA PING uses a series of alternating ICMP UDP echo request and UDP echo reply messages. It sends an echo request message (packet) towards the destination address. The following three factors determine how the OS9000 will react: 1) RTT 2) frequency, and 3) timeout'. The RTT is the time between sending an ICMP request and receiving the corresponding response. The frequency is the number of milliseconds to wait before repeating a PING test. This time is user-settable to any value in the range 1 to 107 (in milliseconds) in the mode rtr. The timeout' is the time the OS9000 waits (from the moment it sends an echo request) for an echo response. If no echo response is received within this time, the OS9000 registers a failed response. This time is user-settable to any value in the range 1 to 107 (in milliseconds) in the mode rtr. 1. RTT < timeout; timeout < frequency: The OS9000 waits until the end of the current frequency time interval before sending the next echo.

40

RTT is Round-Trip Time

April 2005

299

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

2. RTT > timeout; timeout < frequency: The OS9000 registers a failed request and waits until the end of the current frequency time interval before sending the next echo request. 3. RTT < timeout; timeout > frequency: The OS9000 waits until the end of the current frequency time interval that is overlapped by the timeout time before sending the next echo request. 4. RTT > timeout; timeout > frequency: The OS9000 registers a failed request and waits until the end of the current frequency time interval before sending the next echo request.

Commands
Creating an SA PING Probe
To create an SA PING probe, 1. Enter the mode configure terminal. 2. Invoke the command: rtr echo OWNER NAME Example OS9000(config)# rtr echo ? OWNER Owner name OS9000(config)# rtr echo edi ? <cr> NAME Probe name | Output modifiers OS9000(config)# rtr echo edi first OS9000(config-rtr)#

Viewing an SA PING Probe

To view information on an SA PING probe, 1. Enter the mode rtr. 2. Invoke the command: show Example OS9000(config-rtr)# show

----------- type:echo owner:'edi' testname:'first' <undefined> count: 1 timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 10 ttl: 128 zero trap mask 0 packets transmitted. OS9000(config-rtr)#

stopped

Viewing SA PING Events as CLI Traps

To view SA PING Events as CLI Traps, invoke the command: 1. Enter enable mode.

April 2006

300

ML48261, Rev. 02 Network Time Protocol (NTP) 2. Invoke the command: debug event

Chapter 23:

Usage
Creating and Operating an SA PING Probe
To create a basic SA PING probe, 1. Enter the mode configure terminal. 2. Invoke the command: rtr echo OWNER NAME 3. On entry into the mode rtr (indicated by the system prompt OS9000(configrtr)#, type target, the IP address of the destination device, and press Enter . 4. Type count, number of times to perform the probe, and press Enter . 5. Type buckets-of-history-kept, the maximum number of entries allowed in the History table, and press Enter . 6. Type trap, the Probe notification control, which may be: all Generate all notifications pathChange Generate pathChange notification probeFailure Generate pingProbeFailed notification testCompletion Generate testCompletion notification testFailure Generate testFailure notification filter Filter probeFailure notifications and press Enter . 7. Type timeout, the time the OS9000 waits (from the moment it sends an echo request) for an echo response (this time is settable to any value in the range 1 to 107 milliseconds), and press Enter . 8. Type frequency, the time interval between any two successive echo requests (this time is settable to any value in the range 1 to 107 milliseconds), and press Enter . 9. Type request-data-size, the size of the data portion to be transmitted, and press Enter . 10. To operate the PING probe, type start, and press Enter . Example OS9000(config-rtr)# target ? TARGET Target address or hostname OS9000(config-rtr)# target 191.93.235.170 OS9000(config-rtr)# count ? <0-10000000> Probe count (0 - forever) OS9000(config-rtr)# count 0 OS9000(config-rtr)# buckets-of-history-kept ? <0-10000> Value of mximum number of entries allowed in the History table OS9000(config-rtr)# buckets-of-history-kept 20 OS9000(config-rtr)# trap ?

April 2006

301

ML48261, Rev. 02 Network Time Protocol (NTP) all Generate all notifications pathChange Generate pathChange notification probeFailure Generate pingProbeFailed notification testCompletion Generate testCompletion notification testFailure Generate testFailure notification filter Filter probeFailure notifications OS9000(config-rtr)# trap all OS9000(config-rtr)# trap filter testFailur testFailure Number of events before sending a notification OS9000(config-rtr)# trap filter testFailure 3 OS9000(config-rtr)# OS9000(config-rtr)# start

Chapter 23:

Viewing an SA PING Probe

Up to four different attributes of an SA PING can be viewed. They are: all Both configuration and results configuration Configuration of the entry results Results of probes history History table To display information on one or more SA PING probes by a specific administrator, 1. Enter the mode rtr 2. Type: 3. show [OWNER] [NAME] 4. Optionally type an SA PING attribute (described above): 5. Press Enter . Example 1 OS9000(config-rtr)# show

----------- type:echo owner:'edi' testname:'*' 191.93.235.170 running count: forever timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 20 ttl: 128 TestFailureFilter: 3 probeFailure testFailure testCompletion Resolved target : 191.93.235.170 20 lines in history table. 30 packets transmitted; 30 packets received, 0.00% packet loss Round-trip min/avg/max: 0.438/0.459/0.511 ms Neg.Jitter min/avg/max: 0.003/0.021/0.055 ms; number=13 Pos.Jitter min/avg/max: 0.000/0.016/0.058 ms; number=16 Last good probe: Sun December 8 12:04:45 2005 Jitter, RTT, and packet loss values, in addition to bandwidth, serve to determine whether the network in its present configuration can provide the requisite level of service essential for time-sensitive applications such as VoIP and video streaming. For VoIP, a delay (time it takes for an ICMP request to reach its destination) of up to 150 ms is usually acceptable.

April 2006

302

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Jitter is defined as the current RTT previous RTT. Accordingly, jitter may be positive or negative. Six types of jitter are measured by the OS9000: Neg. Jitter min The minimum negative jitter recorded. Neg. Jitter avg The average of the negative jitters recorded. Neg. Jitter max The maximum negative jitter recorded. Pos. Jitter min The minimum positive jitter recorded. Pos. Jitter avg The average of the positive jitters recorded. Pos. Jitter max The maximum positive jitter recorded. The number of positive and negative jitters are also recorded. The example above shows that the number of negative jitters is 13 and the number of positive jitters is 16. RTT is defined as the time between sending an ICMP request and receiving the corresponding response. Packet loss is defined as packets sent packets received. Example 2 OS9000(config-rtr)# show history ## Responce Status Time 127. 0.45 OK Sun December 128. 0.45 OK Sun December 129. 0.45 OK Sun December 130. 0.45 OK Sun December 131. 0.49 OK Sun December 132. 0.46 OK Sun December 133. 0.45 OK Sun December 134. 0.45 OK Sun December 135. 0.46 OK Sun December 136. 0.47 OK Sun December 137. 0.44 OK Sun December 138. 0.44 OK Sun December 139. 0.46 OK Sun December 140. 0.44 OK Sun December 141. 0.47 OK Sun December 142. 0.48 OK Sun December 143. 0.45 OK Sun December 144. 0.45 OK Sun December 145. 0.49 OK Sun December 146. 0.50 OK Sun December OS9000(config-rtr)#

8 12:06:21 2005 8 12:06:22 2005 8 12:06:23 2005 8 12:06:24 2005 8 12:06:25 2005 8 12:06:26 2005 8 12:06:27 2005 8 12:06:28 2005 8 12:06:29 2005 8 12:06:30 2005 8 12:06:31 2005 8 12:06:32 2005 8 12:06:33 2005 8 12:06:34 2005 8 12:06:35 2005 8 12:06:36 2005 8 12:06:37 2005 8 12:06:38 2005 8 12:06:39 2005 8 12:06:40 2005

To display brief information on SA PING probes by all administrators, 1. Enter the mode enable. 2. Invoke the command: show rtr brief Example OS9000# show rtr brief echo alex my1 localhost running echo alex my2 191.93.235.170 stopped echo edi * 192.84.137.212 stopped echo edi first www.cursorinfo.c stopped echo first * www.walla.co.il stopped So, 5 entries, 1 is/are running

April 2006

303

ML48261, Rev. 02 Network Time Protocol (NTP) To display detailed information on SA PING probes by all administrators, 1. Enter the mode enable 2. Invoke the command: show rtr all Example OS9000# show rtr all ----------- type:echo owner:'alex' testname:'my1' localhost running count: forever timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 10 ttl: 128 zero trap mask Resolved target : 183.44.216.71 (dns); host : localhost 10 lines in history table. 379 packets transmitted; 379 packets received, 0.00% packet loss Round-trip min/avg/max: 0.317/0.338/0.431 ms Neg.Jitter min/avg/max: 0.001/0.005/0.042 ms; number=182 Pos.Jitter min/avg/max: 0.000/0.005/0.027 ms; number=196 Last good probe: Sun December 8 12:28:25 2005 ----------- type:echo owner:'alex' testname:'my2' 194.90.136.180 stopped count: 49 timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 10 ttl: 128 zero trap mask 0 packets transmitted. ----------- type:echo owner:'edi' testname:'*' 191.93.235.170 stopped count: forever timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 20 ttl: 128 TestFailureFilter: 3 probeFailure testFailure testCompletion Resolved target : 191.93.235.170 20 lines in history table. 199 packets transmitted; 199 packets received, 0.00% packet loss Round-trip min/avg/max: 0.438/0.463/0.672 ms Neg.Jitter min/avg/max: 0.001/0.025/0.213 ms; number=97 Pos.Jitter min/avg/max: 0.000/0.023/0.215 ms; number=101 Last good probe: Sun December 8 12:07:33 2005 ----------- type:echo owner:'first' testname:'*' www.walla.co.il stopped count: 1 timeout: 3000 ms size: 56 frequency: 1000 ms bypass-route-table: No interface: <none> maxrows: 10 ttl: 128 zero trap mask

Chapter 23:

April 2006

304

ML48261, Rev. 02 Network Time Protocol (NTP) 0 packets transmitted. OS9000#

Chapter 23:

Viewing SA PING Events as CLI Traps

The CLI command syntax for viewing SA PING Events as CLI Traps is as follows: event cli where, cli CLI traps Example
OS9000(config)# event cli

Stopping SA PING
To stop a currently running SA PING process between the OS9000 and another device, invoke the command: 1. Enter the mode rtr. 2. Invoke the command stop Example OS9000(config-rtr)# stop probe ended :ping target 191.93.235.170 199 packets transmitted; 199 packets received, 0.00% packet loss round-trip min/avg/max = 0.438/0.463/0.672 ms : Sun December 8 12:07:33 2005 An SNMP trap is sent to as defined in PING.txt of RFC 2925.

Commands in Mode SA PING

To display the list of commands in the mode SA PING: 1. Enter the mode configure terminal. 2. Type the command: rtr echo OWNER NAME 3. Press Enter to enter the mode SA PING. 4. Press ? to display the list of commands, shown in the example below. Example OS9000(config-rtr)# ? buckets-of-history-kept The maximum number of entries allowed in the History table bypass-route-table Enable bypassing the route table count Number of times to perform a probe default Set a command to its defaults description Set a description for current rtr entry end End current mode and down to previous mode exit Exit current mode and down to previous mode frequency Probe frequency for current rtr entry (in milliseconds) help Description of the interactive help system interface Set output interface list Print command list no Negate a command or set its defaults

April 2006

305

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

pattern Set pattern of a data portion of a probe packet quit Exit current mode and down to previous mode request-data-size Size of the data portion to be transmitted show show current rtr entry start Start current rtr entry stop Stop current rtr entry target Set target address timeout Probe timeout for current rtr entry (in milliseconds) trap Probe notifications control ttl Time-to-live field of sending packet write Write running configuration to memory, network, or terminal

April 2006

306

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 26:

Scheduler
Definition
The scheduler function of the OS9000 is used to schedule execution of administratorselected commands at times pre-set by the administrator.

Purpose
The scheduler allows the administrator to ensure that certain actions by/on the OS9000 will be performed at the right time and automatically. Examples of uses of the scheduler are: reboot the OS9000 at the end of the day, load a new configuration at a pre-specified time, etc.

Types of Scheduler Commands

There are four types of scheduler commands: Single-Execution Periodic-Execution No-Execution

Show Scheduler Configuration These types of scheduler commands can be CLI or Linux commands. To execute these commands, first enter the configure terminal mode as shown below:
OS9000 login: admin Password: Last login: Wed Jun 8 09:24:24 2005 on ttyS0 Welcome to MRV's distribution for MPC8245. OS9000> enable OS9000# configure terminal

Single-Execution Scheduler Command

Purpose
This type of scheduler command causes execution of a CLI or Linux command just once.

Syntax
The command syntax is as follows: schedule once MONTH DAY TIME (cli|linux) COMMAND where, MONTH Month (e.g., June) during which the command is to be executed. Either type the full name of the month or at least the first three letters (e.g., Jun). In any case, the month name must begin with capital (upper case) letter. DAY Day (e.g., 27) on which the command is to be executed. The day can be any number in the range 1-31, provided the day is valid for the month. (For e.g., 31 for the month of June is not valid.) TIME Time (e.g., 13:15) at which the command is to be executed. The time must typed in the following format:

April 2005

307

ML48261, Rev. 02 Network Time Protocol (NTP) HH:MM

Chapter 23:

where, HH Hour as a 2-digit number. The hour can be any number in the range 0-23. MM Minute as a 2-digit number. The minute can be any number in the range 0-59. (cli|linux) Choice between cli and linux. cli is CLI command. linux is Linux command. COMMAND The specific CLI or Linux command to be executed by the OS9000. Example 1: In order to cause a configuration to be saved on June 15 at the time 23 hr and 51 min, invoke the following CLI command: schedule once Aug 7 23:51 cli write file Example 2: In order to cause the OS9000 to reboot on August 7 at the time 18 hr and 35 min, invoke the following CLI command: schedule once Aug 7 18:35 cli reboot

Periodic-Execution Scheduler Command

Purpose
This type of scheduler command causes periodic execution of CLI or Linux commands.

Syntax
The command syntax is as follows: schedule period MINUTE HOUR DAY MONTH WDAY (cli|linux) COMMAND where, MINUTE - Minute (e.g., 43) at which the command is to be executed. Either type a number in the range 0-59 or * for execution every minute. HOUR - Hour (e.g., 16) at which the command is to be executed. Either type a number in the range 0-23 or * for execution every hour. DAY Day (e.g., 27) on which the command is to be executed. Either type a number in the range 1-31 or * for execution every day. (For e.g., 31 for the month of June is not valid.) MONTH - Month (e.g., June) during which the command is to be executed. Either type:

Or

The full name of the month or at least the first three letters (e.g., Jun). In any case, the month name must begin with capital (upper case) letter.

* for execution every month. WDAY - Day of the week on which the command is to be executed. Either type the full name of the weekday (e.g., Sunday) or * for ignoring what day it is of the week. (cli|linux) Choice between cli and linux. cli is CLI command. linux is Linux command. COMMAND The specific CLI or Linux command to be executed by the OS9000.

April 2006

308

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Note In selecting the values for MONTH and WDAY, make sure that they are compatible according to the calendar! Example: In order to cause the OS9000 configuration to be saved on the FTP server whose IP address is 195.90.123.5 in the directory c:/config_bak every day at the time 23 hr and 0 min, invoke the following CLI command: schedule period 00 23 * * * cli copy startup-config ftp 195.90.123.5 c:/config_bak

No-Execution Scheduler Command

Purpose
This type of scheduler command cancels a scheduled command.

Syntax
The command syntax is as follows: no schedule COMMAND where, COMMAND Specific CLI or Linux command to be canceled. Example: In order to stop the saving of the OS9000 configuration on the FTP server whose IP address is 195.90.123.5 in the directory c:/config_bak every day (at the time 23 hr and 0 min), invoke the following CLI command: no schedule copy startup-config ftp 195.90.123.5 c:/config_bak

Show Scheduler Configuration Command

Purpose
This type of scheduler command shows the commands that will be executed by the scheduler.

Syntax
The command syntax is as follows: show schedule [COMMAND] where, [COMMAND] (optional) The specific CLI or Linux command schedule to be viewed. If the argument is typed, all arguments of this scheduled command will be shown. If the argument is not typed, all defined scheduled commands and their arguments will be shown. Below, is an example showing two schedules.
OS9000(config)# show schedule Complete Month Day Weekday Hour Min Type Notif Command ========================================================= No Aug 7 23 51 cli write file No Aug 7 23 58 cli reboot End Of Schedule Table OS9000(config)#

The entry No in the column Complete means the command has not been executed. After the command is executed, No changes to Yes.

April 2006

309

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 27:

Transparent Mode Media Cross Connect

General
The Media Cross Connect41 feature of the OS9000 provides it with intelligent patch panel functionality. In typical patch panels, wires must be physically disconnected, moved, and reconnected to change the network configuration. In the OS9000, (and herein lies its great advantage) physical connections are left unchanged; only logical connections are changed purely by software control to give the desired port-to-port interconnections. One application of Media Cross Connect is to forward data via a WDM technology port.

Migration
Carriers can operate the OS9000 in three stages of increasing order of advancement. Initially, it can be operated as a physical-layer Ethernet-over-WDM (eWDM) crossconnect relay system using Media Cross Connect. It can then be moved up to provide enhanced Ethernet switching services, and subsequently, through simple software upgrade, to provide MPLS services. Key benefits include shortened time-to-market of new services and reduction in technical risks common to products with an evolving number of interconnection layers.

Principle of Operation
Media Cross Connect allows the administrator to program the OS9000 to forward traffic entering one user-specified port to another or to flood another user-specified port group in transparent mode. In this mode, the forwarding is done like that by a repeater; fully transparently (i.e., with no MAC address learning and no processing at all, via a Layer 1 physical datapath between the ports). Figure 39, below, illustrates Media Cross Connect.

41

An MRV technology

April 2005

310

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Figure 39: Examples of Media Cross Connections in the OS9000

MTU Support
Media Cross Connect supports the following MTU42 sizes (in bytes): 1518, 1522, 1552 (default), 9022, and 9192. (The procedure for setting the MTU size is given in the section Maximum Transmission Unit (MTU), page 88.) Note If the MTU size is changed, the OS9000 must be rebooted to enable handling for the new MTU size. The following example shows how to set an MTU size.
S9024F(config)# vman-mode OS9024F(config)# boot OS9024F(config-boot)# mtu-size 9192 Action will come into effect after rebooting OS9024F(config-boot)# exit

Examples
Example 1 The example below shows how to perform Media Cross Connection between ports 23 and 24.
OS9024F(config)# port tag-outbound-mode q-in-q 23-24 OS9024F(config)# interface vlan vif20 OS9024F(config-vif20)# tag 20 OS9024F(config-vif20)# ports 23-24 OS9024F(config-vif20)# exit OS9024F(config)# lt limit port 23-24 entries ? ENTRIES-LIMIT Value <0-16k> as max number of entries for specific port/tag OS9024F(config)# lt limit port 23-24 entries 0
42

Maximum Transmission Unit

April 2006

311

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9024F(config)# OS9000# write terminal Building configuration... Current configuration: ! version d1345-11-12-05 vman-mode ! boot mtu-size 9192 ! port tag-outbound-mode q-in-q 23-24 ! interface vlan vif20 tag 20 ports 23-24 ! lt limit port 23-24 entries 0 ! OS9000#

Chapter 23:

Example 2 This example shows use of a script to program media cross connect.
OS9000(config)# script cross-connect OS9000(script-cross-connect)# parameter 10 connect OS9000(script-cross-connect)# parameter 20 X-connect OS9000(script-cross-connect)# OS9000(script-cross-connect)# OS9000(script-cross-connect)# OS9000(script-cross-connect)# OS9000(script-cross-connect)# OS9000(script-cross-connect)# line line line line line line 10 20 30 40 50 60 ID type vifN description IF for XPOID type ports description Ports for

vman-mode port tag-outbound-mode q-in-q $POID interface vlan vif$ID tag $ID ports $POID lt limit port $ports entries 0

OS9000(script-cross-connect)# write terminal Building configuration... Current configuration: ! version d1734-22-09-05 ! script cross-connect parameter 10 ID type vifN description IF for X-connect parameter 20 POID type ports description Ports for X-connect line 10 vman-mode line 20 port tag-outbound-mode q-in-q $POID line 30 interface vlan vif$ID line 40 tag $ID line 50 ports $POID line 60 lt limit port $ports entries 0 ! OS9024F(script-cross-connect)# exit OS9024F(config)# exit OS9000# cross-connect ? <1-4095> cross-connect_ID(range:2-4095) OS9000# cross-connect 20 ? PORT_GROUP_STR cross-connect_ports(e.g 2-3) OS9000# cross-connect 20 23-24

April 2006

312

ML48261, Rev. 02 Network Time Protocol (NTP)

execute: vman-mode execute: port tag-outbound-mode q-in-q 23-24 execute: interface vlan vif20 execute: tag 20 execute: ports 23-24 Interface is activated. execute: lt limit port 23-24 entries 0

Chapter 23:

April 2006

313

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 28:

Firmware Upgrade/Download
General
This chapter provides general information on the OS9000 image (operative firmware), how to upgrade/download an OS9000 image, and how to reboot the OS9000 The OS9000 storage device has the following two partitions: 1. 2 partitions for firmware images (current, backup) 2. 2 partitions for configuration files (current, backup) see Chapter 29: Configuration Files, page 318. During upgrading/downloading of firmware images, the other partition is formatted and the new image is downloaded and opened in a backup store. The boot sector is then updated in such a way that at the next boot the backup store is loaded as the root so that the new image becomes the current OS9000 image. In addition, as part of the upgrade procedure the relevant configuration files are upgraded without affecting the custom configurations.

Downloading a New Image

The image, containing the executable code that runs on the OS9000, is preinstalled at the factory in the OS9000 storage device in compressed form. The OS9000 automatically decompresses the file before activating the image. The image should be upgraded as new versions are released. For the latest image, you can: Contact your local MRV representative, E-mail us at [email protected], or Visit our MRV Web site at http://www.mrv.com The image is upgraded using a download procedure from a File Transfer Protocol (FTP) server on the network. To upgrade/download a new image: 1. Load the new image onto an FTP remote directory on your network (if you will be using FTP) 2. Enter enable mode. 3. Download the new image to the OS9000 using the command: upgrade ftp <ftp server> <remote-dir> <remotefilename> [username|password] where, <ftp server>: Host name or IP address of the FTP server. <remote-dir>: Full path to the directory containing the download image on the FTP server. <remote-filename>: File name for monolithic upgrades. (Alias copy ftp firmware <version> <ftp server> <remote-dir> [username|password] 4. In response to the prompt Would you like to reboot the system now ? (y|n) Type y if you want to run the new image now. Type n if you want to run the new image later and let the previous image keep running in the meantime. The new image can be run at any time as described in the section Rebooting, page 84.

April 2005

314

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

If the upgrade/download process fails (for e.g., due to an FTP problem or illegal compressed file), the OS9000 runs the previous image. Note Powering the OS9000 off and on will also run the new image.

To revert to the previous image, use the procedure described in the section Rerunning the Previous OS9000 Image, page 315. Example
OS9000# upgrade ftp 194.90.136.240 / OS9000-devel-1.5.0.5.tar.gz zeus Start the upgrading process Get upgrade packet by ftp... /pdisk/last-dnld/OS9000-devel-1.5.0.5.tar.gz: 100.77 MB 1.00 MB/s ...done Unpacking the packet... ++++++++++ Unmount /dev/hda2 /dev/hda2 umounted ++++++++++ Format device /dev/hda2 with type reiserfs <-----------MKREISERFS, 2000-----------> ReiserFS version 3.5.27 Block size 4096 bytes Block count 244984 First 16 blocks skipped Super block is in 16 Bitmap blocks are : 17, 32768, 65536, 98304, 131072, 163840, 196608, 229376 Journal size 8192 (blocks 18-8210 of device 0x3:0x2) Root block 8211 Used 8219 blocks Hash function "r5" ATTENTION: ALL DATA WILL BE LOST ON '/dev/hda2'! (y/n)Initializing journal - 0%....20%....40%....60%....80%....100% Syncing.. ReiserFS core development sponsored by SuSE Labs (suse.com) Journaling sponsored by MP3.com.

Rerunning the Previous OS9000 Image

General
The OS9000 has two images. One image is stored on memory partition number 1, the other on 3. When booting, the U-BOOT software reads one of the boot parameters (identified as bootpart) in order to determine the partition from which to boot. Upgrade/download causes the new image to be written to the partition that was not used at boot, i.e., to the one the OS9000 is not currently running. At the end of the upgrade procedure, the OS9000 modifies the bootpart value to enable the new image to be run following reboot. In order to rerun the previous image, the bootpart value must be changed to the previous value. bootpart can have the value 1 or 3 corresponding to the partitions. If the value is 1, you need to change it to 3, and vice versa.

Procedure
The procedure for changing the bootpart value is as follows:

April 2006

315

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

(For security reasons, this procedure cannot be performed using a remote connection, e.g., TELNET, SSH, or SNMP.) 1. Connect a craft terminal (e.g., PC with an ASCII terminal emulation software application) to the OS9000 CONSOLE EIA-232 port with a Serial/RS-232 line as shown in Figure 17, page 60. 2. Boot or reboot the OS9000. 3. As soon as the following first lines of U-BOOT initialization appear on your terminal:
U-Boot 1.1.1 (Apr 18 2004 - 16:11:20) CPU: MPC8245 Revision 1.4 at 266.666 MHz: 16 kB I-Cache 16 kB D-Cache I2C: ready DRAM: 128 MB Board: MRV SBC Revision: 1.1 Serial Number: 0000000001 FLASH: 68 MB

Type: stop, and press Enter . The boot sequence will stop, and the U-BOOT prompt => is displayed. 4. Type: printenv, and press Enter . Typically, the following information is displayed.
ethaddr=00:0F:BD:00:05:B8 ethact=i82559#0 bootfile=uImage bootretry=5 bootdelay=3 bootm ramboot=chpart $(bootpart); fsload $(bootfile); run flashargs addmisc; bootm flashargs=setenv bootargs root=/dev/mtdblock1 bootpart=$(bootpart) nfsargs=setenv bootargs root=/dev/nfs rw nfsroot=$(serverip):$(rootpath) addip=setenv bootargs $(bootargs) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmas k):$(hostname):$(netdev):off addmisc=setenv bootargs $(bootargs) console=ttyS0,$(baudrate) gatewayip=194.90.136.254 netmask=255.255.255.0 ipaddr=192.168.1.10 serverip=192.168.1.20 rootpath=/home/eyalm/ppc_root/ baudrate=9600 bootcmd=run ramboot bootpart=1 stdin=serial stdout=serial stderr=serial cpuid=1 hwver=1 boardsn=0000000001 Environment size: 797/65531 bytes =>

5. Check the bootpart value. (The example display, above, shows bootpart=1.) 6. Change the bootpart value to the other (i.e., if it is 1 change it to 3) using the command: set bootpart 3

April 2006

316

ML48261, Rev. 02 Network Time Protocol (NTP) 7. Save the configuration using the command: saveenv Typically, the following information is displayed.
Saving Environment to Flash... Un-Protected 1 sectors Un-Protected 1 sectors Erasing Flash... . done Erased 1 sectors Writing to Flash... done Protected 1 sectors Protected 1 sectors =>

Chapter 23:

8. Reset the OS9000 using command: reset The OS9000 will now boot from partition 3.

April 2006

317

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 29:

Configuration Files Upload/Download

General
A configuration file consists of a set of CLI commands that were executed on the OS9000. As configuration settings are changed, the new settings get stored in run-time memory. The settings in run-time memory are not retained when the OS9000 is rebooted. To retain the settings, they must be copied to the flash (permanent) memory as described in the section Saving Configuration, page 81. This chapter describes how to copy (upload or download) an OS9000 configuration file in one of the following ways:

Upload (copy Startup configuration file to FTP or TFTP Server) Download (copy configuration file from FTP or TFTP Server to Startup configuration file)

Upload
The Startup Configuration File in the OS9000 can be uploaded to an FTP/TFTP server on your network. The uploaded file is ASCII and retains the CLI format. This allows you to do the following: Modify the configuration using a text editor, and later download a copy of the file to the same OS9000, or to one or more different OS9000s. Send a copy of the configuration file to the MRV Technical Support Department for troubleshooting purposes.

Automatically upload the configuration file periodically, e.g., each day, each week, etc., so that the FTP/TFTP server can archive the configuration. (The procedure for setting the OS9000 to schedule periodic upload of the configuration or any other CLI command action is described in the section Scheduler, page 307.) To copy the Startup configuration file to an FTP/TFTP Server configuration file, invoke the command: copy startup-config ftp FTP-SERVER REMOTE-DIR [USERNAME] [PASSWORD] where, FTP-SERVER DNS Host name or IP address of the FTP/TFTP server. REMOTE-DIR Full pathname to the directory on the FTP/TFTP server. [USERNAME] Username for FTP/TFTP login. [PASSWORD] Password for FTP/TFTP login. Example:
OS9000# copy startup-config ftp 194.83.132.65 ./configurations Zorro Mypassword OS9000#

Download
To copy an FTP/TFTP Server configuration file to the Startup configuration file, invoke the command: copy ftp startup-config FTP-SERVER REMOTE-DIR REMOTEFILENAME [USERNAME] [PASSWORD]

April 2005

318

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

where, startup-config Copy from Startup configuration file. FTP-SERVER DNS Host name or IP address of the FTP/TFTP server. REMOTE-DIR Full pathname to the directory on the FTP/TFTP server. REMOTE-FILENAME Filename in the directory on the FTP/TFTP server. [USERNAME] Username for FTP/TFTP login. [PASSWORD] Password for FTP/TFTP login. To make the downloaded configuration file run-time, reboot the OS9000 using the command reboot. Example:
OS9000# copy ftp startup-config 194.83.132.65 ./Configurations MyFile Zorro Mypass OS9000# reboot

April 2006

319

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 30:

Forwarding Information Base (FIB)

General
This chapter describes how the Forwarding Information Base (FIB) functions in the OS9000 and how it should be configured to achieve optimal performance for specific applications such as LAN, Subscriber, BGP-4, etc.

What is FIB
FIB is the interface between the control plane which runs the IP routing protocols and the data plane which is responsible for forwarding IP packets (at wirespeed). FIB receives information from the following four sources: Routing table: Provides the map between network prefixes and nexthops. ARP table: Provides the map between next-hops or hosts and their MAC addresses. MAC table(Learn table): Provides the map between MAC addresses and physical ports. interfaces table: Provides the map between interface and IEEE 802.1q tag. The FIB table is filled with the above maps. Each FIB entry contains for a specific host or network all the parameters necessary to forward a packet to its next-hop or its final destination host. The information in the OS9000 network processors internal tables are constantly updated with the information in the FIB table. Based on this information, the network processors can perform IP forwarding at wirespeed.

Figure 40: Traffic Flow from the Data Plane to the Control Plane via FIB The FIB table contains the following fields: TYPE This field contains the source of the FIB entry: R The entry was learned from the Routing table A The entry was learned from an ARP request M The entry was learned from MPLS Label Distribution Protocol.

April 2006

320

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

HW * in this field indicates that the FIB entry is installed properly in the network processors that are responsible for forwarding. IP/MASK The destination subnet or host. Hosts have /32 mask. NEXT HOP IP The next hop for the subnet according to the routing table. Irrelevant for host entries. NEXT HOP MAC The MAC address of the next hop according to the ARP table. TAG The IEEE 802.1q tag of the interface towards the next hop according to the interface table. PORT The destination port according to the MAC table.

Adjustment of FIB Parameters according to Router Application

Adjusting FIB Table Size
The number of entries that the FIB should be able to hold depends upon the routers application. By default the FIB can hold 64K entries. This number suits most LAN and access applications where IGPs (Interior Gateway Protocols) are used, for e.g., RIP, OSPF, BGP. If it is intented to run BGP-4, the FIB size should be increased to (130,000 + number of expected host entries) in order to maintain a full view of BGP. In order to change the FIB table size, invoke the following CLI commands:
OS9000> OS9000> enable OS9000# fib-table ? SIZE Set linux fib table size OS9000# fib-table 135000 Action will come into effect after rebooting OS9000#reboot

The FIB table size is changed to the newly set value only after the OS9000 reboots.

Adjusting Network Processors Memory Partition Sizes:

The Network Processors memory partitions sizes should be defined according to the routers application in order to optimize the Network Processors memory utilization. Currently, four partitions exist, each used as follows: 1. L2 learn table (MAC table) 2. L3 hosts table 3. L3 networks table 4. MPLS and ACLs flows table. When the OS9000s routing table is populated with many routes (e.g. BGP-4), it is recommended to allocate most of the memory for L3 networks table. For access application with many subscribers, it is recommended to allocate most of the memory for L3 hosts table and L2 learn table. In order to change the relative proportion of memory space allocated to each table, invoke the following CLI command:
OS9000800# max-entries-ratio ? L2_ENTRIES Configure percentage of L2 entries in hw OS9000800# max-entries-ratio 25 ? FIB_HOSTS Configure percentage of L3 host entries in hw OS9000800# max-entries-ratio 25 25 ? FIB_NETS Configure percentage of L3 net entries in hw OS9000800# max-entries-ratio 25 25 40 ? FLOWS Configure percentage flows in hw OS9000800# max-entries-ratio 25 25 40 10 ? <cr> OS9000800(debug)# max-entries-ratio 25 25 40 10 Action will come into effect after rebooting

April 2006

321

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9000#reboot

Chapter 23:

The relative proportion of memory space allocated to each table is changed only after the OS9000 reboots.

FIB Caching
The size of the routing table and the FIB can be bigger than the allocated size in the Network Processors. In such case, the OS9000 provides a caching mechanism that selects which routes should be entered in the network processors tables according to a Least Recently Used (LRU) algorithm. This means that unused entries are aged out and deleted from the network processors tables, while new flows targeted to specific addresses create relevant entries in the network processors tables. FIB caching is disabled by default. In order to enable it all you have to do is to enable FIB aging using the following command:
OS9000# configure terminal OS9000(config)# fib aging all

By default, aging starts at 80% of the max number of nets to be sent to hardware, and stops at 70%. To change these values type:
OS9000(config)# fib aging startAging thresh 70 OS9000(config)# fib aging stopAging thresh 60 The default aging time is 120 seconds. To change this value type: OS9000(config)# fib aging startAging time 180

Note Aging takes approximately twice as much time as TIME give, i.e. if the time set is 120 seconds, it will take about four minutes for them to be aged. To see the values of the thresholds and the time type:
OS9000(config)# sh fib aging L3 host aging enabled L3 aging enabled at stopAging threshold. Fib Aging inactive at 70 percent at 980 entries Fib aging enabled at 80 percent at 1120 entries

- time 0 - time 120

Save the configuration as follows:

OS9000# write file OS9000#

Note Packets destined to subnets that dont exist in the network processors tables are send to the CPU for software forwarding. If the number of active flows is greater then the network processors table size, some of the flows are forwarded by the CPU, which might affect the total performance.
WARNING!

When FIB caching is used, the network processors do not forward packets to the default gateway. Those packets are sent to the CPU for software forwarding to the default gateway.

FIB Static Entry

A static entry in the FIB can be configured, deleted, and displayed with CLI commands as described below.

April 2006

322

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Static Entry Configuration

The following CLI command is used to configure a static entry into the FIB: fib static entry ip-dest <A.B.C.D/M> ip-gw <A.B.C.D> mac <MAC_ADDR> port [PORT] tag [TAG] where, <A.B.C.D/M> is the IP address of the destination. <A.B.C.D> is the IP address of the gateway. <MAC_ADDR> is the MAC address of the gateway. [PORT] is the number of the port from which the packets are to be sent to the destination. (Optional parameter.) [TAG] is the tag with which the packets are to be sent to the destination. (Optional parameter.)

Static Entry Deletion

The following CLI command is used to delete a static entry from the FIB: no fib static entry <A.B.C.D/M> <A.B.C.D> where, <A.B.C.D/M> is the IP address of the destination. <A.B.C.D> is the IP address of the gateway.

Static Entry Viewing

The following CLI command is used to view a static entry that is in the FIB: show fib static [A.B.C.D/M] where, [A.B.C.D/M] is the IP address of the destination. (Optional parameter.)

Static Entry Types

There are two types of FIB static entries that can be created. Type 1 This type of FIB static entry is created when the optional parameter [PORT] is entered with the command fib static entry. The defined entry is inserted into the FIB as well as the ARP tables along with the MAC address and port number. Type 2 This type of static entry is created when the optional parameter [PORT] is not entered with the command fib static entry. The defined entry is inserted into the ARP table only. The value 0 is tentatively assigned in the port field of the entry. Following dynamic ARP resolution, the value 0 is replaced by the actual port number. Now, a FIB entry is built and moved to the H/W routing table. When a network topology change (for e.g., STP topology change or link status change) occurs, the static entry will be removed from the FIB table (H/W table as well as S/W table) but not from the ARP table. However, the port and MAC values in the ARP table entry will be reset to 0. The static entry can be viewed with the CLI commands show fib static and show arp (in debug mode) but not with show fib. When a port resolution occurs in the ARP table entry, the values 0 for the MAC address and port number are replaced by the actual values and a new FIB entry is built.

April 2006

323

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 31:

Hierarchical VPLS (H-VPLS)

General
A Hierarchical VPLS (H-VPLS) is a VPLS constructed in two tiers of differing hierarchy. The tiers are interconnected with one or more VCs43 see Figure 41, page 325. The first tier, which is the VPLS core/hub, consists of a full mesh44 of devices having routing and bridging capabilities. Such devices are referred to as PE-rs. The second tier, which is the VPLS edge/spoke, can consist of OS9000s.

Purpose
H-VPLS is proposed to overcome the drawbacks of regular VPLS that arise in expanding and large scale deployments. Among these drawbacks are: 1. The need to configure all the PEs for each new device to be added in the network. 2. Bandwidth consumption by signaling packets between each pair of PEs in the VPLS domain 3. Packet replication requirement 4. Recovery/convergence time in case of failure of a VC.

Advantages
The H-VPLS model has the following advantages over regular VPLS: 1. Only one VC is required to connect an OS9000 to a PE-rs in the VPLS domain as opposed to a mesh of VCs as would be required if the network was totally VPLS. 2. As the need arises, new CEs can be connected to the VPLS network by simply connecting each OS9000 (to which the CEs are attached) to a PE-rs in the VPLS domain with a VC.

Principle of Operation
All traffic going from/to CEs to/from one of the PE-rs devices in the VPLS domain will go through a VC. An OS9000 needs only to be aware of the specific PE-rs (in the VPLS domain) to which it is connected although it is participating in the VPLS service that spans multiple devices.

Dual Homing (Redundant Spoke Connection)

Having just one VC between an OS9000 and a PE-rs is risky because if this connection fails the CEs connected to the OS9000 are completely disconnected from the VPLS domain. To address this potential problem, the dual-homing option can be used. In this option, an OS9000 is connected via two VCs to two PE-rs devices in the same VPLS domain see Figure 41, page 325. One VC (Primary VC) remains active while the other VC (Secondary VC) remains in standby; ready to take over the tasks of the Primary VC in case the latter fails.

Application
The H-VPLS model enables the service provider to extend the VPLS domains by placing cost-effective OS9000s in multi-tenant buildings and aggregating them to a PE-rs in a
43 44

Pseudo wires A full mesh is direct connection of each and every device to each and every of the other devices.

April 2005

324

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

large central office (CO) facility see Figure 41, page 325. Using dual VCs instead of one provides connectivity-redundancy protection.

Figure 41: H-VPLS Network

Configuration
The procedure for configuring an OS9000 to operate in single-homing mode or dualhoming mode is as follows: 1. Enter configure terminal mode. 2. Invoke the command: mpls l2-circuit NAME ID A.B.C.D secondary A.B.C.D where, NAME Name for VC. (It applies only locally.) ID ID of primary VC. The ID may be set as any number in the range 1-1000000. (It must be identical to the VPLS ID to which this VC is to connect.)

April 2006

325

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

A.B.C.D (first appearance) IP address of PE-rs to which the primary VC is to connect. A.B.C.D (second appearance) It applies only for dual-homing mode. IP address of a different PE-rs to which the secondary VC is to connect. (The secondary VC becomes active only when the primary VC fails.) Example:
OS9000> enable OS9000# configure terminal OS9000(config)# mpls l2-circuit Sales_VC 500 2.2.2.2 secondary 3.3.3.3 OS9000(config)#

Viewing
To view the configuration: 1. Enter enable mode. 2. Invoke the command: show mpls l2-circuit where, NAME Name for VC. (It applies only locally.) Example:
OS9000(config)# exit OS9000# show mpls l2-circuit Sales_VC MPLS Layer-2 Virtual Circuit: Sales_VC, id: 500, priority: primary Endpoint: 2.2.2.2 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: vif500, Port: 1 Virtual Circuit Type: Ethernet VLAN Bound to trunk: no trunk, regular LDP usage. MPLS Layer-2 Virtual Circuit: Sales_VC, id: 500, priority: secondary Endpoint: 3.3.3.3 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: vif500, Port: 1 Virtual Circuit Type: Ethernet VLAN Bound to trunk: no trunk, regular LDP usage.

Compliance
H-VPLS complies to draft ietf-l2vpn-vpls-ldp. (Draft 9 has been released.)

April 2006

326

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Chapter 32

IEEE 802.3ah OAM for Ethernet in the First Mile

General
For Ethernet networks (which are fast becoming the preferred broadband access technology between carrier and customer networks), IP-basing each and every customer network device, especially if newly added, is not economically practicable for service providers. But if a device is not IP-based, it cannot be SNMP managed. Yet management at the Ethernet layer is required for monitoring, configuration, and control. To resolve this problem, the IEEE 802.3ah standard OAM protocol was introduced. The OAM protocol has a set of functions that support: Remote link performance monitoring Fault detection Remote loopback testing Setting of network event types to be announced. This chapter describes these functions and the commands used to activate them.

Terminology
The terms and their meanings as used in this chapter are as follows: Term EFM (Ethernet in the First Mile) Meaning Technology used to implement the OAM protocol over the link connecting a local OAM device port (e.g., MRV OS9000 port) to a remote OAM device port (e.g., MRV OESD port). In a CLI command, a local OAM device port. In a CLI command, a remote OAM device port. In a CLI command, OESD. MRV remote OAM device. (Examples: EM316GRMAHSH, EM316EFRMAHSH) MRV local OAM device. Vendor-specific information. OAM PDU. Code consisting of Type, Length, and Value fields. These fields are as follows: Type Numeric code indicating the kind of field that the message designates Length Size of the Value field Value Variable size that contains data for the message

loc-port (local port) rm-port (remote port) mrv OESD (Optical Ethernet Single-service Demarcationunit) OS9000 (OptiSwitch 9000) OUI (Organization Unique Identifier) PDU (Protocol Data Unit) TLV (Type-Length-Value)

April 2005

327

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Purpose
The purpose of the OAM functions is to avoid expensive time-consuming in-the-field truck rolls for isolating a fault.

Application
A common application for the OAM functions is to Ethernet in the First Mile (EFM) networks. Each such network consists of: a port of a local OAM device (e.g., OS9000 located at a central office) the cable connecting a local OAM device port to a port of a remote OAM device (e.g., OESD located at a customers premises), and the remote OAM device port as shown in Figure 42, below.

Figure 42: EFM Link Running the IEEE 802.3ah OAM Protocol

Advantages
EFM networks implemented with MRVs OS9000 and OESDs provide the following advantages: Single-point of management Out-of-band independent management channel Low-cost simple IP-less solution (i.e., the devices do not need IP provisioning or IP addresses) OESD status reported even if a link failure signal is received Remote power failure indication

April 2006

328

ML48261, Rev. 02 Network Time Protocol (NTP) End-to-end built-in self test for the fiberoptic link

Chapter 23:

Full bandwidth of the Ethernet channel is reserved exclusively for data transfer No security disadvantages of inband management Independent of traffic loads, network configuration changes, and IP connectivity failure Events notification

Remote OAM Device Requirements

The remote OAM device must meet the OAM protocol requirements specified in the IEEE 802.3ah standard.

CLI Commands
The EFM CLI commands are used to monitor, configure, and collect statistical information on EFM links. These commands are presented under the sections Setting OAM Status and Viewing OAM Status. Each of these sections is partitioned into two subsections: Local Devices and Remote Devices. All EFM commands are invoked at the efm mode of the OS9000. To enter the efm mode, execute the following sequence of commands after login: enable configure terminal efm Example
OS9024M> enable OS9024M# configure terminal OS9024M(config)# efm OS9024M(config-efm)#

Setting OAM Status

Local Devices Enabling OAM Protocol To enable the IEEE 802.3ah OAM protocol on the OS9000, invoke the command: enable Example
OS9024M(config-efm)# enable OS9024M(config-efm)#

Note

Enabling the IEEE 802.3ah OAM protocol on the OS9000 does not enable the OS9000 ports to participate in the IEEE 802.3ah OAM protocol. To enable OS9000 ports, the OS9000 must be enabled as described above in this section and the ports must be enabled as described in the section Enabling Ports, page 330.

Disabling OAM Protocol By default, the IEEE 802.3ah OAM protocol is disabled on the OS9000. To disable the IEEE 802.3ah OAM protocol in any case, invoke the command: no enable Example
OS9024M(config-efm)# no enable OS9024M(config-efm)#

April 2006

329

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Enabling Ports To enable specific OS9000 ports to participate in OAM: Ensure that the ports to be enabled to participate in OAM are set to a non-tag mode. (For setting a port to a non-tag mode, refer to the chapter Chapter 6: Ports, section Outbound Tag Mode, page 113.) Invoke the command: ports PORTS-GROUP|all where, PORTS-GROUP Group of ports to participate in OAM. all All ports to participate in OAM. Example
OS9024M(config-efm)# ports 3-7 OS9024M(config-efm)#

Disabling Ports
An OS9000 port must first be disabled from participating in OAM in order to perform the following actions: Setting the port in tag mode. Adding/deleting the port to/from an OS9000 interface. Deleting an OS9000 interface having the port as a member.

By default, the OS9000 ports are disabled from participating in the IEEE 802.3ah OAM protocol. To disable specific OS9000 ports from participating in OAM, invoke the command: no ports PORTS-GROUP|all where, PORTS-GROUP Group of ports to be disabled ports from participating in OAM. all All ports to be disabled ports from participating in OAM. Example
OS9024M(config-efm)# no ports 3-7 OS9024M(config-efm)#

Remote Devices Resetting an OESD To reset an OESD, invoke the command: rm mrv reset warm|cold loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. warm Warm reset (restart without powering off) the remote OAM device. cold Cold reset (restart with powering off) the remote OAM device. Example
OS9024M(config-efm)# rm mrv reset warm loc-port 5 OS9024M(config-efm)#

Enabling/Disabling Loopback on a Remote OAM Device To enable/disable loopback on a remote OAM device, invoke the command: rm config loc-port PORT loopback off|on where, PORT OS9000 port that is connected to the remote OAM device. off Disable loopback on the remote OAM device. on Enable loopback on the remote OAM device. April 2006 330

ML48261, Rev. 02 Network Time Protocol (NTP) Example

OS9024M(config-efm)# rm config loc-port 7 loopback on OS9024M(config-efm)#

Chapter 23:

Setting Remote OAM Device Port Speed To set the speed of an OESD port, invoke the command: rm mrv config loc-port PORT rm-port p# speed 10|100|1000 where, PORT OS9000 port that is connected to the remote OAM device. p# Port of remote OAM device that is connected to an OS9000 port: 10 10 Mbps. 100 100 Mbps. 1000 1000 Mbps. Example
OS9024M(config-efm)# rm mrv config loc-port 6 rm-port p4 speed 100 OS9024M(config-efm)#

Setting Remote OAM Device Port Duplexity To set the duplexity of a port of an OESD port, invoke the command: rm mrv config loc-port PORT rm-port p# duplex half|full where, PORT OS9000 port that is connected to the OESD. p# OESD port that is connected to the OS9000. half Half-duplex mode. full Full-duplex mode. Example
OS9024M(config-efm)# rm mrv config loc-port 6 rm-port p4 duplex full OS9024M(config-efm)#

Enabling/Disabling Auto-negotiation on a Remote OAM Device Port To enable/disable auto-negotiation on a port of an OESD port, invoke the command: rm mrv config loc-port PORT rm-port p# aneg off|on where, PORT OS9000 port that is connected to the OESD. p# OESD port that is connected to the OS9000: off Disable auto-negotiation. full Enable auto-negotiation. Example
OS9024M(config-efm)# rm mrv config loc-port 5 rm-port p4 aneg off OS9024M(config-efm)#

Configuring Auto-negotiation Functions on a Remote OAM Device Port To configure auto-negotiation functions on a port of an OESD port, invoke the command: rm mrv config loc-port PORT rm-port p# aneg-caps where, PORT OS9000 port that is connected to the OESD. p# OESD port that is connected to the OS9000. Example
OS9024M(config-efm)# rm mrv config loc-port 8 rm-port p3 aneg-caps Parameters: 1000Mbps, Full Duplex (y|n) : y Parameters: 100Mbps, Full Duplex (y|n) : y

April 2006

331

ML48261, Rev. 02 Network Time Protocol (NTP)

Parameters: 100Mbps, Half Duplex (y|n) : y Parameters: 10Mbps, Full Duplex (y|n) : y Parameters: 10Mbps, Half Duplex (y|n) : OS9024M(config-efm)#

Chapter 23:

Activating a Specific Trunk Port of a Remote OAM Device This command is applicable for a redundant trunk connection45 as well as for a dualhoming connection46. To activate a specific trunk port of an OESD, invoke the command: rm mrv config loc-port PORT active-trunk p1|p2|nopreference where, PORT OS9000 port that is connected to the remote OAM device. p1 Port 1 of remote OAM device that is connected to local port. p2 Port 2 of remote OAM device that is connected to local port. no-preference Dont care which of ports 1 and 2 of the remote OAM device is activated. Example
OS9024M(config-efm)# rm mrv config loc-port 7 active-trunk p2 OS9024M(config-efm)#

Naming a Remote OAM Device To give a name to a remote OAM device, invoke the command: rm config loc-port PORT cpe-name WORD where, PORT OS9000 port that is connected to the remote OAM device. WORD Name for the remote OAM device that is connected to local the port. Example
OS9024M(config-efm)# rm config loc-port 7 cpe-name Tarzan OS9024M(config-efm)#

The name of the remote OAM device is known only to the OS9000. It is not known to the remote OAM device. Deleting the name of a Remote OAM Device To delete the name of a remote OAM device, invoke the command: no rm config loc-port PORT cpe-name where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# no rm config loc-port 7 cpe-name Tarzan OS9024M(config-efm)#

Activating Flow Control on a Remote OAM Device To activate IEEE 802.3x Flow Control on an OESD, invoke the command: rm mrv config loc-port PORT flow-control off|on where, PORT OS9000 port that is connected to the OESD. off Disable Flow Control for the OESD.
45 46

In redundant trunk connection, two trunk ports are connected to the same device. In dual-homing connection, two trunk ports are connected to two different devices.

April 2006

332

ML48261, Rev. 02 Network Time Protocol (NTP) on Example

OS9024M(config-efm)# rm mrv config loc-port 12 flow-control on OS9024M(config-efm)#

Chapter 23:

Enable Flow Control for the OESD.

Setting Rate-limit on a Remote OAM Device To set a rate-limit on an OESD, invoke the command: rm mrv config loc-port PORT rate-limit NUMBER where, PORT OS9000 port that is connected to the OESD. NUMBER Number designating the rate-limit for the OESD. The unit for the rate-limit can be Kbps or Mbps. The OESD selects the unit automatically. For the OESDs EMR316EFRMAHSH and EM316GRMAHSH, select 1. EMR316EFRMAHSH will select the unit Kbps. EM316GRMAHSH will select the unit Mbps. Example
OS9024M(config-efm)# rm mrv config loc-port 11 rate-limit 50 OS9024M(config-efm)#

Enabling a Port on a Remote OAM Device To enable a port on an OESD, invoke the command: rm mrv config loc-port PORT rm-port p3|p4 enable on|off where, PORT OS9000 port that is connected to the OESD. p3 User port P3 of the OESD. (P3 is connected to the CE.) p4 User port P4 of the OESD. (P4 is connected to the CE.) on Enable port. off Disable port. Example
OS9024M(config-efm)# rm mrv config loc-port 7 rm-port p3 enable on OS9024M(config-efm)#

Auto-sense a Port on a Remote OAM Device To set a port on an OESD to operate in auto-sense mode, invoke the command: rm mrv config loc-port PORT rm-port p4 auto-sense [off|on] where, PORT OS9000 port that is connected to the OESD. P4 User port P4 of the OESD. P4 is connected to the CE. on off Example
OS9024M(config-efm)# rm mrv config loc-port 21 rm-port p4 auto-sense on OS9024M(config-efm)#

Force mode47. Auto-sense mode48. (Default)

MDI/MDIX Setting for a Port on a Remote OAM Device To set a port on an OESD to operate as either an MDI or MDIX interface, invoke the command:

47 48

The port speed is fixed.

The Ethernet port sets its speed (10 or 100 Mbps) to match that of the port to which it is directly connected (provided the latter port too has auto-sensing capability).

April 2006

333

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

rm mrv config loc-port PORT rm-port p4 mdi-mode [mdix|mdi] where, PORT OS9000 port that is connected to the OESD. P4 User port P4 of the OESD. (P4 is connected to the CE.) mdi-x MDIX interface. Pinout: 1 Rx+, 2 Rx-, 3 Tx+, 6 Tx-. (Default) mdi MDI interface. Pinout: 1 Tx+, 2 Tx-, 3 Rx+, 6 Rx-. Example
OS9024M(config-efm)# rm mrv config loc-port 5 rm-port p4 mdi-mode mdi OS9024M(config-efm)#

Enabling Dual-homing for a Port on a Remote OAM Device To enable a port on an OESD to operate in dual-homing or redundant trunk connection mode, invoke the command: mrv dual-home loc-port PORTS-GROUP|all where, PORTS-GROUP Group of OS9000 ports that is to be set to operate in dual-homing or redundant trunk connection mode. all All ports to be set to operate in dual-homing or redundant trunk connection mode. Example
OS9024M (config-efm)# mrv dual-home loc-port 1-6 OS9024M(config-efm)#

Disabling Dual-homing for a Port on a Remote OAM Device To disable a port on an OESD from operating in dual-homing or redundant trunk connection mode, invoke the command: no mrv dual-home loc-port PORTS-GROUP|all where, PORTS-GROUP Group of OS9000 ports that is to be disabled from operating in dual-homing or redundant trunk connection mode. all All ports to be disabled from operating in dual-homing or redundant trunk connection mode. Example
OS9024M (config-efm)# no mrv dual-home loc-port 8-11 OS9024M(config-efm)#

Clearing OAM Statistical Data on a Remote OAM Device Port To clear OAM statistical data on an OESD port, invoke the command: mrv clear oam-statistics loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# clear oam-statistics loc-port 9 OS9024M(config-efm)#

Clearing General Statistical Data on a Remote OAM Device Port To clear general statistical data on an OESD port, invoke the command: mrv clear phy-statistics loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# clear phy-statistics loc-port 6

April 2006

334

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9024M(config-efm)#

Chapter 23:

Viewing OAM Status

Local Devices Viewing OAM-enabled Ports To view OS9000 ports that are OAM enabled, invoke the command: show ports PORTS-GROUP|all where, PORTS-GROUP Group of OAM-enabled ports. all All OAM-enabled ports. Example
OS9024F(config-efm)# show ports all Ports Enable = 3-7; Ports Active = No; OS9024F(config-efm)#

In the example above, ports 3 to 7 are OAM enabled. They are specified No (i.e., not active) because the OAM protocol on the OS9000 has not been enabled (by the user). Viewing OAM Status of a Local Port To view the OAM status of an OS9000 port, invoke the command: show oam-config loc-port PORT target-device local where, PORT OS9000 port that is connected to the target (remote) OAM device. Example Viewing the OAM status of an OS9000 port connected to a remote OAM device:
OS9024M(config-efm)# show oam-config loc-port 9 target-device local Oam Configuration Remote Device (on port 9) ---------------------------------------------Revision : 0 Vendor OUI : 201a Vendor Info : 0 Max PDU Size : 482 bytes Mux Action : 0 (FWD) Parser Action : 0 (FWD) Discovery State : SEND_ANY (6) PDU State : ANY (3) Local Flags : 0x50 (Discovery process has completed) OS9024M(config-efm)#

The configuration parameters (shown in the example above) and their possible values are described below:
The value of the Revision field in the Local Information TLV of the most recently transmitted Information OAMPDU. Vendor OUI The value of the OUI variable in the Vendor Identifier field of the most recently received Information OAMPDU. 0 Vendor-specific device not present. 1 Vendor-specific device present. Vendor Info The value of the Vendor Specific Information field of the most recently received Information OAMPDU. Max PDU Size The largest OAMPDU supported by the OS9000 Mux Action Action performed by multiplexer. FWD Device is forwarding non-OAMPDUs to the lower sublayer. DISCARD Device is discarding non-OAMPDUs. Parser Action Action performed by frame-syntax analyzer. FWD Device is forwarding non-OAMPDUs to higher sublayer. LB Device is looping back non-OAMPDUs to the lower sublayer. Revision

April 2006

335

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

DISCARD Device is discarding non-OAMPDUs. Discovery State The current state of the OAM discovery function. SEND_ANY Normal operating state for OAM on fully operational links. FAULT Link fault detected at local OS9000. ACTIVE_SEND_LOCAL Sending Information OAMPDUs that only contain the Local Information TLV. PASSIVE_WAIT Waiting to receive Information OAMPDUs with Local Information TLVs before sending any Information OAMPDUs with Local Information TLVs. send local remote Sending Information OAMPDUs that contain both the Local and Remote Information TLVs. send local remote ok Local OAM client deems the settings on both the local and remote DTEs are acceptable. PDU State Governing transmission and reception of OAMPDUs as part of the Discovery process. ANY Any permissible OAMPDU is allowed to be transmitted and received. INFO Only Information OAMPDUs are allowed to be transmitted and received. LF_INFO Only Information OAMPDUs with the Link Fault critical link event set and without Information TLVs are allowed to be transmitted; only Information OAMPDUs are allowed to be received. RX_INFO No OAMPDUs are allowed to be transmitted; only Information OAMPDUs are allowed to be received. Local Flags 2-digit hex code indicating operation status as indicated in the most recently transmitted OAMPDU. The hex code translates into a 7-digit binary code. The first (LSB) bit in the binary code corresponds to the Link Fault bit in the Flags field. The second bit corresponds to the Dying Gasp bit in the Flags field. The third bit corresponds to the Critical Event bit in the Flags field. The fourth bit corresponds to the Local Evaluating bit in the Flags field. The fifth bit corresponds to the Local Stable bit in the Flags field. The sixth bit corresponds to the Remote Evaluating bit in the Flags field. The seventh (MSB) bit corresponds to the Remote Stable bit in the Flags field. The significance of the value of each bit is given in Table 13, below.

Table 13: Local Flag Bits Values and Significances

Bits 1 (LSB) 2 Flags Link Fault Dying Gasp Values 0 1 0 1 3 4 Critical Event Local Evaluating 0 1 0 1 5 Local Stable 0 1 6 Remote Evaluating 0 1 7 (MSB) Remote Stable 0 1 Significances Link fault condition does exist. Link fault condition does not exist. An unrecoverable local failure condition has not occurred. An unrecoverable local failure condition has occurred. A critical event condition has not occurred. A critical event condition has occurred. Local DTE Discovery process has not completed. Local DTE Discovery process has completed. Local DTE either has not seen or is unsatisfied with remote state information. Local DTE has seen and is satisfied with remote state information. Remote DTE Discovery process has not completed. Remote DTE Discovery process has completed. Remote DTE either has not seen or is unsatisfied with local state information. Remote DTE has seen and is satisfied with local state information.

In the above example, the 2-digit hex code 0x50 translates into the 7-digit binary code 101 0000. Bit 5 is 1, indicating that local DTE has seen and is satisfied with remote state information. Bit 7 is 1, indicating that the remote DTE has seen and is satisfied with local state information.

April 2006

336

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Example To view the OAM status of an OS9000 port unconnected to a remote OAM device but on which the OAM protocol is enabled:
OS9024M(config-efm)# show oam-config loc-port 5 target-device local Oam Configuration Remote Device (on port 5) ---------------------------------------------Revision : 0 Vendor OUI : 201a Vendor Info : 0 Max PDU Size : 482 bytes Mux Action : 0 (FWD) Parser Action : 0 (FWD) Discovery State : ACTIVE_SEND_LOCAL (2) PDU State : INFO (2) Local Flags : 0x8 (Discovery process has not completed) OS9024M(config-efm)#

Remote Devices Viewing OAM Status of a Remote Device To view the OAM status of a remote device that is connected to an OS9000 port, invoke the command: show oam-config loc-port PORT target-device remote where, PORT OS9000 port that is connected to the target (remote) OAM device. Example
OS9024M(config-efm)# show oam-config loc-port 8 target-device remote Oam Configuration Remote Device (on port 8) ---------------------------------------------Revision : 0 Vendor OUI : 201a Vendor Info : 220020 Max PDU Size : 498 bytes Mux Action : 0 (FWD) Parser Action : 0 (FWD) Remote Flags : 0x50 (Discovery process has completed) Loopback Ctrl : Loopback Disabled (0) LIN Ctrl : Available, Disable OS9024M(config-efm)# The value of the Revision field in the Local Information TLV of the most recently transmitted Information OAMPDU. Vendor OUI The value of the OUI variable in the Vendor Identifier field of the most recently received Information OAMPDU. 0 Vendor-specific device not present. 1 Vendor-specific device present. Vendor Info The value of the Vendor Specific Information field (see Table 5711) of the most recently received Information OAMPDU. Max PDU Size The largest OAMPDU supported by the OS9000 Mux Action Action performed by multiplexer. FWD Device is forwarding non-OAMPDUs to the lower sublayer. DISCARD Device is discarding non-OAMPDUs. Parser Action Action performed by frame-syntax analyzer. FWD Device is forwarding non-OAMPDUs to higher sublayer. LB Device is looping back non-OAMPDUs to the lower sublayer. DISCARD Device is discarding non-OAMPDUs. Remote Flags 2-digit hex code indicating operation status as indicated in the most recently received OAMPDU. The hex code translates into a 7-digit binary code. The first (LSB) bit in the binary code corresponds to the Link Fault bit in the Flags field. The second bit corresponds to the Dying Gasp bit in the Flags field. The third bit corresponds to the Revision

April 2006

337

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Loopback Ctrl LIN Ctrl

Critical Event bit in the Flags field. The fourth bit corresponds to the Local Evaluating bit in the Flags field. The fifth bit corresponds to the Local Stable bit in the Flags field. The sixth bit corresponds to the Remote Evaluating bit in the Flags field. The seventh (MSB) bit corresponds to the Remote Stable bit in the Flags field. The significance of the value of each bit is given in Table 13, page 336. Loopback control status. Link Integrity Notification control status.

Viewing General Information on a Remote Device To view the general information on an OESD that is connected to an OS9000 port, invoke the command: show rm mrv general-status loc-port PORT where, PORT OS9000 port that is connected to the target (remote) device. Example
OS9024M(config-efm)# show rm mrv general-status loc-port 8 boardId : 19 (0x13) EM316-GRMAHSH (subid 0) macAddress : 00:20:1a:02:0d:15 appRev : MRViw-5.00 (0020) fpgaRev : 73.03 preamble : disabled packetMode : enabled CO State : This is not a CO. dipSwitch : (0x0022) MDIX ANEG 1000 100M HDLX CPE LIN RM MGMT LPBK PMBL DIS DIS DIS off on off off off on off off off off off OS9024M(config-efm)#

Viewing Port Status of a Remote Device To view the status of an OESD port, invoke the command: show rm mrv interface-status loc-port PORT rm-port p# where, PORT OS9000 port that is connected to the OESD. p# OESD port: Example
OS9024F(config-efm)#

----------------------------------FOR SFP PORT (p1)--------------------------------OS9024F(config-efm)# show rm mrv interface-status loc-port 14 rm-port p1 Interface Status of port p1 (remote) is connected to port 14 (local) -------------------------------------------------------------------------ifType : Ethernet (6) ifLogType : trunk ifLink : up ifTrunkState : prim ifDuplex : full ifAutoNeg : on ifPhyType : FiberOptic ifAdminSpeed : 100Mbs ifSpeed : 100Mbs SFP Present : present Port Status : active ifPhy Detail Type : SFP Port SFP Vendor Information *************************************

April 2006

338

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Identifier is XFF Connector code is LC Transciever subcode is 100Base-FX Serial encoding mechanism is NRZ The nominal bit rate is 200 Megabits/sec. Link length using single mode (9 micron) is not supported. Link length using 50 micron multi-mode fiber is greater than 2000m. Link length using 62.5 micron multi-mode fiber is greater than 2000m. Link length using cooper cable is not supported. Vendor name is AGILENT Vendor PN is HFBR-57E0P Vendor revision is Nominal transmitter output wavelength at room temperature is 1310.00 nm. ====================================================================== OS9024F(config-efm)#

--------------------------------FOR COPPER port (P4) ------------------------------OS9024F(config-efm)# show rm mrv interface-status loc-port 14 rm-port p4 Interface Status of port p4 (remote) is connected to port 14 (local) -------------------------------------------------------------------------ifType : Ethernet (6) ifLogType : user ifLink : down ifDuplex : half ifAutoNeg : off ifPhyType : Copper ifAdminSpeed : 100Mbs ifSpeed : 10Mbs Port Status : active ifPhy Detail Type : RJ-45 Port Advertises the Following Auto-Negotiation Capabilities: 100Mbps, Full Duplex 100Mbps, Half Duplex 10Mbps, Full Duplex 10Mbps, Half Duplex OS9024F(config-efm)#

Viewing OAM Statistics on a Remote OAM Device Port To view the OAM statistics on a port of an OESD, invoke the command: show rm mrv oam-statistics loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# show rm mrv oam-statistics loc-port 1 OAM statistics for target that is connected to local port 1. ----------------------------------------------------------------------OAM COUNTS : TX RX Information : 22368 4609 EventNotify : 0 0 (unique) : 0 0 (duplicate) Loopback : 0 0 VarRequest : 0 0 VarResponse : 0 0 OrgSpecific : 26595 10 Unsupported : 0 0 Total : 48963 4622

April 2006

339

ML48261, Rev. 02 Network Time Protocol (NTP)

NON-OAM LOOPBACK sent echo drop rcvd discard : : : : : : COUNTS 0 0 0 0 0 BAD FRAMES nBadSubtype nBadVersion nFramesLost

Chapter 23:

: : :

0 0 0

locFlags :0x50 remFlags :0x50 locSA :00:20:1a:02:0d:15 remSA :00:20:1a:02:0d:15 OS9024M(config-efm)#

Viewing General Statistics on a Remote OAM Device Port To view the general statistics on a port of an OESD, invoke the command: show rm mrv phy-statistics loc-port PORT rm-port-type trunk|user where, PORT OS9000 port that is connected to the remote OAM device. trunk Port P1 or P2 of the OESD. (P1 and P2 are connected to the OS9000.) user Port P3 or P4 of the OESD. (P3 and P4 are connected to the CE.) Example
OS9024M(config-efm)# show rm mrv phy-statistics loc-port 1 rm-port-type trunk MAC Layer statistics for trunk port (connected to local port 1.) -------------------------------------------------------------------------InOctets : 309632 OutOctets : 3557377 InUcastPkts : 1 OutUcastPkts : 0 InMcastPkts : 4837 OutMcastPkts : 49620 InBroadcastPkts : 0 OutBroadcastPkts : 0 InPausePkts : 0 OutPausePkts : 0 InDiscards : 0 OutDiscards : 0 InFCSErrs : 0 OutDeferreds : 0 InAlignmentErrs : 0 OutSingleCollision : 0 InUndersize : 0 OutMultipleCollision : 0 InRxOversize : 0 OutLateCollision : 0 InJabbers : 0 OutExcessiveCollision : 0 Duplex : full Transmit : enabled Multicast Receive : enabled Unicast Addr :00:20:1a:02:0d:15 OS9024M(config-efm)#

Viewing Standard Mandatory Counters and Parameters on a Remote OAM Device To view the standard mandatory counters and parameters of a remote OAM device, invoke the command: show rm package mandatory loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# show rm package mandatory loc-port 1 Variables Mandatory Package for target that is connected to local port 1. -------------------------------------------------------------------------aFramesTransmittedOK : 52621 aSingleCollisionFrames : 0 aMultipleCollisionFrames : 0 aFramesReceivedOK : 5706

April 2006

340

ML48261, Rev. 02 Network Time Protocol (NTP)

aFrameCheckSequenceErrors aAlignmentErrors aDuplexStatus OS9024M(config-efm)# : : : 0 0 full

Chapter 23:

Viewing Standard Optional Counters and Parameters on a Remote OAM Device To view the standard optional counters and parameters of a remote OAM device, invoke the command: show rm package optional loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# show rm package optional loc-port 1 Variables Optional Package for target that is connected to local port 1. -------------------------------------------------------------------------aMulticastFramesXmittedOK : 53302 aBroadcastFramesXmittedOK : 0 aMulticastFramesReceivedOK : 5904 aBroadcastFramesReceivedOK : 0 aInRangeLengthErrors : 0 aFrameTooLongErrors : 0 aMACEnableStatus : enabled aTransmitEnableStatus : enabled aMulticastReceiveStatus : enabled aReadWriteMACAddress : 00:20:1a:02:0d:15 OS9024M(config-efm)#

Viewing Standard Recommended Counters and Parameters on a Remote OAM Device To view the standard recommended counters and parameters of a remote OAM device, invoke the command: show rm package recommended loc-port PORT where, PORT OS9000 port that is connected to the remote OAM device. Example
OS9024M(config-efm)# show rm package recommended loc-port 1 Variables Recommended Package for target that is connected to local port 1. -------------------------------------------------------------------------aOctetsTransmittedOK : 3848716 aFramesWithDeferredXmissions : 0 aLateCollisions : 0 aFramesAbortedDueToXSColls : 0 aFramesLostDueToIntMACXmitErrs : 0 aCarrierSenseErrors : 0 aOctetsReceivedOK : 385600 aFramesLostDueToIntMACRcvErrs : 0 aPromiscuousStatus : 1 OS9024M(config-efm)#

Events
The OAM in the OS9000 can be set to send notifications on events of the following types: critical-link Critical events (e.g., remote device is powered off). regular-link Errored Symbol Period Event and Errored Frame Event. user-port-link Link-state change on the port of an OESD. The possible states are Up and Down. When an event occurs, notification is sent to all open CLI sessions as well as to the Syslog.

April 2006

341

ML48261, Rev. 02 Network Time Protocol (NTP) Disabling Event Notification To disable event notification, invoke the command: no event-notification mode Example
OS9024M(config-efm)# no event-notification mode OS9024M(config-efm)#

Chapter 23:

Enabling Event Notification By default, event notification is enabled for all the three event types specified above. In any case, to enable event notification, invoke the command: event-notification more critical-link|regular-link|userport-link|all where, critical-link Critical link events. They include the following subtypes: Link Fault The PHY layer has determined that a fault has occurred in the receive direction of the local DTE. Dying Gasp An unrecoverable local failure condition has occurred (e.g., remote device is powered off). Critical Event An unspecified critical event has occurred. regular-link Errored Symbol Period and Errored Frame events. user-port-link Link-state change on the port of an OESD. The possible states are Up and Down. all All event types. Example
OS9024M(config-efm)# event-notification mode all OS9024M(config-efm)#

Following are examples of the event notifications sent to a CLI-session:

OS9024M(config-efm)# EFM event: User port on the CPE (connected to the local port 8) Link State Changed => Up. OS9024M(config-efm)# EFM event: User port on the CPE (connected to the local port 8) Link State Changed => Down. OS9024M(config-efm)# Event: EFM event "DyingGasp" is received on the port 8.

The DyingGasp event notification was the result of a power cut to a remote OAM device. Viewing Event Statistics To view OAM event statistics, invoke the command: show rm oam-events loc-port PORT where, PORT OS9000 port. Example
OS9024M(config-efm)# show rm oam-events loc-port 1 ------------------------------------------------------------------------ErrEvnt| TimeStamp Window Threshold Count Total EvntCnt ------------------------------------------------------------------------Symbol | 0 0 0 0 0 0 Frame | 0 0 0 0 0 0 FrmPer | 0 0 0 0 0 0 FrmSumm| 0 0 0 0 0 0 Link | 0 DyiGasp| 1 Critic | 0 OS9024M(config-efm)#

April 2006

342

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

Remote Firmware Upgrade/Download

General
This section shows how to upgrade/download an image (operative firmware) to MRV OESDs. The upgrade/download can be performed concurrently to several OESDs with a single CLI command.

Viewing Data on an OESD Image in an OESD

To view the data on the OESD image portions loaded into an OESD, invoke the command: show rm mrv general-status loc-port PORT where, PORT OS9000 port that is connected to the OESD. Example
OS9024M(config-efm)# show rm mrv general-status loc-port 1 boardId : 19 (0x13) EM316-GRMAHSH (subid 0) macAddress : 00:20:1a:02:0d:15 appRev : MRViw-5.00 (0020) fpgaRev : 73.03 preamble : disabled packetMode : enabled CO State : This is not a CO. dipSwitch : (0x0022) MDIX ANEG 1000 100M HDLX CPE LIN RM MGMT LPBK PMBL DIS DIS DIS off on off off off on off off off off off OS9024M(config-efm)#

In the example above, the OESD image portions are: appRev and fpgaRev .

Viewing Data on an OESD Image in an OS9000

At any time, only one OESD image can be stored on an OS9000. To view the download state and data on the OESD image portions stored on an OS9000, invoke the command: show rm mrv download-state Example
OS9024M (config-efm)# show rm mrv download-state EM316GRMAHSH-CPE : AppFile - N, FpgaFile - N, VerFile - N, AppVer - , FpgaVer - . EM316EFRMAHSH-CPE: AppFile - Y, FpgaFile - Y, VerFile - Y, AppVer - MRViw-5.00 (0034), FpgaVer -93.00. Remote download is not active on local ports. OS9024M (config-efm)#

The above example shows that no image portion exists for the EM316GRMAHSH OESD, and that download is not in process.

Procedure
To download new firmware to one or more OESDs connected to an OS9000: Copy the image file from an FTP server to the OS9000 connected to the OESDs by invoking the following CLI command at the OS9000 console: copy mrv-em316-ver ftp FTP-SERVER REMOTE-DIR REMOTEFILENAME [USERNAME] [PASSWORD] where, FTP-SERVER IP address of the FTP server containing the image file. REMOTE-DIR Name of directory in the FTP server containing the image file.

April 2006

343

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

REMOTE-FILENAME Name of file (containing the image) in the directory. USERNAME Username for permission to access the FTP server. PASSWORD Password for permission to access the FTP server. When the file is copied to the OS9000 it is split into the following three files: Application (contains the image portions) FPGA (contains the image portions) Versions (contains version identifications in text format) These files are retained in the OS9000 so long as the OS9000 is not reset. Example
OS9024M(config-efm)# copy mrv-em316-ver ftp 194.100.100.10 . ef-34.rev sudo /usr/local/nbase/bin/copy_em316ver.sh 194.100.100.10 . ef-34.rev Check route to 194.100.100.10 Netmask = 255.255.255.0 FTP file ./ef-34.rev from 194.100.100.10 user password ... FTP Succeed <eakapp.bin 215356 Thu Jun 15 22:04:39 2006 crc:0xba79db9e OK <eakfpga.bin 234456 Thu Jun 1 21:35:06 2006 crc:0x4c8dcb0f OK <eakvrsn 27 Thu Jun 15 22:09:05 2006 crc:0xf2a6ef7c OK OS9024M(config-efm)#

eakapp.bin is the Application file eakfpga.bin is the FPGA file eakvrsn is the Versions file. Upgrade/download the image to the OESD(s) connected to the OS9000 with the Application and FPGA files by invoking the following command: rm mrv sw-dnld loc-ports PORTS-GROUP|all where, PORTS-GROUP Group of ports of the OS9000 to which are connected OESDs to be loaded with the new image. all OESDs at all ports of the OS9000 to be loaded with the new image. During upgrade/download, the firmware portions in the Application and FPGA files are downloaded to the OESDs. Versions file is not downloaded. Its contents are for factory use. Example
OS9024M(config-efm)# rm mrv sw-dnld loc-ports 21 OS9024M(config-efm)# The download process of the remote CPE (port 21) started. .................................................. The FPGA-image is transmitted to remote CPE successfully ! .............................................. The APP-image is transmitted to remote CPE successfully ! NOTE: The update version action on the remote CPE will take few minutes. Link and EFM-connections with remote CPE (port 21) will be lost during this time.

EFM event: local port 21: Connection between CO and CPE is down. EFM event: local port 21: Connection between CO and CPE is up. The APP-version and FPGA-version are updated on the remote CPE (port 21) successfully ! The download process on all requered local ports are finished.

April 2006

344

ML48261, Rev. 02 Network Time Protocol (NTP)

OS9024M(config-efm)#

Chapter 23:

Failure Messages
In the event that the upgrade/download process fails, any one of the following messages described in Table 14, below, will appear: Table 14: Failure Messages and their Significances No. 1 Message Canceled: new SW version info don't accessible (for this OESD)! Significance The new image is not suitable for the specific type of the OESD. For instance, it may be that the remote OESD is an EM316GRMAHSH while the image on the OS9000 is for an EMR316EFRMAHSH. The new image in the OESD is identical to the image in the OS9000 for the OESD. Transfer of the image portions to the OESD has failed. A possible cause for the failure could be that a portion of the image in the OS9000 is missing or defective. The OAM protocol is disabled for the OS9000 and/or the specific port. To enable the OAM protocol for the OS9000, invoke the command as described in the section Enabling OAM Protocol, page 329. To enable the OAM protocol for a specific port of the OS9000, invoke the command as described in the section Enabling Ports, page 330.

Canceled: new SW version is the same as on the remote OESD ! Canceled: Discovery process on the local port is not completed ! Canceled: EFM is not active on the port <PORT> !

April 2006

345

ML48261, Rev. 02 Configuration

Appendix A:

Appendix A:

Configuration
General
This chapter describes the general steps to be performed for configuring the OS9000 and gives an example.

Steps
1. Configure Passwords: Root and Admin Passwords see sections First Time Access Root and Admin Passwords Configuration, page 65 and Passwords, page 66. Enable Password as described in the section Configuring/Changing/Deleting the Enable Password, page 68. 2. Check installed components (using the command show version). 3. Set upper limit on packet size see the section Viewing Installed Components, page 68. 4. Set attributes which a host must have in order to be able to access the OS9000 for management see the section Access Security, page 85. 5. Configure Hostname, Banner, Date, Time. 6. Set up Syslog see section Syslog, page 89. 7. Perform management setup as follows: a. Connect to out-of-band or inband Ethernet port (see section Remote Management Setup, page 133) b. If needed, set default gateway (by entering configure terminal mode and using the command ip route IP_DESTINATION_PREFIX IP_GATEWAY_ADDRESS/NAME ROUTE_DISTANCE c. Enable management see section Out-of-band Ethernet Management, step 4, page 134 or section Inband Management, step 5, page 135. d. Check connectivity see Chapter 25: Service Assurance PING, page 299.

8. If needed, perform upgrade see Chapter 28: Firmware Upgrade/Download, page 314. 9. Configure ports see Chapter 6: Ports, page 109. 10. If needed, configure one or more port trunks see Chapter 13: Port Trunking, page 167. 11. Set the egress traffic management modes (congestion avoidance, shaping, and scheduling) see Chapter 18: Egress-Queue Manager (EQM), page 223. 12. Configure interfaces see Chapter 7: Interfaces, page 118. 13. If needed, configure VMANs see section Chapter 12: Service VLANs/VMANs /Stacked VLANs/Q-in-Q, page 161. Aging see section

April 2005

346

ML48261, Rev. 02 Network Time Protocol (NTP)

Chapter 23:

14. Learn Table, page 85.

Note More than of the management protocols (SNMP, SSH, and TELNET) may be selected with which the OS9000 will be accessible by repeating the command management snmp|telnet|ssh [SOURCE_IPV4_ADDRESS].

Spanning Tree see Chapter 9: Multiple-Instance Spanning-Tree Protocol (MSTP), page 137. DiffServ (Mapping, Scheduling) Set traffic conditioner (e.g., accounting, drop red, rate limiting, marking) see Chapter 17: Traffic Conditioner, page 209. Access Lists see Chapter 16: Access List, page 179.

Example
Problem 1 4 companies are to be connected for Internet Services: Companies 1 and 2 on port 7; Companies 3 and 4 on port 8. Solution 1 1. Physically connect the common network of Companies 1 and 2 to port 7 and Companies 3 and 4 to port 8. Create a VLAN (interface) for each company. Problem 2 Each company is permitted an upstream (and downstream) bandwidth of 1m. The bandwidth of service providers upstream link is restricted to 4m. Option 1: A company is not permitted to use unused bandwidths of other companies. Option 2: A company is permitted to use unused bandwidths of other companies. Companies 1 and 3 want to receive a joint report on bandwidth usage. Solution 2 Create an Action List having the following configuration: For Option 1: select drop-red and set the rate using rate single-leaky-bucket cir 1m
1k ebs 1k

cbs

For Option 2: do not select drop-red and set the rate using rate
cbs 200k pir 4m pbs 200k

dual-leaky-bucket cir 1m

Select one of the three global counters, for e.g., 2 using counter-set-number 2 Problem 3 The service provider wants to provide an IPTV broadcast service with the highest Strict Priority for multicast traffic. Solution 3 Create an Access List (ACL). Add a rule number, e.g., rule 10. For this rule, do for e.g, mac-da-type multicast. Then do action mark sl 8. Problem 4 The service provider wants to add voice service so that now both services get the same (50% each) highest priority. Solution 4 In mode configure terminal, do: port priority-queuing cos 7 wrr1 weight 50 1, and do: port priority-queuing cos 8 wrr1 weight 50 2

April 2006

347

ML48261, Rev. 02 Network Time Protocol (NTP) Problem 5 The companies priorities are to be remapped as follows: 0, 1, 2 1 3, 4, 5, 6 2 73 Solution 5 In mode configure terminal, do
diffserv sl 1 vpt 0,1,2 diffserv sl 2 vpt 3-6 diffserv sl 3 vpt 7

Chapter 23:

Problem 6 A server is to be connected to port 23 and its traffic is to be given a high priority. Solution 6 In mode configure terminal, do
port priority-queuing sl 8 sp 23

April 2006

348

OptiSwitch 9000 User Manual

Product Version 1.0

Appendix B:

Utilities
General
This chapter describes and shows how to use the various network utilities of the OS9000, which are:

Domain Name System/Server (DNS) Traceroute TCP dump (built-in sniffer) TELNET Secure Shell (SSH) Address Resolution Protocol (ARP) Virtual Cable Diagnostics (VCD) Configuration File Location Memory Management Multicast Destination MAC Addresses Debug Information

Domain Name System/Server (DNS)

General
A DNS is used in the Internet for translating hostnames (names of network nodes) into IP addresses, and vice versa. Its purpose is to allow system administrators to define nodes using mnemonics (rather than IP addresses), which are much more convenient for identifying nodes. The OS9000 has a DNS client based on RFC 1591.

Configuration
To configure the OS9000 to operate with a DNS: 1. To define a domain name, invoke the command: domain-name NAME where, NAME Your companys domain name. It identifies one or more hostnames. An example of a domain name is mrv.com. An example of a hostname belonging to this domain is torro.mrv.com.In URLs, domain names are used to identify particular Web pages. For example, in the URL http://www.faqs.org/rfcs/rfc1213.html, the domain name is faqs.org. Every domain name has a suffix that indicates the Top-Level Domain (TLD) to which it belongs. In the examples above, the domain name suffixes are com and org. 2. To define the IP address of the DNS (i.e., the server which is to translate the domain name into the IP addresses), invoke the command: nameserver A.B.C.D where, A.B.C.D is the IP address of the DNS.

3. To enable DNS lookup services, invoke the command:

April 2005

349

ML48261, Rev. 02 Utilities enable

Appendix B:

4. To save the configuration in permanent memory, invoke the command write file or write memory. To view the configuration, invoke the command write terminal as shown in the example below.
OS9000(config)# write terminal Building configuration... Current configuration: ! version 1_0_11 ! dns domain-name mrv.com nameserver 195.208.93.67 enable

Querying
To query the DNS regarding a hostname or IP address belonging to the name domain, invoke the command nslookup HOST-TO-FIND where, HOST-TO-FIND is hostname or IP address belonging to the name domain.

Deleting
To delete the domain name, invoke the command no domain-name To disable DNS lookup services, invoke the command no enable To delete the domain nameserver, invoke the command no nameserver A.B.C.D where, A.B.C.D is the IP address of the DNS, i.e., the server which is to translate the domain name into the IP addresses.

Traceroute
Definition
Traceroute is a utility that traces the path of a packet sent from the OS9000 to a host on the network, showing how many hops the packet requires in order to reach the host and how long each hop takes.

Purpose
Traceroute can be used to determine, for example, where the longest delays occur. It can be used with SA PING and VCD in isolating the source of a connectivity problem.

Range
The OS9000 can be used to trace a destination that is up to 30 hops away.

Principle of Operation
The principle of Traceroute is as follows: Initially, it sends a packet with a very small TimeTo-Live (TTL) field value. A TTL value specifies how many hops the packet is allowed

April 2006

350

ML48261, Rev. 02 Utilities

Appendix B:

before it is returned. When a packet cannot reach its destination due to the very small TTL value, the last host to receive the packet returns the packet and identifies itself. By sending a series of packets, each having a successively higher TTL value, all the intermediary hosts can be identified. Each traceroute packet is 40 bytes long. Three packets are sent to each of the hops on the way to the destination and there return time is measured.

Usage
To perform traceroute: 1. Enter mode disable. 2. Invoke the command: traceroute WORD where, WORD IP address or DNS name of the destination host.

Example
The following example shows the nine hops to the destination, the IP address of each hop, and the three return times for each hop.
OS9000> traceroute 212.143.162.198 traceroute to 212.143.162.198 (212.143.162.198), 30 hops max, 40 byte packets 1 Zorro.gallant.co.il (194.90.131.254) 3.896 ms 3.167 ms 6.423 ms 2 router.gallant.co.il (194.90.134.254) 2.34 ms 2.393 ms 2.349 ms 3 194.90.138.233 (194.90.134.233) 2.348 ms 2.315 ms 2.31 ms 4 194.90.138.225 (194.90.134.225) 2.573 ms 2.375 ms 2.424 ms 5 tunnel-optic.ser.netvision.net.il (207.232.58.134) 4.571 ms 4.658 ms 3.953 ms 6 gi10-0.core1.hfa.nv.net.il (212.143.8.69) 128.406 ms 190.186 ms 199.244 ms 7 ge1-2.core1.pt.nv.net.il (212.143.12.66) 7.425 ms 6.301 ms 6.397 ms 8 g1-2.agr02.pt.nv.net.il (212.143.10.78) 6.638 ms 6.909 ms 6.429 ms 9 akm-tlv-198.netvision.net.il (212.143.162.198) 9.901 ms 7.179 ms 6.203 ms OS9000>

TCP Dump
Definition
TCP dump is display of the current traffic to the CPU via a specific interface.

Purpose
TCP dump is used to troubleshoot network applications that communicate with the OS9000.

Usage
To perform TCP dump: 1. Enter mode enable. 2. Invoke the command: tcpdump INTERFACE where, INTERFACE Interface via which traffic flows to the CPU. The interface must have the format vifX, where X is any number in the range 0-4095.

Example
The example below shows:

April 2006

351

ML48261, Rev. 02 Utilities

Appendix B:

Invocation of TCP dump using the command tcpdump vif90. TCP dump (packet time, IP address, protocol port/number, captured packets, etc.)

OS9000# tcpdump vif90 23:51:34.108532 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 2323:2775(452) ack 0 win 5840 23:51:34.293674 arp who-has 192.168.30.32 (Broadcast) tell 192.168.30.32 23:51:34.294664 IP 192.83.205.242.1027 > zot.tiger.co.il.domain: 19255+ PTR? 32 .30.168.192.in-addr.arpa. (44) 23:51:34.296282 IP zot.tiger.co.il.domain > 192.83.205.242.1027: 19255 NXDomain 0/1/0 (121) 23:51:34.308319 IP 192.83.137.239.1041 > 192.83.205.242.telnet: . ack 2775 win 7 556 23:51:34.308444 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 2775:3237(462) ack 0 win 5840 23:51:34.508392 IP 192.83.137.239.1041 > 192.83.205.242.telnet: . ack 3237 win 8 736 23:51:34.508518 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 3237:3419(182) ack 0 win 5840 23:51:34.531317 IP 192.83.137.239.1041 > 192.83.205.242.telnet: P 0:1(1) ack 341 9 win 8554 23:51:34.531448 IP 192.83.205.242.telnet > 192.83.137.239.1041: P 3419:3601(182) ack 1 win 5840 39 packets captured 39 packets received by filter 0 packets dropped by kernel OS9000#

TELNET
Definition
TELNET is a TCP/IP protocol terminal emulation software program that is run on a host (e.g., PC).

Purpose
TELNET is used to connect a host (client) to the OS9000 (server) on a network.

Usage
For TELNET to work, the appropriate installation must be performed as described in the section TELNET/SSH Station or SNMP NMS (For Out-of-band Management), page 60. To make a TELNET connection: 1. Enter mode enable. 2. Invoke the command: telnet WORD PORT where, WORD PORT IP address or DNS hostname of a remote OS9000. TCP Port number.

In response, TELNET prompts you to enter a valid username and password before permitting access.

Example
The example below shows how to invoke a TELNET connection.
OS9000# telnet 192.23.76.158 44

April 2006

352

ML48261, Rev. 02 Utilities

OS9000#

Appendix B:

Secure Shell (SSH)

Secure Shell (SSH) is like TELNET but offers security beyond just username and password. SSH protects a network from IP spoofing, IP source routing, and DNS spoofing. An attacker that has managed to take over a network can at most force SSH to disconnect. The attacker cannot capture the traffic or hijack the connection when encryption is enabled. To perform an SSH connection: 1. Enter mode enable. 2. Invoke the command: ssh USER_HOSTNAME where, USER_HOSTNAME Username@Host (e.g., [email protected]).

In response, SSH prompts you to enter a valid username and password before permitting access. The example below shows how to invoke an SSH connection.
OS9000# ssh [email protected] OS9000#

Address Resolution Protocol (ARP)

General
Address Resolution Protocol (ARP) is a protocol for mapping an IP address (32-bit) to the MAC address (48-bit) of a host machine. An ARP table maintains current maps of MAC addresses to IP addresses.

Principle of Operation
When an incoming packet destined for a host machine arrives at the OS9000, the OS9000 uses the ARP program to search for the MAC address that matches the IP address. If it finds the MAC address, it provides it adjusts the packet to the right length and format and sends it to the machine. If it does not find the IP address, ARP broadcasts a request packet in a special format to all the host machines on the LAN to try to find a host machine with the specific IP address. If a host machine recognizes the IP address as its own, it responds positively. The OS9000 then updates its ARP table accordingly and sends the packet to the host with this MAC address. Reverse ARP (RARP) is used by host machines to obtain their IP address from a gateway's ARP cache.

Adding/Modifying an ARP Table Entry

An entry may be made into the ARP Table by the user as follows: 1. Enter configure terminal mode. 2. Invoke the command: arp HOSTNAME A:B:C:D:E:F perm|temp [INTERFACE] where, HOSTNAME Hostname or IP address for the new ARP entry MAC address in new ARP entry.

A:B:C:D:E:F

perm Permanent entry, i.e., stays in the ARP table so long as the OS9000 keeps running. temp Temporary entry, i.e., subject to aging see section Aging, page 86.

April 2006

353

ML48261, Rev. 02 Utilities

Appendix B: INTERFACE (optional) VLAN Interface ID having the format vifX, where X is a decimal number in the range 1-4095

The example below shows how to make an ARP entry.

OS9000(config)# arp 192.200.137.108 00:11:22:33:44:55 perm vif65 OS9000#

Deleting an ARP Table Entry

To delete an entry in the ARP Table: 1. Enter configure terminal mode. 2. Invoke the command: no arp HOSTNAME [INTERFACE] where, HOSTNAME Hostname or IP address in the existing ARP Table entry

INTERFACE (optional) VLAN Interface ID having the format vifX, where X is a decimal number in the range 1-4095 The example below shows how to delete an ARP entry.
OS9000(config)# no arp 192.200.137.108 vif65 OS9000#

Viewing the ARP Table

To view the ARP Table: 1. Enter enable mode or configure terminal mode. 2. Invoke the command: show arp [RESOLVE] HOSTNAME INTERFACE where, RESOLVE (optional) res or nres.

res Resolve hostname in the existing ARP Table entries. nres Do not resolve hostname in the existing ARP Table entries HOSTNAME Hostname or IP address in the existing ARP Table entries INTERFACE VLAN Interface ID having the format vifX, where X is a decimal number in the range 1-4095 The examples below shows how to display the ARP Table . Example 1
OS9000# show arp ? (192.168.130.132) at 00:0E:0C:4B:AE:41 [ether] on vif5 ? (193.88.136.20) at 00:04:90:00:17:19 [ether] on vif5 ? (193.88.136.6) at 00:01:02:12:7C:61 [ether] on vif5 ? (193.88.136.18) at 00:11:11:F1:EA:C4 [ether] on vif5 ? (194.91.136.9) at 00:20:1A:00:D5:91 [ether] on vif5

Example 2
OS9000(config)# show arp res 192.88.136.102 Apollo.Hi-tech.com (194.90.136.15) at 00:01:02:AE:C5:A1 [ether] on vif38 OS9000(config)#

Virtual Cable Diagnostics (VCD)

General
Virtual Cable Diagnostics (VCD) is a tool for testing at the OSI Layer 1, specifically, an electrical data cable for faults. It applies for cables that are longer than 10 meters (33 feet).

April 2006

354

ML48261, Rev. 02 Utilities

Appendix B:

To perform VCD, only one CLI command needs to be invoked. VCD identifies an electrical data cable fault type as well as its location accurate to 2 m (6.5 ft). Some of the fault types detectable are:

Opens Shorts Bad connectors Impedance mismatch Polarity mismatch

Benefits
Quick & remote analysis of the attached copper cable Identification of fault location and type Less need for visits by technical support personnel to remote sites Reduced network downtime

Principles of Operation
VCD uses Time-Domain Reflectometry (TDR), a method that works on the same principle as radar. In this method, an energy pulse transmitted through the cable is partially reflected and distorted when it encounters a fault. The VCD mechanism measures the time it takes for the signal to travel down the cable and sees the reflected waveform. It then translates this time into distance and the reflected distorted waveform into the associated fault type.

Procedure
To perform VCD: 1. Enter the mode enable. 2. Invoke the command: vct [extended] PORTS-GROUP

where, extended Detailed information. PORTS-GROUP Group of Ports. as shown in the example below.

Example
Following is a test case example of an 'open' on a 100 meter long cable. One end of the cable was connected to port 24 of the local OS9000. The far end of the cable was connected to another switch (in normal operation mode). VCD was performed. The far end of the cable was disconnected and VCD was performed again. The commands invoked and the test results are shown below.
MRV OptiSwitch 9000 version d1659-20-06-05 OS9000 login: admin Password: Last login: Tue Jun 28 07:02:40 2005 on ttyS0 OS9000> enable OS9000# vct extended 24 Port 24: pair#0: No problem found. pair#1: No problem found. pair#2: No problem found. pair#3: No problem found.

Cable Cable Cable Cable

Length Length Length Length

is is is is

unknown. unknown. unknown. unknown.

April 2006

355

ML48261, Rev. 02 Utilities

extended status: link GE to FE down shift status: no downshift OS9000# vct extended 24 Port 24: pair#0: Open in Cable. Approximatly 97 meters from the tested port. pair#1: Open in Cable. Approximatly 99 meters from the tested port. pair#2: Open in Cable. Approximatly 100 meters from the tested port. pair#3: Open in Cable. Approximatly 97 meters from the tested port. extended status: no extended data for port 24 OS9000#

Appendix B:

Configuration File Location

The startup system configuration file is stored at: /usr/local/etc/System.conf

Editing & Saving Configuration File

To edit the System Configuration File directly: 1. Enter enable mode. 2. Type linux to enter the Linux Operating System. 3. In response to the Linux prompt $, type vi/usr/local/etc/System.conf to open the file (for editing). To save System Configuration File after editing in the startup system configuration file (in permanent/flash memory): 1. Type su. 2. 3. 4. 5. Enter the root password. Type /usr/local/nbase/bin/flush-conf.sh Type reboot. To run the system with the changed configuration. The user inputs (in bold) and the system responses in carrying out the procedure using the CLI are as follows:

OS9000> enable OS9000# linux $ vi/usr/local/etc/System.conf $ $ su Password: # /usr/local/nbase/bin/flush-conf.sh # reboot

Memory Management
Viewing Memory
The Linux OS memory usage is oriented to enhance performance and enable maximum use of free memory in the OS9000. By design, the Linux OS will use ALMOST ALL available memory for internal use of buffers and cache, as can be seen for buffer and cache in the display obtained by invoking the command show memory. This behavior enables the Linux OS to cache and buffer disk I/O and keep most data resident in memory as long as possible. The purpose is to minimize fetching of files and data from the disk. As a result, regardless of the amount of OS9000 resident RAM Memory, the usage pattern will be the same. Free memory is regarded by the Linux OS as a complete waste, so for

April 2006

356

ML48261, Rev. 02 Utilities

Appendix B:

performance reasons the "buffers" and "cached" figures should be as high as possible. It enables Linux OS to make the best usage of memory and enhances system performance. In case an OS9000 process needs to use memory for whatever reason, the memory space that is used for disk cache and buffers is freed immediately. The following is a show memory dump collected on an OS9000. OS9000(config)# show memory total: used: free: shared: buffers: cached: Mem: 30183424 28778496 1404928 0 4423680 14901248 Swap: 0 0 0 MemTotal: 29476 kB MemFree: 1372 kB MemShared: 0 kB Buffers: 4320 kB Cached: 14552 kB SwapCached: 0 kB Active: 5708 kB Inactive: 18892 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 29476 kB LowFree: 1372 kB SwapTotal: 0 kB SwapFree: 0 kB Committed_AS: 21848 kB OS9000(config)# By taking those figures and recalculating as shown in Table 15, below, it is easy to see that the real free memory value stabilized around 63% of the Total memory. Table 15: Memory Space Usage
Total
260636672 260636672 260636672 260636672 260636672

Cached
86450176 75616256 86441984 85377024 88330240

Buffers
70217728 90058752 68837376 70889472 69058560

Free
12722176 5738496 4513792 4694016 16805888

Used
247914496 254898176 256122880 255942656 243830784

Buffer + Cache
156667904 165675008 155279360 156266496 157388800

Real Used
91246592 89223168 100843520 99676160 86441984

Real Free
169390080 171413504 159793152 160960512 174194688

% Real Free
64.991% 65.767% 61.309% 61.757% 66.834%

where: Real Free = Free + buf + cache Real Used = Total real free % Real Free = Real free / Total x 100 To view the different memory banks (and current occupancy in kB): 1. Enter mode configure terminal. 2. Invoke the command show memory. Below, is an example display of the OS9000 outputs on a CLI screen in response to the command show memory.
OS9000# show memory total: Mem: Swap: MemTotal: used: free: shared: buffers: 0 cached: 0 27783168

130863104 85483520 45379584 0 0 127796 kB 0

April 2006

357

ML48261, Rev. 02 Utilities

MemFree: MemShared: Buffers: Cached: SwapCached: Active: Inactive: HighTotal: HighFree: LowTotal: LowFree: SwapTotal: SwapFree: OS9000# 44316 kB 0 kB 0 kB 27132 kB 0 kB 10672 kB 16584 kB 0 kB 0 kB 127796 kB 44316 kB 0 kB 0 kB

Appendix B:

Viewing Processes
In order to check real memory leaks, the RSS column needs to be checked using the command show processes. The value indicates the total amount of physical memory used by each process. If a constant growth for a certain process memory usage is encountered, then this might be due to a real memory leak. Note The Linux OS has an internal protection mechanism that starts killing processes when it does not find any real free memory. In such case, a message is sent to the syslog and the OS9000 reboots. The following is a show processes [FLAGS] dump collected on an OS9000. To view the current processes in the OS9000: 1. Enter mode configure terminal. 2. Invoke the command show processes [FLAGS]. Below, is an example display of the OS9000 outputs on a CLI screen in response to the command show processes.
OS9000# show processes PID Uid VmSize Stat Command 632 S SW init [keventd]

1 root 2 root 3 root 4 root 5 root 6 root 7 root 108 root 114 root 117 root 120 daemon 123 root 345 root 346 root 347 root

SWN [ksoftirqd_CPU0] SW SW SW SW [kswapd] [bdflush] [kupdated] [eth0]

SWN [jffs2_gcd_mtd0] 696 S 612 S 468 S 616 S 1436 S 1160 S 1160 S /sbin/syslogd -m 0 -L -R 192.0.4.1 /sbin/klogd /sbin/portmap /usr/sbin/cron initd -t 10 -i /usr/local/etc/System.conf -dh uid_task uid_task

April 2006

358

ML48261, Rev. 02 Utilities

348 root 349 root 350 root 351 root 352 root 353 root 354 root 355 root 356 root 357 root 358 root 359 root 360 root 361 root 362 root 363 root 370 root 371 root 372 root 373 root 374 root 375 root 376 root 377 root 378 root 379 root 380 root 381 root 382 root 383 root 388 root 389 root 390 root 391 root 392 root 393 root 394 root 395 root 396 root 397 root 398 root 399 root 400 root 401 root 402 root 403 root 1160 S 1160 S 1160 S 1160 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 36288 S 2124 S 1300 S 1508 S 1400 S 1400 S 1400 S 1828 S 2000 S 1356 S 1440 S 1440 S 1440 S 1464 S 1192 S 2264 S 1432 S 1740 S 984 S 984 S 984 S 1484 S 1484 S 1468 S 1468 S 1468 S 2340 S 1988 S 3492 S 840 S 2616 S 2616 S uid_task uid_task uid_task uid_task pssExe pssExe pssExe pssExe pssExe pssExe pssExe pssExe pssExe pssExe pssExe ssys ha -d vifsrv arpsrv arpsrv arpsrv sport_srv spf svrrp snetlink snetlink snetlink slei rtrd sif smac_srv mstpd -d sdhcp sdhcp sdhcp snetutil ssyslog smrd smrd smrd sflow_mgr snmptrapd -f -n snmpd -f -L -s saaa osmd osmd

Appendix B:

April 2006

359

ML48261, Rev. 02 Utilities

404 root 405 root 406 root 414 root 418 root 420 admin 424 admin 425 admin 426 admin 534 admin 560 admin 561 admin OS9000# 2616 S 1912 S 940 S 1720 S 940 S 1088 S 2716 S 2716 S 2716 S Z 524 S 788 R osmd zebos sntp /usr/sbin/sshd

Appendix B:

/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -reuse /bin/sh /usr/local/nbase/bin/adminsh /usr/local/nbase/bin/vtysh /usr/local/nbase/bin/vtysh /usr/local/nbase/bin/vtysh [more] more ps aux

Multicast Destination MAC Addresses

To display the destination MAC addresses of packets that will be forwarded to all hosts on the network: 1. Enter enable mode. 2. Invoke the command show multicasts. The example below shows such a destination MAC address (under the heading dmi_address) common to the out-of-band interface eth0 and the inband interface vif90.
OS9000# show multicasts indx interface_name dmi_u dmi_g dmi_address 2 eth0 1 0 01005e000001 5 vif90 1 0 01005e000001 OS9000#

Debug Information
Purpose
The debug information utility is used to obtain debug information on the following:

System Events Routing Events

System Events
Examples of system events are: Link up, Link down, Interface up, Interface down. Activating Display To activate the display of system events on the CLI screen each time a system event occurs: 1. Enter enable mode. 2. Invoke the command debug event. Deactivating Display To deactivate the display of system events on the CLI screen: 1. Enter enable mode. 2. Invoke the command no debug event.

April 2006

360

ML48261, Rev. 02 Utilities

Appendix B:

Routing Events
Examples of routing events are: routing protocol session up, routing protocol session down. Activating Logging To activate logging of routing events debug information: 1. Enable logging of Operative Software events as described in the section Logging for Operative Software Events, page 90. 2. Enter enable mode. Invoke the command: debug nsm events|kernel|packet where, nsm Routing protocols Routing protocol events Routing protocol kernel-interface interaction Routing protocol packets

events kernel packet

The information is logged in the Syslog file at: /var/log/messages. Deactivating Logging To deactivate logging of routing events debug information: 1. Enter enable mode. 2. Invoke the command: no debug nsm events|kernel|packet where, nsm Routing protocols Routing protocol events Routing protocol kernel-interface interaction Routing protocol packets

events kernel packet

April 2006

361

OptiSwitch 9000 User Manual

Product Version 1.0

Appendix C:

Flush-conf.sh Script
flush-conf.sh is a script that copies all the configuration files from the RAM disk to the flash memory (embedded). The flush-conf.sh script must be executed whenever the UNIX "root" password is changed. The OS9000 firmware runs from a RAM disk but it has to save all of its configurations in the flash memory. It does this with the flush-conf.sh script. On first boot of the OS9000 (described in the section First Time Access Root and Admin Passwords Configuration, page 65), the user is prompted to enter both the "root" password and "admin" password. Once the user enters those passwords, the OS9000 automatically stores them in the flash memory. From this point on, only the "admin" password need be used. The admin password can be changed from the CLI as described in the section Changing only the Admin Password, page 67. Even in this case the OS9000 automatically stores the new password in the flash memory. If the user changes the "root" password (as described in the section Changing the Root Password (and Admin Password), page 66). Once the new "root" password is accepted, execute the "flush-conf.sh" script to save the change in the flash memory.

April 2005

362

ML48261, Rev. 02 Cleaning Optical Connectors

Appendix D:

Appendix D:

Cleaning Optical Connectors

General
Intrusions (e.g., dust, grease, etc.) at the interface of two optical fibers, such as at a pair of coupled connectors, attenuate the signal through the fiber. Consequently, optical connectors must be clean before they are coupled with other connectors.

Tools and Equipment

Following are tools and equipment required for cleaning connectors. Dust caps Caps for protecting the connector from intrusions. A cap is usually made from flexible plastic. When placing a cap over a connector, avoid pressing it against the fiber ferula surface in the connector so as to prevent contamination. Isopropyl alcohol Solvent for contaminants. Tissues Soft multi-layered fabric made from non-recycled cellulose.

Procedure
The procedure for cleaning connectors is as follows: 1. If no stains are present, using a new clean dry tissue, gently rub, in small circular motions, the exposed fiber surface and surrounding area in the connector to remove dust. 2. If stains are present, moisten a new clean dry tissue with isopropyl alcohol and gently rub, in small circular motions, the exposed fiber surface and surrounding area in the connector to remove the stains. 3. Using a new clean dry tissue, gently rub, in small circular motions, the exposed fiber surface and surrounding area in the connector to remove the dissolved stains and excess isopropyl alcohol. 4. If a connector is not to be coupled with another immediately, cover it with a dust cap.

April 2005

363

OptiSwitch 9000 User Manual

Product Version 1.0

Appendix E:

Small Form-factor Pluggables (SFPs)

The SFP transceiver option offers a very wide selection of interfaces in respect of protocol (e.g., 10/100/1000Base-TX or 1000Base-LX/SX), cable media type (e.g., fiber or copper), carrier wavelength (e.g., 1310 nm or 1550 nm), fiber type (e.g., MultiMode or SingleMode), and operating range to tailor suit the application and terminal equipment. This endows the OS9000 with flexible connectivity and minimizes cost of investment on upgrades and deviations since to change any one or more of the interface attributes, only the SFP needs to be replaced and not the entire OS9000. An additional useful quality of SFPs is that they are pluggable and hot-swappable. Ordering Code Gigabit Ethernet SFP-G-SX SFP-G-MMX SFP-G-LX SFP-GD-LX SFP-GD-ELX SFP-GD-XD SFP-GD-ZX SFP-GD-EZX CWDM Gigabit Ethernet SFP-GCWXD-XX SFP-GDCWXD-XX SFP-GDCWZX-XX SFP-GDCWEZX-XX SFP 1000Base-XD, SM CWDM (XX = Wavelength in the range 1470 to 1610 nm), 50 km, CWDM. SFP 1000Base-XD, SM CWDM (XX = Wavelength in the range 1470 to 1610 nm), 50 km, with Digital Diagnostics. SFP 1000Base-ZX, SM CWDM (XX = Wavelength in the range 1470 to 1610 nm), 80 km, CWDM with Digital Diagnostics. SFP 1000Base-EZX, SM CWDM (XX = Wavelength in the range 14710 to 1610 nm) 120 km with Digital Diagnostics. SFP 1000Base-SX, MM, 850 nm, 0-550 m. SFP 1000Base-SX, Extended MM, 1310 nm, 0-2 km. SFP 1000Base-LX, SM, 1310 nm, 10 km. SFP 1000Base-LX, SM, 1310 nm. 10 km, with Digital Diagnostics. SFP 1000Base-ELX, SM, 1310 nm, 25 km, with Digital Diagnostics. SFP 1000Base-XD, SM, 1550 nm, 50 km, with Digital Diagnostics. SFP 1000Base-ZX, SM, 1550 nm, 80 km, with Digital Diagnostics. SFP 1000Base-EZX, SM 1550 nm, 120 km, with Digital Diagnostics. Description

XX represents the two middle digits of the wavelength, e.g., 47 is 1470 nm, 49 is 1490 nm, 51 is 1510 nm, 53 is 1530 nm. 55 is 1550 nm, 57 is 1570 nm, 59 is 1590 nm, 61 is 1610 nm.

April 2005

364

ML48261, Rev. 02 Cable Wiring

Appendix F:

Appendix F:

Cable Wiring
RJ45 Connector Si gn al Tx D Gn d Rx D 3 Pin DB-9 Connector Pin Signal

RxD

4, 5

Gnd

TxD

Figure 43: Null-Modem RS-232 Cable Wiring

Figure 44: Ethernet Straight Cable Wiring

Figure 45: Ethernet Cross Cable Wiring

April 2005

365

OptiSwitch 9000 User Manual

Product Version 1.0

Appendix G:

Troubleshooting
The troubleshooting procedure here is on the operative level and is given in Table 16, below. Read the entries in the column Problem until you reach the problem that applies to the OS9000. Then perform the corrective action(s) appearing in the same row. If the problem persists, note the status of all the LEDs and consult your MRV representative. Table 16: Startup and Operation Troubleshooting Row 1 Problem LED PWR ON-Amber Probable Cause Power into the OS9000 system was shutdown due to continuous pressing of Pushbutton PWR for at least 2 seconds. No power at the entrance to the OS9000 system from a Power Supply. Corrective Action
1. Press Pushbutton PWR continuously for at

least 2 seconds.

LED PWR OFF

1. Ensure that at least one Power Supply is installed.

LED PS1 OFF

1. Ensure that the power cord is securely connected to the power source output (i.e., AC or DC line/mains wall outlet) and to the Power Supply 1 receptacle installed in the OS9000. 2. Ensure that Power Supply 1 switch

is

in position I.
3. Ensure that power is present at the power source output. 4. Ensure that the power cord of Power Supply 1 is not damaged. 1. Ensure that the power cord is securely connected to the power source output (i.e., AC or DC line/mains wall outlet) and to the Power Supply 2 receptacle installed in the OS9000. 2. Ensure that Power Supply 2 switch

LED PS2 OFF

is

in position I.
3. Ensure that power is present at the power source output. 4. Ensure that the power cord of Power Supply 2 is not damaged. 1. Consult your MRV representative. 2. Ensure that the actions in Rows 1 to 3, above, have been performed.

LED FAN ON-Amber LED FAN OFF LED TMP ON-Amber

OS9000 system internal fans faulty. No power into the OS9000 system. Insufficient cooling air.

1. Verify that no obstacles to cooling air flow are present around the OS9000. 2. Verify that the external fans are running. Verify that the internal fans.
1. Ensure that the actions in Rows 1 to 3, above, have been performed.

LED TMP OFF LED TR OFF

No power into the OS9000 system. Management station not connected.

Perform PING. If there is no response from the management station, do the following:
1. Verify that connection of the OS9000 to the Ethernet LAN, to which the management station is

April 2005

366

ML48261, Rev. 02 Troubleshooting Row Problem Probable Cause

Appendix G: Corrective Action

connected, is OK. 2. Management station is connected to the Ethernet LAN. 3. The management station is correctly setup and operational. 4. If the management station is a craft terminal,

L LED OFF

No Ethernet link integrity signal being received.

set the baud rate for the craft terminal to 9600 baud. 5. Verify that the network exists in the routing table. 6. Check the default gateway. 7. Flush the ARP table with the CLI command (since the ARP table may contain outdated information). Electrical Port (10/100/1000Base-TX Port):
1. Verify that the cable connecting the OS9000 port to the network is securely connected at both ends and is undamaged. 2. Enter configure terminal mode and enable the port using the following CLI command:

port state enable

3. If the port is connected to a DTE (e.g., PC, workstation, etc.), make sure the DTE is powered on and the NIC is OK. (The NIC can be checked by running a diagnostic test with the software supplied by the vendor.) 4. Temporarily attach the cable to another OS9000 port to determine whether the port is faulty.

A LED OFF

DTE(s) not transmitting to/via port. Access restricted to administrator password

Fiberoptic Port (100/1000Base-X Port: 1. For each cable fiber, ensure TX RX interconnection. 2. Verify that the cable connecting the OS9000 port to the network is securely connected at both ends and is undamaged. 3. Enter configure terminal mode and enable the port using the following CLI command: port state enable 4. Clean the fiberoptic connectors of the cable and OS9000 port as described in Appendix D: Cleaning Optical Connectors, page 363. 5. Ensure that the cable type (singlemode or multimode) is right and the attenuation and length are such that the power budget is not exceeded. 6. Temporarily attach the cable to another OS9000 port to determine whether the port is faulty. 1. Ensure that L LED is on, possibly by performing the actions described in row 7. 2. Make sure the DTE(s) are powered on.
1. Verify correctness of user name and password, including case of letters. 2. Enter admin for username.

No manageme nt access

April 2006

367

OptiSwitch 9000 User Manual

Product Version 1.0

Appendix H:

Data Paths in WDM Networks

General
This appendix describes the data paths in networks of various topologies using OS9000s fitted with WDM modules.

Point-to-Point Topology
The data flow through the WDM part of the network in point-to-point topology is shown in Figure 46, below.

Figure 46: Data Flow in a Point-to-Point Topology The data flow through the OADM part of the network in point-to-point topology is shown in Figure 47, below.

April 2005

368

ML48261, Rev. 02 Data Paths in WDM Networks

Appendix H:

Multipoint Topology
The data flow through the WDM part of the network in multipoint topology is shown in Figure 47, below.

Figure 47: Data Flow in a Multipoint Topology

Ring Topology
The data flow through the WDM part of the network in ring topology is shown in Figure 48, below. The WDM module used is a dual-sided OADM module like that shown in Figure 7, page 46. The connection of three long-haul fiber pairs instead of two provides fiber redundancy protection. This means that even if two of any of the long-haul fibers fail, the network will recover automatically within milliseconds and continue normal operation. OS9000 A ports 1-4 are logically connected to OS9000 B ports 5-8. OS9000 B ports 1-4 are logically connected to OS9000 C ports 5-8. OS9000 C ports 1-4 are logically connected to OS9000 A ports 5-8.

April 2006

369

ML48261, Rev. 02 Data Paths in WDM Networks

Appendix H:

Figure 48: Data Flow in a Ring Topology having Fiber Redundancy

April 2006

370

ML48261, Rev. 02 Product Specification

Appendix I:

Appendix I:

Product Specification
Operation
Number of LAN/WAN Ports (max) 24 Gigabit (or Fast Ethernet) SFP unpopulated ports, 4/12 of which are combo (dual PHY), i.e., either 10/100/1000Base-X fixed or SFPs 16K 4K 4K

MAC Addresses Supported Active VLANs (max): Active VMANs (max): MTBF OS9012C-10Gx OS9024-4C OS9024-M OS9024FX-4GC

193,658 hr @ 25 C (77 F) 175,915 hr @ 25 C (77 F) 137620 hr @ 25 C (77 F) 206316 hr @ 25 C (77 F)

Power
Supplies Cord Input: OS9012C-10Gx AC DC OS9024-4C AC DC OS9024-M AC DC OS9024FX-4GC AC DC Consumption: OS9012C-10Gx The actual value depends on the number/type of SFPs. 90 to 240 Vac, 0.7 to 1.4 A, 60 Hz -36 to -72 Vdc, 2 to 3.5 A 90 to 240 Vac, 0.8 to 1.2 A, 60 Hz -36 to -72 Vdc, 2 to 3.3 A 90 to 240 Vac, 0.7 to 1.3 A, 60 Hz -36 to -72 Vdc, 2 to 3 A 90 to 240 Vac, 0.8 to 1.2 A, 60 Hz -36 to -72 Vdc, 2 to 3A 2 (mutually redundant, hot-swap, pluggable) As specified in the section Power Cord, page 30.

April 2005

371

ML48261, Rev. 02 Product Specification

Min Max OS9024-4C Min Max OS9024-M Min Max OS9024FX-4GC Min Max 73 W or 250 Btu/hr 110 W or 375 Btu/hr

Appendix I:

The actual value depends on the number/type of SFPs. 70 W or 240 Btu/hr 120 W or 410 Btu/hr The actual value depends on the number/type of SFPs. 90 W or 308 Btu/hr 156 W or 532 Btu/hr The actual value depends on the number/type of SFPs. 70 W or 240 Btu/hr 128 W or 437 Btu/hr

Ports
10/100/1000Base-T (fixed): Purpose Number Connector: Type Pinout RJ45, female, 8-pin, shielded Connection to Ethernet/Fast Ethernet/Gigabit Ethernet DTE or DCE 4

Auto-MDI/MDIX, i.e., each port can be connected to an Ethernet MDI or MDIX port with a straight or cross-over cable since the port automatically configures itself to suit the cable type and co-port interface.

Cabling: Length (max) Type Connector 10/100/1000Base-X: Purpose Number (max) Connector: Type Pinout Cabling: Length (max) Type Per the SFP Per the SFP Dual, female, LC (usually) Per the SFP Connection to Ethernet/Fast Ethernet/Gigabit Ethernet DTE or DCE 24 100 m (~ 330 ft) Category 5 RJ45 male 8-pin shielded

April 2006

372

ML48261, Rev. 02 Product Specification

Connector Management Console (Serial over RS-232) CONSOLE EIA-232: Purpose Number Connector: Type Pinout Cabling: Length Connector Management via 10/100Base-TX Ethernet MGT ETH: Purpose Number Connector: Type Pinout Cabling: Length Type Connector Up to 100 m (328 ft) RJ45, female, 8-pin NMS connection 1 15 m (~ 50 ft) RJ45, male, 8-pin RJ45, female, 8-pin Dual, male, LC (usually)

Appendix I:

Craft terminal (ASCII, e.g., VT100) connection 1

3TxD; 4Gnd; 5Gnd; 6RxD (Pins 1, 2, 7, and 8 not used)

MDI (1 TX+; 2 TX-; 3 RX+; 6 RX-)

Category 5, Cross-wired (as shown in Figure 45, page 365) RJ45, male, 8-pin

LEDs
Global Status

SD-RST Power shutdown; PWR System power; PS1

Power Supply 1 power; PS2 Power Supply 2 power; FAN Fan status; TMP Temperature; TR Management traffic; WD CPU watchdog

Port Status

L Link integrity; A Data flow

Pushbuttons
Power Reset Button PWR used to power ON/OFF the OS9000 RST used to reset the OS9000

Fans
Power Supply System 1, for cooling 3, for cooling

Environmental

April 2006

373

ML48261, Rev. 02 Product Specification

Temperature49: Operating Storage Humidity (non-condensing) Dust 0 to 50 C (32 to 122 F) -25 to +70 C (-13 to 158 F) 10 to 95%

Appendix I:

Less than 106 particles/m3 (~ 30,000 particles/ft3)

Physical
Dimensions (W x H x D): Model 9024-M (Echelon Front End) Other Models Weight (max): Model 9024-M (Echelon Front End) Other Models Mounting 7.5 kg (16.5 lb) 7 kg (15.5 lb) Desktop or 19-inch (482.6 mm) rack per the ETS 300-119 standard 444 x 132 x 250 mm 3 [17.5 x 3U x 10 in ]
3

444 x 88.1 x 300 mm 3 3 [17.5 x 2U x 11.81 in ]

Management
Web-Based SNMP TELNET Serial/RS-232 IP Address Management Using MegaVision management application or MIB Browser Using MegaVision management application or any other SNMP manager Using a TELNET station Using craft terminal (e.g., VT100 Terminal or PC with ASCII terminal/emulator software) BootP; DHCP

Accessories
Rack-Mount Two brackets for mounting in a 19-inch rack

OADM (1 to 4 Channels) Power Attenuation OADM Type 1-Channel 2-Channel 3-Channel 4-Channel WDM Port Attenuation (dB) Single Interface 1.3 2.1 2.9 3.7 Dual Interface 0.9 1.3 1.7 2.1 Access Port Attenuation (dB) C1 1.3 1.3 1.3 1.3 1.7 1.8 1.7 2.1 2.1 2.5 C2 C3 C4

C1, C2, C3, and C4 are channels 1, 2, 3, and 4.

In even more extreme weather conditions (e.g., UV radiation, rain, dust, humidity, corrosion, etc.), OS9000s can be housed in MRVs weather-proof Outdoor Cabinets.

49

April 2006

374

ML48261, Rev. 02 Product Specification

Multiplexer (8-Channel)

Appendix I:

Power Attenuation Compliance

Safety Operation IETF

3.3 dB

Designed to comply with UL 1950; CSA 22.2 No. 950; FCC Part 15, Class B; CE-89/336/EEC, 73/23/EEC, NEBS, ETSI

UDP RFC 768 TFTP RFC 783 IP RFC 791 ICMP RFC 792 TCP RFC 793 ARP RFC 826 Multi-session TELNET RFC 854 Transmission of IP Datagrams over Ethernet Networks RFC 894 FTP RFC 959 RIPv1 RFC 1058 IGMPv1 RFC 1112 Host Requirements RFC 1122

Structure and Identification of Management Information for TCP/IP-based Internets RFC 1155
SNMP v1 RFC 1157 Use of OSI IS-IS for routing in TCP/IP RFC 1195 Concise MIB Definitions RFC 1212 MIB II RFC 1213 Trap Convention RFC 1215 Etherlike MIB RFC 1284 The MD5 Message-digest Algorithm RFC 1321 CIDR RFC 1519 OSPF v2-1 RFC 1583 OSPF-NSSA RFC 1587 DNS client RFC 1591 Ethernet MIB RFC 1643 BGP MIB RFC 1657 RIPv2 RFC 1723 RIPv2 MIB RFC 1724 per-port RMON IEEE 802.1: Ethernet statistics (Group 1), History (Group 2), Alarm (Group 3), and Event (Group 9) RFC 1757 BGP4 RFC 1771 Requirements for IP Version 4 Routers RFC 1812 OSPF MIB RFC 1850 Structure of Management Information for SNMPv2 RFC 1902 SNMPv2 RFC 1907 BGP Route Reflection RFC 1966 BGP Communities Attribute RFC 1997 IP MIB RFC 2011 TCP MIB RFC 2012 UDP MIB RFC 2013 SNTP RFC 2030 Entity MIB RFC 2037 RIP v2 RFC 2082 BootP and DHCP Relay (UDP Relay) RFC 2131

April 2006

375

ML48261, Rev. 02 Product Specification

Appendix I:
IGMP v2 RFC 2236 Network Ingress Filtering RFC 2267 OSPFv2 RFC 2328 Opaque LSA support RFC 2370 MD5 peer password authentication RFC 2385 A Provider architecture for DiffServ and TE RFC 2430 BGP Route Flap Dampening RFC 2439 RIP v2 MD5 Authentication RFC 2453 DiffServ of DS field in IPv4 & IPv6 headers RFC 2475 SNMPv3 RFC 2571, 2572, 2573, 2574, 2575 Assured Forwarding DiffServ PHB Group RFC 2597 Expedited Forwarding DiffServ PHB Group RFC 2598 Definitions of Managed Objects for the Ethernet-like Interface Types RFC 2665 Traffic Engineering over MPLS RFC 2702 VRRP MIB RFC 2787 BGP Route Reflection RFC 2796 RMON MIB RFC 2819 BGP capabilities advertisement RFC 2842 The Interfaces Group MIB RFC 2863 RADIUS Authentication RFC 2865 RADIUS Accounting RFC 2866 BGP route refresh RFC 2918 Management SLA MIB RFC 2925 (Only for SA PING) MPLS Architecture RFC 3031 MPLS Label Stack Encoding RFC 3032 LDP Specifications RFC 3036 LDP Applicability RFC 3037 MPLS loop prevention mechanism RFC 3063 BGP-AS confederations RFC 3065 OSPF NSSA Option RFC 3101 DiffServ PHB identification codes RFC 3140 BSD Syslog RFC 3164 Extensions to RSVP for LSP tunnels (RSVP-TE) RFC 3209 Applicability statement for extensions to RSVP for LSP tunnels (RSVP-TE) RFC 3210 CR-LDP RFC 3212 AF-PHB Group RFC 3246 IGMP Ver. 3 RFC 3376 SNMP version 3 Framework RFC 3410 An Architecture for Describing SNMP Management Frameworks RFC 3411 Message Processing and Dispatching for SNMP RFC 3412 SNMP Applications RFC 3413 User-based Security Model (USM) for SNMPv3 RFC 3414 View-based Access Control Model (VACM0 for SNMP RFC 3415 Version 2 of the Protocol Operations for SNMP RFC 3416 Management Information Base (MIB) for SNMP RFC 3418 Traffic Engineering Extensions OSPFv2 RFC 3630

IETF Drafts

draft-IETF-L2circuit-trans-MPLS-08 draft-IETF-L2circuit-encap-MPLS-04 A private MIB for collecting QoS-related information ITU-T Y.1307.1 Ethernet Private Line Service

Private MIBs ITU

April 2006

376

ML48261, Rev. 02 Product Specification

Appendix I:
ITU-T WDM grid Optical Service ITU-T grid (G.694.2) Wavelengths with 20 nm spacing for CWDM ITU-T grid (G.694.1) Wavelengths with 100 GHz or 200 GHz spacing for DWDM

IEEE

IEEE 802.3 Ethernet IEEE 802.3u Fast Ethernet IEEE 802.3z Gigabit Ethernet (1000Base-SX/LX) IEEE 802.3ae 10 Gigabit Ethernet IEEE 802.3ab Gigabit Ethernet Copper IEEE 802.3ad Link Agregation IEEE 802.3ah Ethernet in the First Mile IEEE 802.1D Bridging and Spanning Tree IEEE 802.1p Layer 2 priority QoS Support IEEE 802.1Q VLAN Tagging IEEE 802.1w Rapid STP IEEE 802.1s Multiple-Instance STP IEEE 802.1x Port-based Network Access Control IEEE 802.1ad Provider bridges (partial draft)

April 2006

377