Scribd
Upload
202 views156 pages

ERX Intro+bras

This document provides an overview of the Next Generation ISP POP Architecture and the ERX hardware. It describes the ERX carrier reliability features and basic system architecture including the Switch Route Processor (SRP) and line modules. The SRP provides routing, switching and management functions. It can operate in redundant configurations for reliability. The document also introduces the ERX-700 and ERX-1400 platforms and their slot configurations.

Uploaded by

Nhớ mùa thu Hà Nội
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
202 views156 pages

ERX Intro+bras

This document provides an overview of the Next Generation ISP POP Architecture and the ERX hardware. It describes the ERX carrier reliability features and basic system architecture including the Switch Route Processor (SRP) and line modules. The SRP provides routing, switching and management functions. It can operate in redundant configurations for reliability. The document also introduces the ERX-700 and ERX-1400 platforms and their slot configurations.

Uploaded by

Nhớ mùa thu Hà Nội
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 156

Unit 1 Unisphere Overview

Next Generation ISP POP Architecture

ISP Partner
OC12 ATM/POS
ISP Partner
MPLS
ATM
OC3 ATM/POS POS
MRX OC48
Ethernet
Carrier Backbone
ERX (POS)

DS0/T1/E1/T3/E3 Carrier Backbone


ERX (ATM)
ATM
xDSL

VPN
Private Line Aggregation

Business Users

Edge Core

fT1/fE1 ADM
ERX
U
T1/E1 Gig Eth
SONET
ADM
OC3/STM1
Internet
DACS
Ring POS/ATMc Backbone
nxT1
ADM T3/E3/E1 OC12/STM4
T3/E3 ATM/FR/PPP POS/ATM

Telco Service
Network Provider
Tier2/3 Network
ISP
Network
xDSL Aggregation
Consumer &
Business
Users (xDSL) CLEC

Bridged 1483 ERX700/1400


ATM ISP
U
OC3/STM1
DS3 ATM
OC3 ATM OC12/STM4
PPP over ATM POS/ATM
Gig Eth

DSLAM
PPP over Ethernet
VPN
DHCP RADIUS

Routed 1483 Access Service


Network Network Internet
Provider Provider
BRAS support for PPP, PAP, CHAP, DHCP, and RADIUS
Unisphere Management Center (UMC)
Family of Products

Extended Service
and
Subscriber Management

Service Selection Center

UMC Meta Directory

Scalability and
Management Enhanced
Integration NMC-RX and NMC-SMX Functionality Options
UMC
Packs Element Managers
Management Products
UMC Service Selection Center (SSC)

LDAP
Directory

Service Selection Portal

Policy
Engine Service
Selection Center

Directory Browser
Intelligent Service POP
Unisphere
Management
Center

SRX-3000

ERX-700/
1400/1440 SMX-2100
Voice Applications IP
Transport
Network
PSTN
ERX-700/
Geographically Remote 1400/1440 Service
Voice/Data Access Selection
Center

Wireless
Customer Premises - Routers, Key Systems, PBXs, IADs…
Unit 2 ERX Hardware
Architecture Overview
Unit Objectives

• Identify the ERX-700 and ERX-1400


• Describe the ERX carrier reliability features
• List and describe basic ERX system architecture and hardware
components
• Describe SRP redundancy
• Identify and describe ERX-700 and ERX-1400 slot groups
• Describe Line Module redundancy configuration and operation
Two ERX Families to meet your needs

ERX-700
U

• •• •• •
• • • •• •

 ERX-700 7 slot configuration


ERX-1400  ERX-1400 14 slot configuration


U
Carrier Reliability

• NEBS Level 3 Compliant


• Hot swap
• Distributed DC Power
• Front to Back Airflow
• Designed for max rack density
- 3 ERX-1400 systems per rack

• Efficient power utilization


- 1KW for 924 T1s
ERX System Architecture
SRP I/O’s
IOAs
I/O Adapters Slot # 0 1 2 3 4 5 6 7 8 9 10 11 12 13
CE1/CT1
E3/CT3/T3
Connection OC3
OC12
via
cOC3
Passive Midplane cOC12
Fast Ethernet
Gigabit Ethernet

Line Modules
Line Modules
CE1/CT1
E3/CT3/T3
T3 ATM/E3 ATM
OC3/12 ATM
OC3/12 POS
cOC3/12
Fast Ethernet
Gigabit Ethernet

5, 10 or 40 Gbps Switch Route Processor (SRP)


with optional redundant SRP
Switch Route Processor (SRP)
• Route Processor
- Routing protocol processing
- Storage of Software Image and Config File
• PCMCIA flash Card
- Initial system boot, system initialization
- Downloads executable software images to Line Modules
- Monitor fans, power, temperature, alarms
- Clocking functions
- Manages internal connections between ingress and
- RS232 Console Port (Null Modem Cable)
- 10/100 Ethernet port for management
• Switch Fabric
- Command Line Interface (CLI) support
- 5, 10 or 40 Gbps
- Cell-based
egress ports
• Software Release 3.x.x requires 512 MB memory
ERX SRP Redundancy

• Primary/Standby SRP

• File System Redundancy

• System Release, Configuration,


Script and Macro Files are
Synchronized
• One way synchronization
Hardware Architecture

64K Queues
Utopia
(155Mb/s)
Uses 25Mbps in-band
for routing updates
Shared Memory Fabric 10G
Forwarding table updates every
Route Utopia
(155Mb/s)
4 seconds
Processor
2 x Utopia II
(1.2Gb/s)
Route
update 2 x Utopia II
(1.2Gb/s)

Control Bus
(Serial) 1Mbps Line Line Line Line
Card Card Card Card
Slot Slot Slot Slot
Group 1 Group 2 Group 3 Group 4
ERX 700/1400 Utopia Bus Sharing -
Line Rate Performance
U
ERX-1400
Slot Group 4

• • • • • • •

• • • • • • •
u Edge Routing Switch 6
5 Slot Group 3
• • • • • • • • • • • • • • 4 Slot Group 2
3
2
Slot Group 1
0 1 2 3 4 5 6 7 8 9 10 11 12 13
1

0
Slot Slot
Group Group
1 3
Slot Slot
Group Group Slot Group Bandwidth
2 4

5 Gbps Fabric 622 Mbps Full Duplex


10 Gbps Fabric 1.25 Gbps Full Duplex
• • • • • • • • • • • • • •
Examples of Line Module
Bandwidth Requirements

Card Type Bandwidth Consumed (M) Averaged Bandwidth (Points)


20/24 port T1/E1 40 5
3-port T3/E3 FRAME 135 15
3-port T3/E3 ATM 135 15
3-port CT3 FRAME 135 15
2-port OC3/STM1 POS/ATM 600 50
2-port 10/100 Fast Ethernet 400 35
4-port OC3/STM1 ATM 622 50
4-port OC3/STM1 POS 1247 100
1-port OC12/STM4 ATM 622 50
1-port OC12/STM4 POS 1247 100
8-port Fast Ethernet 1247 100
1-port Gigabit Ethernet 1247 100
4-port COC3 FRAME 622 75
1-port COC12 FRAME 622 75
3-port HSSI 135 15
ERX 700/1400 Utopia Bus Sharing -
Lower than Line Rate Performance
• Use any combination of
U ERX-1400
Edge Routing Switch
cards in a slot group
• • • • • • • • • • • • • •
• Line modules automatically
adjust bandwidth depending
0 1 2 3 4 5 6 7 8 9 10 11 12 13 on bandwidth available
Slot Slot • Dual Port OC3 and FE-2 line
Group Group
1 3 modules do NOT adjust
Slot Slot
Group
bandwidth
Group
2 4 - Example 1: To ensure Line
Rate performance, only install 1
GE line module per slot group.
• • • • • • • • • • • • • • - Example 2: Install 2 or 3 GE
line modules if lower
performance is acceptable
ERX 1440 Hardware Architecture

(100Mb/s)

Shared Memory Fabric (40G)


Route (100Mb/s)

Processor
5.0 Gbps 1.25
5.0 Gbps
Gbps 1.25
1.25 1.25
Gbps Gbps
Gbps
5.0 Gbps 5.0 Gbps

Line Line Line Line Line Line SRP SRP Line Line Line Line Line Line
Control Bus Card Card Card Card Card Card Card Card Card Card Card Card
(Serial)

Slot Slot Slot Slot Slot Slot Slot Slot Slot Slot Slot Slot Slot Slot
0 1 2 3 4 5 6 7 8 9 10 11 12 13

I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA I/OA
Line Module Architecture
• RISC processor functions
- L2/L3 packet header parsing
- L2/L3 packet header modifications
- QOS control
- Classification control
- Statistics control
• ASIC functions - Next Generation Cards
- Buffer management
- Queue management
- QOS scheduling
• FPGA functions
- Address lookup
- Flow classification
- Flow rate measurement/regulation (token buckets)
- Statistics support
• Leverage ASIC + RISC Processor Architecture
- RISC processor provides flexibility
- ASICs, FPGAs provide hardware assist to achieve high performance,
better I/O handling
Non-ASIC Line Modules
Line Ports 5 Gbps 5Gbps + 10 Gbps 40 Gbps
Module Fabric Fabric Fabric Fabric

CE1 20 X X X

CT1 24 X X X

CT3 3 X X X

UT3/ 3 X X X
UE3A

UT3/ 3 X X X
UE3F

10/100 2 X X X
Ethernet

OC3c/ 2 X X X
STM1

X.31/V.35 16 X X X X
ASIC Line Modules
Line Ports 5 Gbps 5 Gbps + 10 Gbps 40 Gbps
Module Fabric Fabric Fabric Fabric
OCx/ OC3 – 4 X X X
STMx OC12 – 1
OCx/ OC3 – 4 X X X
STMx OC12 – 1
COCx/ OC3 – 4 X X X
STMx OC12 – 1
Gigabit GE – 1 X X X
Ethernet/Fa FE – 8
st
Ethernet
HSSI 3 X X X

CT3/E3 12 X X X

T3/E3 T3/OC3/ X X X
OC3/STM1 OC12 – 4
OC12/STM4 E3/STM1/
STM4 – 1
T3/E3 12 X X X

OC-48/ OC – 1 X X X
STM16 STM –1
IPSec VTS 3 X X
ERX Line Module Redundancy
Redundancy Group

Slot # 13 12 11 10 9 8 7 6 5 4 3 2 1 0

Line Modules
Redundancy
Midplane
Passive Midplane •Type of
module
R •Size of
E redundancy
D
U
group
N
I/O Modules D
A
N
T

• 1:N Line Module Redundancy


• Redundancy Groups
- Adjacent slots
- Same line module type (T/E)
- OCx/STMx can have a mixture of OC3/OC12 cards
- T’s and E’s - Backup 2, 3, 4, or 5 line modules
- OCx/STMx - Backup 2 or 5 line modules
ERX Line Module Redundancy Operation
• ERX Automatically Detects Line Module Redundancy
• All Line Modules Operational in a Redundancy Group
- Primary line module
• State = Active
• On-line and Redundant LED illuminated
- Spare line module
• State = Standby
• Only Redundant LED illuminated
• Primary Line Module Fails
- IOA connection switched from primary to spare line module via RM
- Spare line module assumes control
• Interface configuration and routing tables obtained from SRP
• State = Active
• On-line LED illuminated
- SNMP trap
ERX Line Module Redundancy Operation
• What happens when the Primary Line Module is
operational again?
- By default, spare remains active, primary is inactive
- Revert to primary line module using the CLI redundancy
revert command
• Other Redundancy Commands and Configuration Options:
- Automatic switchover to primary line module
- Automatic switchover to primary line module at specific time
- Disable redundancy on a specific line module within a
redundancy group
- Manually forcing a failover
Unit 3 Introduction to the Command
Line Interface (CLI) and
Configuration Basics
Unit Objectives

• List and describe the different CLI modes


• Compare and contrast the ‘Industry Standard’ CLI and the ERX’s CLI
• List and describe CLI shortcut commands
• Describe the ERX’s file system
• Copy files to and from the ERX
• View a configuration file
• Configure basic ERX parameters including an Ethernet and Loopback
Interface, Telnet and hostname
• Describe ERX boot configuration and reload options
• Describe ERX timing configuration options
• List and describe useful CLI commands
CLI Features

User User enable configure


Establishes Exec Privileged Global
Connection Exec Configuration

Different
Prompt RX-0-9-D0> RX-0-9-D0# RX-0-9-D0(config)#
for Each
Mode • Used for configuration and troubleshooting
• Similar to the ‘Industry Standard’ Cisco-like CLI
• 3 Modes
- User Exec
- Privileged Exec
- Global Configuration
• Different commands available in each mode
• Local console port using null modem cable
• Telnet
• Secure Shell (SSH)
What’s different from the
‘Industry Standard’ CLI?
• The File System
• Configuration changes automatically saved to the running configuration
- no need to ‘write’
• Minor differences in some configuration commands
• Logging
- some ‘debug’ commands available
• Protocol Support
- ERX focuses solely on IP
• Output from show commands improved
- show ip route
- show version
• Test existing Cisco configuration scripts
• Booting/Reloading the Router
• show config
• Configuration files are binary
CLI Shortcuts

• The “?” is your friend!


- Available commands
- Available options within a command
• Up/down arrows to repeat or edit previous commands
• Abbreviated commands
• Tab to complete a command
ERX File System
erx3#dir
unshared in
file size size date use
--------------- -------- -------- ------------------- ---
lab1.cnf 44191 44191 04/27/2000 15:40:38
clientpppoa.cnf 45442 45442 04/26/2000 10:20:14
clientpppoe.cnf 46598 46598 04/26/2000 09:35:24
clientqos.cnf 45587 45587 04/13/2000 07:03:56
reboot.hty 30080 30080 01/01/1970 00:00:00
system.log 168 168 01/01/1970 00:00:00
atmpvc.mac 288 288 04/28/2000 14:55:00
1-3-1.rel 30929563 30842577 04/28/2000 13:31:26 !
1-3-0.rel 30891326 30804340 03/30/2000 12:57:32
clientqos.scr 797 797 04/12/2000 18:39:58
clientpppoa.scr 719 719 11/01/1999 13:03:18
clientpppoe.scr 1218 1218 11/01/1999 13:04:10
bulkstats1.sts 487* 487* 04/28/2000 15:09:22
test.txt 2308 2308 08/28/2000 15:27:22

Capacity = 85196800, Bytes Free = 6871936, Reserved = 15728640


* File is not stored in main file system and is not included in capacity
figures
Copying Files
• Files can be local or off the network
- Local files are copied with Copy command
- Network files are copied using FTP
• FTP Client and Server on the ERX
- By Default, FTP User = Anonymous Password = Null
- Define PC or Workstation to copy to using host command
• ERX1(config)#host dianepc 10.10.0.156 ftp
• ERX1(config)#host garypc 10.10.0.100 ftp gary mypass
• To copy a new image from Diane’s PC
- ERX1#copy dianepc:1-3-0/1-3-0.rel 1-3-0.rel
• To save the current running configuration
- Perform this step before upgrading system
- ERX1#copy running-configuration 1-2-0.cnf
ERX Configuration Basics
• Configuration files are binary
• To view current configuration settings
- show config
• Configuration commands entered two ways
- Terminal - Configuration commands entered line by line by hand through the CLI
• ERX1#config
Configuring from terminal or file [terminal]? terminal
Enter configuration commands, one per line. End with CNTL/Z.
ERX1(config)#
- File - Configuration script file located on the flash or on a network host
• ERX1#config file ospf.scr verbose
• ERX1#config file diane:scripts/pppoa.scr verbose
ERX Configuration Basics (cont.)

• Configuration script files generated:


- By hand
- Writing a script
- Using the output of the show config command

• All configuration changes are:


- Dynamic
- Automatically saved to ‘running-configuration’
- No need to ‘write’ or save the configuration file
Manual Commit Mode

• ERX can be set to have same behavior as Cisco:


- ERX1(config)# service manual-commit
- ERX1# show running-configuration
- ERX1# copy running-configuration file.cnf

• Configuration changes are dynamic but not saved


automatically.
- ERX1#write memory

• To change back:
- ERX1(config)# no service manual-commit
- ERX1# show config
ERX Configuration Tree
C on fig

C on troller In terfac e R ou ter L in e

T1 F as tE th e rn et R IP

E1 A TM OSPF

T3 POS BGP

E3 L oop b a c k IS IS

S erial • Novice Users


- Traverse the Tree
• exit, control Z
-The ‘?’ is your friend!
• Experienced Users
- Do any command, anywhere
ERX Fast Ethernet Configuration

ERX ERX
U U

Fast Ethernet
10.1.7.1/16

Network IP Address
Mask IP
Layer

Data Link
Ethernet
Layer

Physical Slot/Port Fast Ethernet


Layer
ERX Telnet and Host Name
Configuration

ERX ERX
U U

Fast Ethernet
10.1.7.1/16

• Console access via IP, not the console port


• Virtual terminal access
• Host name
ERX Loopback Interfaces
Loopback Loopback
192.168.1.1/24 192.168.16.1/24

ERX ERX
U U

Fast Ethernet
10.1.7.1/16

• IP address assigned to the box, not a physical port


- Management interface
- Virtual interface
• Loopback interface is a unique number
ERX Rebooting Basics
• ERX needs two things to boot or reload:
- Configuration file
• System Configuration
• By default, a file stored on the flash called running-configuration
- Operating System
• System Release

• To view current boot configuration:


• ERX1#show boot

System Release: 1-2-0.rel


System Configuration: running-configuration
Note: This system is not configured with backup settings.
ERX1#
ERX Booting Basics (cont.)
• To ‘fallback’ and boot with old configuration file:
• ERX1#config t

Enter configuration commands, one per line. End with CNTL/Z.


• ERX1(config)#boot config good.cnf once
• ERX1(config)#exit
• ERX1#reload

After the reload, good.cnf becomes the ‘running-configuration’. Any changes made will be saved to this file.

For subsequent reloads, the ERX will use the ‘running-configuration’ file, NOT good.cnf
ERX Booting Basics (cont.)
• To always boot with the configuration file good.cnf:
• ERX1(config)#boot config good.cnf
WARNING: Execution of this command will cause the system to revert to the
configuration settings specified by good.cnf following every system reboot, until an
overriding boot config command is executed.
Proceed with 'boot config'? [confirm]
ERX1(config)#
• ERX1(config)#exit
• ERX1#reload
After the reload, good.cnf becomes the ‘running-configuration’. Any changes made will be saved to this file.

For subsequent reloads, the ERX will use good.cnf, NOT the ‘running-configuration’ file.
ERX Booting Basics (cont.)

• To factory default the box:


• ERX1#config t

Enter configuration commands, one per line. End with CNTL/Z.


• ERX1(config)#boot config factory-defaults

ERX1(config)#

• To boot using the running configuraiton:


• ERX1#config t

Enter configuration commands, one per line. End with CNTL/Z.


• ERX1(config)#boot config running-configuration

ERX1(config)#
Useful CLI Commands
• Before power down or flash/SRP removal
- halt
• To determine software version and state of cards:
- show version
• To determine hardware version and memory:
- show hardware
• To determine current boot settings:
- show boot
• To view routing table:
- show ip route
• To determine which IP interfaces are configured:
- show ip interface brief
- show ip int bri | include 10.1.7.1
- show ip int bri | include CompanyX
• To view the running configuration:
- show config
- show config include-defaults
- show config include-defaults | exclude t1
- show config include-defaults | include atm
- show config include-defaults | begin fastEthernet
Unit 1
xDSL Overview
Routed 1483
xDSL Overview & Routed 1483
Unit Objectives
• Describe the different types of xDSL connections
• List and describe the equipment used in a xDSL network
• List and describe four different B-RAS connection types
• Compare and contrast traditional dial-up and xDSL remote access methods
• Describe the life of a packet in a Routed 1483 environment
• Describe basic ATM concepts and terminology
• List the ATM traffic management options supported by each ERX line module
• Compare and contrast IP addressing options in a Routed 1483 environment
• Configure a Routed 1483 ATM PVC
Remote Access… in the ‘Old
Days’

Modem
RADIUS
[email protected]
Routers ISP1
RAS
PPP Session

Modem

RADIUS ISP2
[email protected]

• Relatively slow access rates using dedicated POTS line


• Point to point session between PC and RAS
• RAS terminated the PPP session
• Packets sent to appropriate routers
xDSL Basics
PC w/Ethernet
NIC PC w/xDSL
Modem
xDSL
Modem
xDSL xDSL
Bridge Modem
Network
PC w/ATM NIC of PCs
DSL
Modem

DSLAM xDSL
DSLAM Concentrator
U

Customer
Network DSL ATM Internet
Router

ATM
DSL Switch
Customer Router RADIUS
Network
DHCP

• Digital Subscriber Line where x=


- Asymmetric, Symmetric, Rate-Adaptive, High-bit-rate, Very high bit rate
• High Speed Connection Using Existing Phone Lines
- Voice, FAX, Data over the same phone line
- Always on!
- Speed dependent on flavor of DSL, Line Quality, Distance, etc.
xDSL Customer Premise Equipment (CPE)
PC w/Ethernet
NIC
PC w/xDSL
xDSL Modem
Modem
xDSL xDSL
Bridge Modem

PC w/ATM NIC Network


DSL
Modem of PCs

DSLAM DSLAM xDSL


DSLAM Concentrator
Customer U

Network DSL ATM


Router Internet
ATM
DSL Switch
Customer Router RADIUS
Network
DHCP
• Business or Enterprise Customer
- Connect LANs to a xDSL router or bridge
- Connect LANs to a router or bridge plus an xDSL modem
• Residential or SOHO Customer
- Workstation with integrated xDSL modem
- Workstation with an Ethernet or ATM NIC connected to a
standalone xDSL modem
xDSL POP Equipment
PC w/Ethernet
NIC
PC w/xDSL
xDSL Modem
Modem
xDSL xDSL
Bridge Modem

PC w/ATM NIC
DSL Network
Modem
of PCs

DSLAM xDSL
DSLAM Concentrator
Customer U

Network DSL ATM


Router Internet
ATM
DSL Switch
Customer Router RADIUS
Network
DHCP
• Local POP
- One or more DSLAMs - Digital Subscriber Line Access Multiplexer
• Central Office
- ATM Switch
- xDSL Concentrator
- RADIUS, DHCP Servers
• PVC Established from the xDSL Concentrator to
the CPE Device
To Authenticate or not...
PC w/Ethernet
NIC
Bridged 1483 PC w/xDSL
xDSL
Modem
Modem
xDSL xDSL
Bridge Modem
Network
DSL
of PCs
Modem
PC w/ATM NIC

Routed 1483 DSLAM


DSLAM xDSL
Concentrator
Customer U

Network DSL ATM


Router Internet
ATM
DSL Switch
Customer Router RADIUS
Network
DHCP

• Always on, No Authentication


- Bridged 1483
- Routed 1483
To Authenticate or not...
PC w/Ethernet
PPP over NIC
ATM PC w/xDSL
Modem
xDSL
Modem
xDSL xDSL
Bridge Modem
PPP over
PC w/ATM NIC
DSL
Network Ethernet
Modem of PCs

DSLAM xDSL
DSLAM Concentrator
Customer Internet
U

Network DSL ATM


Router

ATM
DSL Switch
Customer RADIUS
Network
Router PPP over
ATM

• To maintain current dial-up model, complete with RADIUS Authentication and Accounting Services
- PPP over ATM
- PPP over Ethernet over ATM
xDSL Deployments Today

Consumer &
Business
ERX focus
Users (xDSL)

IP/PPP/ATM ATM/FR Network IP


Switch Appliance Router

Internet
Bridged 1483

DSLAM
IP/PPPoE/ATM

Access Service
Network RADIUS Network
Routed 1483 Provider Provider

• High speed access using shared POTs line


• Point to point session between PC and network
appliance
Why use the ERX?

Consumer &
Business CLEC
Users (xDSL)

IP/PPP/ATM RX700/1400
ATM/FR
U
POS/ATM
OC3/STM1 ISP
ATM
Bridged 1483

DSLAM
IP/PPPoE/ATM
VPN
RADIUS

Routed 1483
Access Service
Network Network Internet
Provider Provider
• One platform for session termination and
Tier 1 routing
Routed 1483 - Life of a Packet
ERX

DSL U

Router
Internet

DSL
Router

IP Datagram IP Datagram IP Datagram

MAC IP RFC 1483 IP Layer 3= IP

Ethernet ATM Encap X


Routed 1483 - ERX
Configuration
ERX
DSL U

Router
Internet
DSL
Router

Network IP Address
IP IP Subnet Mask
Layer
Loopback Reference

Data Link PVC VPI/VCI


ATM ATM Encapsulation
Layer
ATM Framing

Sonet
SDH Framing
Physical
Layer

UT3A/UE3A Slot/Port
OC3c Clocking
Shutdown

• Think Layers!
• Encapsulation, Encapsulation,Encapsulation!
ATM Basics
xDSL
Bridge

DSLAM VPI 0
Customer VCI 33
Network DSL
Router VCI 34
VCI 35
DSL
Customer Router
Network

• 1 Physical Interface, Multiple Logical Connections


- ERX supports PVCs
- 1 PVC per xDSL CPE
• Each PVC identified by a
- Virtual Path Identifier (VPI)
- Virtual Circuit Identifier (VCI)
- Virtual Circuit Descriptor (VCD)
• ERX specific configuration parameter
• Unique number (per interface) that identifies a virtual circuit
Configuring Routed 1483 Interface Columns
IP Address
Loopback for IP Unnumbered IP Unnumbered IP Address
Unnumbered IP OR Loopback 1 Loopback 1 172.10.35.1/30
Subnet Mask for
Numbered IP
ATM Subinterface ATM Subinterface ATM Subinterface
Slot / Port . Subinterface
5/0.33 5/0.34 5/0.35
PVC VCD VPI/VCI
pvc 33 0/33 pvc 34 0/34 pvc 35 0/35

Slot/Port
ATM Interface
Framing
5/0
# VC per VP
Clocking OC3
Framing UT3A/E3A
Shutdown 5/0
ATM Traffic Management
xDSL
Bridge

Outbound Traffic U

DSLAM VPI 0
Customer VCI 33
Network DSL
Router VCI 34
VCI 35
DSL
Customer Router
Network

• OC3c (2 port)
- Unspecified Bit Rate (UBR) only
• UT3A/UE3A
- UBR with Peak Cell Rate (PCR)
- Non-realtime (nrt) Variable Bit Rate (VBR)
- Shaping done on an individual VC
- Outbound traffic shaping
• OC3c (4 port), OC12c (1 port)
- Constant Bit Rate (CBR)
ATM Configuration
xDSL
Bridge

Outbound Traffic U
Slot 5
DSLAM Port 0
VPI 0
Customer VCI 33
Network DSL
Router VCI 34
VCI 35
Customer
DSL
Network
Router

• interface atm slot/port.subinterface


- erx2(config)# interface atm 5/0.33
• atm pvc vcd vpi vci encapsulation peak average burst
• atm pvc vcd vpi vci encapsulation cbr cbr-rate
- encapsulation
• aal5snap or aal5mux ip
- Peak, Average and CBR Rate in 1 Kbps chunks, burst in cells
• UBR No peak, average or burst configured
• UBR with PCR Peak Configured
• nrt-VBR Peak, Average, and Burst Configured
- erx2(config-if)# atm pvc 33 0 33 aal5snap 256 128 100
ATM Traffic Shaping - VP Tunnels
Outbound Traffic
VPI 0 5 Mbps
ISP A U

VPI 1 10 Mbps
ISP B

VPI 2 30 Mbps
Customers

• Allocate bandwidth to a Virtual Path


• All PVCs within VP contend for tunnel bandwidth
• Traffic shaping relevant to outbound traffic only
• VP Tunnels supported on all ATM line modules
Configuring VP Tunnels
Outbound Traffic

VPI 0 5 Mbps
ISP A U

VPI 1 10 Mbps
ISP B

VPI 2 30 Mbps
Customers

• Configure the ATM interface


- erx2(config)# interface atm 5/0
• Configure ATM vc-per-vp to allow additional VPs
- Configurable only on UT3A or UE3A
- erx2(config-if)# atm vc-per-vp 32768
• Configure the ATM VP tunnels
- Configurable in Kbps
- erx2(config-if)# atm vp-tunnel 0 5000
• Configure ATM Subinterface and PVCs
- ASIC line modules support shaping at both VP AND VC levels
- Non-ASIC line modules so NOT support shaping at both
the VP and VC levels
IP Addressing - Option 1
40.40.0.0

DSL .2 172.10.1.0/30 U
Router .1
Internet

.6 172.10.1.4/30 .5
DSL
Router
ERX

20.20.0.0
30.30.0.0
• View each ATM PVC as a unique point-to-point network
• Assign a single subnet to each ATM PVC
• Burns IP addresses
IP Addressing - Option 2

40.40.0.0 172.10.1.0/24
Loopback 1
172.10.1.1/24
DSL 172.10.1.2 U
unnumbered IP
Router
Loopback 1
Internet

172.10.1.3 unnumbered IP
DSL Loopback 1
Router
ERX

20.20.0.0
30.30.0.0
• View the group of PVCs or DSL devices as one large LAN
• Assign a single subnet to the group
• Use Unnumbered Interfaces on the ERX’s PVCs
- Reference a Loopback Interface on the ERX in the same subnet
• Use numbered interfaces on the DSL router from the
same subnet
• Conserves IP addresses
Routing Configuration
Redistribute Connected
172.10.1.0/24
172.10.1.0 Redistribute Static
40.40.0.0 40.40.0.0/16
0.0.0.0 Loopback 1 20.20.0.0/16
172.10.1.1/24
DSL 172.10.1.2 unnumbered IP U
Router
int atm 5/1.33 Internet
unnumbered IP
172.10.1.3
DSL int atm 5/1.34
Router
ERX
0.0.0.0
Destination Next Hop Metric Protocol
20.20.0.0 40.40.0.0/16 5/1.33 1 Static
30.30.0.0 20.20.0.0/16 5/1.34 1 Static
• CPE DSL Router
- Create a default route pointing to the ERX
172.10.1.0/24 Connected
172.10.1.2 5/1.33 1 Static
- Next hop address is the Loopback Interfaces IP address
• On the ERX
- Create static routes for each viable customer network
Create a static host route for each DSL router

172.10.1.3 5/1.34 1 Static


-
- Next hop interface must be the appropriate ATM subinterface
- Redistribute directly connected networks to advertise the DSL group
- Redistribute static routes to advertise the customer’s networks
Routed 1483 Configuration Steps
• Configure Loopback Interface
• Configure UT3/U3E Controller
- Clocking, Framing, Shutdown IP Interface IP Interface
• Configure ATM interface
- # VCs per VP, Framing
• ATM ATM
Configure the following per DSL router:
Subinterface Subinterface
- Configure ATM Subinterface
- Configure PVC, PVC encapsulation
- Configure IP Interface & Description
• Numbered IP and Subnet Mask OR ATM Interface
• Unnumbered IP and Loopback
reference
UT3 / UE3
- Configure IP Static Routes OC3c
• Host Route for CPE Router
• Network Route for Customer
Networks
How can I tell if it is working?
• Think in Layers!
• Network
- ping
- show ip interface brief
- show ip interface atm 5/0.33
- clear ip interface atm 5/0.33
- show ip interface atm 5/0.33 delta
- show ip route
• Data Link IP
- show atm int atm 5/0
- show atm vc
- show atm vc atm 5/0 33
- baseline interface atm 5/0 33
- show atm vc atm 5/0 33 delta
• Physical
- show atm int atm 5/0

ATM

Sonet/SDH

OC3
UT3A/UE3A
• This slide intentionally left blank
Unit 2
ERX Virtual Routers
ERX Virtual Routers Unit Objectives
• Define the term Virtual Router
• List and describe three different uses for Virtual Routers
• Identify ERX parameters specific to Virtual Routers
• Configure and manage Virtual Routers on the ERX
Yesterday’s POP

Separate Company X
IP Routers VPN

Company X ATM/FR Network


Switch Appliance

ISP A Internet

DSLAM
Customer

Access Service
Network Network
Customer Provider Provider

• Wholesaling
• Virtual Private Networks
Today’s POP

Separate Company X
IP Routers VPN

Company X ATM/FR
Switch U

ISP A Internet

DSLAM
Customer

Access Service
Network Network
Customer Provider Provider
Virtual Routers on the ERX

ISP A
U

Corporate VPN ispa

VPN X
Customer A
Customer B default
Customer C

• Multiple separate and distinct routers within a single chassis


• Potential Uses:
- Individual routers dedicated to wholesale customers
- Corporate Virtual Private Networks (VPN)
- Routers dedicated to a particular traffic type
• 240 Virtual Routers per ERX
• You’ve already been working with virtual routers!
- The ‘default’ virtual router
ERX Virtual Routers - Think Layers Again!

UT3

OC3
ispa
ISPA Per IP
0 FR 192.168.9.1/24 Virtual Router
0
ISPB FR ATM
ispb
1

192.168.33.1/24 1 Global
Sonet/SDH
‘Box-wide’

2 default
PPP 192.168.2.1/24
UT3A/UE3A
10.3.202.1/16

Customers SRP 0

• Layer 1 and Layer 2 information is global or ‘box-wide’


- Controllers, Serial Interfaces, PPP, Frame Relay, POS, ATM
• Layer 3 information is specific to a virtual router
- IP Interfaces, Routing Processes, IP Routing Tables
ERX Virtual Routers

OC3
• Configuration

UT3
ispa
ERX1:(config)#virtual-router ispa
ISPA Proceed with new virtual-router creation? [confirm]
ERX1:ispa(config)#
• VR Rules of Thumb
Can not abbreviate virtual router names
0
-
- Virtual Router names are CaSe sensitive
FR 192.168.9.1/24 - Initially login to the default virtual router
- The prompt indicates virtual router location
- The SRP Mgmt Ethernet Interface can only be in one virtual router
- Physical and Data Link configuration can occur in any Virtual Router
0 -
-
Network configuration must occur in the appropriate Virtual Router
show config specifying virtual router

ISPB FR
ispb
1

192.168.33.1/24 1

2 default
PPP 192.168.2.1/24

10.3.202.1/16

Customers SRP 0
How do I manage Virtual
Routers?
• List virtual routers configured on the ERX
- ERX1#show virtual-router
• Prompt indicates current virtual router
- ERX1#
- ERX1:ispa#
• Change to a different Virtual Router
- ERX1# virtual-router ispa
- ERX1:ispa#
• Manage layer 1 and layer 2 from any virtual router
- show controller
- show interface serial 4/0:1/1
- show ppp interface down
- show pos interface
• Manage layer 3 from a specific virtual router
- show ip route
- show ip interface brief
- show ip traffic
• View the configuration for a specific virtual router
- show config virtual-router ispa
Unit 3
Bridged 1483
Bridged 1483 Unit Objectives
• Describe the life of a packet in a Bridged 1483 environment
• Compare and contrast IP addressing options in a Bridged 1483
environment
• Describe how a PC can obtain its IP address dynamically in a
Bridged 1483 environment
• Compare and contrast ERX routing configuration options in a
Bridged 1483 environment
• Configure a Bridged 1483 ATM PVC
To Authenticate or not...
Bridged 1483 PC w/Ethernet
NIC PC w/xDSL
Modem
xDSL
Modem
xDSL xDSL
Bridge Modem
Network
DSL
of PCs
PC w/ATM NIC Modem

Routed 1483 xDSL


DSLAM Concentrator
DSLAM U

Customer
Network DSL ATM
Router Internet
ATM
DSL Switch
Customer Router RADIUS
Network
DHCP

• Always on, No Authentication


- Bridged 1483
- Routed 1483
Bridged 1483 - Life of a Packet
ERX
U
DSL
Bridge
Internet

DSL
Bridge

IP Datagram IP Datagram IP Datagram

MAC IP MAC IP Layer 3= IP

Ethernet Ethernet Encap X

Bridged 1483

ATM
Bridged 1483 - ERX Configuration
ERX
DSL U

Bridge Internet

DSL
Bridge

IP Address
Network IP IP Subnet Mask
Layer Loopback Reference

Bridged 1483 Bridged 1483 PVC VPI/VCI


Data Link
Layer Encapsulation
ATM ATM
ATM Framing

Sonet
Framing
SDH
Physical
Layer Slot/Port
UT3A/UE3A
Clocking
OC3c
Shutdown
• Think Layers!
• Encapsulation, Encapsulation, Encapsulation!
IP Addressing - Static IP Addresses
Static Addresses

DSL 182.10.1.0/24 U

182.10.1.2/24 .1
Bridge

Internet
182.10.2.0/24 .1
DSL
182.10.2.2/24
Bridge

ERX

182.10.2.3/24

• View each ATM PVC as a unique point-to-point network


• Assign a single subnet to each ATM PVC
• Assign a static, numbered IP address to the client and the ERX
• Burns IP addresses
IP Addressing - Static and Unnumbered IP
Static Addresses
182.10.1.0
Loopback 1
182.10.1.1/24
DSL
182.10.1.2 Bridge
unnumbered IP U

Loopback 1
Internet

DSL unnumbered IP
182.10.1.3 Loopback 1
Bridge

ERX

182.10.1.4

• View the group of DSL users as one large LAN


• Assign a single subnet to the group
• Use Unnumbered Interfaces on the ERX’s PVCs
- Reference a Loopback Interface on the ERX in the same subnet
• Use statically assigned numbered interfaces on the
workstations from the same subnet
• Conserves IP addresses
Routing Configuration - Static and Unnumbered

182.10.1.0 Redistribute Connected


Loopback 1 182.10.1.0/24
182.10.1.1/24
DSL
unnumbered IP
182.10.1.2 Bridge
U

0.0.0.0 int atm 5/1.36


Internet
unnumbered IP
DSL
182.10.1.3 int atm 5/1.37
Bridge
0.0.0.0
ERX

182.10.1.4
Destination Next Hop Metric Protocol
0.0.0.0 182.10.1.1/24 Loopback1 1 Connect
182.10.1.2/32 5/1.36 1 Static
182.10.1.3/32 5/1.37 1 Static
• CPE Workstations 182.10.1.4/32 5/1.37 1 Static
- Create a default route pointing to the ERX
• On the ERX
- Create static routes to each workstation
- Next hop interface must be the appropriate ATM subinterface
- Redistribute directly connected networks to appropriate
routing protocol
IP Addressing - DHCP
Dynamic Addresses DHCP Relay Agent
via DHCP 182.10.1.0 DHCP Server = 1.1.1.1
Loopback 1
182.10.1.1/24
DSL 1.1.1.1
182.10.1.12 Bridge
unnumbered IP U

Loopback 1 DHCP
Internet Server

Address
DSL unnumbered IP
182.10.1.13 Range
Bridge Loopback 1
182.10.1.2 -
ERX 182.10.1.255

182.10.1.14

• Workstation Configuration
- Configured for DHCP
- Obtain IP address dynamically from DHCP server
• ERX Configuration
- Use Unnumbered Interfaces on the ERX’s PVCs
Reference a Loopback Interface on the ERX in the same subnet

- DHCP Relay Agent
• Configure ERX as a DHCP Relay Agent
• Configure IP address of DHCP server
• Per virtual router
Routing Configuration - DHCP
Redistribute Connected
182.10.1.0 182.10.0.0/24
Loopback 1
182.10.1.1/24
DSL
unnumbered IP
182.10.1.12 Bridge
U

0.0.0.0 DHCP
int atm 5/1.36 Internet Server

unnumbered IP
DSL
182.10.1.13 int atm 5/1.37
Bridge
0.0.0.0
ERX
Destination Next Hop Metric Protocol
182.10.1.14 182.10.1.1/24 Loopback1 1 Connect
0.0.0.0 182.10.1.12/32 5/1.36 1 AccIntern
182.10.1.13/32 5/1.37 1 AccIntern
• CPE Workstations 182.10.1.14/32 5/1.37 1 AccIntern
- Default Route pointing to the ERX
• ERX
- Static routes not necessary
- Automatically insert host route into routing table based on
DHCP reply
- Redistribute directly connected networks to appropriate
routing protocol
Configuring Bridged 1483 Interface Columns
IP Address
Loopback for
IP Unnumbered IP Unnumbered IP Interface
Unnumbered IP
Loopback 1 Loopback 1 182.10.38.1/30
Subnet Mask for
Numbered IP

Encapsulation Method Bridged 1483 Bridged 1483 Bridged 1483

ATM Subinterface ATM Subinterface ATM Subinterface


Slot / Port . Subinterface
5/1.36 5/1.37 5/1.38
PVC VCD VPI/VCI
pvc 36 0/36 pvc 37 0/37 pvc 38 0/38

Slot/Port
ATM Interface
Framing
5/1
# VC per VP

OC3
Clocking
UT3A/E3A
Framing
5/1
Bridged 1483 Configuration Steps

• Configure Loopback Interface


• Configure DHCP for address assignment, if
appropriate IP Interface IP Interface
• Configure UT3/U3E Controller
- Clocking, Framing, Shutdown
• Configure ATM interface Bridged 1483 Bridged 1483
- # VCs per VP, Framing
• Configure the following per DSL Bridge:
- Configure ATM Subinterface ATM ATM
- Configure PVC, PVC encapsulation Subinterface Subinterface

- Configure Encapsulation Bridged 1483


- Configure IP Interface & Description
• Numbered IP and Subnet Mask OR ATM Interface
• Unnumbered IP and Loopback reference
- If not using DHCP, configure Static IP Host Route
UT3 / UE3
OC3c
How can I tell if it is working?
• Think Layers!
• Network
- ping
- show ip interface brief
- show ip interface atm 5/0.33
- clear ip interface atm 5/0.33
IP
- show ip interface atm 5/0.33 delta
- show ip route
• Data Link
- show atm vc
- show atm subinterface
- show atm vc atm 5/0 33
- baseline interface atm 5/0 33
- show atm vc atm 5/0 33 delta
Bridged 1483
• Physical
- show atm int atm 5/0

ATM

Sonet/SDH

OC3
UT3A/UE3A
• This slide intentionally left blank
Unit 4
PPP over ATM
PPP over ATM Unit Objectives

• List the benefits of using PPP over ATM


• Compare and contrast IP addressing options in a PPP over ATM environment
• Describe the basic Life of a Packet in a PPP over ATM environment
• Describe the three different ways a PC can obtain its IP address dynamically in a
PPP over ATM environment
• Describe the purpose of the Domain Map
• Describe the function and use of Profiles
• Configure the ERX for PPP over ATM
• Describe ERX logging capabilities
• Verify PPP over ATM operation using show commands
and logging
Remote Access… in the ‘Old Days’

Modem
RADIUS
[email protected]
Routers ISP1
RAS
PPP Session

Modem

RADIUS ISP2
[email protected]

• Relatively slow access rates using dedicated POTS line


• Point to point session between PC and RAS
• RAS terminated the PPP session
• Packets sent to appropriate routers
Authentication in a xDSL Environment
PC w/Ethernet
Bridged 1483 NIC PC w/xDSL
PPP over ATM Modem PPP over
xDSL
Modem Ethernet
xDSL xDSL
Bridge Modem
Network
of PCs
PC w/ATM NIC DSL
Modem

Routed 1483
DSLAM xDSL
DSLAM Concentrator
Customer U

Network DSL ATM


Router Internet
ATM
DSL Switch
Customer Router RADIUS
Network
DHCP

• To maintain current dial-up model, complete with RADIUS Authentication and Accounting Services
- PPP over ATM
- PPPoE over ATM
PPP over ATM - Single User per ATM PVC

DSL
Modem
PPP Session
[email protected]
ISP1
U

DSL ATM RADIUS


Customer Router
Network
PVC
ATM per Modem
Switch ERX
DSL DSLAM
Modem
ISP2
[email protected]
RADIUS

• Single high speed interface supporting thousands of ATM PVCs


• An ATM PVC or subinterface per modem supporting a single PPP session
• PPP session between the user and the ERX
IP Addressing Scheme ISP 1 - Option 1

DSL
Modem
[email protected]
192.168.1.2

Internet
DSL
Modem

[email protected] U

192.168.1.6
DSL
Modem
IP Addresses on the ERX
PVC to tyler = 192.168.1.1/30
[email protected] ERX PVC to gary = 192.168.1.5/30
192.168.1.10
PVC to rich = 192.168.1.9/30

• View each ATM PVC as a unique point-to-point


network
• Assign a single subnet to each ATM PVC
• Burns IP addresses
IP Addressing Scheme - ISP1
Redistribute Connected
192.168.1.0/24
192.168.1.0
DSL
Modem
[email protected]
192.168.1.2
Loopback 1= Internet
DSL 192.168.1.1/24
Modem

[email protected] U

192.168.1.3
DSL
Modem

[email protected] ERX
192.168.1.4

• Think of the DSL users as one large LAN


• Assign a single subnet to the DSL users
• Use Unnumbered Interfaces on the ERX’s PVCs
- Reference a Loopback Interface on the ERX in the same subnet
• DSL user host routes cached dynamically into the IP routing table
- ip access-routes command
• Redistribute Directly Connected Networks
- Advertises the entire group of DSL users
PPP over ATM Configuration Options
IP Datagram

PPP
DSL
Modem
RFC 2364 PPP
[email protected]
PPP Client ATM
ATM NIC
ISP1
U

ATM RADIUS
DSL
Customer Router PPP
Network over
ATM
DSLAM Switch ATM ERX
DSL
Modem
ISP2
[email protected] RADIUS
PPP Client
Life of a Packet - Session Initiation
1-PPP LCP
Request

DSL
Modem 2 -PPP LCP default
[email protected] Request - Chap
ISP1
AAA
PPP Process
over RADIUS
ATM
VR2
PVC
per
DSLAM Modem
DSL
Modem ISP2
[email protected]
ERX RADIUS

• User initiates PPP connection via LCP


• PPP client and ERX agree on PPP authentication protocol (CHAP or PAP)
Determine Authentication Server
GLOBAL
DOMAIN MAP DOMAIN VR
aaa domain-map isp1.com default
aaa domain-map isp2.com VR2
DSL
Modem default
[email protected]
AAA ISP1
[email protected] Process

VR2 RADIUS

DSLAM
DSL
Modem
ISP2
[email protected]
ERX
RADIUS
• User sends login: [email protected]
• ERX examines login for realm or domain name “@isp1.com”
• ERX searches the Domain Map for user’s
domain name
RADIUS Authentication and Authorization
GLOBAL
DOMAIN MAP DOMAIN VR
aaa domain-map isp1.com default
aaa domain-map isp2.com VR2
DSL RADIUS
Modem default 1.1.1.1
[email protected] [email protected]
RADIUS=1.1.1.1
UDP=1645 ISP1
key=training

[email protected]
VR2
IP=192.168.1.10
RADIUS=2.2.2.1
UDP=1645
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX

• Based on the virtual router, authentication request forwarded to appropriate RADIUS server
• Configure RADIUS Server IP Address, UDP Port, Key
• RADIUS server returns a deny or grant, including user/session attributes
Additional RADIUS Parameters

DSL RADIUS
Modem default 1.1.1.1
[email protected]
[email protected]
RADIUS=1.1.1.1
UDP=1645
ISP1
key=training
[email protected]
VR2 IP=192.168.1.10

RADIUS=2.2.2.1
UDP=1645
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX

• Retransmit Value
• Timeout Value
• Deadtime
• Max-sessions
RADIUS Source IP Address
1.1.1.1
DSL Access Request
Modem default DA = 1.1.1.1 RADIUS
[email protected] Router ID= SA = 192.168.1.1
172.10.1.1
Loopback1=
192.168.1.1
RADIUS=1.1.1.1 ISP1 Access Accept
DA = 192.168.1.1
SA = 1.1.1.1
VR2
Router ID=
10.1.1.1
DSLAM Loopback 1=
172.16.1.1 2.2.2.1
DSL
Modem RADIUS=2.2.2.1
ISP2 RADIUS
[email protected]
ERX

• By default, ERX uses the Router ID as the Source IP address in packets sent to the RADIUS server
• Control the IP address by explicitly configuring the Source IP address used to communicate with the RADIUS server
- radius update-source-addr 192.168.1.1
- Configured per virtual router
• Verify that the RADIUS server has a route to the
configured address
Multiple RADIUS Servers

DSL RADIUS
Modem default 1.1.1.1
[email protected]
RADIUS=1.1.1.1
RADIUS=1.1.1.2
ISP1 RADIUS
1.1.1.2
RADIUS=1.1.1.3

VR2 RADIUS
1.1.1.3
RADIUS=2.2.2.1
DSLAM RADIUS=2.2.2.2
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX
RADIUS
2.2.2.2

• Direct Mode
• Round Robin
IP Address Assignment
GLOBAL
DOMAIN MAP DOMAIN VR
aaa domain-map isp1.com default
aaa domain-map isp2.com VR2
DSL RADIUS
Modem default 1.1.1.1
[email protected] DHCP
RADIUS=1.1.1.1
ISP1 1.1.2.1
UDP=1645
key=training Access Accept
[email protected]
192.168.1.10
VR2

RADIUS=2.2.2.1
UDP=1645
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX

• RADIUS Server
• Local IP Address Pool on the ERX
• DHCP Proxy Client
Local Address Pools
ip address pool local
ip local pool isp1pool
1.1.100.2-1.1.100.254
DSL RADIUS
Modem default 1.1.1.1
[email protected]
RADIUS=1.1.1.1
UDP=1645
ISP1
key=training Access Accept
[email protected]
255.255.255.254
VR2

RADIUS=2.2.2.1
UDP=1645
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX
DHCP Proxy Client

DSL DHCP
Modem default 1.1.2.1
[email protected] ip address-pool
dhcp
ip dhcp-server
ISP1
1.1.2.1 [email protected]
255.255.255.254

VR2

RADIUS=2.2.2.1
UDP=1645
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX
Determine Virtual Router
GLOBAL
DOMAIN MAP DOMAIN VR Interface
IPConf Req 0.0.0.0 aaa domain-map isp1.com default Loopback 1
aaa domain-map isp2.com VR2 Loopback 1 RADIUS
1.1.1.1
DSL
Modem default
[email protected]

IPConf Req ?.?.?.? Loopback 1 = ISP1


192.168.1.1/24

VR2
Loopback 1
DSLAM 172.16.1.1/16
RADIUS
2.2.2.1
DSL
Modem ISP2
[email protected]
ERX
• Unnumbered interfaces associated with a loopback interface
• Loopbacks are IP Interfaces configured per virtual router
• Which Virtual Router should be used?
- Domain Map
- RADIUS Vendor Specific Attribute
- Profile
IP NCP Negotiation
GLOBAL
DOMAIN MAP DOMAIN VR Interface
IPConf Req 0.0.0.0 aaa domain-map isp1.com default Loopback 1
aaa domain-map isp2.com VR2 Loopback 1
RADIUS
DSL
Modem default 1.1.1.1
[email protected]
IPConf Nak 192.168.1.10 Loopback 1 = ISP1
IPConf Req 192.168.1.10 192.168.1.1/24

VR2
Loopback 1
172.16.1.1/16
IPConf Ack 192.168.1.10
RADIUS
2.2.2.1
IPConf Req 192.168.1.1
ISP2
IPConf Ack 192.168.1.1 ERX

Default Virtual Router’s IP Routing Table


Prefix/Length Next Hop Dist/Met Interface
192.168.1.0/24 192.168.1.1 0/1 Loopback1
192.168.1.10/32 0.0.0.0 2/1 atm 5/1.1
Name Servers
aaa dns primary 1.1.1.10
aaa dns secondary 1.1.1.11
aaa wins primary 1.1.1.10
aaa wins secondary 1.1.1.11
DSL RADIUS
Modem default 1.1.1.1
[email protected]
RADIUS=1.1.1.1 ISP1 DNS/WINS
1.1.1.10

VR2 DNS/WINS
1.1.1.11
RADIUS=2.2.2.1
DSLAM
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX

• DNS/WINS
• Obtained two different ways:
- RADIUS
- Configured on ERX per virtual router
Accounting

DSL RADIUS
Modem default 1.1.1.1
[email protected]
RADIUS=1.1.1.1
UDP=1646
ISP1
key=training

VR2

RADIUS=2.2.2.1
UDP=1646
DSLAM key=training
DSL RADIUS
Modem
ISP2 2.2.2.1
[email protected]
ERX

• RADIUS Accounting Start Record Sent


PPP over ATM Interface Columns
Which Virtual Router? IP Interface IP Interface
Which IP address to cache?

PPP Interface PPP Interface


Authentication Type
1 per Client 1 per Client

Slot/Port.Subinterface ATM Subinterface ATM Subinterface


PVC 1 per Client 1 per Client

Slot/Port
Framing ATM Interface
# VC per VP (UT3 or UE3)

Clocking UT3 / UE3


Framing OC3c
Profiles
[email protected] [email protected]
Statically IP Interface
Profile Dynamically
Created IP Interface Created

PPP Interface PPP Interface

Global ATM Subinterface ATM Subinterface


Configuration

Static
Configuration ATM Interface

UT3 / UE3
OC3c

• Placeholder or Trigger to dynamically create an IP


interface in the appropriate virtual router using a
common set of IP attributes
B-RAS Configuration Steps - Initial Setup
GLOBAL
• Configure a B-RAS License
• DOMAIN MAP DOMAIN VR Interface
Configure Virtual Routers
• Configure Loopback Interfaces aaa domain-map isp1.com default Loopback 1
- Per Virtual Router aaa domain-map isp2.com VR2 Loopback 1
• Configure the Domain Map
- Global Table
default
• Configure the RADIUS Authentication and Accounting Servers and
Parameters
- Per Virtual Router Loopback1=192.168.1.1
• Configure Name Servers
- Per Virtual Router RADIUS=1.1.1.1
• Configure Local IP Address Pools UDP = 1645
- Per Virtual Router
key=training
• If using dynamic interfaces, configure Profiles
- Specify common parameters
- Global in nature VR2
Loopback1=172.16.1.1

RADIUS =2.2.2.1
UDP = 1645
key=training
PPP over ATM Configuration Steps
[email protected] [email protected]
• Configure UT3/U3E Controller Dynamic
- Clocking, Framing, Shutdown IP Interface IP Interface
via Profile
• Configure ATM interface
- # VCs per VP, Framing
PPP Interface PPP Interface
• Configure the following per user:
- Configure ATM Subinterface
- Configure PVC, PVC encapsulation
ATM Subinterface ATM Subinterface
- Configure Encapsulation PPP
- Specify PPP Authentication CHAP/PAP
- Statically Configured IP Interfaces
• Configure IP Address ATM Interface
• Configure ip access-routes
- Dynamically Created Interfaces
UT3 / UE3
• Apply a Profile OC3c
How can I tell if it is working?
• show subscriber <username@domain>
erx5#show subscriber
Subscriber List
Addr Virtual
User Name IP Address Source Router
-------------------------------- --------------- ------ ------------
[email protected] 192.168.1.8 radius default
[email protected] 172.16.2.2 radius vr2
[email protected] 172.16.2.3 radius vr2
User Name Interface Login Time
-------------------------------- ------------------ -------------------
[email protected] atm 5/1.1 01/04/17 14:00:32
[email protected] atm 5/1.2 01/04/17 14:00:33
[email protected] atm 5/1.3 01/04/17 14:00:33
• show radius statistics
• show aaa domain-map
• test aaa username password
• show ip route | include atm 5/1.1
• show ppp interface | include slot/port.subinterface
• show ppp interface state up
• show ppp interface full
• show ppp interface status
• show ppp interface summary
ERX Logging Overview
• ERX logging must be explicitly configured
• ERX Log Messages
- Categories
• Examples include snmp, telnet, ipInterface, pppPacket, ospfPktsSent/Rcvd,
bgpConnection
- Filters
• Per interface, connection, router, slot
- Severity
• emergency 0
• alert 1
• critical 2
• error 3
• warning 4
• notice 5
• info 6
• debug 7
Where do the log messages go?
Volatile Memory
DEBUG pppPacket (interface serial 4/0:1/1):,
tx lcp echoResp
DEBUG pppPacket (interface serial 4/0:1/1): • Volatile Memory on SRP
tx lcp echoReq
DEBUG pppPacket (interface serial 4/0:1/1):, U - Max Size = 750 entries
rx lcp echoResp,
• Flash
- system.log
Flash
- 64 K maximum size
1-3-0.rel
system.log - Severity Critical or higher
reboot.hty - ASCII file
• ERX Console
- Real-time
• Telnet/SSH Session
- Real-time
• Syslog
- Multiple Hosts
- Facility (0-7) per Host

Console
Telnet Syslog
Default ERX Logging Configuration

ERX-00-70-d0#show log config


log destination console severity WARNING
log destination nv-file severity CRITICAL
no log engineering
log fields timestamp instance no-calling-task
log here
no log severity

category severity verbosity filters notes


------------------------- -------- --------- ------- -----
NameResolverLog ERROR low
aaaAtm1483Cfg ERROR low
aaaEngineGeneral ERROR low
aaaServerGeneral ERROR low
aaaUserAccess ERROR low
addressServerGeneral ERROR low
atm ERROR low
atm1483 ERROR low
.....
ppp ERROR low
pppPacket --- low
pppStateMachine --- low
pppoe ERROR low
pppoeControlPacket --- low
profileMgr ERROR low
Configuring DEBUG Logging on a PPP Interface

ERX1(config)#log severity debug pppPacket atm 5/1.1


ERX-00-70-d0(config)#end
ERX-00-70-d0#show log config
log destination console severity WARNING
log destination nv-file severity CRITICAL
no log engineering
log fields timestamp instance no-calling-task
log here
no log severity

category severity verbosity filters notes


------------------------- -------- --------- ------- -----
NameResolverLog ERROR low
aaaAtm1483Cfg ERROR low
.....
policyMgrPacketLog ERROR low
ppp ERROR low
pppPacket --- low 1
pppStateMachine --- low
pppoe ERROR low
pppoeControlPacket --- low

log severity DEBUG pppPacket atm 5/1.1


Viewing the ERX Log - LCP & CHAP
ERX6(config)#cont t3 5/1
ERX6(config-controll)#no shutdown
ERX6(config-controll)#end
ERX6#show log data category pppPacket severity debug
*** stored log messages ***
*** log: pppPacket
*** severity: DEBUG and higher
*** no baseline

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.00, tx lcp confReq, id = 40, length = 19, mru = 9178, authentication =
chap MD5, magicNumber = 0x070c43db

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.00, rx lcp confReq, id = 60, length = 14, mru = 9178, magicNumber =
0x7553a501

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.00, tx lcp confAck, id = 60, length = 14, mru = 9178, magicNumber =
0x7553a501

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.00, rx lcp confAck, id = 40, length = 19, mru = 9178, authentication =
chap MD5, magicNumber = 0x070c43db

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.00, tx chap challenge, id = 172, length = 39, challenge length = 30,
challenge = 6e c0 41 2a 50 7a 23 60 8f 43 b5 0b 8f 9e 90 29 72 ae c0 6c cb f6 ef 2e 01 ab 99 3b c8 6d, name = 'ERX6' 45 52 58 36

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.01, rx chap response, id = 172, length = 35, response length = 16,
response = 5d ed 51 8c 0b aa 4c 03 d2 69 b4 d2 4a b9 49 1e, name = '[email protected]' 74 79 6c 65 72 40 69 73 70 31 2e 63 6f 6d

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.86, tx chap
success, id = 172, length = 4
Example PPP over ATM Log - IP NCP

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.86, tx ipNcp
confReq, id = 244, length = 10, ipAddress = 192.168.1.1

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.87, rx ipNcp
confReq, id = 96, length = 10, ipAddress = 0.0.0.0

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.87, tx ipNcp
confNak, id = 96, length = 10, ipAddress = 192.168.1.2

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.87, rx ipNcp
confAck, id = 244, length = 10, ipAddress = 192.168.1.1

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.87, rx ipNcp
confReq, id = 97, length = 10, ipAddress = 192.168.1.2

DEBUG 11/28/2001 12:46:35 pppPacket (interface atm 5/1.1): time: 0.87, tx ipNcp
confAck, id = 97, length = 10, ipAddress = 192.168.1.2
Additional ERX Log Configuration
Options
• To view the log file on the flash
- erx1#show log data nv-file
• To view pppPacket DEBUG log messages real-time on the console
- erx1(config)#log destination console severity debug
• To direct log messages to a Telnet/SSH session
- erx1(config)#log here
• To quickly disable logging DEBUG messages to the console:
- erx1(config)#no log here
OR
- erx1(config)#log destination console off
OR
- erx1(config)#log destination console severity warning
• To turn off all logging filters:
- erx1(config)#no log filters
• With release 3.2 the baseline log and delta functions are available
– erx1#baseline log
– erx1#show log data category pppPacket severity debug delta
Useful Logging Categories for PPP
over ATM
• pppPacket
• aaaUserAccess
• radiusAttributes
• radiusClient
Unit 5
PPP over Ethernet
and
Dynamic Interfaces
PPP over Ethernet Unit Objectives

• List the benefits of using PPP over Ethernet


• Describe the two stages of PPP over Ethernet
• Describe the basic Life of a Packet for PPP over Ethernet
• Configure the ERX for PPP over Ethernet
• Verify PPP over Ethernet operation using show commands and logging
• Describe the different types of Dynamic Interfaces (IP, PPP, PPPoE)
• Configure the ERX to support Dynamic Interface detection and creation
• Describe dynamic interfaces in Bridged and Routed 1483 using the Subscriber
functionality
Remember the ‘Old Days’

Modem
RADIUS
[email protected]
Routers ISP1
RAS
PPP Session

Modem

RADIUS ISP2
[email protected]

• Relatively slow access rates using dedicated POTS line


• Point to point session between the PC and the RAS
• RAS terminated the PPP session
• Packets sent to appropriate routers
Multiple Clients per ATM PVC
PPP over Ethernet
DSL
[email protected] Modem
ISP1

[email protected] ERX
U
ATM

ATM ISP2
DSLAM Switch
DSL
Modem
[email protected]

• High speed access using shared POTS line


[email protected] • Multiple users per DSL modem
• ATM PVC per modem, PPP Session per User
• How do I setup a connection and perform authentication without a dedicated connection?

[email protected]
PPP over Ethernet (PPPoE) - RFC 2516
IP Data

PPP
DSL Session ID
[email protected] Modem

DA=X
SA=A
Type=PPP ISP1
[email protected] ERX
MAC=A
U

ATM

ATM
DSLAM Switch MAC=X
DSL
Modem
[email protected] ISP2
ISP2
• General Frame Format
• PC Requirements
• Two Stages of PPPoE
- Discovery Stage

PPP Session Stage


[email protected] -

[email protected]
PPP over Ethernet - Life of a Packet
ERX
U
DSL
Bridge
Internet

DSL
Modem

IP Datagram IP Datagram IP Datagram

PPP PPP Layer 3= IP

Type=PPPoE Type=PPPoE Encap X

Ethernet Ethernet

Bridged 1483

ATM
Life of a Packet - PPPoE Discovery Stage

DSL
[email protected] Modem

ISP1
[email protected] ERX
U
MAC=A
ATM
PPPoE Active DA=FF
SA=A
Discovery Initiation
Type=Disc
PADI ATM
PPP DSLAM Switch MAC=X
Services
DA=A PPPoE Active
SA=X
Type=Disc
Discovery Offer ISP2
ISP2
PADO
PPP
PPPoE Active SessionID=
Discovery Request DA=X 0000
SA=A
PADR Type=Disc PPPoE Active
PPP Discovery Session
DA=A
SessionID= SA=X Confirmation
0000
Type=Disc PADS
PPP
SessionID=
1234
Life of a Packet - PPPoE PPP Session Stage

DSL
[email protected] Modem

ISP1
[email protected] ERX
MAC=A
U

ATM
DA=X
SA=A
PPP LCP Type=PPP
ATM
PPP DSLAM MAC=X
SessionID= Switch
1234
PPP LCP
DA=A ISP2
ISP2
SA=X
Type=PPP
PPP
SessionID=
1234

• PPP data sent like any other PPP session


A Different Way of Viewing Things
PPPoE over ATM
[email protected] [email protected] [email protected] [email protected]
Static or Dynamic Static or Dynamic Dynamic Dynamic
IP Interface IP Interface IP Interface IP Interface

PPP Interface PPP Interface PPP Interface PPP Interface


1 per User 1 per User 1 per User 1 per User

PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface


1 per User 1 per User 1 per User 1 per User

PPPoE Interface PPPoE Interface


1 per Modem 1 per Modem

ATM Subinterface ATM Subinterface


1 per Modem 1 per Modem

ATM Interface

UT3 / UE3
PPPoE over ATM Configuration Steps
• Configure UT3/U3E Controller
- Clocking, Framing, Shutdown IP Interface IP Interface
• Configure ATM interface
- # VCs per VP, Framing PPP Interface PPP Interface
• Configure the following per modem: 1 per User 1 per User
- Configure ATM Subinterface
- Configure PVC, PVC encapsulation PPPoE Subinterface PPPoE Subinterface
- Specify PPPoE Encapsulation 1 per User 1 per User
• Configure the following per user:
- Configure the PPPoE Subinterface
- Specify encapsulation PPP
PPPoE Interface
1 per Modem
- Configure PPP Authentication
- Static IP Interfaces
ATM Subinterface
• Configure IP address 1 per Modem
• Configure ip access-routes
- Dynamic IP Interfaces
• Specify a Profile for IP
ATM Interface

UT3 / UE3
PPPoE over Ethernet without
•VLANs
Configure Ethernet interface Static Dynamic
- Configure 1 IP Interface IP Interface IP Interface
- Configure the PPPoE Major Interface
PPP Interface PPP Interface
• Configure the following per user: 1 per User 1 per User
- Configure the PPPoE Subinterface
- Specify encapsulation PPP PPPoE Subinterface PPPoE Subinterface
1 per User 1 per User
- Configure PPP Authentication
- Static IP Interfaces
• Configure IP address IP Interface PPPoE
Major Interface
• Configure ip access-routes
- Dynamic IP Interfaces
• Specify a Profile for IP FE/GE
• Limitations
- 1 IP-only Interface per port
- 1 PPPoE Major Interface per port
- 4096 PPPoE Subinterfaces per Line Module
PPPoE over Ethernet with VLANs
• Configure Ethernet interface
Static Dynamic
- Specify VLAN encapsulation IP Interface IP Interface
• Configure the following per VLAN:
- Create the new VLAN subinterface PPP Interface PPP Interface
- Assign a VLAN id 1 per User 1 per User
- For IP-Only VLANs:
• Configure the IP Address
- For PPPoE VLANs: PPPoE Subinterface PPPoE Subinterface
1 per User 1 per User
• Create the PPPoE Major Interface
• Create the PPPoE Subinterface
• Specify encapsulation PPP PPPoE
• Configure PPP Authentication
IP Interface
Major Interface
• Static IP Interfaces
• Configure IP address
• Configure ip access-routes VLAN Subinterface VLAN Subinterface
• Dynamic IP Interfaces VLAN id = 100 VLAN id = 200
• Specify a Profile for IP
• Limitations
- 1 IP-only Interface per VLAN
- 1 PPPoE Major Interface per VLAN VLAN
- 4096 PPPoE Subinterfaces per Line
Module
FE/GE
How can I tell if it is working?
• show subscriber <username@domain>
• show radius statistics
• show ip route
• show aaa domain-map
• test aaa username password

• show ppp interface state up


• show ppp interface full
• show ppp interface status

• show pppoe interface


• show pppoe subinterface
• show pppoe interface atm <interface>
• show pppoe subinterface atm <interface>

• show atm sub atm <interface>


How can I tell if it is working?
• The log is your friend! Use it!

• Configure logging:
- log destination console severity 7
- log severity 7 pppPacket atm 5/1.11.1 (PPP Interface)
- log severity 7 pppoeControlPacket atm 5/1.11.1 (PPPoE
Subinterface)
- log severity 7 pppoe

• Other Categories
- aaaUserAccess
- aaaServerGeneral
- radiusClient
PPP over Ethernet Successful Log
PPP LCP and CHAP
DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,
time: 0.00, tx lcp confReq, id = 168, length = 19, mru = 1492,
authentication = chap MD5,magicNumber = 0x77b5123a

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.00, rx lcp confReq, id = 139, length = 14, mru = 1492,
magicNumber =0x5c79ec11

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.00, tx lcp confAck, id = 139, length = 14, mru = 1492,
magicNumber = 0x5c79ec11

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.00, rx lcp confAck, id = 168, length = 19, mru = 1492,
authentication = chap MD5,magicNumber = 0x77b5123a

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.00, tx chap challenge, id = 39, length = 36, challenge length =
21, challenge = 09 93 34 3a 52 1c 16 30 1c 19 1a 38 22 23 ce 03 13 40
a2 0a 56, name = 'RX-0-70-D0' 52 58 2d 30 2d 37 30 2d 44 30

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.00, rx chap response, id = 39, length = 33, response length =
16, response = 4b 55 b0 e4 96 ff fa 0f e1 4b 2d 5b 6b 39 5b e6, name =
'[email protected]' 74 69 6d 40 69 73 70 31 2e 63 6f 6d

DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,


time: 0.01, tx chap success, id = 39, length = 4
PPP over Ethernet Successful Log
PPP IP NCP & PPPoE
DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,
time: 0.41, tx ipNcp confReq, id = 25, length = 10, ipAddress =
1.1.100.1
DEBUG 09/28/1999 05:38:44 pppPacket (1000006,*): interface: 5/1.11.1,
time: 0.42, rx ipNcp confAck, id = 25, length = 10, ipAddress =
1.1.100.1
DEBUG 09/28/1999 05:38:44 pppoe (0,*): status change num = 2

DEBUG 09/28/1999 05:38:44 pppoe: Link up for PppoeSub 0x12000006,


adminStatus=adminStatusUp, operStatus=operStatusUp

DEBUG 09/28/1999 05:38:44 pppoe: Link up for PppoeSub 0x12000002,


adminStatus=adminStatusUp, operStatus=operStatusUp
DEBUG 09/28/1999 05:38:48 pppPacket (1000006,*): interface: 5/1.11.1,
time: 3.00, rx ipNcp confReq, id = 113, length = 10, ipAddress =
0.0.0.0

DEBUG 09/28/1999 05:38:48 pppPacket (1000006,*): interface: 5/1.11.1,


time: 3.00, tx ipNcp confNak, id = 113, length = 10, ipAddress =
1.1.100.2

DEBUG 09/28/1999 05:38:48 pppPacket (1000006,*): interface: 5/1.11.1,


time: 3.00, rx ipNcp confReq, id = 114, length = 10, ipAddress =
1.1.100.2

DEBUG 09/28/1999 05:38:48 pppPacket (1000006,*): interface: 5/1.11.1,


time: 3.00, tx ipNcp confAck, id = 114, length = 10, ipAddress =
1.1.100.2
Dynamic IP Interfaces using Profiles
[email protected] [email protected] [email protected] [email protected]

Dynamic IP Interface IP Interface IP Interface IP Interface

PPP Interface PPP Interface PPP Interface PPP Interface


1 per User 1 per User 1 per User 1 per User
Static
PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface
1 per User 1 per User 1 per User 1 per User

PPPoE Interface PPPoE Interface


1 per Modem 1 per Modem

ATM Subinterface ATM Subinterface


1 per Modem 1 per Modem

ATM Interface

UT3 / UE3
Dynamic PPP, PPPoE and IP Interfaces
[email protected] [email protected] [email protected] [email protected]

Dynamic IP Interface IP Interface IP Interface IP Interface

Dynamic PPP Interface PPP Interface PPP Interface PPP Interface


1 per User 1 per User 1 per User 1 per User

PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface


Dynamic 1 per User 1 per User 1 per User 1 per User

PPPoE Interface PPPoE Interface


Dynamic
1 per Modem 1 per Modem

ATM Subinterface ATM Subinterface


Static 1 per Modem 1 per Modem

ATM Interface

UT3 / UE3
Tools for Building Dynamic Interface
Columns
[email protected] [email protected]
3 Tools
- aal5autoconfig IP Interface IP Interface

- Profiles
- auto-configure PPP Interface PPP Interface
1 per User 1 per User
• aal5autoconfig
- Automatically detect the ATM 1483 PPPoE Subinterface PPPoE Subinterface
encapsulation on the PVC 1 per User 1 per User
- Automatically configures the PVC with
either AAL5 LLC/SNAP or VC MUX PPPoE Interface
- First packet received determines the 1 per Modem

configuration ATM Subinterface


1 per Modem

ATM Interface

UT3 / UE3
Profiles
• Creating Profiles [email protected] [email protected]
- Common configuration parameters
- IP IP Interface
IP Interface
• ip access-routes, virtual-router, MTU
- PPP
• authentication, MRU, keepalive PPP Interface PPP Interface
- PPPoE 1 per User 1 per User
• sessions, URL, MOTM
- Flexible configuration PPPoE Subinterface PPPoE Subinterface
• Profile per protocol type 1 per User 1 per User
• Profile with all protocols included
• Applying Profiles PPPoE Interface
- profile <ip, ppp, pppoe, any> profile-name 1 per Modem
- Specify the desired layer above the ATM
subinterface ATM Subinterface
1 per Modem
- To support any interface type, use the key word
any and include all configuration parameters in
the profile
- To limit the type of interface supported, specify ATM Interface
the protocol above the ATM subinterface

UT3 / UE3
Auto-configure
[email protected] [email protected]
• auto-configure <ip ppp pppoe
bridgedEthernet> IP Interface IP Interface
• Automatically detects and configures the
specified layer and above PPP Interface PPP Interface
1 per User 1 per User
• Works hand in hand with the applied
profile
PPPoE Subinterface PPPoE Subinterface
• To limit traffic to a single protocol, use a 1 per User 1 per User
single auto-configure statement
PPPoE Interface
• To dynamically detect the upper layer 1 per Modem
protocol and configure the appropriate
stack (either PPPoE or PPPoA), use ATM Subinterface
1 per Modem
multiple auto-configure statements
referencing the different protocols
ATM Interface

UT3 / UE3
Dynamic Interface Configuration - Only PPPoE

[email protected] [email protected]
• Build a Dynamic Interface that ONLY allows a
maximum of 5 PPPoE Interfaces. PPPoA is NOT IP Interface IP Interface
supported
• Configure a Profile for IP/PPP/PPPoE configuration
information: PPP Interface PPP Interface
- profile ip-ppp-pppoe-info 1 per User 1 per User
• ip access-route
• ppp authentication chap pap PPPoE Subinterface PPPoE Subinterface
1 per User 1 per User
• pppoe sessions 5

• Configure the following ATM PVC referencing the


profile above: PPPoE Interface
1 per Modem
- interface atm 5/1.12
• atm pvc 11 0 111 aal5autoconfig ATM Subinterface
• profile pppoe ip-ppp-pppoe-info 1 per Modem
• auto-configure pppoe

ATM Interface

UT3 / UE3
Dynamic Interface Configuration
PPPoA or PPPoE
[email protected] [email protected]
• Configure a Profile with IP, PPP and PPPoE
Configuration Information: IP Interface IP Interface
- profile ip-ppp-pppoe-info
• ip access-route
PPP Interface PPP Interface
• ppp authentication chap pap 1 per User 1 per User
• pppoe sessions 5 [email protected]
• Configure the following ATM PVC PPPoE Subint PPPoE Subint
IP Interface
referencing the profile above: 1 per User 1 per User
- interface atm 5/1.13
• atm pvc 13 0 113 aal5autoconfig PPP Interface PPPoE Interface
• profile any ip-ppp-pppoe-info
1 per User 1 per Modem
• auto-configure ppp
ATM Subinterface ATM Subinterface
• auto-configure pppoe
1 per Modem 1 per Modem

ATM Interface

UT3 / UE3
Dynamic Interface Configuration – PPPoA
or PPPoE using different profiles
[email protected] [email protected]
• Configure a Profile with IP, PPP and PPPoE
Configuration Information: IP Interface IP Interface
- profile PPPoA-info
• ip access-route
• ppp authentication chap PPP Interface PPP Interface
- profile PPPoE-info 1 per User 1 per User
• ip access-route [email protected]
• ppp authentication pap PPPoE Subint PPPoE Subint
IP Interface
• pppoe sessions 5 1 per User 1 per User
• Configure the following ATM PVC referencing the
profiles above: PPP Interface PPPoE Interface
- interface atm 5/1.14 1 per User 1 per Modem
• atm pvc 14 0 114 aal5autoconfig
• profile ppp PPPoA-info
ATM Subinterface ATM Subinterface
• profile pppoe PPPoE-info 1 per Modem 1 per Modem
• auto-configure ppp
• auto-configure pppoe

ATM Interface

UT3 / UE3
Dynamic Interfaces – Routed 1483
• Static Configuration
- ATM Subinterface
- ATM PVC IP Interface IP Interface

• Dynamic Configuration
- Encapsulation (aal5snap vs. mux ip) Dynamic Subscriber Subscriber
- Encapsulation (Bridged or not) Information Information
- IP Interface
• Routing Configuration ATM ATM
- RADIUS Involvement Subinterface Subinterface
- ‘Subscriber’ authenticated via RADIUS
- ‘Subscriber’ or Interface attributes
returned by RADIUS Static
ATM
Major Interface
• Framed IP Address for customer WAN
interface
• Framed route for remote customer networks UT3 / UE3
OCxc
• Injected into ERX routing table when dynamic
interface built
• Others possible, such as policies
Dynamic Interfaces – Routed 1483

[email protected]
Password = companyx
Return RADIUS attribtutes
Framed IP = 30.30.30.30
Loopback 30 Framed Route =
Company X 30.30.30.1/24 40.40.40.0/24
U
[email protected] RADIUS
DSL
Router

ip unnumbered
30.30.30.30 Internet
loopback 30
Remote Network Subscriber Information
40.40.40.0/24 [email protected]

• Company X requires a Routed 1483 Connection


• CompanyX’s routing configuration is stored on the RADIUS server
- Framed IP address for the WAN interface (30.30.30.30/32)
- Framed Route for the remote network (40.40.40.0/24)
Subscriber Information
[email protected]
Password = companyx
Loopback 30 Return RADIUS attribtutes
Company X 30.30.30.1/24 Framed IP = 30.30.30.30
[email protected] U Framed Route =
RADIUS 40.40.40.0/24
DSL
Router

ip unnumbered
30.30.30.30 Internet
loopback 30
Remote Network Subscriber Information
40.40.40.0/24 [email protected]
• Locally administered authentication
- Mimics PPP login information
• Subscriber information configured on the ERX on the customer’s interface
- Interface type = IP
- Subscriber = companyx
- Domain = isp1.com
- Password = companyx
• ‘Authenticated’ via RADIUS to obtain extra configuration information
- Framed IP address, Framed Route
• Supported on Routed or Bridged 1483 Connections
IP Address Assignment & Routing
Configuration
Default Virtual Router’s IP Routing Table
Prefix/Length Next Hop Dist/Met Interface Type
[email protected] 192.168.1.0/24 192.168.1.1 0/1 Loopback1 Connect
30.30.30.30/32 0.0.0.0 2/1 atm 5/0.30 AccessInternal
40.40.40.0/24 0.0.0.0 2/1 atm 5/0.30 Access
DSL
Router
RADIUS
default 1.1.1.1
30.30.30.30
Remote Network RADIUS=1.1.1.1
UDP=1645
AT&T
40.40.40.0/24
key=training [email protected]
Framed IP &
[email protected] Framed Route
VR2
DSL
Router RADIUS=2.2.2.1 RADIUS
DSLAM UDP=1645
key=training
50.50.50.50
Remote Network ISP2 2.2.2.1
60.60.60.0/24
ERX
• Static IP address configured on the Customer’s Router
• RADIUS Server returns the routing configuration
- Framed IP address = Customer’s WAN Interface
- Framed Route = Customer’s Remote Network
Dynamic Interface Configuration
Only Routed 1483
• Build a Dynamic Interface that ONLY allows a Routed 1483
connection. Bridged 1483 connections are NOT permitted.
IP Interface IP Interface
• Configure a Profile for IP configuration information:
- profile rt1483-info
• ip access-route Subscriber Subscriber
• ip virtual-router default
Information Information

• ip unnumbered loopback 30
• Configure the ATM PVC referencing the profile above: ATM ATM
Subinterface Subinterface
- interface atm 5/0.30
• profile ip rt1483-info
• subscriber ip user CompanyX domain isp1.com
ATM
password companyx Major Interface
• auto-configure ip
• atm pvc 30 0 30 aal5autoconfig UT3 / UE3
OCxc
Dynamic Interface Configuration
Routed 1483 OR Bridged 1483
• Configure a Profile with IP Configuration Information: Elmo
- profile all-1483-info
IP Interface
• ip access-route CompanyX
• ip virtual-router default
• ip unnumbered loopback 30 Subscriber
IP Interface
• Configure the ATM PVC referencing the profile above: Information
- interface atm 5/0.35
• profile any all-1483-info Subscriber
Bridged1483
Information
• subscriber ip user CompanyX domain isp1.com
password companyx
• subscriber bridgeEthernet user elmo domain isp1.com ATM ATM
password elmo Subinterface Subinterface
• auto-configure ip
• auto-configure bridgeEthernet
• atm pvc 35 0 35 aal5autoconfig ATM
Major Interface

UT3 / UE3
OCxc
Bridged 1483 or Routed 1483
Different Profiles
• Configure a Profile with IP Configuration Information: Elmo
- profile rt1483-info
• ip access-route IP Interface
• ip virtual-router default CompanyX
• ip unnumbered loopback 30
- profile br1483-info
• ip access-route IP Interface Subscriber
• ip virtual-router vr2
Information
• ip unnumbered loopback 20
• Configure the ATM PVC referencing the profiles above: Subscriber
- interface atm 5/0.36 Bridged1483
Information
• profile ip rt1483-info
• profile bridgeEthernet br1483-info
• subscriber ip user CompanyX domain isp1.com password
ATM ATM
companyx Subinterface Subinterface
• subscriber bridgeEthernet user elmo domain isp1.com password
elmo
• auto-configure ip
• auto-configure bridgeEthernet
ATM
• atm pvc 36 0 36 aal5autoconfig
Major Interface

UT3 / UE3
OCxc
Example Log using aaaUserAccess and
radiusAttributes
erx7:cpe-router#ping 30.30.30.1
Sending 5 ICMP echos to 30.30.30.1, timeout = 2 sec.
DEBUG 10/29/2001 12:45:29 radiusAttributes: USER ATTRIBUTES: ([email protected])
DEBUG 10/29/2001 12:45:29 radiusAttributes: class attr: SBR-CL DN="[email protected]" AT="0"
DEBUG 10/29/2001 12:45:29 radiusAttributes: framed IP address attr: 30.30.30.30
DEBUG 10/29/2001 12:45:29 radiusAttributes: framed route attr: 40.40.40.0/24
INFO 10/29/2001 12:45:29 aaaUserAccess: User: [email protected], access granted
...!!
Success rate = 40% (2/5), round-trip min/avg/max = 3/3/3 ms
erx7:cpe-router#ping 30.30.30.1
Sending 5 ICMP echos to 30.30.30.1, timeout = 2 sec.
!!!!!
Success rate = 100% (5/5), round-trip min/avg/max = 3/3/3 ms

You might also like