www.raisecom.com RAX711-C (A) Configuration Guide (Rel_01) Raisecom Proprietary and Confidential i Copyright © Raisecom Technology Co., Ltd. Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any assistance, please contact our local office or company headquarters. Website: http://www.raisecom.com Tel: 8610-82883305 Fax: 8610-82883056 Email:
[email protected] Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing, P.R.China Postal code: 100094 ----------------------------------------------------------------------------------------------------------------------------------------- Notice Copyright © 2017 Raisecom All rights reserved. No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom Technology Co., Ltd. is the trademark of Raisecom Technology Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied. Raisecom RAX711-C (A) Configuration Guide Preface Preface Objectives This document introduces features and related configurations supported by the RAX711-C, including basic principles and configuration procedures of basic configurations, zero- configuration, interface management, Ethernet, IP services, routing, OAM, QoS, network reliability, security, and system management and maintenance. In addition, this document provides related configuration examples. The appendix of this document provides terms, acronyms, and abbreviations involved in this document. This document helps you master principles and configurations of the RAX711-C systematically, and networking with the RAX711-C. Versions The following table lists the product versions related to this document. Product name Product version Hardware version RAX711-C P100R001C00 or later A.00 or later Conventions Symbol conventions The symbols that may be found in this document are defined as follows. Symbol Description Indicate a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury. Indicate a potentially hazardous situation that, if not avoided, could cause equipment damage, data loss, and performance degradation, or unexpected results. Raisecom Proprietary and Confidential i Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Symbol Description Provide additional information to emphasize or supplement important points of the main text. Indicate a tip that may help you solve a problem or save time. General conventions Convention Description Times New Roman Normal paragraphs are in Times New Roman. Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial. Boldface Names of files, directories, folders, and users are in boldface. For example, log in as user root. Italic Book titles are in italics. Lucida Console Terminal display is in Lucida Console. Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book Antiqua. Command conventions Convention Description Boldface The keywords of a command line are in boldface. Italic Command arguments are in italics. [] Items (keywords or arguments) in square brackets [ ] are optional. { x | y | ... } Alternative items are grouped in braces and separated by vertical bars. Only one is selected. [ x | y | ... ] Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. { x | y | ... } * Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected. [ x | y | ... ] * Optional alternative items are grouped in square brackets and separated by vertical bars. A minimum of none or a maximum of all can be selected. Raisecom Proprietary and Confidential ii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface User level conventions User level Description 0–4 Checking level: execute basic commands for performing network diagnostic function, clearing system information, and showing command history. 5–10 Monitoring level: execute commands for system maintenance. 11–14 Configuration level: execute commands for configuring services, such as VLAN and IP routing. 15 Management level: execute commands for running systems. Interface type and value range Format Description interface-type Interface type, including: client: physical interface at the user side line: physical interface at the line side snmp: SNMP interface vlan: VLAN interface port-channel: LAG interface and sub-interface loopback: loopback interface interface-number Interface ID, varying with the device model and interface type, ranging as below: client: 1–12 line: 1–4 snmp: 1 vlan: 1–4094 port-channel: 1–3 loopback: 1 Change history Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions. Issue 01 (2017-07-10) Initial commercial release Raisecom Proprietary and Confidential iii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Contents 1 Basic configurations ..................................................................................................................... 1 1.1 CLI ................................................................................................................................................................... 1 1.1.1 Introduction ............................................................................................................................................. 1 1.1.2 Levels ...................................................................................................................................................... 2 1.1.3 Modes...................................................................................................................................................... 2 1.1.4 Shortcut keys ........................................................................................................................................... 5 1.1.5 Viewing command history ...................................................................................................................... 6 1.1.6 Acquiring help ......................................................................................................................................... 6 1.2 Accessing device .............................................................................................................................................. 9 1.2.1 Accessing device through Console interface ........................................................................................... 9 1.2.2 Accessing device through Telnet ........................................................................................................... 10 1.2.3 Accessing device through SSHv2 ......................................................................................................... 11 1.2.4 Managing users ..................................................................................................................................... 12 1.2.5 Checking configurations ....................................................................................................................... 13 1.3 File management ............................................................................................................................................ 13 1.3.1 Introduction ........................................................................................................................................... 13 1.3.2 Managing configuration files ................................................................................................................ 14 1.4 Backup and upgrade ....................................................................................................................................... 15 1.4.1 Introduction ........................................................................................................................................... 15 1.4.2 Upgrading system software in BootROM mode ................................................................................... 15 1.4.3 Upgrading system software in system configuration mode .................................................................. 18 1.4.4 Backing up system software in system configuration mode ................................................................. 19 1.4.5 Checking configurations ....................................................................................................................... 19 1.5 Time management .......................................................................................................................................... 19 1.5.1 Introduction ........................................................................................................................................... 19 1.5.2 Configuring time and time zone ............................................................................................................ 20 1.5.3 Configuring DST .................................................................................................................................. 21 1.5.4 Configuring NTP/SNTP ........................................................................................................................ 21 1.5.5 Checking configurations ....................................................................................................................... 22 1.6 Configuring Banner ........................................................................................................................................ 22 1.6.1 Preparing for configurations ................................................................................................................. 22 1.6.2 Configuring Banner............................................................................................................................... 22 Raisecom Proprietary and Confidential iv Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1.6.3 Enabling Banner display ....................................................................................................................... 23 1.6.4 Checking configurations ....................................................................................................................... 23 2 Interface management ................................................................................................................ 24 2.1 Introduction .................................................................................................................................................... 24 2.1.1 Ethernet interface .................................................................................................................................. 24 2.1.2 VLAN interface..................................................................................................................................... 24 2.1.3 Aggregation group interface .................................................................................................................. 24 2.1.4 Loopback interface ................................................................................................................................ 24 2.1.5 Interface configuration modes............................................................................................................... 24 2.2 Configuring basic information about interface ............................................................................................... 25 2.2.1 Configuring basic information about interface ..................................................................................... 25 2.2.2 Configuring Jumboframe on the interface ............................................................................................ 25 2.3 Configuring Ethernet interface ....................................................................................................................... 26 2.4 Configuring VLAN interface ......................................................................................................................... 26 2.5 Configuring loopback interface ...................................................................................................................... 26 2.6 Checking configurations ................................................................................................................................ 27 2.7 Maintenance ................................................................................................................................................... 27 3 Zero-configuration ...................................................................................................................... 28 3.1 Introduction .................................................................................................................................................... 28 3.1.1 Principles of zero-configuration ............................................................................................................ 28 3.1.2 CO zero-configuration .......................................................................................................................... 30 3.1.3 Zero-configuration of remote device..................................................................................................... 32 3.2 Configuring local zero-configuration ............................................................................................................. 33 3.2.1 Preparing for configurations ................................................................................................................. 33 3.2.2 Configuring zero-configuration server based on extended OAM ......................................................... 33 3.2.3 Configuring zero-configuration server based on DHCP ....................................................................... 35 3.2.4 Checking configurations ....................................................................................................................... 38 3.3 Configuring remote zero-configuration .......................................................................................................... 38 3.3.1 Preparing for configurations ................................................................................................................. 38 3.3.2 (Optional) configuring remote zero-configuration ................................................................................ 39 3.3.3 (Optional) configuring zero-configuration polling ................................................................................ 40 3.3.4 Checking configurations ....................................................................................................................... 40 3.4 Configuration examples ................................................................................................................................. 40 3.4.1 Example for configuring DHCP-based zero-configuration ................................................................... 40 3.4.2 Example for configuring zero-configuration based on extended OAM ................................................ 42 4 IP routing ...................................................................................................................................... 45 4.1 Introduction .................................................................................................................................................... 45 4.1.1 Routing.................................................................................................................................................. 45 4.1.2 Static route ............................................................................................................................................ 45 4.1.3 ARP ....................................................................................................................................................... 46 4.1.4 DHCP .................................................................................................................................................... 46 Raisecom Proprietary and Confidential v Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 4.2 Configuring route management ...................................................................................................................... 51 4.2.1 Preparing for configurations ................................................................................................................. 51 4.2.2 Configuring routing management ......................................................................................................... 51 4.2.3 Checking configurations ....................................................................................................................... 51 4.3 Configuring static route .................................................................................................................................. 52 4.3.1 Preparing for configurations ................................................................................................................. 52 4.3.2 Configuring static route ........................................................................................................................ 52 4.4 Configuring routing policy ............................................................................................................................. 53 4.4.1 Configuring IP prefix-list ...................................................................................................................... 53 4.4.2 Configuring route mapping table .......................................................................................................... 53 4.5 Configuring ARP ............................................................................................................................................ 54 4.5.1 Preparing for configurations ................................................................................................................. 54 4.5.2 .Configuring ARP ................................................................................................................................. 55 4.5.3 Checking configurations ....................................................................................................................... 55 4.6 Configuring DHCPv4 Client .......................................................................................................................... 55 4.7 Configuring DHCPv4 Server ......................................................................................................................... 57 4.7.1 Preparing for configurations ................................................................................................................. 57 4.7.2 Creating and configuring IPv4 address pool ......................................................................................... 57 4.7.3 Configuring DHCPv4 Server of the interface ....................................................................................... 58 4.7.4 Checking configurations ....................................................................................................................... 58 4.8 Maintenance ................................................................................................................................................... 58 4.9 Configuration examples ................................................................................................................................. 58 4.9.1 Example for configuring DHCPv4 Client ............................................................................................. 58 4.9.2 Example for configuring DHCPv4 Server ............................................................................................ 60 4.9.3 Example for configuring ARP ............................................................................................................... 61 5 Ethernet ......................................................................................................................................... 63 5.1 Introduction .................................................................................................................................................... 63 5.1.1 MAC address table ................................................................................................................................ 63 5.1.2 VLAN ................................................................................................................................................... 66 5.1.3 Super VLAN ......................................................................................................................................... 69 5.1.4 QinQ...................................................................................................................................................... 71 5.1.5 Loop detection ...................................................................................................................................... 72 5.1.6 Interface protection ............................................................................................................................... 72 5.1.7 Port mirroring........................................................................................................................................ 72 5.1.8 Storm control ........................................................................................................................................ 73 5.1.9 L2CP ..................................................................................................................................................... 74 5.2 Configuring MAC address table..................................................................................................................... 74 5.2.1 Preparing for configurations ................................................................................................................. 74 5.2.2 Configuring static MAC address table .................................................................................................. 75 5.2.3 Configuring dynamic MAC address table ............................................................................................. 75 5.2.4 Configuring blackhole MAC address .................................................................................................... 76 Raisecom Proprietary and Confidential vi Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 5.2.5 Configuring suppression of MAC address flapping .............................................................................. 76 5.2.6 Checking configurations ....................................................................................................................... 76 5.2.7 Maintenance .......................................................................................................................................... 76 5.3 Configuring VLAN ........................................................................................................................................ 77 5.3.1 Preparing for configurations ................................................................................................................. 77 5.3.2 Configuring VLAN properties .............................................................................................................. 77 5.3.3 Configuring VLANs based on Access interface .................................................................................... 78 5.3.4 Configuring VLANs based on Trunk interface ..................................................................................... 78 5.3.5 Checking configurations ....................................................................................................................... 79 5.4 Configuring super VLAN ............................................................................................................................... 79 5.4.1 Preparing for configurations ................................................................................................................. 79 5.4.2 Configuring super VLAN ..................................................................................................................... 80 5.4.3 Checking configurations ....................................................................................................................... 80 5.5 Configuring basic QinQ ................................................................................................................................. 81 5.5.1 Preparing for configurations ................................................................................................................. 81 5.5.2 Configuring basic QinQ ........................................................................................................................ 81 5.5.3 Configuring egress interface to Trunk mode ......................................................................................... 81 5.5.4 Checking configurations ....................................................................................................................... 82 5.6 Configuring selective QinQ ........................................................................................................................... 82 5.6.1 Preparing for configurations ................................................................................................................. 82 5.6.2 Configuring selective QinQ .................................................................................................................. 82 5.6.3 Checking configurations ....................................................................................................................... 83 5.7 Configuring VLAN mapping ......................................................................................................................... 84 5.7.1 Preparing for configurations ................................................................................................................. 84 5.7.2 Configuring 1:1 VLAN mapping .......................................................................................................... 84 5.7.3 Configuring N:1 VLAN mapping ......................................................................................................... 85 5.7.4 Checking configurations ....................................................................................................................... 85 5.8 Configuring loop detection............................................................................................................................. 85 5.8.1 Preparing for configurations ................................................................................................................. 85 5.8.2 Configuring loop detection ................................................................................................................... 85 5.8.3 Checking configurations ....................................................................................................................... 86 5.8.4 Maintenance .......................................................................................................................................... 86 5.9 Configuring interface protection .................................................................................................................... 86 5.9.1 Preparing for configurations ................................................................................................................. 86 5.9.2 Configuring interface protection ........................................................................................................... 87 5.9.3 Checking configurations ....................................................................................................................... 87 5.10 Configuring port mirroring ........................................................................................................................... 87 5.10.1 Preparing for configurations ............................................................................................................... 87 5.10.2 Configure port mirroring of CPU packets ........................................................................................... 87 5.10.3 Configuring port mirroring ................................................................................................................. 88 5.10.4 Checking configurations ..................................................................................................................... 88 5.11 Configuring storm control ............................................................................................................................ 88 Raisecom Proprietary and Confidential vii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 5.11.1 Preparing for configurations ................................................................................................................ 88 5.11.2 Configuring storm control ................................................................................................................... 88 5.11.3 Checking configurations ..................................................................................................................... 89 5.12 Configuring L2CP ........................................................................................................................................ 89 5.12.1 Preparing for configurations ............................................................................................................... 89 5.12.2 Configuring global L2CP .................................................................................................................... 89 5.12.3 Configuring L2CP profile ................................................................................................................... 90 5.12.4 Applying L2CP profile ........................................................................................................................ 91 5.12.5 Checking configurations ..................................................................................................................... 91 5.13 Maintenance ................................................................................................................................................. 91 5.14 Configuration examples ............................................................................................................................... 92 5.14.1 Example for configuring MAC address table...................................................................................... 92 5.14.2 Example for configuring VLAN and interface protection ................................................................... 93 5.14.3 Example for configuring basic QinQ .................................................................................................. 97 5.14.4 Example for configuring port mirroring ............................................................................................ 100 5.14.5 Examples for configuring storm control ........................................................................................... 101 5.14.6 Example for configuring L2CP ......................................................................................................... 102 6 Clock synchronization ............................................................................................................. 106 6.1 Introduction .................................................................................................................................................. 106 6.1.1 SyncE .................................................................................................................................................. 107 6.1.2 IEEE 1588 v2 protocol (PTP) ............................................................................................................. 107 6.2 Configuring clock synchronization based on SyncE .................................................................................... 108 6.2.1 Preparing for configurations ............................................................................................................... 108 6.2.2 Configuring clock source properties of SyncE ................................................................................... 108 6.2.3 Choosing clock source for SyncE manually ....................................................................................... 109 6.2.4 Checking configurations ..................................................................................................................... 109 6.3 Configuring PTP-based clock synchronization ............................................................................................ 109 6.3.1 Preparing for configurations ............................................................................................................... 109 6.3.2 Configuring PTP ................................................................................................................................. 110 6.3.3 Checking configurations ..................................................................................................................... 110 7 Network reliability ................................................................................................................... 111 7.1 Introduction .................................................................................................................................................. 111 7.1.1 ELPS ................................................................................................................................................... 112 7.1.2 ERPS ................................................................................................................................................... 115 7.1.3 Link aggregation ................................................................................................................................. 120 7.1.4 Interface backup .................................................................................................................................. 123 7.1.5 Link-state tracking .............................................................................................................................. 125 7.2 Configuring ELPS ........................................................................................................................................ 126 7.2.1 Preparing for configurations ............................................................................................................... 126 7.2.2 Creating protection lines ..................................................................................................................... 126 7.2.3 Configuring ELPS fault detection modes............................................................................................ 127 Raisecom Proprietary and Confidential viii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 7.2.4 (Optional) configuring ELPS switching control ................................................................................. 128 7.2.5 Checking configurations ..................................................................................................................... 128 7.3 Configuring ERPS ........................................................................................................................................ 129 7.3.1 Preparing for configurations ............................................................................................................... 129 7.3.2 Creating ERPS protection ring ............................................................................................................ 129 7.3.3 (Optional) creating ERPS protection tributary ring ............................................................................ 131 7.3.4 Configuring ERPS fault detection modes ........................................................................................... 132 7.3.5 (Optional) configuring ERPS switching control ................................................................................. 132 7.3.6 Checking configurations ..................................................................................................................... 133 7.4 Configuring link aggregation ....................................................................................................................... 133 7.4.1 Preparing for configurations ............................................................................................................... 133 7.4.2 Configuring manual link aggregation ................................................................................................. 133 7.4.3 Configuring static LACP link aggregation .......................................................................................... 134 7.4.4 Configuring manual backup link aggregation ..................................................................................... 135 7.4.5 Configuring static LACP backup link aggregation ............................................................................. 136 7.4.6 Checking configurations ..................................................................................................................... 137 7.5 Configuring interface backup ....................................................................................................................... 137 7.5.1 Preparing for configurations ............................................................................................................... 137 7.5.2 Configuring basic functions of interface backup ................................................................................ 138 7.5.3 (Optional) configuring interface FS .................................................................................................... 138 7.5.4 Checking configurations ..................................................................................................................... 139 7.6 Configuring link-state tracking .................................................................................................................... 139 7.6.1 Preparing for configurations ............................................................................................................... 139 7.6.2 Configuring link-state tracking ........................................................................................................... 139 7.6.3 Checking configurations ..................................................................................................................... 140 7.7 Configuration examples ............................................................................................................................... 140 7.7.1 Example for configuring manual link aggregation .............................................................................. 140 7.7.2 Examples for configuring link-state tracking ...................................................................................... 142 7.7.3 Example for configuring static LACP link aggregation ...................................................................... 143 8 OAM ............................................................................................................................................ 146 8.1 Introduction .................................................................................................................................................. 146 8.1.1 EFM .................................................................................................................................................... 146 8.1.2 CFM .................................................................................................................................................... 149 8.1.3 SLA ..................................................................................................................................................... 151 8.1.4 Y.1564 ................................................................................................................................................. 152 8.2 Configuring EFM ......................................................................................................................................... 153 8.2.1 Preparing for configurations ............................................................................................................... 153 8.2.2 Configuring EFM basic functions ....................................................................................................... 154 8.2.3 Configuring EFM active functions ...................................................................................................... 154 8.2.4 Configuring EFM passive functions ................................................................................................... 155 8.2.5 Configuring link monitoring and fault indication ............................................................................... 156 Raisecom Proprietary and Confidential ix Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 8.2.6 Checking configurations ..................................................................................................................... 157 8.3 Configuring CFM ......................................................................................................................................... 158 8.3.1 Preparing for configurations ............................................................................................................... 158 8.3.2 Enabling CFM ..................................................................................................................................... 158 8.3.3 Configuring CFM basic functions ....................................................................................................... 159 8.3.4 Configuring fault detection ................................................................................................................. 160 8.3.5 Configuring fault acknowledgement ................................................................................................... 160 8.3.6 Configuring fault location ................................................................................................................... 161 8.3.7 Configuring AIS .................................................................................................................................. 162 8.3.8 Configuring LCK ................................................................................................................................ 163 8.3.9 Configuring CSF ................................................................................................................................. 164 8.3.10 Checking configurations ................................................................................................................... 164 8.4 Configuring SLA .......................................................................................................................................... 165 8.4.1 Preparing for configurations ............................................................................................................... 165 8.4.2 Configuring SLA operation ................................................................................................................. 166 8.4.3 Configuring SLA operation scheduling............................................................................................... 168 8.4.4 Configuring maintenance window ...................................................................................................... 169 8.4.5 Checking configurations ..................................................................................................................... 169 8.5 Configuring Y.1564 ...................................................................................................................................... 169 8.5.1 Preparing for configurations ............................................................................................................... 169 8.5.2 Configuring test task ........................................................................................................................... 170 8.5.3 Checking configurations ..................................................................................................................... 171 8.6 Maintenance ................................................................................................................................................. 171 9 QoS ............................................................................................................................................... 172 9.1 Introduction .................................................................................................................................................. 172 9.1.1 Priority trust ........................................................................................................................................ 173 9.1.2 Priority mapping ................................................................................................................................. 173 9.1.3 Traffic classification ............................................................................................................................ 174 9.1.4 Traffic policy ....................................................................................................................................... 175 9.1.5 Queue scheduling ................................................................................................................................ 175 9.1.6 Congestion avoidance ......................................................................................................................... 177 9.1.7 Queue shaping ..................................................................................................................................... 178 9.1.8 Rate limiting........................................................................................................................................ 178 9.2 Configuring priority trust and priority mapping ........................................................................................... 178 9.2.1 Preparing for configurations ............................................................................................................... 178 9.2.2 Configuring priority trust .................................................................................................................... 179 9.2.3 Configuring mapping between DSCP priority and local priority based on interface .......................... 179 9.2.4 Configuring mapping from CoS priority to local priority based on interface ..................................... 179 9.2.5 Configuring mapping from IP precedence to local priority based on interface ................................... 180 9.2.6 Configuring mapping from Exp to local priority ................................................................................ 180 9.2.7 Configuring DSCP priority remarking ................................................................................................ 181 Raisecom Proprietary and Confidential x Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 9.2.8 Configuring CoS priority remarking ................................................................................................... 181 9.2.9 Configuring Exp remarking ................................................................................................................ 181 9.2.10 Checking configurations ................................................................................................................... 182 9.3 Configuring traffic classification and traffic policy ..................................................................................... 182 9.3.1 Preparing for configurations ............................................................................................................... 182 9.3.2 Creating and configuring traffic classification .................................................................................... 183 9.3.3 Creating and configuring traffic policing profile ................................................................................ 183 9.3.4 Creating and configuring traffic policy ............................................................................................... 184 9.3.5 Checking configurations ..................................................................................................................... 185 9.3.6 Maintenance ........................................................................................................................................ 185 9.4 Configuring congestion avoidance ............................................................................................................... 185 9.4.1 Preparing for configurations ............................................................................................................... 185 9.4.2 Configuring WRED profile ................................................................................................................. 186 9.4.3 Configuring flow profile ..................................................................................................................... 186 9.4.4 Checking configurations ..................................................................................................................... 186 9.5 Configuring queue shaping and queue scheduling ....................................................................................... 187 9.5.1 Preparing for configurations ............................................................................................................... 187 9.5.2 Configuring queue shaping ................................................................................................................. 187 9.5.3 Configuring queue scheduling ............................................................................................................ 187 9.5.4 Checking configurations ..................................................................................................................... 188 9.5.5 Maintenance ........................................................................................................................................ 188 9.6 Configuring rate limiting .............................................................................................................................. 188 9.6.1 Preparing for configurations ............................................................................................................... 188 9.6.2 Configuring interface-based rate limiting ........................................................................................... 188 9.6.3 Checking configurations ..................................................................................................................... 189 9.7 Configuration examples ............................................................................................................................... 189 9.7.1 Example for configuring rate limiting based on traffic policy ............................................................ 189 9.7.2 Example for configuring queue scheduling and congestion avoidance............................................... 192 9.7.3 Example for configuring interface-based rate limiting ....................................................................... 195 10 RSOM ........................................................................................................................................ 198 10.1 Introduction ................................................................................................................................................ 198 10.1.2 Types of Ethernet services................................................................................................................. 199 10.2 Configuring RSOM .................................................................................................................................... 202 10.2.1 Preparing for configurations ............................................................................................................. 202 10.2.2 (Optional) configuring L2CP profile ................................................................................................. 202 10.2.3 Configure CoS profile ....................................................................................................................... 203 10.2.4 Configuring bandwidth profile .......................................................................................................... 204 10.2.5 Configuring interface ........................................................................................................................ 205 10.2.6 Configuring CFM .............................................................................................................................. 205 10.2.7 Configuring SLA .............................................................................................................................. 206 10.2.8 Configuring SLA test and measurement ........................................................................................... 206 Raisecom Proprietary and Confidential xi Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 10.2.9 Configuring Y.1564 ........................................................................................................................... 207 10.2.10 Configuring loopback ..................................................................................................................... 208 10.2.11 Configuring services ....................................................................................................................... 209 10.2.12 Checking configurations ................................................................................................................. 210 10.3 Maintenance ............................................................................................................................................... 211 10.4 Configuration examples ............................................................................................................................. 211 10.4.1 Example for configuring RSOM ....................................................................................................... 211 11 Security...................................................................................................................................... 219 11.1 Introduction ................................................................................................................................................ 219 11.1.1 ACL ................................................................................................................................................... 219 11.1.2 CPU protection .................................................................................................................................. 219 11.1.3 RADIUS ............................................................................................................................................ 220 11.1.4 TACACS+ ......................................................................................................................................... 220 11.2 Configuring ACL ........................................................................................................................................ 221 11.2.1 Preparing for configurations .............................................................................................................. 221 11.2.2 Configuring ACL .............................................................................................................................. 221 11.2.3 Configuring filter .............................................................................................................................. 223 11.2.4 Checking configurations ................................................................................................................... 223 11.3 Configuring CPU protection....................................................................................................................... 223 11.3.1 Preparing for configurations .............................................................................................................. 223 11.3.2 Configuring global CPU protection .................................................................................................. 224 11.3.3 Configuring interface CPU preotection ............................................................................................. 224 11.3.4 Checking configurations ................................................................................................................... 224 11.4 Configuring RADIUS ................................................................................................................................. 224 11.4.1 Preparing for configurations .............................................................................................................. 224 11.4.2 Configuring RADIUS authentication ................................................................................................ 225 11.4.3 Configuring RADIUS accounting ..................................................................................................... 225 11.4.4 Checking configurations ................................................................................................................... 226 11.5 Configuring TACACS+ .............................................................................................................................. 226 11.5.1 Preparing for configurations .............................................................................................................. 226 11.5.2 Configuring TACACS+ authentication ............................................................................................. 226 11.5.3 Checking configurations ................................................................................................................... 226 11.6 Maintenance ............................................................................................................................................... 227 11.7 Configuration examples ............................................................................................................................. 227 11.7.1 Examples for configuring ACL ......................................................................................................... 227 11.7.2 Example for configuring RADIUS.................................................................................................... 228 11.7.3 Example for configuring TACACS+ ................................................................................................. 229 12 System management and maintenance............................................................................... 231 12.1 Introduction ................................................................................................................................................ 231 12.1.1 LLDP ................................................................................................................................................ 231 12.1.2 SNMP................................................................................................................................................ 233 Raisecom Proprietary and Confidential xii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 12.1.3 E1 NMS channel ............................................................................................................................... 235 12.1.4 Optical module DDM........................................................................................................................ 235 12.1.5 System log ......................................................................................................................................... 235 12.1.6 Alarm management ........................................................................................................................... 236 12.1.7 CPU monitoring ................................................................................................................................ 241 12.1.8 RMON .............................................................................................................................................. 241 12.1.9 Device monitoring............................................................................................................................. 241 12.1.10 Loopback......................................................................................................................................... 242 12.1.11 Fault detection ................................................................................................................................. 243 12.2 Configuring LLDP ..................................................................................................................................... 245 12.2.1 Preparing for configurations ............................................................................................................. 245 12.2.2 Enabling global LLDP ...................................................................................................................... 245 12.2.3 Enabling interface LLDP .................................................................................................................. 245 12.2.4 Configuring basic functions of LLDP ............................................................................................... 246 12.2.5 Configuring LLDP alarm .................................................................................................................. 246 12.2.6 Checking configurations ................................................................................................................... 246 12.3 Configuring SNMP .................................................................................................................................... 247 12.3.1 Preparing for configurations ............................................................................................................. 247 12.3.2 Configuring basic functions of SNMP .............................................................................................. 247 12.3.3 Configuring Trap ............................................................................................................................... 248 12.3.4 Checking configurations ................................................................................................................... 249 12.4 Configuring optical module DDM ............................................................................................................. 250 12.4.1 Preparing for configurations ............................................................................................................. 250 12.4.2 Enabling optical module DDM ......................................................................................................... 250 12.4.3 Checking configurations ................................................................................................................... 250 12.5 Configuring system log .............................................................................................................................. 251 12.5.1 Preparing for configurations ............................................................................................................. 251 12.5.2 Configuring basic information about system log .............................................................................. 251 12.5.3 Configuring output destination of system logs.................................................................................. 252 12.5.4 Checking configurations ................................................................................................................... 252 12.6 Configuring alarm management ................................................................................................................. 252 12.6.1 Preparing for configurations ............................................................................................................. 252 12.6.2 Configuring basic functions of alarm management .......................................................................... 253 12.6.3 Configuring Layer 3 power failure or fiber breakage alarms ............................................................ 254 12.6.4 Checking configurations ................................................................................................................... 254 12.7 Configuring memory monitoring ............................................................................................................... 254 12.7.1 Preparing for configurations ............................................................................................................. 254 12.7.2 Configuring memory monitoring ...................................................................................................... 254 12.7.3 Checking configurations ................................................................................................................... 255 12.8 Configuring CPU monitoring ..................................................................................................................... 255 12.8.1 Preparing for configurations ............................................................................................................. 255 12.8.2 Viewing CPU monitoring information .............................................................................................. 255 Raisecom Proprietary and Confidential xiii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 12.8.3 Configuring CPU monitoring alarm .................................................................................................. 255 12.8.4 Checking configruations ................................................................................................................... 256 12.9 Configuring RMON ................................................................................................................................... 256 12.9.1 Preparing for configurations ............................................................................................................. 256 12.9.2 Configuring RMON statistics ........................................................................................................... 256 12.9.3 Configuring RMON historical statistics ............................................................................................ 257 12.9.4 Checking configurations ................................................................................................................... 257 12.10 Configuring fan monitoring...................................................................................................................... 257 12.10.1 Configuring fan monitoring ............................................................................................................ 257 12.10.2 Checking configurations ................................................................................................................. 258 12.11 Configuring loopback ............................................................................................................................... 258 12.11.1 Preparing for configurations............................................................................................................ 258 12.11.2 Configuring interface loopback ....................................................................................................... 258 12.11.3 Checking configurations ................................................................................................................. 259 12.12 Configuring fault detection ...................................................................................................................... 259 12.12.1 Configuring task scheduling ........................................................................................................... 259 12.12.2 Ping ................................................................................................................................................. 260 12.12.3 Traceroute ....................................................................................................................................... 260 12.13 Maintenance ............................................................................................................................................. 261 12.14 Configuration examples ........................................................................................................................... 261 12.14.1 Examples for configuring LLDP basic functions ............................................................................ 261 12.14.2 Examples for outputting system logs to log host ............................................................................ 264 13 Appendix .................................................................................................................................. 266 13.1 Terms .......................................................................................................................................................... 266 13.2 Acronyms and abbreviations ...................................................................................................................... 268 Raisecom Proprietary and Confidential xiv Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Figures Figure 3-1 Principles of CO/remote zero-configuration....................................................................................... 29 Figure 3-2 Zero-configuration on indirect connection between remote devices .................................................. 31 Figure 3-3 Zero-configuration on direct connection between remote devices ..................................................... 32 Figure 3-4 Configuring indirectly-connected remote zero-configuration ............................................................ 41 Figure 3-5 Configuring directly-connected remote zero-configuration ............................................................... 43 Figure 4-1 Typical DHCP application .................................................................................................................. 47 Figure 4-2 Structure of DHCP packet .................................................................................................................. 48 Figure 4-3 Configuring DHCPv4 relay ................................................................................................................ 59 Figure 4-4 Configuring DHCPv4 server .............................................................................................................. 60 Figure 4-5 Configuring ARP ................................................................................................................................ 62 Figure 5-1 Unicast forwarding mode of MAC address ........................................................................................ 65 Figure 5-2 Multicast forwarding mode of MAC address ..................................................................................... 66 Figure 5-3 Broadcast forwarding mode of MAC address .................................................................................... 66 Figure 5-4 VLAN partition .................................................................................................................................. 67 Figure 5-5 Formats of the standard Ethernet frame and 802.1Q frame ................................................................ 68 Figure 5-6 Sub-VLAN and super VLAN partition ............................................................................................... 70 Figure 5-7 Typical networking of basic QinQ ...................................................................................................... 71 Figure 5-8 Principles of port mirroring ................................................................................................................ 73 Figure 5-9 Configuring MAC address table ......................................................................................................... 92 Figure 5-10 Configuring VLAN........................................................................................................................... 94 Figure 5-11 Configuring basic QinQ .................................................................................................................... 98 Figure 5-12 Configuring port mirroring ............................................................................................................. 100 Figure 5-13 Configuring storm control .............................................................................................................. 102 Figure 5-14 L2CP networking ............................................................................................................................ 103 Figure 6-1 Principles of SyncE .......................................................................................................................... 107 Figure 7-1 Structure of an APS packet ............................................................................................................... 112 Raisecom Proprietary and Confidential xv Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Figure 7-2 ELPS 1+1 and 1:1 protection switching modes ................................................................................ 114 Figure 7-3 Unidirectional protection switching ................................................................................................. 114 Figure 7-4 Structure of a R-APS packet ............................................................................................................. 115 Figure 7-5 ERPS ring network ........................................................................................................................... 117 Figure 7-6 Idle status of Ethernet ring network .................................................................................................. 118 Figure 7-7 Protection state of Ethernet ring network ......................................................................................... 119 Figure 7-8 Tributary ring model ......................................................................................................................... 120 Figure 7-9 Link aggregation ............................................................................................................................... 120 Figure 7-10 Principles of interface backup ........................................................................................................ 124 Figure 7-11 Principles of VLAN-based interface backup .................................................................................. 125 Figure 7-12 Interface-to-interface link-state tracking ........................................................................................ 125 Figure 7-13 Configuring manual link aggregation ............................................................................................. 141 Figure 7-14 Link-state tracking networking ....................................................................................................... 142 Figure 7-15 Configuring static LACP link aggregation ..................................................................................... 144 Figure 8-1 OAM loopback ................................................................................................................................. 147 Figure 8-2 MDs at different levels ..................................................................................................................... 149 Figure 8-3 MEP and MIP ................................................................................................................................... 150 Figure 8-4 Roundtrip test scenario ..................................................................................................................... 153 Figure 9-1 Structure of IP packet header ............................................................................................................ 173 Figure 9-2 Structures of ToS priority and DSCP priority ................................................................................... 173 Figure 9-3 Structure of a VLAN packet ............................................................................................................. 174 Figure 9-4 Structure of CoS priority .................................................................................................................. 174 Figure 9-5 Traffic classification process ............................................................................................................ 175 Figure 9-6 SP scheduling ................................................................................................................................... 176 Figure 9-7 WRR scheduling ............................................................................................................................... 176 Figure 9-8 WDRR scheduling ............................................................................................................................ 177 Figure 9-9 Configuring rate limiting based on traffic policy ............................................................................. 190 Figure 9-10 Configuring queue scheduling and congestion avoidance .............................................................. 193 Figure 9-11 Configuring interface-based rate limiting ....................................................................................... 196 Figure 10-1 Ethernet service networking ........................................................................................................... 198 Figure 10-2 Location of UNIs and NNIs in a network topology ........................................................................ 200 Figure 10-3 RSOM networking.......................................................................................................................... 211 Figure 11-1 Configuring ACL ............................................................................................................................ 227 Raisecom Proprietary and Confidential xvi Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Figure 11-2 Configuring RADIUS ..................................................................................................................... 228 Figure 11-3 TACACS+ networking ................................................................................................................... 229 Figure 12-1 Structure of LLDPDU packet ......................................................................................................... 232 Figure 12-2 Structure of a TLV packet ............................................................................................................... 232 Figure 12-3 Interface loopback .......................................................................................................................... 242 Figure 12-4 Principles of Ping ........................................................................................................................... 244 Figure 12-5 Principle of Traceroute ................................................................................................................... 244 Figure 12-6 Configuring LLDP basic functions ................................................................................................. 262 Figure 12-7 Outputting system logs to log host ................................................................................................. 264 Raisecom Proprietary and Confidential xvii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Tables Table 4-1 Fields of DHCP packet ......................................................................................................................... 48 Table 4-2 Fields of DHCP Option ........................................................................................................................ 49 Table 5-1 Interfaces modes and modes for processing packets ............................................................................ 69 Table 7-1 Values of fields in APS specific information ...................................................................................... 112 Table 7-2 Fields in the R-APS specific information........................................................................................... 115 Table 9-1 Mapping between local priority and DSCP priority ........................................................................... 174 Table 9-2 Mapping between local priority and CoS priority .............................................................................. 174 Table 9-3 Mapping between local priority and IP precedence ........................................................................... 174 Table 10-1 Types of Ethernet services ................................................................................................................ 199 Table 12-1 TLV types ......................................................................................................................................... 232 Table 12-2 Alarm fields ...................................................................................................................................... 237 Table 12-3 Alarm levels ..................................................................................................................................... 237 Raisecom Proprietary and Confidential xviii Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1 Basic configurations This chapter describes basic information and configuration procedures of the RAX711-C, and provides related configuration examples, including the following sections: CLI Accessing device File management Backup and upgrade Time management Configuring Banner 1.1 CLI 1.1.1 Introduction The Command Line Interface (CLI) is a medium for you to communicate with the RAX711-C. You can configure, monitor, and manage the RAX711-C through the CLI. You can log in to the RAX711-C through the terminal equipment or through a computer that runs the terminal emulation program. Enter commands at the system prompt. The CLI supports the following features: Configure the RAX711-C locally through the Console interface. Configure the RAX711-C locally or remotely through Telnet/Secure Shell v2 (SSHv2). Commands are classified into different levels. You can execute the commands that correspond to your level only. The commands available to you depend on which mode you are currently in. Shortcut keys can be used to execute commands. Check or execute a historical command by checking command history. The last 20 historical commands can be saved on the RAX711-C. Enter a question mark (?) at the system prompt to obtain online help. The RAX711-C supports multiple intelligent analysis methods, such as fuzzy match and context association. Raisecom Proprietary and Confidential 1 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1.1.2 Levels The RAX711-C classifies commands into 16 levels in a descending order: 0–4: checking level. You can execute basic commands, such as ping, clear, and history, for performing network diagnostic function, clearing system information, and showing command history. 5–10: monitoring level. You can execute commands, such as show, for system maintenance. 11–14: configuration level. You can execute commands for configuring services, such as Virtual Local Area Network (VLAN) and Internet Protocol (IP) routing. 15: management level. You can execute commands for running systems. 1.1.3 Modes The command mode is an environment where a command is executed. A command can be executed in one or multiple certain modes. The commands available to you depend on which mode you are currently in. After connecting the RAX711-C, enter the user name and password to enter privileged EXEC mode. Raisecom# In privileged EXEC mode, use the config command to enter global configuration mode. Raisecom#config Raisecom(config)# The CLI prompt Raisecom is a default host name. You can modify it by using the hostname string command in privileged EXEC mode. Some commands executed in global configuration mode can also be executed in other modes. The functions vary on command modes. You can use the exit or quit command to return to the upper command mode. However, in privileged EXEC mode, you need to use the exit or quit command to exit. You can use the end command to return to privileged EXEC mode from any modes but privileged EXEC mode. Command modes supported by the RAX711-C are listed in the following table. Mode Access mode Prompt Privileged EXEC Enter the correct user name and Raisecom# password. Raisecom Proprietary and Confidential 2 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Mode Access mode Prompt Global configuration In privileged EXEC mode, use Raisecom(config)# the config command. SNMP interface In global configuration mode, Raisecom(config-snmp1)# configuration use the interface snmp interface-number command. Physical layer In global configuration mode, Raisecom(config- interface use the interface client clientif)# configuration interface-number. In global configuration mode, Raisecom(config- use the interface line interface- lineif)# number. VLAN interface In global configuration mode, Raisecom(config- configuration use the interface vlan vlan-id. vlanif)# AP-Switchport In global configuration mode, Raisecom(ap-switchport- configuration use the interface ap- mode)# switchport-mode. Batch interface In global configuration mode, Raisecom(config-range)# configuration use the interface range { client | line } interface-number. Aggregation group In global configuration mode, Raisecom(config-port- configuration use the interface port-channel channelif)# channel-number. Route mapping In global configuration mode, Raisecom(config-route- configuration use the route-map map-name map)# { permit | deny } number command. VLAN configuration In global configuration mode, Raisecom(config-vlan)# use the lan vlan-id command. Basic IP ACL In global configuration mode, Raisecom(config-acl-ip- configuration use the access-list acl-number -std)# command. The acl-number parameter ranges from 1000 to 1999. Extended IP ACL In global configuration mode, Raisecom(config-acl-ip- configuration use the access-list acl-number -ext)# command. The acl-number parameter ranges from 2000 to 2999. MAC ACL In global configuration mode, Raisecom(config-acl- configuration use the access-list acl-number mac)# command. The acl-number parameter ranges from 3000 to 3999. Raisecom Proprietary and Confidential 3 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Mode Access mode Prompt User ACL In global configuration mode, Raisecom(config-acl- configuration use the access-list acl-number duf)# command. The acl-number parameter ranges from 5000 to 5999. Basic IPv6 ACL In global configuration mode, Raisecom(config-acl- configuration use the access-list acl-number ipv6)# command. Wherein, acl-number ranges from 6000 to 6999. Extended IPv6 ACL In global configuration mode, Raisecom(config-acl- configuration use the access-list acl-number advanced)# command. Wherein, acl-number ranges from 7000 to 7999. cos-remark In global configuration mode, Raisecom(cos-remark)# configuration use the mls qos mapping cos- remark profile-id command. cos-to-pri In global configuration mode, Raisecom(cos-to-pri)# configuration use the mls qos mapping cos- to-local-priority profile-id command. dscp-mutation In global configuration mode, Raisecom(dscp- configuration use the mls qos mapping dscp- mutation)# mutation profile-id command. dscp-to-pri In global configuration mode, Raisecom(dscp-to-pri)# configuration use the mls qos mapping dscp- to-local-priority profile-id command. ipp-to-pri In global configuration mode, Raisecom(ipp-to-pri)# configuration use the mls qos mapping ipp- to-local-priority profile-id command. WRED profile In global configuration mode, Raisecom(wred)# configuration use the mls qos wred profile profile-id command. CMAP configuration In global configuration mode, Raisecom(config-cmap)# use the class-map class-map- name command. Traffic monitoring In global configuration mode, Raisecom(traffic- profile configuration use the mls qos policer-profile policer)# policer-name [ single ] command. PMAP configuration In global configuration mode, Raisecom(config-pmap)# use the policy-map policy-map- name command. Raisecom Proprietary and Confidential 4 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Mode Access mode Prompt Traffic policy bound In PMAP configuration mode, Raisecom(config-pmap- with traffic use the class-map class-map- c)# classification name command. configuration Service instance In global configuration mode, Raisecom(config- configuration use the service csi-id level md- service)# level command. 1.1.4 Shortcut keys The RAX711-C supports the following shortcut keys. Shortcut key Description Up Arrow (↑) Show the previous command if there is any command entered earlier; the display has no change if the current command is the earliest one in history records. Down Arrow (↓) Show the next command if there is any newer command. The display does not change if the current command is the newest one in history records. Left Arrow (←) Move the cursor leftward by one character. The display does not change if the cursor is already at the beginning of the command. Right Arrow (→) Move the cursor rightward by one character. The display does not change if the cursor is already at the end of the command. Backspace Delete the character before the cursor. The display does not change if the cursor is already at the beginning of the command. Tab Press Tab after entering a complete keyword, and the cursor will automatically appear a space to the end. Press Tab again, and the system will show the follow-up entering keywords. Press Tab after entering an incomplete keyword, and the system automatically executes partial helps: When only one keyword matches the entered incomplete keyword, the system takes the complete keyword to replace the entered incomplete keyword and leaves one space between the cursor and end of the keyword. When no keyword or multiple keywords match the entered incomplete keyword, the system displays the prefix, and you can press Tab to check words circularly. In this case, there is no space from the cursor to the end of the keyword. Press Space bar to enter the next word. If you enter an incorrect keyword, pressing Tab will move the cursor to the next line and the system will prompt an error. In this case, the entered keyword does not change. Ctrl+A Move the cursor to the beginning of the command. Ctrl+C Interrupt the ongoing command, such as ping and traceroute. Raisecom Proprietary and Confidential 5 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Shortcut key Description Ctrl+D or Delete Delete the character at the cursor. Ctrl+E Move the cursor to the end of the command. Ctrl+K Delete all characters from the cursor to the end of the command. Ctrl+X Delete all characters before the cursor (except the cursor location). Ctrl+Z Return to privileged EXEC mode from the current mode (except privileged EXEC mode). Space bar or Y Scroll down one screen. Enter Scroll down one line. 1.1.5 Viewing command history The RAX711-C support viewing or executing a historical command through the history command in any command mode. By default, the last 20 historical commands are saved. The RAX711-C can save a maximum of 20 historical commands through the terminal history command in privileged EXEC mode. 1.1.6 Acquiring help Complete help You can acquire complete help under following three conditions: You can enter a question mark (?) at the system prompt to display a list of commands and brief descriptions available for each command mode. Raisecom#? The command output is as below: clear Clear screen enable Turn on privileged mode command exit Exit current mode and down to previous mode help Message about help history Most recent history command language Language of help message list List command quit Exit current mode and down to previous mode terminal Configure terminal test Test command . Raisecom Proprietary and Confidential 6 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface After you enter a keyword, press the Space bar and enter a question mark (?), all correlated commands and their brief descriptions are displayed if the question mark (?) matches another keyword. Raisecom(config)#clock ? The command output is as below: display Display mode Clock mode set Set system time and date summer-time Set summer time timezone Set system timezone offset After you enter a parameter, press Space bar and enter a question mark (?), associated parameters and descriptions of these parameters are displayed if the question mark (?) matches a parameter. Raisecom(config)#interface client ? The command output is as below: client 1 client 2 client 3 client 4 <1-4> Port number Incomplete help You can acquire incomplete help under following three conditions: After you enter part of a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed. Raisecom(config)#c? The command output is as below: channel-ring Channel ring config class-map Set class map Raisecom Proprietary and Confidential 7 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface clear Clear buffer content clock Clock command-log Log the command to the file console console cpu Configure cpu parameters cpu-protect Config cpu protect information create Create static VLAN crossconnect Config crossconnect After you enter a command, press Space bar, and enter a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed. Raisecom(config)#show li? The command output is as below: link-state-tracking Link state tracking After you enter a partial command name and press Tab, the full form of the keyword is displayed if there is a unique match command. Error messages The following table lists some error messages that you might encounter while using the CLI to configure the RAX711-C. Error information Description % Incomplete command. The entered command is incomplete. Error input in the position market by The keyword marked with "^" is invalid or does '^' not exist. Ambiguous input in the position The keyword marked with "^" is unclear. market by '^' % " * "Unconfirmed command. The entered command is not unique. % " * "Unknown command. The entered command does not exist. % You Need higher priority! You need more authority to exist the command. Raisecom Proprietary and Confidential 8 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1.2 Accessing device 1.2.1 Accessing device through Console interface The Console interface of the RAX711-C is a Universal Serial Bus (USB) A-shaped female interface, which is translated into a Universal Asynchronous Receiver/Transmitter (UART) in the device. The Console interface is used to connect the RAX711-C to a PC that runs the terminal emulation program. You can configure and manage the RAX711-C through this interface. This management method does not involve network communication. You must log in to the RAX711-C through the Console interface under the following 2 conditions: The RAX711-C is powered on for the first time. You cannot log in to the RAX711-C through Telnet. Log in to the RAX711-C through the Console interface as below: Before logging in to the RAX711-C through the USB interface, install the driver for translating the USB interface into the UART interface to the PC. To download the driver, visit http://www.raisecom.com.cn/support.php and then click USB Console Driver. Step 1 Use the configuration cable with dual USB male interfaces to connect the Console interface of the RAX711-C with the USB interface of the PC, as shown in Figure 1-1. Figure 1-1 Accessing the device through the Console interface Step 2 Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft Windows XP. Enter the connection name at the Connection Description dialog box and then click OK. Step 3 Select COM N (N refers to the COM interface ID into which the USB interface is translated) at the Connect To dialog box and then click OK. Step 4 Configure parameters as shown in Figure 1-2 and then click OK Raisecom Proprietary and Confidential 9 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Figure 1-2 Configuring parameters of Hyper Terminal Step 5 Enter the configuration interface and then enter the user name and password to log in to the RAX711-C. By default, both the user name and password are configured to raisecom. Hyper Terminal is not available on Windows Vista or Windows 7 Operating System (OS). If you use these OSs, you have to download Hyper Terminal package and install it. 1.2.2 Accessing device through Telnet Through Telnet, you can remotely log in to the RAX711-C through a PC, so you should prepare a PC for each RAX711-C. Working as the Telnet server, the RAX711-C provides the following Telnet services: As shown in Figure 1-3, connect the PC and the RAX711-C and ensure that the route between them is reachable. You can log in to and configure the RAX711-C by running Telnet Client program on a PC. Raisecom Proprietary and Confidential 10 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Figure 1-3 Networking as the Telnet server Before logging in to the RAX711-C through Telnet, you must log in to the RAX711-C through the Console interface, configure the IP address of the SNMP interface, and enable Telnet service. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface snmp 1 Enter out-of-band network management interface configuration mode. 3 Raisecom(config-snmp1)#ip address Configure the IP address of the out-of-band network ip-address [ ip-mask ] management interface. Raisecom(config-snmp1)#exit 4 Raisecom(config)#telnet-server close (Optional) close the specified Telnet session. terminal-telnet session-number 5 Raisecom(config)#telnet-server max- (Optional) configure the maximum number of Telnet session session-number sessions supported by the RAX711-C. By default, it is 5. 1.2.3 Accessing device through SSHv2 Telnet is an authentication mode that is lack of security. In addition, it adopts Transmission Control Protocol (TCP) to transmit the password and data in clear text. It will cause malicious attack, such as Deny of Service (DoS), IP address spoofing, and route spoofing because only Telnet service is provided. With more attention is put on network security, the traditional modes (TCP and FTP) for transmitting the password and data in clear text are not accepted gradually. SSHv2 is a network security protocol, which can effectively prevent the disclosure of information in remote management through data encryption, and provides greater security for remote login and other network services in network environment. SSHv2 builds up a secure channel over TCP. Besides, SSHv2 supports other service ports as well as standard port 22, thus avoiding illegal attacks from network. Before accessing the RAX711-C through SSHv2, you must log in to the RAX711-C through the Console interface and enable SSH service. Raisecom Proprietary and Confidential 11 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#genera Generate local SSHv2 key pair and designate its length. By default, te ssh-key length the length of the local SSHv2 key pair is configured to 512 bits. 3 Raisecom(config)#ssh2 Start SSHv2 server. By default, the RAX711-C does not start the server SSHv2 server. 4 Raisecom(config)#ssh2 (Optional) configure SSHv2 authentication method. By default, the server authentication RAX711-C adopts the password authentication mode. { password | rsa-key } 5 Raisecom(config)#ssh2 (Optional) when the rsa-key authentication method is adopted, type server authentication the public key of clients to the RAX711-C. pubkeyname public-key pubkey 6 Raisecom(config)#ssh2 (Optional) configure SSHv2 authentication timeout. The RAX711-C server authentication- refuses to authenticate and open the connection when client timeout period authentication time exceeds the upper threshold. By default, the SSHv2 authentication timeout is configured to 600s. 7 Raisecom(config)#ssh2 (Optional) configure the allowable times for SSHv2 authentication server authentication- failure. The RAX711-C refuses to authenticate and open the retries times connection when client authentication failure times exceed the upper threshold. By default, the allowable times for SSHv2 authentication failure are configured to 20. 8 Raisecom(config)#ssh2 (Optional) configure the SSHv2 listening port ID. By default, the server port port-number SSHv2 listening port ID is configured to 22. When configuring the SSHv2 listening port ID, the input parameter cannot take effect immediately without rebooting the SSHv2 service. 9 Raisecom(config)#ssh2 Configure the SSH key renegotiation time. server rekey-interval interval By default, it is 0; namely, SSH key renegotiation is not conducted. 1.2.4 Managing users When you start the RAX711-C for the first time, connect the PC to the Console interface on the RAX711-C, enter the default user name and password to log in to and configure the RAX711-C. By default, both the user name and password are raisecom If there is no privilege restriction, any remote user can log in to the RAX711-C through Telnet when the Simple Network Management Protocol (SNMP) interface or other service interfaces on the RAX711-C are configured with IP addresses. This is unsafe to the RAX711-C and network. Creating the user name and configuring the password and privilege help manage login users and ensure network and device security. Raisecom Proprietary and Confidential 12 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Step Command Description 1 Raisecom#user name user-name Create or modify the user name and password. password [ cipher | simple ] password 2 Raisecom#user name user-name Configure the level and privilege of the user. privilege privilege-level 3 Raisecom#user user-name service-type Configure the login mode of the user. { all | console | lan-access | ssh | telnet | web } 4 Raisecom#console login line Configure the mode for login from the Console interface to serial line password. 5 Raisecom#line { password | encrypt- Configure the serial line password. password } password 6 Raisecom#password check { simple | Configure the complexity of the administrator complex } password. 7 Raisecom#login-trap enable Configure user logout to trigger a Trap. 8 Raisecom#delete user-file Delete the user file. 1.2.5 Checking configurations No. Command Description 1 Raisecom#show user { active | table Show information about logged users or the user [ detail ] } information table. 2 Raisecom#show interface snmp 1 Show the IP address of the out-of-band network management interface. 3 Raisecom#show ssh2 public-key Show the public key for SSHv2 authentication. [ authentication | rsa ] 4 Raisecom#show ssh2 session Show configurations of SSHv2 sessions. 5 Raisecom#show ssh2 server Show configurations of the SSHv2 server. 1.3 File management 1.3.1 Introduction System files System files are the software/files required for running the device, including the system Bootrom file, system configuration file, system startup file, and FPGA file. In general, these files are saved to the memory of the device. File management refers to backing up, upgrading, loading, and deleting system files. Raisecom Proprietary and Confidential 13 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface System Bootrom file The system Bootrom file (BootROM software) is used to initialize the RAX711-C. After the device is powered on, the BootROM software is running to initialize the device. You can upgrade the BootROM software if a new version is available. For details, see section 1.4 Backup and upgrade. System startup file The system startup file (with the ".z" suffix) is used to start and operate the device. It supports the normal operating and realizes functions of the device. You can upgrade the system startup file if a new version is available. In addition, to avoid a system fault, you can back up the system startup file. For details, see section 1.4 Backup and upgrade. The RAX711-C supports 2 sets of system startup software simultaneously, providing master- to-slave switching of dual systems. System configuration file The system configuration file (with the ".cfg" suffix) is the configuration item to be loaded when the device is booted at this time or next time. After being powered on, the device reads the configuration file from the memory for initialization. If there is no configuration file in the memory, the device will use the default configuration file. Configuration parameters in the configuration file are divided into the following 2 types: Configuration parameters used for initialization are startup configurations. Configuration parameters used when a device is running properly are running configurations. You can modify running configurations through CLI. To make these modified running configurations as startup configurations when the device is powered on next time, you should save running configurations to the memory (by using the write command) to form a configuration file. Operations on the system configuration file include loading, upgrading, backing up, and deleting the system configuration file. For details about load, backup, and upgrade, see section 1.4 Backup and upgrade. 1.3.2 Managing configuration files No. Command Description 1 Raisecom#auto-write enable Enable automatic saving of configurations. Raisecom#auto-write interval interval Configure the auto-saving period. By default, it is 5min. 2 Raisecom#erase [ file-name | backup- Delete files from the memory. config | startup-config slot slot-id | all ] 3 Raisecom#show auto-write info Show auto-saving configurations. Raisecom Proprietary and Confidential 14 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface No. Command Description 4 Raisecom#show startup-config [ slot slot- Show configuration loaded for device startup. id ] 5 Raisecom#show running-config Show current configurations of the device. 5 Raisecom#show backup-config Show backup configurations of the device. 7 Raisecom#show startup Show information about files for system startup. 8 Raisecom#copy { backup-config startup- Load the configuration file. config | startup-config backup-config | startup-config running-config } 9 Raisecom#switch startup-config backup- Switch the startup configuration file to the config backup configuration file 1.4 Backup and upgrade 1.4.1 Introduction Backup Backup refers to copying the saved system file from the device memory to the server memory for recovering the backup file when the device fails. This ensures that the device works properly. You need to recover the old system file in the following cases: The system file is lost or damaged because the device fails. The device works improperly because of upgrade failure. The RAX711-C supports backing up the system configuration file, system startup file, and system log file. Upgrade To resolve the following problems, you can upgrade the device: Adding new features to the device Releasing the new software after fixing Bugs of the current software The RAX711-C supports being upgraded through the following 2 modes: FTP upgrade in BootROM mode FTP/TFTP upgrade in system configuration mode The RAX711-C supports IPv4-based FTP/TFTP. 1.4.2 Upgrading system software in BootROM mode In the following cases, you need to upgrade system software in BootROM mode: The RAX711-C is booted for the first time. Raisecom Proprietary and Confidential 15 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface The system files are damaged. The RAX711-C cannot be booted properly. Before upgrading the system software through BootROM, you should build a FTP environment, taking a PC as the FTP server and the RAX711-C as the client. Basic requirements are as below. The RAX711-C is connected to the FTP server through SNMP interface. Configure the FTP server and ensure the FTP server is available. Configure the IP address of the FTP server to be in the same network segment as that of the RAX711-C which is configured through the t command. Step Operation 1 Log in to the RAX711-C through serial interface as the administrator and enter privileged EXEC mode and then use the reboot command to reboot the RAX711-C. Raisecom#reboot Please input 'yes' to confirm:yes Rebooting ... begin... ram size:128M testing...done Init flash ...Done RAX711-C_BOOTSTRAP_5.1.5_20131224, Raisecom Compiled Jul 24 2016,18:05:41 Base Ethernet MAC address: 00:0e:5e:45:45:45 Press SPACE to enter bootrom menu...... 0 Raisecom Proprietary and Confidential 16 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Step Operation 2 Press Space bar to enter the raisecom interface when "Press space into bootrom menu..." appears on the screen, then input "?" to display the command list: [Raisecom]:? ? print this list ? - alias for 'help' b - booting system ce - erase flash expect BOOT cf - check flash crc help - print online help i - modify ip address if - download flash m - download fpga mdmac - modify MAC address of - upload flash old - switch to U-Boot console pie - input manufacturer information r - reset CPU or switch console u - updating system ub - updating uboot The entered letters are case sensitive. Raisecom Proprietary and Confidential 17 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Step Operation 3 Type "u" to download the system boot file through TFTP and replace the original one, the information displayed is shown as below: Index Partition Free Size(byte) -------------------------------------------------- 1 core/ 36143104 Please select a partition: 1 choose mode for updating core file. ----------------------------------- - 1. | serial - ----------------------------------- - 2. | network - ----------------------------------- please input your choice:2 configure network information ... host ip address: 1.1.1.1 user: raisecom password: raisecom filename: system.bin Loading... Done Saving file to flash... Ensure the input file name is correct. In addition, the file name should not be longer than 80 characters. 4 Type "r" to execute the bootstrap file quickly. The RAX711-C will be rebooted and upload the downloaded system boot file. 1.4.3 Upgrading system software in system configuration mode Before upgrading the system software, you should build a FTP/TFTP environment, taking a PC as the TFTP server and the RAX711-C as the client. Basic requirements are as below. The RAX711-C is connected to the TFTP server through the Client/Line interface. Configure the IP address of the PC and ensure that the route between the PC and the RAX711-C is reachable. Step Command Description 1 Raisecom#download { backup-config | Download the system software through bootstrap | dhcpLease | fpga | mcu | FTP/TFTP. startup-config | system-boot } { ftp ip- address username password filename | tftp ip-address filename } 2 Raisecom#reboot [now | in minute ] Restart the device. The device will load the newly-downloaded system startup file automatically. Raisecom Proprietary and Confidential 18 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1.4.4 Backing up system software in system configuration mode Before backing up the system software, you should build a FTP/TFTP environment, taking a PC as the TFTP server and the RAX711-C as the client. Basic requirements are as below. The RAX711-C is connected to the TFTP server through the Client/Line interface. Configure the IP address of the PC and ensure that the route between the PC and the RAX711-C is reachable. Step Command Description 1 Raisecom#upload { accident-logfile | alarm-logfile | all- Upload the system logfile | backup-config | command-log | dhcpLease | fpga | Bootstrap file and paf | running-config | running-logfile | startup-config | configuration file to system-boot } { ftp ip-address user-name password file-name | the backup server. tftp ip-address file-name } 1.4.5 Checking configurations No. Command Description 1 Raisecom#show version Show the version of the system. 2 Raisecom#show startup Show the file used for starting the system. 3 Raisecom#show startup-config Show configurations for starting the system. 1.5 Time management 1.5.1 Introduction Device time To ensure that the RAX711-C can cooperate with other devices, you need to configure system time and time zone precisely for the RAX711-C. DST Daylight Saving Time (DST) is configured locally to save energy. About 110 countries around the world apply DST in summer, but vary in details. Thus, you need to consider detailed DST rules locally before configuration. The RAX711-C supports configuring DST. Time protocols With development and extension of Internet in all aspects, multiple applications involved in time need accurate and reliable time, such as online realtime transaction, distributed network calculation and processing, transport and flight management, and data management. A Raisecom Proprietary and Confidential 19 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface network requires time protocols to distribute precise time. At present, there are two common time protocols: Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP). NTP is a standard protocol for time synchronization in telecommunication network. It is defined by RFC1305. It is used to perform time synchronization between the distributed time server and clients. NTP transmits data based on UDP, using UDP port 123. NTP is used to perform time synchronization on all hosts and switches in the network. Therefore, these devices can provide various applications based on the uniformed time. In addition, NTP can ensure a very high accuracy with an error about 10ms. Devices which support NTP can both be synchronized by other clock sources and can synchronize other devices as the clock source. In addition, these devices can be synchronized mutually through the NTP packet. NTP supports performing time synchronization through multiple NTP working modes: Server/Client mode In this mode, the client and server are relative. The device used for providing the time standard is a server while the device used for receiving time services is a client. The client sends clock synchronization message to different servers. The servers work in server mode automatically after receiving the synchronization message and send response messages. The client receives response messages, performs clock filtering and selection, and is synchronized to the preferred server. In this mode, the client can be synchronized to the server but the server cannot be synchronized to the client. Symmetric peer mode In this mode, there are the symmetric active peer and symmetric passive peer. The device, which sends the NTP synchronization packet actively, is the symmetric active peer. The device working in the symmetric active mode sends clock synchronization messages to the device working in the symmetric passive mode. The device that receives this message automatically enters the symmetric passive mode and sends a reply. By exchanging messages, the symmetric peer mode is established between the two devices. Then, the two devices can synchronize, or be synchronized by each other. The RAX711-C supports working as the NTP v1/v2/v3 client to be synchronized by the server. RFC1361 simplifies NTP and provides Simple Network Time Protocol (SNTP). Compared with NTP, SNTP supports the server/client mode only. The RAX711-C supports working as the SNTP client to be synchronized by the server. 1.5.2 Configuring time and time zone Step Command Description 1 Raisecom#clock set hour minute Configure the system time. second year month day By default, it is 8:00:00, Jan 1, 2000. 2 Raisecom#clock timezone { + | - Configuring the system time zone. } hour minute timezone-name By default, it is GMT +8:00. Raisecom Proprietary and Confidential 20 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 1.5.3 Configuring DST Daylight Saving Time (DST) is set locally to save energy, but vary in details. Thus, you need to consider detailed DST rules locally before configurations. Step Command Description 1 Raisecom#clock summer-time enable Enable DST on the RAX711-C. By default, DST is disabled. 2 Raisecom#clock summer-time recurring Configure the begin time and end time of DST. { start-week | last } { sun | mon | tue | wed | thu | fri | sat } start- By default, the time offset is 60 minutes. month hour minute { end-week | last } { sun | mon | tue | wed | thu | fri | sat } end-month- hour minute offset When you configure the system time manually, if the system uses DST, such as DST from 2 a.m. on the second Sunday, April to 2 a.m. on the second Sunday, September every year, you have to advance the clock one hour faster during this period, that is, set the time offset as 60min. So the period from 2 a.m. to 3 a.m. on the second Sunday, April each year is inexistent. Configuring time manually in this period will fail. The DST in southern hemisphere is opposite to the northern hemisphere, which is from September to April next year. If the start time is later than end time, the system will suppose that it is in the southern hemisphere. That is to say, the DST is the period from the start time this year to the end time next year. 1.5.4 Configuring NTP/SNTP Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ntp server ip- (Optional) configure the IP address of the NTP server address [ version version-number ] for the client that works in server/client mode. 3 Raisecom(config)#ntp peer ip- (Optional) configure the IP address of the NTP server address [ version version-number ] for the RAX711-C that works in symmetric peer mode. 4 Raisecom(config)#sntp server ip- (Optional) configure the IP address of the SNTP server address for the RAX711-C that works in SNTP client mode. 5 Raisecom(config)#ntp reclock-master ip-address [ stratum ] Configure the NTP reference clock source in server/client mode. Raisecom Proprietary and Confidential 21 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface If the RAX711-C is configured as the NTP reference clock source, it cannot be configured as neither the NTP server nor NTP symmetric peer, or cannot be synchronized by other devices; vice versa. SNTP and NTP are mutually exclusive. If you have configured the IP address of the NTP server on the RAX711-C, you cannot configure SNTP on the RAX711-C; vice versa. 1.5.5 Checking configurations No. Command Description 1 Raisecom#show clock [ summer-time Show configurations on the system time, time recurring ] zone, and DST. 2 Raisecom#show sntp Show SNTP configurations. 3 Raisecom#show ntp status Show NTP configurations. 4 Raisecom#show ntp associations [ detail ] Show configurations of NTP association. 5 Raisecom#show clock interface Show information about clock interfaces. 1.6 Configuring Banner 1.6.1 Preparing for configurations Scenario Banner is a message to be displayed when you log in to or exit the RAX711-C, such as the precautions or disclaimer. You can configure Banner of the RAX711-C as required. In addition, the RAX711-C provides the Banner switch. After Banner display is enabled, the configured Banner information appears when you log in to or exit the RAX711-C. After configuring Banner, you should use the write command to save configurations. Otherwise, Banner information is lost when the RAX711-C is restarted. Prerequisite N/A 1.6.2 Configuring Banner Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 22 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Step Command Description 2 Raisecom(config)#banner Configure Banner contents. Enter the banner login and word, login word press Enter, enter Banner contents, and then end with the word Enter text message followed character. by the character ’word’ to finish.User can stop configuration by inputing’ Ctrl+c’ The word parameter is a 1-byte character. It is the message word beginning and end marker of the Banner contents. These 2 marks must be the identical character. We recommend selecting the specified character that will not occur at the message. The message parameter is the Banner contents. Up to 2560 characters are supported. 3 Raisecom(config)#clear (Optional) clear Banner contents. banner login 1.6.3 Enabling Banner display Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#banner Enable Banner display. enable By default, Banner display is disabled. 1.6.4 Checking configurations No. Command Description 1 Raisecom#show banner login Show Banner status and contents of the configured Banner. Raisecom Proprietary and Confidential 23 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 2 Interface management This chapter describes configurations of interface management, including the following sections: Introduction Configuring basic information about interface Configuring Ethernet interface Configuring VLAN interface Configuring loopback interface Checking configurations Maintenance 2.1 Introduction 2.1.1 Ethernet interface The Ethernet physical interface works at the data link layer and forwards Layer 2 packets. 2.1.2 VLAN interface The VLAN interface is a logical interface, which is used to implement inter-VLAN Layer 3 interworking. Each VLAN corresponds to one VLAN interface. After being configured with an IP address, the VLAN interface can be a gateway of network devices in this VLAN, thus implementing forwarding of cross-segment packets based on IP address at Layer 3. 2.1.3 Aggregation group interface The aggregation group interface is a logical interface. It binds multiple physical interfaces logically and aggregates these physical interfaces to be a Link Aggregation Group (LAG), thus implementing load balancing on each member interface. 2.1.4 Loopback interface The loopback interface is a logical interface. Because its physical layer status and link layer protocol are always Up and are with high stability, the IP address can be configured on the loopback interface and as an ID of a device. 2.1.5 Interface configuration modes The RAX711-C supports the following interface configuration modes: Physical layer interface configuration mode Raisecom Proprietary and Confidential 24 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface Aggregation group interface configuration mode VLAN interface configuration mode Loopback interface configuration mode The interface configuration mode mentioned in this document refers to multiple interface configuration modes if not otherwise stated. 2.2 Configuring basic information about interface 2.2.1 Configuring basic information about interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter physical layer interface configuration type interface-number mode. 3 Raisecom(config-port)#description Configure descriptions of the interface. string 4 Raisecom(config-port)#shutdown (Optional) shut down the interface. 2.2.2 Configuring Jumboframe on the interface The Ethernet interface may receive Jumboframe, which is greater than the standard frame size, when transmitting high-throughput data. The system will discard these Jumboframes directly. After you configure allowing Jumboframes to pass, the system will continue to process them when the Ethernet interface receives Jumboframes, whose size is greater than the standard size but within the specified size range. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#jumboframe Configure the Jumboframe that is allowed to pass frame-size through the interface. By default, it is 9600 bytes. Raisecom Proprietary and Confidential 25 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 2.3 Configuring Ethernet interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number By default, the interface is in physical layer interface configuration mode. 3 Raisecom(config-port)#duplex Configure the duplex mode of the interface. { full | half | auto } 4 Raisecom(config-port)#speed Configure the rate of the interface. { auto | 10 | 100 | 1000 | 10G } 5 Raisecom(config-port)#tpid Configure the TPID of the interface. { 8100 | 9100 | 88a8 } By default, it is 0x8100. 2.4 Configuring VLAN interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface vlan vlan-id Enter VLAN interface configuration mode. 3 Raisecom(config-vlanif)#ip address ip- Configure primary and slave IP addresses and address [ ip-mask ] subnet masks of the VLAN interface. 4 Raisecom(config-port)#mtu size Configure the MTU of the interface. By default, it is 1500 bytes. 5 Raisecom(config-port)#mac mac-address Configure the MAC address of the interface. 2.5 Configuring loopback interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface loopback Enter loopback interface configuration mode. interface-number 3 Raisecom(config-port)#ip address ip- Configure primary and secondary IP addresses address [ ip-mask ] and subnet mask of the loopback interface. Raisecom Proprietary and Confidential 26 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide Preface 2.6 Checking configurations No. Command Description 1 Raisecom#show interface interface-type interface-number Show interface status. 2.7 Maintenance Command Description Raisecom(config-port)#clear interface statistics (Optional) clear interface statistics. Raisecom Proprietary and Confidential 27 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration 3 Zero-configuration This chapter describes principles and configuration procedures of zero-configuration, including the following sections: Introduction Configuring local zero-configuration Configuring remote zero-configuration Configuration examples 3.1 Introduction When the carrier brings more and more requirements for manageability and maintenance of the network, overall management of the entire network becomes the objective of the carrier. In this case, remote Packet Switching (PS) devices should be able to be managed. Though traditional remote PS devices support Operation, Administration, and Management (OAM), protection switching, rate limiting, and service sending, and also can be managed, but they must be carefully configured before being managed. These configurations are complex in large-scale construction, and have high requirements on construction personnel who must take tools like laptops and be familiar with CLI. As a result, low efficiency in service activation becomes a bottleneck for large-scale application of remote PS devices. To solve the previous problem, Raisecom has developed zero-configuration through which remote devices support plug and management. This simplifies implementation, facilitates wide-scale deployment, and accelerates network management. 3.1.1 Principles of zero-configuration Figure 3-1 shows the zero-configuration network topology of the RAX711-C. The network topology is composed of CO zero-configuration servers, remote zero-configuration devices, and the NView NNM system. After being powered on and connected to the network, the remote devices can detect the zero- configuration server automatically. After finding the zero-configuration server, the devices can obtain NMS parameters, such as the management VLAN, management IP address, and default route from the zero-configuration server. Then, the devices will be discovered and managed by the NView NNM system. Raisecom Proprietary and Confidential 28 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration The CO devices, as zero-configuration servers, respond detection requests of remote devices and configure correct NMS parameters for them. The RAX711-C can work as the zero-configuration server to assign IP addresses for remote iTN devices and can work as remote devices to obtain management IP addresses from the zero-configuration server. Figure 3-1 Principles of CO/remote zero-configuration Raisecom zero-configuration is implemented through DHCP or extended OAM: Zero-configuration based on DHCP Figure 3-1 shows the zero-configuration networking topology based on DHCP. CO RAX711- C A is a zero-configuration server, and the remote RAX711-C C and RAX711-L A are remote zero-configuration devices. The CO and remote devices can be connected indirectly, and also can communicate indirectly through Raisecom devices or network devices of other vendors. The remote device obtains NMS parameters by sending DHCP packets, and CO device receives packets and sends Offer packets. Zero-configuration based on extended OAM Figure 3-1 shows the zero-configuration networking topology based on extended OAM. RAX711-C B is directly connected to RAX711-L B. NMS parameters are assigned between CO device and remote device through extended OAM; wherein, the CO device is in OAM active mode, and the remote device is in passive mode. By default, the IP RAN remote device is in OAM passive mode. Raisecom Proprietary and Confidential 29 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration 3.1.2 CO zero-configuration As a CO zero-configuration server, the RAX711-C supports two zero-configuration schemes: zero-configuration based on DHCP or extended OAM. The RAX711-C responds requests from the remote devices, assigns or reuses management IP addresses, and maintains the address pool. Zero-configuration based on DHCP As shown in Figure 3-2, DHCP is running between the RAX711-C and RAX711-L; wherein, the CO device is configured as the DHCP server while the remote device is configured as the DHCP client. The remote device applies for NMS parameters from the CO device as below: Step 1 The uplink physical interface on the remote device triggers the automatical application for the IP address, traverses DHCP Discovery packets sent from VLANs 1–4094. Packets carry the Option 60 field, which contains vendor information and VLAN. Step 2 Receiving the Discover packet, the CO device selects the corresponding address pool according to information carried on the Option 60 field and the IP address of the gateway to assign the idle IP address for the remote device, and forms Offer packet to send to the remote device. Step 3 After the remote device receives the Offer packet, it will stop sending the Discovery packet and configure polling. It then analyses the Offer packet and obtain the management VLAN. Step 4 The remote device configures the management interface to Trunk mode according to the management VLAN, and allows packets of the management VLAN to pass. It sends the Request packet, which carries CO information and assigned IP address, through the management VLAN. Step 5 After receiving the request packet, the CO device verifies whether the information is correct; if it is correct, the CO device sends the ACK packet to the remote device; otherwise sends the NAK packet. Step 6 After receiving the ACK packet, the remote device creates a management interface, configures the IP address, and reconfigures other applied NMS parameters. Raisecom Proprietary and Confidential 30 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Figure 3-2 Zero-configuration on indirect connection between remote devices Zero-configuration based on DHCP is applicable to directly-connected or indirectly- connected remote devices. Zero-configuration based on extended OAM As shown in Figure 3-3, the extended OAM protocol, which is used to assign NMS parameters, is running between the CO RAX711-C and the remote RAX711-L. The CO device is configured to work in OAM active mode while the remote device is configured to work in OAM passive mode. The powered-on remote device automatically triggers automatical application for the IP address, and applies parameters of IP address and VLAN of the NMS by sending extended OAM packets. Zero-configuration based on extended OAM protocol is applicable to directly-connected remote devices. Raisecom Proprietary and Confidential 31 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Figure 3-3 Zero-configuration on direct connection between remote devices When the CO device is manually configured to OAM active mode and enabled with extended OAM, it automatically discovers the remote device after being powered on. 3.1.3 Zero-configuration of remote device The RAX711-C, as the zero-configuration remote device, supports obtaining NMS parameters from the zero-configuration server. After the remote device is properly connected to the network, power on it. Then, it sends DHCP Discovery packets to obtain NMS parameters. The remote device triggers zero- configuration in the following modes: Powering it on Configuring it through CLI Automatically triggered a period after it fails to obtain the IP address Triggered when its interface becomes Up/Down after it fails to obtain the IP address Raisecom Proprietary and Confidential 32 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration 3.2 Configuring local zero-configuration 3.2.1 Preparing for configurations Scenario When a local RAX711-C is connected with remote devices, it can discover these remote devices by using the extended OAM protocol and configure the management IP address, management VLAN, and default route for them. Therefore, the NView NNM system can quickly manage remote devices through the public IP address and global interface ID of the RAX711-C without being configured manually. When the local RAX711-C and remote devices are connected directly/indirectly, both the local and remote devices can provide zero-configuration through Dynamic Host Configuration Protocol (DHCP). Prerequisite The RAX711-C is a local device. The local zero-configuration server is connected to the NView NNM system and remote devices properly. Perform the following operations on the local device based on the extended OAM protocol: – Create and activate the management VLAN. – The interface of the remote device used for direct connection is configured to work in Trunk mode and allows the management VLAN to pass. – Manually enable the OAM active mode on the interface. Based on DHCP, the remote device is connected to the network and configured as the zero-configuration client. It has created and activated the management VLAN. 3.2.2 Configuring zero-configuration server based on extended OAM Configuring management VLAN Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#create vlan vlan- Create and activate a VLAN. id active Raisecom Proprietary and Confidential 33 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Step Command Description 3 Raisecom(config)#oam mng-vlan vlan- Configure the remote management VLAN for zero- id configuration. By default, it is VLAN 0. After configuring the remote management VLAN through this command, do not manually modify switching attributes of the downlink interface on the CO device; otherwise, the NMS channel will be disconnected. 4 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 5 Raisecom(config-port)#oam enable Enable OAM. 6 Raisecom(config-port)#oam active Configure the OAM active mode of the interface. Configuring address pool and gateway Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip oam server Configure the address pool of the OAM property and pool pool-name enter address pool configuration mode. By default, there is an OAM-based address pool named oam-def-pool. Its address range is from 172.221.218.2 to 172.221.218.201, its subnet mask is 255.255.252.0, and its gateway is 172.221.216.1. 3 Raisecom(config-pool)#address Configure the IP address range and subnet mask of the start-ip-address end-ip-address address pool. mask { mask-address | mask- length } 4 Raisecom(config-pool)#gateway ip- Configure the gateway of the address pool. address Raisecom(config-pool)#exit Exit address pool configuration mode. 5 Raisecom(config)#interface vlan Enter VLAN interface configuration mode. The VLAN vlan-id is the preconfigured management VLAN. 6 Raisecom(config-vlanif)#ip address Configure the IP address of the VLAN interface, which ip-address should be the gateway address of the address pool. Raisecom Proprietary and Confidential 34 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Configuring NAT Network Address Translation (NAT) is used to convert the private management IP address of the remote device to the public IP address. Through zero-configuration, the remote device obtains a private IP address from the local device. NAT can be used to translate the private IP address into the public IP address of the management network and distinguish different remote devices in a form of public IP address+global interface ID. Network management information transmitted between remote devices and the NView NNM system is forwarded through the public IP address. Therefore, you should configure the public IP address and related management VLAN of the local device. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#access-list Create an ACL and enter ACL configuration mode. acl-number 3 Raisecom(config-acl-ipv4- Configure an ACL filtering rule. advanced)#rule [ rule-id ] permit ip source-ip-address Sent the packet, whose source IP address complies with the source-ip-mask any ACL filtering rule, to the CPU. Raisecom(config-acl-ipv4- Exit ACL configuration mode. advanced)#exit 4 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number The interface is used to connect the public network. 5 Raisecom(config-port)#ip Configure the IP address of the public network, which is address ip-address ip-mask used to communicate with the NView NNM system. 6 Raisecom(config-port)#nat Configure NAT. outbound acl-number The ACL ID is identical to the one created at step 2. 7 Raisecom(config-port)#exit Enter global configuration mode. 8 Raisecom(config)#nat server Configure the mapping between the private network and { tcp | udp } private-ip- public network. address private-port public-ip- address public-port 9 Raisecom(config)#nat static Configure static address mapping of basic NAT. [ outband ] private-ip-address public-ip-address 3.2.3 Configuring zero-configuration server based on DHCP Configuring zero-configuration Server based on VLAN interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#create vlan vlan- Create a VLAN, and activate it. id active 3 Raisecom(config)#interface vlan Enter VLAN interface configuration mode. The VLAN vlan-id ID is the ID of the created VLAN. Raisecom Proprietary and Confidential 35 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Step Command Description 4 Raisecom(config-vlanif)#ip address Configure the IP address on the interface, which is ip-address consistent with the gateway of the address pool. 5 Raisecom(config-vlanif)#ip dhcp Enable DHCP Server on the interface. server By default, it is disabled. Raisecom(config-vlanif)#exit Exit interface configuration mode. 6 Raisecom(config)#ip dhcp server Create an address pool of the DHCP property, and enter pool pool-name address pool configuration mode. By default, there is an OAM-based address pool named oam-def-pool. Its address range is from 172.221.216.2 to 172.221.218.1, its subnet mask is 255.255.252.0, and its gateway is 172.221.216.1. 7 Raisecom(config-pool)#address Configure the IP address range and subnet mask of the start-ip-address end-ip-address address pool. mask { mask-address | mask- length } 8 Raisecom(config-pool)#gateway ip- Configure the default gateway of the address pool. address The gateway is identical to the private IP address of the management IP address assigned to the remote device by the local device. 9 Raisecom(config-pool)#lease Configure the lease period of the address pool. expired { minute | infinite } By default, it is infinite. 10 Raisecom(config-pool)#option 60 Configure information carried by Option60. vendor-string 11 Raisecom(config-pool)#trap server- Configure the IP address of the SNMP server (NView ip ip-address NNM system) to which the Trap is sent. 12 Raisecom(config-pool)#tftp-server- Configure the TFTP server related to the address pool. ip ip-address 13 Raisecom(config-pool)#exit Exit address pool configuration mode. If the zero-configuration server assigns management IP addresses to remote devices based on VLAN interface, network management information exchanged between local and remote devices is tagged packets with the management VLAN ID. Configuring NAT NAT is used to convert the private management IP address of the remote device to the public IP address. Through zero-configuration, the remote device obtains a private IP address from the local device. NAT can be used to translate the private IP address into the public IP address of the management network and distinguish different remote devices in a form of public IP Raisecom Proprietary and Confidential 36 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration address+global interface ID. Network management information transmitted between remote devices and the NView NNM system is forwarded through the public IP address. Therefore, you should configure the public IP address and related management VLAN of the local device. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#access- Create an ACL and enter ACL configuration mode. list acl-number 3 Raisecom(config-acl-ip- Configure an ACL filtering rule. ext)#rule [ rule-id ] permit ip source-ip- Sent the packet, whose source IP address complies with the ACL address source-ip-mask any filtering rule, to the CPU. 4 Raisecom(config-acl-ip- Exit ACL configuration mode. ext)#exit 5 Raisecom(config)#interface Enter VLAN interface configuration mode. vlan vlan-id The interface is used to connect the public network. 6 Raisecom(config-vlanif)#ip Configure the IP address of the public network, which is used to address ip-address ip-mask communicate with the NView NNM system. 7 Raisecom(config- Configure NAT. vlanif)#nat outbound acl- number The ACL ID is identical to the one created at step 2. (Optional) releasing IP address When changing a remote device, which has applied for a management IP address, to prevent the IP address from being occupied for a long time, you should manually release the IP address at the local server. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip Release the specified IP address. dhcp address ip- address release This command is used to release the lease table and NAT table of the local device only without influencing the IP address of the remote device. (Optional) configuring lease file management The RAX711-C supports saving and synchronizing the lease file automatically, as well as deleting the lease file. When changing the local zero-configuration server, you can upload assigned IP addresses in a form of lease to the TFTP/FTP/SFTP server (such as a PC) for backup. After changing the local device, you can download the backup lease file to the local device to confirm that these assigned IP addresses are not lost. Raisecom Proprietary and Confidential 37 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip dhcp lease save Save the lease file. 3 Raisecom(config)#ip dhcp lease erase (Optional) delete the lease file from the DHCP server. 4 Raisecom(config)#exit Exit global configuration mode. 5 Raisecom#upload dhcpLease { { ftp | sftp } Upload the lease file to the PC through ip-address username password filename | TFTP/FTP/SFTP. tftp ip-address } filename 6 Raisecom#download dhcpLease { { ftp | Download the lease file from the PC sftp } ip-address username password through TFTP/FTP/SFTP. filename | tftp ip-address } filename 3.2.4 Checking configurations No. Command Description 1 Raisecom(config)#show ip dhcp Show configurations of interfaces of the DHCP server. server 2 Raisecom(config)#show ip dhcp Show assigned IP addresses and information about server lease remote devices. 3 Raisecom(config)#show ip server Show configurations of the DHCP or OAM address pool. pool [ pool-name ] 4 Raisecom(config)#show ip dhcp Show statistics on the DHCP server. server statistics 5 Raisecom(config)#show ip dhcp Show static binding information about IP addresses in the static-bind address pool and the MAC address. 6 Raisecom(config)#show oam zero Show configurations of directly-connected zero- config configurations. 7 Raisecom(config)#show remote Show configurations of remote devices in directly- config-info all connected zero-configuration server mode. 3.3 Configuring remote zero-configuration 3.3.1 Preparing for configurations Scenario The remote devices are scattered at the user side of the network, so configuring them takes a lot of time and efforts. Remote zero-configuration supports applying for NMS parameters, such as the management IP address, management VLAN, and default gateway, after the Raisecom Proprietary and Confidential 38 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration devices are powered on. Therefore, devices can be managed quickly. This improves the efficiency for configuring devices. In general, remote devices can automatically apply for IP addresses when they are properly connected to the local device and zero-configuration server of the local device is configured properly. To change parameters about remote zero-configuration, see this section. This section is applicable to the remote RAX711-C indirectly-connected to the zero- configuration server. Prerequisite Both the local and remote devices are configured with zero-configuration mode. No interface of the remote device is configured with the management VLAN. The uplink interface is UP. 3.3.2 (Optional) configuring remote zero-configuration IP addresses obtained through zero-configuration are permanently valid without lease limit. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip dhcp (Optional) configure the RAX711-C to work as the zero- client mode { zeroconfig | configuration remote device or common DHCP client. normal } By default, the RAX711-C works as the zero-configuration remote device. After the RAX711-C obtains NMS parameters and configurations are complete in remote zero-configuration mode, it cannot be changed to the common DHCP client in principle. 3 Raisecom(config)#interface Enter physical layer interface configuration mode. vlan vlan-id 4 Raisecom(config-vlanif)#ip Enable remote zero-configuration, meanwhile, you can specify the address dhcp [ server-ip IP address of the local DHCP server. If you specify the IP address ip-address ] of the DHCP server, the remote device receives IP addresses assigned by the specified DHCP server. 5 Raisecom(config-vlanif)#ip Configure information about the DHCP client, including the host dhcp client { class-id name, class ID, and client ID. The information is added to the class-id | client-id DHCP packet sent by the DHCP client. client-id | hostname host- name } If the remote device has obtained an IP address through DHCP, it is believed that the remote device has obtained an IP address successfully regardless of whether the default gateway is configured successfully or not. Raisecom Proprietary and Confidential 39 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration IP addresses, which are obtained in extended OAM mode, can be overridden by the manually-configured ones on the same VLAN interface. IP addresses, which are obtained in DHCP mode, can be overridden by the manually-configured ones on the same VLAN interface. You can configure the IP address manually based on VLAN interface. 3.3.3 (Optional) configuring zero-configuration polling Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip dhcp Configure the zero-configuration polling period. Its unit is hour. client zeroconfig polling period hour By default, it is 2 hours. 3.3.4 Checking configurations No. Command Description 1 Raisecom(config)#show ip dhcp client Show configurations and automatically-obtained information about the DHCP client. 3.4 Configuration examples 3.4.1 Example for configuring DHCP-based zero-configuration Networking requirements As shown in Figure 3-4, the RAX711-C works as the local zero-configuration server and is enabled with DHCP Server. The RAX711-L is enabled with remote zero-configuration. The RAX711-C assigns the IP address, default gateway, and management VLAN to the RAX711- L through the VLAN interface (the IP address is 173.31.1.150, and the associated management VLAN is VLAN 10) of the RAX711-C. The route between the RAX711-C and the NView NNM system is reachable. The IP address and management VLAN of Client interface 1 are configured to 173.31.1.150 and VLAN 10 respectively. Configure the following items on the RAX711-C: Address pool name: pool1 IP address range: 172.31.1.100/16-172.31.1.149/16 Default gateway of the address pool: 172.31.1.150/16 Private IP address and VLAN interface of the device: 172.31.1.150/16 and VLAN 10 Public IP address and VLAN interface of the device: 128.10.10.10/16 and VLAN 100 Raisecom Proprietary and Confidential 40 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Configure local zero-configuration on the RAX711-C to ensure that the RAX711-L can automatically obtain NMS parameters and can be managed. By default, the RAX711-L is enabled with Trap. Figure 3-4 Configuring indirectly-connected remote zero-configuration Configuration steps Configure local zero-configuration on the RAX711-C. Step 1 Configure DHCP Server. Raisecom#config Raisecom(config)#interface vlan 10 Raisecom(config-vlan10)#ip dhcp server Raisecom(config-vlan10)#ip address 172.31.1.150 255.255.0.0 Raisecom(config-vlan10)#exit Step 2 Create and configure the address pool. Raisecom(config)#ip dhcp server pool pool1 Raisecom(config-pool)#address 172.31.1.100 172.31.1.149 mask 16 Raisecom(config-pool)#gateway 172.31.1.150 Raisecom(config-pool)#lease expired infinite Raisecom(config-pool)#option 60 raisecom010 Raisecom(config-pool)#exit Step 3 Configure NAT. Raisecom Proprietary and Confidential 41 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Raisecom(config)#access-list 2001 Raisecom(config-acl-ipv4-advanced)#rule 10 permit ip 172.31.0.0 255.255.0.0 any Raisecom(config-acl-ipv4-advanced)#exit Raisecom(config)#interface vlan 100 Raisecom(config-vlan100)#ip address 128.10.10.10 255.255.0.0 Raisecom(config-vlan100)#nat outbound 2001 Checking results Use the show ip dhcp server command to show configurations of DHCP Server on the RAX711-C. Raisecom(config)#show ip dhcp server Interface Status ------------------------------------ vlan10 Enable Use the show ip server pool command to show address pool configurations of the DHCP server on the RAX711-C. Raisecom(config)#show ip server pool Pool Name: : pool1 pool type : DHCP Address Range : 172.31.1.1~172.31.1.149 Address Mask : 255.255.0.0 Gateway : 172.31.1.150 DNS Server: : 0.0.0.0 Secondary DNS : 0.0.0.0 Tftp Server : 0.0.0.0 Lease time : infinite Trap Server: : 0.0.0.0 option60 : raisecom010 3.4.2 Example for configuring zero-configuration based on extended OAM Networking requirements As shown in Figure 3-5, as the local zero-configuration server, the RAX711-C is enabled with OAM active functions. The RAX711-C is connected to the PTN through Client interface 1 and then accesses the NView NNM system. The RAX711-L is connected to the RAX711-C through Client interface 2. The RAX711-L is enabled with OAM passive functions and is connected upstream to the RAX711-C through Line interface 1. Configure the following items on the RAX711-C: Raisecom Proprietary and Confidential 42 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Management VLAN of the device: VLAN 20 Address pool name: pool2 IP address range: 172.31.8.1/16-172.31.8.149/16 Default gateway of the address pool: 172.31.8.1 Private IP address and VLAN interface of the device: 172.31.8.1 and VLAN 20 Public IP address and VLAN interface of the device: 128.10.10.10 and VLAN 100 IP address of NAT public network: 128.10.10.10 Interface mode and allowed VLAN of Client interface 2 on the RAX711-C: Trunk mode and VLAN 20 Configure local zero-configuration on the RAX711-C to ensure that the RAX711-L can automatically obtain NMS parameters and can be managed. By default, the RAX711-L is enabled with OAM and works in passive mode. Figure 3-5 Configuring directly-connected remote zero-configuration Configuration steps Step 1 Configure the management VLAN, and activate it. Raisecom(config)#create vlan 1-4094 active Raisecom(config)#oam mng-vlan 20 Step 2 Enable OAM on Client interface 2 on the RAX711-C and configure the RAX711-C to work in active mode. Raisecom(config)#interface client 2 Raisecom(config-port)#oam enable Raisecom(config-port)#oam active Raisecom(config-port)#exit Raisecom Proprietary and Confidential 43 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 3 Zero-configuration Step 3 Configure the address pool. Raisecom(config)#ip oam server pool pool2 Raisecom(config-pool)#address 172.31.8.1 172.31.8.149 mask 255.255.0.0 Raisecom(config-pool)#gateway 172.31.8.1 Raisecom(config-pool)#exit Raisecom(config)#interface vlan 20 Raisecom(config-vlan20)#ip address 172.31.8.1 255.255.0.0 Raisecom(config-vlan20)#exit Step 4 Configure NAT. Raisecom(config)#access-list 2002 Raisecom(config-acl-ipv4-advanced)#rule 20 permit ip 172.31.8.0 255.255.0.0 any Raisecom(config-acl-ipv4-advanced)#exit Raisecom(config)#interface vlan 100 Raisecom(config-vlan10)#ip address 128.10.10.10 255.255.0.0 Raisecom(config-vlan10)#nat outbound 2002 Raisecom(config-vlan10)#exit Checking results Use the show remote config-info all command to show assigned IP addresses on the RAX711-C. Raisecom(config)#show remote config-info all Local port:client1 Local port:client2 MAC Address: 000e.5e01.0001 IP Address/mask: 172.31.8.2/255.255.0.0 IP Interface Vlan: 20 IP Default-gateway: N/A Local port:client3 Local port:client4 Local port:client5 Local port:client6 Local port:client7 Local port:client8 Local port:client9 Local port:client10 Local port:client11 Local port:client12 Local port:line1 Local port:line2 Local port:line3 Local port:line4 Raisecom Proprietary and Confidential 44 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing 4 IP routing This chapter describes principles and configuration procedures of IP routing, and provides related configuration examples, including the following sections: Introduction Configuring route management Configuring static route Configuring routing policy Configuring ARP Configuring DHCPv4 Client Configuring DHCPv4 Server Maintenance Configuration examples 4.1 Introduction 4.1.1 Routing Routing refers to transmitting information from the source to the destination network. A route works by selecting the route in turn to transmit information to the destination network. The router selects a route according to the routing table of the local system. Selecting an optimal route is the key for optimizing the router or routing protocol. A routing table contains the following types of routes: the static route, default route, and dynamic route. 4.1.2 Static route The static route provides the following usage: In the small-scale network, the administrator adds the static route to the routing table. Generally, the static route is pre-configured during installing the device. A static route can reach either the edge of the network or the external network from the edge of the network. A static route can be used as the default route. If the route entry meeting requirements cannot be discovered from the routing table in the network, the device uses the default route. Raisecom Proprietary and Confidential 45 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing The static route has the following advantages: Occupying less CPU processing time Convenient for the administrator to know route Simple configuration However, its disadvantage is that you need to consider the entire network situation when configuring it. When the network structure changes, you need to manually configure it. Therefore, when the network is expanded, you need more time to configure and maintain the static route. Besides, making mistakes is easy in configuring the static route. The default route, a special static route, is used when the matched route cannot be discovered in the routing table. 4.1.3 ARP Address Resolution Protocol (ARP) is used to resolve IP addresses of the network layer into hardware addresses of data link layer. On the TCP/IP network, each host is assigned with an IP address, which is called a logical address used to identify the host in the network. To transmit packets through physical links, you must learn the physical address of the destination host. This needs to establish a mapping between the IP address and the physical address. A physical address on the Ethernet is a 48-bit MAC address. To transmit packets to the destination host, a protocol must resolve the IP address of the host into a 48-bit MAC address, which is the ARP. It not only resolves IP addresses into MAC addresses, but also establishes mappings between them. 4.1.4 DHCP With continuous extension of network scale and improvement of network complexity, the number of PCs always exceeds the one of available IP addresses. In addition, with wide application of laptops and wireless network, positions of PCs are changed frequently. Therefore, IP addresses must be updated frequently, which may lead to more complex network configurations. Dynamic Host Configuration Protocol (DHCP) is developed to solve these problems. DHCP works in client/server mode. A client sends an IP address configuration request to the server and the server returns IP address configurations to the client to dynamically configure the IP address. Generally, there is one DHCP server and multiple clients (PCs/Laptops) in the typical DHCP application, as shown in Figure 4-1. Raisecom Proprietary and Confidential 46 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Figure 4-1 Typical DHCP application The RAX711-C supports DHCPv4, which is related to IPv4. DHCP packets DHCP packets are grouped into 8 types. The DHCP server and DHCP clients communicate with each other through these 8 packets. DHCP DISCOVER: the first packet for DHCP clients performing the DHCP process when they access the network initially. It is used to discover the DHCP server. DHCP OFFER: the packet used by the DHCP server to respond the DHCP DISCOVER packet. This packet carries various configurations. DHCP REQUEST: this packet is used for these purposes: – After clients are initiated, they send the broadcast DHCP REQUEST packet to reply the DHCP OFFER packet sent by the DHCP server. – After clients are rebooted, they send the broadcast DHCP REQUEST packet to confirm the previously-assigned IP addresses. – After a client is bound to an IP address, it sends the unicast DHCP REQUEST packet to extend the IP address lease time. DHCP ACK: a packet used by the DHCP server to acknowledge the DHCP REQUEST packet sent by the client. The IP address and related configurations take effect after the client receiving the DHCP ACK packet. DHCP NAK: a packet used by the DHCP server to refuse the DHCP REQUEST packet sent by the client. For example, the DHCP server will refuse the DHCP REQUEST packet when the lease time of the IP address assigned to the client expires, or when the client is moved to a new network. DHCP DECLINE: the packet used by clients to inform the DHCP server when clients discover that assigned IP addresses conflicts. In addition, clients will re-apply to the DHCP server for IP addresses. DHCP RELEASE: a packet used by the client to actively release the IP address assigned by the DHCP server. After receiving the packet, the SHCP server will assign the IP address to another client. DHCP INFORM: a packet used by the client to get other configurations (such as the gateway address and DNS server address) from the DHCP server after the client gets an IP address from the DHCP server, Figure 4-2 shows the structure of the DHCP packet. Raisecom Proprietary and Confidential 47 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Figure 4-2 Structure of DHCP packet Table 4-1 describes fields of the DHCP packet. Table 4-1 Fields of DHCP packet Name Length (B) Description op 1 Packet type 1: request packet 2: response packet htype 1 Hardware address type of a DHCP client hlen 1 Hardware address length of a DHCP client hops 1 Number of DHCP relays that DHCP request packet pass The value is added by 1 once the DHCP request packet passes through a DHCP relay. xid 4 Transaction ID, a random number chosen by the DHCP client. It is used to identify an address request process. secs 2 Time elapsed since the DHCP client initiates a DHCP request. At present, it is not used and is configured to 0. flags 2 The first bit is a broadcast response identifier, which is used to identify that the DHCP server sends the response packet in the unicast/broadcast mode 0: unicast 1: broadcast Other bits are configured to 0. ciaddr 4 IP address of the DHCP client, which is padded when the DHCP client is being bound, updated, or rebounded. In addition, this IP address can be used to respond the ARP request. yiaddr 4 IP address of the DHCP client allocated by the DHCP server siaddr 4 IP address of the DHCP server Raisecom Proprietary and Confidential 48 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Name Length (B) Description giaddr 4 IP address of the first DHCP relay where the DHCP request packet pass chaddr 16 Hardware address of the DHCP client sname 64 Name of the DHCP server file 128 Startup configuration file name and route information about the DHCP client specified by the DHCP server options Variable Optional variable length fields, including the packet type, length valid lease, IP address of the Domain Name System (DNS) server, and IP address of the Windows Internet Name Server (WINs) DHCP Option DHCP uses Option fields of the packet to transmit control information and network configuration parameters for dynamically assigning IP addresses and providing richer network configurations for clients. There are 255 Option fields defined by DHCP, where the end Option filed is 255. Table 4-2 lists some common DHCP Option fields. Table 4-2 Fields of DHCP Option Code Description 3 Router option, used to specify the gateway address of DHCP clients 6 DNS server option, used to specify the DNS server address assigned for DHCP clients 18 IPv6-based DHCP client identifier option, used to specify interface information about DHCP clients 51 IP address lease option 53 DHCP packet type option, used to identify the DHCP packet type 55 Request parameter list option, used for DHCP clients to specify network configuration parameters to be received from the DHCP server. The contents of the option are values of parameters requested by DHCP clients. 61 DHCP client identifier option, used to specify device information about DHCP clients 66 TFTP server name option, used to specify the domain name of TFTP server assigned to DHCP clients 67 Startup file name option, used to specify the startup file name assigned to DHCP clients 82 DHCP client identifier option. It can be customized and is mainly used to identify positions of DHCP clients. Raisecom Proprietary and Confidential 49 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Code Description 150 TFTP server address option, used to specify the address of TFTP server assigned to DHCP clients 184 DHCP reserved option. At present, Option184 is mainly used to carry information required for voice call. With Option184, the DHCP server can assign IP address to DHCP clients that support the voice feature. In addition, the DHCP server can provide information related to voice call. 255 End option DHCP Option fields 18, 61, and 82 represents relay information in the DHCP packet. When DHCP clients send the request packet to the DHCP server, DHCP relay/DHCP Snooping will add Option fields to the request packet, if the packet needs to pass through the DHCP relay/DHCP Snooping. DHCP Option fields 18, 61, and 82 can be used to record DHCP client information on the DHCP server. Together with other software, DHCP Option fields 18, 61, and 82 can control and account IP address assignment. For example, cooperating with IP Source Guard, DHCP Option fields 18, 61, and 82 can resist effectively fraud of IP address+MAC address. The Option82 field contains up to 255 sub-options. If the Option82 field is defined, at least one sub-options needs to be defined. At present, the RAX711-C supports 2 sub-options: Sub- Option 1 (Circuit ID) and Sub-Option 2 (Remote ID). Sub-Option 1: the VLAN ID and interface ID of the interface that receives the DHCP request packet Sub-Option 2: MAC address (DHCP relay) of interface that receives the DHCP request packet or the bridge MAC address (DHCP Snooping) of the device DHCP Client The RAX711-C can be taken as a DHCP client to get an IP address from the DHCP server for the DHCP server managing the device. DHCP Server In the following scenarios, you need to use the DHCP server to assign IP addresses: In a large network scale, it is a heavy workload to manually configure IP addresses. In addition, it is difficult to perform centralized management on the whole network. When the number of hosts in the network exceeds the one of IP addresses supported by the network, you cannot assign a fixed IP address for each host. For example, the IPS limits the number of users accessing the network. Therefore, a great number of users need to get their IP address dynamically. In a network, only a few hosts need fixed IP addresses and most hosts do not need fixed IP addresses. The RAX711-C supports acting as the DHCP server. For occupation time of IP addresses, hosts have different requirements. Servers may use a fixed IP address for a long time. Some hosts may use a dynamically-assigned IP address for a long time. Some PCs may need an IP address assigned temporarily. Raisecom Proprietary and Confidential 50 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing For these different requirements, the DHCP server provides 3 IP address assignment policies: Assign IP addresses manually: the network administrator assigns fixed IP addresses for a few specified hosts (such as WWW server). The MAC address of the client is bound to an IP address. When the client applies for an IP address, the DHCP server finds the fixed IP address based on the MAC address of the client and then assigns the IP address to the client. Assign IP addresses automatically: assign fixed IP addresses for some hosts that access the network initially. These IP addresses are used by hosts for a long time. Assign IP addresses dynamically: assign an IP address to a client in a "lease" form. After the lease time expires, the client needs to re-apply for an IP address. Most clients obtain a dynamically-assigned IP address. 4.2 Configuring route management 4.2.1 Preparing for configurations Scenario Dynamic routing protocols require the Router ID. If no Router ID is specified when these dynamic routing protocols are enabled, the Router ID of routing management will be used. The RAX711-C has the capability to establish and refresh the routing table. In addition, it can forward data packets based on the routing table. By viewing the routing table, you can learn network topology structure and locate faults. Prerequisite N/A 4.2.2 Configuring routing management Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#router id router-id Configure the router ID. 4.2.3 Checking configurations No. Command Description 1 Raisecom#show router id Show the Router ID. 2 Raisecom#show ip route [ protocol { static | Show the routing table. connected | rip } ] [ detail ] 3 Raisecom#show ip route ip-address [ mask- Show the route to the destination address ] [ longer-prefixes ] [ detail ] address. Raisecom Proprietary and Confidential 51 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing No. Command Description 4 Raisecom#show ip route ip-address1 [ mask- Show the route between 2 IP address1 ] ip-address2 [ mask-address2 ] addresses. [ detail ] 5 Raisecom#show ip route summary Show route summary. 4.3 Configuring static route 4.3.1 Preparing for configurations Scenario The static route has the following advantages: Consume less time for the CPU to process them. Facilitate the administrator to learn the route. Be configured easily. However, when configuring the static route, you need to consider the whole network. If the network structure is changed, you need to modify the routing table manually. Once the network scale is enlarged, it will consume lots of time to configure and maintain the network. In addition, it may cause more errors. The default route is a specific static route. It will be used when no matched route is found in the routing table. Prerequisite N/A 4.3.2 Configuring static route Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip route { ip-address mask- Configure the static route. address | ip-address/mask } next-hop [ distance distance ] [ description string ] [ tag tag ] 3 Raisecom(config)#ip route static distance (Optional) configure the default distance administrative distance of the static route. By default, it is 1. Raisecom Proprietary and Confidential 52 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing 4.4 Configuring routing policy 4.4.1 Configuring IP prefix-list Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip prefix-list prefix- Create an IP prefix-list. name [ seq seq-number ] { deny | permit } any If no prefix-list ID (seq-number) is configured, Raisecom(config)#ip prefix-list prefix- the system will generate a prefix-list ID name [ seq seq-number ] { deny | automatically. The generated pre-fix list ID has permit } ip-address/mask [ ge min- 5 digits. length ] [ le max-length ] 3 Raisecom(config)#ip prefix-list prefix- Configure descriptions of the IP prefix-list. name description string If the length of descriptions exceeds 80 characters, the first 80 characters are available. If one record is in permit type, all mismatched routes are in deny type by default. Only matched routes can pass filtering of the IP prefix-list. If one record is in deny type, all mismatched routes are in deny type by default. Even matched routes cannot pass filtering of the IP prefix-list. Therefore, you need to add a permit record after multiple deny records to allow other routes to pass. If there are multiple records in the IP prefix-list, there must be a record in permit type. 4.4.2 Configuring route mapping table Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#route-map Create the route mapping table and enter route mapping map-name { permit | deny } configuration mode. number 3 Raisecom(config-route- (Optional) configure descriptions of the route mapping table. map)#description string If there is any space in descriptions, descriptions should be within quotes. 4 Raisecom(config-route-map)#on- (Optional) configure the on-match sub-clause to continuing match next to match at the next node. By default, the process is finished after matching. 5 Raisecom(config-route-map)#on- (Optional) configure the on-match sub-clause to continuing match goto number to match at some node. By default, the process is finished after matching. Raisecom Proprietary and Confidential 53 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Step Command Description 6 Raisecom(config-route- (Optional) continue to match routes by scheduling other map)#call map-name routing table after matching the route. By default, the process is finished after matching. 7 Raisecom(config-route- (Optional) configure the match sub-clause to matching the map)#match ip next-hop acl- next hop based on the extended IP ACL. number 8 Raisecom(config-route- (Optional) configure the match sub-clause to matching the map)#match ip next-hop prefix- next hop based on the IP prefix-list. list prefix-name 9 Raisecom(config-route- (Optional) configure the match sub-clause to matching the IP map)#match ip address acl- address based on the extended IP ACL. number 10 Raisecom(config-route- (Optional) configure the match sub-clause to matching the IP map)#match ip address prefix- address based on the IP prefix-list. list prefix-name 11 Raisecom(config-route- (Optional) configure the match sub-clause to matching the map)#match interface name interface name. 12 Raisecom(config-route- (Optional) configure the match sub-clause to the matching map)#match metric metric rule that is based on the route metric value. 13 Raisecom(config-route- (Optional) configure the match sub-clause to the matching map)#match tag tag rule that is based on the Tag field of the route tagging. 14 Raisecom(config-route-map)#set (Optional) configure the set sub-clause to modifying the metric [ + | - ] metric route metric value after matching. 15 Raisecom(config-route-map)#set (Optional) configure the set sub-clause to modifying the metric-type { type-1 | type- route metric type after matching. 2 } 16 Raisecom(config-route-map)#set (Optional) configure the set sub-clause to modifying the src ip-address source IP address after matching. 17 Raisecom(config-route-map)#set (Optional) configure the set sub-clause to modifying the ip next-hop ip-address next-hop IP address of the route after matching. 18 Raisecom(config-route-map)#set (Optional) configure the set sub-clause to modifying the tag tag routing information tag after matching. 4.5 Configuring ARP 4.5.1 Preparing for configurations Scenario ARP is a protocol used to resolve IP addresses into Ethernet MAC addresses (physical addresses). Raisecom Proprietary and Confidential 54 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Prerequisite Configure the IP address of the interface. 4.5.2 .Configuring ARP Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#arp mode Configure ARP mode. { learn-all | learn-reply- only } By default, learn MAC addresses of all hosts. 3 Raisecom(config)#arp aging- (Optional) configure the aging time of dynamic ARP entries. time time By default, the aging time is configured to 1200s. 4 Raisecom(config)#arp ip- (Optional) configure the static ARP entry. address mac-address 5 Raisecom(config)#interface Enter interface configuration mode. interface-type interface- number 6 Raisecom(config-port)#arp Enable dynamic ARP learning on the interface. learning enable By default, dynamic ARP learning is enabled on the interface. 7 Raisecom(config-port)#arp max- Configure the maximum number of dynamically-learned learning-num number ARP entries. 4.5.3 Checking configurations No. Command Description 1 Raisecom#show arp [ ip-address | [ local-proxy ] Show ARP information. interface vlan vlan-id | static ] 4.6 Configuring DHCPv4 Client 4.6.1 Preparing for configurations Scenario When working as the DHCPv4 client, the RAX711-C can obtain an IP address from the DHCPv4 server. You can use the IP address to manage the RAX711-C. When IP addresses are assigned in a dynamic mode, the IP address assigned to the DHCPv4 client has a lease period. When the lease period expires, the DHCPv4 server will withdraw the IP address. If the DHCPv4 client wishes to continue to use the IP address, it needs to renew the IP address. If the lease period does not expire and the DHCPv4 client does not need to use the IP address, it can release the IP address. Raisecom Proprietary and Confidential 55 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing The RAX711-C supports configuring DHCP Client on the VLAN interface only. Prerequisite The RAX711-C is not enabled with DHCPv4 Server and works in common DHCP Client mode. 4.6.2 (Optional) configuring DHCPv4 Client Before enabling the DHCPv4 client on the VLAN interface to apply for the IP address, configure DHCPv4 client information. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface vlan Enter VLAN interface configuration mode. vlan-id 3 Raisecom(config-vlanif)#ip dhcp Configure DHCPv4 client information, including the client { class-id class-id | client- class ID, client ID, and host name. id client-id | hostname hostname } 4.6.3 Configuring DHCPv4 Client on VLAN interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface vlan Enter VLAN interface configuration mode. vlan-id 3 Raisecom(config-vlanif)#ip address Configure DHCPv4 Client and specify the IP address dhcp [ server-ip ip-address ] of the DHCPv4 server. It means enabling the DHCPv4 client to apply for the IP address. 4.6.4 (Optional) renewing/releasing IPv4 address Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface vlan Enter VLAN interface configuration mode. vlan-id 3 Raisecom(config-vlanif)#ip dhcp Renew the IPv4 address. client renew 4 Raisecom(config-port)#no ip address (Optional) release the IPv4 address. dhcp Raisecom Proprietary and Confidential 56 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing 4.6.5 Checking configurations No. Command Description 1 Raisecom#show ip dhcp client [ interface- Show configurations of DHCPv4 Client. type interface-number ] 4.7 Configuring DHCPv4 Server 4.7.1 Preparing for configurations Scenario When the RAX711-C works as the DHCPv4 server, the DHCPv4 client can obtain the IP address from the RAX711-C. Prerequisite The RAX711-C is not enabled with DHCPv4 Client. In addition, the DHCPv4 server works in common DHCPv4 server mode. 4.7.2 Creating and configuring IPv4 address pool Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ip dhcp server pool Create the IPv4 address pool and enter address pool-name pool configuration mode. 3 Raisecom(config-pool)#address start-ip- Configure the range of the IPv4 address pool. address end-ip-address mask { mask | mask-length } 4 Raisecom(config-pool)#lease expired Configure the lease period of the IPv4 address { minute | infinite } pool. 5 Raisecom(config-pool)#dns-server ip- Configure the DNS server of the IPv4 address address [ secondary ] pool. 6 Raisecom(config-pool)#gateway ip-address Configure the default gateway of the IPv4 address pool. 7 Raisecom(config-pool)#option 60 vendor- Configure information carried by Option 60. string 8 Raisecom(config-pool)#tftp-server ip- Configure the TFTP server of the IPv4 address address pool. 9 Raisecom(config-pool)#trap server-ip ip- Configure the Trap server of the IPv4 address address pool. Raisecom Proprietary and Confidential 57 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing 4.7.3 Configuring DHCPv4 Server of the interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface vlan vlan-id Enter interface configuration mode. 3 Raisecom(config-vlanif)#ip dhcp server Enable DHCPv4 Server. 4.7.4 Checking configurations No. Command Description 1 Raisecom#show ip dhcp server Show DHCP server configurations. 2 Raisecom#show ip dhcp server Show assigned IPv4 addresses and client information. lease 3 Raisecom#show ip dhcp server Show packet statistics on the DHCPv4 server. statistics 4 Raisecom#show ip dhcp static- Show DHCPv4 static lease information. bind 4.8 Maintenance Command Description Raisecom#show arp [ ip-address | [ local-proxy ] Show ARP information. interface vlan vlan-id | static ] 4.9 Configuration examples 4.9.1 Example for configuring DHCPv4 Client Networking requirements As shown inFigure 4-3, the RAX711-C works as the DHCPv4 client with the host name being set to raisecom. The RAX711-C accesses to the DHCPv4 server and the NView NNM system through the service interface. The DHCPv4 server assigns an IP address to the RAX711-C. Therefore, the NView NNM system can discover and manage the RAX711-C. Raisecom Proprietary and Confidential 58 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Figure 4-3 Configuring DHCPv4 relay Configuration steps Step 1 Configure DHCPv4 relay. Raisecom#config Raisecom(config)#interface vlan 1 Raisecom(config-vlan1)#ip dhcp client hostname raisecom Step 2 Apply for an IP address through the DHCP mode. Raisecom(config-vlan1)#ip address dhcp server-ip 192.168.1.1 Checking configurations Use the show ip dhcp client command to show DHCPv4 relay configurations. Raisecom#show ip dhcp client dhcp client mode: zeroconfig Hostname: raisecom Class-ID: Raisecom-RITP_5.1.2 Client-ID: Raisecom-000e5e454545-IF0 DHCP Client is requesting for a lease. Assigned IP Addr: 0.0.0.0 Subnet mask: 0.0.0.0 Default Gateway: -- Client lease Starts: Jan-01-1970 08:00:00 Client lease Ends: Jan-01-1970 08:00:00 Client lease duration: 0(sec) DHCP Server: 0.0.0.0 Tftp server name: -- Raisecom Proprietary and Confidential 59 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Tftp server IP Addr: -- Startup_config filename: -- NTP server IP Addr: -- Root path: -- 4.9.2 Example for configuring DHCPv4 Server Networking requirements As shown inFigure 4-4, the RAX711-C works as the DHCPv4 server for assigning IP address to DHCPv4 clients. Parameters are configured as below: Lease time: 8 hours Name of IP address pool: pool1 IP address range: 172.31.1.2–172.31.1.100 IP address of the DNS server: 172.31.100.1 Figure 4-4 Configuring DHCPv4 server Configuration steps Step 1 Create and configure the IP address pool. Raisecom#config Raisecom(config)#ip dhcp server pool pool1 Raisecom(config-pool)#address 172.31.1.2 172.31.1.100 mask 24 Raisecom(config-pool)#lease expired 4320 Raisecom(config-pool)#dns-server 172.31.100.1 Raisecom(config-pool)#exit Step 2 Configure DHCP Server on the interface. Raisecom Proprietary and Confidential 60 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Raisecom(config)#interface client 1 Raisecom(config-client1)#ip dhcp server Checking configurations Use the show ip dhcp server command to show configurations of DHCPv4 Server. Raisecom#show ip dhcp server Interface Status ------------------------------ client1 Enable Use the show ip server pool command to show IP address pool configurations of the DHCPv4 server. Raisecom#show ip server pool Pool name Pool type ---------------------------------------- Pool1 dhcp Pools count: 1 4.9.3 Example for configuring ARP Networking requirements As shown inFigure 4-5, the RAX711-C is connected to hosts. In addition, it connects to the Router through Client interface 1. The IP address and MAC address of the Router are configured to 192.168.27.1/24 and 000e.5e12.1234 respectively. Configure the aging time of dynamic ARP entries to 600s. To enhance security of communication between the RAX711-C and the Router, you need to configure static ARP entries on the RAX711-C. Raisecom Proprietary and Confidential 61 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A)Configuration Guide 4 IP routing Figure 4-5 Configuring ARP Configuration steps Step 1 Add a static ARP entry. Raisecom(config)#arp 192.168.27.1 000e.5e12.1234 Step 2 Configure the aging time of dynamic ARP entries to 600s. Raisecom(config)#arp aging-time 600 Checking results Use the show arp command to show information about all ARP entries in the ARP table. Raisecom#show arp ARP aging-time: 600 seconds(default: 1200s) ARP mode: Learn all ARP table: Total: 4 Static: 1 Dynamic: 3 IP Address Mac Address Interface Vlan Type Age(s) status ----------------------------------------------- 172.16.70.1 000E.5E12.1234 vlan1 1 static -- PERMANENT 172.16.70.9 14FE.B5EE.F22C vlan1 1 dynamic 135 REACHABLE 172.16.70.15 D4BE.D9E4.F8EE vlan1 1 dynamic 292 REACHABLE 172.16.70.16 000C.29C6.03AD vlan1 1 dynamic 412 REACHABLE Raisecom Proprietary and Confidential 62 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5 Ethernet This chapter describes principles and configuration procedures of Ethernet, and provides related configuration examples, including the following sections: Introduction Configuring MAC address table Configuring VLAN Configuring super VLAN Configuring selective QinQ Configuring VLAN mapping Configuring loop detection Configuring interface protection Configuring port mirroring Configuring storm control Configuring L2CP Maintenance Configuration examples 5.1 Introduction 5.1.1 MAC address table MAC address entries Layer 2 devices forward Ethernet packets through MAC address forwarding rules. Each device has a forwarding table, the MAC address table, where a MAC address is corresponding to one interface. The MAC address table is a Layer 2 forwarding table including relation between the MAC address and forwarding interface. All packets in the ingress direction of the interface are forwarded according to MAC address table. It is the basis for Ethernet devices to forward Layer 2 packets quickly. MAC address entries include the following information: The source MAC address Raisecom Proprietary and Confidential 63 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Interface ID corresponding to the source MAC address VLAN ID of the interface The type of MAC address Classification of MAC address table MAC address entries include static MAC address entries and dynamic MAC address entries. Static MAC address entries: called permanent address, can be added/deleted manually and is not aged. For a network with relatively fixed devices, you can reduce the broadcast traffic by adding static MAC address entries manually to improve interface security. The static MAC address table is reserved after the device is reset, hot swapping of the interface card, or interface card is reset. Dynamic MAC address entries: the dynamic MAC address table is created by automatically learning the source MAC addresses of received packets. It can be aged based on the configured aging time. MAC address table is cached in the RAX711-C, and the capacity of MAC address table saved in the RAX711-C depends on the cache capacity. Generally, the dynamic MAC address table is not reserved after the device is reset, hot swapping of the interface card, or interface card is reset. Blackhole MAC address entries: used to discard packets with the specified destination MAC address, manually configured, not aged MAC address aging time The MAC address aging mechanism is suitable for the dynamic MAC address entry only. The capacity of the MAC address on the RAX711-C is limited. To fully use resources of MAC address forwarding table, the RAX711-C updates MAC address table through the aging mechanism. And the system creates dynamic MAC address entry, at the same time, enables the aging timer. If the RAX711-C fails to receive packets from the dynamic MAC address entry once more within the aging time, the MAC address entry will be deleted. MAC address learning Most MAC address entries are created and maintained through MAC address learning. When a packet is sent to a device, the device will look up the MAC address table for the interface ID that is related to the destination MAC address of the packet. If successful, the device will forward the packets to the received interface. Meanwhile, the device will add the relevant source MAC address, interface ID, and VLAN ID to the MAC address table. When a packet is sent to the learned MAC address through other interfaces, the packet will be directly forwarded to the received interface according to the MAC address table. If the destination MAC address is not listed in the MAC address, the device floods the packets to all interfaces except for the interface that receives this packet. In addition, the source MAC address of the packet will be added to the MAC address table on the device. MAC address limit The RAX711-C obtains MAC address of each network device in the network segment connected with certain interface through MAC address learning. For these packets transmitted to the MAC address, the RAX711-C conducts hardware forwarding by directly looking up MAC address, thus improving forwarding rate of the chip. This feature is used to limit MAC address entries. If the MAC address table is over great, it may cost more time to search for a MAC address entry. Therefore, the forwarding Raisecom Proprietary and Confidential 64 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet performance of Ethernet switches will decrease. However, MAC address limit can troubleshoot this problem. MAC address limit is an effective method to manage the MAC address table. When MAC address entries learned by the interface or VLAN reach the configured maximum, the interface does not learn MAC address any more. Forwarding modes of MAC address When forwarding packets based on MAC address entries, the RAX711-C adopts following modes: Unicast: when a MAC address entry, which is related to the destination MAC address of a packet, is listed in the MAC address table, the RAX711-C will directly forward the packet to the received interface through the egress interface of the MAC address entry. Otherwise, the RAX711-C broadcasts the packet, as shown in Figure 5-1. Figure 5-1 Unicast forwarding mode of MAC address Multicast: when the destination address of packets received on the RAX711-C is a multicast MAC address, if a MAC address entry, which is related to the destination MAC address of a packet, is listed in the MAC address table, the RAX711-C will directly forward the packet to the received interface through the egress interface of the MAC address entry. Otherwise, the RAX711-C broadcasts the packet, as shown in Figure 5-2. Raisecom Proprietary and Confidential 65 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Figure 5-2 Multicast forwarding mode of MAC address Broadcast: if the destination address of packets received on the RAX711-C is all F's, or a MAC address entry, which is related to the destination MAC address of a packet, is listed in the MAC address table, the RAX711-C will forward the packet to all interfaces, except the receiving interface, through broadcast forwarding mode of MAC address, as shown in Figure 5-3. Figure 5-3 Broadcast forwarding mode of MAC address 5.1.2 VLAN Introduction By maintaining MAC address table, the Layer 2 switch forwards packets according to MAC address table. This effectively uses network bandwidth and improves network performance. The Layer 2 switch can effectively isolate collision domains but cannot effectively partition broadcast domains. If the number of PCs is over great, this will generates excessive broadcast traffic, thus causing network performance to decline sharply and even the network to crash. Raisecom Proprietary and Confidential 66 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet To ensure fast running of the network, broadcast domains must be partitioned to reduce broadcast traffic. Therefore, the VLAN technology is introduced. Virtual Local Area Network (VLAN) is a Layer 2 isolation technology that partitions devices in a LAN logically to different parts. These parts are independent and cannot communicate with each other. However, they can communicate through the router or Layer 3 switch. By partitioning VLANs, you can isolate broadcast domains and reduce broadcast storms. Figure 5-4 shows how to partition a VLAN. VLAN and LAN have the same features, but the difference is that devices in the same VLAN can communicate regardless of physical locations. Figure 5-4 VLAN partition As shown in Figure 5-4, Shanghai and Beijing belong to two LANs, but no services are transmitted between hosts belonging to the same LAN. When broadcast storm occurs, host in a same LAN will receive broadcast packets, causing occupancy and waste of bandwidth. By partitioning VLAN, the hosts which do not need to communicate are isolated, thus enhancing network security and reducing broadcast traffic and broadcast storm. Advantages Advantages of VLAN partition are as below: Partitioning broadcast domains reduces broadcast storm. One VLAN is a logic subnet and a broadcast domain. The network security is enhanced. Devices in a same VLAN can receive data frame each other, but cannot receive data frame sent from other devices in the different VLAN. Devices in different VLANs cannot communicate directly, but they can communicate through routers or Layer 3 devices. Network management is simplified. Different from physical subnets partitioned by the router, PCs included in the VLAN can be in different locations. Any PC can be added to the same VLAN. Working principles After VLAN is partitioned, the RAX711-C will be virtually divided to multiple logic devices. MAC address learning and data switching of these devices are based on VLAN. Each VLAN is corresponding to an independent MAC address table. Raisecom Proprietary and Confidential 67 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet When receiving a data frame on the interface, the RAX711-C will check the VLAN of the interface, and then check the MAC address table related to the VLAN. If the destination address of the data frame is in the MAC address table, related to the VLAN, the RAX711-C will forward this data frame. Otherwise, it will discard this data frame. 802.1Q and VLAN Tag After VLAN is configured on the RAX711-C, to identify data frame of different VLANs, you need to add VLAN Tag, namely, the VLAN tag, to the data frame. This performance is implemented through 802.1Q. 802.1Q stipulates a new Ethernet frame field. Compared with standard Ethernet frame, VLAN packets add a four-byte 802.1Q tag to the source address. Figure 5-5 shows formats of the standard Ethernet frame and 802.1Q frame. Figure 5-5 Formats of the standard Ethernet frame and 802.1Q frame Tag Protocol Identifier (TPID): it is a new frame type defined by the IEEE. It means the packet is added 802.1Q tag. Its identification value is 0x8100. VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. The value ranges from 1 to 4094. A Port VLAN ID (PVID) is a default VLAN ID. In an interface-based VLAN, each interface has a PVID. When an Untagged packet is sent to the interface, the RAX711-C will forward this packet according to the PVID Tag. VLANs supported by the RAX711-C meet the IEEE 802.1Q standard. The RAX711-C supports 4094 concurrent VLANs. Canonical Format Indicator (CFI): It is used to distinguish the format of frames when the bus Ethernet and Fiber Distributed Digital Interface (FDDI)/Token Ring network exchange data. Priority: a 3-bit field which indicates the frame priority level. Values are from 0 (best effort) to 7 (highest). The bigger the number is, the higher the priority is. When the network is congested, the device sends packets with higher priorities first. Interfaces modes and modes for processing packets The iTN28800 interface modes are divided into Access mode and Trunk mode. Table 5-1 lists comparison on interface modes and modes for processing packets. Raisecom Proprietary and Confidential 68 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Table 5-1 Interfaces modes and modes for processing packets Interface Processing modes for ingress packet Processing modes for egress type packet Untagged Tagged packet packet If the VLAN ID of a If the VLAN ID of a packet is Access Add the Access packet is identical to identical to the Access VLAN VLAN Tag the Access VLAN ID, ID, send the packet after to packets. receive the packet. without its Tag. If the VLAN ID of a If the VLAN ID of a packet is packet is in the Access in the Access egress-allowed egress-allowed list, list, send the untagged packet receive the packet. after removing its Tag. Otherwise, discard the Otherwise, discard the packet. packet. If the VLAN ID of a If the VLAN ID of a packet is Trunk Add the Native packet is in the Trunk in the Trunk allowed list, and VLAN Tag allowed list, receive not in the Trunk untagged list, to packets. the packet. Otherwise, send the packet without its discard the packet. original Tag. If the configured If the VLAN ID of a packet is Native VLAN is the in the Trunk untagged list, send default VLAN, the packet without its original received the packet. Tag. VLAN partition Generally, VLAN partition modes are as below: Interface-based VLAN partition: it is the simplest and most effective partition mode. It defines VLAN members based on interface. After interfaces are assigned to the specified VLAN, they can forward packets of the specified VLAN. Subnet-based VLAN partition: it is based on IP address of each host. When the host is relocated, you need not reconfigure VLAN. However, each device must check network address of each data packet, thus consuming time and reducing forwarding efficiency of chip. MAC-based VLAN partition: it is suitable for configuring a VLAN for each host with MAC address. When the host is relocated, you need not reconfigure VLAN. When the number of hosts is tens of thousands, lots of configurations are needed, thus badly reducing the forwarding rate of data packets. Protocol-based VLAN partition: it is based on protocol supported by each host. When the host is moved, you need not reconfigure VLAN and add frame tag to identify VLAN, which reduces network communication. However, each device must check the Ethernet frame header of each data packet, thus consuming much time and reducing forwarding efficiency of chip. The RAX711-C supports interface-based VLAN partition. 5.1.3 Super VLAN The traditional ISP network assigns each customer an IP subnet. In this case, three IP addresses are wasted because they cannot be used by hosts. They are the network ID, Raisecom Proprietary and Confidential 69 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet directional broadcasting address, and gateway of the subnet. If some unassigned IP addresses exist in the subnet of some customers, the network scalability becomes worse and IP addresses are wasted. Super VLAN involve the super VLAN and sub-VLAN as below: Super VLAN: contain Layer 3 logic interfaces but physical interfaces. It is a set of multiple sub-VLANs. Sub-VLAN: contain physical interfaces but Layer 3 logic interfaces, use the IP address of the Layer 3 logic interface of the super VLAN as the default gateway to communicate with the external Layer 3 switch through ARP proxy. Sub-VLANs are isolated from each other like common VLANs on the Layer 2. ARP proxy refers to the process that a source host in a subnet of a physical network sends the ARP request to the destination host of a subnet of another physical network and the gateway connected to the source host sends ARP Reply message through the MAC address of its interface in replacement of the destination host. As shown in Figure 5-6, a host in sub-VLAN 100 communicates with that in sub-VLAN 200. When super VLAN 10 is enabled with ARP proxy, its Layer 3 interface implements ARP learning, processing received and sent ARP packets, and ARP proxy. Figure 5-6 Sub-VLAN and super VLAN partition If host A in VLAN 100 wishes to communicate with host B in VLAN 200, it sends an ARP request packet with the destination IP address of 10.10.10.200 and MAC address of the broadcast address. The packet carries VLAN 100 Tag and is firstly received by the CPU. The switch configures the Rx interface to VLAN 10 according to mapping between the super VLAN and sub-VLAN so that ARP learning, processing received and sent ARP packets, and ARP proxy can be later implemented in VLAN 10. Raisecom Proprietary and Confidential 70 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Host B is not in the broadcast domain of VLAN 100, so it fails to receive the ARP request packet. After ARP proxy is enabled, the interface of VLAN 10 replies host A with its MAC address as the MAC address of host B when the ARP request packet sent from host A on Layer 2 reaches the switch. However, the ARP entry of host B does not exist on the switch, so the interface of super VLAN 10 send the ARP request packet to each sub-VLAN (excluding the VLAN sending the ARP request packet) to request the MAC address of host B. After host B replies, packets to be sent from host A to host B are sent to the switch which forward these packets normally on Layer 3. The process for host B to send host B the packet is similar as above. 5.1.4 QinQ QinQ (also called Stacked VLAN or Double VLAN) is a Layer 3 tunnel technology based on IEEE 802.1Q. It is defined in 802.1ad standard. Basic QinQ QinQ is a simple Layer 2 VPN tunnel technology. QinQ encapsulates an outer VLAN Tag for a private packet, so that the packet traverses the backbone network of the Internet service provider (ISP) carrying double VLAN tags. In the ISP, the packet is transmitted according to the outer VLAN Tag (public VLAN Tag). And the private VLAN Tag is transmitted as the data in the packet. Figure 5-7 Typical networking of basic QinQ Figure 5-7 shows the typical networking of basic QinQ. As the Provider Edge (PE), the uplink interfaces of the RAX711-C access the PE network, and the downlink interfaces access the user devices. When the packet is transmitted from user device to PE, the VLAN tag carried on the packets is VLAN 100. After traversing the PE, the packet is added outer tag, VLAN 200, and then enters the PE network through uplink interface of the PE. After the packet with outer tag, VLAN 200, is transmitted from the PE to the other PE, the other PE sends the packet to the user device after removing the outer tag, VLAN 200. At this time, the packet carries a VLAN Tag again, VLAN 100. Selective QinQ Selective QinQ is an enhanced application for basic QinQ. Based on some features, selective QinQ can perform traffic classification on users' data and encapsulate different data flows with different outer VLAN Tags. With selective QinQ, you can encapsulate different Tags for packets with different inner Tags based on the mapping rule. In addition to all functions realized by basic QinQ, selective QinQ can also perform different operations on packets received by the same interface based on different VLAN Tags. Selective QinQ can provide more flexible networking capabilities. With selective QinQ, devices can classify customer devices on the interface that is connected to the access layer, Raisecom Proprietary and Confidential 71 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet encapsulating different outer Tags for various customer devices. In addition, selective QinQ adopts the outer Tag to configure the QoS policy on the public network, flexibly configure the data transmission priority, and provide related services for users. 5.1.5 Loop detection Loop detection is used to eliminate impact on the network and improve network error- detection, error tolerance, and stability. Loop detection is applied to the edge interface. Loop detection based on interface works based on interface. When a loop is found on an interface, the RAX711-C will block the interface. After the automatical restoration time expires, the RAX711-C releases the interface. Loop detection works as below: Step 1 The interface periodically sends a Loopback-detection packet (interval is configurable. By default, it is 1s). Step 2 The RAX711-C checks whether the interface enabled with loop detection receives Loopback- detection packet. Step 3 If yes, and one of the following conditions is met, the RAX711-C will block the interface and send a Trap by default, or take different actions as configured. The Loopback-detection packet is sent from the local device, and the ID of the interface sending the packet is smaller than the ID of the receiving interface. The Loopback-detection packet is sent from other devices, and the MAC address of the local device is greater than the source MAC address of the packet. Step 4 After detecting a loop in configured non-shutdown mode, the RAX711-C automatically starts the automatic restoration and releases the block interface after the loop is eliminated. 5.1.6 Interface protection When you need to isolate Layer 2 data among different interfaces, you can add these interfaces to different VLANs. Sometimes when you need to isolate Layer 2 data among different interfaces in the same VLAN, you can apply interface protection. You can enable interface protection on interfaces that need to be controlled, thus isolating Layer 2 data among different interfaces like physical isolation. This enhances network security, and provide flexible networking scheme for users. After being configured with interface protection, interfaces cannot transmit packets to each other. However, they can still communicate with interfaces that are not enabled with interface protection. 5.1.7 Port mirroring Port mirroring refers to mirroring packets of the source ports to the monitor port without affecting packets forwarding. After port mirroring takes effect, packets in the ingress and egress directions of a port will be copied to the monitor port. The mirroring port and monitor port cannot be the same port. You can use this function to monitor the receiving and sending status of a port and analyze the network situation. Raisecom Proprietary and Confidential 72 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Figure 5-8 Principles of port mirroring PC 1 accesses the network through Client port 1 on the RAX711-C. PC 3 is the monitor PC and is connected to Client port 2 on the RAX711-C. To monitor packets sent by PC 1, you need to configure Client port 1 as the mirroring port and enable port mirroring for packets on the ingress port. Configure Client port 2 as the monitor port, namely, the mirroring destination port. When forwarding a packet sent by PC 1, the RAX711-C mirrors the packet to Client port 2. PC 3 connected to the monitor port receives and analyzes these mirrored packets. 5.1.8 Storm control The Layer 2 network is a broadcast domain. When an interface receives excessive broadcast, unknown multicast, and unknown unicast packets, broadcast storm occurs. If you do not control broadcast packets, broadcast storm may occur and occupies much network bandwidth. Broadcast storm can degrade network performance and impact forwarding of unicast packets or even lead to communication halt. Restricting broadcast flow generated from network on Layer 2 device can suppress broadcast storm and ensure common unicast forwarding normally. Occurrence of broadcast storm The following flows may cause broadcast flow: Unknown unicast packets: unicast packets of which the destination MAC is not in the MAC address table, namely, the Destination Lookup Failure (DLF) packets. If these packets are excessive in a period, the system floods them and broadcast storm may occur. Unknown multicast packets: multicast packets of which the destination MAC is not in the MAC address table. If these packets are excessive in a period, the system floods them and broadcast storm may occur. Broadcast packets: packets of which the destination MAC is multicast. If these packets are excessive in a period, broadcast storm may occur. Raisecom Proprietary and Confidential 73 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Principles of storm control Storm control filters broadcast, unknown multicast, unknown unicast packets that may generate broadcast storm on the network. After storm control is enabled, the RAX711-C will automatically discard broadcast packets. If storm control is disabled or broadcast packets have not reached the preconfigured threshold, the RAX711-C will normally forward packets to other interfaces of the device. 5.1.9 L2CP Metro Ethernet Forum (MEF) introduces service concepts, such as EPL, EVPL, EP-LAN, and EVP-LAN. Different service types have different processing modes for Layer 2 Control Protocol (L2CP) packets. The RAX711-C supports the following L2CP packets: CDP 802.1x LACP LLDP 802.3ah PVST STP VTP MEF6.1 defines processing modes for L2CP as below. Discard: discard the packet, by applying the configured L2CP profile on the ingress interface of the RAX711-C. Peer: send packets to the CPU in the same way as the discard action. Tunnel: transparently transmit packets. It is more complex than discard and peer mode, requiring cooperating profile at network side interface and carrier side interface tunnel terminal to allow packets to pass through the carrier network. 5.2 Configuring MAC address table 5.2.1 Preparing for configurations Scenario When configuring the MAC address table, you can configure static MAC addresses for fixed and important devices to prevent illegal users from accessing the network from other locations. To avoid saving excessive dynamic MAC addresses to the MAC address table and exhausting resources of the MAC address table, you need to configure the aging time of dynamic MAC addresses to ensure upgrading dynamic MAC addresses effectively. Raisecom Proprietary and Confidential 74 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Prerequisite N/A 5.2.2 Configuring static MAC address table Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mac-address Add a static unicast MAC address to the MAC address table. static unicast mac-address vlan vlan-id interface-type interface-number It must be a unicast MAC address. The local MAC address, multicast address, all-F, and all-0 MAC addresses cannot be configured as the static MAC address. 5.2.3 Configuring dynamic MAC address table Commands for steps 2 to 4 are used to configure dynamic MAC address limit in interface configuration mode. Commands for steps 5–9 are used to configure dynamic MAC address limit in VLAN configuration mode and VSI configuration mode respectively. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#mac-address Enable MAC address learning. learning enable By default, MAC address learning is enabled. 4 Raisecom(config-port)#mac-address (Optional) configure dynamic MAC address limit. threshold threshold-value [ action { discard | forward } ] By default, no dynamic MAC address limit is configured. 5 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode. 6 Raisecom(config-vlan)#mac-address Enable MAC address learning. learning enable By default, MAC address learning is enabled. 7 Raisecom(config)#mac-address aging- (Optional) configure the aging time of MAC address. time second By default, the aging time is 300s. 8 Raisecom(config)#vlan vlan-id (Optional) enter VLAN configuration mode. 9 Raisecom(config-vlan)#mac-address (Optional) configure dynamic MAC address limit. threshold threshold-value By default, no dynamic MAC address limit is configured. Raisecom Proprietary and Confidential 75 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.2.4 Configuring blackhole MAC address Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mac-address blackhole Create the blackhole MAC address. By default, mac-address vlan vlan-id no blackhole MAC address is configured. 5.2.5 Configuring suppression of MAC address flapping Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mac- Enable global suppression of MAC address flapping. address move-restrain enable By default, it is disabled. 3 Raisecom(config)#mac- Enable Trap sending for global suppression of MAC address address mac-move trap flapping. enable By default, it is enabled. 5.2.6 Checking configurations No. Command Description 1 Raisecom#show mac-address count [ vlan vlan-id ] Show the number of MAC [ interface-type interface-number ] addresses. 2 Raisecom#show mac-address { all | static | Show MAC addresses. dynamic } [ vlan vlan-id ] [ interface-type interface-number ] 3 Raisecom#show mac-address learning [ vlan | Show enabling information about interface-type interface-number ] the automatic learning of MAC address table. 4 Raisecom#show mac-address mac-move Show status of MAC address flapping. 5 Raisecom#show mac-address threshold [ interface- Show configurations of MAC type interface-number | vlan vlan-list ] address limit. 5.2.7 Maintenance No. Command Description 1 Raisecom(config)#clear mac-address { all | Clear MAC addresses of a blackhole | dynamic | static | mac-address } [ vlan specified type. vlan-id ] [ interface-type interface-number ] Raisecom Proprietary and Confidential 76 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet No. Command Description 2 Raisecom(config)#search mac-address mac-address Query a MAC address. { all | dynamic | static } [ interface-type interface-number ] [ vlan vlan-id ] 5.3 Configuring VLAN 5.3.1 Preparing for configurations Scenario The main function of VLAN is to partition logic network segments. There are 2 typical application modes: Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that connect to the device are carved up by VLANs. So hosts in the same VLAN can communicate, but hosts between different VLANs cannot communicate. For example, the financial department needs to be separated from other departments and they cannot access each other. In general, the port connected to the host is in Access mode. Big LAN or enterprise network: multiple Layer 2 devices connect to multiple hosts and these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of multiple devices, which have identical VLAN, can communicate, but hosts between different VLANs cannot communicate. This mode is used for enterprises that have many people and need a lot of hosts, and the people and hosts are in the same department but different positions. Hosts in one department can access each other, so you have to carve up VLAN on multiple devices. Layer-3 devices like a router are required if you want to communicate among different VLANs. The concatenated ports among devices are in Trunk mode. Prerequisite N/A 5.3.2 Configuring VLAN properties Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#create vlan vlan-list Create a VLAN. active By default, there is no VLAN and the interface is not added to any VLAN. 3 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode. 4 Raisecom(config-vlan)#name vlan-name (Optional) configure the VLAN name. Raisecom(config-vlan)#exit 5 Raisecom(config)#interface interface- Enter physical layer interface configuration mode. type interface-number Raisecom Proprietary and Confidential 77 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description 6 Raisecom(config-port)#switchport mode Configure the current interface to be an { access | trunk } Access/Trunk interface. By default, all interfaces are Access interfaces. 7 Raisecom(config-port)#switchport Configure the type of packets that are disallowed reject-frame { tagged | untagged } to pass on the interface. VLANs that are created through the vlan vlan-id command are in active status. All configurations of a VLAN cannot take effect until the VLAN is activated. 5.3.3 Configuring VLANs based on Access interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter physical layer interface interface-number configuration mode. 3 Raisecom(config-port)#switchport mode access Configure the interface mode to Access. 4 Raisecom(config-port)#switchport access vlan Configure the interface Access VLAN. vlan-id 5 Raisecom(config-port)#switchport access egress- Configure the VLAN list allowed by allowed vlan { all | vlan-list } [ confirm ] the Access interface. Raisecom(config-port)#switchport access egress- allowed vlan { add | remove } vlan-list 5.3.4 Configuring VLANs based on Trunk interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter physical layer interface configuration mode. type interface-number 3 Raisecom(config-port)#switchport mode Configure the interface mode to Trunk. trunk 4 Raisecom(config-port)#switchport trunk Configure the interface Native VLAN. native vlan vlan-id 5 Raisecom(config-port)# switchport trunk (Optional) configure the VLAN list allowed by allowed vlan { all | vlan-list } the Trunk interface. [ confirm ] Raisecom Proprietary and Confidential 78 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description 6 Raisecom(config-port)#switchport trunk (Optional) configure the Untagged VLAN list untagged vlan { all | vlan-list } allowed by the Trunk interface. [ confirm ] 7 Raisecom(config-port)#switchport trunk (Optional) configure the action taken by the native vlan { tagged | untagged } Trunk interface when a packet with the Native VLAN Tag comes out of the interface. The Trunk interface permits Native VLAN packets passing regardless of configurations for Trunk Allowed VLAN list and Trunk Untagged VLAN list on the interface. And forwarded packets do not carry VLAN TAG. When configuring a Native VLAN, the system will automatically create and activate a VLAN if you do not create the VLAN in advance. The interface permits Trunk Allowed VLAN packets passing. If the VLAN is a Trunk Untagged VLAN, the VLAN TAG of the packet is removed on the egress interface. Otherwise, the packet is not modified. If the configured Native VLAN is not the default VLAN and there is no default VLAN in the VLAN list on the Trunk interface, the interface will not allow packets in the default VLAN to pass. When configuring a Trunk Untag VLAN list, the system automatically adds all Untagged VLAN to the Trunk allowed VLAN. Trunk allowed VLAN list and Trunk Untagged VLAN list are valid for the static VLAN only. 5.3.5 Checking configurations No. Command Description 1 Raisecom#show vlan [ vlan-list | static Show configurations and status of all VLANs or | dynamic ] [ detail ] a specified VLAN. 2 Raisecom#show switchport interface Show switching configurations on the interface interface-type interface-number 5.4 Configuring super VLAN 5.4.1 Preparing for configurations Scenario With super VLAN, hosts that are connected to the same switch but belong to different VLANs can communicate on Layer 3 by using the IP address of Layer 3 interface of the super VLAN as the default gateway. Raisecom Proprietary and Confidential 79 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Prerequisite After being configured, the super VLAN cannot contain any member interfaces. If a VLAN has member interfaces, it cannot be configured with attributes of super VLAN. Create a VLAN to be added to the super VLAN, and activate it. 5.4.2 Configuring super VLAN Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#create vlan vlan-id Create a VLAN. active 3 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode. 4 Raisecom(config-vlan)#supervlan Configure the VLAN as a super VLAN. 5 Raisecom(config-vlan)#subvlan [ add | Configure sub-VLANs of the super VLAN. remove ] subvlan-id 6 Raisecom(config-vlan)#exit Exit VLAN configuration mode. 7 Raisecom(config)#interface vlan vlan-id Enter VLAN interface configuration mode. 8 Raisecom(config-vlanif)#ip address ip- Configure the IP address of the super VLAN. address 9 Raisecom(config-vlanif)#arp local-proxy Enable local ARP proxy of the super VLAN. enable By default, it is disabled. After being configured as a super VLAN, a VLAN cannot be configured with the VLAN interface and IP address. 5.4.3 Checking configurations No. Command Description 1 Raisecom#show supervlan [ vlan-id ] Show configurations of super VLAN and sub- Raisecom#show vlan VLANs. 2 Raisecom#show ip interface brief Show configurations of the IP address of the super VLAN. Raisecom Proprietary and Confidential 80 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.5 Configuring basic QinQ 5.5.1 Preparing for configurations Scenario With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID. Therefore, the data between devices on both ends of the Internet Service Provider (ISP) network can be transparently transmitted, without conflicting with the VLAN ID in the ISP network. Prerequisite Connect interfaces and configure physical parameters of interfaces. Make the physical layer Up. Create a VLAN. 5.5.2 Configuring basic QinQ Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls double-tagging (Optional) configure the TPID of global inner inner-tpid tpid Tags. 3 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 4 Raisecom(config-port)#tpid tpid Configure the interface TPID. By default, it is 0x8100. 5 Raisecom(config-port)#dot1q-tunnel Enable basic QinQ on the interface. 6 Raisecom(config-port)#dot1q-tunnel cos (Optional) enable the inner CoS Tag to override override the outer CoS Tag. By default, this function is disabled. 7 Raisecom(config-port)#switchport access (Optional) add the Access interface to the VLAN. vlan vlan-id Raisecom(config-port)#switchport trunk (Optional) add the Trunk interface to the VLAN. native vlan vlan-id 5.5.3 Configuring egress interface to Trunk mode Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#switchport Configure the interface to Trunk mode. mode trunk Raisecom Proprietary and Confidential 81 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.5.4 Checking configurations No. Command Description 1 Raisecom#show dot1q-tunnel Show configurations of basic QinQ. 5.6 Configuring selective QinQ 5.6.1 Preparing for configurations Scenario Different from basic QinQ, selective QinQ features different outer VLAN Tags for services on the network, such as voice, video, and data services. It can group services when services are forwarded, implementing the VLAN mapping between inner and outer VLAN tags. Prerequisite Connect interfaces and configure physical parameters of interfaces. Make the physical layer Up. Create a VLAN. 5.6.2 Configuring selective QinQ Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls double-tagging inner- (Optional) configure the TPID value of the tpid tpid inner Tag. 3 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 4 Raisecom(config-port)#tpid tpid Configure the interface TPID. By default, it is 0x8100. 5 Raisecom(config-port)#switchport vlan- Configure selective QinQ rules on the mapping cvlan vlan-list [ cos cos-value ] interface in ingress direction. add-outer vlan-id [ cos cos-value ] 6 Raisecom(config-port)#switchport vlan- Add double VLAN Tags to untagged mapping both cvlan vlan-id add-outer vlan- packets received by the interface. id [ cos cos-value ] { translate vlan-id | remove } Raisecom(config-port)#switchport vlan- Add the outer VLAN Tag to packets with mapping both cvlan vlan-id cos cos-value1 CVLAN and CoS received by the interface. add-outer vlan-id [ cos cos-value2 ] { translate vlan-id | remove } Raisecom Proprietary and Confidential 82 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description Raisecom(config-port)#switchport vlan- Configure VLAN mapping rules for packets mapping both outer vlan-id [ inner vlan- with the outer VLAN Tag or double VLAN id ] translate vlan-id1 vlan-id2 [ cos cos- Tags received by the interface. value ] Raisecom(config-port)#switchport vlan- Add the outer VLAN Tag to packets with mapping both priority-tagged cos cos-value1 priority Tag and CoS received on the add-outer vlan-id [ cos cos-value2 ] interface. Raisecom(config-port)#switchport vlan- Add the outer VLAN Tag to packets with mapping both { untag | priority-tagged } priority Tag and untagged packets received add-outer vlan-id [ cos cos-value ] on the interface. [ translate vlan-id | remove ] Raisecom(config-port)#switchport vlan- Add the outer VLAN Tag to packets with mapping both inner vlan-id add-outer vlan- VLAN Tag received on the interface, and id [ cos cos-value ] specify the outer CoS. 7 Raisecom(config-port)#switchport vlan- (Optional) configure the interface to discard mapping-miss discard packets that mismatch VLAN mapping rules. If you have configured selective QinQ based on VLAN+CoS, or specified the CoS value of the added outer Tag, you need to use the no dotlq-tunnel command on the interface to disable basic QinQ. The switchport interface cannot be configured with selective QinQ in aggregation group configuration mode. 5.6.3 Checking configurations No. Command Description 1 Raisecom#show dot1q-tunnel Show configurations of basic QinQ. 2 Raisecom#show vlan-mapping interface Show configurations of selective QinQ. interface-type interface-number add-outer 3 Raisecom#show vlan-mapping both interface Show VLAN mapping rules in both interface-type interface-number directions of the interface. Raisecom Proprietary and Confidential 83 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.7 Configuring VLAN mapping 5.7.1 Preparing for configurations Scenario Differentiated from QinQ, VLAN mapping only changes the VLAN tag but does not encapsulate additional multilayer VLAN Tag. You just need to change VLAN Tag to make packets transmitted according to carrier's VLAN mapping rules, without increasing frame length of the original packet. VLAN mapping is used in the following situations: Map user services into one carrier VLAN ID. Map multi-user services into one carrier VLAN ID. Prerequisite Connect the interface, configure its physical parameters, and make it Up at the physical layer. Create and activate a VLAN. 5.7.2 Configuring 1:1 VLAN mapping Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter physical layer interface configuration interface-number mode. 3 Raisecom(config-port)#switchport vlan- Configure 1:1 VLAN mapping rules on the mapping { egress | ingress } vlan-id ingress/egress interface. translate vlan-id You can configure 1:1 VLAN mapping based on outer VLAN ID, outer CoS, inner VLAN ID, and inner CoS. 4 Raisecom(config-port)#switchport vlan- Configure VLAN+CoS VLAN mapping mapping egress outer vlan-list [ cos cos- rules on the egress interface. value ] [ inner vlan-list ] [ cos cos- value ] translate [ outer-vid vlan-id ] [ outer-cos cos-value ] [ inner-vid vlan- id ] [ inner-cos cos-value ] 5 Raisecom(config-port)#switchport vlan- (Optional) configure the interface to discard mapping-miss discard mismatched packets on the interface in ingress direction. For packets complying with VLAN mapping rules, forward them after VLAN mapping. Namely, the forwarded VLAN is the mapped VLAN and the MAC address of the packet is learnt from the mapped VLAN. Raisecom Proprietary and Confidential 84 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.7.3 Configuring N:1 VLAN mapping Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#switchport Configure N:1 VLAN mapping rules on the vlan-mapping both vlan-list ingress/egress interface. translate vlan-id By default, VLAN mapping is disabled. 5.7.4 Checking configurations No. Command Description 1 Raisecom#show vlan-mapping interface interface-type Show configurations of interface-number { both | egress | ingress } translate VLAN mapping. 5.8 Configuring loop detection 5.8.1 Preparing for configurations Scenario On the network, hosts or Layer 2 devices connected to access devices may form a loop intentionally or involuntarily. Enable loop detection on downlink interfaces on all access devices to avoid the network congestion generated by unlimited copies of data traffic. When a loop is detected on an interface, the interface will be blocked. Prerequisite Configure physical parameters of the interface and make it Up at the physical layer. 5.8.2 Configuring loop detection For directly-connected devices, you cannot enable loop detection on both ends simultaneously. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number Raisecom Proprietary and Confidential 85 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description 3 Raisecom(config-port)#loopback- Enable loop detection on an interface. detection [ pkt-vlan { untag | vlan- id } ] [ hello-time second ] [ restore- (Optional) configure the VLAN for sending time second ] [ action { block | trap- packets, the period for sending Hello packets, only | shutdown } ] [ log-interval restoration period, action taken for loops, and minute ] logging interval. Raisecom(config-port)#loopback- Enable loop detection on an interface. detection detect-vlanlist vlan-list [ hello-time second ] [ restore-time (Optional) configure the VLAN list for loop second ] [ action { discard-vlan | detection, the period for sending Hello packets, trap-only | shutdown } ] [ log-interval restoration period, action taken for loops, and minute ] logging interval. 4 Raisecom(config-port)#loopback- (Optional) configure the interval for outputting detection manual restore log for the loop detection. By default, it is 0 minute. 5.8.3 Checking configurations No. Command Description 1 Raisecom#show loopback-detection [ interface- Show configurations of loop detection on type interface-number ] [ detail ] the interface. 5.8.4 Maintenance No. Command Description 1 Raisecom(config)#clear loopback-detection Clear statistics on loop detection on the statistic [ interface-type interface-number ] interface. 5.9 Configuring interface protection 5.9.1 Preparing for configurations Scenario To isolate Layer 2 data among interfaces in a VLAN and implement isolation similar to physical isolation, you need to configure interface protection. By configuring interface protection, you can isolate data among interfaces in a VLAN, enhance network security, and provide flexible networking scheme for users. Raisecom Proprietary and Confidential 86 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Prerequisite N/A 5.9.2 Configuring interface protection Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#switchport Enable interface protection. protect 5.9.3 Checking configurations No. Command Description 1 Raisecom#show switchport protect Show configurations of interface protection. 5.10 Configuring port mirroring 5.10.1 Preparing for configurations Scenario Port mirroring refers to mirroring packets of the specified mirroring port to the specified monitor port or LAG without affecting packet forwarding. You can use this function to monitor the receiving and sending status of one or more ports and analyze the network situation. Prerequisite N/A 5.10.2 Configure port mirroring of CPU packets Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mirror- Configure port mirroring of CPU packets, and configure port group group-id source-cpu mirroring rules. [ ingress | egress ] You can configure port mirroring in both the ingress and egress directions. Raisecom Proprietary and Confidential 87 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 5.10.3 Configuring port mirroring Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mirror-group Create a port mirroring group. group-id 3 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 4 Raisecom(config-port)#mirror- Configure the monitor port of port mirroring. group group-id monitor-port 5 Raisecom(config-port)#mirror- Configure the mirroring port and the mirroring rules. group group-id source-port { ingress | egress } You can configure port mirroring in both the ingress and egress directions. 5.10.4 Checking configurations No. Command Description 1 Raisecom#show mirror-group [ group-id ] Show configurations of port mirroring. 5.11 Configuring storm control 5.11.1 Preparing for configurations Scenario Configuring storm control on Layer 2 devices can prevent broadcast storm when broadcast packets increase sharply on the network. Therefore, this helps ensure that the unicast packets can be properly forwarded. In addition, you can configure storm control to filter packets to forward or discard packets. Prerequisite Connect interfaces and configure physical parameters of interfaces. Make the physical layer Up. 5.11.2 Configuring storm control Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter physical layer interface configuration mode. type interface-number Raisecom Proprietary and Confidential 88 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description 3 Raisecom(config-port)#storm-control Configure the storm control threshold. { broadcast | unknown-multicast | dlf | all } bps bps By default, it is 0, namely, no rate limiting. 4 Raisecom(config-port)#storm-filter Enable storm filtering. { broadcast | unknown-multicast | dlf | all } enable By default, it is disabled. When storm control is enabled, you can configure rate limiting but rate limiting will not take effect. After storm control is disabled, rate limiting will take effect. 5.11.3 Checking configurations No. Command Description 1 Raisecom#show storm-control interface Show configurations of storm control. [ interface-type interface-number ] 5.12 Configuring L2CP 5.12.1 Preparing for configurations Scenario On the access device of MAN, you can configure a L2CP profile on user network interface according to services from the carrier to configure L2CP of the user network so that L2CP packets from the user network are processed in different ways. Prerequisite N/A 5.12.2 Configuring global L2CP Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#l2cp-process Configure the multicast destination MAC address of tunnel destination-address transparently transmitted packets. mac-address By default, it is 010E.5E00.0003. Raisecom Proprietary and Confidential 89 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet The multicast destination MAC address cannot begin with 0180.C2 or 010E.5E (except 010E.5E00.0003). 5.12.3 Configuring L2CP profile Configuring basic information about L2CP profile Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#l2cp- Create a L2CP profile for processing packets. process profile profile-id Enter L2CP profile configuration mode. 3 Raisecom(config-l2cp- (Optional) configure the name of the L2CP profile. profile)#name string 4 Raisecom(config-l2cp- Configure the action for processing L2CP packets of the specified profile)#l2cp-process type. protocol { oam | stp | dot1x | lacp | lldp | By default: cdp | vtp | pvst | elmi L2CP profile 1 sends OAM, Dot1x, LACP, and LLDP packets to | udld | pagp | all } the CPU, discards VTP, PVST, CDP, UDLD, and PAGP packets, action { tunnel | drop and transparently transmit STP packets. | peer } L2CP profile 2 transparently transmits STP, Dot1x, LACP, CDP, VTP, PVST, ELMI, UDLD, and PAGP packets, and sends OAM and LLDP packets to the CPU. A new L2CP profile transparently transmits STP, Dot1x, LACP, CDP, VTP, PVST, LLDP, ELMI, UDLD, and PAGP packets, and sends OAM packets to the CPU. Configuring transparently transmitted packets Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#l2cp- Create a L2CP profile for processing packets. process profile profile-id Enter L2CP profile configuration mode. 3 Raisecom(config-l2cp- Configure the egress interface for transparently transmitting profile)#tunnel interface- L2CP packets, namely, the carrier-side interface. type interface-number 4 Raisecom(config-l2cp- Configure the type of the tunnel for transparently transmitting profile)#tunnel tunnel-type L2CP packets to MAC. { mac } Raisecom Proprietary and Confidential 90 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Step Command Description 5 Raisecom(config-l2cp- When the type of the tunnel for transparent transmission is profile)#tunnel vlan vlan-id MAC, configure the VLAN ID for transparently transmitting L2CP packets. In addition, you must configure the carrier-side interface to allow packets of this VLAN to pass. 5.12.4 Applying L2CP profile Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#l2cp-process Apply the L2CP profile on the interface. profile profile-id 5.12.5 Checking configurations No. Command Description 1 Raisecom#show l2cp-process profile [ profile- Show information about the created id ] L2CP profile. 2 Raisecom#show l2cp-process [ interface-type Show configurations of L2CP on the interface-number ] interface. 3 Raisecom#show l2cp-process tunnel statistics Show statistics on L2CP packets on [ interface-type interface-number ] the interface. 5.13 Maintenance Command Description Raisecom(config)#clear mac-address { all | blackhole | Clear MAC addresses. dynamic | static | mac-address } [ vlan vlan-id ] [ interface-type interface-number ] Raisecom(config)#search mac-address mac-address { all Query MAC addresses. | dynamic | static } [ interace-type interface- number ] [ vlan vlan-id ] Raisecom(config)#clear arp Clear the ARP address table. Raisecom(config-port)#clear loopback-detection Clear statistics on loop detection. statistic Raisecom Proprietary and Confidential 91 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Command Description Raisecom(config)#clear l2cp-process tunnel statistics Clear statistics on L2CP packets on interface-type interface-number the interface. 5.14 Configuration examples 5.14.1 Example for configuring MAC address table Networking requirements As shown in Figure 5-9, the switch is connected upstream to the IP network through Client interface 1 on the RAX711-C to make PC 2 and PC 3 access the IP network. Configure a static unicast MAC address on Client interface 2 for forwarding packets from the switch to the IP network. Meanwhile, enable dynamic MAC address learning on the RAX711-C. Configuration parameters are as below: MAC address of the switch : 000E.5E03.0405 VLAN and type of Client interface 1: VLAN 10 and Access Aging time of dynamic MAC addresses: 500s Figure 5-9 Configuring MAC address table Configuration steps Step 1 Create and activate VLAN 10. Add Client interface 1 to VLAN 10. Raisecom Proprietary and Confidential 92 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Raisecom#config Raisecom(config)#create vlan 10 active Raisecom(config)#interface client 1 Raisecom(config-client1)#switchport access vlan 10 Raisecom(config-client1)#exit Step 2 Configure a static MAC address, which is in VLAN 10. Raisecom(config)#mac-address static unicast 000e.5e03.0405 vlan 10 client 1 Step 3 Configure the aging time of the MAC address to 500s. Raisecom(config)#mac-address aging-time 500 Raisecom(config)#exit Checking results Use the show mac-address static command to show configurations of MAC addresses. Raisecom#show mac-address static Mac Address Port Vlan Flags ------------------------------------------------------------------ 000E.5E03.0406 client 1 10 static 5.14.2 Example for configuring VLAN and interface protection Networking requirements As shown in Figure 5-10, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN 20. RAX711-C A and RAX711-C B are connected through a Trunk interface and disallow packets of VLAN 20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other. Enable interface protection on PC 1 and PC 2 to make them fail to communicate. However, PC 1 and PC 2 can communicate with PC 5 respectively. Raisecom Proprietary and Confidential 93 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Figure 5-10 Configuring VLAN Configuration steps Step 1 Create and activate VLAN 10 and VLAN 20 on RAX711-C A and RAX711-C B respectively. Configure RAX711-C A. RAX711-CA#config RAX711-CA(config)#create vlan 10,20 active Configure RAX711-C B. RAX711-CB#config RAX711-CB(config)#create vlan 10,20 active Step 2 Add Client interface 1 (Access) and Client interface 2 (Access) on RAX711-C B to VLAN 10. Add Client interface 3 (Access) to VLAN 20. Line 1 is in Trunk mode and allows packets of VLAN 10 to pass. RAX711-CB(config)#interface client 1 RAX711-CB(config-client1)#switchport mode access RAX711-CB(config-client1)#switchport access vlan 10 RAX711-CB(config-client1)#exit RAX711-CB(config)#interface client 2 RAX711-CB(config-client2)#switchport mode access RAX711-CB(config-client2)#switchport access vlan 10 RAX711-CB(config-client2)#exit Raisecom Proprietary and Confidential 94 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet RAX711-CB(config)#interface client 3 RAX711-CB(config-client3)#switchport mode access RAX711-CB(config-client3)#switchport access vlan 20 RAX711-CB(config-client3)#exit RAX711-CB(config)#interface line 1 RAX711-CB(config-line1)#switchport mode trunk RAX711-CB(config-line1)#switchport trunk allow vlan 10 RAX711-CB(config-line1)#exit Step 3 Add Client interface 2 (Access) on RAX711-C A to VLAN 10 and Client interface 1 (Trunk) to VLAN 20. Client interface 1 works in Trunk mode and allows packets of VLAN 10 to pass. RAX711-CA(config)#interface client 2 RAX711-CA(config-client2)#switchport mode access RAX711-CA(config-client2)#switchport access vlan 10 RAX711-CA(config-client2)#exit RAX711-CA(config)#interface client 1 RAX711-CA(config-client1)#switchport mode trunk RAX711-CA(config-client1)#switchport trunk native vlan 20 RAX711-CA(config-port)#exit RAX711-CA(config)#interface line 1 RAX711-CA(config-line1)#switchport mode trunk RAX711-CA(config-line1)#switchport trunk allow vlan 10 RAX711-CA(config-line1)#exit Step 4 Enable interface protection on Client interface 1 and Client interface 2 on RAX711-C B. RAX711-CB(config)#interface client 1 RAX711-CB(config-client1)#switchport protect RAX711-CB(config-client1)#exit RAX711-CB(config)#interface client 2 RAX711-CB(config-client2)#switchport protect RAX711-CB(config-client2)#exit Checking results Use the show vlan command to show VLAN configurations. Take RAX711-C B for example. RAX711-CB#show vlan Switch Mode: -- VLAN Name State Status Priority Member-Ports ------------------------------------------------------------------------- 1 VLAN0001 active static -- 2 VLAN0002 active static -- 3 VLAN0003 active static -- Raisecom Proprietary and Confidential 95 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet 4 VLAN0004 active static -- 5 VLAN0005 active static -- 6 VLAN0006 active static -- 7 VLAN0007 active static -- 8 VLAN0008 active static -- 9 VLAN0009 active static -- 10 VLAN0010 active static -- client 1 client 2 client 2 20 VLAN0020 active static --client 3 Use the show switchport interface command to show VLAN configurations on the interface. Take RAX711-C B for example. RAX711-CB#show switchport interface client 1 Interface: client1 Switch Mode: switch Reject frame type: none Administrative Mode: access Operational Mode: access Access Mode VLAN: 10 Administrative Access Egress VLANs: Operational Access Egress VLANs: 10 Trunk Native Mode VLAN: 0 Administrative Trunk Allowed VLANs: Operational Trunk Allowed VLANs: Administrative Trunk Untagged VLANs: Operational Trunk Untagged VLANs: Administrative private-vlan host-association: Administrative private-vlan mapping: Operational private-vlan: -- Use the show switchport protect command to show configurations of interface protection. RAX711-CB#show switchport protect Port Protected State Port Protected State -------------------------- line1 disable line2 disable line3 disable line4 disable client1 enable client2 enable client3 enable client4 enable client5 disable client6 disable client7 disable client8 disable Raisecom Proprietary and Confidential 96 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet client9 disable client10 disable client11 disable client12 disable Use the ping command to learn allowable VLANs for the Trunk interface. If PC1 can ping through PC 5, VLAN 10 communicates properly. If PC 2 can ping through PC 5, VLAN 10 communicates properly. If PC 3 fails to ping through PC 4, VLAN 20 communicates improperly. By executing the ping command between PC 1 and PC 2, check configurations of interface protection. If PC1 fails to ping through PC 2, interface protection takes effect. 5.14.3 Example for configuring basic QinQ Networking requirements As shown in Figure 5-11, RAX711-C A and RAX711-C B are connected to VLAN 100 and VLAN 200 respectively. To communicate through the ISP, Department A and Department C, Department B and Department D should set the outer Tag to VLAN 1000. Configure Client interface1 and Client interface 2 on RAX711-C A and RAX711-C B working in dot1q-tunnel mode and being connected to VLAN 100 and VLAN 200. Client interface 1 is used to connect the ISP network, which works in Trunk mode and allows double-tagged packets to pass. The TPID is configured to 9100. Raisecom Proprietary and Confidential 97 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Figure 5-11 Configuring basic QinQ Configuration steps Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000. Configure RAX711-C A. RAX711-CA#config RAX711-CA(config)#create vlan 100,200,1000 active Configure RAX711-C B. RAX711-CB#config RAX711-CB(config)#create vlan 100,200,1000 active Step 2 Configure Client interface 1 and Client interface 2 to work in dot1q-tunnel mode. Configure the outer TPID to 9100. Configure RAX711-C A. Raisecom Proprietary and Confidential 98 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet RAX711-CA(config)#interface client 1 RAX711-CA(config-client1)#tpid 9100 RAX711-CA(config-client1)#switchport mode access RAX711-CA(config-client1)#switchport access vlan 1000 RAX711-CA(config-client1)#dot1q-tunnel RAX711-CA(config-client1)#exit RAX711-CA(config)#interface client 2 RAX711-CA(config-client2)#tpid 9100 RAX711-CA(config-client2)#switchport mode trunk RAX711-CA(config-client2)#switchport trunk native vlan 1000 RAX711-CA(config-client2)#dot1q-tunnel RAX711-CA(config-client2)#exit Configure RAX711-C B. RAX711-CB(config)#interface client 1 RAX711-CB(config-client1)#tpid 9100 RAX711-CB(config-client1)#switchport mode access RAX711-CB(config-client1)#switchport access vlan 1000 RAX711-CB(config-client1)#dot1q-tunnel RAX711-CB(config-client1)#exit RAX711-CB(config)#interface client 2 RAX711-CB(config-client2)#tpid 9100 RAX711-CB(config-client2)#switchport mode trunk RAX711-CB(config-client2)#switchport trunk native vlan 1000 RAX711-CB(config-client2)#dot1q-tunnel RAX711-CB(config-client2)#exit Step 3 Configure Line interface 1 to allow double-tagged packets to pass. Configure RAX711-C A. RAX711-CA(config)#interface line 1 RAX711-CA(config-line1)#switchport mode trunk RAX711-CA(config-line1)#switchport trunk allowed vlan 1000 RAX711-CA(config-line1)#exit Configure RAX711-C B. RAX711-CB(config)#interface line 1 RAX711-CB(config-line1)#switchport mode trunk RAX711-CB(config-line1)#switchport trunk allowed vlan 1000 RAX711-CB(config-line1)#exit Raisecom Proprietary and Confidential 99 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Checking results Use the show dot1q-tunnel command to show QinQ configurations. Take RAX711-C A for example. RAX711-CA(config-port)#show dot1q-tunnel Inner TPID: 0x8100 Interface QinQ Status Outer TPID on port Cos override Vlan-map-miss drop ------------------------------------------------------------------------- --- client1 -- 0x8100 disable disable client2 -- 0x8100 disable disable client3 -- 0x8100 disable disable client4 -- 0x8100 disable disable line1 -- 0x8100 disable disable line2 -- 0x8100 disable disable vsap1 -- 0x8100 disable disable 5.14.4 Example for configuring port mirroring Networking requirements As shown in Figure 5-12, user network 1 is connected to the RAX711-C through Client interface 1 and user network 2 is connected to the RAX711-C through Client interface 2. The network administrator needs to monitor packets transmitted to and sent by user network 1 through the monitor PC, obtain anomalous data traffic, and analyze and address problems. The monitor PC is connected to the RAX711-C through Client interface 3. Figure 5-12 Configuring port mirroring Configuration steps Step 1 Create port mirroring group 1. Raisecom Proprietary and Confidential 100 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Raisecom#config Raisecom(config)#mirror group 1 Step 2 Configure Client interface 3 to the monitor port. Raisecom(config)#interface client 3 Raisecom(config-client3)#mirror-group 1 monitor-port Step 3 Configure Client interface 1 to the mirroring port and configure the mirroring rule to ingress. Raisecom(config)#interface client 1 Raisecom(config-client1)#mirror-group 1 source-port ingress Checking results Use the show mirror-group command to show port mirroring configurations. Raisecom#show mirror-group Mirror Group 1 : Monitor Port : client3 Source Port : client1 : ingress 5.14.5 Examples for configuring storm control Networking requirements As shown in Figure 5-13, to control the influence of the broadcast storm on RAX711-C A, you need to deploy storm control on RAX711-C A to control broadcast packets. The storm control threshold is configured to 2000 pps. Raisecom Proprietary and Confidential 101 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Figure 5-13 Configuring storm control Configuration steps Configure storm control on RAX711-C A. Raisecom#config Raisecom(config)#interface line 1 Raisecom(config-line1)#storm-filter broadcast enable Raisecom(config-line1)#storm-control broadcast pps 2000 Raisecom(config-port)#exit Raisecom(config)#interface line 2 Raisecom(config-line2)#storm-filter broadcast enable Raisecom(config-line2)#storm-control broadcast pps 2000 Checking results Use the show storm-control command to show configurations of storm control. Raisecom(config)#show storm-control interface line 1 Interface Packet-Type Filter-Status Bps(Kbps) RealBps ------------------------------------------------------------------------- --- line1 Broadcast Enable 2000 1984 Multicast Disable 2000 1984 Dlf Disable 2000 1984 5.14.6 Example for configuring L2CP Networking requirements As shown in Figure 5-14, configure L2CP on RAX711-C A and RAX711-C B to transparently transmit L2CP packets of Customer A and Customer B through the MAN as below. Raisecom Proprietary and Confidential 102 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Specify the multicast destination MAC address of them to 0100.1234.1234. Configure the STP packets of Customer A to pass the MAN, and discard other packets. The type of the tunnel is MAC, with the multicast MAC address of 0100.1234.1234 and VLAN of VLAN 1000. Configure the STP and LLDP packets of Customer B to pass the MAN, and discard other packets. The type of the tunnel is MAC, with the multicast MAC address of 0100.1234.5678 and VLAN of VLAN 2000. Figure 5-14 L2CP networking Configuration steps Configure RAX711-C A and RAX711-C B. Configurations of RAX711-C A are the same as those of RAX711-C B. Take RAX711-C A for example. Step 1 Configure the VLAN of the carrier-side interface. Raisecom#config Raisecom(config)#create vlan 1000,2000 active Raisecom(config)#interface line 1 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk allowed vlan 1000,2000 Raisecom(config-port)#exit Step 2 Configure L2CP profile 1. Raisecom(config)#l2cp-process tunnel destination-address 0100.1234.1234 Raisecom(config)#l2cp-process profile 1 Raisecom(config-l2cpproflie)#name CustomerA Raisecom(config-l2cpproflie)#l2cp-process protocol all action drop Raisecom(config-l2cpproflie)#l2cp-process protocol stp action tunnel Raisecom(config-l2cpproflie)#tunnel line 1 Raisecom(config-l2cpproflie)#tunnel tunnel-type mac Raisecom(config-l2cpproflie)#tunnel vlan 1000 Raisecom(config-l2cpproflie)#exit Step 3 Configure L2CP profile 2. Raisecom Proprietary and Confidential 103 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet Raisecom(config)#l2cp-process profile 2 Raisecom(config-l2cpproflie)#name CustomerB Raisecom(config-l2cpproflie)#l2cp-process protocol all action drop Raisecom(config-l2cpproflie)#l2cp-process protocol stp action tunnel Raisecom(config-l2cpproflie)#l2cp-process protocol lldp action tunnel Raisecom(config-l2cpproflie)#tunnel line 1 Raisecom(config-l2cpproflie)#tunnel tunnel-type mac Raisecom(config-l2cpproflie)#tunnel vlan 2000 Raisecom(config-l2cpproflie)#exit Step 4 Apply L2CP profiles. Raisecom(config)#interface client 1 Raisecom(config-port)#l2cp-process profile 1 Raisecom(config-port)#interface client 2 Raisecom(config-port)#l2cp-process profile 2 Raisecom(config-port)#exit Checking results Use the show l2cp-process profile command to show L2CP configurations. Raisecom#show l2cp-process profile Destination MAC Address for Encapsulated Packets: 0100.1234.1234 ProfileId: 1 Name: CustomerA BpduType Mac-address l2cp-process Mac-vlan EgressPort tunneltype ------------------------------------------------------------------------- ------------- stp 0180.C200.0000 tunnel 1000 line1 mac dot1x 0180.C200.0003 drop 1000 line1 mac lacp 0180.C200.0002 drop 1000 line1 mac oam 0180.C200.0002 drop 1000 line1 mac cdp 0100.0CCC.CCCC drop 1000 line1 mac vtp 0100.0CCC.CCCC drop 1000 line1 mac pvst 0100.0CCC.CCCD drop 1000 line1 mac lldp 0180.C200.000E drop 1000 line1 mac elmi 0180.C200.0007 drop 1000 line1 mac udld 0100.0CCC.CCCC drop 1000 line1 mac pagp 0100.0CCC.CCCC drop 1000 line1 mac ProfileId: 2 Name: CustomerB BpduType Mac-address l2cp-process Mac-vlan EgressPort tunneltype ------------------------------------------------------------------------- ------------- stp 0180.C200.0000 tunnel 2000 line1 mac dot1x 0180.C200.0003 drop 2000 line1 mac lacp 0180.C200.0002 drop 2000 line1 mac oam 0180.C200.0002 drop 2000 line1 mac Raisecom Proprietary and Confidential 104 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 5 Ethernet cdp 0100.0CCC.CCCC drop 2000 line1 mac vtp 0100.0CCC.CCCC drop 2000 line1 mac pvst 0100.0CCC.CCCD drop 2000 line1 mac lldp 0180.C200.000E tunnel 2000 line1 mac elmi 0180.C200.0007 drop 2000 line1 mac udld 0100.0CCC.CCCC drop 2000 line1 mac pagp 0100.0CCC.CCCC drop 2000 line1 mac ProfileId: 3 Name: BpduType Mac-address l2cp-process Mac-vlan EgressPort tunneltype ------------------------------------------------------------------------- ------------- stp 0180.C200.0000 tunnel -- client1 mac dot1x 0180.C200.0003 tunnel -- client1 mac lacp 0180.C200.0002 tunnel -- client1 mac oam 0180.C200.0002 peer -- client1 mac cdp 0100.0CCC.CCCC tunnel -- client1 mac vtp 0100.0CCC.CCCC tunnel -- client1 mac pvst 0100.0CCC.CCCD tunnel -- client1 mac lldp 0180.C200.000E tunnel -- client1 mac elmi 0180.C200.0007 tunnel -- client1 mac udld 0100.0CCC.CCCC tunnel -- client1 mac pagp 0100.0CCC.CCCC tunnel -- client1 mac Raisecom Proprietary and Confidential 105 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 6 Clock synchronization 6 Clock synchronization This chapter describes principles and configuration procedures of clock synchronization, and provides related configuration examples, including the following sections: Introduction Configuring clock synchronization based on SyncE Configuring PTP-based clock synchronization 6.1 Introduction IP-based network is the development trend of network and services. At present, there are a lot of difficulties to be encountered for changing the traditional Time Division Multiplex (TDM) network to IP-based PTN. One significant problem is how to traverse traditional TDM services in IP-based Packet Transport Network (PTN). When services (such as E1/T1) are transmitted through the traditional TDM network, clock signals can be transmitted accurately. In addition, the receiver can recover TDM services based on the extracted clock signals. Meanwhile, the TDM line can provide the synchronization reference clock for some networks. Therefore, how to perform clock synchronization is a significant for deploying the PTN. Clock synchronization is divided into 2 modes: Frequency synchronization: has identical time interval. Phase synchronization: has identical time interval and begin time. The harshest requirement for clock synchronization introduced by the communication network lies in the application of clock synchronization in the wireless scenarios. Frequencies of signals in various base stations must be in a certain precision. Otherwise, base stations fail when signals are being switched. Some wireless mechanisms adopt synchronous base station technologies, such as Time Division-Synchronous Code Division Multiple Access (TD- SCDMA) or Code Division Multiple Access 2000 (CDMA2000). These wireless mechanisms have higher requirements on phase synchronization. At present, Synchronous Ethernet (SyncE) is used to synchronize frequency of devices at the physical layer. Synchronous Ethernet synchronize phases of devices in the network through the clock synchronization technology based on Institute of Electrical and Electronics Engineers (IEEE) 1588v2 protocol. Raisecom Proprietary and Confidential 106 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 6 Clock synchronization 6.1.1 SyncE Physical-layer synchronization technologies are widely used in the traditional TDM network. Each node can extract clock signals from the physical link or the external synchronization interface. It selects the clock source with best quality from multiple clock sources, takes it as the local clock, and transmits it to the downstream devices. Therefore, it synchronizes clocks of all devices to the master reference clock by locking the host. SyncE adopted by the PTN has similar principles, as shown in Figure 6-1. iTN B selects the clock signal with highest quality level as the clock source (the TDM device in Figure 6-1) based on Synchronization Status Message (SSM). And then iTN B sends the received highly- accurate clock signals through the physical-layer chip. Based on the clock data recovery technology integrated in the physical-layer chip, iTN A recovers the clock signals from the serial data flow and then transmits the clock signals to the clock subcard. After being processed by the clock subcard, these clock signals are sent to other clocks through interfaces. Therefore, upstream clocks and downstream clocks are cascaded and clock synchronization is realized on the PTN. Figure 6-1 Principles of SyncE The clock synchronization mechanism of SyncE is mature and reliable. It can meet timing interface metrics defined by International Telecommunications Union - Telecommunication Standardization Sector (ITU-T) G.832. In addition, it cannot be influenced by network load changes. However, because clock signals are transmitted along the clock link, SyncE requires all paths of the clock link to have the synchronous Ethernet feature. 6.1.2 IEEE 1588 v2 protocol (PTP) SyncE supports frequency synchronization only. However, the IEEE 1588v2 protocol supports both frequency synchronization and phase synchronization. Therefore, the IEEE 1588v2 protocol is widely used in the PTN and it is a development trend of clock synchronization technology. The IEEE 1588v2 protocol, also known as Precision Time Protocol (PTP), is used to synchronize clocks of all nodes throughout the precision synchronous distributed network. With the hardware and software, PTP can synchronize system clocks of network devices to the master clock of the network. It achieves clock accuracy in the nanosecond range. Compared with 10ms delay of PTN without being enabled with PTP, the one enabled with PTP improves clock synchronization indexes greatly. The RAX711-C supports working as the Transparent Clock (TC) device. Raisecom Proprietary and Confidential 107 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 6 Clock synchronization 6.2 Configuring clock synchronization based on SyncE 6.2.1 Preparing for configurations Scenario In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot when sending the digital pulse signal and the receiver can extract the pulse from the specified timeslot. To realize this, you must resolve the synchronization problem. SyncE can perform clock synchronization in the PTN. Because it does not support phase synchronization but frequency synchronization only, SyncE is applied for the base station, fixed network TDM relay, leased clock network relay, and wireless base stations which have no requirement on phase synchronization, such as Global System for Mobile Communications (GSM) and Wideband Code Division Multiple Access (WCDMA). The RAX711-C supports selecting the optimum clock source automatically. You just need to configure clock source properties of SyncE. In addition, the RAX711-C supports selecting the specified clock source manually. Prerequisite N/A 6.2.2 Configuring clock source properties of SyncE Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#synce enable Enable SyncE. By default, SyncE is disabled. 3 Raisecom(config)#synce operation- Configure the working status of the SyncE. type { auto-select | forced-freerun | forced-holdover } By default, it is forced freerun. 4 Raisecom(config)#synce source (Optional) configure the SSM quality level of the { internal | interface { clock0 | SyncE clock source. interface-type interface-number } priority priority [ scr-id id ] [ quality-level level ] [ ring- outside ] 5 Raisecom(config)#synce ssm (Optional) enable SyncE SSM quality level to { standard | extend | disable } participate in selection of the clock source and [ transmit-threshold threshold ] configure the sending threshold. 6 Raisecom(config)#synce switch-mode Enable auto reverse mode of the SyncE clock source, { revertive [ wtr-time time ] | and configure the WTR time. non-revertive } By default, auto reverse mode is enabled. 7 Raisecom(config)#clock interface Configure the 2M clock mode. clock0 mode { digital [ sa sa ] | digital-crc [ sa sa ] | anolog } [ shutdown-threshold quality-level level ] Raisecom Proprietary and Confidential 108 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 6 Clock synchronization 6.2.3 Choosing clock source for SyncE manually Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#synce manual-source { internal | Switch the clock source interface { clock0 | interface-type interface- manually. number } } 3 Raisecom(config)#synce forced-source { internal | Switch the clock source interface { clock0 | interface-type interface- forcibly. number } } 4 Raisecom(config)# synce source { internal | interface Lock out the clock source. { clock0 | interface-type interface-number } priority priority lockout 6.2.4 Checking configurations No. Command Description 1 Raisecom#show synce Show global configurations of SyncE. 2 Raisecom#show synce source Show configurations of the SyncE clock source. 3 Raisecom#show synce ssm Show information about SyncE SSM. 6.3 Configuring PTP-based clock synchronization 6.3.1 Preparing for configurations Scenario SyncE supports frequency synchronization only. PTP supports both frequency synchronization and phase synchronization. Therefore, PTP is suitable for scenarios which have requirements on frequency synchronization and phase synchronization, such as clock synchronization of TD-SCDMA/CDMA200 base stations. Generally, the RAX711-C, as the TC device, can perform PTP clock synchronization with upstream and downstream devices when PTP clock synchronization is configured globally or on interfaces of the RAX711-C. Prerequisite N/A Raisecom Proprietary and Confidential 109 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 6 Clock synchronization 6.3.2 Configuring PTP Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ptp enable Enable global PTP. By default, global PTP is disabled. 3 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 4 Raisecom(config-port)#ptp Enable PTP on an interface. enable By default, PTP is disabled on all interfaces. 6.3.3 Checking configurations No. Command Description 1 Raisecom#show ptp Show global/interface PTP configurations. Raisecom Proprietary and Confidential 110 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7 Network reliability This chapter describes principles and configuration procedures of network reliability, and provides related configuration examples, including the following sections: Introduction Configuring ELPS Configuring ERPS Configuring link aggregation Configuring interface backup Configuring link-state tracking Configuration examples 7.1 Introduction Ethernet is widely used because of its simplicity, high-efficiency and low-cost features. For a long time, the reliability is one major factor that restricts the development of traditional Ethernet in Telecom network. The poor reliability is related to the packet feature of carried services and the mechanism of Ethernet. Traffics of packet services are transmitted in burst mode, which is difficult for maintain stable service traffic. As two significant features of Ethernet, the Statistical Time Division Multiplexing (STDM) technology and MAC address learning mechanism improve the utilization rate of channels and devices. However, they also bring uncertainty to service bandwidth and service paths. To enhance the reliability of Ethernet and to meet the requirements on the Telecom network, you can deploy specified reliability technology in the Ethernet. Network reliability technologies supported by the RAX711-C include link aggregation, interface backup, Ethernet Linear Protection Switching (ELPS), Ethernet Ring Protection Switching (ERPS), and link-state tracking. Raisecom Proprietary and Confidential 111 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.1.1 ELPS Introduction Ethernet Linear Protection Switching (ELPS) is an end-to-end protection technology based on Automatic Protection Switching (APS) protocol of the ITU-TG.8031 recommendation. It is used to protect an Ethernet connection. It can be applied to various network structures, such as the ring network. APS packet is a kind of Connectivity Fault Management (CFM) packet. It is an APS packet when the OpCode value in the CFM packet is configured to 0x39. The outer structure of the APS packet is defined by the ITU-T Y.1731. Based on this, the G.8031 defines APS specific information by using 4 bytes. Figure 7-1 shows the structure of the APS packet. Figure 7-1 Structure of an APS packet As shown in Figure 7-1, the MEL field is inserted with the Maintenance Entity Group (MEG) level of the APS packet. For descriptions about the Version, OpCode, Flags, and END TLV, see ITU-T Y.1731 and their values are listed in Figure 7-1. Table 7-1 describes fields in the APS specific information. Table 7-1 Values of fields in APS specific information Field Value Description Request/State 1111 Lockout of protection (LO) with highest The request priority type, indicating the 1110 Signal fail for protection (SF-P) condition 1101 Forced switch (FS) signal, command 1011 Signal fail for working (SF-W) signal, and status signal 1001 Signal degradation (SD) of the protection 0111 Manual switch (MS) line. Priorities 0110 Depreciated of these 3 signals are 0101 Wait to restore (WTR) descending. 0100 Exercise (EXER) 0010 Reverse request (RR) 0001 Do not revert (DNR) Raisecom Proprietary and Confidential 112 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Field Value Description 0000 No request (NR) Others Reserved Protection A 0 No APS channel Four Type protection 1 APS channel types B 0 1+1 protection switching (with fixed identified by bridge) value 1 or 0 1 1:1 protection switching (with fixed bridge) D 0 Unidirectional protection switching 1 Bidirectional protection switching R 0 Non-revertive mode 1 Revertive mode Requested signal 0 No signal The local request 1 Normal service signals signals carried 2–255 Reserved by the protection line Bridged signal 0 No signal Signals of bridge 1 Normal service signals connection in 2–255 Reserved the protection line Reserved All 0 Reserved field. This filed should be ignored when being received. The G.8031 defines 1+1 protection switching and 1:1 protection switching. ELPS technology takes a simple, fast, and predictable mode to realize network resource switching, easier for Carrier to plan network more efficiently and learn network active status. ELPS protection switching modes As shown in Figure 7-2, ELPS supports 1+1 and 1:1 protection switching modes. Raisecom Proprietary and Confidential 113 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-2 ELPS 1+1 and 1:1 protection switching modes 1+1 protection switching: each working line is assigned with a protection line. Generally, in the protection domain, the source end sends traffic through the working and protection lines while the destination end receives the traffic from one line. The destination end selects the working/protection line based on some pre-configured standard, such as the server failure indication. Services are switched to the protection line directly when the working line fails. 1:1 protection switching: each working line is assigned with a protection line. The source end sends traffic through the working/protection line. Generally, the source sends traffic through the working line. The protection line is a backup line. When the working line fails, the source end and destination end communicate through APS protocol to switch traffic to the protection line simultaneously. Based on whether the source end and destination end switch traffic simultaneously, ELPS is divided into unidirectional switching and bidirectional switching: Unidirectional switching: as shown in Figure 7-3, when one direction of a line fails, one end can receive the traffic while the other end fails to receive the traffic. The end failing to receive the traffic detects a fault and switches the traffic. And the other end does not detect the fault and switch traffic. Therefore, both ends may receive the traffic through different lines. Figure 7-3 Unidirectional protection switching Bidirectional switching: when a line fails, even in one direction, both ends communicate through APS protocol to switch traffic to the protection line. Therefore, both ends receive and send the traffic through the same line. 1+1 protection switching is divided into unidirectional switching and bidirectional switching. 1:1 protection switching supports bidirectional switching only. ELPS provides 3 modes to detect a fault. Raisecom Proprietary and Confidential 114 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Detect faults based on the physical interface status: learning link fault quickly and switching services immediately, suitable for detecting the fault between neighbor devices Detect faults based on CFM: suitable for multi-device crossing detection Detect faults based on the physical interface and CFM: sending Trap when detecting a fault on the physical link/CFM The RAX711-C supports 1:1 bidirectional protection switching, 1+1 bidirectional protection switching, and 1+1 unidirectional protection switching, and these 3 fault detection modes. 7.1.2 ERPS Introduction Ethernet Ring Protection Switching (ERPS) is a protection switching technology based on the Ring Automatic Protection Switching (R-APS) protocol of the ITU-TG.8032 recommendation. It is used in Ethernet rings. Generally, ERPS can avoid broadcast storm caused by data loopback in Ethernet rings. When a link/device on the Ethernet ring fails, traffic can be quickly switched to the backup link to ensure restoring services quickly. Similar to the ELPS APS packet, R-APS packet is a CFM packet, which is defined by the Y.1731 and G.8032. Figure 7-4 shows the structure of the R-APS packet. Figure 7-4 Structure of a R-APS packet Table 7-2 describes items in the R-APS specific information. Table 7-2 Fields in the R-APS specific information Field Value Description Request/State 1011 Signal fail. It is a R-APS packet which is sent by the node that detects the link fault. It is used to identify the local SF event. 0000 No request (NR), which is sent by the node that detects the link fault. It is used to identify that the generated SF event is cleared. Raisecom Proprietary and Confidential 115 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Field Value Description Others Reserved Status RB 0 The RPL is blocked. For all non RPL Owner nodes, the value is configured to 0. 1 The blocked RPL is released. DNF 0 FDB refresh by be triggered. 1 The FDB refresh is not trigged. Node ID – The MAC address of the node, which is unique. Reserved All 0 Reserved field. This filed should be ignored when being received. Filtering DataBase (FDB) clearing refers to removing MAC addresses of learned FDBs of the node. ERPS adopts advantages of multiple ring network technologies, such as Ethernet Automatic Protection Switching (EAPS), Resilient Packet Ring (RPR), Synchronous Digital Hierarchy (SDH), and STP. It is the newest mature standard of the Ethernet ring protection switching technology, providing the following functions: Optimizing the detection mechanism Detecting bidirectional faults Support multi-network and multi-domain structures Realizing 50ms protection switching performance Supporting multiple working modes, such as primary-to-backup and load balancing modes ERPS uses the control VLAN in the ring network to transmit ring network control information. Meanwhile, combining with the topology feature of the ring network, it discovers link fault quickly and enable the backup link to restore service fast. Raisecom Proprietary and Confidential 116 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Related concepts Figure 7-5 ERPS ring network Related concepts of ERPS are shown as below: Ring Protection Link (RPL): it is a link between RPL nodes. In normal status, the interface of the link is blocked to avoid a loopback. One Ethernet ring has a RPL only. RPL Owner: it is a node connected to the RPL. It is specified by the user, used to block/release the RPL interface. In normal status, it blocks the RPL interface to avoid a loopback. RPL Neighbor: it is the other node connected to the RPL. It cooperates with the RPL Owner to provide protection switching. Control VLAN: it is an independent VLAN channel used by ERPS to carry R-APS packets. It is identical to the VLAN monitored in the CFM domain. In addition, the control VLAN ID can be identical to the service VLAN ID. Properties (level, domain name, MA name, and VLAN ID) of all CFM domains must be identical. Otherwise, ERPS ring fails to be established. During ERPS protection switching process, 3 timers are used. Guard Timer: it is used to filter outdated R-APS packets to avoid error protection switching actions on the node. When the Guard Timer is running, received R-APS packets will be discarded. WTR Timer: the WTR Timer on the RPL Owner begins to time when the working line recovers from a fault. In addition, a WTR running signal is output during the WTR Timer running process. Services are switched back to the working line when the WTR Timer times out. The WTR Timer is used to avoid frequent switching caused by unstable working line. Holdoff Timer: it is used to coordinate other protection switching coexisting with the link protection. When one or more new faults are detected, the Holdoff Timer is triggered. During the Holdoff Timer running process, the system will detect the link status regardless of whether the fault that triggers the Holdoff Timer exists. The system will report the fault to ERPS if it exists. Raisecom Proprietary and Confidential 117 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Basic protection mechanism The G.8032 defines 5 states of the node on the Ethernet ring. Idle state: the normal working state without no fault Protection state: the state to which services are switched after a fault is detected. The APS process is triggered by the fault detected by the Continuity Check Message (CCM) of Ethernet Operation, Administration and OAM (OAM). Pending state: the state before a fault is resolved FS state: the state when a FS command is being applied MS state: the state when a FS command is being applied To ensure the protection switching stability, the G.8032 defines a WTR timer. After the RPL Owner receives a fault recovery signal, services cannot be switched back to the working line after the WTR timer times out. Figure 7-6 and Figure 7-7 show the basic protection mechanism of ERPS. Figure 7-6 Idle status of Ethernet ring network As shown in Figure 7-6, when the Ethernet ring network is in idle state, links have the following features: All nodes are connected to form a ring. The ERPS protocol sends NR/RB signals continuously through the RPL Owner. The NR/RB signal indicates that no fault is generated. The RPL is blocked to avoid a loopback. Connected nodes use the OAM CCM packet to monitor links. When a fault is generated during on the Ethernet ring, the ERPS protocol uses the Y.1731 SF type to trigger protection switching. Raisecom Proprietary and Confidential 118 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-7 Protection state of Ethernet ring network As shown in Figure 7-7, when a fault is detected, the system enables APS to enter the protection state. After the Holdoff Timer times out, the node connected to the failed link blocks the link and sends the SF signal to notify other nodes of the fault. As shown in Figure 7-7, when the link between Nodes D and E fails, the Nodes D and E send the SF signal to other nodes respectively. The SF signal triggers the RPL Owner to open the RPL interface and triggers all nodes to clear the FDB. And then the link enters the protection state. When a fault is recovered, the links performs fault recovery switching: Nodes connected to the failed link are stilled blocked. After the Guard Timer times out. Nodes D and E send R-APS NR signals, which indicates no local fault request. When receiving the first NR signal, the RPL Owner enables the WTR timer immediately. After the WTR Timer times out. The RPL Owner blocks the RPL and sends the R-APS signal (NR/RB), which indicates no local fault request. The RPL link is blocked. After receiving the R-APS signal (NR/RB), other nodes refresh the FDB. The Node sending the NR signal will stop sending the packet periodically and release the blocked interface. All nodes on the link return to the idle state. Tributary ring The revision of the G.8032 provides the protection mechanism of Ethernet multi-ring. The tributary ring is an attached ring of the existing ring. It is connected with other rings/network through an interconnected node (node connecting multiple rings). The tributary ring is not closed. And interconnected node does not belong to the tributary ring. Raisecom Proprietary and Confidential 119 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-8 Tributary ring model As shown in Figure 7-8, nodes B and C are interconnected nodes. The channel connecting the 2 interconnected nodes is called the R-APS virtual channel. The R-APS virtual channel is used for the intersecting node on the intersecting ring. If an intersection ring has a R-APS virtual channel, the main ring provides a virtual channel for APS packets of the tributary ring. It means that APS packets of the tributary ring will be transmitted to the main ring. Otherwise, the main ring does not provide a virtual channel for ARP packets of the tributary ring and APS packets of the tributary ring are terminated at the intersecting node. The main ring and tributary ring are taken as 2 rings. Each ring is configured with a RPL Owner. Protection switching of the multi-ring is similar to the one of the single ring. Each ring processes its own fault. When a shared link fails, the main ring is switched to the protection state while no action is performed on the tributary ring. 7.1.3 Link aggregation Introduction Link aggregation is a load balancing technology. With link aggregation, multiple physical Ethernet interfaces are combined to form a logical aggregation group. Multiple physical links in one aggregation group are taken as a logical link. Link aggregation helps share traffic among member interfaces in an aggregation group. These aggregated links can back up data for each other dynamically. In addition to effectively improving the reliability on links between devices, link aggregation can help gain greater bandwidth without upgrading hardware. For related protocols, see IEEE 802.3ad. Among Ethernet reliability technologies, link aggregation is the most widely-used and simplest one. Figure 7-9 Link aggregation As shown in Figure 7-9, RAX711-C A and RAX711-C B are connected through 2 Ethernet physical links. You can bind these 2 links to form a logical link Aggregation 1. This logical link has the following advantages: Raisecom Proprietary and Confidential 120 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Improving link reliability: members in the link aggregation group can back up data for each other dynamically. When a link fails, the other links can replace it to improve link reliability effectively. Increasing link capacity: by binding multiple physical links, you can get greater bandwidth without upgrading the existing device. The capacity of a physical link equals to the sum capacity of all physical links. Balancing load: traffic is distributed to different members based on some algorithm, to implement link-level load balancing. Optimizing network management: member interfaces in a LAG are managed as a logical interface. Saving IP addresses: only one IP address is required for a LAG without configuring IP addresses for member interfaces in the LAG. In link aggregation, multiple Ethernet interfaces are bound to a LAG. These Ethernet interfaces are called member interfaces and the logical interface is named as the Trunk interface. The number of LAGs supported by devices is different. In addition, the number of member interfaces supported by the LAG varies on the device. The RAX711-C supports up to 11 LAGs and each LAG supports up to 8 member interfaces. A LAG should contain 1–8 active interfaces. LACP Link Aggregation Control Protocol (LACP) is a protocol based on the IEEE 802.3ad. LACP communicates with the peer through Link Aggregation Control Protocol Data Unit (LACPDU). After being enabled with LACP, an interface notifies the peer of its system LACP priority, system MAC address, interface LACP priority, interface ID, and operation key by sending LACPDU to the peer. After receiving the LACPDU, the peer compares its information with the ones received by other interfaces to select an active interface. Therefore, both interfaces work in active mode. Member interfaces in a LAG are in 2 states: active and standby. Active interfaces can participate into forwarding user data while standby interfaces fails to do so. Each member interface in a LAG has an operation key, which indicates the aggregation capability of the member interface. The operation key is a configuration combination automatically generated by the LAG based on configurations of the interface (including the speed, duplex mode, Up/Down status, and basic configurations). The operation key will be re-calculated when any item in the configuration combination changes. Member interfaces in a LAG must have the identical operation key. Interface status Member interfaces in a LAG have two kinds of statuses: Active status: send/receive LACP packets and forward user data. This kind of interfaces is called the LAG active interface. Standby status: send/receive LACP packets, but does not forward user data. This kind of interfaces is called the LAG backup interface. The RAX711-C supports 11 LAGs. Each LAG supports up to 8 member interfaces. Link aggregation modes Manual aggregation mode Raisecom Proprietary and Confidential 121 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability In this mode, multiple physical interfaces are added to a LAG to form a logical interface. Links connected to the logical interface share the traffic. Static LACP aggregation mode It is a mode of the LACP. In this mode, you must enable LACP in advance. The Selection Logic of the LACP decides how to select the Trunk interface, Dynamic LACP aggregation mode In this mode, you must enable LACP in advance. The system creates and deletes the LAG and member interfaces automatically. Interfaces cannot be aggregated dynamically unless the following requirements are met: – Basic configurations of interfaces are identical. – Speed and duplex configurations of interfaces are identical. – Interfaces are connected to the same device. – The peer interfaces meet these requirements. The RAX711-C supports manual aggregation and static LACP aggregation modes. Load balancing Load balancing is a cluster technology used to enhance the capability for processing services and ensure service reliability by sharing traffic among multiple devices/links. If an interface meets all requirements for an active interface, the interface will be the active interface of a LAG. Therefore, the interface can share traffic with other active ones based on the link aggregation load balancing mode or load balancing algorithm, The load balancing algorithm is realized by directly mapping or mapping based on the CRC Hash value of the MAC address. With different load balancing modes and their combination, interfaces can share traffic in a LAG. There are 6 load balancing modes: Load balancing based on source MAC address Load balancing based on destination MAC address Load balancing based on XOR result of the source and destination MAC addresses Load balancing based on source IP address Load balancing based on destination IP address Load balancing based on XOR result of the source and destination IP addresses Primary/Slave link aggregation The primary/slave link aggregation refers to a LAG consisting of two member interfaces which back up each other. One is in Active status while the other is in Standby status. Primary/Slave link aggregation is divided into manual primary/slave link aggregation and static LACP primary/slave link aggregation. The RAX711-C supports manual primary/slave link aggregation and static LACP primary/slave link aggregation. Raisecom Proprietary and Confidential 122 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.1.4 Interface backup Introduction Interface backup refers to that two interfaces on a device work in primary/backup mode. Under normal conditions, the primary interface transmits services while the backup interface works as backup. When the primary interface or link fails and thus service transmission fails, the backup interface will work. In this way, network reliability is enhanced. In dual uplink networking, Spanning Tree Protocol (STP) is used to block the redundancy link and implement backup. Though STP can meet users' backup requirements, it fails to meet performance requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the convergence is second level only. This is poor performance for the high-end Ethernet device as the core of the carrier-grade network. Interface backup, targeted for dual uplink networking, implements backup and fast convergence. It is designed for the dual uplink networking application to ensure the performance and simplify configurations. You can achieve link redundancy by manually configuring interface backup when STP is disabled. Interface backup and STP cannot be concurrently enabled. Interface backup works based on an interface backup group which contains a primary interface and a backup interface, wherein: The link with the primary interface is the primary link. The link with the backup interface is the backup link. Under normal conditions, the primary link is in Standby status, and serves as backup. The primary or backup interface in the interface backup group can be a physical interface or a LAG interface. In the interface backup group, one interface is Up while the other is Standby. At any time, only one interface can be in forwarding status. When the forwarding interface is faulty, the backup interface can be transit to the forwarding status to resume the link. Raisecom Proprietary and Confidential 123 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Principles Figure 7-10 Principles of interface backup As shown in Figure 7-10, Line 1 and Line 2 on iTN A are connected to their uplink devices respectively. The interface forwarding status is as below: Under normal conditions, Line 1 is the primary interface while Line 2 is the backup interface. Line 1 and its uplink device forward packets while Line 2 and its uplink device do not forward packets. When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 and its uplink device forward packets. When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 restores to forwarding packets and Line 2 restores to standby status. When a switching between the primary interface and backup interface occurs, the iTN A sends a Trap to the NView NNM system. By applying interface backup to different VLANs, you can make 2 interfaces forward packets simultaneously in different VLANs. As shown in Figure 7-11, by configuring a VLAN and adding interfaces to the VLAN, you can realize VLAN-based interface backup. Raisecom Proprietary and Confidential 124 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-11 Principles of VLAN-based interface backup In different VLANs, interface forwarding status is shown as below: Under normal conditions, in VLANs 1000–1500, Line 1 is the primary interface and Line 2 is the backup interface. In VLANs 1501–2000, Line 2 is the primary interface and Line 1 is the backup interface. Therefore, Line 1 forwards traffic of VLANs 1000–1500, and Line 2 forwards traffics of VLANs 1501–2000. When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 forwards traffic of VLANs 1000–2000. When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 forwards traffic of VLANs 1000–1500, and Line 2 forwards traffics of VLANs 1501– 2000. VLAN-based interface backup can be used for load balancing. In addition, it does not depend on configurations of the uplink device, thus facilitating operations. 7.1.5 Link-state tracking Link-state tracking provide an interface linkage scheme to expand the range of link backup. By monitoring the uplinks and synchronizing downlinks, the fault generated on the uplink device can be transmitted to downlink devices to trigger switching. This helps avoid traffic loss when downlink devices cannot sense faults of uplinks. As shown in Figure 7-12, Line 1 of iTN A is the primary interface and Line 2 is the backup interface. The upstream interfaces (Line 1 and Line 2) and downstream interface (Client 1) are added to a link-state group. When upstream interfaces fail, the downstream interface is in Down status. The downlink interface returns to Up status once one or both uplink interfaces recover. Therefore, the uplink link status is notified to the downstream devices immediately. Uplink interfaces work properly when the downlink interface fails. Figure 7-12 Interface-to-interface link-state tracking Raisecom Proprietary and Confidential 125 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.2 Configuring ELPS 7.2.1 Preparing for configurations Scenario To make the Ethernet reliability reach telecom-grade (network self-healing time less than 50ms), you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It is an end-to-end protection technology. ELPS provides 3 modes to detect a fault. Detect faults based on the physical interface status: learning link fault quickly and switching services immediately, suitable for detecting the fault between neighbor devices. Detect faults based on CFM: suitable for multi-device crossing detection. Detect faults based on the physical interface and CFM: sending Trap when detecting a fault on the physical link/CFM. Prerequisite Connect interfaces and configure physical parameters for them. Make the physical layer Up. Create the management VLAN and VLANs of the working and protection interfaces. Configure CFM detection between devices (preparing for CFM detection mode). 7.2.2 Creating protection lines Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet Create the ELPS protection line and configure the protection mode. line-protection line-id working { interface-type The protection group is in non-revertive mode if you configure the interface-number vlan-id non-revertive parameter. protection interface-type In revertive mode, when the working line recovers from a fault, interface-number vlan-id traffic is switched from the protection line to the working line. { one-to-one } [ non- In non-revertive mode, when the working line recovers from a revertive ] protocol-vlan fault, traffic is not switched from the protection line to the vlan-id working line. 3 Raisecom(config)#ethernet (Optional) configure a name for the ELPS protection line. line-protection line-id name string 4 Raisecom(config)#ethernet (Optional) configure the WTR timer. In revertive mode, when the line-protection line-id working line recovers from a fault, traffic is not switched to the wtr-timer wtr-timer working line unless the WTR timer times out. By default the WTR time value is configured to 5min. We recommend that WTR timer configurations on both ends keep consistent. Otherwise, we cannot ensure 50ms quick switching. Raisecom Proprietary and Confidential 126 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 5 Raisecom(config)#ethernet (Optional) configure the HOLDOFF timer. Hold-off timer line-protection line-id configurations on both ends should be consistent. hold-off-timer holdoff- timer By default, the HOLDOFF timer value is configured to 0. If the HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the HOLDOFF timer value to 0. 6 Raisecom(config)#ethernet (Optional) enable ELPS Trap. line-protection trap enable By default, ELPS Trap is disabled. 7.2.3 Configuring ELPS fault detection modes Fault detection modes of the working line and protection line can be different. However, we recommend that fault detection mode configurations of the working line and protection line keep consistent. When configuring end-to-end fault detection mode for the working/protection line, we do not recommend using the physical link detection mode if there are other devices along the link. We recommend using the CC fault detection mode. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet line- Configure the fault detection mode of the working protection line-id { working | line/protection line to failure-detect physical-link. protection } failure-detect physical-link By default, the fault detection mode is configured to failure- detect physical-link. Raisecom(config)#ethernet line- Configure the fault detection mode of the working protection line-id { working | line/protection line to failure-detect cc. protection } failure-detect cc [ md md-name ] ma ma-name level This fault detection mode cannot take effect unless you level mep local-mep-id remote- finish related configurations on CFM. mep-id Raisecom(config)#ethernet line- Configure the fault detection mode of the working protection line-id { working | line/protection line to failure-detect physical-link-or-cc. protection } failure-detect physical-link-or-cc [ md md- In this mode, it believes that the link fails when a fault is name ] ma ma-name level level detected on the physical link/CC. mep local-mep-id remote-mep-id This fault detection mode cannot take effect unless you finish related configurations on CFM. Raisecom Proprietary and Confidential 127 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.2.4 (Optional) configuring ELPS switching control By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ELPS switching control in some special cases. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet line- Lock protection switching. After this protection line-id lockout configuration, the traffic is not switched to the protection line even the working line fails. 3 Raisecom(config)#ethernet line- Switch the traffic from the working line to the protection line-id force-switch protection line forcedly. 4 Raisecom(config)#ethernet line- Switch the traffic from the working line to the protection line-id manual-switch protection line manually. Its priority is lower than the one of forced switch and APS. 5 Raisecom(config)#ethernet line- In non-revertive mode, switch the traffic from protection line-id manual-switch-to-work the protection line to the working line. After you perform the MS-W operation (Traffic is switched from the protection line back to the working line.), if a fault/recovery event occurs or if other protection group commands, such as lockout, force-switch, or manual-switch, are executed, both ends of the protection group may select different lines. In this case, you should use the clear ethernet line-protection line-id end-to-end command command to delete configured protection group command to make both ends of the protection group select the identical line. 7.2.5 Checking configurations No. Command Description 1 Raisecom#show ethernet line-protection Show configurations of the protection line. [ line-id ] 2 Raisecom#show ethernet line-protection Show protection line statistics. [ line-id ] statistics 3 Raisecom#show ethernet line-protection Show APS information. [ line-id ] aps Raisecom Proprietary and Confidential 128 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.3 Configuring ERPS 7.3.1 Preparing for configurations Scenario With development of Ethernet to Telecom-grade network, voice and video multicast services bring higher requirements on Ethernet redundant protection and fault-recovery time. The fault-recovery time of current STP system is in second level that cannot meet requirements. By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast storm in normal condition. Therefore, the traffic can be quickly switched to the protection line when working lines or nodes on the ring fail. This helps eliminate the loopback, perform protection switching, and automatically recover from faults. In addition, the switching time is shorter than 50ms. The RAX711-C supports the single ring, intersecting ring, and tangent ring. ERPS provides 2 modes to detect a fault: Detect faults based on the physical interface status: learning link fault quickly and switching services immediately, suitable for detecting the fault between neighbor devices. Detect faults based on CFM: suitable for unidirectional detection or multi-device crossing detection. Detect faults based on the physical interface and CFM: sending Trap when detecting a fault on the physical link/CFM. Prerequisite Connect interfaces and configure physical parameters for them. Make the physical layer Up. Create the management VLAN and VLANs of the working and protection interfaces. Configure CFM detection between devices (preparing for CFM detection mode). 7.3.2 Creating ERPS protection ring Only one device on the protection ring can be set to the Ring Protection Link (RPL) Owner and one device is configured to RPL Neighbor. Other devices are configured to ring forwarding nodes. In actual, the tangent ring consists of 2 independent single rings. Configurations on the tangent ring are identical to the ones on the common single ring. The intersecting ring consists of a main ring and a tributary ring. Configurations on the main ring are identical to the ones on the common single ring. For details about configurations on the tributary ring, see section 7.3.3 (Optional) creating ERPS protection tributary ring. Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 129 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 2 Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to ring-id east interface-type interface- the RPL Owner. number west interface-type interface- number node-type rpl-owner rpl { east | By default, there is no ERPS protection ring. west } ] [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] The east and west interfaces cannot be the same one. Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to ring-id east interface-type interface- the RPL Neighbour. number west interface-type interface- number node-type rpl-neighbour rpl { east | west } ] [ not-revertive ] [ protocol- vlan vlan-id ] [ block-vlanlist vlan- list ] Raisecom(config)#ethernet ring-protection Create a protection line and set the node to ring-id east interface-type interface- the protection forwarding node. number west interface-type interface- number [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] 3 Raisecom(config)#ethernet ring-protection (Optional) configure a name for the ring-id name string protection ring. 4 Raisecom(config)#ethernet ring-protection (Optional) configure the G.8032 protocol ring-id version { 1 | 2 } version. By default, version 1 is available. 5 Raisecom(config)#ethernet ring-protection (Optional) after the ring Guard timer is ring-id guard-time guard-timer configured, the failed node does not process APS packets during a period. By default, the ring Guard timer is configured to 500ms. 6 Raisecom(config)#ethernet ring-protection (Optional) configure the ring WTR timer. In ring-id wtr-time minute revertive mode, when the working line recovers from a fault, traffic is not switched to the working line unless the WTR timer times out. By default, the ring WTR time value is configured to 5min. 7 Raisecom(config)#ethernet ring-protection (Optional) configure the ring HOLDOFF ring-id holdoff-time holdoff-timer timer. Hold-off timer configurations on both ends should be consistent. By default, the ring HOLDOFF timer value is configured to 0. If the ring HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the ring HOLDOFF timer value to 0. Raisecom Proprietary and Confidential 130 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.3.3 (Optional) creating ERPS protection tributary ring Only the intersecting ring consists of a main ring and a tributary ring. Configurations on the main ring are identical to the ones on the single ring/tangent ring. For details, see section 7.3.2 Creating ERPS protection ring. Configurations of non-intersecting nodes of the intersecting ring are identical to the ones on the single ring/tangent ring. For details, see section 7.3.2 Creating ERPS protection ring. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet ring- Create the tributary ring on the intersecting node protection ring-id east interface-type and set the intersecting node to the RPL Owner. interface-number west interface-type interface-number node-type rpl-owner By default, the protocol VLAN is configured to 1. rpl { east | west } ] [ not- Blocked VLANs range from 1 to 4094. revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] The links between 2 intersecting nodes belong to the main ring. Therefore, when you configure the tributary ring on the intersecting node, you can only configure the west or east interface. Raisecom(config)#ethernet ring- Create the tributary ring on the intersecting node protection ring-id east interface-type and set the intersecting node to the RPL interface-number west interface-type Neighbour. interface-number node-type rpl- neighbour rpl { east | west } ] [ not- revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] Raisecom(config)#ethernet ring- Create the tributary ring on the intersecting node protection ring-id east interface-type and set the intersecting node to the protection interface-number west interface-type forwarding node. interface-number [ not-revertive ] [ protocol-vlan vlan-id ] [ block- vlanlist vlan-list ] 3 Raisecom(config)#ethernet ring- (Optional) configure the tributary ring virtual protection ring-id raps-vc { with | channel mode on the intersecting node. without } By default, the tributary ring virtual channel adopts the with mode. Transmission modes on 2 intersecting nodes must be identical. 4 Raisecom(config)#ethernet ring- Enable the ring Propagate switch on the protection ring-id propagate enable intersecting node. By default, the ring Propagate switch is disabled. Raisecom Proprietary and Confidential 131 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.3.4 Configuring ERPS fault detection modes Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet Configure the ERPS fault detection mode to failure-detect ring-protection ring-id physical-link. { east | west } failure- detect physical-link By default, the ERPS fault detection mode is configured to failure-detect physical-link. Raisecom(config)#ethernet Configure the ERPS fault detection mode to failure-detect cc. ring-protection ring-id { east | west } failure- This ERPL fault detection mode cannot take effect unless you detect cc [ md md-name ] ma finish related configurations on CFM. ma-name level level mep If you configure the MD, the MA should be below the local-mep-id remote-mep-id configured md-level. Raisecom(config)#ethernet Configure the ERPS fault detection mode to failure-detect ring-protection ring-id physical-link-or-cc. { east| west } failure- detect physical-link-or-cc In this mode, it believes that the link fails when a fault is [ md md-name ] ma ma-name detected on the physical link/CC. level level mep local-mep- This ERPL fault detection mode cannot take effect unless you id remote-mep-id finish related configurations on CFM. If you configure the MD, the MA should be below the configured md-level. 7.3.5 (Optional) configuring ERPS switching control By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ERPS switching control in some special cases. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet Switch the traffic on the protection ring to the west/east ring-protection ring-id force- interface forcedly. switch { east | west } east: block the east interface. west: block the west interface. 3 Raisecom(config)#ethernet Switch the traffic on the protection ring to the west/east ring-protection ring-id interface manually. Its priority is lower than the one of manual-switch { east | west } forced switch and APS. Raisecom Proprietary and Confidential 132 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability 7.3.6 Checking configurations No. Command Description 1 Raisecom)#show ethernet ring-protection Show ERPS protection ring configurations. [ ring-id ] 2 Raisecom)#show ethernet ring-protection Show ERPS protection ring status. [ ring-id ] status 3 Raisecom)#show ethernet ring-protection Show ERPS protection ring statistics. [ ring-id ] statistics 7.4 Configuring link aggregation 7.4.1 Preparing for configurations Scenario When needing to provide greater bandwidth and reliability for a link between two devices, you can configure manual or static LACP link aggregation. Prerequisite Configure physical parameters of the interface and make the physical layer Up. In a LAG, member interfaces that share loads must be identically configured. Otherwise, data cannot be forwarded properly. These configurations include QoS, QinQ, VLAN, interface properties, and MAC address learning. – QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue, WRR queue scheduling, WFQ queue, interface priority, and interface trust mode. – QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer VLAN Tags for different inner VLAN IDs. – VLAN: the allowed VLAN, default VLAN, and the link type (Trunk, Hybrid, and Access) on the interface, and whether VLAN packets carry Tag. – Interface properties: speed, duplex mode, and link Up/Down status. – MAC address learning: MAC address learning status and MAC address limit. 7.4.2 Configuring manual link aggregation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface port-channel Enter aggregation group configuration mode. channel-number 3 Raisecom(config-port-channelif)#mode Configure the working mode of the aggregation manual group to manual link aggregation. Raisecom Proprietary and Confidential 133 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 4 Raisecom(config-port-channelif)#{ max- (Optional) configure the maximum/minimum active | min-active } links value number of active links of the LACP LAG. threshold By default, the maximum and minimum numbers of active links are configured to 4 and 1 respectively. 5 Raisecom(config-port-channelif)#load- (Optional) configuring the load balancing mode sharing mode { dst-ip | dst-mac | label of the LAG. By default, load sharing mode is | src-dst-ip | src-dst-mac | src-ip | configured to src-dst-mac, which means src-mac } selecting the forwarding interface according to the OR operation result of source MAC address and destination MAC address. 6 Raisecom(config-port-channelif)#exit Return to global configuration mode. 7 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 8 Raisecom(config-port)#port-channel Add the interface to the aggregation group. channel-number 7.4.3 Configuring static LACP link aggregation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#lacp system- (Optional) configure the system LACP priority. priority system-priority The smaller the value is, the higher the system LACP priority is. The end with a higher system LACP priority is the active end. LACP selects the active interface and standby interface based on configurations on the active end. If the system LACP priorities are identical, select the one with a smaller MAC address as the active end. By default, the system LACP priority is configured to 32768. 3 Raisecom(config)#lacp timeout (Optional) configure the LACP timeout mode. { fast | slow } By default, it is slow. 4 Raisecom(config)#interface port- Enter aggregation group configuration mode. channel channel-number 5 Raisecom(config-port- Configure the working mode of the aggregation group channelif)#mode lacp to static LACP link aggregation. 6 Raisecom(config-port- (Optional) configure the maximum/minimum number channelif)#{ max-active | min- of active links of the LACP LAG. active } links value threshold By default, the maximum and minimum numbers of active links are configured to 4 and 1 respectively. 7 Raisecom(config-port- Return to global configuration mode. channelif)#exit Raisecom Proprietary and Confidential 134 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 8 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 9 Raisecom(config-port)#port-channel Add the physical interface to the aggregation group. channel-number 10 Raisecom(config-port)#lacp mode (Optional) configure the LACP mode of member { active | passive } interfaces. By default, the LACP mode is configured to active. LACP connection fails if both ends of a link are in passive mode. 11 Raisecom(config-port)#lacp port- (Optional) configure the interface LACP priority. The priority port-priority interface LACP priority affects the selection of LACP default interface. The smaller the number is, the higher the priority is. By default, the system LACP priority is configured to 32768. 12 Raisecom(config-port)#exit Return to global configuration mode. In a static LACP LAG, a member interface can be an active/standby one. Both the active interface and standby interface can receive and send LACPDU. However, the standby interface cannot forward user packets. The system selects a default interface based on the following conditions in order: whether the neighbor is discovered, maximum interface rate, highest interface LACP priority, smallest interface ID. The default interface is in active status. Interfaces, which have the same rate, peer device, and operation key of the operation key with the default interface, are in active status. Other interfaces are in standby status. 7.4.4 Configuring manual backup link aggregation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface port-channel Enter aggregation group configuration mode. channel-number 3 Raisecom(config-port-channelif)#mode Configure the working mode of the aggregation manual backup group to manual backup link aggregation. 4 Raisecom(config-port-channelif)#master- Configure the master interface of link port interface-type interface-number aggregation. 5 Raisecom(config-port- Configure the revertive mode and delay recovery channelif)#restore-mode { non-revertive time of the LAG. | revertive [ restore-delay second ] } By default, the revertive mode is configured to non-revertive. 6 Raisecom(config-port-channelif)#exit Return to global configuration mode. Raisecom Proprietary and Confidential 135 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 7 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 8 Raisecom(config-port)#port-channel Add interfaces to the LAG. channel-number 9 Raisecom(config-port)#exit Return to global configuration mode. 7.4.5 Configuring static LACP backup link aggregation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#lacp system-priority (Optional) configure the system LACP priority. system-priority The smaller the value is, the higher the system LACP priority is. The end with a higher system LACP priority is the active end. LACP selects the active interface and standby interface based on configurations on the active end. If the system LACP priorities are identical, select the one with a smaller MAC address as the active end. By default, the system LACP priority is configured to 32768. 3 Raisecom(config)#lacp timeout { fast | (Optional) configure the LACP timeout mode. slow } 4 Raisecom(config)#interface port-channel Enter aggregation group configuration mode. channel-number 5 Raisecom(config-port-channelif)#mode Configure the working mode of the aggregation lacp [ backup ] group to static LACP backup link aggregation. 6 Raisecom(config-port-channelif)#master- Configure the master interface of link port interface-type interface-number aggregation. 7 Raisecom(config-port- Configure the revertive mode and delay recovery channelif)#restore-mode { non-revertive time of the LAG. | revertive [ restore-delay second ] } By default, the revertive mode is configured to non-revertive. 8 Raisecom(config-port-channelif)#exit Return to global configuration mode. 9 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 10 Raisecom(config-port)#port-channel Add physical interfaces to the LAG. channel-number 11 Raisecom(config-port)#lacp mode (Optional) configure the LACP mode of member { active | passive } interfaces. By default, the LACP mode is configured to active. LACP connection fails if both ends of a link are in passive mode. Raisecom Proprietary and Confidential 136 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 12 Raisecom(config-port)#lacp port- (Optional) configure the interface LACP priority. priority port-priority The interface LACP priority affects the selection of LACP default interface. The smaller the number is, the higher the priority is. By default, the system LACP priority is configured to 32768. 13 Raisecom(config-port)#exit Return to global configuration mode. 7.4.6 Checking configurations No. Command Description 1 Raisecom#show lacp Show local system LACP interface status, identifier, interface priority, internal management key, operation key, and interface status machine. 2 Raisecom#show lacp Show neighbor LACP information, including identifier, interface priority, neighbor device ID, Age, operation key ID, interface ID, and interface status machine. 3 Raisecom#show lacp Show interface LACP statistics, including total number of received LACP statistics packets, number of received and transmitted Marker packets, number of received and transmitted Marker Response packets, and number of error packets. 4 Raisecom#show lacp Show local system LACP global enabling status, device ID, LACP priority, sys-id and MAC address. 5 Raisecom#show Show whether the current system is enabled with link aggregation, link port-channel aggregation load-sharing mode, member interfaces and currently-active member interfaces in all current aggregation groups. Currently active member interfaces refers to interfaces in UP status in the aggregation group. 7.5 Configuring interface backup 7.5.1 Preparing for configurations Scenario Interface backup can realize redundancy backup and fast switching of primary and backup links, VLAN-based interface backup can realize load balancing among different interfaces. Interface backup ensures millisecond level switching and simplifies configurations. Raisecom Proprietary and Confidential 137 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Prerequisite Create a VLAN. Add interfaces to the VLAN. 7.5.2 Configuring basic functions of interface backup Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 3 Raisecom(config-port)#port backup Configure the interface backup group. interface-type interface-number [ vlanlist vlan-list ] 4 Raisecom(config-port)#port backup (Optional) configure the fault restoration mode restore-mode { non-revertive | and restore-delay. revertive [ restore-delay second ] } By default, the fault restoration mode is revertive, and the restore-delay is configured to 15s. 5 Raisecom(config-port)#exit Return to global configuration mode. In an interface backup group, an interface cannot concurrently be the primary interface and backup interface. In a VLAN, an interface/LAG is a member of only one interface backup group. If you configure a LAG as a member of the interface backup group, you need to configure the interface with the smallest interface ID in the LAG as the member of the interface backup interface. When the member interface is in Up status, all interfaces in the aggregation group are in Up status. When the member interface is in Down status, all interfaces in the aggregation group are in Down status. 7.5.3 (Optional) configuring interface FS After FS is successfully configured, the primary and backup links will be switched. The working link is switched to the protection link. For example, when both the primary and backup interfaces are in Up status, if the data is being transmitted through the primary link, data will be switched from the primary link to the backup link after forced switch is performed. In the CLI, the backup interface ID is an optional parameter. If the primary interface is configured with multiple interface backup pairs, you should input the backup interface ID. Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 138 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description 2 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 3 Raisecom(config-port)#port backup interface-type Configure FS to the backup link. backup-interface-number force-switch [ vlan vlan-id ] 7.5.4 Checking configurations No. Command Description 1 Raisecom#show port backup [ group ] Show status of interface backup. 7.6 Configuring link-state tracking 7.6.1 Preparing for configurations Scenario When the uplink of the middle device fails and the middle device fails to inform the downlink devices of the fault, the traffic cannot be switched to the backup line. This may cause traffic break. Link-state tracking is used to add the uplink interfaces and downlink interfaces of the middle device to a link-state group. In addition, it is used to monitor the uplink interfaces. When all uplink interfaces fail, downlink interfaces are in Down status. When one failed uplink interface recovers from the fault, all downlink interfaces are in Up status. Therefore, faults of the uplinks can be notified to the downlink devices in time. If downlink interfaces fail, uplink interfaces still work properly. Prerequisite Connect interfaces, configure physical parameters of the interfaces, and make the physical layer Up. 7.6.2 Configuring link-state tracking Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#link-state-tracking Create an interface-based link-state group. group group-number Raisecom(config)#link-state-tracking Create an MEP-based link-state group. group group-number upstream ma-name ma-name cfm-mepid mep-id level level Raisecom Proprietary and Confidential 139 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step Command Description Raisecom(config)#link-state-tracking Create an ELPS-based link-state group. group group-number upstream elps- 8031-link line-id 3 Raisecom(config)#interface interface- Enter physical layer interface configuration mode. type primary-interface-number 4 Raisecom(config-port)#link-state- Configure the link-state group for the interface and tracking group group-number the interface type. { upstream | downstream } 5 Raisecom(config-port)#exit Enable Trap sending for the link-state group. Raisecom(config)#link-state-tracking group group-number trap enable By default, it is disabled. 6 Raisecom(config)#link-state-tracking Configure the action taken for link-state tracking. group group-number action { delete- vlan vlan-id | flush-erps ring-id | suspend-vlan vlan-id } The action can be configured only when the fault source is MEP or ELPS. Raisecom(config)#interface interface- Configure the action taken for link-state tracking. type primary-interface-number Raisecom(config-port)#link-state- tracking group group-number action { block-vlanlist vlan-list | modify- The action can be configured only when the pvid vlan-id } fault source is an interface. 7.6.3 Checking configurations No. Command Description 1 Raisecom#show link-state-tracking group Show configurations of a link-state group. [ group-number ] 7.7 Configuration examples 7.7.1 Example for configuring manual link aggregation Networking requirements As shown in Figure 7-13, to improve the reliability of the link between RAX711-C A and RAX711-C B, you can configure manual link aggregation on RAX711-C A and RAX711-C B. Add Client interface 1 and Client interface 2 to a LAG to form a single logical interface. The LAG performs load balancing according to the source MAC address. Raisecom Proprietary and Confidential 140 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-13 Configuring manual link aggregation Configuration steps Configuration procedures for RAX711-C A and RAX711-C B are identical. In this section, take configurations on RAX711-C A for example. Step 1 Create a manual LAG. Raisecom#hostname RAXA RAXA#config RAXA(config)#interface port-channel 1 RAXA(config-port-channel1)#mode manual RAXA(config-port-channel1)#exit Step 2 Add interfaces to the LAG. RAXA(config)#interface client 1 RAXA(config-client1)#port-channel 1 RAXA(config-port)#exit RAXA(config)#interface client 2 RAXA(config-client2)#port-channel 1 RAXA(config-client2)#exit Step 3 Configure the load-sharing mode of the LAG. RAXA(config)#interface port-channel 1 RAXA(config-port-channel1)#load-sharing mode scr-mac Checking results Use the show port-channel command to show global configurations on manual link aggregation. RAXA#show port-channel Raisecom Proprietary and Confidential 141 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Group 1 information: Mode : Manual Load-sharing mode : src-dst-mac MinLinks: 1 Max-links : 4 UpLinks : 0 Priority-Preemptive: Disable Member Port: client1 client2 7.7.2 Examples for configuring link-state tracking Networking requirements As shown in Figure 7-14, to enhance network reliability, RAX711-C B is connected to RAX711-C A and RAX711-C C through Link 1 and Link 2 respectively. Link 1 is the primary line and Link 2 is the backup line. Link 2 does not forward data unless Link 1 fails. RAX711-C A is connected upstream to the IP network in link aggregation mode. When all uplinks of RAX711-C A fail, RAX711-C A should inform RAX711-C B of the fault to switch the traffic to the backup line in time. Therefore, you need to deploy link-state tracking on RAX711-C A. Configure interface-based link-state tracking on Line interface 1 on RAX711-C A so that the RAX711-C A will block VLAN 10 upon uplink faults. Figure 7-14 Link-state tracking networking Configuration steps Step 1 Create a link-state group. Raisecom(config)#link-state-tracking group 1 Raisecom Proprietary and Confidential 142 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Step 2 Add uplink interfaces to the link-state group. Raisecom(config)#interface line 1 Raisecom(config-port)#link-state-tracking group 1 upstream Step 3 Add the downlink interface to the link-state group. Raisecom(config)#interface client 1 Raisecom(config-port)#link-state-tracking group 1 downstream Step 4 Configure the action taken for link-state tracking to blocking VLAN 10 of Line interface 1. Raisecom(config)#link-state-tracking group 1 action block-vlan 10 line 1 Checking results Use the show link-state-tracking group command to show configurations of the link-state group. Raisecom(config)#show link-state-tracking group 1 Link-state-tracking Group: 1 Trap State: disable UpStream Type: port UpStream PortList: line 1 Action Mode: block-vlan Action PortList: client 1 Action Vlan List: 10 Link-state-tracking State: normal Fault-type: port-shutdown 7.7.3 Example for configuring static LACP link aggregation Networking requirements As shown in Figure 7-15, to improve the reliability of the link between RAX711-C A and RAX711-C B, you can configure static LACP link aggregation on RAX711-C A and RAX711-C B. Add Client 1 and Client 2 to a LAG to form a logical interface. Raisecom Proprietary and Confidential 143 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Figure 7-15 Configuring static LACP link aggregation Configuration steps Step 1 Configure the static LACP LAG on RAX711-C A, and configure RAX711-C A to the active end. Raisecom#hostname RAXA RAXA#config RAXA(config)#lacp system-priority 1000 RAXA(config)#interface port-channel 1 RAXA(config-port-channel1)#mode lacp RAXA(config-port-channel1)#exit RAXA(config)#interface client 1 RAXA(config-client1)#port-channel 1 RAXA(config-client1)#lacp port-priority 1000 RAXA(config-client1)#lacp mode active RAXA(config-client1)#exit RAXA(config)#interface client 2 RAXA(config-client2)#port-channel 1 RAXA(config-client2)#lacp mode active RAXA(config-client2)#exit Step 2 Configure the static LACP LAG on RAX711-C B. Raisecom#hostname RAXB RAXB#config RAXB(config)#interface port-channel 1 RAXB(config-port-channel1)#mode lacp RAXB(config-port-channel1)#exit RAXB(config)#interface client 1 RAXB(config-client1)#port-channel 1 RAXB(config-client1)#exit RAXB(config)#interface client 2 RAXB(config-client2)#port-channel 1 RAXB(config-client2)#exit Raisecom Proprietary and Confidential 144 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 7 Network reliability Checking results Use the show port-channel command on RAX711-C A to show global configurations on static LACP link aggregation. RAXA#show port-channel 1 Group 1 information: Mode : Lacp Load-sharing mode : src-dst-mac MinLinks: 1 Max-links : 8 UpLinks : 0 Priority-Preemptive: Disable Member Port: client1 client2 Efficient Port: Raisecom Proprietary and Confidential 145 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8 OAM This chapter describes principles and configuration procedures of OAM, and provides related configuration examples, including the following sections: Introduction Configuring EFM Configuring CFM Configuring SLA Configuring Y.1564 Maintenance 8.1 Introduction Initially, Ethernet is designed for LAN. Operation, Administration, and Maintenance (OAM) is weak because of its small size and a NE-level administrative system. With continuous development of Ethernet technology, the application scale of Ethernet in Telecom network becomes wider and wider. Compared with LAN, the link length and network size of Telecom network is bigger and bigger. The lack of effective management and maintenance mechanism has seriously obstructed Ethernet technology applying to the Telecom network. To confirm connectivity of Ethernet virtual connection, effectively detect, confirm, and locate faults on network, measure network utilization and network performance, and provide service according Service Level Agreement (SLA), implementing OAM on Ethernet has becoming an inevitable developing trend. 8.1.1 EFM Complying with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level Ethernet OAM technology. It provides link connectivity detection, link fault monitoring, remote fault notification, and so on, for a link between two directly connected devices. EFM is mainly used for Ethernet links on edges of the network accessed by users. OAM mode and OAM discovery The Ethernet OAM connection process is the OAM discovery phase, where an OAM entity discovers a remote OAM entity and establishes a session with it. Raisecom Proprietary and Confidential 146 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM In the discovery phase, a connected Ethernet OAM entity (interface enabled with OAM) informs others of its Ethernet OAM configurations and Ethernet OAM capabilities supported by the local node by exchanging information OAM PDU. After the OAM entity receives parameters of the peer, it decides whether to establish OAM connection. If both ends agree on establishment of the OAM connection, Ethernet OAM protocol will work on the link layer. The RAX711-C can choose one of the following 2 modes to establish Ethernet OAM connection: Active mode Passive mode Only the OAM entity in active mode can initiate OAM connection while the OAM entity in passive mode just waits for connection request of the active OAM entity. After the OAM connection is established, both ends keep connected by exchanging information OAM PDU. If an OAM entity does not receive information OAM PDU within 5s, it believes that connection expires and connection re-establishment is required. OAM loopback OAM loopback occurs only after the Ethernet OAM connection is established. When connected, the active OAM entity initiates the OAM loopback command, and the peer OAM entity responds to the command. When the remote OAM entity is in loopback mode, all packets but OAM PDU packets are sent back. By observing the returned PAMPDU packets, the network administrator can judge the link performance (including packet loss ratio, delay, and jitter). Figure 8-1 OAM loopback As shown in Figure 8-1, Line interface 1 on RAX711-C A works in active mode. After the 802.3ah OAM connection between RAX711-C A and RAX711-C B is established, enable remote loopback on Client 1. The process for OAM loopback is as below: Step 1 RAX711-C A sends a Loopback Control OAM PDU packet with the Enable information to RAX711-C B, and waits for response. Step 2 After receiving the Loopback Control OAM PDU packet with the Enable information, RAX711-C B replies the Information OAM PDU packet to RAX711-C A, and enters the loopback state. Raisecom Proprietary and Confidential 147 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step 3 After receiving the response, RAX711-C A sends a non-OAM PDU test packet to RAX711-C B. Step 4 After receiving a non-OAM PDU test packet, RAX711-C B sends it back to RAX711-C A. Stop OAM loopback as below: Step 1 If RAX711-C A needs to stop remote loopback, it sends a Loopback Control OAM PDU packet with the Disable information to RAX711-C B. Step 2 After receiving the Loopback Control OAM PDU packet with the Disable information, RAX711-C B exits from loopback state and sends an Information OAM PDU packet to RAX711-C A. You can troubleshoot the RAX711-C through loop detection in different phases. OAM events Detecting Ethernet failures is difficult, especially when the physical communication works properly while the network performance deteriorates slowly. A flag is defined in OAM PDU packet to allow an OAM entity to transmit fault information to the peer. The flag may stand for the following threshold events: Link fault: signals from the peer are lost. Dying gasp: an unpredictable event occurs, such as power failure. Critical event: an uncertain critical event occurs. The RAX711-C does not support dying gasp and critical event detection. In the OAM connection, an OAM entity keeps sending Information OAM PDUs. The local OAM entity can inform the peer OAM entity of threshold events through Information OAM PDUs. In this way, the network administrator can learn the link state and take actions accordingly. The network administrator monitors Ethernet OAM through the Event Notification OAM PDU. When a link fails, the local OAM entity detects the failure, and actively sends Event Notification OAM PDU to the peer active OAM entity to inform the following threshold events. Therefore, the network administrator can dynamically master the network status through the link monitoring process. Error frame event: the number of error frames exceeds the threshold in a time unit. Error frame period event: the number of error frames exceeds the threshold in a period (specified N frames). Error frame second event: the number of error frames in M seconds exceeds the threshold. The second when an errored frame is generated is called the erroed frame second. Error symbol period event: the number of error symbols received in a period (monitor window) exceeds the threshold. If an error frame occurs in a second, the second is an error frame second. Raisecom Proprietary and Confidential 148 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Acquiring OAM MIB The RAX711-C learns the status and parameters of the peer link by acquiring link configurations/statistics on the peer through OAM. 8.1.2 CFM To extend the Ethernet technology application in the telecom-class network, the Ethernet needs to reach the same service level with the carrier-class transmission network. Connectivity Fault Management (CFM) solves this problem by providing the comprehensive OAM tools for the telecom-class Ethernet. CFM, a network-level Ethernet OAM technology, implements end-to-end connectivity fault detection, fault reporting, fault judgement, and fault positioning. It is used to diagnose fault actively for Ethernet Virtual Connection (EVC), provide cost-effective network maintenance solutions, and improve network maintenance through the fault management function. The RAX711-C provides CFM compatible with both ITU-Y.1731 and IEEE 802.1ag standards. CFM consists of following components: MD Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that runs CFM. It defines network range of OAM management. MD has a level property, with 8 levels (level 0 to level 7). The bigger the number is, the higher the level is and the larger the MD range is. Protocol packets in a lower-level MD will be discarded after entering a higher- level MD. If no Maintenance association End Point (MEP) but a Maintenance association Intermediate Point (MIP) is in a high-level MD, the protocol can traverse the higher-level MD. However, packets in a higher-level MD can traverse lower-level MDs. In the same VLAN range, different MDs can be adjacent, embedded, but not crossed. As shown in Figure 8-2, MD 2 is in MD 1. Packets in MD 1 need to traverse MD 2. Configure MD 1 to be at level 6, and MD 2 to be at level 3. Then packets in MD 1 can traverse MD 2 and implement connectivity fault management of the whole MD 1. However, packets in MD 2 cannot diffuse into MD 1. In actual applications, MD 2 is a server layer while MD 1 is a client layer. Figure 8-2 MDs at different levels MA Raisecom Proprietary and Confidential 149 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Maintenance Association (MA) is maintenance nodes collection in the MD. A MD can configure multiple MAs, and each MA is corresponding to one Service Instance. CFM packets can be transmitted between maintenance nodes that are in a same MA. One service instance corresponds to one service and is mapped to a group of VLANs. VLANs of different service instances cannot cross. Though a service instance can be mapped to multiple VLANs, one service instance can only use a VLAN for sending or receiving OAM packets. This VLAN is the master VLAN of the service instance. MEP As shown in Figure 8-3, the MEP is an edge node of a service instance, confirming the range and edge of the MD. MEPs can be used to send and process CFM packets. The service instance and the MD where the MEP locates decide VLANs and levels of packets received and sent by the MEP. For any device that runs CFM in the network, the MEP is called local MEP. For MEPs on other devices of the same service instance, they are called Remote Maintenance association End Points (RMEP). Multiple MEPs can be configured in a service instance. As for the packets, sent from the MEP in a service instance, with the same S-VLAN TAG, priority, and C-VLAN TAG, the MEP can receive the OAM packet sent from other MEP in a same service instance, and forward higher- level packets. Figure 8-3 MEP and MIP MIP As shown in Figure 8-3, the MIP is the internal node of a service instance, which is automatically created by the device. MIP cannot actively send CFM packets but can process and response to Link Trace Message (LTM) and LoopBack Message (LBM) packets. MP MEP and MIP are called Maintenance Point (MP). CFM provides the following OAM functions: Fault detection (Continuity Check, CC) The function is realized by periodically sending Continuity Check Messages (CCMs). One MEP sends CCM and other MEPs in the same service instance can verify the RMEP status when receiving this packet. If MEPs cannot properly receive CCMs sent by RMEPs during Raisecom Proprietary and Confidential 150 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 3.5 CCM intervals or CCMs have errors checked by CC, it is believed that the link fails. Then a fault Trap will be sent according to configured alarm priority. Fault acknowledgement (LoopBack, LB) This function is used to verify the connectivity between two MPs through the source MEP sending LoopBack Message (LBM) and the destination MP sending LoopBack Reply (LBR). After checking the fault, the administrator manually confirms whether the fault occurs or not to prevent misinformation. The source MEP sends a LBM to certain destination MP who needs to acknowledge a fault. When receiving the LBM, the destination MP sends a LBR to the source MEP. If the source MEP receives this LBR, it is believed that the route is reachable. Otherwise, a connectivity fault occurs. Fault location (LinkTrace, LT) The source MEP sends LinkTrace Message (LTM) to the destination MP and all MPs on the LTM transmission route will send a LinkTrace Reply (LTR) to the source MEP. By recording valid LTR and LTM, this function can be used to locate faults. Alarm Indication Signal (AIS) This function is used to inhibit alarms when a fault is detected at the server layer (sub-layer). When detecting a fault, the MEP (including the server MEP) sends an AIS frame to the client MD. By transmitting ETH-AIS frames, the device can inhibit or stop an alarm on MEP (or server MEP). When receiving an AIS frame, the MEP must inhibit alarms for all peer MEPs regardless of connectivity, because this frame does not include information about MEPs that are at the same level with the failed MEP. With AIS, the device can inhibit the alarm information at client level when the server layer (sub-layer) fails. Therefore, the network is easy for maintenance and management. Ethernet lock signal (Lock, LCK) This function is used to notify managed lock and service interruption of server layer (sub- layer) MEPs. The data traffic is sent to a MEP that expects to receive it. This function helps the MEP that receives ETH-LCK frame to identify a fault. It is a managed lock action for server layer (sub-layer) MEP. Lock is an optional OAM management function. One typical scenario for applying this function is to perform detection when services are interrupted. In general, CFM is an end-to-end OAM technology at the server layer. It helps reduce operation and maintenance cost. In addition, it improves the competitiveness of service providers. 8.1.3 SLA Service Level Agreement (SLA) is an agreement between users and a service provider about the service quality, priority, and responsibility. It is a telecommunication service evaluating standard negotiated by the service provider and users. In technology, SLA is a real-time network performance detection and statistic technology, which can collect statistics on responding time, network jitter, delay, packet loss ratio, and so on. SLA can be used to monitor related metrics by selecting different tasks for different applications. Basic concepts involved in SLA are as below: Operation Raisecom Proprietary and Confidential 151 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM It is a static concept. It is a point-to-point SLA network performance test task, including Layer 2 network delay/jitter test (y1731-echo/y1731-jitter). Test It is a dynamic concept. It is used to describe an execution of one operation. Detection It is a dynamic concept. It is used to describe a procedure for sending-receiving detection packets in a test. According to the definition of operation, one test can contain multiple detections (For an Echo operation, one test contains one detection only). Scheduling It is a dynamic concept. It is used to describe a scheduling of one operation. One scheduling contains multiple periodical tests. The RAX711-C supports SLA operations based on RFC2544, with measurement indexes including the latency, frame loss rate, and throughput. It supports measurement based on Ethernet networking. It can work as an initiator or loopback node of the test. 8.1.4 Y.1564 Introduction In Ethernet tests, RFC2544 measures performances of interconnected devices in extreme conditions, and it can test only one measurement index at a time. As various Ethernet services are deployed worldwide, the traditional RFC2544 tests cannot meet users' requirements on Ethernet service tests, it takes a long time, and it interrupts services, which are obvious disadvantages. ITU-T Y.1564, defined by ITU-T, by overcoming these disadvantages, becomes a standard for configuring Ethernet services and measuring performances. ITU-T Y.1564, also called Ethernet Service Activation Measurement (EtherSAM), is a method for measuring activation of Ethernet services. It can verify all SLA parameters through one single test and guarantees that the network can provide optimized QoS. Compared with RFC2544, ITU-T Y.1564 has the following enhanced features: Support concurrent test of multiple services. Support the online test. Raisecom Service Activation Measurement (RCSAM), developed by Raisecom on the basis of ITU-T Y.1564, is a module used to measure whether the network meets SLA requirements. RCSAM test types RCSAM consists of two phases: service configuration test and service performance test. It can guarantee that each service flow is correctly configured and transmitting the service flow to the user is qualified. Service configuration test: this test is used to verify correctness of service configurations. Before a service is activated, a test flow is generated based on features of the service and is used to test whether network configurations meet service SLA requirements. During test, each service must be independently tested. The service configuration test is divided into 6 steps by the size of the test flow. Each step lasts 1s to 60s, covering rate, frame loss rate, latency, and jitter. The size of the test flow is as below: – 25% ×CIR Raisecom Proprietary and Confidential 152 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM – 50% ×CIR – 75% ×CIR – 100% × CIR – CIR + EIR – CIR + 125% × EIR Service performance test: this test is used to measure the performance of the service and thus guarantee the quality of the service during a long period. It supports concurrent test of multiple services. All services during the test must be configured with the same CIR and start test as triggered at the same time. All key indexes of each service must be measured, such as Information Rate (IR), Frame Time Delay (FTD), Frame Delay Variation, (FDV), and Frame Loss Rate (FLR). RCSAM scenario RCSAM is applied in the following three test scenarios: Roundtrip: as shown in Figure 8-4, the local device is enabled with Y.1564 while the remote device is enabled with loopback. However, this scenario may not be accurate enough because the test result will be affected by the policy of the device with the lower device if both devices are configured with a policy. Figure 8-4 Roundtrip test scenario One-way: both devices are enabled with Y.1564. The test is unidirectional. Namely, the local device sends packets while the remote device receives packets. In this case, clock synchronization must be considered. We recommend using IEEE 1588 to make the test more accurate. Bidirectional: both devices are enabled with Y.1564. The test is targeted for EtherSAM in each direction to locate the fault in configuration or poor performance in a direction. At present, the RAX711-C supports the Roundtrip test only. 8.2 Configuring EFM 8.2.1 Preparing for configurations Scenario Deploying EFM between directly-connected devices can effectively improve the management and maintenance capability of Ethernet links and ensure normal operation of the network. Raisecom Proprietary and Confidential 153 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Prerequisite Connect interfaces and configure physical parameters of interfaces. Make the physical layer Up. 8.2.2 Configuring EFM basic functions Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#oam send- (Optional) configure the OAM PDU delivery period and timeout. period period-number timeout time By default, the OAM PDU delivery time is configured to 1s (the period-number parameter is configured to 10; 10 × 100ms = 1s) and the timeout is configured to 5s. 3 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface- number 4 Raisecom(config-port)#oam Configure the working mode of EFM. { active | passive } By default, the RAX711-C works in passive mode. 5 Raisecom(config-port)#oam Enable EFM OAM of the link. enable By default, it is disabled. 8.2.3 Configuring EFM active functions EFM active functions can be configured when the RAX711-C is in active mode. (Optional) configuring RAX711-C to initiate EFM remote loopback You can discover network faults in time by periodically detecting loopbacks. By detecting loopbacks in segments, you can locate exact areas where faults occur and you can troubleshoot these faults. When a link is in the loopback status, the RAX711-C returns all packets but OAM packets received by the link to the peer. At this time, the user data packet cannot be forwarded properly. Therefore, disable this function immediately when detection is not required. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#oam Enable the physical interface to initiate remote loopback. remote-loopback Raisecom Proprietary and Confidential 154 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step Command Description 4 Raisecom(config-port)#oam (Optional) configure the timeout for the physical interface loopback timeout time to initiate remote loopback. By default, it is 3s. 5 Raisecom(config-port)#oam (Optional) configure the retry times for the physical loopback retry times interface to initiate remote loopback. By default, it is 2 times. (Optional) viewing current variable values of peer device By getting the current variable values of the peer, you can get current link status. IEEE 802.3 Clause 30 defines and explains supported variables and their denotation gotten by OAM in details. The variable takes Object as the maximum unit. Each object contains Package and Attribute. A package contains several attributes. Attribute is the minimum unit of a variable. When an OAM variable is obtained, object, package, branch, and leaf description of attributes are defined by Clause 30 to describe requesting object, and the branch and leaf are followed by variable to denote object responds variable request. The RAX711-C supports getting OAM information and interface statistics. Peer variable cannot be obtained unless EFM connection is established. Step Command Description 1 Raisecom#show oam peer oam-info [ interface-type Show OAM basic information interface-number ] about the peer device. Raisecom#show oam peer [ interface-type interface- number ] 8.2.4 Configuring EFM passive functions The passive functions of EFM can be configured regardless of the RAX711-C is in active or passive mode. (Optional) configuring device to respond to EFM remote loopback The peer EFM remote loopback will not take effect until the remote loopback response is configured on the local device. Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 155 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step Command Description 2 Raisecom(config)#inte Enter physical layer interface configuration mode. rface interface-type interface-number 3 Raisecom(config- Configure the Layer 2 physical interface to ignore/respond to EFM port)#oam loopback remote loopback sent by the peer device. { ignore | process } By default, the Layer 2 physical interface ignores EFM remote loopback. 8.2.5 Configuring link monitoring and fault indication (Optional) configuring OAM link monitoring OAM link monitoring is used to detect and report link errors in different conditions. When detecting a fault on a link, the RAX711-C provides the peer with the generated time, window, and threshold, and so on, by OAM event notification packets. The peer receives event notification and reports it to the NView NNM system through SNMP Trap. Besides, the local device can directly report events to the NView NNM system through SNMP Trap. By default, the system sets default value for error generated time, window, and threshold. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface- number 3 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame errored-frame window event. framewindow threshold framethreshold By default, the monitor window is configured to 1s and the threshold is configured to 1 error frame. 4 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame errored-frame-period window period event. frameperiodwindow threshold frameperiodthreshold By default, the monitor window is configured to 1000ms and the threshold is configured to 1 error frame. 5 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame errored-frame-seconds seconds event. window framesecswindow threshold By default, the monitor window is configured to 60s and the framesecsthreshold threshold is configured to 1s. 6 Raisecom(config-port)#oam Configure the monitor window and threshold for an error errored-symbol-period symbol event. window symperiodwindow threshold By default, the monitor window is configured to 1s and the symperiodthreshold threshold is configured to 1 error frame. Raisecom Proprietary and Confidential 156 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM (Optional) configuring OAM fault indication Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter physical layer interface configuration type interface-number mode. 3 Raisecom(config-port)#oam notify Enable OAM notification of fault information { critical-event | dying-gasp | errored- and OAM link events. frame | errored-frame-period | errored- frame-seconds | errored-symbol-period } By default, OAM notification of all links is enable enabled. 4 Raisecom(config-port)#oam event trap Enable OAM Trap of local OAM link events. enable By default, it is disabled. 5 Raisecom(config-port)#oam peer event Enable OAM Trap of peer OAM link events. trap { enable | disable } By default, it is disabled. 8.2.6 Checking configurations No. Command Description 1 Raisecom#show oam [interface-type interface- Show configurations of OAM basic number ] functions. 2 Raisecom#show oam event [interface-type Show local OAM link events. interface-number ] [ critical ] 3 Raisecom#show oam loopback [interface-type Show configurations of OAM remote interface-number ] loopback. 4 Raisecom#show oam notify [interface-type Show configurations of OAM notification. interface-number ] 5 Raisecom#show oam peer oam-info [ interface- Show basic information about the OAM type interface-number ] peer. 6 Raisecom#show oam peer event [interface-type Show information about OAM peer events. interface-number ] [ critical ] 7 Raisecom#show oam peer link-statistic Show statistics on peer OAM link. [interface-type interface-number ] 8 Raisecom#show oam statistics [interface-type Show OAM statistics. interface-number ] 9 Raisecom#show oam trap [interface-type Show information about OAM Trap. interface-number ] Raisecom Proprietary and Confidential 157 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8.3 Configuring CFM 8.3.1 Preparing for configurations Scenario To expand application of Ethernet technologies at a Telecom-grade network, the Ethernet must ensure the same QoS as the Telecom-grade transport network. CFM solves this problem by providing overall OAM tools for the Telecom-grade Ethernet. CFM can provide following OAM functions: Fault detection (Continuity Check, CC) Fault acknowledgement (LoopBack, LB) Fault location (LinkTrace, LT) Alarm Indication Signal (AIS) Ethernet lock signal (Lock, LCK) Client Signal Fail (CSF) Prerequisite Connect interfaces and configure physical parameters of the interfaces. Make the physical layer Up. Create a VLAN. Add interfaces to the VLAN. 8.3.2 Enabling CFM CFM fault detection and CFM fault location functions cannot take effect until the CFM is enabled. To enable CFM on an interface, you need to enable global CFM in global configuration mode and then enable CFM on the interface. When global CFM is disabled, it does not affect enabling/disabling EFM on the interface. Ethernet LM cannot take effect unless CFM is enabled on the ingress interface of the service packet and MEP-related interfaces. CFM is configured in physical layer interface configuration mode only. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm enable Enable global CFM. By default, it is disabled. 3 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number 4 Raisecom(config-port)#ethernet cfm Enable CFM on the physical interface. enable By default, it is disabled. Raisecom Proprietary and Confidential 158 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8.3.3 Configuring CFM basic functions Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm mode Configure the CFM working mode. { master | slave } By default, it is in slave mode. 3 Raisecom(config)#ethernet cfm domain Create a MD. [ md-name domain-name ] level md- If a MD name is assigned by the md-name level parameter, it indicates that the MD is in 802.1ag style. And all MAs and CCMs in the MD are in 802.1ag style. If a MD name is not assigned, the MD is in Y.1731 style and all MAs and CCMs in the MD are in Y.1731 style. Support configuring Y.1731 and 802.1ag CFM concurrently. If the MD name is specified, it must be globally unique. Levels of different MDs must be different. 4 Raisecom(config)#service csi-id Create a service instance and enter service instance level md-level configuration mode. 5 Raisecom(config-service)#service Configure the VLAN related to the MA. vlan-list vlan-list [ primary vlan- id ] 6 Raisecom(config-service)#service mep Configure the MEP based on the service instance. [ up | down ] mpid mep-id Before configuring MEP, relating the service [ interface-type interface-number ] instance to the VLAN. Configure the MEP in physical layer interface configuration mode. 7 Raisecom(config-service)#service Add static remote MEP of the service instance remote-mep mep-list interface-type manually. interface-number 802.1ag down MEP needs to manually add the remote MEP and specify the interface. It fails to find the remote MEP automatically. 8 Raisecom(config-service)#service Enable alarm inhibition. suppress-alarms enable mep { mep- list | all } By default, it is enabled. Raisecom Proprietary and Confidential 159 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8.3.4 Configuring fault detection Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm errors (Optional) configure the archive-hold time of error archive-hold-time minutes CCMs. By default, it is 100min. 3 Raisecom(config)#service csi-id level Enter service instance configuration mode. md-level 4 Raisecom(config-service)#service cc (Optional) configure the delivery period of CCMs. interval { 3ms | 10ms | 100ms | 1 | 10 | 60 | 600 } 5 Raisecom(config-service)#service cc Enable MEP to send CCMs. enable mep { mep-list | all } 6 Raisecom(config-service)#service (Optional) configure the CVLAN of the MA. cvlan vlan-id 7 Raisecom(config-service)#service (Optional) configure the priority of CFM OAM priority priority packets. By default, it is 7. 8.3.5 Configuring fault acknowledgement Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#service csi-id level md- Enter service instance configuration level mode. 3 Raisecom(config-service)#ping mac-address Perform Layer 2 Ping for acknowledging [ count count-number ] [ size size ] faults. [ source mep-id ] [ timeout time ] [ padding { null | null-crc | prbs | prbs- By default, 5 LBMs are sent. The TLV crc } ] [ cos cos-value ] [ non-drop ] length of a packet is configured to 64. The RAX711-C automatically looks for Raisecom(config-service)#ping mep mep-id an available source MEP. [ ttl ttl ] [ count count-number ] [ size size ] [ source mep-id ] [ timeout time ] [ padding { null | null-crc | prbs | prbs- crc } ] [ cos cos-value ] [ non-drop ] To perform Ping MEP operation, 802.1ag down MEP needs to be configured with the static remote MAC address. 4 Raisecom(config-service)#ping ethernet Perform Layer 2 multicast Ping for multicast [ size size ] [ timeout time ] acknowledging faults. [ padding { null | null-crc | prbs | prbs- crc } ] [ cos cos-value ] [ non-drop ] Raisecom Proprietary and Confidential 160 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Before executing this command, you must ensure that global CFM is enabled. Otherwise, the Ping operation fails. If there is no MEP in a service instance, Ping operation will fail because of failing to find source MEP. Ping operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is. Ping operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID. Ping operation will fail if other users are using the specified source MEP to perform Ping operation. To perform LB, you must enable global Ethernet CFM and AC-side CFM if a service instance is associated with emulated Ethernet PW. 8.3.6 Configuring fault location Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#service csi-id Enter service instance configuration mode. level md-level 3 Raisecom(config- Perform Layer 2 Traceroute for locating faults. service)#traceroute mac-address [ ttl ttl ] [ source mep-id ] By default, the TLV length of a packet is configured to [ size packet-size ] 64. The RAX711-C automatically looks for an Raisecom(config- available source MEP. service)#traceroute mep mep-id [ ttl ttl ] [ source mep-id ] [ interface-mode ] [ timeout To perform Traceroute MEP operation, 802.1ag time ] [ size packet-size ] down MEP needs to be configured with the static remote MAC address. 4 Raisecom(config-service)#exit (Optional) enable LinkTrace cache. Raisecom(config)#ethernet cfm When LinkTrace cache is enabled, you can use the traceroute cache enable show ethernet cfm traceroute cache command to learn the routes discovered through the cache storage protocol. When LinkTrace cache is disabled, the result will be automatically erased by the traceroute command. By default, LinkTrace cache is disabled. 5 Raisecom(config)#ethernet cfm (Optional) configure the hold time of data in the traceroute cache { hold-time LinkTrace cache and LinkTrace cache size. minute | size size } By default, the hold time is configured to 100min and the LinkTrace cache size is configured to 100. Raisecom Proprietary and Confidential 161 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Before executing this command, you must ensure that global CFM is enabled. Otherwise, the Traceroute operation fails. If there is no MEP in a service instance, Traceroute operation will fail because of failing to find source MEP. Traceroute operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is. Traceroute operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID. If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works normally by configuring static RMEP and specifying MAC address. Traceroute operation will fail if other users are using the specified source MEP to perform Traceroute operation. 8.3.7 Configuring AIS Configuring AIS on server-layer devices Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm domain Create a MD. [ md-name domain-name ] level md- level 3 Raisecom(config)#service csi-id Enter service instance configuration mode. level md-level 4 Raisecom(config-service)#service ais Configure the level of the MD to which AIS is sent. level md-level The MD level must be higher than the service instance level. 5 Raisecom(config-service)#service ais (Optional) configure the AIS delivery period. By period { 1 | 60 } default, the AIS delivery period is configured to 1s. 6 Raisecom(config-service)#service ais Enable AIS delivery. enable By default, AIS delivery is disabled. Configuring AIS on client-layer devices Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm domain [ md- Create a MD. name domain-name ] level md-level Raisecom Proprietary and Confidential 162 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step Command Description 3 Raisecom(config)#service csi-id level md- Enter service instance configuration mode. level 4 Raisecom(config-service)#service suppress- Enable alarm inhibition. alarms enable mep { mep-list | all } By default, alarm inhibition is enabled. 8.3.8 Configuring LCK Configuring LCK on server-layer devices Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm domain Create a MD. [ md-name domain-name ] level md- level 3 Raisecom(config)#service csi-id level Enter service instance configuration mode. md-level 4 Raisecom(config-service)#service lck Configure the level for sending the LCK packet. level md-level [ vlan vlan-id ] The level must be higher than the service instance level. By default, use the level of the MIP, which is higher than the MEP level, to send the LCK packet. 5 Raisecom(config-service)#service lck (Optional) configure the LCK packet delivery period { 1 | 60 } period. By default, the LCK packet delivery period is configured to 1s. 6 Raisecom(config-service)#service lck Configure the MEP to send the LCK packet. start mep { mep-list | all } By default, the MEP does not send the LCK packet. Configuring LCK on client-layer devices Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm domain [ md- Create a MD. name domain-name ] level md-level 3 Raisecom(config)#service csi-id level md- Enter service instance configuration mode. level 4 Raisecom(config-service)#service suppress- Enable alarm inhibition. alarms enable mep { mep-list | all } By default, alarm inhibition is enabled. Raisecom Proprietary and Confidential 163 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8.3.9 Configuring CSF Configuring LCK on server-layer devices Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#ethernet cfm Create a MD. domain [ md-name domain-name ] level md-level 3 Raisecom(config)#service csi-id Enter service instance configuration mode. level md-level 4 Raisecom(config-service)#service (Optional) configure the CSF packet delivery period. csf period { 1 | 60 } By default, the CSF packet delivery period is configured to 1s. 5 Raisecom(config-service)#service Enable the MEP to send the LCK packet. csf enable mpid mep-id 6 Raisecom(config-service)#service (Optional) enable CSF Trap. csf trap enable 8.3.10 Checking configurations No. Command Description 1 Raisecom#show cfm csf Show CSF information. 2 Raisecom#show ethernet cfm Show CFM global configurations. 3 Raisecom#show ethernet cfm ais [ level md- Show AIS information. level ] [ source ] 802.1ag MDs do not support AIS. 4 Raisecom#show ethernet cfm domain [ level Show MD configurations. md-level ] 5 Raisecom#show ethernet cfm errors [ level Show error CCM information. md-level ] 6 Raisecom#show ethernet cfm lck [ level md- Show LCK information. level ] [ source ] 802.1ag MDs do not support LCK. 7 Raisecom#show ethernet cfm local-mp Show local MEP configurations. [ interface interface-type interface- number ] Raisecom#show ethernet cfm local-mp [ level md-level ] 8 Raisecom#show ethernet cfm remote-mep Show remote MEP configurations. [ level md-level [ service csi-id [ mpid mep-id ] ] ] Raisecom Proprietary and Confidential 164 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM No. Command Description 9 Raisecom#show ethernet cfm remote-mep Show remote static MEP configurations. static [ level md-level ] 10 Raisecom#show ethernet cfm traceroute-cache Show information about routes in the LinkTrace cache. 8.4 Configuring SLA 8.4.1 Preparing for configurations Scenario To ensure that users can get qualified network services. The Carrier and users sign a Service Level Agreement (SLA). To effectively fulfil the SLA, the carrier needs to deploy the SLA feature on the device to measure the network performance and takes the measurement result as the basis for ensuring the network performance. By selecting two detection points (source and destination RAX711-C devices), SLA configures and schedules SLA operations on a detection point. Therefore, configurations and network performance between these 2 detection points can be detected. SLA gathers statistics about round-trip packet loss ratio, round-trip/unidirectional (SD/DS) delay, jitter, throughput, and LM packet loss ratio test. In addition, it reports these data to the upper monitoring software (such as the NView NNM system) to help analyze network performance for getting an expected result. When configuring SLA on the RAX711-C, note the following matters: Up to 16 operations can be configured and scheduled concurrently. Before scheduling a SLA operation, you have to establish the CFM environment. Do not modify the scheduling information or re-schedule the SLA operation if the current scheduling does not stop. Up to 20 detection packets are available for one test and up to 5 pieces of statistics records are shown. Prerequisite When configuring Layer 2 test operations, you should deploy CFM between local and remote devices that need to be detected. Layer 2 packets can be forwarded between local and remote devices. When configuring Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping operation succeeds between local and remote devices. Raisecom Proprietary and Confidential 165 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM 8.4.2 Configuring SLA operation Configuring basic functions of SLA test Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#sla oper-number Configure the delay, jitter, and packet loss { delay-threshold | jitter-threshold | detection alarm thresholds. loss-rate-threshold } { current | average } [ ds | sd | two-way ] By default, they are 5000000μs, 10000000us, and threshold 9999 (namely, 99.99%) respectively. 3 Raisecom(config)#sla oper-number Enable delay, jitter, and packet loss alarms. { delay-trap | jitter-trap | loss-pkt- trap } { current | average } [ ds | sd By default, they are disabled. | two-way ] enable 4 Raisecom(config)#sla oper-num Configure the availability test threshold. availability-threshold [ ds | sd | two- way ] threshold By default, it is 5000, namely, 50%. 5 Raisecom(config)#sla oper-num Configure the frame loss rate threshold in the availability-flr-threshold threshold SLA availability test. By default, it is 0. 6 Raisecom(config)#sla oper-num Configure the number of CHLI availability availability-num-consecutive-high-flr indicators in the SLA availability test. number By default, it is 5. 7 Raisecom(config)#sla oper-num Configure the number of consecutive indicators availability-num-consecutive-intervals in the SLA availability test. number By default, it is 10. 8 Raisecom(config)#sla oper-num Enable availability Trap. availability-trap [ ds | sd | two-way ] enable By default, it is disabled. 9 Raisecom(config)#sla oper-num Enable availability change Trap. availabilitychange-trap [ ds | sd | two-way ] enable By default, it is disabled. 10 Raisecom(config)#sla private-tlv enable Configure the encapsulation private TLV of SLA test packets. By default, it is disabled. 11 Raisecom(config)#sla pkt-type { eth Configure the type of SLA test packets. dest-mac mac-address [ cvlan vlan-id ] [ svlan vlan-id ] | ipv4 dest-ip ip- address [ source-ip ip-address ] [ dest-udp-port port-id ] [ source-udp- port port-id ] } 12 Raisecom(config)#sla alarm Enable overall SLA alarm. { availabilitychange | threshold } enable Raisecom Proprietary and Confidential 166 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Configuring SLA test operation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#sla oper-num icmp dest-ipaddr ip- Create the Layer 3 SLA delay test address [ dscp dscp-value ] [ interval period ] operation. [ size size ] 3 Raisecom(config)#sla oper-num y1731 latency remote- Configure the Y1731 delay test mep mep-id level level svlan vlan-id [ cvlan cvlan- operation based on the destination id ] [ cos cos-value ] [ interval interval-num ] MEP ID. [ size size ] dm Raisecom(config)#sla oper-num y1731 latency remote- Configure the Y1731 delay test mac mac-address level level svlan vlan-id [ cvlan operation based on the destination cvlan-id ] [ cos cos-value ] [ interval interval- MAC address. num ] [ size size ] dm 4 Raisecom(config)#sla oper-num y1731 pkt-loss Configure the Y1731 packet loss remote-mep mep-id level level svlan svlan-id ratio test operation based on the [ cvlan cvlan-id ] [ cos cos-value ] [ interval destination MEP ID. interval-num ] [ size size ] [ slm ] When you perform packet loss ratio test operation, we recommend specifying the MAC address of the remote MEP, when you use the service remote-mep command to configure it. Raisecom(config)#sla oper-num y1731 pkt-loss Configure the Y1731 packet loss remote-mac mac-address level level svlan svlan-id ratio test operation based on the [ cvlan cvlan-id ] [ cos cos-value ] [ interval destination MAC address. interval-num ] [ size size ] [ slm ] 5 Raisecom(config)#sla y1731 latency quick-input Quickly create an Ethernet delay [ level level ] [ svlan vlan-id ] dm and jitter operation. After configuring one operation (differed by operation ID), you cannot modify or configure it again. You need to delete the operation in advance if you need to configure it again. SLA supports scheduling up to 16 operations at one time. Before you stop scheduling the same operation, you cannot modify scheduling information or re- schedule the operation. If you need to reschedule the operation, you need to finish the scheduling (reach scheduling life time or stop scheduling) before performing the next scheduling. During Ethernet SLA measurement, the operation performs delay and jitter measurement in hardware mode, when you create the DOWN MEP (specify the MD name when you configure the MD) and use the DM packet to create the operation. The delay and jitter measurement accuracy in hardware mode is at a microsecond level. Other modes are realized in software mode. The delay and jitter measurement accuracy in software mode is at a millisecond level. Raisecom Proprietary and Confidential 167 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Configuring RFC2544-based test operation Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#sla oper-num rfc2544 latency interface Configure RFC2544 delay interface-type interface-number [ eth dest-mac mac- test operation based on address ] [ cvlan vlan-id ] [ svlan vlan-id ] [ cos Ethernet. cos ] [ pkt-size pkt-size ] Raisecom(config)#sla oper-num rfc2544 latency interface Configure RFC2544 delay interface-type interface-number ipv4 dest-ip ip-address test operation based on IP. [ source-ip ip-address ] [ dest-udp-port port-id ] [ source-udp-port port-id ] [ tc tc ] [ ttl ttl ] [ pkt- size pkt-size ] Raisecom(config)#sla oper-num rfc2544 latency interface Configure RFC2544 delay interface-type interface-number [ pkt-size pkt-size ] test operation based on interface. 3 Raisecom(config)#sla oper-num rfc2544 pkt-loss interface Configure RFC2544 packet interface-type interface-number [ eth dest-mac mac- loss ratio test operation address ] [ cvlan vlan-id ] [ svlan vlan-id ] [ cos based on Ethernet. cos ] [ pkt-size pkt-size ] [ rate rate ] Raisecom(config)#sla oper-num rfc2544 pkt-loss interface Configure RFC2544 packet interface-type interface-number ipv4 dest-ip ip-address loss ratio test operation [ source-ip ip-address ] [ dest-udp-port port-id ] based on IP. [ source-udp-port port-id ] [ tc tc ] [ ttl ttl ] [ pkt- size pkt-size ] [ rate rate ] Raisecom(config)#sla oper-num rfc2544 pkt-loss interface Configure RFC2544 packet interface-type interface-number [ pkt-size pkt-size ] loss ratio test operation [ rate rate ] based on interface. 4 Raisecom(config)#sla oper-num rfc2544 throughput Configure RFC2544 interface interface-type interface-number [ eth dest-mac throughput test operation mac-address ] [ cvlan vlan-id ] [ svlan vlan-id ] [ cos based on Ethernet. cos ] [ pkt-size pkt-size ] [ threshold threshold ] Raisecom(config)#sla oper-num rfc2544 throughput Configure RFC2544 interface interface-type interface-number ipv4 dest-ip throughput test operation ip-address [ source-ip ip-address ] [ dest-udp-port based on IP. port-id ] [ source-udp-port port-id ] [ tc tc ] [ ttl ttl ] [ pkt-size pkt-size ] [ threshold threshold ] Raisecom(config)#sla oper-num rfc2544 throughput Configure RFC2544 interface interface-type interface-number [ pkt-size throughput test operation pkt-size ] [ threshold threshold ] based on interface. 8.4.3 Configuring SLA operation scheduling Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 168 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step Command Description 2 Raisecom(config)#sla schedule [ oper-num | all ] [ life Schedule the SLA operation. { forever | life-time } ] [ begin ] The operation lifetime should not be shorter than the interval for scheduling the SLA operation. The interval for scheduling the SLA operation should not be shorter than 20s. 8.4.4 Configuring maintenance window Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#sla (Optional) start the emergency maintenance window. maintenance { start | stop } You can use the stop form of this command to close the emergency maintenance window. 8.4.5 Checking configurations No. Command Description 1 Raisecom#show sla Show configurations about SLA operations. 2 Raisecom#show sla { all | Show configurations of SLA operations. oper-num } configuration 3 Raisecom#show sla { all | Show the last test information about an operation. oper-num } result 4 Raisecom#show sla { all | Show configured threshold and alarm status of SLA oper-num } threshold operations. 5 Raisecom#show sla maintenance Show the SLA maintenance window. 8.5 Configuring Y.1564 8.5.1 Preparing for configurations Scenario To learn about configuration parameters and performance of Ethernet services, you can make related configurations of Y.1564 on the RAX711-C. On the same device, Y.1564 is exclusive with RFC2544 and Loopback. Raisecom Proprietary and Confidential 169 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Prerequisite N/A 8.5.2 Configuring test task Configuring test types of RCSAM Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#sla pkt-type eth dest-mac mac-address Configure the format of [ cvlan vlan-id ] [ tpid tpid ] [ cos cos-value ] [ cfi Y.1564 global test cfi-value ] [ svlan vlan-id ] [ tpid tpid ] [ cos cos- packets. value ] [ cfi cfi-value ] Raisecom(config)#sla pkt-type ipv4 dest-ip ip-address source-ip ip-address [ dest-udp-port port-id ] [ source- udp-port port-id ] [ tc tc ] [ svlan vlan-id ] [ ttl ttl ] 3 Raisecom(config)#sla oper-num y1564 bandwidth enable Enable bandwidth configuration. By default, it is enabled. 4 Raisecom(config)#sla oper-num y1564 performance interface Create a Y.1564 interface-type interface-number eth dest-mac mac-address performance test [ cvlan vlan-id ] [ tpid tpid ] [ cos cos-value ] [ cfi operation. cfi-value ] [ svlan vlan-id ] [ tpid tpid ] [ cos cos- value ] [ cfi cfi-value ] [ pkt-size { radom | size } ] [ frame-pattern { null | prbs } ] bandwidth bandwidth tc tc group-id group-id Raisecom(config)#sla oper-num y1564 performance interface interface-type interface-number ipv4 dest-ip ip-address source-ip ip-address [ dest-udp-port port-id ] [ source- udp-port port-id ] [ svlan vlan-id ] [ nexthop-ip ip- address ] [ smac mac-address ] [ ttl ttl ] [ pkt-size { radom | size } ] [ frame-pattern { null | prbs } ] bandwidth bandwidth tc tc group-id group-id Raisecom(config)#sla oper-num y1564 performance interface Configure the RCSAM interface-type interface-number video | voice } dest-ip test services based on the ip-address source-ip ip-address [ svlan vlan-id ] VLAN and CoS or based [ nexthop-ip ip-address ] [ smac mac-address ] [ ttl on the VLAN and DSCP. ttl ] [ frame-pattern { null | prbs } ] bandwidth bandwidth tc tc 5 Raisecom(config)#sla oper-num y1564 throughput interface Create a Y.1564 interface-type interface-number eth dest-mac mac-address throughput test operation. [ cvlan vlan-id ] [ tpid tpid ] [ cos cos-value ] [ cfi cfi-value ] [ svlan vlan-id ] [ tpid tpid ] [ cos cos- value ] [ cfi cfi-value ] [ pkt-size { radom | size } ] [ frame-pattern { null | prbs } ] [ cir cir cbs cbs ] [ eir eir ebs ebs ] [ mode cir [ step step ] [ eir ] [ overload ] ] [ group-id group-id ] Raisecom Proprietary and Confidential 170 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 8 OAM Step Command Description Raisecom(config)#sla oper-num y1564 throughput interface interface-type interface-number ipv4 dest-ip ip-address source-ip ip-address [ dest-udp-port port-id ] [ source- udp-port port-id ] [ tc tc ] [ svlan vlan-id ] [ nexthop- ip ip-address ] [ smac mac-address ] [ ttl ttl ] [ pkt- size { radom | size } ] [ frame-pattern { null | prbs } ] [ cir cir cbs cbs ] [ eir eir ebs ebs ] [ mode cir [ step step ] [ eir ] [ overload ] ] [ group-id group-id ] Raisecom(config)#sla oper-num y1564 performance interface interface-type interface-number { video | voice } dest-ip ip-address source-ip ip-address [ ttl ttl ] [ frame- pattern { null | prbs } ] [ cir cir cbs cbs ] [ eir eir ebs ebs ] [ mode cir [ step step ] [ eir ] [ overload ] ] [ group-id group-id ] 6 Raisecom(config)#sla schedule group-id group-id [ life Schedule the Y.1564 test { life | forever } ] operation. Raisecom(config)#sla schedule group-id group-id period period throughput 8.5.3 Checking configurations No. Command Description 1 Raisecom#show sla group-id group-id Show configurations of the Y.1564 test. configuration 2 Raisecom#show sla group-id group-id result Show results of the Y.1564 test. 8.6 Maintenance Command Description Raisecom(config)#clear oam config Clear OAM configurations. [ interface-type interface-number ] Raisecom(config)#clear extended-oam Clear statistics on extended OAM. statistics interface-type interface-number Raisecom(config)#clear ethernet cfm errors Clear error CCM records. [ level md-level ] Raisecom(config)#clear ethernet cfm Clear information about alarm suppression of suppress-alarm source MEPs. Raisecom(config)#clear ethernet cfm Clear LinkTrace cache configurations. traceroute-cache Raisecom Proprietary and Confidential 171 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9 QoS This chapter describes principles and configuration procedures of QoS, and provides related configuration examples, including the following sections: Introduction Configuring priority trust and priority mapping Configuring traffic classification and traffic policy Configuring congestion avoidance Configuring queue shaping and queue scheduling Configuring rate limiting Configuration examples 9.1 Introduction Generally, Internet (IPv4), which bases on the storage-and-forward mechanism, only provides "best-effort" service for users. When the network is overloaded or congested, this service mechanism will fail to transmit packets timely and completely. With the ever-growing of network application, users bring different Quality of Service (QoS) requirements on network application. Then network should distribute and schedule resources for different network applications according to users' demands. QoS guarantees timeliness and integrity of importance services when the network is overloaded or congested, thus making the network run efficiently. QoS consists of a number of traffic management technologies: Priority trust Priority mapping Traffic classification Traffic policy Queue scheduling Congestion avoidance Queue shaping Rate limiting Raisecom Proprietary and Confidential 172 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.1.1 Priority trust Priority trust refers that a packet adopts its own priority as the classification standard to perform follow-up QoS management on the packet. The RAX711-C supports interface-based priority trust. Priorities are divided into priorities based on Differentiated Services Code Point (DSCP) of IP packets and priorities based on Class of Service (CoS) of VLAN packets. If the RAX711-C does not trust DSCP/CoS priorities carried by packets, you can configure remarking or specify the interface priority. 9.1.2 Priority mapping Priority mapping refers to sending packets to different queues with different local priorities according to pre-configured mapping between external priority and local priority. Therefore, packets in different queues can be scheduled on the egress interface. The local priority refers to an internal priority that is assigned to packets. It is related to the queue number on the egress interface. The bigger the value is, the more quickly the packet is processed. The RAX711-C supports priority mapping based on DSCP priority or IP precedence of IP packets or CoS priority of VLAN packets. ToS priority and DSCP priority Figure 9-1 shows the structure of IP packet header. An 8-bit ToS field is contained in this packet. In RFC1349, the first 3 bits of the ToS field represent the ToS priority, ranging from 0 to 7. In RFC2474, the ToS field is re-defined. The first 6 bits (0–5 bits) represent the priority of IP packets, which is called DSCP priority, ranging from 0 to 63. The last 2 bits (6 and 7 bits) are reserved bits. Figure 9-2 shows the structures of ToS and DSCP priorities. Figure 9-1 Structure of IP packet header Figure 9-2 Structures of ToS priority and DSCP priority Raisecom Proprietary and Confidential 173 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS CoS priority IEEE 802.1Q VLAN packets are a modification of Ethernet packets. A 4-byte 802.1Q header is added between the source MAC address and protocol type, as shown in Figure 9-3. The 802.1Q header consists a 2-byte Tag Protocol Identifier (TPID, valuing 0x8100) filed and a 2- byte Tag Control Information (TCI) field. Figure 9-3 Structure of a VLAN packet The first 3 bits of the TCI field represent the CoS priority, which ranges from 0 to 7, as shown in Figure 9-4. CoS priority is used to ensure QoS in Layer 2 network. Figure 9-4 Structure of CoS priority By default, the mapping between the RAX711-C local priority and DSCP, CoS priorities is listed in Table 9-1 and Table 9-2. Table 9-1 Mapping between local priority and DSCP priority Local 0 1 2 3 4 5 6 7 DSCP 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 Table 9-2 Mapping between local priority and CoS priority Local 0 1 2 3 4 5 6 7 CoS 0 1 2 3 4 5 6 7 Table 9-3 Mapping between local priority and IP precedence Local 0 1 2 3 4 5 6 7 IP 0 1 2 3 4 5 6 7 9.1.3 Traffic classification Traffic classification is a process that recognizes specified packets according to some certain rule. All resulting packets can be treated differently to differentiate the service implied to users. Raisecom Proprietary and Confidential 174 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS The RAX711-C supports classifying traffics based on ToS and DSCP priority of IP packets and CoS priority of VLAN packets. In addition, it supports classifying traffics based on ACL rules and VLAN IDs. Figure 9-5 displays the traffic classification process. Figure 9-5 Traffic classification process 9.1.4 Traffic policy After performing traffic classification on packets, you need to perform different operations on packets of different categories. A traffic policy is formed when traffic classifiers are bound to traffic behaviours. Rate limiting based on traffic policy Rate limiting refers to limiting network traffics. Rate limiting is used to control the speed of traffic in the network. By dropping the traffic that exceeds the speed, you can control the traffic within a reasonable range. Therefore, network resources and Carrier's benefits are protected. Redirection Redirection refers that a packet is not forwarded according to the mapping between the original destination address and the interface. Instead, the packet is redirected to a specified interface for forwarding, realizing routing based on traffic policy. Remarking Remarking refers to re-configuring some priority fields for some packets, so that devices can re-classify packets based on their own standards. In addition, downstream nodes can provide differentiated QoS services depending on remarking information. The RAX711-C supports performing re-remarking on the following priority fields of packets: DSCP priority of IP packets CoS priority of VLAN packets 9.1.5 Queue scheduling Devices need to perform queue scheduling when delay-sensitive services need better QoS services than delay-insensitive services and when the network is congested once in a while. Raisecom Proprietary and Confidential 175 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Queue scheduling adopts different scheduling algorithms to send packets in a queue. Scheduling algorithms supported by the RAX711-C include Strict-Priority (SP), Weight Round Robin (WRR), and Weight Deficit Round Robin (WDRR). All scheduling algorithms are designed for addressing specified traffic problems. And they have different effects on bandwidth distribution, delay, and jitter. SP: the device strictly schedules packets in a descending order of priority. Packets with lower priority cannot be scheduled until packets with higher priority are scheduled, as shown in Figure 9-6. Figure 9-6 SP scheduling WRR: on the basis of scheduling packets in a polling manner according to the priority, the device schedules packets according to the weight of the queue, as shown in Figure 9- 7. Figure 9-7 WRR scheduling WDRR: on the basis of scheduling packets in a polling manner according to the priority, the device schedules packets according to the weight of the queue. In addition, during the scheduling, if one queue has redundant bandwidth, the device will temporarily assign Raisecom Proprietary and Confidential 176 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS this bandwidth to another queue. During next scheduling, the assigned schedule will return equal bandwidth to the original queue, as shown in Figure 9-8. Figure 9-8 WDRR scheduling 9.1.6 Congestion avoidance By monitoring utilization of network resources (queues/memory buffer), congestion avoidance can discard packets actively when congestion occurs or when network traffic increases. It is a traffic control mechanism that is used to resolve network overload by adjusting network traffic. The traditional packet loss policy uses the Tail-Drop mode to process all packets equally without differentiating class of services. When congestion occurs, packets at the end of a queue are discarded until congestion is resolved. This Tail-Drop policy may cause TCP global synchronization. In TCP global synchronization, packets of multiple TCP connections are discarded, these TCP connections enter congestion avoidance and slow startup status simultaneously to reduce and adjust traffic. And later these TCP connections co-occur at some time to result in traffic peak. Therefore, network traffic is not stable, which influences the link utilization rate. RED The Random Early Detection (RED) technology discards packets randomly and makes multiple TCP connection not reduce transport speed simultaneously to avoid TCP global synchronization. The RED algorithm configures a minimum threshold and maximum threshold for length of each queue. In addition: Packets are not discarded when the queue length is smaller than the minimum threshold. All received packets are discarded when the queue length is greater than the maximum threshold. Packets to be received are discarded randomly when the queue length is between the minimum and maximum thresholds. Add a random number to the packet to be received and compare the random number with the drop ratio of the current queue. If the random Raisecom Proprietary and Confidential 177 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS number is greater than the drop ration, the packet is discarded. The greater the queue size is, the higher the packet drop probability is. WRED The Weighted Random Early Detection (WRED) technology also discards packets randomly to avoid TCP global synchronization. However, the random drop parameter generated by WRED technology is based on the priority. WRED differentiates drop policies through the color of packets. This helps ensure that high-priority packets have a smaller packet drop probability. The RAX711-C can perform WRED on TCP packets by color but perform WRED on non-TCP packets regardless of color. The RAX711-C performs congestion avoidance based on WRED. 9.1.7 Queue shaping When the interface speed of downstream devices is smaller than the one of upstream devices, congestion avoidance may occur on interfaces of downstream devices. At this time, you can configure traffic shaping on the egress interface of upstream devices to shape upstream traffic. This helps resolve congestion problem occurs on downstream devices. Queue shaping is a traffic control technology applied to the interface queues. It can be used to control speed of all packets in a specified interface queue, buffer packets whose speed exceeds the threshold, and then forward them when enough bandwidth is available. If the packet size exceeds the buffer queue size, the packet is discarded. 9.1.8 Rate limiting Besides rate limiting based on traffic policy, the RAX711-C also supports rate limiting based on interface, VLAN, and interface+VLAN. Similar to rate limiting based on traffic policy, the RAX711-C discards excess traffic. 9.2 Configuring priority trust and priority mapping 9.2.1 Preparing for configurations Scenario For packets from upstream devices, you can select to trust the priorities taken by these packets. For packets whose priorities are not trusted, you can process them with traffic classification and traffic policy. In addition, you can modify DSCP priorities by configure interface-based DSCP priority remarking. After configuring priority trust, the RAX711-C can perform different operations on packets with different priorities, providing related services. Before performing queue scheduling, you need to assign a local priority for a packet. For packets from the upstream device, you can map the outer priorities of these packets to various local priorities. In addition, you can directly configure local priorities for these packets based on interfaces. And then device will perform queue scheduling on these packets basing on local priorities. Generally, for IP packets, you need to configure the mapping between DHCP priority and local priority. For VLAN packets, you need to configure the mapping between CoS priority and local priority. Raisecom Proprietary and Confidential 178 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Prerequisite N/A 9.2.2 Configuring priority trust Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 3 Raisecom(config-port)#mls qos trust Configure the priority trusted by an interface. { cos | dscp | inner-cos | ipp | port- priority } By default, the interface trusts the CoS priority. 4 Raisecom(config-port)#mls qos priority Configure the interface priority. priority By default, it is 5. 9.2.3 Configuring mapping between DSCP priority and local priority based on interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping Create the DSCP-to-local-priority (color) mapping dscp-to-local-priority profile-id profile and enter dscp-to-pri configuration mode. 3 Raisecom(dscp-to-pri)#dscp dscp-value Configure mapping from the DSCP priority to local to local-priority localpri-value priority (color). [ color { green | red | yellow } ] 4 Raisecom(dscp-to-pri)#dscp dscp-value Discard packets of the specified DSCP priority drop according to the profile from DSCP to local priority. 5 Raisecom(dscp-to-pri)#exit Exit dscp-to-pri configuration mode. Raisecom(config)#interface interface- type interface-number Enter interface configuration mode. 6 Raisecom(config-port)#mls qos dscp- Apply the DSCP-to-local priority (color) mapping to-local-priority profile-id profile to an interface. 9.2.4 Configuring mapping from CoS priority to local priority based on interface Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 179 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Step Command Description 2 Raisecom(config)#mls qos mapping cos-to- Create the CoS-to-local priority (color) local-priority profile-id mapping profile and enter cos-to-pri configuration mode. 3 Raisecom(cos-to-pri)#cos cos-value to local- Configure mapping from the CoS priority priority localpri-value [ color { green | to local priority (color). red | yellow } ] 4 Raisecom(cos-to-pri)#cos cos-value drop Discard packets of the specified CoS priority according to the profile from DSCP to local priority. 5 Raisecom(cos-to-pri)#exit Exit cos-to-pri configuration mode. Raisecom(config)#interface interface-type interface-number Enter interface configuration mode. 6 Raisecom(config-port)#mls qos cos-to-local- Apply the CoS-to-local-priority (color) priority profile-id [ dei enable ] mapping profile to an interface. 9.2.5 Configuring mapping from IP precedence to local priority based on interface Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping ipp-to- Create the ipp-to-local-priority (color) local-priority profile-id mapping profile and enter ipp-to-pri configuration mode. 3 Raisecom(ipp-to-pri)#ipp ipp-value to local- Configure mapping from IP precedence to priority localpri-value [ color { green | local priority (color). red | yellow } ] 4 Raisecom(ipp-to-pri)#exit Exit ipp-to-pri configuration mode. Raisecom(config)#interface interface-type interface-number Enter interface configuration mode. 5 Raisecom(config-port)#mls qos ipp-to-local- Apply the ipp-to-local-priority (color) priority profile-id mapping profile to an interface. 9.2.6 Configuring mapping from Exp to local priority Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping exp-to- Create the Exp-to-pri (color) mapping local-priority profile-id profile and enter exp-to-pri configuration mode. 3 Raisecom(exp-to-pri)#exp exp-value to local- Configure mapping from the Exp to local priority localpri-value [ color { green | priority (color). red | yellow } ] Raisecom Proprietary and Confidential 180 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.2.7 Configuring DSCP priority remarking Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping dscp- Create the DSCP remarking profile and mutation profile-id enter dscp-mutation configuration mode. 3 Raisecom(dscp-mutation)#dscp dscp-value to Remark the DSCP priority of specified new-dscp dscp-value packets. 4 Raisecom(dscp-mutation)#exit Exit dscp-mutation configuration mode. Raisecom(config)#interface interface-type interface-number Enter interface configuration mode. 5 Raisecom(config-port)#mls qos dscp-mutation Apply the DSCP remarking profile to an profile-id interface. 6 Raisecom(config-port)#mls qos default-dscp Configure the default DSCP on the dscp-value interface. 9.2.8 Configuring CoS priority remarking Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping cos-remark Create the CoS remarking profile and enter profile-id dscp-remark configuration mode. 3 Raisecom(cos-remark)#local-priority Configure the mapping from the local localpri-value to cos cos-value priority to CoS priority. 4 Raisecom(cos-remark)#exit Exit cos-remark configuration mode. Raisecom(config)#interface interface-type interface-number Enter interface configuration mode. 5 Raisecom(config-port)#mls qos cos-remark- Enable local-priority-to-CoS mapping. mapping { enable | disable } [ dei enable ] 6 Raisecom(config-port)#mls qos cos-remark Apply the CoS remarking profile to an profile-id interface. 9.2.9 Configuring Exp remarking Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos mapping local- Create the Exp-to-local-priority mapping priority-to-exp profile-id profile and enter pri-to-exp configuration mode. Raisecom Proprietary and Confidential 181 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Step Command Description 3 Raisecom(pri-to-exp)#local-priority Configure the mapping from the local localpri-value to exp exp-value priority to Exp. 9.2.10 Checking configurations No. Command Description 1 Raisecom#show mls qos mapping dscp-to-local- Show information about the DSCP-to- priority [ default | profile-id ] local-priority (color) mapping profile. 2 Raisecom#show mls qos mapping cos-to-local- Show information about the CoS-to- priority [ default | profile-id ] local-priority (color) mapping profile. 3 Raisecom#show mls qos mapping dscp-mutation Show information about the DSCP [ default | profile-id ] remarking profile. 4 Raisecom#show mls qos mapping cos-remark Show information about the CoS [ default | profile-id ] remarking profile. 5 Raisecom#show mls qos mapping local-priority- Show information about the local to-exp [ default | profile-id ] priority-to-Exp mapping profile. 6 Raisecom#show mls qos interface [ interface- Show QoS information on the interface. type interface-number ] 7 Raisecom#show mls qos mapping ipp-to-local- Show information about the ipp-to-local- priority [ default | profile-id ] priority (color) mapping profile. 9.3 Configuring traffic classification and traffic policy 9.3.1 Preparing for configurations Scenario Traffic classification is the basis of QoS. For packets from upstream devices, you can classify them according to ACL rules. After traffic classification, the device can provide related operations for different packets, providing differentiated services. After configurations, the traffic classification cannot take effect until being bound to traffic policy. The selection of traffic policy depends on the packet status and current network load status. In general, when a packet is sent to the network, you need to limit the speed according to Committed Information Rate (CIR) and remark the packet according to the service feature. Prerequisite N/A Raisecom Proprietary and Confidential 182 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.3.2 Creating and configuring traffic classification Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#class-map class-map-name [ match- Create traffic classification and all | match-any ] enter CMAP configuration mode. 3 Raisecom(config-cmap)#match { access-list { acl- Define rules for traffic number | name } | cos cos-value | dscp dscp-value | classification. exp exp-value | inner-cos cos-value | inner-vlan vlan-id | ip precedence ipp-value | ip tos tos- value | label label | second-label label | vlan vlan-id 9.3.3 Creating and configuring traffic policing profile To perform traffic policing on packets, you need to configure traffic policing profile and then quote this profile under the traffic classification, which is bound to traffic policy. On the traffic policing profile, you can configure traffic policing rules or perform relate operations on specified packets based on the color. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos policer-profile Create the traffic policing profile and enter policer-name [ single | hierarchy | traffic policing profile configuration mode. aggregate ] 3 Raisecom(traffic-policer)#drop-color red (Optional) configure the device to discard packets of the specified color. 4 Raisecom(traffic-policer)#set-cos { green (Optional) configure the mapping from packet green-value | yellow yellow-value | red color to CoS priority. red-value } * 5 Raisecom(traffic-policer)#set-dscp (Optional) configure the mapping from packet { green green-value | red red-value } * color to DHCP priority. 6 Raisecom(traffic-policer)#set-pri { green (Optional) configure the mapping from packet green-value | red red-value } * color to local priority. 7 Raisecom(traffic-policer)#recolor (Optional) recolor the packet. { green-recolor red | red-recolor green } * QoS uses the CAR to classify and color the packet. The downstream network can accept the color result of the upstream network or recolor the packet based on its classification standard. 8 Raisecom(traffic-policer)#cir cir cbs cbs (Optional) configure rate limiting parameters. [ ebs ebs ] Raisecom Proprietary and Confidential 183 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.3.4 Creating and configuring traffic policy Steps 5–10 are coordinate. You can select one as required. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#policy-map policy-map- Create a traffic policy and enter PMAP name configuration mode. 3 Raisecom(config-pmap)#class-map class- Add the traffic classification to the traffic policy map-name and enter CMAP configuration mode. The traffic classification, bound with the traffic policy, must be based on at least one rule. Otherwise, the binding operation fails. When the traffic policy is applied to an interface, you cannot delete the bound traffic classification or modify its configuration. One traffic classification can be applied to multiple traffic policies. 4 Raisecom(config-pmap-c)#policer Import a traffic policing profile (policer) into the policer-name traffic policy. 5 Raisecom(config-pmap-c)#set { cos cos- (Optional) configure packet remarking. value | dscp dscp-value | local- priority priority-value } Raisecom(config-pmap-c)#set { inner- vlan inner-vlan-id | vlan vlan-id } 6 Raisecom(config-pmap-c)#add outer-vlan (Optional) configure the VLAN ID of the added vlan-id outer VLAN Tag. 7 Raisecom(config-pmap-c)#redirect-to (Optional) configure the redirection rule to [ interface-type interface-number ] forward matched packets through the specified interface. 8 Raisecom(config-pmap-c)#copy-to-mirror (Optional) copy the traffic to the mirroring group-id monitoring group. 9 Raisecom(config-pmap-c)#forward-to-cpu (Optional) forward traffic to the CPU. 10 Raisecom(config-pmap-c)#statistics (Optional) enable traffic statistics. enable 11 Raisecom(config-pmap-c)#exit Exit CMAP configuration mode. Raisecom(config-pmap)#exit Raisecom(config)#interface interface- Exit PMAP configuration mode. type interface-number Enter interface configuration mode. 12 Raisecom(config-port)#service-policy Apply the traffic policy to an interface. { ingress | egress } policy-map-name Raisecom Proprietary and Confidential 184 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.3.5 Checking configurations No. Command Description 1 Raisecom#show class-map [ class-map-name ] Show information about traffic classification. 2 Raisecom#show mls qos policer [ policer-name ] Show rate limiting rules. 3 Raisecom#show policy-map [ policy-map-name ] [ class Show information about traffic class-map-name ] policies. 4 Raisecom#show service-policy interface Show information about applied Raisecom#show service-policy interface interface- policies. type interface-number [ egress | ingress ] 5 Raisecom#show service-policy statistics interface Show statistics on applied traffic interface-type interface-number { egress | ingress } policies. [ class-map class-map-name ] 9.3.6 Maintenance Command Description Raisecom(config)#clear service-policy statistics interface Show traffic classification interface-type interface-number { egress | ingress } information. Raisecom(config)#clear service-policy statistics interface Show rate limiting rules. interface-type interface-number { egress | ingress } [ class-map class-map-name ] 9.4 Configuring congestion avoidance 9.4.1 Preparing for configurations Scenario To avoid network congestion and to resolve TCP global synchronization, you can configure congestion avoidance to adjust the network traffic and resolve network overload. The RAX711-C supports WRED-based congestion avoidance. When the interface speed of downstream devices is smaller than the one of upstream devices, traffic congestion may occur on interfaces of downstream devices. At this time, you can configure queue and traffic shaping on the egress interface of upstream devices to shape upstream traffic. Prerequisite N/A Raisecom Proprietary and Confidential 185 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.4.2 Configuring WRED profile Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos wred Create a WRED profile and enter WRED profile profile profile-id configuration mode. 3 Raisecom(wred)#wred color { green Configure information about the WRED profile. | red | yellow } start-drop- threshold start-drop end-drop- For non-TCP packets, it does not distinguish the color. threshold end-drop max-drop- You need to configure the wred start-drop-threshold probability max-drop or wred color green parameter. 9.4.3 Configuring flow profile Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#mls qos flow- Create a WRED profile and enter flow profile queue profile flow-profile-id configuration mode. 3 Raisecom(flow-queue)#scheduler Configure the queue scheduling policy. { wdrr| wrr } By default, it is SP, namely, strict priority policy. 4 Raisecom(flow-queue)#queue queue- Configure the queue, weight, shaping, and WRED id [ weight weight-value ] information about the flow profile. If you do not [ shaping cir cir-value [ cbs configure the weight, queues will be scheduled by SP. cbs-value ] pir pir-value [ pbs pbs-value ] ] [ wred profile profile-id ] 9.4.4 Checking configurations No. Command Description 1 Raisecom#show mls qos wred profile [ profile- Show configurations of the WRED list ] profile. 2 Raisecom#show mls qos flow-queue profile Show configurations of the flow profile. flow-profile-list 3 Raisecom#show mls qos queue interface Show information about queues on the interface-type interface-number interface. 4 Raisecom#show mls qos queue statistics Show statistics on queues on the interface interface-type interface-number interface. Raisecom Proprietary and Confidential 186 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.5 Configuring queue shaping and queue scheduling 9.5.1 Preparing for configurations Scenario When the interface speed of downstream devices is smaller than the one of upstream devices, congestion avoidance may occur on interfaces on downstream devices. At this time, you can configure queue and traffic shaping on the egress interface of upstream devices to shape upstream traffic. Prerequisite N/A 9.5.2 Configuring queue shaping Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 3 Raisecom(config-port)#mls qos shaping { ingress Configure queue shaping for queues of | egress } pir pir-value [ pbs pbs-value ] the interface. 9.5.3 Configuring queue scheduling Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 3 Raisecom(config-port)#mls qos queue queue-id Configure the maximum buffer of the max-buffer max-buffer-value specified queue on the interface By default, it is 500. 4 Raisecom(config-port)#mls qos queue queue-id Configure queue shaping of the specified shaping cir cir-value [ cbs cbs-value ] pir queue on the interface. pir-value [ pbs pbs-value ] 5 Raisecom(config-port)#mls qos queue queue-id Apply the WRED profile to the specified wred profile-id queue on the interface. 6 Raisecom(config-port)#mls qos queue Configure the queue scheduling policy. scheduler { { { drr | wrr } [ weight1 weight2 weight3 weight4 weight5 weight6 weight7 weight8 ] } | sp } Raisecom Proprietary and Confidential 187 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS 9.5.4 Checking configurations No. Command Description 1 Raisecom#show mls qos queue interface Show information about queues on an interface-type interface-number interface. 2 Raisecom#show mls qos shaping interface Show information about queue shaping. [ interface-type interface-number [ ingress | egress ] ] 3 Raisecom#show mls qos queue statistics Show queue statistics on the interface. interface interface-type interface-number 4 Raisecom#show mls qos queue { max-buffer | Show configurations of queues on the shaping | wred } [ interface ] interface-type specified interface. interface-number 9.5.5 Maintenance Command Description Raisecom(config)#clear mls qos queue statistics interface Clear queue statistics on an interface-type interface-number [ queueid queue-id ] interface. 9.6 Configuring rate limiting 9.6.1 Preparing for configurations Scenario To transmit specific services at a specified rate upon network congestion, you can configure rate limting. In this case, received packets are matched with the profile to guarantee normal transmission of specific services. Prerequisite Create VLANs. 9.6.2 Configuring interface-based rate limiting Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#bandwidth-profile Create a bandwidth profile, and configure the index cir cir cbs cbs [ color-aware ] rate limiting for forwarding packets. Raisecom(config)#bandwidth-profile index cir cir cbs cbs eir eir ebs ebs [ color-aware [ coupling ] ] Raisecom Proprietary and Confidential 188 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Step Command Description 3 Raisecom(config)#bandwidth-profile bwp- Configure the description of the bandwidth index description string profile. 4 Raisecom(config)#interface interface- Enter interface configuration mode. type interface-number 5 Raisecom(config-port)#bandwidth Configure the interface to quote the bandwidth { ingress | egress } [ vlan vlan-id ] profile. [ cos cos-value ] bwp-index 9.6.3 Checking configurations No. Command Description 1 Raisecom#show bandwidth interface interface-type Show information about the interface-number interface-based bandwidth profile. 2 Raisecom#show bandwidth-profile [ index ] Show configurations of the bandwidth profile. 9.7 Configuration examples 9.7.1 Example for configuring rate limiting based on traffic policy Networking requirements As shown in Figure 9-9, User A, User B, and User C are respectively connected to the RAX711-C through Router A, Router B, and Router C. User A requires voice and video services; User B requires voice, video, and data services; User C requires video and data services. According to users' requirements, make following rules: For User A, provide 25 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and discard excess traffic. For User B, provide 35 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and discard excess traffic. For User C, provide 30 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and discard excess traffic. Raisecom Proprietary and Confidential 189 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Figure 9-9 Configuring rate limiting based on traffic policy Configuration steps Step 1 Create and configure traffic classification. Raisecom#config Raisecom(config)#access-list 1001 Raisecom(config-acl-ip-std)#rule 1 permit 1.1.1.1 255.255.255.0 Raisecom(config-acl-ip-std)#exit Raisecom(config)#class-map usera Raisecom(config-cmap)#match access-list 1001 Raisecom(config-cmap)#exit Raisecom(config)#access-list 1002 Raisecom(config-acl-ip-std)#rule 2 permit 1.1.2.1 255.255.255.0 Raisecom(config-acl-ip-std)#exit Raisecom(config)#class-map userb Raisecom(config-cmap)#match access-list 1002 Raisecom(config-cmap)#exit Raisecom(config)#access-list 1003 Raisecom(config-acl-ip-std)#rule 3 permit 1.1.3.1 255.255.255.0 Raisecom(config-acl-ip-std)#exit Raisecom(config)#class-map userc Raisecom(config-cmap)#match access-list 1003 Raisecom(config-cmap)#exit Step 2 Create traffic policing profiles and configure rate limiting rules. Raisecom(config)#mls qos policer-profile usera single Raisecom(traffic-policer)#cir 25000 cbs 100 Raisecom(traffic-policer)#drop-color red Raisecom(traffic-policer)#exit Raisecom Proprietary and Confidential 190 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Raisecom(config)#mls qos policer-profile userb single Raisecom(traffic-policer)#cir 35000 cbs 100 Raisecom(traffic-policer)#drop-color red Raisecom(traffic-policer)#exit Raisecom(config)#mls qos policer-profile userc single Raisecom(traffic-policer)#cir 30000 cbs 100 Raisecom(traffic-policer)#drop-color red Raisecom(traffic-policer)#exit Step 3 Create and configure traffic policies. Raisecom(config)#policy-map usera Raisecom(config-pmap)#class-map usera Raisecom(config-pmap-c)#policer usera Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#interface client 1 Raisecom(config-client1)#service-policy ingress usera Raisecom(config-client1)#exit Raisecom(config)#policy-map userb Raisecom(config-pmap)#class-map userb Raisecom(config-pmap-c)# policer userb Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#interface client 2 Raisecom(config-client2)#service-policy ingress userb Raisecom(config-client2)#exit Raisecom(config)#policy-map userc Raisecom(config-pmap)#class-map userc Raisecom(config-pmap-c)#policer userc Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#interface client 3 Raisecom(config-client3)#service-policy ingress userc Checking results Use the show class-map command to show configurations of traffic classification. Raisecom#show class-map usera Class Map usera (id 0) (ref 1) Match acl 1001 Raisecom#show class-map userb Class Map userb (id 1) (ref 1) Match acl 1002 Raisecom#show class-map userc Class Map userb (id 2) (ref 0) Match acl 1003 Raisecom Proprietary and Confidential 191 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Use the show mls qos policer command to show configurations of rate limiting rules. Raisecom#show mls qos policer single-policer: usera mode:flow color:blind cir: 25000 kbps cbs: 100 kB single-policer: usera mode:flow color:blind cir: 35000 kbps cbs: 100 kB single-policer: usera mode:flow color:blind cir: 35000 kbps cbs: 100 kB Use the show policy-map command to show configurations of traffic policies. Raisecom#show policy-map usera Policy Map usera Class-map usera police usera Raisecom#show policy-map userb Policy Map userb Class-map userb police userb Raisecom#show policy-map userc Policy Map userc Class-map userc police userc 9.7.2 Example for configuring queue scheduling and congestion avoidance Networking requirements As shown in Figure 9-10, User A requires voice and video services; User B requires voice, video, and data services; User C requires video and data services. CoS priorities for voice, video and, data services are configured with 5, 4, and 2 respectively. And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively. Make following rules based on service types. Perform SP scheduling on voice service to ensure that the traffic is first transmitted. Perform WRR scheduling on video service and configure the weight to 50. Perform WRR scheduling on data service and configure the weight to 20. In addition, you need to configure the discarding threshold to 50 to avoid network congestion caused by too high burst traffic. Raisecom Proprietary and Confidential 192 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Figure 9-10 Configuring queue scheduling and congestion avoidance Configuration steps Step 1 Create a WRED profile. Raisecom#config Raisecom(config)#mls qos wred profile 1 Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 max- drop-probability 60 Raisecom(wred)#exit Step 2 Configure the priority trust and congestion avoidance on interfaces. Raisecom(config)#mls qos flow-queue profile 6 Raisecom(flow-queue)#scheduler wrr Raisecom(flow-queue)#queue 6 weight 50 Raisecom(flow-queue)#queue 3 weight 20 wred profile 1 Raisecom(flow-queue)#exit Raisecom(config)#interface line 1 Raisecom(config-line1)# mls qos flow-queue 6 Raisecom(config)#interface client 1 Raisecom(config-client1)#mls qos trust cos aisecom(config)#interface client 2 Raisecom(config-client2)#mls qos trust cos Raisecom(config)#interface client 3 Raisecom(config-client3)#mls qos trust cos Raisecom(config-client3)#exit Step 3 Configure the mapping from the CoS priority and local priority. Raisecom Proprietary and Confidential 193 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Raisecom(config)#mls qos mapping cos-to-local-priority 1 Raisecom(cos-to-pri)#cos 5 to local-priority 6 Raisecom(cos-to-pri)#cos 4 to local-priority 5 Raisecom(cos-to-pri)#cos 2 to local-priority 2 Raisecom(cos-to-pri)#exit Raisecom(config)#interface client 1 Raisecom(config-client1)#mls qos cos-to-local-priority 1 Raisecom(config-client1)#interface interface client 2 Raisecom(config-client2)#mls qos cos-to-local-priority 1 Raisecom(config-client2)#interface interface client 3 Raisecom(config-client3)#mls qos cos-to-local-priority 1 Raisecom(config-client3)#exit Checking results Use the show mls qos mapping cos-to-local-priority command to show mapping configurations on specified priorities. Raisecom#show mls qos mapping cos-to-local-priority G:GREEN Y:Yellow R:RED cos-to-localpriority(color) Index Description CoS: 0 1 2 3 4 5 6 7 ------------------------------------------------------------------------- 1 localpri(color): 0(G) 1(G) 2(G) 3(G) 5(G) 6(G) 6(G) 7(G) Use the show mls qos command to show configurations of priority trust and queue scheduling mode on specified interfaces. Raisecom#show mls qos interface client 1 Interface TrustMode UntaggedPriority Cos-PriProfile Dscp-PriProfile Dscp-Mutation Cos-Remark ----------------------------------------------------------------------- client 1 cos 5 0 0 0 0 Use the show mls qos flow-queue command to show configurations of queue scheduling. Raisecom#show mls qos flow-queue profile 2 CIR: Committed information rate,unit:Kbps CBS: Committed burst size,unit:KB PIR: Peak information rate,unit:Kbps PBS: Peak burst size,unit:KB ProfileIndex :2 Flow-Queue-Description : Flow-Queue-Reference :3 Raisecom Proprietary and Confidential 194 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Flow-Queue-Scheduler :wrr QueueId Weight Wred CIR(Kbps) CBS(KB) PIR(Kbps) PBS(KB) ---------------------------------------------------------------- 1 0 0 -- -- -- -- 2 0 0 -- -- -- -- 3 0 1 -- -- -- -- 4 0 0 -- -- -- -- 5 0 0 -- -- -- -- 6 20 0 -- -- -- -- 7 50 0 -- -- -- -- 8 0 0 -- -- -- -- Use the show mls qos wred profile command to show WRED profile configurations. Raisecom#show mls qos wred profile GSDT:Green Start Drop Threshold GEDT:Green End Drop Threshold GDP :Green Drop Probability YSDT:Yellow Start Drop Threshold YEDT:Yellow End Drop Threshold YDP :Yellow Drop Probability RSDT:Red Start Drop Threshold REDT:Red End Drop Threshold RDP :Red Drop Probability Index Description Ref GSDT GEDT GDP YSDT YEDT YDP RSDT REDT RDP ------------------------------------------------------------------------- 1 3 50 90 60 50 90 60 50 90 60 9.7.3 Example for configuring interface-based rate limiting Networking requirements As shown in Figure 9-11, User A, User B, and User C are connected to the RAX711-C through Switch A, Switch B, and Switch C. User A requires voice and video services; User B requires voice, video, and data services; User C requires video and data services. According to users' requirements, make following rules: For User A, provide 25 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes, configure the EIR to 50 Mbit/s, and configure the EBS to 200 Kbytes. For User B, provide 35 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes, configure the EIR to 70 Mbit/s, and configure the EBS to 200 Kbytes. For User A, provide 30 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes, configure the EIR to 60 Mbit/s, and configure the EBS to 200 Kbytes. Raisecom Proprietary and Confidential 195 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS Figure 9-11 Configuring interface-based rate limiting Configuration steps Step 1 Configure the bandwidth profile. Raisecom#config Raisecom(config)#bandwidth-profile 1 cir 25000 cbs 100 eir 50000 ebs 200 Raisecom(config)#bandwidth-profile 2 cir 35000 cbs 100 eir 70000 ebs 200 Raisecom(config)#bandwidth-profile 3 cir 30000 cbs 100 eir 60000 ebs 200 Step 2 Apply the bandwidth profile to the interface. Raisecom(config)#interface client 1 Raisecom(config-client1)#bandwidth ingress 1 Raisecom(config-client1)#interface client 2 Raisecom(config-client2)#bandwidth ingress 2 Raisecom(config-client2)#interface client 3 Raisecom(config-client3)#bandwidth ingress 3 Checking results Use the show bandwidth interface command to show configurations of interface-based rate limiting. Raisecom#show bandwidth interface client 1 Port Direction bwp-index hv-bwp-index Cir(kbps) Cbs(KB) Eir(kbps) Ebs(KB) ------------------------------------------------------------------------- Raisecom Proprietary and Confidential 196 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 9 QoS client1 Ingress 1 -- 25000 100 50000 200 Raisecom#show bandwidth interface client 2 Port Direction bwp-index hv-bwp-index Cir(kbps) Cbs(KB) Eir(kbps) Ebs(KB) ------------------------------------------------------------------------- client2 Ingress 2 -- 35000 100 70000 200 Raisecom#show bandwidth interface client 3 Port Direction bwp-index hv-bwp-index Cir(kbps) Cbs(KB) Eir(kbps) Ebs(KB) ------------------------------------------------------------------------- client3 Ingress 3 -- 30000 100 60000 200 Raisecom# Raisecom Proprietary and Confidential 197 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM 10 RSOM This chapter describes principles and configuration procedures of RSOM, and provide configuration examples, including the following sections: Introduction Configuring RSOM Maintenance Configuration examples 10.1 Introduction Raisecom Service Oriented Management (RSOM) is based on the MEF40, and aims to promote usability of the Ethernet, activate and manage the Ethernet PLS. Ethernet services include Ethernet Virtual Connection (EVC) and its corresponding UNI. Each EVC is corresponding to a service. Figure 10-1 shows the Ethernet service networking. User network A and User network B are connected to the carrier's network through the UNI, and they communicate through an EVC established on the carrier's network. RSOM contains two parts of Ethernet services: service transmission and test and measurement. When a service is created and normally transmitted, it can be tested and measured through SLA and RCSAM. Figure 10-1 Ethernet service networking Raisecom Proprietary and Confidential 198 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM 10.1.2 Types of Ethernet services Types of Ethernet services are as below: E-Line: Ethernet Private Line (EPL) services, leased line services implemented through point-to-point EVC E-LAN: Ethernet Virtual Private Local Access Network (E-LAN) services implemented through point-to-multipoint EVC for customers in multiple positions E-Tree: Ethernet Private Tree (EPT) services, Ethernet point-to-multipoint services implemented through tree point-to-multipoint EVC. One node is the root node while others are leaf nodes. The root node can communicate with leaf nodes while leaf nodes cannot communicate with each other. Table 10-1 lists types of Ethernet services according to sharing of services and bandwidth. Table 10-1 Types of Ethernet services Type Service UNIs per Service instances Bandwidth sharing EVC per UNI Dedicated UNI E-Line Point-to-point 2 1 Dedicated network transmission EPL bandwidth Shared UNI Point-to-point 2 or more 1 or more Shared network transmission bandwidth EVPL by multiple customers Dedicated UNI E-LAN EPLAN Multiple 1 Dedicated network transmission bandwidth At least one shared UNI EVPLAN Multiple 1 or more Shared network transmission bandwidth by service instances of multiple customers Dedicated UNI E-Tree EP-Tree, Multiple 1 Dedicated network transmission Ethernet Private Tree bandwidth At least one shared UNI EVP-Tree Multiple 1 or more Shared network transmission bandwidth by service instances of multiple customers Services transmission of the Ethernet service Based on the different profiles, services transmission of the Ethernet service matches the packets entering the service and deal with them according to rules. The Ethernet service supports the following profiles. L2CP profile: it supports configuring the protocol for matching packets and corresponding action for processing them. It also supports configuring transparent transmission of L2CP packets to the specified destination MAC address. CoS profile: it is namely the QoS profile. It is used for the bandwidth profile. It supports configuring CoS and traffic classification rules. Packets enter the queue and are transmitted according to traffic classification rule. Because according to different classification rules, the rules of priority mapping are different, thus packets enter the Raisecom Proprietary and Confidential 199 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM queue configured through Ethernet QoS to schedule according to different priority mapping rules. Bandwidth profile: it supports configuring coupling function and color aware mode, and supports configuring rate limiting rule. Interfaces Physical interfaces on the RAX711-C work as the UNI or NNI. The UNI is the interace where the user network accesses the carrier's network. The NNI is a forwarding interface inside the carrier's network. Figure 10-2 shows the location of UNIs and NNIs in a network topology. Figure 10-2 Location of UNIs and NNIs in a network topology Rules for mapping packets When an untagged packet reaches the UNI, it will be added with a VLAN ID of PVID. When a tagged packet reaches the UNI, it is mapped into the corresponding EVC according to its CEVLAN ID and then forwarded. Rules for mapping among the UNI, CEVLAN, and EVC are as below: All-to-one: there is only one EVC on a UNI, and all CEVLANs are mapped into the EVC. Bundling: there is only one EVC on a UNI, and CEVLANs are mapped into EVCs as required. Bundling-multiplex: there are multiple EVCs on a UNI, and each EVC is mapped into a CEVLAN. Multiplex: there are multiple EVCs on a UNI, and CEVLANs are mapped into EVCs as required. There is a table for mapping CEVLANs and EVCs on a UNI. You can configure it after learning its mapping rules. For example, there are 2 EVCs on UNI 1, and they carry packets of CEVLANs 1–100 to the EVC 1 and then forward these packets. They also carry packets of CEVLANs 200–300 to the EVC 2 and then forward these packets. Rules for classifying traffic When packets enter a UNI, they will enter the EVC corresponding to the carried CEVLAN ID and then be classified by local priority in the following types: Raisecom Proprietary and Confidential 200 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Based on interface: on a UNI, local priorities (CoS priorities) are the same; namely, all EVCs on the UNI are the same. Based on EVC: on an EVC, local priorities (CoS priorities) are the same. Based on DSCP: packets that carry the specified DSCP list are configured as a data flow. Before packets are classified by carried DSCP in the EVC, you should configure mappings between DSCP and local priorities (CoS priorities) to conduct rate limit based on CoS (namely, you can configure non-IP packets to be added with the default DSCP priority on the UNI). Based on PCP: packets that carry the specified PCP list (carried CoS priority) are configured as a data flow. Before packets are classified by carried PCP in the EVC, you should configure mappings between PCP and local priorities (CoS priorities) to conduct rate limit based on CoS. Based on L2CP: after an EVC is established, a L2CP profile can be quoted; in this way, packets that carry the specified MAC address and protocol ID are configured as a data flow. You can combine the L2CP profile with the interface, EVC, DSCP, and PCP during configurations. – When you combine the L2CP profile with the EVC, DSCP, and PCP, the EVC will check whether an arriving packet is a L2CP packet. If yes, the EVC classifies packets by L2CP rules. If no, the EVC classifies packets by EVC, DSCP, and PCP rules. – When you combine the L2CP profile with the interface, the local priority based on interface and that based on L2CP are different. For example, the local priority based on interface is 1 while that based on L2CP is 2. When packets reach the UNI, they are classified by local priority 2 if they are L2CP packets, or by local priority 1 if they are non-L2CP packets. To configure traffic classification based on interface or EVC, When CEVLAN and CoS reservation are enabled, packets enter the UNI with their carried CEVLAN and CoS, and packet CoS is the local priority. When CEVLAN and CoS reservation are disabled, packets will be processed as untagged packets and obtain the PVID and local priority from the UNI. Rate limiting After an EVC is established, you need to configure rate limiting by simply quoting a bandwidth profile (containing multiple rate limiting rules, with each rule corresponding to a local priority) in the ingress and egress direction of a UNI. Namely, rate limiting works based on local priority in the following types: Based on interface: packets are matched with the uniform local priority of the UNI and thus processed with rate limiting. Based on EVC: packets are matched with the uniform local priority of the EVC and thus processed with rate limiting. Based on DSCP: the DSCP flow is matched with the local priority of the UNI and thus processed with rate limiting. Based on PCP: the PCP flow is matched with the local priority of the UNI and thus processed with rate limiting. When rate limiting is configured on basis of DSCP or PCP, all DSCP flows or PCP flows of the EVC must be conducted with or without rate limiting. When they are conducted with rate limiting, you cannot configure rate limiting based on EVC. When they are conducted without rate limiting, the CIR of DSCP flows or PCP flows must be smaller than the EVC CIR. Raisecom Proprietary and Confidential 201 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Test and measurement of Ethernet service Test and measurement of the Ethernet service function is achieved by the SLA, Y.1564, Loopback, and CFM. When the Ethernet service is created, you can start the Y.1564 test to measure its indexes, such as the delay, jitter, and frame loss rate. 10.2 Configuring RSOM 10.2.1 Preparing for configurations Scenario RSOM includes service transmission and service test and measurement. To configure service transmission, configure L2CP, CoS bandwidth profile, bandwidth profile, and flow profile, and connect services with each profile. Packets entering the service will be processed according to rules of the applied profile. To configure service test and measurement, configure the SLA, Y.1564, and loopback, associate the service with each function, and test functions in the service. Prerequisite Global CFM and interface CFM are enabled on devices at both ends of the EVC. 10.2.2 (Optional) configuring L2CP profile Step Configuration Description 1 Raisecom#config Enter the RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#l2cp-profile Create the L2CP profile group, and enter the l2cp-profile-id L2CPprofile group configuration mode. By default, the system has 3 profiles, but the default profile cannot be deleted and modified. 3 Raisecom(mefservice- Configure the L2CP profile group description. l2cpprofile)#description string By default, it is mef-l2cp-profile-group--l2cp- profile-id. 4 Raisecom(mefservice- Create the L2CP bandwidth profile. l2cpprofile)#l2cp-item l2cp-item-id 5 Raisecom(mefservice-l2cpitem)#l2cp- Configure protocol rules and processing command protocol { stp | lacp | lamp | link- of the packets corresponding to the L2CP bandwidth oam | esmc | dot1x | elmi | lldp | profile. ptp | cdp | vtp | pvst | udld | pagp } action { discard | forward | peer | tunnel } Raisecom Proprietary and Confidential 202 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step Configuration Description 6 Raisecom(mefservice-l2cpitem)#dest- Configure the destination MAC rules and processing mac mac-address [ ethertype value command of the packets corresponding to the L2CP [ sub-type value ] ] action bandwidth profile. { discard | forward | peer | tunnel } By default, processing action is Tunnel. Raisecom(mefservice-l2cpitem)#exit 7 Raisecom(mefservice-l2cpprofile)# Configure transparent transmission of the L2CP exit packets with the specified destination MAC address. Raisecom(mefservice)#l2cp-process tunnel destination mac-address By default, transparent transport the L2CP packets with destination MAC address 010e.5e00.0003. 10.2.3 Configure CoS profile Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#cos-profile cos- Create CoS profile group, and enter CoS profile profile-id configuration mode. 3 Raisecom(mefservice-cosprofile)#name Configure CoS profile group description. name By default, CoS profile group description is cos- profile-id. 4 Raisecom(mefservice-cosprofile)#coslable Configure CoS value of CoS profile. cos-value [ remark-pcp pcp-value ] By default, it is 0. Re-mark PCP is 0. 5 Raisecom(mefservice-cosprofile)#type Configure services traffic offload mode of the { evc | dscp dscp-list | pcp pcp-list } CoS profile. After service traffic is classified, it Raisecom(mefservice-cosprofile)#type will be transmitted according to QoS rule of the { evc | dscp dscp-list | pcp pcp-list } Ethernet. l2cp { l2cp-profile-id | default1 | default2 | default3 } When you do not need to process L2CP packets Raisecom(mefservice-cosprofile)#type in a specified way, you can skip configuration l2cp { l2cp-profile-id | default1 | of rules for classifying L2CP packets. default2 | default3 } By default, it is PCP mode Cos is from 0 to 7. In the EVC configuration mode, the association way between UNI and EVC is different, and traffic classification is different. When the association mode is All-To-One and Bundling, the packets carrying interface priority, Untagged packets, and packets carrying C-Tag enter the same line, namely line 1. When the association way is Bundling-Multipex or Multipex, all the packets enter the same line, namely line 1. In the DSCP configuration mode, the association way between UNI and EVC is different, and traffic classification is different. Raisecom Proprietary and Confidential 203 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM When the association way is All-To-One, Layer 3 packets is mapped to the local priority according to carried DSCP, and enter the corresponding line; Non-Layer 3 packets is mapped to the local priority according to services Default-DSCP configured by the default-dscp command, and enter the corresponding line. If DSCP is full mapping, do not discard the packets. When the association way is Bundling, Bundling-Multipex, and Multipex, Layer 3 packets is mapped to the local priority according to carried DSCP, and enter the corresponding line; Non-Layer 3 packets is mapped to the local priority according to services Default-DSCP configured by the default-dscp command, and enter the corresponding line. When the DSCP carried on the Layer 3 does not match with services DSCP, discard the packets. In the PCP configuration mode, the association way between UNI and EVC is different, and traffic classification is different. When the association way is All-To-One, the packets carrying interface priority and the packet carrying C-Tag according to configured PCP are mapped to the local priority; untagged packets is mapped to the local priority according to default-cepriority configured by the default-cepriority command. In the L2CP configuration mode, the packets are matched and processed according to L2CP profile attribute. In the L2CP and DACP, PCP or EVC mixed mode, classification follows L2CP, DSCP, PCP, and EVC in descending priority. 10.2.4 Configuring bandwidth profile Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#bandwidth enable Enable global bandwidth. By default, it is enabled. 3 Raisecom(mefservice)#bandwidth-profile Create a bandwidth profile group, and enter bandwidth-profile-id bandwidth profile group configuration. 4 Raisecom(mefservice- Create bandwidth profile group, and enter bwpprofile)#bandwidth-item bandwidth- bandwidth profile group configuration. item-id Raisecom(mefservice-bwpitem)#bandwidth- Create hierarchical bandwidth profile, and enter hierachy hierarchical bandwidth profile configuration mode. By default, the new hierarchical bandwidth profile does not limit on the speed and color blind mode. 5 Raisecom(mefservice-bwpitem)#name name Configure bandwidth profile description. By default, it is 123. 6 Raisecom(mefservice-bwpitem)#cir cir cbs Configure speed-limit rule for the bandwidth cbs [ eir eir ebs ebs ] profile. Raisecom(mefservice-bwpitem)#cir unlimited 7 Raisecom(mefservice-bwpitem)#color-mode Configure color aware mode for the bandwidth { aware | blind } profile. 8 Raisecom(mefservice-bwpitem)#coupling Enable bandwidth coupling. enable Raisecom Proprietary and Confidential 204 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step Configuration Description 9 Raisecom(mefservice-bwpitem)#cos-profile Configure bandwidth profile to quote the CoS cos-profile-id profile. 10.2.5 Configuring interface Step Configuration Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface- Enter physical layer interface configuration type interface-number mode. 3 Raisecom(config-port)#mef-type { uni | Configure physical interface type. nni } By default, the line interface is the NNI while the client interface is the UNI. 4 Raisecom(config-port)#exit Enter RSOM configuration mode. Raisecom(config)# mefservice 5 Raisecom(mefservice)#interface Enter RSOM UNI configuration mode. interface-type interface-number 6 Raisecom(mefservice-interface)#uni-id Configure UNI interface identification. string 7 Raisecom(mefservice- Configure the association between interface and interface)#bandwidth-profile { ingress | bandwidth group. egress } bandwidth-profile-id 8 Raisecom(mefservice-interface)#l2cp- (Optional) configure the association between profile { l2cp-profile-id | default1 | the UNI interface and L2CP profile group. default2 | default3 } service service-id 9 Raisecom(mefservice-interface)#bundling- Configure association rules between the CE type { all-to-one | bundling | bundling- VLAN on the UNI and services. multiplex | multiplex } By default, it is All-To-One. 10 Raisecom(mefservice- interface)#default- Configure the default CE VLAN of the cevlan vlan-id Untagged packets. By default, it is VLAN 1. 11 Raisecom(mefservice- interface)#default- Configure the default CE VLAN priority of the cepriority priority Untagged packets. By default, it is 0. 10.2.6 Configuring CFM Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#service service-id Enter service configuration mode. Raisecom Proprietary and Confidential 205 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step Configuration Description 3 Raisecom(mefservice-evc)#md level level Configure the MD level. By default, it is level 5. 4 Raisecom(mefservice-evc)#cfm local-mep Configure the local MEP ID. mep-id 5 Raisecom(mefservice-evc)#far-end remote- Configure UNI interface information on the uni-id { ip-address ip-address | mac service remote devices. mac-address | remote-mep mep-id } 6 Raisecom(mefservice-evc)#cc enable Enable transmitting CCM. By default, it is disabled. 7 Raisecom(mefservice-evc)#cc interval { 1 Configure the transmission period of the CCM, | 10 | 60 | 600 | 3ms | 10ms | 100ms } By default, it is 3.3s. 8 Raisecom(mefservice-evc)#ping { remote- Configure PING RMEP. mep mep-id | mac-address } [ size size ] 9 Raisecom(mefservice-evc)#traceroute Configure Traceroute RMEP. { remote-mep mep-id | mac-address } [ size size ] Parameters related to CFM on the service are calculated automatically by the system, such as the MD name and MA name. 10.2.7 Configuring SLA Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#performance-tier Create a threshold configuration profile, performance-tier-id and enter threshold configuration profile mode. 3 Raisecom(mefservice- Configure the description of a profile. thresholdprofile)#description string By default, it is PTperformance-tier-id. 4 Raisecom(mefservice-thresholdprofile)#cos- Configure index thresholds and CoS in lable cos-value { availability | delay | the SLA threshold profile. jitter | loss-rate } threshold-value 10.2.8 Configuring SLA test and measurement Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice Raisecom Proprietary and Confidential 206 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step Configuration Description 2 Raisecom(mefservice)#service service-id Enter EVC configuration mode. 3 Raisecom(mefservice-evc)#performance-tier Configure association between the performance-tier-id service and threshold profile. 4 Raisecom(mefservice-evc)#sla remote-ip ip- Configure the IP address of the remote address device for the SLA test. 5 Raisecom(mefservice-evc)#sla remote-mep { all Configure the RMEP of the SLA test. | mep-list } [ size size ] 6 Raisecom(mefservice-evc)#sla start Start the SLA test. 10.2.9 Configuring Y.1564 Configuring Y.1564 test traffic profile Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#flow profile Create Y.1564 traffic profile, and enter traffic flow-profile-id profile configuration mode. 3 Raisecom(mefservice- Configure Y.1564 traffic profile description. flowprofile)#description string By default, description about traffic profile is FLOW-flow-profile-id. 4 Raisecom(mefservice- Configure Y.1564 test traffic type. flowprofile)#frame type { vsm | udp source-port port-number dest-port By default, it is VSM packet. port-number } 5 Raisecom(mefservice- Configure next hop IP address of Y.1564 test flowprofile)#nexthop ip-address ip- traffic only when the packet of Y.1564 test is UDP. address 6 Raisecom(mefservice- Configure the frame size of Y.1564 test traffic. flowprofile)#frame length single length By default, it is uniframe and it is 512 bytes. 7 Raisecom(mefservice-flowprofile)# Configure Y.1564 test traffic calibration. frame pattern prbs 8 Raisecom(mefservice- Configure the source IP address of Y.1564 test flowprofile)#source-ip ip-address traffic. 9 Raisecom(mefservice- Configure the source MAC address of Y.1564 flowprofile)#source-mac mac-address traffic. Raisecom Proprietary and Confidential 207 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Configuring Y.1564 test Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#service service-id Enter EVC configuration mode. 3 Raisecom(mefservice-evc)#rcsam flow- Configure association between service and profile flow-profile-id Y.1564 traffic profile. 4 Raisecom(mefservice-evc)#performance- Configure association between services and tier performance-tier-id threshold profile. 5 Raisecom(mefservice-evc)#rcsam duration Configure Y.1564 test period. { forever | period } By default, it is 15 minutes. 6 Raisecom(mefservice-evc)#rcsam Configure Y.1564 performance test bandwidth performance cir ratio ratio ratio. By default, it is 100%. 7 Raisecom(mefservice-evc)#rcsam Configure remote devices information of the { remote-mac mac-address | remote-mep Layer 2 Y.1564 test based on CFM or remote { all | mep-id } } devices MAC. Raisecom(mefservice-evc)#rcsam remote- Configure information, carried in emulated user ip ip-address packets, about the remote device for the Layer 3 Y.1564 test on Internet leased line services. 8 Raisecom(mefservice-evc)#rcsam start Start the Y.1564 test. { both | configuration | performance } The SLA test and Y.1564 test share threshold profile. During the test, it needs to bind respective threshold profile. 10.2.10 Configuring loopback Configure the loopback test as below. Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice)#service service-id Create the service, and enter EVC configuration mode. 3 Raisecom(mefservice-evc)#loopback type Configure the type of loopback packets. { vsm | udp source-port port-number dest-port port-number } By default, it is VSM. 4 Raisecom(mefservice-evc)#loopback enable Enable service loopback. Raisecom Proprietary and Confidential 208 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM The loopback and Y.1564 test needs to cooperate with each other. Enable loopback on the remote device, and then enable Y.1564 test on the local device for test. Be cautious about starting service loopback because it can have influence on normal services. After the loopback test is complete, the loopback disable command to disable loopback immediately. 10.2.11 Configuring services Step Configuration Description 1 Raisecom#config Enter RSOM configuration mode. Raisecom(config)#mefservice 2 Raisecom(mefservice-evc)#sdp Configure association between the service and interface-type interface-number SDP interface. [ interface-type backup-interface- number ] 3 Raisecom(mefservice-evc)#sap Configure association between service and SAP, interface-type interface-number and enter service UNI configuration mode, 4 Raisecom(mefservice-evcuni)#cevlan-map Configure the CE VLAN on the service UNI. vlan-list 5 Raisecom(mefservice-evcuni)#type Configure UNI interface type of the E-Tree { leaf | root } services only when the type of the Ethernet service is configured to E-Tree. 6 Raisecom(mefservice-evcuni)#bandwidth- Configure association between UNI of the service profile { ingress | egress } and bandwidth profile group. bandwidth-profile-id 7 Raisecom(mefservice-evcuni)#exit Exit UNI configuration mode. 8 Raisecom(mefservice)#service service- Enter service configuration mode. id 9 Raisecom(mefservice-evc)#id string Configure the service ID. By default, it is service-service-id. 10 Raisecom(mefservice-evc)#type { eline Configure the type of the Ethernet service. | elan | etree } By default, it is E-LAN. 11 Raisecom(mefservice-evc)#cevlan-cos Enable preservation of the CE VLAN and CoS preservation label of packets. By default, it is enabled. 12 Raisecom(mefservice-evc)#default-dscp Configure the default DSCP priority of non-IP dscp packets. By default, it is 0. 13 Raisecom(mefservice-evc)#encapsulate- Configure the mode for the service to process mode { forward | svlan } received packets. By default, the service adds a SVLAN Tag to received packets. Raisecom Proprietary and Confidential 209 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step Configuration Description 14 Raisecom(mefservice-evc)#primary-vid Configure the SVLAN for the service. vlan-id By default, it is VLAN 1. 15 Raisecom(mefservice-evc)#link-state- Enable link-state tracking for the service. tracking enable 16 Raisecom(mefservice-evc)#statistics Enable service statistics. enable 17 Raisecom(mefservice-evc)#no shutdown Enable the service. Test and measurement of the service mainly aim at test of the EVC on the network side. Services include EVC and corresponding UNI. To configure the EVC UNI, you need to configure the content as below: Enter interface configuration mode, and configure interface type of the physical layer according to the mef-type command. For example, configure the physical interface as the UNI or NNI. In the RSOM configuration mode, enter UNI interface configuration mode by using the interface command, and configure attributes of the UNI. Enter the EVC mode; associate the EVC and UNI by using the sap command. The SAP interface is the UNI of the service. 10.2.12 Checking configurations No. Configuration Description 1 Raisecom#show rsom l2cp-profile [ l2cp-profile-id Show configurations of the L2CP | default1 | default2 | default3 ] profile group. 2 Raisecom#show rsom cos-profile [ cos-profile-id ] Show configurations of the CoS profile group. 3 Raisecom#show rsom bandwidth-profile bandwidth- Show configurations of the profile-id bandwidth profile group. 4 Raisecom#show rsom uni interface [ interface-type Show the UNI interface. interface-number ] 5 Raisecom#show rsom statistics interface Show the UNI interface statistics. [ interface-type interface-number ] 6 Raisecom#show rsom service service-id performance Show statistics on the SLA test. { remote-ip ip-address | remote-mep mep-id } 7 Raisecom#show rsom service statistics [ service- Show service statistics. id ] 8 Raisecom#show rsom service [ service-id ] status Show the service status. Raisecom Proprietary and Confidential 210 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM 10.3 Maintenance Command Description Raisecom(mefservice-evc)#clear statics Clear EVC statistics. 10.4 Configuration examples 10.4.1 Example for configuring RSOM Networking requirements As shown in Figure 10-3, to fast activate point-to-point Ethernet leased line services, establish an EVC between iTN A and iTN B. Then, start the Y.1564 test to measure indexes, such as delay, jitter, and packet loss rate. The Ethernet lease line should meet the following requirements: Allow all VLANs to pass the EVC. Classify packets and limit their rate based on CoS in the EVC, with packet priorities 0–2 corresponding to local priority 1, packet priorities 3–5 corresponding to local priority 2, and packet priorities 6–7 corresponding to local priority 3. Apply the same rate limit on packets of different priorities in the EVC. Configure CIR to 10 Mbit/s, CBS to 100 Kbytes, CIR to 10 Mbit/s, and EBS to 100 Kbytes. Test the performance and configurations of the service by using a test flow of packets with a fixed length. Figure 10-3 RSOM networking Configuration steps Configuration of iTN A and those of iTN B are similar. The following steps take iTN A for example and will clarify their differences. Step 1 Create a CoS profile which classifies traffic based on PCP. Raisecom#config Raisecom(config)#mefservice Raisecom(mefservice)#cos-profile 1 Raisecom(mefservice-cosprofile)#coslable 1 Raisecom(mefservice-cosprofile)#type pcp 0-2 Raisecom(mefservice-cosprofile)#exit Raisecom Proprietary and Confidential 211 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Raisecom(mefservice)#cos-profile 2 Raisecom(mefservice-cosprofile)#coslable 2 Raisecom(mefservice-cosprofile)#type pcp 3-5 Raisecom(mefservice-cosprofile)#exit Raisecom(mefservice)#cos-profile 3 Raisecom(mefservice-cosprofile)#coslable 3 Raisecom(mefservice-cosprofile)#type pcp 6,7 Raisecom(mefservice-cosprofile)#exit Step 2 Enable global bandwidth. Raisecom(mefservice)#bandwidth enable Step 3 Create a bandwidth profile, and configure it to quote the CoS profile. Raisecom(mefservice)#bandwidth-profile 1 Raisecom(mefservice-bwpprofile)#bandwidth-item 1 Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100 Raisecom(mefservice-bwpitem)#cos-profile 1 Raisecom(mefservice-bwpitem)#exit Raisecom(mefservice-bwpprofile)#bandwidth-item 2 Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100 Raisecom(mefservice-bwpitem)#cos-profile 2 Raisecom(mefservice-bwpitem)#exit Raisecom(mefservice-bwpprofile)#bandwidth-item 3 Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100 Raisecom(mefservice-bwpitem)#cos-profile 3 Raisecom(mefservice-bwpitem)#exit Raisecom(mefservice-bwpprofile)#exit Step 4 Create a SLA threshold profile. Raisecom(mefservice)#performance-tier 5 Raisecom(mefservice-thresholdprofile)#cos-label 1 availability 100 Raisecom(mefservice-thresholdprofile)#cos-label 1 delay 500 Raisecom(mefservice-thresholdprofile)#cos-label 1 jitter 500 Raisecom(mefservice-thresholdprofile)#cos-label 1 loss-rate 100 Raisecom(mefservice-thresholdprofile)#cos-label 2 availability 100 Raisecom(mefservice-thresholdprofile)#cos-label 2 delay 500 Raisecom(mefservice-thresholdprofile)#cos-label 2 jitter 500 Raisecom(mefservice-thresholdprofile)#cos-label 2 loss-rate 100 Raisecom(mefservice-thresholdprofile)#cos-label 3 availability 100 Raisecom(mefservice-thresholdprofile)#cos-label 3 delay 500 Raisecom(mefservice-thresholdprofile)#cos-label 3 jitter 500 Raisecom(mefservice-thresholdprofile)#cos-label 3 loss-rate 100 Raisecom(mefservice-thresholdprofile)#exit Raisecom Proprietary and Confidential 212 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Step 5 Create a RCSAM profile. Raisecom(mefservice)#flow profile 2 Raisecom(mefservice-flowprofile)#frame type vsm Raisecom(mefservice-flowprofile)#frame length single 512 Raisecom(mefservice-flowprofile)#exit Raisecom(mefservice)#exit Step 6 Configure physical layer interface configuration mode. Enable interface CFM. Raisecom(config)#interface client 1 Raisecom(config-port)#mef-type uni Raisecom(config-port)#ethernet cfm enable Raisecom(mefservice-port)#uni-id itnauni1 Raisecom(config-port)#exit Raisecom(config)#interface line 1 Raisecom(config-port)#mef-type nni Raisecom(config-port)#ethernet cfm enable Raisecom(config-port)#exit Step 7 Configure SAP and SDP of EVC services. Configure SAP to quote the bandwidth profile. Configure the UNI ID to itnauni1 on iTN A. Configure the UNI ID to itnbuni1 on iTN B. Raisecom(config)#mefservice Raisecom(mefservice)#service 1 Raisecom(mefservice-evc)#sap client 1 Raisecom(mefservice-evcuni)#bandwidth-profile ingress 1 Raisecom(mefservice-evcuni)#bandwidth-profile egress 1 Raisecom(mefservice-evcuni)#exit Raisecom(mefservice-evc)#sdp line 1 Step 8 Create an EVC service. Configure the name of the remote UNI to 2 and MEP to 2 on iTN A. Configure the name of the remote UNI to 1 and MEP to 1 on iTN B. Raisecom(mefservice-evc)#type eline Raisecom(mefservice-evc)#encapsulate-mode forward Raisecom(mefservice-evc)#primary-vid 10 Raisecom(mefservice-evc)#far-end 2 remote-mep 2 Step 9 Configure OAM. Configure the local MEP to 1 on iTN A. Configure the local MEP to 2 on iTN B. Raisecom Proprietary and Confidential 213 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Raisecom(mefservice-evc)#cfm local-mep 1 Raisecom(mefservice-evc)#cc enable Step 10 Configure the EVC to quote the threshold profile. Raisecom(mefservice-evc)#performance-tier 5 Step 11 Configure the EVC to quote the RCSAM flow profile. Raisecom(mefservice-evc)#rcsam flow-profile 2 Step 12 Activate the EVC. Raisecom(mefservice-evc)#no shutdown Step 13 Configure the RCSAM remote MEP on iTN A. Raisecom(mefservice-evc)#rcsam remote-mep 2 Step 14 Enable loopback on iTN B. Raisecom(mefservice-evc)#loopback enable Step 15 Start the RCSAM test of the EVC. Raisecom(mefservice-evc)#rcsam start both Checking results Use the show rsom service command on iTN A to view EVC configurations. ServiceIndex: 1,State: no shutdown Identifier: service1 Type: eline,Statistics: enable Cevlan-Cos: Preserve,Default-dscp: 0 Encapsulte-Mode: forward,Primary-vid: 10 Raisecom Proprietary and Confidential 214 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Sdp 1: line 1 Sdp 2: -- Sap: client 1 Type: Root,Cevlan-map: 1-4094 Ingress-bwp-profile: 1,Egress-bwp-profile: 1 farend configuration information: far-end 2 remote-mep 2 cfm configuration information: md level: 5 cc interval: 3.3ms Sdp 1: line 1 Sdp 2: -- cfm local-mep: 1 cc enable sla configuration information: performance-tier: 5 description: Performancetier5 cos-label 1 delay 500 cos-label 1 jitter 500 cos-label 1 loss-rate 100 cos-label 1 availability 100 cos-label 2 delay 500 cos-label 2 jitter 500 cos-label 2 loss-rate 100 cos-label 2 availability 100 cos-label 3 delay 500 cos-label 3 jitter 500 cos-label 3 loss-rate 100 cos-label 3 availability 100 sla remote-ip 172.16.70.32 sla start Transmit Interval(msec): 1000 schedule Period(sec): 300 Schedule Life(sec): Forever Y.1564 configuration information: flow profile: 2 description: RcSamFlow2 frame type: vsm source-port: -- dest-port: -- frame length type: single frame size: 512 frame pattern: null source-mac: -- source-ip: -- nexthop ip-address: -- rcsam duration: 15 rcsam performance cir ratio: 100 loopback configuration information: loopback type: vsm source-port: -- dest-port: -- loopback disable Use the show rsom service rcsam result command on iTN A to view results of the test. Raisecom(mefservice-evc)#show rsom service 1 rcsam result Rcsam configuration test detail result: Service Index: 1 Cos-label: 1 Raisecom Proprietary and Confidential 215 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Far-end type: remote-mep Far-end value: 2 Test result: PASS Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)) Test-step Throughput(Kbps) FD(us) FDV(us) FLR(0.001%) result --------------------------------------------------------------------- 1 0 12 0 0 PASS 2 0 0 0 0 PASS 3 64 12 0 0 PASS 4 64 12 0 0 PASS 5 192 12 0 0 PASS 6 192 12 0 0 PASS Rcsam performance test total result: Service Index: 1 Cos-label: 1 test status: IDLE AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ---------------------------------------------- IR(Kbps) 64 64 64 FD(us) 12 12 13 FDV(us) 0 0 1 FLR(%%) 0 0 0 FDR -- 1 -- BER -- 0 -- Rcsam performance test last result: Service Index: 1 Cos-label: 1 Last Index: 1 test status: IDLE test start time: 2016-08-10,23:24:20.0 AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ------------------------------------------------- IR(Kbps) -- 64 -- FD(us) 12 12 13 FDV(us) 0 0 1 FLR(%%) -- 0 -- BER -- 0 -- Rcsam configuration test detail result: Service Index: 1 Cos-label: 2 Far-end type: remote-mep Far-end value: 2 Test result: PASS Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)) Raisecom Proprietary and Confidential 216 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM Test-step Throughput(Kbps) FD(us) FDV(us) FLR(0.001%) result -------------------------------------------------------------------- 1 0 12 0 0 PASS 2 0 0 0 0 PASS 3 64 12 0 0 PASS 4 64 12 0 0 PASS 5 192 12 0 0 PASS 6 192 12 0 0 PASS Rcsam performance test total result: Service Index: 1 Cos-label: 2 test status: IDLE AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ------------------------------------------------- IR(Kbps) 64 64 64 FD(us) 12 12 13 FDV(us) 0 0 1 FLR(%%) 0 0 0 FDR -- 1 -- BER -- 0 -- Rcsam performance test last result: Service Index: 1 Cos-label: 2 Last Index: 1 test status: IDLE test start time: 2016-08-10,23:24:20.0 AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ------------------------------------------------ IR(Kbps) -- 64 -- FD(us) 12 12 13 FDV(us) 0 0 1 FLR(%%) -- 0 -- BER -- 0 -- Rcsam configuration test detail result: Service Index: 1 Cos-label: 3 Far-end type: remote-mep Far-end value: 2 Test result: PASS Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)) Test-step Throughput(Kbps) FD(us) FDV(us) FLR(0.001%) result -------------------------------------------------------------------- 1 0 12 0 0 PASS 2 0 0 0 0 PASS 3 64 12 0 0 PASS Raisecom Proprietary and Confidential 217 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 10 RSOM 4 64 12 0 0 PASS 5 192 12 0 0 PASS 6 192 12 0 0 PASS Rcsam performance test total result: Service Index: 1 Cos-label: 3 test status: IDLE AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ------------------------------------------------- IR(Kbps) 64 64 64 FD(us) 12 12 12 FDV(us) 0 0 0 FLR(%%) 0 0 0 FDR -- 0 -- BER -- 0 -- Rcsam performance test last result: Service Index: 1 Cos-label: 3 Last Index: 1 test status: IDLE test start time: 2016-08-10,23:24:20.0 AVAIL(%): 0 Flow profile ID: 2 SAC: FD(500us), FDV(500us), FLR(100(0.001%)), AVAIL(100(0.001%)) Parameter min mean max ------------------------------------------------- IR(Kbps) -- 64 -- FD(us) 12 12 12 FDV(us) 0 0 0 FLR(%%) -- 0 -- BER -- 0 -- Raisecom Proprietary and Confidential 218 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security 11 Security This chapter describes principles and configuration procedures of security, and provides related configuration examples, including the following sections: Introduction Configuring CPU protection Configuring RADIUS Configuring TACACS+ Maintenance Configuration examples 11.1 Introduction With continuous development of Internet technology, network is increasingly applied. More and more enterprises make development with network. How to ensure the data and resource security becomes a significant problem. In addition, the device performance is reduced or the device operates improperly in case users access the network in an unconscious but aggressive way. Security technologies, such as Access Control List (ACL) and user authentication, can improve network and device security effectively. 11.1.1 ACL To control influence of illegal packets on the network, you need to configure a series of rules on network devices to decide which packets can be transmitted. There rules are defined through ACL. ACL is a series of sequential rules composed by permit | deny sentences. These rules describe packets based on based on source MAC addresses, destination MAC addresses, source IP addresses, destination IP addresses, and interface IDs. The device decides packets to be received or refused based on these rules. 11.1.2 CPU protection Because the network environment of the RAX711-C is complex, the RAX711-C may be attacked by multiple packets, such as ARP packets, BPDU packets, and ICMP packets. If the Raisecom Proprietary and Confidential 219 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security RAX711-C receives a great number of attack packets in a short period, the CPU may work with full load. Therefore, the RAX711-C cannot process normal services in time, degrading device performance. To effectively use resources and prevent packet attacks, the RAX711-C needs to protect the CPU. In a certain interval, when the number of some packet received by an interface exceeds the configured CIR, the RAX711-C (or interface) will calculate the number of allowable data to pass according to preconfigured CIR and CBS, discard excess data, and send a Trap on the attacking by this type of packets. 11.1.3 RADIUS Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for remote users. RADIUS uses the User Datagram Protocol (UDP) as the transport protocol (port 1812 is for authentication. Port 1813 is for accounting) and has good instantaneity. In addition, RADIUS supports re-transmission mechanism and backup server mechanism. Therefore, it provides good reliability. RADIUS works in client/server mode. Network devices are clients of the RADIUS server. RADIUS server is responsible for receiving users' connection requests, authenticating uses, and replying configurations required by all clients to provide services for users. This mode can control users accessing devices and network to improve network security. Clients and the RADIUS server communicate with each other through the shared key. The shared key is not transmitted through the network. In addition, any user password needs to be encapsulated when it is transmitted through clients and RADIUS. This helps prevent getting the user password by sniffing unsecure network. RADIUS accounting is designed for RADIUS authenticated users. When a user logs in to the device, the device sends an Account-Start packet to the RADIUS accounting server to begin accounting. During login, the device sends Account-Update packets to the RADIUS accounting server. When the user exits from the device, no accounting packet is sent to the RADIUS accounting server. These packets contain the login time. With these packets, the RADIUS accounting server can record the access time and operation of each user. 11.1.4 TACACS+ Terminal Access Controller Access Control System (TACACS+) is a network access authentication protocol, similar to RADIUS. Compared with RADIUS, TACACS+ has the following features: Use TCP port 49, providing the higher transmission reliability. RADIUS uses the UDP port. Encapsulate the whole standard TACACS+ packet but for the TACACS+ header, providing the higher security. RADIUS encapsulates the user password only. Separate TACACS+ authentication from TACACS+ authorization and TACACS+ accounting, providing a more flexible deployment mode. Therefore, compared with RADIUS, TACACS+ is more secure and reliable. However, as an open protocol, RADIUS is more widely-used. Raisecom Proprietary and Confidential 220 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security 11.2 Configuring ACL 11.2.1 Preparing for configurations Scenario To filter packets, you should configure ACL on a network device to identify objects to be filtered. Then, the network device can allow or disallow packets of specified types to pass according to preconfigured rules. Prerequisite N/A 11.2.2 Configuring ACL Select steps 3–8 as required. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#access-list acl-number [ name Create an ACL and enter ACL acl-name ] configuration mode. The value of acl-number parameter defines the type of ACL configuration mode. Values 1000–0999: basic IP ACL Values 2000–2999: extended IP ACL Values 3000–3999: MAC ACL Values 4000–4999: MPLS ACL Values 5000–5999: user ACL Values 6000–6999: basic IPv6 ACL Vaules 7000–7999: advanced ACL 3 Raisecom(config-acl-ip-std)#rule [ rule-id ] (Optional) configure the basic IP ACL { deny | permit } { source-ip-address source- rule. ip-mask | any } 4 Raisecom(config-acl-ip-ext)#rule [ rule-id ] (Optional) configure the extended IP { deny | permit } { protocol-id | icmp | igmp | ACL rule. ip } { source-ip-address source-ip-mask | any } { destination-ip-address destination-ip-mask | any } [ dscp dscp-value | precedence precedence-value | tos tos-value ] [ ttl ttl- value ] [ fragment ] Raisecom Proprietary and Confidential 221 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Step Command Description Raisecom(config-acl-ip-ext)#rule [ rule-id ] { deny | permit } { tcp | udp } { source-ip- address source-ip-mask | any } [ source-port | range mini-port max-port ]{ destination-ip- address destination-ip-mask | any } [ destination-port | range mini-port max-port ] [ dscp dscp-value | precedence precedence-value | tos tos-value ] [ ttl ttl-value ] [ fragment ] 5 Raisecom(config-acl-mac)#rule [ rule-id ] (Optional) configure the MAC ACL { deny | permit } { source-mac-address source- rule. mac-mask | any } { destination-mac-address destination-mac-mask | any } [ ethertype { ethertype [ ethertype-mask ] | ip | arp } ] [ svlan svlan-id ] [ cvlan cvlan-id ] [cos cos ] [ inner-cos inner-cos ] 6 Raisecom(config-acl-udf)#rule [ rule-id ] (Optional) configure the user ACL { deny | permit } { layer2 | ipv4 } rule-string rule. rule-mask offset-value 7 Raisecom(config-acl-ipv6)#rule [ rule-id ] (Optional) configure basic IPv6 ACL { deny | permit } { protocol-id | ipv6 } rules. { source-ipv6-address/M | any } { destination- ipv6-address/M | any } [ traffic-class class- value ] [ flow-label label-value ] [ fragment ] Raisecom(config-acl-ipv6)#rule [ rule-id ] { deny | permit } icmpv6 { source-ipv6- address/M | any } { destination-ipv6-address/M | any } [ icmpv6-type icmpv6-type [ icmpv6- code ] ] [ traffic-class class-value ] [ flow- label label-value ] [ fragment ] Raisecom(config-acl-ipv6)#rule [ rule-id ] { deny | permit } tcp { source-ipv6-address/M | any } [ source-port ] { destination-ip- address/M | any } [ destination-port ] [ ack ack-value ] [ fin fin-value ] [ psh psh-value ] [ rst rst-value ] [ syn syn-value ] [ urg urg- value ] [ traffic-class class-value ] [ flow- label label-value ] [ fragment ] Raisecom(config-acl-ipv6)#rule [ rule-id ] { deny | permit } udp { source-ipv6-address/M | any } [ source-port ] { destination-ip- address/M | any } [ destination-port ] [ traffic-class class-value ] [ flow-label label-value ] [ fragment ] Raisecom Proprietary and Confidential 222 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Step Command Description 8 Raisecom(config-acl-advanced)#rule [ rule-id ] (Optional) configure advanced ACL { deny | permit } { source-mac-address source- rules. mac-mask | any } { destination-mac-address destination-mac-mask | any } [ svlan svlanid ] [ cvlan cvlanid ] [cos cos ] [ inner-cos inner- cos ] { source-ip-address source-ip-mask | any } { destination-ip-address destination-ip- mask | any } [ dscp dscp-value | precedence precedence-value | tos tos-value ] [ ttl ttl- value ] [ fragment ] 11.2.3 Configuring filter Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 3 Raisecom(config-port)#filter { ingress | Apply the ACL rule to the interface. egress } access-list { acl-number | name acl- name } [ statistics ] 11.2.4 Checking configurations No. Command Description 1 Raisecom#show access-list [ acl-number | name acl- Show ACL information. name ] 2 Raisecom#show filter interface Show filter information. Raisecom#show filter interface interface-type interface-number [ ingress | egress ] 11.3 Configuring CPU protection 11.3.1 Preparing for configurations Scenario When the RAX711-C receives a great number of attack packets in a short period, the CPU will run with full load and its utilization rate will reach to 100%, which may cause the breakdown of the device. CPU CAR helps efficiently limit the rate of packets entering the CPU. Raisecom Proprietary and Confidential 223 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Prerequisite N/A 11.3.2 Configuring global CPU protection Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#cpu-protect car Configure the protocol type, rate limiting mode, { arp | dhcp | global | icmp | igmp | CIR, and CBS of global CPU packet protection. tcp } kbps cir cir cbs cbs By default, the CIR and CBS are respectively configured to 500 pps and 500 pkt globally. 11.3.3 Configuring interface CPU preotection Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#cpu- Configure the CIR and CBS of physical interface CPU protect car { arp | dhcp | icmp packet protection. | igmp | tcp } { kbps | pps } cir cir cbs cbs By default, default configurations of CPU CAR are adopted. 11.3.4 Checking configurations No. Command Description 1 Raisecom#show cpu-protect statistics Show configurations of global CPU protection. 2 Raisecom#show cpu-protect car statistics Show CPU CAR statistics on the interface. [ interface-type interface-number ] 11.4 Configuring RADIUS 11.4.1 Preparing for configurations Scenario To control users to access devices and network, you can deploy the RADIUS server at the network to authenticate and account users. The RAX711-C can be used as a Proxy of the RADIUS server to authenticate users based on results returned by the RADIUS server. Raisecom Proprietary and Confidential 224 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Prerequisite N/A 11.4.2 Configuring RADIUS authentication Step Command Description 1 Raisecom#radius [ backup ] ip-address Specify the IP address and port ID of the RADIUS [ auth-port port-id ] authentication server. The backup parameter is used to specify a backup RADIUS authentication server. 2 Raisecom#user login { local-user | Configure the authentication mode for login when radius-user | local-radius | radius- RADIUS authentication is applied. local [ server-no-response ] } 11.4.3 Configuring RADIUS accounting Step Command Description 1 Raisecom#aaa accounting Enable RADIUS accounting. login enable By default, RADIUS accounting is disabled. 2 Raisecom#radius Specify the IP address and port ID of the RADIUS accounting server. [ backup ] accounting- By default, the UDP port ID is configured to 1813. server ip-address [ auth-port port-id ] The backup parameter is used to specify a backup RADIUS accounting server. 3 Raisecom#radius Configure the shared key used for communicating with the RADIUS [ backup ] accounting- accounting server. The shared key must be identical to the one server key string configured on the RADIUS accounting server. Otherwise, accounting operation fails. By default, the shared key is empty. 4 Raisecom#aaa accounting Configure the processing policy for accounting failure. fail { online | offline} By default, the processing policy is configured to online. In indicates that users are allowed to log in if accounting operation fails. 5 Raisecom#aaa accounting Configure the interval for sending accounting update packets. If the update period interval is configured to 0, it indicates that no accounting update packet is sent. By default, the interval for sending accounting update packets is configured to 0. With the Account-Start packet, Account-Update packet, and Account-Stop packet, the RADIUS server can record the access time and operations of each user. Raisecom Proprietary and Confidential 225 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security 11.4.4 Checking configurations No. Command Description 1 Raisecom#show radius-server Show configurations of the RADIUS server. 11.5 Configuring TACACS+ 11.5.1 Preparing for configurations Scenario To control users accessing devices and network, you can deploy the RADIUS server in the network to authenticate and account users. Compared with RADIUS, TACACS+ is more secure and reliable. The RAX711-C can be used as a Proxy of the TACACS+ server to authenticate users based on results returned by the TACACS+ server. Prerequisite N/A 11.5.2 Configuring TACACS+ authentication Step Command Description 1 Raisecom#tacacs-server [ backup ] Specify the IP address and port ID of the TACACS+ ip-address [ auth-port port-id ] authentication server. The backup parameter is used to specify a backup TACACS+ authentication server. 2 Raisecom#tacacs-server key string Configure the shared key for TACACS+ authentication. 3 Raisecom#tacacs [ backup ] Specify the IP address and port ID of the TACACS+ accounting-server ip-address accounting server. [ auth-port port-id ] The backup parameter is used to specify a backup TACACS+ accounting server. 4 Raisecom#user login { local-user Configure the authentication mode for login when | tacacs-user | local-tacacs | TACACS+ authentication is applied. tacacs-local [ server-no- response ] } 11.5.3 Checking configurations No. Command Description 1 Raisecom#show tacacs-server Show TACACS+ server configurations. Raisecom Proprietary and Confidential 226 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security 11.6 Maintenance Command Description Raisecom(config)#clear filter statistics interface-type interface- Clear statistics on the number { ingress | egress } [ access-list acl-number ] filter. 11.7 Configuration examples 11.7.1 Examples for configuring ACL Networking requirements As shown in Figure 11-1, to control users accessing the server, you can deploy ACL on RAX711-C A to disallow 192.168.1.1 to access the server with the IP address of 192.168.1.100. Figure 11-1 Configuring ACL Configuration steps Step 1 Configure IP ACL. Raisecom#config Raisecom(config)#access-list 2001 Raisecom(config-acl-ip-ext)#rule 1 deny ip 192.168.1.1 255.255.255.0 192.168.1.100 255.255.255.0 Step 2 Apply ACL to Client interface 2 on RAX711-C A. Raisecom(config)#interface client 2 Raisecom(config-port)#filter ingress access-list 2001 Raisecom Proprietary and Confidential 227 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Checking results Use the show access-list command to show ACL configurations. Raisecom#show access-list 2001 advanced-ipv4 ACL 2001, 1 rules ACL's step is 10 rule 1 deny ip 192.168.1.1 255.255.255.0 192.168.1.100 255.255.255.0 Use the show filter command to show filter configurations. Raisecom#show filter interface client 2 Interface Direction Acl-Num ----------------------------------------- client2 ingress 2001 11.7.2 Example for configuring RADIUS Networking requirements As shown in Figure 11-2, to control users accessing RAX711-C A, you need to deploy RADIUS authentication and accounting on RAX711-C A to authenticate users logging in to RAX711-C A and record their operations. Configure the interval for sending Account-Update packet to 2min. Configure the processing policy for accounting failure to offline. Figure 11-2 Configuring RADIUS Configuration steps Step 1 Authenticate login users through RADIUS. Raisecom#radius 192.168.1.1 Raisecom#radius-key raisecom Raisecom#user login radius-user Step 2 Account login users through RADIUS. Raisecom Proprietary and Confidential 228 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Raisecom#aaa accounting login enable Raisecom#radiusaccounting-server 192.168.1.1 Raisecom#radius accounting-server key raisecom Raisecom#aaa accounting fail offline Raisecom#aaa accounting update 120 Checking results Use the show radius-server command to show RADIUS configurations. Raisecom#show radius-server Authentication server IP: 192.168.1.1 port:1812 Backup authentication server IP:0.0.0.0 port:1812 Authentication server key: raisecom Accounting server IP: 192.168.1.1 port:1813 Backup accounting server IP: 0.0.0.0 port:1813 Accounting server key: raisecom Accounting login: enable Update interval(min.): 120 Accounting fail policy: offline 11.7.3 Example for configuring TACACS+ Networking requirements As shown in Figure 11-3, to control users accessing RAX711-C A, you need to deploy TACACS+ authentication on RAX711-C A to authenticate users logging in to RAX711-C A. Figure 11-3 TACACS+ networking Configuration steps Authenticate login users through TACACS+. Raisecom#tacacs-server 192.168.1.1 Raisecom#tacacs-serverkey raisecom Raisecom#user login tacacs-user Raisecom Proprietary and Confidential 229 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 11 Security Checking results Use the show tacacs-server command to show TACACS+ configurations. Raisecom#show tacacs-server Server Address: 192.168.1.1 Backup Server Address: -- Sever Shared Key: raisecom Accounting server Address: -- Backup Accounting server Address: -- Total Packet Sent: 0 Total Packet Recv: 0 Num of Error Packets: 0 Raisecom Proprietary and Confidential 230 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12 System management and maintenance This chapter describes principles and configuration procedures of system management and maintenance, and provides related configuration examples, including following sections: Introduction Configuring LLDP Configuring SNMP Configuring optical module DDM Configuring system log Configuring alarm management Configuring memory monitoring Configuring CPU monitoring Configuring RMON Configuring fan monitoring Configuring loopback Configuring fault detection Maintenance Configuration examples 12.1 Introduction 12.1.1 LLDP With the enlargement of network scale and increase of network devices, the network topology becomes more and more complex and network management becomes very important. A lot of network management software adopts auto-detection function to trace changes of network topology, but most of the software can only analyze the Layer 3 network and cannot make sure the interfaces connect to other devices. Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network management system can fast grip the Layer 2 network topology and changes. Raisecom Proprietary and Confidential 231 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance LLDP organizes the local device information in different Type Length Value (TLV) and encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straight- connected neighbour. It also saves the information from neighbour as standard Management Information Base (MIB) for network management system querying and judging link communication. LLDP packet The LLDP packet is an Ethernet packet encapsulated with LLDPDU in data unit and transmitted by multicast. LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in Ethernet data for transmission. As shown in Figure 12-1, LLDPDU is made by several TLV, including 4 mandatory TLV and several optional TLV. Figure 12-1 Structure of LLDPDU packet As shown in Figure 12-2, each TLV denotes a piece of information on the local device, such as the device ID, interface ID, related Chassis ID TLV, Port ID TLV, and fixed TLV. Figure 12-2 Structure of a TLV packet Table 12-1 lists TLV types. Table 12-1 TLV types TLV type Description Optional/Required 0 End Of LLDPDU Required 1 Chassis ID Required 2 Port ID Required 3 Time To Live Required 4 Port Description Optional 5 System Name Optional 6 System Description Optional 7 System Capabilities Optional Raisecom Proprietary and Confidential 232 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance TLV type Description Optional/Required 8 Management Address Optional Principles of LLDP LLDP is a kind of point-to-point one-way issuance protocol, which notifies local device link status to the peer device by sending LLDPDU (or sending LLDPDU when link status changes) periodically from the local device to peer device. The procedure of packet exchange: When local device transmits packet, it gets system information required by TLV from NView NNM (Network Node Management) and gets configuration information from LLDP MIB to generate TLV and form LLDPDU to transmit to peer. The peer receives LLDPDU and analyzes TLV information. If there is any change, the information will be updated in neighbor MIB table of LLDP and notifies NView NNM system. When the device status is changed, the RAX711-C sends a LLDP packet to the peer. To avoid sending LLDP packet continuously because of device status changes frequently, you can configure a delay timer for sending the LLDP packet. The aging time of Time To Live (TTL) of local device information in the neighbour node can be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535, (interval × hold-multiplier)}: Interval indicates the time period to send LLDP packets from neighbor node. Hold-multiplier refers to the aging coefficient of device information in neighbor node. 12.1.2 SNMP Simple Network Management Protocol (SNMP) is designed by the Internet Engineering Task Force (IETF) to resolve problems in managing network devices connected to the Internet. Through SNMP, a network management system can manage all network devices that support SNMP, including monitoring network status, modifying configurations of a network device, and receiving network alarms. SNMP is the most widely used network management protocol in TCP/IP networks. Working mechanism SNMP is separated into two parts: Agent and NMS. In the SNMP network, the Agent is a managed device while the NMS is a manager. The Agent and NMS communicate through SNMP packets transmitted through UDP. The RAX711-C and Raisecom NView NNM system communicate with each other through SNMP. Raisecom NView NNM system can provide friendly Human Machine Interface (HMI) to facilitate network management. The below functions can be realized through it: Send request packets to the RAX711-C. Receive reply packets and Trap packets from the RAX711-C, and show result. Raisecom Proprietary and Confidential 233 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Agent is a program stays on the RAX711-C, providing the below functions: Receive/Reply request packets from the NView NNM system. Read/Write packets and generate response packets according to the packets type, then return the result to the NView NNM system. Define trigger condition according to protocol modules, enter/exit system, or reboot the RAX711-C when conditions are satisfied; reply module sends Trap packets to NView NNM system via agent to report current status of device. Agent can be configured with several versions. Agent use different versions to communicate with different NView NNM systems. However, SNMP version of the NView NNM system must be consistent with the one on Agent when they are communicating. Otherwise, they cannot communicate properly. SNMP versions Till now, SNMP has three versions: v1, v2c, and v3, described as below. SNMPv1 uses community name authentication mechanism. The community name, a string defined by an agent, acts like a secret. The network management system can visit the agent only by specifying its community name correctly. If the community name carried in a SNMP message is not accepted by the RAX711-C, the message will be dropped. Compatible with SNMPv1, SNMPv2c also uses community name authentication mechanism. SNMPV2c supports more operation types, data types, and error codes, and thus better identifying errors. SNMPv3 uses User-based Security Model (USM) authentication mechanism. You can configure whether USM authentication is enabled and whether encryption is enabled to provide higher security. USM authentication mechanism allows authenticated senders and prevents unauthenticated senders. Encryption is to encrypt messages transmitted between the network management system and agents, thus preventing interception. The RAX711-C supports v1, v2c, and v3 of SNMP. MIB Management Information Base (MIB) is the collection of all objects managed by NMS. It defines attributes for the managed objects: Name Access authority Data type The device-related statistic contents can be reached by accessing data items. Each proxy has its own MIB. MIB can be taken as an interface between NMS and Agent, through which NMS can read/write every managed object in Agent to manage and monitor the device. MIB store information in a tree structure, its root is on the top, without name. Nodes of the tree are the managed objects, which take a uniquely path starting from root (OID) for identification. SNMP packets can access network devices by checking the nodes in MIB tree directory. The RAX711-C supports standard MIB and Raisecom customized MIB. Raisecom Proprietary and Confidential 234 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.1.3 E1 NMS channel The E1 NMS channel transmits NMS information through the Sa4 bit and Sa5 bit of TS0 or an independent timeslot in E1 frames, so it is called Sa bit NMS or independent timeslot NMS. The CO device manages remote devices through the E1 NMS channel. 12.1.4 Optical module DDM Small Form-factor Pluggables (SFP) is an optical module in optical module transceivers. The SFP Digital Diagnostic Monitoring (DDM) provides a method for monitoring performance. By analyzing monitored data provided by the SFP module, the administrator can predict the lifetime of the SFP module, isolate system faults, as well as verify the compatibility of the SFP module. The SFP module offers 5 performance parameters: Temperature for the transceiver Internal Power Feeding Voltage (PFV) Tx bias current Tx optical power Rx optical power 12.1.5 System log The system log means that the device records system information and debugging information in a log and sends the log to the specified destination. When the device fails to work, you can check and locate the fault easily. The module can classify and manage all system logs and then send them to different destination ends to provide powerful support for the administrator and developer for diagnosing network faults. The system information and some scheduling output will be sent to the system log to deal with. According to the configuration, the system will send the log to various destinations. The destinations that receive the system log are divided into: Console: send the log message to the local console through Console interface. Host: send the log message to the host. Monitor: send the log message to the monitor. Flash: send the log file to the Flash of the device. Generally, the system log is in a format of timestamp module-level- Message content. An instance of the system log is as below: FEB-22-2005 14:27:33 CONFIG-7-CONFIG:USER "raisecom" Run "logging on" FEB-22-2005 06:46:20 CONFIG-6-LINK_D:port 2 Link Down FEB-22-2005 06:45:56 CONFIG-6-LINK_U:port 2 Link UP Raisecom Proprietary and Confidential 235 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.1.6 Alarm management An alarm refers to information generated by the system based on module failures when a fault is generated on the RAX711-C or some working condition changes. The alarm is used to report some urgent and important events and notify them to the network administrator promptly, which provides strong support for monitoring device operation and diagnosing faults. The alarm is stored in the alarm buffer. Meanwhile, the alarm is generated to log information. If the NView NNM system is configured, the alarm will be sent to it through SNMP. The information sent to the NView NNM system is called Trap. Classification of alarms There are 3 kinds of alarms according to properties of an alarm: Fault alarm: alarms generated because of hardware failure or anomaly of important functions, such as port Down alarm Recovery alarm: alarms generated when device failure or abnormal function returns to normal, such as port Up alarm; Event alarm: prompted alarms or alarms that are generated because the fault alarm and recovery alarm cannot be related, such as alarms generated because of failing to Ping. Alarms are divided into 5 types according to functions: Communication alarm: alarms related to the processing of information transmission, including alarms generated because of communication failure between Network Elements (NEs), NEs and NMS, or NMS and NMS Service quality alarm: alarms caused by service quality degradation, including congestion, performance decline, high resource utilization rate, and the bandwidth reducing Processing error alarm: alarms caused by software or processing errors, including software errors, memory overflow, version mismatching, and abnormal program aborts Environmental alarm: alarms caused by equipment location-related problems, including the temperature, humidity, ventilation. and other abnormal working conditions Device alarm: alarms caused by failure of physical resources, including the power supply, fan, processor, clock, input/output interface, and other hardware. Alarm output There are 3 alarm output modes: Alarm buffer: alarms are recorded in tabular form, including the current alarm table and history alarm table. − Current alarm table: records alarms which are not cleared, acknowledged or restored. − History alarm table: consists of acknowledged and restored alarms, recording the cleared, auto-restored, or manually acknowledged alarms. Log: alarms are generated to system log when recorded in the alarm buffer, and stored in the alarm log buffer. Trap: alarms sent to the NView NNM system when the NView NNM system is configured Raisecom Proprietary and Confidential 236 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Alarms will be broadcasted according to various terminals configured on the RAX711-C, including CLI terminal and NView NNM system. Log output of alarms starts with the symbol "#", and the output format is: #Index TimeStamp HostName ModuleName/Severity/name:Arise From Description Table 12-2 describes alarm fields. Table 12-2 Alarm fields Field Description Index Alarm index TimeStamp Time when an alarm is generated ModuleName Name of a module that generates an alarm Severity Alarm level Name Alarm name Arise From Description Descriptions about an alarm Alarm levels The alarm level is used to identify the severity degree of an alarm. The level is defined in Table 12-3. Table 12-3 Alarm levels Level Description Syslog Critical (3) This alarm has affected system services and requires 1 (Alert) immediate troubleshooting. Restore the device or source immediately if they are completely unavailable, even it is not during working time. Major (4) This alarm has affected the service quality and requires 2 (Critical) immediate troubleshooting. Restore the device or source service quality if they decline; or take measures immediately during working hours to restore all performances. Minor (5) This alarm has not influenced the existing service yet, 3 (Error) which needs further observation and take measures at appropriate time so as to avoid more serious fault. Warning (6) This alarm will not affect the current service, but 4 maybe the potential error will affect the service, so it (Warning) can be considered as needing to take measures. Raisecom Proprietary and Confidential 237 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Level Description Syslog Indeterminate (2) Uncertain alarm level, usually the event alarm. 5 (Notice) Cleared (1) This alarm shows to clear one or more reported alarms. 5 (Notice) Related concepts Related concepts about alarm management are displayed as below: Alarm inhibition The RAX711-C only records root-cause alarms but incidental alarms when enabling alarm inhibition. For example, the generation of alarm A will inevitably produce alarm B, then alarm B is inhibited and does not appear in the alarm buffer or record the log information when enabling alarm inhibition. By enabling alarm inhibition, the RAX711-C can effectively reduce the number of alarms. The root-cause alarm and all other incidental alarms will be recorded on the RAX711-C when alarm inhibition is disabled. Alarm auto-report Auto-report refers that an alarm will be reported to the NView NNM system automatically with its generation and the NView NNM system does not need to query or synchronize alarms actively. You can configure auto-report to some alarm, some alarm source, or the specified alarm from specified alarm source. The alarm source refers to an entity that generates related alarms, such as interfaces, devices, or cards. Alarm monitoring Alarm monitoring is used to process alarms generated by modules: − When alarm monitoring is enabled, the alarm module will receive alarms generated by modules, and process them according to configurations of the alarm module, such as recording alarm in the alarm buffer and recording system logs. − When alarm monitoring is disabled, the alarm module will discard alarms generated by modules without follow-up treatment. In addition, alarms will not be recorded on the RAX711-C. You can perform alarm monitoring on some alarm, alarm source, or specified alarm from specified alarm source. Alarm reverse mode In real operating environment, there are some reasonable but meaningless alarms. You can use some mode to hidden these alarms without affecting the system to monitor them. This alarm processing mode is alarm reverse. Raisecom Proprietary and Confidential 238 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Alarm reverse refers to the device will report the information opposite to actual status when recording alarm information, or report the alarm when there is no alarm information. Not report if there is alarm information. Currently, the device is only in support of reverse mode configuration of the interface. There are three reverse modes to be configured; the specific definitions are as below: − Non-reverse mode Device alarm is reported normally. − Manual reverse mode Configure the alarm reverse mode of an interface as manual reverse mode, then no matter what the current alarm state is, the reported alarm state of the interface will be changed opposite to the actual alarm state immediately, that is to say, not report when there are alarms, report when there are not alarms actually. The interface will maintain the opposite alarm state regardless of the alarm state changes before the alarm reverse state being restored to non- reverse mode. − Auto-reverse mode Configure the alarm reverse mode as auto-reverse mode. If the interface has not actual reverse alarm currently, the configuration will return fail; if the interface has actual reverse alarm, the configuration is success and enter reverse mode, i.e. the interface reported alarm status is changed opposite to the actual alarm status immediately. After the alarm is finished, the enabling state of interface alarm reverse will ends automatically and changes to non-reverse alarm mode so that the alarm state can be reported normally in next alarm. Alarm delay Alarm delay refers that the RAX711-C will record alarms and report them to the NView NNM system after a delay but not immediately when alarms generate. Delay for recording and reporting alarms are identical. By default, an alarm is reported after 0s it is generated and an alarm is cleared after 0s it is finished. Alarm storage mode Alarm storage mode refers to how to record new generated alarms when the alarm buffer is full. There are two ways: − stop: stop mode, when the alarm buffer is full, new generated alarms will be discarded without recording. − loop: loop mode, when the alarm buffer is full, the new generated alarms will replace old alarm information and take rolling records. The current alarm list can record up to 1000 alarms and the historical alarm table can record up to 500 alarms. Use the configured storage mode to deal with newly-generated alarms when the alarm table is full. Clearing alarms Clear the current alarm, which means deleting current alarms from the current alarm table. The cleared alarms will be saved to the historical alarm table and an all-alarm alarm is generated. Viewing alarms Raisecom Proprietary and Confidential 239 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance The administrator can view alarms and monitor alarms directly on the RAX711-C. If the RAX711-C is configured with the NView NNM system, the administrator can monitor alarms on the NView NNM system. Hardware monitoring alarms Hardware monitoring is used to monitor the operating environment of the RAX711-C. The alarms to be monitored include: Power supply dying-gasp alarm The RAX711-C supports dual power supplies. The power supply dying-gasp alarm is divided into single power supply dying-gasp alarm and dual power supply dying-gasp alarm. − Single power supply dying-gasp alarm: inform users that power supply 1/power supply 2 is powered off. saving to the temperature beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. − Device dying-gasp: 2 power supplies are powered off. Support outputting to system log only. Temperature beyond threshold alarm The device supports temperature beyond threshold alarm event, when the current temperature is lower than low temperature threshold, the low temperature alarm event will generate. The RAX711-C supports saving to the temperature beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. When the device current temperature is higher than high temperature threshold, the high temperature alarm event will generate. The RAX711-C supports saving to the device hardware environment monitoring alarm table, sending Trap to the NView NNM system, and outputting to the system log. Voltage beyond threshold alarm The device supports voltage beyond threshold alarm event, when the current voltage is lower than low voltage threshold, the low voltage alarm event will generate. The RAX711-C supports saving to the voltage beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. When current voltage value of the monitored voltage is greater than the threshold, a high voltage alarm is generated. The RAX711-C supports saving to the voltage beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. The RAX711-C monitors 3.3 V master chip voltage only. Interface status anomaly alarm Each interface has 3 alarm events: − Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The alarm event only aims at optical interface, but not electrical interface. − Interface link-down alarm: interface status Down alarm. The RAX711-C supports saving alarms to the hardware environment monitoring alarm table, sending Trap to the NView NNM system, and outputting to the system log. Raisecom Proprietary and Confidential 240 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.1.7 CPU monitoring The RAX711-C supports CPU monitoring, which is used to monitor task status, CPU utilization rate, and stack usage in real time, helping the administrator locate the fault quickly. CPU monitoring can provide the following functions: Viewing CPU utilization – View CPU hold time and utilization rate of all tasks in each period (5 seconds, 1 minute, 10 minutes, or 2 hours). The total CPU utilization rate within each period can be displayed statically or dynamically. – View the operating status of all tasks and the detailed operating status information about specified tasks. – View historical CPU utilization rate within each period. – View the dying gasp task information. CPU utilization rate threshold alarm Within a specified sampling period, the system will generate an alarm and send Trap if CPU utilization rate is over the configured rising threshold or below the declining threshold. The Trap provides 5 task IDs and their CPU utilization rates of tasks which have the highest CPU utilization rate in the latest period (5 seconds, 1 minute, or 10 minutes). 12.1.8 RMON Remote Network Monitoring (RMON) is a standard developed by the Internet Engineering Task Force (IETF). RMON is used to monitor network data through different Agents and NMS. RMON is an extension to SNMP. However, compared with SNMP, ROMN is more active and efficient for monitoring remote devices. The administrator can quickly trace faults generated on the network, network segments, or devices. With RMON, data traffic between the NMS and Agent is reduced greatly. In addition, RMON helps effectively manage the large-scale network, which makes up for SNMP restrictions across the increasing distributed network. At present, RMON implements 4 function groups: Statistics group: collect statistic information on each interface, including the number of received packets and packet size distribution statistics. History group: similar with the statistics group, it only gathers statistics in an assigned detection period. Alarm group: monitor an assigned MIB object, configure the upper and lower thresholds in an assigned time interval, and trigger an event if the monitored object exceeds the threshold. Event group: cooperating with the alarm group, when an alarm triggers an event, it records the event, such as sending Trap or writing it into the log. 12.1.9 Device monitoring Temperature monitoring The RAX711-C support monitoring the temperature and can be configured with the high temperature alarm threshold and low temperature alarm threshold. Raisecom Proprietary and Confidential 241 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Fan monitoring The RAX711-C supports fan monitoring, which is used to monitor the rotational speed and temperature of the fan. When the rotational speed and temperature of the fan are abnormal, an alarm is generated and Trap messages are sent. The RAX711-C monitors the fan in two modes: Forced monitoring: the rotational speed of the fan is fixed. Automatic monitoring: the rotational speed of the fan is automatically adjusted according to temperature change. In automatic monitoring mode, the rotational speed is classified into 4 levels. Each level corresponds to a group of temperature range. The RAX711-C automatically adjusts the rotational speed of the fan according to temperature change. 12.1.10 Loopback As shown in Figure 12-3, interface loopback test (Loopback) is a common method for checking interface and network problems. Return the packets, which meet rules and related parameters defined by users, to the RAX711-C B through Client 1 of RAX711-C A. By counting packets transmitted and received by an interface, RAX711-C B can detect the network connectivity. Figure 12-3 Interface loopback Ingress packets and egress packets As shown Figure 12-3, ingress packets and egress packets are defined as below: Ingress packets: test packets received by Client interface 1 Egress packets: test packets returned to the peer device through Client interface 1 Loopback parameters Loopback parameters include the source MAC address, destination MAC address, source IP address, destination IP address, SVLAN ID, and CVLAN ID. When you configure a loopback parameter and enable loopback of the related rule, packets, which meet the parameter, will be used for loopback. Raisecom Proprietary and Confidential 242 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Loopback hold time The loopback hold time ranges from 0 to 30 minutes. When the hold time expires, loopback of some rule will be automatically disabled on the interface. When the hold time is configured to 0 minute, loopback will be performed continuously until being disabled manually. Swap of unicast source MAC address Swap of unicast source MAC address refers to swapping the source MAC address of egress packets to the local MAC addresses of RAX711-C A or destination MAC address of ingress packets. Only unicast packets support source MAC address translation. For multicast and broadcast packets, their MAC addresses are the local MAC address of the RAX711-C A. Swap of multicast destination MAC address Swap of multicast destination MAC address refers to swapping destination MAC addresses of egress packets to the MAC address of RAX711-C B. Namely, after loopback, multicast and broadcast packets are changed to unicast packets. If destination MAC address translation is disabled, destination MAC address of egress packets are the multicast and broadcast MAC addresses of original packets. Swap of multicast destination IP address For multicast IP packets, when swap of the destination IP address is enabled, the destination IP address of egress packets are swap from the original multicast IP address to the source IP address of ingress packets. Namely. The multicast packets are changed to unicast packets to return to the peer. When destination IP address translation is disabled, the destination IP address of egress packets are the original multicast IP address. For broadcast IP packets, the destination IP address is swapped to the source IP address of the ingress packets regardless of whether swap of the destination IP address is enabled or not. The source IP address of all egress packets is always swapped to the configured local IP address. By default, the local IP address of the RAX711-C is configured to 127.0.0.1. 12.1.11 Fault detection Ping Ping derives from the sonar location operation, which is used to detect whether the network is normally connected. Ping is achieved with ICMP echo packets. If an Echo Reply packet is sent back to the source address during a valid period after the Echo Request packet is sent to the destination address, it indicates that the route between source and destination address is reachable. If no Echo Reply packet is received during a valid period and timeout information is displayed on the sender, it indicates that the route between source and destination addresses is unreachable. Figure 12-4 shows the principles of Ping. Raisecom Proprietary and Confidential 243 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Figure 12-4 Principles of Ping Traceroute Just as Ping, Traceroute is a commonly-used maintenance method in network management. Traceroute is often used to test the network nodes of packets from sender to destination, detect whether the network connection is reachable, and analyze network fault The following shows how Traceroute works: First, send a piece of TTL1 sniffer packet (where the UDP port number of the packet is unavailable to any application programs in destination side). TTL deducts 1 when reaching the first hop. Because the TTL value is 0, in the first hop the device returns an ICMP timeout packet, indicating that this packet cannot be sent. The sending host adds 1 to TTL and resends this packet. Because the TTL value is reduced to 0 in the second hop, the device will return an ICMP timeout packet, indicating that this packet cannot be sent. The above steps continue until the packet reaches the destination host, which will not return ICMP timeout packets. Because the port number of destination host is not be used, the destination host will send the port unreachable packet and finish the test. Thus, the sending host can record the source address of each ICMP TTL timeout packet and analyze the path to the destination according to the response packet. Figure 12-5 shows the principle of Traceroute. Figure 12-5 Principle of Traceroute Raisecom Proprietary and Confidential 244 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.2 Configuring LLDP 12.2.1 Preparing for configurations Scenario When you obtain connection information between devices through the NView NNM system for topology discovery, you need to enable LLDP on the RAX711-C. Therefore, the RAX711- C can notify its information to the neighbours mutually, and store neighbour information to facilitate the NView NNM system querying information. Prerequisite N/A 12.2.2 Enabling global LLDP After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP cannot be enabled unless the restart timer times out. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#lldp enable Enable global LLDP. By default, global LLDP is disabled. 12.2.3 Enabling interface LLDP Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#lldp enable Enable interface LLDP. By default, interface LLDP is enabled. 4 Raisecom(config-port)#lldp dest- Configure the destination MAC address of LLDP address mac-address packets sent by the interface. By default, it is 0180.c200.000e. Raisecom Proprietary and Confidential 245 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.2.4 Configuring basic functions of LLDP We recommend configuring the LLDP delivery period in advance. The delivery period and delivery delay are interact on each other. The delivery delay must be smaller than or equal to 1/4 of the delivery period. Otherwise, the configuration will fail. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#lldp (Optional) configure the period timer of the LLDP packet. message-transmission interval second By default, it is 30s. 3 Raisecom(config)#lldp (Optional) configure the delay timer of the LLDP packet. message-transmission delay second By default, it is 2s. 4 Raisecom(config)#lldp (Optional) configure the aging coefficient of the LLDP packet. message-transmission hold- multiplier coefficient By default, it is 4. 5 Raisecom(config)#lldp (Optional) configure the restart timer. After global LLDP is restart-delay second disabled, it cannot be enabled unless the restart timer times out. By default, it is 2s. 12.2.5 Configuring LLDP alarm When the network changes, you need to enable LLDP Trap to send topology update Trap to the NView NNM system immediately. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#lldp trap- (Optional) configure the interval for sending LLDP Traps. interval second By default, it is 5s. After enabled with LLDP Trap, the RAX711-C will send Traps after detecting aged neighbours, newly-added neighbours, and changed neighbour information. 12.2.6 Checking configurations No. Command Description 1 Raisecom#show lldp local config Show LLDP local configurations. 2 Raisecom#show lldp local system-data Show information about the LLDP [ interface-type interface-number ] local system. Raisecom Proprietary and Confidential 246 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance No. Command Description 3 Raisecom#show lldp remote [ interface-type Show information about LLDP interface-number ] [ detail ] neighbors. 4 Raisecom#show lldp statistic [ interface-type Show statistics on LLDP packets. interface-number ] 12.3 Configuring SNMP 12.3.1 Preparing for configurations Scenario When you need to log in to the RAX711-C through the NView NNM system, you should configure basic SNMP functions on the RAX711-C. Prerequisite Configure the IP address of the SNMP interface. Configure static routing, making the route between the RAX711-C and the NView NNM system reachable. 12.3.2 Configuring basic functions of SNMP Configure basic functions of SNMPv3 for the RAX711-C as below. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#snmp-server access Create and configure the SNMP access group. group-name [ read view-name ] [write view-name ] [notify view-name ][ context context-name { exact | prefix } ] usm { noauthnopriv | authnopriv | authpriv } 3 Raisecom(config)#snmp-server group name (Optional) configure the mapping between user user usm users and access groups. 4 Raisecom(config)#snmp-server contact (Optional) configure the identifier and contact syscontact mode of the administrator. 5 Raisecom(config)#snmp-server host ip- Configure the address of SNMP target host. address version 3 { noauthnopriv | authnopriv | authpriv } user-name [ udpport udpport ] 6 Raisecom(config)#snmp-server location (Optional) specify the physical location of the sysLocation RAX711-C. Raisecom Proprietary and Confidential 247 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 7 Raisecom(config)#snmp-server user user- Create the user name and configure the name [ remote engine-id ] authentication authentication mode. { md5 | sha } password [ privacy privacy ] 8 Raisecom(config)#snmp-server view view- Configure the SNMP view. name oid-tree [ mask ] { included | excluded } 9 Raisecom(config)#snmp-server lldp-trap Enable Trap. Use the snmp-server lldp-trap enable disable command to disable Trap. Configure basic functions of SNMPv1/v2c for the RAX711-C as below. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#snmp-server community name [ view view ] { ro | rw } Create the community name and configure the related view and authority. 3 Raisecom(config)#snmp-server contact contact (Optional) configure the identifier and contact mode of the administrator. 4 Raisecom(config)#snmp-server host ip- address version { 1 | 2c } community- Configure the address of SNMP target host. string [ udpport port-id ] 5 Raisecom(config)#snmp-server location location (Optional) specify the physical location of the RAX711-C. 12.3.3 Configuring Trap Trap configurations on SNMPv1, v2c, and v3 are identical except for Trap target host configurations. Please configure Trap as required. Trap means refers to unrequested information sent to the NView NNM system automatically, which is used to report some critical events. Before configuring Trap, you need to perform the following configurations: Configure basic functions of SNMP. For SNMPv3, you need to configure the user name and SNMP view. Configure a routing protocol, making the route between the RAX711-C and the NView NNM system reachable. Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 248 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 2 Raisecom(config)#interface interface- Enter SNMP interface configuration mode. type interface-number 3 Raisecom(config-port)#ip address snmp 1 Configure the IP address of the SNMP interface on the RAX711-C. 4 Raisecom(config-port)#exit Exit SNMP interface configuration mode and enter global configuration mode. 5 Raisecom(config)#snmp-server host ip- address version 3 { noauthnopriv | (Optional) configure SNMPv3-based Trap target authnopriv | authpriv } name host. [ udpport udpport ] 6 Raisecom(config)#snmp-serverhost ip- (Optional) configure SNMPv1-/SNMPv2c-based Trap address version { 1 | 2c } name target host. [udpport udpport ] 7 Raisecom(config)#snmp-server enable traps Enable SNMP to send Trap. 12.3.4 Checking configurations No. Command Description 1 Raisecom#show snmp access Show configurations of the SNMP access group. 2 Raisecom#show snmp community Show configurations of the SNMP community. 3 Raisecom#show snmp config Show basic configurations of SNMP. 4 Raisecom#show snmp group Show the mapping between SNMP users and the access group. 5 Raisecom#show snmp host Show information about the Trap target host. 6 Raisecom#show snmp statistics Show SNMP statistics. 7 Raisecom#show snmp user Show information about SNMP users. 8 Raisecom#show snmp view Show information about SNMP views. 9 Raisecom#show snmp trap remote Show the enabling status of Trap on the remote device. Raisecom Proprietary and Confidential 249 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.4 Configuring optical module DDM 12.4.1 Preparing for configurations Scenario Optical module DDM provides a method for monitoring SFP performance parameters. By analyzing monitored data provided by the optical module, the administrator can predict the SFP module lifetime, isolate system faults, as well as verify the compatibility of the optical module. Prerequisite N/A 12.4.2 Enabling optical module DDM Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#transceiver ddm Enable optical module DDM. enable By default, optical module DDM is disabled. 3 Raisecom(config)#transceiver ddm Configure the polling interval for optical module DDM. poll_interval interval By default, it is 15s. 4 Raisecom(config)#snmp-server trap Enable optical module DDM Trap on interfaces. transceiver enable By default, it is disabled. 12.4.3 Checking configurations No. Command Description 1 Raisecom#show transceiver [interface-type Show historical information about optical interface-number history { 15m | 24h } ] module DDM. 2 Raisecom#show transceiver ddm interface-type Show optical module DDM information. interface-list [ detail ] 3 Raisecom#show transceiver ddm poll_interval Show the polling interval for optical module DDM. 4 Raisecom#show transceiver information Show information about optical module interface-type interface-number DDM. 5 Raisecom#show transceiver threshold- Show violation information about optical violations interface-type interface-number module parameters. Raisecom Proprietary and Confidential 250 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.5 Configuring system log 12.5.1 Preparing for configurations Scenario The RAX711-C generates critical information, debugging information, or error information about the system to system logs and outputs the system logs to log files or transmits them to the host, Console interface, or monitor for viewing and locating faults. Prerequisite N/A 12.5.2 Configuring basic information about system log Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#logging on (Optional) Enable system log. By default, system log is enabled. 3 Raisecom(config)#logging time- (Optional) configure the timestamp of system log. stamp { debug | log } { datetime | none | Uptime } The optional parameter debug is used to assign debug-level (7) system log timestamp. By default, this system log does not have timestamp The optional parameter log is used to assign levels 0–6 system log timestamp. By default, these system logs adopt date-time as timestamp. 4 Raisecom(config)#logging rate- (Optional) configure the transport rate of system log. limit rate By default, no transport rate is configured. 5 Raisecom(config)#logging (Optional) configure the discriminator of the system log. discriminator distriminator- number { facility | mnemonics | msg-body } { drops | includes } key Raisecom(config)#logging discriminator distriminator- number { facility | mnemonics | msg-body } none 6 Raisecom(config)#logging buginf (Optional) send Level 7 (debugging) debugging log. [ high | normal | low | none ] 7 Raisecom(config)#logging (Optional) enable the sequence number field of the log. sequence-number You can use the no form of this command to disable the sequence number field of the log. 8 Raisecom(config)#logging time- (Optional) configure the timestamp for logs. stamp { debug | log } { datetime | uptime | none } Raisecom Proprietary and Confidential 251 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.5.3 Configuring output destination of system logs Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#logging console [ log-level | (Optional) output system logs to alerts | critical | debugging | discriminator | the Console interface. emergencies | errors | informational | notifications | warnings ] 3 Raisecom(config)#logging host ip-address[ log- (Optional) output system logs to level | alerts | critical | debugging | the log host. discriminator discriminator-number | emergencies | errors | informational | notifications | warnings ] 4 Raisecom(config)#logging monitor[ log-level | (Optional) output system logs to alerts | critical | debugging | emergencies | the monitor. errors | informational | notifications | warnings ] 5 Raisecom(config)#logging buffered [ log-level | (Optional) output system logs to alerts | critical | debugging | emergencies | the log buffer. errors | informational | notifications | warnings ] 6 Raisecom(config)#logging buffered size size (Optional) configure the log buffer size. 7 Raisecom(config)#logging history (Optional) output system logs to the log history table. 8 Raisecom(config)#logging history size size Configure the log history table size. 12.5.4 Checking configurations No. Command Description 1 Raisecom#show logging Show configurations of system logs. 12.6 Configuring alarm management 12.6.1 Preparing for configurations Scenario When the RAX711-C fails, the alarm management module will collect the fault information and output the alarm in a log. The alarm information includes the time when the alarm is generated, the name and descriptions of the alarm. It helps you quickly locate the fault. Raisecom Proprietary and Confidential 252 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance If the RAX711-C is installed with the NView NNM system, the alarm is reported to the NView NNM system. The NView NNM system gives the reasons and suggestions to help you deal with the problem in time. With alarm management, you can directly perform following operations on the RAX711-C: alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm storage mode, alarm clearing, and alarm viewing. Prerequisite After hardware monitoring is configured on the RAX711-C, When alarms are output in Syslog form, alarms are generated to the system log. When needing to send alarms to the log host, you need to configure the IP address of the log host on the RAX711-C. When needing to send alarms to the NView NNM system in a Trap form, you need to configure the IP address of the NView NNM system on the RAX711-C. 12.6.2 Configuring basic functions of alarm management Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#alarm Enter alarm configuration mode. 3 Raisecom(config-alarm)#alarm inhibit (Optional) enable alarm inhibition. enable By default, alarm inhibition is enabled. 4 Raisecom(config-alarm)#alarm auto-report (Optional) enable alarm auto-report of all { enable | disable } index index alarms. 5 Raisecom(config-alarm)#alarm monitor (Optional) enable alarm monitoring. { enable | disable } index index 6 Raisecom(config-alarm)#alarm inverse (Optional) configure alarm inverse. { enable | disable } interface-type interface-number By default, it is enabled. 7 Raisecom(config-alarm)#alarm { active | (Optional) configure the delay for generating clear } delay second an alarm and the delay for clearing an alarm. By default, both of them are 0s. 8 Raisecom(config-alarm)#alarm active (Optional) configure the alarm storage mode. storage-mode { loop | stop } By default, the alarm storage mode is configured to stop. 9 Raisecom(config-alarm)#alarm clear all (Optional) clear all current alarms. Raisecom(config-alarm)#alarm clear index (Optional) clear alarms with the specified index alarm index. For modules, which support the alarm feature, can be enabled/disabled with alarm monitoring, alarm auto-report, and alarm clearing. Raisecom Proprietary and Confidential 253 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance 12.6.3 Configuring Layer 3 power failure or fiber breakage alarms Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#power-down trap enable Enable Layer 3 power failure alarm. By default, it is disabled. 12.6.4 Checking configurations No. Command Description 1 Raisecom#show alarm { auto- Show current alarm parameters. report | inverse | monitor } config Alarm parameters displayed by this command include alarm inhibition, alarm inverse mode, alarm delay, alarm storage mode, alarm buffer size, and alarm log size. 2 Raisecom#show alarm cleared Show cleared alarms. 3 Raisecom#show power-down Show configurations of Layer 3 power failure alarm. 12.7 Configuring memory monitoring 12.7.1 Preparing for configurations Scenario This feature enables you to monitor the memory utilization of the system in real time and configure memory utilization crossing threshold alarms, thus facilitating you to locate and clear faults in time or assist NMS personnel to locate faulty. Prerequisite To output memory utilization alarms as Trap, you must configure the IP address of the target server for outputting Trap, namely, the IP address of the NMS server. 12.7.2 Configuring memory monitoring Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#memory Configure the alarm threshold for memory utilization. threshold recovering recovering-threshold rising By default, the recovering alarm threshold for memory rising-threshold utilization is 75, namely, 75%; the rising alarm threshold for memory utilization is 95, namely, 95%. Raisecom Proprietary and Confidential 254 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 3 Raisecom(config)#memory Configure the interval for sampling the memory. interval value By default, it is 60s. 12.7.3 Checking configurations No. Command Description 1 Raisecom#show memory [ management | module Show memory statistics. { value | bufferpool | diff } | overflow ] 12.8 Configuring CPU monitoring 12.8.1 Preparing for configurations Scenario CPU monitoring is used to monitor task status, CPU utilization rate, and stack usage in real time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating a hidden danger, helping the administrator locate the fault quickly. Prerequisite To output CPU monitoring alarms in a Trap form. You need to configure the IP address of Trap target host on the RAX711-C, that is, the IP address of the NView NNM system. 12.8.2 Viewing CPU monitoring information Step Command Description 1 Raisecom#show cpu-utilization [ dynamic | history Show CPU utilization rate. { 10min | 1min | 2hour | 5sec } ] 2 Raisecom#show process [ dead | sorted { priority Show task status. | name } | taskname ] 3 Raisecom#show process cpu [ sorted [ 10min | 1min Show CPU utilization rate of all | 5sec | invoked ] ] tasks. 12.8.3 Configuring CPU monitoring alarm Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 255 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 2 Raisecom(config)#cpu (Optional) configure the rising threshold and recovering threshold of threshold recovering CPU alarm. recovering-threshold rising rising- By default, they are 99 and 79 respectively, namely, 99% and 79% threshold respectively. 3 Raisecom(config)#cpu (Optional) configure the interval for sampling the CPU. interval value By default, it is 60s. 12.8.4 Checking configruations No. Command Description 1 Raisecom#show cpu-utilization Show CPU utilization and related configurations. 2 Raisecom#show process [ dead | pid Show status of each process. pid-value | sorted { priority | name } | taskname ] 3 Raisecom#show process cpu [ sorted Show CPU utilization of each task. [ 10mins | 1min | 5secs | invoked ] ] 12.9 Configuring RMON 12.9.1 Preparing for configurations Scenario RMON helps monitor and count network traffics. Compared with SNMP, RMON is a more efficient monitoring method. After you specifying the alarm threshold, the RAX711-C actively sends alarms when the threshold is exceeded without gaining variable information. This helps reduce the traffic of managing and managed devices and facilitates managing the network. Prerequisite The route between the RAX711-C and the NView NNM system is reachable. 12.9.2 Configuring RMON statistics Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter physical layer interface configuration mode. interface-type interface-number Raisecom Proprietary and Confidential 256 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 3 Raisecom(config-port)#rmon Enable RMON statistics on an interface. statistics [ owner owner-name ] By default, RMON statistics is enabled on all interfaces, and the owner is monitoretherstats. 12.9.3 Configuring RMON historical statistics Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface interface-type Enter physical layer interface interface-number configuration mode. 3 Raisecom(config-port)#rmon history Enable RMON historical group. [ shortinterval short-period ] [ longinterval long-period ] [ buckets buckets-number ] By default, RMON historical group is [ owner owner-name ] disabled on all interfaces, shortinterval is 30s, longinterval is 1800s, buckets is 10, and string is monitorHistory. 12.9.4 Checking configurations No. Command Description 1 Raisecom#show rmon [ alarms | Show RMON configurations. events ] 2 Raisecom#show rmon history Show historic information about RMON. interface-type interface-list 3 Raisecom#show rmon statistics Show statistical information about RMON. [ interface-type interface-list ] 12.10 Configuring fan monitoring 12.10.1 Configuring fan monitoring When the RAX711-C is installed in a hot environment, the overhigh temperature will affect heat dissipation performance of the RAX711-C. Therefore, you need to configure fan monitoring, which is used to automatically adjust the rotational speed of the fan based on environment temperature and help the RAX711-C work properly. Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 257 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 2 Raisecom(config)#fan- Configure the working mode of the fan. monitor mode { auto | enforce } By default, it is auto. 3 Raisecom(config)#fan (Optional) configure the rotational speed in forced monitoring enforce level level mode. By default, it is 4. 4 Raisecom(config)#fan- (Optional) configure the temperature scale. monitor temperature-scale value-1 value-2 value-3 By default, it is 0°C for level 1, 35°C for level 2, 45°C for level 3, and 55°C for level 4. 5 Raisecom(config)#fan- Enable fan monitoring Trap. monitor trap send enable 12.10.2 Checking configurations No. Command Description 1 Raisecom#show fan-monitor Show configurations and status of fan monitoring. { information | status } 12.11 Configuring loopback 12.11.1 Preparing for configurations Scenario The network maintenance engineers can detect and analyze interface and network faults through interface loopback. Ingress packets and egress packets are defined as below: Ingress packets: test packets received by an interface Egress packets: test packets returned to the peer device through an interface Prerequisite When the current interface is in Forwarding status, packets entering the interface can be properly forwarded or transmitted to the CPU. 12.11.2 Configuring interface loopback Step Command Description 1 Raisecom#config Enter global configuration mode. Raisecom Proprietary and Confidential 258 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 2 Raisecom(config)#interface interface-type Enter interface configuration mode. interface-number 3 Raisecom(config-port)#loopback { external Enable interface loopback. | internal } [ access-list acl-number ] in-service { enable | disable } 4 Raisecom(config-port)#loopback { external Configure the loopback direction of the | internal } interface. 5 Raisecom(config-port)#loopback { external Configure the interface loopback rule based | internal } access-list acl-number [ swap on ACL. sip source-ip-address ] [ swap smac source-mac-address ] [ swap dip-disable ] [ swap dmac-disable ] [ swap udp-dport- disable ] 6 Raisecom(config-port)#loopback { external Configure the interface loopback rule based | internal } rc-sam { l2 | l3 } on RCSAM Layer 2 or Layer 3 packet. 7 Raisecom(config-port)#loopback statistic Enable statistics on loopback packets. { enable | disable } By default, it is disabled. 8 Raisecom(config-port)#loopback timeout Configure the loopback interface. minute By default, it is 0; namely, the loopback is permanent. 12.11.3 Checking configurations No. Command Description 1 Raisecom#show loopback [ interface-type Show configurations of interface loopback. interface-number ] 12.12 Configuring fault detection 12.12.1 Configuring task scheduling When you need to use some commands to perform periodical maintenance on the RAX711-C, you can configure task scheduling. The RAX711-C supports achieving task scheduling through the schedule list and CLI. You can use commands to perform periodical operation just by specifying the begin time, period, and end time of a specified task in the schedule list and bind the schedule list to the CLI. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#schedule-list list-number start date-time Create and configure mm-dd-yyyy hh:mm:ss Raisecom Proprietary and Confidential 259 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description Raisecom(config)#schedule-list list-number start date-time the schedule list. mm-dd-yyyy hh:mm:ss every { day | week } stop mm-dd-yyyy hh:mm:ss Raisecom(config)#schedule-list list-number start date-time mm-dd-yyyy hh:mm:ss every days-interval time-interval [ stop mm-dd-yyyy hh:mm:ss ] Raisecom(config)#schedule-list list-number start Up–time days-after-startup hh:mm:ss Raisecom(config)#schedule-list list-number start Up–time days-after-startup hh:mm:ss every days-interval time-interval [ stop days-after-startup hh:mm:ss ] 3 Raisecom#show schedule-list Show schedule list configurations. 12.12.2 Ping Step Command Description 1 Raisecom#ping [ vrf vpn-instance-name ] ip- (Optional) use the ping command to test address [ count count ] [ size size ] IPv4 network connectivity. [ source ip-address ] [ waittime second ] 2 Raisecom#ping ipv6 ipv6-address [ count (Optional) use the ping command to test count ] [ size size ] [ waittime second ] IPv6 network connectivity. The RAX711-C cannot perform other operations in the process of Ping. It can perform other operations only when Ping is finished or Ping is broken off by pressing Ctrl+C. 12.12.3 Traceroute Before using Traceroute, you should configure the IP address and default gateway of the RAX711-C. Step Command Description 1 Raisecom#config Enter global configuration mode. 2 Raisecom(config)#interface Enter interface configuration mode. interface-type interface-number 3 Raisecom(config-port)#ip address Configure the IP address of the interface. ip-address [ ip-mask ] vlan-id 4 Raisecom(config-port)#exit Exit interface configuration mode and enter global configuration mode. 5 Raisecom(config)#ip default- Configure the default gateway. gateway ip-address Raisecom Proprietary and Confidential 260 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Step Command Description 6 Raisecom(config)#exit Exit global configuration mode and enter privileged EXEC configuration mode. 7 Raisecom#traceroute { [ vrf vpn- (Optional) use the traceroute command to test network instance-name ] ip-address | ipv6 connectivity and show nodes passed by the packet. ipv6-address } [ firstttl first- ttl ] [ maxttl max-ttl ] [ port By default, the initial TTL is 1; the maximum TTL is port-number ] [ waittime second ] 30; the interface ID is 33433; the timeout is 3s; the [ count times ] [ size size ] number of detection packets is 3. 12.13 Maintenance Command Description Raisecom(config)#clear filter statistics Clear filter statistics. interface interface-type interface-number Raisecom(config)#clear lldp global statistic Clear LLDP global statistics. Raisecom(config)#clear lldp statistic Clear LLDP statistics on the specified [ interface-type interface-number ] interface. Raisecom(config)#clear lldp remote-table Clear information about LLDP neighbors on [ interface-type interface-number ] the specified interface. Raisecom(config)#clear mac-address { all | Clear MAC addresses in the MAC address dynamic | static } [ interface-type interface- table. number ] Raisecom(config)#clear logging buffer Clear contents in the buffer. Raisecom(config)#clear logging statistics Clear log statistics. 12.14 Configuration examples 12.14.1 Examples for configuring LLDP basic functions Networking requirements As shown in Figure 12-6, RAX711-C A and RAX711-C B are connected to the NView NNM system. Enable LLDP on links between RAX711-C A and RAX711-C B. And then you can query the Layer 2 link changes through the NView NNM system. Raisecom Proprietary and Confidential 261 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Figure 12-6 Configuring LLDP basic functions Configuration steps Step 1 Configure the management IP address. Configure RAX711-C A. Raisecom(config)#create vlan 1024 active Raisecom(config)#interface client 1 Raisecom(config-client1)#switchport access vlan 1024 Raisecom(config-client1)#exit Raisecom(config)#interface line 1 Raisecom(config-line1)#switchport access vlan 1024 Raisecom(config-line1)##ip address 10.10.10.1 Raisecom(config-line1)#exit Configure RAX711-C B. Raisecom(config)#create vlan 1024 active Raisecom(config)#interface client 1 Raisecom(config-port)#switchport access vlan 1024 Raisecom(config-port)#exit Raisecom(config)#interface line 1 Raisecom(config-line1)#switchport access vlan 1024 Raisecom(config-line1)#ip address 10.10.10.2 Raisecom(config-line1)#exit Step 2 Configure LLDP properties. Configure RAX711-C A. Raisecom Proprietary and Confidential 262 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Raisecom(config)#lldp enable Raisecom(config)#lldp message-transmission interval 60 Raisecom(config)#lldp message-transmission delay 9 Raisecom(config)#lldp trap-interval 10 Configure RAX711-C B. Raisecom(config)#lldp enable Raisecom(config)#lldp message-transmission interval 60 Raisecom(config)#lldp message-transmission delay 9 Raisecom(config)#lldp trap-interval 10 Checking results Use the show lldp local config command to show local configurations. Take RAX711-C A for example. Raisecom#show lldp local config System configuration: ------------------------------------------------------------------ LLDP enable status: enable (default is disabled) LldpMsgTxInterval: 60 (default is 30s) LldpMsgTxHoldMultiplier: 4 (default is 4) LldpReinitDelay: 2 (default is 2s) LldpTxDelay: 9 (default is 2s) LldpNotificationInterval: 10 (default is 5s) LldpNotificationEnable: enable (default is enabled) ------------------------------------------------------------------ Port Status -------------------------------------------------------- PC1 enable PC2 enable line1 enable line2 enable line3 enable line4 enable client1 enable client2 enable client3 enable client4 enable client5 enable client6 enable client7 enable client8 enable client9 enable client10 enable client11 enable client12 enable Raisecom Proprietary and Confidential 263 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Use the show lldp remote command to show neighbour information. On RAX711-C A: Raisecom#show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime ------------------------------------------------------------------------- interface 1000E.5E02.B010 client1 RAXB10.10.10.2 106 On RAX711-C B: Raisecom#show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime ------------------------------------------------------------------------- interface 1000E.5E12.F120 client1 RAXA10.10.10.1 106 12.14.2 Examples for outputting system logs to log host Networking requirements As shown in Figure 12-7, configure system log to output system logs of the RAX711-C to the log host, facilitating log viewing at any time. Figure 12-7 Outputting system logs to log host Configuration steps Step 1 Configure the IP address of the SNMP interface on the RAX711-C. Raisecom#config Raisecom(config)#interface snmp 1 Raisecom(config-snmp1)#ip address 20.0.0.6 255.0.0.0 1 Raisecom(config-snmp1)#exit Step 2 Output system logs to the log host. Raisecom(config)#logging on Raisecom(config)#logging host 20.0.0.168 warnings Raisecom Proprietary and Confidential 264 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 12 System management and maintenance Raisecom(config)#logging rate-limit 2 Checking results Use the show logging command to show system log configurations. Raisecom#show logging Syslog logging: enable Dropped Log messages: 0 Dropped debug messages: 0 Rate-limited: 2 messages per second Squence number display: disable Debug level time stamp: none Log level time stamp: datetime Log buffer size: 4kB Debug level: low Syslog history logging: disable Syslog history table size:1 Dest Status Level LoggedMsgs DroppedMsgs Discriminator ---------------------------------------------------------------------- buffer disable informational(6) 0 0 0 console enable informational(6) 3 0 0 trap disable warnings(4) 0 0 0 file disable warnings(4) 0 0 0 Log host information: Max number of log server: 10 Current log server number: 1 Target Address Level Facility Sent Drop Discriminator ------------------------------------------------------------------------- 20.0.0.168 warnings(4) local7 0 0 0 Check whether the log information is displayed on the terminal emulation Graphical User Interface (GUI) of the PC. 07-01-2014 11:31:28Local0.Debug 20.0.0.6JAN 01 10:22:15 RAX711-C: CONFIG-7- CONFIG:USER " raisecom " Run " logging on " 07-01-2014 11:27:41Local0.Debug 20.0.0.6JAN 01 10:18:30 RAX711-C: CONFIG-7- CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 " 07-01-2014 11:27:35Local0.Debug 20.0.0.10 JAN 01 10:18:24 RAX711-C: CONFIG- 7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.1 1 " 07-01-2014 11:12:43Local0.Debug 20.0.0.10 JAN 01 10:03:41 RAX711-C: CONFIG- 7-CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 " 07-01-2014 11:12:37Local0.Debug 20.0.0.10 JAN 01 10:03:35 RAX711-C: CONFIG- 7-CONFIG:USER " raisecom " Run " logging on" Raisecom Proprietary and Confidential 265 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix 13 Appendix This chapter lists terms and abbreviations involved in this document, including the following sections Terms Acronyms and abbreviations 13.1 Terms A A series of ordered rules composed of permit | deny sentences. These Access rules are based on the source MAC address, destination MAC address, Control List source IP address, destination IP address, interface ID and so on. The (ACL) device decides to receive or refuse the packets based on these rules. C A standard defined by IEEE. It defines protocols and practices for OAM Connectivity (Operations, Administration, and Maintenance) for paths through 802.1 Fault bridges and local area networks (LANs). Used to diagnose fault for EVC Management (Ethernet Virtual Connection). Cost-effective by fault management (CFM) function and improve Ethernet maintenance. E Encapsulation A technology used by the layered protocol. When the lower protocol receives packets from the upper layer, it will map packets to the data of the lower protocol. The outer layer of the data is encapsulated with the lower layer overhead to form a lower protocol packet structure. For example, an IP packet from the IP protocol is mapped to the data of 802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame header to form a VLAN frame structure. Raisecom Proprietary and Confidential 266 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix Complying with IEEE 802.3ah protocol, EFM is a link-level Ethernet Ethernet in OAM technology. It provides the link connectivity detection, link fault the First Mile monitoring, remote fault notification, and so on. for a link between two (EFM) directly-connected devices. EFM is mainly used for the Ethernet link on edges of the network accessed by users. L Link A computer networking term which describes using multiple network Aggregation cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability. M A term in data communication area. The structure is fixed, with its Message header defining the destination address and the text as the actual packet. It can also include information about the termination of packets. P In data communication field, packet is the data unit for switching and transmitting information. In transmission, it will be continuously encapsulated and decapsulated. The header is used to define the Packet destination address and source address. The trailer contains information indicating the end of the packet. The payload data in between is the actual packet. In packet switching network, data is partitioned into multiple data segments. The data segment is encapsulated by control information, such as, destination address, to form the switching packet. The switching Packet packet is transmitted to the destination in the way of storage-forwarding switching in the network. Packet switching is developed based on the storage- forwarding method and has merits of both circuit switching and packet switching. Q QinQ QinQ is (also called Stacked VLAN or Double VLAN) extended from 802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag for client private packets at carrier access end; the packets take double VLAN Tag passing through trunk network (public network). In public network, packets only transmit according to outer VLAN Tag, the private VLAN Tag are transmitted as data in packets. V Raisecom Proprietary and Confidential 267 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix Virtual Local VLAN is a protocol proposed to solve broadcast and security issues for Area Ethernet. It divides devices in a LAN into different segments logically Network rather than physically, thus implementing multiple virtual work groups (VLAN) which are based on Layer 2 isolation and do not affect each other. VLAN mapping is mainly used to replace the private VLAN Tag of the Ethernet service packet with the ISP's VLAN Tag, making the packet transmitted according to ISP's VLAN forwarding rules. When the packet VLAN is sent to the peer private network from the ISP network, the VLAN Tag mapping is restored to the original private VLAN Tag according to the same VLAN forwarding rules. Thus, the packet is sent to the destination correctly. 13.2 Acronyms and abbreviations A ACL Access Control List APS Automatic Protection Switching C CE Customer Edge CFM Connectivity Fault Management CoS Class of Service D DHD Dual Home Device DRR Deficit Round Robin DSCP Differentiated Services Code Point E EFM Ethernet in the First Mile F FTP File Transfer Protocol G GPS Global Positioning System Raisecom Proprietary and Confidential 268 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix GSM Global System for Mobile Communications H HA High Availability I ICCP Inter-Chassis Communication Protocol IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IP Internet Protocol International Telecommunications Union - Telecommunication ITU-T Standardization Sector L LACP Link Aggregation Control Protocol LBM LoopBack Message LBR LoopBack Reply LLDP Link Layer Discovery Protocol LLDPDU Link Layer Discovery Protocol Data Unit LTM LinkTrace Message LTR LinkTrace Reply M MA Maintenance Association MAC Medium Access Control MD Maintenance Domain MEG Maintenance Entity Group MEP Maintenance associations End Point MIB Management Information Base MIP Maintenance association Intermediate Point MTU Maximum Transferred Unit N Raisecom Proprietary and Confidential 269 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix NTP Network Time Protocol O OAM Operation, Administration, and Maintenance P PDU Protocol Data Unit PE Provider Edge PSN Packet Switched Network PTN Packet Transport Network PW Pseudo Wire PWE3 Pseudo Wire Emulation Edge-to-Edge Q QoS Quality of Service R RMEP Remote Maintenance association End Point RMON Remote Network Monitoring S SAToP Structure-Agnostic TDM over Packet SFP Small Form-factor Pluggables SLA Service Level Agreement SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol SP Strict-Priority SSH Secure Shell T TCI Tag Control Information TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol Raisecom Proprietary and Confidential 270 Copyright © Raisecom Technology Co., Ltd. Raisecom RAX711-C (A) Configuration Guide 13 Appendix TLV Type Length Value ToS Type of Service TPID Tag Protocol Identifier V VPN Virtual Private Network VLAN Virtual Local Area Network W WRR Weight Round Robin Raisecom Proprietary and Confidential 271 Copyright © Raisecom Technology Co., Ltd. Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing, P.R.China Postal code: 100094 Tel: +86-10-82883305 Fax: 8610-82883056 http://www.raisecom.com Email:
[email protected]