Internet Enhanced Service on 7210 SAS-D, 7210 SAS-Dxp, and 7210 SAS-K 2F1C2T

This chapter provides information about Internet Enhanced Services, the process overview, and implementation notes.

IES service overview

Note:

  • IES is used for in-band management of the node on the 7210 SAS-D, 7210 SAS-Dxp, and 7210 SAS-K 2F1C2T.

  • IES service (standalone, without being associated with a routed VPLS) is not supported on the 7210 SAS-K 2F1C2T.

Internet Enhanced Service (IES) is a routed connectivity service where the subscriber communicates with an IP router interface to send and receive Internet traffic. An IES has one or more logical IP routing interfaces each with a SAP which acts as the access point to the subscriber’s network.

IES allows IP interfaces to participate in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber be unique between other provider addressing schemes and potentially the entire Internet. While IES is part of the routing domain, the usable IP address space may be limited. This allows a portion of the service provider address space to be reserved for service IP provisioning, and be administered by a separate, but subordinate address authority.

IP interfaces defined within the context of an IES service must have a SAP associated as the uplink access point to the subscriber network. Multiple IES services are created to segregate subscriber owned IP interfaces.

The following figure shows the internet enhanced service.

Figure 1. Internet Enhanced Service

The IES service provides in-band management connectivity. Other features include:

  • Multiple IES services are created to separate IP interfaces.

  • More than one IES service can be created for a single customer ID.

  • More than one IP interface can be created within a single IES service ID. All IP interfaces created within an IES service ID belong to the same customer.

On 7210 SAS-D and 7210 SAS-Dxp, the IES services provide IP connectivity to the node for in-band management of the node. Most of the management tasks supported with the out-of-band management port are supported with in-band management.

IES features

This section describes various general service features and any special capabilities or considerations as they relate to IES services.

IP interfaces

IES customer IP interfaces can be configured with most of the options found on the core IP interfaces. The advanced configuration options supported are:

  • ICMP Options

IPv6 support for IES IP interfaces associated with access-uplink SAPs (on 7210 SAS-D and 7210 SAS-Dxp)

In access-uplink mode, IES IP interfaces associated with access-uplink SAPs support IPv6 addressing. IPv6 can be used for in-band management of the node using the IES IP interface.

Note:

IPv6 IES IP interfaces on access-uplink SAPs are only supported on 7210 SAS-D and 7210 SAS-Dxp.

On 7210 SAS-D and 7210 SAS-Dxp, IPv4 and IPv6 route table lookup entries are shared. Before adding routes for IPv6 destinations, route entries in the routed lookup table needs to be allocated for IPv6 addresses. This can be done using the config> system> resource-profile> router> max-ipv6-routes command. This command allocates route entries for /64 IPv6 prefix route lookups. The system does not allocate any IPv6 route entries by default and user needs to allocate some resources before using IPv6. For the command to take effect, the node must be rebooted after making the change. For more information, refer to the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Basic System Configuration Guide. A separate route table is used for IPv6 /128-bit prefix route lookup. A limited number of IPv6 /128 prefixes route lookup entries is supported on 7210 SAS-D. The software enables lookups in this table by default (that is, no user configuration is required to enable IPv6 /128-bit route lookup).

Note:

On the 7210 SAS-D and 7210 SAS-Dxp, IPv6 interfaces are created without allocating IPv6 route entries.

Following features and restrictions is applicable for IPv6 IES IP interfaces:

  • IPv6 interfaces supports only static routing.

  • Only port-based ingress QoS policies are supported.

  • IPv6 filter policies can be used on SAP ingress and egress.

  • Routing protocols, such as OSPFv3, and others are not supported.

  • A limited number of IPv6 /128 prefixes route lookup entries is supported.

SAPs

Encapsulations

For 7210 SAS-D and 7210 SAS-Dxp, the following Access SAP encapsulation is supported on IES services in both network mode and access-uplink mode:

  • Ethernet null

  • Ethernet dot1q

  • Ethernet QinQ

For 7210 SAS-D and 7210 SAS-Dxp, Ethernet QinQ (access-uplink QinQ SAP) encapsulation is supported.

CPE connectivity check

Note:

This capability is only supported on the 7210 SAS-D and 7210 SAS-Dxp.

Static routes are used within many IES services. Unlike dynamic routing protocols, there is no way to change the state of routes based on availability information for the associated CPE. CPE connectivity check adds flexibility so that unavailable destinations will be removed from the service provider’s routing tables dynamically and minimize wasted bandwidth.

The availability of the far-end static route is monitored through periodic polling. The polling period is configured. If the poll fails a specified number of sequential polls, the static route is marked as inactive.

An ICMP ping mechanism is used to test the connectivity. If the connectivity check fails and the static route is deactivated, the router will continue to send polls and re-activate any restored routes.

QoS policies

When applied to 7210 SAS IES services, service ingress QoS policies only create the unicast meters defined in the policy. The multi-point meters are not created on the service. With IES services, service egress QoS policies function as with other services where the class-based queues are created as defined in the policy.

On 7210 SAS ingress, only meters are supported on all the platforms.

Note:

  • QoS policies only create the unicast meters defined in the policy if PIM is not configured on the associated IP interface; if PIM is configured, the multipoint meters are applied as well.

  • On the 7210 SAS-K 2F1C2T, both unicast and multicast queues are configured.

In access-uplink mode, IES IP interface associated with an access SAP supports use of service ingress QoS policies. IES IP interface associated with an access-uplink SAP does not support use of service ingress QoS policies. IES IP interfaces associated with an access-uplink SAP share the port based ingress and egress QoS policies.

Note that both MAC and IPv4 criteria can be used in the QoS policies for traffic classification in an IES.

CPU QoS for IES interfaces in access-uplink mode

In access-uplink mode, IES IP interface bound to routed VPLS services, IES IP interface on access SAPs and IES IP interface on Access-Uplink SAPs are designed for use with inband management of the node. Consequently, they share a common set of queues for CPU bound management traffic. All CPU bound traffic is policed to predefined rates before being queued into CPU queues for application processing. The system uses meters per application or a set of applications. It does not allocate meters per IP interface. The possibility of CPU overloading has been reduced by use of these mechanisms. Users must use appropriate security policies either on the node or in the network to ensure that this does not happen.

Filter policies

In access-uplink mode, only IP filter policies can be applied to IES service when either access SAP or access-uplink SAP is associated with the service.

Configuring an IES service with CLI

This section provides information to configure IES services using the command line interface.

Basic configuration

The most basic IES service configuration has the following entities:

  • customer ID (refer to Configuring customer accounts)

  • an interface to create and maintain IP routing interfaces within IES service ID

  • a SAP on the interface specifying the access port and encapsulation values

The following is a sample IES service on ALA-48 configuration output on an access-uplink SAP (applicable for access-uplink mode only).

*A:ALA-48>config>service# info
----------------------------------------------
ies 1000 customer 50 create
            description "to internet"
            interface "to-web" create
                address 10.1.1.1/24
                sap 1/1/5:0.* create
                exit
            exit
            no shutdown
----------------------------------------------
*A:ALA-48>config>service#

The following is a sample IES service configuration output on ALA-50.

*A:ALA-50>config>service# info
----------------------------------------------
ies 1000 customer 50 vpn 1000 create
description "to internet"
interface "to-web" create
address 10.1.1.1/24
sap 1/1/10:100 create
exit
exit
no shutdown
----------------------------------------------
*A:ALA-50>config>service#

The following is a sample basic IES service configuration output for IPv6, along with the use of max-ipv6-routes.

The following is a sample of allocation of IPv6 routes on the node.

*A:7210SAS>config>system>res-prof# info
----------------------------------------------
            max-ipv6-routes 1000
----------------------------------------------
Note:

The node must be rebooted after the preceding change.

*A:7210SAS>config>service# info
----------------------------------------------
ies 1000 customer 50 vpn 1000 create
description "to inband-mgmt"
interface "to-mgmt" create
ipv6
address 10::1/24
sap 1/1/10:100 create
exit
exit
no shutdown
----------------------------------------------
*A:7210SAS>config>service#

Common configuration tasks

This section provides a brief overview of the tasks that must be performed to configure IES services and provides the CLI commands:

  1. Associate an IES service with a customer ID.

  2. Associate customer ID with the service.

  3. Assign an IP address.

  4. Create an interface.

  5. Define SAP parameters on the interface:

    • Select nodes and ports.

    • Optional - select filter policies (configured in the config>filter context).

  6. Enable service.

Configuring IES components

Configuring an IES service

Use the following syntax to create an IES service.

The following is a sample basic IES service configuration output.

A:ALA-48>config>service#
----------------------------------------------
...
ies 1001 customer 1730 create
            description "to-internet"
            no shutdown
exit
----------------------------------------------
A:ALA-48>config>service#

Configuring IES interface parameters

The following is a sample IES configuration output with interface parameters in access-uplink mode.

*A:7210-SAS>config>service>ies>if# info
----------------------------------------------
arp-timeout 10000
allow-directed-broadcasts
icmp
ttl-expired 120 38
exit
ip-mtu 1000
----------------------------------------------
*A:7210-SAS>config>service>ies>if#

Configuring IES SAP parameters

A SAP is a combination of a port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique within a router.

When configuring IES access SAP parameters, a default QoS policy is applied to each SAP ingress. Additional QoS policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

The following is a sample IES SAP configuration output.


----------------------------------------------
*A:ALA-A>config>service>ies>if# info
----------------------------------------------
address 10.10.36.2/24
sap 1/1/3:100 create
ingress
qos 101
exit
exit
----------------------------------------------
*A:ALA-A>config>service>ies>if#

Configuring SAP parameters

A SAP is a combination of a port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique within a router.

When configuring IES access SAP parameters, a default QoS policy is applied to each SAP ingress. Additional QoS policies must be configured in the config>qos context.

Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

For 7210 SAS-D and 7210 SAS-Dxp, SAP ingress Qos policy is supported only for access SAPs. It is not supported for access-uplink SAP.

Access-uplink SAPs (on 7210 SAS-D and 7210 SAS-Dxp) use the port-based ingress and egress QoS policies.

The following is a sample IES SAP configuration output.

----------------------------------------------
*A:ALA-A>config>service>ies>if# info
----------------------------------------------
address 10.10.36.2/24
sap 1/1/3:100 create
ingress
qos 101
exit


exit
----------------------------------------------
*A:ALA-A>config>service>ies>if#

Service management tasks

This section describes the service management tasks.

Modifying IES service parameters

Existing IES service parameters in the CLI or NMS can be modified, added, removed, enabled or disabled. The changes are applied immediately to all services when the charges are applied.

To display a list of customer IDs, use the show service customer command.

Enter the parameters (such as description and SAP information) and then enter the new information.

The following is a sample modified service configuration output.

*A:ALA-A>config>service>ies# info
----------------------------------------------
ies 1000 customer 50 create
           description "This is a new description"
           interface "to-web" create
               address 10.1.1.1/24
               mac 00:dc:98:1d:00:00


               sap 1/1/5:0.* create
               exit
           exit
           no shutdown
exit
----------------------------------------------
*A:ALA-A>config>service#

Deleting an IES service

An IES service cannot be deleted until SAPs and interfaces are shut down and deleted, and the service is shut down on the service level.

Use the following syntax to delete an IES service.

config>service# 
[no] ies service-id
shutdown
[no] interface ip-int-name
shutdown
[no] sap sap-id
shutdown

Disabling an IES service

Use the following syntax to shut down an IES service without deleting the service parameters.

config>service> ies service-id
shutdown

Re-enabling an IES service

Use the following syntax to re-enable an IES service that was shut down.

config>service> ies service-id
[no] shutdown
Example:
config>service# ies 2000 
config>service>ies# no shutdown
config>service>ies# exit

IES services command reference

Command hierarchies

IES interface commands

config
    - service
        - ies service-id [customer customer-id] [create] [vpn vpn-id]
            - [no] interface ip-int-name [create]
                - address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
                - no address {ip-address/mask | ip-address netmask}
                - arp-timeout seconds
                - no arp-timeout
                - delayed-enable seconds 
                - no delayed-enable
                - description description-string
                - no description
                - dhcp
                    - description description-string
                    - no description
                    - gi-address ip-address [src-ip-addr]
                    - no gi-address 
                    - [no] option
                        - action {replace | drop | keep}
                        - no action
                        - [no] circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
                        - [no] remote-id [mac | string string]
                        - [no] vendor-specific-option
                            - [no] client-mac-address
                            - [no] sap-id
                            - [no] service-id
                            - string text
                            - no string
                            - [no] system-id
                    - no server
                    - server server1 [server2 ... (up to 8 max)]
                    - [no] shutdown
                    - [no] trusted
                - icmp
                    - mask-reply 
                    - no mask-reply
                    - redirects [number seconds]
                    - no redirects
                    - ttl-expired [number seconds]
                    - no ttl-expired
                    - unreachables [number seconds]
                    - no unreachables
                - ip-mtu octets 
                - no ip-mtu
                - ipv6 
                    - [no] urpf-check 
                - [no] loopback
                - [no] shutdown
                - static-arp ip-address ieee-address
                - no static-arp ip-address [ieee-address]
                - [no] urpf-check 

IES interface SAP commands for 7210 SAS-D and 7210 SAS-Dxp

config
    - service
        - ies service-id [customer customer-id] [create]
            - [no] interface ip-int-name
                - [no] sap sap-id [create]
                    - accounting-policy acct-policy-id
                    - no accounting-policy
                    - [no] collect-stats
                    - description description-string 
                    - no description
                    - ingress
                        - meter-override
                        - no meter-override
                            - meter meter-id [create]
                            - no meter meter-id
                                - adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
                                - no adaptation-rule
                                - cbs size-in-kbytes 
                                - cbs size [kbits | bytes | kbytes]
                                - no cbs
                                - mbs size-in-kbits 
                                - mbs size [kbits | bytes | kbytes]
                                - no mbs
                                - no mode mode 
                                - no mode
                                - rate cir cir-rate [pir pir-rate]
                    - [no] shutdown

IES interface SAP QoS and filter commands for 7210 SAS-D and 7210 SAS-Dxp

config
    - service
        - ies service-id [customer customer-id] [vpn vpn-id] [create]
            - [no] interface ip-int-name
                - [no] sap sap-id [create]
                    - egress 
                        - aggregate-meter-rate rate-in-kbps [burst burst-in-kbits] [enable-stats] 
                        - no aggregate-meter-rate 
                        - filter ip ip-filter-id
                        - filter ipv6 ipv6 -filter-id 
                        - no filter [ip ip-filter-id] [ipv6 ipv6 -filter-id] 
                    - ingress 
                        - aggregate-meter-rate rate-in-kbps [burst burst-in-kbits] [enable-stats] 
                        - no aggregate-meter-rate 
                        - filter ip ip-filter-id
                        - filter [ipv6 ipv6-filter-id] 
                        - no filter [ip ip-filter-id] [ipv6 ipv6-filter-id] 
                        - qos policy-id
                        - no qos

IES interface IPv6 commands (applicable only to access-uplink SAPs on 7210 SAS-D and 7210 SAS-Dxp)

config
    - service
        - ies service-id [customer customer-id] [create]
            - [no] interface ip-int-name [create]
                - ipv6
                - no ipv6
                    - [no] address ipv6-address/prefix-length [eui-64] [preferred]
                    - icmp6
                        - [no] packet-too-big number seconds
                        - [no] param-problem number seconds
                        - [no] redirects number seconds
                        - [no] time-exceeded number seconds
                        - [no] unreachables number seconds
                    - [no] link-local-address ipv6-address [preferred]
                    - [no] neighbor ipv6-address mac-address

Show commands

show
    - service
        - customer [customer-id] [site customer-site-name]
        - sap-using [sap sap-id]
        - sap-using interface [ip-address | ip-int-name]
        - sap-using [ingress | egress] filter filter-id
        - sap-using [ingress] qos-policy qos-policy-id
        - service-using [ies] [customer customer-id]
        - id service-id
            - all
            - arp [ip-address] | [mac ieee-address] | [sap sap-id] | [interface ip-int-name]
            - base
            - dhcp
                - statistics [sap sap-id] | [sdp sdp-id:vc-id] | [interface interface-name]
                - summary [interface interface-name | saps]
            - interface [ip-address | ip-int-name] [detail |summary]

Command descriptions

IES service configuration commands

Generic commands
shutdown
Syntax

[no] shutdown

Context

config>service>ies

config>service>ies>if

config>service>ies>if>dhcp

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities are described as follows in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Special Cases
IES

The default administrative status of an Internet Enhanced Service (IES) is down. While the service is down, all its associated virtual router interfaces are operationally down. The administrative state of the service is not reflected in the administrative state of the virtual router interface.

For example, if the following are true:

  • an IES service is operational and an associated interface is shut down

  • the IES service is administratively shutdown and brought back up

  • the interface shutdown remains in administrative shutdown state

A service is regarded as operational if one IP Interface is operational.

IES IP Interfaces

When the IP interface is shut down, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out the SAP, and all packets received on the SAP are dropped while incrementing the packet discard counter.

description
Syntax

description description-string

no description

Context

config>service>ies

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Parameters
description-string

Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

IES global commands
ies
Syntax

ies service-id customer customer-id [create] [vpn vpn-id]

no ies service-id

Context

config>service

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command creates or edits an IES service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IP interfaces defined within the context of an IES service ID must have a SAP created.

When a service is created, the customer keyword and customer-id must be specified to associate the service with a customer. The customer-id must already exist having been created using the customer command in the service context. After a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

More than one IP interface may be created within a single IES service ID.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters
service-id

Specifies the unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7210 SAS on which this service is defined.

Values

service-id: 1 to 2147483648

customer customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn-id

Specifies the VPN ID assigned to the service.

Values

1 to 2147483647

service-name
Syntax

service-name service-name

no service-name

Context

config>service>epipe

config>service>ies

config>service>vpls

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command configures a service name that can be used in other configuration commands and show commands that reference the service.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used o identify and reference a specific service when it is initially created.

Parameters
service-name

Specifies a unique service name to identify the service, up to 64 characters. Service names may not begin with an integer (0-9).

IES interface IPv6 commands
ipv6
Syntax

[no] ipv6

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

Commands in this context configure IPv6 for an IES interface.

Note:

IES interface IPv6 commands are only supported for access-uplink SAPs on the 7210 SAS-D and 7210 SAS-Dxp.

address
Syntax

address ipv6-address/prefix-length [eui-64]

no address ipv6-address/prefix-length

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command assigns an IPv6 address to the IES interface.

Parameters
ipv6-address/prefix-length

Specifies the IPv6 address on the interface.

Values

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 — FFFF]H

d [0 — 255]D

prefix-length:

1 to 128 (7210 SAS-D)

0 to 64 (7210 SAS-Dxp)

eui-64

Keyword that specifies that a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.

icmp6
Syntax

icmp6

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures ICMPv6 parameters for the IES interface.

packet-too-big
Syntax

packet-too-big [number seconds]

no packet-too-big

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies whether ‟packet-too-big” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟packet-too-big” messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 ‟packet-too-big” messages.

Default

100 10

Parameters
number

Specifies the number of ‟packet-too-big” ICMPv6 messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame in seconds that is used to limit the number of ‟packet-too-big” ICMPv6 messages issued.

Values

1 to 60

Default

10

param-problem
Syntax

param-problem [number seconds]

no param-problem

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies whether ‟parameter-problem” ICMPv6 messages should be sent. When enabled, ‟parameter-problem” ICMPv6 messages are generated by this interface.

The no form of this command disables the sending of ‟parameter-problem” ICMPv6 messages.

Default

100 10

Parameters
number

Specifies the number of ‟parameter-problem” ICMPv6 messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame in seconds that is used to limit the number of ‟parameter-problem” ICMPv6 messages issued.

Values

1 to 60

Default

10

redirects
Syntax

redirects [number seconds]

no redirects

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures ICMPv6 ‟redirect” messages. When enabled, ICMPv6 redirects are generated when routes are not optimal on this router, and another router on the same subnetwork has a better route to alert that node that a better route is available.

The no form of this command disables the sending of ICMPv6 ‟redirect” messages.

Default

100 10

Parameters
number

Specifies the number of version 6 redirects are to be issued in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame in seconds that is used to limit the number of version 6 redirects issued.

Values

1 to 60

Default

10

time-exceeded
Syntax

time-exceeded [number seconds]

no time-exceeded

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies whether ‟time-exceeded” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟time-exceeded” messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 ‟time-exceeded” messages.

Default

100 10

Parameters
number

Specifies the number of ‟time-exceeded” ICMPv6 messages are to be issued in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame in seconds that is used to limit the number of ‟time-exceeded” ICMPv6 message to be issued.

Values

1 to 60

Default

10

unreachables
Syntax

unreachables [number seconds]

no unreachables

Context

config>service>ies>if>ipv6>icmp6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies that ICMPv6 host and network ‟unreachables” messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 host and network ‟unreachables” messages.

Default

100 10

Parameters
number

Specifies the number of destination ‟unreachables” ICMPv6 messages are issued in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame in seconds that is used to limit the number of destination ‟unreachables” ICMPv6 messages to be issued.

Values

1 to 60

Default

10

link-local-address
Syntax

link-local-address ipv6-address [preferred]

no link-local-address

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the IPv6 link local address.

Parameters
ipv6-address

Specifies the IPv6 link local address.

preferred

Specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred addresses may be used as the source (or destination) address of packets sent from (or to) the interface.

neighbor
Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

config>service>ies>if>ipv6

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures IPv6-to-MAC address mapping on the IES interface.

Parameters
ipv6-address

Specifies the IPv6 address of the interface for which to display information.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length: 1 to 128 (7210 SAS-D)

1 to 64 (7210 SAS-Dxp)

mac-address

Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

IES interface commands
interface
Syntax

interface ip-int-name [create]

no interface ip-int-name

Context

config>service>ies

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description
Note:

On 7210 SAS-K 2F1C2T, an IES interface must always be associated with RVPLS. It cannot be used "standalone".

This command creates a logical IP routing interface for an IES. When created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and default routing.

Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for config service ies interface (that is, the network core router instance). Interface names must not be in the dotted decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shut down before issuing the no interface command.

For IES services, the IP interface must be shut down before the SAP on that interface may be removed.

Parameters
ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID, an error occurs and the context is not changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

address
Syntax

address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

address [ip-address mask | ip-address netmask]

no address

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command assigns an IP address and IP subnet to an IES IP router interface. Only one IP address can be associated with an IP interface. An IP address must be assigned to each IES IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7210 SAS.

The IP address for the interface can be entered in either the Classless Inter-Domain Routing (CIDR) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of this command removes the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.

Address

Admin state

Oper state

No address

up

down

No address

down

down

1.1.1.1

up

up

1.1.1.1

down

down

The operational state is a read-only variable. The address and admin states are the only controlling variable and can be set independently. If an address is assigned to an interface that is in an adminstratively up state, it becomes operationally up.

Parameters
ip-address

Specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).

Values

a.b.c.d (no multicast/broadcast address)

/

The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.

mask

Specifies the subnet mask length when the IP prefix is specified in CIDR notation. In the CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. A mask length of 32 is reserved for system IP addresses.

Values

0 to 32

netmask

Specifies the subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical ‟AND” function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range of 128.0.0.0 to 255.255.255.254. A mask of 255.255.255.255 is reserved for system IP addresses.

Values

a.b.c.d (network bits all 1 and host bits all 0)

broadcast

Keyword to configure the broadcast format.

Values

all-ones, host-ones

arp-timeout
Syntax

arp-timeout seconds

no arp-timeout

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command configures the minimum time in seconds an ARP entry learned on the IP interface is stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.

The no form of this command reverts to the default value.

Default

14400

Parameters
seconds

Specifies the minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries are not aged.

Values

0 to 65535

allow-directed-broadcasts
Syntax

[no] allow-directed-broadcasts

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command enables the forwarding of directed broadcasts out of the IP interface. A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.

When enabled, a frame destined to the local subnet on this IP interface is sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.

When disabled, directed broadcast packets discarded at this egress IP interface are counted in the normal discard counters for the egress SAP.

By default, directed broadcasts are not allowed and are discarded at this egress IP interface.

The no form of this command disables the forwarding of directed broadcasts out of the IP interface.

Default

no allow-directed-broadcasts

delayed-enable
Syntax

delayed-enable seconds [init-only]

no delayed-enable

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command delays making an interface operational by the specified number of seconds. In environments with many subscribers, it can take time to synchronize the subscriber state between peers when the subscriber-interface is enabled (for example, after a reboot). The delayed-enable timer can be specified to ensure that the state has time to be synchronized. The optional init-only parameter can be added to use this timer only after a reboot.

Default

no delayed-enable

Parameters
seconds

Specifies the number of seconds to delay before the interface is operational.

Values

1 to 1200

init-only

Keyword to specify to use this timer only after a reboot.

urpf-check
Syntax

[no] urpf-check

Context

config>service>ies>interface

config>service>ies>interface>ipv6

Description

This command enables the unicast RPF (uRPF) check on this interface.

The no form of this command disables the uRPF check on this interface.

Default

no urpf-check

ip-mtu
Syntax

ip-mtu octets

no ip-mtu

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the IP maximum transmit unit (MTU) (packet size) for the interface.

The MTU that is advertised from the IES size is the following:

MINIMUM ((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

By default, for an Ethernet network interface, if no ip-mtu is configured, the packet size is (1568 - 14) = 1554.

The no form of this command reverts to the default value.

Default

no ip-mtu

Parameters
octets

Specifies the number of octets in the IP-MTU.

Values

512 to 9000

loopback
Syntax

[no] loopback

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command specifies that the associated interface is a loopback interface that has no associated physical interface. As a result, the associated IES interface cannot be bound to a SAP.

Configure an IES interface as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined, and a SAP cannot be defined on a loopback interface.

static-arp
Syntax

static-arp ip-address ieee-address

no static-arp ip-address [ieee-address]

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T.

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can be configured only if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address is replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters
ip-address

Specifies the IP address for the static ARP in IP address dotted decimal notation.

ieee-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

vpls
Syntax

vpls service-name

Context

config>service

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command, within the IP interface context, is used to bind the IP interface to the specified service name.

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). When the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system immediately attempts to resolve the specific name.

If a VPLS service is associated with the name and the allow-ip-int-binding flag is set, the IP interface will be attached to the VPLS service allowing routing to and from the service virtual ports when the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-binding flag set or a non-VPLS service associated with the name will be ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-binding flag is set at the time the name is applied, the VPLS service is automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-binding flag set, the system does not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-binding flag set will be attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

When an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-binding flag cannot be removed until the attached IP interface is unbound from the service name. Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.

Parameters
service-name

Specifies the service name that the system will attempt to resolve to an allow-ip-int-binding enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

ingress
Syntax

ingress

Context

config>service>ies>if>vpls

Platforms

7210 SAS-D, 7210 SAS-Dxp, and 7210 SAS-K 2F1C2T

Description

The ingress node in this context under the VPLS binding defines the routed IP filter ID optional filter overrides.

v4-routed-override-filter
Syntax

v4-routed-override-filter ip-filter-id

no v4-routed-override-filter

Context

config>service>ies>if>vpls>ingress

Platforms

7210 SAS-D, 7210 SAS-Dxp, and 7210 SAS-K 2F1C2T

Description

The v4-routed-override-filter command is used to specify an IP filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IP filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IP routed packets uses the any existing ingress IP filter on the VPLS virtual port.

The no form of this command is used to remove the IP routed override filter from the ingress IP interface. When removed, the IP ingress routed packets within a VPLS service attached to the IP interface uses the IP ingress filter applied to the packets virtual port when defined.

Parameters
ip-filter-id

Specifies the ID for the IP filter policy. Allowed values are an integer in the range of 1 and 65535 that corresponds to a previously created IP filter policy in the configure>filter>ip-filter context.

Values

1 to 65535

IES interface DHCP commands
dhcp
Syntax

dhcp

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

Commands in this context configure DHCP parameters.

gi-address
Syntax

gi-address ip-address [src-ip-addr]

no gi-address

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. When the router functions as a DHCP relay, the GI address is needed to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address.

Default

no gi-address

Parameters
ip-address

Specifies the host IP address to be used for DHCP relay packets.

src-ip-address

Keyword that specifies that the GI address is to be used as the source IP address for DHCP relay packets.

option
Syntax

[no] option

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables DHCP Option 82 (Relay Agent Information Option) parameter processing and enters the context for configuring Option 82 suboptions.

The no form of this command reverts to the default value.

Default

no option

action
Syntax

action {replace | drop | keep}

no action

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the processing required when the 7210 SAS receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command reverts to the default value.

Parameters
replace

In the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).

drop

Keyword to specify that the DHCP packet is dropped if an Option 82 field is present, and a counter is incremented.

keep

Keyword to specify that the existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on toward the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router inserts its own VSO into the Option 82 field. This occurs only when the incoming message already has an Option 82 field.

If no Option 82 field is present, the router does not create the Option 82 field. In this case, no VSO is added to the message.

circuit-id
Syntax

circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]

no circuit-id

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command sends an ASCII-encoded tuple in the circuit-id suboption of the DHCP packet.

To send a tuple in the circuit ID, the action replace command must be configured in the same context.

If disabled, the circuit-id suboption of the DHCP packet is left empty.

The no form of this command reverts to the default value.

Default

circuit-id

Parameters
ascii-tuple

Specifies that the ASCII-encoded concatenated tuple is used, which consists of the access-node-identifier, service-id, and interface-name, separated by ‟|”.

ifindex

Specifies that the interface index is used. (The If Index of a router interface can be displayed using the show router interface detail command)

sap-id

Specifies that the SAP identifier is used.

vlan-ascii-tuple

Specifies that the format includes VLAN-id and dot1p bits in addition to what is included in ascii-tuple. The format is supported on dot1q-encapsulated ports only. Therefore, when the Option 82 bits are stripped, dot1p bits are copied to the Ethernet header of an outgoing packet.

remote-id
Syntax

[no] remote-id [mac | string string]

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies what information goes into the remote-id suboption in the DHCP Relay packet.

If disabled, the remote-id suboption of the DHCP packet is left empty.

The no form of this command reverts to the default value.

Default

no remote-id

Parameters
mac

Keyword that specifies the MAC address of the remote end is encoded in the suboption.

string string

Specifies the remote-id.

vendor-specific-option
Syntax

[no] vendor-specific-option

Context

config>service>ies>if>dhcp>option

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the vendor-specific suboption of the DHCP relay packet.

client-mac-address
Syntax

[no] client-mac-address

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.

The no form of this command disables the sending of the MAC address in the vendor-specific suboption of the DHCP relay packet.

sap-id
Syntax

[no] sap-id

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.

The no form of this command disables the sending of the SAP ID in the vendor-specific suboption of the DHCP relay packet.

service-id
Syntax

[no] service-id

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.

The no form of this command disables the sending of the service ID in the vendor-specific suboption of the DHCP relay packet.

string
Syntax

[no] string text

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies the string in the vendor-specific suboption of the DHCP relay packet.

The no form of this command reverts to the default value.

Parameters
text

Specifies a string that can be any combination of ASCII characters up to 32 characters. If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

system-id
Syntax

[no] system-id

Context

config>service>ies>if>dhcp>option>vendor

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies whether the system ID is encoded in the vendor-specific suboption of Option 82.

server
Syntax

server server1 [server2 ... (up to 8 max)]

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers, the request is forwarded to all the servers in the list.

There can be a maximum of 8 DHCP servers configured.

Default

no server

Parameters
server

Specifies the DHCP server IP address.

trusted
Syntax

[no] trusted

Context

config>service>ies>if>dhcp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables relaying of untrusted packets.

The no form of this command disables the relay.

Default

no trusted

IES interface ICMP commands
icmp
Syntax

icmp

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

Commands in this context configure Internet Control Message Protocol (ICMP) parameters on an IES service

mask-reply
Syntax

[no] mask-reply

Context

config>service>ies>if>icmp

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command enables responses to Internet Control Message Protocol (ICMP) mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance replies to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default

mask-reply

redirects
Syntax

redirects [number seconds]

no redirects

Context

config>service>ies>if>icmp

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command configures the rate for ICMP redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects are issued can be controlled with the optional number and seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a specific time interval.

By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP redirects on the router interface.

Default

redirects 100 10

Parameters
number

Specifies the maximum number of ICMP redirect messages to send. This parameter must be specified with the seconds parameter.

Values

10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP redirect messages that can be issued.

Values

1 to 60

ttl-expired
Syntax

ttl-expired number seconds

no ttl-expired

Context

config>service>ies>if>icmp

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command configures the rate ICMP TTL expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the limiting the rate of TTL expired messages on the router interface.

Default

ttl-expired 100 10

Parameters
number

Specifies the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.

Values

10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer.

Values

1 to 60

unreachables
Syntax

unreachables [number seconds]

no unreachables

Context

config>service>ies>if>icmp

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T

Description

This command configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and time parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a specific time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 10 per 60 second time interval.

The no form of this command disables the generation of icmp destination unreachable messages on the router interface.

Default

unreachables 100 10

Parameters
number

Specifies the maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.

Values

10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP unreachable messages that can be issued.

Values

1 to 60

IES interface SAP commands
sap
Syntax

sap sap-id [create]

no sap sap-id

Context

config>service>ies>if

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command creates a SAP within a service. A SAP is a combination of port and encapsulation parameters that identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP does not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can be associated with only a single service. A SAP can be defined only on a port that has been configured as an access uplink port using the configure port port number ethernet mode access uplink command.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down, although all traffic traversing the service is discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted.

Special Cases
IES

A SAP is defined within the context of an IP routed interface. Each IP interface is limited to a single SAP definition. Attempts to create a second SAP on an IP interface will fail and generate an error; the original SAP will not be affected.

Parameters
sap-id

Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format; for example 1/1/1 specifies port 1 on MDA 1 in slot 1.

The port-id must reference a valid port type. The port must be configured as an uplink access port.

create

Keyword used to create a SAP instance. The create keyword requirement can be enabled or disabled in the environment>create context.

accounting-policy
Syntax

accounting-policy acct-policy-id

no accounting-policy [acct-policy-id]

Context

config>service>ies>if>sap

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the accounting policy context that can be applied to a SAP.

An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default

default accounting policy

Parameters
acct-policy-id

Specifies the accounting policy-id, as configured in the config>log> accounting-policy context.

Values

1 to 99

collect-stats
Syntax

no] collect-stats

Context

config>service>ies>if>sap

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command enables accounting and statistical data collection for either the SAP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated by the cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

no collect-stats

IES filter and QoS commands
egress
Syntax

egress

Context

config>service>ies>if>sap

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T.

Description

Commands in this context apply egress policies.

ingress
Syntax

ingress

Context

config>service>ies>if>sap

Platforms

7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T.

Description

Commands in this context apply ingress policies.

aggregate-meter-rate
Syntax

aggregate-meter-rate rate-in-kbps [burst burst-in-kbits] [enable-stats]

no aggregate-meter-rate

Context

config>service>ies>if>sap>egress

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the access SAP egress aggregate policer. The rate of the SAP egress aggregate policer must be specified. The user can optionally specify the burst size for the SAP aggregate policer. The aggregate policer monitors the traffic sent out of the SAP and determines the final disposition of the packet, which is either forwarded or dropped.

The user can optionally associate a set of two counters to count total forwarded packets and octets and total dropped packets and octets. When this counter is enabled, the amount of resources required increases by twice the amount of resources taken up when the counter is not used. If the enable-stats keyword is specified during the creation of the meter, the counter is allocated by the software, if available. To free up the counter and relinquish its use, use the no aggregate-meter-rate command and then recreate the meter using the aggregate-meter rate command.

If egress frame-based accounting is used, the SAP egress aggregate meter rate accounts for the Ethernet frame overhead. The system accounts for 12 bytes of IFG and 8 bytes of start delimiter. Frame-based accounting does not affect the count of octets maintained by the counter (if in use).

Note:

  • Before enabling this command for a SAP, resources must be allocated to this feature from the egress-internal-tcam resource pool using the config system resource-profile egress-internal-tcam egress-sap-aggregate-meter command. Refer to the 7210 SAS-D, Dxp, K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Basic System Configuration Guide for more information.

  • The egress aggregate meter is not FC-aware. The forward and drop decisions are taken based on the order in which the packets are sent out of the SAP by the egress port scheduler.

The no form of this command removes the egress aggregate policer from use.

Default

no aggregate-meter-rate

Parameters
rate-in-kbps

Specifies the rate in kilobits per second.

Values

1 to 4000000 | max

Default

max

burst-in-kbits

Specifies the burst size for the policer in kilobits. The burst size cannot be configured without configuring the rate.

Values

4 to 16384

Default

512

enable-stats

Specifies whether the counter to count forwarded and dropped packets and octets is allocated. If this keyword is used while configuring the meter, the counter is allocated.

aggregate-meter-rate
Syntax

aggregate-meter-rate rate-in-kbps [burst burst-in-kbits]

no aggregate-meter-rate

Context

config>service>ies>if>sap>ingress

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the SAP ingress aggregate policer. The rate of the SAP ingress aggregate policer must be specified. The user can optionally specify the burst size for the SAP aggregate policer. The aggregate policer monitors the ingress traffic on different FCs and determines the final disposition of the packet. The packet is either forwarded to an identified profile or dropped.

The sum of CIR of the individual FCs configured under the SAP cannot exceed the PIR rate configured for the SAP. Although the 7210 SAS software does not block this configuration, it is not recommended.

The following table lists the final disposition of the packet based on the operating rate of the per-FC policer and the per-SAP aggregate policer:

Table 1. Final disposition of the packet based on per-FC and per-SAP policer or meter

Per FC meter operating rate

Per FC assigned color

SAP aggregate meter operating rate

SAP aggregate meter color

Final packet color

Within CIR

Green

Within PIR

Green

Green or

In-profile

Within CIR 1

Green

Above PIR

Red

Green or

In-profile

Above CIR, Within PIR

Yellow

Within PIR

Green

Yellow or

Out-of-Profile

Above CIR, Within PIR

Yellow

Above PIR

Red

Red or

Dropped

Above PIR

Red

Within PIR

Green

Red or

Dropped

Above PIR

Red

Above PIR

Red

Red or

Dropped

When the SAP aggregate policer is configured, the per-FC policer can be configured only in ‟trtcm2” mode (RFC 4115).

The meter modes ‟srtcm” and ‟trtcm1” are used in the absence of an aggregate meter.

The SAP ingress meter counters increment the packet or octet counts based on the final disposition of the packet.

If ingress frame-based accounting is used, the SAP aggregate meter rate accounts for the Ethernet frame overhead. The system accounts for 12 bytes of IFG and 8 bytes of start delimiter.

The no form of this command removes the aggregate policer from use.

Default

no aggregate-meter-rate

Parameters
rate-in-kbps

Specifies the rate in kilobits per second.

Values

0 to 20000000 | max

Default

max

burst-in-kilobits

Specifies the burst size for the policer in kilobits. The burst size cannot be configured without configuring the rate.

Values

4 to 2146959

Default

512

filter
Syntax

filter ipv6 ipv6-filter-id

filter ip ip-filter-id

no filter

Context

config>service>ies>if>sap>egress

config>service>ies>if>sap>ingress

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command associates a filter policy with an ingress or egress SAP. Filter policies control the forwarding and dropping of packets based on the matching criteria.

The filter command associates a filter policy with a specified ip-filter-id with an ingress or egress SAP. The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message is returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to the match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP. The filter ID is not removed from the system.

Special Cases
IES

Only IP filters are supported on an IES IP interface, and the filters only apply to routed traffic.

Parameters
ip

Keyword indicating the filter policy is an IP filter.

ipv6

Keyword indicating the filter policy is an IPv6 filter.

ip-filter-id

Specifies the ID for the IP filter policy. Allowed values are an integer that corresponds to a previously created IP filter policy in the configure>filter>ip-filter context.

Values

1 to 65535

ipv6 ipv6-filter-id

Specifies the IPv6 filter policy. The filter ID must already exist within the created IPv6 filters.

Values

1 to 65535

qos
Syntax

qos policy-id

no qos

Context

config>service>ies>sap>ingress

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command associates a Quality of Service (QoS) policy with an ingress SAP or IP interface.

QoS ingress policies are important for the enforcement of SLA agreements. The policy ID must be defined before associating the policy with a SAP. If the policy-id does not exist, an error is returned.

The qos command is used to associate ingress policies. The qos command only allows ingress policies to be associated on SAP ingress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a specific type returns an error.

By default, if no specific QoS policy is associated with the SAP for ingress, the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters
policy-id

Specifies the ingress policy ID to associate with SAP on ingress. The policy ID must already exist.

Values

1 to 65535

meter-override
Syntax

[no] meter-override

Context

config>service>ies>if>sap>ingress

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command creates a CLI node for specific overrides to one or more meters created on the SAP through the SAP-ingress QoS policies.

The no form of this command removes any existing meter overrides.

Default

no meter-overrides

meter
Syntax

meter meter-id [create]

no meter meter-id

Context

config>service>ies>if>sap>ingress>meter-override

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command creates a CLI node for overrides to a specific meter created on the SAP through SAP-ingress QoS policies.

The no form of this command removes any existing overrides for the specified meter-id.

Parameters
meter-id

Specifies the meter ID and is required when executing the meter command in the meter-overrides context. The meter-id must exist within the SAP-ingress QoS policy applied to the SAP. If the meter is not currently used by any forwarding class or forwarding type mappings, the meter will not actually exist on the SAP. This does not preclude creating an override context for the meter ID.

create

Keyword that is required when a meter meter-id override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

adaptation-rule
Syntax

adaptation-rule [pir adaptation-rule] [cir adaptation-rule]

no adaptation-rule

Context

config>service>ies>if>sap>ingress>meter-override>meter

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command overrides specific attributes of the specified meter adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the meter is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default

no adaptation-rule

Parameters
pir

Keyword that defines the constraints enforced when adapting the PIR rate defined within the meter-override meter meter-id command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the meter-override command is not specified, the default applies.

Note:

When the meter mode in use is ‟trtcm2”, this parameter is interpreted as the EIR value. Refer to the 7210 SAS-D, Dxp Quality of Service Guide and 7210 SAS-K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Quality of Service Guide for a description and relevant notes about meter modes.

cir

Keyword that defines the constraints enforced when adapting the CIR rate defined within the meter-override meter meter-id command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

adaptation-rule

Specifies the criteria to compute the operational CIR and PIR values for this meter, while maintaining a minimum offset.

Values

max — Keyword that is mutually exclusive with the min and closest options. When max (maximum) is defined, the operational PIR for the meter is equal to or less than the administrative rate specified using the meter-override command.

min — Keyword that is mutually exclusive with the max and closest options. When min (minimum) is defined, the operational PIR for the queue is equal to or greater than the administrative rate specified using the meter-override command.

closest — Keyword that is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the meter is the rate closest to the rate specified using the meter-override command.

cbs
Syntax

cbs size [kbits | bytes | kbytes]

no cbs

Context

config>service>ies>if>sap>ingress>meter-override>meter

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command overrides the default committed burst size (CBS) for the meter. The cbs command specifies the maximum burst size that can be transmitted by the source while still complying with the CIR. If the transmitted burst is lower than the CBS value, the packets are marked as in-profile by the meter to indicate that the traffic is complying with meter configured parameters.

The no form of this command reverts the CBS size to the default value.

Default

32 kbits

Parameters
size

Specifies the value in kbits, bytes, or kilobytes.

Values

For 7210 SAS-D:

kbits — 4 to 16384, default

bytes — 512 to 2097152, default

kbytes — 1 to 2048, default

For 7210 SAS-Dxp:

kbits — 4 to 2146959, default

bytes — 512 to 274810752, default

kbytes — 1 to 268369, default

mbs
Syntax

mbs size [kbits | bytes | kbytes]

no mbs

Context

config>service>ies>if>sap>ingress>meter-override>meter

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command provides a mechanism to override the default maximum burst size (MBS) for the meter. The mbs command specifies the maximum burst size that can be transmitted by the source while still complying with the PIR. If the transmitted burst is lower than the MBS value, the packets are marked as in-profile by the meter to indicate that the traffic is complying with meter configured parameters.

The no form of this command reverts the MBS size to the default value.

Default

32 kbits

Parameters
size

Specifies the value in kbits, bytes, or kilobytes.

Values

For 7210 SAS-D:

kbits — 4 to 16384, default

bytes — 512 to 2097152, default

kbytes — 1 to 2048, default

For 7210 SAS-Dxp:

kbits — 4 to 2146959, default

bytes — 512 to 274810752, default

kbytes — 1 to 268369, default

mode
Syntax

mode mode

no mode

Context

config>service>ies>if>sap>ingress>meter-override>meter

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command within the SAP ingress meter-overrides contexts is used to override the sap-ingress QoS policy configured mode parameters for the specified meter ID.

The no form of this command restores the policy defined metering and profiling mode to a meter.

Parameters
mode

Specifies the rate mode of the meter-override.

Values

trtcm1, trtcm2, srtcm

rate
Syntax

rate cir cir-rate [pir pir-rate]

no rate

Context

config>service>ies>if>sap>ingress>meter-override>meter

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command overrides the SAP-ingress QoS policy configured rate parameters for the specified meter ID.

The no form of this command restores the policy defined metering and profiling rate to a meter.

Default

max

The max default specifies the amount of bandwidth in kilobits per second (thousand bits per second). The max value is mutually exclusive to the pir-rate value.

Parameters
pir-rate

Specifies the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be specified as a positive integer.

Note:

When the meter mode is set to ‟trtcm2” the PIR value is interpreted as the EIR value. Refer to the 7210 SAS-D, Dxp Quality of Service Guide and 7210 SAS-K 2F1C2T, K 2F6C4T, K 3SFP+ 8C Quality of Service Guide for more information.

The actual PIR rate is dependent on the queue adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values

0 to 4000000, max (7210 SAS-D)

0 to 20000000, max (7210 SAS-Dxp)

Default

max

cir-rate

Specifies to override the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be specified as a positive integer.

Values

0 to 4000000, max (7210 SAS-D)

0 to 20000000, max (7210 SAS-Dxp)

Default

0

IES interface SAP Statistics commands
statistics
Syntax

statistics

Context

config>service>>ies>interface>sap

Platforms

7210 SAS-D

Description

Commands in this context configure the counters associated with SAP ingress and egress.

egress
Syntax

egress

Context

config>service>>ies>interface>sap>statistics

Platforms

7210 SAS-D

Description

Commands in this context configure the egress SAP statistics counter and set the mode of the counter.

This counter counts the number of packets forwarded through the SAP.

ingress
Syntax

ingress

Context

config>service>>ies>interface>sap>statistics

Platforms

7210 SAS-D

Description

Commands in this context configure the ingress SAP statistics counter.

By default, SAP ingress counters are associated with a SAP and cannot be disabled.

The IES service supports a counter that counts the total packets or octets received on the SAP.

forwarded-count
Syntax

[no] forwarded-count

Context

config>service>ies>if>sap>statistics>egress

Platforms

7210 SAS-D

Description

This command associates a counter with the SAP. The counter counts the number of packets forwarded through the SAP.

A limited number of such counters are available for use with access SAPs and access-uplink SAPs.

Use this command before enabling applicable accounting record collection on the SAP to associate a counter with the SAP.

The no form of this command disables the packet count.

counter-mode
Syntax

counter-mode {in-out-profile-count | forward-drop-count}

Context

config>service>ies>interface>sap>statistics>ingress

Platforms

7210 SAS-D

Description

This command sets the mode of ingress counters associated with the SAP to either octets or packets. On IES SAPs, collect stats cannot be enabled so the mode of the counter can be changed without any reference. Changing the mode of the counter results in loss of previously collected counts and resets the counter.

The no form of this command is not supported.

Default

in-out-profile-count

Parameters
in-out-profile-count

Keyword to specify that one counter counts the total in-profile packets and octets received on ingress of a SAP and another counts the total out-of-profile packets and octets received on ingress of a SAP. A packet is determined to be in-profile or out-of-profile based on the meter rate parameters configured. A packet is dropped by the policer if it exceeds the configured PIR rate. Dropped counts are not maintained in hardware when this mode is used. It is obtained by subtracting the sum of in-profile count and out-of-profile count from the total SAP ingress received count and displayed.

forward-drop-count

Keyword to specify that one counter counts the forwarded packets and octets received on ingress of a SAP and another counts the dropped packets. The forwarded count is the sum of in-profile and out-of-profile packets/octets received on SAP ingress. The dropped count is count of packets/octets dropped by the policer. A packet is determined to be in-profile or out-of-profile based on the meter rate parameters configured. A packet is dropped by the policer if it exceeds the configured PIR rate. The in-profile count and out-of-profile count is not individually available when operating in this mode.

received-count
Syntax

[no] received-count

Context

config>service>ies>if>sap>statistics>ingress

Platforms

7210 SAS-D

Description

This command associates a counter with a SAP. It counts the number of packets and octets received on the SAP (ingress).

A limited number of such counters are available for use with access-uplink SAPs.

Use this command before enabling applicable accounting record collection on the SAP.

The no form of this command disables the counter.

1 This configuration is not recommended.