Beruflich Dokumente
Kultur Dokumente
com
RAX711-C (A)
Configuration Guide
(Rel_01)
-----------------------------------------------------------------------------------------------------------------------------------------
Notice
Copyright © 2017
Raisecom
All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom
Technology Co., Ltd.
Preface
Objectives
This document introduces features and related configurations supported by the RAX711-C,
including basic principles and configuration procedures of basic configurations, zero-
configuration, interface management, Ethernet, IP services, routing, OAM, QoS, network
reliability, security, and system management and maintenance. In addition, this document
provides related configuration examples. The appendix of this document provides terms,
acronyms, and abbreviations involved in this document.
This document helps you master principles and configurations of the RAX711-C
systematically, and networking with the RAX711-C.
Versions
The following table lists the product versions related to this document.
Conventions
Symbol conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicate a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
Symbol Description
Provide additional information to emphasize or supplement
important points of the main text.
Indicate a tip that may help you solve a problem or save time.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.
Boldface Names of files, directories, folders, and users are in boldface.
For example, log in as user root.
Italic Book titles are in italics.
Lucida Console Terminal display is in Lucida Console.
Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book
Antiqua.
Command conventions
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... } Alternative items are grouped in braces and separated by
vertical bars. Only one is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and
separated by vertical bars. A minimum of none or a maximum
of all can be selected.
interface-number Interface ID, varying with the device model and interface type,
ranging as below:
client: 1–12
line: 1–4
snmp: 1
vlan: 1–4094
port-channel: 1–3
loopback: 1
Change history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 01 (2017-07-10)
Initial commercial release
Contents
3 Zero-configuration ...................................................................................................................... 28
3.1 Introduction .................................................................................................................................................... 28
3.1.1 Principles of zero-configuration ............................................................................................................ 28
3.1.2 CO zero-configuration .......................................................................................................................... 30
3.1.3 Zero-configuration of remote device..................................................................................................... 32
3.2 Configuring local zero-configuration ............................................................................................................. 33
3.2.1 Preparing for configurations ................................................................................................................. 33
3.2.2 Configuring zero-configuration server based on extended OAM ......................................................... 33
3.2.3 Configuring zero-configuration server based on DHCP ....................................................................... 35
3.2.4 Checking configurations ....................................................................................................................... 38
3.3 Configuring remote zero-configuration .......................................................................................................... 38
3.3.1 Preparing for configurations ................................................................................................................. 38
3.3.2 (Optional) configuring remote zero-configuration ................................................................................ 39
3.3.3 (Optional) configuring zero-configuration polling ................................................................................ 40
3.3.4 Checking configurations ....................................................................................................................... 40
3.4 Configuration examples ................................................................................................................................. 40
3.4.1 Example for configuring DHCP-based zero-configuration ................................................................... 40
3.4.2 Example for configuring zero-configuration based on extended OAM ................................................ 42
4 IP routing ...................................................................................................................................... 45
4.1 Introduction .................................................................................................................................................... 45
4.1.1 Routing.................................................................................................................................................. 45
4.1.2 Static route ............................................................................................................................................ 45
4.1.3 ARP ....................................................................................................................................................... 46
4.1.4 DHCP .................................................................................................................................................... 46
Raisecom Proprietary and Confidential
v
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide Preface
5 Ethernet ......................................................................................................................................... 63
5.1 Introduction .................................................................................................................................................... 63
5.1.1 MAC address table ................................................................................................................................ 63
5.1.2 VLAN ................................................................................................................................................... 66
5.1.3 Super VLAN ......................................................................................................................................... 69
5.1.4 QinQ...................................................................................................................................................... 71
5.1.5 Loop detection ...................................................................................................................................... 72
5.1.6 Interface protection ............................................................................................................................... 72
5.1.7 Port mirroring........................................................................................................................................ 72
5.1.8 Storm control ........................................................................................................................................ 73
5.1.9 L2CP ..................................................................................................................................................... 74
5.2 Configuring MAC address table..................................................................................................................... 74
5.2.1 Preparing for configurations ................................................................................................................. 74
5.2.2 Configuring static MAC address table .................................................................................................. 75
5.2.3 Configuring dynamic MAC address table ............................................................................................. 75
5.2.4 Configuring blackhole MAC address .................................................................................................... 76
11 Security...................................................................................................................................... 219
11.1 Introduction ................................................................................................................................................ 219
11.1.1 ACL ................................................................................................................................................... 219
11.1.2 CPU protection .................................................................................................................................. 219
11.1.3 RADIUS ............................................................................................................................................ 220
11.1.4 TACACS+ ......................................................................................................................................... 220
11.2 Configuring ACL ........................................................................................................................................ 221
11.2.1 Preparing for configurations .............................................................................................................. 221
11.2.2 Configuring ACL .............................................................................................................................. 221
11.2.3 Configuring filter .............................................................................................................................. 223
11.2.4 Checking configurations ................................................................................................................... 223
11.3 Configuring CPU protection....................................................................................................................... 223
11.3.1 Preparing for configurations .............................................................................................................. 223
11.3.2 Configuring global CPU protection .................................................................................................. 224
11.3.3 Configuring interface CPU preotection ............................................................................................. 224
11.3.4 Checking configurations ................................................................................................................... 224
11.4 Configuring RADIUS ................................................................................................................................. 224
11.4.1 Preparing for configurations .............................................................................................................. 224
11.4.2 Configuring RADIUS authentication ................................................................................................ 225
11.4.3 Configuring RADIUS accounting ..................................................................................................... 225
11.4.4 Checking configurations ................................................................................................................... 226
11.5 Configuring TACACS+ .............................................................................................................................. 226
11.5.1 Preparing for configurations .............................................................................................................. 226
11.5.2 Configuring TACACS+ authentication ............................................................................................. 226
11.5.3 Checking configurations ................................................................................................................... 226
11.6 Maintenance ............................................................................................................................................... 227
11.7 Configuration examples ............................................................................................................................. 227
11.7.1 Examples for configuring ACL ......................................................................................................... 227
11.7.2 Example for configuring RADIUS.................................................................................................... 228
11.7.3 Example for configuring TACACS+ ................................................................................................. 229
Figures
Figure 5-5 Formats of the standard Ethernet frame and 802.1Q frame ................................................................ 68
Figure 7-2 ELPS 1+1 and 1:1 protection switching modes ................................................................................ 114
Figure 9-2 Structures of ToS priority and DSCP priority ................................................................................... 173
Figure 9-9 Configuring rate limiting based on traffic policy ............................................................................. 190
Figure 9-10 Configuring queue scheduling and congestion avoidance .............................................................. 193
Figure 10-2 Location of UNIs and NNIs in a network topology ........................................................................ 200
Tables
Table 5-1 Interfaces modes and modes for processing packets ............................................................................ 69
Table 7-1 Values of fields in APS specific information ...................................................................................... 112
Table 9-1 Mapping between local priority and DSCP priority ........................................................................... 174
Table 9-2 Mapping between local priority and CoS priority .............................................................................. 174
Table 9-3 Mapping between local priority and IP precedence ........................................................................... 174
1 Basic configurations
This chapter describes basic information and configuration procedures of the RAX711-C, and
provides related configuration examples, including the following sections:
CLI
Accessing device
File management
Backup and upgrade
Time management
Configuring Banner
1.1 CLI
1.1.1 Introduction
The Command Line Interface (CLI) is a medium for you to communicate with the RAX711-C.
You can configure, monitor, and manage the RAX711-C through the CLI.
You can log in to the RAX711-C through the terminal equipment or through a computer that
runs the terminal emulation program. Enter commands at the system prompt.
The CLI supports the following features:
Configure the RAX711-C locally through the Console interface.
Configure the RAX711-C locally or remotely through Telnet/Secure Shell v2 (SSHv2).
Commands are classified into different levels. You can execute the commands that
correspond to your level only.
The commands available to you depend on which mode you are currently in.
Shortcut keys can be used to execute commands.
Check or execute a historical command by checking command history. The last 20
historical commands can be saved on the RAX711-C.
Enter a question mark (?) at the system prompt to obtain online help.
The RAX711-C supports multiple intelligent analysis methods, such as fuzzy match and
context association.
1.1.2 Levels
The RAX711-C classifies commands into 16 levels in a descending order:
0–4: checking level. You can execute basic commands, such as ping, clear, and history,
for performing network diagnostic function, clearing system information, and showing
command history.
5–10: monitoring level. You can execute commands, such as show, for system
maintenance.
11–14: configuration level. You can execute commands for configuring services, such as
Virtual Local Area Network (VLAN) and Internet Protocol (IP) routing.
15: management level. You can execute commands for running systems.
1.1.3 Modes
The command mode is an environment where a command is executed. A command can be
executed in one or multiple certain modes. The commands available to you depend on which
mode you are currently in.
After connecting the RAX711-C, enter the user name and password to enter privileged EXEC
mode.
Raisecom#
In privileged EXEC mode, use the config command to enter global configuration mode.
Raisecom#config
Raisecom(config)#
The CLI prompt Raisecom is a default host name. You can modify it by using the
hostname string command in privileged EXEC mode.
Some commands executed in global configuration mode can also be executed in
other modes. The functions vary on command modes.
You can use the exit or quit command to return to the upper command mode.
However, in privileged EXEC mode, you need to use the exit or quit command to
exit.
You can use the end command to return to privileged EXEC mode from any
modes but privileged EXEC mode.
Command modes supported by the RAX711-C are listed in the following table.
cursor to the next line and the system will prompt an error. In
this case, the entered keyword does not change.
Ctrl+A Move the cursor to the beginning of the command.
Ctrl+C Interrupt the ongoing command, such as ping and traceroute.
Complete help
You can acquire complete help under following three conditions:
You can enter a question mark (?) at the system prompt to display a list of commands
and brief descriptions available for each command mode.
Raisecom#?
After you enter a keyword, press the Space bar and enter a question mark (?), all
correlated commands and their brief descriptions are displayed if the question mark (?)
matches another keyword.
Raisecom(config)#clock ?
display Display
mode Clock mode
set Set system time and date
summer-time Set summer time
timezone Set system timezone offset
After you enter a parameter, press Space bar and enter a question mark (?), associated
parameters and descriptions of these parameters are displayed if the question mark (?)
matches a parameter.
Raisecom(config)#interface client ?
client 1
client 2
client 3
client 4
<1-4> Port number
Incomplete help
You can acquire incomplete help under following three conditions:
After you enter part of a particular character string and a question mark (?), a list of
commands that begin with a particular character string is displayed.
Raisecom(config)#c?
After you enter a command, press Space bar, and enter a particular character string and
a question mark (?), a list of commands that begin with a particular character string is
displayed.
Raisecom(config)#show li?
After you enter a partial command name and press Tab, the full form of the keyword is
displayed if there is a unique match command.
Error messages
The following table lists some error messages that you might encounter while using the CLI
to configure the RAX711-C.
The Console interface of the RAX711-C is a Universal Serial Bus (USB) A-shaped
female interface, which is translated into a Universal Asynchronous
Receiver/Transmitter (UART) in the device.
The Console interface is used to connect the RAX711-C to a PC that runs the terminal
emulation program. You can configure and manage the RAX711-C through this interface.
This management method does not involve network communication.
You must log in to the RAX711-C through the Console interface under the following 2
conditions:
The RAX711-C is powered on for the first time.
You cannot log in to the RAX711-C through Telnet.
Log in to the RAX711-C through the Console interface as below:
Before logging in to the RAX711-C through the USB interface, install the driver for
translating the USB interface into the UART interface to the PC. To download the
driver, visit http://www.raisecom.com.cn/support.php and then click USB Console
Driver.
Step 1 Use the configuration cable with dual USB male interfaces to connect the Console interface of
the RAX711-C with the USB interface of the PC, as shown in Figure 1-1.
Step 2 Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft
Windows XP. Enter the connection name at the Connection Description dialog box and then
click OK.
Step 3 Select COM N (N refers to the COM interface ID into which the USB interface is translated)
at the Connect To dialog box and then click OK.
Step 4 Configure parameters as shown in Figure 1-2 and then click OK
Step 5 Enter the configuration interface and then enter the user name and password to log in to the
RAX711-C. By default, both the user name and password are configured to raisecom.
Before logging in to the RAX711-C through Telnet, you must log in to the RAX711-C
through the Console interface, configure the IP address of the SNMP interface, and
enable Telnet service.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface snmp 1 Enter out-of-band network management interface
configuration mode.
3 Raisecom(config-snmp1)#ip address Configure the IP address of the out-of-band network
ip-address [ ip-mask ] management interface.
Raisecom(config-snmp1)#exit
4 Raisecom(config)#telnet-server close (Optional) close the specified Telnet session.
terminal-telnet session-number
5 Raisecom(config)#telnet-server max- (Optional) configure the maximum number of Telnet
session session-number sessions supported by the RAX711-C.
By default, it is 5.
System files
System files are the software/files required for running the device, including the system
Bootrom file, system configuration file, system startup file, and FPGA file. In general, these
files are saved to the memory of the device.
File management refers to backing up, upgrading, loading, and deleting system files.
Backup
Backup refers to copying the saved system file from the device memory to the server memory
for recovering the backup file when the device fails. This ensures that the device works
properly. You need to recover the old system file in the following cases:
The system file is lost or damaged because the device fails.
The device works improperly because of upgrade failure.
The RAX711-C supports backing up the system configuration file, system startup file, and
system log file.
Upgrade
To resolve the following problems, you can upgrade the device:
Adding new features to the device
Releasing the new software after fixing Bugs of the current software
The RAX711-C supports being upgraded through the following 2 modes:
FTP upgrade in BootROM mode
FTP/TFTP upgrade in system configuration mode
The RAX711-C supports IPv4-based FTP/TFTP.
Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...
begin...
Step Operation
2 Press Space bar to enter the raisecom interface when "Press space into bootrom menu..." appears on
the screen, then input "?" to display the command list:
[Raisecom]:?
? print this list
? - alias for 'help'
b - booting system
ce - erase flash expect BOOT
cf - check flash crc
help - print online help
i - modify ip address
if - download flash
m - download fpga
mdmac - modify MAC address
of - upload flash
old - switch to U-Boot console
pie - input manufacturer information
r - reset CPU or switch console
u - updating system
ub - updating uboot
Step Operation
3 Type "u" to download the system boot file through TFTP and replace the original one, the information
displayed is shown as below:
Ensure the input file name is correct. In addition, the file name should not be longer than
80 characters.
4 Type "r" to execute the bootstrap file quickly. The RAX711-C will be rebooted and upload the
downloaded system boot file.
Device time
To ensure that the RAX711-C can cooperate with other devices, you need to configure system
time and time zone precisely for the RAX711-C.
DST
Daylight Saving Time (DST) is configured locally to save energy. About 110 countries around
the world apply DST in summer, but vary in details. Thus, you need to consider detailed DST
rules locally before configuration.
The RAX711-C supports configuring DST.
Time protocols
With development and extension of Internet in all aspects, multiple applications involved in
time need accurate and reliable time, such as online realtime transaction, distributed network
calculation and processing, transport and flight management, and data management. A
network requires time protocols to distribute precise time. At present, there are two common
time protocols: Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP).
NTP is a standard protocol for time synchronization in telecommunication network. It is
defined by RFC1305. It is used to perform time synchronization between the distributed time
server and clients. NTP transmits data based on UDP, using UDP port 123.
NTP is used to perform time synchronization on all hosts and switches in the network.
Therefore, these devices can provide various applications based on the uniformed time. In
addition, NTP can ensure a very high accuracy with an error about 10ms.
Devices which support NTP can both be synchronized by other clock sources and can
synchronize other devices as the clock source. In addition, these devices can be synchronized
mutually through the NTP packet.
NTP supports performing time synchronization through multiple NTP working modes:
Server/Client mode
In this mode, the client and server are relative. The device used for providing the time
standard is a server while the device used for receiving time services is a client. The client
sends clock synchronization message to different servers. The servers work in server mode
automatically after receiving the synchronization message and send response messages. The
client receives response messages, performs clock filtering and selection, and is synchronized
to the preferred server.
In this mode, the client can be synchronized to the server but the server cannot be
synchronized to the client.
Symmetric peer mode
In this mode, there are the symmetric active peer and symmetric passive peer. The device,
which sends the NTP synchronization packet actively, is the symmetric active peer. The
device working in the symmetric active mode sends clock synchronization messages to the
device working in the symmetric passive mode. The device that receives this message
automatically enters the symmetric passive mode and sends a reply. By exchanging messages,
the symmetric peer mode is established between the two devices. Then, the two devices can
synchronize, or be synchronized by each other.
The RAX711-C supports working as the NTP v1/v2/v3 client to be synchronized by the
server.
RFC1361 simplifies NTP and provides Simple Network Time Protocol (SNTP). Compared
with NTP, SNTP supports the server/client mode only.
The RAX711-C supports working as the SNTP client to be synchronized by the server.
When you configure the system time manually, if the system uses DST, such as
DST from 2 a.m. on the second Sunday, April to 2 a.m. on the second Sunday,
September every year, you have to advance the clock one hour faster during this
period, that is, set the time offset as 60min. So the period from 2 a.m. to 3 a.m. on
the second Sunday, April each year is inexistent. Configuring time manually in this
period will fail.
The DST in southern hemisphere is opposite to the northern hemisphere, which is
from September to April next year. If the start time is later than end time, the
system will suppose that it is in the southern hemisphere. That is to say, the DST
is the period from the start time this year to the end time next year.
Scenario
Banner is a message to be displayed when you log in to or exit the RAX711-C, such as the
precautions or disclaimer.
You can configure Banner of the RAX711-C as required. In addition, the RAX711-C provides
the Banner switch. After Banner display is enabled, the configured Banner information
appears when you log in to or exit the RAX711-C.
After configuring Banner, you should use the write command to save configurations.
Otherwise, Banner information is lost when the RAX711-C is restarted.
Prerequisite
N/A
2 Interface management
2.1 Introduction
2.1.1 Ethernet interface
The Ethernet physical interface works at the data link layer and forwards Layer 2 packets.
2.7 Maintenance
Command Description
Raisecom(config-port)#clear interface statistics (Optional) clear interface statistics.
3 Zero-configuration
3.1 Introduction
When the carrier brings more and more requirements for manageability and maintenance of
the network, overall management of the entire network becomes the objective of the carrier.
In this case, remote Packet Switching (PS) devices should be able to be managed.
Though traditional remote PS devices support Operation, Administration, and Management
(OAM), protection switching, rate limiting, and service sending, and also can be managed,
but they must be carefully configured before being managed. These configurations are
complex in large-scale construction, and have high requirements on construction personnel
who must take tools like laptops and be familiar with CLI. As a result, low efficiency in
service activation becomes a bottleneck for large-scale application of remote PS devices.
To solve the previous problem, Raisecom has developed zero-configuration through which
remote devices support plug and management. This simplifies implementation, facilitates
wide-scale deployment, and accelerates network management.
3.1.2 CO zero-configuration
As a CO zero-configuration server, the RAX711-C supports two zero-configuration schemes:
zero-configuration based on DHCP or extended OAM. The RAX711-C responds requests
from the remote devices, assigns or reuses management IP addresses, and maintains the
address pool.
When the CO device is manually configured to OAM active mode and enabled with
extended OAM, it automatically discovers the remote device after being powered on.
Scenario
When a local RAX711-C is connected with remote devices, it can discover these remote
devices by using the extended OAM protocol and configure the management IP address,
management VLAN, and default route for them. Therefore, the NView NNM system can
quickly manage remote devices through the public IP address and global interface ID of
the RAX711-C without being configured manually.
When the local RAX711-C and remote devices are connected directly/indirectly, both the
local and remote devices can provide zero-configuration through Dynamic Host
Configuration Protocol (DHCP).
Prerequisite
The RAX711-C is a local device.
The local zero-configuration server is connected to the NView NNM system and remote
devices properly.
Perform the following operations on the local device based on the extended OAM
protocol:
– Create and activate the management VLAN.
– The interface of the remote device used for direct connection is configured to work in
Trunk mode and allows the management VLAN to pass.
– Manually enable the OAM active mode on the interface.
Based on DHCP, the remote device is connected to the network and configured as the
zero-configuration client. It has created and activated the management VLAN.
Configuring NAT
Network Address Translation (NAT) is used to convert the private management IP address of
the remote device to the public IP address. Through zero-configuration, the remote device
obtains a private IP address from the local device. NAT can be used to translate the private IP
address into the public IP address of the management network and distinguish different
remote devices in a form of public IP address+global interface ID. Network management
information transmitted between remote devices and the NView NNM system is forwarded
through the public IP address. Therefore, you should configure the public IP address and
related management VLAN of the local device.
Configuring NAT
NAT is used to convert the private management IP address of the remote device to the public
IP address. Through zero-configuration, the remote device obtains a private IP address from
the local device. NAT can be used to translate the private IP address into the public IP address
of the management network and distinguish different remote devices in a form of public IP
Raisecom Proprietary and Confidential
36
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A)Configuration Guide 3 Zero-configuration
The RAX711-C supports saving and synchronizing the lease file automatically, as
well as deleting the lease file.
When changing the local zero-configuration server, you can upload assigned IP addresses in a
form of lease to the TFTP/FTP/SFTP server (such as a PC) for backup. After changing the
local device, you can download the backup lease file to the local device to confirm that these
assigned IP addresses are not lost.
Scenario
The remote devices are scattered at the user side of the network, so configuring them takes a
lot of time and efforts. Remote zero-configuration supports applying for NMS parameters,
such as the management IP address, management VLAN, and default gateway, after the
devices are powered on. Therefore, devices can be managed quickly. This improves the
efficiency for configuring devices.
In general, remote devices can automatically apply for IP addresses when they are properly
connected to the local device and zero-configuration server of the local device is configured
properly. To change parameters about remote zero-configuration, see this section.
This section is applicable to the remote RAX711-C indirectly-connected to the zero-
configuration server.
Prerequisite
Both the local and remote devices are configured with zero-configuration mode.
No interface of the remote device is configured with the management VLAN.
The uplink interface is UP.
If the remote device has obtained an IP address through DHCP, it is believed that
the remote device has obtained an IP address successfully regardless of whether
the default gateway is configured successfully or not.
Networking requirements
As shown in Figure 3-4, the RAX711-C works as the local zero-configuration server and is
enabled with DHCP Server. The RAX711-L is enabled with remote zero-configuration. The
RAX711-C assigns the IP address, default gateway, and management VLAN to the RAX711-
L through the VLAN interface (the IP address is 173.31.1.150, and the associated
management VLAN is VLAN 10) of the RAX711-C. The route between the RAX711-C and
the NView NNM system is reachable.
The IP address and management VLAN of Client interface 1 are configured to 173.31.1.150
and VLAN 10 respectively.
Configure the following items on the RAX711-C:
Address pool name: pool1
IP address range: 172.31.1.100/16-172.31.1.149/16
Default gateway of the address pool: 172.31.1.150/16
Private IP address and VLAN interface of the device: 172.31.1.150/16 and VLAN 10
Public IP address and VLAN interface of the device: 128.10.10.10/16 and VLAN 100
Configure local zero-configuration on the RAX711-C to ensure that the RAX711-L can
automatically obtain NMS parameters and can be managed.
By default, the RAX711-L is enabled with Trap.
Configuration steps
Configure local zero-configuration on the RAX711-C.
Step 1 Configure DHCP Server.
Raisecom#config
Raisecom(config)#interface vlan 10
Raisecom(config-vlan10)#ip dhcp server
Raisecom(config-vlan10)#ip address 172.31.1.150 255.255.0.0
Raisecom(config-vlan10)#exit
Raisecom(config)#access-list 2001
Raisecom(config-acl-ipv4-advanced)#rule 10 permit ip 172.31.0.0
255.255.0.0 any
Raisecom(config-acl-ipv4-advanced)#exit
Raisecom(config)#interface vlan 100
Raisecom(config-vlan100)#ip address 128.10.10.10 255.255.0.0
Raisecom(config-vlan100)#nat outbound 2001
Checking results
Use the show ip dhcp server command to show configurations of DHCP Server on the
RAX711-C.
Use the show ip server pool command to show address pool configurations of the DHCP
server on the RAX711-C.
Networking requirements
As shown in Figure 3-5, as the local zero-configuration server, the RAX711-C is enabled with
OAM active functions. The RAX711-C is connected to the PTN through Client interface 1
and then accesses the NView NNM system. The RAX711-L is connected to the RAX711-C
through Client interface 2. The RAX711-L is enabled with OAM passive functions and is
connected upstream to the RAX711-C through Line interface 1.
Configure the following items on the RAX711-C:
Configuration steps
Step 1 Configure the management VLAN, and activate it.
Step 2 Enable OAM on Client interface 2 on the RAX711-C and configure the RAX711-C to work
in active mode.
Raisecom(config)#interface client 2
Raisecom(config-port)#oam enable
Raisecom(config-port)#oam active
Raisecom(config-port)#exit
Raisecom Proprietary and Confidential
43
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A)Configuration Guide 3 Zero-configuration
Raisecom(config)#access-list 2002
Raisecom(config-acl-ipv4-advanced)#rule 20 permit ip 172.31.8.0
255.255.0.0 any
Raisecom(config-acl-ipv4-advanced)#exit
Raisecom(config)#interface vlan 100
Raisecom(config-vlan10)#ip address 128.10.10.10 255.255.0.0
Raisecom(config-vlan10)#nat outbound 2002
Raisecom(config-vlan10)#exit
Checking results
Use the show remote config-info all command to show assigned IP addresses on the
RAX711-C.
4 IP routing
This chapter describes principles and configuration procedures of IP routing, and provides
related configuration examples, including the following sections:
Introduction
Configuring route management
Configuring static route
Configuring routing policy
Configuring ARP
Configuring DHCPv4 Client
Configuring DHCPv4 Server
Maintenance
Configuration examples
4.1 Introduction
4.1.1 Routing
Routing refers to transmitting information from the source to the destination network. A route
works by selecting the route in turn to transmit information to the destination network.
The router selects a route according to the routing table of the local system. Selecting an
optimal route is the key for optimizing the router or routing protocol. A routing table contains
the following types of routes: the static route, default route, and dynamic route.
4.1.3 ARP
Address Resolution Protocol (ARP) is used to resolve IP addresses of the network layer into
hardware addresses of data link layer. On the TCP/IP network, each host is assigned with an
IP address, which is called a logical address used to identify the host in the network. To
transmit packets through physical links, you must learn the physical address of the destination
host. This needs to establish a mapping between the IP address and the physical address.
A physical address on the Ethernet is a 48-bit MAC address. To transmit packets to the
destination host, a protocol must resolve the IP address of the host into a 48-bit MAC address,
which is the ARP. It not only resolves IP addresses into MAC addresses, but also establishes
mappings between them.
4.1.4 DHCP
With continuous extension of network scale and improvement of network complexity, the
number of PCs always exceeds the one of available IP addresses. In addition, with wide
application of laptops and wireless network, positions of PCs are changed frequently.
Therefore, IP addresses must be updated frequently, which may lead to more complex
network configurations. Dynamic Host Configuration Protocol (DHCP) is developed to solve
these problems.
DHCP works in client/server mode. A client sends an IP address configuration request to the
server and the server returns IP address configurations to the client to dynamically configure
the IP address.
Generally, there is one DHCP server and multiple clients (PCs/Laptops) in the typical DHCP
application, as shown in Figure 4-1.
DHCP packets
DHCP packets are grouped into 8 types. The DHCP server and DHCP clients communicate
with each other through these 8 packets.
DHCP DISCOVER: the first packet for DHCP clients performing the DHCP process
when they access the network initially. It is used to discover the DHCP server.
DHCP OFFER: the packet used by the DHCP server to respond the DHCP DISCOVER
packet. This packet carries various configurations.
DHCP REQUEST: this packet is used for these purposes:
– After clients are initiated, they send the broadcast DHCP REQUEST packet to reply
the DHCP OFFER packet sent by the DHCP server.
– After clients are rebooted, they send the broadcast DHCP REQUEST packet to
confirm the previously-assigned IP addresses.
– After a client is bound to an IP address, it sends the unicast DHCP REQUEST packet
to extend the IP address lease time.
DHCP ACK: a packet used by the DHCP server to acknowledge the DHCP REQUEST
packet sent by the client. The IP address and related configurations take effect after the
client receiving the DHCP ACK packet.
DHCP NAK: a packet used by the DHCP server to refuse the DHCP REQUEST packet
sent by the client. For example, the DHCP server will refuse the DHCP REQUEST
packet when the lease time of the IP address assigned to the client expires, or when the
client is moved to a new network.
DHCP DECLINE: the packet used by clients to inform the DHCP server when clients
discover that assigned IP addresses conflicts. In addition, clients will re-apply to the
DHCP server for IP addresses.
DHCP RELEASE: a packet used by the client to actively release the IP address assigned
by the DHCP server. After receiving the packet, the SHCP server will assign the IP
address to another client.
DHCP INFORM: a packet used by the client to get other configurations (such as the
gateway address and DNS server address) from the DHCP server after the client gets an
IP address from the DHCP server,
Figure 4-2 shows the structure of the DHCP packet.
Raisecom Proprietary and Confidential
47
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A)Configuration Guide 4 IP routing
DHCP Option
DHCP uses Option fields of the packet to transmit control information and network
configuration parameters for dynamically assigning IP addresses and providing richer
network configurations for clients. There are 255 Option fields defined by DHCP, where the
end Option filed is 255. Table 4-2 lists some common DHCP Option fields.
Code Description
150 TFTP server address option, used to specify the address of TFTP server
assigned to DHCP clients
184 DHCP reserved option. At present, Option184 is mainly used to carry
information required for voice call. With Option184, the DHCP server can
assign IP address to DHCP clients that support the voice feature. In addition, the
DHCP server can provide information related to voice call.
255 End option
DHCP Option fields 18, 61, and 82 represents relay information in the DHCP packet. When
DHCP clients send the request packet to the DHCP server, DHCP relay/DHCP Snooping will
add Option fields to the request packet, if the packet needs to pass through the DHCP
relay/DHCP Snooping.
DHCP Option fields 18, 61, and 82 can be used to record DHCP client information on the
DHCP server. Together with other software, DHCP Option fields 18, 61, and 82 can control
and account IP address assignment. For example, cooperating with IP Source Guard, DHCP
Option fields 18, 61, and 82 can resist effectively fraud of IP address+MAC address.
The Option82 field contains up to 255 sub-options. If the Option82 field is defined, at least
one sub-options needs to be defined. At present, the RAX711-C supports 2 sub-options: Sub-
Option 1 (Circuit ID) and Sub-Option 2 (Remote ID).
Sub-Option 1: the VLAN ID and interface ID of the interface that receives the DHCP
request packet
Sub-Option 2: MAC address (DHCP relay) of interface that receives the DHCP request
packet or the bridge MAC address (DHCP Snooping) of the device
DHCP Client
The RAX711-C can be taken as a DHCP client to get an IP address from the DHCP server for
the DHCP server managing the device.
DHCP Server
In the following scenarios, you need to use the DHCP server to assign IP addresses:
In a large network scale, it is a heavy workload to manually configure IP addresses. In
addition, it is difficult to perform centralized management on the whole network.
When the number of hosts in the network exceeds the one of IP addresses supported by
the network, you cannot assign a fixed IP address for each host. For example, the IPS
limits the number of users accessing the network. Therefore, a great number of users
need to get their IP address dynamically.
In a network, only a few hosts need fixed IP addresses and most hosts do not need fixed
IP addresses.
The RAX711-C supports acting as the DHCP server.
For occupation time of IP addresses, hosts have different requirements. Servers may use a
fixed IP address for a long time. Some hosts may use a dynamically-assigned IP address for a
long time. Some PCs may need an IP address assigned temporarily.
For these different requirements, the DHCP server provides 3 IP address assignment policies:
Assign IP addresses manually: the network administrator assigns fixed IP addresses for a
few specified hosts (such as WWW server). The MAC address of the client is bound to
an IP address. When the client applies for an IP address, the DHCP server finds the fixed
IP address based on the MAC address of the client and then assigns the IP address to the
client.
Assign IP addresses automatically: assign fixed IP addresses for some hosts that access
the network initially. These IP addresses are used by hosts for a long time.
Assign IP addresses dynamically: assign an IP address to a client in a "lease" form. After the
lease time expires, the client needs to re-apply for an IP address. Most clients obtain a
dynamically-assigned IP address.
Scenario
Dynamic routing protocols require the Router ID. If no Router ID is specified when these
dynamic routing protocols are enabled, the Router ID of routing management will be used.
The RAX711-C has the capability to establish and refresh the routing table. In addition, it can
forward data packets based on the routing table. By viewing the routing table, you can learn
network topology structure and locate faults.
Prerequisite
N/A
Scenario
The static route has the following advantages:
Consume less time for the CPU to process them.
Facilitate the administrator to learn the route.
Be configured easily.
However, when configuring the static route, you need to consider the whole network. If the
network structure is changed, you need to modify the routing table manually. Once the
network scale is enlarged, it will consume lots of time to configure and maintain the network.
In addition, it may cause more errors.
The default route is a specific static route. It will be used when no matched route is found in
the routing table.
Prerequisite
N/A
If one record is in permit type, all mismatched routes are in deny type by default.
Only matched routes can pass filtering of the IP prefix-list.
If one record is in deny type, all mismatched routes are in deny type by default.
Even matched routes cannot pass filtering of the IP prefix-list. Therefore, you
need to add a permit record after multiple deny records to allow other routes to
pass.
If there are multiple records in the IP prefix-list, there must be a record in permit
type.
Scenario
ARP is a protocol used to resolve IP addresses into Ethernet MAC addresses (physical
addresses).
Prerequisite
Configure the IP address of the interface.
Scenario
When working as the DHCPv4 client, the RAX711-C can obtain an IP address from the
DHCPv4 server. You can use the IP address to manage the RAX711-C.
When IP addresses are assigned in a dynamic mode, the IP address assigned to the DHCPv4
client has a lease period. When the lease period expires, the DHCPv4 server will withdraw the
IP address. If the DHCPv4 client wishes to continue to use the IP address, it needs to renew
the IP address. If the lease period does not expire and the DHCPv4 client does not need to use
the IP address, it can release the IP address.
Raisecom Proprietary and Confidential
55
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A)Configuration Guide 4 IP routing
The RAX711-C supports configuring DHCP Client on the VLAN interface only.
Prerequisite
The RAX711-C is not enabled with DHCPv4 Server and works in common DHCP Client
mode.
Before enabling the DHCPv4 client on the VLAN interface to apply for the IP address,
configure DHCPv4 client information.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface vlan Enter VLAN interface configuration mode.
vlan-id
3 Raisecom(config-vlanif)#ip dhcp Configure DHCPv4 client information, including the
client { class-id class-id | client- class ID, client ID, and host name.
id client-id | hostname hostname }
Scenario
When the RAX711-C works as the DHCPv4 server, the DHCPv4 client can obtain the IP
address from the RAX711-C.
Prerequisite
The RAX711-C is not enabled with DHCPv4 Client. In addition, the DHCPv4 server works in
common DHCPv4 server mode.
4.8 Maintenance
Command Description
Raisecom#show arp [ ip-address | [ local-proxy ] Show ARP information.
interface vlan vlan-id | static ]
Networking requirements
As shown inFigure 4-3, the RAX711-C works as the DHCPv4 client with the host name being
set to raisecom. The RAX711-C accesses to the DHCPv4 server and the NView NNM system
through the service interface. The DHCPv4 server assigns an IP address to the RAX711-C.
Therefore, the NView NNM system can discover and manage the RAX711-C.
Configuration steps
Step 1 Configure DHCPv4 relay.
Raisecom#config
Raisecom(config)#interface vlan 1
Raisecom(config-vlan1)#ip dhcp client hostname raisecom
Checking configurations
Use the show ip dhcp client command to show DHCPv4 relay configurations.
Networking requirements
As shown inFigure 4-4, the RAX711-C works as the DHCPv4 server for assigning IP address
to DHCPv4 clients. Parameters are configured as below:
Lease time: 8 hours
Name of IP address pool: pool1
IP address range: 172.31.1.2–172.31.1.100
IP address of the DNS server: 172.31.100.1
Configuration steps
Step 1 Create and configure the IP address pool.
Raisecom#config
Raisecom(config)#ip dhcp server pool pool1
Raisecom(config-pool)#address 172.31.1.2 172.31.1.100 mask 24
Raisecom(config-pool)#lease expired 4320
Raisecom(config-pool)#dns-server 172.31.100.1
Raisecom(config-pool)#exit
Raisecom(config)#interface client 1
Raisecom(config-client1)#ip dhcp server
Checking configurations
Use the show ip dhcp server command to show configurations of DHCPv4 Server.
Use the show ip server pool command to show IP address pool configurations of the
DHCPv4 server.
Networking requirements
As shown inFigure 4-5, the RAX711-C is connected to hosts. In addition, it connects to the
Router through Client interface 1. The IP address and MAC address of the Router are
configured to 192.168.27.1/24 and 000e.5e12.1234 respectively.
Configure the aging time of dynamic ARP entries to 600s. To enhance security of
communication between the RAX711-C and the Router, you need to configure static ARP
entries on the RAX711-C.
Configuration steps
Step 1 Add a static ARP entry.
Checking results
Use the show arp command to show information about all ARP entries in the ARP table.
Raisecom#show arp
ARP aging-time: 600 seconds(default: 1200s)
ARP mode: Learn all
ARP table:
Total: 4 Static: 1 Dynamic: 3
IP Address Mac Address Interface Vlan Type Age(s) status
-----------------------------------------------
172.16.70.1 000E.5E12.1234 vlan1 1 static -- PERMANENT
172.16.70.9 14FE.B5EE.F22C vlan1 1 dynamic 135 REACHABLE
172.16.70.15 D4BE.D9E4.F8EE vlan1 1 dynamic 292 REACHABLE
172.16.70.16 000C.29C6.03AD vlan1 1 dynamic 412 REACHABLE
5 Ethernet
This chapter describes principles and configuration procedures of Ethernet, and provides
related configuration examples, including the following sections:
Introduction
Configuring MAC address table
Configuring VLAN
Configuring super VLAN
Configuring selective QinQ
Configuring VLAN mapping
Configuring loop detection
Configuring interface protection
Configuring port mirroring
Configuring storm control
Configuring L2CP
Maintenance
Configuration examples
5.1 Introduction
5.1.1 MAC address table
performance of Ethernet switches will decrease. However, MAC address limit can
troubleshoot this problem. MAC address limit is an effective method to manage the MAC
address table.
When MAC address entries learned by the interface or VLAN reach the configured maximum,
the interface does not learn MAC address any more.
Broadcast: if the destination address of packets received on the RAX711-C is all F's, or a
MAC address entry, which is related to the destination MAC address of a packet, is listed
in the MAC address table, the RAX711-C will forward the packet to all interfaces,
except the receiving interface, through broadcast forwarding mode of MAC address, as
shown in Figure 5-3.
5.1.2 VLAN
Introduction
By maintaining MAC address table, the Layer 2 switch forwards packets according to MAC
address table. This effectively uses network bandwidth and improves network performance.
The Layer 2 switch can effectively isolate collision domains but cannot effectively partition
broadcast domains. If the number of PCs is over great, this will generates excessive broadcast
traffic, thus causing network performance to decline sharply and even the network to crash.
To ensure fast running of the network, broadcast domains must be partitioned to reduce
broadcast traffic. Therefore, the VLAN technology is introduced.
Virtual Local Area Network (VLAN) is a Layer 2 isolation technology that partitions devices
in a LAN logically to different parts. These parts are independent and cannot communicate
with each other. However, they can communicate through the router or Layer 3 switch. By
partitioning VLANs, you can isolate broadcast domains and reduce broadcast storms. Figure
5-4 shows how to partition a VLAN.
VLAN and LAN have the same features, but the difference is that devices in the same VLAN
can communicate regardless of physical locations.
As shown in Figure 5-4, Shanghai and Beijing belong to two LANs, but no services are
transmitted between hosts belonging to the same LAN. When broadcast storm occurs, host in
a same LAN will receive broadcast packets, causing occupancy and waste of bandwidth. By
partitioning VLAN, the hosts which do not need to communicate are isolated, thus enhancing
network security and reducing broadcast traffic and broadcast storm.
Advantages
Advantages of VLAN partition are as below:
Partitioning broadcast domains reduces broadcast storm. One VLAN is a logic subnet
and a broadcast domain.
The network security is enhanced. Devices in a same VLAN can receive data frame each
other, but cannot receive data frame sent from other devices in the different VLAN.
Devices in different VLANs cannot communicate directly, but they can communicate
through routers or Layer 3 devices.
Network management is simplified. Different from physical subnets partitioned by the
router, PCs included in the VLAN can be in different locations. Any PC can be added to
the same VLAN.
Working principles
After VLAN is partitioned, the RAX711-C will be virtually divided to multiple logic devices.
MAC address learning and data switching of these devices are based on VLAN. Each VLAN
is corresponding to an independent MAC address table.
When receiving a data frame on the interface, the RAX711-C will check the VLAN of the
interface, and then check the MAC address table related to the VLAN. If the destination
address of the data frame is in the MAC address table, related to the VLAN, the RAX711-C
will forward this data frame. Otherwise, it will discard this data frame.
Figure 5-5 Formats of the standard Ethernet frame and 802.1Q frame
Tag Protocol Identifier (TPID): it is a new frame type defined by the IEEE. It means the
packet is added 802.1Q tag. Its identification value is 0x8100.
VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.
The value ranges from 1 to 4094. A Port VLAN ID (PVID) is a default VLAN ID. In an
interface-based VLAN, each interface has a PVID. When an Untagged packet is sent to
the interface, the RAX711-C will forward this packet according to the PVID Tag.
VLANs supported by the RAX711-C meet the IEEE 802.1Q standard. The RAX711-C
supports 4094 concurrent VLANs.
Canonical Format Indicator (CFI): It is used to distinguish the format of frames when the
bus Ethernet and Fiber Distributed Digital Interface (FDDI)/Token Ring network
exchange data.
Priority: a 3-bit field which indicates the frame priority level. Values are from 0 (best
effort) to 7 (highest). The bigger the number is, the higher the priority is. When the
network is congested, the device sends packets with higher priorities first.
VLAN partition
Generally, VLAN partition modes are as below:
Interface-based VLAN partition: it is the simplest and most effective partition mode. It
defines VLAN members based on interface. After interfaces are assigned to the specified
VLAN, they can forward packets of the specified VLAN.
Subnet-based VLAN partition: it is based on IP address of each host. When the host is
relocated, you need not reconfigure VLAN. However, each device must check network
address of each data packet, thus consuming time and reducing forwarding efficiency of
chip.
MAC-based VLAN partition: it is suitable for configuring a VLAN for each host with
MAC address. When the host is relocated, you need not reconfigure VLAN. When the
number of hosts is tens of thousands, lots of configurations are needed, thus badly
reducing the forwarding rate of data packets.
Protocol-based VLAN partition: it is based on protocol supported by each host. When
the host is moved, you need not reconfigure VLAN and add frame tag to identify VLAN,
which reduces network communication. However, each device must check the Ethernet
frame header of each data packet, thus consuming much time and reducing forwarding
efficiency of chip.
The RAX711-C supports interface-based VLAN partition.
directional broadcasting address, and gateway of the subnet. If some unassigned IP addresses
exist in the subnet of some customers, the network scalability becomes worse and IP
addresses are wasted.
Super VLAN involve the super VLAN and sub-VLAN as below:
Super VLAN: contain Layer 3 logic interfaces but physical interfaces. It is a set of
multiple sub-VLANs.
Sub-VLAN: contain physical interfaces but Layer 3 logic interfaces, use the IP address
of the Layer 3 logic interface of the super VLAN as the default gateway to communicate
with the external Layer 3 switch through ARP proxy. Sub-VLANs are isolated from each
other like common VLANs on the Layer 2.
ARP proxy refers to the process that a source host in a subnet of a physical network sends the
ARP request to the destination host of a subnet of another physical network and the gateway
connected to the source host sends ARP Reply message through the MAC address of its
interface in replacement of the destination host.
As shown in Figure 5-6, a host in sub-VLAN 100 communicates with that in sub-VLAN 200.
When super VLAN 10 is enabled with ARP proxy, its Layer 3 interface implements ARP
learning, processing received and sent ARP packets, and ARP proxy.
If host A in VLAN 100 wishes to communicate with host B in VLAN 200, it sends an ARP
request packet with the destination IP address of 10.10.10.200 and MAC address of the
broadcast address. The packet carries VLAN 100 Tag and is firstly received by the CPU. The
switch configures the Rx interface to VLAN 10 according to mapping between the super
VLAN and sub-VLAN so that ARP learning, processing received and sent ARP packets, and
ARP proxy can be later implemented in VLAN 10.
Host B is not in the broadcast domain of VLAN 100, so it fails to receive the ARP request
packet. After ARP proxy is enabled, the interface of VLAN 10 replies host A with its MAC
address as the MAC address of host B when the ARP request packet sent from host A on
Layer 2 reaches the switch. However, the ARP entry of host B does not exist on the switch, so
the interface of super VLAN 10 send the ARP request packet to each sub-VLAN (excluding
the VLAN sending the ARP request packet) to request the MAC address of host B. After host
B replies, packets to be sent from host A to host B are sent to the switch which forward these
packets normally on Layer 3.
The process for host B to send host B the packet is similar as above.
5.1.4 QinQ
QinQ (also called Stacked VLAN or Double VLAN) is a Layer 3 tunnel technology based on
IEEE 802.1Q. It is defined in 802.1ad standard.
Basic QinQ
QinQ is a simple Layer 2 VPN tunnel technology. QinQ encapsulates an outer VLAN Tag for
a private packet, so that the packet traverses the backbone network of the Internet service
provider (ISP) carrying double VLAN tags. In the ISP, the packet is transmitted according to
the outer VLAN Tag (public VLAN Tag). And the private VLAN Tag is transmitted as the
data in the packet.
Figure 5-7 shows the typical networking of basic QinQ. As the Provider Edge (PE), the uplink
interfaces of the RAX711-C access the PE network, and the downlink interfaces access the
user devices.
When the packet is transmitted from user device to PE, the VLAN tag carried on the packets
is VLAN 100. After traversing the PE, the packet is added outer tag, VLAN 200, and then
enters the PE network through uplink interface of the PE.
After the packet with outer tag, VLAN 200, is transmitted from the PE to the other PE, the
other PE sends the packet to the user device after removing the outer tag, VLAN 200. At this
time, the packet carries a VLAN Tag again, VLAN 100.
Selective QinQ
Selective QinQ is an enhanced application for basic QinQ. Based on some features, selective
QinQ can perform traffic classification on users' data and encapsulate different data flows
with different outer VLAN Tags. With selective QinQ, you can encapsulate different Tags for
packets with different inner Tags based on the mapping rule. In addition to all functions
realized by basic QinQ, selective QinQ can also perform different operations on packets
received by the same interface based on different VLAN Tags.
Selective QinQ can provide more flexible networking capabilities. With selective QinQ,
devices can classify customer devices on the interface that is connected to the access layer,
Raisecom Proprietary and Confidential
71
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 5 Ethernet
encapsulating different outer Tags for various customer devices. In addition, selective QinQ
adopts the outer Tag to configure the QoS policy on the public network, flexibly configure the
data transmission priority, and provide related services for users.
PC 1 accesses the network through Client port 1 on the RAX711-C. PC 3 is the monitor PC
and is connected to Client port 2 on the RAX711-C.
To monitor packets sent by PC 1, you need to configure Client port 1 as the mirroring port
and enable port mirroring for packets on the ingress port. Configure Client port 2 as the
monitor port, namely, the mirroring destination port.
When forwarding a packet sent by PC 1, the RAX711-C mirrors the packet to Client port 2.
PC 3 connected to the monitor port receives and analyzes these mirrored packets.
5.1.9 L2CP
Metro Ethernet Forum (MEF) introduces service concepts, such as EPL, EVPL, EP-LAN, and
EVP-LAN. Different service types have different processing modes for Layer 2 Control
Protocol (L2CP) packets.
The RAX711-C supports the following L2CP packets:
CDP
802.1x
LACP
LLDP
802.3ah
PVST
STP
VTP
MEF6.1 defines processing modes for L2CP as below.
Discard: discard the packet, by applying the configured L2CP profile on the ingress
interface of the RAX711-C.
Peer: send packets to the CPU in the same way as the discard action.
Tunnel: transparently transmit packets. It is more complex than discard and peer mode,
requiring cooperating profile at network side interface and carrier side interface tunnel
terminal to allow packets to pass through the carrier network.
Scenario
When configuring the MAC address table, you can configure static MAC addresses for fixed
and important devices to prevent illegal users from accessing the network from other
locations.
To avoid saving excessive dynamic MAC addresses to the MAC address table and exhausting
resources of the MAC address table, you need to configure the aging time of dynamic MAC
addresses to ensure upgrading dynamic MAC addresses effectively.
Prerequisite
N/A
5.2.7 Maintenance
No. Command Description
1 Raisecom(config)#clear mac-address { all | Clear MAC addresses of a
blackhole | dynamic | static | mac-address } [ vlan specified type.
vlan-id ] [ interface-type interface-number ]
Scenario
The main function of VLAN is to partition logic network segments. There are 2 typical
application modes:
Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that
connect to the device are carved up by VLANs. So hosts in the same VLAN can
communicate, but hosts between different VLANs cannot communicate. For example,
the financial department needs to be separated from other departments and they cannot
access each other. In general, the port connected to the host is in Access mode.
Big LAN or enterprise network: multiple Layer 2 devices connect to multiple hosts and
these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of
multiple devices, which have identical VLAN, can communicate, but hosts between
different VLANs cannot communicate. This mode is used for enterprises that have many
people and need a lot of hosts, and the people and hosts are in the same department but
different positions. Hosts in one department can access each other, so you have to carve
up VLAN on multiple devices. Layer-3 devices like a router are required if you want to
communicate among different VLANs. The concatenated ports among devices are in
Trunk mode.
Prerequisite
N/A
VLANs that are created through the vlan vlan-id command are in active status.
All configurations of a VLAN cannot take effect until the VLAN is activated.
Scenario
With super VLAN, hosts that are connected to the same switch but belong to different VLANs
can communicate on Layer 3 by using the IP address of Layer 3 interface of the super VLAN
as the default gateway.
Prerequisite
After being configured, the super VLAN cannot contain any member interfaces. If a
VLAN has member interfaces, it cannot be configured with attributes of super VLAN.
Create a VLAN to be added to the super VLAN, and activate it.
After being configured as a super VLAN, a VLAN cannot be configured with the
VLAN interface and IP address.
Scenario
With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID.
Therefore, the data between devices on both ends of the Internet Service Provider (ISP)
network can be transparently transmitted, without conflicting with the VLAN ID in the ISP
network.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical
layer Up.
Create a VLAN.
Scenario
Different from basic QinQ, selective QinQ features different outer VLAN Tags for services on
the network, such as voice, video, and data services. It can group services when services are
forwarded, implementing the VLAN mapping between inner and outer VLAN tags.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical
layer Up.
Create a VLAN.
If you have configured selective QinQ based on VLAN+CoS, or specified the CoS
value of the added outer Tag, you need to use the no dotlq-tunnel command on
the interface to disable basic QinQ.
The switchport interface cannot be configured with selective QinQ in aggregation
group configuration mode.
Scenario
Differentiated from QinQ, VLAN mapping only changes the VLAN tag but does not
encapsulate additional multilayer VLAN Tag. You just need to change VLAN Tag to make
packets transmitted according to carrier's VLAN mapping rules, without increasing frame
length of the original packet. VLAN mapping is used in the following situations:
Map user services into one carrier VLAN ID.
Map multi-user services into one carrier VLAN ID.
Prerequisite
Connect the interface, configure its physical parameters, and make it Up at the physical
layer.
Create and activate a VLAN.
For packets complying with VLAN mapping rules, forward them after VLAN mapping.
Namely, the forwarded VLAN is the mapped VLAN and the MAC address of the
packet is learnt from the mapped VLAN.
Scenario
On the network, hosts or Layer 2 devices connected to access devices may form a loop
intentionally or involuntarily. Enable loop detection on downlink interfaces on all access
devices to avoid the network congestion generated by unlimited copies of data traffic. When a
loop is detected on an interface, the interface will be blocked.
Prerequisite
Configure physical parameters of the interface and make it Up at the physical layer.
For directly-connected devices, you cannot enable loop detection on both ends
simultaneously.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface- Enter interface configuration mode.
type interface-number
5.8.4 Maintenance
No. Command Description
1 Raisecom(config)#clear loopback-detection Clear statistics on loop detection on the
statistic [ interface-type interface-number ] interface.
Scenario
To isolate Layer 2 data among interfaces in a VLAN and implement isolation similar to
physical isolation, you need to configure interface protection.
By configuring interface protection, you can isolate data among interfaces in a VLAN,
enhance network security, and provide flexible networking scheme for users.
Prerequisite
N/A
Scenario
Port mirroring refers to mirroring packets of the specified mirroring port to the specified
monitor port or LAG without affecting packet forwarding. You can use this function to
monitor the receiving and sending status of one or more ports and analyze the network
situation.
Prerequisite
N/A
Scenario
Configuring storm control on Layer 2 devices can prevent broadcast storm when broadcast
packets increase sharply on the network. Therefore, this helps ensure that the unicast packets
can be properly forwarded. In addition, you can configure storm control to filter packets to
forward or discard packets.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
When storm control is enabled, you can configure rate limiting but rate limiting will not
take effect. After storm control is disabled, rate limiting will take effect.
Scenario
On the access device of MAN, you can configure a L2CP profile on user network interface
according to services from the carrier to configure L2CP of the user network so that L2CP
packets from the user network are processed in different ways.
Prerequisite
N/A
The multicast destination MAC address cannot begin with 0180.C2 or 010E.5E
(except 010E.5E00.0003).
VTP, PVST, ELMI, UDLD, and PAGP packets, and sends OAM
and LLDP packets to the CPU.
A new L2CP profile transparently transmits STP, Dot1x, LACP,
CDP, VTP, PVST, LLDP, ELMI, UDLD, and PAGP packets, and
sends OAM packets to the CPU.
5.13 Maintenance
Command Description
Raisecom(config)#clear mac-address { all | blackhole | Clear MAC addresses.
dynamic | static | mac-address } [ vlan vlan-id ]
[ interface-type interface-number ]
Raisecom(config)#search mac-address mac-address { all Query MAC addresses.
| dynamic | static } [ interace-type interface-
number ] [ vlan vlan-id ]
Raisecom(config)#clear arp Clear the ARP address table.
Raisecom(config-port)#clear loopback-detection Clear statistics on loop detection.
statistic
Raisecom Proprietary and Confidential
91
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 5 Ethernet
Command Description
Raisecom(config)#clear l2cp-process tunnel statistics Clear statistics on L2CP packets on
interface-type interface-number the interface.
Networking requirements
As shown in Figure 5-9, the switch is connected upstream to the IP network through Client
interface 1 on the RAX711-C to make PC 2 and PC 3 access the IP network. Configure a
static unicast MAC address on Client interface 2 for forwarding packets from the switch to
the IP network. Meanwhile, enable dynamic MAC address learning on the RAX711-C.
Configuration parameters are as below:
MAC address of the switch : 000E.5E03.0405
VLAN and type of Client interface 1: VLAN 10 and Access
Aging time of dynamic MAC addresses: 500s
Configuration steps
Step 1 Create and activate VLAN 10. Add Client interface 1 to VLAN 10.
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface client 1
Raisecom(config-client1)#switchport access vlan 10
Raisecom(config-client1)#exit
Checking results
Use the show mac-address static command to show configurations of MAC addresses.
Networking requirements
As shown in Figure 5-10, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN
20. RAX711-C A and RAX711-C B are connected through a Trunk interface and disallow
packets of VLAN 20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other.
Enable interface protection on PC 1 and PC 2 to make them fail to communicate. However,
PC 1 and PC 2 can communicate with PC 5 respectively.
Configuration steps
Step 1 Create and activate VLAN 10 and VLAN 20 on RAX711-C A and RAX711-C B respectively.
Configure RAX711-C A.
RAX711-CA#config
RAX711-CA(config)#create vlan 10,20 active
Configure RAX711-C B.
RAX711-CB#config
RAX711-CB(config)#create vlan 10,20 active
Step 2 Add Client interface 1 (Access) and Client interface 2 (Access) on RAX711-C B to VLAN 10.
Add Client interface 3 (Access) to VLAN 20. Line 1 is in Trunk mode and allows packets of
VLAN 10 to pass.
RAX711-CB(config)#interface client 1
RAX711-CB(config-client1)#switchport mode access
RAX711-CB(config-client1)#switchport access vlan 10
RAX711-CB(config-client1)#exit
RAX711-CB(config)#interface client 2
RAX711-CB(config-client2)#switchport mode access
RAX711-CB(config-client2)#switchport access vlan 10
RAX711-CB(config-client2)#exit
RAX711-CB(config)#interface client 3
RAX711-CB(config-client3)#switchport mode access
RAX711-CB(config-client3)#switchport access vlan 20
RAX711-CB(config-client3)#exit
RAX711-CB(config)#interface line 1
RAX711-CB(config-line1)#switchport mode trunk
RAX711-CB(config-line1)#switchport trunk allow vlan 10
RAX711-CB(config-line1)#exit
Step 3 Add Client interface 2 (Access) on RAX711-C A to VLAN 10 and Client interface 1 (Trunk)
to VLAN 20. Client interface 1 works in Trunk mode and allows packets of VLAN 10 to pass.
RAX711-CA(config)#interface client 2
RAX711-CA(config-client2)#switchport mode access
RAX711-CA(config-client2)#switchport access vlan 10
RAX711-CA(config-client2)#exit
RAX711-CA(config)#interface client 1
RAX711-CA(config-client1)#switchport mode trunk
RAX711-CA(config-client1)#switchport trunk native vlan 20
RAX711-CA(config-port)#exit
RAX711-CA(config)#interface line 1
RAX711-CA(config-line1)#switchport mode trunk
RAX711-CA(config-line1)#switchport trunk allow vlan 10
RAX711-CA(config-line1)#exit
Step 4 Enable interface protection on Client interface 1 and Client interface 2 on RAX711-C B.
RAX711-CB(config)#interface client 1
RAX711-CB(config-client1)#switchport protect
RAX711-CB(config-client1)#exit
RAX711-CB(config)#interface client 2
RAX711-CB(config-client2)#switchport protect
RAX711-CB(config-client2)#exit
Checking results
Use the show vlan command to show VLAN configurations.
Take RAX711-C B for example.
RAX711-CB#show vlan
Switch Mode: --
VLAN Name State Status Priority Member-Ports
-------------------------------------------------------------------------
1 VLAN0001 active static --
2 VLAN0002 active static --
3 VLAN0003 active static --
Use the show switchport interface command to show VLAN configurations on the interface.
Take RAX711-C B for example.
Use the show switchport protect command to show configurations of interface protection.
client9 disable
client10 disable
client11 disable
client12 disable
Use the ping command to learn allowable VLANs for the Trunk interface.
If PC1 can ping through PC 5, VLAN 10 communicates properly.
If PC 2 can ping through PC 5, VLAN 10 communicates properly.
If PC 3 fails to ping through PC 4, VLAN 20 communicates improperly.
By executing the ping command between PC 1 and PC 2, check configurations of interface
protection.
If PC1 fails to ping through PC 2, interface protection takes effect.
Networking requirements
As shown in Figure 5-11, RAX711-C A and RAX711-C B are connected to VLAN 100 and
VLAN 200 respectively. To communicate through the ISP, Department A and Department C,
Department B and Department D should set the outer Tag to VLAN 1000. Configure Client
interface1 and Client interface 2 on RAX711-C A and RAX711-C B working in dot1q-tunnel
mode and being connected to VLAN 100 and VLAN 200. Client interface 1 is used to connect
the ISP network, which works in Trunk mode and allows double-tagged packets to pass. The
TPID is configured to 9100.
Configuration steps
Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000.
Configure RAX711-C A.
RAX711-CA#config
RAX711-CA(config)#create vlan 100,200,1000 active
Configure RAX711-C B.
RAX711-CB#config
RAX711-CB(config)#create vlan 100,200,1000 active
Step 2 Configure Client interface 1 and Client interface 2 to work in dot1q-tunnel mode. Configure
the outer TPID to 9100.
Configure RAX711-C A.
RAX711-CA(config)#interface client 1
RAX711-CA(config-client1)#tpid 9100
RAX711-CA(config-client1)#switchport mode access
RAX711-CA(config-client1)#switchport access vlan 1000
RAX711-CA(config-client1)#dot1q-tunnel
RAX711-CA(config-client1)#exit
RAX711-CA(config)#interface client 2
RAX711-CA(config-client2)#tpid 9100
RAX711-CA(config-client2)#switchport mode trunk
RAX711-CA(config-client2)#switchport trunk native vlan 1000
RAX711-CA(config-client2)#dot1q-tunnel
RAX711-CA(config-client2)#exit
Configure RAX711-C B.
RAX711-CB(config)#interface client 1
RAX711-CB(config-client1)#tpid 9100
RAX711-CB(config-client1)#switchport mode access
RAX711-CB(config-client1)#switchport access vlan 1000
RAX711-CB(config-client1)#dot1q-tunnel
RAX711-CB(config-client1)#exit
RAX711-CB(config)#interface client 2
RAX711-CB(config-client2)#tpid 9100
RAX711-CB(config-client2)#switchport mode trunk
RAX711-CB(config-client2)#switchport trunk native vlan 1000
RAX711-CB(config-client2)#dot1q-tunnel
RAX711-CB(config-client2)#exit
RAX711-CA(config)#interface line 1
RAX711-CA(config-line1)#switchport mode trunk
RAX711-CA(config-line1)#switchport trunk allowed vlan 1000
RAX711-CA(config-line1)#exit
Configure RAX711-C B.
RAX711-CB(config)#interface line 1
RAX711-CB(config-line1)#switchport mode trunk
RAX711-CB(config-line1)#switchport trunk allowed vlan 1000
RAX711-CB(config-line1)#exit
Checking results
Use the show dot1q-tunnel command to show QinQ configurations.
Take RAX711-C A for example.
RAX711-CA(config-port)#show dot1q-tunnel
Inner TPID: 0x8100
Interface QinQ Status Outer TPID on port Cos override Vlan-map-miss
drop
-------------------------------------------------------------------------
---
client1 -- 0x8100 disable disable
client2 -- 0x8100 disable disable
client3 -- 0x8100 disable disable
client4 -- 0x8100 disable disable
line1 -- 0x8100 disable disable
line2 -- 0x8100 disable disable
vsap1 -- 0x8100 disable disable
Networking requirements
As shown in Figure 5-12, user network 1 is connected to the RAX711-C through Client
interface 1 and user network 2 is connected to the RAX711-C through Client interface 2. The
network administrator needs to monitor packets transmitted to and sent by user network 1
through the monitor PC, obtain anomalous data traffic, and analyze and address problems.
The monitor PC is connected to the RAX711-C through Client interface 3.
Configuration steps
Step 1 Create port mirroring group 1.
Raisecom#config
Raisecom(config)#mirror group 1
Raisecom(config)#interface client 3
Raisecom(config-client3)#mirror-group 1 monitor-port
Step 3 Configure Client interface 1 to the mirroring port and configure the mirroring rule to ingress.
Raisecom(config)#interface client 1
Raisecom(config-client1)#mirror-group 1 source-port ingress
Checking results
Use the show mirror-group command to show port mirroring configurations.
Raisecom#show mirror-group
Mirror Group 1 :
Monitor Port :
client3
Source Port :
client1 : ingress
Networking requirements
As shown in Figure 5-13, to control the influence of the broadcast storm on RAX711-C A,
you need to deploy storm control on RAX711-C A to control broadcast packets. The storm
control threshold is configured to 2000 pps.
Configuration steps
Configure storm control on RAX711-C A.
Raisecom#config
Raisecom(config)#interface line 1
Raisecom(config-line1)#storm-filter broadcast enable
Raisecom(config-line1)#storm-control broadcast pps 2000
Raisecom(config-port)#exit
Raisecom(config)#interface line 2
Raisecom(config-line2)#storm-filter broadcast enable
Raisecom(config-line2)#storm-control broadcast pps 2000
Checking results
Use the show storm-control command to show configurations of storm control.
Networking requirements
As shown in Figure 5-14, configure L2CP on RAX711-C A and RAX711-C B to transparently
transmit L2CP packets of Customer A and Customer B through the MAN as below.
Raisecom Proprietary and Confidential
102
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 5 Ethernet
Configuration steps
Configure RAX711-C A and RAX711-C B.
Configurations of RAX711-C A are the same as those of RAX711-C B. Take RAX711-C A
for example.
Step 1 Configure the VLAN of the carrier-side interface.
Raisecom#config
Raisecom(config)#create vlan 1000,2000 active
Raisecom(config)#interface line 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk allowed vlan 1000,2000
Raisecom(config-port)#exit
Raisecom(config)#l2cp-process profile 2
Raisecom(config-l2cpproflie)#name CustomerB
Raisecom(config-l2cpproflie)#l2cp-process protocol all action drop
Raisecom(config-l2cpproflie)#l2cp-process protocol stp action tunnel
Raisecom(config-l2cpproflie)#l2cp-process protocol lldp action tunnel
Raisecom(config-l2cpproflie)#tunnel line 1
Raisecom(config-l2cpproflie)#tunnel tunnel-type mac
Raisecom(config-l2cpproflie)#tunnel vlan 2000
Raisecom(config-l2cpproflie)#exit
Raisecom(config)#interface client 1
Raisecom(config-port)#l2cp-process profile 1
Raisecom(config-port)#interface client 2
Raisecom(config-port)#l2cp-process profile 2
Raisecom(config-port)#exit
Checking results
Use the show l2cp-process profile command to show L2CP configurations.
6 Clock synchronization
This chapter describes principles and configuration procedures of clock synchronization, and
provides related configuration examples, including the following sections:
Introduction
Configuring clock synchronization based on SyncE
Configuring PTP-based clock synchronization
6.1 Introduction
IP-based network is the development trend of network and services. At present, there are a lot
of difficulties to be encountered for changing the traditional Time Division Multiplex (TDM)
network to IP-based PTN. One significant problem is how to traverse traditional TDM
services in IP-based Packet Transport Network (PTN).
When services (such as E1/T1) are transmitted through the traditional TDM network, clock
signals can be transmitted accurately. In addition, the receiver can recover TDM services
based on the extracted clock signals. Meanwhile, the TDM line can provide the
synchronization reference clock for some networks. Therefore, how to perform clock
synchronization is a significant for deploying the PTN.
Clock synchronization is divided into 2 modes:
Frequency synchronization: has identical time interval.
Phase synchronization: has identical time interval and begin time.
The harshest requirement for clock synchronization introduced by the communication
network lies in the application of clock synchronization in the wireless scenarios. Frequencies
of signals in various base stations must be in a certain precision. Otherwise, base stations fail
when signals are being switched. Some wireless mechanisms adopt synchronous base station
technologies, such as Time Division-Synchronous Code Division Multiple Access (TD-
SCDMA) or Code Division Multiple Access 2000 (CDMA2000). These wireless mechanisms
have higher requirements on phase synchronization.
At present, Synchronous Ethernet (SyncE) is used to synchronize frequency of devices at the
physical layer. Synchronous Ethernet synchronize phases of devices in the network through
the clock synchronization technology based on Institute of Electrical and Electronics
Engineers (IEEE) 1588v2 protocol.
6.1.1 SyncE
Physical-layer synchronization technologies are widely used in the traditional TDM network.
Each node can extract clock signals from the physical link or the external synchronization
interface. It selects the clock source with best quality from multiple clock sources, takes it as
the local clock, and transmits it to the downstream devices. Therefore, it synchronizes clocks
of all devices to the master reference clock by locking the host.
SyncE adopted by the PTN has similar principles, as shown in Figure 6-1. iTN B selects the
clock signal with highest quality level as the clock source (the TDM device in Figure 6-1)
based on Synchronization Status Message (SSM). And then iTN B sends the received highly-
accurate clock signals through the physical-layer chip. Based on the clock data recovery
technology integrated in the physical-layer chip, iTN A recovers the clock signals from the
serial data flow and then transmits the clock signals to the clock subcard. After being
processed by the clock subcard, these clock signals are sent to other clocks through interfaces.
Therefore, upstream clocks and downstream clocks are cascaded and clock synchronization is
realized on the PTN.
The clock synchronization mechanism of SyncE is mature and reliable. It can meet timing
interface metrics defined by International Telecommunications Union - Telecommunication
Standardization Sector (ITU-T) G.832. In addition, it cannot be influenced by network load
changes.
However, because clock signals are transmitted along the clock link, SyncE requires all paths
of the clock link to have the synchronous Ethernet feature.
Scenario
In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot
when sending the digital pulse signal and the receiver can extract the pulse from the specified
timeslot. To realize this, you must resolve the synchronization problem.
SyncE can perform clock synchronization in the PTN. Because it does not support phase
synchronization but frequency synchronization only, SyncE is applied for the base station,
fixed network TDM relay, leased clock network relay, and wireless base stations which have
no requirement on phase synchronization, such as Global System for Mobile Communications
(GSM) and Wideband Code Division Multiple Access (WCDMA).
The RAX711-C supports selecting the optimum clock source automatically. You just need to
configure clock source properties of SyncE. In addition, the RAX711-C supports selecting the
specified clock source manually.
Prerequisite
N/A
Scenario
SyncE supports frequency synchronization only. PTP supports both frequency
synchronization and phase synchronization. Therefore, PTP is suitable for scenarios which
have requirements on frequency synchronization and phase synchronization, such as clock
synchronization of TD-SCDMA/CDMA200 base stations.
Generally, the RAX711-C, as the TC device, can perform PTP clock synchronization with
upstream and downstream devices when PTP clock synchronization is configured globally or
on interfaces of the RAX711-C.
Prerequisite
N/A
7 Network reliability
This chapter describes principles and configuration procedures of network reliability, and
provides related configuration examples, including the following sections:
Introduction
Configuring ELPS
Configuring ERPS
Configuring link aggregation
Configuring interface backup
Configuring link-state tracking
Configuration examples
7.1 Introduction
Ethernet is widely used because of its simplicity, high-efficiency and low-cost features. For a
long time, the reliability is one major factor that restricts the development of traditional
Ethernet in Telecom network. The poor reliability is related to the packet feature of carried
services and the mechanism of Ethernet.
Traffics of packet services are transmitted in burst mode, which is difficult for maintain stable
service traffic. As two significant features of Ethernet, the Statistical Time Division
Multiplexing (STDM) technology and MAC address learning mechanism improve the
utilization rate of channels and devices. However, they also bring uncertainty to service
bandwidth and service paths.
To enhance the reliability of Ethernet and to meet the requirements on the Telecom network,
you can deploy specified reliability technology in the Ethernet. Network reliability
technologies supported by the RAX711-C include link aggregation, interface backup,
Ethernet Linear Protection Switching (ELPS), Ethernet Ring Protection Switching (ERPS),
and link-state tracking.
7.1.1 ELPS
Introduction
Ethernet Linear Protection Switching (ELPS) is an end-to-end protection technology based on
Automatic Protection Switching (APS) protocol of the ITU-TG.8031 recommendation. It is
used to protect an Ethernet connection. It can be applied to various network structures, such
as the ring network.
APS packet is a kind of Connectivity Fault Management (CFM) packet. It is an APS packet
when the OpCode value in the CFM packet is configured to 0x39. The outer structure of the
APS packet is defined by the ITU-T Y.1731. Based on this, the G.8031 defines APS specific
information by using 4 bytes. Figure 7-1 shows the structure of the APS packet.
As shown in Figure 7-1, the MEL field is inserted with the Maintenance Entity Group (MEG)
level of the APS packet. For descriptions about the Version, OpCode, Flags, and END TLV,
see ITU-T Y.1731 and their values are listed in Figure 7-1. Table 7-1 describes fields in the
APS specific information.
The G.8031 defines 1+1 protection switching and 1:1 protection switching. ELPS technology
takes a simple, fast, and predictable mode to realize network resource switching, easier for
Carrier to plan network more efficiently and learn network active status.
1+1 protection switching: each working line is assigned with a protection line. Generally, in
the protection domain, the source end sends traffic through the working and protection lines
while the destination end receives the traffic from one line. The destination end selects the
working/protection line based on some pre-configured standard, such as the server failure
indication. Services are switched to the protection line directly when the working line fails.
1:1 protection switching: each working line is assigned with a protection line. The source
end sends traffic through the working/protection line. Generally, the source sends traffic
through the working line. The protection line is a backup line. When the working line
fails, the source end and destination end communicate through APS protocol to switch
traffic to the protection line simultaneously. Based on whether the source end and
destination end switch traffic simultaneously, ELPS is divided into unidirectional
switching and bidirectional switching:
Unidirectional switching: as shown in Figure 7-3, when one direction of a line fails, one
end can receive the traffic while the other end fails to receive the traffic. The end failing
to receive the traffic detects a fault and switches the traffic. And the other end does not
detect the fault and switch traffic. Therefore, both ends may receive the traffic through
different lines.
Bidirectional switching: when a line fails, even in one direction, both ends communicate
through APS protocol to switch traffic to the protection line. Therefore, both ends
receive and send the traffic through the same line.
Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices
Detect faults based on CFM: suitable for multi-device crossing detection
Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM
The RAX711-C supports 1:1 bidirectional protection switching, 1+1 bidirectional protection
switching, and 1+1 unidirectional protection switching, and these 3 fault detection modes.
7.1.2 ERPS
Introduction
Ethernet Ring Protection Switching (ERPS) is a protection switching technology based on the
Ring Automatic Protection Switching (R-APS) protocol of the ITU-TG.8032 recommendation.
It is used in Ethernet rings. Generally, ERPS can avoid broadcast storm caused by data
loopback in Ethernet rings. When a link/device on the Ethernet ring fails, traffic can be
quickly switched to the backup link to ensure restoring services quickly.
Similar to the ELPS APS packet, R-APS packet is a CFM packet, which is defined by the
Y.1731 and G.8032. Figure 7-4 shows the structure of the R-APS packet.
Related concepts
Properties (level, domain name, MA name, and VLAN ID) of all CFM domains must
be identical. Otherwise, ERPS ring fails to be established.
During ERPS protection switching process, 3 timers are used.
Guard Timer: it is used to filter outdated R-APS packets to avoid error protection
switching actions on the node. When the Guard Timer is running, received R-APS
packets will be discarded.
WTR Timer: the WTR Timer on the RPL Owner begins to time when the working line
recovers from a fault. In addition, a WTR running signal is output during the WTR
Timer running process. Services are switched back to the working line when the WTR
Timer times out. The WTR Timer is used to avoid frequent switching caused by
unstable working line.
Holdoff Timer: it is used to coordinate other protection switching coexisting with the
link protection. When one or more new faults are detected, the Holdoff Timer is
triggered. During the Holdoff Timer running process, the system will detect the link
status regardless of whether the fault that triggers the Holdoff Timer exists. The system
will report the fault to ERPS if it exists.
As shown in Figure 7-6, when the Ethernet ring network is in idle state, links have the
following features:
All nodes are connected to form a ring.
The ERPS protocol sends NR/RB signals continuously through the RPL Owner. The
NR/RB signal indicates that no fault is generated. The RPL is blocked to avoid a
loopback.
Connected nodes use the OAM CCM packet to monitor links.
When a fault is generated during on the Ethernet ring, the ERPS protocol uses the
Y.1731 SF type to trigger protection switching.
As shown in Figure 7-7, when a fault is detected, the system enables APS to enter the
protection state.
After the Holdoff Timer times out, the node connected to the failed link blocks the link
and sends the SF signal to notify other nodes of the fault. As shown in Figure 7-7,
when the link between Nodes D and E fails, the Nodes D and E send the SF signal to
other nodes respectively.
The SF signal triggers the RPL Owner to open the RPL interface and triggers all nodes
to clear the FDB. And then the link enters the protection state.
When a fault is recovered, the links performs fault recovery switching:
Nodes connected to the failed link are stilled blocked. After the Guard Timer times out.
Nodes D and E send R-APS NR signals, which indicates no local fault request.
When receiving the first NR signal, the RPL Owner enables the WTR timer
immediately.
After the WTR Timer times out. The RPL Owner blocks the RPL and sends the R-APS
signal (NR/RB), which indicates no local fault request. The RPL link is blocked.
After receiving the R-APS signal (NR/RB), other nodes refresh the FDB. The Node
sending the NR signal will stop sending the packet periodically and release the blocked
interface.
All nodes on the link return to the idle state.
Tributary ring
The revision of the G.8032 provides the protection mechanism of Ethernet multi-ring. The
tributary ring is an attached ring of the existing ring. It is connected with other rings/network
through an interconnected node (node connecting multiple rings). The tributary ring is not
closed. And interconnected node does not belong to the tributary ring.
As shown in Figure 7-8, nodes B and C are interconnected nodes. The channel connecting the
2 interconnected nodes is called the R-APS virtual channel. The R-APS virtual channel is
used for the intersecting node on the intersecting ring.
If an intersection ring has a R-APS virtual channel, the main ring provides a virtual channel
for APS packets of the tributary ring. It means that APS packets of the tributary ring will be
transmitted to the main ring. Otherwise, the main ring does not provide a virtual channel for
ARP packets of the tributary ring and APS packets of the tributary ring are terminated at the
intersecting node.
The main ring and tributary ring are taken as 2 rings. Each ring is configured with a RPL
Owner. Protection switching of the multi-ring is similar to the one of the single ring. Each
ring processes its own fault. When a shared link fails, the main ring is switched to the
protection state while no action is performed on the tributary ring.
Introduction
Link aggregation is a load balancing technology. With link aggregation, multiple physical
Ethernet interfaces are combined to form a logical aggregation group. Multiple physical links
in one aggregation group are taken as a logical link. Link aggregation helps share traffic
among member interfaces in an aggregation group. These aggregated links can back up data
for each other dynamically. In addition to effectively improving the reliability on links
between devices, link aggregation can help gain greater bandwidth without upgrading
hardware. For related protocols, see IEEE 802.3ad.
Among Ethernet reliability technologies, link aggregation is the most widely-used and
simplest one.
As shown in Figure 7-9, RAX711-C A and RAX711-C B are connected through 2 Ethernet
physical links. You can bind these 2 links to form a logical link Aggregation 1. This logical
link has the following advantages:
Improving link reliability: members in the link aggregation group can back up data for
each other dynamically. When a link fails, the other links can replace it to improve link
reliability effectively.
Increasing link capacity: by binding multiple physical links, you can get greater
bandwidth without upgrading the existing device. The capacity of a physical link equals
to the sum capacity of all physical links.
Balancing load: traffic is distributed to different members based on some algorithm, to
implement link-level load balancing.
Optimizing network management: member interfaces in a LAG are managed as a logical
interface.
Saving IP addresses: only one IP address is required for a LAG without configuring IP
addresses for member interfaces in the LAG.
In link aggregation, multiple Ethernet interfaces are bound to a LAG. These Ethernet
interfaces are called member interfaces and the logical interface is named as the Trunk
interface. The number of LAGs supported by devices is different. In addition, the number of
member interfaces supported by the LAG varies on the device.
The RAX711-C supports up to 11 LAGs and each LAG supports up to 8 member interfaces. A
LAG should contain 1–8 active interfaces.
LACP
Link Aggregation Control Protocol (LACP) is a protocol based on the IEEE 802.3ad. LACP
communicates with the peer through Link Aggregation Control Protocol Data Unit
(LACPDU). After being enabled with LACP, an interface notifies the peer of its system LACP
priority, system MAC address, interface LACP priority, interface ID, and operation key by
sending LACPDU to the peer.
After receiving the LACPDU, the peer compares its information with the ones received by
other interfaces to select an active interface. Therefore, both interfaces work in active mode.
Member interfaces in a LAG are in 2 states: active and standby. Active interfaces can
participate into forwarding user data while standby interfaces fails to do so. Each member
interface in a LAG has an operation key, which indicates the aggregation capability of the
member interface. The operation key is a configuration combination automatically generated
by the LAG based on configurations of the interface (including the speed, duplex mode,
Up/Down status, and basic configurations). The operation key will be re-calculated when any
item in the configuration combination changes. Member interfaces in a LAG must have the
identical operation key.
Interface status
Member interfaces in a LAG have two kinds of statuses:
Active status: send/receive LACP packets and forward user data. This kind of interfaces
is called the LAG active interface.
Standby status: send/receive LACP packets, but does not forward user data. This kind of
interfaces is called the LAG backup interface.
The RAX711-C supports 11 LAGs. Each LAG supports up to 8 member interfaces.
In this mode, multiple physical interfaces are added to a LAG to form a logical interface.
Links connected to the logical interface share the traffic.
Static LACP aggregation mode
It is a mode of the LACP. In this mode, you must enable LACP in advance. The
Selection Logic of the LACP decides how to select the Trunk interface,
Dynamic LACP aggregation mode
In this mode, you must enable LACP in advance. The system creates and deletes the
LAG and member interfaces automatically. Interfaces cannot be aggregated dynamically
unless the following requirements are met:
– Basic configurations of interfaces are identical.
– Speed and duplex configurations of interfaces are identical.
– Interfaces are connected to the same device.
– The peer interfaces meet these requirements.
The RAX711-C supports manual aggregation and static LACP aggregation modes.
Load balancing
Load balancing is a cluster technology used to enhance the capability for processing services
and ensure service reliability by sharing traffic among multiple devices/links. If an interface
meets all requirements for an active interface, the interface will be the active interface of a
LAG. Therefore, the interface can share traffic with other active ones based on the link
aggregation load balancing mode or load balancing algorithm,
The load balancing algorithm is realized by directly mapping or mapping based on the CRC
Hash value of the MAC address.
With different load balancing modes and their combination, interfaces can share traffic in a
LAG. There are 6 load balancing modes:
Load balancing based on source MAC address
Load balancing based on destination MAC address
Load balancing based on XOR result of the source and destination MAC addresses
Load balancing based on source IP address
Load balancing based on destination IP address
Load balancing based on XOR result of the source and destination IP addresses
Introduction
Interface backup refers to that two interfaces on a device work in primary/backup mode.
Under normal conditions, the primary interface transmits services while the backup interface
works as backup. When the primary interface or link fails and thus service transmission fails,
the backup interface will work. In this way, network reliability is enhanced.
In dual uplink networking, Spanning Tree Protocol (STP) is used to block the redundancy link
and implement backup. Though STP can meet users' backup requirements, it fails to meet
performance requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the
convergence is second level only. This is poor performance for the high-end Ethernet device
as the core of the carrier-grade network.
Interface backup, targeted for dual uplink networking, implements backup and fast
convergence. It is designed for the dual uplink networking application to ensure the
performance and simplify configurations.
You can achieve link redundancy by manually configuring interface backup when
STP is disabled. Interface backup and STP cannot be concurrently enabled.
Interface backup works based on an interface backup group which contains a primary
interface and a backup interface, wherein:
The link with the primary interface is the primary link.
The link with the backup interface is the backup link. Under normal conditions, the
primary link is in Standby status, and serves as backup.
The primary or backup interface in the interface backup group can be a physical interface or a
LAG interface.
In the interface backup group, one interface is Up while the other is Standby. At any time,
only one interface can be in forwarding status. When the forwarding interface is faulty, the
backup interface can be transit to the forwarding status to resume the link.
Principles
As shown in Figure 7-10, Line 1 and Line 2 on iTN A are connected to their uplink devices
respectively. The interface forwarding status is as below:
Under normal conditions, Line 1 is the primary interface while Line 2 is the backup
interface. Line 1 and its uplink device forward packets while Line 2 and its uplink device
do not forward packets.
When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 and its
uplink device forward packets.
When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 restores
to forwarding packets and Line 2 restores to standby status.
When a switching between the primary interface and backup interface occurs, the iTN A
sends a Trap to the NView NNM system.
By applying interface backup to different VLANs, you can make 2 interfaces forward packets
simultaneously in different VLANs. As shown in Figure 7-11, by configuring a VLAN and
adding interfaces to the VLAN, you can realize VLAN-based interface backup.
Scenario
To make the Ethernet reliability reach telecom-grade (network self-healing time less than
50ms), you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It
is an end-to-end protection technology.
ELPS provides 3 modes to detect a fault.
Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.
Detect faults based on CFM: suitable for multi-device crossing detection.
Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM.
Prerequisite
Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
Create the management VLAN and VLANs of the working and protection interfaces.
Configure CFM detection between devices (preparing for CFM detection mode).
Fault detection modes of the working line and protection line can be different.
However, we recommend that fault detection mode configurations of the working
line and protection line keep consistent.
When configuring end-to-end fault detection mode for the working/protection line,
we do not recommend using the physical link detection mode if there are other
devices along the link. We recommend using the CC fault detection mode.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet line- Configure the fault detection mode of the working
protection line-id { working | line/protection line to failure-detect physical-link.
protection } failure-detect
physical-link By default, the fault detection mode is configured to failure-
detect physical-link.
Raisecom(config)#ethernet line- Configure the fault detection mode of the working
protection line-id { working | line/protection line to failure-detect cc.
protection } failure-detect cc
[ md md-name ] ma ma-name level This fault detection mode cannot take effect unless you
level mep local-mep-id remote- finish related configurations on CFM.
mep-id
Raisecom(config)#ethernet line- Configure the fault detection mode of the working
protection line-id { working | line/protection line to failure-detect physical-link-or-cc.
protection } failure-detect
physical-link-or-cc [ md md- In this mode, it believes that the link fails when a fault is
name ] ma ma-name level level detected on the physical link/CC.
mep local-mep-id remote-mep-id This fault detection mode cannot take effect unless you
finish related configurations on CFM.
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ELPS switching control in some special
cases.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet line- Lock protection switching. After this
protection line-id lockout configuration, the traffic is not switched to the
protection line even the working line fails.
3 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id force-switch protection line forcedly.
4 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id manual-switch protection line manually. Its priority is lower
than the one of forced switch and APS.
5 Raisecom(config)#ethernet line- In non-revertive mode, switch the traffic from
protection line-id manual-switch-to-work the protection line to the working line.
After you perform the MS-W operation (Traffic is switched from the protection line
back to the working line.), if a fault/recovery event occurs or if other protection group
commands, such as lockout, force-switch, or manual-switch, are executed, both ends
of the protection group may select different lines. In this case, you should use the
clear ethernet line-protection line-id end-to-end command command to delete
configured protection group command to make both ends of the protection group
select the identical line.
Scenario
With development of Ethernet to Telecom-grade network, voice and video multicast services
bring higher requirements on Ethernet redundant protection and fault-recovery time. The
fault-recovery time of current STP system is in second level that cannot meet requirements.
By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast
storm in normal condition. Therefore, the traffic can be quickly switched to the protection line
when working lines or nodes on the ring fail. This helps eliminate the loopback, perform
protection switching, and automatically recover from faults. In addition, the switching time is
shorter than 50ms.
The RAX711-C supports the single ring, intersecting ring, and tangent ring.
ERPS provides 2 modes to detect a fault:
Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.
Detect faults based on CFM: suitable for unidirectional detection or multi-device
crossing detection.
Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM.
Prerequisite
Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
Create the management VLAN and VLANs of the working and protection interfaces.
Configure CFM detection between devices (preparing for CFM detection mode).
Only one device on the protection ring can be set to the Ring Protection Link (RPL)
Owner and one device is configured to RPL Neighbor. Other devices are
configured to ring forwarding nodes.
In actual, the tangent ring consists of 2 independent single rings. Configurations
on the tangent ring are identical to the ones on the common single ring. The
intersecting ring consists of a main ring and a tributary ring. Configurations on the
main ring are identical to the ones on the common single ring. For details about
configurations on the tributary ring, see section 7.3.3 (Optional) creating ERPS
protection tributary ring.
Step Command Description
1 Raisecom#config Enter global configuration mode.
Only the intersecting ring consists of a main ring and a tributary ring.
Configurations on the main ring are identical to the ones on the single ring/tangent
ring. For details, see section 7.3.2 Creating ERPS protection ring.
Configurations of non-intersecting nodes of the intersecting ring are identical to
the ones on the single ring/tangent ring. For details, see section 7.3.2 Creating
ERPS protection ring.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet ring- Create the tributary ring on the intersecting node
protection ring-id east interface-type and set the intersecting node to the RPL Owner.
interface-number west interface-type
interface-number node-type rpl-owner By default, the protocol VLAN is configured to 1.
rpl { east | west } ] [ not- Blocked VLANs range from 1 to 4094.
revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ERPS switching control in some special
cases.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet Switch the traffic on the protection ring to the west/east
ring-protection ring-id force- interface forcedly.
switch { east | west }
east: block the east interface.
west: block the west interface.
3 Raisecom(config)#ethernet Switch the traffic on the protection ring to the west/east
ring-protection ring-id interface manually. Its priority is lower than the one of
manual-switch { east | west } forced switch and APS.
Scenario
When needing to provide greater bandwidth and reliability for a link between two devices,
you can configure manual or static LACP link aggregation.
Prerequisite
Configure physical parameters of the interface and make the physical layer Up.
In a LAG, member interfaces that share loads must be identically configured. Otherwise,
data cannot be forwarded properly. These configurations include QoS, QinQ, VLAN,
interface properties, and MAC address learning.
– QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue,
WRR queue scheduling, WFQ queue, interface priority, and interface trust mode.
– QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer
VLAN Tags for different inner VLAN IDs.
– VLAN: the allowed VLAN, default VLAN, and the link type (Trunk, Hybrid, and
Access) on the interface, and whether VLAN packets carry Tag.
– Interface properties: speed, duplex mode, and link Up/Down status.
– MAC address learning: MAC address learning status and MAC address limit.
In a static LACP LAG, a member interface can be an active/standby one. Both the
active interface and standby interface can receive and send LACPDU. However,
the standby interface cannot forward user packets.
The system selects a default interface based on the following conditions in order:
whether the neighbor is discovered, maximum interface rate, highest interface
LACP priority, smallest interface ID. The default interface is in active status.
Interfaces, which have the same rate, peer device, and operation key of the
operation key with the default interface, are in active status. Other interfaces are
in standby status.
Scenario
Interface backup can realize redundancy backup and fast switching of primary and backup
links, VLAN-based interface backup can realize load balancing among different interfaces.
Interface backup ensures millisecond level switching and simplifies configurations.
Prerequisite
Create a VLAN.
Add interfaces to the VLAN.
After FS is successfully configured, the primary and backup links will be switched.
The working link is switched to the protection link. For example, when both the
primary and backup interfaces are in Up status, if the data is being transmitted
through the primary link, data will be switched from the primary link to the backup
link after forced switch is performed.
In the CLI, the backup interface ID is an optional parameter. If the primary
interface is configured with multiple interface backup pairs, you should input the
backup interface ID.
Step Command Description
1 Raisecom#config Enter global configuration mode.
Scenario
When the uplink of the middle device fails and the middle device fails to inform the downlink
devices of the fault, the traffic cannot be switched to the backup line. This may cause traffic
break.
Link-state tracking is used to add the uplink interfaces and downlink interfaces of the middle
device to a link-state group. In addition, it is used to monitor the uplink interfaces.
When all uplink interfaces fail, downlink interfaces are in Down status. When one failed
uplink interface recovers from the fault, all downlink interfaces are in Up status. Therefore,
faults of the uplinks can be notified to the downlink devices in time. If downlink interfaces
fail, uplink interfaces still work properly.
Prerequisite
Connect interfaces, configure physical parameters of the interfaces, and make the physical
layer Up.
Networking requirements
As shown in Figure 7-13, to improve the reliability of the link between RAX711-C A and
RAX711-C B, you can configure manual link aggregation on RAX711-C A and RAX711-C B.
Add Client interface 1 and Client interface 2 to a LAG to form a single logical interface. The
LAG performs load balancing according to the source MAC address.
Configuration steps
Configuration procedures for RAX711-C A and RAX711-C B are identical. In this section,
take configurations on RAX711-C A for example.
Step 1 Create a manual LAG.
Raisecom#hostname RAXA
RAXA#config
RAXA(config)#interface port-channel 1
RAXA(config-port-channel1)#mode manual
RAXA(config-port-channel1)#exit
RAXA(config)#interface client 1
RAXA(config-client1)#port-channel 1
RAXA(config-port)#exit
RAXA(config)#interface client 2
RAXA(config-client2)#port-channel 1
RAXA(config-client2)#exit
RAXA(config)#interface port-channel 1
RAXA(config-port-channel1)#load-sharing mode scr-mac
Checking results
Use the show port-channel command to show global configurations on manual link
aggregation.
RAXA#show port-channel
Group 1 information:
Mode : Manual Load-sharing mode : src-dst-mac
MinLinks: 1 Max-links : 4
UpLinks : 0 Priority-Preemptive: Disable
Member Port: client1 client2
Networking requirements
As shown in Figure 7-14, to enhance network reliability, RAX711-C B is connected to
RAX711-C A and RAX711-C C through Link 1 and Link 2 respectively. Link 1 is the primary
line and Link 2 is the backup line. Link 2 does not forward data unless Link 1 fails.
RAX711-C A is connected upstream to the IP network in link aggregation mode. When all
uplinks of RAX711-C A fail, RAX711-C A should inform RAX711-C B of the fault to switch
the traffic to the backup line in time. Therefore, you need to deploy link-state tracking on
RAX711-C A.
Configure interface-based link-state tracking on Line interface 1 on RAX711-C A so that the
RAX711-C A will block VLAN 10 upon uplink faults.
Configuration steps
Step 1 Create a link-state group.
Raisecom(config)#link-state-tracking group 1
Raisecom(config)#interface line 1
Raisecom(config-port)#link-state-tracking group 1 upstream
Raisecom(config)#interface client 1
Raisecom(config-port)#link-state-tracking group 1 downstream
Step 4 Configure the action taken for link-state tracking to blocking VLAN 10 of Line interface 1.
Checking results
Use the show link-state-tracking group command to show configurations of the link-state
group.
Networking requirements
As shown in Figure 7-15, to improve the reliability of the link between RAX711-C A and
RAX711-C B, you can configure static LACP link aggregation on RAX711-C A and
RAX711-C B. Add Client 1 and Client 2 to a LAG to form a logical interface.
Configuration steps
Step 1 Configure the static LACP LAG on RAX711-C A, and configure RAX711-C A to the active
end.
Raisecom#hostname RAXA
RAXA#config
RAXA(config)#lacp system-priority 1000
RAXA(config)#interface port-channel 1
RAXA(config-port-channel1)#mode lacp
RAXA(config-port-channel1)#exit
RAXA(config)#interface client 1
RAXA(config-client1)#port-channel 1
RAXA(config-client1)#lacp port-priority 1000
RAXA(config-client1)#lacp mode active
RAXA(config-client1)#exit
RAXA(config)#interface client 2
RAXA(config-client2)#port-channel 1
RAXA(config-client2)#lacp mode active
RAXA(config-client2)#exit
Raisecom#hostname RAXB
RAXB#config
RAXB(config)#interface port-channel 1
RAXB(config-port-channel1)#mode lacp
RAXB(config-port-channel1)#exit
RAXB(config)#interface client 1
RAXB(config-client1)#port-channel 1
RAXB(config-client1)#exit
RAXB(config)#interface client 2
RAXB(config-client2)#port-channel 1
RAXB(config-client2)#exit
Checking results
Use the show port-channel command on RAX711-C A to show global configurations on
static LACP link aggregation.
RAXA#show port-channel 1
Group 1 information:
Mode : Lacp Load-sharing mode : src-dst-mac
MinLinks: 1 Max-links : 8
UpLinks : 0 Priority-Preemptive: Disable
Member Port: client1 client2
Efficient Port:
8 OAM
This chapter describes principles and configuration procedures of OAM, and provides related
configuration examples, including the following sections:
Introduction
Configuring EFM
Configuring CFM
Configuring SLA
Configuring Y.1564
Maintenance
8.1 Introduction
Initially, Ethernet is designed for LAN. Operation, Administration, and Maintenance (OAM)
is weak because of its small size and a NE-level administrative system. With continuous
development of Ethernet technology, the application scale of Ethernet in Telecom network
becomes wider and wider. Compared with LAN, the link length and network size of Telecom
network is bigger and bigger. The lack of effective management and maintenance mechanism
has seriously obstructed Ethernet technology applying to the Telecom network.
To confirm connectivity of Ethernet virtual connection, effectively detect, confirm, and locate
faults on network, measure network utilization and network performance, and provide service
according Service Level Agreement (SLA), implementing OAM on Ethernet has becoming an
inevitable developing trend.
8.1.1 EFM
Complying with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level
Ethernet OAM technology. It provides link connectivity detection, link fault monitoring,
remote fault notification, and so on, for a link between two directly connected devices. EFM
is mainly used for Ethernet links on edges of the network accessed by users.
In the discovery phase, a connected Ethernet OAM entity (interface enabled with OAM)
informs others of its Ethernet OAM configurations and Ethernet OAM capabilities supported
by the local node by exchanging information OAM PDU. After the OAM entity receives
parameters of the peer, it decides whether to establish OAM connection. If both ends agree on
establishment of the OAM connection, Ethernet OAM protocol will work on the link layer.
The RAX711-C can choose one of the following 2 modes to establish Ethernet OAM
connection:
Active mode
Passive mode
Only the OAM entity in active mode can initiate OAM connection while the OAM entity in
passive mode just waits for connection request of the active OAM entity.
After the OAM connection is established, both ends keep connected by exchanging
information OAM PDU. If an OAM entity does not receive information OAM PDU within 5s,
it believes that connection expires and connection re-establishment is required.
OAM loopback
OAM loopback occurs only after the Ethernet OAM connection is established. When
connected, the active OAM entity initiates the OAM loopback command, and the peer OAM
entity responds to the command.
When the remote OAM entity is in loopback mode, all packets but OAM PDU packets are
sent back. By observing the returned PAMPDU packets, the network administrator can judge
the link performance (including packet loss ratio, delay, and jitter).
As shown in Figure 8-1, Line interface 1 on RAX711-C A works in active mode. After the
802.3ah OAM connection between RAX711-C A and RAX711-C B is established, enable
remote loopback on Client 1.
The process for OAM loopback is as below:
Step 1 RAX711-C A sends a Loopback Control OAM PDU packet with the Enable information to
RAX711-C B, and waits for response.
Step 2 After receiving the Loopback Control OAM PDU packet with the Enable information,
RAX711-C B replies the Information OAM PDU packet to RAX711-C A, and enters the
loopback state.
Step 3 After receiving the response, RAX711-C A sends a non-OAM PDU test packet to RAX711-C
B.
Step 4 After receiving a non-OAM PDU test packet, RAX711-C B sends it back to RAX711-C A.
Stop OAM loopback as below:
Step 1 If RAX711-C A needs to stop remote loopback, it sends a Loopback Control OAM PDU
packet with the Disable information to RAX711-C B.
Step 2 After receiving the Loopback Control OAM PDU packet with the Disable information,
RAX711-C B exits from loopback state and sends an Information OAM PDU packet to
RAX711-C A.
You can troubleshoot the RAX711-C through loop detection in different phases.
OAM events
Detecting Ethernet failures is difficult, especially when the physical communication works
properly while the network performance deteriorates slowly. A flag is defined in OAM PDU
packet to allow an OAM entity to transmit fault information to the peer. The flag may stand
for the following threshold events:
Link fault: signals from the peer are lost.
Dying gasp: an unpredictable event occurs, such as power failure.
Critical event: an uncertain critical event occurs.
The RAX711-C does not support dying gasp and critical event detection.
In the OAM connection, an OAM entity keeps sending Information OAM PDUs. The local
OAM entity can inform the peer OAM entity of threshold events through Information OAM
PDUs. In this way, the network administrator can learn the link state and take actions
accordingly.
The network administrator monitors Ethernet OAM through the Event Notification OAM
PDU. When a link fails, the local OAM entity detects the failure, and actively sends Event
Notification OAM PDU to the peer active OAM entity to inform the following threshold
events. Therefore, the network administrator can dynamically master the network status
through the link monitoring process.
Error frame event: the number of error frames exceeds the threshold in a time unit.
Error frame period event: the number of error frames exceeds the threshold in a period
(specified N frames).
Error frame second event: the number of error frames in M seconds exceeds the
threshold. The second when an errored frame is generated is called the erroed frame
second.
Error symbol period event: the number of error symbols received in a period (monitor
window) exceeds the threshold.
8.1.2 CFM
To extend the Ethernet technology application in the telecom-class network, the Ethernet
needs to reach the same service level with the carrier-class transmission network.
Connectivity Fault Management (CFM) solves this problem by providing the comprehensive
OAM tools for the telecom-class Ethernet.
CFM, a network-level Ethernet OAM technology, implements end-to-end connectivity fault
detection, fault reporting, fault judgement, and fault positioning. It is used to diagnose fault
actively for Ethernet Virtual Connection (EVC), provide cost-effective network maintenance
solutions, and improve network maintenance through the fault management function.
The RAX711-C provides CFM compatible with both ITU-Y.1731 and IEEE 802.1ag
standards.
CFM consists of following components:
MD
Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that
runs CFM. It defines network range of OAM management. MD has a level property, with 8
levels (level 0 to level 7). The bigger the number is, the higher the level is and the larger the
MD range is. Protocol packets in a lower-level MD will be discarded after entering a higher-
level MD. If no Maintenance association End Point (MEP) but a Maintenance association
Intermediate Point (MIP) is in a high-level MD, the protocol can traverse the higher-level MD.
However, packets in a higher-level MD can traverse lower-level MDs. In the same VLAN
range, different MDs can be adjacent, embedded, but not crossed.
As shown in Figure 8-2, MD 2 is in MD 1. Packets in MD 1 need to traverse MD 2.
Configure MD 1 to be at level 6, and MD 2 to be at level 3. Then packets in MD 1 can
traverse MD 2 and implement connectivity fault management of the whole MD 1. However,
packets in MD 2 cannot diffuse into MD 1. In actual applications, MD 2 is a server layer
while MD 1 is a client layer.
MA
MIP
As shown in Figure 8-3, the MIP is the internal node of a service instance, which is
automatically created by the device. MIP cannot actively send CFM packets but can process
and response to Link Trace Message (LTM) and LoopBack Message (LBM) packets.
MP
MEP and MIP are called Maintenance Point (MP).
CFM provides the following OAM functions:
Fault detection (Continuity Check, CC)
The function is realized by periodically sending Continuity Check Messages (CCMs). One
MEP sends CCM and other MEPs in the same service instance can verify the RMEP status
when receiving this packet. If MEPs cannot properly receive CCMs sent by RMEPs during
Raisecom Proprietary and Confidential
150
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 8 OAM
3.5 CCM intervals or CCMs have errors checked by CC, it is believed that the link fails. Then
a fault Trap will be sent according to configured alarm priority.
Fault acknowledgement (LoopBack, LB)
This function is used to verify the connectivity between two MPs through the source MEP
sending LoopBack Message (LBM) and the destination MP sending LoopBack Reply (LBR).
After checking the fault, the administrator manually confirms whether the fault occurs or not
to prevent misinformation. The source MEP sends a LBM to certain destination MP who
needs to acknowledge a fault. When receiving the LBM, the destination MP sends a LBR to
the source MEP. If the source MEP receives this LBR, it is believed that the route is reachable.
Otherwise, a connectivity fault occurs.
Fault location (LinkTrace, LT)
The source MEP sends LinkTrace Message (LTM) to the destination MP and all MPs on the
LTM transmission route will send a LinkTrace Reply (LTR) to the source MEP. By recording
valid LTR and LTM, this function can be used to locate faults.
Alarm Indication Signal (AIS)
This function is used to inhibit alarms when a fault is detected at the server layer (sub-layer).
When detecting a fault, the MEP (including the server MEP) sends an AIS frame to the client
MD. By transmitting ETH-AIS frames, the device can inhibit or stop an alarm on MEP (or
server MEP).
When receiving an AIS frame, the MEP must inhibit alarms for all peer MEPs regardless of
connectivity, because this frame does not include information about MEPs that are at the same
level with the failed MEP. With AIS, the device can inhibit the alarm information at client
level when the server layer (sub-layer) fails. Therefore, the network is easy for maintenance
and management.
Ethernet lock signal (Lock, LCK)
This function is used to notify managed lock and service interruption of server layer (sub-
layer) MEPs. The data traffic is sent to a MEP that expects to receive it. This function helps
the MEP that receives ETH-LCK frame to identify a fault. It is a managed lock action for
server layer (sub-layer) MEP. Lock is an optional OAM management function. One typical
scenario for applying this function is to perform detection when services are interrupted.
In general, CFM is an end-to-end OAM technology at the server layer. It helps reduce
operation and maintenance cost. In addition, it improves the competitiveness of service
providers.
8.1.3 SLA
Service Level Agreement (SLA) is an agreement between users and a service provider about
the service quality, priority, and responsibility. It is a telecommunication service evaluating
standard negotiated by the service provider and users.
In technology, SLA is a real-time network performance detection and statistic technology,
which can collect statistics on responding time, network jitter, delay, packet loss ratio, and so
on. SLA can be used to monitor related metrics by selecting different tasks for different
applications.
Basic concepts involved in SLA are as below:
Operation
It is a static concept. It is a point-to-point SLA network performance test task, including Layer
2 network delay/jitter test (y1731-echo/y1731-jitter).
Test
It is a dynamic concept. It is used to describe an execution of one operation.
Detection
It is a dynamic concept. It is used to describe a procedure for sending-receiving detection
packets in a test. According to the definition of operation, one test can contain multiple
detections (For an Echo operation, one test contains one detection only).
Scheduling
It is a dynamic concept. It is used to describe a scheduling of one operation. One scheduling
contains multiple periodical tests.
The RAX711-C supports SLA operations based on RFC2544, with measurement indexes
including the latency, frame loss rate, and throughput. It supports measurement based on
Ethernet networking. It can work as an initiator or loopback node of the test.
8.1.4 Y.1564
Introduction
In Ethernet tests, RFC2544 measures performances of interconnected devices in extreme
conditions, and it can test only one measurement index at a time. As various Ethernet services
are deployed worldwide, the traditional RFC2544 tests cannot meet users' requirements on
Ethernet service tests, it takes a long time, and it interrupts services, which are obvious
disadvantages. ITU-T Y.1564, defined by ITU-T, by overcoming these disadvantages,
becomes a standard for configuring Ethernet services and measuring performances.
ITU-T Y.1564, also called Ethernet Service Activation Measurement (EtherSAM), is a method
for measuring activation of Ethernet services. It can verify all SLA parameters through one
single test and guarantees that the network can provide optimized QoS.
Compared with RFC2544, ITU-T Y.1564 has the following enhanced features:
Support concurrent test of multiple services.
Support the online test.
Raisecom Service Activation Measurement (RCSAM), developed by Raisecom on the basis
of ITU-T Y.1564, is a module used to measure whether the network meets SLA requirements.
– 50% ×CIR
– 75% ×CIR
– 100% × CIR
– CIR + EIR
– CIR + 125% × EIR
Service performance test: this test is used to measure the performance of the service and
thus guarantee the quality of the service during a long period. It supports concurrent test
of multiple services. All services during the test must be configured with the same CIR
and start test as triggered at the same time. All key indexes of each service must be
measured, such as Information Rate (IR), Frame Time Delay (FTD), Frame Delay
Variation, (FDV), and Frame Loss Rate (FLR).
RCSAM scenario
RCSAM is applied in the following three test scenarios:
Roundtrip: as shown in Figure 8-4, the local device is enabled with Y.1564 while the
remote device is enabled with loopback. However, this scenario may not be accurate
enough because the test result will be affected by the policy of the device with the lower
device if both devices are configured with a policy.
One-way: both devices are enabled with Y.1564. The test is unidirectional. Namely, the
local device sends packets while the remote device receives packets. In this case, clock
synchronization must be considered. We recommend using IEEE 1588 to make the test
more accurate.
Bidirectional: both devices are enabled with Y.1564. The test is targeted for EtherSAM
in each direction to locate the fault in configuration or poor performance in a direction.
At present, the RAX711-C supports the Roundtrip test only.
Scenario
Deploying EFM between directly-connected devices can effectively improve the management
and maintenance capability of Ethernet links and ensure normal operation of the network.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
EFM active functions can be configured when the RAX711-C is in active mode.
By getting the current variable values of the peer, you can get current link status.
IEEE 802.3 Clause 30 defines and explains supported variables and their denotation
gotten by OAM in details. The variable takes Object as the maximum unit. Each
object contains Package and Attribute. A package contains several attributes.
Attribute is the minimum unit of a variable. When an OAM variable is obtained, object,
package, branch, and leaf description of attributes are defined by Clause 30 to
describe requesting object, and the branch and leaf are followed by variable to
denote object responds variable request. The RAX711-C supports getting OAM
information and interface statistics.
Peer variable cannot be obtained unless EFM connection is established.
Step Command Description
1 Raisecom#show oam peer oam-info [ interface-type Show OAM basic information
interface-number ] about the peer device.
Raisecom#show oam peer [ interface-type interface-
number ]
The peer EFM remote loopback will not take effect until the remote loopback
response is configured on the local device.
Step Command Description
1 Raisecom#config Enter global configuration mode.
OAM link monitoring is used to detect and report link errors in different conditions.
When detecting a fault on a link, the RAX711-C provides the peer with the generated
time, window, and threshold, and so on, by OAM event notification packets. The peer
receives event notification and reports it to the NView NNM system through SNMP
Trap. Besides, the local device can directly report events to the NView NNM system
through SNMP Trap.
By default, the system sets default value for error generated time, window, and
threshold.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter physical layer interface configuration mode.
interface-type interface-
number
3 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame
errored-frame window event.
framewindow threshold
framethreshold By default, the monitor window is configured to 1s and the
threshold is configured to 1 error frame.
4 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame
errored-frame-period window period event.
frameperiodwindow threshold
frameperiodthreshold By default, the monitor window is configured to 1000ms and the
threshold is configured to 1 error frame.
5 Raisecom(config-port)#oam Configure the monitor window and threshold for an error frame
errored-frame-seconds seconds event.
window framesecswindow
threshold By default, the monitor window is configured to 60s and the
framesecsthreshold threshold is configured to 1s.
6 Raisecom(config-port)#oam Configure the monitor window and threshold for an error
errored-symbol-period symbol event.
window symperiodwindow
threshold By default, the monitor window is configured to 1s and the
symperiodthreshold threshold is configured to 1 error frame.
Scenario
To expand application of Ethernet technologies at a Telecom-grade network, the Ethernet
must ensure the same QoS as the Telecom-grade transport network. CFM solves this problem
by providing overall OAM tools for the Telecom-grade Ethernet.
CFM can provide following OAM functions:
Fault detection (Continuity Check, CC)
Fault acknowledgement (LoopBack, LB)
Fault location (LinkTrace, LT)
Alarm Indication Signal (AIS)
Ethernet lock signal (Lock, LCK)
Client Signal Fail (CSF)
Prerequisite
Connect interfaces and configure physical parameters of the interfaces. Make the
physical layer Up.
Create a VLAN.
Add interfaces to the VLAN.
CFM fault detection and CFM fault location functions cannot take effect until the
CFM is enabled.
To enable CFM on an interface, you need to enable global CFM in global
configuration mode and then enable CFM on the interface.
When global CFM is disabled, it does not affect enabling/disabling EFM on the
interface.
Ethernet LM cannot take effect unless CFM is enabled on the ingress interface of
the service packet and MEP-related interfaces.
CFM is configured in physical layer interface configuration mode only.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet cfm enable Enable global CFM.
By default, it is disabled.
3 Raisecom(config)#interface Enter physical layer interface configuration mode.
interface-type interface-number
concurrently.
If the MD name is specified, it must be globally
unique.
Levels of different MDs must be different.
Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Ping operation fails.
If there is no MEP in a service instance, Ping operation will fail because of failing
to find source MEP.
Ping operation will fail if the specified source MEP is invalid. For example, the
specified source MEP does not exist or CFM is disabled on the interface where
the specified source MEP is.
Ping operation will fail if the Ping operation is performed based on the specified
destination MEP ID and the MAC address of destination is not found based on the
MEP ID.
Ping operation will fail if other users are using the specified source MEP to
perform Ping operation.
To perform LB, you must enable global Ethernet CFM and AC-side CFM if a
service instance is associated with emulated Ethernet PW.
Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Traceroute operation fails.
If there is no MEP in a service instance, Traceroute operation will fail because of
failing to find source MEP.
Traceroute operation will fail if the specified source MEP is invalid. For example,
the specified source MEP does not exist or CFM is disabled on the interface
where the specified source MEP is.
Traceroute operation will fail if the Ping operation is performed based on the
specified destination MEP ID and the MAC address of destination is not found
based on the MEP ID.
If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works
normally by configuring static RMEP and specifying MAC address.
Traceroute operation will fail if other users are using the specified source MEP to
perform Traceroute operation.
4 Raisecom(config-service)#service lck Configure the level for sending the LCK packet.
level md-level [ vlan vlan-id ] The level must be higher than the service instance
level.
By default, use the level of the MIP, which is
higher than the MEP level, to send the LCK packet.
5 Raisecom(config-service)#service lck (Optional) configure the LCK packet delivery
period { 1 | 60 } period. By default, the LCK packet delivery period
is configured to 1s.
6 Raisecom(config-service)#service lck Configure the MEP to send the LCK packet.
start mep { mep-list | all }
By default, the MEP does not send the LCK packet.
Scenario
To ensure that users can get qualified network services. The Carrier and users sign a Service
Level Agreement (SLA). To effectively fulfil the SLA, the carrier needs to deploy the SLA
feature on the device to measure the network performance and takes the measurement result
as the basis for ensuring the network performance.
By selecting two detection points (source and destination RAX711-C devices), SLA
configures and schedules SLA operations on a detection point. Therefore, configurations and
network performance between these 2 detection points can be detected.
SLA gathers statistics about round-trip packet loss ratio, round-trip/unidirectional (SD/DS)
delay, jitter, throughput, and LM packet loss ratio test. In addition, it reports these data to the
upper monitoring software (such as the NView NNM system) to help analyze network
performance for getting an expected result.
Prerequisite
When configuring Layer 2 test operations, you should deploy CFM between local and
remote devices that need to be detected. Layer 2 packets can be forwarded between local
and remote devices.
When configuring Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping
operation succeeds between local and remote devices.
After configuring one operation (differed by operation ID), you cannot modify or
configure it again. You need to delete the operation in advance if you need to
configure it again.
SLA supports scheduling up to 16 operations at one time. Before you stop
scheduling the same operation, you cannot modify scheduling information or re-
schedule the operation. If you need to reschedule the operation, you need to
finish the scheduling (reach scheduling life time or stop scheduling) before
performing the next scheduling.
During Ethernet SLA measurement, the operation performs delay and jitter
measurement in hardware mode, when you create the DOWN MEP (specify the
MD name when you configure the MD) and use the DM packet to create the
operation. The delay and jitter measurement accuracy in hardware mode is at a
microsecond level. Other modes are realized in software mode. The delay and
jitter measurement accuracy in software mode is at a millisecond level.
The operation lifetime should not be shorter than the interval for scheduling the
SLA operation.
The interval for scheduling the SLA operation should not be shorter than 20s.
Scenario
To learn about configuration parameters and performance of Ethernet services, you can make
related configurations of Y.1564 on the RAX711-C.
On the same device, Y.1564 is exclusive with RFC2544 and Loopback.
Prerequisite
N/A
8.6 Maintenance
Command Description
9 QoS
This chapter describes principles and configuration procedures of QoS, and provides related
configuration examples, including the following sections:
Introduction
Configuring priority trust and priority mapping
Configuring traffic classification and traffic policy
Configuring congestion avoidance
Configuring queue shaping and queue scheduling
Configuring rate limiting
Configuration examples
9.1 Introduction
Generally, Internet (IPv4), which bases on the storage-and-forward mechanism, only provides
"best-effort" service for users. When the network is overloaded or congested, this service
mechanism will fail to transmit packets timely and completely.
With the ever-growing of network application, users bring different Quality of Service (QoS)
requirements on network application. Then network should distribute and schedule resources
for different network applications according to users' demands.
QoS guarantees timeliness and integrity of importance services when the network is
overloaded or congested, thus making the network run efficiently.
QoS consists of a number of traffic management technologies:
Priority trust
Priority mapping
Traffic classification
Traffic policy
Queue scheduling
Congestion avoidance
Queue shaping
Rate limiting
The local priority refers to an internal priority that is assigned to packets. It is related
to the queue number on the egress interface. The bigger the value is, the more
quickly the packet is processed.
The RAX711-C supports priority mapping based on DSCP priority or IP precedence of IP
packets or CoS priority of VLAN packets.
CoS priority
IEEE 802.1Q VLAN packets are a modification of Ethernet packets. A 4-byte 802.1Q header
is added between the source MAC address and protocol type, as shown in Figure 9-3. The
802.1Q header consists a 2-byte Tag Protocol Identifier (TPID, valuing 0x8100) filed and a 2-
byte Tag Control Information (TCI) field.
The first 3 bits of the TCI field represent the CoS priority, which ranges from 0 to 7, as shown
in Figure 9-4. CoS priority is used to ensure QoS in Layer 2 network.
By default, the mapping between the RAX711-C local priority and DSCP, CoS priorities is
listed in Table 9-1 and Table 9-2.
CoS 0 1 2 3 4 5 6 7
IP 0 1 2 3 4 5 6 7
The RAX711-C supports classifying traffics based on ToS and DSCP priority of IP packets
and CoS priority of VLAN packets. In addition, it supports classifying traffics based on ACL
rules and VLAN IDs. Figure 9-5 displays the traffic classification process.
Redirection
Redirection refers that a packet is not forwarded according to the mapping between the
original destination address and the interface. Instead, the packet is redirected to a specified
interface for forwarding, realizing routing based on traffic policy.
Remarking
Remarking refers to re-configuring some priority fields for some packets, so that devices can
re-classify packets based on their own standards. In addition, downstream nodes can provide
differentiated QoS services depending on remarking information.
The RAX711-C supports performing re-remarking on the following priority fields of packets:
DSCP priority of IP packets
CoS priority of VLAN packets
WRR: on the basis of scheduling packets in a polling manner according to the priority,
the device schedules packets according to the weight of the queue, as shown in Figure 9-
7.
WDRR: on the basis of scheduling packets in a polling manner according to the priority,
the device schedules packets according to the weight of the queue. In addition, during
the scheduling, if one queue has redundant bandwidth, the device will temporarily assign
Raisecom Proprietary and Confidential
176
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 9 QoS
this bandwidth to another queue. During next scheduling, the assigned schedule will
return equal bandwidth to the original queue, as shown in Figure 9-8.
RED
The Random Early Detection (RED) technology discards packets randomly and makes
multiple TCP connection not reduce transport speed simultaneously to avoid TCP global
synchronization.
The RED algorithm configures a minimum threshold and maximum threshold for length of
each queue. In addition:
Packets are not discarded when the queue length is smaller than the minimum threshold.
All received packets are discarded when the queue length is greater than the maximum
threshold.
Packets to be received are discarded randomly when the queue length is between the
minimum and maximum thresholds. Add a random number to the packet to be received
and compare the random number with the drop ratio of the current queue. If the random
number is greater than the drop ration, the packet is discarded. The greater the queue size
is, the higher the packet drop probability is.
WRED
The Weighted Random Early Detection (WRED) technology also discards packets randomly
to avoid TCP global synchronization. However, the random drop parameter generated by
WRED technology is based on the priority. WRED differentiates drop policies through the
color of packets. This helps ensure that high-priority packets have a smaller packet drop
probability. The RAX711-C can perform WRED on TCP packets by color but perform WRED
on non-TCP packets regardless of color.
The RAX711-C performs congestion avoidance based on WRED.
Scenario
For packets from upstream devices, you can select to trust the priorities taken by these packets.
For packets whose priorities are not trusted, you can process them with traffic classification
and traffic policy. In addition, you can modify DSCP priorities by configure interface-based
DSCP priority remarking. After configuring priority trust, the RAX711-C can perform
different operations on packets with different priorities, providing related services.
Before performing queue scheduling, you need to assign a local priority for a packet. For
packets from the upstream device, you can map the outer priorities of these packets to various
local priorities. In addition, you can directly configure local priorities for these packets based
on interfaces. And then device will perform queue scheduling on these packets basing on local
priorities.
Generally, for IP packets, you need to configure the mapping between DHCP priority and
local priority. For VLAN packets, you need to configure the mapping between CoS priority
and local priority.
Prerequisite
N/A
Scenario
Traffic classification is the basis of QoS. For packets from upstream devices, you can classify
them according to ACL rules. After traffic classification, the device can provide related
operations for different packets, providing differentiated services.
After configurations, the traffic classification cannot take effect until being bound to traffic
policy. The selection of traffic policy depends on the packet status and current network load
status. In general, when a packet is sent to the network, you need to limit the speed according
to Committed Information Rate (CIR) and remark the packet according to the service feature.
Prerequisite
N/A
9.3.6 Maintenance
Command Description
Raisecom(config)#clear service-policy statistics interface Show traffic classification
interface-type interface-number { egress | ingress } information.
Raisecom(config)#clear service-policy statistics interface Show rate limiting rules.
interface-type interface-number { egress | ingress }
[ class-map class-map-name ]
Scenario
To avoid network congestion and to resolve TCP global synchronization, you can configure
congestion avoidance to adjust the network traffic and resolve network overload. The
RAX711-C supports WRED-based congestion avoidance.
When the interface speed of downstream devices is smaller than the one of upstream devices,
traffic congestion may occur on interfaces of downstream devices. At this time, you can
configure queue and traffic shaping on the egress interface of upstream devices to shape
upstream traffic.
Prerequisite
N/A
Scenario
When the interface speed of downstream devices is smaller than the one of upstream devices,
congestion avoidance may occur on interfaces on downstream devices. At this time, you can
configure queue and traffic shaping on the egress interface of upstream devices to shape
upstream traffic.
Prerequisite
N/A
9.5.5 Maintenance
Command Description
Raisecom(config)#clear mls qos queue statistics interface Clear queue statistics on an
interface-type interface-number [ queueid queue-id ] interface.
Scenario
To transmit specific services at a specified rate upon network congestion, you can configure
rate limting. In this case, received packets are matched with the profile to guarantee normal
transmission of specific services.
Prerequisite
Create VLANs.
Networking requirements
As shown in Figure 9-9, User A, User B, and User C are respectively connected to the
RAX711-C through Router A, Router B, and Router C.
User A requires voice and video services; User B requires voice, video, and data services;
User C requires video and data services.
According to users' requirements, make following rules:
For User A, provide 25 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and
discard excess traffic.
For User B, provide 35 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and
discard excess traffic.
For User C, provide 30 Mbit/s bandwidth, configure the burst traffic to 100 bytes, and
discard excess traffic.
Configuration steps
Step 1 Create and configure traffic classification.
Raisecom#config
Raisecom(config)#access-list 1001
Raisecom(config-acl-ip-std)#rule 1 permit 1.1.1.1 255.255.255.0
Raisecom(config-acl-ip-std)#exit
Raisecom(config)#class-map usera
Raisecom(config-cmap)#match access-list 1001
Raisecom(config-cmap)#exit
Raisecom(config)#access-list 1002
Raisecom(config-acl-ip-std)#rule 2 permit 1.1.2.1 255.255.255.0
Raisecom(config-acl-ip-std)#exit
Raisecom(config)#class-map userb
Raisecom(config-cmap)#match access-list 1002
Raisecom(config-cmap)#exit
Raisecom(config)#access-list 1003
Raisecom(config-acl-ip-std)#rule 3 permit 1.1.3.1 255.255.255.0
Raisecom(config-acl-ip-std)#exit
Raisecom(config)#class-map userc
Raisecom(config-cmap)#match access-list 1003
Raisecom(config-cmap)#exit
Step 2 Create traffic policing profiles and configure rate limiting rules.
Raisecom(config)#policy-map usera
Raisecom(config-pmap)#class-map usera
Raisecom(config-pmap-c)#policer usera
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface client 1
Raisecom(config-client1)#service-policy ingress usera
Raisecom(config-client1)#exit
Raisecom(config)#policy-map userb
Raisecom(config-pmap)#class-map userb
Raisecom(config-pmap-c)# policer userb
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface client 2
Raisecom(config-client2)#service-policy ingress userb
Raisecom(config-client2)#exit
Raisecom(config)#policy-map userc
Raisecom(config-pmap)#class-map userc
Raisecom(config-pmap-c)#policer userc
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface client 3
Raisecom(config-client3)#service-policy ingress userc
Checking results
Use the show class-map command to show configurations of traffic classification.
Use the show mls qos policer command to show configurations of rate limiting rules.
Networking requirements
As shown in Figure 9-10, User A requires voice and video services; User B requires voice,
video, and data services; User C requires video and data services.
CoS priorities for voice, video and, data services are configured with 5, 4, and 2 respectively.
And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively.
Make following rules based on service types.
Perform SP scheduling on voice service to ensure that the traffic is first transmitted.
Perform WRR scheduling on video service and configure the weight to 50.
Perform WRR scheduling on data service and configure the weight to 20. In addition,
you need to configure the discarding threshold to 50 to avoid network congestion caused
by too high burst traffic.
Configuration steps
Step 1 Create a WRED profile.
Raisecom#config
Raisecom(config)#mls qos wred profile 1
Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 max-
drop-probability 60
Raisecom(wred)#exit
Step 3 Configure the mapping from the CoS priority and local priority.
Checking results
Use the show mls qos mapping cos-to-local-priority command to show mapping
configurations on specified priorities.
Use the show mls qos command to show configurations of priority trust and queue
scheduling mode on specified interfaces.
Use the show mls qos flow-queue command to show configurations of queue scheduling.
Flow-Queue-Scheduler :wrr
QueueId Weight Wred CIR(Kbps) CBS(KB) PIR(Kbps) PBS(KB)
----------------------------------------------------------------
1 0 0 -- -- -- --
2 0 0 -- -- -- --
3 0 1 -- -- -- --
4 0 0 -- -- -- --
5 0 0 -- -- -- --
6 20 0 -- -- -- --
7 50 0 -- -- -- --
8 0 0 -- -- -- --
Use the show mls qos wred profile command to show WRED profile configurations.
Networking requirements
As shown in Figure 9-11, User A, User B, and User C are connected to the RAX711-C
through Switch A, Switch B, and Switch C.
User A requires voice and video services; User B requires voice, video, and data services;
User C requires video and data services.
According to users' requirements, make following rules:
For User A, provide 25 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes,
configure the EIR to 50 Mbit/s, and configure the EBS to 200 Kbytes.
For User B, provide 35 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes,
configure the EIR to 70 Mbit/s, and configure the EBS to 200 Kbytes.
For User A, provide 30 Mbit/s bandwidth, configure the burst traffic to 100 Kbytes,
configure the EIR to 60 Mbit/s, and configure the EBS to 200 Kbytes.
Configuration steps
Step 1 Configure the bandwidth profile.
Raisecom#config
Raisecom(config)#bandwidth-profile 1 cir 25000 cbs 100 eir 50000 ebs 200
Raisecom(config)#bandwidth-profile 2 cir 35000 cbs 100 eir 70000 ebs 200
Raisecom(config)#bandwidth-profile 3 cir 30000 cbs 100 eir 60000 ebs 200
Raisecom(config)#interface client 1
Raisecom(config-client1)#bandwidth ingress 1
Raisecom(config-client1)#interface client 2
Raisecom(config-client2)#bandwidth ingress 2
Raisecom(config-client2)#interface client 3
Raisecom(config-client3)#bandwidth ingress 3
Checking results
Use the show bandwidth interface command to show configurations of interface-based rate
limiting.
client1 Ingress 1 --
25000 100 50000 200
Raisecom#show bandwidth interface client 2
Port Direction bwp-index hv-bwp-index
Cir(kbps) Cbs(KB) Eir(kbps) Ebs(KB)
-------------------------------------------------------------------------
client2 Ingress 2 --
35000 100 70000 200
Raisecom#show bandwidth interface client 3
Port Direction bwp-index hv-bwp-index
Cir(kbps) Cbs(KB) Eir(kbps) Ebs(KB)
-------------------------------------------------------------------------
client3 Ingress 3 --
30000 100 60000 200
Raisecom#
10 RSOM
This chapter describes principles and configuration procedures of RSOM, and provide
configuration examples, including the following sections:
Introduction
Configuring RSOM
Maintenance
Configuration examples
10.1 Introduction
Raisecom Service Oriented Management (RSOM) is based on the MEF40, and aims to
promote usability of the Ethernet, activate and manage the Ethernet PLS.
Ethernet services include Ethernet Virtual Connection (EVC) and its corresponding UNI.
Each EVC is corresponding to a service.
Figure 10-1 shows the Ethernet service networking. User network A and User network B are
connected to the carrier's network through the UNI, and they communicate through an EVC
established on the carrier's network. RSOM contains two parts of Ethernet services: service
transmission and test and measurement. When a service is created and normally transmitted, it
can be tested and measured through SLA and RCSAM.
bandwidth
At least one shared UNI
EVPLAN Multiple 1 or more
Shared network transmission bandwidth
Interfaces
Physical interfaces on the RAX711-C work as the UNI or NNI. The UNI is the interace where
the user network accesses the carrier's network. The NNI is a forwarding interface inside the
carrier's network. Figure 10-2 shows the location of UNIs and NNIs in a network topology.
Based on interface: on a UNI, local priorities (CoS priorities) are the same; namely, all
EVCs on the UNI are the same.
Based on EVC: on an EVC, local priorities (CoS priorities) are the same.
Based on DSCP: packets that carry the specified DSCP list are configured as a data flow.
Before packets are classified by carried DSCP in the EVC, you should configure
mappings between DSCP and local priorities (CoS priorities) to conduct rate limit based
on CoS (namely, you can configure non-IP packets to be added with the default DSCP
priority on the UNI).
Based on PCP: packets that carry the specified PCP list (carried CoS priority) are
configured as a data flow. Before packets are classified by carried PCP in the EVC, you
should configure mappings between PCP and local priorities (CoS priorities) to conduct
rate limit based on CoS.
Based on L2CP: after an EVC is established, a L2CP profile can be quoted; in this way,
packets that carry the specified MAC address and protocol ID are configured as a data
flow. You can combine the L2CP profile with the interface, EVC, DSCP, and PCP during
configurations.
– When you combine the L2CP profile with the EVC, DSCP, and PCP, the EVC will
check whether an arriving packet is a L2CP packet. If yes, the EVC classifies packets
by L2CP rules. If no, the EVC classifies packets by EVC, DSCP, and PCP rules.
– When you combine the L2CP profile with the interface, the local priority based on
interface and that based on L2CP are different. For example, the local priority based
on interface is 1 while that based on L2CP is 2. When packets reach the UNI, they
are classified by local priority 2 if they are L2CP packets, or by local priority 1 if
they are non-L2CP packets.
To configure traffic classification based on interface or EVC,
When CEVLAN and CoS reservation are enabled, packets enter the UNI with their
carried CEVLAN and CoS, and packet CoS is the local priority.
When CEVLAN and CoS reservation are disabled, packets will be processed as
untagged packets and obtain the PVID and local priority from the UNI.
Rate limiting
After an EVC is established, you need to configure rate limiting by simply quoting a
bandwidth profile (containing multiple rate limiting rules, with each rule corresponding to a
local priority) in the ingress and egress direction of a UNI. Namely, rate limiting works based
on local priority in the following types:
Based on interface: packets are matched with the uniform local priority of the UNI and
thus processed with rate limiting.
Based on EVC: packets are matched with the uniform local priority of the EVC and thus
processed with rate limiting.
Based on DSCP: the DSCP flow is matched with the local priority of the UNI and thus
processed with rate limiting.
Based on PCP: the PCP flow is matched with the local priority of the UNI and thus
processed with rate limiting.
When rate limiting is configured on basis of DSCP or PCP, all DSCP flows or PCP flows of
the EVC must be conducted with or without rate limiting. When they are conducted with rate
limiting, you cannot configure rate limiting based on EVC. When they are conducted without
rate limiting, the CIR of DSCP flows or PCP flows must be smaller than the EVC CIR.
Scenario
RSOM includes service transmission and service test and measurement.
To configure service transmission, configure L2CP, CoS bandwidth profile, bandwidth profile,
and flow profile, and connect services with each profile. Packets entering the service will be
processed according to rules of the applied profile.
To configure service test and measurement, configure the SLA, Y.1564, and loopback,
associate the service with each function, and test functions in the service.
Prerequisite
Global CFM and interface CFM are enabled on devices at both ends of the EVC.
In the EVC configuration mode, the association way between UNI and EVC is
different, and traffic classification is different.
When the association mode is All-To-One and Bundling, the packets carrying
interface priority, Untagged packets, and packets carrying C-Tag enter the same
line, namely line 1.
When the association way is Bundling-Multipex or Multipex, all the packets enter
the same line, namely line 1.
In the DSCP configuration mode, the association way between UNI and EVC is
different, and traffic classification is different.
When the association way is All-To-One, Layer 3 packets is mapped to the local
priority according to carried DSCP, and enter the corresponding line; Non-Layer 3
packets is mapped to the local priority according to services Default-DSCP
configured by the default-dscp command, and enter the corresponding line. If
DSCP is full mapping, do not discard the packets.
When the association way is Bundling, Bundling-Multipex, and Multipex, Layer 3
packets is mapped to the local priority according to carried DSCP, and enter the
corresponding line; Non-Layer 3 packets is mapped to the local priority according
to services Default-DSCP configured by the default-dscp command, and enter
the corresponding line. When the DSCP carried on the Layer 3 does not match
with services DSCP, discard the packets.
In the PCP configuration mode, the association way between UNI and EVC is
different, and traffic classification is different.
When the association way is All-To-One, the packets carrying interface priority
and the packet carrying C-Tag according to configured PCP are mapped to the
local priority; untagged packets is mapped to the local priority according to
default-cepriority configured by the default-cepriority command.
In the L2CP configuration mode, the packets are matched and processed according
to L2CP profile attribute.
In the L2CP and DACP, PCP or EVC mixed mode, classification follows L2CP, DSCP,
PCP, and EVC in descending priority.
Parameters related to CFM on the service are calculated automatically by the system,
such as the MD name and MA name.
The SLA test and Y.1564 test share threshold profile. During the test, it needs to bind
respective threshold profile.
The loopback and Y.1564 test needs to cooperate with each other. Enable
loopback on the remote device, and then enable Y.1564 test on the local device
for test.
Be cautious about starting service loopback because it can have influence on
normal services.
After the loopback test is complete, the loopback disable command to disable
loopback immediately.
Test and measurement of the service mainly aim at test of the EVC on the network
side.
Services include EVC and corresponding UNI. To configure the EVC UNI, you need
to configure the content as below:
Enter interface configuration mode, and configure interface type of the physical
layer according to the mef-type command. For example, configure the physical
interface as the UNI or NNI.
In the RSOM configuration mode, enter UNI interface configuration mode by using
the interface command, and configure attributes of the UNI.
Enter the EVC mode; associate the EVC and UNI by using the sap command.
The SAP interface is the UNI of the service.
6 Raisecom#show rsom service service-id performance Show statistics on the SLA test.
{ remote-ip ip-address | remote-mep mep-id }
10.3 Maintenance
Command Description
Raisecom(mefservice-evc)#clear statics Clear EVC statistics.
Networking requirements
As shown in Figure 10-3, to fast activate point-to-point Ethernet leased line services, establish
an EVC between iTN A and iTN B. Then, start the Y.1564 test to measure indexes, such as
delay, jitter, and packet loss rate.
The Ethernet lease line should meet the following requirements:
Allow all VLANs to pass the EVC.
Classify packets and limit their rate based on CoS in the EVC, with packet priorities 0–2
corresponding to local priority 1, packet priorities 3–5 corresponding to local priority 2,
and packet priorities 6–7 corresponding to local priority 3.
Apply the same rate limit on packets of different priorities in the EVC. Configure CIR to
10 Mbit/s, CBS to 100 Kbytes, CIR to 10 Mbit/s, and EBS to 100 Kbytes.
Test the performance and configurations of the service by using a test flow of packets
with a fixed length.
Configuration steps
Configuration of iTN A and those of iTN B are similar. The following steps take iTN A for
example and will clarify their differences.
Step 1 Create a CoS profile which classifies traffic based on PCP.
Raisecom#config
Raisecom(config)#mefservice
Raisecom(mefservice)#cos-profile 1
Raisecom(mefservice-cosprofile)#coslable 1
Raisecom(mefservice-cosprofile)#type pcp 0-2
Raisecom(mefservice-cosprofile)#exit
Raisecom Proprietary and Confidential
211
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 10 RSOM
Raisecom(mefservice)#cos-profile 2
Raisecom(mefservice-cosprofile)#coslable 2
Raisecom(mefservice-cosprofile)#type pcp 3-5
Raisecom(mefservice-cosprofile)#exit
Raisecom(mefservice)#cos-profile 3
Raisecom(mefservice-cosprofile)#coslable 3
Raisecom(mefservice-cosprofile)#type pcp 6,7
Raisecom(mefservice-cosprofile)#exit
Raisecom(mefservice)#bandwidth enable
Step 3 Create a bandwidth profile, and configure it to quote the CoS profile.
Raisecom(mefservice)#bandwidth-profile 1
Raisecom(mefservice-bwpprofile)#bandwidth-item 1
Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100
Raisecom(mefservice-bwpitem)#cos-profile 1
Raisecom(mefservice-bwpitem)#exit
Raisecom(mefservice-bwpprofile)#bandwidth-item 2
Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100
Raisecom(mefservice-bwpitem)#cos-profile 2
Raisecom(mefservice-bwpitem)#exit
Raisecom(mefservice-bwpprofile)#bandwidth-item 3
Raisecom(mefservice-bwpitem)#cir 10000 cbs 100 eir 10000 ebs 100
Raisecom(mefservice-bwpitem)#cos-profile 3
Raisecom(mefservice-bwpitem)#exit
Raisecom(mefservice-bwpprofile)#exit
Raisecom(mefservice)#performance-tier 5
Raisecom(mefservice-thresholdprofile)#cos-label 1 availability 100
Raisecom(mefservice-thresholdprofile)#cos-label 1 delay 500
Raisecom(mefservice-thresholdprofile)#cos-label 1 jitter 500
Raisecom(mefservice-thresholdprofile)#cos-label 1 loss-rate 100
Raisecom(mefservice-thresholdprofile)#cos-label 2 availability 100
Raisecom(mefservice-thresholdprofile)#cos-label 2 delay 500
Raisecom(mefservice-thresholdprofile)#cos-label 2 jitter 500
Raisecom(mefservice-thresholdprofile)#cos-label 2 loss-rate 100
Raisecom(mefservice-thresholdprofile)#cos-label 3 availability 100
Raisecom(mefservice-thresholdprofile)#cos-label 3 delay 500
Raisecom(mefservice-thresholdprofile)#cos-label 3 jitter 500
Raisecom(mefservice-thresholdprofile)#cos-label 3 loss-rate 100
Raisecom(mefservice-thresholdprofile)#exit
Raisecom(mefservice)#flow profile 2
Raisecom(mefservice-flowprofile)#frame type vsm
Raisecom(mefservice-flowprofile)#frame length single 512
Raisecom(mefservice-flowprofile)#exit
Raisecom(mefservice)#exit
Step 6 Configure physical layer interface configuration mode. Enable interface CFM.
Raisecom(config)#interface client 1
Raisecom(config-port)#mef-type uni
Raisecom(config-port)#ethernet cfm enable
Raisecom(mefservice-port)#uni-id itnauni1
Raisecom(config-port)#exit
Raisecom(config)#interface line 1
Raisecom(config-port)#mef-type nni
Raisecom(config-port)#ethernet cfm enable
Raisecom(config-port)#exit
Step 7 Configure SAP and SDP of EVC services. Configure SAP to quote the bandwidth profile.
Configure the UNI ID to itnauni1 on iTN A. Configure the UNI ID to itnbuni1 on iTN B.
Raisecom(config)#mefservice
Raisecom(mefservice)#service 1
Raisecom(mefservice-evc)#sap client 1
Raisecom(mefservice-evcuni)#bandwidth-profile ingress 1
Raisecom(mefservice-evcuni)#bandwidth-profile egress 1
Raisecom(mefservice-evcuni)#exit
Raisecom(mefservice-evc)#sdp line 1
Raisecom(mefservice-evc)#type eline
Raisecom(mefservice-evc)#encapsulate-mode forward
Raisecom(mefservice-evc)#primary-vid 10
Raisecom(mefservice-evc)#far-end 2 remote-mep 2
Raisecom(mefservice-evc)#cfm local-mep 1
Raisecom(mefservice-evc)#cc enable
Raisecom(mefservice-evc)#performance-tier 5
Raisecom(mefservice-evc)#rcsam flow-profile 2
Raisecom(mefservice-evc)#no shutdown
Raisecom(mefservice-evc)#rcsam remote-mep 2
Raisecom(mefservice-evc)#loopback enable
Checking results
Use the show rsom service command on iTN A to view EVC configurations.
Use the show rsom service rcsam result command on iTN A to view results of the test.
4 64 12 0 0 PASS
5 192 12 0 0 PASS
6 192 12 0 0 PASS
11 Security
This chapter describes principles and configuration procedures of security, and provides
related configuration examples, including the following sections:
Introduction
Configuring CPU protection
Configuring RADIUS
Configuring TACACS+
Maintenance
Configuration examples
11.1 Introduction
With continuous development of Internet technology, network is increasingly applied. More
and more enterprises make development with network. How to ensure the data and resource
security becomes a significant problem. In addition, the device performance is reduced or the
device operates improperly in case users access the network in an unconscious but aggressive
way.
Security technologies, such as Access Control List (ACL) and user authentication, can
improve network and device security effectively.
11.1.1 ACL
To control influence of illegal packets on the network, you need to configure a series of rules
on network devices to decide which packets can be transmitted. There rules are defined
through ACL.
ACL is a series of sequential rules composed by permit | deny sentences. These rules describe
packets based on based on source MAC addresses, destination MAC addresses, source IP
addresses, destination IP addresses, and interface IDs. The device decides packets to be
received or refused based on these rules.
RAX711-C receives a great number of attack packets in a short period, the CPU may work
with full load. Therefore, the RAX711-C cannot process normal services in time, degrading
device performance.
To effectively use resources and prevent packet attacks, the RAX711-C needs to protect the
CPU. In a certain interval, when the number of some packet received by an interface exceeds
the configured CIR, the RAX711-C (or interface) will calculate the number of allowable data
to pass according to preconfigured CIR and CBS, discard excess data, and send a Trap on the
attacking by this type of packets.
11.1.3 RADIUS
Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol
that provides centralized Authentication, Authorization, and Accounting (AAA) management
for remote users. RADIUS uses the User Datagram Protocol (UDP) as the transport protocol
(port 1812 is for authentication. Port 1813 is for accounting) and has good instantaneity. In
addition, RADIUS supports re-transmission mechanism and backup server mechanism.
Therefore, it provides good reliability.
RADIUS works in client/server mode. Network devices are clients of the RADIUS server.
RADIUS server is responsible for receiving users' connection requests, authenticating uses,
and replying configurations required by all clients to provide services for users. This mode
can control users accessing devices and network to improve network security.
Clients and the RADIUS server communicate with each other through the shared key. The
shared key is not transmitted through the network. In addition, any user password needs to be
encapsulated when it is transmitted through clients and RADIUS. This helps prevent getting
the user password by sniffing unsecure network.
RADIUS accounting is designed for RADIUS authenticated users. When a user logs in to the
device, the device sends an Account-Start packet to the RADIUS accounting server to begin
accounting. During login, the device sends Account-Update packets to the RADIUS
accounting server. When the user exits from the device, no accounting packet is sent to the
RADIUS accounting server. These packets contain the login time. With these packets, the
RADIUS accounting server can record the access time and operation of each user.
11.1.4 TACACS+
Terminal Access Controller Access Control System (TACACS+) is a network access
authentication protocol, similar to RADIUS. Compared with RADIUS, TACACS+ has the
following features:
Use TCP port 49, providing the higher transmission reliability. RADIUS uses the UDP
port.
Encapsulate the whole standard TACACS+ packet but for the TACACS+ header,
providing the higher security. RADIUS encapsulates the user password only.
Separate TACACS+ authentication from TACACS+ authorization and TACACS+
accounting, providing a more flexible deployment mode.
Therefore, compared with RADIUS, TACACS+ is more secure and reliable. However, as an
open protocol, RADIUS is more widely-used.
Scenario
To filter packets, you should configure ACL on a network device to identify objects to be
filtered. Then, the network device can allow or disallow packets of specified types to pass
according to preconfigured rules.
Prerequisite
N/A
Scenario
When the RAX711-C receives a great number of attack packets in a short period, the CPU
will run with full load and its utilization rate will reach to 100%, which may cause the
breakdown of the device. CPU CAR helps efficiently limit the rate of packets entering the
CPU.
Prerequisite
N/A
Scenario
To control users to access devices and network, you can deploy the RADIUS server at the
network to authenticate and account users. The RAX711-C can be used as a Proxy of the
RADIUS server to authenticate users based on results returned by the RADIUS server.
Prerequisite
N/A
Scenario
To control users accessing devices and network, you can deploy the RADIUS server in the
network to authenticate and account users. Compared with RADIUS, TACACS+ is more
secure and reliable. The RAX711-C can be used as a Proxy of the TACACS+ server to
authenticate users based on results returned by the TACACS+ server.
Prerequisite
N/A
11.6 Maintenance
Command Description
Raisecom(config)#clear filter statistics interface-type interface- Clear statistics on the
number { ingress | egress } [ access-list acl-number ] filter.
Networking requirements
As shown in Figure 11-1, to control users accessing the server, you can deploy ACL on
RAX711-C A to disallow 192.168.1.1 to access the server with the IP address of
192.168.1.100.
Configuration steps
Step 1 Configure IP ACL.
Raisecom#config
Raisecom(config)#access-list 2001
Raisecom(config-acl-ip-ext)#rule 1 deny ip 192.168.1.1 255.255.255.0
192.168.1.100 255.255.255.0
Raisecom(config)#interface client 2
Raisecom(config-port)#filter ingress access-list 2001
Checking results
Use the show access-list command to show ACL configurations.
Networking requirements
As shown in Figure 11-2, to control users accessing RAX711-C A, you need to deploy
RADIUS authentication and accounting on RAX711-C A to authenticate users logging in to
RAX711-C A and record their operations.
Configure the interval for sending Account-Update packet to 2min. Configure the processing
policy for accounting failure to offline.
Configuration steps
Step 1 Authenticate login users through RADIUS.
Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Checking results
Use the show radius-server command to show RADIUS configurations.
Raisecom#show radius-server
Authentication server IP: 192.168.1.1 port:1812
Backup authentication server IP:0.0.0.0 port:1812
Authentication server key: raisecom
Accounting server IP: 192.168.1.1 port:1813
Backup accounting server IP: 0.0.0.0 port:1813
Accounting server key: raisecom
Accounting login: enable
Update interval(min.): 120
Accounting fail policy: offline
Networking requirements
As shown in Figure 11-3, to control users accessing RAX711-C A, you need to deploy
TACACS+ authentication on RAX711-C A to authenticate users logging in to RAX711-C A.
Configuration steps
Authenticate login users through TACACS+.
Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-serverkey raisecom
Raisecom#user login tacacs-user
Checking results
Use the show tacacs-server command to show TACACS+ configurations.
Raisecom#show tacacs-server
Server Address: 192.168.1.1
Backup Server Address: --
Sever Shared Key: raisecom
Accounting server Address: --
Backup Accounting server Address: --
Total Packet Sent: 0
Total Packet Recv: 0
Num of Error Packets: 0
This chapter describes principles and configuration procedures of system management and
maintenance, and provides related configuration examples, including following sections:
Introduction
Configuring LLDP
Configuring SNMP
Configuring optical module DDM
Configuring system log
Configuring alarm management
Configuring memory monitoring
Configuring CPU monitoring
Configuring RMON
Configuring fan monitoring
Configuring loopback
Configuring fault detection
Maintenance
Configuration examples
12.1 Introduction
12.1.1 LLDP
With the enlargement of network scale and increase of network devices, the network topology
becomes more and more complex and network management becomes very important. A lot of
network management software adopts auto-detection function to trace changes of network
topology, but most of the software can only analyze the Layer 3 network and cannot make
sure the interfaces connect to other devices.
Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network
management system can fast grip the Layer 2 network topology and changes.
LLDP organizes the local device information in different Type Length Value (TLV) and
encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straight-
connected neighbour. It also saves the information from neighbour as standard Management
Information Base (MIB) for network management system querying and judging link
communication.
LLDP packet
The LLDP packet is an Ethernet packet encapsulated with LLDPDU in data unit and
transmitted by multicast.
LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before
forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in
Ethernet data for transmission.
As shown in Figure 12-1, LLDPDU is made by several TLV, including 4 mandatory TLV and
several optional TLV.
As shown in Figure 12-2, each TLV denotes a piece of information on the local device, such
as the device ID, interface ID, related Chassis ID TLV, Port ID TLV, and fixed TLV.
Principles of LLDP
LLDP is a kind of point-to-point one-way issuance protocol, which notifies local device link
status to the peer device by sending LLDPDU (or sending LLDPDU when link status changes)
periodically from the local device to peer device.
The procedure of packet exchange:
When local device transmits packet, it gets system information required by TLV from
NView NNM (Network Node Management) and gets configuration information from
LLDP MIB to generate TLV and form LLDPDU to transmit to peer.
The peer receives LLDPDU and analyzes TLV information. If there is any change, the
information will be updated in neighbor MIB table of LLDP and notifies NView NNM
system.
When the device status is changed, the RAX711-C sends a LLDP packet to the peer. To avoid
sending LLDP packet continuously because of device status changes frequently, you can
configure a delay timer for sending the LLDP packet.
The aging time of Time To Live (TTL) of local device information in the neighbour node can
be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to
neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of
its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535,
(interval × hold-multiplier)}:
Interval indicates the time period to send LLDP packets from neighbor node.
Hold-multiplier refers to the aging coefficient of device information in neighbor node.
12.1.2 SNMP
Simple Network Management Protocol (SNMP) is designed by the Internet Engineering Task
Force (IETF) to resolve problems in managing network devices connected to the Internet.
Through SNMP, a network management system can manage all network devices that support
SNMP, including monitoring network status, modifying configurations of a network device,
and receiving network alarms. SNMP is the most widely used network management protocol
in TCP/IP networks.
Working mechanism
SNMP is separated into two parts: Agent and NMS. In the SNMP network, the Agent is a
managed device while the NMS is a manager. The Agent and NMS communicate through
SNMP packets transmitted through UDP.
The RAX711-C and Raisecom NView NNM system communicate with each other through
SNMP. Raisecom NView NNM system can provide friendly Human Machine Interface (HMI)
to facilitate network management. The below functions can be realized through it:
Send request packets to the RAX711-C.
Receive reply packets and Trap packets from the RAX711-C, and show result.
Agent can be configured with several versions. Agent use different versions to
communicate with different NView NNM systems. However, SNMP version of the
NView NNM system must be consistent with the one on Agent when they are
communicating. Otherwise, they cannot communicate properly.
SNMP versions
Till now, SNMP has three versions: v1, v2c, and v3, described as below.
SNMPv1 uses community name authentication mechanism. The community name, a
string defined by an agent, acts like a secret. The network management system can visit
the agent only by specifying its community name correctly. If the community name
carried in a SNMP message is not accepted by the RAX711-C, the message will be
dropped.
Compatible with SNMPv1, SNMPv2c also uses community name authentication
mechanism. SNMPV2c supports more operation types, data types, and error codes, and
thus better identifying errors.
SNMPv3 uses User-based Security Model (USM) authentication mechanism. You can
configure whether USM authentication is enabled and whether encryption is enabled to
provide higher security. USM authentication mechanism allows authenticated senders
and prevents unauthenticated senders. Encryption is to encrypt messages transmitted
between the network management system and agents, thus preventing interception.
The RAX711-C supports v1, v2c, and v3 of SNMP.
MIB
Management Information Base (MIB) is the collection of all objects managed by NMS. It
defines attributes for the managed objects:
Name
Access authority
Data type
The device-related statistic contents can be reached by accessing data items. Each proxy has
its own MIB. MIB can be taken as an interface between NMS and Agent, through which
NMS can read/write every managed object in Agent to manage and monitor the device.
MIB store information in a tree structure, its root is on the top, without name. Nodes of the
tree are the managed objects, which take a uniquely path starting from root (OID) for
identification. SNMP packets can access network devices by checking the nodes in MIB tree
directory.
The RAX711-C supports standard MIB and Raisecom customized MIB.
Raisecom Proprietary and Confidential
234
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 12 System management and maintenance
Classification of alarms
There are 3 kinds of alarms according to properties of an alarm:
Fault alarm: alarms generated because of hardware failure or anomaly of important
functions, such as port Down alarm
Recovery alarm: alarms generated when device failure or abnormal function returns to
normal, such as port Up alarm;
Event alarm: prompted alarms or alarms that are generated because the fault alarm and
recovery alarm cannot be related, such as alarms generated because of failing to Ping.
Alarms are divided into 5 types according to functions:
Communication alarm: alarms related to the processing of information transmission,
including alarms generated because of communication failure between Network
Elements (NEs), NEs and NMS, or NMS and NMS
Service quality alarm: alarms caused by service quality degradation, including
congestion, performance decline, high resource utilization rate, and the bandwidth
reducing
Processing error alarm: alarms caused by software or processing errors, including
software errors, memory overflow, version mismatching, and abnormal program aborts
Environmental alarm: alarms caused by equipment location-related problems, including
the temperature, humidity, ventilation. and other abnormal working conditions
Device alarm: alarms caused by failure of physical resources, including the power supply,
fan, processor, clock, input/output interface, and other hardware.
Alarm output
There are 3 alarm output modes:
Alarm buffer: alarms are recorded in tabular form, including the current alarm table and
history alarm table.
− Current alarm table: records alarms which are not cleared, acknowledged or restored.
− History alarm table: consists of acknowledged and restored alarms, recording the
cleared, auto-restored, or manually acknowledged alarms.
Log: alarms are generated to system log when recorded in the alarm buffer, and stored in
the alarm log buffer.
Trap: alarms sent to the NView NNM system when the NView NNM system is
configured
Alarm levels
The alarm level is used to identify the severity degree of an alarm. The level is defined in
Table 12-3.
Related concepts
Related concepts about alarm management are displayed as below:
Alarm inhibition
The RAX711-C only records root-cause alarms but incidental alarms when enabling alarm
inhibition. For example, the generation of alarm A will inevitably produce alarm B, then
alarm B is inhibited and does not appear in the alarm buffer or record the log information
when enabling alarm inhibition. By enabling alarm inhibition, the RAX711-C can effectively
reduce the number of alarms.
The root-cause alarm and all other incidental alarms will be recorded on the RAX711-C when
alarm inhibition is disabled.
Alarm auto-report
Auto-report refers that an alarm will be reported to the NView NNM system automatically
with its generation and the NView NNM system does not need to query or synchronize alarms
actively.
You can configure auto-report to some alarm, some alarm source, or the specified alarm from
specified alarm source.
The alarm source refers to an entity that generates related alarms, such as interfaces,
devices, or cards.
Alarm monitoring
Alarm monitoring is used to process alarms generated by modules:
− When alarm monitoring is enabled, the alarm module will receive alarms generated
by modules, and process them according to configurations of the alarm module, such
as recording alarm in the alarm buffer and recording system logs.
− When alarm monitoring is disabled, the alarm module will discard alarms generated
by modules without follow-up treatment. In addition, alarms will not be recorded on
the RAX711-C.
You can perform alarm monitoring on some alarm, alarm source, or specified alarm from
specified alarm source.
Alarm reverse mode
In real operating environment, there are some reasonable but meaningless alarms. You can use
some mode to hidden these alarms without affecting the system to monitor them. This alarm
processing mode is alarm reverse.
Alarm reverse refers to the device will report the information opposite to actual status when
recording alarm information, or report the alarm when there is no alarm information. Not
report if there is alarm information.
Currently, the device is only in support of reverse mode configuration of the interface. There
are three reverse modes to be configured; the specific definitions are as below:
− Non-reverse mode
Device alarm is reported normally.
− Manual reverse mode
Configure the alarm reverse mode of an interface as manual reverse mode, then no matter
what the current alarm state is, the reported alarm state of the interface will be changed
opposite to the actual alarm state immediately, that is to say, not report when there are alarms,
report when there are not alarms actually. The interface will maintain the opposite alarm state
regardless of the alarm state changes before the alarm reverse state being restored to non-
reverse mode.
− Auto-reverse mode
Configure the alarm reverse mode as auto-reverse mode. If the interface has not actual reverse
alarm currently, the configuration will return fail; if the interface has actual reverse alarm, the
configuration is success and enter reverse mode, i.e. the interface reported alarm status is
changed opposite to the actual alarm status immediately. After the alarm is finished, the
enabling state of interface alarm reverse will ends automatically and changes to non-reverse
alarm mode so that the alarm state can be reported normally in next alarm.
Alarm delay
Alarm delay refers that the RAX711-C will record alarms and report them to the NView
NNM system after a delay but not immediately when alarms generate. Delay for recording
and reporting alarms are identical.
By default, an alarm is reported after 0s it is generated and an alarm is cleared after 0s it is
finished.
Alarm storage mode
Alarm storage mode refers to how to record new generated alarms when the alarm buffer is
full. There are two ways:
− stop: stop mode, when the alarm buffer is full, new generated alarms will be
discarded without recording.
− loop: loop mode, when the alarm buffer is full, the new generated alarms will replace
old alarm information and take rolling records.
The current alarm list can record up to 1000 alarms and the historical alarm table can record
up to 500 alarms. Use the configured storage mode to deal with newly-generated alarms when
the alarm table is full.
Clearing alarms
Clear the current alarm, which means deleting current alarms from the current alarm table.
The cleared alarms will be saved to the historical alarm table and an all-alarm alarm is
generated.
Viewing alarms
The administrator can view alarms and monitor alarms directly on the RAX711-C. If the
RAX711-C is configured with the NView NNM system, the administrator can monitor alarms
on the NView NNM system.
12.1.8 RMON
Remote Network Monitoring (RMON) is a standard developed by the Internet Engineering
Task Force (IETF). RMON is used to monitor network data through different Agents and
NMS. RMON is an extension to SNMP. However, compared with SNMP, ROMN is more
active and efficient for monitoring remote devices.
The administrator can quickly trace faults generated on the network, network segments, or
devices. With RMON, data traffic between the NMS and Agent is reduced greatly. In addition,
RMON helps effectively manage the large-scale network, which makes up for SNMP
restrictions across the increasing distributed network.
At present, RMON implements 4 function groups:
Statistics group: collect statistic information on each interface, including the number of
received packets and packet size distribution statistics.
History group: similar with the statistics group, it only gathers statistics in an assigned
detection period.
Alarm group: monitor an assigned MIB object, configure the upper and lower thresholds
in an assigned time interval, and trigger an event if the monitored object exceeds the
threshold.
Event group: cooperating with the alarm group, when an alarm triggers an event, it
records the event, such as sending Trap or writing it into the log.
Temperature monitoring
The RAX711-C support monitoring the temperature and can be configured with the high
temperature alarm threshold and low temperature alarm threshold.
Fan monitoring
The RAX711-C supports fan monitoring, which is used to monitor the rotational speed and
temperature of the fan. When the rotational speed and temperature of the fan are abnormal, an
alarm is generated and Trap messages are sent.
The RAX711-C monitors the fan in two modes:
Forced monitoring: the rotational speed of the fan is fixed.
Automatic monitoring: the rotational speed of the fan is automatically adjusted according
to temperature change.
In automatic monitoring mode, the rotational speed is classified into 4 levels. Each level
corresponds to a group of temperature range. The RAX711-C automatically adjusts the
rotational speed of the fan according to temperature change.
12.1.10 Loopback
As shown in Figure 12-3, interface loopback test (Loopback) is a common method for
checking interface and network problems. Return the packets, which meet rules and related
parameters defined by users, to the RAX711-C B through Client 1 of RAX711-C A. By
counting packets transmitted and received by an interface, RAX711-C B can detect the
network connectivity.
Loopback parameters
Loopback parameters include the source MAC address, destination MAC address, source IP
address, destination IP address, SVLAN ID, and CVLAN ID. When you configure a loopback
parameter and enable loopback of the related rule, packets, which meet the parameter, will be
used for loopback.
Ping
Ping derives from the sonar location operation, which is used to detect whether the network is
normally connected. Ping is achieved with ICMP echo packets. If an Echo Reply packet is
sent back to the source address during a valid period after the Echo Request packet is sent to
the destination address, it indicates that the route between source and destination address is
reachable. If no Echo Reply packet is received during a valid period and timeout information
is displayed on the sender, it indicates that the route between source and destination addresses
is unreachable.
Figure 12-4 shows the principles of Ping.
Traceroute
Just as Ping, Traceroute is a commonly-used maintenance method in network management.
Traceroute is often used to test the network nodes of packets from sender to destination,
detect whether the network connection is reachable, and analyze network fault
The following shows how Traceroute works:
First, send a piece of TTL1 sniffer packet (where the UDP port number of the packet is
unavailable to any application programs in destination side).
TTL deducts 1 when reaching the first hop. Because the TTL value is 0, in the first hop
the device returns an ICMP timeout packet, indicating that this packet cannot be sent.
The sending host adds 1 to TTL and resends this packet.
Because the TTL value is reduced to 0 in the second hop, the device will return an ICMP
timeout packet, indicating that this packet cannot be sent.
The above steps continue until the packet reaches the destination host, which will not return
ICMP timeout packets. Because the port number of destination host is not be used, the
destination host will send the port unreachable packet and finish the test. Thus, the sending
host can record the source address of each ICMP TTL timeout packet and analyze the path to
the destination according to the response packet.
Figure 12-5 shows the principle of Traceroute.
Scenario
When you obtain connection information between devices through the NView NNM system
for topology discovery, you need to enable LLDP on the RAX711-C. Therefore, the RAX711-
C can notify its information to the neighbours mutually, and store neighbour information to
facilitate the NView NNM system querying information.
Prerequisite
N/A
After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP
cannot be enabled unless the restart timer times out.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lldp enable Enable global LLDP.
By default, global LLDP is disabled.
We recommend configuring the LLDP delivery period in advance. The delivery period
and delivery delay are interact on each other. The delivery delay must be smaller
than or equal to 1/4 of the delivery period. Otherwise, the configuration will fail.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lldp (Optional) configure the period timer of the LLDP packet.
message-transmission
interval second By default, it is 30s.
3 Raisecom(config)#lldp (Optional) configure the delay timer of the LLDP packet.
message-transmission delay
second By default, it is 2s.
4 Raisecom(config)#lldp (Optional) configure the aging coefficient of the LLDP packet.
message-transmission hold-
multiplier coefficient
By default, it is 4.
5 Raisecom(config)#lldp (Optional) configure the restart timer. After global LLDP is
restart-delay second disabled, it cannot be enabled unless the restart timer times out.
By default, it is 2s.
After enabled with LLDP Trap, the RAX711-C will send Traps after detecting aged
neighbours, newly-added neighbours, and changed neighbour information.
Scenario
When you need to log in to the RAX711-C through the NView NNM system, you should
configure basic SNMP functions on the RAX711-C.
Prerequisite
Configure the IP address of the SNMP interface.
Configure static routing, making the route between the RAX711-C and the NView NNM
system reachable.
3 Raisecom(config)#snmp-server contact
contact (Optional) configure the identifier and contact
mode of the administrator.
Trap configurations on SNMPv1, v2c, and v3 are identical except for Trap target host
configurations. Please configure Trap as required.
Trap means refers to unrequested information sent to the NView NNM system automatically,
which is used to report some critical events.
Before configuring Trap, you need to perform the following configurations:
Configure basic functions of SNMP. For SNMPv3, you need to configure the user name
and SNMP view.
Configure a routing protocol, making the route between the RAX711-C and the NView
NNM system reachable.
Step Command Description
1 Raisecom#config Enter global configuration mode.
7 Raisecom(config)#snmp-server enable
traps
Enable SNMP to send Trap.
Scenario
Optical module DDM provides a method for monitoring SFP performance parameters. By
analyzing monitored data provided by the optical module, the administrator can predict the
SFP module lifetime, isolate system faults, as well as verify the compatibility of the optical
module.
Prerequisite
N/A
Scenario
The RAX711-C generates critical information, debugging information, or error information
about the system to system logs and outputs the system logs to log files or transmits them to
the host, Console interface, or monitor for viewing and locating faults.
Prerequisite
N/A
Scenario
When the RAX711-C fails, the alarm management module will collect the fault information
and output the alarm in a log. The alarm information includes the time when the alarm is
generated, the name and descriptions of the alarm. It helps you quickly locate the fault.
If the RAX711-C is installed with the NView NNM system, the alarm is reported to the
NView NNM system. The NView NNM system gives the reasons and suggestions to help you
deal with the problem in time.
With alarm management, you can directly perform following operations on the RAX711-C:
alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm
storage mode, alarm clearing, and alarm viewing.
Prerequisite
After hardware monitoring is configured on the RAX711-C,
When alarms are output in Syslog form, alarms are generated to the system log. When
needing to send alarms to the log host, you need to configure the IP address of the log
host on the RAX711-C.
When needing to send alarms to the NView NNM system in a Trap form, you need to
configure the IP address of the NView NNM system on the RAX711-C.
For modules, which support the alarm feature, can be enabled/disabled with alarm
monitoring, alarm auto-report, and alarm clearing.
Raisecom Proprietary and Confidential
253
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-C (A) Configuration Guide 12 System management and maintenance
Scenario
This feature enables you to monitor the memory utilization of the system in real time and
configure memory utilization crossing threshold alarms, thus facilitating you to locate and
clear faults in time or assist NMS personnel to locate faulty.
Prerequisite
To output memory utilization alarms as Trap, you must configure the IP address of the target
server for outputting Trap, namely, the IP address of the NMS server.
Scenario
CPU monitoring is used to monitor task status, CPU utilization rate, and stack usage in real
time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating a
hidden danger, helping the administrator locate the fault quickly.
Prerequisite
To output CPU monitoring alarms in a Trap form. You need to configure the IP address of
Trap target host on the RAX711-C, that is, the IP address of the NView NNM system.
Scenario
RMON helps monitor and count network traffics.
Compared with SNMP, RMON is a more efficient monitoring method. After you specifying
the alarm threshold, the RAX711-C actively sends alarms when the threshold is exceeded
without gaining variable information. This helps reduce the traffic of managing and managed
devices and facilitates managing the network.
Prerequisite
The route between the RAX711-C and the NView NNM system is reachable.
Scenario
The network maintenance engineers can detect and analyze interface and network faults
through interface loopback.
Ingress packets and egress packets are defined as below:
Ingress packets: test packets received by an interface
Egress packets: test packets returned to the peer device through an interface
Prerequisite
When the current interface is in Forwarding status, packets entering the interface can be
properly forwarded or transmitted to the CPU.
12.12.2 Ping
Step Command Description
1 Raisecom#ping [ vrf vpn-instance-name ] ip- (Optional) use the ping command to test
address [ count count ] [ size size ] IPv4 network connectivity.
[ source ip-address ] [ waittime second ]
2 Raisecom#ping ipv6 ipv6-address [ count (Optional) use the ping command to test
count ] [ size size ] [ waittime second ] IPv6 network connectivity.
The RAX711-C cannot perform other operations in the process of Ping. It can
perform other operations only when Ping is finished or Ping is broken off by pressing
Ctrl+C.
12.12.3 Traceroute
Before using Traceroute, you should configure the IP address and default gateway of the
RAX711-C.
12.13 Maintenance
Command Description
Networking requirements
As shown in Figure 12-6, RAX711-C A and RAX711-C B are connected to the NView NNM
system. Enable LLDP on links between RAX711-C A and RAX711-C B. And then you can
query the Layer 2 link changes through the NView NNM system.
Configuration steps
Step 1 Configure the management IP address.
Configure RAX711-C A.
Configure RAX711-C B.
Raisecom(config)#lldp enable
Raisecom(config)#lldp message-transmission interval 60
Raisecom(config)#lldp message-transmission delay 9
Raisecom(config)#lldp trap-interval 10
Configure RAX711-C B.
Raisecom(config)#lldp enable
Raisecom(config)#lldp message-transmission interval 60
Raisecom(config)#lldp message-transmission delay 9
Raisecom(config)#lldp trap-interval 10
Checking results
Use the show lldp local config command to show local configurations. Take RAX711-C A
for example.
On RAX711-C B:
Networking requirements
As shown in Figure 12-7, configure system log to output system logs of the RAX711-C to the
log host, facilitating log viewing at any time.
Configuration steps
Step 1 Configure the IP address of the SNMP interface on the RAX711-C.
Raisecom#config
Raisecom(config)#interface snmp 1
Raisecom(config-snmp1)#ip address 20.0.0.6 255.0.0.0 1
Raisecom(config-snmp1)#exit
Raisecom(config)#logging on
Raisecom(config)#logging host 20.0.0.168 warnings
Raisecom(config)#logging rate-limit 2
Checking results
Use the show logging command to show system log configurations.
Raisecom#show logging
Syslog logging: enable
Dropped Log messages: 0
Dropped debug messages: 0
Rate-limited: 2 messages per second
Squence number display: disable
Debug level time stamp: none
Log level time stamp: datetime
Log buffer size: 4kB
Debug level: low
Syslog history logging: disable
Syslog history table size:1
Dest Status Level LoggedMsgs DroppedMsgs Discriminator
----------------------------------------------------------------------
buffer disable informational(6) 0 0 0
console enable informational(6) 3 0 0
trap disable warnings(4) 0 0 0
file disable warnings(4) 0 0 0
Log host information:
Max number of log server: 10
Current log server number: 1
Target Address Level Facility Sent Drop Discriminator
-------------------------------------------------------------------------
20.0.0.168 warnings(4) local7 0 0 0
Check whether the log information is displayed on the terminal emulation Graphical User
Interface (GUI) of the PC.
13 Appendix
This chapter lists terms and abbreviations involved in this document, including the following
sections
Terms
Acronyms and abbreviations
13.1 Terms
A
A series of ordered rules composed of permit | deny sentences. These
Access
rules are based on the source MAC address, destination MAC address,
Control List
source IP address, destination IP address, interface ID and so on. The
(ACL)
device decides to receive or refuse the packets based on these rules.
C
A standard defined by IEEE. It defines protocols and practices for OAM
Connectivity
(Operations, Administration, and Maintenance) for paths through 802.1
Fault
bridges and local area networks (LANs). Used to diagnose fault for EVC
Management
(Ethernet Virtual Connection). Cost-effective by fault management
(CFM)
function and improve Ethernet maintenance.
E
Encapsulation A technology used by the layered protocol. When the lower protocol
receives packets from the upper layer, it will map packets to the data of
the lower protocol. The outer layer of the data is encapsulated with the
lower layer overhead to form a lower protocol packet structure. For
example, an IP packet from the IP protocol is mapped to the data of
802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame
header to form a VLAN frame structure.
L
Link A computer networking term which describes using multiple network
Aggregation cables/ports in parallel to increase the link speed beyond the limits of any
one single cable or port, and to increase the redundancy for higher
availability.
M
A term in data communication area. The structure is fixed, with its
Message header defining the destination address and the text as the actual packet.
It can also include information about the termination of packets.
P
In data communication field, packet is the data unit for switching and
transmitting information. In transmission, it will be continuously
encapsulated and decapsulated. The header is used to define the
Packet
destination address and source address. The trailer contains information
indicating the end of the packet. The payload data in between is the
actual packet.
In packet switching network, data is partitioned into multiple data
segments. The data segment is encapsulated by control information, such
as, destination address, to form the switching packet. The switching
Packet
packet is transmitted to the destination in the way of storage-forwarding
switching
in the network. Packet switching is developed based on the storage-
forwarding method and has merits of both circuit switching and packet
switching.
Q
QinQ QinQ is (also called Stacked VLAN or Double VLAN) extended from
802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a
simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag
for client private packets at carrier access end; the packets take double
VLAN Tag passing through trunk network (public network). In public
network, packets only transmit according to outer VLAN Tag, the private
VLAN Tag are transmitted as data in packets.
Virtual Local VLAN is a protocol proposed to solve broadcast and security issues for
Area Ethernet. It divides devices in a LAN into different segments logically
Network rather than physically, thus implementing multiple virtual work groups
(VLAN) which are based on Layer 2 isolation and do not affect each other.
VLAN mapping is mainly used to replace the private VLAN Tag of the
Ethernet service packet with the ISP's VLAN Tag, making the packet
transmitted according to ISP's VLAN forwarding rules. When the packet
VLAN
is sent to the peer private network from the ISP network, the VLAN Tag
mapping
is restored to the original private VLAN Tag according to the same
VLAN forwarding rules. Thus, the packet is sent to the destination
correctly.
C
CE Customer Edge
CFM Connectivity Fault Management
CoS Class of Service
D
DHD Dual Home Device
DRR Deficit Round Robin
DSCP Differentiated Services Code Point
E
EFM Ethernet in the First Mile
F
FTP File Transfer Protocol
G
GPS Global Positioning System
H
HA High Availability
I
ICCP Inter-Chassis Communication Protocol
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union - Telecommunication
ITU-T
Standardization Sector
L
LACP Link Aggregation Control Protocol
LBM LoopBack Message
LBR LoopBack Reply
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
LTM LinkTrace Message
LTR LinkTrace Reply
M
MA Maintenance Association
MAC Medium Access Control
MD Maintenance Domain
MEG Maintenance Entity Group
MEP Maintenance associations End Point
MIB Management Information Base
MIP Maintenance association Intermediate Point
MTU Maximum Transferred Unit
O
OAM Operation, Administration, and Maintenance
P
PDU Protocol Data Unit
PE Provider Edge
PSN Packet Switched Network
PTN Packet Transport Network
PW Pseudo Wire
PWE3 Pseudo Wire Emulation Edge-to-Edge
Q
QoS Quality of Service
R
RMEP Remote Maintenance association End Point
RMON Remote Network Monitoring
S
SAToP Structure-Agnostic TDM over Packet
SFP Small Form-factor Pluggables
SLA Service Level Agreement
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SP Strict-Priority
SSH Secure Shell
T
TCI Tag Control Information
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
V
VPN Virtual Private Network
VLAN Virtual Local Area Network
W
WRR Weight Round Robin