iTN165-CES (a) Configuration Guide (Rel_01)

iTN165-CES (A)

Configuration Guide

(Rel_01)

www.raisecom.com

Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any

assistance, please contact our local office or company headquarters.

Website: http://www.raisecom.com

Tel: 8610-82883305

Fax: 8610-82883056

Email: [email protected]

Address: Building 2, No. 28, Shangdi 6th Street, Haidian District, Beijing, P.R.China

Postal code: 100085

-----------------------------------------------------------------------------------------------------------------------------------------

Notice

Copyright © 2013

Raisecom

All rights reserved.

No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom

Technology Co., Ltd.

is the trademark of Raisecom Technology Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Raisecom

iTN165-CES (A) Configuration Guide Preface

Raisecom Technology Co., Ltd. i

Preface

Objectives This guide introduces features and related configurations supported by the iTN165-CES,

including basic principles and configuration procedures of Ethernet, clock synchronization,

network reliability, DHCP Client, OAM, security, QoS, and system management and

maintenance. In addition, this guide provides related configuration examples. The appendix of

this guide provides terms and abbreviations involved in this guide.

This guide help you master principles and configurations of the iTN165-CES systematically,

as well as networking with the iTN165-CES.

Versions The following table lists the product versions related to this document.

Product name Product version Hardware version

iTN165-4GE4E1 P100R001 A.00 or later

iTN165-4GE4E1-BL P100R001 A.00 or later

iTN165-4GEE1 P100R001 A.00 or later

iTN165-4GEV35 P100R001 A.00 or later

iTN165-4GE4E1S P100R001 A.00 or later

iTN165-4GE4E1S-BL P100R001 A.00 or later

iTN165-4GEE1S P100R001 A.00 or later

iTN165-4GEV35S P100R001 A.00 or later

Conventions

Symbol conventions

The symbols that may be found in this document are defined as follows.

Raisecom


Raisecom Technology Co., Ltd. ii

Symbol Description

Indicates a hazard with a medium or low level of risk which, if

not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance

degradation, or unexpected results.

Provides additional information to emphasize or supplement

important points of the main text.

Indicates a tip that may help you solve a problem or save time.

General conventions

Convention Description

Times New Roman Normal paragraphs are in Times New Roman.

Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.

Boldface Names of files, directories, folders, and users are in boldface.

For example, log in as user root.

Italic Book titles are in italics.

Lucida Console Terminal display is in Lucida Console.

Command conventions


Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. Only one is selected.

[ x | y | ... ] Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.

{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be

selected.

Raisecom


Raisecom Technology Co., Ltd. iii


[ x | y | ... ] * Optional alternative items are grouped in square brackets and

separated by vertical bars. A minimum of none or a maximum

of all can be selected.

Change history

Updates between document versions are cumulative. Therefore, the latest document version

contains all updates made to previous versions.

Issue 01 (2013-07-22)

Initial commercial release

Raisecom

iTN165-CES (A) Configuration Guide Contents

Raisecom Technology Co., Ltd. iv

Contents

1 Basic configurations ..................................................................................................................... 1

1.1 CLI ................................................................................................................................................................... 1

1.1.1 Overview ................................................................................................................................................. 1

1.1.2 Levels ...................................................................................................................................................... 2

1.1.3 Modes ...................................................................................................................................................... 2

1.1.4 Keystrokes............................................................................................................................................... 4

1.1.5 Flitering commands................................................................................................................................. 5

1.1.6 Viewing command history ...................................................................................................................... 6

1.1.7 Acquiring help ......................................................................................................................................... 6

1.2 Accessing device .............................................................................................................................................. 8

1.2.1 Accessing device through Console interface ........................................................................................... 8

1.2.2 Accessing device through Telnet ........................................................................................................... 10

1.2.3 Accessing device through SSHv2 ......................................................................................................... 12

1.2.4 Managing users ..................................................................................................................................... 13

1.2.5 Checking configurations ....................................................................................................................... 14

1.3 Zero-configuration ......................................................................................................................................... 14

1.3.1 Introduction ........................................................................................................................................... 14

1.3.2 Preparing for zero-configuration ........................................................................................................... 15

1.3.3 Configuring DHCP Client ..................................................................................................................... 15

1.3.4 (Optional) configuring zero-configuration polling ................................................................................ 16


1.4 Configuring IP address of device ................................................................................................................... 17

1.4.1 Configuring IP address of device .......................................................................................................... 17


1.5 Configuring time management ....................................................................................................................... 17

1.5.1 Configuring time and time zone ............................................................................................................ 17

1.5.2 Configuring DST .................................................................................................................................. 18

1.5.3 Configuring NTP/SNTP ........................................................................................................................ 18


1.6 Configuring static routing .............................................................................................................................. 20

1.7 Configuring Ethernet interface ....................................................................................................................... 21

1.7.1 Configuring basic attributies of interfaces ............................................................................................ 21

Raisecom


Raisecom Technology Co., Ltd. v

1.7.2 Configuring interface statistics ............................................................................................................. 21

1.7.3 Configuring flow control on interfaces ................................................................................................. 21

1.7.4 Opening/Shuting down interfaces ......................................................................................................... 22


1.8 Configuring SNMP ........................................................................................................................................ 23

1.8.1 Configuring the IP address of SNMP interface ..................................................................................... 23

1.8.2 Configuring SNMP basic functions ...................................................................................................... 23

1.8.3 Configuring Trap ................................................................................................................................... 24


1.9 Configuring Banner ........................................................................................................................................ 25

1.9.1 Preparing for configurations ................................................................................................................. 25

1.9.2 Configuring Banner............................................................................................................................... 25

1.9.3 Enabling Banner display ....................................................................................................................... 25


1.10 Configuration examples ............................................................................................................................... 26

1.10.1 Examples for configuring SNMP ........................................................................................................ 26

2 Ethernet ......................................................................................................................................... 29

2.1 Introduction .................................................................................................................................................... 29

2.1.1 MAC address table ................................................................................................................................ 29

2.1.2 VLAN ................................................................................................................................................... 32

2.1.3 QinQ...................................................................................................................................................... 34

2.1.4 VLAN mapping..................................................................................................................................... 37

2.1.5 Loopback detection ............................................................................................................................... 37

2.1.6 Interface protection ............................................................................................................................... 38

2.1.7 Layer 2 protocol transparent transmission ............................................................................................ 39

2.1.8 ARP ....................................................................................................................................................... 39

2.1.9 Port mirroring........................................................................................................................................ 40

2.2 Configuring MAC address table..................................................................................................................... 41


2.2.2 Configuring static MAC address entries ............................................................................................... 42

2.2.3 Configuring dynamic MAC address entries .......................................................................................... 42

2.2.4 Configuring blackhole MAC address entries ........................................................................................ 42


2.3 Configuring VLAN ........................................................................................................................................ 43


2.3.2 Configuring VLAN properties .............................................................................................................. 44

2.3.3 Configuring interface modes ................................................................................................................. 44

2.3.4 Configuring VLANs based on Access interfaces .................................................................................. 44

2.3.5 Configuring VLANs based on Trunk interfaces .................................................................................... 45


2.4 Configuring basic QinQ ................................................................................................................................. 46

Raisecom


Raisecom Technology Co., Ltd. vi


2.4.2 Configuring basic QinQ ........................................................................................................................ 47

2.4.3 Configuring egress interface to Trunk mode ......................................................................................... 47


2.5 Configuring selective QinQ ........................................................................................................................... 47


2.5.2 Configuring selective QinQ .................................................................................................................. 48


2.6 Configuring VLAN mapping ......................................................................................................................... 48


2.6.2 Configuring 1:1 VLAN mapping .......................................................................................................... 49


2.7 Configuring loopback detection ..................................................................................................................... 49


2.7.2 Configuring loopback detection ............................................................................................................ 50


2.8 Configuring interface protection .................................................................................................................... 51


2.8.2 Configuring interface protection ........................................................................................................... 51


2.9 Configuring Layer 2 protocol transparent transmission ................................................................................. 52


2.9.2 Configuring transparent transmission parameters ................................................................................. 52


2.10 Configuring ARP .......................................................................................................................................... 53

2.10.1 Preparing for configurations ............................................................................................................... 53

2.10.2 Configuring ARP address entries ........................................................................................................ 53

2.10.3 Checking configurations ..................................................................................................................... 54

2.11 Configuring port mirroring ........................................................................................................................... 54

2.11.1 Preparing for configurations ................................................................................................................ 54

2.11.2 Configuring port mirroring .................................................................................................................. 55


2.12 Maintenance ................................................................................................................................................. 56


2.13.1 Examples for configuring MAC address table .................................................................................... 56

2.13.2 Example for configuring VLAN and interface protection ................................................................... 58

2.13.3 Examples for configuring basic QinQ ................................................................................................. 62

2.13.4 Examples for configuring selective QinQ ........................................................................................... 64

2.13.5 Examples for configuring VLAN mapping ......................................................................................... 67

2.13.6 Examples for configuring loopback detection..................................................................................... 70

2.13.7 Examples for configuring Layer 2 protocol transparent transmission ................................................ 71

2.13.8 Examples for configuring ARP ........................................................................................................... 73

Raisecom


Raisecom Technology Co., Ltd. vii

2.13.9 Examples for configuring port mirroring ............................................................................................ 75

3 Clock synchronization ............................................................................................................... 77

3.1 Introduction .................................................................................................................................................... 77

3.2 Configuring clock synchronization based on synchronous E thernet .......................................................... 78


3.2.2 Configuring clock source properties ..................................................................................................... 79

3.2.3 Operating clock source manually .......................................................................................................... 80

3.2.4 Configuring input/output clock signals ................................................................................................. 80


3.3 Maintenance ................................................................................................................................................... 81

3.4 Configuration examples ................................................................................................................................. 81

3.4.1 Examples for configuring clock synchronization based on synchronous Ethernet ............................... 81

4 MPLS-TP ....................................................................................................................................... 84

4.1 Introduction .................................................................................................................................................... 84

4.1.1 Network structure .................................................................................................................................. 84

4.1.2 Basic concepts ....................................................................................................................................... 85

4.1.3 Static LSP ............................................................................................................................................. 89

4.1.4 MPLS forwarding process .................................................................................................................... 90

4.1.5 MPLS L2VPN ....................................................................................................................................... 93

4.1.6 MPLS-TP OAM .................................................................................................................................... 97

4.1.7 MPLS-TP linear protection switching ................................................................................................... 98

4.2 Configuring basic functions of MPLS .......................................................................................................... 100


4.2.2 Configuring basic functions of MPLS ................................................................................................ 101


4.3 Configuring static LSP ................................................................................................................................. 101


4.3.2 Configuring static LSP ........................................................................................................................ 102

4.3.3 Configuring static bidirectional corouted LSP .................................................................................... 102

4.3.4 Configuring Tunnel ............................................................................................................................. 104


4.4 Configuring MPLS L2VPN ......................................................................................................................... 105


4.4.2 Configuring MPLS L2VPN ................................................................................................................ 105


4.5 Configuring MPLS-TP OAM ....................................................................................................................... 106


4.5.2 Enabling MPLS-TP CFM ................................................................................................................... 107

4.5.3 Configuring MPLS-TP CFM .............................................................................................................. 107

4.5.4 Configuring fault detection ................................................................................................................. 109

4.5.5 Configuring fault acknowledgement ................................................................................................... 110

Raisecom


Raisecom Technology Co., Ltd. viii

4.5.6 Configuring fault location ................................................................................................................... 110

4.5.7 Configuring AIS .................................................................................................................................. 111

4.5.8 Configuring LCK ................................................................................................................................ 111

4.5.9 Configuring basic information about MPLS-TP SLA operation ......................................................... 112

4.5.10 Configuring SLA shceduling information and enabling SLA operation scheduling ......................... 113

4.5.11 Checking configurations ................................................................................................................... 113

4.6 Configuring MPLS-TP linear protection switching ..................................................................................... 114


4.6.2 Configuring MPLS-TP linear protection switching ............................................................................ 114


4.7 Maintenance ................................................................................................................................................. 115


4.8.1 Examples for configuring bidirectional static LSP ............................................................................. 116

4.8.2 Examples for configuring static LSP to carry static L2VC ................................................................. 119

4.8.3 Examples for configuring MPLS-TP linear protection switching ....................................................... 124

5 TDMoP ........................................................................................................................................ 130

5.1 Introduction .................................................................................................................................................. 130

5.1.1 Principles of TDMoP technology ........................................................................................................ 130

5.1.2 TDMoP service encapsulation protocol .............................................................................................. 132

5.1.3 TDMoP clock recovery technology .................................................................................................... 138

5.1.4 TDMoP delay jitter buffer technology ................................................................................................ 141

5.2 Configuring TDM interfaces ........................................................................................................................ 141


5.2.2 Configuring E1 interfaces ................................................................................................................... 141

5.2.3 Configuring V.35 interfaces ................................................................................................................ 142


5.3 Configuring PW ........................................................................................................................................... 143


5.3.2 Configuring IP address of TDMoP sub-card ....................................................................................... 143

5.3.3 Creating Tunnel ................................................................................................................................... 143

5.3.4 Creating PW and configuring PW properties ...................................................................................... 144

5.3.5 Cheking configurations ....................................................................................................................... 146

5.4 Configuring TDMoP clock ........................................................................................................................... 146


5.4.2 Configuring Rx clock source of TDM interfaces ................................................................................ 146


5.5 Maintenance ................................................................................................................................................. 147


5.6.1 Examples for configuring CESoPSN emulation services ................................................................... 147

5.6.2 Examples for configuring SAToP emulation services ......................................................................... 150

6 Network reliability ................................................................................................................... 154

Raisecom


Raisecom Technology Co., Ltd. ix

6.1 Introduction .................................................................................................................................................. 154

6.1.1 Link aggregation ................................................................................................................................. 154

6.1.2 Interface backup .................................................................................................................................. 156

6.1.3 ELPS ................................................................................................................................................... 158

6.1.4 ERPS ................................................................................................................................................... 161

6.1.5 Failover ............................................................................................................................................... 167

6.2 Configuring link aggregation ....................................................................................................................... 167


6.2.2 Configuring manual link aggregation ................................................................................................. 167

6.2.3 Configuring static LACP link aggregation .......................................................................................... 168


6.3 Configuring interface backup ....................................................................................................................... 170


6.3.2 Configuring basic functions of interface backup ................................................................................ 170

6.3.3 (Optional) configuring interface forced switch ................................................................................... 171


6.4 Configuring ELPS ........................................................................................................................................ 172


6.4.2 Creating protection lines ..................................................................................................................... 172

6.4.3 Configuring ELPS fault detection modes............................................................................................ 173

6.4.4 (Optional) configuring ELPS switching control ................................................................................. 174


6.5 Configuring ERPS ........................................................................................................................................ 175


6.5.2 Creating ERPS protection ring ............................................................................................................ 176

6.5.3 (Optional) creating ERPS protection sub-ring .................................................................................... 177

6.5.4 Configuring ERPS fault detection modes ........................................................................................... 178

6.5.5 (Optional) configuring ERPS switching control ................................................................................. 179


6.6 Configuring failover ..................................................................................................................................... 179


6.6.2 Configuring failover ............................................................................................................................ 180


6.7 Maintenance ................................................................................................................................................. 180


6.8.1 Examples for configuring manual link aggregation ............................................................................ 181

6.8.2 Examples for configuring static LACP link aggregation .................................................................... 183

6.8.3 Examples for configuring interface backup ........................................................................................ 185

6.8.4 Examples for configuring 1:1 ELPS ................................................................................................... 188

6.8.5 Examples for configuring single-ring ERPS ....................................................................................... 190

6.8.6 Examples for configuring intersecting-ring ERPS .............................................................................. 194

Raisecom


Raisecom Technology Co., Ltd. x

7 DHCP Client .............................................................................................................................. 201

7.1 Introduction .................................................................................................................................................. 201

7.1.1 Working principles of DHCP .............................................................................................................. 201

7.1.2 DHCP packets ..................................................................................................................................... 203

7.1.3 DHCP Client ....................................................................................................................................... 204

7.2 Configuring DHCP Client ............................................................................................................................ 205


7.2.2 (Optional) configuring DHCPv4 Client information .......................................................................... 205

7.2.3 Enabling DHCPv4 Client .................................................................................................................... 206

7.2.4 (Optional) renewing IPv4 addresses ................................................................................................... 206



7.3.1 Examples for configuring DHCPv4 Client ......................................................................................... 207

8 OAM ............................................................................................................................................ 209

8.1 Introduction .................................................................................................................................................. 209

8.1.1 EFM .................................................................................................................................................... 210

8.1.2 CFM .................................................................................................................................................... 211

8.1.3 SLA ..................................................................................................................................................... 213

8.1.4 RFC2544 ............................................................................................................................................. 214

8.2 Configuring EFM ......................................................................................................................................... 218


8.2.2 Configuring basic functions of EFM ................................................................................................... 218

8.2.3 Configuring active functions of EFM ................................................................................................. 219

8.2.4 Configuring passive functions of EFM ............................................................................................... 220

8.2.5 Configuring loopback timeout ............................................................................................................ 222


8.3 Configuring CFM ......................................................................................................................................... 223


8.3.2 Enabling CFM ..................................................................................................................................... 223

8.3.3 Configuring basic functions of CFM .................................................................................................. 223

8.3.4 Configuirng fault detection ................................................................................................................. 224

8.3.5 Configuring fault acknowledgement ................................................................................................... 226

8.3.6 Configuring fault location ................................................................................................................... 227

8.3.7 ConfiguringAIS ................................................................................................................................... 228

8.3.8 Configuring ETH-LCK ....................................................................................................................... 228


8.4 Configuring SLA .......................................................................................................................................... 229


8.4.2 Configuring basic SLA operation information .................................................................................... 230

8.4.3 Configuring SLA scheduling information and enabling operation scheduling ................................... 232

Raisecom


Raisecom Technology Co., Ltd. xi

8.4.4 Configuring basic ETH-Test throughput test operation information and enabling operation scheduling

..................................................................................................................................................................... 232


8.5 Configuring RFC2544 .................................................................................................................................. 234


8.5.2 Configuring RFC2544 basic information ............................................................................................ 235

8.5.3 Configuring RFC2544 throughput test ................................................................................................ 236

8.5.4 Configuring RFC2544 latency test ...................................................................................................... 236

8.5.5 Configuring RFC2544 frame loss rate test .......................................................................................... 237


8.6 Maintenance ................................................................................................................................................. 238


8.7.1 Examples for configuring EFM .......................................................................................................... 238

8.7.2 Examples for configuring CFM .......................................................................................................... 240

8.7.3 Examples for configuring SLA ........................................................................................................... 243

8.7.4 Examples for configuring ETH-Test throughput test .......................................................................... 245

8.7.5 Examples for configuring RFC2544 throughput test .......................................................................... 248

9 Security........................................................................................................................................ 251

9.1 Introduction .................................................................................................................................................. 251

9.1.1 ACL ..................................................................................................................................................... 251

9.1.2 RADIUS .............................................................................................................................................. 252

9.1.3 TACACS+ ........................................................................................................................................... 252

9.1.4 Storm control ...................................................................................................................................... 252

9.2 Configuring ACL ......................................................................................................................................... 253


9.2.2 Configuring IP ACL ............................................................................................................................ 253

9.2.3 Configuring MAC ACL ...................................................................................................................... 254

9.2.4 Configuring MAP ACL ....................................................................................................................... 254

9.2.5 Applying ACL to device ...................................................................................................................... 256


9.3 Configuring RADIUS .................................................................................................................................. 258


9.3.2 Configuring RADIUS authentication .................................................................................................. 258

9.3.3 Configuring RADIUS accounting ....................................................................................................... 259


9.4 Configuring TACACS+ ................................................................................................................................ 260


9.4.2 Configuring TACACS+ authentication ............................................................................................... 260


9.5 Configuring storm control ............................................................................................................................ 261


9.5.2 Configuring storm control ................................................................................................................... 261

Raisecom


Raisecom Technology Co., Ltd. xii


9.6 Maintenance ................................................................................................................................................. 262


9.7.1 Examples for configuring ACL ........................................................................................................... 262

9.7.2 Examples for configuring RADIUS .................................................................................................... 263

9.7.3 Examples for configuring TACACS+ ................................................................................................. 265

9.7.4 Examples for configuring storm control ............................................................................................. 266

10 QoS ............................................................................................................................................. 268

10.1 Introduction ................................................................................................................................................ 268

10.1.1 Priority trust ...................................................................................................................................... 269

10.1.2 Priority mapping ............................................................................................................................... 269

10.1.3 Traffic classification .......................................................................................................................... 270

10.1.4 Traffic policy ..................................................................................................................................... 271

10.1.5 Queue scheduling .............................................................................................................................. 272

10.1.6 Congestion avoidance ....................................................................................................................... 274

10.1.7 Queue shaping ................................................................................................................................... 274

10.1.8 Rate limiting based on interface and VLAN ..................................................................................... 275

10.2 Configuring priority trust and priority mapping ......................................................................................... 275

10.2.1 Preparing for conifgurations ............................................................................................................. 275

10.2.2 Configuring priority trust .................................................................................................................. 275

10.2.3 Configuring DSCP priority re-marking ............................................................................................. 276

10.2.4 Configuring mapping relationship between DSCP priority and local priority .................................. 276

10.2.5 Configuring mapping relationship between CoS priority and local priority ..................................... 277

10.2.6 Configuring mapping relationship between local priority and CoS priority ..................................... 277


10.3 Configuring traffic classification and traffic policy ................................................................................... 278

10.3.1 Preparing for configurations ............................................................................................................. 278

10.3.2 Creating and configuring traffic classification .................................................................................. 279

10.3.3 Creating and configuring traffic policing profile .............................................................................. 279

10.3.4 Creating and configuring traffic policy ............................................................................................. 280


10.4 Configuring queue scheduling.................................................................................................................... 282


10.4.2 Configuring queue scheduling .......................................................................................................... 283

10.4.3 Configuring WRR/SP+WRR queue scheduling................................................................................ 283

10.4.4 Configuring DRR/SP+DRR queue scheduling ................................................................................. 283


10.5 Configuring congestion avoidance and queue shaping .............................................................................. 284


10.5.2 Configuring queue-based WRED ...................................................................................................... 284

10.5.3 Configuring queue shaping ............................................................................................................... 285

Raisecom


Raisecom Technology Co., Ltd. xiii


10.6 Configuring rate limiting based on interface and VLAN ........................................................................... 285


10.6.2 Configuring interface-based rate limiting ......................................................................................... 286

10.6.3 Configuring VLAN-based/QinQ-based rate limiting ........................................................................ 286

10.6.4 Configuring rate limiting based on interface+VLAN ....................................................................... 286


10.7 Maintenance ............................................................................................................................................... 287

10.8 Configuration examples ............................................................................................................................. 287

10.8.1 Examples for configuring rate limiting based on traffic policy ......................................................... 287

10.8.2 Examples for configuring queue scheduling and congestion avoidance ........................................... 290

10.8.3 Examples for configuring interface-based rate limiting .................................................................... 293

11 System management and maintenance............................................................................... 296

11.1 Introduction ................................................................................................................................................ 296

11.1.1 Management files .............................................................................................................................. 296

11.1.2 Load and upgrade .............................................................................................................................. 297

11.1.3 System log ......................................................................................................................................... 298

11.1.4 Alarm management ........................................................................................................................... 298

11.1.5 CPU protection .................................................................................................................................. 303

11.1.6 CPU monitoring ................................................................................................................................ 304

11.1.7 RMON ............................................................................................................................................... 304

11.1.8 Optical module DDM ........................................................................................................................ 304

11.1.9 Loopback ........................................................................................................................................... 305

11.1.10 Extended OAM ............................................................................................................................... 307

11.1.11 LLDP ............................................................................................................................................... 307

11.1.12 Fault detection ................................................................................................................................. 309

11.2 Managing files ............................................................................................................................................ 311

11.2.1 Managing BootROM file .................................................................................................................. 311

11.2.2 Managing system files ....................................................................................................................... 311

11.2.3 Managing configuration files ............................................................................................................ 312


11.3 Load and upgrade ....................................................................................................................................... 313

11.3.1 Configuring TFTP auto-loading mode .............................................................................................. 313

11.3.2 Upgrading system software through BootROM ................................................................................ 314

11.3.3 Upgrading system software through FTP/TFTP ............................................................................... 316


11.4 Configuring system log .............................................................................................................................. 317

11.4.1 Preparing for configurations .............................................................................................................. 317

11.4.2 Configuring basic information about system log .............................................................................. 317

11.4.3 Configuring system log output destination........................................................................................ 318


Raisecom


Raisecom Technology Co., Ltd. xiv

11.5 Configuring alarm management ................................................................................................................. 319


11.5.2 Configuring basic functions of alarm management ........................................................................... 320

11.5.3 Configuring hardware monitoring alarm output ................................................................................ 321

11.5.4 Configuring Layer 3 dying-gasp and link-fault alarms ..................................................................... 322


11.6 Configuring CPU protection ....................................................................................................................... 323


11.6.2 Configuring CPU protection ............................................................................................................. 323


11.7 Configuring CPU monitoring ..................................................................................................................... 324


11.7.2 Viewing CPU monitoring information .............................................................................................. 325

11.7.3 Configuring CPU monitoring alarm .................................................................................................. 325

11.7.4 Checking configruations ................................................................................................................... 325

11.8 Configuring RMON ................................................................................................................................... 326


11.8.2 Configuring RMON statistics ............................................................................................................ 326

11.8.3 Configuring RMON historical statistics ............................................................................................ 326

11.8.4 Configuring RMON alarm group ...................................................................................................... 326

11.8.5 Configuring RMON event group ...................................................................................................... 327


11.9 Configuring optical module DDM ............................................................................................................. 327


11.9.2 Enabling optical module DDM ......................................................................................................... 327

11.9.3 Enabling optical module parameter anomaly Trap ............................................................................ 328


11.10 Configuring Loopback ............................................................................................................................. 328

11.10.1 Preparing for configurations ............................................................................................................ 328

11.10.2 Configuring parameters of interface loopback rules ....................................................................... 329

11.10.3 Configuring source/destination MAC address translation ............................................................... 329

11.10.4 Configuring destination IP address translation ................................................................................ 330

11.10.5 Enabling loopback by selecting loopback rule ................................................................................ 331

11.10.6 Checking configurations ................................................................................................................. 331

11.11 Configuring extended OAM ..................................................................................................................... 331


11.11.2 Establishing OAM links .................................................................................................................. 332

11.11.3 Checking configurations .................................................................................................................. 332

11.12 Configuring LLDP ................................................................................................................................... 332


11.12.2 Enabling global LLDP .................................................................................................................... 332

11.12.3 Enabling interface LLDP ................................................................................................................ 333

Raisecom


Raisecom Technology Co., Ltd. xv

11.12.4 Configuring basic functions of LLDP ............................................................................................. 333

11.12.5 Configuring LLDP alarm ................................................................................................................ 334

11.12.6 Checking configurations ................................................................................................................. 334

11.13 Configuring fault detection ....................................................................................................................... 334

11.13.1 Viewing device status ...................................................................................................................... 334

11.13.2 Configuring task scheduling ............................................................................................................ 335

11.13.3 PING and Traceroute ....................................................................................................................... 335

11.14 Maintenance ............................................................................................................................................. 336

11.15 Configuration examples............................................................................................................................ 336

11.15.1 Examples for configuring RMON alarm group ............................................................................... 336

11.15.2 Examples for configuring LLDP basic functions ............................................................................ 338

11.15.3 Examples for outputting system logs to log host ............................................................................. 341

11.15.4 Examples for configuring hardware monitoring alarm output ........................................................ 343

12 Appendix .................................................................................................................................. 345

12.1 Terms .......................................................................................................................................................... 345

12.2 Abbreviations ............................................................................................................................................. 347

Raisecom

iTN165-CES (A) Configuration Guide Figures

Raisecom Technology Co., Ltd. xvi

Figures

Figure 1-1 Logging in to the iTN165-CES through the Console interface ............................................................ 9

Figure 1-2 Configuring parameters for Hyper Terminal ...................................................................................... 10

Figure 1-3 The iTN165-CES working as the Telnet Server ................................................................................. 11

Figure 1-4 The iTN165-CES working as the Telnet Client .................................................................................. 11

Figure 1-5 Realizing zero-configuration through a local device, such as the iTN2100 ....................................... 15

Figure 1-6 Configuring SNMP ............................................................................................................................. 26

Figure 2-1 MAC address entries .......................................................................................................................... 30

Figure 2-2 Partitioning VLANs ............................................................................................................................ 32

Figure 2-3 Format of the 802.1Q-based VLAN frame ......................................................................................... 32

Figure 2-4 Structure of QinQ packet .................................................................................................................... 35

Figure 2-5 Structure of TCI in S-TAG and C-TAG .............................................................................................. 35

Figure 2-6 Typical networking application with basic QinQ ............................................................................... 36

Figure 2-7 1:1 VLAN mapping ............................................................................................................................ 37

Figure 2-8 Loopback detection ............................................................................................................................ 38

Figure 2-9 Structure of ARP frame ...................................................................................................................... 39

Figure 2-10 Principle of port mirroring ................................................................................................................ 41

Figure 2-11 Configuring MAC address table ....................................................................................................... 57

Figure 2-12 Configuring VLAN ........................................................................................................................... 59

Figure 2-13 Configuring basic QinQ.................................................................................................................... 62

Figure 2-14 Configuring selective QinQ .............................................................................................................. 65

Figure 2-15 Configuring VLAN mapping ............................................................................................................ 68

Figure 2-16 Configuring loopback detection ....................................................................................................... 70

Figure 2-17 Configuring Layer 2 protocol transparent transmission ................................................................... 71

Figure 2-18 Configuring ARP .............................................................................................................................. 74

Figure 2-19 Configuring port mirroring ............................................................................................................... 75

Figure 3-1 Principles of synchronous Ethernet .................................................................................................... 78

Raisecom


Raisecom Technology Co., Ltd. xvii

Figure 3-2 Configuring clock synchronization based on synchronous Ethernet .................................................. 81

Figure 4-1 MPLS network structure ..................................................................................................................... 85

Figure 4-2 Structure and encapsulation position of the label ............................................................................... 86

Figure 4-3 Structure of the label stack ................................................................................................................. 87

Figure 4-4 Operation process of a label ............................................................................................................... 87

Figure 4-5 Label distribution ................................................................................................................................ 88

Figure 4-6 Networking with static LSP ................................................................................................................ 89

Figure 4-7 Structure of the Tunnel ID .................................................................................................................. 90

Figure 4-8 Forwarding process of MPLS packets ................................................................................................ 92

Figure 4-9 CE accessing the network through Ethernet AC ................................................................................. 93

Figure 4-10 MPLS L2VPN model ....................................................................................................................... 94

Figure 4-11 MPLS L2VPN label stack processing process .................................................................................. 94

Figure 4-12 CCC MPLS L2VPN topology .......................................................................................................... 95

Figure 4-13 Martini MPLS L2VPN topology ...................................................................................................... 96

Figure 4-14 Packet format when the GACH is used as the control channel of the PW layer............................... 97

Figure 4-15 Packet format when the GACH is used as the control channel of the LSP layer .............................. 98

Figure 4-16 Packet format when the GACH is used as the control channel of the Section layer......................... 98

Figure 4-17 ACH packet format ........................................................................................................................... 98

Figure 4-18 1+1 protection switching structure ................................................................................................... 99

Figure 4-19 1:1 protection switching structure .................................................................................................. 100

Figure 4-20 Configuring the bidirectional static LSP ........................................................................................ 116

Figure 4-21 Configuring the static LSP to carry the static L2VC ...................................................................... 120

Figure 4-22 Configuring MPLS-TP linear protection switching ........................................................................ 124

Figure 5-1 Principles of PWE3 .......................................................................................................................... 131

Figure 5-2 TDMoP circuit emulation protocol stack .......................................................................................... 132

Figure 5-3 SAToP encapsulation principles ........................................................................................................ 133

Figure 5-4 Structure of the SAToP control word ................................................................................................ 133

Figure 5-5 Structure of RTP packet header ........................................................................................................ 134

Figure 5-6 CESoPSN encapsulation principles .................................................................................................. 136

Figure 5-7 Structure of the CESoPSN control word .......................................................................................... 136

Figure 5-8 Format for CESoPSN encapsulation of basic NxDS0 data .............................................................. 138

Figure 5-9 Format for CESoPSN encapsulation of basic NxDS0 signaling....................................................... 138

Figure 5-10 Format for CESoPSN encapsulation of basic NxDS0 and signaling .............................................. 138

Raisecom


Raisecom Technology Co., Ltd. xviii

Figure 5-11 Principle of self-adaptive clock recovery ....................................................................................... 139

Figure 5-12 Principle of differential clock recovery .......................................................................................... 140

Figure 5-13 Principle of external clock input ..................................................................................................... 140

Figure 5-14 Principle of link loopback clock ..................................................................................................... 140

Figure 5-15 Configuring CESoPSN emulation services .................................................................................... 148

Figure 5-16 Configuring SAToP emulation services .......................................................................................... 151

Figure 6-1 Link aggregation ............................................................................................................................... 155

Figure 6-2 Principles of interface backup .......................................................................................................... 157

Figure 6-3 Principles of VLAN-based interface backup .................................................................................... 158

Figure 6-4 Structure of APS packet .................................................................................................................... 159

Figure 6-5 ELPS 1+1 and 1:1 protection switching modes ................................................................................ 160

Figure 6-6 Unidirectional protection switching ................................................................................................. 161

Figure 6-7 Structure of the R-APS packet .......................................................................................................... 162

Figure 6-8 ERPS ring network ........................................................................................................................... 163

Figure 6-9 Idle state of Ethernet ring network ................................................................................................... 165

Figure 6-10 Protection state of Ethernet ring network ....................................................................................... 165

Figure 6-11 Sub-ring model ............................................................................................................................... 166

Figure 6-12 Interface-to-interface failover ......................................................................................................... 167

Figure 6-13 Configuring manual link aggregation ............................................................................................. 181

Figure 6-14 Configuring static LACP link aggregation ..................................................................................... 183

Figure 6-15 Configuring interface backup ......................................................................................................... 186

Figure 6-16 Configuring 1:1 ELPS .................................................................................................................... 188

Figure 6-17 Configuring single-ring ERPS ........................................................................................................ 191

Figure 6-18 Configuring intersecting-ring ERPS ............................................................................................... 195

Figure 7-1 Typical DHCP application ................................................................................................................ 202

Figure 7-2 Structure of DHCP packet ................................................................................................................ 203

Figure 7-3 DHCP Client ..................................................................................................................................... 205

Figure 7-4 Configuring DHCPv4 Client ............................................................................................................ 207

Figure 8-1 Architecture of Ethernet OAM ......................................................................................................... 209

Figure 8-2 OAM remote loopback ..................................................................................................................... 211

Figure 8-3 MEP and MIP ................................................................................................................................... 212

Figure 8-4 Throughput test ................................................................................................................................. 215

Figure 8-5 Frame loss rate test ........................................................................................................................... 216

Raisecom


Raisecom Technology Co., Ltd. xix

Figure 8-6 Latency test ....................................................................................................................................... 216

Figure 8-7 RFC2544 test .................................................................................................................................... 217

Figure 8-8 Configuring EFM ............................................................................................................................. 238

Figure 8-9 Configuring CFM ............................................................................................................................. 240

Figure 8-10 Configuring SLA ............................................................................................................................ 244

Figure 8-11 Configuring ETH-Test throughput test ........................................................................................... 246

Figure 8-12 Configuring RFC2544 throughput test ........................................................................................... 248

Figure 9-1 Configuring ACL .............................................................................................................................. 262

Figure 9-2 Configuring RADIUS ....................................................................................................................... 264

Figure 9-3 Configuring TACACS+ .................................................................................................................... 265

Figure 9-4 Configuring storm control ................................................................................................................ 266

Figure 10-1 Application of QoS ......................................................................................................................... 269

Figure 10-2 Traffic classification process .......................................................................................................... 270

Figure 10-3 Structure of IP packet header .......................................................................................................... 271

Figure 10-4 Structures of ToS priority and DSCP priority ................................................................................. 271

Figure 10-5 Structure of VLAN packet .............................................................................................................. 271

Figure 10-6 Structure of CoS priority ................................................................................................................ 271

Figure 10-7 SP scheduling ................................................................................................................................. 272

Figure 10-8 WRR scheduling ............................................................................................................................. 273

Figure 10-9 DRR scheduling .............................................................................................................................. 273

Figure 10-10 Configuring rate limiting based on traffic policy ......................................................................... 288

Figure 10-11 Configuring queue scheduling ...................................................................................................... 291

Figure 10-12 Configuring interface-based rate limiting ..................................................................................... 294

Figure 11-1 Interface loopback .......................................................................................................................... 305

Figure 11-2 The iTN165-CES working as a managed remote device ................................................................ 307

Figure 11-3 Structure of LLDPDU packet ......................................................................................................... 308

Figure 11-4 Structure of TLV packet .................................................................................................................. 308

Figure 11-5 Principle of PING ........................................................................................................................... 310

Figure 11-6 Principle of Traceroute ................................................................................................................... 310

Figure 11-7 Configuring RMON alarm group ................................................................................................... 337

Figure 11-8 Configuring LLDP basic functions ................................................................................................. 338

Figure 11-9 Outputting system logs to log host ................................................................................................. 341

Figure 11-10 Configuring hardware monitoring alarm output ........................................................................... 343

Raisecom

iTN165-CES (A) Configuration Guide Tables

Raisecom Technology Co., Ltd. xx

Tables

Table 2-1 Interfaces modes and packet forwarding modes .................................................................................. 33

Table 2-2 Structure of TCI in the S-TAG and C-TAG.......................................................................................... 35

Table 5-1 Fields of the SAToP control word ..................................................................................................... 134

Table 5-2 Fields of the RTP packet header ......................................................................................................... 135

Table 5-3 Fields of the CESoPSN control word ................................................................................................ 136

Table 6-1 Values of fields in APS specific information ...................................................................................... 159

Table 6-2 Fields in the R-APS specific information ........................................................................................... 162

Table 7-1 Fields of DHCP packet ....................................................................................................................... 203

Table 10-1 Mapping relationship between local priority and DSCP priority ..................................................... 270

Table 10-2 Mapping relationship between local priority and CoS priority ........................................................ 270

Table 11-1 Alarm fields ..................................................................................................................................... 300

Table 11-2 Alarm levels ..................................................................................................................................... 300

Table 11-3 TLV types ......................................................................................................................................... 308

Raisecom

iTN165-CES (A) Configuration Guide 1 Basic configurations

Raisecom Technology Co., Ltd. 1

1 Basic configurations

This chapter describes basic information and configuration procedures of the iTN165-CES, as

well as related configuration examples, including following sections:

CLI

Accessing device

Zero-configuration

Configuring IP address of device

Configuring time management

Configuring static routing

Configuring Ethernet interface

Configuring SNMP

Configuring Banner

Configuration examples

1.1 CLI

1.1.1 Overview

The Command-line Interface (CLI) is a medium for you communicating with the iTN165-

CES. You can configure, monitor, and manage the iTN165-CES through the CLI.

You can log in to the iTN165-CES through the terminal equipment or through a computer that

runs the terminal emulation program. Enter commands at the system prompt.

The CLI supports following features:

Configure the iTN165-CES locally through a console.

Configure the iTN165-CES locally or remotely through Telnet/ Secure Shell v2 (SSHv2).

Commands are classified into different levels. You can execute the commands that

correspond to your level only.

The commands available to you depend on which mode you are currently in.

Keystrokes can be used to execute commands.

Raisecom



Check or execute a historical command by checking command history. The last 20

historical commands can be saved on the iTN165-CES.

Enter a question mark (?) at the system prompt to obtain a list of commands available for

each command mode.

The iTN165-CES supports multiple intelligent analysis methods, such as fuzzy match

and context association.

1.1.2 Levels

The iTN165-CES classifies CLI into 15 levels in a descending order:

1–4: checking level. You can execute basic commands, such as ping, clear, and history,

to perform network diagnostic function, clear system information and show command

history.

5–10: monitoring level. You can execute these commands, such as show, for system

maintenance.

11–14: configuration level. You can execute these commands for configuring services,

such as Virtual Local Area Network (VLAN) and Internet Protocol (IP) route.

15: management level. You can execute these commands for running systems.

1.1.3 Modes

The command mode is an environment where a command is executed. A command can be

executed in one or multiple certain modes. The commands available to you depend on which

mode you are currently in.

After connecting the iTN165-CES, enter the user name and password to enter the user EXEC

mode, where the following command is displayed:

Raisecom>

Enter the enable command and press Enter. Then enter the correct password, and press Enter

to enter privileged EXEC mode. The default password is raisecom.

Raisecom>enable

Password:

Raisecom#

In privileged EXEC mode, enter the config command to enter global configuration mode.

Raisecom#config

Raisecom(config)#

Raisecom



The CLI prompts Raisecom is a default host name. You can modify it by executing the hostname string command in privileged EXEC mode. Command executed in global configuration mode can also be executed in other modes. The functions vary on command modes. You can enter the exit or quit command to return to upper command mode. However, in privileged EXEC mode, you need to execute the disable command to return to user EXEC mode. You can execute the end command to return to privileged EXEC mode from any modes but user EXEC mode and privileged EXEC mode.

Command modes supported by the iTN165-CES are listed in the following table.

Mode Access mode Prompt

User EXEC Log in to the iTN165-CES, and

then enter the correct user name

and password.

Raisecom>

Privileged EXEC In user EXEC mode, enter the

enable command and correct

password.

Raisecom#

Global configuration In privileged EXEC mode, enter

the config command.

Raisecom(config)#

Physical layer

interface

configuration

In global configuration mode,

enter the interface interface-type

interface-number command.

Raisecom(config-port)#

TDM interface

configuration


enter the interface tdm

interface-number command.

Raisecom(config-tdm-

port)#

PW configuration In global configuration mode,

enter the cespw pw-name

command.

Raisecom(config-cespw)#

Layer 3 interface

configuration


enter the interface ip if-number

command.

Raisecom(config-ip)#

VLAN configuration In global configuration mode,

enter the vlan vlan-id command.

Raisecom(config-vlan)#

Service instance

configuration


enter the service cis-id level ma-

level command.

Raisecom(config-

service)#

Traffic classification

configuration


enter the class-map class-map-

name command.

Raisecom(config-cmap)#

Traffic policy

configuration


enter the policy-map policy-map-name command.

Raisecom(config-pmap)#

Raisecom



Mode Access mode Prompt

Traffic policy bound

with traffic

classification

configuration

In traffic policy configuration

mode, enter the class-map class-

map-name command.

Raisecom(config-pmap-c)#

CoS-to-Pri

configuration


enter the mls qos mapping cos-

to-local-priority profile-id

command.

Raisecom(cos-to-pri)#

DSCP-to-Pri

configuration


enter the mls qos mapping

dscp-to-local-priority profile-id

command.

Raisecom(dscp-to-pri)#

Access Control List

(ACL) configuration


enter the access-list-map acl-number { deny | permit }

command.

Raisecom(config-aclmap)#

Aggregation group

configuration


enter the interface port-channel

port-channel-number command.

Raisecom(config-

aggregator)#

Clock configuration In global configuration mode,

enter the clock-mgmt slot slot-number command.

Raisecom(config-clock)#

1.1.4 Keystrokes

The iTN165-CES supports following keystrokes.

Keystroke Description

Press the up arrow (↑) key. The previous command is displayed.

Press the down arrow (↓) key. The next command is displayed.

Press the left arrow (←) key. Move the cursor back one character.

Press the right arrow (→) key. Move the cursor forward one character.

Press the Backspace key. Erase the character to the left of the cursor.

Raisecom



Keystroke Description

Press the Tab key. When you press it after entering a complete keyword,

the cursor moves forward a space. When you press it

again, the keywords matching the complete keyword

are displayed.

When you press it after entering an incomplete

keyword, the system automatically executes some

commands:

If the incomplete keyword matches a unique

complete keyword, the unique complete keyword

replaces the incomplete keyword, with the cursor

forward a space from the unique complete keyword. If the incomplete keyword matches no or more

complete keywords, the prefix is displayed. You can

press the Tab key to alternate the matched complete

keywords, with the cursor at the end of the matched

complete keyword. Then, press the Space bar to

enter the next keyword. If the incomplete keyword is wrong, you can press

the Tab key to wrap, and then error information is

displayed. However, the input incomplete keyword

remains.

Press Ctrl + A. Move the cursor to the beginning of the command line.

Press Ctrl + C. The ongoing command will be interrupted, such as

ping, and traceroute.

Press Ctrl + D or the Delete

key.

Delete the character at the cursor.

Press Ctrl + E. Move the cursor to the end of the command line.

Press Ctrl + K. Delete all characters from the cursor to the end of the

command line.

Press Ctrl + X. Delete all characters from the cursor to the beginning

of the command line.

Press Ctrl + Z. Return to privileged EXEC mode from the current

mode (excluding user EXEC mode).

Press the Space bar or y. Scroll down one screen.

Press the Enter key. Scroll down one line.

1.1.5 Flitering commands

The iTN165-CES provides a series of commands which begin with "list" to show

configuration, running status, or diagnostic message of the device. You can add filtering rules

to remove unwanted information.

The list command supports 3 filtering modes:

| begin string: show all commands which start from matched specific character string.

Raisecom



| exclude string: show all commands which do not match specific character string.

| include string: show all commands which only match specific character string.

1.1.6 Viewing command history

The iTN165-CES support viewing or executing a historical command through the history

command in any command mode. By default, the last 20 historical commands are saved.

The iTN165-CES can save a maximum of 20 historical commands through the terminal

history command in user EXEC mode.

1.1.7 Acquiring help

Complete help

You can acquire complete help under following three conditions:

You can enter a question mark (?) at the system prompt to display a list of commands

and brief descriptions available for each command mode.

Raisecom>?

The output is displayed as follows:

clear Clear screen

enable Turn on privileged mode command

exit Exit current mode and down to previous mode

help Message about help

history Most recent history command

language Language of help message

list List command

quit Exit current mode and down to previous mode

terminal Configure terminal

After you enter a keyword, press the Space and enter a question mark (?), all correlated

commands and their brief descriptions are displayed if the question mark (?) matches

another keyword.

Raisecom(config)#ntp?


peer Configure NTP peer

refclock-master Set local clock as reference clock

server Configure NTP server

Raisecom



After you enter a parameter, press the Space and enter a question mark (?), associated

parameters and descriptions of these parameters are displayed if the question mark (?)

matches a parameter.

Raisecom(config)#interface client ?


{1-4} Port number list

<1-4> Port number

Incomplete help

You can acquire incomplete help under following three conditions:

After you enter part of a particular character string and a question mark (?), a list of

commands that begin with a particular character string is displayed.

Raisecom(config)#c?


cespw cespw

cfm Connectivity fault management protocol

class-map Set class map

clear Clear screen

clock-mgmt Clock management

command-log Log the command to the file

cpu Configure cpu parameters

create Create static VLAN

After you enter a command, press the Space, and enter a particular character string and a

question mark (?), a list of commands that begin with a particular character string is

displayed.

Raisecom(config)#show li?


link-aggregation Link aggregation

link-fault link-fault

Raisecom



After you enter a partial command name and press the Tab, the full form of the keyword

is displayed if there is a unique match command.

Error messages

The following table lists some error messages that you might encounter while using the CLI

to configure the iTN165-CES.

Error information Description

% " * " Incomplete command. The input command is incomplete.

% Invalid input at '^' marked. The keyword marked with "^" is invalid or does

not exist.

% Ambiguous input at '^' marked,

follow keywords match it. The keyword marked with "^" is unclear.

% Unconfirmed command. The input command is not unique.

% Unknown command. The input command does not exist.

% You Need higher priority! You need more authority to exist the command.

1.2 Accessing device

When you first enable the iTN165-CES, you need to access the device through the Console interface and then configure its IP address. You cannot access the iTN165-CES through Telnet/SSHv2 unless you enable Telnet/SSHv2 service.

You can configure the iTN165-CES through the CLI after accessing it through the following 3

modes:

Accessing the iTN165-CES through the Console Interface

Accessing the iTN165-CES through Telnet

Accessing the iTN165-CES through SSHv2

1.2.1 Accessing device through Console interface

The Console interface of the iTN165-CES is a Universal Serial Bus (USB) A female interface, which is translated into a Universal Asynchronous Receiver/Transmitter (UART) in the device.

The Console interface is used as an interface for the iTN165-CES being connected to a PC

that runs the terminal emulation program. You can configure and manage the iTN165-CES

through this interface. This management method does not involve network communication.

Raisecom



You must log in to the iTN165-CES through the Console interface under the following 2

conditions:

The iTN165-CES is powered on for the first time.

You cannot login through Telnet.

The process for logging in to the iTN165-CES is shown as follows:

To log in to the iTN165-CES through the Console interface, follow these steps:

Step 1 Download the USB_Console_Driver.zip file from

http://www.raisecom.com/Drive/USB_Console_Driver.zip and then install it to the PC.

Step 2 Right-click My Computer and then choose Manage from the right-click menu. Choose

System Tools > Device Manager > Ports to view whether the USB driver program is

installed successfully. Then record the COM interface to be used, such as RAISECOM

Gazelle USB to UART Bridge (COM1).

Step 3 Connect the Console interface of the iTN165-CES to the USB interface of the PC through a

dual USM male interface cable, as shown in Figure 1-1.

Figure 1-1 Logging in to the iTN165-CES through the Console interface

Step 4 Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft

Windows XP. Enter the connection name at the Connection Description dialog box and then

click OK.

Step 5 Select COM 1 at the Connect To dialog box and then click OK.

Step 6 Configure parameters as shown in Figure 1-2 and then click OK

Raisecom



Figure 1-2 Configuring parameters for Hyper Terminal

Step 7 Enter the configuration interface and then enter the user name and password to log in to the

iTN165-CES. By default, both the user name and password are set to raisecom.

Hyper Terminal is not available on Windows Vista or later Windows Operating Systems (OSs). For these OSs, download Hyper Terminal package and install it. This program is free for personal application.

1.2.2 Accessing device through Telnet

Through Telnet, you can remotely log in to the iTN165-CES through a PC. In this way, it is

not necessary to prepare a PC for each iTN165-CES.

The iTN165-CES supports the following two Telnet services:

Telnet Server: as shown in Figure 1-3, connect the PC and the iTN165-CES and ensure

that the route between them is reachable. You can log in to and configure the iTN165-

CES by running Telnet program on a PC. Now the iTN165-CES provides Telnet server

service.

Raisecom



Figure 1-3 The iTN165-CES working as the Telnet Server

Before logging in to the iTN165-CES through Telnet, you must log in to the iTN165-CES through the Console interface, configure the IP address of the SNMP interface, and enable Telnet service.

Step Command Description

1 Raisecom#config Enter global configuration mode.

2 Raisecom(config)#management-port ip

address ip-address [ ip-mask ] Configure the IP address of the SNMP

interface.

3 Raisecom(config)#telnet-server accept

interface-type interface-list (Optional) configure the interface that

supports Telnet.

4 Raisecom(config)#telnet-server close

terminal-telnet session-number (Optional) close the specified Telnet session.

5 Raisecom(config)#telnet-server max-

session session-number (Optional) configure the maximum number of

Telnet sessions supported by the iTN165-

CES. By default, up to 5 Telnet sessions are

available.

Telnet Client: after connecting the iTN165-CES through the terminal emulation program

or Telnet, you can log in to, manage, and configure another iTN165-CES through Telnet.

As shown in Figure 1-4. The iTN165-CES provides both Telnet server and Telnet client

services.

Figure 1-4 The iTN165-CES working as the Telnet Client

Raisecom




1 Raisecom#telnet ip-address [ port port-number] Log in to other devices through Telnet.

1.2.3 Accessing device through SSHv2

SSHv2 is a network security protocol, which can effectively prevent the disclosure of

information in remote management through data encryption, and provides greater security for

remote login and other network services in network environment.

SSHv2 builds up a secure channel over TCP. Besides, SSHv2 is in support of other service

ports as well as standard port 22, thus to avoid illegal attack from network.

Before accessing the iTN165-CES via SSHv2, you must log in to the iTN165-CES through

the Console interface and enables SSH service.



2 Raisecom(config)#generate

ssh-key length Generate local SSHv2 key pair and designate its length. By

default, the length of the local SSHv2 key pair is set to 512

bits.

3 Raisecom(config)#ssh2 server Start SSHv2 server. By default, the iTN165-CES does not

start the SSHv2 server.

4 Raisecom(config)#ssh2 server

authentication { password |

rsa-key }

(Optional) configure SSHv2 authentication method. By

default, the iTN165-CES adopts the password authentication

mode.


authentication public-key (Optional) when the rsa-key authentication method is

adopted, type the public key of clients to the iTN165-CES.


authentication-timeout period (Optional) configure SSHv2 authentication timeout. The

iTN165-CES refuses to authenticate and open the connection

when client authentication time exceeds the upper threshold.

By default, the SSHv2 authentication timeout is set to 600s.


authentication-retries times (Optional) configure the allowable times for SSHv2

authentication failure. The iTN165-CES refuses to

authenticate and open the connection when client

authentication failure times exceed the upper threshold. By

default, the allowable times for SSHv2 authentication failure

are set to 20.


port port-number (Optional) configure the SSHv2 listening port ID. By default,

the SSHv2 listening port ID is set to 22.

When configuring the SSHv2 listening port ID, the input parameter cannot take effect immediately without reboot the SSHv2 service.

Raisecom





session session-list enable (Optional) enable SSHv2 session. By default SSHv2 session

is enabled

1.2.4 Managing users

When you start the iTN165-CES for the first time, connect the PC through Console interface

to the device, input the initial user name and password in Hyper Terminal to log in to and

configure the iTN165-CES.

By default, both the user name and password are raisecom

If there is not any privilege restriction, any remote can log in to the iTN165-CES via Telnet

when the Simple Network Management Protocol (SNMP) interface or other service interfaces

of device are configured with IP addresses. This is unsafe to the iTN165-CES and network.

Creating user and setting password and privilege helps to manage the login users and ensures

network and device security.


1 Raisecom#user name user-name password

password Create or modify the user name and password.

2 Raisecom#user name user-name privilege

privilege-level Configure the level and privilege of the user.

3 Raisecom#user user-name { allow-exec |

disallow-exec } first-keyword [ second-

keyword ]

Configure the priority rule for the user to

perform the command line.

The allow-exec parameter will allow the user

to perform commands higher than the current

priority.

The disallow-exec parameter disallows the

user to perform commands that match the

keyword.

4 Raisecom#user login { local-user |

radius-user | local-radius | radius-local

[ server-no-response ] }

(Optional) configure the authentication mode

for logging the iTN165-CES when the

RADIUS service is adopted.

5 Raisecom#enable login { local-user |

radius-user | local-radius | radius-local



for entering privileged EXEC mode when the

RADIUS service is adopted.


tacacs-user | local-tacacs | tacacs-local



for logging the iTN165-CES when the

TACACS+ service is adopted.


tacacs-user | local-tacacs | tacacs-local



for entering privileged EXEC mode when the

TACACS+ service is adopted.

Raisecom



1.2.5 Checking configurations

No. Command Description

1 Raisecom#show user [ detail ] Show the user information.

1.3 Zero-configuration

With wide application of the Packet Transport Network (PTN) technology in mobile backhaul

and professional fields, a great number of the iTN200 and the iTN100 devices will be applied

in a large scale. However, these devices are scattered at the remote end. When a project is to

be implemented, the maintenance personnel must configure then manually. This consumes

lots of time and effort. In addition, this may cause errors and influence the working efficiency.

To resolve these problems, the local device automatically configures parameters, such as the

IP address and default gateway, for remote devices to manage them. In addition, users can

transmit/receive data quickly. That is why zero-configuration is introduced.

With zero-configuration, developed by Raisecom, devices, which support this feature, can be

discovered and managed by the NView NNM system once being installed and powered on,

without being configured. This simplifies implementation, facilitates wide-scale deployment,

and reduces operation and maintenance cost. In addition, it enables users to transmit/receive

data quickly.

1.3.1 Introduction

As a remote device, the iTN165-CES realizes zero-configuration through a local device, such

as the iTN2100.

Figure 1-5 shows how the iTN165-CES realizes zero-configuration through a local device,

such as the iTN2100.

The iTN165-CES is a remote device at the PTN. The iTN2100 assigns parameters, such as the

IP address and management VLAN to it. After being powered on, the iTN165-CES establishes

an OAM link with the iTN2100 and obtains required parameters from it. And then the

iTN165-CES updates its configurations automatically to realize the zero-configuration feature.

Therefore, the iTN165-CES can be realized by the NView NNM system to realize the zero-

configuration feature.

Raisecom



Figure 1-5 Realizing zero-configuration through a local device, such as the iTN2100

By default, remote devices are enabled with zero-configuration. After being powered on, they will apply for IP addresses, VLAN IDs, and default gateways automatically. If a remote device is configured an IP address, it cannot perform zero-configuration.

1.3.2 Preparing for zero-configuration

Scenario

In general, after remote devices are connected to the local device and the DHCP Server is

configured properly, remote devices can apply for IP addresses automatically once being

powered on. When you need to modify parameters about zero-configuration, see this section.

Prerequisite Both local and remote devices work in zero-configuration mode.

IP 0 interface is related to an activated VLAN.

The physical interface, connected to the zero-configuration server, is added to the VLAN.

The uplink interface is UP.

1.3.3 Configuring DHCP Client

IP addresses assigned through zero-configuration are valid permanently.



Raisecom




2 Raisecom(config)#ip dhcp client

mode { zeroconfig | normal } Configure the DHCP Client working as a zero-

configuration remote device or a common client.

By default, the DHCP Client works as a zero-configuration

remote device.

3 Raisecom(config)#interface ip

if-number Enter IP interface configuration mode. Only IP 0 interface

supports being configured with DHCP Client.

4 Raisecom(config-ip)#ip address

dhcp [ server-ip ip-address ] Enable zero-configuration. Meanwhile, you can specify the

IP address of the local DHCP Server. If you specify the IP

address of the DHCP Server, you can receive the IP address

from the specified DHCP Server only.

5 Raisecom(config-ip)#ip dhcp

client { class-id class-id |

client-id client-id | hostname

host-name }

Configure information about the DHCP Client, including

the hostname, Class ID, and Client ID. The information is

included in the packet sent by the DHCP Client.

If the IP 0 interface of the remote device has obtained an IP address through

DHCP, it is believed that the remote device has obtained the IP address successfully, regardless of whether the default gatway is configured successfully or not.

The manually-configured IP address of IP 0 interface and the one automatically-obtained through zero-configuration can be mutually overridden.

IP address of other IP interfaces of the remote device cannot be at the same network segment with the one of the IP 0 interface.

After the IP 0 interface of the remote device has obtained an IP address automatically, if you re-perform this command to make apply for an IP address from another DHCP Server, the remote device will release the original IP address.

1.3.4 (Optional) configuring zero-configuration polling



2 Raisecom(config)#ip dhcp client

zeroconfig polling period hour Configure the zero-configuration polling period. It ranges

from 1 to 24 hours. By default, it is set to 2 hours.



1 Raisecom#show ip dhcp client Show configurations and automatically-obtained

information about the DHCP Client.

Raisecom



1.4 Configuring IP address of device

If a remote device has applied an IP address through zero-configuration, there is no need to manually configure an IP address for it.

1.4.1 Configuring IP address of device

The remote device can get an IP address through the following 2 modes:

Manually configure an IP address.

Get an IP address through the DHCP Server.

By default, the system has a default VLAN 1. If you need to relate the IP address to another VLAN ID, you must create and activate it in advance.



2 Raisecom(config)#interface ip if-number Enter Layer 3 interface configuration mode.

3 Raisecom(config-ip)#ip address ip-

address [ ip-mask ] [ vlan-id ] Configure an IP address and relate it to a VLAN.

4 Raisecom(config-ip))#ip address dhcp

[ server-ip server-ip-address ] Get an IP address through DHCP Server.



1 Raisecom#show ip interface brief Show basic configurations on the IP interface.

2 Raisecom#show ip interface ip if-number Show detailed configurations on the IP interface.

3 Raisecom#show interface ip vlan Show the IP address and its related VLAN.

4 Raisecom#show ip dhcp client Show DHCP Client configurations.

1.5 Configuring time management

1.5.1 Configuring time and time zone

To ensure that the iTN165-CES can cooperate with other devices, you need to configure

system time and time zone precisely for the iTN165-CES.

Raisecom




1 Raisecom#clock set hour minute

second year month day Configure the system time.

By default, the system time is set to 8:00:00, Jan 1, 2000.

2 Raisecom#clock timezone { + | -

} hour minute timezone-name Configuring system time zone. By default, it is GMT +

8:00.

1.5.2 Configuring DST

Daylight Saving Time (DST) is set locally to save energy, but vary in details. Thus, you need

to consider detailed DST rules locally before configuration.


1 Raisecom#clock summer-time enable Enable DST on the iTN165-CES.

By default, DST is disabled.

2 Raisecom#clock summer-time recurring

{ start-week | last } { sun | mon |

tue | wed | thu | fri | sat } start-

month hour minute { end-week | last }

{ sun | mon | tue | wed | thu | fri |

sat } end-month hour minute offset

Configure the begin time and end time of DST.

By default, the time offset is set to 60 minutes.

For example, if DST starts from 02:00 a.m. second Monday of April to 02:00 a.m. second Monday of September, the clock is moved ahead 60 minutes. Thus, the period between 02:00 and 03:00 second Monday of April does not exist. Configuring time during this period will fail. DST in the Southern Hemisphere is opposite to that in the Northern Hemisphere. It is from September this year to April next year. If the starting month is later than the ending month, the system judges that it is located in the Southern Hemisphere.

1.5.3 Configuring NTP/SNTP

SNTP and NTP are mutually exclusive. If you have configured the IP address of the NTP server on the iTN165-CES, you cannot configure SNTP on the iTN165-CES, and vice versa.

Network Time Protocol (NTP) is a time synchronization protocol defined by RFC1305. It is

used to perform time synchronization between the distributed time server and clients. NTP

transmits data based on UDP, using UDP port 123.

NTP is used to perform time synchronization on all devices with clocks in the network.

Therefore, these devices can provide various applications based on the uniformed time. In

addition, NTP can ensure a very high accuracy with an error about 10ms.

Raisecom



Devices, which support NTP, can both be synchronized by other clock sources and can

synchronize other devices as the clock source.

The iTN165-CES supports performing time synchronization through multiple NTP working

modes:

Server/Client mode

In this mode, the client sends clock synchronization message to different servers. The servers

work in server mode automatically after receiving the synchronization message and send

response messages. The client receives response messages, performs clock filtering and

selection, and is synchronized to the preferred server.

In this mode, the client can be synchronized to the server but the server cannot be

synchronized to the client.

Symmetric peer mode

In this mode, the device working in the symmetric active mode sends clock synchronization

messages to the device working in the symmetric passive mode. The device that receives this

message automatically enters the symmetric passive mode and sends a reply. By exchanging

messages, the symmetric peer mode is established between the two devices. Then, the two

devices can synchronize, or be synchronized by each other.



2 Raisecom(config)#ntp server ip-address

[ version [ v1 | v2 | v3 ] ] (Optional) configure the NTP server address for

the client that works in server/client mode.

3 Raisecom(config)#ntp peer ip-address

[ version [ v1 | v2 | v3 ] ] (Optional) configure the NTP server address for

the iTN165-CES that works in symmetric peer

mode.

4 Raisecom(config)#ntp refclock-master

[ clock-source ] [ stratum ] Configure the NTP reference clock source in

server/client mode.

If the iTN165-CES is configured as the NTP reference clock source, it cannot be configured as the NTP server or NTP symmetric peer; and vice versa.

SNTP

RFC1361 simplifies NTP and provides Simple Network Time Protocol (SNTP). Compared

with NTP, SNTP supports the server/client mode only.

In SNTP mode, the iTN165-CES only supports working as the SNTP client to be

synchronized by the server.



Raisecom




2 Raisecom(config)#sntp server ip-address (Optional) configure the SNTP server address

for the device that works in symmetric peer

mode.



1 Raisecom#show clock [ summer-time

recurring ] Show configurations on the system time,

time zone, and DST.

2 Raisecom#show sntp Show SNTP configurations.

3 Raisecom#show ntp status Show NTP configurations.

4 Raisecom#show ntp associations [ detail ] Show NTP association configurations.

1.6 Configuring static routing Configure static routing for simple topology network. You need to configure static routing

manually to create an intercommunication network. Before configuring static routing,

configure the IP address of the Layer 3 interface properly.



2 Raisecom(config)#ip route ip-address ip-mask

next-hop-ip-address Configure the static routing to the

destination network whose IP address is

set to ip-address,

3 Raisecom(config)#ip route static distance

distance Configure the default management

distance of static routing.

By default, the default management

distance is set to 1.

4 Raisecom(config)#show ip route [ dest-ip-

address | detail | ip-access-list acl-id |

protocol { direct | static } | statistics ]

Show the routing table information of the

device.

Raisecom



1.7 Configuring Ethernet interface

1.7.1 Configuring basic attributies of interfaces

The interconnected devices cannot communicate normally if their interface attributes (such as

MTU, duplex mode, and speed) are inconsistent, and then you have to adjust the interface

attributes to make the devices at two ends match each other.



2 Raisecom(config)#system mtu size Configure the Maximum Transmission Unit (MTU)

for all interfaces. MTU is the maximum number of

bytes allowed to pass through the interface (without

fragment).

When the length of the forward message exceeds the

maximum value, the device will discard this message

automatically.

By default, the MTU of the interface is set to 1526

bytes.

3 Raisecom(config)#interface

interface-type interface-list Enter Ethernet electrical interface configuration mode.

4 Raisecom(config-port)#duplex { auto

| full | half } Configure the duplex mode of the interface.

By default, the duplex mode is set to auto.

5 Raisecom(config-port)#speed { auto

| 10 | 100 | 1000 } Configure the speed of the interface. By default, the

speed is automatically negotiated

1.7.2 Configuring interface statistics



2 Raisecom(config)#dynamic statistics time

period Configure the interval for interface

dynamic statistics.

By default, the interval is set to 2s.

3 Raisecom(config)#clear interface interface-

type interface-number statistics Clear interface statistics saved at the

device.

1.7.3 Configuring flow control on interfaces

When speeds of interface for sending and receiving data are inconsistent, data will overflow.

Therefore, there should be a mechanism (flow control) to coordinate the 2 interfaces for

sending and receiving data properly.

Raisecom



Half-duplex: back-pressure flow control is adopted to emulate collision in Ethernet. In

half-duplex Ethernet, when a collision occurs, the Tx host will stop sending data.

Emulation makes the host with a greater speed stop sending data to control the traffic.

Back-pressure flow control is realized through hardware without being configured

manually.

Full duplex: IEEE 802.3x flow control is adopted. After the client sends a request to the

server, when the Autonomous System (AS)/network is congested, the client will sends a

PAUSE frame to the server to make the server stop sending data to the client.




interface-type interface-number Enter physical layer interface configuration mode.

3 Raisecom(config-port)#flowcontrol

{ receive | send } on Enable IEEE 802.3x flow control on interfaces.

By default, IEEE 802.3x flow control is disabled on

interfaces.

1.7.4 Opening/Shuting down interfaces





3 Raisecom(config-port)#shutdown Shut down the current interface.

By default, the interface is open.

You can use the no shutdown command to re-open an

interface after it is shut down.

4 Raisecom(config-port)#force-

transmit enable Enable unidirectional force transmission on interfaces.



1 Raisecom#show interface interface-type interface-list

[ statistics ] Show interface status.

2 Raisecom#show system mtu Show the system MTU.


statistics dynamic [ detail ] Show interface statistics.


flowcontrol Show interface flow control

information.

5 Raisecom#show interface force-transmit Show unicast forced

transmission configurations,

Raisecom



1.8 Configuring SNMP

1.8.1 Configuring the IP address of SNMP interface

To perform out-of-band management on the iTN165-CES through the SNMP interface, you

should configure the IP address of the SNMP interface.



2 Raisecom(config)#management-port ip

address ip-address [ ip-mask ] Configure the IP address of the SNMP interface.

By default, it is set to 192.168.4.28 and the subnet

mask is set to 255.255.255.0.

1.8.2 Configuring SNMP basic functions

Configuring SNMP v1 and SNMP v2c



2 Raisecom(config)#snmp-server community

name [ view view ] { ro | rw } Create the community name and configure

the related view and authority.

3 Raisecom(config)#snmp-server contact

contact (Optional) configure the identifier and

contact mode of the administrator.

4 Raisecom(config)#snmp-server group name

user user { v1sm | v2csm | usm } (Optional) configure the mapping

relationship between the user and the access

group.

5 Raisecom(config)#snmp-server location

location (Optional) specify the physical location of

the iTN165-CES.

Configuring SNMP v3



2 Raisecom(config)#snmp-server access group-

name [ read view-name ] [ write view-name ]

[ notify view-name ] [ context context-name

{ exact| prefix } ] usm { authnopriv |

authpriv | noauthnopriv }

Create and configure the SNMP access

group.

Raisecom




3 Raisecom(config)#snmp-server contact

syscontact (Optional) configure the identifier and

contact mode of the administrator.

4 Raisecom(config)#snmp-server location

sysLocation (Optional) specify the physical location

of the iTN165-CES.

5 Raisecom(config)#snmp-server user user-name

[ remote engine-id ] [ { authentication |

authkey } { md5 | sha } password [ privacy

password ] ]

Create the user name and configure the

authentication mode.

6 Raisecom(config)#snmp-server view view-name

oid-tree [ mask ] { included | excluded } Configure the SNMP view.

1.8.3 Configuring Trap

Trap means refers to unrequested information sent to the NView NNM system automatically,

which is used to report some critical events.

Before configuring Trap, you should configure the SNMP target host.



2 Raisecom(config)#snmp-server host ip-

address version { 1 | 2c } name [ udpport

port-id ]

Configure SNMP v1-/SNMP v2c-based Trap

target host.

Raisecom(config)#snmp-server hostip-

address version 3 { authnopriv | authpriv

| noauthnopriv } name [ udpport port-id ]

(Optional) configure SNMP v3-based Trap target

host.

3 Raisecom(config)#snmp-server enable traps Enable Trap.



1 Raisecom#show management-port ip-address Show the IP address of the SNMP interface.

2 Raisecom#show snmp access Show SNMP access group configurations.

3 Raisecom#show snmp community Show SNMP community configurations.

4 Raisecom#show snmp config Show SNMP basic configurations.

5 Raisecom#show snmp group Show the mapping relationship between SNMP

users and the access group.

6 Raisecom#show snmp host Show Trap target host information.

7 Raisecom#show snmp statistics Show SNMP statistics.

Raisecom




8 Raisecom#show snmp user Show SNMP user information.

9 Raisecom#show snmp view Show SNMP view information.

1.9 Configuring Banner

1.9.1 Preparing for configurations

Scenario

Banner is a message to display when you log in to or exit from the iTN165-CES, such as the

precautions or disclaimer.

You can configure Banner of the iTN165-CES as required. After Banner display is enabled,

the configured Banner information appears when you log in to or exit from the iTN165-CES.

Prerequisite

N/A

1.9.2 Configuring Banner



2 Raisecom(config)#banner login word

Enter text message followed by the

character ’word’ to finish.User can stop

configuration by inputing’ Ctrl+c’

message word

Configure the Banner contents.

The word parameter is a 1-byte character. It is the beginning and end marker of the Banner contents. These 2 marks must be the identical character. The message parameter is the Banner contents. Up to 2560 characters are supported.

1.9.3 Enabling Banner display



Raisecom




2 Raisecom(config)#banner enable Enable Banner display.

By default, Banner display is disabled.

3 Raisecom(config)#write Save Banner configurations to ensure saving them after

the iTN165-CES is rebooted.



1 Raisecom#show banner login View Banner status and configured Banner

contents.

1.10 Configuration examples

1.10.1 Examples for configuring SNMP

Networking requirements

As shown in Figure 1-6, the route between the NView NNM system and iTN is reachable. The

IP address and sub-net mask of the NView NNM system are set to 192.168.1.1 and

255.255.255.0 respectively.

The IP address of the iTN Ethernet interface connected to the network is set to 192.168.2.1.

The NView NNM system manages the iTN through the switch.

Figure 1-6 Configuring SNMP

Configuration steps

Step 1 Configure the IP address of the SNMP interface.

Raisecom



Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 192.168.2.1 255.255.255.0 1

Step 2 Configure the static route between the NView NNM system and the iTN.

Raisecom(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.2

Step 3 Configure the SNMP community.

Raisecom(config)#snmp-server community raisecom rw

Raisecom(config)#snmp-server community raisecom ro

Step 4 Configure the SNMP Trap target address.

Raisecom(config)#snmp-server host 192.168.1.1 version 2c raisecom

Raisecom(config)#exit

Step 5 Save configurations.

Raisecom(config)#write

Checking results

Use the show ip route command to show static routing configurations.

Raisecom(config)#show ip route

Codes: C - Connected, S - Static, R - RIP, O - OSPF

-----------------------------------------------------------

S 192.168.1.0[255.255.255.0],Via 192.168.2.2

C 192.168.18.0[255.255.255.0],is directly connected , Interface 0

Total route count: 2

Use show snmp community the command to show SNMP community configurations.

Raisecom#show snmp community

Index Community Name View Name Permission

------------------------------------------------------------

1 raisecom internet rw

Raisecom



2 raisecom internet ro

Raisecom

iTN165-CES (A) Configuration Guide 2 Ethernet


2 Ethernet

This chapter describes principles and configuration procedures of Ethernet, as well as related

configuration examples, including following sections:

Introduction

Configuring MAC address table

Configuring VLAN

Configuring basic QinQ

Configuring selective QinQ

Configuring VLAN mapping

Configuring loopback detection

Configuring interface protection

Configuring Layer 2 protocol transparent transmission

Configuring ARP

Configuring port mirroring

Maintenance


2.1 Introduction

2.1.1 MAC address table

MAC address entries

The MAC address table is a Layer 2 forwarding table recording related information about

devices that are connected to the device. All packets received by the interface are forwarded

based on the MAC address table. Based on the destination MAC address of the packet, the

device queries the MAC address to locate the forwarding interface quickly.

Raisecom



Figure 2-1 MAC address entries

A MAC address entry includes the following information

MAC Address: destination MAC address

Port: forwarding interface

VLAN ID: VLAN ID of the interface

Flags: Type of the MAC address table

Classification of MAC address table

The MAC address table is divided into the static MAC address table and dynamic MAC

address table.

MAC address entries include static MAC address entries, dynamic MAC address entries, and

blackhole MAC address entries.

Static MAC address entries

The static MAC address table can be added/deleted manually and is not aged. The static

MAC address table is reserved after the device is reset.

Dynamic MAC address entries

The dynamic MAC address table is created by automatically learning the source MAC

addresses of received packets. It can be aged based on the configured aging time. In

general, the dynamic MAC address table is not reserved after the device is reset.

Black MAC address entries

The blackhole MAC address table can be added/deleted manually and is not aged. The

device will directly discard the packet whose source/destination MAC address is a

blackhole MAC address.

Forwarding modes of MAC address

When forwarding packets, based on the information about MAC address entries, Ethernet

devices adopt following modes:

Unicast: when a MAC address entry, which is related to the destination MAC address of

a packet, is listed in the MAC address table, the device will directly forward the packet

to the received interface through the egress interface of the MAC address entry.

Raisecom



Multicast: when receiving a packet whose destination address is a multicast MAC

address, if the related destination address is listed in the MAC address table, the Ethernet

device will forward the packet through the egress interface of the MAC address entry.

Broadcast: when an Ethernet device receives an all-F packet, or when the Ethernet

device receives a packet whose MAC address is not listed in the MAC address table, it

will flood the packet to all interfaces in the same VLAN except for the interface that

receives this packet.

MAC address learning

Most dynamic MAC address entries are created and maintained through MAC address

learning. When a packet is sent to a device, the device will look up the MAC address table for

the interface ID that is related to the destination MAC address and VLAN ID of the packet. If

successful, the device will forward the packets to the received interface. Meanwhile, the

device will add the relevant source MAC address, interface ID, as well as VLAN ID to the

MAC address table. If the MAC address is created, the device will update the aging time.

When a packet is sent to the learned MAC address through other interfaces, the packet will be

directly forwarded to the received interface according to the MAC address table. If the

destination MAC address is not listed in the MAC address, the device floods the packets to all

interfaces except for the interface that receives this packet. In addition, the source MAC

address of the packet will be added to the MAC address table on the device.

MAC address limit

MAC address limit is used to restrict the number of MAC address entries. When the number

of access users exceeds the threshold, the MAC addresses of newly-accesses users will be

discarded directly. MAC address limit restricts learned dynamic MAC addresses.

Interface-based MAC address limit: learn source MAC addresses of packets in all

VLANs received the interface. If the number of learned MAC addresses reaches the

threshold, the device will not learn any MAC address. At this time, if the source MAC

address of the packet received by the interface is unknown (the source MAC address is

not listed in the learned MAC address table), the packet will be discarded.

VLAN-based MAC address limit: learn source MAC addresses of packets in specified

VLANs. If the number of learned MAC addresses reaches the threshold, the device will

not learn any MAC address.

The iTN165-CES supports interface-based MAC address limit.

MAC address aging

MAC address aging ensures real-time update of valid dynamic MAC address entries in the

MAC address table. It can prevent failing to forward packets caused by failing to learned new

MAC address entry when the threshold of the MAC address table is exceeded. When creating

a dynamic MAC address entry, the system enables the aging timer. If a packet with the same

MAC address is received during the aging time. the aging timer is updated. Otherwise, the

MAC address entry is deleted.

Raisecom



2.1.2 VLAN

Overview of VLAN

Virtual Local Area Network (VLAN) is a Layer 2 isolation technology that partitions devices

in a LAN logically to different parts. These parts are independent and cannot communicate

with each other. However, they can communicate through the router or Layer 3 switch. By

partitioning VLANs, you can isolate broadcast domains and reduce broadcast storms. Figure

2-2Figure 2-2 shows how to partition a VLAN.

Figure 2-2 Partitioning VLANs

Format of VLAN frame

VLANs supported by the iTN165-CES meet the IEEE 802.1Q standard. The iTN165-CES

supports 4094 concurrent VLANs. The IEEE 802.1Q modifies the format of the Ethernet

frame. It adds a 4-byte 802.1Q Tag between the source MAC address filed and the protocol

type field, as shown in Figure 2-3.

Figure 2-3 Format of the 802.1Q-based VLAN frame

Tag Protocol Identifier (TPID): it is a new frame type defined by the IEEE. It is a 2-byte

field. When it is set to 0x8100, it indicates that the frame is an 802.1Q-Tag frame. The

device, which does not support 802.1Q, will discard the 802.1Q-Tag packet.

Raisecom



Priority: a 3-bit field which indicates the frame priority level. Values are from 0 (best

effort) to 7 (highest). The bigger the number is, the higher the priority is. When the

network is congested, the device sends packets with higher priorities first.

Canonical Format Indicator (CFI): a 1-bit field used for identifying whether the MAC

address is in classical format. It indicates a classical MAC address when the value is set

to 0. It indicates a non-classical MAC address when the value is set to 1. It is used to

distinguish the format of frames when the bus Ethernet and Fiber Distributed Digital

Interface (FDDI)/Token Ring network exchange data.

VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.

The value ranges from 1 to 4094. A Port VLAN ID (PVID) is a default VLAN ID. In a

port-based VLAN, each port has a PVID. When an Untagged packet is sent to the port,

the RC1108 will forward this packet according to the PVID Tag. VLANs supported by

the RC1108 meet the IEEE 802.1Q standard. The iTN165-CES supports 4094 concurrent

VLANs.

Interface modes and packet forwarding modes

The iTN165-CES interface modes are divided into Access mode and Trunk mode. Table 2-1

lists comparison on interface modes and packet forwarding modes.

Table 2-1 Interfaces modes and packet forwarding modes

Interface type

Forwarding modes for ingress packet Forwarding modes for egress packet

Untag packet Tag packet

Access Add the Access VLAN

Tag to packets.

If the VLAN ID of a packet

is identical to the Access

VLAN ID or the VLAN ID

is in the allowed VLAN IDs

of the interface, receive the

packet. If the VLAN ID of a packet

is not identical to the Access

VLAN ID, or the VLAN ID

is not in the allowed VLAN

IDs of the interface, discard

the packet.

If the VLAN ID of a packet is

identical to the Access VLAN

ID, send the packet after

removing its Tag. If the VLAN ID of a packet is

in the allowed VLAN ID list

of the interface, send the

packet after removing its Tag. If the VLAN ID of a packet is

not in the allowed VLAN ID

list of the interface, discard

the packet.

http://en.wikipedia.org/wiki/Token_Ring

Raisecom



Interface type

Forwarding modes for ingress packet Forwarding modes for egress packet

Untag packet Tag packet

Trunk Add the Native VLAN

Tag to packets.

If the VLAN ID of a packet

is in the VLAN ID list of the

interface, receive the packet. If the VLAN ID of a packet


ID list of the interface,

discard the packet.

If the VLAN ID of a packet is

identical to the native VLAN

and the allowed VLAN ID is

in the VLAN ID list of the

interface , send the packet

after removing its original

Tag. If the VLAN ID of a packet is

not identical to the native

VLAN and VLAN ID is not

in the allowed VLAN ID list

of the interface, send the

packet with taking its original

Tag. If the VLAN ID of a packet is

not identical to the native

VLAN ID, or the VLAN ID


IDs of the interface, discard

the packet.

2.1.3 QinQ

QinQ (also called Stacked VLAN or Double VLAN) is a Layer 3 tunnel technology based on

IEEE 802.1Q. It is defined in 802.1ad standard.

QinQ is a simple Layer 2 VPN tunnel technology. QinQ encapsulates an outer VLAN Tag for

a private packet, so that the packet traverses the backbone network of the Internet service

provider (ISP) carrying double VLAN tags.

In the ISP, the packet is transmitted according to the outer VLAN Tag (public VLAN Tag).

And the private VLAN Tag is transmitted as the data in the packet.

Structure of QinQ packet

QinQ packets carry double VLAN Tags when they traverse the backbone network. The inner

one is a private VLAN Tag while the outer one is the public VLAN Tag assigned by the

Carrier. The IEEE 802.1ad standard defines the inner one as the Customer VLAN (C-VLAN)

and the outer one ad the Service VLAN (S-VLAN). In general, the Maximum Transmission

Unit (MTU) of the device is set to 1500 bytes, When the outer VLAN Tag is added to a packet,

the packet size is added with 4 bytes. Therefore, you should increase the MTU value properly

(at least 1504 bytes). Figure 2-4 shows the structure of the QinQ packet.

Raisecom



Figure 2-4 Structure of QinQ packet

Structures of the S-VLAN and C-VLAN are similar. They are divided in to TPID and Tag

Control Information (TCI). The TPID and TCI are 2-byte fields. The TPID is used to identify

the VLAN tag type. The inner VLAN Tag is fixed to 0x8100 while the outer VLAN Tag can

be configured.

The IEEE 802.1ad defines the TPID value of the S-VALN as 0x88a8. However, the value may vary on vendors. To ensure that these devices can communicate with each other, we recommend setting the identical TPID value.

Figure 2-5 shows the structure of TCI in the S-TAG and C-TAG.

Figure 2-5 Structure of TCI in S-TAG and C-TAG

Table 2-2 describes the structure of TCI in the S-TAG and C-TAG.

Table 2-2 Structure of TCI in the S-TAG and C-TAG

Field Full form Length Description

PCP Priority Code Point 3bit Priority Code Point

CFI Canonical Format Indicator 1bit Canonical Format Indicator

DEI Drop Eligible Indicator 1bit Drop Eligible Indicator, cooperating

with PCP to indicate the priority of

the S-TAG frame

Raisecom



Field Full form Length Description

VID VLAN ID 12bit Ranging from 0 to 4094

Basic QinQ

Basic QinQ is realized based on the interface. After an interface is enabled with basic QinQ,

when it receives a Tag packet, the device adds the VLAN Tag of the interface to the packet.

Therefore, the packet traverses the network with double Tags. If the interface receives an

Untag packet, the device adds the VLAN Tag of the interface to the packet. Therefore, the

packet traverses the network with the native VLAN Tag of the interface.

Figure 2-6 shows the typical networking application with basic QinQ.

Figure 2-6 Typical networking application with basic QinQ

A packet is sent to the PE by the customer equipment, and the packet carries a Tag VLAN 100.

When passing through the Client interface of the PE, the packet is added with an outer Tag

VLAN 200. And then the packet is sent to the Carrier network through the Line interface of

the PE.

When the packet with the outer Tag is sent to the other PE, this PE will remove the outer Tag

from the packet and then send the packet to the other customer equipment. Now, the packet

only carries the TAG VLAN 100.

Selective QinQ

Selective QinQ is an enhanced application for basic QinQ. It is realized based on the interface

and VLAN. Based on some features, selective QinQ can perform traffic classification on

users' data and encapsulate different data flows with different VLAN Tags. With selective

QinQ, you can encapsulate different Tags for packets with different inner Tags based on the

mapping rule. In addition to all functions realized by basic QinQ, selective QinQ can also

perform different operations on packets received by the same interface based on different

VLAN Tags.

Ingress interface: add different outer VLAN tags to packets based on the inner VLAN ID.

Egress interface: identify the CoS priority of the outer VLAN based on the one of the

inner VLAN.

Selective QinQ can isolate the Carrier network from the user network and provide a great

number of features and more flexible networking capabilities. With selective QinQ, devices

can classify customer devices on the interface that is connected to the access layer,

Raisecom



encapsulating different outer Tag for various customer devices. In addition, selective QinQ

adopts the outer Tag to configure the QoS policy in the public network, flexibly configure the

data transmission priority, and provide related services for users.

2.1.4 VLAN mapping

VLAN Mapping is mainly used to replace the VLAN Tag of Ethernet packets, making packets

transmitted according to new VLAN forwarding rules. VLAN Mapping is mainly used in the

network where a great number of devices need to be isolated through VLAN. By replacing the

inner VLAN Tags of packets, VLAN mapping can map private VLANs to public VLANs,

realizing VLAN aggregation. Therefore, services can be processed and forwarded based on

the Carrier's network plan.

The iTN165-CESsupports 1:1 VLAN mapping only. When the iTN165-CESreceives packets

with private VLAN Tag, the device will match the private VLAN Tag according to configured

VLAN mapping rules. If successful, the private VLAN Tag is replaced according to

configured VLAN mapping rules, as shown in Figure 2-7.

Figure 2-7 1:1 VLAN mapping

2.1.5 Loopback detection

The loopback detection can address the influence on network caused by a loopback, providing

the self-detection, fault-tolerance and robustness.

When an interface is enabled with loopback detection, the interface sends the Loopback

detection packet periodically. The period can be configured. By default, it is set to 4s. The

interface, where loopback detection is enabled, will check the source MAC address of the

Loopback-detection packet and compare to the one of the device. If these 2 MAC addresses

are identical, it is believed that a loopback is generated on some interface, Otherwise, the

device discards the packet.

Raisecom



Loopback types

In general, there are self-loopback, internal loopback, and external loopback, as shown in

Figure 2-8.

Self-loopback: a loopback generated on the same Ethernet interface of a device, such as

the one between Switch B and User network B

Internal loopback: a loopback generated between different Ethernet interfaces of a device,

such as the one between Switch C and User network A

External loopback: a loopback generated between Ethernet interfaces of different devices,

such as the one among Switch A, Switch B, Switch C, and User Network C

Figure 2-8 Loopback detection

Processing modes of loopbacks

When a loopback is generated, the device can process it based on its type:

Self-loopback: shut down the interface if the ID of the interface for sending the packet is

identical to the one of the interface for receiving the packet.

Internal loopback: shut down the interface with a greater ID and keep the interface with a

smaller ID UP if the ID of the interface for sending the packet and the one of the

interface for receiving the packet are different.

External loopback: in general, the device does not process the loopback. The device

sends Trap only without blocking the interface. You can manually block one interface as

required.

Loopback detection modes

Loopback detection can be performed based on the interface, or interface and VLAN.

2.1.6 Interface protection

With interface protection, you can add an interface, which needs to be controlled, to an

interface protection group, isolating Layer 2/Layer 3 data in the interface protection group.

This can provide physical isolation between interfaces, enhance network security, and provide

flexible networking scheme for users.

After being configured with interface protection, interfaces in an interface protection group

cannot transmit packets to each other. Packet cannot be transmitted to each other only when

interfaces are in the same interface protection group.

Raisecom



2.1.7 Layer 2 protocol transparent transmission

The transparent transmission function is a main function for Ethernet devices. In general, the

Carrier's edge device charges for transparently transmission of Layer 2 protocol packets. The

transparent transmission function is enabled on the interface where the Carrier's edge device is

connected to the user network. A Layer 2 protocol packet is transmitted through the ingress

interface and is encapsulated on the edge device (the ingress interface) of the Internet Service

Provider (ISP). And then the Layer 2 protocol packet is transmitted to the Carrier network.

The Layer 2 protocol packet traverses the ISP to the other edge device (the egress interface).

Then this edge device decapsulates the Layer 2 protocol packet and transmits it to the user

network through the egress interface.

The transparent transmission function consists of encapsulation and decapsulation processes.

And basic principles are shown as follows:

Encapsulation: on the ingress interface of the ISP, the device adopts a special multicast

address (by default, it is 010E.5E00.0003) to modify the destination MAC address of the

Layer 2 protocol packet. In the ISP, the modified packet is taken as a data to be

forwarded in the VLAN where the user belongs.

Intermediate processing: Layer 2 protocol transparent transmission can work with QinQ.

In addition, Layer 2 protocol transparent transmission can be operated alone. In real,

after the MAC address of a Layer 2 protocol packet is modified, the device decides

whether to encapsulate the outer VLAN Tag for packets based on the configured

transparent transmission mode to make packet traverse the Carrier network properly.

Decapsulation: on the egress interface of the ISP, the device recognizes the specified

multicast address (by default, it is 010E.5E00.0003) and restores it to the original

destination MAC address of the Layer 2 protocol packet. And then the device decides

whether to remove the outer VLAN Tag of packets based on the configured transparent

transmission mode and then transmits it to the specified user network.

The iTN165-CES supports Layer 2 protocol transparent transmission.

2.1.8 ARP

Address Resolution Protocol (ARP) is used for resolution of network layer IP addresses into

data link layer hardware addresses.

Structure of ARP frame

Figure 2-9 shows the structure of ARP frame.

Figure 2-9 Structure of ARP frame

Raisecom



The ARP frame size is 28 bytes, there is the sender hardware address in the Ethernet data

frame header and ARP request data header, This field is required for all networks but Ethernet.

Hardware Type (HTYPE): it is a 2-byte field used to define the network type. 1 is

Ethernet.

Protocol Type (PTYPE): it is a 2-byte field used to define the ARP type. 0x0800 is IPv4.

Hardware Length (HLEN): it is a 1-byte field used to define the length of a hardware

address. Ethernet address size is 6.

Protocol Length (PLEN): it is a 1-byte field used to define the length of a logical address.

IPv4 address size is 4.

Operation (OP): it is a 2-byte field used to define the ARP packet type. ARP request

packet is 1 and ARP replay packet is 2.

Sender Hardware Address (SHA): it is a 6-byte field used to define the MAC address of

the sender.

Sender Protocol Address (SPA): it is a 4-byte field used to define the IP address of the

sender.

Target Hardware Address (THA): it is a 6-byte field used to define the destination MAC

address.

Target Protocol Address (TPA): it is a 4-byte field used to define the destination IP

address.

ARP address entries

ARP address entries are classified into the following types:

Static ARP address entry: static entry is used to perform static binding on an IP address

and a MAC address. The iTN165-CES and router cannot adjust the secondary mapping

relationship dynamically. It is used to prevent ARP dynamic learning fraud. Static ARP

address entries should be manually added and deleted and are not aged. In addition, static

ARP address entries are saved on all devices in a network.

Dynamic ARP address entry: entries that are automatically learned through ARP.

Dynamic ARP address entries are automatically generated by the iTN165-CES. You can

adjust some parameters as required. You should not manually add or delete dynamic ARP

address entries. However, you need to set the aging time for them. Aging is a dynamic

update mechanism for ARP address entries. Because devices of the learned ARP address

entry may fail or be removed after a period, aging can be used to detect the device

periodically to enhance network reliability and stability.

2.1.9 Port mirroring

Port mirroring refers to mirroring packets of the source ports to the monitor port without

affecting packets forwarding. The monitor port is connected to the data monitoring device.

You can use this function to monitor the receiving and sending status of some port, monitor

the network, and troubleshoot problems.

Raisecom



Figure 2-10 Principle of port mirroring

Basic principles for the port mirroring are displayed in Figure 2-10. PC 1 accesses the

network through Client 1 of the iTN165-CES. PC 2 is the monitor PC and is connected to

Client 2 of the iTN165-CES.

When needing to monitor packets sent by PC 1, you need to configure Client 1 as the

mirroring port and enable port mirroring for packets on the ingress port. Configure Client 2 as

the monitor port, that is, the mirroring destination port.

When forwarding a packet sent by PC 1, the iTN165-CES mirrors one to Client 2. Monitor

devices connected to Client 2 receive and analyze this mirrored packet.

The iTN165-CES supports port mirroring based on ingress and egress ports.

2.2 Configuring MAC address table


Scenario

Static MAC addresses need be set for fixed servers, fixed and important hosts for special

persons (managers, financial staffs, etc.), to ensure all data traffic to these MAC addresses are

correctly forwarded from the interface that is related to these static MAC addresses.

For interfaces with fixed static MAC addresses, you can disable the MAC address learning to

avoid other hosts visiting LAN data from these interfaces.

To avoid the explosive growth of MAC address table entries, you need to configure the aging

time for a MAC address table.

Raisecom



Prerequisite

N/A

2.2.2 Configuring static MAC address entries


1 Raisecom#config Enter global configuration

mode.

2 Raisecom(config)#mac-address-table static unicast mac-

address vlan vlan-id interface-type interface-number Configure static unicast

MAC addresses.

2.2.3 Configuring dynamic MAC address entries



2 Raisecom(config)#mac-address-table

learning enable { interface-type

interface-number | vlanlist vlan-

list }

Enable MAC address learning.

By default, MAC address learning is enabled on the

iTN165-CES.


aging-time { 0 | second } Configure the aging time of dynamic MAC addresses.

By default, the aging time of dynamic MAC addresses

is set to 300s.


threshold threshold-value vlan

vlan-id

Configure VLAN-based MAC address limit threshold.

By default, no VLAN-based MAC address limit

threshold is configured.



6 Raisecom(config-port)#mac-address-

table threshold threshold-value Configure interface-based MAC address limit

threshold.

By default, no interface-based MAC address limit

threshold is configured.

2.2.4 Configuring blackhole MAC address entries



2 Raisecom(config)#mac-address-table blackhole

mac-address vlan vlan-id Configure the blackhole MAC address.

Raisecom





1 Raisecom#show mac-address-table static [ interface-

type interface-number | vlan vlan-id ] Show static MAC addresses.

2 Raisecom#show mac-address-table l2-address [ vlan

vlan-id | interface-type interface-number | count ] Show all MAC addresses.

3 Raisecom#show mac aging-time Show the aging time of MAC

addresses.

4 Raisecom#show mac-address-table threshold

[ interface-type interface-list ] Show MAC address limit

configurations.

2.3 Configuring VLAN


Scenario

The main function of VLAN is to carve up logic network segments. There are 2 typical

application modes:

Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that

connect to the device are carved up by VLANs. So hosts in the same VLAN can

communicate, but hosts between different VLANs cannot communicate. For example,

the financial department needs to be separated from other departments and they cannot

access each other. In general, the port connected to the host is in Access mode.

Big LAN or enterprise network: Multiple Layer 2 devices connect to multiple hosts and

these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of multiple

devices, which have identical VLAN, can communicate, but hosts between different

VLANs cannot communicate. This mode is used for enterprises that have many people

and need a lot of hosts, and the people and hosts are in the same department but different

positions. Hosts in one department can access each other, so you has to carve up VLAN

on multiple devices. Layer-3 devices like a router are required if you want to

communicate among different VLANs. The concatenated ports among devices are in

Trunk mode.

When you need to configure an IP address for a VLAN, you can relate a Layer 3 interface to

the VLAN. Each Layer 3 interface corresponds to an IP address and is related to a VLAN.

Prerequisite

N/A

Raisecom



2.3.2 Configuring VLAN properties



2 Raisecom(config)#create vlan vlan-list { active

| suspend } Create one or more VLANs.

Raisecom(config)#vlan vlan-id Create a VLAN and enter the VLAN

configuration mode.

3 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode.

4 Raisecom(config-vlan)#name string (Optional) configure the VLAN name.

5 Raisecom(config-vlan)#state { active |

suspend } Activate/Suspend the VLAN.

VLANs that are created by using the vlan vlan-id command are in Suspend status.

If you need them to take effect, you need to use the state command to activate them.

By default, there is a VLAN in the system, that is, the default VLAN (VLAN 1). All interfaces in Activate mode belong to default VLAN 1.

By default, the default VLAN (VLAN 1) is named as "Default" and the cluster VLAN (VLAN 2) has no name. Other VLANs are named as VLAN+4-digit VLAN ID. For example VLAN 3 is names as VLAN0003 while VLAN4094 is named as VLAN4094.

All configurations of a VLAN cannot take effect until the VLAN is activated. When a VLAN is in Suspend status, you can also configure the VLAN, such as deleting/adding interfaces. The system will save these configurations. Once the VLAN is activated, these configurations will take effect.

2.3.3 Configuring interface modes



2 Raisecom(config)#interface interface-type

interface-number Enter physical layer interface configuration

mode.

3 Raisecom(config-port)#switchport mode

{ access | trunk } Set the interface mode to Access or Trunk.

2.3.4 Configuring VLANs based on Access interfaces



Raisecom





interface-number Enter physical layer interface

configuration mode.

3 Raisecom(config-port)#switchport mode access

Raisecom(config-port)#switchport access vlan

vlan-id

Set the interface mode to Access and

add Access interfaces to the VLAN.

4 Raisecom(config-port)#switchport access egress-

allowed vlan { all | [ add | remove ] vlan-

list } [confirm]

(Optional) configure the allowed

VLANs of the Access interface.

The interface permits Access VLAN packets passing regardless of configurations

for VLAN list on the Access interface. The forwarded packets do not carry VLAN TAG.

When configuring Access VLAN, the system will automatically create and activate a VLAN if you do not create and activate the VLAN in advance.

If you manually delete or suspend an Access VLAN, the system will automatically configure the Access VLAN as the default VLAN.

When Access VLAN is configured as a non-default Access VLAN, the default Access VLAN 1 is the VLAN that is allowed to pass on Access egress interface. You can delete the Access VLAN 1 by deleting the VLAN from Allowed VLAN list on Access egress interface.

If the configured Access VLAN is not the default VLAN and there is no default VLAN in the VLAN list on the Access interface, the interface does not permit default VLAN packets passing.

2.3.5 Configuring VLANs based on Trunk interfaces





configuration mode.

3 Raisecom(config-port)#switchport mode trunk Set the interface mode to Trunk.

4 Raisecom(config-port)#switchport trunk native

vlan vlan-list Configure interface Native VLAN.

5 Raisecom(config-port)#switchport trunk allowed

vlan { all | vlan-list } [ confirm ] (Optional) configure the allowed

VLANs of the Trunk interface. Raisecom(config-port)#switchport trunk allowed

vlan { add add-vlan-list | remove vlan-list }

6 Raisecom(config-port)#switchport trunk untagged

vlan { all | vlan-list } [ confirm ] (Optional) configure VLANs whose

Tags can be deleted on the Trunk

interface. Raisecom(config-port)#switchport trunk untagged

vlan { add vlan-list | remove vlan-list }

Raisecom



The Trunk interface permits Native VLAN packets passing regardless of

configurations for Trunk Allowed VLAN list and Trunk Untagged VLAN list on the interface. And forwarded packets do not carry VLAN TAG.

When configuring a Native VLAN, the system will automatically create and activate a VLAN if you do not create and activate the VLAN in advance.

If you manually delete or suspend a Native VLAN, the system will automatically set the interface Trunk Native VLAN as the default VLAN.

The interface permits Trunk Allowed VLAN packets passing. If the VLAN is a Trunk Untagged VLAN, the VLAN TAG of the packet is removed on the egress interface. Otherwise, the packet is not modified.

If the configured Native VLAN is not the default VLAN and there is no default VLAN in the VLAN list on the Trunk interface, the interface will not permit default VLAN packets passing.

When configuring a Trunk Untag VLAN list, the system automatically adds all Untagged VLAN to the Trunk allowed VLAN.



1 Raisecom#show vlan Show VLAN configurations.

2 Raisecom#show interface interface-

type interface-number switchport Show interface VLAN configurations.

2.4 Configuring basic QinQ


Scenario

With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID.

Therefore, the data between devices on both ends of the ISP network can be transparently

transmitted, without conflicting with the VLAN ID in Carrier network.

Prerequisite

Before configuring basic QinQ, you must finish following operations:

Connect interfaces and configure physical parameters of interfaces. Make the physical

layer Up.

Create a VLAN.

Raisecom



2.4.2 Configuring basic QinQ




interface-number Enter interface configuration mode.

3 Raisecom(config-port)#mls double-tagging tpid

tpid (Optional) configure the TPID value.

4 Raisecom(config-port)#switchport qinq dot1q-

tunnel Enable basic QinQ on the interface.

5 Raisecom(config-port)#switchport access vlan

vlan-id Add the Access interface to the VLAN.

6 Raisecom(config-port)#switchport trunk native

vlan vlan-id Add the Trunk interface to the VLAN.

2.4.3 Configuring egress interface to Trunk mode





mode.

3 Raisecom(config-port)#switchport mode trunk Configure the egress interface to Trunk

mode, allowing double Tag packets to pass.



1 Raisecom#show switchport qinq Show basic QinQ configurations.

2.5 Configuring selective QinQ


Scenario

Differentiated from basic QinQ, the outer VLAN Tag for selective QinQ can be selected

according to service types. Set different VLAN IDs for services in the user network.

Differentiate voice, video and data services in the ISP by adding different outer VLAN Tags to

classify services when forwarding them, realizing the VLAN mapping between inner and

outer VLAN tags.

Raisecom



Prerequisite

Before configuring selective QinQ, you must finish following operations:


layer Up.

Create a VLAN.

2.5.2 Configuring selective QinQ



2 Raisecom(config)#mls double-tagging inner-tpid tpid (Optional) configure the TPID

value of the inner Tag.


interface-number Enter interface configuration

mode.

4 Raisecom(config-port)#mls double-tagging tpid tpid Configure the TPID value of the

outer VLAN Tag on the interface.

5 Raisecom(config-port)#switchport vlan-mapping cvlan

vlan-list [ cos cos-value ] add-outer vlan-id [ cos

cos-value ]

Configure VLAN-based selective

QinQ on ingress interface.



1 Raisecom(config)#show switchport qinq Show basic QinQ configurations.

2 Raisecom(config)#show interface interface-type

interface-number vlan-mapping add-outer Show selective QinQ configurations

on the interface.

2.6 Configuring VLAN mapping


Scenario

Differentiated from QinQ, VLAN mapping only changes VLAN tag but does not encapsulate

additional multilayer VLAN Tag. You just need to change VLAN Tag to make packets

transmitted according to Carrier VLAN mapping rules, without increasing frame length of the

original packet. VLAN mapping is used in following situations:

Map user services into one carrier VLAN ID.

Map multi-user services into one carrier VLAN ID.

Raisecom



Prerequisite

Before configuring VLAN mapping, you must finish following operations:


layer Up.

Create a VLAN.

2.6.2 Configuring 1:1 VLAN mapping





mode.

3 Raisecom(config-port)switchport vlan-

mapping { ingress | egress } [ outer ]

vlan-list [ cos cos-value ] [ inner vlan-

list ] [ cos cos-value ] translate [ outer-

vid vlan-id ] [ outer-cos cos-value ]

[ inner-vid vlan-id ] [ inner-cos cos-

value ]

Configure interface-based 1:1 VLAN

mapping rule.



1 Raisecom#show interface interface-type

interface-number vlan-mapping { egress |

ingress } translate

Show 1:1 VLAN mapping configurations.

2.7 Configuring loopback detection


Scenario

In the network, hosts or Layer 2 devices connected to access devices may form a loopback

intentionally or involuntary. Enable loopback detection on downlink interfaces of all access

devices to avoid the network congestion generated by unlimited copies of data traffic. Once a

loopback is detected on a port, the interface will be blocked.

Prerequisite

Before configuring loopback detection, you need to configure physical parameters on an

interface and make the physical layer Up.

Raisecom



2.7.2 Configuring loopback detection

Loopback detection and STP are mutually exclusive. They cannot be enabled simultaneously. For directly connected devices, you cannot enable loopback detection on both ends simultaneously. Otherwise, interfaces on both ends will be blocked.



2 Raisecom(config)#loopback-detection

enable interface-type interface-list Enable loopback detection on an interface.


mode { port-based | vlan-based } (Optional) configure the loopback detection

mode.

By default, the loopback detection is set to

VLAN-based loopback detection.


loop { discarding | trap-only |

shutdown } interface-type interface-

list

(Optional) configure the mode for an interface to

process loopback detection packets from other

interfaces.

To ensure that loopback detection runs properly, we recommend selecting the discarding mode. In addition, the iTN165-CES supports up to 15 VLAN-based loopback detection.


hello-time period Configure the interval for sending loopback

detection packet.

By default, the interval is set to 4s.


down-time { second | infinite } (Optional) configure the time to automatically

restore the blocked interface caused by loopback.

By default, it is set to infinite.


loop upstream interface-type interface-

list [ delete-vlan ]

(Optional) configure the processing mode of the

uplink interface when it detects a loopback.



1 Raisecom#show loopback-detection

[ interface-type interface-list ] Show interface-based loopback detection configurations.


statistics [ interface-type

interface-list ]

Show loopback detection statistics.

Raisecom





block-vlan [ interface-type

interface-list ]

Show information about the blocked VLAN.


vlan-list vlan-list Show VLAN-based loopback detection configurations.

2.8 Configuring interface protection


Scenario

To isolate Layer 2/Layer 3 data in an interface protection group and provide physical isolation

between interfaces, you need to configure interface protection.

By adding interfaces that need to be controlled to an interface protection group, you can

enhance network security and provide flexible networking scheme for users.

Prerequisite

N/A

2.8.2 Configuring interface protection





mode.

3 Raisecom(config-port)#switchport protect Enable interface protection.

By default, downlink interfaces are isolated

from each other.



1 Raisecom#show switchport protect Show interface protection configurations.

Raisecom



2.9 Configuring Layer 2 protocol transparent transmission


Scenario

In the ISP, destination multicast addresses for some Layer 2 protocol packets cannot be

forwarded. The Layer 2 protocol transparent transmission is configured to make the Layer 2

protocol packet of the user network traverse the ISP network and to realize the Layer 2

protocol run in the same user network at different locations. With the Layer 2 protocol

transparent transmission, you can modify the multicast addresses for Layer 2 protocol packets,

forwarding them across the ISP. In addition, you can decapsulate the modified multicast

address to the original one on the egress interface. Therefore, the same user network at

different locations can run the same Layer 2 protocol.

Prerequisite

Before configuring the Layer 2 protocol f transparent transmission, you need to configure

physical parameters on an interface and make the physical layer Up.

2.9.2 Configuring transparent transmission parameters



2 Raisecom(config)#relay destination-

address mac-address (Optional) configure the destination MAC address

of a Layer 2 protocol packet.

By default, the destination MAC address is set to

010E.5E00.0003.

The multicast destination MAC address should not

begin with 0180C2/010E5E. However, the default

value (010E.5E00.0003) is excluded.

3 Raisecom(config)#relay cos cos-value (Optional) configure the CoS value of a Layer 2

protocol packet.

4 Raisecom(config)#interface interface-

type interface-number Enter interface configuration mode.

5 Raisecom(config-port)#relay

interface-type interface-number (Optional) specify the egress interface for a Layer

2 protocol packet.

By default, no egress interface is specified for a

Layer 2 protocol packet. Other interfaces can

transmit the Layer 2 protocol packet transparently.

6 Raisecom(config-port)#relay vlan

vlan-id (Optional) specify a VLAN for a Layer 2 protocol

packet.

By default, no VLAN is specified for a Layer 2

protocol packet. All VLANs under the interface

allow the Layer 2 protocol packet to pass.

Raisecom




7 Raisecom(config-port)#relay { all |

cdp | dot1x | lacp | pvst | stp |

vtp }

Configure transparent transmission packet types on

an interface and disable related protocols.



1 Raisecom#show relay [ interface-type

interface-list ] Show Layer 2 protocol transparent transmission

configurations.

2 Raisecom#show relay statistics

[ interface-type interface-list ] Show transparent transmission packet statistics.

2.10 Configuring ARP


Scenario

The mapping relationship between IP addresses and MAC addresses is saved in the ARP

address table.

In general, ARP address entries are dynamically maintained by the device. The device

automatically finds the mapping relationship between IP addresses and MAC addresses based

on ARP. You can manually configure the device just for preventing ARP dynamic learning

fraud and for adding static ARP address entries.

Prerequisite

N/A

2.10.2 Configuring ARP address entries

When you configure static ARP address entries, IP addresses of these static ARP address entries must be at the IP network of Layer 3 interfaces on the iTN165-CES.



2 Raisecom(config)#arp ip-address mac-address Enter static ARP address entries.

Raisecom




3 Raisecom(config)#arp aging-time second Configure the aging time of dynamic ARP

address entries.

By default, the aging time is set to 1200s.

4 Raisecom(config)#arp mode { learn-all |

learn-reply-only } Configure the ARP learning mode.

By default, the ARP learning mode is set to

learn-reply-only.

5 Raisecom(config)#interface ip interface-

number Enter IP interface configuration mode.

6 Raisecom(config-ip)#arp learning enable Enable ARP dynamic learning on the IP

interface.

By default, ARP dynamic learning is

enabled.

7 Raisecom(config-ip)#arp max-learning-num

max-learning-num Configure the threshold of dynamically-

learned ARP address entries.



1 Raisecom#show arp Show configurations on all entries in the ARP address table.

2 Raisecom#show arp ip-address Show configurations on ARP address entries related to a

specified IP address.

3 Raisecom#show arp ip if-number Show configurations on ARP address entries related to Layer

3 interfaces,

4 Raisecom#show arp static Show configurations on static ARP address entries.

2.11 Configuring port mirroring


Scenario

Port mirroring is used for the administrator to monitor data traffic in a network. By mirroring

traffic on a mirroring port to a monitor port, the administrator can get traffics that have fault

and anomaly. The port mirroring is used to locate, analyze and resolve faults.

Prerequisite

N/A

Raisecom



2.11.2 Configuring port mirroring

There can be multiple mirroring ports. However, there is only one monitor port. After port mirroring takes effect, packets on both ingress and egress ports will be

copied to the monitor port. The mirroring port and the monitor port should not be the same one.



2 Raisecom(config)#mirror enable Enable the port mirroring.

By default, the port mirroring is disabled.

3 Raisecom(config)#mirror monitor-port interface-type interface-number

Configure the monitor port.

By default, the monitor port index is set to 1.

Packets that are mirrored to the monitor port will not follow VLAN configurations on the mirroring port and all packets can pass the interface.

4 Raisecom(config)#mirror source-port-list

{ both | ingress | egress } interface-

type interface-list

Configure the mirroring port and the mirroring

rules.

By default, there is no mirroring port.

When a mirroring port list is configured on the ingress or egress port, the mirroring port list on the other port will be automatically cleared.

5 Raisecom(config)#mirror monitor-cpu (Optional) mirror packets to the CPU.



1 Raisecom(config)#show mirror Show port mirroring configurations.

Raisecom



2.12 Maintenance

Command Description

Raisecom(config)#clear mac-address-

table { all | dynamic | static } Clear MAC addresses.

Raisecom(config)#search mac-address mac-address { all | dynamic | static } [ interace-type interface-number ] [ vlan vlan-id ]

Search MAC addresses.

Raisecom(config)#clear relay statistics [ interface-type interface-list ]

Clear Layer 2 transparent transmission

packet statistics.

Raisecom(config-port)#clear loopback-detection statistic

Clear loopback detection statistics.


2.13.1 Examples for configuring MAC address table


As shown in Figure 2-11, LAN 1 and LAN 2 are in VLAN 10. The MAC address of PC 1 is

000e.5e01.0105 and the MAC address of PC 2 is 000e.5e02.0207. PC 2 accessed the network

illegally by using the MAC address of PC 1. To prevent PC 2 from accessing the network

without influencing other devices accessing the network through Client 2, perform the

following operations.

On Client 1 of the iTN, configure a static MAC address entry that is related to the MAC

address of PC 1 and disable dynamic MAC address learning.

On Client 2 of the iTN, set the MAC address of PC 2 to a blackhole MAC address and

enable dynamic MAC address learning. Set the aging time to 400s.

Raisecom



Figure 2-11 Configuring MAC address table

Configuration steps

Step 1 Create VLAN 10 and then add interfaces to VLAN 10.

Raisecom#config

Raisecom(config)#create vlan 10 active

Raisecom(config)#interface client 1

Raisecom(config-port)#switchport mode access

Raisecom(config-port)#switchport access vlan 10

Raisecom(config-port)#exit

Raisecom(config-port)#interface client 2

Raisecom(config-port)#switchport mode access



Step 2 On Client 1, configure a static unicast MAC address (000e.5e01.0105), which belongs to

VLAN 10 and disable dynamic MAC address learning.

Raisecom(config)#mac-address-table static unicast 000e.5e01.0105 vlan 10

client 1

Raisecom(config)#mac-address-table learning disable client 1

Step 3 On Client 1, configure a blackhole MAC address (000e.5e02.0207), which belongs to VLAN

10, enable dynamic MAC address learning, and set the aging time to 400s.

Raisecom(config)#mac-address-table blackhole 000e.5e02.0207 vlan 10

Raisecom



Raisecom(config)#mac-address-table learning enable client 2

Raisecom(config)#mac-address-table aging-time 400


Raisecom#write

Checking results

Use the show mac-address-table l2-address command to show MAC address configurations.

Raisecom#show mac-address-table l2-address

Aging time:400 seconds

Mac Address Port Vlan Flags

----------------------------------------------

000E.5E01.0105 client1 10 static

000E.5E02.0207 -- 10 blackhole

2.13.2 Example for configuring VLAN and interface protection


As shown in Figure 2-12, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN

20. iTN A and iTN B are connected through a Trunk interface and disallow packets of VLAN

20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other. Enable interface

protection on PC 1 and PC 2 to make them fail to communicate. However, PC 1 and PC 2 can

communicate with PC 5 respectively.

Raisecom



Figure 2-12 Configuring VLAN

Configuration steps

Step 1 Create and activate VLAN 10 and VLAN 20 on iTN A and iTN B respectively.

Configure iTN A.

iTNA#config

iTNA(config)#create vlan 10,20 active

Configure iTN B.

iTNB#config

iTNB(config)#create vlan 10,20 active

Step 2 Add client 1 (Access) and client 2 (Access) of iTN B to VLAN 10. Add client 3 (Access) to

VLAN 20. The line1 interface is in Trunk mode and allows packets of VLAN 10 to pass.

iTNB(config)#interface client 1

iTNB(config-port)#switchport mode access

iTNB(config-port)#switchport access vlan 10

iTNB(config-port)#exit






Raisecom






iTNB(config)#interface line 1

iTNB(config-port)#switchport mode trunk

iTNB(config-port)#switchport trunk allow vlan 10


Step 3 Add client 2 (Access) of iTN A to VLAN 10. Add client 1 (Trunk) to VLAN 20. The line1

interface is in Trunk mode and allows packets of VLAN 10 to pass.

iTNA(config)#interface client 2

iTNA(config-port)#switchport mode access

iTNA(config-port)#switchport access vlan 10

iTNA(config-port)#exit


iTNA(config-port)#switchport mode trunk

iTNA(config-port)#switchport trunk native vlan 20


iTNA(config)#interface line 1


iTNA(config-port)#switchport trunk allow vlan 10

Step 4 Enable interface protection on client 1 and client 2 of iTN B.


iTNB(config-port)#switchport protect



iTNB(config-port)#switchport protect

Step 5 Save configurations of iTN A and iTN B, taking iTN A for an example.

iTNA#write

Checking results

Use the show vlan command to show VLAN configurations.

Take iTN B for an example.

iTNB#show vlan

VLAN Name State Status Port Untag-Port Priority Create-Time

---------------------------------------------------------------------

Raisecom



1 Default active static L:1,2;C:1-4 L:1,2;C:1-4 -- 0:0:15

2 active other L:1,2;C:1-4 n/a -- 0:0:17

10 VLAN0010 active static L:1;C:1,2 C:1,2 -- 1:0:50

20 VLAN0020 active static C:3 C:3 -- 0:0:26

Use the show interface interface-type interface-number switchport command to show

VLAN configurations on an interface.


iTNB#show interface client 1 switchport

Interface: client 1

Administrative Mode: access

Operational Mode: access

Access Mode VLAN: 10

Administrative Access Egress VLANs: 1

Operational Access Egress VLANs: 1,10

Trunk Native Mode VLAN: 1

Administrative Trunk Allowed VLANs: 1-4094

Operational Trunk Allowed VLANs: n/a

Administrative Trunk Untagged VLANs: 1

Operational Trunk Untagged VLANs: 1

Use the show switchport protect command to show interface protection configuration.


iTNB#show switchport protect

Port Protected State

--------------------------

L:1 disable

L:2 disable

C:1 enable

C:2 enable

C:3 disable

By executing the ping command between PC 1 and PC 5, PC 2 and PC 5, PC 3 and PC 4 to

check VLAN configurations on the Trunk interface.

If PC1 can ping through PC 5, VLAN 10 communicates properly.

If PC 2 can ping through PC 5, VLAN 10 communicates properly.

If PC 3 cannot ping through PC 4, VLAN 20 communicates improperly.

By executing the ping command between PC 1 and PC 2, check interface protection

configurations.

If PC1 cannot ping through PC 2, interface protection takes effect.

Raisecom



2.13.3 Examples for configuring basic QinQ


As shown in Figure 2-13, iTN A and iTN B are connected to VLAN 100 and VLAN 200

respectively. To communicate through the ISP, Department A and Department C, Department

B and Department D should set the outer Tag to VLAN 1000. Configure client 2 and client 3

on iTN A and iTN B working in dot1q-tunnel mode and being connected to VLAN 100 and

VLAN 200. line 1 is used to connect the ISP network, which works in Trunk mode and allows

packets with double tag to pass. The TPID is set to 0x9100.

Figure 2-13 Configuring basic QinQ

Configuration steps

Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000.

Configure iTN A.

iTNA#config

iTNA(config)#create vlan 100,200,1000 active

Configure iTN B.

Raisecom



iTNB#config

iTNB(config)#create vlan 100,200,1000 active

Step 2 Configure client 2 and client 3 working in dot1q-tunnel mode.

Configure iTN A.




iTNA(config-port)#switchport qinq dot1q-tunnel





iTNA(config-port)#switchport qinq dot1q-tunnel


Configure iTN B.




iTNB(config-port)#switchport qinq dot1q-tunnel





iTNB(config-port)#switchport qinq dot1q-tunnel


Step 3 Configure line 1 allowing packets with double Tag to pass. Set the TPID value to 0x9100.

Configure iTN A.



iTNA(config-port)#mls double-tagging tpid 9100

iTNA(config-port)#switchport trunk allowed vlan 1000


Configure iTN B.



Raisecom



iTNB(config-port)#mls double-tagging tpid 9100

iTNB(config-port)#switchport trunk allowed vlan 1000



iTNA#write

Checking results

Use the show switchport qinq command to show QinQ configurations.

Take iTN A for an example.

iTNA#show switchport qinq

Inner TPID:: 0x8100

Port QinQ Status Outer TPID on port

----------------------------------------------------

L:1 -- 0x9100

L:2 -- 0x8100

C:1 -- 0x8100

C:2 Dot1q-tunnel 0x8100

C:3 Dot1q-tunnel 0x8100

C:4 -- 0x8100

C:5 -- 0x8100

C:6 -- 0x8100

2.13.4 Examples for configuring selective QinQ


As shown in Figure 2-14, services in the ISP are divided in to PC service and IP service.

Therefore, configure the PC service with VLAN 1000 and configure the IP service with

VLAN 2000. Perform following configurations on iTN A and iTN B.

Add outer Tag VLAN 1000 to VLANs 100–150 that are assigned to PC service. Add outer

Tag VLAN 2000 to VLANs 300–400 that are assigned to IP service. Make users properly

communicate with the server through the ISP. The TPID is set to 0x9100.

Raisecom



Figure 2-14 Configuring selective QinQ

Configuration steps

Step 1 Create and activate VLANs.

Configure iTN A.

iTNA#config

iTNA(config)#create vlan 100-150,300-400,1000,2000 active

Configure iTN B.

iTNB#config

iTNB(config)#create vlan 100-150,300-400,1000,2000 active

Step 2 Configure client 2 and client 3 working in dot1q-tunnel mode.

Configure iTN A.



Raisecom



iTNA(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000

iTNA(config-port)#switchport trunk untagged vlan 1000,2000 confirm


iTNA(config)#interface client3


iTNA(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000

iTNA(config-port)#switchport trunk untagged vlan 1000,2000 confirm


Configure iTN B.



iTNB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000

iTNB(config-port)#switchport trunk untagged vlan 1000,2000 confirm




iTNB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000

iTNB(config-port)#switchport trunk untagged vlan 1000,2000 confirm


Step 3 Configure client 1 allowing packets with double Tag to pass. Set the TPID value rto 0x9100.

Configure iTN A.



iTNA(config-port)#mls double-tagging tpid 9100

iTNA(config-port)#switchport trunk allowed vlan 1000,2000 confirm


Configure iTN B.



iTNB(config-port)#mls double-tagging tpid 9100

iTNB(config-port)#switchport trunk allowed vlan 1000,2000 confirm



iTNA#write

Raisecom



Checking results

Use the show interface interface-type [ interface-number ] vlan-mapping add-outer

command to show QinQ configurations.


iTNA#show interface client 2 vlan-mapping add-outer

Based outer VLAN QinQ mapping rule:

Original Original Add-outer Add-outer Hardware Hardware

Port Outer VLAN COS VLAN COS Status ID

-------------------------------------------------------------------------

C2 100-150 -- 1000 -- Enable 1

iTNA#show interface client 3 vlan-mapping add-outer

Based outer VLAN QinQ mapping rule:

Original Original Add-outer Add-outer Hardware Hardware

Port Outer VLAN COS VLAN COS Status ID

-------------------------------------------------------------------------

C3 300-400 -- 2000 -- Enable 2

2.13.5 Examples for configuring VLAN mapping


As shown in Figure 2-15, client 2 and client 3 of iTN A is connected to Department A and

Department B. Department A is in VLAN 100 and Department B is in VLAN 200.

client 2 and client 3 of iTN B are connected to Department C and Department D. Department

C is in VLAN 100 and Department D is in VLAN 200.

To make Departments A and C and Department B and D communicate with each other, you

can configure 1:1 VLAN mapping on iTN A and iTN B. In the ISP, VLAN 1000 is assigned to

Department A and Department C for transmitting data. VLAN 2008 is assigned to Department

B and Department D for transmitting data.

Raisecom



Figure 2-15 Configuring VLAN mapping

Configuration steps

Configurations on iTN A and iTN B are identical. Therefore, only configurations on iTN A are

described.

Step 1 Create and activate VLANs.

Raisecom#config

Raisecom(config)#create vlan 100,200,1000,2008 active

Step 2 Configure line 1 working in Trunk mode, allowing packets of VLAN 100, VLAN 200, VLAN

1000, and VLAN 2008 to pass. Enable VLAN mapping on line 1.



iTNA(config-port)#switchport trunk allowed vlan 100,200,1000,2008

iTNA(config-port)#switchport vlan-mapping egress 100 translate 1000



Raisecom



Step 3 Configure client 2 working in Access mode, allowing packets of VLAN 100 and VLAN 1000

to pass. Enable VLAN mapping on client 2.







Step 4 Configure client 3 working in Trunk mode, allowing packets of VLAN 200 and VLAN 2008

to pass. Enable VLAN mapping on client 3.



iTNA(config-port)#switchport trunk allowed vlan 200,2008

iTNA(config-port)#switchport vlan-mapping egress outer 2008 outer

translate 200



iTNA#write

Checking results

Use the show interface interface-type interface-number vlan-mapping egress translate

command to show 1:1 VLAN mapping configurations.

iTNA(config)#show interface client 2 vlan-mapping egress translate

Direction: Egress

Based outer-inner VLAN QinQ mapping rule:

-----------------------------------------

Interface : C2

Hardware-ID: 5

Original Outer VLANs: 1000

Original Outer COS: --

Original Inner VLANs: --

Original Inner COS: --

Outer-tag Mode: Translate

New Outer-VID: 100

New Outer-COS: --

Inner-tag Mode: --

New Inner-VID: --

New Inner-COS: --

Raisecom



2.13.6 Examples for configuring loopback detection


As shown in Figure 2-16, line 1 of iTN A is connected to the core network. client 1 and client

2 of iTN A are connected to the user network. Enable loopback detection on iTN A to detect

the loop generated in the user network immediately and block the related interface.

Figure 2-16 Configuring loopback detection

Configuration steps

Step 1 Create VLAN 3 and add client 1 and client 2 to VLAN 3.

Raisecom(config)#create vlan 3 active







Step 2 Enable loopback detection on client 1 and client 2.

Raisecom(config)#loopback-detection enable client 1-2

Raisecom(config)#loopback-detection hello-time 3


Raisecom



Raisecom#write

Checking results

Use the show loopback-detection command to show loopback detection status on client 2.

Raisecom#show loopback-detection client 2

Destination address: ffff.ffff.ffff

Mode:Vlan-based

Period of loopback-detection:3s

Restore time:infinite

Port PortState State Status loop vlanlist

---------------------------------------------------------------------

C2 Down Ena no trap-only --

2.13.7 Examples for configuring Layer 2 protocol transparent transmission


As shown in Figure 2-17, iTN A and iTN B are connected to VLAN 100 and VLAN 200

respectively. To make users in the same network run STP, you need to configure Layer 2

protocol transparent transmission on iTN A and iTN B,

Figure 2-17 Configuring Layer 2 protocol transparent transmission

Configuration steps

Step 1 Create and activate VLAN 100 and VLAN 200.

Configure iTN A.

iTNA#config

iTNA(config)#create vlan 100,200 active

Raisecom



Configure iTN B.

iTNB#config

iTNB(config)#create vlan 100,200 active

Step 2 Configure client 1 working in Access mode; set the Access VLAN to 100; enable STP.

Configure iTN A.




iTNA(config-port)#relay stp

iTNA(config-port)#relay line 1


Configure iTN B.




iTNB(config-port)#relay stp

iTNB(config-port)#relay line 1


Step 3 Configure client 2 working in Access mode; set the Access VLAN to 200; enable STP.

Configure iTN A.




iTNA(config-port)#relay stp

iTNA(config-port)#relay line 1


Configure iTN B.




iTNB(config-port)#relay stp

iTNB(config-port)#relay line 1


Raisecom



Step 4 Configure line 1 working in Trunk mode.

Configure iTN A.




Configure iTN B.





iTNA#write

Checking results

Use the show relay command to show Layer 2 protocol transparent transmission

configurations on client 1.


iTNA#show relay

COS for Encapsulated Packets: 5

Destination MAC Address for Encapsulated Packets: 010E.5E00.0003

Port vlan Egress-Port Protocol Drop-Threshold Shutdown-Threshold

---------------------------------------------------------------------

C1(up) -- line1 stp(enable) -- --

dot1x -- --

lacp -- --

cdp -- --

vtp -- --

pvst -- --

2.13.8 Examples for configuring ARP


As shown in Figure 2-18, the iTN device is connected to PCs. The iTN device is connected to

the Router through line 1. The IP address of the Router is set to 192.168.1.10/24 and the MAC

address is set to 0050.8D4B.FD1E.

Raisecom



Set the aging time of dynamic ARP address entries to 600s. To improve the security on

communication between the iTN device and Router, you need to configure the related static

ARP entry on the iTN device.

Figure 2-18 Configuring ARP

Configuration steps

Step 1 Add a static ARP entry.

Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e

Step 2 Set the aging time of dynamic ARP address entries to 600s.

Raisecom(config)#arp aging-time 600


Raisecom#write

Checking results

Use the show arp command to show all entries in the ARP address mapping table.

Raisecom



Raisecom#show arp

Aging time: 600 seconds

Ip Address Mac Address Type Interface ip

-------------------------------------------------------

192.168.1.10 0050.8d4b.fd1e static 0

Total: 1

Static: 1

Dynamic: 0

2.13.9 Examples for configuring port mirroring


As shown in Figure 2-19, user network 1 is connected to the iTN165 through Client 1 and

user network 2 is connected to the iTN165through Client 2. The network administrator needs

to monitor packets transmitted to and sent by user network 1 through the Monitor PC and then

gets anomalous data traffic, analyze causes and address problems.

The monitor PC is connected to the iTN165through Client 3.

Figure 2-19 Configuring port mirroring

Configuration steps

Step 1 Enable port mirroring.

Raisecom#config

Raisecom(config)#mirror enable

Step 2 Set Client 3 to the monitor port.

Raisecom(config)#mirror monitor-port client 3

Raisecom



Step 3 Set Client 1 to the mirroring port and set the mirroring rule to both.

Raisecom(config)#mirror source-port-list both client 1



Checking results

Use the show mirror command to show port mirroring configurations.

Raisecom(config)#show mirror

Mirror: Enable

Monitor port: client 3

-----------the ingress mirror rule-----------

Mirrored ports: client 1

-----------the egress mirror rule-----------

Mirrored ports: client 1

Raisecom

iTN165-CES (A) Configuration Guide 3 Clock synchronization


3 Clock synchronization

This chapter describes principles and configuration procedures of clock synchronization, as

well as related configuration examples, including following sections:

Introduction

Configuring clock synchronization based on synchronous E thernet

Maintenance


The iTN165-4GE4E1S, iTN165-4GEE1S, and iTN165-4GEV35S support this feature.

3.1 Introduction Physical-layer synchronization technologies are widely used in the traditional TDM network.

Each node can extract clock signals from the physical link or the exterior synchronization

interface. It selects the clock source with best quality from multiple clock sources, takes it as

the local clock, and transmits it to the downstream devices. Therefore, it synchronizes clocks

of all devices to the master reference clock by locking the host.

The synchronous Ethernet technology adopted by the PTN has the similar principle, as shown

in Figure 3-1.

Step 1 iTN B outputs the clock with high precision to the physical-layer chip.

Step 2 The physical-layer chip uses the clock to transmit the data.

Step 3 Based on the clock data recovery technology integrated in the physical-layer chip, iTN A

recovers the clock signals from the serial data flow and then transmits the clock signals to the

clock sub-card.

Step 4 After being processed by the clock sub-card, these clock signals are sent to other clocks

through interfaces. Therefore, upstream clocks and downstream clocks are concatenated and

clock synchronization is realized in PTN.

Raisecom



Figure 3-1 Principles of synchronous Ethernet

The clock synchronization mechanism of the synchronous Ethernet is mature and reliable. It

can meet timing interface metrics defined by International Telecommunications Union -

Telecommunication Standardization Sector (ITU-T) G.832. In addition, it cannot be

influenced by network load changes.

However, because clock signals are transmitted along the clock link, the synchronous Ethernet

technology asks all paths of the clock link to have the synchronous E thernet feature.

The iTN165-CES supports the synchronous Ethernet technology.

3.2 Configuring clock synchronization based on synchronous E thernet


Scenario

In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot

when sending the digital pulse signal and the receiver can extract the pulse from the specified

timeslot. To realize this, you must resolve the synchronization problem.

The synchronous Ethernet technology can perform clock synchronization in the PTN.

Because it does not support phase synchronization, synchronous Ethernet technology is

applied for the base station, fixed network TDM relay, leased clock network relay, and

wireless base stations which have no requirement on phase synchronization, such as Global

System for Mobile Communications (GSM) and Wideband Code Division Multiple Access

(WCDMA).

The iTN165-CES supports selecting the optimum clock source automatically or selecting the

specified clock source manually.

Prerequisite

N/A

Raisecom



3.2.2 Configuring clock source properties



2 Raisecom(config)#synce enable Enable synchronous Ethernet.

By default, synchronous Ethernet is disabled on the

iTN165-CES.

3 Raisecom(config)#synce source

{ line interface-number | external

2m interface-number | internal |

pdh interface-number } priority

priority

Configure the priority of the clock source.

By default, the local crystal oscillator has the lowest

priority and other clock sources are not configured

with priority.

4 Raisecom(config)# synce quality-

level { standard | extend } (Optional) enable SSM quality level.

By default, the iTN165-CES uses the standard SSM

quality level to select the clock source.



2m interface-number | internal |

pdh interface-number } quality-

level quality-level

Configure the clock source management quality level.

By default, no clock source management quality level

is configured.

6 Raisecom(config)#synce operation-

type { auto-select | forced-

freerun }

Configure the mode for selecting the clock source.

By default, the iTN165-CES selects the forced-free

run mode. It means the iTN165-CES uses the local

crystal oscillator as the clock source.

7 Raisecom(config)#synce source line

interface-number ring-outside Configure the iTN165-CES to search a line clock

source from the outside of the ring network.

By default, the iTN165-CES does not search a line

clock source from the outside of the ring network.

8 Raisecom(config)#synce revertive

enable Enable auto reverse mode.

By default, auto reverse mode is enabled.



2m interface-number | pdh

interface-number } wait-to-restore-

time minutes

Configure the Wait To Restore (WTR) time of the

clock source.

By default, the WTR time of the clock source is set to

5 minutes.



2m interface-number | pdh

interface-number } hold-off-time

time

Configure the hold-off time of the clock source.

By default, the hold-off time of the clock source is set

to 1800ms.

11 Raisecom(config)#synce quality-

level transmit-threshold threshold Configure the quality level threshold of the

synchronous Ethernet packets.

By default, the quality level threshold of the

synchronous Ethernet packets is set to 0.

12 Raisecom(config)#synce trap enable Enable synchronous Ethernet Trap.

By default, synchronous Ethernet Trap is enabled.

Raisecom



3.2.3 Operating clock source manually



2 Raisecom(config)#synce manual-source { line

interface-number | external 2m interface-

number | internal | pdh interface-number }

Switch the clock source manually.

3 Raisecom(config)#synce forced-source { line



Switch the clock source forcibly.

4 Raisecom(config)#synce lockout-source { line



Lock out the clock source manually.

3.2.4 Configuring input/output clock signals



2 Raisecom(config)#clock-mgmt slot

slot-number Enter clock configuration mode.

3 Raisecom(config-clock)#external-

2m interface-number mode { { e1

| e1-crc } [ sa sa-value ] |

2mhz }

(Optional) enable 2 Mbit/s clock signal input and

configure its mode.

By default, 2 Mbit/s clock signal input is enabled on the

iTN165-CES.

4 Raisecom(config-clock)#

external-2m interface-number

output shutdown-threshold

quality-level quality-level

Configure the quality level threshold of output 2 Mbit/s

clock signals.

By default, no threshold is configured.



1 Raisecom#show synce [ source ] Show configurations on clock synchronization

based on synchronous Ethernet.

2 Raisecom#show synce ssm [ source |

statistic ] Show synchronization status message based on

synchronous Ethernet.

3 Raisecom#show clock-mgmt slot slot-id Show clock signal configurations.

4 Raisecom#show synce source extend-ssm Show extended SSM information of the

synchronous Ethernet clock source.

Raisecom



3.3 Maintenance

Command Description

Raisecom(config)#clear synce ssm

statistic Clear synchronization status

statistics of synchronous Ethernet.

Raisecom(config)#clock-mgmt trap enable Enable clock sub-card Trap.


3.4.1 Examples for configuring clock synchronization based on synchronous Ethernet


As shown in Figure 3-2, iTN B accesses RNC through the 2 Mbit/s clock interface to get

high-accurate clock signals and then transmits these clock signals to iTN A through Line 1.

After receiving the clock signals, iTN A transmits them to Node B through Client 1.

Figure 3-2 Configuring clock synchronization based on synchronous Ethernet

Configuration steps

Step 1 Configure clock source properties.

Configure iTN A.

Raisecom#hostname iTNA

iTNA#config

iTNA(config)#synce enable

iTNA(config)#synce operation-type auto-select

iTNA(config)#synce source line 1 priority 1

Raisecom



iTNA(config)#synce source line 1 wait-to-restore-time 0

Configure iTN B.

Raisecom#hostname iTNB

iTNB#config

iTNB(config)#synce enable

iTNB(config)#synce operation-type auto-select

iTNB(config)#synce source external 2m 1 priority 1

iTNB(config)#synce source external 2m 1 wait-to-restore-time 0

iTNB(config)#synce source external 2m 1 quality-level 0


iTNA#write

Checking results

Use the show synce command to show clock synchronization configurations of the

synchronous Ethernet.

Show clock synchronization configurations on iTN A.

iTNA#show synce

Synce : enable

Synce running status(PLL): freerun(forced)

Current clock source: line 1(Ql:0)

Previous clock source: internal(Ql:8)

Synce trap : enable

Revertive mode : enable

Transmit quality level threshold: 0

Latest switch time : 2011-08-18,15:38:21.381

Show clock synchronization configurations on iTN B.

iTNB#show synce

Synce : enable

Synce running status(PLL):locked（auto-select）

Current clock source: ext 2m 1(Ql:0)

Previous clock source: internal(Ql:8)

Synce trap : enable

Revertive mode : enable

Transmit quality level threshold: 0

Latest switch time : 2011-08-18,15:38:21.381

Raisecom



Use the show synce ssm command to show SSM status of the synchronous Ethernet.

Show SSM status on iTN A.

iTNA#show synce ssm

Quality level mode : enable

Ssm source name : line 1

Ssm state : locked

Ssm quality level : 0

Show SSM status on iTN B.

iTNB#show synce ssm

Quality level mode : enable

Ssm source name : external 2m 1

Ssm state : locked

Ssm quality level : 0

Raisecom

iTN165-CES (A) Configuration Guide 4 MPLS-TP


4 MPLS-TP

This chapter describes principles and configuration procedures of MPLS-TP, as well as related


Introduction

Configuring basic functions of MPLS

Configuring static LSP

Configuring MPLS L2VPN

Configuring MPLS-TP OAM

Configuring MPLS-TP linear protection switching

Maintenance


4.1 Introduction

4.1.1 Network structure

The MPLS-TP network structure is identical to the MPLS network structure, as shown in

Figure 4-1. The MPLS network is composed by the Label Switching Router (LSR). The

network area composed by the LSR is called MPLS domain. The LSP locates at the edge of

the MPLS domain and connects other networks is called Label Edge Router (LER). The LSR

in the MPLS domain can also be called the Core LSR. If a LSR has one or more neighbouring

nodes that do not operate MPLS, this LSR is a LER. The LSR, whose neighbouring nodes

operate MPLS, is a core LSR.

Raisecom



Figure 4-1 MPLS network structure

4.1.2 Basic concepts

With multi-year development, the MPLS technology has a complete structure. Although

MPLS-based functions are developed gradually, the basic structure of the MPLS is not

changed. RFC3031 and RFC3032 describe the basic structure of MPLS in detail.

FEC

Forwarding Equivalence Class (FEC) is a term used to describe a set of packets with similar

and/or identical characteristics (destination IP address, forwarding path, and Class of Service).

Packets in the same FEC may be forwarded the same way in the MPLS network.

Label

The label is a short fixed length physically contiguous identifier which is used to identify a

FEC, usually of local significance. In some case, such as performing load sharing, a FEC may

have multiple labels simultaneously. However, a label belongs to a FEC only.

Each label is represented by 4 bytes, as shown in Figure 4-2. Each label is broken down the

following fields:

Label: this 20-bit field carries the actual value of the label. It is used to identify a FEC.

Exp: Experimental Use. This 3-bit filed is used to experimental use. In general, it is used

to identify the Class of Service (CoS).

S: Bottom of Stack. It is a 1-bit field. MPLS supports multiple labels. This bit is set to 1

for the last entry in the label stack (i.e., for the bottom of the stack).

Time To Live (TTL): This 8-bit field is used to encode a time-to-live value. Whenever a

packet passes through a router, its TTL gets decremented by 1; if the TTL reaches 0

before the packet has reached its destination, the packet gets discarded.

Raisecom



Figure 4-2 Structure and encapsulation position of the label

LSR

The LSR is a network device for switching and forwarding MPLS labels. It is also called a

MPLS node. LSR is the basic element of the MPLS network. All LSRs support the MPLS.

LER

The LSR locating at the edge of the MPLS domain is called a LER. If a LSR has one or more

neighbouring nodes that do not operate MPLS, this LSR is a LER.

LER is responsible for assigning FECs for packets entering the MPLS domain and pushing

labels for these FECs to forward packets. When packets leave from the MPLS domain, the

labels are popped out and then packets are forwarded.

LSP

The path along which the same FEC traverses the MPLS network is called the LSP.

In terms of function, LSP acts as the virtual circuit of the ATM and Frame Relay (FR). It is a

unidirectional path from the ingress interface to the egress interface.

Ingress node, Transit node, and Egress node

The LSP is a unidirectional path. LSRs on the LSP can be divided into the following types:

Ingress node: the begin mode of the LSP. One LSP has an Ingress node only. The Ingress

node is responsible for pushing labels for packets to encapsulate them into MPLS

packets for forwarding.

Transit node: middle node of the LSP. One LSP may have multiple Transit Nodes. The

Transit node is responsible for looking up the label forwarding table to forward MPLS

packets by switching labels.

Egress node: the end node of the LSP. One LSP has an Egress node only. The Egress

node is responsible for popping out the label and recovering the packets to the original

ones for forwarding.

Label space

The label space is the mode used to specify the label distribution and assignment. It is divided

into the following 2 types:

Per-Platform Label Space: the whole LSR can only generate a unique label for the

specified FEC.

Per-Interface Label Space: each interface of the LSR can generate a label for a specified

FEC.

Raisecom



Label stack

The label stack is an ordered set of labels. MPLS packets support carrying multiple labels

simultaneously. The label closer to the Layer 2 header is called a top label or an outer label.

The label closer to the IP header is called a bottom label or an inner label. Theoretically, the

MPLS label can be embedded infinitely.

Figure 4-3 Structure of the label stack

The label stack organizes labels in a Last In First Out form. It processes labels from the top of

the stack.

Operations of label

Operations of a label include push, swap, and pop. They are basic actions for label forwarding

and components of the label forwarding table.

Push: when an IP packet enters the MPLS network, the MPLS edge device inserts a new

label between the Layer 2 header and the IP header of the IP packet. Or the MPLS

middle device adds a new label on the top of the stack (embed and encapsulate the label)

as required.

Swap: when the MPLS packet is forwarded across the MPLS network, based on the label

forwarding table, the top label of the MPLS packet is deleted and a label assigned by the

next-hop device is added.

Pop: when the MPLS packet leaves form the MPLS network, the label is removed.

Figure 4-4 Operation process of a label

Label distribution and label retention

The label distribution process is shown as below:

Step 1 Group packets which have an identical destination address into a FEC.

Raisecom



Step 2 Get a label from the MPLS label pool and distribute it to the FEC.

Step 3 The LSR records the relationship between the label and the FEC and encapsulates it to a

message. And then it sends the message to the upstream LSR,

As shown in Figure 4-5, LSR-C groups packets, to be sent to 192.168.1.0/24, into a FEC. And

then it distributes a label to the FEC and notifies the upstream LSR. Therefore, the label is

distributed by the downstream LSR.

Figure 4-5 Label distribution

There are 2 modes for distributing labels: Downstream Unsolicited (DU) and Downstream-

on-Demand (DoD).

DU: after the LDP session is established successfully. The downstream LSP sends a

Label Mapping Message (LMM) to the upstream LSR automatically. The upstream LSR

saves the LMM and processes it based on the routing table.

DoD: the upstream LSR sends a Label Request Message (LRM) to the downstream LSR,

which includes descriptions about the FEC. The downstream LSR distributes a label to

the FEC and sends the LMM to the upstream LSR. The time for the downstream LSR

sending LMM depends on the label distribution control mode used by the downstream

LSR. There are Ordered and Independent label distribution control modes.

– Ordered label distribution control mode: a LSR cannot send the LMM to the

upstream LSR unless it receives the LMM sent by the downstream LSR.

– Independent label distribution control mode: a LSR sends LMM to the upstream LSR

immediately regardless of whether it receives a LMM sent by the downstream LSR.

In general, the upstream LSR selects its downstream LSR based on the routing information, as

shown in Figure 4-5. LSRs on LSP 1 use the Ordered label distribution control mode while

LSR E on LSP 2 uses the Independent label distribution control mode.

Label retention refers to a mode for a current LMM that is received but not used by a LSR.

There are 2 label retention modes: liberal label retention and conservative label retention.

Liberal label retention: the device reserves the LMM sent by the neighbor LSR

regardless of whether the neighbor LSP is the next-hop address of the specified FEC. In

this mode, the device can adapt to the network topology change quickly. It reduces the

convergence time of LSP when the routing converged or the next-hop address is changed.

Raisecom



Conservative label retention: the device reserves the LMM sent by the neighbor LSR

only when the neighbor LSP is the next-hop address of the specified FEC. In this mode,

memory and label space are saved.

Label distribution protocols

The label distribution protocol is a MPLS control protocol (also called signaling protocol),

used to classify FECs, distribute labels, as well as establish and maintain LSPs.

MPLS can use multiple LDPs, such as Label Distribution Protocol (LDP), Constraint-Routing

Label Distribution Protocol (CR-LDP), Resource Reservation Protocol Traffic Engineering

(RSVP-TE), and Multiprotocol Extensions for Border Gateway Protocol (MP-BGP).

4.1.3 Static LSP

MPLS needs to assign labels for packets in advance and establish a LSP. And then it can

forward packets.

Labels are assigned by the downstream device and distributed to the upstream devices as

shown in Figure 4-6. The downstream LSR partitions FECs based on the IP routing table and

assigns labels to specified FECs. And then the downstream LSR informs the upstream LSR

through the label distribution protocol to establish a label forwarding table and LSP.

Figure 4-6 Networking with static LSP

LSPs are divided into static LSP and dynamic LSP.

Static LSP: manually configured by the administrator

Dynamic LSP: dynamically established by using the routing protocol and the label

distribution protocol

At present, the iTN165-CES supports the static LSP only.

The static LSP is established by the administrator by manually assigning labels for all FECs.

To manually assign labels, the egress label value of the last node is the ingress label value of

the next mode.

For the static LSP, all LSRs cannot sense each other and then learn status of the whole LSP.

Therefore, the static LSP is of local significance.

Configure the Ingress node of the static LSP and enable MPLS on the egress interface. If

there is the Address Resolution Protocol (ARP) information of the next-hop device on

the iTN165-CES, the static LSP is in UP status regardless of whether it has the

Transit/Egress node. If the Ingress node needs to push the label correctly, there must be a

routing entry (including the destination address, next-hop address, and mask) in the local

routing table, which is accurately matched with the specified destination IP address.

Configure the Transit node of the static LSP and enable MPLS on both ingress and

egress interfaces. If the physical layer and protocol layer of ingress and egress interfaces

are in UP status and there is the Address Resolution Protocol (ARP) information of the

Raisecom



next-hop device on the iTN165-CES, the static LSP is in UP status regardless of whether

it has the Ingress /Egress/other Transit nodes.

Configure the Egress node of the static LSP and enable MPLS on the ingress interface. If

the physical layer and protocol layer of the ingress interface are in UP status and there is

the Address Resolution Protocol (ARP) information of the next-hop device on the

iTN165-CES, the static LSP is in UP status regardless of whether it has the

Ingress/Transit nodes.

The static LSP does not use the label distribution protocol and does not exchange the control

packet. Therefore, it consumes fewer resources. It is suitable for simple and stable small-size

network. However, the LSP, established by statically assigning labels, cannot be dynamically

adjusted according to the network topology changes. The administrator needs to manually

adjust the static LSP.

4.1.4 MPLS forwarding process

Tunnel ID

To provide a uniform interface for upper applications (such as VPN and routing management)

that use Tunnels, the system assigns assign an ID for each Tunnel, which is called Tunnel ID.

The Tunnel ID is valid locally. The Tunnel ID has 32 bits. The length of fields in each Tunnel

may be different. Figure 4-7 shows the structure of the Tunnel ID.

Figure 4-7 Structure of the Tunnel ID

Token: an index used to search the MPLS forwarding information in the MPLS

forwarding table

Sequence-number: sequence number of the Tunnel ID

Slot-number: slot ID of the egress interface, specifying the slot for sending packets

Tunnel Type: Tunnel type, including the following types:

− LSP: LSP Tunnel dynamically established through LDP and without no restriction

− CRLSP: LSP Tunnel dynamically established through CR-LDP/RSVP-TP with

restrictions

− MPLS Local IGNET: in Option B/Option C inter-Autonomous System (inter-AS)

VPN, the VPN routing information (including the L2VPN label block) notified to the

BGP symmetric peer by ASBR must include the Tunnel information. However, no

Tunnel is configured between ASBRs. To transmit information of extra-AS VPN to

the BGP symmetric peer in the inter-AS VPN, the EBGP of the ASBR generates a

MPLS Local IFNET Tunnel for the MPLS interface between ASBRs.

Allocation Method: distribution mode of Token, including the following modes:

− Global: all Tunnels share a public global space. The Token value is unique.

− Global with reserved tokens: be similar to the Global mode. In this mode, some

Token values are reserved. The Token value begins with a specified one.

− Per slot: each slot has an independent Token space. Token values for the same slot

must be different. However, Token values may be identical for different slots.

− Per slot with reserved slot: be similar to the Per slot mode. In this mode, some Token

values are reserved. The Token value begins with a specified one.

Raisecom



− Per slot with different avail value: be similar to the Per slot mode. Token value ranges

of slots are different.

− Mixed: both the global space and slot space are created. The device selects a mode

based on the egress interface.

− Mixed with 2 global space: global space 1, global space 2, and slot space are created.

− 2 global space: global space 1 and global space 2 are created.

NHLFE

Next Hop Label Forwarding Entry (NHLFE) describes operations performed on a label and

directs how to forward MPLS packets.

The NHLFE includes the Tunnel ID, egress interface ID, next-hop address, outgoing label,

and label operation type.

ILM

Incoming Label Map (ILM) maps incoming labels to a group NHLFEs to form the mapping

relationship between labels and NHLFEs. After receiving a packet with a label, the LSR

searches the related ILM entry. If the Token value of the ILM entry is not null, the LSR will

search the NHLFE related to the Token value to confirm the label operation to be performed.

The ILM entry including the Tunnel ID, incoming label, and egress interface ID.

FTN

FEC-to-NHLFE (FTN) maps the FEC to a NHLFE on the Ingress node. After receiving a

packet without a label, the LSR searches the related forwarding entry. If the Token value of

the forwarding entry is not null, forward the packet through MPLS. Otherwise, the LSR will

search the NHLFE related to the Token value to confirm the label operation to be performed.

MPLS forwarding process

As shown in Figure 4-8, the MPLS establishes a LSP, whose destination address is set to

192.168.1.1/24.

Raisecom



Figure 4-8 Forwarding process of MPLS packets

The forwarding process of MPLS packets is shown as below:

After a packet enters the MPLS domain, the system will check whether the Token value

related to the destination address of the packet is set to 0x0 in the FIB table. If yes, the packet

enters IP forwarding process. Otherwise, the packet enters MPLS forwarding process.

During the MPLS forwarding process, perform the following operations on the Ingress node:

1. View the FIB table and find the Tunnel ID based on the destination IP address.

2. Fine the NHLFE based on the Tunnel ID and relate the FIB entry to the NHLFE.

3. View the NHLFE to learn the egress interface ID, next-hop address, outgoing label, and

label operation type. The label operation type is set to Push.

4. Encapsulate the label into the IP packet, process the EXP field based on the QoS policy,

process TTL field, and then send the encapsulated MPLS packet to the next-hop address.

Perform the following operation on the Transit node:

1. Search the ILM table based on the label value of the MPLS packet to find the Token

value.

2. Find the NHLFE based on the Token value.

3. View the NHLFE to learn the egress interface ID, next-hop address, outgoing label, and

label operation type. The label operation type is set to Swap.

4. Replace the old label of the MPLS packet with a new one, process the EXP and TTL

fields, and then send the MPLS packet to the next-hop address.

After receiving the MPLS packet, the Egress node will directly pop the label out if the label

value is set to 0 or 2. In addition, it will process the EXP and TTL fields and then forward the

packet through IP.

When the label value is set to 3, it indicates that the EXP and TTL fields have been processed at the second hop address. There is no need to process them at the last hop address.

Raisecom



If no PHP is configured, view the ILM table to learn that the Token value is null. It indicates

finishing label forwarding to pop the label out directly. And then it will process the EXP and

TTL fields. At this time, it there is no label in the label stack, perform IP forwarding.

Otherwise, perform next-layer label forwarding.

4.1.5 MPLS L2VPN

Overview

The traditional VPN has some disadvantages:

Depend on specified medium (such as ATM/FR): to provide ATM-based VPN services,

the Carrier must establish an ATM network that covers all service ranges. To provide FR-

based VPN services, the Carrier must establish a FR network that covers all service

ranges. It wastes a lot of resources.

Complex deployment: especially when adding a new site to an existing VPN, you need

to modify positions of all edge nodes that access the VPN site.

Because of the above disadvantages, new VPN schemes are introduced. MPLS L2VPN is one

of them.

MPLS L2VPN provides Layer 2 VPN services based on the MPLS network. Therefore, the

Carrier can provide Layer 2 VPN service based on different data link layer protocol on a

uniform MPLS network, including ATM, FR, VLAN, Ethernet, and PPP.

Simply, MPLS L2VPN transmits Layer 2 data transparently across the MPLS network. In

terms of user, the MPLS network is a Layer 2 switching network where you can establish

Layer 2 connection between different nodes.

As shown in Figure 4-9, taking Ethernet for an example, each Customer Edge (EC) device is

configured with an Ethernet Attachment Circuit (AC) and is connected to the remote CE

device through the MPLS network. This is similar to the connection realized through the

Ethernet.

Figure 4-9 CE accessing the network through Ethernet AC

Raisecom



Network model

Figure 4-10 shows the MPLS L2VPN model, which composed by 6 parts.

Figure 4-10 MPLS L2VPN model

CE device: it has an interface to directly connect to the Internet Service Provider (ISP)

network. The CE device can be a router, switch, or a PC. The CE device does not sense

the VPN and does not need to support MPLS.

Provider Edge (PE) device: the edge device of the ISP network. It is connected to the

user's CE device. In the MPLS network, packets entering or leaving from the VPN are

processed on the PE device.

Provider (P) device: the backbone router in the ISP network. It is not directly connected

to the CE device. The P device just needs to provide basic MPLS forwarding capability.

AC: it is an independent link or circuit used to connect the CE device and the PE device.

The AC properties include the encapsulation type, Maximum Transmission Unit (MTU)

and interface parameters of specified links.

Virtual Circuit (VC): it is a logical connection between 2 PE nodes identified by the VC

label. After performing the neighboring discovery work, 2 opposite unidirectional VCs

are established between a pair of PEs. These 2 VCs and the Tunnel form a bidirectional

Pseudo Wire (PW).

Tunnel: it is used to carry the VC and transmit user data transparently.

MPLS L2VPN transparently transmits user packets in the MPLS network through the label

stack.

Outer label (Tunnel label): transmits packets from one PE device to another PE device.

Inner label (VC label): differentiate connections in different VPNs. The Rx PE device

decides the CE device to which packets are forwarded.

Figure 4-11 shows the changes of the label stack during the MPLS L2VPN forwarding

process.

Figure 4-11 MPLS L2VPN label stack processing process

Layer2 Protocol Data Unit (L2PDU): the link-layer packet

T: Tunnel label

V: VC label

T': the outer label is replaced during the forwarding process.

Raisecom



As shown in Figure 4-11, the packet sent by CE 1 is added with 2 labels by PE 1 and then is

transmitted to PE 2. PE 2 removes the labels and then forwards the packet to CE 2.

Implementation modes

MPLS L2VPN is realized through the following 3 modes:

Circuit Cross Connect (CCC): MPLS L2VPN is realized by manually configuring the

circuit cross connection. It fits for a small and simple MPLS network. This mode

consumes fewer resources and is easy for configuration because no signaling negotiation

is performed and no control packet is exchanged. The connection mode is divided into

local connection and remote connection.

− Local connection: a connection established between 2 local CEs. These 2 CEs are

connected to the same PE. The PE works as a Layer 2 switching. In this mode,

packets can be exchanged directly without configuring the static LSP.

− Remote connection: a connection established between the local and remote CEs.

These 2 CEs are connected to different PEs. You need to configure a static LSP to

transmit the packet from one PE to the other one.

CCC MPLS L2VPN supports local and remote connections. Figure 4-12 shows the CCC

MPLS L2VPN topology.

Figure 4-12 CCC MPLS L2VPN topology

Site 1 and Site 2 of VPN 1 are connected through CCC remote connection (displayed

with blue dotted line). There must be 2 static LSPs between Site 1 and Site 2. One static

LSP is from PE 1 to PE 3, referring to the LSP from Site 1 to Site 2. The other one is

from PF 3 to PE 1, referring the LSP from Site 2 to Site 1. The 2 blue dotted lines are

VCs (CCC remote connections), providing L2VPN connection.

Site 1 and Site 2 of VPN 2 are connected through CCC local connection (displayed with

black dotted line). The PE 2 to which that access acts as a Layer 2 switch. There is no

need to establish a LSP between CEs. CEs can directly exchange link-type data, such as

VLAN and Ethernet.

In this mode, no label or signaling is needed to transmit L2VPN information so long as

the ISP network supports MPLS forwarding. In addition, it can provide QoS guarantee

because the CCC LSP is private.

Martini: use the LDP as the signaling for transmitting VC information.

In Martini mode, inner and outer labels are used. The inner label uses the extended LDP

as the signaling to exchange packet and the outer label is the Tunnel label.

Raisecom



In Martini mode, a LSP between PEs can be shared by multiple VCs. In addition, only

the PEs need to save the mapping relationship between VC Labels and LSPs. The P

device has a great expansibility because it does not save any L2VPN information. When

needing to add a VC, configure a unidirectional VC on related 2 PEs only without

influencing network performance.

In Martini mode, the VC Type + VC ID between 2 CEs is used to identify a VC.

− VC Type: identify the encapsulation type of the VC, such as the VLAN.

− VC ID: identify the VC uniquely. For all VCs of a VC Type, their VC IDs must be

unique on all PEs.

The PE, connected to 2 CEs, exchanges the VC label through the LDP. In addition, it

binds the related CEs based on the VC ID. To successfully establish a VC for

transmitting Layer 2 data, perform the following operations:

− AC interfaces are Up.

− The Tunnel between PEs is established successfully.

− Labels are exchanged and bound.

In Martini mode, the outer label is used to transmit the data of all VCs across the ISP

network. The inner VC label is used to distinguish user data. Therefore, a LSP can be

shared by multiple VCs in the ISP network.

To deploy Martini MPLS L2VPN, you must ensure that the ISP network can establish

the LSP Tunnel automatically. Therefore, the LSP network should forward MPLS

forwarding and MPLS LDP.

The Martini MPLS L2VPN supports Graceful Restart (GR). After data is switched, the

VC label is not changed. During protection switching, VCs are Up. Packets are

transmitted through VCs without being influenced.

The Martini MPLS L2VPN supports remote connection only. Figure 4-13 shows the

Martini MPLS L2VPN topology.

Figure 4-13 Martini MPLS L2VPN topology

Site 1 and Site 2 of VPN 1 are connected through Martini remote connection (black

dotted line) while Site 1 and Site 2 of VPN 2 are connected through Martini remote

connection (blue dotted line). In the ISP network, VPN 1 and VPN 2 can be connected

through 2 different LSPs. In addition, they can be connected by sharing one LSP.

Static Virtual Circuit (SVC): be similar to the Martini mode. However, it does not use the

LDP as the signaling for transmitting the VC label and link information. Instead, it

configures the VC label manually.

Raisecom



The establishment mode of the SVC outer label (private Tunnel) is identical to the one in

Martini mode. The inner label is manually specified when you configure the VC. No

signaling is needed to transmit label information between PEs. Therefore, the SVC

network topology and packet exchange process are identical to the ones in the Martini

mode.

At present, the iTN165-CES supports SVC MPLS L2VPN only.

4.1.6 MPLS-TP OAM

Overview

MPLS-TP OAM can detect, identify, and locate MPLS user-layer faults effectively. It can

perform protection switching quickly when the link/node fails.

OAM is an effective method for reducing network maintenance cost. The MPLS-TP OAM

mechanism is used for MPLS-layer maintenance and management.

MPLS-TP OAM is a mechanism totally independent from any upper/lower network. It

realizes the following functions:

Effectively detect, identify, and locate MPLS user layer faults.

Effectively measure network utilization rate and network performance.

Perform protection switching quickly when the link/node fails to reduce fault dwell time

and improve network reliability.

On the iTN165-CES, MPLS-TP OAM cooperates with the Generic Associated Channel

(GACH) defined in RFC5586 and OAM technology defined in G.8113.1.

For related contents about Y.1731, see sections 8.1.2 CFM and 8.1.3 SLA.

GACH

OAM packet types used in the MPLS-TP are similar to the ones defined in Ethernet OAM. In

the MPLS-TP network, GACH is used as the control channel of the PW layer (VC+Tunnel),

LSP layer, and Section layer (physical link). By encapsulating and transmitting OAM packets

defined in Y.1731 through GACH, you can realize MPLS-TP-based OAM. When the GACH

is used as the control channel of the above mentioned layers, it packet formats are shown in

Figure 4-14, Figure 4-15, and Figure 4-16.

Figure 4-14 Packet format when the GACH is used as the control channel of the PW layer

Raisecom



Figure 4-15 Packet format when the GACH is used as the control channel of the LSP layer

Figure 4-16 Packet format when the GACH is used as the control channel of the Section layer

Generic Associated Channel Label (GAL): is a reserved label assigned to the MPLS-TP

by the IANA. It is used to distinguish OAM packets from other common service packets.

It is a 10-bit label. The label ID is fixed to 13.

Associated Channel Header (ACH): it is used to indicate the control channel, as shown

in Figure 4-17. It is designed to transmit OAM, Automatic Protection Switching (APS),

Signalling Communication Channel (SCC) packets.

Figure 4-17 ACH packet format

The following describes files of the ACH.

The first 4 bits are fixed to 0001. It indicates an ACH channel.

The Version is a 4-bit field. It indicates the channel version. At present, it is unified to 0.

The Reserved field occupies 8 bits. It is used as a reserved bit for further extension.

The Channel Type is a 16-bit field. It indicates the channel type.

ACH can carry one or more Type Length Value (TLV). The channel type decides whether the

ACH carries TLV and which TLV are carried.

ACH TLV Header: it indicates the length of the TLV.

4.1.7 MPLS-TP linear protection switching

MPLS-TP linear protection switching is used to configure the related protection line (backup

link) for the working link (primary link) in advance and assign bandwidth for the protection

link. The working link and protection link forms a protection group. When the working link

fails, the data flow is switched to the protection link quickly to avoid packet loss or delay

problems caused by LSP failure and to improve the network reliability. The MPLS-TP linear

protection switching is an end-to-end protection structure.

MPLS-TP linear protection switching is divided into 1+1 protection switching and 1:1

protection switching. 1+1 protection switching can be unidirectional protection switching or

Raisecom



bidirectional protection switching. 1:1 protection switching is bidirectional protection

switching.

At present, the iTN165-CES supports 1:1 protection switching only.

1+1 protection switching

1+1 protection switching can be unidirectional protection switching or bidirectional protection

switching. Data flow can be switched from the working link to the protection link in affected

connection direction. Or data flow can be switched from the working link to the protection

link in both affected and unaffected connection directions. Bidirectional protection switching

needs the APS protocol to cooperate the connection of both ends. Figure 4-18 shows the 1+1

protection switching structure.

Figure 4-18 1+1 protection switching structure

The sender sends packets through both the working link and the protection link. The receiver

receives packets from the working link and detects the status of working and protection links

between the sender and receiver. When the receiver detects that the working link fails and the

protection link works normally, it switches services to the protection link.

1:1 protection switching

1:1 protection switching is bidirectional protection switching. Data flow can be switched from

the working link to the protection link in both affected and unaffected connection directions.

Bidirectional protection switching needs the APS protocol to cooperate the connection of both

ends. Figure 4-19 shows the 1:1 protection switching structure.

Raisecom



Figure 4-19 1:1 protection switching structure

The sender sends packets through the configured working link and the receiver receives

packets from the working link. When a fault occurs on the working link between the sender

and receiver, it is detected at the receiver. And then 1:1 protection switching is triggered

through APS protocol. The whole process is shown as below:

Step 1 The receiver detects a fault.

Step 2 The receiver exchanges packets with the sender through both the working link and the

protection link and sends the APS command for requesting protection switching.

Step 3 The sender sends the APS command to confirm the protection switching request. Meanwhile,

it sends packets to the receiver through the working link and protection link.

Step 4 The sender and receiver switch services to the protection link for transmission.

4.2 Configuring basic functions of MPLS


Scenario

Basic functions of MPLS are the basis for other MPLS functions taking effect. Basic

functions of MPLS include enabling MPLS globally and on an interface. Configuring the LSR

ID is the basis for enabling global MPLS.

Prerequisite

MPLS on an interface cannot take effect unless global MPLS is enabled and the IP interface is

configured with an IP address and is related to a VLAN.

Raisecom



4.2.2 Configuring basic functions of MPLS



2 Raisecom(config)#mpls lsr-id lsr-id Configure the LSR ID.

In general, the IP address of some IP interface is

taken as the LSR ID.

By default, no LSR ID is configured.

3 Raisecom(config)#mpls enable Enable global MPLS.

By default, global MPLS is disabled.

4 Raisecom(config)#interface ip if-number Enter Layer 3 interface configuration mode.

5 Raisecom(config-ip)#mpls enable Enable MPLS on the Layer 3 interface.

By default, MPLS is enabled on the Layer 3

interface.



1 Raisecom(config)#show mpls Show global MPLS configurations.

2 Raisecom(config)#show mpls

interface Show MPLS configurations on an interface.

4.3 Configuring static LSP


Scenario

The static LSP is established by the administrator by manually assigning labels for all FECs.

It is suitable for simple and stable small-size network. To manually assign labels, the egress

label value of the last node is the ingress label value of the next mode.

The static LSP does not use the label distribution protocol and does not exchange the control

packet. Therefore, it consumes fewer resources. However, the LSP, established by statically

assigning labels, cannot be dynamically adjusted according to the network topology changes.

The administrator needs to manually adjust the static LSP.

Prerequisite

Before configuring the static LSP, you need to configure basic functions of MPLS.

Raisecom



4.3.2 Configuring static LSP

Configuring static LSP of Ingress node



2 Raisecom(config)#mpls static-lsp ingress

lsp-name ip-address [ mask ] nexthop-mac

mac-address vlan vlan-id interface-type

interface-number out-label out-label lsr-

id egress-lsr-id tunnel-id tunnel-id

Configure the static LSP on the Ingress node.

Configuring static LSP of Transit node



2 Raisecom(config)# mpls static-lsp transit

lsp-name in-label in-label nexthop-mac

mac-address vlan vlan-id interface-type

interface-number out-label out-label lsr-

id ingress-lsr-id egress-lsr-id tunnel-id

tunnel-id [ standby ]

Configure the static LSP on the Transit node.

Configuring static LSP of Egress node



2 Raisecom(config)# mpls static-lsp

egress lsp-name in-label in-label lsr-

id ingress-lsr-id tunnel-id tunnel-id

Configure the static LSP on the Egress node.

4.3.3 Configuring static bidirectional corouted LSP

After configuring the static bidirectional corouted LSP, you need to configure the forward LSP and backward LSP on the Ingress and Egress nodes in bidirectional corouted LSP configuration mode. On the Ingress node, the received MPLS packets carry the incoming label. On the Egress node, the transmitted MPLS packets carry the outgoing label.

Raisecom



Configuring static bidirectional LSP on the Ingress node



2 Raisecom(config)#mpls bidirectional static-lsp

ingress lsp-name lsr-id egress-lsr-id tunnel-id

tunnel-id

Create a static bidirectional corouted

LSP on the Ingress node and enter

bidirectional Ingress configuration

mode.

3 Raisecom(config-ingress-lsp)#forward dest-

network [ mask ] nexthop-mac mac-address vlan

vlan-id interface-type interface-number out-

label out-label

Configure the forward egress LSP

without IP capability in directional

Ingress configuration mode.

4 Raisecom(config-ingress-lsp)#backward in-label

in-label Configure the backward ingress LSP

in directional Ingress configuration

mode.

Configuring static bidirectional LSP on the Transit node




transit lsp-name lsr-id ingress-lsr-id egress-

lsr-id tunnel-id tunnel-id [ standby ]


LSP on the Transit node and enter

bidirectional Transit configuration

mode.

3 Raisecom(config-transit-lsp)#forward in-label

in-label nexthop-mac mac-address vlan vlan-id

interface-type interface-number out-label out-

label

Configure the forward LSP without

IP capability in directional Transit

configuration mode.

4 Raisecom(config-transit-lsp)#backward in-label

in-label nexthop-mac mac-address vlan vlan-id


label

Configure the backward LSP without

IP capability in directional Transit

configuration mode.

Configuring static bidirectional LSP on the Egress node




egress lsp-name [ lsr-id ingress-lsr-id tunnel-id

tunnel-id ]


LSP on the Ingress node and enter

bidirectional Egress configuration

mode.

3 Raisecom(config-egress-lsp)#forward in-label in-

label Configure the forward ingress LSP

in directional Egress configuration

mode.

Raisecom




4 Raisecom(config-egress-lsp)#backward dest-network

[ mask ] nexthop-mac mac-address vlan vlan-id


label

Configure the backward egress LSP

in bidirectional Egress configuration

mode.

4.3.4 Configuring Tunnel



2 Raisecom(config)#interface tunnel

tunnel-number Configure the static MPLS TE Tunnel.

By default no static MPLS TE Tunnel is configured.

3 Raisecom(config-

tunnelif)#destination destination-

ip-address

Configure the destination IP address.

4 Raisecom(config-tunnelif)#mpls

tunnel-id tunnel-id Configure the MPLS TE Tunnel interface.



1 Raisecom#show mpls lsp statistics Show LSP statistics.

2 Raisecom#show mpls bidirectional static-lsp

[ lsp-name ] Show bidirectional LSP configurations.

3 Raisecom#show mpls statistics bidirectional

lsp Show MPLS packet statistics of the

bidirectional LSP.

4 Raisecom#show mpls static-lsp [ egress |

ingress | transit |lsp-name ] Show static LSP configurations.

5 Raisecom#show mpls statistics lsp [ lsp-

name ] Show LSP-based MPLS packet statistics.

6 Raisecom#show mpls label [ label-id [ to

label-id ] ] Show information about assigned MPLS

label or status about a specified label.

7 Raisecom#show mpls tunnel [ tunnel-name ] Show Tunnel configurations.

Raisecom



4.4 Configuring MPLS L2VPN


Scenario

With MPLS L2VPN, the Carrier can provide Layer 2 VPN service based on different media

on a uniform MPLS network, including VLAN, Ethernet, and so on. Meanwhile, the MPLS

network can still provide traditional services, such as IP, MPLS L3VPN, traffic engineering,

and QoS.

Prerequisite

At present, the iTN165-CES does not support dynamic routing. When the iTN165-CES

communicates with the device that supports dynamic routing, you need to add a route to the

iTN165-CES on the device.

4.4.2 Configuring MPLS L2VPN

L2VC is required when you configuring Martini/SVC MPLS L2VPN.



2 Raisecom(config)#mpls l2vpn Enable global MPLS L2VPN.

By default, global MPLS L2VPN is enabled.



4 Raisecom(config-port)#mpls l2vpn Enable MPLS L2VPN on an interface.

By default, MPLS L2VPN on an interface is enabled.

5 Raisecom(config-port)#mpls

static-l2vc [ vlan vlan-id ]

destination ip-address { raw |

tagged } vc-id vc-id { in-label

in-label out-label out-label |

vc-label label-id } [ no-control-

word ] [ mtu value ] [ tpid

{ 0x8100 | 0x88a8 | 0x9100 } ]

(Optional) configure static L2VC.

When the existing service is bound to other VPN Tunnels, you cannot configure MPLS L2VPN on it. When the encapsulation mode of a packet is set to raw, in the ingress PW

direction, if the TPID of the packet received by the PE is identical to the VLAN ID of the interface, the VLAN Tag is automatically deleted. Otherwise, no change is made. In the egress PW direction, the PE directly sends the packet to the AC.

When the encapsulation mode of a packet is set to tagged, in the ingress PW direction, if the TPID of the packet received by the PE is identical to the VLAN ID

Raisecom



of the interface, sustain the VLAN Tag. Otherwise, add the default VLAN Tag of the interface to the packet. In the egress PW direction, the PE directly sends the packet to the AC.



1 Raisecom#show mpls l2vc [ static ]

[ statistic ] [ { port-list | interface-type }

interface-list ] [ vlan vlan-id ]

Show L2VC configurations.

2 Raisecom#show mpls l2vpn Show L2VPN configurations.

4.5 Configuring MPLS-TP OAM


Scenario

To extend the application of MPLS-TP technology in Telecom-grade network, the MPLS-TP

network needs to achieve the same service level as the Telecom-grade transport network.

Connectivity Fault Management (CFM) helps the MPLS-TP network to resolve the problem

by providing complete OAM tools.

CFM can provide the following OAM functions for the MPLS-TP network:

Fault detection (Continuity Check, CC)

Fault acknowledgement (LoopBack, LB)

Fault location (LinkTrace, LT)

Alarm Indication Signal (AIS)

Client Signal Fail (CSF)

Lock (LCK)

Packet Delay and Packet Delay Variation Measurements (DM)

Frame Loss Measurements (LM)

The principle of MPLS-TP OAM is similar to the one of Ethernet-based OAM. Only the

carrying modes of related packets are different.

To ensure that users can get qualified network services. The Carrier and users sign a Service

Level Agreement (SLA). To effectively fulfil the SLA, the Carrier needs to deploy the SLA

feature on the device to measure the network performance and takes the measurement result

as the basis for ensuring the network performance.

SLA selects 2 detection points, configures, and schedules the SLA operation on one detection

point to detect the network performance between the 2 detection points.

The SLA feature counts the round-trio packet loss ratio, round-trip/unidirectional (SD/DS)

delay, jitter, jitter variance, and jitter distribution and reports them to the upper monitoring

Raisecom



software (such as the NView NNM system). And then the upper monitoring software analyses

the network performance to get a data meeting users' requirements.

Prerequisite

Before configuring MPLS-TP OAM, perform the following operations:

Connect the interface and configure physical parameters of the physical. Make the

physical layer Up.

Configure basic functions of MPLS.

Before configuring SLA, you need to deploy CFM between devices that need to detect

the network performance.

4.5.2 Enabling MPLS-TP CFM

The fault detection and fault location cannot take effect unless CFM is enabled. Before enabling the CFM packet delivery feature, you should configure the

relationship between the service instance and static L2VC.



2 Raisecom(config)# mpls-tp cfm

enable Enable global MPLS-TP CFM.

By default, global MPLS-TP CFM is disabled.



4 Raisecom(config-port)#cfm enable (Optional) enable CFM on an interface.

By default, CFM is enabled on an interface.

4.5.3 Configuring MPLS-TP CFM

Associating service instance to LSP/PW/Section layer



2 Raisecom(config)#mpls-tp cfm

channel-type { 0x7ffa | 0x8902 |

channel-type }

(Optional) configure the MPLS-TP CFM control channel

type.

By default, the MPLS-TP CFM control channel type is set

to 0x7ffa.

Modifying the control channel type is only for the device communicating with devices from other vendors.

Raisecom





domain level level Create a MPLS-TP Maintenance Domain (MD).

4 Raisecom(config)#mpls-tp service

cis-id level level Create a service instance and enter service instance

configuration mode.

5 Raisecom(config-service)#service

lsp { bidirection lsp-name |

ingress in-lsp-name [ egress

out-lsp-name ] | egress out-lsp-

name }

(Optional) associate the service instance to a static LSP

based on the static bidirectional LSP, ingress static LSP, or

egress static LSP.


lsp transit forward lsp-in

backward lsp-out ttl ttl

(Optional) configure the server instance connected by the

subnet based on the ingress static LSP or egress static

LSP.


lsp transit bidirection lsp-name

lsr-id lsr-id ttl ttl

Configure the service instance based on the subnet

connection of the bidirectional LSP.


pw transit forward vc-id vc-id

destination ip-address backward

vc-id vc-id destination ip-

address

(Optional) associate the service instance to the Transit

PW.


section { interface-type

interface-number | port-channel

port-channel }

(Optional) associate the service instance to the Section.


section dest-mac mac-address (Optional) configure the destination MAC address of the

Section-layer CC.

Configuring MEPs based on MPLS-TP service instances



2 Raisecom(config)#mpls-tp cfm domain level

level Create a MPLS-TP MD.

3 Raisecom(config)#mpls-tp service csi-id

level level Create a service instance and enter service

instance configuration mode.

4 Raisecom(config-service)#service vc-id

vc-id destination ip-address Configure the VC ID associated to the service

instance.

5 Raisecom(config-service)#service mep mpid

mep-id Configure a MEP based on the service

instance.

Before enabling the CFM packet delivery feature, you should configure the relationship between the service instance and static L2VC.

Raisecom



4.5.4 Configuring fault detection




remote mep age-time minute (Optional) configure the aging time of the Remote MEP

(RMEP).

By default, the aging time of the learned RMEP is set to

100min.


errors archive-hold-time minute (Optional) configure the hold time of error CC packets.

By default, the hold time of error CC packets is set to

100min. When the new hold time is configured, the system

will check the database immediately. If any data exceeds

the hold time, it will be deleted from the database.

4 Raisecom(config)#mpls-tp

service cis-id level level Enter service instance configuration mode.

5 Raisecom(config-

service)#service cc interval

{ 1 | 10 | 60 | 600 | 3ms |

10ms | 100ms }

(Optional) configure the interval for sending service

instance CC packet.

By default, the interval for sending service instance CC

packet is set to 1s. When the CC packet delivery is enabled,

the interval for sending CC packet cannot be modified.

6 Raisecom(config-

service)#service cc enable mep

{ mep-id-list | all }

Enable MEP sending CC packet.

By default, the MEP does not send CC packet.

You can use the service cc disable mep { mepid-list | all }

command to disable CC packet delivery.

7 Raisecom(config-

service)#service remote-mep

mep-id [ interface-type

interface-number ]

(Optional) configure the static RMEP. It cooperates with

CC packet detection feature.

8 Raisecom(config-

service)#service remote-mep cc-

check enable

(Optional) enable REMP CC packet check.

After REMP CC packet check is enabled, once receiving

the CC packet, the service instance will check whether the

dynamically learned RMEP ID is identical to the statically-

configured one. If they are inconsistent, the service

instance takes the CC packet as an errored one.

By default, REMP CC packet check is disabled.

9 Raisecom(config-


learning active

(Optional) enable RMEP learning dynamic import.

After RMEP learning dynamic import is enabled, once

receiving the CC packet, the service instance will

automatically translate the learned dynamic RMEP into

static RMEP.

By default, RMEP learning dynamic import is disabled.

Raisecom




10 Raisecom(config-

service)#service priority

priority

(Optional) configure CFM OAM packet priority.

After the CFM OAM packet priority is configured, CCM,

LBM, LTM, DDM packets sent by all MEPs in a service

instance will use the specified priority.

By default, the CFM OAM packet priority is set to 6.

4.5.5 Configuring fault acknowledgement



2 Raisecom(config)#mpls-tp service cis-id

level level Enter service instance configuration mode.

3 Raisecom(config-service)#ping { egress |

ingress } ttl time [ count count ]

[ size size ][ source mep-id ] [ timeout

time ] [ padding { null | null-crc |

prbs | prbs-crc } ]

Execute MPLS-TP layer Ping to acknowledge

the fault.

By default, the number of transmitted LBM

packets is set to 5. The packet TLV is set to 64.

In addition, the service instance automatically

searches for an available source MEP.

Before executing this command, you must ensure that the global CFM is enabled.

Otherwise, the Ping operation fails. If no MEP is configured for the service instance, the Ping operation will fails

because no source MEP is found. The Ping operation will fail if the specified source MEP is invalid. For example, the

specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is.

The Ping operation will fail if another user is using the specified source MEP to initiate the Ping operation.

4.5.6 Configuring fault location




cis-id level level Enter service instance configuration mode.

3 Raisecom(config-

service)#traceroute mep mep-id

[ ttl ttl ] [ source mep-id ]

[ interface-mode ] [ timeout

time ]

Execute MPLS-TP layer Traceroute to locate the fault.

By default, the packet TLV is set to 64. In addition, the

service instance automatically searches for an available

Raisecom




Raisecom(config-

service)#traceroute mip icc icc

node-id [ interface-num number ]

[ ttl ttl ] [ timeout time ]

source MEP.

Raisecom(config-

service)#traceroute ttl ttl


time ]

Before executing this command, you must ensure that the global CFM is enabled.

Otherwise, the Traceroute operation fails. The Traceroute operation will fail if the specified source MEP is invalid. For

example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is.

The Traceroute operation will fail if another user is using the specified source MEP to initiate the Ping operation.

4.5.7 Configuring AIS

Steps 6 is optional and perform it as required.






ais enable Enable AIS delivery.

By default, AIS delivery is disabled.

You can use the service ais disable command to disable

AIS delivery.


ais period { 1 | 60 } Configure the AIS delivery period.

By default, the AIS delivery period is set to 1s.


ais level level [ vlan vlan-id ] Configure the level of client-layer MD to which the AIS

is sent.


suppress-alarms enable mep { all

| mep-list }

Enable MEP alarm inhibition.

4.5.8 Configuring LCK



Raisecom







lck start mep { mep-id | all } Enable LCK packet delivery.

By default, LCK packet delivery is disabled.


lck period { 1 | 60 } Configure the LCK packet delivery period.

By default, the LCK packet delivery period is set to 1s.


lck lsp lsp-name Configure the relationship between the LCK and the

LSP layer.

4.5.9 Configuring basic information about MPLS-TP SLA operation


1 Raisecom#config Enter global configuration

mode.

2 Raisecom(config)#sla oper-num mpls-y1731-echo remote-

mep mep-id level level l2vc l2vc-id [ tc tc-id ] Configure mpls-y1731-echo

PW-layer operations based on

the destination MEP ID.

3 Raisecom(config)#sla oper-num mpls-y1731-echo remote-

mep mep-id level level lsp-ingress lsp-egress-name

lsp-egress lsp-ingress-name [ tc tc-id ]

Configure mpls-y1731-echo

LSP-layer operations based on


4 Raisecom(config)#sla oper-num mpls-y1731-jitter

remote-mep mep-id level level l2vc l2vc-id [ tc tc-

id ] [ interval period ] [ packets packets-num ]

Configure mpls-y1731-jitter



5 Raisecom(config)#sla oper-num mpls-y1731-jitter

remote-mep mep-id level level lsp-ingress lsp-egress-

name lsp-egress lsp-ingress-name [ tc tc-id ]

[ interval period ] [ packets packets-num ]

Configure mpls-y1731-jitter



6 Raisecom(config)#sla oper-num mpls-y1731-pkt-loss

remote-mep mep-id level level l2vc l2vc-id [ tc tc-

id ] [ interval period ] [ packets packets-num ]

Configure mpls-y1731-loss



7 Raisecom(config)#sla oper-num mpls-y1731-pkt-loss

remote-mep mep-id level level lsp-ingress lsp-egress-

name lsp-egress lsp-ingress-name [ tc tc-id ]

[ interval period ] [ packets packets-num ]

Configure mpls-y1731-loss



8 Raisecom(config)#sla mpls-y1731-echo quick-input level

level l2vc l2vc-id Create mpls-y1731-echo PW-

layer operations quickly.

9 Raisecom(config)#sla mpls-y1731-echo quick-input level

level lsp-ingress lsp-egress-name lsp-egress lsp-

ingress-name

Create mpls-y1731-echo LSP-


10 Raisecom(config)#sla mpls-y1731-jitter quick-input

level level l2vc l2vc-id Create mpls-y1731-jitter PW-


Raisecom




11 Raisecom(config)#sla mpls-y1731-jitter quick-input

level level lsp-ingress lsp-egress-name lsp-egress

lsp-ingress-name

Create mpls-y1731-jitter LSP-


12 Raisecom(config)#sla schedule oper-num [ life

{ forever | life-time } ] [ period period ] Configure SLA scheduling

information and enable SLA

operation scheduling.

By default, SLA operation

scheduling is disabled.

4.5.10 Configuring SLA shceduling information and enabling SLA operation scheduling



2 Raisecom(config)#sla schedule oper-

num [ life { forever | life-time } ]

[ period period ]

Configure SLA scheduling information and enable

SLA operation scheduling.

By default, SLA operation scheduling is disabled.



1 Raisecom#show mpls-tp cfm Show MPLS-TP CFM global configurations.

2 Raisecom#show mpls-tp cfm domain [ level

level ] Show MD and service instance configurations.

3 Raisecom#show mpls-tp cfm errors [ level

level ] Show error CCM database information.

4 Raisecom#show mpls-tp cfm ais [ level

level ] Show AIS configurations.

5 Raisecom#show mpls-tp cfm lck [ level

level ] Show LCK configurations.

6 Raisecom#show mpls-tp cfm local-mp

[ interface interface-type interface-

number | level level ]

Show local MEP configurations.

7 Raisecom#show mpls-tp cfm remote-mep

static Show static RMEP configurations.

8 Raisecom#show mpls-tp cfm remote-mep

[ level level [ service service-instance

[ mep mep-id ] ] ]

Show RMEP discovery information.

9 Raisecom#show mpls-tp cfm suppress-

alarms [ level level ] Show CFM alarm inhibition configurations.

10 Raisecom#show sla { all | oper-num }

configuration Show SLA configurations.

Raisecom





result Show the last test information of the operation.


statistic Show operation scheduling statistics. Statistics

of an operation (differed by the operation ID) is

recorded up to 5 groups. If the number exceeds

5, the most aged (calculated based on the begin

time of the operation scheduling) statistics will

be aged.

4.6 Configuring MPLS-TP linear protection switching


Scenario

MPLS-TP linear protection switching protects the primary link by providing a backup link.

Therefore, it provides end-to-end protection for LSP links between devices.

Prerequisite Configure MPLS basic functions.

Configure the static LSP.

Configure MPLS-TP OAM.

4.6.2 Configuring MPLS-TP linear protection switching

Before configuring MPLS-TP linear protection switching, you should attach the

bidirectional/ingress/egress static LSP to the related service instance.



2 Raisecom(config)#mpls-tp line-

protection association aps-name

level ma-name

Configure the information about service instance

associated to MPLS-TP APS. Create association

information about service instances and APS of working

line and protection line.


protection aps-id lsp working

ingress-aps-name egress-aps-name

protection ingress-aps-name

egress-aps-name one-to-one [ non-

revertive ]

Create MPLS-TP linear protection switching lines.


protection aps-id name string (Optional) configure the name of the MPLS-TP

protection line.

Raisecom





protection aps-id { working |

protection } failure-detect

[ cc ] [ phisycal-link ] [ sd ]

Configure the fault detection modes of MPLS-TP

working/protection line, including CC fault detection,

physical-link fault detection, and SD fault detection.


protection trap enable Enable MPLS-TP linear protection switching Trap.


protection aps-id force-switch Switch the traffic from the working line to the protection

line forcibly.


protection aps-id hold-off-timer

hold-off-timer

Configure the Hold OFF timer. It ranges from 0 to 100

ms.

By default, the Hold OFF timer is set to 0.


protection aps-id lockout Lock out MPLS-TP linear protection switching.


protection aps-id manual-switch Switch the traffic from the working line to the protection

line manually.


protection aps-id manual-switch-

to-work

Switch the traffic from the protection line to the working

line manually.


protection aps-id wtr-timer wtr-

timer

Configure the WTR timer. It ranges from 1 to 12min.

By default, the WTR timer is set to 5min.



1 Raisecom#show mpls-tp line-protection

association Show APS association information of MPLS-

TP linear protection switching.


[ aps-id ] config Show MPLS-TP linear protection switching

configurations.


[ aps-id ] statistics Show MPLS-TP linear protection switching

statistics.


[ aps-id ] status Show APS information of MPLS-TP linear

protection switching.

4.7 Maintenance

Command Description

Raisecom(config)#clear cfm errors [ level

md-level ] Clear errored CCM records.

Raisecom



Command Description

Raisecom(config)#clear cfm remote-mep [ level md-level ]

Clear information about the

found RMEP.

Raisecom(config)#clear mpls statistics lsp Clear static LSP statistics.

Raisecom(config)#clear mpls aps aps-id command

Clear all commands except for

commands related to APS policy

association and binding.

Raisecom(config)#clear mpls aps [ aps-id ] statistics

Clear APS policy statistics.


4.8.1 Examples for configuring bidirectional static LSP


As shown in Figure 4-20, User A has branches at 2 locations. You need to establish VPN

between the 2 locations. Therefore, devices at these 2 locations can communicate with each

other.

Because the network is small and stable, you can configure the bidirectional static LSP

between iTN A and iTN B and take it as the private Tunnel of the L2VPN.

Figure 4-20 Configuring the bidirectional static LSP

Configuration steps

Step 1 Configure MPLS basic functions.

Configure iTN A.

iTNA(config)#mpls lsr-id 192.168.1.1

iTNA(config)#mpls enable

Raisecom



Configure iTN B.

iTNB(config)#mpls lsr-id 192.168.4.2

iTNB(config)#mpls enable

Configure iTN C.

iTNC(config)#mpls lsr-id 192.168.1.2

iTNC(config)#mpls enable

Step 2 Configure the bidirectional static LSP between iTN A and iTN B.

Configure iTN A.

iTNA(config)#mpls bidirectional static-lsp ingress lspAB lsr-id

192.168.4.2 tunnel-id 1

iTNA(config-ingress-lsp)#forward 192.168.4.0 nexthop-mac 000e.5e11.1113

vlan 1 line 1 out-label 1001

iTNA(config-ingress-lsp)#backward in-label 2001

Configure iTN C.

iTNC(config)#mpls bidirectional static-lsp transit lspAB lsr-id

192.168.1.1 192.168.4.2 tunnel-id 1

iTNC(config-transit-lsp)#forward in-label 1001 nexthop-mac 000e.5e11.1112


iTNC(config-transit-lsp)#backward in-label 2002 nexthop-mac

000e.5e11.1111 vlan 1 line 1 out-label 2001

Configure iTN B.

iTNB(config)#mpls bidirectional static-lsp egress lspAB lsr-id

192.168.1.1 tunnel-id 1

iTNB(config-egress-lsp)#forward in-label 1002

iTNB(config-egress-lsp)#backward 192.168.1.0 nexthop-mac 000e.5e11.1113


Checking results

Use the show mpls bidirectional static-lsp command to show bidirectional static LSP

configurations on iTN A, iTN B, and iTN C.

Raisecom



Show bidirectional static LSP configurations on iTN A.

iTNA(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 1

LSP-Name: lspAB

LSR-Role: Ingress

LSP-Flag: Working

Ingress-Lsr-Id: 1.1.1.1

Egress-Lsr-Id: 192.168.4.2

Forward Destination: 192.168.4.0

Forward In-Label: --

Forward Out-Label: 1001

Forward In-Interface: --

Forward Out-Interface: line 1

Forward Next-Hop: --

Forward Next-Mac: 000E.5E11.1113

Forward Vlan-Id: 1

Backward Destination: --

Backward In-Label: 2001

Backward Out-Label: --

Backward In-Interface: all interfaces

Backward Out-Interface: --

Backward Next-Hop: --

Backward Next-Mac: --

Backward Vlan-Id: --

Tunnel-Id: 1

LSP Status: Up

Show bidirectional static LSP configurations on iTN B.

iTNB(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 2

LSP-Name: lspAB

LSR-Role: Egress

LSP-Flag: Working



Forward Destination: --

Forward In-Label: 1002

Forward Out-Label: --

Forward In-Interface: all interfaces

Forward Out-Interface: --


Forward Next-Mac: --

Forward Vlan-Id: --

Backward Destination: 192.168.1.0

Backward In-Label: --

Backward Out-Label: 2002

Backward In-Interface: --

Backward Out-Interface: line 1


Raisecom



Backward Next-Mac: 000E.5E11.1113

Backward Vlan-Id: 1

Tunnel-Id: 1

LSP Status: Up

Show bidirectional static LSP configurations on iTN C.

iTNC(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 3

LSP-Name: lspAB

LSR-Role: Transit

LSP-Flag: Working



Forward Destination: --

Forward In-Label: 1001

Forward Out-Label: 1002

Forward In-Interface: all interfaces

Forward Out-Interface: line 2


Forward Next-Mac: 000E.5E11.1112

Forward Vlan-Id: 1

Backward Destination: --

Backward In-Label: 2002

Backward Out-Label: 2001

Backward In-Interface: all interfaces

Backward Out-Interface: line 1


Backward Next-Mac: 000E.5E11.1111

Backward Vlan-Id: 1

Tunnel-Id: 1

LSP Status: Up

4.8.2 Examples for configuring static LSP to carry static L2VC


As shown in Figure 4-21, CE devices and PE devices are connected through line interfaces.

To make CE A and CE B communicate with each other, you should create the static L2VC

based on the static LSP between PE A and PE B.

Raisecom



Figure 4-21 Configuring the static LSP to carry the static L2VC

Configuration steps

Step 1 Configure CE A. Create VLANs and add the specified interface to VLANs. Configure the IP

address. Configurations on CE B are identical to the ones on CE A.

Raisecom#hostname CEA

CEA#config

CEA(config)#create vlan 2-4 active

CEA(config)#interface ip 0

CEA(config-ip)#ip address 10.0.0.1 3

CEA(config-ip)#exit

CEA(config)#interface line 1

CEA(config-port)#switchport mode trunk

Step 2 Configure IP addresses for PE A and PE B and create VLANs for PE A, PE B, and P.

Configure PE A.

Raisecom#hostname PEA

PEA#config

PEA(config)#create vlan 2-4 active

PEA(config)#interface ip 0

PEA(config-ip)#ip address 10.0.0.2 4

PEA(config-ip)#exit

PEA(config)#interface line 1

PEA(config-port)#switchport mode trunk

PEA(config-port)#interface line 2

PEA(config-port)#switchport mode trunk

PEA(config-port)#exit

Configure PE B.

Raisecom#hostname PEB

PEB#config

PEB(config)#create vlan 2-4 active

Raisecom



PEB(config)#interface ip 0

PEB(config-ip)#ip address 20.0.0.2 4

PEB(config-ip)#exit

PEB(config)#interface line 1

PEB(config-port)#switchport mode trunk

PEB(config-port)#interface line 2

PEB(config-port)#switchport mode trunk

PEB(config-port)#exit

Configure P.

Raisecom#hostname P

P#config

P(config)#create vlan 2-4 active

P(config)#interface line 1

P(config-port)#switchport mode trunk

P(config-port)#interface line 2

P(config-port)#switchport mode trunk

P(config-port)#exit

Step 3 Enable MPLS on PE A, PE B, and P and configure the static LSP. Create the Tunnel between

PE A and PE B and configure the static L2VC.

Configure PE A.

PEA(config)#mpls lsr-id 10.0.0.2

PEA(config)#mpls enable

PEA(config)#mpls static-lsp ingress a2b 20.0.0.2 255.255.255.255 nexthop-

mac 000e.5e11.1113 vlan 4 line 2 out-label 301 lsr-id 20.0.0.2 tunnel-id

1

PEA(config)#mpls static-lsp egress b2a in-label 201 lsr-id 20.0.0.2

tunnel-id 2

PEA(config)#mpls l2vpn


PEA(config-port)#mpls static-l2vc destination 20.0.0.2 raw vc-id 1 vc-

label 301 tunnel-interface 1


Configure PE B.

PEB(config)#mpls lsr-id 20.0.0.2

PEB(config)#mpls enable

PEB(config)#mpls static-lsp egress a2b in-label 302 lsr-id 10.0.0.2

tunnel-id 1

PEB(config)#mpls static-lsp ingress b2a 10.0.0.2 255.255.255.255 nexthop-

mac 000e.5e11.1113 vlan 4 line 1 out-label 202 lsr-id 10.0.0.2 tunnel-id

2

PEB(config)#mpls l2vpn

Raisecom




PEB(config-port)#mpls static-l2vc destination 10.0.0.2 raw vc-id 1 vc-



Configure P.

P(config)#mpls lsr-id 10.0.0.3

P(config)#mpls enable

P(config)#mpls static-lsp transit a2b in-label 301 nexthop-mac

000e.5e11.1112 vlan 4 line 2 out-label 302 lsr-id 10.0.0.2 20.0.0.2

tunnel-id 1

P(config)#mpls static-lsp transit b2a in-label 202 nexthop-mac


tunnel-id 2

Checking results

Use the show mpls static-lsp command to show static LSP configurations, taking PE A for an

example.

PEA(config)#show mpls static-lsp

LSP-Index: 2

LSP-Name: b2a

LSR-Role: Ingress

LSP-Flag: Working



FEC: 20.0.0.2

In-Label: --

Out-Label: 203

In-Interface: --

Out-Interface: line 1

Next-Hop: --

Next-Mac: 000E.5E12.1113

Vlan-Id: 4

Tunnel-Id: 2

LSP Status: Down

LSP-Index: 3

LSP-Name: a2b

LSR-Role: Egress

LSP-Flag: Working



FEC: --

In-Label: 303

Out-Label: --

In-Interface: all interfaces

Out-Interface: --

Raisecom



Next-Hop: --

Next-Mac: --

Vlan-Id: --

Tunnel-Id: 1

LSP Status: Up

Use the show interface tunnel command to show whether the Tunnel is created successfully,

taking PE A for an example.

PEA(config)#show interface tunnel

Interface tunnel 1

Encapsulation is MPLS

Tunnel source 10.0.0.2, destination 20.0.0.2,

Tunnel protocol static, tunnel id 1 ,explicit-path:--,

Tunnel related LSP Type: Unidirectinal, LSP-name: a2b,

Tunnel current state : UP

Last up time: 2013-3-16, 12:26:17

Use the show mpls l2vc command to show static L2VC configurations, taking PE A for an

example.

PEA(config-port)#show mpls l2vc

Client Interface : line 1

Client Vlan : All

VC ID : 1

Encapsulation Type: raw

Tunnel Type : mplsNonTe

Destination : 20.0.0.2

Tunnel Policy : --

Tunnel Number : 1

Local VC Label : 201

Remote VC Label : 201

AC Status : down

VC State : lowerLayerDown

VC Signal : manual

PW Control Word : enable

Local VC MTU : 1500

Remote VC MTU : --

TPID : 0x8100

SVLAN : --

Create Time : 1970-01-01,09:02:37

Up Time : 0 days, 0 hours, 0 minutes 0.0 second

Last Change Time : 1970-01-01,09:02:37

----------------------------------------

Total l2vc : 1 0 up 1 down

Raisecom



4.8.3 Examples for configuring MPLS-TP linear protection switching


As shown in Figure 4-22, PE A and PE B communicate with each other through the MPLS

network. To enhance the link reliability, you need to configure linear protection switching

between PE A and PE B.

LSPs among PE A, P A, and PE B are working links. LSPs among PE A, P B, and PE B are

protection links. It requires that service can be quickly switched to the protection link for

transmission when the working link fails.

The static LSP among PE A, P A, and PE B is named as a2bA.

The static LSP among PE A, P B, and PE B is named as a2bB.

The static LSP among PE B, P A, and PE B is named as b2aA.

The static LSP among PE B, P B, and PE A is named as b2aB.

Figure 4-22 Configuring MPLS-TP linear protection switching

Configuration steps

Step 1 Configure VLANs and add specified interfaces to VLANs. Configure IP addresses and static

routings. Configurations on CE devices are not described in this guide.

Configure PE A.

Raisecom#hostname PEA

PEA#config

PEA(config)#create vlan 20,30,40,50 active



PEA(config-ip)#interface ip 1


PEA(config-ip)#exit


PEA(config-port)#switchport access vlan 20

Raisecom



PEA(config-port)#interface line 2

PEA(config-port)#switchport access vlan 50


Configure PE B.

Raisecom#hostname PEB

PEB#config

PEB(config)#create vlan 20,30,40,50 active



PEB(config-ip)#interface ip 1


PEB(config-ip)#exit


PEB(config-port)#switchport access vlan 30

PEB(config-port)#interface line 2

PEB(config-port)#switchport access vlan 40


Configure P A.

Raisecom#hostname PA

PA#config

PA(config)#create vlan 20,30,40,50 active

PA(config)#interface ip 0

PA(config-ip)#ip address 20.0.0.2 20

PA(config)#interface line 1

PA(config-port)#switchport mode trunk

PA(config-port)#switchport trunk allowed vlan 20-50

PA(config-port)#interface line 2



PA(config-port)#exit

Configure P B.

Raisecom#hostname PB

PB#config

PB(config)#create vlan 20-70 active

PB(config)#interface ip 0

PB(config-ip)#ip address 50.0.0.2 50

PB(config-ip)#exit

PB(config)#interface line 1



PB(config-port)#interface line 2

Raisecom





PB(config-port)#exit

Step 2 Enable MPLS on PE A, PE B, P A, and P B. Configure static LSPs from PE A to PE B, as

well as from PE B to PE A. Create Tunnels between PE A and PE B and configure the static

L2VC.

Configure PE A.

PEA(config)#mpls lsr-id 20.0.0.1

PEA(config)#mpls enable


PEA(config-ip)#mpls enable

PEA(config-ip)#interface ip 1

PEA(config-ip)#mpls enable

PEA(config-ip)#exit

PEA(config)#mpls static-lsp ingress a2bA 30.0.0.1 nexthop-mac

000e.5e11.1113 vlan 20 line 1 out-label 103 lsr-id 40.0.0.1 tunnel-id 1

PEA(config)#mpls static-lsp egress b2aA in-label 301 lsr-id 40.0.0.1

tunnel-id 2

PEA(config)#mpls static-lsp ingress a2bB 40.0.0.1 nexthop-mac


PEA(config)#mpls static-lsp egress b2aB in-label 401 lsr-id 40.0.0.1

tunnel-id 4

PEA(config)#mpls l2vpn


PEA(config-port)#mpls l2vpn

PEA(config-port)#mpls static-l2vc destination 30.0.0.1 raw vc-id 1 vc-



Configure PE B.

PEB(config)#mpls lsr-id 60.0.0.1

PEB(config)#mpls enable


PEB(config-ip)#mpls enable

PEB(config-ip)#interface ip 1

PEB(config-ip)#mpls enable

PEB(config-ip)#exit

PEB(config)#mpls static-lsp egress a2bA in-label 302 lsr-id 20.0.0.1

tunnel-id 1

PEB(config)#mpls static-lsp ingress b2aA 20.0.0.1 nexthop-mac


PEB(config)#mpls static-lsp egress a2bB in-label 402 lsr-id 20.0.0.1

tunnel-id 3

PEB(config)#mpls static-lsp ingress b2aB 50.0.0.1 nexthop-mac


PEB(config)#mpls l2vpn

Raisecom




PEB(config-port)#mpls static-l2vc destination 50.0.0.1 raw vc-id 2 vc-



Configure P A.

PA(config)#mpls lsr-id 20.0.0.2

PA(config)#mpls enable

PA(config)#interface ip 0

PA(config-ip)#mpls enable

PA(config-ip)#exit

PA(config)#mpls static-lsp transit a2bA in-label 103 nexthop-mac


tunnel-id 1

PA(config)#mpls static-lsp transit b2aA in-label 203 nexthop-mac


tunnel-id 2

Configure P B.

PB(config)#mpls lsr-id 50.0.0.2

PB(config)#mpls enable

PB(config)#interface ip 0

PB(config-ip)#mpls enable

PB(config-ip)#exit

PB(config)#mpls static-lsp transit a2bB in-label 103 nexthop-mac


tunnel-id 3

PA(config)#mpls static-lsp transit b2aB in-label 203 nexthop-mac


tunnel-id 4

Step 3 Configure CFM on PE A and PE B.

Configure PE A.

PEA(config)#mpls-tp cfm domain level 7

PEA(config)#mpls-tp service ma1 level 7

PEA(config-service)#service lsp ingress a2bA egress b2aA

PEA(config-service)#service mep down mpid 1 line 1

PEA(config-service)#service cc enable mep 1

PEA(config-service)#service remote-mep 2 line 1

PEA(config-service)#mpls-tp service ma2 level 7

PEA(config-service)#service lsp ingress a2bB egress b2aB

PEA(config-service)#service mep down mpid 3 line 2

PEA(config-service)#service cc enable mep 3

PEA(config-service)#service remote-mep 4 line 2

Raisecom



PEA(config-service)#exit

PEA(config)#cfm enable

Configure PE B.

PEB(config)#mpls-tp cfm domain level 7

PEB(config)#mpls-tp service ma1 level 7

PEB(config-service)#service lsp ingress b2aA egress a2bA

PEB(config-service)#service mep down mpid 2 line 1

PEB(config-service)#service cc enable mep 2

PEB(config-service)#service remote-mep 1 line 1

PEB(config-service)#mpls-tp service ma2 level 7

PEB(config-service)#service lsp ingress b2aB egress a2bB

PEB(config-service)#service mep down mpid 4 line 2

PEB(config-service)#service cc enable mep 4

PEB(config-service)#service remote-mep 3 line 2

PEB(config-service)#exit

PEB(config)#cfm enable

Step 4 Configure MPLS-TP linear protection switching on PE A and PE B.

Configure PE A.

PEA(config)#mpls-tp line-protection association 1 apsab1 7 ma1

PEA(config)#mpls-tp line-protection association 1 apsab2 7 ma2

PEA(config)#mpls-tp line-protection 1 lsp working apsa2b1 apsab1

protection apsa2b2 apsab2 one-to-one

Configure PE B.

PEB(config)#mpls-tp line-protection association 2 apsba1 7 ma1

PEB(config)#mpls-tp line-protection association 2 apsba2 7 ma2

PEB(config)#mpls-tp line-protection 2 lsp working apsba1 apsba1

protection apsba2 apsba2 one-to-one

Checking results

Use the show mpls-tp line-protection status command to show the MPLS-TP linear

protection group status, taking PE A for an example.

PEA(config)#show mpls-tp line-protection status

Id Type Direction(Configured) Direction(Negotiated) Revert Aps

State Signal(Requested/Bridged)

Raisecom



-------------------------------------------------------------------------

-------

Raisecom

iTN165-CES (A) Configuration Guide 5 TDMoP


5 TDMoP

This chapter describes principles and configuration procedures of Time Division Multiplex

over Packet (TDMoP), as well as related configuration examples, including following sections:

Introduction

Configuring TDM interfaces

Configuring PW

Configuring TDMoP clock

Maintenance


5.1 Introduction

5.1.1 Principles of TDMoP technology

With TDMoP, TDM CS service can be transparently transmitted on a PSN. TDMoP is the

combination of traditional CS network and PSN and can share resources and support network

expansion.

Based on this, multiple international standardization organizations draft standards for TDMoP,

among which the IETF PWE3 working team releases the most complete TDMoP standard and

solution. This becomes dominant among all standards and solutions.

The TDMoP services supported by the iTN165-CES are PWE3-based circuit emulation.

Overview of PWE3

PWE3 is a protocol structure for end-to-end tunnel transmission Layer 2 emulation services.

For details, see RFC3985.

Figure 5-1 shows the principle of PWE3.

Step 1 CE 1 transmits TDM service data to PE 1 through AC.

Step 2 PE1 encapsulates TDM service data to PW messages through related protocols to form one or

multiple PWs.

Raisecom



Step 3 PW messages are carried through the Tunnel defined by a PSN protocol, such as MPLS,

Metro Ethernet Forum (MEF), or UDP/IP, traverse the PSN, and reach PE 2.

Step 4 PE 2 removes headers of PW messages at the egress interface, decapsulates and transmits

TDM service data to CE 2 through AC.

Figure 5-1 Principles of PWE3

CE: connected to the ISP network through the TDM interface. A CE may be a TDM

device or router. The CE cannot sense the PSN.

AC: an E1/T1 link that connects a CE and a PE.

PE: a device at the edge of ISP network, connected to a CE through its downlink

interface and the PSN through its uplink interface. In uplink direction, the PE

encapsulates received TDM service data into emulation messages and then transmits

emulation messages to the PTN through the uplink interface. In downlink direction, the

PE decapsulates received emulation messages to TDM service data, and transmits TDM

service data to the CE.

Tunnel: a tunnel transparently transmitting TDM emulation messages across the PSN

TDM interface

At present, TDMoP is used to emulate low-speed PDH services and transparently transmit

E1/T1 services on a PSN. E1/T1, early used in voice communication, is widely used in data

communication now.

The E1 interface, a physical layer interface, can connect Public Switched Telephone Network

(PSTN) devices, private network devices, and user access network devices. It carries Layer 2

services, such as TDM, frame relay, and ATM services. The E1 interface has following

features:

− Be used in European and China, etc.

− The E1 interface speed is 2.048 Mbit/s. An E1 frame is composed of 32 timeslots,

numbering TS0 through TS31. The speed of each timeslot is 64 Kbit/s.

− An E1 frame is 256 bits long, and takes 125 μs to be transmitted. Each timeslot is 8

bits long.

− E1 data is in three modes: framed, multiframed, and unframed.

− In a multiframed E1, TS0 carries Frame Alignment Signal (FAS), CRC-4, and peer

alarm indicator, and TS16 carries Channel Associated Signaling (CAS), multi-FAS,

and multiframe peer alarm indicator.

− In a framed E1, TS0 carries FAS and uses out-of-band Common Channel Signaling

(CCS), and TS16 carries service data. Namely, TS1 through TS31 carry service data.

− Unframed E1 is used on the 2.048 Mbit/s private network, and has no timeslots.

Raisecom



Tunnel

Tunnel is a tunnel that carries TDM service to traverse the PSN. It is a path used to

transparently transmit data between the local PE and peer PE. TDM service data is

encapsulated in PW emulation messages, and thus is invisible to the Tunnel. A Tunnel can

carry one or multiple PWs.

When the PSN is a MPLS network, the Tunnel is defined by the MPLS outer label.

The position of the Tunnel in the TDMoP protocol stack is shown in Figure 5-2. The PW de-

multiplexing layer and PSN layer define the Tunnel. The PW de-multiplexing layer belongs to

the PWE3 data layer. It cooperates with the PSN layer to transparently transmit emulation

packets.

Figure 5-2 TDMoP circuit emulation protocol stack

PW

PW is a mechanism that encapsulates TDM service data into PW emulation messages and

then uses the Tunnel to carry these PW emulation messages to traverse the PSN. PW supports

the following functions:

Encapsulate TDM service data into PW emulation messages.

Provide a Tunnel that can carry a PW emulation message to traverse the PSN.

Establish PW connection, distribute and exchange PW labels at the Tunnel ends.

Sort PW messages and extract clock signals.

Manage data status and alarms of TDMoP circuit emulation services.

With distribution and exchange of PW labels, TDMoP circuit emulation services can be

forwarded among different nodes in the PSN. The PW label is used to identify PW emulation

message flows in the same channel, so same PW labels cannot coexist in a Tunnel. The PW

label is defined by the innermost label of the MPLS protocol.

The iTN165-4GEE1 provides up to 31 PWs. The iTN165-4GE4E1/iTN165-4GE4E1-BL

provides up to 64 PWs. The iTN165-4GEV35 provides up to 1 PW.

5.1.2 TDMoP service encapsulation protocol

TDMoP technology is used to transparently transmit TDM services across the PSN. TDM

services are encapsulated into emulation messages by using the adaption protocol and then are

transmitted to the PSN for transparent transmission.

Raisecom



TDM services are grouped into 2 types based on the structure: encapsulation protocols are

divided into structured and unstructured protocols, including:

Structure-Agnostic TDM over Packet (SAToP)

Structure-Aware TDM Circuit Emulation Service over Packet-Switched Network

(CESoPSN)

SAToP

SAToP provides emulation for low-speed PDH circuit services, such as E1, T1, E3, and T3

services. It encapsulates unstructured services only. It takes TDM services as a serial data flow,

fragments and encapsulates it into PW packets for transmission. SAToP is defined by the

RFC4553.

SAToP encapsulation principles of MPLS-based TDM data are shown in Figure 5-3. E1/T1

data flow is taken as binary codes to be fragmented into data packets with a fixed length and

then be encapsulated into TDM payload. The outer lay is encapsulated by the Real-time

Transport Protocol (RTP) header, SAToP control word, and MPLS label. Therefore, a PW

emulation message is composed.

Varying on protocols used in the PSN, positions of the SAToP control word in the emulation packets are different. For details, see RFC4553.

Figure 5-3 SAToP encapsulation principles

SAToP control word

An emulation message encapsulated by the SAToP protocol contains a 4-byte control word, as

shown in Figure 5-4.

Figure 5-4 Structure of the SAToP control word

Table 5-1 describes fields of the SAToP control word.

Raisecom



Table 5-1 Fields of the SAToP control word

Field Length (bit) Description

0000 4 Provide the necessary MPLS payload discrimination.

By default, the value is set to 0.

L 1 If the value is set to 1, it indicates the TDM link fails.

That is, the TDM data encapsulated by SAToP is

incorrect.

R 1 If the value is set to 1, it indicates the PSN-side packet

loss ratio exceeds the preconfigured threshold,

notifying the peer that the local is in the packet loss

status.

Reserved 2 By default, the value is set to 0.

Fragmentation 2 Indicate the packet is encapsulated in fragment. By

default, the value is set to 0.

Length 6 Indicate the size of SAToP packet (defined as SAToP

overhead size + TDM payload size). The value must

be set to 0 if the length is more than 64 bytes.

Sequence

number

16 Indicate the serial number for the SAToP encapsulated

packet, used for detecting packet loss ratio.

RTP

RTP supports end-to-end transmission of real-time data across a network, such as unicast-

based and multicast-based voice, video, and emulation services.

Varying on protocols adopted by the PSN, positions of the RTP field in emulation messages

are different. The RTP field precedes the SAToP control word for UDP/IP PSN, while the RTP

field follows the SAToP control word in other PSN networks. The RTP field is an optional 12-

byte filed in an encapsulation protocol header.

RTP provides a sequence number for identifying the emulation packet, whose function is

similar to the sequence number of the SAToP control word. However, the RTP sequence

number does not coexist with the sequence number of the SAToP control word. The RTP

structure is shown in Figure 5-5.

Figure 5-5 Structure of RTP packet header

Table 5-2 describes fields of the RTP packet header.

Raisecom



Table 5-2 Fields of the RTP packet header


V 2 RTP protocol version

P 1 Padding flag

If the value is set to 1, it indicates that one or more extra 8-

bit are padded at the end of the message. The padding is not

valid payload.

X 1 Extended flag

If the value is set to 1, it indicates that an extended packet

header is padded after the RTP packet header.

CC 4 Contributing Sources (CSRC) counter

It indicates the number of CSRC identifiers.

M 1 Marker

Different payloads have different markers.

PT 7 Valid information carried in the payload

Sequence

number

16 Sequence number of a RTP packet

It grows by 1 when a packet is sent.

With it, the receiver detects packet loss ratio and resorts

packets.

Timestamp 32 Time index for the first sample of the RTP packet

It has two modes: absolute mode and differentiated mode.

With it, the receiver calculates delay and jitter.

SSRC 32 Synchronization Source (SSRC) Identifier, used to detect

error connection

CSRC 32 Contributing Source (CSRC) Identifier, used to identify all

contributing sources contained in the valid payload of the

RTP packet

TDM payload

In SAToP encapsulation mode, TDM frame structure and its internal signaling are not

identified and processed. Instead, TDM service data is fragmented and encapsulated, and then

transparently transmitted.

The length of SAToP encapsulation packet takes byte as the unit. After a PW connection is established, the length of SAToP encapsulation packets

is fixed accordingly. For a PW, the length in both two directions must be identical and keeps fixed in the whole working period.

The length of SAToP encapsulation packets cannot exceed the MTU between 2 PEs.

Raisecom



CESoPSN

CESoPSN, defined by the RFC5086, emulates low-speed PDH circuit services, such as E1,

T1, E3, and T3 services. It provides structured TDM emulation service transmission, has a

frame structure, and can recognize and process TDM internal frame signaling. CESoPSN

discards idle timeslots and encapsulates timeslots in use, thus improving bandwidth utilization.

Figure 5-6 shows CESoPSN encapsulation principle for MPLS-based TDM data. Frame

structure of E1/T1 specified timeslot is encapsulated into the TDM payload. The outer lay is

encapsulated by the RTP header, CESoPSN control word, and MPLS label. Therefore, a PW

emulation message is composed. The length of the TDM payload in the packet is a multiple of

the length of E1/T1 frame structure (125 μs).

Varying on protocols used in the PSN, positions of the CESoPSN control word in the emulation packets are different. For details, see RFC5086.

Figure 5-6 CESoPSN encapsulation principles

CESoPSN control word

The CESoPSN encapsulation protocol contains a 4-byte control word, whose format is shown

in Figure 5-7.

Figure 5-7 Structure of the CESoPSN control word

Table 5-3 describes fields of the CESoPSN control word.

Table 5-3 Fields of the CESoPSN control word


0000 4 Provide the necessary MPLS payload discrimination.

By default, the value is set to 0.

L 1 If the value is set to 1, it indicates the TDM link fails.

That is, the TDM data encapsulated by CESoPSN is

incorrect.

Raisecom




R 1 If the value is set to 0, it indicates the PSN-side packet

loss ratio exceeds the preconfigured threshold,

notifying the peer that the local is in the packet loss

status.

M 2 It indicates signaling detection at the AC side.

Combination of M and L indicates that packet received

from the PSN side is a signaling packet or a service

packet.

Fragmentation 2 Indicate the packet is encapsulated in fragment. By

default, the value is set to 0.

Length 6 Indicate the size of CESoPSN packet (defined as

CESoPSN overhead size + TDM payload size). The

value must be set to 0 if the length is more than 64

bytes.

Sequence

number

16 Indicate the serial number for the SAToP encapsulated

packet, used for detecting packet loss ratio.

RTP

The RTP field precedes the CESoPSN control word for UDP/IP PSN, while the RTP field

follows the CESoPSN control word in other PSN networks. The RTP field is an optional 12-

byte filed in an encapsulation protocol header, whose structure and function are identical to

ones of SAToP protocol.

TDM payload

The payload of a CESoPSN encapsulation packet is a basic NxDS0 data queue with or

without signaling. Signaling and basic NxDS0 data can be encapsulated independently or

together. There are three encapsulation modes: encapsulation of basic NxDS0 data,

encapsulation of NxDS0 signaling, and encapsulation of NxDS0 data and signaling.

After a PW connection is established, the length of a CESoPSN encapsulation

packet is fixed accordingly. The length value is related to the delay of the encapsulation packet. The delay of the emulation packet is consistent, which can simplify compensation mechanism of PW packet loss. The delay of the CESoPSN encapsulation packet ranges from 1ms to 5ms, with its unit of 125 μs.

After a PW is established, the length of a CESoPSN encapsulation packet is fixed accordingly. The length of PW encapsulation packets in all directions must be identical.

CESoPSN encapsulation packet discards invalid TDM service data and then the L field of the CESoPSN control word is set to 1.

Encapsulation of basic NxDS0 data

As shown in Figure 5-8, the payload of a CESoPSN encapsulation packet consists of M

frames (Frame 1 to Frame M). A frame has N timeslots in use (that is, NxDS0 carrying data).

When the CESoPSN encapsulation packet is forwarded through the PW, Frame 1 of the

payload will be forwarded first. The length of the CESoPSN encapsulation packet is a

multiple of a frame, and is related to the delay.

Raisecom



Figure 5-8 Format for CESoPSN encapsulation of basic NxDS0 data

Encapsulation of basic NxDS0 signaling

As shown in Figure 5-9, the payload of the CESoPSN packet consists of N signaling codes of

DS0 channel, which means the payload of the CESoPSN packet only contains DS0 signaling.

This encapsulation mode is a supplement of basic NxDS0 encapsulation mode.

Figure 5-9 Format for CESoPSN encapsulation of basic NxDS0 signaling

A signaling encapsulation packet uses an independent sequence number. Values of some bits in the control word of the signaling encapsulation packet are

set as follows: L = 0, M = 11, and R = 0. If the RTP header exists in the signaling encapsulation packet, a PT mark is

assigned specially to the packet with independent SSRC.

Encapsulation of basic NxDS0 and signaling

As shown in Figure 5-10, a CESoPSN encapsulation packet consists of M frames (Frame 1 to

Frame M). A frame contains N NxDS0 with data. The signalling also contains signalling

codes corresponding to NxDS0. Each signaling code occupies 4 bits. A byte is composed of 2

DS0 signaling codes or a DS0 signaling code and padding bits (if not adequate for a byte).

Figure 5-10 Format for CESoPSN encapsulation of basic NxDS0 and signaling

The iTN165-CES supports CESoPSN and SAToP encapsulation protocols.

5.1.3 TDMoP clock recovery technology

The key to TDMoP is clock synchronization. A feature of TDM services is high real-time

requirement; that is, the clocks of both the sender and the receiver must be in the same

precision grade.

At present, the main clock synchronization mechanisms used by TDMoP technology are as

below:

Self-adaptive clock recovery

Differential clock recovery

External clock input

Raisecom



Link loopback clock

System clock

Self-adaptive clock recovery

Self-adaptive clock recovery, based on queue buffering, traces IP Packet Delay Variation

(IPDV) through the length of packet queue of the receiver. This is a basis of clock

synchronization between the sender and the receiver.

Figure 5-11 shows the principle of self-adaptive clock recovery.

Figure 5-11 Principle of self-adaptive clock recovery

The process for self-adaptive clock recovery is shown as follows:

Step 1 A source Inter-Working Function (IWF) device sends its source clock signals to the

destination IWF device.

Step 2 The destination IWF device buffers all received signals in a queue, and then sends local clock

signals out.

Step 3 If the source IWF clock is not synchronized with the destination IWF clock, the length of the

buffering queue on the destination IWF changes. Detailed descriptions are shown as follows:

− If the length increases, the destination clock runs slower than the source clock; thus

advance the destination clock.

− If the length decreases, the destination clock runs faster than the source clock; thus

slow down the destination clock.

Self-adaptive clock recovery is a passive feedback mechanism. When the clock is adjusted

properly, clock synchronization between the source IWF device and the destination IWF

device on the PSN is complete.

Differential clock recovery

Differential clock recovery, based on the Primary Reference Clock (PRC), sends the coded

differential value between the source clock the PRC to the destination. The destination

compares the destination clock with the PRC and then adjusts its clock. This mechanism is not

affected by delay jitter of the PSN. Therefore, it is always used when delay jitter is out of

control.

Figure 5-12 shows the principle of differential clock recovery.

Raisecom



Figure 5-12 Principle of differential clock recovery

External clock input

External clock input (GPS/IEEE1588/synchronization Ethernet) technology is used to

establish a clock synchronization network, where clock signals are sent to a device. In this

mechanism, different nodes should have the same external clock source and devices should

have external clock input interface. External clock source is diverse, such as GPS, IEEE1588,

or synchronization Ethernet. The external clock input of the iTN165-CES is provided by

devices that support clock sub-card, as shown in Figure 5-13.

Figure 5-13 Principle of external clock input

Link loopback clock

The clock source of the TDMoP device is recovered from the TDM interface or serial link

port, as shown in Figure 5-14.

Figure 5-14 Principle of link loopback clock

Raisecom



5.1.4 TDMoP delay jitter buffer technology

Delay jitter is the delay change of frames in a network. That is, after transmission, the delay

for each frame in the network is variable. This changeable delay is called jitter. The cause to

delay jitter is that the bearing network (PSN) of TDM services is asynchronous and frames are

transmitted in different paths. Frame Packet jitter has great impact on performance of

emulation services. Therefore, compensation must be taken to emulation services.

The jitter buffer on the destination can reduce the impact caused by frame delay changes. It

buffers early or late packets. Its capacity should be set properly. If its capacity is greater, the

destination can buffer more frames, but produce greater delay upon reconstruction of TDM

services. If its capacity is smaller, the destination can buffer fewer frames. Manual

configuration of its capacity is preferred.

Jitter buffer is set according to the measurement and estimation of PSN delay when a PW is

established.

The iTN165-CESsupports manually configuring the Jitter Buffer size through CLI.

5.2 Configuring TDM interfaces


Scenario

The iTN165-CES accesses TDM services through the TDM interface. When providing circuit

emulation services, you need to configure basic properties and related features of TDM

interfaces, such as the link type and Rx clock source of TDM interfaces, and codes of TDM

idle timeslots.

Circuit emulation services are encapsulated based on the TDM interface type. When a TDM

interface is in framed/multiframed mode, TDM frame structure can be recognized and

structured encapsulation mode is adopted. When a TDM interface is in unframed mode,

unstructured encapsulation mode is adopted.

In structured encapsulation mode, PW can be only related to timeslots that carry services.

Timeslots related to the PW are occupied timeslots and the ones does not carry services are

idle timeslots.

Prerequisite

N/A

5.2.2 Configuring E1 interfaces

These configurations are available for the device whose TDM interface is an E1 interface.



Raisecom




2 Raisecom(config)#interface tdm

interface-number Enter TDM interface configuration mode.

3 Raisecom(config-tdm-port)#tdm-type

{ e1-unframed | e1-framed | e1-crc-

framed | e1-framed-cas | e1-crc-

framed-cas | t1-unframed | t1-d4 |

t1-d4-cas | t1-esf | t1-esf-cas }

Configure the link type of the TDM interface (E1

interface).

By default, the link type is set to E1 unframed mode.

4 Raisecom(config-tdm-port)#ts-idle-

code ts-code Configure the code of idle timeslots for the TDM

interface (E1 interface).

By default, the code is set to 0x7e.

5.2.3 Configuring V.35 interfaces

These configurations are available for the device whose TDM interface is a V.35 interface.



2 Raisecom(config)#interface tdm 1 Enter TDM interface configuration mode.

3 Raisecom(config-tdm-port))#

bandwidth-speed N Configure the speed of the V.35 interface. By default, the

speed is set to 2048 Kbit/s.

4 Raisecom(config-tdm-port))#clock-

polarity { normal | invert } Configure the clock polarity of the V.35 interface.

By default, the clock polarity is set to normal.

5 Raisecom(config-tdm-port))#cts

{ on | rts } Configure Clear to Send (CTS) on the V.35 interface.

By default, CTS is enabled.

6 Raisecom(config-tdm-port))#dcd

{ on | off } Configure Data Carrier Detect (DCD) on the V.35 interface.

By default, CTS is enabled.



1 Raisecom(config-tdm)#show tdm interface Show configurations of the current TDM interface.

2 Raisecom(config-tdm)#show pw-status Show the status of the PW associated to the current

TDM interface.

Raisecom



5.3 Configuring PW


Scenario

TDM service data flow is received by the TDM interface and then is encapsulated to PW

packets via a protocol. PW packets of the same type form the PW service flow, which is

transmitted through the Tunnel to traverse the PSN. After reaching the peer device, PW

service flow is de-capsulated to the original TDM service data flow and the TDM service data

flow is forwarded through the TDM interface.

The iTN165-CESsupports MPLS-/MEF-/IP-based PSN. Therefore, Tunnels are grouped in

these 3 types. Properties of a MPLS Tunnel are defined by the LSP and L2VPN of the MPLS

protocol. For details about how to create a MPLS Tunnel, see related configurations.

MPLS/IP-based PW packets select a transport path based on the IP address. The source IP

address of a PW packet is the IP address of the TDMoP sub-card.

Prerequisite

N/A

5.3.2 Configuring IP address of TDMoP sub-card

The IP address of the TDMoP sub-card and the management IP address of the iTN165-CES should be in different network segments.



2 Raisecom(config)#tdmop-ip-address

ip-address [ ip-mask ] Configure the IP address of the TDMoP sub-card.

5.3.3 Creating Tunnel

The Tunnel is a tunnel to carry PWs to traverse the PSN. Before configuring PWs, you must

configure the Tunnel.

When Tunnel packets are Tag ones, CVLAN ID and priority are required parameters while SVLAN ID and priority are optional parameters.

When Tunnel packets are Double-tag ones, CVLAN ID, SVLAN ID, and priority are required parameters.

When Tunnel packets are Untag ones, you do not need to configure the CVLAN ID and SVLAN ID.

Raisecom





2 Raisecom(config)#mef tunnel

tunnel-name dest-mac-address

mac-address tag-vlan-mode

{ double-tag | tag | untag }

[ cvlan-id vlan-id pri pri-

value ] [ svlan-id vlan-id pri

pri-value ]

Create a MEF Tunnel and configure basic properties of

the Tunnel, including the destination MAC address,

VLAN mode, VLAN ID, and priority.

The destination MAC address of a MEF Tunnel is the MAC address of the TDMoP sub-card on the remote device.

Raisecom(config)#ip tunnel

tunnel-name slot-id dest-ip-

address ip-address [ ip-ttl ttl-

value ] [ ip-tos tos-value ]

[ nexthop-type { ip nexthop-addr

ip-address | mac nexthop-addr

mac-address } ] tag-vlan-mode

{ double-tag | tag | untag }

[ cvlan-id vlan-id pri pri-

value ] [ svlan-id vlan-id pri

pri-value ]

Create an IP Tunnel and configure basic properties of the

Tunnel, including the destination IP address, TTL, ToS,

next-hop address and type, VLAN mode, VLAN ID, and

priority.

You can use the no tunnel tunnel-name command to

delete a created Tunnel.

The destination IP address of an IP Tunnel is the IP address of the TDMoP sub-card on the remote device.

5.3.4 Creating PW and configuring PW properties



2 Raisecom(config)#mpls cespw pw-

name vc-id vc-id type { cesop |

satop } tdmport interface-

number timeslot { all |

tsstring } in-label label-value

out-label label-value

destination ip-address

[ tunnel-interface interface-

number ]

Create a MPLS PW and configure basic properties of the

PW, including the encapsulation protocol type, in-label

value, out-label value, related TDM interface ID, timeslot

ID, and destination IP address.

Raisecom(config)#mef cespw pw-

name type { cesop | satop }

tdmport interface-number

timeslot { all | tsstring } in-

label label-value out-label

label-value tunnel tunnel-name

Create a MEF PW and configure basic properties of the

PW, including the encapsulation protocol type, related

TDM interface ID, bound timeslot ID, in-label value, out-

label value, and bound Tunnel name.

Raisecom(config)#ip cespw pw-

name type { cesop | satop }

tdmport interface-number

timeslot { all | tsstring } in-

label label-value out-label

label-value tunnel tunnel-name

Create an IP PW and configure basic properties of the PW,

including the encapsulation protocol type, related TDM

interface ID, bound timeslot ID, in-label value, out-label

value, and bound Tunnel name.

Raisecom




3 Raisecom(config)#cespw pw-name Enter PW configuration mode.

4 Raisecom(config-pw)#load-time

load-time Configure the PW packet encapsulation time, the PW

packet encapsulation time is a multiple of 125 μs.

By default, the PW packet encapsulation time is 1000 μs.

5 Raisecom(config-pw)#frame-size

size-value (Optional) configure the number of TDM frames

encapsulated into PW packets.

The function of this command is identical to the one of the load-time load-time command. The latter configured one takes effect.

6 Raisecom(config-pw)#jitter-

buffer jitter-buffer Configure the PW Jitter Buffer size.

By default, the PW Jitter Buffer size is set to 8000 μs.

7 Raisecom(config-pw)#rtp-header

enable Enable RTP of the PW packet header.

When the TDMoP system adopts the differential clock mechanism, you must enable RTP of the PW packet header.

8 Raisecom(config-pw)#ses-

threshold ses-threshold Configure the packet loss ratio threshold for a PW entering

Severely Errored Second (SES) status.

By default, the packet loss ratio threshold for a PW entering

SES status is set to 30%.

9 Raisecom(config-cespw)#cespw-

exp exp-priority Configure the EXP priority of the PW packets.

By default, the PW EXP priority is set to 0.

10 Raisecom(config-pw)#oos-act

{ not-care | oos-suppression } Configure the Out of Service (OOS) action of a PW.

By default, the PW OOS action is set to not-care.

11 Raisecom(config-pw)#out-synch-

threshord out-synch-threshord Configure the sequential frame loss threshold.

By default, the sequential frame loss threshold is set to 15.

12 Raisecom(config-pw)#connect

enable Enable PW connection. Services cannot be transmitted

unless the PW connection is created.

By default, PW connection is disabled.

Values of the in-label and out-label of a PW must be different. The PW Jitter Buffer size must be equal to or greater than the PW packet

encapsulation time.

Raisecom



5.3.5 Cheking configurations


1 Raisecom(config-cespw)#show cespw

interface Show PW interface configurations and status.

2 Raisecom(config)#show tunnel tunnel-name Show Tunnel configurations.

3 Raisecom(config)#show tdmop info Show TDMoP global configurations.

5.4 Configuring TDMoP clock


Scenario

The TDMoP system supports clock synchronization in nature. The PTN is an STDM-based

best-effort network. It may cause end-to-end delay TDM services are encapsulated into

Ethernet packets and then are transmitted cross the PTN. This also influences the performance

for de-encapsulating TDM services. However, TDMoP clock recovery technology can reduce

impact caused by PTN delay.

The clock recovery mechanism adopted by the TDMoP system depends on the Rx clock

source of the TDM interface.

Prerequisite

Create a PW.

5.4.2 Configuring Rx clock source of TDM interfaces



2 Raisecom(config)#interface tdm interface-

number Enter TDM interface configuration mode.

3 Raisecom(config-tdm-port)#adaptive-pwname

pw-name Configure the recovery clock source PW.

When the Rx clock source of a TDM interface is an Ethernet recovery clock source or a differential clock source, you need to configure a PW as the recovery clock source in advance.

Raisecom




4 Raisecom(config-tdm)#tx-clock-src { adaptive

| differential | external | loopback |

system }

Configure the clock source of a TDM

interface (E1 interface).

By default, the clock source of the TDM

interface is set to system clock.

Raisecom(config-tdm-port)#tx-clock-src

{ adaptive | system | teminal } Configure the clock source of a TDM

interface (V.35 interface).

By default, the clock source of the TDM

interface is set to system clock.



1 Raisecom(config-tdm)#show tdm interface Show configurations on the clock of the current

TDM interface.

5.5 Maintenance

Command Description

Raisecom(config-tdm-port)#loopback

{ internal | external |

bidirectional }

Configure loopback mode of a TDM

interface.

By default, no loopback is configured

the TDM interface.

Raisecom(config-tdm-port)#clear-

statistics Clear TDM interface statistics.

Raisecom(config-cespw)#clear-

statistics Clear PW statistics.


5.6.1 Examples for configuring CESoPSN emulation services


As shown in Figure 5-15, the user has offices in sites A and B. Telephones of sites A and B

access the PTN through iTN A and iTN B respectively. Telephones of sites A and B need to

communicate with each other through the PTN. Configurations are shown as below:

Site A:

Raisecom



– Occupied timeslots: TS6–TS10 and TS17–TS31

– Idle timeslots: TS1–TS5 and TS11–TS15

Site B:

– Occupied timeslots: TS6–TS10 and TS17–TS31

– Idle timeslots: TS1–TS5 and TS11–TS15

MAC address of iTN B: 192.168.10.1 (configured on the iTN A)

Encapsulation protocol: CESoPSN protocol

LSR ID of iTN A: 10.1.1.1

Figure 5-15 Configuring CESoPSN emulation services

Configuration steps

Configuration steps of iTN A are identical to the ones of iTN B. In this guide, only

configurations on iTN A are described.

Step 1 Configure the TDM interface.

Raisecom#config

Raisecom(config)#interface tdm 1

Raisecom(config-tdm-port)#tdm-type e1-crc-framed-cas

Raisecom(config-tdm-port)#ts-idle-code 20

Raisecom(config-tdm-port)#exit

Step 2 Create a PW and configure basic properties of the PW.

Raisecom(config)#mpls lsr-id 10.1.1.1

Raisecom(config)#mpls enable

Raisecom(config)#mpls static-lsp ingress lsp-1 192.168.10.1

255.255.255.255 nexthop-mac 192.168.27.1 out-label 2000

Raisecom(config)#mpls tunnel tunnel-a static-lsp lsp-1

Raisecom



Raisecom(config)#mpls cespw 100 type cesop tdmport 1 timeslot 6-10,17～31

in-label 100 out-label 200 destination 192.168.10.1

Raisecom(config)#cespw 100

Raisecom(config-cespw)#load-time 1000

Raisecom(config-cespw)#jitter-buffer 8000

Raisecom(config-cespw)#rtp-header enable

Raisecom(config-cespw)#ses-threshold 35

Raisecom(config-cespw)#oos-act oos-suppression

Raisecom(config-cespw)#out-synch-threshord 10

Raisecom(config-cespw)#exit

Step 3 Configure the TDMoP clock.


Raisecom(config-tdm)#adaptive-pwname 100

Raisecom(config-tdm)#tx-clock-src differential

Raisecom(config-tdm)#exit

Step 4 Enable PW connection.


Raisecom(config-pw)#connect enable


Raisecom#write

Checking results

Use the show tdm interface command to show TDM interface configurations.

Raisecom(config-tdm-port)#show tdm interface

tdm port ...1

tdm type ...(e1-crc-framed-cas)

line coding ...(HDB3)

loopback ...(no loopback)

idle code ...(0x20)

tx clock source ...(differential)

alarm ...( los lof )

Statistics:

ES ...(10)

SES ...(10)

UAS ...(18887)

Raisecom



Use the show cespw interface command to show PW configurations.

Raisecom(config-cespw)#show cespw interface

pw id ...(1)

pw name ...(100)

pw payload type ...(cesop)

TDM port index ...(1)

TDM ds0 number ...(4)

1 2 3 4 5 6 7 8

9 10 11 12 13 14 15 16

17 18 19 20 21 22 23 24

25 26 27 28 29 30 31

pw in label ...(100)

pw out label ...(200)

pw load time ...(1000)

jitter buffer ...(8000)

ses threshold ...(35%)

pw exp ...(0)

pw rtp-header ...(enable)

out-synch-threshold ...(10)

pw oos-act ...(oos-suppression)

pw connection config ...(enable)

pw oper status ...(up)

pw local status ...(normal)

RX PKTS ...(167)

TX PKTS ...(167)

5.6.2 Examples for configuring SAToP emulation services


As shown in Figure 5-16, a company has many branches in multiple cities. Branches and the

headquarter are connected through the PTN to transmit services. After being connected to iTN

A through the E1 lease cable, Department A accesses the PTN. And then services of

Department A traverse the PTN through the transparent transmission feature of TDM

emulation services to realize data communication among all branches.

Perform the following configurations on iTN A:

IP address of iTN B: 192.168.11.1

Encapsulation protocol: SAToP

LSR ID of iTN A: 10.1.1.1

Raisecom



Figure 5-16 Configuring SAToP emulation services

Configuration steps

Configuration steps of iTN A are identical to the ones of iTN B. In this guide, only

configurations on iTN A are described.

Step 1 Configure the TDM interface (this step can be ignored).

Raisecom#config


Raisecom(config-tdm)#tdm-type e1-unframed

Raisecom(config-tdm)#exit

Step 2 Configure the PW.

Raisecom(config)#mpls lsr-id 10.1.1.1

Raisecom(config)#mpls enable

Raisecom(config)#mpls static-lsp ingress lsp-2 192.168.11.1

255.255.255.255 nexthop 92.168.27.1 out-label 2000

Raisecom(config)#mpls tunnel tunnel-a static-lsp lsp-2

Raisecom(config)#mpls pw 60 satop tdmport 1/4 timeslot all in-label 100

out-label 200 destination 192.168.11.1

Raisecom(config)#pw 60

Raisecom(config-pw)#load-time 1500

Raisecom(config-pw)#jitter-buffer 6000

Raisecom(config-pw)#rtp-header enable

Raisecom(config-pw)#ses-threshold 40

Raisecom(config-pw)#oos-act oos-suppression

Raisecom(config-pw)#out-synch-threshord 10

Raisecom(config-pw)#exit

Step 3 Configure the TDMoP clock.


Raisecom(config-tdm-port)#adaptive-pwname 60

Raisecom(config-tdm-port)#tx-clock-src differential

Raisecom(config-tdm-port)#exit

Raisecom



Step 4 Enable PW connection.


Raisecom(config-cespw)#connect enable


Raisecom#write

Checking results

Use the show tdm interface command to show TDM interface configurations.

Raisecom(config-tdm-port)#show tdm interface

tdm port ...(1)

tdm type ...(e1-unframed)

line coding ...(HDB3)

loopback ...(no loopback)

tx clock source ...(differential)

alarm ...( los )

Statistics:

ES ...(10)

SES ...(10)

UAS ...(19472)

Use the show cespw interface command to show PW configurations.

Raisecom(config-cespw)#show cespw interface

pw id ...(65)

pw name ...(60)

pw payload type ...(satop)

TDM port index ...(1)

pw in label ...(100)

pw out label ...(200)

pw load time ...(1500)

jitter buffer ...(6000)

ses threshold ...(40%)

pw exp ...(0)

pw rtp-header ...(enable)

out-synch-threshold ...(10)

pw oos-act ...(oos-suppression)

pw connection config ...(enable)

pw oper status ...(up)

pw local status ...(normal)

RX PKTS ...(0)

Raisecom



TX PKTS ...(0)

Raisecom

iTN165-CES (A) Configuration Guide 6 Network reliability


6 Network reliability

This chapter describes principles and configuration procedures of network reliability, as well

as related configuration examples, including following sections:

Introduction

Configuring link aggregation

Configuring interface backup

Configuring ELPS

Configuring ERPS

Configuring failover

Maintenance


6.1 Introduction To enhance the reliability of Ethernet and to meet the requirements on the Telecom network,

you can deploy specified reliability technology in the Ethernet. Network reliability

technologies supported by the iTN165-CES include link aggregation, interface backup,

Ethernet Linear Protection Switching (ELPS), Ethernet Ring Protection Switching (ERPS),

and failover.

6.1.1 Link aggregation

Link aggregation is a load-sharing technology. With link aggregation, multiple physical

Ethernet interfaces are combined to form a logical aggregation group. Multiple physical links

in one aggregation group are taken as a logical link. Link aggregation helps share traffics

among member interfaces in an aggregation group. These aggregated links can back up data

for each other dynamically. In addition to effectively improving the reliability on links

between devices, link aggregation can help gain greater bandwidth without upgrading

hardware. For related protocols, see IEEE 802.3ad.

Raisecom



Figure 6-1 Link aggregation

As shown in Figure 6-1, iTN A and iTN B are connected through 2 Ethernet physical links.

You can bind these 2 links to form a logical link Aggregation 1. This logical link has the

following advantages:

Improving link reliability: members in the link aggregation group can back up data for

each other dynamically. When a link fails, the other links can replace it to improve link

reliability effectively.

Increasing link capacity: by binding multiple physical links, you can get greater

bandwidth without upgrading the existing device. The capacity of a physical link equals

to the sum capacity of all physical links.

Sharing load: traffic are distributed to different members based on some algorithm, to

realize link-level load-sharing.

Optimizing network management: member interfaces in a LAG are managed as a logical

interface.

Saving IP addresses: only one IP address is required for a LAG without configuring IP

addresses for member interfaces in the LAG.

In link aggregation, multiple Ethernet interfaces are bound to a LAG. These Ethernet

interfaces are called member interfaces and the logical interface is named as the Trunk

interface, The number of LAGs supported by devices is different. In addition, the number of

member interfaces supported by the LAG varies on the device.

The iTN165-CES supports up to 3 LAGs and each LAG supports up to 4 member interfaces.

At least one active interface and up to 5 interfaces support the LAG.

Link aggregation modes Manual aggregation mode

In this mode, multiple physical interfaces are added to a LAG to form a logical interface.

Links connected to the logical interface share the traffic.

Static LACP aggregation mode

It is a mode of the LACP. In this mode, you must enable LACP in advance. The

Selection Logic of the LACP decides how to select the Trunk interface,

Dynamic LACP aggregation mode

In this mode, you must enable LACP in advance. The system creates and delete the LAG

and member interfaces automatically. Interfaces cannot be aggregated dynamically

unless the following requirements are met:

– Basic configurations of interfaces are identical.

– Speed and duplex configurations of interfaces are identical.

– Interfaces are connected to the same device.

– The peer interfaces meet these requirements.

The iTN165-CES supports manual aggregation and static LACP aggregation modes.

Raisecom



Load-sharing

Load-sharing is a cluster technology used to enhance the capability for processing services

and ensure service reliability by sharing traffic among multiple devices/links. If an interface

meets all requirements for an active interface, the interface will be the active interface of a

LAG. Therefore, the interface can share traffic with other active ones based on the link

aggregation load-sharing mode or load-sharing algorithm,

The load-sharing algorithm is realized by directly mapping or mapping based on the CRC

Hash value of the MAC address.

With different load-sharing modes and their combination, interfaces can share traffic in a

LAG. There are 6 load-sharing modes:

Load-sharing based on the source MAC address

Load-sharing based on the destination MAC address

Load-sharing based on the OR result of the source and destination MAC addresses

Load-sharing based on the source IP address

Load-sharing based on the destination IP address

Load-sharing based on the OR result of the source and destination IP addresses

6.1.2 Interface backup

Overview of interface backup

Interface backup is used for interfaces on a device to back up data for each other. In general,

the primary interface is used to transmit services while the backup interface is in standby

status. When services cannot be transmitted properly because the primary interface or primary

link fails, the backup interface is activated to transmit services. This helps to enhance network

reliability.

At present, the dual uplink networking application is a commonly-used one. In dual uplink

networking, Spanning Tree Protocol (STP) is used to block the redundancy link and

implement backup. Though STP can meet users' backup requirements, it fails to meet

switching requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the

convergence is second level only. It is not a satisfied performance parameter for advanced

Ethernet devices applied to the Telecom-grade network.

Interface backup, targeted for dual uplink networking, implements backup and fast

convergence. It is designed for the dual uplink networking application to ensure the

performance and simplify configurations.

Interface backup is another resolution of STP. You can achieve link redundancy by manually configuring interface backup when STP is disabled. If the device is enabled with STP, you need to disable interface backup. STP provides functions similar to the ones realized by interface backup.

Interface backup is realized by configuring the interface backup group. An interface backup

group contains a pair of interfaces, where an interface is the primary interface and the other

interface is a backup interface. The link, where the primary interface is, is called a primary

link. The link, where the backup interface is, is called a backup link. In general, the backup

interface is blocked, used for redundancy backup.

Raisecom



Member interfaces in the interface backup group supports physical interfaces and Link

Aggregation Group (LAG) but do not support Layer 3 interfaces.

In the interface backup group, when an interface is in Up status, the other interface is in

standby status. Only one interface can be in Up status. When the interface in Up status fails,

the standby interface can be switched to Up status to sustain a normal link.

Principles of interface backup

Figure 6-2 Principles of interface backup

As shown in Figure 6-2, Line 1 and Line 2 on iTN A are connected to their uplink devices

respectively. The interface forwarding status is as below:

Under normal conditions, Line 1 is the primary interface while Line 2 is the backup

interface. Line 1 and its uplink device forward packet while Line 2 and its uplink device

do not forward packets.

When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 and its

uplink device forward packets.

When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 restores

to forwarding packets and Line 2 restores to standby status.

When a switching between the primary interface and the backup interface occurs, the iTN A

sends a Trap to the NView NNM system.

By applying interface backup to different VLANs, you can make 2 interfaces forward packets

simultaneously in different VLANs. As shown in Figure 6-3, by configuring a VLAN and

adding interfaces to the VLAN, you can realize VLAN-based interface backup.

Raisecom



Figure 6-3 Principles of VLAN-based interface backup

In different VLANs, interface forwarding status is shown as below:

Under normal conditions, in VLANs 1000–1500, Line 1 is the primary interface and

Line 2 is the backup interface. In VLANs 1501–2000, Line 2 is the primary interface and

Line 1 is the backup interface. Therefore, Line 1 forwards traffic of VLANs 1000–1500,

and Line 2 forwards traffics of VLANs 1501–2000.

When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 forwards

traffic of VLANs 1000–2000.

When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1

forwards traffic of VLANs 1000–1500, and Line 2 forwards traffics of VLANs 1501–

2000.

VLAN-based interface backup can be used for load-sharing. In addition, it does not depend on

configurations of the uplink device. It facilitates operations.

6.1.3 ELPS

Overview of ELPS

Ethernet Linear Protection Switching (ELPS) is an end-to-end protection technology based on

Automatic Protection Switching (APS) protocol of the ITU-TG.8031 recommendation. It is

used to protect an Ethernet connection. It can be applied to various network structures, such as

the ring network.

APS packet is a kind of Connectivity Fault Management (CFM) packet. It is an APS packet

when the OpCode value in the CFM packet is set to 0x39. The outer structure of the APS

packet is defined by the ITU-T Y.1731. Based on this, the G.8031 defines APS specific

information by using 4 bytes. Figure 6-4 shows the structure of the APS packet.

Raisecom



Figure 6-4 Structure of APS packet

As shown in Figure 6-4, the MEL field is inserted with the Maintenance Entity Group (MEG)

level of the APS packet. For descriptions about the Version, OpCode, Flags, and END TLV,

see ITU-T Y.1731 and their values are listed in Figure 6-4. Table 6-1 describes fields in the

APS specific information.

Table 6-1 Values of fields in APS specific information

Field Value Description

Request/State 1111 Lockout of protection (LO) with highest

priority

The request

type,

indicating the

condition

signal,

command

signal, and

status signal

of the

protection

line. Priorities

of these 3

signals are

descending.

1110 Signal fail for protection (SF-P)

1101 Forced switch (FS)

1011 Signal fail for working (SF-W)

1001 Signal degradation (SD)

0111 Manual switch (MS)

0110 Depreciated

0101 Wait to restore (WTR)

0100 Exercise (EXER)

0010 Reverse request (RR)

0001 Do not revert (DNR)

0000 No request (NR)

Others Reserved

Protection

Type

A 0 No APS channel Four

protection

types

identified by

value 1 or 0

1 APS channel

B 0 1+1 protection switching (with fixed

bridge)

1 1:1 protection switching (with fixed

bridge)

D 0 Unidirectional protection switching

Raisecom




1 Bidirectional protection switching

R 0 Non-revertive mode

1 Revertive mode

Requested signal 0 No signal The local

request

signals carried

by the

protection line

1 Normal service signals

2–255 Reserved

Bridged signal 0 No signal Signals of

bridge

connection in

the protection

line

1 Normal service signals

2–255 Reserved

Reserved All 0 Reserved field. This filed should be ignored when being

received.

The G.8031 defines 1+1 protection switching and 1:1 protection switching. ELPS technology

takes a simple, fast, and predictable mode to realize network resource switching, easier for

Carrier to plan network more efficiently and learn network active status.

ELPS protection switching modes

As shown in Figure 6-5, ELPS supports 1+1 and 1:1 protection switching modes.

Figure 6-5 ELPS 1+1 and 1:1 protection switching modes

1+1 protection switching: each working line is assigned with a protection line. In general, in

the protection domain, the source end sends traffic through the working and protection lines

while the destination end receives the traffic from one line. The destination end selects the

working/protection line based on some pre-configured standard, such as the server failure

indication. Services are switched to the protection line directly when the working line fails.

1:1 protection switching: each working line is assigned with a protection line. The source

end sends traffic through the working/protection line. In general, the source sends traffic

through the working line. The protection line is a backup line. When the working line

Raisecom



fails, the source end and destination end communicate through APS protocol to switch

traffic to the protection line simultaneously.

Based on whether the source end and destination end switch traffic simultaneously, ELPS is

divided into unidirectional switching and bidirectional switching:

Unidirectional switching: as shown in Figure 6-6, when one direction of a line fails, one

end can receive the traffic while the other end fails to receive the traffic. The end failing

to receive the traffic detects a fault and switches the traffic. And the other end does not

detect the fault and switch traffic. Therefore, both ends may receive the traffic through

different lines.

Figure 6-6 Unidirectional protection switching

Bidirectional switching: when a line fails, even in one direction, both ends communicate

through APS protocol to switch traffic to the protection line. Therefore, both ends receive

and send the traffic through the same line.

1+1 protection switching is divided into unidirectional switching and bidirectional switching. 1:1 protection switching supports bidirectional switching only.

ELPS provides 3 modes to detect a fault.

Detect faults based on the physical interface status: learning link fault quickly and

switching services immediately, suitable for detecting the fault between neighbor devices.

Detect faults based on CFM: suitable for multi-device crossing detection.

Detect faults based on the physical interface and CFM: sending Trap when detecting a

fault on the physical link/CFM.

The iTN165-CES supports 1:1 bidirectional protection switching and the 3 fault detection

modes.

6.1.4 ERPS

Overview of ERPS

Ethernet Ring Protection Switching (ERPS) is a protection switching technology based on the

Ring Automatic Protection Switching (R-APS) protocol of the ITU-TG.8032 recommendation.

It is used in Ethernet rings. Generally, ERPS can avoid broadcast storm caused by data

loopback in Ethernet rings. When a link/device on the Ethernet ring fails, traffic can be

quickly switched to the backup link to ensure restoring services quickly.

Raisecom



Similar to the ELPS APS packet, R-APS packet is a CFM packet, which is defined by the

Y.1731 and G.8032. Figure 6-7 shows the structure of the R-APS packet.

Figure 6-7 Structure of the R-APS packet

Table 6-2 describes items in the R-APS specific information.

Table 6-2 Fields in the R-APS specific information


Request/State 1011 Signal fail. It is a R-APS packet which is sent by the node

that detects the link fault. It is used to identify the local SF

event.

0000 No request (NR), which is sent by the node that detects the

link fault. It is used to identify that the generated SF event

is cleared.

Others Reserved

Status R

B

0 The RPL is blocked. For all non RPL Owner nodes, the

value is set to 0.

1 The blocked RPL is released.

D

N

F

0 FDB refresh by be triggered.

1 The FDB refresh is not trigged.

Node ID – The MAC address of the node, which is unique.

Reserved All 0 Reserved field. This filed should be ignored when being

received.

Raisecom



Filtering DataBase (FDB) clearing refers to removing MAC addresses of learned FDBs of the node.

ERPS adopts advantages of multiple ring network technologies, such as Ethernet Automatic

Protection Switching (EAPS), Resilient Packet Ring (RPR), Synchronous Digital Hierarchy

(SDH), and STP. It is the newest mature standard of the Ethernet ring protection switching

technology, providing the following functions:

Optimizing the detection mechanism

Detecting bidirectional faults

Support multi-network and multi-domain structures

Realizing 50ms protection switching performance

Supporting multiple working modes, such as primary-to-backup and load-sharing modes

ERPS uses the control VLAN in the ring network to transmit ring network control

information. Meanwhile, combining with the topology feature of the ring network, it

discovers link fault quickly and enable the backup link to restore service fast.

Related concepts of ERPS

Figure 6-8 ERPS ring network

Related concepts of ERPS are shown as below:

Ring Protection Link (RPL): it is a link between RPL nodes. In normal status, the

interface of the link is blocked to avoid a loopback. One Ethernet ring has a RPL only.

RPL Owner: it is a node connected to the RPL. It is specified by the user, used to

block/release the RPL interface. In normal status, it blocks the RPL interface to avoid a

loopback.

RPL Neighbor: it is the other node connected to the RPL. It cooperates with the RPL

Owner to provide protection switching.

Control VLAN: it is an independent VLAN channel used by ERPS to carry R-APS

packets. It is identical to the VLAN monitored in the CFM domain. However, the

control VLAN ID should not be identical to the service VLAN ID.

Raisecom



Properties (level, domain name, MA name, and VLAN ID) of all CFM domains must be identical. Otherwise, ERPS ring fails to be established.

During ERPS protection switching process, 3 timers are used.

Guard Timer: it is used to filter outdated R-APS packets to avoid error protection

switching actions on the node. When the Guard Timer is running, received R-APS

packets will be discarded.

WTR Timer: the WTR Timer on the RPL Owner begins to time when the working line

recovers from a fault. In addition, a WTR running signal is output during the WTR

Timer running process. Services are switched back to the working line when the WTR

Timer times out. The WTR Timer is used to avoid frequent switching caused by

unstable working line.

Holdoff Timer: it is used to coordinate other protection switching coexisting with the

link protection. When one or more new faults are detected, the Holdoff Timer is

triggered. During the Holdoff Timer running process, the system will detect the link

status regardless of whether the fault that triggers the Holdoff Timer exists. The system

will report the fault to ERPS if it exists.

Basic protection mechanism of ERPS

The G.8032 defines 5 states of the node on the Ethernet ring.

Idle state: the normal working state without no fault

Protection state: the state to which services are switched after a fault is detected. The

APS process is triggered by the fault detected by the Continuity Check Message (CCM)

of Ethernet Operation, Administration and OAM (OAM).

Pending state: the state before a fault is resolved

FS state: the state when a FS command is being applied

MS state: the state when a FS command is being applied

To ensure the protection switching stability, the G.8032 defines a WTR timer. After the RPL

Owner receives a fault recovery signal, services cannot be switched back to the working line

after the WTR timer times out. Figure 6-9 and Figure 6-10 show the basic protection

mechanism of ERPS.

Raisecom



Figure 6-9 Idle state of Ethernet ring network

As shown in Figure 6-9, when the Ethernet ring network is in idle state, links have the

following features:

All nodes are connected to form a ring.

The ERPS protocol sends NR,/RB signals continuously through the RPL Owner. The

NR/RB signal indicates that no fault is generated. The RPL is blocked to avoid a

loopback.

Connected nodes use the OAM CCM packet to monitor links.

When a fault is generated during on the Ethernet ring, the ERPS protocol uses the

Y.1731 SF type to trigger protection switching.

Figure 6-10 Protection state of Ethernet ring network

As shown in Figure 6-10, when a fault is detected, the system enables APS to enter the

protection state.

After the Holdoff Timer times out, the node connected to the failed link blocks the link

and sends the SF signal to notify other nodes of the fault. As shown in Figure 6-10,

when the link between Nodes D and E fails, the Nodes D and E send the SF signal to

other nodes respectively.

Raisecom



The SF signal triggers the RPL Owner to open the RPL interface and triggers all nodes

to clear the MAC address table. And then the link enters the protection state.

When a fault is recovered, the links performs fault recovery switching:

Nodes connected to the failed link are stilled blocked. After the Guard Timer times out.

Nodes D and E send R-APS NR signals, which indicates no local fault request.

When receiving the first NR signal, the RPL Owner enables the WTR timer

immediately.

After the WTR Timer times out. The RPL Owner blocks the RPL and sends the R-APS

signal (NR/RB), which indicates no local fault request. The RPL link is blocked.

After receiving the R-APS signal (NR/RB), other nodes refresh the FDB. The Node

sending the NR signal will stop sending the packet periodically and release the blocked

interface.

All nodes on the link return to the idle state.

Sub-ring

The revision of the G.8032 provides the protection mechanism of Ethernet multi-ring. The

sub-ring is an attached ring of the existing ring. It is connected with other rings/network

through an interconnected node (node connecting multiple rings). The sub-ring is not closed.

And interconnected node does not belong to the sub-ring.

Figure 6-11 Sub-ring model

As shown in Figure 6-11, nodes B and C are interconnected nodes. The channel connected to

the 2 interconnected nodes is called R-APS virtual channel. The R-APS virtual channel is

used for the intersecting node on the intersecting ring.

If an intersection ring has a R-APS virtual channel, the primary ring provides a virtual

channel for APS packets of the sub-ring. It means that APS packets of the sub-ring will be

transmitted to the primary ring. Otherwise, the primary ring does not provide a virtual channel

for ARP packets of the sub-ring and APS packets of the sub-ring are terminated at the

intersecting node.

The primary ring and sub-ring are 2 rings. Each ring is configured with a RPL Owner.

Protection switching mechanism is similar to the one of the single ring. Each ring processes

its own fault. When a shared link fails, the primary ring is switched to the protection state

while no action is performed on the sub-ring.

Raisecom



6.1.5 Failover

Failover provide an interface linkage scheme to expand the range of link backup. By

monitoring the uplinks and synchronizing downlinks, the fault generated on the uplink device

can be transmitted to downlink devices to trigger switching. This helps avoid traffic loss when

downlink devices cannot sense faults of uplinks.

As shown in Figure 6-12, Line 1 is the primary interface and Line 2 is the backup interface.

The upstream interfaces (Line 1 and Line 2) and downstream interface (Client 1) are added to

a failover group. Once upstream interfaces fail, the downstream interface is in Down statue.

The downlink interface returns to Up status once one or both uplink interfaces recover.

Therefore, the uplink link status is notified to the downstream devices immediately. Uplink

interfaces work properly when the downlink interface fails.

Figure 6-12 Interface-to-interface failover

6.2 Configuring link aggregation


Scenario

When needing to provide greater bandwidth and reliability for a link between two devices,

you can configure link aggregation.

The iTN65-CES supports the following 2 link aggregation modes:

Manual link aggregation mode

Static LACP aggregation mode

Prerequisite

Before configuring link aggregation, you need to configure physical parameters of the

interface and make the physical layer Up.

6.2.2 Configuring manual link aggregation



2 Raisecom(config)#interface port-channel

port-channel-number Enter aggregation group configuration mode.

3 Raisecom(config-aggregator)#mode manual Configure manual link aggregation.

4 Raisecom(config-aggregator)#exit Return to global configuration mode.

Raisecom





type interface-number Enter physical layer configuration mode.

6 Raisecom(config-port)#channel group

port-channel-number Add member interfaces to the LAG.

7 Raisecom(config-port)#exit Exit from global configuration mode.

8 Raisecom(config)#link-aggregation

enable (Optional) enable link aggregation. By default,

link aggregation is enabled.

9 Raisecom(config)#link-aggregation load-

sharing mode { dip | dmac | smac | sip

| sxordip | sxordmac }

(Optional) configuring the load-sharing mode of

the LAG. By default, load sharing mode is set to

sxordmac, which means selecting the forwarding

interface according to OR operation result of

source MAC address and destination MAC

address.

In a LAG, member interfaces that share loads must be identically configured. Otherwise, data cannot be forwarded properly. These configurations include STP, QoS, QinQ, VLAN, interface properties, and MAC address learning. STP status on the interface, properties (point-to-point/non point-to-point) of the link

connected to the interface, path cost of the interface, STP priority, packet Tx speed limit, whether the interface is configured with loopback protection, root protection, and whether the interface is an edge interface.

QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue, WRR queue scheduling, WFQ queue, interface priority, and interface trust mode.

QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer VLAN Tags for different inner VLAN IDs.

VLAN: the allowed VLAN, default VLAN, and the link type (Trunk and Access) on the interface, and whether VLAN packets carry Tag.

Interface properties: speed, duplex mode, and link Up/Down status. MAC address learning: MAC address learning status and MAC address limit.

6.2.3 Configuring static LACP link aggregation



Raisecom




2 Raisecom(config)#lacp system-priority

system-priority (Optional) configure the system LACP priority.

By default, the system LACP priority is set to

32768.

The smaller the value is, the higher the system LACP priority is. The end with a higher system LACP priority is the active end. LACP selects the active interface and standby interface based on configurations on the active end. If the system LACP priorities are identical, select the one with a smaller MAC address as the active end.

3 Raisecom(config)#lacp timeout { fast |

slow } (Optional) configure the LACP timeout mode.

4 Raisecom(config)#interface port-channel

port-channel-number Enter aggregation group configuration mode.

5 Raisecom(config-aggregator)#mode lacp-

static Configure the static LACP LAG.

6 Raisecom(config-aggregator)#{ max-

active | min-active } links threshold (Optional) configure the maximum/minimum

number of active links in the LACP LAG.

7 Raisecom(config-aggregator)#exit Return to global configuration mode.


type interface-number Enter physical layer configuration mode.

9 Raisecom(config-port)#channel group

port-channel-number Add member interfaces to the LACP LAG.

10 Raisecom(config-port)#lacp mode

{ active | passive } (Optional) configure the LACP mode of member

interfaces. By default, the LACP mode is set to

active. LACP connection fails if both ends of a

link are in passive mode.

11 Raisecom(config-port)#lacp port-

priority port-priority (Optional) configure the interface LACP priority.

12 Raisecom(config-port)#exit Return to global configuration mode.

13 Raisecom(config)#link-aggregation

enable (Optional) enable link aggregation. By default,

link aggregation is enabled.

In a static LACP LAG, a member interface can be an active/standby one. Both the

active interface and standby interface can receive and send LACPDU. However, the standby interface cannot forward user packets.

The system selects a default interface based on the following conditions in order: whether the neighbour is discovered, maximum interface speed, highest interface LACP priority, smallest interface ID. The default interface is in active status. Interfaces, which have the same speed, peer device, and operation key of the

Raisecom



operation key with the default interface, are in active status. Other interfaces are in standby status.



1 Raisecom#show lacp internal Show local system LACP configurations.

2 Raisecom#show lacp neighbor Show the neighbour LACP configurations

3 Raisecom#show lacp statistics Show interface LACP statistics.

4 Raisecom#show lacp sys-id Show local system LACP global enabling status, device ID.

5 Raisecom#show link-

aggregation Show whether the current system is enabled with link

aggregation, link aggregation load-sharing mode, member

interfaces and currently-active member interfaces in all

current aggregation groups.

6.3 Configuring interface backup


Scenario

Interface backup can realize redundancy backup and fast switching of primary and backup

links, VLAN-based interface backup can realize load-sharing among different interfaces.

Interface backup ensures millisecond level switching and simplifies configurations.

Prerequisite

Before configuring interface backup, perform the following operations:

Create a VLAN.

Add interfaces to the VLAN.

6.3.2 Configuring basic functions of interface backup




type primary-interface-number Enter physical layer interface configuration

mode. The interface is the primary interface for

interface backup.

Raisecom




3 Raisecom(config-port)#switchport

backup interface-type backup-

interface-number [ vlanlist vlan-

list ]

Configure the interface backup group.

If the interface backup group specifies no VLAN

list, VLAN IDs ranges from 1 to 4094 by default.

4 Raisecom(config-port)#exit Return to global configuration mode.

5 Raisecom(config)#switchport backup

restore-delay period (Optional) configure the restore-delay.

By default, the restore-delay is set to 15s.

6 Raisecom(config)#switchport backup

restore-mode { disable | neighbor-

discover | port-up }

(Optional) configure the restore mode.

port-up: the link recovers once the interface in

Up status. neighbor-discover: the link recovers once the

interface discovers the neighbour through

Raisecom Neighbour Discover Protocol

(RNDP). disable: disable backup restore.

By default, the restore mode is set to port-up.

In an interface backup group, an interface is a primary interface or a backup

interface. In a VLAN, an interface/LAG is a member of only one interface backup group. If you set a LAG to a member of the interface backup group, you need to set the

interface with the smallest interface ID in the LAG to the member of the interface backup interface. When the member interface is in Up status, all interfaces in the aggregation group are in Up status. When the member interface is in Down status, all interfaces in the aggregation group are in Down status.

6.3.3 (Optional) configuring interface forced switch

After forced switch is successfully configured, the primary and backup links will be

switched. The working link is switched to the protection link. For example, when both the primary and backup interfaces are in Up status, if the data is being transmitted through the primary link, data will be transmitted to the primary link to the backup link after forced switch is performed.

In the CLI, the backup interface ID is an optional parameter. If the primary interface is configured with multiple interface backup pairs, you should input the backup interface ID.




primary-interface-number Enter physical layer interface configuration

mode. The interface is the primary interface

for interface backup.

Raisecom




3 Raisecom(config-port)#switchport backup

[ interface-type backup-interface-

number ] force-switch

Configure interface forced switch.



1 Raisecom#show switchport backup Show interface backup information.

6.4 Configuring ELPS


Scenario

To make the Ethernet reliability up to Telecom-grade (network self-heal time less than 50ms),

you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It is an

end-to-end protection technology.

Prerequisite

Before configuring ELPS, perform the following operations:

Connect interfaces and configure physical parameters for them. Make the physical layer

Up.

Create the management VLAN and VLANs of the working and protection interfaces.

Configure CFM detection between devices (preparing for CFM detection mode).

6.4.2 Creating protection lines



Raisecom




2 Raisecom(config)#ethernet line-

protection line-id working

interface-type interface-number

vlanlist protection interface-type

interface-number vlanlist one-to-one

[ non-revertive ] [ protocol-vlan

vlan-id ]

Create the ELPS protection line and configure the

protection mode.

The protection group is in non-revertive mode if you

configure the non-revertive parameter.

In revertive mode, when the working line recovers

from a fault, traffic is switched from the protection

line to the working line. In non-revertive mode, when the working line

recovers from a fault, traffic is not switched from

the protection line to the working line.

By default, the protection group is in revertive mode.


protection line-id name string (Optional) configure a name for the ELPS protection

line.


protection line-id wtr-timer wtr-

timer

(Optional) configure the WTR timer. In revertive

mode, when the working line recovers from a fault,

traffic is not switched to the working line unless the

WTR timer times out.

By default the WTR time value is set to 5min.

We recommend that WTR timer configurations on both ends keep consistent. Otherwise, we cannot ensure 50ms quick switching.


protection line-id hold-off-timer

holdoff-timer

(Optional) configure the HOLDOFF timer. Hold-off

timer configurations on both ends should be

consistent.

By default, the HOLDOFF timer value is set to 0.

If the HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the HOLDOFF timer value to 0.


protection trap enable (Optional) enable ELPS Trap.

By default, ELPS Trap is disabled.

6.4.3 Configuring ELPS fault detection modes

Fault detection modes of the working line and protection line can be different. However, we recommend that fault detection mode configurations of the working line and protection line keep consistent.

Raisecom





2 Raisecom(config)#ethernet line-protection

line-id { working | protection } failure-

detect physical-link

Set the fault detection mode of the working

line/protection line to failure-detect

physical-link.

By default, the fault detection mode is set to

failure-detect physical-link.

Raisecom(config)#ethernet line-protection


detect cc [ md md-name ] ma ma-name level

level mep local-mep-id remote-mep-id


line/protection line to failure-detect cc.

This fault detection mode cannot take effect

unless you finish related configurations on

CFM.

Raisecom(config)#ethernet line-protection


detect physical-link-or-cc [ md md-name ]

ma ma-name level level mep local-mep-id

remote-mep-id


line/protection line to failure-detect

physical-link-or-cc.

In this mode, a Trap is reported when a fault

is detected on the physical link/CC.

This fault detection mode cannot take effect

unless you finish related configurations on

CFM.

6.4.4 (Optional) configuring ELPS switching control

By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ELPS switching control in some special cases.




protection line-id lockout Lock protection switching. After this

configuration, the traffic is not switched to the

protection line even the working line fails.


protection line-id force-switch Switch the traffic from the working line to the

protection line forcedly.


protection line-id manual-switch Switch the traffic from the working line to the

protection line manually. Its priority is lower

than the one of forced switch and APS.


protection line-id manual-switch-to-work In non-revertive mode, switch the traffic from

the protection line to the working line.

Raisecom





1 Raisecom#show ethernet line-protection [ line-

id ] Show protection line configurations.

2 Raisecom#show ethernet line-protection statistics Show protection line statistics.

3 Raisecom#show ethernet line-protection aps Show APS information.

6.5 Configuring ERPS


Scenario

With development of Ethernet to Telecom-grade network, voice and video multicast services

bring higher requirements on Ethernet redundant protection and fault-recovery time. The

fault-recovery time of current STP system is in second level that cannot meet requirements.

By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast

storm in normal condition. Therefore, the traffic can be quickly switched to the protection line

when working lines or nodes on the ring fail. This helps eliminate the loopback, perform

protection switching, and automatically recover from faults. In addition, the switching time is

shorter than 50ms.

The iTN165-CES supports the single ring, intersecting ring, and tangent ring.

ERPS provides 2 modes to detect a fault:

Detect faults based on the physical interface status: learning link fault quickly and

switching services immediately, suitable for detecting the fault between neighbor devices.

Detect faults based on CFM: suitable for unidirectional detection or multi-device

crossing detection.

Prerequisite

Before configuring ERPS, perform the following operations:

Connect interfaces and configure physical parameters for them. Make the physical layer

Up.

Create the management VLAN and VLANs of the working and protection interfaces.

Configure CFM detection between devices (preparing for CFM detection mode).

Raisecom



6.5.2 Creating ERPS protection ring

Only one device on the protection ring can be set to the Ring Protection Link (RPL) Owner and one device is set to RPL Neighbour. Other devices are set to ring forwarding nodes. In actual, the tangent ring consists of 2 independent single rings. Configurations on the tangent ring are identical to the ones on the common single ring. The intersecting ring consists of a master ring and a sub-ring. Configurations on the master ring are identical to the ones on the common single ring. For details about configurations on the sub-ring, see section 6.5.3 (Optional) creating ERPS protection sub-ring.



2 Raisecom(config)#ethernet ring-protection

ring-id east interface-type interface-

number west interface-type interface-

number node-type rpl-owner rpl { east |

west } [ not-revertive ] [ protocol-vlan

vlan-id ] [ block-vlanlist vlanlist ]

Create a protection ring and set the node to

the RPL Owner.

By default, the protocol VLAN is set to 1.

Blocked VLANs ranges from 1 to 4094.

The east and west interfaces cannot be the same one.

Raisecom(config)#ethernet ring-protection



number node-type rpl-neighbour rpl { east

| west} [ not-revertive ] [ protocol-vlan


Create a protection ring and set the node to

the RPL Neighbour.




number [ not-revertive ] [ protocol-vlan


Create a protection line and set the node to

the protection forwarding node.


ring-id name string (Optional) configure a name for the

protection ring. Up to 32 bytes are supported.


ring-id version { 1 | 2 } (Optional) configure the protocol version.


ring-id guard-time guard-time (Optional) after the ring Guard timer is

configured, the failed node does not process

APS packets during a period. By default, the

ring Guard timer is set to 500ms.


ring-id wtr-time wtr-time (Optional) configure the ring WTR timer. In

revertive mode, when the working line

recovers from a fault, traffic is not switched

to the working line unless the WTR timer

times out.

By default the ring WTR time value is set to

5min.

Raisecom





ring-id holdoff-time holdoff-time (Optional) configure the ring HOLDOFF

timer. Hold-off timer configurations on both

ends should be consistent.

By default, the ring HOLDOFF timer value

is set to 0.

If the ring HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the ring HOLDOFF timer value to 0.


trape nable (Optional) enable ERPS Trap.

By default, ERPS Trap is disabled.

6.5.3 (Optional) creating ERPS protection sub-ring

Only the intersecting ring consists of a master ring and a sub-ring. Configurations on the master ring are identical to the ones on the single

ring/tangent ring. For details, see section 6.5.2 Creating ERPS protection ring. Configurations of non-intersecting nodes of the intersecting ring are identical to

the ones on on the single ring/tagent ring. For details, see section 6.5.2 Creating ERPS protection ring.



2 Raisecom(config)#ethernet ring-

protection ring-id { east interface-

type interface-number | west

interface-type interface-number }

node-type rpl-owner [ not-revertive ]

[ protocol-vlan vlan-id ] [ block-

vlanlist vlanlist ]

Create the sub-ring on the intersecting node and set

the intersecting node to the RPL Owner.

By default, the protocol VLAN is set to 1. Blocked

VLANs ranges from 1 to 4094.

The links between 2 intersecting nodes belong to the master ring. Therefore, when you configure the sub-ring on the intersecting node, you can only configure the west or east interface.

Raisecom(config)#ethernet ring-




node-type rpl-neighbour [ not-

revertive ] [ protocol-vlan vlan-id ]

[ block-vlanlist vlanlist ]


the intersecting node to the RPL Neighbour.

Raisecom




Raisecom(config)#ethernet ring-




[ not-revertive ] [ protocol-vlan



the intersecting node to the protection forwarding

node.


protection ring-id raps-vc { with |

without }

(Optional) configure the sub-ring virtual channel

mode on the intersecting node. By default, the sub-

ring virtual channel adopts the with mode.

Transmission modes on 2 intersecting nodes must be identical.


protection ring-id propagate enable Enable the ring Propagate switch on the

intersecting node.

By default, the ring Propagate switch is disabled.

6.5.4 Configuring ERPS fault detection modes




ring-id { east | west } failure-detect

physical-link

Set the ERPS fault detection mode to failure-

detect physical-link.

By default, the ERPS fault detection mode is

set to failure-detect physical-link.


ring-id { east | west } failure-detect cc

[ md md-name ] ma ma-name level level mep

local-mep-id remote-mep-id


detect cc.

This ERPL fault detection mode cannot take

effect unless you finish related configurations

on CFM.

If you configure the MD, the MA should be

below the configured md-level.


ring-id { east| west } failure-detect

physical-link-or-cc [ md md-name] ma ma-

name level level mep local-mep-id remote-

mep-id


detect physical-link-or-cc.

In this mode, a Trap is reported when a fault

is detected on the physical link/CC.

This ERPL fault detection mode cannot take

effect unless you finish related configurations

on CFM.

If you configure the MD, the MA should be

below the configured md-level.

Raisecom



6.5.5 (Optional) configuring ERPS switching control

By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ERPS switching control in some special cases.




protection ring-id force-switch

{ east | west }

Switch the traffic on the protection ring to the west/east

interface forcedly.

east: block the east interface and switch the traffic to

the west interface forcedly. west: block the west interface and switch the traffic to

the east interface forcedly.


protection ring-id manual-switch

{ east | west }

Switch the traffic on the protection ring to the west/east

interface manually. Its priority is lower than the one of

forced switch and APS.



1 Raisecom)#show ethernet ring-protection Show ERPS ring configurations.

2 Raisecom)#show ethernet ring-protection status Show ERPS ring status.

3 Raisecom)#show ethernet ring-protection statistics Show ERPS statistics.

6.6 Configuring failover


Scenario

When the uplink of the middle device fails and the middle device fails to inform the

downstream devices of the fault, the traffic cannot be switched to the backup line. This may

cause traffic break.

The failover feature is used to add the upstream interfaces and downstream interfaces of the

middle device to a failover group. In addition, it is used to monitor the upstream interfaces.

When all upstream interfaces fail, downstream interfaces are in Down status. When one failed

upstream interface receovers from the fault, all downstream interfaces are in Up status.

Raisecom



Therefore, faults of the uplinks can be notified to the downstream devices in time. If

downstream interfaces fail, upstream interfaces still work properly.

Prerequisite

Before configuring failover, you need to connect interfaces, configure physical parameters of

the interfaces and make the physical layer Up.

6.6.2 Configuring failover



2 Raisecom(config)#fault-tracking group

group-number upstream interface-type

interface-list

Create the interface-based failover group.

Raisecom(config)#fault-tracking group

group-number upstream channel-group

group-id

Create the LACP-based failover group.


group-number action { shutdown |

modify-pvid vlan-id } interface-type

interface-list

Configure fault processing actions of the interface-

based failover group.


group-number action { delete-vlan

vlan-id | suspend-vlan vlan-id }

interface-type interface-list


group-number action shutdown channel-

group group-id

Configure fault processing actions of the LACP-

based failover group.


group-number trap enable Enable the failover group sending Trap to the

NView NNM system.



1 Raisecom#show link-state-

tracking group group-number Show configurations of a failover group.

6.7 Maintenance

Raisecom



Command Description

Raisecom(config)#clear ethernet

line-protection ring-id end-to-end

command

Clear end-to-end protection switching

commands, including the lockout, force-

switch, manual-switch, and manual-

switch-to-work commands.


line-protection statistics Clear protection line statistics, including

the number of Tx APS packets, Rx APS

packets, last switching time, and last status

switching time.


ring-protection ring-id command Clear protection switching commands,

including the force-switch and manual-

switch commands.

Raisecom(config)#clear ethernet ring-protection ring-id statistics

Clear protection ring statistics.


6.8.1 Examples for configuring manual link aggregation


As shown in Figure 6-13, to improve the reliability of the link between iTN A and iTN B, you

can configure manual link aggregation on iTN A and iTN B. Add line 1 and line 2 to a LAG to

form a single logical interface. The LAG performs load-sharing to the source MAC address.

Figure 6-13 Configuring manual link aggregation

Configuration steps

Step 1 Create a manual LAG.

Configure iTN A.

Raisecom




iTNA#config

iTNA(config)#interface port-channel 1

iTNA(config-aggregator)#mode manual

iTNA(config-aggregator)#exit

Configure iTN B.


iTNB#config

iTNB(config)#interface port-channel 1

iTNB(config-aggregator)#mode manual

iTNB(config-aggregator)#exit

Step 2 Add interfaces to the LAG.

Configure iTN A.


iTNA(config-port)#channel group 1





Configure iTN B.


iTNB(config-port)#channel group 1





Step 3 Configure the load-sharing mode of the LAG and enable link aggregation, taking iTN A for

an example.

iTNA(config)#link-aggregation load-sharing mode smac

iTNA(config)#link-aggregation enable

Step 4 Save configurations, taking iTN A for an example.

Raisecom



iTNA#write

Checking results

Use the showlink-aggregation command to show global configurations on manual link

aggregation.

iTNA#show link-aggregation

Link aggregation status:Enable

Load sharing mode:SMAC

Load sharing ticket generation algorithm:Direct-map

M - Manual S - Static-Lacp D - Dynamic-Lacp

GroupID Mode MinLinks MaxLinks UpLinks Member Port List Efficient Port

List

-------------------------------------------------------------------------

1 M 1 1 2 line 1-2 client 1 line 1

6.8.2 Examples for configuring static LACP link aggregation


As shown in Figure 6-14, to improve the reliability of the link between iTN A and iTN B, you

can configure static LACP link aggregation on iTN A and iTN B. Add Line 1 and Line 2 to a

LAG to form a logical interface.

Figure 6-14 Configuring static LACP link aggregation

Configuration steps

Step 1 Configure the static LACP LAG on iTN A and set iTN A to the active end.


iTNA#config

iTNA(config)#lacp system-priority 1000

iTNA(config)#interface port-channel 1

Raisecom



iTNA(config-aggregator)#mode lacp-static

iTNA(config-aggregator)#exit



iTNA(config-port)#lacp port-priority 1000

iTNA(config-port)#lacp mode active




iTNA(config-port)#lacp mode active


iTNA(config)#link-aggregation enable

Step 2 Configure the static LACP LAG on iTN B.


iTNB#config

iTNB(config)#interface port-channel 1

iTNB(config-aggregator)#mode lacp-static

iTNB(config-aggregator)#exit







iTNB(config)#link-aggregation enable


iTNA#write

Checking results

Use the showlink-aggregation command on iTN A to show global configurations on static

LACP link aggregation.

iTNA#show link-aggregation

Link aggregation status:Enable

Load sharing mode:SXORDMAC

Load sharing ticket generation algorithm:Direct-map

M - Manual S - Static-Lacp D - Dynamic-Lacp

GroupID Mode MinLinks MaxLinks UpLinks Member Port List Efficient Port

List

-------------------------------------------------------------------------

1 S 1 6 0 1-2

Raisecom



Use the show lacp internal command on iTN A to show the local system LACP interface

status, flag, interface priority, administration key, operation key, and interface state machine

satus.

iTNA#show lacp internal

Flags:

S - Device is requesting Slow LACPDUs F - Device is requesting Fast

LACPDUs

A - Device in Active mode P - Device in Passive mode MP - MLACP Peer

Port

Interface State Flag Port-Priority Admin-key Oper-key Port-State

-------------------------------------------------------------------------

L1 Active SA 1000 1 1 0x45

L2 Standby SA 32768 1 1 0x45

Use the show lacp neighbor command on iTN A to show the remote system LACP interface

status, flag, interface priority, administration key, operation key, and interface state machine

satus.

6.8.3 Examples for configuring interface backup


As shown in Figure 6-15, to make the PC access the server reliably, you need to configure the

interface backup group on iTN A and back up services from VLANs 100–200 for achieving

link protection. Configurations are shown as below:

In VLANs 100–150, set Line 1 of iTN A to the primary interface and Line 2 of iTN A to

the backup interface.

In VLANs 151–200, set Line 2 of iTN A to the primary interface and Line 1 of iTN A to

the backup interface.

When Line 1 fails, the traffic is switched to Line 2 to keep the link normal.

The iTN A should support interface backup while iTN B, iTN C, and iTN D do not need to

support interface backup.

Raisecom



Figure 6-15 Configuring interface backup

Configuration steps

Step 1 Creates VLANs 100–200 and add Line 1 and Line 2 to VLANs 100–200.

Raisecom#config

Raisecom(config)#create vlan 100-200 active

Raisecom(config)#interface line 1

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm



Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm


Step 2 In VLANs 100–150, set Line 1 to the primary interface and Line 2 to the backup interface.


Raisecom(config-port)#switchport backup line 2 vlanlist 100-150


Step 3 In VLANs 151–200, set Line 2 to the primary interface and Line 1 to the backup interface.


Raisecom(config-port)#switchport backup line 1 vlanlist 151-200

Raisecom




Raisecom#write

Checking results

Use the show switchport backup command to show interface backup configurations in

normal state and in link-failure state.

When both Line 1 and Line 2 are in Up status, Line 1 forwards the traffic in VLANs 100–150

and Line 2 forwards the traffic in VLANs 151–200.

Raisecom#show switchport backup

Restore delay: 15s.

Restore mode: port-up.

Active Port(State) Backup Port(State) Vlanlist

---------------------------------------------------------

line1 (Up) line2 (Standby) 100-150

line2 (Up) line1 (Standby) 151-200

Manually break the link between iTN A and iTN B to emulate a fault. At this time, Line 1 is in

Down status and Line 2 is responsible for forwarding the traffic in VLANs 100–200.


Restore delay: 15s

Restore mode: port-up


-----------------------------------------------------------------

line1 (Down) line2 (Up) 100-150

line2 (Up) line1 (Down) 151-200

When Line 1 recovers from a fault, during the WTR time, Line 1 is the standby interface and

Line 2 is responsible for forwarding the traffic in VLANs 100–200.


Restore delay: 15s.



-------------------------------------------------------------

line1(Standby) line2(Up) 100-150

line2(Up) line1(Standby) 151-200

When Line 1 recovers to the Up status and keeps for 15s (restore-delay), Line 1 forwards the

traffic in VLANs 100–150 and Line 2 forwards the traffic in VLANs 151–200.

Raisecom




Restore delay: 15s.



----------------------------------------------------------------------



6.8.4 Examples for configuring 1:1 ELPS


As shown in Figure 6-16, to enhance reliability of the link between iTN A and iTN B, you

need to configure 1:1 ELPS on iTN A and iTN B and detect the fault based on the physical

interface status. The working interface line 1 and protection interface line 2 are in VLANs

100–200.

Figure 6-16 Configuring 1:1 ELPS

Configuration steps

Step 1 Creates VLANs 100–200 and add line 1 and line 2 to VLANs 100–200.

Configure iTN A.


iTNA#config

iTNA(config)#create vlan 100-200 active



iTNA(config-port)#switchport trunk allowed vlan 100-200 confirm




iTNA(config-port)#switchport trunk allowed vlan 100-200 confirm


Configure iTN B.


iTNB#config

iTNB(config)#create vlan 100-200 active

Raisecom





iTNB(config-port)#switchport trunk allowed vlan 100-200 confirm




iTNB(config-port)#switchport trunk allowed vlan 100-200 confirm


Step 2 Create the 1:1 ELPS protection line.

Configure iTN A.

iTNA(config)#ethernet line-protection 1 working line 1 1,100-200

protection line 2 1,100-200 one-to-one 150

Configure iTN B.

iTNB(config)#ethernet line-protection 1 working line 1 1,100-200

protection line 2 1,100-200 one-to-one 150

Step 3 Configure the fault detection mode.

Configure iTN A.

iTNA(config)#ethernet line-protection 1 working failure-detect physical-

link

iTNA(config)#ethernet line-protection 1 protection failure-detect

physical-link

Configure iTN B.

iTNB(config)#ethernet line-protection 1 working failure-detect physical-

link

iTNB(config)#ethernet line-protection 1 protection failure-detect

physical-link


iTNA#write

Raisecom



Checking results

Use the show ethernet line-protection command to show 1:1 ELPS configurations, taking

iTN A for an example.

iTNA#show ethernet line-protection 1

Id:1

Name:--

ProtocolVlan: 150

Working Entity Information:

Port: line1

Vlanlist: 100-200

FaiureDetect:physical

MAID: --

MdLevel: 0

LocalMep: 0

RemoteMep:0

State/LCK:Active/N

Protection Entity Information:

Port: line2

Vlanlist: 100-200

FaiureDetect:physical

MAID: --

MdLevel: 0

LocalMep: 0

RemoteMep:0

State/F/M:Standby/N/N

Wtr(m):5

Holdoff(100ms):0

Use the show ethernet line-protection aps command to show 1:1 ELPS APS information,

taking iTN A for an example.

iTNA#show ethernet line-protection 1 aps

Id Type Direction Revert Aps State Signal(Requested/Bridged)

-----------------------------------------------------------------------

1-Local 1:1 bi yes yes NR-W null/null

1-Remote 1:1 bi yes yes NR-W null/null

6.8.5 Examples for configuring single-ring ERPS


As shown in Figure 6-17, to enhance Ethernet reliability, iTN A, iTN B, iTN C, and iTN D

form an ERPS single ring.

iTN A is the RPL Owner and iTN B is the RPL neighbour. The link between iTN A and iTN B

are blocked.

Raisecom



The fault detection mode on the link between iTN A and iTN D is set to physical-link-or-cc.

The default detection mode on other links is set to physical-link.

The default value of protocol VLAN is set to 1. Blocked VLAN IDs ranges from 1 to 4094.

Figure 6-17 Configuring single-ring ERPS

Configuration steps

Step 1 Add interfaces to VLANs 1–4094.

Configure iTN A.


iTNA#config







Configure iTN B.


iTNB#config







Raisecom



Configure iTN C.

Raisecom#hostname iTNC

iTNC#config

iTNC(config)#interface line 1

iTNC(config-port)#switchport mode trunk

iTNC(config-port)#exit




Configure iTN D.

Raisecom#hostname iTND

iTND#config

iTND(config)#interface line 1

iTND(config-port)#switchport mode trunk

iTND(config-port)#exit




Step 2 Configrue CFM.

Configure iTN A.

iTNA(config)#cfm domain md-name md1 level 7

iTNA(config)#service ma1 level 7

iTNA(config-service)#service vlan-list 1

iTNA(config-service)#service mep down mpid 1 line 2

iTNA(config-service)#service remote-mep 2

iTNA(config-service)#service cc enable mep 1

iTNA(config-service)#exit

iTNA(config)#cfm enable

Configure iTN D.

iTND(config)#cfm domain md-name md1 level 7

iTND(config)#service ma1 level 7

iTND(config-service)#service vlan-list 1

iTND(config-service)#service mep down mpid 2 line 1

iTND(config-service)#service remote-mep1

iTND(config-service)#service cc enable mep 2

iTND(config-service)#exit

iTND(config)#cfm enable

Raisecom



Step 3 Create the ERPS protection ring.

Configure iTN A.

iTNA(config)#ethernet ring-protection 1 east line 1 west line 2 node-type

rpl-owner rpl east

Configure iTN B.

iTNB(config)#ethernet ring-protection 1 east line 1 west line 2 node-type

rpl-neighbour rplwest

Configure iTN C.

iTNC(config)#ethernet ring-protection 1 east line 1 west line 2

Configure iTN D.

iTND(config)#ethernet ring-protection 1 east line 1 west line 2

Step 4 Configure the fault detection mode.

Configure iTN A.

iTNA(config)#ethernet ring-protection 1 west failure-detect physical-

link-or-cc md md1 ma ma1 level 7 mep 12 22

Configure iTN D.

iTND(config)#ethernet ring-protection 1 east failure-detect physical-

link-or-cc md md1 ma ma1 level 7 mep 21 32


iTNA#write

Raisecom



Checking results

Use the show ethernet ring-protection status command to show ERPS protection ring

configurations, taking iTN A for an example. RPLs are blocked to avoid a loop.

iTNA#show ethernet ring-protection status

Id/Name Bridge-State Last Occur(ago) East-State West-State sc Traffic-

vlanlist

-------------------------------------------------------------------------

1 idle 0 day 0：0：50：750 block forwarding 1 1-4094

Manually break the link between iTN B and iTN C to emulate a fault. Use the show ethernet

ring-protection status command on iTN A again to show ERPS protection ring status. RPLs

are in forwarding status.



vlanlist

-------------------------------------------------------------------------

1 Protection0 day 0：0：55：950 forwardingforwarding 1 1-4094

6.8.6 Examples for configuring intersecting-ring ERPS


As shown in Figure 6-18, to enhance Ethernet reliability, iTN A, iTN B, iTN C, iTN D, iTN E,

and iTN F form an ERPS intersecting ring.

iTN A, iTN B, iTN C, and iTN D form the master ring. iTN D is the RPL Owner of the master

ring and iTN C is the RPL neighbour of the master ring. The blocked interface is line 1 of iTN

D. The default value of protocol VLAN is set to 1.

iTN A, iTN B, iTN e, and iTN F form the sub-ring. iTN F is the RPL Owner of the sub-ring

and iTN A is the RPL neighbour of the sub-ring. The blocked interface is client 1 of iTN F.

The default value of protocol VLAN is set to 4094. The virtual channel mode of the sub-ring

is set to with mode.

Blocked VLAN IDs ranges from 1 to 4094 for both the master ring and the sub-ring.

Devices on the master ring adopt the physical-link-or-cc fault detection mode while devices

on the sub-ring adopt the physical-link fault detection mode.

Raisecom



Figure 6-18 Configuring intersecting-ring ERPS

Configuration steps

Step 1 Add interfaces to VLANs 1–4094.

Configure iTN A.


iTNA#config










Configure iTN B.


iTNB#config










Raisecom



Configure iTN C.


iTNC#config







Configure iTN D.

Raisecom#hostname iTND

iTND#config







Configure iTN E.

Raisecom#hostname iTNE

iTNE#config

iTNE(config)#interface client 1

iTNE(config-port)#switchport mode trunk

iTNE(config-port)#exit

iTNE(config)#interface client 2

iTNE(config-port)#switchport mode trunk

iTNE(config-port)#exit

Configure iTN F.

Raisecom#hostname iTNF

iTNF#config

iTNF(config)#interface client 1

iTNF(config-port)#switchport mode trunk

iTNF(config-port)#exit

iTNF(config)#interface client 2

iTNF(config-port)#switchport mode trunk

iTNF(config-port)#exit

Step 2 Configure CFM detection on the master ring.

Raisecom



Configure iTN A.

iTNA(config)#cfm domain md-name md1 level 7








iTNA(config)#cfm enable

Configure iTN B.

iTNB(config)#cfm domain md-name md1 level 7

iTNB(config)#service ma1 level 7

iTNB(config-service)#service vlan-list 1

iTNB(config-service)#service mep down mpid 3 line 1

iTNB(config-service)#service mep down mpid 4 line 2

iTNB(config-service)#service cc enable mep 3

iTNB(config-service)#service cc enable mep 4

iTNB(config-service)#exit

iTNB(config)#cfm enable

Configure iTN C.

iTNC(config)#cfm domain md-name md1 level 7

iTNC(config)#service ma1 level 7

iTNC(config-service)#service vlan-list 1

iTNC(config-service)#service mep down mpid 5 line 1

iTNC(config-service)#service mep down mpid 6 line 2

iTNC(config-service)#service cc enable mep 5

iTNC(config-service)#service cc enable mep 6

iTNC(config-service)#exit

iTNC(config)#ethernet cfm enable

Configure iTN D.

iTND(config)#cfm domain md-name md1 level 7

iTND(config)#service ma1 level 7

iTND(config-service)#service vlan-list 1





iTND(config-service)#exit

Raisecom



iTND(config)#ethernet cfm enable

Step 3 Create the ERPS master ring.

Configure iTN A.

iTNA(config)#ethernet ring-protection 1 east line 1 west line 2

Configure iTN B.

iTNB(config)#ethernet ring-protection 1 east line 1 west line 2

Configure iTN C.

iTNC(config)#ethernet ring-protection 1 east line 1 west line 2node-type

rpl-neighbour rpl west

Configure iTN D.

iTND(config)#ethernet ring-protection 1 east line 1 west line 2 node-type

rpl-owner rpl east

Step 4 Configure the fault detection mode of the master ring.

Configure iTN A.

iTNA(config)#ethernet ring-protection 1 east failure-detect physical-

link-or-cc md md1 ma ma1 level 7 mep 18

iTNA(config)#ethernet ring-protection 1 west failure-detect physical-


Configure iTN B.

iTNB(config)#ethernet ring-protection 1 east failure-detect physical-


iTNB(config)#ethernet ring-protection 1 west failure-detect physical-


Configure iTN C.

Raisecom



iTNC(config)#ethernet ring-protection 1 east failure-detect physical-


iTNC(config)#ethernet ring-protection 1 west failure-detect physical-


Configure iTN D.

iTND(config)#ethernet ring-protection 1 east failure-detect physical-


iTND(config)#ethernet ring-protection 1 west failure-detect physical-


Step 5 Configure the ERPS sub-ring.

Configure iTN A.

iTNA(config)#ethernet ring-protection 2 east client 1 node-type rpl-

neighbour protocol-vlan 4094

iTNA(config)#ethernet ring-protection 2 propagate enable

Configure iTN B.

iTNB(config)#ethernet ring-protection 2 east client 1 protocol-vlan 4094

iTNB(config)#ethernet ring-protection 2 propagate enable

Configure iTN E.

iTNE(config)#ethernet ring-protection 2 east client 1 west client 2

protocol-vlan 4094

Configure iTN F.

iTNF(config)#ethernet ring-protection 2 east client 1 west client 2 node-

type rpl-owner rpl east protocol-vlan 4094


iTNA#write

Raisecom



Checking results

Use the show ethernet ring-protection status command on iTN A, iTN D, and iTN F to

show ERPS protection ring configurations.



vlanlist

-----------------------------------------------------------------------

1 idle 0 day 0：0：50：750 forwarding forwarding 1 1-4094

Id/Name Status Last Occur(ago) East-State West-State sc Traffic-

vlanlist

-----------------------------------------------------------------------

2 idle 0 day 0：0：50：750 forwarding forwarding 1 1-4094

iTND#show ethernet ring-protection status


vlanlist

-----------------------------------------------------------------------


iTNF#show ethernet ring-protection status


vlanlist

-----------------------------------------------------------------------


Raisecom

iTN165-CES (A) Configuration Guide 7 DHCP Client


7 DHCP Client

This chapter describes principles and configuration procedures of DHCP Client, as well as

related configuration examples, including following sections:

Introduction

Configuring DHCP Client


7.1 Introduction With continuous extension of network scale and improvement of network complexity, the

number of PCs always exceeds the one of available IP addresses. In addition, with wide

application of Laptops and wireless network, positions of PCs are changed frequently.

Therefore, IP addresses must be updated frequently. This may lead to more complex network

configurations. Dynamic Host Configuration Protocol (DHCP) is developed to resolve these

problems.

With continuous extension of network scale, it is more complex to manage IP addresses.

With the number of PCs in the network increasing continuously, it is the heavy work to

configure and modify IP address manually.

There are many laptops in the network, whose physical locations are changed frequently.

Therefore, you need to modify IP addresses frequently.

To improve management efficiency of IP addresses, you should perform centralized

management on IP addresses.

To resolve these problems, Dynamic Host Configuration Protocol (DHCP) is introduced.

DHCP can automatically assign IP addresses, gateways, IP addresses of Domain Name

System (DNS) server for all clients on the network. This helps reduce workload of the

administrator and realize centralized management on IP addresses.

7.1.1 Working principles of DHCP

DHCP works in client/server mode. A DHCP Client sends an IP address request to the DHCP

Server and the DHCP Server provides an IP address and related configurations for the DHCP

Client to realize automatically assigning the IP address.

There is one DHCP Server and multiple DHCP Clients (PCs/Laptops) in the typical DHCP

application, as shown in Figure 7-1.

Raisecom



Figure 7-1 Typical DHCP application

Working process of DHCP

The following steps show how the DHCP Server provides an IP address for a DHCP Client.

Step 1 Requesting an IP address: the DHCP Client broadcasts a DHCPDiscover packet to query

DHCP Servers at the network segment for obtaining an IP address and related configurations.

Step 2 Providing an IP address: after receiving the DHCPDiscover packet, all DHCP Servers at the

network segment will broadcast a DHCPOffer packet. The packet includes the IP address and

related configurations provides for the DHCP Client, as well as identification of the DHCP

Server.

Step 3 Selecting an IP address: after receiving DHCPOffer packets (perhaps multiple packets), in

general. The DHCP Client selects the IP address in the first DHCPOffer packet as its own IP

address. Meanwhile, the DHCP Client broadcasts a DHCPRequest packet to notify other

DHCP Servers to withdraw their DHCPOffer packets.

Step 4 Confirming the IP address: after receiving the feedback, the DHCP Server sends a DHCPAck

packet to the DHCP Client to confirm the IP address.

Renewing DHCP lease

After receiving an IP address from the DHCP Server, the DHCP Client cannot use the IP

address permanently. The IP address has a fixed period, which is called a lease period. The

lease period can be specified. If the DHCP Client needs to use the IP address permanently, it

must renew the lease period. To new a lease, follow these steps:

When 50% lease period expires, the DHCP Client sends a DHCPRequest packet to the

DHCP Server for renewing the lease. If successful, the lease period is changed to a

complete one. Otherwise, the DHCP Client sends a DHCPRequest packet when 87.5%

lease period expires.

When 87.5% lease period expires, the DHCP Client sends a DHCPRequest packet again

to the DHCP Server for renewing the lease. If successful, the lease period is changed to a

complete one. Otherwise, the DHCP Server will withdraw the IP address.

Applications of DHCP

In general, the DHCP Server can assign IP addresses in the following scenarios:

The network scale is large. In addition, it is the heavy workload to configure IP addresses

manually.

Raisecom



The number of hosts in the network is greater than the number of IP addresses. You

cannot assign a fixed IP address for each host. In addition, the number of host in the

network is limited.

Only a few hosts in the network need a fixed IP address while most hosts do not need a

fixed IP address.

7.1.2 DHCP packets

The DHCP Server and DHCP Clients communicate with each other through the DHCP

packets. Figure 7-2 shows the structure of the DHCP packet.

Figure 7-2 Structure of DHCP packet

Table 7-1 describes fields of the DHCP packet.

Table 7-1 Fields of DHCP packet

Name Length (B) Description

op 1 Packet type

1: request packet 2: response packet

htype 1 Hardware address type of a DHCP Client

hlen 1 Hardware address length of a DHCP Client

hops 1 Number of DHCP relays that DHCP request packet

pass

The value is added by 1 once the DHCP request packet

passes through a DHCP relay.

xid 4 Transaction ID, a random number chosen by the

DHCP Client. It is used to identify an address request

process.

secs 2 Time elapsed since the DHCP Client initiates a DHCP

request. At present, it is not used and is set to 0.

Raisecom



Name Length (B) Description

flags 2 The first bit is a broadcast response identifier, which is

used to identify that the DHCP Server sends the

response packet in the unicast/broadcast mode

0: unicast 1: broadcast

Other bits are reserved.

ciaddr 4 IP address of the DHCP Client, which is padded when

the DHCP Client is being bound, updated, or

rebounded. In addition, this IP address can be used to

respond the ARP request.

yiaddr 4 IP address of the DHCP Client allocated by the DHCP

Server

siaddr 4 IP address of the DHCP Server

giaddr 4 IP address of the first DHCP relay where the DHCP

request packet pass

chaddr 16 Hardware address of the DHCP Client

sname 64 Name of the DHCP Server

file 128 Startup configuration file name and route information

of the DHCP Client specified by the DHCP Server

options Variable length Optional variable length fields, including the packet

type, valid lease, IP address of the Domain Name

System (DNS) server, and IP address of the Windows

Internet Name Server (WINs)

7.1.3 DHCP Client

The iTN165-CES can be taken as a DHCP Client to get an IP address from the DHCP Server.

The NView NNM system can manage the iTN165-CES after it obtains an IP address from the

DHCP Server automatically, as shown in Figure 7-3.

Raisecom



Figure 7-3 DHCP Client

7.2 Configuring DHCP Client


Scenario

When the iTN165-CES acts as a DHCP Client, it gets an IP address from the specified DHCP

Server. The IP address is used to perform follow-up management on the iTN165-CES.

When the IP address of the DHCP Client is dynamically assigned, it has the lease time. When

the lease time expires, the DHCP Server will withdraw the IP address. The DHCP Client

needs to renew the IP address if it continues to use the IP address. If the lease time does not

expire and the DHCP Client does not need to use the IP address, it can release the IP address.

The iTN165-CES supports related configurations of DHCP Clients on IP interface 0 only.

Prerequisite

The iTN165-CES is not enabled with DHCP Server.

7.2.2 (Optional) configuring DHCPv4 Client information



2 Raisecom(config)#interface ip 0 Enter Layer 3 interface configuration mode.

Raisecom




3 Raisecom(config-ip)#ip dhcp client

{ class-id class-id | client-id

client-id | hostname hostname }

Configure DHCPv4 Client information, including

class identifier, client identifier, and host name.

If the iTN165-CES is enabled with DHCPv4 Client, you cannot configure the DHCPv4 Client information.

7.2.3 Enabling DHCPv4 Client




3 Raisecom(config-ip)#ip address

dhcp [ server-ip ip-address] Enable DHCPv4 Client and specify the DHCPv4 Server

address. It means enabling DHCPv4 Client applying for

the IP address.

7.2.4 (Optional) renewing IPv4 addresses




3 Raisecom(config-ip)#ip dhcp client renew Renew the IPv4 address.



1 Raisecom#show ip dhcp client Show DHCPv4 Client configurations.

Raisecom




7.3.1 Examples for configuring DHCPv4 Client


As shown in Figure 7-4, the iTN device acts as the DHCP Client. The DHCP Server needs to

assign an IP address to the iTN device. Therefore, the NView NNM system can discover and

manage the iTN device.

The hostname is set to raisecom.

Figure 7-4 Configuring DHCPv4 Client

Configuration steps

Step 1 Configure DHCP Client (the iTN device) information.

Raisecom#config


Raisecom(config-ip)#ip dhcp client hostname raisecom

Step 2 Apply an IP address in the DHCP mode.


Raisecom(config-ip)#ip address dhcp server-ip 192.168.1.1


Raisecom#write

Raisecom



Checking results

Use the show ip dhcp client command to show DHCP Client configurations.

Raisecom#show ip dhcp client

Hostname: raisecom

Class-ID: Raisecom-ROS_iTN165_2.0.8.20120809

Client-ID: Raisecom-ff00537bc000-IF0

DHCP Client is requesting for a lease.

Assigned IP Addr: 0.0.0.0

Subnet mask: 0.0.0.0

Default Gateway: --

Client lease Starts: Jan-01-2010 08:00:00

Client lease Ends: Jan-01-2011 08:00:00

Client lease duration: 0(sec)

DHCP Server: 192.168.1.1

Tftp server name: --

Tftp server IP Addr: --

Startup_config filename: --

NTP server IP Addr: --

Root path: -

Raisecom

iTN165-CES (A) Configuration Guide 8 OAM


8 OAM

This chapter describes principles and configuration procedures of OAM, as well as related


Introduction

Configuring EFM

Configuring CFM

Configuring SLA

Configuring RFC2544

Maintenance


8.1 Introduction In aspects of functionality and scale, the Carrier-grade Ethernet OAM can be divided into

UNI-to-UNI service-layer OAM for ISP, connectivity OAM for the Carrier, link-level OAM

for physical link monitoring, and Ethernet local management interface E-LMI. Figure 8-1

shows the architecture of Ethernet OAM.

Figure 8-1 Architecture of Ethernet OAM

Raisecom



The iTN165-CES provides multiple hierarchical OAM management and maintenance

functions, helping manage and control devices in the network.

8.1.1 EFM

Complying with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level

Ethernet OAM technology, used for the Ethernet physical link between two directly connected

devices. It provides OAM discovery, OAM link monitoring, remote fault notification, and

OAM remote loopback functions.

OAM discovery

The Ethernet OAM connection process is the discovery phase. At this phase, the active OAM

entity initiates the OAM connection. Both ends inform each other of their Ethernet OAM

configurations and Ethernet OAM capabilities supported by the local node by exchanging the

Information OAMPDU. Ain addition, they decide whether to establish OAM connection. If

both ends agree on establishment of the OAM connection, Ethernet OAM protocol will work

on the link layer.

After the OAM connection is established, both ends keep connected by exchanging the

Information OAMPDU. If an OAM entity does not receive the Information OAMPDU within

5s, it is believed that connection expires and connection re-establishment is required.

OAM link monitoring

Ethernet OAM monitors the link by exchanging the Event Notification OAMPDU. When a

link fails, an OAM entity detects the failure and sends the Event Notification OAMPDU to

the peer OAM entity to inform the following threshold events.

Error frame event: the number of error frames exceeds the threshold in a time unit.

Error frame period event: the number of error frames exceeds the threshold in a period

(specified N frames).

Error frame second event: the number of error frames in M seconds exceeds the

threshold.

Error symbol period event: the number of error symbols exceeds the threshold in a

period.

Remote fault notification

When the device fails or is unavailable, it may cause network crash. Therefore, the OAMPDU

defines a flag bit (flag domain), which is used to allow the OAM entities to continuously send

the Information OAMPDU to the peer for informing the fault.

Link fault: the peer link signal is lost. The OAM entity sends the OAMPDU every a

second.

Dying Gasp: a fault that cause system crash is generated. For example, the power is off.

The OAM entity sends the OAMPDU immediately and continuously.

Critical event: a critical event is generated. For example, the voltage exceeds the

threshold. The OAM entity sends the OAMPDU immediately and continuously.

OAM remote loopback

OAM remote loopback is used to locate the position where a fault occurs. In addition,

together with the instrument, you can test the link quality.

Raisecom



During OAM remote loopback test process, the local OAM entity sends a loopback packet to

the remote end to enable it to enter the loopback status. At this time. all packets except for the

OAMPDU packet is sent back by the peer OAM entity, as shown in Figure 8-2. The local

OAM entity confirms the link quality based on the returned packets.

Figure 8-2 OAM remote loopback

8.1.2 CFM

Connectivity Fault Management (CFM) is a network-level Ethernet OAM technology,

providing end-to-end connectivity fault detection, fault notification, fault judgement, and fault

location. It is used to diagnose fault actively for Ethernet Virtual Connection (EVC), provide

cost-effective network maintenance solution, and improve network maintenance via the fault

management function.

Both ITU-Y.1731 and IEEE 802.1ag can realize CFM and provide end-to-end Ethernet

management, including connectivity detection, loopback, and link tracing. In addition, ITU-

Y.1731 can measure the frame loss ratio and frame delay while IEEE 802.1ag provides AIS

and LCK features.

The iTN165-CES provides CFM that is compatible with both ITU-Y.1731 and IEEE 802.1ag

standards.

Related concepts of CFM

CFM consists of following components:

MD

Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that

runs CFM. It defines network range of OAM management. MD has a level property, with 8

levels (level 0 to level 7). The bigger the number is, the higher the level is and the larger the

MD range is. Protocol packets in a lower-level MD will be discarded after entering a higher-

level MD. If no Maintenance association End Point (MEP) but a Maintenance association

Intermediate Point (MIP) is in a high-level MD, the protocol can traverse the higher-level MD.

However, packets in a higher-level MD can traverse lower-level MDs. In the same VLAN

range, different MDs can be adjacent, embedded, but not crossed.

MA

The Maintenance Association (MA) is also called service instance. It is a part of a MD. One

MD can be divided into one or multiple service instances. One service instance corresponds to

one service and is mapped to a group of VLANs. VLANs of different service instances cannot

Raisecom



cross. Though a service instance can be mapped to multiple VLANs, one service instance can

only use a VLAN for sending or receiving OAM packets.

MEP

As shown in Figure 8-3, the MEP is an edge node of a service instance. MEPs can be used to

send and process CFM packets. The service instance and the MD where the MEP locates

decide VLANs and levels of packets received and sent by the MEP.

For any device that runs CFM in the network, the MEP is called local MEP. For MEPs on

other devices of the same service instance, they are called Remote Maintenance association

End Points (RMEP).

Multiple MEPs can be configured in a service instance. Packets sent by MEPs in one instance

take identical S-VLAN TAG, priority, and C-VLAN TAG. A MEP can receive OAM packets

sent by other MEPs in the instance, intercept packets which at the same or lower level, and

forward packets of higher level.

Figure 8-3 MEP and MIP

MIP

As shown in Figure 8-3, the MIP is the internal node of a service instance, which is

automatically created by the device. MIP cannot actively send CFM packets but can process

and response to LinkTrace Message (LTM) and LoopBack Message (LBM) packets.

MP

MEP and MIP are called Maintenance Point (MP).

Functions of CFM

CFM can provide the following OAM functions:

Fault detection (Continuity Check, CC)

Fault detection refers to using the Connectivity Check (CC) to detect the connectivity of the

Ethernet virtual connection for confirming the connection status between MPs. The function

is realized by periodically sending Continuity Check Messages (CCMs). One MEP sends

CCM and other MEPs in the same service instance can verify the RMEP status when

receiving this packet. If the iTN165-CES fails or a link is incorrectly configured, MEPs

cannot properly receive or process CCMs sent by RMEPs. If no CCM is received by a MEP

Raisecom



during 3.5 CCM intervals, it is believed that the link fails. Then a fault Trap will be sent

according to configured alarm priority.

Fault acknowledgement (LoopBack, LB)

Fault acknowledgement is realized through LoopBack (LB). This function is used to verify

the connectivity between two MPs through the source MEP sending LoopBack Message

(LBM) and the destination MP sending LoopBack Reply (LBR). The source MEP sends a

LBM to a MP who needs to acknowledge a fault. When receiving the LBM, the MP sends a

LBR to the source MEP. If the source MEP receives this LBR, it is believed that the route is

reachable. Otherwise, a connectivity fault occurs.

Fault location (LinkTrace, LT)

Fault location is realized through LinkTrace (LT). The source MEP sends LinkTrace Message

(LTM) to the destination MP and all MPs on the LTM transmission route will send a

LinkTrace Reply (LTR) to the source MEP. By recording valid LTR and LTM, this function

can be used to locate faults.

Alarm Indication Signal (AIS)

This function is used to inhibit alarms when a fault is detected at the server layer (sub-layer).

When detecting a fault, the MEP (including the server MEP) sends an AIS frame to the client-

layer MD. By transmitting ETH-AIS frames, the device can inhibit or stop an alarm on MEP

(or server MEP).

When receiving an AIS frame, the MEP must inhibit alarms for all peer MEPs regardless of

connectivity, because this frame does not include information about MEPs that are at the same

level with the failed MEP. With AIS, the device can inhibit the alarm information at client

level when the server layer (sub-layer) fails. Therefore, the network is easy for maintenance

and management.

Ethernet lock signal (Lock, LCK)

This function is used to notify managed lock and service interruption of server layer (sub-

layer) MEPs. The data traffic is sent to a MEP that expects to receive it. This function helps

the MEP that receives ETH-LCK frame to identify a fault. It is a managed lock action for

server layer (sub-layer) MEP. Lock is an optional OAM management function. One typical

scenario for applying this function is to perform detection when services are interrupted.

In general, CFM is an end-to-end OAM technology at the server layer. It helps reduce

operation and maintenance cost. In addition, it improves the competitiveness of service

providers.

8.1.3 SLA

SLA is an agreement between users and a service provider about the service quality, priority,

and responsibility. It is a telecommunication service evaluating standard negotiated by the

service provider and users.

In technology, SLA is a real-time network performance detection and statistic technology,

which can collect statistics on responding time, network jitter, delay, packet loss ratio, and

throughput, etc. SLA can be used to monitor related metrics by selecting different tasks for

different applications.

Ethernet throughput test (ETH-Test involved in this guide) is used for diagnostic test on

continuous services. It is a part of ETH-Test technology defined by Y.1731. You can test the

Layer 2 network throughput by configuring the test operation and enabling scheduling.

Raisecom



Basic concepts involved in SLA are shown as follows:

Operation

It is a static concept. It is a point-to-point SLA network performance test task, including Layer

2 network delay/jitter test (y1731-echo/y1731-jitter) and Layer 3 network delay/jitter test

(icmp-echo/icmp-jitter).

Test

It is a dynamic concept. It is used to describe an execution of one operation.

Detection

It is a dynamic concept. It is used to describe a procedure for sending-receiving detection

packets in a test. According to the definition of operation, one test can contain multiple

detections (For an Echo operation, one test contains one detection only).

Scheduling

It is a dynamic concept. It is used to describe a scheduling of one operation. One scheduling

contains multiple periodical tests.

When configuring SLA on the iTN165-CES, note the following items: Up to 16 operations can be configured and scheduled simultaneously. Before performing operation scheduling, configure CFM, You cannot modify the scheduling information or re-schedule an operation before

the operation scheduling is finished. Up to 20 detections are sent and 5 pieces of statistics are displayed for a test.

8.1.4 RFC2544

With widely application of Ethernet, more and more users perform data communicate through

Ethernet. Ethernet services are configured and established based on SLA signed by the Carrier

and users. Users care whether the Carrier can provide trusted service type and QoS. At this

time, you can evaluate the network stability by testing the throughput, frame loss rate, and

latency.

RFC2544 is a network benchmarking test process and test method defined by Internet

Engineering Task Force (IETF). It is used to test, evaluate, and analyze network quality or

device performance. Therefore, the Carrier, vendors, and users can test the network

quality/device performance at the same benchmarking level to reach an agreement on the test

method, test process, and test result.

RFC2544 defines how to provide the test method and test report of the following performance

parameters:

Throughput

Frame loss rate

Latency

Back-to-back

The iTN165-CES supports test the throughput, frame loss rate, and latency based on

RFC2544.

Raisecom



Throughput

Throughput refers to the maximum data flow to be forwarded when no frame is lost. In

general, it is measured by the maximum number of frames/bits forwarded every second. This

metric reflects the maximum data flow that can be processed when no frame is lost.

Figure 8-4 shows a throughput test application, The Tester is a RFC2544-based tester. You can

configure test parameters and view test results through the terminal. The Device Under Test

(DUT) is an Ethernet device where the throughput test is to be performed.

Figure 8-4 Throughput test

The throughput test process and calculation method are shown as below:

Begin to test the throughput from the maximum frame rate supported by the DUT.

Reduce the frame rate to Y when the DUT begins to loss a frame.

Increase the frame rate to Y when the DUT does not loss a frame.

Use the dichotomy to test the maximum frame rate when the frame rate is equal to Y.

The DTU throughput is equals to Y/Xmax × 100%.

Change the Ethernet frame size and then repeat the above test process to get DUT

throughputs of different frame sizes.

Frame loss rate

Frame loss rate refers to the percentage of unforwarded frames to all frames under a fixed

load condition. Unforwarded frames refer to the ones that are failed to be forwarded because

of lacking resources. This metric reflects the capability of the tested device/network for

bearing some load.

Figure 8-5 shows a frame loss rate test application. The Tester is a RFC2544-based tester. You

can configure test parameters and view test results through the terminal. The Device Under

Test (DUT) is an Ethernet device where the frame loss rate test is to be performed.

Raisecom



Figure 8-5 Frame loss rate test

The test process and calculation method of the frame loss rate are shown as below:

The Tester sends X frames at the maximum frame rate supported by the DTU.

The Tester receives Y frames after the frames are forwarded by the DTU.

The DTU frame loss rate is equal to (X-Y)/X × 100%.

Latency

For a storage and forwarding device, the time, when the last Bit of the input data frame reach

the input interface, is defined as the begin time. The time, when the first Bit of the input data

frame reaches to the output interface, is defined as the end time. The difference between the

begin time and end time is the latency.

For a Bit and forwarding device, the time, when the first Bit of the input data frame reach the

input interface, is defined as the begin time. The time, when the first Bit of the input data

frame reaches to the output interface, is defined as the end time. The difference between the

begin time and end time is the latency.

This metric reflects the speed for a tested device/network processing data frames.

Figure 8-6 shows a latency test application. The Tester is a RFC2544-based tester. You can

configure the test parameters and view test results through the terminal. The Device Under

Test (DUT) is an Ethernet device where the latency test is to be performed.

Figure 8-6 Latency test

Raisecom



The latency test process and calculation method are shown as below:

The Tester sends data at a frame rate that is lower than the DUT throughput.

Insert Tagged frames into the data flow.

Test and calculate the latency for the DUT forwarding Tagged frames.

Back-to-back

Back-to-back refers to the maximum burst data flow size that can be received by the device

when no frame is lost under at maximum rate and minimum packet interval. This metric

reflects the capability of tested device/network for processing burst data traffic.

Test conditions

When performing RFC2544-based tests on a device or network, you must ensure that the

DUT bears different loads to test performance parameters in a normal status or under the extra

data traffic condition.

Use data frames with different sizes to perform the test. The Ethernet frame size can be

64/128/256/512/1024/1208/1518/1536 bytes. The test packet encapsulated by the

Ethernet frame is the Y.1731 OAM packet.

We recommend that the period for throughput and frame loss rate tests should not be

shorter than 60s and the period for latency test should not be shorter than 120s.

We recommend that the retry times should not be smaller than 20s and you should get

the average value of test results.

Test methods

RFC2544-based test methods include the following types:

For a single device: test device performance parameters through the tester that supports

RFC2544 standard.

For the network: test network performance parameters through the tester or through the

device in the network that supports RFC2544. The iTN165-CES is embedded with

RFC2544 and can be used to test network performance.

As shown in Figure 8-7, iTN A sends test data frames at a specified frame rate. The test data

frames are forwarded by the DUT to iTN B, where interface loopback is enabled. The test

data frame are sent back to iTN A. iTN A counts, calculates, and analyzes received test data

frames to get related performance.

Figure 8-7 RFC2544 test

Raisecom



In Figure 8-7, iTN B must supports interface loopback. It is not required that iTN B supports RFC2544 or iTN B is identical to iTN A.

Test applications

RFC2544 test may involve into the following phases of Ethernet operation:

Ethernet design and construction phase

Ethernet test and acceptance phase

Ethernet service debugging and connection

Ethernet routine maintenance and fault diagnostics

Differences between RFC2544 and ETH-Test Ethernet throughput test are shown as below: RFC2544 needs an independent test environment and is used to test network

performance before services are activated. ETH-Test is used to test network performance when services are running.

8.2 Configuring EFM


Scenario

Deploying EFM between directly connected devices can effectively improve the management

and maintenance capability of Ethernet links and ensure network running smoothly.

Prerequisite

Before configuring EFM, you need to connect interfaces and configure physical parameters of

interfaces. Make the physical layer Up.

8.2.2 Configuring basic functions of EFM



2 Raisecom(config)#oam send-period

coefficient (Optional) OAM link connection is established by both

ends sending INFO packet to each other. You can use

this command to set the interval for sending INFO

packets to control the communicate period of the link. By

default, the interval is set to 1s (10×100ms).

Raisecom




3 Raisecom(config)#oam timeout

second (Optional) set the OAM link timeout.

When the time for both ends on the OAM link failing to

receive OAM packets exceeds the timeout, it believes

that the OAM link is broken. The unit is set to second.

By default, the PAM link timeout is set to 5s.



5 Raisecom(config-port)#oam

{ active | passive } Configure a working mode of EFM.

When configuring EFM OAM, you must ensure that at

least one end is in active mode. Otherwise, you cannot

successfully detect a link.

6 Raisecom(config-port)#oam enable Enable OAM on An interface.

By default, OAM is disabled on the interface.

8.2.3 Configuring active functions of EFM

Active functions of EFM must be configured when the iTN165-CES is in active mode.

Configuring iTN165-CES initiating EFM remote loopback

You can discover network faults in time by periodically detecting loopbacks. By

detecting loopbacks in segments, you can locate exact areas where faults occur and you can troubleshoot these faults.

When a link is in a remote loopback status, the iTN165-CES returns all packets but OAM packets received by the link to the peer. At this time, the user data packet cannot be forwarded properly. Therefore, disable this function immediately when detection is not required.





3 Raisecom(config-port)#oam remote-

loopback Initiate EFM remote loopback on an interface.

The remote loopback can be initiated only when EFM

connection is established. In addition, only the active end

can initiate EFM remote loopback.

4 Raisecom(config-port)#no oam

remote-loopback (Optional) disable EFM remote loopback immediately

after EFM loopback detection is finished.

Raisecom



Configuring peer OAM event Trap





3 Raisecom(config-port)#oam peer

event trap enable Enable peer OAM event Trap to report link monitoring

events to the NView NNM system immediately.

By default, peer OAM event Trap is disabled.

(Optional) viewing current variable values of peer device

After EFM connection is established, you can get current link status by getting the current variable values of the peer.


1 Raisecom#show oam peer [ link-statistic | oam-

info ] interface-type interface-number-list Get OAM information or variable

values about the peer device.

8.2.4 Configuring passive functions of EFM

The passive functions of EFM can be configured regardless of the iTN165-CES is in active or passive mode.

Configuring iTN165-CES responding to EFM remote loopback

The peer EFM remote loopback will not take effect until the remote loopback response is configured on the local device.





3 Raisecom(config-port)#oam loopback

{ ignore | process } Ignore/respond to EFM remote loopback. By default,

the iTN165-CES responds to EFM remote loopback.

Raisecom



(Optional) configuring OAM link monitoring

OAM link monitoring is used to detect and report link errors in different conditions. When detecting a fault on a link, the iTN165-CES provides the peer with the generated time, window, and threshold, etc. by OAM event notification packets. The peer receives event notification and reports it to the NView NNM system via SNMP Trap. Besides, the local device can directly report events to the NView NNM system via SNMP Trap. By default, the system sets default value for error generated time, window, and threshold.




type interface-number Enter physical layer interface configuration

mode.

3 Raisecom(config-port)#oam errored-frame

window window threshold threshold Configure the monitor window and threshold

for an error frame event.

By default, the monitor window is set to 1s and

the threshold is set to 1 error frame.

4 Raisecom(config-port)#oam errored-frame-

period window window threshold threshold Configure the monitor window and threshold

for an error frame period event.

By default, the monitor window is set to 100ms

and the threshold is set to 1 error frame.

5 Raisecom(config-port)#oam errored-frame-

seconds window window threshold

threshold

Configure the monitor window and threshold

for an error frame seconds event.

By default, the monitor window is set to 60s

and the threshold is set to 1s.

6 Raisecom(config-port)#oam errored-

symbol-period window window threshold

threshold

Configure the monitor window and threshold

for an error symbol event.

By default, the monitor window is set to 60s

and the threshold is set to 1s.

(Optional) configuring OAM fault indication





3 Raisecom(config-port)#oam notify

{ critical-event | dying-gasp |

errored-frame | errored-symbol-

period | errored-frame-seconds |

errored-frame-period } enable

Enable OAM fault indication mechanism, which is used

to inform the peer when the local device fails.

By default, OAM fault indication is enabled.

Raisecom



(Optional) configuring local OAM event Trap





3 Raisecom(config-port)#oam event

trap enable Enable local OAM event Trap to report link monitoring

events to the NView NNM system immediately.

By default, local OAM event Trap is disabled.

8.2.5 Configuring loopback timeout






loopback timeout second Configure OAM loopback timeout.

By default, OAM loopback timeout is set to 3s.


loopback retry retry-number Configure OAM loopback packet retry times.

By default, OAM loopback packet retry times are set to 2.


loopback { ignore | process } (Optional) ignore/respond to the peer OAM loopback

establishment request.

By default, the peer OAM loopback establishment request

is ignored.



1 Raisecom#show oam [ interface-type

interface-list ] Show EFM basic configurations.

2 Raisecom#show oam loopback [interface-

type interface-list ] Show EFM remote loopback configurations.

3 Raisecom#show oam notify [ interface-

type interface-list ] Show OAM link monitoring and fault indication

configurations.

4 Raisecom#show oam statistics

[ interface-type interface-list ] Show OAM statistics.

5 Raisecom#show oam trap [ interface-

type interface-list ] Show OAM event Trap configurations.

6 Raisecom#show oam event [interface-

type interface-list ] [ critical ] Show local OAM link events detected on an

interface.

Raisecom



8.3 Configuring CFM


Scenario

To expand application of Ethernet technologies at a Telecom network, the Ethernet must

ensure the same QoS as the Telecom transport network. CFM solves this problem by

providing overall OAM tools for the Telecom Carrier Ethernet.

Prerequisite

Before configuring CFM, you should finish following operations:

Connect interfaces and configure physical parameters of the interfaces. Make the

physical layer Up.

Create a VLAN.

Add interfaces to the VLAN.

8.3.2 Enabling CFM

CFM fault detection and CFM fault location functions cannot take effect until the CFM is enabled.



2 Raisecom(config)#ethernet cfm

enable Enable global CFM. By default, global CFM is disabled.



4 Raisecom(config-port)#ethernet

cfm enable (Optional) enable CFM on an interface.

By default, CFM is enabled on the interface.

8.3.3 Configuring basic functions of CFM



Raisecom





domain [ md-name domain-name ]

level level

Create a MD.

If a MD name is assigned by the md-name parameter, it

indicates that the MD is in IEEE 802.1ag style. And all

MAs and CCMs in the MD are in 802.1ag style. Otherwise,

the MD is in Y.1731 style and all MAs and CCMs in the

MD are in Y.1731 style.

If a name is specified for a MD, the name must be unique in

global. Otherwise the MD is configured unsuccessfully.

Levels of different MDs must be different. Otherwise the MD is not successfully configured.

3 Raisecom(config)#service cis-

id level level Create a service instance and enter service instance

configuration mode. Character strings composed by MD

name/service instance name are unique in global. If a

service instance existed, you can use this command to enter

service instance configuration mode directly.

4 Raisecom(config-

service)#service vlan-list

vlan-list [ primary-vlan vlan-

id ]

Configure VLAN mapping based on the service instance.

The VLAN list contains up to 32 VLANs. If you do not use

the primary-vlan parameter to specify the primary VLAN,

the minimum VLAN is taken as the primary VLAN of the

service instance. All MEPs in the service instance send and

receive packets through this primary VLAN.

The primary VLAN is used to send and receive packets. Therefore, all non-primary VLANs are mapped to the primary VLAN in logical. This logical VLAN mapping relationship is global, but VLANs cannot be crossed. For example, service instance 1 is mapped to VLANs 12–20 and service instance 2 is mapped to VLANs 15–30. Therefore, VLANs 15–20 are crossed. This configuration is illegal.

5 Raisecom(config-

service)#service mep [ up |

down ] mpid mep-id interface-

type interface-number

Configure MEPs based on a service instance.

When configuring a MEP based on a service instance, you

must ensure that the service instance is mapped to a VLAN.

By default, the MEP is Up. It indicates detecting the fault in

uplink direction.

8.3.4 Configuirng fault detection



Raisecom





remote mep age-time minute (Optional) configure the aging time of RMEP.

By default, the aging time of RMEP is set to 100min.


errors archive-hold-time minute (Optional) configure the hold time of error CCMs. Fault

information reported by all MEPs is saved on the iTN165-

CES.

By default, the hold time OF error CCMs is 100min. When

a new holdtime is configured, the system will detect the

database immediately. The data will be removed if exceeds

the time.

4 Raisecom(config)#service cis-id


5 Raisecom(config-

service)#service cc interval

{ 1 | 10 | 60 | 600 | 3ms |

10ms | 100ms }

(Optional) configure the interval for sending CCMs.

By default, the interval for sending CCMs is 10s. The

interval for sending CCM packets cannot be modified when

CCM delivery is enabled.

Only when hardware CC is performed during the device sends packets in Down direction, Parameters 3ms | 10ms | 100ms are available. These parameters are not available when software CC is performed.

6 Raisecom(config-

service)#service cc enable mep

{ mep-id-list | all }

Enable MEPs sending CCMs.

By default, MEPs do not sending CCMs.

7 Raisecom(config-


mep-id [ remote-mac mac-

address ] [ interface-type

interface-number ]

(Optional) configure the static RMEP, which cooperates

with cc check.

The remote-mac mac-address parameter is used to specify

the MAC address of the RMEP.

8 Raisecom(config-


learning active

(Optional) configure REMP learning dynamic import.

After REMP learning dynamic import is enabled, when

receiving a CCM, the service instance will automatically

translate the dynamically-learned REMP into the statically-

configured RMEP.

By default, REMP learning dynamic import is disabled.

9 Raisecom(config-

service)#service remote-mep cc-

check enable

(Optional) enable cc check of the REMP.

By default, cc check of the RMEP is disabled.

10 Raisecom(config-

service)#service cvlan vlan-id (Optional) configure the CVLAN of a CFM OAM packet,

which needs to be configured only in QinQ networking

environment.

By default, the CFM OAM packet does not carry the C-

TAG. After the CVLAN is configured for a service

instance, CCMs, LBMs, LTMs, and DMMs sent by MEPs

in the service instance will carry double TAG, where the C-

T-TAG is the CVLAN configured by this command.

Raisecom




11 Raisecom(config-

service)#service priority

priority

(Optional) configure the priority of CFM OAM packet.

After the priority is configured, CCMs, LBMs, LTMs, and

DMMs sent by MEPs in a service instance will use the

assigned priority.

By default, the priority is set to 7.

8.3.5 Configuring fault acknowledgement





3 Raisecom(config-service)#ping

{ mac-address | mep mep-id }

[ count count ] [ size packet-

size ] [ source mep-id ]

[ timeout time ] [ padding

{ prbs | pbrs-crc | null |

null-crc } ]

Perform Layer 2 Ping for acknowledging faults.

By default, 5 LBMs are sent. The TLV length of a packet is

set to 64. The iTN165-CES automatically looks for an

available source MEP.

If Layer 2 Ping is performed by specifying the destination

MEP ID, CFM cannot finish Ping operation unless it finds

the MAC address of the destination MEP based on the MEP

ID.

The source MEP will save RMEP data in the source MEP

database after discovering and stabilizing the RMEP. And

then according to MEP ID, the source MEP can find the

MAC address of the RMEP in the RMEP database.

Raisecom(config-service)#ping

ethernet multicast [ size

packet-size ] [ timeout time ]

[ padding { prbs | pbrs-crc |

null | null-crc } ]

Raisecom(config-service)#ping

{ egress | ingress } ttl ttl-

value [ count count ] [ size

packet-size ] [ source mep-id ]

[ timeout time ] [ padding

{ prbs | pbrs-crc | null |

null-crc } ]

Before executing this command, ensure that global CFM is enabled. Otherwise,

the Ping operation fails; If there is no MEP in a service instance, Ping operation will fail because of failing

to find source MEP; Ping operation will fail if the specified source MEP is invalid. For example, the

specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is;

Ping operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID;

Ping operation will fail if other users are using the specified source MEP to perform Ping operation.

Raisecom



8.3.6 Configuring fault location




traceroute cache enable (Optional) enable the traceroute cache switch.

When the traceroute cache switch is disabled, the result

will be automatically erased by the traceroute command.

By default, the traceroute cache switch is disabled.


traceroute cache hold-time

minute

(Optional) configure the hold time of data in the

traceroute cache. You can configure the hold time when

the traceroute cache is enabled.

By default, the hold time is set to 100min.


traceroute cache size size (Optional) configure the traceroute cache size. You can

configure the traceroute cache size when the traceroute

cache is enabled.

By default, the traceroute cache size is set to 100. The

data are not saved when the traceroute cache is disabled.



6 Raisecom(config-service)#

traceroute { mac-address [ ttl

ttl ] [ source mep-id ] | mep

mep -id [ ttl ttl ] [ source

mep-id ] [ interface-mode ]

[ timeout second ] | mip icc

icc-code node-id [ ttl ttl ]

[ interface-num interface-num ]

[ timeout second ] | ttl ttl


second ] }

Perform Layer 2 Traceroute for locating faults.

By default, the TLV length of a packet is set to 64. The

iTN165-CES automatically looks for an available source

MEP.

Before executing this command, ensure that global CFM is enabled. Otherwise,

the Traceroute operation fails; If there is no MEP in a service instance, Traceroute operation will fail because of

failing to find source MEP; Traceroute operation will fail if the specified source MEP is invalid. For example,

the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is;

Traceroute operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID;

If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works normally by configuring static RMEP and specifying MAC address.

Traceroute operation will fail if other users are using the specified source MEP to perform Traceroute operation.

Raisecom



8.3.7 ConfiguringAIS

Configuring AIS on server-layer devices






ais enable Enable AIS delivery.

By default, AIS delivery is disabled.


ais period { 1 | 60 } Configure the AIS delivery period. By default, the AIS

delivery period is set to 1s.


ais level level Configure the level of the customer-layer MD to which

AIS is sent.

Configuring AIS on customer-layer devices






suppress-alarms enable mep { mep-

id | all }

Enable alarm inhibition.

By default, alarm inhibition is enabled.

8.3.8 Configuring ETH-LCK

Configuring ETH-LCK on server-layer devices






lckstart mep { mep-id | all } Enable LCK delivery.

By default, LCK delivery is disabled.


lck period { 1 | 60 } Configure the LCK delivery period. By default, the

LCK delivery period is set to 1s.


lcklevel level [ vlan vlan-id ] Configure the level of the customer-layer MD to which

LCK is sent.

Raisecom



Configuring ETH-LCK on customer-layer devices



2 Raisecom(config)#service cis-id level level Enter service instance configuration mode.

3 Raisecom(config-service)#service suppress-

alarms enable mep { mep-id | all } Enable alarm inhibition.




1 Raisecom#show ethernet cfm Show CFM global configurations.

2 Raisecom#show ethernet cfm domain [ level

level ] Show configurations on MDs and

service instances.

3 Raisecom#show ethernet cfm errors [ level

level ] Show error CCM database information.

4 Raisecom#show ethernet cfm lck [ level level ]

[ source ] Show ETH-LCK signals.

5 Raisecom#show ethernet cfm local-mp

[ interface interface-type interface-number |

level level ]

Show local MEP configurations.

6 Raisecom#show ethernet cfm remote-mep [ level

level ] static Show static RMEP information.

7 Raisecom#show ethernet cfm remote-mep [ level

level [ service service-instance [ mpid mep-

id ] ] ]

Show RMEP delivery information.

8 Raisecom#show ethernet cfm suppress-alarms

[ level level ] Show CFM alarm inhibition

configurations.

9 Raisecom#show ethernet cfm traceroute-cache Show Link-Trace cache route discovery

information.

8.4 Configuring SLA


Scenario

To provide users with qualified network services, the SP signs a SLA with users. To carry out

SLA effectively, the SP needs to deploy SLA feature on devices to measure the network

performance, taking the measured results as an evidence for ensuring the network

performance.

Raisecom



By selecting two detection points (source and destination iTN devices), SLA configures and

schedules SLA operations on a detection point. Therefore, network performance between this

2 detection points can be detected.

SLA makes a statistics on round-trip packet loss ratio, round-trip/unidirectional (SD/DS)

delay, jitter, jitter variance, jitter distribution, throughput, and LM packet loss test. In addition,

it reports these data to the upper monitoring software (such as the NView NNM system) to

help analyze network performance for getting an expected result.

Prerequisite

Before configuring SLA, you should finish following operations:

When you configure Layer 2 test operations, deploy CFM between local and remote

devices that need to be detected. Layer 2 Ping operation succeeds between local and

remote devices.

When you configure Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping

operation succeeds between local and remote devices.

8.4.2 Configuring basic SLA operation information



2 Raisecom(config)#sla oper-num y1731-echo remote-

mep mep-id level level svlan vlan-id [ cvlan

vlan-id ] [ cos cos-value ] [ dm ]

Configure the SLA y1731-echo

operation based on the destination

MEP ID.

3 Raisecom(config)#sla oper-num y1731-echo remote-

mac mac-address level level svlan vlan-id

[ cvlan vlan-id ] [ cos cos-value ] [ dm ]

Configure the SLA y1731-echo


MAC address.

4 Raisecom(config)#sla oper-num y1731-jitter

remote-mep mep-id level level svlan vlan-id

[ cvlan vlan-id ] [ interval period ] [ packets

packets-num ] [ cos cos-value ] [ dm ]

Configure the SLA y1731-jitter


MEP ID.

5 Raisecom(config)#sla oper-num y1731-jitter

remote-mac mac-address level level svlan vlan-id

[ cvlan vlan-id ] [ interval period ] [ packets

packets-num ] [ cos cos-value ] [ dm ]

Configure the SLA y1731-jitter


MAC address.

6 Raisecom(config)#sla oper-num icmp-echo dest-

ipaddrip-address [ dscp dscp-value ] Configure basic information of the

SLA icmp-echo operation.

7 Raisecom(config)#sla oper-num icmp-jitter dest-

ipaddr ip-address [ dscp dscp-value ] [ interval

period ] [ packets packets-nums ]

Configure basic information of the

SLA icmp-jitter operation.

Raisecom




8 Raisecom(config)#sla oper-num y1731-pkt-loss

remote-mep mep-id level level svlan vlan-id

[ cvlan cvlan-id ] [ cos cos-id ] [ interval

interval-num ] [ packets packet-num ]

Configure the SLA y1731-pkt-loss

packet loss test operation based on

the MEP ID.

When you perform packet loss ratio test based on the MEP ID, we recommend specifying the MAC address when you use the service remote-mep command to configure the RMEP.

9 Raisecom(config)#sla oper-num y1731-pkt-loss

remote-mac mac-address level level svlan vlan-id

[ cvlan cvlan-id ] [ cos cos-id ] [ interval

interval-num ] [ packets packet-num ]

Configure the SLA y1731-pkt-loss

packet loss test operation based on

the destination MAC address.

10 Raisecom(config)#sla y1731-echo quick-input

[ level level [ svlan vlan-id ] ] [ dm ] Create the y1731-echo operation

quickly.

11 Raisecom(config)#sla y1731-jitter quick-input

[ level level [ svlan vlan-id ] ] [ dm ] Create the y1731-jitter operation

quickly.

12 Raisecom(config)#sla private-tlv enable (Optional) configure whether the

SLA operation is padded with the

private TLV. By default, the SLA

operation is not padded with the

private TLV.

13 Raisecom(config)# sla oper-num { loss-rate-

threshold | delay-threshold | jitter-threshold }

{ current | average } [ ds | sd | two-way ]

threshold-value

Configure the delay threshold, jitter

threshold, and packet loss ratio

threshold.

14 Raisecom(config)#sla oper-num loss-pkt-trap

{ current | average } enable Enable sending Trap when the test

result exceeds the threshold. Raisecom(config)#sla oper-num { delay-trap |

jitter-trap } { current | average } [ ds | sd |

two-way ] enable

After configuring one operation (differed by operation ID), you cannot modify or

configure it again. You need to delete the operation in advance if you need to configure it again.

SLA supports scheduling up to 100 operations at one time. Before you stop scheduling the same operation, you cannot modify scheduling information or re-schedule the operation. If you need to reschedule the operation, you need to finish the scheduling (reach scheduling life time or stop scheduling) before performing the next scheduling.

The private TLV is designed for Raisecom devices. When SLA operations are padded with the private TLV, you can configure and schedule any operations. When SLA operations are not padded with the private TLV, VLANs of DMs and

Raisecom



LMs should be different. In addition, LB packets cannot be co-scheduled with DMs and LMs.

If SLA operations are padded with the private TLV, if may influence communicated with devices from other vendors.

8.4.3 Configuring SLA scheduling information and enabling operation scheduling



2 Raisecom(config)#sla schedule oper-num

[ life { forever | life-time } ] [ period

period ] [ begin ]

Configure SLA scheduling information,

including the life time and execution interval.

Enable SLA operation scheduling.

By default, operation scheduling is disabled.

The operation life time should not be smaller than the interval for performing SAL

operations. The interval for performing SLA operations should not be smaller than 20s.

8.4.4 Configuring basic ETH-Test throughput test operation information and enabling operation scheduling

The prerequisites for configuring throughput test are shown as below: CFM is deployed on local and remote devices. Ping operation succeeds between local and remote devices.



2 Raisecom(config)#sla y1731-throughput enable Enable ETH-Test throughput test.

By default, ETH-Test throughput test is

disabled.

3 Raisecom(config)#sla y1731-throughput oper-id

{ local-mep mep-id remote-mep mep-id |

remote-mac mac-address } level level-id svlan

vlan-id [ cvlan vlan-id ] [ cos cos-id ]

Create the ETH-Test throughput test

operation, including the test operation

ID, local MEP ID, remote MEP ID,

remote MAC address, MEG level,

SVLAN ID, CVLAN ID, and CoS

priority.

Raisecom




4 Raisecom(config)#sla y1731-throughput oper-id

{ one-way | two-way } object band-width

packet-size pkt-length pattern { null | null-

crc | prbs | prbs-crc } duration lasting-time

(Optional) configure parameters of the

ETH-Test throughput test operation,

including the test operation ID, test

direction (unidirectional/bidirectional),

destination test bandwidth, test packet

size, padding mode of the test packet

payload, and hold time.

By default, the test operation is a

unidirectional one.

Destination test bandwidth: 100

Mbit/s Test packet size: 1024 bytes Padding mode of the test packet

payload: null Hold time: 30s.

5 Raisecom(config)#sla schedule y1731-throughput

oper-id Enable ETH-Test throughput test

operation scheduling.

By default, ETH-Test throughput test

operation scheduling is disabled.

ETH-Test does not support testing multiple operations at one time. If multiple

operations are scheduled, they are tested in order based on the scheduling time. Up to 10 ETH-Test test operations are supported. Operations are distinguished by

the operation ID.




configuration Show SLA configurations.

2 Raisecom#show sla { all | oper-num } result Show the last test information of an

operation.

3 Raisecom#show sla { all | oper-num } statistic Show operation scheduling statistics.

4 Raisecom#show sla y1731-throughput oper-id

configuration Show ETH-Test throughput test

operation configurations.

5 Raisecom#show sla y1731-throughput oper-id

result Show test result of the ETH-Test

throughput test operation.

6 Raisecom#show sla { all | oper-num } threshold Show operation scheduling threshold

configurations and Trap status.

Raisecom



The show sla y1731-throughput oper-id result command can be used to show statistics of ETH-Test throughput test operation test results. For an operation, up to 5 groups of statistics are supported. If it is over 5, the oldest statistics (from the starting time of the scheduling) will be aged.

8.5 Configuring RFC2544


Scenario

With RFC2544 test, the Carrier can get the network operating quality data to optimize the

network construction scheme, reduce network operation and maintenance costs, and improve

network operation quality.

The RFC2544 test process includes the following items:

Configuring related parameters of the test operation, including global parameters, test

frame size, test speed, and test retry times.

Scheduling the test operation.

Performing the test operation.

Reporting test results.

The iTN165-CES schedules and tests the operation by following the following rules:

After a test operation is scheduled, you cannot re-schedule or delete it before the test

process is finished.

A scheduling command can be used to schedule multiple test operations with same type.

These operations are scheduled based on the creation time.

Schedule multiple different test operations based on the scheduling time.

The result of a performed test operation is saved in the related result table. When Trap is

enabled, the NView NNM system can manage the test operation.

If a performed test operation is re-scheduled, the original test result table will be cleared.

The iTN165-CES supports scheduling up to 24 operations simultaneously. Only one operation

is being scheduled while the others wait for being scheduled.

Prerequisite The remote device, participating in RFC2544 test, is enabled with interface loopback.

When the remote device is enabled with SMAC-based interface loopback, the SMAC

should be the MAC address of the local device whose third byte is replaced with the 5F.

For example, if the MAC address of the local device is set to 000E.5E12.1212, the

SMAC of the loopback packet should be set to 000E.5F12.1212.

We recommend that the MTU size of devices, participating in RFC2544 test, is greater

than 1540 bytes.

OAM remote loopback, MPLS-TP OAM, interface loopback, and ETH-Test are disabled

on the iTN165-CES.

Raisecom



VLANs are created on the iTN165-CES. In addition, the interfaces are in Trunk mode.

8.5.2 Configuring RFC2544 basic information



2 Raisecom(config)#rfc2544 enable Enable RFC2544 benchmarking test.

By default, RFC2544 benchmarking test is disabled.

3 Raisecom(config)#rfc2544 trap

enable Enable RFC2544 Trap.

By default, RFC2544 Trap is enabled.

4 Raisecom(config)#rfc2544 dmac

mac-address Configure the RFC2544 remote device loopback MAC

address.

By default, the remote device loopback MAC address is

set to 0000.0000.0000.

5 Raisecom(config)#rfc2544 { svlan

| cvlan } enable (Optional) enable RFC2544 SVLAN (outer

VLAN)/CVLAN (inner VLAN).

By default, SVLAN is enabled while CVLAN is disabled.


| cvlan } tpid tpid (Optional) configure the TPID of SVLAN/CVLAN.

By default, the TPID of SVLAN/CVLAN is set to

0x8100.


| cvlan } vlanid vlan-id (Optional) configure the VLAN ID of SVLAN/CVLAN.

By default, the VLAN ID of SVLAN/CVLAN is set to 1.


| cvlan } cos cos-value (Optional) configure the CoS value of SVLAN/CVLAN.

By default, the CoS value of SVLAN/CVLAN is set to 0.

9 Raisecom(config)#rfc2544 meg-

level meg-level (Optional) configure the Y.1731 MEG level of the

RFC2544 test packet.

By default the MEG level is set to 7.

10 Raisecom(config)#rfc2544

payload-pattern { fixed |

increasing }

Configure the padding mode of the RFC2544 test packet

payload, including fixed and increasing.

By default, the padding mode of the RFC2544 test packet

payload is set to fixed.

11 Raisecom(config)#rfc2544 fixed-

pattern pattern-value (Optional) configure the padding value of RFC2544 test

packet payload in fixed mode.

By default, the padding value of the payload is set to

0x12345678.

Related configurations of RFC2544 do not take effect unless RFC2544

benchmarking test is enabled. If only SVLAN is enabled, the test packet carries one VLAN Tag.

Raisecom



If both SVLAN and CVLAN are enabled, the test packet carries double VLAN Tags. The SVLAN is the outer Tag and the CVLAN is the inner Tag.

To enable CVLAN, you must enable SVLAN in advance. In addition, the SVLAN is the outer Tag and the CVLAN is the inner Tag.

If SVLAN and CVLAN are disabled, the test packet does not carry the VLAN Tag. CoS priority and VLAN ID configurations do not take effect unless the related

VLAN is enabled. VLAN configurations of the test packet have nothing with the ones of the

forwarding interface.

8.5.3 Configuring RFC2544 throughput test



2 Raisecom(config)#rfc2544 throughput max-

rate rate-value min-rate rate-value step

step-value frame-loss frame-value

duration duration-second resolution

resolution-value trial trial-value

Configure public parameters of RFC2544

throughput test.

The default configurations are shown as

below:

Maximum speed: 1000 Mbit/s Minimum speed: 1 Mbit/s Speed change granularity: 10 Mbit/s Tolerable test frame loss rate: 0 Test period: 60s Test result precision: 1 Mbit/s Test retry times: 20

3 Raisecom(config)#rfc2544 throughput test-

id frame-size { 64 | 128 | 256 | 512 |

1024 | 1280 | 1518 | 1536 }

Configure a throughput test operation,

including the operation ID and test frame size.

4 Raisecom(config)#rfc2544 schedule

throughput [ all | test-id ] Schedule a RFC2544 throughput test

operation.

8.5.4 Configuring RFC2544 latency test



2 Raisecom(config)#rfc2544 latency max-rate

rate-value initial-rate rate-value step

step-value duration duration-second trial

trial-value

Configure public parameters of RFC2544

latency test.


below:

Maximum speed: 1000 Mbit/s Initial speed: 1000 Mbit/s Speed change granularity: 10 Mbit/s Test period: 60s Test retry times: 20

3 Raisecom(config)#rfc2544 latency test-id

frame-size { 64 | 128 | 256 | 512 | 1024

| 1280 | 1518 | 1536 }

Configure a latency test operation, including

the operation ID and test frame size.

Raisecom




4 Raisecom(config)#rfc2544 schedule latency

[ all | test-id ] Schedule a RFC2544 latency test operation.

8.5.5 Configuring RFC2544 frame loss rate test



2 Raisecom(config)#rfc2544 frame-loss

duration second trial trial-value Configure public parameters of RFC2544

frame loss rate test.


below:

Test period: 60s Test retry times: 20

3 Raisecom(config)#rfc2544 frame-loss test-

id rate rate-value frame-size { 64 | 128

| 256 | 512 | 1024 | 1280 | 1518 | 1536 }

Configure a frame loss rate test operation,

including the operation ID and test frame size.

4 Raisecom(config)#rfc2544 schedule frame-

loss [ all | test-id ] Schedule a RFC2544 frame loss rate test

operation.



1 Raisecom#show rfc2544 global-configure Show RFC2544 basic configurations.

2 Raisecom#show rfc2544 throughput-

configuration Show public parameter configurations of

throughput test.

3 Raisecom#show rfc2544 latency-

configuration Show public parameter configurations of latency

test.

4 Raisecom#show rfc2544 frame-loss-

configuration Show public parameter configurations of frame

loss rate test.

5 Raisecom#show rfc2544 throughput Show throughput test operation configurations.

6 Raisecom#show rfc2544 latency Show latency test operation configurations.

7 Raisecom#show rfc2544 frame-loss Show frame loss rate test operation

configurations.

8 Raisecom#show rfc2544 throughput-result Show throughput test results.

9 Raisecom#show rfc2544 latency-result Show latency test results.

10 Raisecom#show rfc2544 frame-loss-result Show frame loss rate test results.

Raisecom



8.6 Maintenance

Command Description

Raisecom(config-port)#clear oam

{ event | statistics } Clear EFM OAM interface link

statistics/OAM frame statistics.

Raisecom(config)#clear oam config Clear EFM OAM configurations to

return to Passive and Disable status.

Raisecom(config)#clear ethernet cfm errors [ level level ]

Clear CCM error database information.

Raisecom(config)#clear ethernet cfm remote-mep [ level level ]

Clear RMEPs.

Raisecom(config)#clear ethernet cfm traceroute-cache

Clear traceroute cache database.


8.7.1 Examples for configuring EFM


As shown in Figure 8-8, to enhance the management and maintenance capability of the

Ethernet link between iTN A and iTN B, you need to deploy EFM on iTN A and iTN B. The

iTN A is the active end and the iTN B is the passive end. In addition, you need to deploy

OAM event Trap on iTN A.

Figure 8-8 Configuring EFM

Configuration steps

Step 1 Configure iTN A.


iTNA#config

iTNA(config)#oam active


iTNA(config-port)#oam enable

iTNA(config-port)#oam event trap enable

iTNA(config-port)#oam peer event trap enable

Raisecom



Step 2 Configure iTN B.


iTNB#config


iTNB(config-port)#oam enable


Save configurations of iTN A.

iTNA#write

Save configurations of iTN B.

iTNB#write

Checking results

Use the show oam command on iTN A to show EFM configurations.

iTNA#show oam line 1

Port: line 1

Mode: Active

Administrate state: Enable

Operation state: Operational

Max OAMPDU size: 1518

Send period: 1000 ms

Link timeout : 10 s

Config revision: 1

Supported functions: Loopback, Event, Variable

Use the show oam trap command on iTN A to show OAM event Trap configurations.

iTNA#show oam trap line 1

Port:line 1

Event trap:Enable

Peer event trap:Enable

Discovery trap total:0

Discovery trap timestamp:0 days, 0 hours, 0 minutes

Lost trap total:0

Lost trap timestamp:0 days, 0 hours, 0 minutes

Raisecom



8.7.2 Examples for configuring CFM


As shown in Figure 8-9, the PC communicates with the server through the network where iTN

A, iTN B, and iTN C are located. To ensure that the link between the PC and the server

provide Carrier-grade service, you need to enable CFM on iTN A, iTN B, and iTN C. CFM is

used to detect fault actively, as well as acknowledge and locate these faults. Client 1 of iTN A

and Client 1 of iTN C are MEPs. iTN B is the MIP.

Detect Ethernet faults on the link between iTN A Client 1 and iTN C Client 1. The MD level

is set to 3.

Figure 8-9 Configuring CFM

Configuration steps

Step 1 Add interfaces to the VLAN.

Configure iTN A.


iTNA#config

iTNA(config)#create vlan 100 active






iTNA(config-port)#switchport trunk allowed vlan 100


Configure iTN B.


iTNB#config

Raisecom



iTNB(config)#create vlan 100 active









Configure iTN C.


iTNC#config

iTNC(config)#create vlan 100 active

iTNC(config)#interface client 1

iTNC(config-port)#switchport access vlan 100




iTNC(config-port)#switchport trunk allowed vlan 100


Step 2 Configure CFM fault detection.

Configure iTN A.

iTNA(config)#ethernet cfm domain level 3



iTNA(config-service)#service mep up mpid 301 client 1

iTNA(config-service)#service remote-mep learning active

iTNA(config-service)#service cc enable mep all


iTNA(config)#ethernet cfm enable


iTNA(config-port)#ethernet cfm enable

iTNA(config-port)#interface client 1

iTNA(config-port)#ethernet cfm enable

Configure iTN B.

iTNB(config)#ethernet cfm domain level 3

iTNB(config)#service ma1 level 3

iTNB(config-service)#service vlan-list 100

iTNB(config-service)#exit

iTNB(config)#ethernet cfm enable


Raisecom



iTNB(config-port)#ethernet cfm enable

iTNB(config-port)#interface line 2

iTNB(config-port)#ethernet cfm enable

Configure iTN C.

iTNC(config)#ethernet cfm domain level 3

iTNC(config)#service ma1 level 3

iTNC(config-service)#service vlan-list 100

iTNC(config-service)#service mep up mpid 302 client 1

iTNC(config-service)#service remote-mep learning active

iTNC(config-service)#service cc enable mep all

iTNC(config-service)#exit

iTNC(config)#ethernet cfm enable


iTNC(config-port)#ethernet cfm enable

iTNC(config-port)#interface client 1

iTNC(config-port)#ethernet cfm enable

Step 3 Perform CFM fault acknowledgement, taking iTN A for an example.


iTNA(config-service)#ping mep 302 source 301

Sending 5 Ethernet CFM loopback messages to 000E.5E00.0002, timeout is

2.5 seconds:

!!!!!

Success rate is 100 percent (5/5).

Ping statistics from 000E.5E00.0002:

Received loopback replys：<5 /0 /0 > (In order/Out of order/Error)

Step 4 Perform CFM fault location, taking iTN A for an example.


iTNA(config-service)#traceroute mep 302 source 301

TTL: <64>

Tracing the route to 000E.5E00.0002 on level 3, service ma1.

Traceroute send via client1.

-------------------------------------------------------------------------

Hops HostMac Ingress/EgressPort IsForwarded RelayAction NextHop

-------------------------------------------------------------------------

1 000E.5E00.0003 C1/L1 Yes rlyFdb 000E.5E00.0003

2 000E.5E00.0003 L1/L2 Yes rlyFdb 000E.5E00.0001

!3 000E.5E00.0001 L1/- No rlyHit 000E.5E00.0002


Raisecom



iTNA#write

Checking configurations

Use the show ethernet cfm command on iTN devices to show CFM configurations, taking

iTN A for an example.

iTNA#show ethernet cfm

Port cfm enabled portlist:line:1-4 client:1-12 PC:1-8

Global cfm status: Enable

Archive hold time of error CCMs: 100(Min)

Remote mep aging time: 100(Min)

Device mode: Slave

8.7.3 Examples for configuring SLA


As shown in Figure 8-10, Node B communicates with the RNC through iTN A, iTN B, and

iTN C at the ring network, as well as the iTN2100.

To make the Ethernet link between RNC and Node B provide Telecom-grade services, you

need to deploy CFM on iTN devices. To effectively fulfil the SLA signed with users, the

Carrier deploys SLA on iTN A and schedules it periodically. SLA is used to detect the

network performance between iTN A and iTN C in time.

Perform Layer 2 delay test from iTN C to iTN A. Configure the y1731-echo operation on iTN

C as below:

Operation ID: 2

RMEP ID: 2

MD level: 3

VLAN ID: 100

CoS priority: 0

Scheduling lifetime: 20s

Test period: 10s

Raisecom



Figure 8-10 Configuring SLA

Configuration steps

Step 1 Configure CFM on iTN devices.

For detailed configurations, see section 8.7.2 Examples for configuring CFM.

Step 2 Configure the y1731-echo operation on iTN C and enable operation scheduling.

iTNC#config

iTNC(config)#sla 2 y1731-echo remote-mep 2 level 3 svlan 100 cos 0

iTNC(config)#sla schedule 2 life 20 period 10

Step 3 Save configurations, taking iTN C for an example.

iTNC#write

Checking results

Use the show sla configuration command on iTN C to show SLA configurations.

iTNC(config)#show sla 2 configuration

------------------------------------------------------------------------

Operation <2>:

Type: Y.1731 echo

Raisecom



StartTime: 0 days, 0 : 0 : 50

------------------------------------------------------------------------

Cos: 0

Service Vlan ID: 100

Customer Vlan ID: 0

MD Level: 3

Remote MEP ID: 2

Timeout(sec): 5

Schedule Life(sec): 20

Schedule Period(sec): 10

Schedule Status: active

Use the show sla result command on iTN C to show SLA scheduling results.

iTNC(config)#show sla 2 result

------------------------------------------------------------------------

Operation <1026>: Success

Info of Latest Test: TWO-WAY ONE-WAY(SD) ONE-WAY(DS)

------------------------------------------------------------------------

Delay(usec): < 1 --- ---

8.7.4 Examples for configuring ETH-Test throughput test


As shown in Figure 8-11, iTN A and iTN B access the Ethernet through Line interfaces

respectively. Use a bidirectional test method to test Ethernet throughput between iTN A and

iTN B. iTN A is the local device for performing the ETH-Test throughput test operation and

iTN B is the remote device.

Configure parameters as below:

MEP ID of iTN A: 1

MEP ID of iTN B: 2

MD level: 2

SVLAN ID: 100

CVLAN ID: 200

CoS priority: 3

Destination test bandwidth: 100 Mbit/s

Duration time: 60s

Other parameters: default values

Raisecom



Figure 8-11 Configuring ETH-Test throughput test

Configuration steps

Step 1 Configure iTN A and iTN B respectively. Set iTN A and iTN B to different MEPs in a service

instance. In addition, iTN A and iTN B can discover each other.

For detailed configurations, see section 8.7.2 Examples for configuring CFM.

Step 2 Enable iTN A ETH-Test test operation and configure basic information.

iTNA(config)#sla y1731-throughput enable

iTNA(config)#sla y1731-throughput 1 local-mep 1 remote-mep 2 level 2

svlan 100 cvlan 200 cos 3

iTNA(config)#sla y1731-throughput 1 two-way object 100 packet-size 1024

pattern null duration 60

Step 3 Enable iTN B ETH-Test test operation.

iTNB(config)#sla y1731-throughput enable

Step 4 Schedule iTN A ETH-Test test operation.

iTNA(config)#sla schedule y1731-throughput 1



iTNA#write

Raisecom




iTNB#write

Checking results

Use the show sla y1731-throughput oper-id configuration command on iTN A to show

configurations on the ETH-Test test operation.

iTNA(config)#show sla y1731-throughput 1 configuration

Operation <1>:

Remote mac-address: 0000.0000.0000

Local MEP ID: 1

Remote MEP ID: 2

MD Level: 2

CoS: 3

Service Vlan ID: 100

Customer Vlan ID: 200

Bothway Config: 1

Object Band-width: 100

Packet Length: 1024

Packet Pattern: 0

Test Duration: 60

Schedule Status: completed

Use the show sla y1731-throughput oper-id result command to show throughput test results.

iTNA(config)#show sla y1731-throughput 1 result

------------------------------------------------------------------------

Operation <1>:

Test Starttime: 0 days, 00:13:11:46

Test Endtime: 0 days, 00:14:11:46

Statistic Starttime: 0 days, 00:13:07:30

Statistic Endtime: 0 days, 00:14:17:30

Operation <1>: Success

------------------------------------------------------------------------

Statistic of Test: Local Dev Remote Dev

------------------------------------------------------------------------

SendUsrPStatics: 0 0

SendUsrBStatics: 0 0

RecvUsrPStatics: 0 0

RecvUsrBStatics: 0 0

SendTestPStatics: 0 0

SendTestBStatics: 0 0

RecvTestPStatics: 0 0

RecvTestBStatics: 0 0

ReceiveSeqErrStatics: 0 0

ReceiveCrcErrStatic: 0 0

Raisecom



ReceivePrbsErrStatics: 0 0

L2R throughput(bps): 0

R2L throughput(bps): 0

8.7.5 Examples for configuring RFC2544 throughput test


As shown in Figure 8-12, iTN A is the RFC2544 test device. iTN B is the RFC2544 remote

device and is enabled with interface loopback. The MAC address of iTN B is set to

000E.5E12.3456. Both SVLAN and CVLAN of iTN A are enabled. Other RFC2544

parameters use default values. Perform configurations on iTN A to test throughput of SUT.

Figure 8-12 Configuring RFC2544 throughput test

Configuration steps

Step 1 Configure RFC2544 basic information on iTN A.

Raisecom#config

Raisecom(config)#rfc2544 enable

Raisecom(config)#rfc2544 trap enable

Raisecom(config)#rfc2544 dmac 000e.5e12.3456

Raisecom(config)#rfc2544 svlan enable

Raisecom(config)#rfc2544 cvlan enable

Step 2 Configure public parameters of throughput test on iTN A and configure the test operation.

Raisecom(config)#rfc2544 throughput max-rate 1000 min-rate 1 step 10

frame-loss 0 duration 60 resolution 1 trial 20

Raisecom(config)#rfc2544 throughput 1 frame-size 128

Step 3 Schedule the throughput test operation on iTN A.

Before scheduling the throughput test operation, you must ensure that iTN B is enabled with interface loopback. Otherwise, configurations fail.

Raisecom



Raisecom(config)#rfc2544 schedule throughput 1



iTNA#write


iTNB#write

Checking results

Use the show rfc2544 global-configure command on iTN A to show RFC2544 basic

configurations.

Raisecom(config)#show rfc2544 global-configure

RFC2544 function: enable

send trap: enable

svlan: enable

cvlan: enable

remote mac: 000e.5e12.3456

payload-pattern-mode: fixed

fixed-pattern-value: 0x12345678

OpCode: 7

MEG-level: 7

vlan tpid cos vlan-id

------------------------------------------------

SVLAN 8100 0 1

CVLAN 8100 0 1

Use the show rfc2544 throughput-configuration command to show configurations on public

parameters of iTN A throughput test.

Raisecom(config)#show rfc2544 throughput-configuration

Function: throughput

maxSpeed(Mbps): 1000

minSpeed(Mbps): 1

stepSize(Mbps): 10

frameLossRate(0.01%): 5000

resolution(Mbps): 1

duration(s): 60

trial: 20

Raisecom



Use the show rfc2544 throughput command to show configurations on the iTN A throughput

test operation.

Raisecom(config)#show rfc2544 throughput

testID frameSize(Byte) scheduleStatus

------------------------------------------------

1 128 running

Use the show rfc2544 throughput-result command to show throughput test results.

Raisecom(config)#show rfc2544 throughput-result

testID trialIndex TxCount Throughput(Mbps) resultStatus

---------------------------------------------------------------

1 1 84459000 1000 success

1 2 84459000 1000 success

1 3 84459000 1000 success

1 4 84459000 1000 success

1 5 84459000 1000 success

1 6 84459000 1000 success

1 7 84459000 1000 success

Configuration steps for the iTN165-CES to perform RFC2544 delay test and RFC2544 packet loss ration test are basically the same as the ones of RFC2544 throughput test with a few differences on CLI parameters. For detailed configuration steps, see 8.5.4 Configuring RFC2544 latency test and 8.5.5 Configuring RFC2544 frame loss rate test.

Raisecom

iTN165-CES (A) Configuration Guide 9 Security


9 Security

This chapter describes principles and configuration procedures of the security feature, as well

as related configuration examples, including following sections:

Introduction

Configuring ACL

Configuring RADIUS

Configuring TACACS+

Configuring storm control

Maintenance


9.1 Introduction With continuous development of Internet technology, network is increasingly applied. More

and more enterprises make development with network. How to ensure the data and resource

security becomes a significant problem. In addition, the device performance is reduced or the

device operates improperly in case users access the network in an unconscious but aggressive

way.

Security technologies, such as Access Control List (ACL) and user authentication, can

improve network and device security effectively.

9.1.1 ACL

To control influence of illegal packets on the network, you need to configure a series of rules

on network devices to decide which packets can be transmitted. There rules are defined

through ACL.

ACL is a series of sequential rules composed by permit | deny sentences. These rules describe

packets based on based on source MAC addresses, destination MAC addresses, source IP

addresses, destination IP addresses, and interface IDs. The device decides packets to be

received or refused based on these rules.

Raisecom



9.1.2 RADIUS

Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol

that provides centralized Authentication, Authorization, and Accounting (AAA) management

for remote users. RADIUS uses the User Datagram Protocol (UDP) as the transport protocol

(port 1812/1813) and has good instantaneity. In addition, RADIUS supports re-transmission

mechanism and backup server mechanism. Therefore, it provides good reliability.

RADIUS works in client/server mode. Network devices are clients of the RADIUS server.

RADIUS server is responsible for receiving users' connection requests, authenticating uses,

and replying configurations required by all clients to provide services for users. This mode

can control users accessing devices and network to improve network security.

Clients and the RADIUS server communicate with each other through the shared key. The

shared key is not transmitted through the network. In addition, any user password needs to be

encapsulated when it is transmitted through clients and RADIUS. This helps prevent getting

the user password by sniffing unsecure network.

RADIUS accounting is designed for RADIUS authenticated users. When a user logs in to the

device, the device sends an accounting packet to the RADIUS accounting server to begin

accounting. During login, the device sends accounting update packets to the RADIUS

accounting server. When the user exits from the device, no accounting packet is sent to the

RADIUS accounting server. These packets contain the login time. With these packets, the

RADIUS accounting server can record the access time and operation of each user.

9.1.3 TACACS+

Terminal Access Controller Access Control System (TACACS+) is a network access

authentication protocol, similar to RADIUS. Compared with RADIUS, TACACS+ has the

following features:

Use TCP port 49, providing the higher transmission reliability. RADIUS uses a UDP port.

Encapsulate the whole standard TACACS+ packet but for the TACACS+ header,

providing the higher security. RADIUS encapsulates the user password only.

Separate TACACS+ authentication from TACACS+ authorization and TACACS+

accounting, providing a more flexible deployment mode.

Therefore, compared with RADIUS, TACACS+ is more secure and reliable. However, as an

open protocol, RADIUS is more widely-used.

9.1.4 Storm control

In most Layer 2 network scenarios, the unicast traffic should be much greater than the

broadcast traffic. If speed of broadcast traffic is not limited, when a broadcast storm is

generated, a number of bandwidth will be occupied. Therefore, network performance is

reduced and unicast packets cannot be forwarded. In addition, the communication between

devices may be interrupted.

Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring

when broadcast packets increase sharply in the network. Therefore, this helps ensure that the

unicast packets can be properly forwarded.

Broadcast traffic may exist in following forms, so you need to limit the bandwidth for them

on Layer 2 devices.

Unknown unicast traffic: the unicast traffic whose destination MAC address is not in

MAC address table. It is broadcasted by Layer 2 devices.

Raisecom



Multicast traffic: the traffic whose destination MAC address is a multicast MAC address.

Generally, it is broadcasted by Layer 2 devices.

Broadcast traffic: the traffic whose destination MAC address is a broadcast MAC

address. It is broadcasted by Layer 2 devices.

9.2 Configuring ACL


Scenario

To filter packets, device needs to be configured with ACL to identify packets to be filtered.

Devices cannot allow/disallow related packets to pass based on pre-configured policies unless

they identify specified packets.

ACLs are grouped in to the following types:

IP ACL: make classification rules based on properties of packets, such as

source/destination IP address carried by the IP header of packets or used TCP/UDP port

ID.

MAC ACL: make classification rules based on Layer 2 information, such as source MAC

address, destination MAC address, or Layer 2 protocol type carried by the Layer 2 frame

header of packets.

MAP ACL: compared with IP ACL and MAC ACL, MAP ACL can define more

protocols and more detailed protocol fields. In addition, it can be used to match any byte

in first 64 packets of a Layer 2 data frame based on user's definition.

Based on real scenarios, ACL can be applied based on the whole device, interface, flow from

the ingress interface to the egress interface, or VLAN.

Prerequisite

N/A

9.2.2 Configuring IP ACL



2 Raisecom(config)#ip-access-list acl-id { deny |

permit } { protocol-id | icmp | igmp | ip }

{ source-ip-address mask | any } { destination-ip-

address mask | any }

Create IP ACL and define the

matching rule.

Raisecom(config)#ip-access-list acl-id { deny |

permit } { tcp | udp } { source-ip-address mask |

any } [ source-protocol-port ] { destination-ip-

address mask | any } [ destination-protocol-port ]

Raisecom



9.2.3 Configuring MAC ACL



2 Raisecom(config)#mac-access-list acl-id { deny |

permit } [ protocol | arp | ip | rarp | any ]

{ source-mac-address mask | any } { destination-

mac-address mask | any }

Create MAC ACL and define the

matching rule.

9.2.4 Configuring MAP ACL



2 Raisecom(config)#access-list-map acl-id

{ deny | permit } Create the MACP ACL and enter ACLMAP

configuration mode.

3 Raisecom(config-aclmap)#match mac

{ destination | source } mac-address

mask

(Optional) define the matching rule of source or

destination MAC address.

By default, the MAC address is not matched.

4 Raisecom(config-aclmap)#match cos cos-

value (Optional) define the matching rule of CoS value.

By default, the CoS value is not matched.

5 Raisecom(config-aclmap)#match ethertype

ethertype [ ethertype-mask ] (Optional) define the matching rule of Ethernet

frame type.

By default, the Ethernet frame type is not

matched.

6 Raisecom(config-aclmap)#match { arp |

eapol | flowcontrol | ip | ipv6 |

loopback | mpls-unicast | mpls-

multicast | pppoe | pppoedisc |

slowprotocol | x25 | x75 }

(Optional) define the matching rule of upper

protocol carried by Layer 2 packet header.

7 Raisecom(config-aclmap)#match arp

opcode { reply | request } (Optional) define the matching rule of ARP type

(replay packet/request packet).

By default, the ARP type is not matched.


{ sender-mac | target-mac } mac-address (Optional) define the matching rule of ARP MAC

address.

By default, the ARP MAC address is not

matched.


{ sender-ip | target-ip } ip-address

[ mask ]

(Optional) define the matching rule of ARP IP

addresses.

By default, the ARP IP address is not matched.

10 Raisecom(config-aclmap)#match ip

{ destination-address | source-

address } ip-address [ mask ]

(Optional) define the matching rule of source or

destination IP address.

By default, the IP address is not matched.

Raisecom





precedence { precedence-value |

critical | flash | flash-override |

immediate| internet | network |

priority | routine }

(Optional) define the matching rule of IP

precedence.

By default, the IP precedence is not matched.

12 Raisecom(config-aclmap)#match ip tos

{ tos-value | max-reliability | max-

throughput | min-delay | min-monetary-

cost | normal }

(Optional) define the matching rule of IP ToS

value.

By default, the IP ToS value is not matched.

13 Raisecom(config-aclmap)#match ip dscp

{ dscp-value | af11 | af12 | af13 |

af21 | af22 | af23 | af31 | af32 | af33

| af41| af42 |af43 | cs1 | cs2 | cs3 |

cs4 | cs5 | cs6 | cs7| default | ef }

(Optional) define the matching rule of IP DSCP

value.

By default, the IP DSCP value is not matched.


protocol { protocol-id | ahp | esp |

gre | icmp | igmp | igrp |ipinip | ospf

| pcp | pim | tcp | udp }

(Optional) define the matching rule of IP protocol

value.

By default, the IP protocol value is not matched.

15 Raisecom(config-aclmap)#match ip tcp

{ destination-port | source-port }

{ port-id | bgp | domain | echo | exec

| finger | ftp | ftp-data | gopher |

hostname | ident | irc | klogin |

kshell | login | lpd | nntp | pim-auto-

rp | pop2 | pop3 | smtp | sunrpc |

syslog | tacacs | talk | telnet | time

| uucp | whois | www }

(Optional) define the matching rule of TCP port

ID.

By default, the TCP port ID is not matched.

16 Raisecom(config-aclmap)#match ip tcp

{ ack | fin | psh | rst | syn | urg } (Optional) define the matching rule of TCP flag.

By default, the TCP flag is not matched.

17 Raisecom(config-aclmap)#match ip udp

{ destination-port | source-port }

{ port-id | biff | bootpc | bootps |

domain | echo | mobile-ip | netbios-dgm

| netbios-ns | netbios-ss | ntp | pim-

auto-rp | rip | snmp | snmptrap |

sunrpc | syslog | tacacs | talk | tftp

| time | who }

(Optional) define the matching rule of UDP port

ID.

By default, the UDP port ID is not matched.

18 Raisecom(config-aclmap)#match ip icmp

icmp-type [ icmp-code ] (Optional) define the matching rule of ICMP

packet type.

By default, the ICMP packet type is not matched.

19 Raisecom(config-aclmap)#match ip igmp

{ igmp-type | dvmrp | leave-v2| pim-v1

| query | report-v1 | report-v2 |

report-v3 }

(Optional) define the matching rule of IGMP

packet type.

By default, the IGMP packet type is not matched.

20 Raisecom(config-aclmap)#match ip no-

fragments (Optional) define the IP packet matching non-

fragment IP packet.

By default the IP packet does not match the non-

fragment IP packet.

Raisecom




21 Raisecom(config-aclmap)#match { cvlan |

svlan } vlan-id Define the matching rule based on VLAN IDs of

packets.

22 Raisecom(config-aclmap)#match { tunnel

| vc } exp exp (Optional) define the matching rule of Tunnel-

/VC-based MPLS priority.

23 Raisecom(config-aclmap)#match { tunnel

| vc } label label-id (Optional) define the matching rule of Tunnel-

/VC-based MPLS label value.

24 Raisecom(config-aclmap)#match user-

define rule-string rule-mask offset (Optional) define the matching rule of

customized fields. Use the rule mask and the

offset parameters to extract 23–64 bytes from the

first 64 bytes of a data frame and then use the

customized rule to filter matched data frame for

process.

For example, to filter all TCP packets, you can

set the rule, rule mask, and offset to 06, FF and

27 respectively. In this case, the rule mask

cooperates with offset to extract TCP ID from

received data frames and then use the rule to filer

all TCP packers.

The rule must even number of hexadecimal digits. The offset includes the 802.1q VALN Tag field, even the received packet is an untag one.

9.2.5 Applying ACL to device

ACL cannot take effect on the iTN165-CES unless it is added to the filter. Multiple ACL matching rules can be added to the filter to form multiple filtering rules. When you configure a flow-based filter, the sequence to add ACL rules decides their priorities. The later an ACL rule is added, the higher the priority is. If ACL rules are exclusive, the ACL rule with the highest priority takes effect. Therefore, you must arrange their sequence reasonably to filter packets properly.

Applying ACL based on device



2 Raisecom(config)#filter { ip-

access-list | mac-access-list |

access-list-map } { acl-list |

all } [ invalid | valid |

statistics ]

Configure device-based filtering. If the statistics

parameter is configured, the device makes a statistics

based on the filtering rule.

Raisecom




3 Raisecom(config)#filter enable Enable the filter to make filtering valid. After the filter

is enabled, not only configured filtering rules take effect

but the ones to be configured take effect immediately.

By default, the filter is disabled.

Applying ACL based on interface




access-list| mac-access-list |


all } { ingress | egress }

interface-type interface-list

[ invalid | valid | statistics ]

Configure interface-based filtering. If the statistics



3 Raisecom(config)#filter enable Enable the filter to make filtering valid. After the

filter is enabled, not only configured filtering rules

take effect but the ones to be configured take effect

immediately. By default, the filter is disabled.

Applying ACL based on flow from ingress interface to egress interface




access-list | mac-access-list |


all } from interface-type

interface-number to interface-type

interface-number [ invalid | valid

| statistics ]

Configure filtering based on the flow from the ingress

interface to the egress interface.

If the statistics parameter is configured, the device

makes a statistics based on the filtering rule.

3 Raisecom(config)#filter enable Enable the filter to make filtering valid. After the filter

is enabled, not only configured filtering rules take

effect but the ones to be configured take effect


Applying ACL based on VLAN



Raisecom




2 Raisecom(config)#filter{ ip-access-

list| mac-access-list | access-

list-map } { acl-list | all } vlan

vlan-id [ double-tagging

inner ][ invalid | valid |

statistics ]

Configure VLAN-based filtering. If the statistics



3 Raisecom(config)#filter enable Enable the filter to make filtering valid. After the

filter is enabled, not only configured filtering rules

take effect but the ones to be configured take effect




1 Raisecom#show ip-access-list [ acl-list ] Show IP ACL configurations.

2 Raisecom#show mac-access-list [ acl-list ] Show MAC ACL configurations.

3 Raisecom#show access-list-map [ acl-list ] Show MAP ACL configurations.

4 Raisecom#show filter [ access-list-map | ip-access-

list | mac-access-list ] { all | acl-list } Show filter configurations.

9.3 Configuring RADIUS


Scenario

To control users accessing devices and network, you can deploy the RADIUS server at the

network to authenticate and account users. The iTN165-CES can be used as a Proxy of the

RADIUS server to authenticate users based on results returned by the RADIUS server.

Prerequisite

N/A

9.3.2 Configuring RADIUS authentication


1 Raisecom#radius[ backup ] ip-address

[ auth-port port-id ] Specify the IP address and port ID of the RADIUS

authentication server.

The backup parameter is used to specify a backup

RADIUS authentication server.

Raisecom




2 Raisecom#radius-key string Configure the shared key for RADIUS

authentication.


radius-user | local-radius | radius-

local [ server-no-response ] }

Configure the authentication mode for login when

RADIUS authentication is applied.


radius-user | local-radius | radius-


Configure the authentication mode for entering

privileged EXEC mode when RADIUS

authentication is applied.

9.3.3 Configuring RADIUS accounting


1 Raisecom#aaa accounting

login enable Enable RADIUS accounting.

By default, RADIUS accounting is disabled.

2 Raisecom#radius [ backup ]

accounting-server ip-

address [ account-port ]

Specify the IP address and port ID of the RADIUS accounting

server. By default, the UDP port ID is set to 1813.

The backup parameter is used to specify a backup RADIUS

accounting server.

3 Raisecom#radius

accounting-server key

string

Configure the shared key used for communicating with the

RADIUS accounting server. The shared key must be identical to

the one configured on the RADIUS accounting server. Otherwise,

accounting operation fails.

By default, the shared key is empty.


fail { online | offline } Configure the processing policy for accounting failure.

By default, the processing policy is set to online. In indicates that

users are allowed to log in if accounting operation fails.


update period Configure the interval for sending accounting update packets. If

the interval is set to 0, it indicates that no accounting update

packet is sent.

By default, the interval for sending accounting update packets is

set to 0.

With the accounting begin packet, accounting update packet, and accounting end packet, the RADIUS server can record the access time and operations of each user.

Raisecom





1 Raisecom(config)#show radius-server Show RADIUS server configurations.

9.4 Configuring TACACS+


Scenario

To control users accessing devices and network, you can deploy the RADIUS server at the

network to authenticate and account users. Compared with RADIUS, TACACS+ is more

secure and reliable. The iTN165-CES can be used as a Proxy of the TACACS+ server to

authenticate users based on results returned by the TACACS+ server.

Prerequisite

N/A

9.4.2 Configuring TACACS+ authentication


1 Raisecom#tacacs-server [ backup ] ip-

address Specify the IP address and port ID of the

TACACS+ authentication server.

The backup parameter is used to specify a

backup TACACS+ authentication server.

2 Raisecom#tacacs-server key string Configure the shared key for TACACS+

authentication.

3 Raisecom#tacacs [ backup ] accounting-

server ip-address Specify the IP address and port ID of the

TACACS+ accounting server.

The backup parameter is used to specify a

backup TACACS+ accounting server.


tacacs-user | local-tacacs | tacacs-


Configure the authentication mode for login

when TACACS+ authentication is applied.


tacacs-user | local-tacacs | tacacs-


Configure the authentication mode for entering

privileged EXEC mode when TACACS+

authentication is applied.

Raisecom





1 Raisecom(config)#show tacacs-server Show TACACS+ server configurations.

9.5 Configuring storm control


Scenario

Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring

when broadcast packets increase sharply in the network. Therefore, this helps ensure that the

unicast packets can be properly forwarded.

Broadcast traffic may exist in following forms, so you need to limit the bandwidth for them

on Layer 2 devices.

Unknown unicast traffic: the unicast traffic whose destination MAC address is not in

MAC address table. It is broadcasted by Layer 2 devices.

Multicast traffic: the traffic whose destination MAC address is a multicast MAC address.

Generally, it is broadcasted by Layer 2 devices.

Broadcast traffic: the traffic whose destination MAC address is a broadcast MAC

address. It is broadcasted by Layer 2 devices.

Prerequisite

Before configuring storm control, you need to connect interfaces and configure physical

parameters of interfaces. Make the physical layer Up.

9.5.2 Configuring storm control



2 Raisecom(config)#storm-control

{ broadcast | dlf | multicast }

{ enable | disable } interface-

type interface-list

Enable storm control on broadcast traffic, multicast

traffic, and unknown unicast traffic.

By default, storm control is enabled on broadcast traffic

while is disabled on multicast traffic and unknown

unicast traffic.

3 Raisecom(config)#storm-control

pps value Configure the threshold. By default, the storm control

threshold is set to 1024 pps.

Raisecom





1 Raisecom(config)#show storm-control Show storm control configurations.

9.6 Maintenance

Command Description

Raisecom(config)#clear filter statistics Clear filter statistics.


9.7.1 Examples for configuring ACL


As shown in Figure 9-1, to control users accessing the server, you can deploy ACL on iTN A

to disallow 192.168.1.1 to access 192.168.1.100.

Figure 9-1 Configuring ACL

Configuration steps

Step 1 Configure IP ACL.

Raisecom#config

Raisecom(config)#ip-access-list 1 deny ip 192.168.1.1 255.255.255.0

192.168.1.100 255.255.255.0

Step 2 Apply ACL to client 1 interface of iTN A.

Raisecom



Raisecom(config)#filter ip-access-list 1-2 ingress client 1

Raisecom(config)#filter enable


Raisecom#write

Checking results

Use the show ip-access-list command to show IP ACL configurations.

Raisecom#show ip-access-list

Src Ip: Source Ip Address

Src Ip Mask: Source Ip Address Mask

Dest Ip: Destination Ip Address

Dest Ip Mask: Destination Ip Address Mask

List Access Protocol Ref. Src Ip Src Ip Mask:Port Dest Ip

Dst Ip Mask:Port

-------------------------------------------------------------------------

-------------------------------

1 deny IP 1 192.168.1.1 255.255.225.0:0 192.168.1.100

255.255.255.0:0

2 permit IP 1 0.0.0.0 0.0.0.0:0 0.0.0.0

0.0.0.0:0

Use the show filter command to show filter configurations.

Raisecom#show filter

Rule filter: Enable

Filter list(In accordance with the priority from low to high):

ACL-Index IPort EPort VLAN VLANType Hardware Valid StatHw Pkts

-------------------------------------------------------------------------

IP 1 client1 -- -- -- Yes Yes No --

IP 2 client1 -- -- -- Yes Yes No --

9.7.2 Examples for configuring RADIUS


As shown in Figure 9-2, to control users accessing iTN A, you need to deploy RADIUS

authentication and accounting features on iTN A to authenticate users logging in to iTN A and

record their operations.

Set the interval for sending accounting update packet to 2min. Set the processing policy for

accounting failure to offline.

Raisecom



Figure 9-2 Configuring RADIUS

Configuration steps

Step 1 Authenticate login users through RADIUS.

Raisecom#radius 192.168.1.1

Raisecom#radius-key raisecom

Raisecom#user login radius-user

Step 2 Account login users through RADIUS.

Raisecom#aaa accounting login enable

Raisecom#radius accounting-server 192.168.1.1

Raisecom#radius accounting-server key raisecom

Raisecom#aaa accounting fail offline

Raisecom#aaa accounting update 120


Raisecom#write

Checking results

Use the show radius-server command to show RADIUS configurations.

Raisecom#show radius-server

Authentication server IP: 192.168.1.1 port:1812

Backup authentication server IP:0.0.0.0 port:1812

Authentication server key: raisecom

Accounting server IP: 192.168.1.1 port:1813

Backup accounting server IP: 0.0.0.0 port:1813

Accounting server key: raisecom

Accounting login: enable

Update interval: 120

Accounting fail policy: offline

Raisecom



9.7.3 Examples for configuring TACACS+


As shown in Figure 9-3, to control users accessing iTN A, you need to deploy TACACS+

authentication on iTN A to authenticate users logging in to iTN A.

Figure 9-3 Configuring TACACS+

Configuration steps

Step 1 Authenticate login users through TACACS+.

Raisecom#tacacs-server 192.168.1.1

Raisecom#tacacs-server key raisecom

Raisecom#user login tacacs-user


Raisecom#write

Checking results

Use the show tacacs-server command to show TACACS+ configurations.

Raisecom#show tacacs-server

Server Address: 192.168.1.1

Backup Server Address: --

Sever Shared Key: raisecom

Accounting server Address: --

Backup Accounting server Address: --

Total Packet Sent: 0

Total Packet Recv: 0

Num of Error Packets: 0

Raisecom



9.7.4 Examples for configuring storm control


As shown in Figure 9-4, to control the influence of the broadcast storm on iTN A, you need to

deploy storm control on iTN A to control broadcast and unknown unicast packets. The storm

control threshold is set to 2000 pps.

Figure 9-4 Configuring storm control

Configuration steps

Step 1 Configure storm control on iTN A.

Raisecom#config

Raisecom(config)#storm-control broadcast enable line 1-2

Raisecom(config)#storm-control dlf enable line 1-2

Raisecom(config)#storm-control pps 2000


Raisecom#write

Checking results

Use the show storm-control command to show storm control configurations.

Raisecom#show storm-control

Threshold: 2000 pps

Interface Broadcast Multicast Unicast

-----------------------------------------------------------

Raisecom



line1 Enable Disable Enable

line2 Enable Disable Enable

client1 Enable Disable Disable

client2 Enable Disable Disable

……

Raisecom

iTN165-CES (A) Configuration Guide 10 QoS


10 QoS

This chapter describes principles and configuration procedures of QoS, as well as related


Introduction

Configuring priority trust and priority mapping

Configuring traffic classification and traffic policy

Configuring queue scheduling

Configuring congestion avoidance and queue shaping

Configuring rate limiting based on interface and VLAN

Maintenance


10.1 Introduction Generally, Internet (IPv4), which bases on the storage-and-forward mechanism, only provides

"best-effort" service for users. When the network is overloaded or congested, this service

mechanism cannot ensure to transmit packets timely and completely.

With the ever-growing of network application, users bring different service quality

requirements on network application. Then network should distribute and schedule resources

for different network applications according to users' demands.

Quality of Service (QoS) can ensure real-time and integrated service when network is

overloaded or congested and guarantee that the whole network runs high-efficiently.

QoS consists of a number of traffic management technologies:

Priority trust

Priority mapping

Traffic classification

Traffic policy

Queue scheduling

Congestion avoidance

Queue shaping

Rate limiting based on interface and VLAN

Raisecom



Figure 10-1 shows the application of QoS.

Figure 10-1 Application of QoS

10.1.1 Priority trust

Priority trust refers that a packet adopts its own priority as the classification standard to

perform follow-up QoS management on the packet. In general, the bigger the value is, the

higher the priority is.

The iTN165-CES supports interface-based priority trust. Priorities are divided into priorities

based on Differentiated Services Code Point (DSCP) of IP packets and priorities based on

Class of Service (CoS) of VLAN packets.

10.1.2 Priority mapping

Priority mapping refers to sending packets to different queues with different local priorities

according to pre-configured mapping relationship between external priority and local priority.

Therefore, packets in different queues can be scheduled on the egress interface.

The local priority refers to an internal priority that is assigned to packets. It is related to the queue number on the egress interface. The bigger the value is, the more quickly the packet is processed.

The iTN165-CES supports performing priority mapping based on the DSCP priority of IP

packets or the CoS priority of VLAN packets.

By default, the mapping relationship between the iTN165-CES local priority and DSCP, CoS

priorities is listed in Table 10-1 and Table 10-2.

Raisecom



Table 10-1 Mapping relationship between local priority and DSCP priority

Local 0 1 2 3 4 5 6 7

DSCP 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63

Table 10-2 Mapping relationship between local priority and CoS priority

Local 0 1 2 3 4 5 6 7

CoS 0 1 2 3 4 5 6 7

10.1.3 Traffic classification

Traffic classification is a process that recognizes specified packets according to some certain

rule. All resulting packets can be treated differently to differentiate the service implied to

users.

The iTN165-CES supports classifying traffics based on ToS and DSCP priority of IP packets

and CoS priority of VLAN packets. In addition, it supports classifying traffics based on ACL

rules and VLAN IDs. Figure 10-2 displays the traffic classification process.

Figure 10-2 Traffic classification process

ToS priority and DSCP priority

Figure 10-3 shows the structure of IP packet header. An 8-bit ToS field is contained in this

packet. In RFC1349, the first 3 bits of the ToS field represent the ToS priority, ranging from 0

to 7. In RFC2474, the ToS field is re-defined. The first 6 bits (0–5 bits) represent the priority

of IP packets, which is called DSCP priority, ranging from 0 to 63. The last 2 bits (6 and 7 bits)

are reserved bits. Figure 10-4 shows the structures of ToS and DSCP priorities.

Raisecom



Figure 10-3 Structure of IP packet header

Figure 10-4 Structures of ToS priority and DSCP priority

CoS priority

IEEE802.1Q-based VLAN packets are a modification of Ethernet packets. A 4-byte 802.1Q

header is added between the source MAC address and protocol type, as shown in Figure 10-5.

The 802.1Q header consists a 2-byte Tag Protocol Identifier (TPID, valuing 0x8100) filed and

a 2-byte Tag Control Information (TCI) field.

Figure 10-5 Structure of VLAN packet

The first 3 bits of the TCI field represent the CoS priority, which ranges from 0 to 7, as shown

in Figure 10-6. CoS priority is used to ensure service quality in Layer 2 network.

Figure 10-6 Structure of CoS priority

10.1.4 Traffic policy

After performing traffic classification on packets, you need to perform different operations on

packets of different categories. A traffic policy is formed when traffic classifiers are bound to

traffic behaviours.

Rate limiting based on traffic policy

Rate limiting refers to limiting network traffics. Rate limiting is used to control the speed of

traffic in the network. By dropping the traffic that exceeds the speed, you can control the

traffic within a reasonable range. Therefore, network resources and Carrier's benefits are

protected.

The iTN165-CES supports rate limiting based on traffic policy.

Raisecom



Redirection

Redirection refers that a packet is not forwarded according to the mapping relationship

between the original destination address and the interface. Instead, the packet is redirected to

a specified interface for forwarding, realizing routing based on traffic policy.

The iTN165-CES supports redirection based on the flow.

Re-marking

Re-marking refers to re-configuring some priority fields for some packets, so that devices can

re-classify packets based on their own standards. In addition, downstream nodes can provide

differentiated QoS services depending on re-marking information.

The iTN165-CES supports performing re-remarking on the following priority fields of

packets:

ToS priority of IP packets

DSCP priority of IP packets

CoS priority of VLAN packets

10.1.5 Queue scheduling

Devices need to perform queue scheduling when delay-sensitive services need better QoS

services than non-delay-sensitive services and when the network is congested once in a while.

Queue scheduling adopts different scheduling algorithms to send packets in a queue.

Scheduling algorithms supported by the iTN165-CES include Strict-Priority (SP), Weight

Round Robin (WRR), Deficit Round Robin (DRR), SP+WRR, and SP+DRR. All scheduling

algorithms are designed for addressing specified traffic problems. And they have different

effects on bandwidth distribution, delay, and jitter.

SP: the device strictly schedules packets in a descending order of priority. Packets with

lower priority cannot be scheduled until packets with higher priority are scheduled, as

shown in Figure 10-7.

Figure 10-7 SP scheduling

Raisecom



WRR: on the basis of scheduling packets in a polling manner according to the priority,

the device schedules packets according to the weight of the queue, as shown in Figure

10-8.

Figure 10-8 WRR scheduling

DRR: on the basis of scheduling packets in a polling manner according to the priority,

the device schedules packets according to the weight of the queue. In addition, during the

scheduling, if one queue has redundant bandwidth, the device will temporarily assign

this bandwidth to another queue. During next scheduling, the assigned schedule will

return equal bandwidth to the original queue, as shown in Figure 10-9.

Figure 10-9 DRR scheduling

SP+WRR: a scheduling mode combining the SP scheduling and WRR scheduling. In this

mode, queues on an interface are divided into 2 groups. You can specify the queues

where SP scheduling/WRR scheduling is performed.

SP+DRR: a scheduling mode combining the SP scheduling and DRR scheduling. In this

mode, queues on an interface are divided into 2 groups. You can specify the queues

where SP scheduling/DRR scheduling is performed.

Raisecom



10.1.6 Congestion avoidance

By monitoring utilization of network resources (queues/memory buffer), congestion

avoidance can discard packets actively when congestion occurs or when network traffic

increases. It is a traffic control mechanism that is used to resolve network overload by

adjusting network traffic.

The traditional packet loss policy uses the Tail-Drop mode to process all packets equally

without differentiating class of services. When congestion occurs, packets at the end of a

queue are discarded until congestion is resolved.

This Tail-Drop policy may cause TCP global synchronization. In TCP global synchronization,

packets of multiple TCP connections are discarded, these TCP connections enter congestion

avoidance and slow startup status simultaneously to reduce and adjust traffic. And later these

TCP connections co-occur at some time to result in traffic peak. Therefore, network traffic is

not stable, which influences the link utilization rate.

RED

The Random Early Detection (RED) technology discards packets randomly and makes

multiple TCP connection not reduce transport speed simultaneously to avoid TCP global

synchronization.

The RED algorithm set a minimum threshold and maximum threshold for length of each

queue. In addition:

Packets are not discarded when the queue length is smaller than the minimum threshold.

All received packets are discarded when the queue length is greater than the maximum

threshold.

Packets to be received are discarded randomly when the queue length is between the

minimum and maximum thresholds. Add a random number to the packet to be received

and compare the random number with the drop ratio of the current queue. If the random

number is greater than the drop ration, the packet is discarded. The greater the queue size

is, the higher the packet drop probability is.

WRED

The Weighted Random Early Detection (WRED) technology also discards packets randomly

to avoid TCP global synchronization. However, the random drop parameter generated by

WRED technology is based on the priority. WRED differentiates drop policies through the

color of packets. This helps ensure that high-priority packets have a smaller packet drop

probability.

The iTN165-CES performs congestion avoidance based on WRED.

10.1.7 Queue shaping

When the interface speed of downstream devices is smaller than the one of upstream devices,

congestion avoidance may occur on interfaces of downstream devices. At this time, you can

configure traffic shaping on the egress interface of upstream devices to shape upstream traffic.

This helps resolve congestion problem occurs on downstream devices.

Queue shaping is a traffic control technology applied to the interface queues. It can be used to

control speed of all packets in a specified interface queue, buffer packets whose speed

exceeds the threshold, and then forward them when enough bandwidth is available. If the

packet size exceeds the buffer queue size, the packet is discarded.

Raisecom



10.1.8 Rate limiting based on interface and VLAN

Besides rate limiting based on the traffic policy, the iTN165-CES also supports rate limiting

based on the interface, VLAN ID, and interface+VLAN ID. Similar to rate limiting based on

the traffic policy, the iTN165-CES discards traffic whose speed exceeds the threshold in this 3

modes.

10.2 Configuring priority trust and priority mapping

10.2.1 Preparing for conifgurations

Scenario

For packets from upstream devices, you can select to trust the priorities taken by these packets.

For packets whose priorities are not trusted, you can process them with traffic classification

and traffic policy. In addition, you can modify DSCP priorities by configure interface-based

DSCP priority re-marking. After configuring priority trust, the iTN165-CES can perform

different operations on packets with different priorities, providing related services.

Before performing queue scheduling, you need to assign a local priority for a packet. For

packets from the upstream device, you can map the outer priorities of these packets to various

local priorities. In addition, you can directly configure local priorities for these packets based

on interfaces. And then device will perform queue scheduling on these packets basing on local

priorities.

In general, for IP packets, you need to configure the mapping relationship between ToS

priority/DSCP priority and local priority. For VLAN packets, you need to configure the

mapping relationship between CoS priority and local priority.

Prerequisite

Ensure the related interfaces Up.

10.2.2 Configuring priority trust



2 Raisecom(config)#mls qos enable Enable global QoS.

By default, the global QoS is enabled.



4 Raisecom(config-port)#mls qos

trust { cos | dscp } Configure the priority trusted by an interface.

By default, the interface trusts the CoS priority.

Raisecom



10.2.3 Configuring DSCP priority re-marking





3 Raisecom(config)#mls qos mapping

dscp-mutation profile-id Create the DSCP re-marking profile and enter dscp-

mutation configuration mode.

4 Raisecom(dscp-mutation)#dscp

dscp-value to new-dscp dscp-value

Raisecom(dscp-mutation)#exit

Re-mark the DSCP priority of specified packets and

return to global configuration mode.



6 Raisecom(config-port)#mls qos

dscp-mutation profile-id Apply the DSCP re-marking profile to an interface.

10.2.4 Configuring mapping relationship between DSCP priority and local priority





3 Raisecom(config)#mls qos mapping dscp-

to-local-priority profile-id Create the DSCP-to-local priority (color)

mapping profile and enter dscp-to-pri

configuration mode.

4 Raisecom(dscp-to-pri)#dscp dscp-value to

local-priority localpri-value [ color

{ green | red | yellow } ]

Raisecom(dscp-to-pri)#exit

Configure the DSCP-to-local priority (color)

mapping profile and return to global

configuration mode.

5 Raisecom(config)#mls qos dscp-to-local-

priority profile-id Apply the DSCP-to-local priority (color)

mapping profile in global configuration mode.



mode.

7 Raisecom(config-port)#mls qos dscp-to-

local-priority profile-id Apply the DSCP-to-local priority (color)

mapping profile to an interface.

Raisecom



10.2.5 Configuring mapping relationship between CoS priority and local priority





3 Raisecom(config)#mls qos mapping cos-to-

local-priority profile-id Create the CoS-to-local priority (color)

mapping profile and enter cos-to-pri

configuration mode.

4 Raisecom(cos-to-pri)#cos cos-value to

local-priority localpri-value [ color

{ green | red | yellow } ]

Raisecom(dscp-to-pri)#exit

Configure the CoS-to-local priority (color)

mapping profile and return to global

configuration mode.



mode.

6 Raisecom(config-port)#mls qos cos-to-

local-priority profile-id Apply the CoS-to-local priority (color) mapping

profile to an interface.

10.2.6 Configuring mapping relationship between local priority and CoS priority





3 Raisecom(config)#mls qos mapping

cos-remark profile-id Create the local-to-CoS mapping profile and enter

cos-remark configuration mode.

4 Raisecom(cos-remark)#local-priority

localpri-value to cos cos-value

Raisecom(cos-remark)#exit

Configure the mapping relationship between the

local priority and CoS priority and return to global

configuration mode.

5 Raisecom(config)#mls qos cos-remark

profile-id Apply the local-to-CoS mapping profile in global

configuration mode.



7 Raisecom(config-port)#mls qos cos-

remark profile-id Apply the local-to-CoS mapping profile to an

interface.

Raisecom





1 Raisecom#show mls qos [ interface-type

interface-list ] Show global QoS configurations or QoS

configurations on an interface.

2 Raisecom#show mls qos cos-to-local-priority

interface-type interface-list Show information about the CoS-to-local

priority (color) mapping profile on an

interface.

3 Raisecom#show mls qos dscp-to-local-priority

interface-type interface-list Show information about the DSCP-to-local

priority (color) mapping profile on an

interface.

4 Raisecom#show mls qos mapping cos interface-

type interface-list Show information about the CoS-to-local

priority (color) mapping table on an

interface.

5 Raisecom#show mls qos mapping cos-to-local-

priority [ profile-id ] Show information about the CoS-to-local

priority (color) mapping profile.

6 Raisecom#show mls qos mapping dscp

interface-type interface-list Show information about the DSCP-to-local

priority (color) mapping table on an

interface.

7 Raisecom#show mls qos mapping dscp-to-local-

priority [ profile-id ] Show information about the DSCP-to-local

priority (color) mapping profile.

8 Raisecom#show mls qos mapping local-priority Show information about the local-to-queue

mapping table.

9 Raisecom#show mls qos dscp-mutation

interface-type interface-number Show information about the DSCP

remarking profile on an interface.

10 Raisecom#show mls qos mapping dscp-mutation

[ profile-id ] Show information about all/specified

DSCP re-marking profiles.

11 Raisecom#show mls qos mapping cos-remark

[ profile-id ] Show information about local-to-CoS

mapping profiles.

12 Raisecom#show mls qos cos-remark interface-

type interface-number Show information about the local-to-CoS

mapping profile on an interface.

10.3 Configuring traffic classification and traffic policy


Scenario

Traffic classification is the basis of QoS. For packets from upstream devices, you can classify

them according to their priorities or ACL rules. After traffic classification, the device can

provide related operations for different packets, providing differentiated services.

Raisecom



After configurations, the traffic classification cannot take effect until being bound to traffic

policy. The selection of traffic policy depends on the packet status and current network load

status. In general, when a packet is sent to the network, you need to limit the speed according

to Committed Information Rate (CIR) and re-mark the packet according to the service feature.

Prerequisite

To perform traffic classification based on the priority of packets, you need to configure

priority trust.

10.3.2 Creating and configuring traffic classification

Steps 4–10 are coordinate. You can select one as required.





3 Raisecom(config)#class-map class-

map-name { match-all | match-any } Create traffic classification and enter traffic

classification configuration mode.

4 Raisecom(config-cmap)#match

{ access-list-map | ip-access-list |

mac-access-list } acl-number

(Optional) configure traffic classification based on

ACL rules. For configurations on ACL see section

9.2 Configuring ACL.

5 Raisecom(config-cmap)#match cos cos-

value (Optional) configure traffic classification based on

CoS priority of VLAN packets.

6 Raisecom(config-cmap)#match ip dscp

dscp-value (Optional) configure traffic classification based on

DSCP priority of IP packets.

7 Raisecom(config-cmap)#match ip

precedence ip-precedence-value (Optional) configure traffic classification based on

ToS priority of IP packets.

8 Raisecom(config-cmap)#match vlan

vlan-id [ double-tagging inner ] (Optional) configure traffic classification based on

VLAN ID of VLAN packets/inner VLAN ID of

QinQ packets.

9 Raisecom(config-cmap)#match inner-

vlan vlan-id outer-vlan vlan-id (Optional) configure traffic classification based on

the inner/outer VLAN ID of QinQ packets.

10 Raisecom(config-cmap)#match class-

map class-map-name (Optional) configure traffic classification based on

the above traffic classification rules. The class-map-name parameter is the name of other created traffic

classification.

10.3.3 Creating and configuring traffic policing profile

To perform traffic policing on packets, you need to configure traffic policing profile and then

apply this profile to traffic classification bound to traffic policy. Therefore, you can perform

related QoS policies on users/services.

Raisecom



On the traffic policing profile, you can configure rate limiting rules or perform relate

operations on specified packets based on the color.



2 Raisecom(config)#mls qos policer-profile

policer-name [ aggregate | class |

single ]

Create the traffic policing profile and enter

traffic policing profile configuration mode.

3 Raisecom(traffic-policer)#cir cir cbs cbs

[ [ eir eir ] ebs ebs [ coupling ] | pir

pir pbs pbs ]

(Optional) configure rate limiting parameters

on the traffic policing profile.

You can select the working mode of the traffic

policing profile as required. If you specify any

optional parameter, the iTN165-CES works in

single traffic policing profile mode, where

only red and green packets are supported.

Otherwise, the iTN165-CES works in dual

traffic policing profile mode, where red,

yellow, and green packets are supported.

4 Raisecom(traffic-policer)#color-mode

{ aware | blind } (Optional) configure the color-mode of the

traffic policing profile.

By default, the traffic policing profile works

in blind mode.

5 Raisecom(traffic-policer)#recolor

{ green-recolor { red | yellow } | red-

recolor { green | yellow } | yellow-

recolor { green | red } }

(Optional) configure re-coloring.

6 Raisecom(traffic-policer)#drop-color

{ red [ yellow ] | yellow } (Optional) discard packets with specified

color.

7 Raisecom(traffic-policer)#set-cos { green

cos-value [ red cos-value | yellow cos-

value [ red cos-value ] ] | red cos-value

| yellow cos-value [ red cos-value ] }

(Optional) configure the mapping relationship

between packet color and CoS priority.

8 Raisecom(traffic-policer)#set-dscp

{ green dscp-value [ red dscp-value |

yellow dscp-value [ red dscp-value ] ] |

red dscp-value | yellow dscp-value [ red

dscp-value ] }


between packet color and DSCP priority.

9 Raisecom(traffic-policer)#set-pri { green

local-value [ red local-value | yellow

local-value [ red local-value ] ] | red

local-value | yellow local-value [ red

local-value ] }


between packet color and local priority.

10.3.4 Creating and configuring traffic policy

Steps 6–12 are coordinate. You can select one as required.

Raisecom





2 Raisecom(config)#policy enable Enable traffic policy.

By default, traffic policy is disabled.

3 Raisecom(config)#policy-map policy-

map-name Create a traffic policy and enter traffic policy

configuration mode.

4 Raisecom(config-pmap)#description

description (Optional) configure descriptions about the traffic

policy.

5 Raisecom(config-pmap)#class-map

class-map-name Bind the traffic classification to the traffic policy.

Perform traffic policy on packets that match the

traffic classification.

To bind traffic classification to a traffic policy, you should create and configure traffic classification in advance. In addition, the created traffic classification must be based on at least one kind of rules. Otherwise, the binding operation fails.

6 Raisecom(config-pmap-c)#police

policer-name (Optional) apply the configured traffic policing

profile under the traffic classification and limit the

rate of traffic based on the rule configured in the

traffic policing profile. For details about the traffic

policing profile, see section 10.3.3 Creating and

configuring traffic policing profile.

7 Raisecom(config-pmap-c)add outer-

vlan vlan-id (Optional) add the outer VLAN under the traffic

classification.

8 Raisecom(config-pmap-c)#redirect-to

interface-type interface-number (Optional) configure redirection rules under traffic

classification to forward matched packets from the

specified interface.

9 Raisecom(config-pmap-c)#set { cos

cos-value | local-priority priority-

value | inner-vlan inner-vlan-id |

ip dscp ip-dscp-value | ip

precedence ip-precedence-value |

vlan vlan-id }

(Optional) configure re-marking rules under traffic

classification to modify the CoS priority, local

priority, inner VLAN ID, DSCP priority, and ToS

priority of matched packets.

10 Raisecom(config-pmap-c)#statistics

enable (Optional) configure traffic statistics rules under

traffic classification to count traffic of matched

packets.

11 Raisecom(config-pmap-c)#hierarchy-

police policer-name (Optional) bind hierarchical rate limiting rules under

different traffic classification to control the total

speed of packets in these traffic classifications.

12 Raisecom(config-pmap-c)#copy-to-

mirror Configure the mirroring feature of traffic to mirror

matched packets to the monitor port.

13 Raisecom(config-pmap-c)#exit Return to traffic policy configuration mode.

Raisecom




Raisecom(config-pmap)#exit Return to global configuration mode.

Raisecom(config)#service-policy

policy-map-name ingress interface-


Apply the configured traffic policy to the ingress

interface.


policy-map-name ingress interface-

type interface-number egress


Apply the configured traffic policy to the ingress and

egress interfaces.


policy-map-name egress interface-


Apply the configured traffic policy to the egress

interface.



1 Raisecom(config)#show class-map [ class-map-

name ] Show configurations on specified traffic

classification rules.

2 Raisecom(config)#show policy-map [ policy-

map-name | class class-map-name | interface-

type interface-number ]

Show configurations on specified traffic

policy.

3 Raisecom#show mls qos { policer | policer-

profile } [ policer-name ] Show configurations on rate limiting

rules or traffic policing profiles in QoS.

4 Raisecom(config)#show service-policy

statistics [ interface-type interface-list ] Show statistics about applied policies.

5 Raisecom#show mls qos interface-type

interface-number policers Show configurations on rate limiting

rules in QoS.

10.4 Configuring queue scheduling


Scenario

When congestion occurs, you need to balance delay and jitter of packets, making packets of

core services, such as video and voice services, processed first while packets of non-core

services of the same priority, such as email, processed in a fair manner. Therefore, services of

different priorities are processed according to the weights. This can be realized by configuring

queue scheduling. The selection of scheduling algorithm depends on service types and users'

requirements.

After queue scheduling, you can configure the mapping relationship between local priority

and CoS priority of packets. Therefore, packets enter downstream devices by carrying the

specified CoS priority.

Raisecom



Prerequisite

To configure local priority and queue scheduling, you need to configure priority trust.

10.4.2 Configuring queue scheduling





configuration mode.

3 Raisecom(config-port)#mls qos queue scheduler sp Set the scheduling mode to SP.

10.4.3 Configuring WRR/SP+WRR queue scheduling





3 Raisecom(config-port)#mls qos queue

scheduler wrr Set the scheduling mode to WRR.


wrr weight1 weight2 weight3 weight4

weight5 weight6 weight7 weight8

Set the scheduling mode to WRR and configure the

weight for all queues.

When the priority of some queue is set to 0, perform

SP scheduling on the queue.

10.4.4 Configuring DRR/SP+DRR queue scheduling






scheduler drr Set the scheduling mode to DRR.


drr weight1 weight2 weight3 weight4

weight5 weight6 weight7 weight8

Set the scheduling mode to DRR and configure

priorities for all queues.

When the priority of some queue is set to 0, perform

SP scheduling on the queue.

Raisecom





1 Raisecom(config)#show mls qos queue

[ shapping | wred | wredprofile ] interface-

type interface-list

Show queue scheduling configurations.

2 Raisecom#show mls qos queue drop-pkts

statistics interface-type interface-list Show statistics about lost packets of a

queue on an interface.

10.5 Configuring congestion avoidance and queue shaping


Scenario

To prevent network congestion from occurring and to resolve TCP global synchronization,

you can configure congestion avoidance to adjust the network traffic and resolve network

overload. The iTN165-CES supports WRED-based congestion avoidance.

When the interface speed of downstream devices is smaller than the one of upstream devices,

congestion avoidance may occur on interfaces of downstream devices. At this time, you can

configure traffic shaping on the egress interface of upstream devices to shape upstream traffic.

Prerequisite

N/A

10.5.2 Configuring queue-based WRED



2 Raisecom(config)#mls qos wred enable Enable WRED. By default, WRED is disabled.

3 Raisecom(config)#mls qos wred profile

profile-id Create the WRED profile and enter WRED profile

configuration mode.

4 Raisecom(wred)#wred [ color { green |

red | yellow } ] start-drop-threshold

start-drop end-drop-threshold end-drop

max-drop-probability max-drop

Raisecom(wred)#exit

Configure the WRED profile and return to global

configuration mode.


type interface-number Enter physical layer interface configuration mode.


queue-id wredprofile wredprofile-num Apply the WRED profile to specified queues on an

interface.


queue-id max-buffer length Configure the queue size on an interface.

Raisecom



10.5.3 Configuring queue shaping






queue-id shaping minband maxband (Optional) configure queue-based bandwidth

guarantee without setting the EBS on an interface.


queue-id shaping cir minband [ cbs

minburst ] eir maxband [ ebs

maxburst ]

(Optional) configure queue-based bandwidth

guarantee with setting the EBS on an interface.



1 Raisecom#show mls qos wred profile

[ profile-id ] Show WRED profile configurations.

2 Raisecom#show mls qos queue { wred |

wredprofile } interface-type interface-

number

Show WRED/WRED profile information on an

interface.

3 Raisecom(config)#show mls qos queue

shaping interface-type interface-number Show queue shaping configurations on an

interface.

4 Raisecom#show mls qos queue max-buffer

interface-type interface-number Show queue size configurations on an interface.

10.6 Configuring rate limiting based on interface and VLAN


Scenario

To avoid/remit network congestion, you can configure rate limiting based on the interface,

VLAN, or interface+VLAN. Rate limiting is used to make packets transmitted at a relative

average speed by control the burst traffic on an interface or in a VLAN.

Prerequisite

To configure VLAN-/QinQ-based rate limiting, you need to create related VLANs.

Raisecom



10.6.2 Configuring interface-based rate limiting



2 Raisecom(config)#rate-limit interface-type

interface-list { both | egress | ingress }

rate-value [ burst-value ]

Configure interface-based rate limiting

rules.

10.6.3 Configuring VLAN-based/QinQ-based rate limiting



2 Raisecom(config)#rate-limit vlan vlan-id rate-value

burst-value [ statistics ] (Optional) configure VLAN-

based rate limiting rules.

3 Raisecom(config)#rate-limit double-tagging-vlan

outer { outer-vlan-id | any } inner { inner-vlan-id

| any } rate-value burst-value [ statistics ]

(Optional) configure QinQ-based

rate limiting rules.

10.6.4 Configuring rate limiting based on interface+VLAN



2 Raisecom(config)#rate-limit vlan vlan-id interface-

type interface-list { both | egress | ingress } cir

minband cbs minburst [ eir maxband ebs maxburst ]

[ statistics ]

Configure rate limiting rules based

on interface+VLAN.



1 Raisecom(config)#show rate-limit

{ interface-type interface-list |

port-list }

Show interface-based rate limiting configurations.

2 Raisecom#show rate-limit vlan [ vlan-

id ] Show VLAN-based rate limiting configurations.

3 Raisecom#show rate-limit double-

tagging-vlan [ inner vlan-id | outer

vlan-id inner vlan-id ]

Show QinQ-based rate limiting configurations.

4 Raisecom#show rate-limit vlan-port

[ vlan vlan-id interface-type

interface-list { both | egress |

ingress } ] [ statistics ]

Show rate limiting configurations based on the

interface+VLAN.

Raisecom



10.7 Maintenance

Command Description

Raisecom(config)#clear service-policy statistics

Clear QoS packet statistics.

Raisecom(config)#clear service-policy statistics interface-type interface-list

Clear QoS packet statistics on an

interface.

Raisecom(config)#clear service-policy statistics { egress | ingress } interface-type interface-list [ class-map class-map-name ]

Clear traffic statistics in a specified

traffic classification direction.

Raisecom(config)#clear rate-limit statistics vlan [ vlan-id ]

Clear VLAN-based rate limiting

packet loss statistics.


10.8.1 Examples for configuring rate limiting based on traffic policy


As shown in Figure 10-10, User A, User B, and User C are respectively within VLAN 1,

VLAN 2, and VLAN 3. And they are respectively connected to the iTN165-CES through

Switch A, Switch B, and Switch C.

User A transmits voice and video services; User B transmits voice, video, and data services;

User C transmits video and data services.

According to users' requirements, make following rules:

For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard

the redundant traffic.

For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard


For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard


Raisecom



Figure 10-10 Configuring rate limiting based on traffic policy

Configuration steps

Step 1 Create and configure traffic classifications. Classify packets from different users based on the

VLAN IDs.

Raisecom#config

Raisecom(config)#mls qos enable

Raisecom(config)#class-map usera match-any

Raisecom(config-cmap)#match vlan 1

Raisecom(config-cmap)#exit

Raisecom(config)#class-map userb match-any



Raisecom(config)#class-map userc match-any



Step 2 Create traffic policing profiles and configure rate limiting rules.

Raisecom(config)#mls qos policer-profile usera single

Raisecom(traffic-policer)#cir 25000 cbs 100

Raisecom(traffic-policer)#drop-color red

Raisecom(traffic-policer)#exit

Raisecom(config)#mls qos policer-profile userb single




Raisecom(config)#mls qos policer-profile userc single



Raisecom




Step 3 Create and configure traffic policies.

Raisecom(config)#policy-map usera

Raisecom(config-pmap)#class-map usera

Raisecom(config-pmap-c)#hierarchy-police usera

Raisecom(config-pmap-c)#exit

Raisecom(config-pmap)#exit

Raisecom(config)#service-policy usera ingress client 1

Raisecom(config)#policy-map userb

Raisecom(config-pmap)#class-map userb

Raisecom(config-pmap-c)#hierarchy-police userb



Raisecom(config)#service-policy userb ingress client 2

Raisecom(config)#policy-map userc

Raisecom(config-pmap)#class-map userc

Raisecom(config-pmap-c)#hierarchy-police userc



Raisecom(config)#service-policy userc ingress client 3



Checking results

Use the show class-map command to show traffic classification configurations.

Raisecom#show class-map usera

Class Map match-any usera (id 0)

Match vlan 1

Raisecom#show class-map userb

Class Map match-any userb (id 1)

Match vlan 2

Raisecom#show class-map userc

Class Map match-any userb (id 2)

Match vlan 3

Use the show mls qos policer command to show rate limiting rule configurations.

Raisecom#show mls qos client 1 policers

Raisecom



port: client1

policymap name: usera

policer type: Single, name: usera

cir: 25000 kbps, cbs: 100 kB,

Raisecom(config)#show mls qos client 2 policers

port: client2


policer type: Single, name: userb


Raisecom(config)#show mls qos client 3 policers

port: client3


policer type: Single, name: userc


Use the show policy-map command to show traffic policy configurations.

Raisecom(config)#show policy-map usera

Policy Map usera

Class-map usera

police usera

Raisecom(config)#show policy-map userb

Policy Map userb

Class-map userb

police userb

Raisecom(config)#show policy-map userc

Policy Map userc

Class-map userc

police userc

10.8.2 Examples for configuring queue scheduling and congestion avoidance


As shown in Figure 10-11, User A transmits voice and video services; User B transmits voice,

video, and data services; User C transmits video and data services.

CoS priorities for voice, video and data services are configured with 5, 4, and 2 respectively.

And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively.

Make following rules based on service types.

Perform SP scheduling on voice service to ensure that the traffic is first transmitted.

Perform WRR scheduling on video service and set the weight to 50.

Perform WRR scheduling on data service and set the weight to 20. In addition, you need

to set the drop threshold to 50 to avoid network congestion caused by too large burst

traffic.

Raisecom



Figure 10-11 Configuring queue scheduling

Configuration steps

Step 1 Create the WRED profile.

Raisecom#config

Raisecom(config)#mls qos wred enable

Raisecom(config)#mls qos wred profile 1

Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 max-

drop-probability 60

Raisecom(wred)#exit

Step 2 Configure the priority trust and congestion avoidance on interfaces.

Raisecom#config

Raisecom(config)#mls qos enable


Raisecom(config-port)#mls qos trust cos

Raisecom(config-port)#mls qos queue 6 wredprofile 1













Raisecom






Step 3 Configure the mapping relationship between the CoS priority and local priority.

Raisecom(config)#mls qos mapping cos-to-local-priority 1

Raisecom(cos-to-pri)#cos 5 to local-priority 6



Raisecom(cos-to-pri)#exit


Raisecom(config-port)#mls qos cos-to-local-priority 1






Step 4 Configure SP+WRR queue scheduling.

Raisecom(config)#mls qos queue scheduler wrr

Raisecom(config)#mls qos queue wrr 1 1 20 11 50 0 0



Checking results

Use the show mls qos mapping cos-to-local-priority command to show mapping

relationship configurations on specified priorities.

Raisecom(config)#show mls qos mapping cos-to-local-priority

G:GREEN

Y:Yellow

R:RED

cos-to-localpriority(color)

Index Description CoS: 0 1 2 3 4 5 6 7

-------------------------------------------------------------------

1 localpri(color) :0(G) 1(G) 2(G) 3(G) 5(G) 6(G) 6(G) 7(G)

Use the show mls qos queue command to show queue scheduling configurations.

Raisecom



Raisecom#show mls qos queue client 1

client1

Queue Weight(WRR)

-------------------------

1 1

2 1

3 1

4 1

5 1

6 1

7 1

8 1

Queue Weight(DRR)

-------------------------

1 1

2 1

3 1

4 1

5 1

6 1

7 1 8 1

Use the show mls qos wred profile command to show WRED profile configurations.

Raisecom#show mls qos wred profile

GSDT：Green Start Drop Threshold

GEDT：Green End Drop Threshold

GDP ：Green Drop Probability

YSDT：Yellow Start Drop Threshold

YEDT：Yellow End Drop Threshold

YDP ：Yellow Drop Probability

RSDT：Red Start Drop Threshold

REDT：Red End Drop Threshold

RDP ：Red Drop Probability

Index Description GSDT GEDT GDP YSDT YEDT YDP

RSDT REDT RDP

-------------------------------------------------------------------------

-----------------------------------

1 50 90 60 50 90 60 50

90 60

10.8.3 Examples for configuring interface-based rate limiting


As shown in Figure 10-12, User A, User B, and User C are connected to the iTN165-CES

through Switch A, Switch B, and Switch C.

User A transmits voice and video services; User B transmits voice, video, and data services;

User C transmits video and data services.

Raisecom



According to users' requirements, make following rules:

For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard


For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard


For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard


Figure 10-12 Configuring interface-based rate limiting

Configuration steps

Step 1 Configure interface-based rate limiting.

Raisecom#config

Raisecom(config)#rate-limit client 1 ingress 25000 100





Checking results

Use the show rate-limit port-list command to show interface-based rate limiting

configurations.

Raisecom



Raisecom#show rate-limit port-list

I-Rate: Ingress Rate

I-Burst: Ingress Burst

E-Rate: Egress Rate

E-Burst: Egress Burst

Port I-Rate(kbps) I-Burst(kB) E-Rate(kbps) E-Burst(kB)

----------------------------------------------------------------

L1 1000000 512 1000000 512

L2 1000000 512 1000000 512

C1 25000 100 1000000 512

C2 35000 100 1000000 512

C3 30000 100 1000000 512

C4 1000000 512 1000000 512

Raisecom

iTN165-CES (A) Configuration Guide 11 System management and maintenance


11 System management and maintenance

This chapter describes principles and configuration procedures of system management and

maintenance, as well as related configuration examples, including following sections:

Introduction

Managing files

Load and upgrade

Configuring system log

Configuring alarm management

Configuring CPU protection

Configuring CPU monitoring

Configuring RMON

Configuring optical module DDM

Configuring Loopback

Configuring extended OAM

Configuring LLDP

Configuring fault detection

Maintenance


11.1 Introduction

11.1.1 Management files

System files

System files are the software/files required for running, including the system Bootrom file,

system configuration file, system startup file, and FPGA file. In general, these files are saved

to the memory of the device.

File management refers to backing up, upgrading, loading, and deleting system files.

Raisecom



System Bootrom file

The system Bootrom file (BootROM software) is used to initialize the device. After the device

is powered on, the BootROM software is running to initialize the device. You can upgrade the

BootROM software if a new version is available.

System startup file

The system startup file (with the .z suffix) is used to start and operate the device, support

normal operating, and realize functions of the device. You can upgrade the system startup file

if a new version is available. In addition, to prevent a system fault, you can back up the

system startup file.

The iTN165-CES supports 2 sets of system startup software simultaneously, providing

primary and secondary switching of dual systems.

System configuration file

The system configuration file (with the .cfg suffix) is configuration items to be loaded when

the device is booted at this time or next time.

After being powered on, the device reads the configuration file from the memory for

initialization. If there is no configuration file in the memory, the device will use the default

configuration file.

Configuration parameters in the configuration file are divided into the following 2 types:

Configuration parameters used for initialization are initial configurations.

Configuration parameters used when a device is running properly are current

configurations.

You can modify current configurations through CLI. To make these modified current

configurations as initial configurations when the device is powered on next time, you should

save current configurations to the memory (by using the write command) to form a

configuration file.

11.1.2 Load and upgrade

Load

Traditionally, the configuration file is loaded through the serial port. This mode has some

disadvantages:

Be slow.

Consume time.

Do not support remote load.

To resolve these problems, FTP load and TFTP load modes are introduced.

The iTN165-CES supports the TFTP auto-loading mode.

The TFTP auto-loading refers to downloading the configuration file from the server to the

device through Trivial File Transfer Protocol (TFTP) for configuring the device.

Raisecom



The iTN165-CES supports saving commands related to load to the configuration file saved in

the server. Therefore, the iTN165-CES can load configurations for multiple times. This helps

load files in a complex network environment.

The iTN165-CES provides multiple methods to acknowledge the name of the configuration

file saved in the TFTP server:

Entering the name manually

Getting the name through DHCP Client

Using the default configuration file name

Upgrade

To resolve the following problems, you can upgrade the device:

Adding new features to the device

Optimizing original functions

Fixing Bugs of the current software version

The iTN165-CES supports being upgraded through the following 2 modes:

BootROM

FTP/TFTP

11.1.3 System log

The system log refers that the device records the system information and debugging

information in a log and sends the log to the specified destination. When the device fails to

work, you can check and locate the fault easily.

The system information and some scheduling output will be sent to the system log to deal

with. According to the configuration, the system will send the log to various destinations. The

destinations that receive the system log are divided into:

Console: send the log message to the local console through Console interface.

Host: send the log message to the host.

Monitor: send the log message to the monitor.

Flash: send the log file to the Flash of the device.

In general, the system log is in a format of timestamp module-level- Message content

An instance of the system log content is shows as below:

FEB-22-2005 14:27:33 CONFIG-7-CONFIG:USER "raisecom" Run "logging on"

FEB-22-2005 06:46:20 CONFIG-6-LINK_D:port 2 Link Down

FEB-22-2005 06:45:56 CONFIG-6-LINK_U:port 2 Link UP

11.1.4 Alarm management

An alarm refers to information generated by the system based on module failures when a fault

is generated on the iTN165-CES or some working condition changes.

Raisecom



The alarm is used to report some urgent and important events and notify them to the network

administrator promptly, which provides strong support for monitoring device operation and

diagnosing faults.

The alarm is stored in the alarm buffer. Meanwhile, the alarm is generated to log information.

If the NView NNM system is configured, the alarm will be sent to it through SNMP. The

information sent to the NView NNM system is called Trap.

Classification of alarms

There are 3 kinds of alarms according to properties of an alarm:

Fault alarm: alarms generated because of hardware failure or anomaly of important

functions, such as port Down alarm

Recovery alarm: alarms generated when device failure or abnormal function returns to

normal, such as port Up alarm;

Event alarm: prompted alarms or alarms that are generated because the fault alarm and

recovery alarm cannot be related, such as alarms generated because of failing to Ping.

Alarms are divided into 5 types according to functions:

Communication alarm: alarms related to the processing of information transmission,

including alarms generated because of communication failure between Network

Elements (NEs), NEs and NMS, or NMS and NMS

Service quality alarm: alarms caused by service quality degradation, including

congestion, performance decline, high resource utilization rate, and the bandwidth

reducing

Processing error alarm: alarms caused by software or processing errors, including

software errors, memory overflow, version mismatching, and abnormal program aborts

Environmental alarm: alarms caused by equipment location-related problems, including

the temperature, humidity, ventilation. and other abnormal working conditions

Device alarm: alarms caused by failure of physical resources, including the power supply,

fan, processor, clock, input/output interface, and other hardware.

Alarm output

There are 3 alarm output modes:

Alarm buffer: alarms are recorded in tabular form, including the current alarm table and

history alarm table.

− Current alarm table: records alarms which are not cleared, acknowledged or restored.

− History alarm table: consists of acknowledged and restored alarms, recording the

cleared, auto-restored, or manually acknowledged alarms.

Log: alarms are generated to system log when recorded in the alarm buffer, and stored in

the alarm log buffer.

Trap: alarms sent to the NView NNM system when the NView NNM system is

configured

Alarms will be broadcasted according to various terminals configured on the iTN165-CES,

including CLI terminal and NView NNM system.

Log output of alarms starts with the symbol "#", and the output format is:

Raisecom



#Index TimeStamp HostName ModuleName/Severity/name：Arise From Description

Table 11-1 describes alarm fields.

Table 11-1 Alarm fields

Field Description

Index Alarm index

TimeStamp Time when an alarm is generated

ModuleName Name of a module that generates an alarm

Severity Alarm level

Name Alarm name

Arise From Description Descriptions about an alarm

Alarm levels

The alarm level is used to identify the severity degree of an alarm. The level is defined in

Table 11-2.

Table 11-2 Alarm levels

Level Description Syslog

Critical (3) This alarm has affected system services and

requires immediate troubleshooting. Restore the

device or source immediately if they are

completely unavailable, even it is not during

working time.

1 (Alert)

Major (4) This alarm has affected the service quality and

requires immediate troubleshooting. Restore the

device or source service quality if they decline; or

take measures immediately during working hours

to restore all performances.

2 (Critical)

Minor (5) This alarm has not influenced the existing service

yet, which needs further observation and take

measures at appropriate time so as to avoid more

serious fault.

3 (Error)

Warning (6) This alarm will not affect the current service, but

maybe the potential error will affect the service, so

it can be considered as needing to take measures.

4 (Warning)

Indeterminate (2) Uncertain alarm level, usually the event alarm. 5 (Notice)

Cleared (1) This alarm shows to clear one or more reported

alarms.

5 (Notice)

Raisecom



Related concepts

Related concepts about alarm management are displayed as follows:

Alarm inhibition

The iTN165-CES only records root-cause alarms but incidental alarms when enabling alarm

inhibition. For example, the generation of alarm A will inevitably produce alarm B, then

alarm B is inhibited and does not appear in the alarm buffer or record the log information

when enabling alarm inhibition. By enabling alarm inhibition, the iTN165-CES can

effectively reduce the number of alarms.

The root-cause alarm and all other incidental alarms will be recorded on the iTN165-CES

when alarm inhibition is disabled.

Alarm auto-report

Auto-report refers that an alarm will be reported to the NView NNM system automatically

with its generation and the NView NNM system does not need to query or synchronize alarms

actively.

You can set auto-report to some alarm, some alarm source, or the specified alarm from

specified alarm source.

The alarm source refers to an entity that generates related alarms, such as interfaces, devices, or cards.

Alarm monitoring

Alarm monitoring is used to process alarms generated by modules:

− When alarm monitoring is enabled, the alarm module will receive alarms generated

by modules, and process them according to configurations of the alarm module, such

as recording alarm in the alarm buffer, or recording system logs, etc.;

− When alarm monitoring is disabled, the alarm module will discard alarms generated

by modules without follow-up treatment. In addition, alarms will not be recorded on

the iTN165-CES.

You can perform alarm monitoring on some alarm, alarm source, or specified alarm from

specified alarm source.

Alarm reverse mode

Alarm reverse refers to the device will report the information opposite to actual status when

recording alarm information, or report the alarm when there is no alarm information. Not

report if there is alarm information.

Currently, the device is only in support of reverse mode configuration of the interface. There

are three reverse modes to be set; the specific definitions are as follows:

− Non-reverse mode

Device alarm is reported normally.

− Manual reverse mode

Set the alarm reverse mode of an interface as manual reverse mode, then no matter what the

current alarm state is, the reported alarm state of the interface will be changed opposite to the

actual alarm state immediately, that is to say, not report when there are alarms, report when

Raisecom



there are not alarms actually. The interface will maintain the opposite alarm state regardless of

the alarm state changes before the alarm reverse state being restored to non-reverse mode.

− Auto-reverse mode

Set the alarm reverse mode as auto-reverse mode. If the interface has not actual reverse alarm

currently, the setting will return fail; if the interface has actual reverse alarm, the setting is

success and enter reverse mode, i.e. the interface reported alarm status is changed opposite to

the actual alarm status immediately. After the alarm is finished, the enabling state of interface

alarm reverse will ends automatically and changes to non-reverse alarm mode so that the

alarm state can be reported normally in next alarm.

Alarm delay

Alarm delay refers that the iTN165-CES will record alarms and report them to the NView

NNM system after a delay but not immediately when alarms generate. Delay for recording

and reporting alarms are identical.

By default, an alarm is reported after 0 seconds it is generated and an alarm is cleared after 0

seconds it is finished.

Alarm storage mode

Alarm storage mode refers to how to record new generated alarms when the alarm buffer is

full. There are two ways:

− stop: stop mode, when the alarm buffer is full, new generated alarms will be

discarded without recording.

− loop: loop mode, when the alarm buffer is full, the new generated alarms will replace

old alarm information and take rolling records.

The current alarm list can record up to 1000 alarms and the historical alarm table can record

up to 500 alarms. Use the configured storage mode to deal with newly-generated alarms when

the alarm table is full.

Clearing alarms

Clear the current alarm, which means deleting current alarms from the current alarm table.

The cleared alarms will be saved to the historical alarm table. In addition, a new all-alarm

cleared record is generated.

Viewing alarms

The administrator can view alarms and monitor alarms directly on the iTN165-CES. If the

iTN165-CES is configured with the NView NNM system, the administrator can monitor

alarms on the NView NNM system.

Hardware monitoring alarms

Hardware monitoring is used to monitor the operating environment of the iTN165-CES. The

alarms to be monitored include:

Power supply dying-gasp alarm

The iTN165-CES supports dual power supplies. The power supply dying-gasp alarm is

divided into single power supply dying-gasp alarm and dual power supply dying-gasp alarm.

− Single power supply dying-gasp alarm: inform users that power supply 1/power

supply 2 is powered off. saving to the temperature beyond threshold alarm table,

sending Trap to the NView NNM system, and outputting to the system log.

Raisecom



− Device dying-gasp: 2 power supplies are powered off. Support outputting to system

log only.

Temperature beyond threshold alarm

The device is in support of temperature beyond threshold alarm event, when the current

temperature is lower than low temperature threshold, the low temperature alarm event will

generate. The iTN165-CES supports saving to the temperature beyond threshold alarm table,

sending Trap to the NView NNM system, and outputting to the system log.

When the device current temperature is higher than high temperature threshold, the high

temperature alarm event will generate. The iTN165-CES supports saving to the device

hardware environment monitoring alarm table, sending Trap to the NView NNM system, and

outputting to the system log.

Voltage beyond threshold alarm

The device is in support of voltage beyond threshold alarm event, when the current voltage is

lower than low voltage threshold, the low voltage alarm event will generate. The iTN165-CES

supports saving to the voltage beyond threshold alarm table, sending Trap to the NView NNM

system, and outputting to the system log.

When current voltage value of the monitored voltage is greater than the threshold, a high

voltage alarm is generated. The iTN165-CES supports saving to the voltage beyond threshold

alarm table, sending Trap to the NView NNM system, and outputting to the system log.

The iTN165-CES monitors 3.3 V master chip voltage only.

Interface status anomaly alarm

Each interface has 2 alarm events:

− Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The

alarm event only aims at optical interface, but not electrical interface.

− Interface link-down alarm: interface status Down alarm.

The iTN165-CES supports saving these 2 alarm events to the device hardware environment

monitoring alarm table, sending Trap to the NView NNM system, and outputting to the

system log.

11.1.5 CPU protection

Because the network environment of the iTN165-CES is complex, the iTN165-CES may be

attacked by multiple packets, such as ARP packets, BPDU packets, and ICMP packets. If the

iTN165-CES receives a great number of attack packets in a short period, the CPU may work

with full load. Therefore, the iTN165-CES cannot process normal services in time, degrading

device performance.

To effectively use resources and prevent packet attacks, the iTN165-CES needs to protect the

CPU. In a certain interval, when the number of some packet received by an interface exceeds

the upper threshold, the iTN165-CES will discard the packet without reporting it to the CPU.

This helps protect the CPU.

In a certain interval, when the number of some packet received by an interface is smaller than

the lower threshold, the iTN165-CES will not discard the packet. The iTN165-CES counts the

number of some packet in a sampling mode.

Raisecom



The iTN165-CES supports CPU protection. The packet sampling interval ranges from 0 to

65535s and the threshold ranges from 2 to 65535. The upper threshold is always greater than

the lower threshold.

11.1.6 CPU monitoring

The iTN165-CES supports CPU monitoring, which is used to monitor task status, CPU

utilization rate, and stack usage in real time, helping the administrator locate the fault quickly.

CPU monitoring can provide the following functions:

Viewing CPU utilization

– View CPU hold time and utilization rate of all tasks in each period (5 seconds, 1

minute, 10 minutes, or 2 hours). The total CPU utilization rate within each period can

be displayed statically or dynamically.

– View the operating status of all tasks and the detailed operating status information of

specified tasks.

– View historical CPU utilization rate within each period.

– View the dying gasp task information.

CPU utilization rate threshold alarm

Within a specified sampling period, the system will generate an alarm and send Trap if CPU

utilization rate is over the configured rising threshold or below the declining threshold. The

Trap provides 5 task IDs and their CPU utilization rates of tasks which have the highest CPU

utilization rate in the latest period (5 seconds, 1 minute, or 10 minutes).

11.1.7 RMON

Remote Network Monitoring (RMON) is a standard developed by the Internet Engineering

Task Force (IETF). RMON is used to monitor network data through different Agents and

NMS. RMON is an extension of SNMP. However, compared with SNMP, ROMN is more

active and efficient for monitoring remote devices.

The administrator can quickly trace faults generated on the network, network segments or

devices. With RMON, the data traffic between the NMS and Agent is reduced greatly. In

addition, RMON helps to effectively manage large-scale network, which eliminating SNMP

restrictions across the increasing distributed network.

At present, RMON realizes 4 function groups:

Statistics group: collect statistic information on each interface, including number of

received packets and packet size distribution statistics.

History group: similar with the statistics group, but it only collect statistic information in

an assigned detection period.

Alarm group: monitor an assigned MIB object, set the upper and lower thresholds in an

assigned time interval, and trigger an event if the monitored object exceeds the threshold.

Event group: cooperating with the alarm group, when alarm triggers an event, it records

the event, such as sending Trap or writing it into the log, etc.

11.1.8 Optical module DDM

Small Form-factor Pluggables (SFP) is an optical module in optical module transceivers. The

SFP Digital Diagnostic Monitoring (DDM) provides a method for monitoring performance.

By analyzing monitored data provided by the SFP module, the administrator can predict the

Raisecom



lifetime of the SFP module, isolate system faults, as well as verify the compatibility of the

SFP module.

The SFP module offers 5 performance parameters:

Temperature for the transceiver

Internal Power Feeding Voltage (PFV)

Launched bias current

Launched optical power

Received optical power

11.1.9 Loopback

As shown in Figure 11-1, interface loopback test (Loopback) is a common method for

checking interface and network problems. Return the packets, which meet rules and related

parameters defined by users, to the iTN B through Client 1 of iTN A. By counting packets

transmitted and received by an interface, iTN B can detect the network connectivity.

Figure 11-1 Interface loopback

Ingress packets and egress packets

As shown in Figure 11-1, ingress packets and egress packets are defined as below:

Ingress packets: test packets received by Client 1

Egress packets: test packets returned to the peer device through Client 1

Loopback parameters

Loopback parameters include the source MAC address, destination MAC address, source IP

address, destination IP address, SVLAN ID, and CVLAN ID. When you set a loopback

parameter and enable loopback of the related rule, packets, which meet the parameter, will be

used for loopback.

Enabling loopback rules

You can enable loopback of a rule by using some command. The iTN165-CES supports 9

loopback rules:

Loopback based on interface: packets entering this interface will be used for loopback.

Loopback based on destination MAC address: packets, which enter the interface and

whose destination MAC address is the loopback parameter, will be used for loopback.

Raisecom



Loopback based on source MAC address: packets, which enter the interface and whose

source MAC address is the loopback parameter, will be used for loopback.

Loopback based on destination IP address: packets, which enter the interface and whose

destination IP address is the loopback parameter, will be used for loopback.

Loopback based on source IP address: packets, which enter the interface and whose

source IP address is the loopback parameter, will be used for loopback.

Loopback based on CVLAN: packets, which enter the interface and whose CVLAN is

the specified VLAN ID, will be used for loopback.

Loopback based on SVLAN: packets, which enter the interface and whose SVLAN is the

specified VLAN ID, will be used for loopback.

Loopback based on Double-VLAN (DVLAN): packets, which enter the interface and

whose CVLAN and SVLAN are specified VLAN IDs, will be used for loopback.

Loopback based on source IP address and destination IP address: packets, which enter

the interface and whose source IP address and destination IP address are specified IP

addresses, will be used for loopback.

Loopback hold time

The loopback hold time ranges from 0 to 30 minutes. When the hold time expires, loopback of

some rule will be automatically disabled on the interface. When the hold time is set to 0

minute, loopback will be performed continuously until being disabled manually.

Unicast source MAC address translation

Source MAC address translation refers to changing the source MAC address of egress packets

to the local MAC addresses of iTN A or destination MAC address of ingress packets. Only

unicast packets support source MAC address translation. For multicast and broadcast packets,

their MAC addresses are the local MAC address of the iTN A.

Multicast/Broadcast destination MAC address translation

Destination MAC address translation refers to changing destination MAC addresses of egress

packets to the MAC address of iTN B. Namely, after loopback, multicast and broadcast

packets are changed to unicast packets. If destination MAC address translation is disabled,

destination MAC address of egress packets are the multicast and broadcast MAC addresses of

original packets.

Multicast/Broadcast destination IP address translation For multicast IP packets, when destination IP address translation is enabled, the

destination IP address of egress packets are changed from the original multicast IP

address to the source IP address of ingress packets. Namely. The multicast packets are

changed to unicast packets to return to the peer. When destination IP address translation

is disabled, the destination IP address of egress packets are the original multicast IP

address.

For broadcast IP packets, the destination IP address is changed to the source IP address

of the ingress packets regardless of whether destination IP address translation is enabled

or not.

The source IP address of all egress packets is always changed to the configured local IP

address. By default, the local IP address of the iTN165-CES is set to 127.0.0.1.

Raisecom



11.1.10 Extended OAM

Extended OAM is based on the IEEE 802.3ah OAM link. It uses expandability of standard

OAM and enhances OAM management functions. It is mainly used to configure and monitor

remote devices, including the following items:

Obtaining properties of remote devices: the local device can obtain properties,

configurations, and statistics of remote devices.

Configuring basic functions for remote devices: the local device can configure some

functions for remote devices, including the host name, interface status, speed, duplex

mode, bandwidth, and failover.

Configuring network management parameters: the local device can configure network

management parameters for remote devices that support SNMP, such as the IP address,

gateway, management IP address, and read-write community. Therefore, the NView

NNM system can manage remote devices.

Sending remote Trap: when a Link Up/Down alarm is generated on a remote device, the

remote device sends an extended OAM notification frame to the local device. The local

device sends remote Trap to the NView NNM system.

Rebooting remote devices: the local device can send commands to reboot remote devices.

Managing other remote functions: the local device can manage more remote devices as

they are developed, such as SFP and QinQ.

When the iTN165-CES is a managed remote device, the local device (such as the iTN2100)

can configure and manage it through extended OAM, as shown in Figure 11-2.

Figure 11-2 The iTN165-CES working as a managed remote device

The iTN165-CES supports the following remote functions:

Rebooting the device

Viewing basic information about the device (name. model, version, and capability)

Configuring the IP address and default gateway of the device

Uploading and downloading files

Configuring the SNMP community

11.1.11 LLDP

With the enlargement of network scale and increase of network devices, the network topology

becomes more and more complex and network management becomes very important. A lot of

Raisecom



network management software adopts "auto-detection" function to trace changes of network

topology, but most of the software can only analyze the Layer 3 network and cannot make

sure the interfaces connect to other devices.

Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network

management system can fast grip the Layer 2 network topology and changes.

LLDP organizes the local device information in different Type Length Value (TLV) and

encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straight-

connected neighbour. It also saves the information from neighbour as standard Management

Information Base (MIB) for network management system querying and judging link

communication.

LLDP packet

LLDP packet is to encapsulate LLDPDU Ethernet packet in data unit and transmitted by

multicast.

LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before

forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in

Ethernet data for transmission.

As shown in Figure 11-3, LLDPDU is made by several TLV, including 4 mandatory TLV and

several optional TLV.

Figure 11-3 Structure of LLDPDU packet

As shown in Figure 11-4, each TLV denotes a piece of information at local, such as device ID,

interface ID, etc. related Chassis ID TLV, Port ID TLV, and fixed TLV.

Figure 11-4 Structure of TLV packet

TLV type value relationship is listed in Table 11-3, at present only types 0–8 are used.

Table 11-3 TLV types

TLV type Description Optional or required

0 End Of LLDPDU Required

1 Chassis ID Required

2 Port ID Required

3 Time To Live Required

4 Port Description Optional

Raisecom



TLV type Description Optional or required

5 System Name Optional

6 System Description Optional

7 System Capabilities Optional

8 Management Address Optional

Working principles of LLDP

LLDP is a kind of point-to-point one-way issuance protocol, which notifies local device link

status to peer end by sending LLDPDU (or sending LLDPDU when link status changes)

periodically from local to peer end.

The procedure of packet exchange:

When local device transmits packet, it gets system information required by TLV from

NView NNM (Network Node Management) and gets configuration information from

LLDP MIB to generate TLV and form LLDPDU to transmit to peer.

The peer receives LLDPDU and analyzes TLV information. If there is any change, the

information will be updated in neighbor MIB table of LLDP and notifies NView NNM

system.

When the device status is changed, the iTN165-CES sends a LLDP packet to the peer. To

avoid sending LLDP packet continuously because of device status changes frequently, you

can set a delay timer for sending the LLDP packet.

The aging time of Time To Live (TTL) of local device information in the neighbour node can

be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to

neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of

its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535,

(interval × hold-multiplier)}:

Interval indicates the time period to send LLDP packets from neighbor node.

Hold-multiplier refers to the aging coefficient of device information in neighbor node.

11.1.12 Fault detection

PING

Ping derives from the sonar location operation, which is used to detect whether the network is

normally connected. Ping is achieved with ICMP echo packets. If an Echo Reply packet is

sent back to the source address during a valid period after the Echo Request packet is sent to

the destination address, it indicates that the route between source and destination address is

reachable. If no Echo Reply packet is received during a valid period and timeout information

is displayed on the sender, it indicates that the route between source and destination addresses

is unreachable.

Figure 11-5 shows the principle of Ping.

Raisecom



Figure 11-5 Principle of PING

Traceroute

Just as Ping, Traceroute is a commonly-used maintenance method in network management.

Traceroute is often used to test the network nodes of packets from sender to destination, detect

whether the network connection is reachable, and analyze network fault

The following shows how Traceroute works:

First, send a piece of TTL1 sniffer packet (where the UDP port number of the packet is

unavailable to any application programs in destination side).

TTL deducts 1 when reaching the first hop. Because the TTL value is 0, in the first hop

the device returns an ICMP timeout packet, indicating that this packet cannot be sent.

The sending host adds 1 to TTL and resends this packet.

Because the TTL value is reduced to 0 in the second hop, the device will return an ICMP

timeout packet, indicating that this packet cannot be sent.

The above steps continue until the packet reaches the destination host, which will not return

ICMP timeout packets. Because the port number of destination host is not be used, the

destination host will send the port unreachable packet and finish the test. Thus, the sending

host can record the source address of each ICMP TTL timeout packet and analyze the path to

the destination according to the response packet.

Figure 11-6 shows the principle of Traceroute.

Figure 11-6 Principle of Traceroute

Raisecom



11.2 Managing files

11.2.1 Managing BootROM file

The BootROM file is used to boot the iTN165-CES and finish device initialization. You can

upgrade BootROM file through FTP or Trivial File Transfer Protocol (TFTP). By default,

BootROM file is named as bootrom or bootromfull.

After powering on the iTN165-CES, run the BootROM files at first, press Space to enter

BootROM menu when the prompt "Press space into Bootrom menu…" appears:

Raisecom Boot Loader Bootrom version 1.1.0

Raisecom Technology CO..LTD. .Compiled Mar 18 2013 17:33:50

Base ethernet Mac address: 00:0e:5e:02:03:04

Press Space to Enter Bootrom menu......

1

[Raisecom]:

You can perform the following operations in the menu below.

Operation Description

? List all executable operations.

h List all executable operations.

b Quick execution for system bootstrap software.

i Modify the IP address of the iTN165-CES in BootROM mode.

m Upgrade the firmware version (such as CPLD mirroring) of the iTN165-

CES.

r Reboot the iTN165-CES.

S List all system startup software name and related information and specify

system startup software name loaded at the time of startup.

u Upgrade the system software through the serial port or network interface.

ub Upgrade the BootROM software.

11.2.2 Managing system files

System files are the files needed for system operation (like system startup software and

configuration file). These files are usually saved in the memory, the iTN165-CES manages

them by a file system to facilitate user managing the memory. The file system can create,

delete, and modifies the file and directory.

In addition, the iTN165-CES supports 2 sets of system startup software. When one set of

software fails, you can manually switch to the other to reduce influences caused by service

crashes.

Raisecom




1 Raisecom#multi-system overwrite versionindex Specify the ID of the system boot

software downloaded by the device.

2 Raisecom#download bootstrap { ftp ip-address

user-name password file-name | tftp ip-address

file-name }

Download the system bootstrap

software via FTP or TFTP.

3 Raisecom#download system-boot { ftp ip-address

user-name password file-name | tftp ip-address

file-name }

Download the system boot software

through FTP or TFTP.

4 Raisecom#multi-system upload version index Specify the ID of the system boot

software uploaded by the device.

5 Raisecom#upload system-boot { ftp [ ip-address

user-name password file-name ] | tftp [ ip-

address file-name ] } [ schedule-list list-

number ]

Upload the system boot software via

FTP or TFTP.

6 Raisecom#erase [ file-name ] Delete the files from the memory.

11.2.3 Managing configuration files

The configuration file is the configuration items to be loaded when the iTN165-CES is booted

this time or next time.

Configuration file has an affix ".cfg", and these files can be open by text book program in

Windows system. The contents in the following format:

Saved as Mode+Command format;

Just reserve the non-defaulted parameters to save space (see command reference for

default values of configuration parameters);

Take the command mode for basic frame to organize commands, put commands of one

mode together to form a section, the sections are separated by "!".

The iTN165-CES starts initialization by reading configuration files from memory after

powering on. Thus, the configuration in configuration files are called as initialization

configuration, if there is no configuration files in memory, the device take the default

parameters for initialization.

The device running configuration is called current configuration.

You can modify device current configuration through CLI. The current configuration can be

used as initial configuration when next time power on, you must use the write command to

save current configuration into memory and form configuration file.


1 Raisecom#download startup-config { ftp ip-address

user-name password file-name [ reservedevcfg ] |

tftp ip-address file-name [ reservedevcfg ] }

Download system startup

configuration files through FTP

or TFTP.

2 Raisecom#erase [ file-name ] Delete the files from memory.

Raisecom




3 Raisecom#upload startup-config { ftp [ ip-address

user-name password file-name ] | tftp [ ip-address

file-name ] } [ schedule-list list-number ]

Upload system startup

configuration files through FTP

or TFTP.

4 Raisecom#write Write the configured files into

memory.



1 Raisecom#show multi-system Show the system boot software information of the iTN165-

CES.

2 Raisecom#show startup-config Show configuration information loaded when the iTN165-

CES is being booted.

3 Raisecom#show running-config Show the current configurations of the iTN165-CES.

11.3 Load and upgrade

11.3.1 Configuring TFTP auto-loading mode

Before configuring the TFTP auto-loading mode, you need to build a TFTP environment and

have the iTN165-CES interconnect with the TFTP server.

When performing auto-loading, the IP address configured through CLI has a

higher priority than the one obtained through DHCP Client. When performing auto-loading, the priorities of configuration file names obtained

from server are arranged in a descending order as below: the file name confirmed by the naming rule > file name configured through CLI > file name obtained through DHCP Client.



2 Raisecom(config)#service config

tftp-server ip-address Configure the IP address of the TFTP server.


filename rule [ rule-number ] Set the naming rule for file name. By default, there is

no denomination rule, system uses default file name as

startup_config.conf.


filename filename Specify the configuration file name to be uploaded.

Raisecom





overwrite enable Enable local configuration file overwriting. Use the

service config overwrite disable command to disable

local configuration file overwriting.


trap enable (Optional) enable the Trap module used for update

configuration files automatically.


version { bootstrap | startup-

config | system-boot } version

(Optional) configure the version ID of the system

Bootrom file, system startup configuration file, and

system startup file.

8 Raisecom(config)#service config Enable auto-loading.

11.3.2 Upgrading system software through BootROM

In the below cases, you need to upgrade system software through BootROM:

The iTN165-CES is booted for the first time.

The system files are damaged.

The card cannot be booted properly.

Before upgrading the system software through BootROM, you should build a TFTP

environment, taking a PC as the TFTP server and the iTN165-CES as the client. Basic

requirements are as below.

The iTN165-CES is connected to the TFTP server through SNMP interface.

Configure the TFTP server and ensure the TFTP server is available.

Configure the IP address of TFTP server and make the IP address in the same network

segment with IP addresses configured by the T command.

Step Operation

1 Log in to the iTN165-CES through serial port as the administrator and enter privileged EXEC mode

and then use the reboot command to reboot the iTN165-CES.

Raisecom#reboot

Please input 'yes' to confirm:yes

Rebooting ...

booting...

Raisecom Boot Loader Bootrom version 1.1.0

Raisecom Technology CO..LTD. .Compiled Mar 18 2013 17:33:50

Base ethernet Mac address: 00:0e:5e:02:03:04

Press Space to Enter Bootrom menu......

2

Raisecom



Step Operation

2 Press Space to enter the raisecom interface when "Press space into Bootstrap menu..." appears on the

screen, then input "?" to display the command list:

[Raisecom]:?

? print this list

h print this list

b boot system

i modify network manage port ip address

m update microcode

r reboot system

S select system to boot

u update system

ub update bootrom

The input letters are case sensitive.

3 Input "u" to download the system boot file through FTP and replace the original one, the display

information is shown as below:

[Raisecom]: u

Index Name Size

----------------------------------------------------------

1* system_1.1.1.20130411 10420581

2 system_1.1.1.20130411 10420581

Current selected version is 1

Please select a version to overwrite: 2

choose mode for updating core file.

-----------------------------------

- 1. | serial -

-----------------------------------

- 2. | network -

-----------------------------------

please input mode choose...

2

config network infor ...

host ip address:192.168.4.100

usr: wrs

passwd: wrs

filename: iTN165-4GE4E1enms-b.z

starting connect host,please waiting...

Do you want to update image file?<Y/N>y

start update core , please wait some minutes...

success.

Ensure the input file name here is correct. In addition, the file name should not be longer than 80 characters.

Raisecom



Step Operation

4 Enter "S" and correctly select the system boot file to be loaded when the iTN165-CES is booted next

time. The "*" character indicates the default system startup file loaded currently.

[Raisecom]: S

Index Name Size

----------------------------------------------------------

1* system_1.1.1.20130411 10420581

2 system_1.1.1.20130411 10420581

Current selected version is 1

Please select a version to start: 2

saving... done

5 Enter "b" to execute the bootstrap file quickly. The iTN165-CES will be rebooted and upload the

downloaded system boot file.

11.3.3 Upgrading system software through FTP/TFTP

Before upgrading the system software through FTP/TFTP, you should build a FTP/TFTP

environment, taking a PC as the TFTP server and the iTN165-CES as the client. Basic

requirements are as below.

The iTN165-CES is connected to the TFTP server through the client/line interface.

Configure the FTP/TFTP server and ensure the FTP/TFTP server is available.

Configure the IP address of TFTP server.


1 Raisecom#multi-system overwrite

version version Specify the ID of the system boot software downloaded by

the device. By default, the downloaded system boot

software ID is set to 1.

2 Raisecom#download system-boot

{ ftp [ ip-address username

password filename local-

filename ] | tftp [ ip-address

filename local-filename ] }

[ reservedevcfg ]

Download the system boot software via FTP or TFTP.

3 Raisecom#multi-system boot

version version Specify the ID of the system boot software uploaded by the

device. By default, the uploaded system boot software ID is

set to 1.

4 Raisecom#write Write the configured files into the memory.

5 Raisecom#reboot [ now ] Reboot the iTN165-CES and the device will automatically

upload the downloaded system boot software.

Raisecom





1 Raisecom#show multi-system Show the system boot software information

of the current device.

2 Raisecom#show service config Show automatically-configured loading

information.

3 Raisecom#show service config filename rule

[ rule-number ] Show the naming rule of the configuration

file.

4 Raisecom#show version Show the system version.

11.4 Configuring system log


Scenario

The iTN165-CES generates critical information, debugging information, or error information

of the system to system logs and outputs the system logs to log files or transmits them to the

host, Console interface, or monitor for viewing and locating faults.

Prerequisite

N/A

11.4.2 Configuring basic information about system log



2 Raisecom(config)#logging on (Optional) Enable system log.

By default, system log is enabled.

3 Raisecom(config)#logging time-

stamp { debug | log }

{ datetime | none | uptime }

(Optional) configure the timestamp of system log.

The optional parameter debug is used to assign debug-level

(7) system log timestamp. By default, this system log does

not have timestamp

The optional parameter log is used to assign levels 0–6

system log timestamp. By default, these system logs adopt

date-time as timestamp.

4 Raisecom(config)#logging rate-

limit rate (Optional) configure the transport rate of system log.

By default, no transport rate is configured.

Raisecom




5 Raisecom(config)#logging buginf

[ high | low | none | normal ] (Optional) send Level 7 (debugging) debugging log.

6 Raisecom(config)#logging

buffered size size (Optional) configure the log buffer size.

By default, the log buffer size is set to 4KB.

7 Raisecom(config)#logging alarm (Optional) enable system log alarm.


discriminator discriminator-

number { facility | mnemonics |

msg-body } { drops key |

includes key | none }

(Optional) configure the log discriminator.


facility { alert | audit | auth

| clock | cron | daemon | ftp |

kern | local0 | local1 | local2

| local3 | local4 | local5 |

local6 | local7 | lpr | mail |

news | ntp | security | syslog

| user | uucp }

(Optional) configure the facility field in the log to be sent to

the log host.

By default, the facility field value is set to local7.


sequence-number (Optional) enable the sequence number field of the log.

11.4.3 Configuring system log output destination



2 Raisecom(config)#logging console [ log-level

| alerts | critical | debugging |

discriminator | emergencies | errors |

informational | notifications | warnings]

(Optional) output system logs to the

Console interface.

3 Raisecom(config)#logging host ip-address

[ log-level | alerts | critical | debugging

| discriminator | emergencies | errors |

informational | notifications | warnings ]

(Optional) output system logs to the log

host.

4 Raisecom(config)#logging monitor[ log-level

| alerts | critical | debugging |

emergencies | errors | informational |

notifications | warnings]

(Optional) output system logs to the

monitor.

5 Raisecom(config)#logging file

[ discriminator discriminateor-number] (Optional) output system logs to the Flash

of the iTN165-CES.

6 Raisecom(config)#logging buffered [ log-

level | alerts | critical | debugging |

emergencies | errors | informational |

notifications | warnings ]

(Optional) output system logs to the log

buffer.

7 Raisecom(config)#logging history (Optional) output system logs to the log

history table.

Raisecom




8 Raisecom(config)#logging history size size Configure the log history table size.

By default, the log history table size is set

to 1.

9 Raisecom(config)#logging trap [ log-level |

alerts | critical | debugging | emergencies

| errors | informational | notifications |

warnings ]

(Optional) translate logs output to the log

history table to Traps.

By default, warning Logs output to the log

history table is translated to Traps.



1 Raisecom#show logging Show system log configurations.

2 Raisecom#show logging file Show contents of the system log file.

3 Raisecom#show logging buffer Show contents of the log buffer.

4 Raisecom#show logging discriminator Show information about the log discriminator.

5 Raisecom#show logging history Show contents of the log history table.

11.5 Configuring alarm management


Scenario

When the iTN165-CES fails, the alarm management module will collect the fault information

and output the alarm in a log. The alarm information includes the time when the alarm is

generated, the name and descriptions of the alarm. It helps you quickly locate the fault.

If Trap is configured on the iTN165-CES, when the operating environment of the device is

abnormal, the iTN165-CES supports saving to the hardware monitoring alarm table, sending

Trap to the NView NNM system, and outputting to the system log. It notifies users to process

the fault and prevent the fault from occurring.

With alarm management, you can directly perform following operations on the iTN165-CES:

alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm

storage mode, alarm clearing, and alarm viewing.

Prerequisite

After hardware monitoring is configured on the iTN165-CES,

Raisecom



When alarms are output in Syslog form, alarms are generated to the system log. When

needing to send alarms to the log host, you need to configure the IP address of the log

host on the iTN165-CES.

When needing to send alarms to the NView NNM system in a Trap form, you need to

configure the IP address of the NView NNM system on the iTN165-CES.

11.5.2 Configuring basic functions of alarm management



2 Raisecom(config)#alarm inhibit enable (Optional) enable alarm inhibition.


3 Raisecom(config)#alarm auto-report

{ module_name [ group_name ] | interface


[ module_name [ group_name ] ] } enable

(Optional) enable alarm auto-report.

By default, alarm auto-report is enabled.

4 Raisecom(config)#alarm

monitor{ module_name [ group_name ] |


[ module_name [ group_name ] ] } enable

(Optional) enable alarm monitoring.

By default, alarm monitoring is enabled.

5 Raisecom(config)#alarm inverse interface-

type interface-number { none | auto |

manual }

(Optional) configure the alarm inverse mode.

By default, the alarm inverse mode is set to

none (non-inverse).

6 Raisecom(config)#alarm active delay

second (Optional) configure the time for delaying an

alarm to be generated.

By default, alarm delay is set to 0s.

7 Raisecom(config)#alarm active storage-mode

{ loop | stop } (Optional) configure the alarm storage mode.

By default, the alarm storage mode is set to

stop.

8 Raisecom(config)#alarm clear index index (Optional) clear specified current alarms.

Raisecom(config)#alarm clear module_name

[ group_name ] (Optional) clear specified current alarms on

the specified alarm module.

Raisecom(config)#alarm clear interface-

type interface-number [ module_name

[ group_name ] ]

(Optional) clear specified current alarms of

the specified alarm source (interface).

9 Raisecom(config)#alarm syslog enable (Optional) enable alarm Syslog.

By default, alarm Syslog is enabled.

10 Raisecom(config)#exit

Raisecom#show alarm active [ module_name

| severity severity ]

(Optional) show current alarms.

Raisecom#show alarm cleared [ module_name

| severity severity ] (Optional) show historical alarms.

Raisecom



11.5.3 Configuring hardware monitoring alarm output



2 Raisecom(config)#hw_monitor syslog

enable (Optional) enable global hardware monitoring alarm

Syslog output.

By default, global hardware monitoring alarm

Syslog output is disabled.

3 Raisecom(config)#snmp-server trap

hw_monitor enable (Optional) enable global hardware monitoring alarm

Trap.

By default, global hardware monitoring alarm Trap

is enabled.

4 Raisecom(config)#hw_monitor power-

supply { notifies | syslog } (Optional) enable power supply dying-gasp alarm

output and configure the power supply dying-gasp

alarm output mode.

By default, power supply dying-gasp alarm Syslog

output and power supply dying-gasp alarm Trap

output are enabled.

5 Raisecom(config)#hw_monitor

temperature { high high-value | low

low-value | notifies | syslog }

(Optional) enable temperature alarm output and

configure the temperature alarm output

mode/temperature alarm threshold.

The high-temperature threshold (high-value) must be

greater than the low-temperature threshold (low-

value).

By default, temperature alarm Syslog output and

temperature alarm Trap output are enabled. The

high-temperature threshold is set to 75ºC and the

low-temperature threshold is set to -10ºC.

6 Raisecom(config)#hw_monitor voltage

{ notifies | syslog } (Optional) enable voltage alarm output and configure

the voltage alarm output mode/voltage alarm

threshold.

By default, voltage alarm Syslog output and voltage

alarm Trap output are enabled.

The iTN165-CES monitors 3.3 V master chip voltage only.

7 Raisecom(config)#hw_monitor port

{ link-down | link-fault }

{ notifies | syslog } interface-type

interface-list

(Optional) enable interface status alarm output and

configure the voltage alarm output mode.

By default, only interface link-down alarm Syslog

output and interface link-down alarm Trap output

are enabled.

Raisecom




8 Raisecom(config)#clear hw_monitor (Optional) clear alarms manually.

This command can be used to clear all alarms from the current alarm table. In addition an alarm, whose type is all-alarm, is generated in the historical alarm table. If global Trap is enabled, this all-alarm alarm will be output in a Trap form. If global Syslog is enabled, this all-alarm alarm will be output in a Syslog form.

Alarms cannot be generated into Syslog unless global hardware monitoring alarm

Syslog output is enabled and Syslog output of monitored alarm events is enabled. Trap cannot be sent unless global hardware monitoring alarm Trap output is

enabled and Trap output of monitored alarm events is enabled.

11.5.4 Configuring Layer 3 dying-gasp and link-fault alarms



2 Raisecom(config)#power-down

trap enable Enable Layer 3 dying-gasp alarm.

By default, Layer 3 dying-gasp alarm is enabled.


interface-type interface-

number

Enter physical layer interface configuration mode.

4 Raisecom(config-port)#snmp

trap link-fault enable Enable Layer 3 link-fault alarm on the uplink Line interface.

By default, Layer 3 link-fault alarm is enabled.



1 Raisecom#show alarm management

[ module_name ] Show current alarm parameters.

Alarm parameters displayed by this command include

alarm inhibition, alarm inverse mode, alarm delay,

alarm storage mode, alarm buffer size, and alarm log

size.

2 Raisecom#show alarm log Show alarm management module configurations.

3 Raisecom#show alarm management

statistics Show alarm management module statistics.

Raisecom




4 Raisecom#show hw_monitor Show global hardware monitoring alarm

configurations.

Hardware monitoring information displayed by this

command includes global alarm Syslog output, global

Trap, power supply dying-gasp alarms, temperature

alarms, and voltage alarms.

5 Raisecom#show hw_monitor interface-

type interface-list Show interface status alarms.

6 Raisecom#show hw_monitor currrent Show current hardware monitoring alarms.

7 Raisecom#show hw_monitor history Show historical hardware monitoring alarms.

8 Raisecom#show hw_monitor

environment [ power | temperature |

voltage ]

Show current power supply, temperature, and voltage

alarms and current environment information.

9 Raisecom#show power-down Show Layer 3 dying-gasp alarm status.

10 Raisecom#show alarm active Show the current alarm table.

11 Raisecom#show alarm cleared

[ module_name | severity severity ] Show cleared alarms.

11.6 Configuring CPU protection


Scenario

Because the network environment of the iTN165-CES is complex, the iTN165-CES may be

attacked by rogue packets. It consumes a great number of CPU resources to process these

packets. This will reduce device performance. What worse, it may cause system crash. To

prevent the iTN165-CES from attack, you can limit the number of received packets on an

interface to protect the CPU.

Prerequisite

N/A

11.6.2 Configuring CPU protection



Raisecom




2 Raisecom(config)#flood-protect { all |

arp | bpdu | icmp } interval interval-

second

Configure the sampling interval for packet.

By default, the sampling interval for ARP and

ICMP packets is set to 5s and the sampling

interval for BPDU packets is set to 1s.


arp | bpdu | icmp } high threshold-

value

Configure the high threshold for packets. In the

sampling interval, packets will be dropped when

the number of received packets exceeds the

threshold. By default, the drop threshold of ARP

and BPDU packets is set to 200 and the drop

threshold of ICMP packets is set to 300.


arp | bpdu | icmp } low threshold-value Configure the low threshold for packets. In the

sampling interval, packets will not be dropped

when the number of received packets is smaller

than the threshold.

By default, the low thresholds is set to 40.


arp | bpdu | icmp } enable interface-

type interface-list

Enable CPU protection of related packets on an

interface.

By default, CPU protection of related packets is

disabled on the interface.



1 Raisecom(config)#show flood-protect Show CPU protection configurations.

2 Raisecom#show flood-protect interface-type

interface-list Show CPU protection status on an

interface.

11.7 Configuring CPU monitoring


Scenario

CPU monitoring is used to monitor task status, CPU utilization rate, and stack usage in real

time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating a

hidden danger, helping the administrator locate the fault quickly.

Raisecom



Prerequisite

To output CPU monitoring alarms in a Trap form. You need to configure the IP address of

Trap target host on the iTN165-CES, that is, the IP address of the NView NNM system.

11.7.2 Viewing CPU monitoring information


1 Raisecom#show cpu-utilization [ dynamic

| history { 10min | 1min | 2hour |

5sec } ]

Show CPU utilization rate.

2 Raisecom#show process [ dead | sorted

{ normal-priority | process-name } |

taskname ]

Show task status.

3 Raisecom#show process cpu [ sorted

[ 10min | 1min | 5sec | invoked ] ] Show CPU utilization rate of all tasks.

11.7.3 Configuring CPU monitoring alarm



2 Raisecom(config)#snmp-server traps

enable cpu-threshold Enable CPU threshold Trap.

By default, CPU threshold Trap is disabled.

3 Raisecom(config)#cpu rising-threshold

rising-threshold-value [ falling-

threshold falling-threshold-value ]

[ interval interval-value ]

(Optional) configure the upper CPU threshold

and lower CPU threshold.

The upper CPU threshold must be greater than

the lower CPU threshold.

By default, the upper CPU threshold is set to

100% and the lower CPU threshold is set to 1%.

The sampling interval is set to 60s.

After CPU threshold Trap is enabled, in the

sampling interval, when the CPU utilization rate

is higher than the upper CPU threshold or is

smaller than the lower CPU threshold, a Trap is

sent automatically.

11.7.4 Checking configruations


1 Raisecom#show cpu-utilization

dynamic Show CPU utilization rate and related configurations.

Raisecom



11.8 Configuring RMON


Scenario

RMON helps monitor and count network traffics.

Compared with SNMP, RMON is a more high-efficient monitoring method. After you

specifying the alarm threshold, the iTN165-CES actively sends alarms when the threshold is

exceeded without gaining the variable information. This helps reduce the traffic of

management and managed devices and facilitates managing the network.

Prerequisite

The route between the iTN165-CES and the Nview NNM system is reachable.

11.8.2 Configuring RMON statistics



2 Raisecom(config)#rmon statistics


[ owner owner-name ]

Enable RMON statistics on an interface and configure

related parameters.

By default, RMON statistics is enabled on all interfaces.

11.8.3 Configuring RMON historical statistics



2 Raisecom(config)#rmon history


[ shortinterval period ]

[ longinterval period ] [ buckets

buckets-number ] [ owner string ]

Enable RMON historical statistics on an interface and

configure related parameters. By default, RMON

historical statistics is disabled on all interfaces.

11.8.4 Configuring RMON alarm group



2 Raisecom(config)#rmon alarm alarm-id mibvar

[ interval second ] { delta | absolute } rising-

threshold rising-num [ rising-event ] falling-

threshold falling-num [ falling-event ] [ owner

owner-name ]

Configure parameters related to the

RMON alarm group.

Raisecom



11.8.5 Configuring RMON event group



2 Raisecom(config)#rmon event event-id [ log ]

[ trap ] [ description string ] [ ownerowner-name ] Configure parameters related to

the RMON event group.



1 Raisecom#show rmon Show RMON configurations.

2 Raisecom#show rmon alarms Show RMON alarm group information.

3 Raisecom#show rmon events Show RMON event group information.

4 Raisecom#show rmon statisttics Show RMON statistics group information.

5 Raisecom#show rmon history interface-type

interface-list Show RMON history group information.

11.9 Configuring optical module DDM


Scenario

Optical module DDM provides a method for monitoring SFP performance parameters. By

analyzing monitored data provided by the optical module, the administrator can predict the

SFP module lifetime, isolate system faults, as well as verify the compatibility of the optical

module.

Prerequisite

N/A

11.9.2 Enabling optical module DDM



2 Raisecom(config)#transceiver ddm

enable Enable optical module DDM.

By default, optical module DDM is disabled.

Raisecom




3 Raisecom#interface interface-type

interface-number Enter physical layer interface configuration mode.

4 Raisecom(config-port)#transceiver

check-password enable Enable optical module password-check on an interface.

By default, optical module password-check is enabled.

11.9.3 Enabling optical module parameter anomaly Trap



2 Raisecom(config)#snmp-server

trap transceiver enable Enable optical module parameter anomaly Trap.

By default, optical module parameter anomaly Trap is

disabled.


interface-type interface-

number

Enter physical layer interface configuration mode.

4 Raisecom(config-

port)#transceiver trap enable Enable optical module DDM Trap on an interface.

By default, optical module DDM Trap is enabled.



1 Raisecom#show transceiver [interface-type

interface-number history { 15m | 24h } ] Show historical information about optical

module DDM.

2 Raisecom#show transceiver ddm interface-

type interface-list [ detail ] Show optical module DDM information.

3 Raisecom#show transceiver information

interface-type interface-list Show the optical module information.

4 Raisecom#show transceiver threshold-

violations interface-type interface-list Show the voltage threshold.

11.10 Configuring Loopback


Scenario

The network maintenance engineers can detect and analyze interface and network faults

through interface loopback.

Raisecom



Ingress packets and egress packets are defined as below:

Ingress packets: test packets received by an interface

Egress packets: test packets return to the peer device through an interface

Prerequisite

When the current interface is in Forwarding status, packets entering the interface can be

properly forwarded or transmitted to the CPU.

11.10.2 Configuring parameters of interface loopback rules





mode.

3 Raisecom(config-port)#loopback { dmac |

smac } mac-address Configure the parameter for enabling the

loopback rule based on the destination/source

MAC address. The parameter is set to the

destination/source MAC address.

4 Raisecom(config-port)#loopback { cvlan

| svlan } vlan-id Configure the parameter for enabling the

loopback rule based on the CVLAN ID/SVLAN

ID. The parameter is set to the CVLAN

ID/SVLAN ID.

5 Raisecom(config-port)#loopback { dip |

sip } ip-address Configure the parameter for enabling the

loopback rule based on the DIP/SIP. The

parameter is set to the DIP/SIP.

The first 3 bytes of the destination MAC address cannot be set to 0x0180C2. The source MAC address cannot be a multicast/broadcast MAC address.

11.10.3 Configuring source/destination MAC address translation



2 Raisecom(config)#loopback localmac mac-

address (Optional) configure the local MAC address.

By default, the local MAC address is the one of

the current device.

3 Raisecom(config)#loopback unicast-smac

{ localmac | swap } (Optional) configure the source MAC address

translation rule of unicast loopback packets.

By default, the source MAC address of the

unicast loopback packets is changed to the local

MAC address.

Raisecom




4 Raisecom(config)#loopback dmac-swap

enable Enable destination MAC address translation of

multicast and broadcast packet.

Unicast source MAC address translation: for unicast packets, which enter the

interface and meet loopback rules and parameters, you can perform source MAC address translation. Their source MAC address is changed to the local MAC address of the current device or other destination MAC addresses.

Multicast/Broadcast destination MAC address translation: for multicast and broadcast packets, which enter the interface and meet loopback rules and parameters, you can perform destination MAC address translation as required. You can configure changing their destination MAC address to the local MAC address of the current device.

11.10.4 Configuring destination IP address translation



2 Raisecom(config)#loopback localip ip-

address (Optional) configure the local IP address.

By default, the local IP address is set to

127.0.0.1.

The source IP address of all loopback egress packets is changed to the local IP address.

3 Raisecom(config)#loopback dip-swap

enable Enable destination IP address translation of

multicast IP packets. By default, destination IP

address translation is enabled.

Multicast destination IP address translation: for multicast IP packets, which enter

the interface and meet loopback rules, you can perform destination IP address translation as required. After multicast destination IP address translation is enabled, the destination IP address is changed to the source IP address of the ingress packets. The source IP address of loopback egress packets is changed to the source IP address (local IP address) of the current device.

Broadcast destination IP address translation: the destination IP address of loopback egress packets is always changed to the source IP address of ingress packets.

Raisecom



11.10.5 Enabling loopback by selecting loopback rule

Loopback may influence normal services. Be careful to perform it. After loopback detection, disable loopback immediately. Otherwise, normal

services fail.





mode.

3 Raisecom(config-port)#loopback mode

{ cvlan | dip | dmac | dvlan | sip |

sip-dip | smac | svlan } [ timeout

time-out-second ]

Configure the rule for enabling interface

loopback.

By default, loopback is performed on all packets.

The timeout is set to 0, which indicates that the

interface is always in loopback status.

4 Raisecom(config-port)#loopback

[ timeout timeout-minute ] Enable interface loopback.

By default, interface loopback is disabled.



1 Raisecom#show interface interface-type

interface-list loopback Show interface loopback configurations.

11.11 Configuring extended OAM


Scenario

Extended OAM is mainly used to establish connection between local and remote devices to

manage remote devices.

Prerequisite

N/A

Raisecom



11.11.2 Establishing OAM links



2 Raisecom(config)#oam { active |

passive } Configure the OAM working mode. By default, the

OAM working mode is set to passive.



4 Raisecom(config-port)#oam enable Enable OAM on an interface.



1 Raisecom#show extended-oam status [ interface-

type interface-list ] Show extended OAM link status.

2 Raisecom#show extended-oam statistics interface-

type interface-number Show extended OAM frame statistics.

11.12 Configuring LLDP


Scenario

When you obtain connection information between devices through the NView NNM system

for topology discovery, you need to enable LLDP on the iTN165-CES. Therefore, the

iTN165-CES can notify its information to the neighbours mutually, and store neighbour

information to facilitate the NView NNM system querying information.

Prerequisite

N/A

11.12.2 Enabling global LLDP

After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP cannot be enabled unless the restart timer times out.



Raisecom




2 Raisecom(config)#lldp enable Enable global LLDP. By default, global LLDP is disabled.

11.12.3 Enabling interface LLDP





3 Raisecom(config-port)#lldp enable Enable interface LLDP.

By default, interface LLDP is enabled.

You can use the lldp disable command to disable

interface LLDP.

4 Raisecom(config-port)#lldp dest-

address mac-address Specify the destination MAC address of packets sent

by the interface.

11.12.4 Configuring basic functions of LLDP

We recommend configuring the LLDP delivery period in advance. The delivery

period and delivery delay are interact on each other. The delivery delay must be smaller than or equal to 0.25 delivery period. Otherwise, configuration fails.

The LLDP delivery delay should be smaller than the aging time. The aging time = aging coefficient × delivery period.



2 Raisecom(config)#lldp message-

transmission interval period (Optional) configure the period timer of the LLDP packet.

By default, the period timer of the LLDP packet is set to 30s.


transmission delay period (Optional) configure the delay timer of the LLDP packet.

By default, the delay timer of the LLDP packet is set to 2s.


transmission hold-multiplier

coefficient

(Optional) configure the aging coefficient of the LLDP

packet.

By default, the aging coefficient of the LLDP packet is set to

4.

5 Raisecom(config)#lldp restart-

delay period (Optional) configure the restart timer. After global LLDP is

disabled, it cannot be enabled unless the restart timer times

out.

By default, the restart timer is set to 2s.

Raisecom



11.12.5 Configuring LLDP alarm

When the network changes, you need to enable LLDP Trap to send topology update Trap to

the NView NNM system immediately.



2 Raisecom(config)#snmp-server lldp-

trap enable Enable LLDP Trap.

3 Raisecom(config)#lldp trap-interval

second (Optional) configure the LLDP Trap period timer .

By default, the LLDP Trap period timer is set to 5s.

After enabled with LLDP Trap, the iTN165-CES will send Traps after detecting aged neighbours, newly-added neighbours, and changed neighbour information.



1 Raisecom#show lldp local config Show LLDP local configurations.

2 Raisecom#show lldp local system-data

[ interface-type interface-number ] Show LLDP local system information.

3 Raisecom#show lldp remote [ interface-type

interface-number ] [ detail ] Show LLDP neighbor information.

4 Raisecom#show lldp statistic [interface-type

interface-number ] Show LLDP packet statistics.

11.13 Configuring fault detection

11.13.1 Viewing device status

When the iTN165-CES fails, you can locate the fault by viewing the device status. The

iTN165-CES supports viewing the current power supply, temperature, and voltage

information.


1 Raisecom#show environment [ power

| temperature | voltage ] Show current power supply, temperature, and voltage

alarms and current environment information.

Raisecom



11.13.2 Configuring task scheduling

When you need to use some commands to perform periodical maintenance on the iTN165-

CES, you can configure task scheduling. The iTN165-CES supports achieving task scheduling

through the schedule list and CLI. You can use commands to perform periodical operation just

by specifying the begin time, period, and end time of a specified task in the schedule list and

bind the schedule list to the CLI.



2 Raisecom(config)#schedule-list list-number start

{ date-time month-day-year hour:minute:second

[ every { day | week | period

hour:minute:second } ] stop month-day-year

hour:minute:second | up-time period

hour:minute:second [ every period

hour:minute:second ] [ stop

periodhour:minute:second ] }

Create and configure the schedule

list.

3 Raisecom(config)#command-string schedule-list

list-number Bind the CLIs, which need to be

performed periodically and support

the schedule list, to the schedule list.

4 Raisecom#show schedule-list Show schedule list configurations.

11.13.3 PING and Traceroute

PING


1 Raisecom#ping ip-address [ count count ]

[ size size ] [ waittime period ] (Optional) use the ping command to test

IPv4 network connectivity.

The iTN165-CES cannot perform other operations in the process of Ping. It can perform other operations only when Ping is finished or Ping is broken off by pressing Ctrl + C.

Traceroute

Before using Traceroute, you should configure the IP address and default gateway of the

iTN165-CES.



Raisecom




2 Raisecom(config)#interface ip if-number Enter layer 3 interface configuration mode.

3 Raisecom(config-ip)#ip address ip-address

[ ip-mask ] vlan-id Configure the IP address of the interface.

4 Raisecom(config-ip)#exit Exit from Layer 3 interface configuration

mode and enter global configuration mode.

5 Raisecom(config)#ip default-gateway ip-

address Configure the default gateway.

6 Raisecom(config)#exit Exit from global configuration mode and

enter privileged EXEC configuration

mode.

7 Raisecom#traceroute ip-address [ firstttl

first-ttl ] [ maxttl max-ttl ] [ port port-

number ] [ waittime period ] [ count times ]

(Optional) use the traceroute command to

test the IPv4 network connectivity and

view nodes passed by the packet.

11.14 Maintenance

Command Description

Raisecom(config)#clear lldp statistic { interface-type interface-number | port-channel port-channel-number}

Clear LLDP statistics.

Raisecom(config)#clear lldp remote-table [ interface-type interface-number ]

Clear LLDP neighbour information.

Raisecom(config)#clear rmon Clear all RMON configurations.


11.15.1 Examples for configuring RMON alarm group


As shown in Figure 11-7, the iTN165-CES is the Agent, which is connected to the terminal

through the Console interface and is connected to the NView NNM system through the

Internet. Enable RMON statistics on the iTN165-CES to execute performance statistics on

client 1. During a period, when the number of packets received by the interface exceeds the

configured threshold, the iTN165-CES records a log and sends a Trap to the NView NNM

system.

Raisecom



Figure 11-7 Configuring RMON alarm group

Configuration steps

Step 1 Create event group 1. Event group 1 is used to record and send the log which contains the

string High-ifOutErrors. The owner of the log is set to system.

Raisecom#config

Raisecom(config)#rmon event 1 log description High-ifOutErrors owner

system

Step 2 Create alarm group 10. Alarm group 10 is used to monitor the MIB variable

(1.3.6.1.2.1.2.2.1.20.1) every 20 seconds. If the value of the variable is added by 15 or greater,

a Trap is triggered. The owner of the Trap is also set to system.

Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta

rising-threshold 15 1 falling-threshold 0 owner system


Raisecom#write

Checking results

Use the show rmon alarms command to show RMON alarm group information.

Raisecom#show rmon alarms

Alarm 10 is active, owned by system

Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds

Taking delta samples, last value was 0

Rising threshold is 15, assigned to event 1

Falling threshold is 0, assigned to event 0

On startup enable rising and falling alarm

Raisecom



Use the show rmon events command to show RMON event group information.

Raisecom#show rmon events

Event 1 is active, owned by system

Event generated at 0:0:0

Send TRAP when event is fired.

When an alarm event is triggered, you can view related records at the alarm management

dialog box of the NView NNM system.

11.15.2 Examples for configuring LLDP basic functions


As shown in Figure 11-8, iTN A and iTN B are connected to the NView NNM system. Enable

LLDP on links between iTN A and iTN B. And then you can query the Layer 2 link changes

through the NView NNM system. If the neighbour is aged, added, or changed, iTN A and iTN

B send LLDP alarm to the NView NNM system.

Figure 11-8 Configuring LLDP basic functions

Configuration steps

Step 1 Enable global LLDP and enable LLDP alarm.

Configure iTN A.


iTNA#config

iTNA(config)#lldp enable

iTNA(config)#snmp-server lldp-trap enable

Raisecom



Configure iTN B.


iTNB#config

iTNB(config)#lldp enable

iTNB(config)#snmp-server lldp-trap enable

Step 2 Configure management IP addresses.

Configure iTN A.

iTNA(config)#create vlan 1024 active




iTNA(config)#interface ip 1

iTNA(config-ip)#ip address 10.10.10.1 1024

Configure iTN B.

iTNB(config)#create vlan 1024 active



iTNB(config)#interface ip 1

iTNB(config-ip)#ip address 10.10.10.2 1024

Step 3 Configure LLDP properties.

Configure iTN A.

iTNA(config)#lldp message-transmission interval 60

iTNA(config)#lldp message-transmission delay 9

iTNA(config)#lldp trap-interval 10

Configure iTN B.

iTNA(config)#lldp message-transmission interval 60

iTNA(config)#lldp message-transmission delay 9

iTNA(config)#lldp trap-interval 10



Raisecom



iTNA#write


iTNB#write

Checking results

Use the show lldp local config command to show local configurations.

iTNA#show lldp local config

System configuration:

-------------------------------------------------------------------------

LLDP enable status: enable (default is disabled)

LLDP enable ports: 1-6

LldpMsgTxInterval: 60 (default is 30s)

LldpMsgTxHoldMultiplier: 4 (default is 4)

LldpReinitDelay: 2 (default is 2s)

LldpTxDelay: 2 (default is 2s)

LldpNotificationInterval: 5 (default is 5s)

LldpNotificationEnable: enable (default is 0180.c200.000e)

-------------------------------------------------------------

line1 : destination-mac:0180.C200.000E


client1 : destination-mac:0180.C200.000E






iTNB#show lldp local config

System configuration:

-------------------------------------------------------------------------

LLDP enable status: enable (default is disabled)

LLDP enable ports: 1

LldpMsgTxInterval: 60 (default is 30s)

LldpMsgTxHoldMultiplier: 4 (default is 4)

LldpReinitDelay: 2 (default is 2s)

LldpTxDelay: 9 (default is 2s)

LldpNotificationInterval: 10 (default is 5s)

LldpNotificationEnable: enable (default is 0180.C200.000E)

-------------------------------------------------------------







Raisecom



Use the show lldp remote command to show neighbour information.

iTNA#show lldp remote

Port ChassisId PortId SysName MgtAddress ExpiredTime

-------------------------------------------------------------------------

client 1000E.5E02.B010 client1 iTNB 10.10.10.2 106

iTNB#show lldp remote

Port ChassisId PortId SysName MgtAddress ExpiredTime

-------------------------------------------------------------------------

client 1000E.5E12.F120 client1 iTNA 10.10.10.1 106

…

11.15.3 Examples for outputting system logs to log host


As shown in Figure 11-9, configure system log to output system logs of the iTN165-CES to

the log host, facilitating view them at any time.

Figure 11-9 Outputting system logs to log host

Configuration steps

Step 1 Configure the IP address of the iTN165-CES.

Raisecom#config



Raisecom(config-ip)#exit

Step 2 Output system logs to the log host.

Raisecom(config)#logging on

Raisecom(config)#logging time-stamp log datetime

Raisecom(config)#logging rate-limit 2

Raisecom(config)#logging host 20.0.0.168 warnings


Raisecom



Raisecom#write

Checking results

Use the show logging command to show system log configurations.

Raisecom#show logging

Syslog logging: enable

Dropped Log messages: 0

Dropped debug messages: 0

Rate-limited: 2 messages per second

Logging config: disable

Logging config level: informational(6)

Squence number display: disable

Log time stamp: datetime

Debug time stamp: none

Log buffer size: 4kB

Debug level: low

Syslog history logging: disable

Syslog history table size:1

Dest Status Level LoggedMsgs DroppedMsgs Discriminator

-------------------------------------------------------------------------

buffer disable informational(6) 0 0 0

console enable informational(6) 2 0 0

trap disable warnings(4) 0 0 0

file disable warnings(4) 0 0 0

monitor disable informational(6) 0 0 0

Log host information:

Max number of log server: 10

Current log server number: 1

View whether the log information is displayed on the terminal emulation Graphical User

Interface (GUI) of the PC.

07-01-2008 11:31:28 Local0.Debug 20.0.0.6 JAN 01 10:22:15 iTN165: CONFIG-7-

CONFIG:USER " raisecom " Run " logging on "


CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "


CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.1 1 "


CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 "


CONFIG:USER " raisecom " Run " logging on"

Raisecom



11.15.4 Examples for configuring hardware monitoring alarm output


As shown in Figure 11-10, configure hardware monitoring to monitor the temperature of the

iTN165-CES. When the temperature value exceeds the threshold, an alarm is generated and is

reported to the NView NNM system in a Trap form, notifying users to take related actions to

prevent the fault.

Figure 11-10 Configuring hardware monitoring alarm output

Configuration steps

Step 1 Configure the IP address of the iTN165-CES.

Raisecom#config



Raisecom(config-ip)#exit

Step 2 Enable Trap.

Raisecom(config)#snmp-server enable traps

Raisecom(config)#snmp-server host 20.0.0.1 version 2c public

Step 3 Enable global hardware monitoring alarm Trap.

Raisecom(config)#snmp-server trap hw_monitor enable

Step 4 Configure temperature monitoring.

Raisecom(config)#hw_monitor temperature notifies

Raisecom(config)#hw_monitor temperature high 50

Raisecom(config)#hw_monitor temperature low 20

Raisecom




Raisecom#write

Checking results

Use the show snmp config command to show Trap configurations.

Raisecom#show snmp config

Contact information: [email protected]

Device location : World China Raisecom

SNMP trap status: enable

SNMP engine ID: 800022B603000E5E156789

Use the show snmp host command to show Trap target host configurations.

Raisecom(config)#show snmp host

Index: 0

IP family: IPv4

IP address: 20.0.0.1

Port: 162

User Name: public

SNMP Version: v2c

Security Level: noauthnopriv

TagList: bridge config interface rmon snmp ospf

Use the show hw_monitor command to show hardware monitoring alarm configurations.

Raisecom#show hw_monitor

Traps alarm: Enabled

Syslog alarm: Disabled

Power Supply

Notifies: Enabled

Syslog: Enabled

Temperature

High threshold(Celsius): 50

Low threshold(Celsius): 20

Notifies: Enabled

Syslog: Enabled

Voltage

High threshold: 3460mV

Low threshold: 3150mV

Notifies: Enabled

Syslog: Enabled

Raisecom

iTN165-CES (A) Configuration Guide 12 Appendix


12 Appendix

This chapter describe terms and abbreviations involved in this guide, including the following

sections:

Terms

Abbreviations

12.1 Terms

C

Connectivity

Fault

Management

(CFM)

A standard defined by IEEE. It defines protocols and practices for OAM

(Operations, Administration, and Maintenance) for paths through 802.1

bridges and local area networks (LANs). Used to diagnose fault for EVC

(Ethernet Virtual Connection). Cost-effective by fault management

function and improve Ethernet maintenance.

Control Word The control word is a 4-byte TDM service data encapsulation packet

header, used for circuit emulation services. The control word is mainly

used to indicate a packet sequence number, link faults, shorter

encapsulation packet, and encapsulation packet type.

E

Encapsulation A technology used by the layered protocol. When the lower protocol

receives packets from the upper layer, it will map packets to the data of

the lower protocol. The outer layer of the data is encapsulated with the

lower layer overhead to form a lower protocol packet structure. For

example, an IP packet from the IP protocol is mapped to the data of

802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame

header to form a VLAN frame structure.

Ethernet

Linear

Protection

Switching

(ELPS)

A protocol based on ITU-T G.8031 APS (Automatic Protection

Switching) to protect an Ethernet connection. It is a kind of end-to-end

protection technology. Including two linear protection modes: linear 1:1

protection switching and linear 1+1 protection switching.

Raisecom



Ethernet Ring

Protection

Switching

(ERPS)

An APS (Automatic Protection Switching) protocol based on ITU-T

G.8032 Recommendation to provide backup link protection and recovery

switching for Ethernet traffic in a ring topology and at the same time

ensuring that there are no loops formed at the Ethernet layer.

F

Failover Provide a port association solution, extending link backup range.

Transport fault of upper layer device quickly to downstream device by

monitoring upstream link and synchronize downstream link, then trigger

switching between master and standby device and avoid traffic loss.

J

Jitter Buffer When packets are transmitted in the PSN, delay will be generated, which

influence the performance of emulation services. The Jitter Buffer can be

used to reduce the influence caused by delay. Jitter Buffer is used to

contain earlier or later-received packets. Requirements are introduced to

the distribution of Jitter Buffer capacity. If the capacity is too larger, the

buffer overflow can be prevented. However, longer delay will be

generated. If the capacity is too small, it will cause buffer overflow.

Therefore, you should set an appropriate value for the Jitter Buffer

capacity.

L

Link

Aggregation

A computer networking term which describes using multiple network

cables/ports in parallel to increase the link speed beyond the limits of any

one single cable or port, and to increase the redundancy for higher

availability.

M

Mobile

Backhaul

Solve communication problem from BTS to BSC for 2G, NodeB to RNC

for 3G.

Mobile backhaul for 2G focuses on voice service, not request high

bandwidth, implemented by TDM microwave or SDH/PDH device.

In 3G times, lots of data service as HSPA, HSPA+, etc concerning to IP

service, voice is changing to IP as well, namely IP RAN, to solve

problem of IP RAN mobile backhaul is solving whole network backhaul,

satisfying both data backhaul and voice transportation over IP (clock

synchronization).

Q

http://en.wikipedia.org/wiki/Computer_networking

http://en.wikipedia.org/wiki/Redundancy_(engineering)

Raisecom



QinQ QinQ is (also called Stacked VLAN or Double VLAN) extended from

802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a

simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag

for client private packets at carrier access end; the packets take double

VLAN Tag passing through trunk network (public network). In public

network, packets only transmit according to outer VLAN Tag, the private

VLAN Tag are transmitted as data in packets.

S

SyncE A technology adopts Ethernet link codes recover clock, similar to SDH

clock synchronization quality, SyncE provides frequency synchronization

of high precision. Unlike traditional Ethernet just synchronize data

packets at receiving node, SyncE implements real-time synchronization

system for inner clock.

12.2 Abbreviations

A

AC Attachment Circuit

ACL Access Control List

APS Automatic Protection Switching

ASIC Application Specific Integrated Circuit

ATM Asynchronous Transfer Mode

B

BC Boundary Clock

C

CAS Channel Associated Signaling

CCS Common Channel Signaling

CDMA2000 Code Division Multiple Access 2000

CE Customer Edge

CES Circuit Emulation Service

CESoPSN Circuit Emulation Services over Packet Switch Network

CFM Connectivity Fault Management

CoS Class of Service

Raisecom



CR-LDP Constraint-Routing Label Distribution Protocol

D

DoS Deny of Service

DRR Deficit Round Robin

DSCP Differentiated Services Code Point

DUT Device Under Test

E

EFM Ethernet in the First Mile

ELPS Ethernet Linear Protection Switching

ERPS Ethernet Ring Protection Switching

EVC Ethernet Virtual Connection

F

FEC Forwarding Equivalence Class

FIB Forwarding Information Base

FTP File Transfer Protocol

FR Frame Relay

G

GACH Generic Associated Channel

GARP Generic Attribute Registration Protocol

GPS Global Positioning System

GSM Global System for Mobile Communications

GVRP GARP VLAN Registration Protocol

I

IANA Internet Assigned Numbers Authority

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol

IGMP Snooping Internet Group Management Protocol Snooping

Raisecom



IP Internet Protocol

ITU-T International Telecommunications Union - Telecommunication

Standardization Sector

L

LACP Link Aggregation Control Protocol

LBM LoopBack Message

LBR LoopBack Reply

LDP Label Distribution Protocol

LER Label Edge Router

LLDP Link Layer Discovery Protocol

LLDPDU Link Layer Discovery Protocol Data Unit

LOS Loss of Signal

LTM LinkTrace Message

LSR Label Switching Router

LSA Link Status Advertisement

LTR LinkTrace Reply

M

MA Maintenance Association

MAC Medium Access Control

MAN Metro Area Network

MD Maintenance Domain

MEF Metro Ethernet Forum

MEG Maintenance Entity Group

MEP Maintenance associations End Point

MIB Management Information Base

MIP Maintenance association Intermediate Point

MP-BGP Multiprotocol Extensions for Border Gateway Protocol

MPLS Multiprotocol Label Switching

MSTI Multiple Spanning Tree Instance

MSTP Multiple Spanning Tree Protocol

MTU Maximum Transfered Unit

Raisecom



MVR Multicast VLAN Registration

N

NNM Network Node Management

O

OAM Operation, Administrationand Management

OC Ordinary Clock

OOS Out of Service

P

PC Personal Computer

PE Provider Edge

PPP Point to Point Protocol

PSN Packet Switched Network

PTP Precision Time Protocol

PW Pseudo Wire

PWE3 Pseudo Wire Emulation Edge-to-Edge

Q

QoS Quality ofService

R

RADIUS Remote Authentication Dial In User Service

RMON Remote Network Monitoring

RMEP Remote Maintenance association End Point

RNC Radio Network Controller

RSTP Rapid Spanning Tree Protocol

RSVP-TE Resource Reservation Protocol Traffic Engineering

RTP Real-time Transport Protocol

S

SAToP Structure-Agnostic TDM over Packet

SES Severely Errored Second

Raisecom



SFP Small Form-factor Pluggables

SLA Service Level Agreement

SNMP Simple Network Management Protocol

SNTP Simple Network Time Protocol

SP Strict-Priority

SSHv2 Secure Shell v2

STP Spanning Tree Protocol

T

TACACS+ Terminal Access Controller Access Control System

TC Transparent Clock

TCP Transmission Control Protocol

TD-SCDMA Time Division-Synchronous Code Division Multiple Access

TDM Time Division Multiplex

TDMoP Time Division Multiplex over Packet

TFTP Trivial File Transfer Protocol

TLV TypeLengthValue

ToS Type of Service

V

VLAN Virtual Local Area Network

VPN Virtual Private Network

W

WAN Wide Area Network

WCDMA Wideband Code Division Multiple Access

WRR Weight Round Robin

Address: Building 2, No. 28, Shangdi 6th Street, Haidian District, Beijing, P.R.China.

Postal code: 100085 Tel: +86-10-82883305

Fax: 8610-82883056 http://www.raisecom.com Email: [email protected]

Documents

iTN165-CES (a) Configuration Guide (Rel_01)