Preface - ZTEzte.by/magazine/Maintenance Experience, Issue 74(Data Products).pdf · Preface In this issue of ZTE's "Maintenance Experience", ... As success in commissioning and service

PrefaceIn this issue of ZTE's "Maintenance Experience", we continue to

pass on various field reports and resolutions that are gathered by ZTE

engineers and technicians around the world.

This issue presents the following content:

● Eight maintenance cases related to ZTE's Data Products● Two special Documents

Have you examined your service polices and procedures lately? Are

you confident that your people are using all the tools at their disposal? Are

they trained to analyze each issue in a logical manner that provides for

less downtime and maximum customer service? A close look at the cases

reveals how to isolate suspected faulty or mis-configured equipment, and

how to solve a problem step by step, etc. As success in commissioning

and service is usually a mix of both discovery and analysis, consider

using this type of approach as an example of successful troubleshooting

investigations.

While corporate leaders maintain and grow plans for expansion,

ZTE employees in all regions carry out with individual efforts towards

internationalization of the company. Momentum continues to build, in

all levels, from office interns to veteran engineers, who work together to

bring global focus into their daily work.

If you would like to subscribe to this magazine (electronic version) or

review additional articles and relevant technical materials concerning ZTE

products, please visit the technical support website of ZTE Corporation

(http://support.zte.com.cn).

If you have any ideas and suggestions or want to offer your

contributions, you can contact us at any time via the following email:

[email protected].

Thank you for making ZTE a part of your telecom experience!

Maintenance Experience Editorial CommitteeZTE CorporationOctober, 2007

Maintenance ExperienceEditorial Committee

Director: Zhou Susu

Deputy Director: Chen Jianzhou

Editor-in-Chief: Yang Cheng

Editors:Jiang Guobing, Zhang Shoukui,Tang Hongxuan,Wu Feng,Yuan Yufeng, Chen Huachun,Gu Yu,Li Gangyi,Song Jianbo,Tian Jinhua,Liu Xianmin,Zhu Wensheng,Ling Changwen,Zhu Xiaodong,Zhang Zhongdong,Wang Zhaozheng,Lei Kun,Wang Tiancheng,Chen Fuqi,Cai Hongming

Technical Senior Editors:Hu Jia,Tao Minjuan,Zhang Fan

Executive Editor:Bai Jianwen

Maintenance ExperienceNewsroom

Address: ZTE Plaza, Keji Road South, Hi-Tech

Industrial Park, Nanshan District,

Shenzhen, P.R.China

Postal code: 518057

Contact: Song Chunping

Email: [email protected]

Tel: +86-755-26770600,26771195

Fax: +86-755-26772236

Document support mail box: [email protected]

Technical support website: http://ensupport.zte. com.cn

Contents

OSPF Problem on ZXR10 T160G 2

Network Malfunction Caused by PPP Interconnection 4

Cluster Malfunction Processing 6

BGP Connection Interruption Processing 8

MPLS VPN Malfunction Processing 11

E1 Docking Processing 15

Configuring Route Filtration on T64E 18

Policy Routing Application 20

VRRP Configuration 23

BGP Route 33

October 2007 Issue 74

Maintenance Experience2

OSPF Problem on ZXR10 T160G⊙ Li Budong, ZTE Corporation

1 Malfunction SituationA ZXR10 T160G switch is connected

w i t h f o u r d e v i c e s a t a t i m e : a n

OminiSwtich8800 and an OminiSwtich7700

of Bell ALCATEL, a GSR12012 router of

Cisco and an EX1400 router of SIEMENS.

OSPF is configured on ZXR10 T160G and

these four devices, as shown in Figure 1.

Z X T 1 0 T 1 6 0 G e s t a b l i s h e s

OSPF adjacency relat ionships with

OminiSwtich8800 and OminiSwtich7700.

They learn routes from each other. ZXR10

T160G fails to establish OSPF adjacency

relationships with GSR12012 router of

Cisco and an EX1400 router. When using

show ip ospf neighbor command to view

information, it is found that Router ID

of these two devices can be viewed on

T160G, but OSPF neighbor establishment

state is not Full, as shown below.

ZXR10#show ip ospf neighbor

OSPF Router with ID (10.10.10.10)

Keyword: ZXR10 T160G, OSPF, MTU

(Process ID 200)

Neighbor 134.1.1.201

In the area 0.0.0.0

via interface gei_2/1 134.1.1.201

Neighbor is DROTHER

State 2way, priority 0, Cost 1

Queue count : Retransmit 0, DD 0, LS Req 0

Dead time : 00:00:38 Options : 0x42

In Full State for 00:00:00

2 Malfunction AnalysisTo analyze this malfunction, perform the

following steps.

(1) Check detail configuration on T160G, and

no problem is found.

(2) Use show interface [<port-name>] command

to view interface state on T160G that connects with

GSR12012. Output is shown below.

ZXR10#show interface gei_2/1

gei_2/1 is up, line protocol is up

Description is none

Duplex full

The port is electric

vlan mode is hybrid, pvid 1

MTU 1500 bytes

BW 1000000 Kbits

Syslog send disable

Last clearing of "show interface" counters never

120 seconds input rate 0 Bps, 0 pps

120 seconds output rate 0 Bps, 0 pps

Interface peak rate : input 58 Bps, output 64

Bps

Interface utilization: input 0%, output 0%

Input:Figure 1. Network Topology

www.zte.com.cn

3Data Products

Packets : 33 Bytes: 3378

Unicasts : 0 Multicasts: 0 Broadcasts: 10

Undersize: 0 Oversize : 0 CRC-

ERROR : 0

(3) Use show interface [<port-name>] command

to view interface state on GSR12012 that connects

with T160G. Output is shown below.

Router# show interfaces ethernet 0/0

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is 0003.e39b.9220

(bia 0003.e39b.9220)

Internet address is 134.1.1.201/8

MTU 1526 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

ARP type: ARPA, ARP Timeout 04:00:00

Last input 4d06h, output never, output hang never

Last clearing of "show interface" counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0

drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

19 packets input, 2330 bytes, 0 no buffer

Received 19 broadcasts, 0 runts, 0 giants, 0

throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0

ignored

0 input packets with dribble condition detected

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped

out

Results in step2 and step3 show that MTU on

interface of GSR12012 is 1526 bytes, while MTU

on interface of T160G is set to 1500 bytes. They do

not match.

W h e n e s t a b l i s h i n g a d j a c e n c y

relationship and exchanging DD message,

T160G checks MTU va lue. I f MTU

values of both sides are not the same,

OSPF adjacency relationship can not be

established.

3 SolutionMTU value on interface of T160G can

not be set to a bigger value. It is required

to change MTU value to 1500 bytes on

GSR12012. There are other services on

GSR12012, so MTU value on GSR12012

can not be changed.

To solve this problem, use ip ospf

mtu-ignore command on the interface of

T160G that connects with GSR12012. This

command is to ignore the check of MTU

value consistency.

Interface configuration is shown below.

ZXR10(config)#interface gei_2/1

ZXR10(config-if)#ip ospf mtu-ignore

The problem that OSPF adjacency

relat ionship can not be establ ished

normally between T160G and EX1400 is

also caused by MTU value. To solve this

problem, use ip ospf mtu-ignore command

on the interface of T160G that connects

with EX1400.

Use show ip ospf neighbor command

on T160G to view information about OSPF

adjacency relationship. Result shows that

OSPF adjacency establishment state is

Full, as shown below.

ZXR10#show ip ospf neighbor

OSPF Router with ID (10.10.10.10)

(Process ID 200)

Neighbor 134.1.1.201



Network Malfunction Caused by PPP Interconnection⊙ Wei Hui, ZTE Corporation

In the area 0.0.0.0

via interface gei_2/1 134.1.1.201

Neighbor is DROTHER

State FULL, priority 0, Cost 1

Queue count : Retransmit 0, DD 0, LS

Req 0

Dead time : 00:00:38 Options : 0x42

In Full State for 00:03:52

Now the malfunction is solved.

5 Experience SummaryWhen establishing OSPF adjacency

relationship, both sides exchange and

view DD messages. MTU value check is

to check whether the MTU value in DD message

of the peer is the same as that in DD message

on local interface. If MUT values are not the

same, OSPF adjacency relationship can not be

established.

In actual applications, different MTU values are

used in different services. When it is inconvenient

to change MTU value, use ip ospf mtu-ignore

command on the interface that runs OSPF. This is

to ignore the check of MTU value consistency. This

command is not by default. Use no ip ospf mtu-

ignore command to recover to default state, that is,

MTU value in DD message is checked. ■

Keyword: PPP, NAT, static route, routing

1 Malfunction SituationAs shown in Figure 1, ZXR10 GAR connects

with a Cisco router through a serial interface. PPP

is encapsulated at both sides. NAT is enabled

on ZXR10 GAR. The serial interface via which

GAR connects with Cisco router is used as an

outside interface, with IP address 219.17.20.26/28.

Internal network addresses of users are in

192.168.20.0/24 network segment. Internal IP

addresses are translated to public network address

219.17.20.27/28.

User's PC which connects with ZXR10 GAR

fails to get on-line and can not ping to IP address

of Cisco router 219.17.20.25/28 successfully.Figure 1. Network Topology

www.zte.com.cn

5Data Products

2 Malfunction AnalysisNetwork topology of this malfunction is very

simple, so the problem may be caused by the

following points:● User PC● ZXR10 GAR● Cisco Router● Physical link

Perform the following steps to find out the

cause.

(1) Change a PC and perform tests. The

malfunction does not disappear. PC configuration is

very simple, so the malfunction can not be caused

by PC.

(2) Perform tests, and the results show that

user PC can ping to outside interface on ZXR10

GAR successfully. ZXR10 GAR also can ping to

Cisco router successfully. This means that the

physical link has no problem.

(3) Use show run command to view ZXR10

GAR configuration and no problem is found. View

NAT translation table of GAR and it is found that

there are translation entries of user, as shown

below.

XR10#show ip nat translations

Pro Inside global Inside local TYPE

--- 219.17.20.27 192.168.20.1 S/-

--- 219.17.20.27:1024 192.168.20.3 D/e

--- 219.17.20.27:1025 192.168.20.4 D/e

……

Output above shows that NAT function on GAR

is normal.

GAR can ping to Cisco router successfully,

which means the PPP interconnection is normal.

(4) User can ping to outside interface on GAR

successfully but can not ping to Cisco router

successfully. So the problem may be caused by

Cisco router. View routing tables on Cisco router

and GAR; it is found that direct routes are normal.

Public network address is directly interconnected

network segment address, i t is not

required to configure back route on Cisco

router in theory. On the view of above

indication, data packets are discarded

after they reach Cisco router.

(5) ZXR10 GAR connects with Cisco

router through PPP, which may be the

cause.

PPP is one of the earliest routing

protocols. It only requires routers can

visit each other and it does not provide

any routing. PPP is used to connect two

networks that both have their own routing

protocols. PPP transfers basic structure

information of data groups between two

routers.

That is, PPP does not provide routing

function. When routes are not configured

on a router, this router can only ping to

the interconnection address successfully

and other addresses in the same network

segment are unreachable for this router.

3 SolutionAdd a back route on Cisco router, as

shown below.

ip route 219.17.20.27 255.255.255.248

219.17.20.26


Maintenance Experience�

Perform tests, and the results show

that use can get on-line successfully.

The malfunction is solved.

4 Experience SummaryIt is common to use NAT function

compounding static route, especially for

networks of middle and small enterprises. This

structure needs less device investment and the

configuration is simple. It is easy to maintain

devices and troubleshooting malfunctions.

It is not advised to use PPP on outside interface

of routers, as this has relationship with the peer

routers, usually ISP routers. ■

Cluster Malfunction Processing⊙ Wei Hui, ZTE Corporation

1 Malfunction SituationAs shown in Figure 1, cluster function

is enabled on ZXR10 3906, ZXR10 2826S

and ZXR10 2618. ZXR10 3906 is a

command switch, while others are member

switches.

Network administrator fails to log in

member switch ZXR10 2826S to manage it through

command switch ZXR10 3906. Delete user service

Vlan and then cluster management recovers.

2 Malfunction AnalysisTo analyze the malfunction, perform the

following steps.

(1) Use show ztp device-list command on

ZXR10 3906 to view ztp device list. Result is

shown below.

ZXR10 3906#show ztp device-list

Index DeviceID MacAddress Hop SwitchType

Platform

-------------------------------------------------------------

1 1 0 0 d 0 . d 0 c 2 . c 2 2 3 1

MEMBER_SWITCH ZXR10 2816

2 2 0 0 . d 0 . d 0 . f c . 7 6 . f 1 1

MEMBER_SWITCH ZXR10 2826S

3 0 0 0 d 0 . d 0 c 6 . 5 5 8 1 0

COMMAND_SWITCH ZXR10 3906

Keyword: cluster, command switch, member switch, address pool

Figure 1. Network Topology

www.zte.com.cn

7Data Products

Above result shows that ZXR10 2826S is a

member switch.

(2) Use show group member command on

ZXR10 3906 to view group members, as shown

below.

ZXR10 3906#show group members

Index MemberID MacAddress IpAddress

Mask Status

---------------------------------------------------------------

1 1 00d0.d0c6.5581 192.168.1.1

255.255.255.0 Up

2 2 00d0.d0c2.c223 192.168.1.2

255.255.255.0 Up

Above result shows that ZXR10 2826S is not in

cluster group, so network administrator fails to log

in and manage it by command switch ZXR10 3906.

(3) Use show run command on ZXR10 2826S

to check configuration, and no problem is found.

(4) Use group member mac <mac_addr>

command on command switch to add ZXR10

2826S to cluster group, as shown below.

ZXR10 3906 (config)#group member mac 00d0.

d0fc.76f1 member 3

//add ZXR10 2826S to the cluster and designate its

member is to 3

Perform tests. The results show that network

administrator fails to manage ZXR10 2826S.

(5) Cluster management can be recovered

by deleting user service Vlan. Recover service

Vlan configuration and input show arp command.

Result shows that MAC address that corresponds

to management address 192.168.1.6 of ZXR10

2826S is not MAC address of ZXR10 2826S. The

malfunction may be caused by confliction of user

address and management address.

3 SolutionA s s i g n a n a d d r e s s p o o l f o r c l u s t e r

management, as shown below.

group switch-type commander ip-pool

10.0.0.1 length 24

Address pool is in 10.0.0.0/24 network

segment which is different from user

address. Perform tests and the result is as

shown below.

ZXR10 3906#show group members

Index MemberID MacAddress

IpAddress Mask Status

----------------------------------------------------

-----------

1 1 00d0.d0c6.5581 10.0.0.1

255.255.255.0 Up

2 2 00d0.d0c2.c223 10.0.0.2

255.255.255.0 Up

3 3 00d0.d0fc.76f1 10.0.0.3

255.255.255.0 Up

Now ZXR10 2826S is in cluster group

and its state is Up. Cluster management is

normal and the problem is solved.

4 Experience SummaryThe following experience is concluded

from this example:● Plan addresses before configuring

cluster management. Assign cluster

address pool to avoid confl ict ion

with user addresses. By default,

management network segment for

cluster switches is 192.168.1.0/24,

so make sure there is no conflict with

other addresses when using this

default value.● Do no t con f igure a L3 address

manually when configuring cluster

management Vlan. I t is because

when command switch executes



BGP Connection Interruption Processing⊙ Chen Mingfeng, ZTE Corporation

group switch-type command, the

switch enables a L3 interface in this

Vlan automatically. If L3 address is

configured, system prompts “%Code

11727: Create L3 interface failed”.

When a L3 address is configured

manually on a member switch, L3

interface can not be created.● When the following situation appears

on a member switch:

(1) Input show ztp device-list command

and result shows that it is a member

switch.

( 2 ) I n p u t s h o w g r o u p m e m b e r

command and result shows that this switch

is not seen or its state is always Down.

(3) Check conf igurat ion and no

problem is found.

(4) Input no group member mac <mac_addr>

command to set the member switch to a candidate

switch. Result shows it fails.

To process this problem, perform the following

steps.

(1) Use set group independent command on

this member switch to set it to an independent

switch. Then use set group candidate command to

set it to a candidate switch. Do not set the member

switch as a candidate switch directly.

(2) Use no group member [<mem_id>|all]

command on command switch to delete the

member switch.

(3) Use group member {mac <mac_addr>

member <mem_id> | device <device_id> | all-

candidates} command to add the switch as a

member switch again. ■

1 Malfunction SituationConnection between ZXR10 T64E

and Cisco7301 router is established.

After several minutes, the connection is

interrupted.

2 Malfunction AnalysisTo find out the cause of connection

interruption, log on to ZXT10 T64E through

console interface. Use show logging alarm

command to view alarm information on the device.

Result is shown below.

……

22:14:22 11/20/2005 UTC alarm 17961 occurred

%BGP% 00:46:31: BGP: 83.222.168.225 NOTIFY

rcvd sent by UPC(RPU) 1


%BGP% 00:46:31: BGP: 83.222.168.225 reset due

to BGP Notification received sent by UPC(RPU) 1

Keyword: BGP, T64E, timeout

www.zte.com.cn

9Data Products


%BGP% 00:46:31: BGP: 83.222.168.225 went

from Established to Idle sent by UPC(RPU) 1

……

Use show ip bgp neighbor command to view

BGP neighbor state. Result is shown below.

router-sf-0#show ip bgp neighbor

BGP neighbor is 83.222.168.225, remote AS

12615, internal link

BGP version 4, remote router ID 87.246.0.1

BGP state = Established, up for 00:00:15

Last read update 00:00:12, hold t ime is 90

seconds, keepalive interval is 30 seconds

Neighbor capabilities:

Route refresh: advertised and received

Address family IPv4 Unicast: advertised and

received

All received 849 messages

827 updates, 0 errs

3 opens, 0 errs

17 keepalives

0 vpnv4 refreshs, 0 ipv4 refreshs, 0 errs

2 notifications, 0 other errs

After last established received 270 messages

269 updates, 0 errs, 0 opens, 0 errs

1 keepalives

0 vpnv4 refreshs, 0 ipv4 refreshs, 0 errs

0 notifications, 0 other errs

All sent 11719 messages

11709 updates, 3 opens, 7 keepalives

0 vpnv4 refreshs, 0 ipv4 refreshs, 0 notifications

After last established sent 890 messages

890 updates, 0 opens, 0 keepalives

0 vpnv4 refreshs, 0 ipv4 refreshs, 0 notifications

For address family: IPv4 Unicast

Route-Reflector Client

All received nlri 1580, unnlri 0, 1580 accepted

prefixes

All sent nlri 912, unnlri 0, 912 advertised prefixes

maximum limit 4294967295

Minimum time between advertisement

runs is 30 seconds

Minimum time between origin runs is 15

seconds

For address family: VPNv4 Unicast no

activate

All received nlri 0, unnlri 0, 0 accepted

prefixes

All sent nlri 0, unnlri 0, 0 advertised

prefixes

maximum limit 4294967295

Connections established 3

last error code is 4

Last reset 00:00:21, reset due to BGP

Notification received

Local host: 83.222.168.226, Local port:

1031

Foreign host: 83.222.168.225, Foreign

port: 179

Analyze result above. Information “hold

time is 90 seconds, keepalive interval is

30 seconds” shows that hold time of this

BGP session is 90 seconds and keepalive

interval is 30 seconds.

Accord ing to a la rm in fo rmat ion

“BGP: 83.222.168.225 reset due to BGP

Notification received sent by UPC(RPU) 1”

and “Last reset 00:00:21, reset due to BGP

Notification received”, BGP connection is



ENVIRON, ICMP, IGMP, IP, ISIS, OAM, OSPF,

PORT, RIP, RMON, ROS, SECURITY, SNMP, TCP-

UDP, TELNET, URPF and NAT

The four optional parameters are used to

display alarm information. For example, to display

alarm information with IP type and start-date

October 28, 2007, use the following command.

ZXR10#show logging alarm typeid ip start-time

10-28-2007

To clear contents in alarm log buffer, input clear

logging command in privileged mode.

The following is an example that explains how

to analyze alarm information on ZXR10 T64E.

Alarm information is shown below.


%BGP% Neighbor 83.222.168.249 fail send feas

pkt tcb block sent by UPC(RPU) 1


%BGP% Neighbor 83.222.168.249 fail send pkt tcb

block sent by UPC(RPU) 1







……

Each piece of alarm information starts from

the time when an event begins. Alarm information

above means that when BGP messages are failed

to be sent to TCP layer, and messages are blocked.

TCP un-smooth connection of both sides

causes TCP block. With debug ip tcp packet

command, information about TCP retransmission is

displayed. That peer does not response with ACK

message makes local retransmission timer out-

time or require the peer to retransmit.

Malfunction of this example is caused by ROS

checksum algorithm of V2.6.02, which can be

solved by upgrading the version. ■

interrupted because ZXR10 T64E receives

notification message. That is, it is because

the peer does not receive any keepalive

message within 90 seconds of holdtime

interval and sends notification message to

release the connection.

3 SolutionCheck the devices and it is found that

the ROS version causes the peer device

to receive disorderly TCP messages and

overflows it buffer. This makes TCB block

and the peer device does not receive

keepalive message sent by ZXR10 T64E.

At last, holdtime timer is time out and BGP

connection is released.

The old version is v2.6.02. Upgrade the

version of ZXR10 T64E. The malfunction

is solved.

4 Experience SummaryTo process malfunction, show logging

alarm command is used to view alarm

information on devices. This command

is useful for analyzing malfunctions and

finding out causes.

The complete format of show logging

alarm command is show logging alarm

{[typeid <type>] [start-date <date>] [end-

date <date>] [level <level>]}.

The parameters in this command are

described in Table 1

ARP, BGP, BOARD, DATABASE, DRP,

Parameter Description

typeid <type> Alarm type of alarm information to be displayed

start-date <date> Alarm information to be displayed is started from this date (this date included)

end-date <date> Alarm information to be displayed is ended by this date (this date included)

level <level>Level of alarm information to be displayed (1: emergencies, 2: alerts, 3: critical, 4: errors, 5: warnings, 6: notifications)

Table1. Parameter Descriptions

www.zte.com.cn

11Data Products

MPLS VPN Malfunction Processing⊙ Zhang Jintao, ZTE Corporation

1 Topology OverviewMPLS VPN network topology is shown in

Figure 1. Routing protocols are described as

follows.● OSPF: All devices run OSPF as IGP except

CE.● MPLS/VPN: Two 12416 routers work as P

devices and Router Reflectors (RR). T64E-1,

T64E-2 and HW5200G work as PE devices.

Default routes on CE are to 5200G and T64E-2.

These two routes are with different priorities

and they are back up of each other. VPN back

routes are configured on 5200G and T64E-2.● MP-BGP: All devices in Figure 1 are in AS

“FCNGN”, with AS number 64525. T64E-1 is

also in AS “CN2”, with AS number 4809.

2 Malfunction 1

2.1 Malfunction Situation

T64E-1 and T64E-2 can not ping VPN routes

to each other successfully. For example,

configure loopback address 10.10.10.3/32

on T64E-1 and 10.10.10.6/32 on T64E-2.

Add the two addresses to VPN “FCNGN”.

Keyword: MPLS VPN, OSPF, cost, LDP, LSR, LSP

Figure 1. MPLS VPN Network Topology



Two T64E routers can not ping to the peer

loopback address successfully.

2.2 Malfunction Analysis

Check configuration information on

each device and it is found that LDP

neighbor relationship is not established

on the two P devices when malfunction

appears. When LDP neighbor relationship

is not established on the two P devices,

T64E-1 and T64E-2 can ping VPN routes

to each other successfully. Change over

VPN routes that are distributed by CE

from 5200G to T64E-2, and NGN services

run normally.

To test and verify the malfunction

cause further, make LDP neighbors

be tween the two P dev ices down.

Malfunction appears again. This shows

that LDP neighbor relationship interruption

between the two P devices causes this

function.

Now perform the following test.

(1) Trace loopback address o f

T64E-1 on T64E-2, as shown below.

FC-T64E#trace 61.220.18.2

tracing the route to 61.220.18.2

1 61.220.18.81 0 ms 0 ms 0 ms

2 61.220.18.165 0 ms 0 ms 0 ms

3 61.220.18.70 0 ms 1 ms 0 ms

[finished]

Route is T64E-2→12416-2→12416-1→

T64E-1.

(2) Trace loopback address of T64E-2 on

T64E-1, as shown below.

YZ-T64E#trace 61.220.18.6


1 61.220.18.69 1 ms 0 ms 0 ms

2 61.220.18.190 0 ms 0 ms 0 ms

3 61.220.18.82 0 ms 0 ms 0 ms

[finished]

Route is T64E-1→12416-1→5200G→T64E-2.

Route that packets going from a PE to another

PE is controlled by Label Switching Path (LSP).

Results above show that routes that packets go

from T64E-1 to T64E-2 and from T64E-2 to T64E-1

are different. It is because LSP is interrupted,

which is due to LDP neighbor relationship between

two 12416 routers are not established.

Check configuration information on each

device and cost value on each interface of these

devices are shown in Figure 2.

As shown in Figure 2, the best route from

T64E-2 to T64E-1 is T64E-2→12416-2→12416-1

→T64E-1, with total cost value 5+10+10=25.

The best route from T64E-1 to T64E-2 is

T64E-1→12416-1→HW5200G→T64E-2, with total

cost value 10+10+5=25.

Cost values of OSPF interconnection are

different, so routes from T64E-2 to T64E-1 and

from T64E-1 to T64E-2 are different.

To share load that goes out from HW5200G on Figure 2. Cost Value

www.zte.com.cn

13Data Products

both 12416 routers, cost values are modified, as

shown in Figure 2. Cost value from HW5200G to

12416-1 is 10, and to 12416-2 is 5+5=10, so load

is balanced.

N o w a n a l y z e r e l a t e d i n f o r m a t i o n f o r

establishing LDP neighbor relationship. Take T64E

for example.

YZ-T64E#show mpls ldp neighbor

Peer LDP Ident: 61.220.18.59:0; Local LDP Ident

61.220.18.2:0

TCP connection: 61.220.18.59.44195 -

61.220.18.2.646

state: Oper; Msgs sent/rcvd: 27573/25458;

Downstream

Up Time: 12d23h

LDP discovery sources:

gei_1/1; Src IP addr: 61.220.18.69

Addresses bound to peer LDP Ident:

61.220.18.59 61.220.18.162 61.220.18.189

61.220.18.193

61.220.18.197 61.220.18.201 61.220.18.205

61.220.18.237

61.220.18.77 61.220.18.141 61.220.18.241

61.220.18.65

61.220.18.117 61.220.18.69 61.220.18.221

61.220.18.177

61.220.18.173 61.220.18.229 61.220.18.169

61.220.18.165

61.220.18.154 59.43.67.50 59.43.67.54

Bold contents are basic information for

establishing LDP neighbor relationship, including:● Peer LDP ID

LDP ID is a field of 6 bytes. Its format is shown

as follows.

LDP router-id (4 bytes) L a b e l S p a c e I D ( 2

bytes)

Label Space is divided into two types:

Each port label space

Each interface running MPLS maintains its

own label space. It is used in VCI of ATM

and DLCI of frame relay.

Each platform label space

Interfaces running MPLS on a

device share a label space. At

present, almost routers of different

vendors support each platform label

space. In each platform label space,

the last two bytes are 0. It is seen

that T64E in this example uses each

platform label space.● TCP connection

T C P c o n n e c t i o n e s t a b l i s h e d

through IGP routes requires two

Label Switching Routers (LSRs) to

establish LDP neighbor relationship.

LSRs exchange UDP messages and

destination port number is fixed to 646.● Negotiation information for establishing

LDP neighbor relationship

Negotiation information includes label

distribution mode (downstream-on-

demand or downstream-unsolicited),

L D P v e r s i o n , t i m e a n d o t h e r

parameters.

Requirement for establishing LDP

neighbor relationship is that the two LSRs

should be neighbors. That is, LSPs should

be directly connected, and routes between

LSRs are direct. For example, when user

traces the peer router ID on each LSR,

there is only one hop to the peer, as

shown below.

YZ-T64E#trace 61.220.18.59


1 61.220.18.69 0 ms 0 ms 0 ms

[finished]

To test and verify this requirement

further, perform the following test.

As shown in Figure 3, LDP neighbor



relat ionships between 12416-1 and

5200G, 12416-2 and 5200G are normal.

Now change cost value on interface

connecting with 12416-2 on 5200G to

100. Trace lookback address of 12416-2

on 5200G. Result shows that the route

does not take the direct link, and LDP

neighbor relationships between 12416-2

and 5200G is interrupted.

In Figure 1, cost values are modified,

so routes between LDP router IDs of two

12416 routers are not directly next hop

routes. Then LDP neighbor relationship is

interrupted.

2.3 Solution

To maintain normal status of VPN

services, modify cost value on interface

connecting with T64E-2 on HW5200G,

and make sure routing paths on T64E-1

and T64E-2 to each other are the same.

3 Malfunction 2


T64E-1 and T64E-2 fail to learn VPN

routes on HW5200G. HW5200G also

fails to learn VPN routes on T64E-1 and

T64E-2. VPN name is FCNGN.


Related VPN configuration information

on ZXR10 T64E is shown below.

ip vrf FCNGN

rd 64525:1

route-target import 64525:1

route-target export 64525:1

!

Related VPN configuration information on

HW5200G is shown below.

route-target import 100:1

route-target export 100:1

……

Information above shows that route-target

import and export are different on ZXR10 T64E

and HW5200G.

In MPLS/VPN network, when CE distributes a

VPN route to PE, route-target export information

is added to this route by PE. Then PE distributes

this route to other PEs. When other PEs receive

this route, they check whether route-target export

information in this route is the same with route-

target import information of their own. If it is the

same, PE receives this route; otherwise, this route

is discarded.

As route-target import and export information

on ZXR10 T64E is not the same as that on

HW5200G, T64E-1 and T64E-2 do not receive

VPN routes sent by HW5200G. HW5200G does

not receive VPN routes sent by T64E-1 and

T64E-2, either.

3.3 Solution

Modify route-target import and export values

on HW5200G to 64525:1.


3.4 Experience Summary

The following experience is concluded from

this example:

Figure 3. Verifying LDP Neighbor Relationship Requirement

www.zte.com.cn

15Data Products

● Cost values on interfaces of metropolitan area

network devices (12416 routers) are modified,

so routes between LDP router IDs of two 12416

routers are not directly next hop routes. Then

LDP neighbor relationship is interrupted.● Cost values on interfaces of metropolitan

area network devices (T64E-2 and 5200G)

are modified, so routes that packets go from

T64E-1 to T64E-2 and from T64E-2 to T64E-1

are different. Then LDP neighbor relationship

between two 12416 routers is interrupted and

LSP from T64E-2 to T64E-1 is interrupted,

which interrupts VPN services.● Route- ta rget impor t and expor t

are different on ZXR10 T64E and

HW5200G, so T64E-1 and T64E-2 fail

to learn VPN routes on HW5200G,

and HW5200G also fails to learn VPN

routes on T64E-1 and T64E-2.

According to analysis given above,

when extending capacity of metropolitan

area network devices, avoid implementing

load balance by modifying cost values. ■

E1 Docking Processing⊙ Wang Wenke, ZTE Corporation

1 Malfunction SituationWhen routers ZXR10 1842 and ZXR10 1822

connect with Cisco 2811 router by CE1 module,

protocol negotiation fails. The version of Cisco

2811 router is 12.4.

2 E1 BackgroundE1 link is one of the most widely used WAN

links. It has the following features.● Bandwidth of an E1 link is 2.048M. E1 link uses

PCM coding.● Frame length of an E1 link is 256 bits. It is

divided into 32 time slots, with 8 bits for each.● 8k E1 frames pass an interface per second, so

transmission rate is 8k*256bps=2048kbps.● Each time slot occupies 8 bits in an E1 frame.

8*8k=64k, so there are 32 64k on an

E1 link.

3 Frame Structure of E1 ChannelOn an E1 link, 8 bits form a Time Slot

(TS), and 32 time slots form a Frame

(F), then 16 frames form a multi-frame.

In a frame, TS0 is used to transmit FAS,

CRC-4 and the peer alarm indication.

TS16 is used to transmit CAS, multi-

frame alignment signal and multi-frame

peer alarm indication. TS1~TS15 and

TS17~TS31 are used to transmit voice

or data information. TS1~TS15 and

TS17~TS31 are called payload, while TS0

Keyword: channelized E1, un-channelized E1, ZXR10 1842/1822, Cisco 2811


Maintenance Experience1�

and TS16 are called cost. When out-band

CCS is used, TS16 transmits information

instead of signaling. In this situation,

TS1~TS31 are payload and only TS0 is

cost.

4 E1 InterfacesThere are two types of E1 interfaces:

● G.703 unbalanced 75 ohm interface● G.703 balanced 120 ohm interface

5 E1 Link UsesThere are three types of E1 uses:

● Use the whole 2M bandwidth as a link,

such as DDN 2M.● Divide the whole 2M bandwidth into

multiple 64k bandwidths and make

different combinations, such as 128K

and 256K. This is CE1.● Divide the whole 2M bandwidth into

32 time slots. This is applied in digital

frame relay of voice switch and the

primary use of E1 link. TS0 and TS16

are used to transmit signaling, so 30

ways of voice signaling. PRI is one

of the most commonly used access

methods. Its standard is called PRA

signaling.

6 Working PatternsThere are two working patterns on CE1/PRI

interface:● E1 working pattern (channelized E1)● CE1/PRI working pattern (un-channelized E1)

When CE1/PRI interface works in channelized

E1 pattern, the interface equals an interface

with 2Mbps data bandwidth and no time slot. Its

logical characteristic is the same with that of a

synchronous serial interface, supporting data

link protocols such as PPP, FR and HDLC, and

network protocols such as IP and IPX.

When CE1/PRI in te r face works in un-

channelized E1 pattern, a frame is divided into

32 time slots physically. Numbers range from 0 to

31. In this pattern, the interface is used as a CE1

interface or a PRI interface.

7 Malfunction AnalysisThere are two modes to connect ZXR10 1800

routers with Cisco routers through CE1 interface,

channelized E1 and un-channelized E1.

In this malfunction, un-channelized E1 mode is

used to connect ZXR10 routers with Cisco router.

Protocol negotiation fails. Alarm information on

ZXR10 1800 routers is shown below.


%IP% Interface down on.

Look up related information and it is found

that E1 card on Cisco 2811 router only supports

channelized encapsulation, so protocol negotiation

fails.

8 SolutionIn channelized E1 configuration, Cisco router is

in “controller” mode and there is no framing crc32

command for docking with ZXR10 1800 routers.

There is only framing crc4 command option in

current version of Cisco router. Command format

is as shown below:

www.zte.com.cn

17Data Products

Cisco-Router(config-controller)#linecode {ami |

hdb3} framing {crc4 | no-crc4}

To solve this problem, it is recommended not

to configure this command. It is recommended to

configure Cisco router and ZXR10 1800 routers as

follows.

Cisco router configuration:

Cisco(config)#controller e1 0/0/0

Cisco(config-controller)#linecode hdb3

Cisco(config-controller)#channel-group 0 timeslots

1-31

Cisco(config-controller)#exit

Cisco(config)#interface serial 0/0/0:0

Cisco(config-if)#encapsulation ppp

Cisco(config-if)#ip address …… ……

ZXR10 1800 router configuration:

Zxr10(config)#controller ce1_1/1

Zxr10(config-controller)#channel-group 1

timesulots 1-31

Zxr10(config-controller)#exit

Zxr10(config)#interface ce1_1/1.1

Zxr10(confgi-subif)#encapsulation ppp

Zxr10(config-subif)#ip address …… ……

Note : By de fau l t , PPP packe ts

are encapsulated on E1 interfaces of

ZXR10 routers. While HDLC packets are

encapsulated on E1 interfaces of Cisco

routers by default. When connecting

ZXR10 routers with Cisco routers, change

encapsulation mode on either ZXR10

routers or Cisco routers. ■



Configuring Route Filtration on T64E⊙ Yuan Yuejun, ZTE Corporation

Keyword: route policy, BGP, route entry, route-map

1 Malfunction SituationBusiness-net spots connecting with

ZXT10 T64E router can not be operated

normally. View interface information with

malfunction on T64E. Result shows that

interface states are Up but it fails to ping

to T64E successfully or telnet to T64E.

Network topology is as shown in Figure 1.

2 Malfunction AnalysisCheck devices in each business spot.

Routers that connect with T64E in each

business spot are low-end routers. View

information via console interface on these

routers. It is found that there is alarm information

for memory lack, as shown below.

%% Low on memory; try again later %OSPF-3-

NOMEMORY: No memory for link state database

%OSPF-3-NOMEMORY: No memory for link state

database

Routers in each business port are old and

memory is only 1M. It is inferred that OSPF link

state database costs too memories, which causes

this malfunction.

Use show ip protocol rout ing summary

command to view related information on T64E. It is

found that number of route entries that are learned

from BGP and DCN network increase from 10 to

more than 1300, as shown below.

JZ-T64E-1#show ip protocol routing summary

Route Source count

connected : 31

static: 25

ospf: 32

rip: 0

bgp: 1362

isis: 0

Total: 1450

BGP routes are redistributed to OSPF on T64E,

so all routers in business ports have learnt BGP

routes. As these routers are low-end routers, they

can not afford so many routes.Figure 1. Network Topology

www.zte.com.cn

19Data Products

3 Solutions

3.1 Solution 1

As network topology is simple, delete OSPF on

routers in each business spot. Configure a static

route to T64E on each router. Services in each

business spot recover.

3.2 Solution 2

Configure route filtration on T64E to restricting

the number of learnt BGP route.

Suppose IP address on interface of T64E that

connects with DCN network is 133.134.46.1/30.

Route filtration configuration is shown below.

access-list 10 permit 133.128.0.0 0.0.255.255

//network segment of user addresses

access-list 10 permit 133.134.46.0 0.0.0.3

//network segment of interconnection address

route-map guolv permit 5

match ip address 10

//define a route-map “guolv”

neighbor 133.134.46.2 route-map guolv in

Use show ip protocol rout ing summary

command to view BGP route after a certain

period. It is found that the amount of route entries

decreases obviously. Services recover. After route

filtration, route summary is as shown below.

JZ-T64E-1#show ip protocol routing summary

Route Source count

connected : 31

static: 25

ospf: 32

rip: 0

bgp: 10

isis: 0

Total: 98


4 Experience SummaryThe following experience is concluded

from this example:● To tackle malfunction, show logging

alarm command is usually used to

view alarm information on devices. It is

useful for analyzing malfunctions and

finding out causes.

The complete format of show logging

alarm command is show logging alarm

{[typeid <type>] [start-date <date>]

[end-date <date>] [level <level>]}.


described in Table .● Route filtration is used to filter some

unnecessary route entries. In BGP,

neighbor route-map command is used.

The complete format of neighbor route-

map command is neighbor [<ipv4-

address>|<ipv6-address>|<peer-group-

name>]route-map <map-tag> {in|out}


described in Table 2. ■


typeid <type> Alarm type of alarm information to be displayed

start-date <date> Alarm information to be displayed is started from this date (this date included)

end-date <date> Alarm information to be displayed is ended by this date (this date included)

level <level>Level of alarm information to be displayed (1: emergencies, 2: alerts, 3: critical, 4: errors, 5: warnings, 6: notifications)



ipv4-address IPv4 address of neighbor

ipv6-address IPv6 address of neighbor

peer-group-name Peer group name

map-tag Name of route-map

in|out Application direction




Figure 1. Network Topology

Policy Routing Application⊙ Zhang Fan, ZTE Corporation

Keyword: policy routing, route priority, next hop

1 Policy Routing Overview

1.1 Policy Routing Background

Policy routing is different from general

routing. General routing means that

routers route data packets according to

routing tables that are calculated from

routing protocols. Policy routing means

that routers route data packets according

to special rules that are defined by users.

Priority of policy based route is higher than

that of general routing protocols. When

policy routing function is run normally on

a router, the router routes data packets

according to policy first, then according

to routing tables that are calculated from

routing protocols.

Policy routing is widely applied to

multi-exit network to control flow direction

of special data packets. Policy routing

topology is shown in Figure 1.

In Figure 1, router A connects with router B.

Both routers run OSPF and are in area 0. As an

exit of the network, router A connects with ISP1

and ISP2. 202.102.11.0/24 is assigned by ISP1

and 222.1.0.0/24 is assigned by ISP2. It is required

to achieve the following two points:● Next hop of users with IP addresses in

2 0 2 . 1 0 2 . 11 . 0 / 2 4 n e t w o r k s e g m e n t i s

212.0.1.1/30 of ISP1.● Nex t hop o f use rs w i t h IP add resses

i n 2 2 2 . 1 . 0 . 0 / 2 4 n e t w o r k s e g m e n t i s

200.30.10.1/30 of ISP2.

1.2 Demand Analysis

Static route, default route and OSPF make

router control flow direction of data packets

according to destination addresses. It is impossible

to use static route, default route or OSPF to

achieve the above points. In network shown in

Figure 1, packets should be transmitted according

to both source address and destination address.

It is suitable to use policy routing in this

situation. Configure an ACL to define a special flow,

then compel the flow to next hop or interface.

1.3 Configuration Commands

Configure the following commands on router A.

(1) Configure an ACL to define a special flow.

access-list 101 permit ip 202.102.11.0 0.0.0.255

any

access-list 102 permit ip 222.1.0.0 0.0.0.255 any

www.zte.com.cn

21Data Products

(2) Configure policy routing function.

route-map test permit 5

match ip address 101

set ip next hop 212.0.1.1




(3) Configure a private address on fei_1/1 and

apply policy routing on this interface.

interface fei_1/1

ip address 192.168.0.1 255.255.255.252

ip policy route-map test

Another method is to use next hop in set

command to replace next IP address. Use the

following contents to replace commands in step 2

and step 3.



set ip next hop fei_1/2



set ip next hop fei_1/3

2 Classical Malfunction Processing


In topology shown in Figure 1, after network

administrator configures pol icy, network is

interrupted.

Users with IP addresses in network segment

202.102.11.0/24 and 222.1.0.0/24 can not get on-

line.


To analyze malfunction, perform the following

steps.

(1) Check whether the interface states of

router is normal or not.

Use show interface fei_1/1, show

interface fei_1/2, and show interface

fei_1/3 commands to view states of three

interfaces on router A. Results show that

physical state and data link layer protocol

state are UP, which means states are

normal.

(2) Check whether the next hop is

normal or not.

Delete commands related to policy

routing. Add a static route to 212.0.1.1/30

on router A and a back route to router B.

Add a default route to fei_1/1 of router A

on router B.

Ping to 212.0.1.1 with addresses in

network segment 202.102.11.0/24 and

222.1.0.0/24. It is successful.

Delete the route to 212.0.1.1 on

router A. Add a route to 200.30.10.1/30.

Ping to 200.30.10.1/30 with addresses

in network segment 202.102.11.0/24 and

222.1.0.0/24. It is successful.

Results show that network connectivity

is normal.

(3) Check policy routing configuration.

Policy routing configuration is as

follows.

access-list 101 permit ip 202.102.11.0

0.0.0.255 any

access- l ist 102 permit ip 222.1.0.0

0.0.0.255 any

!




!




!



interface fei_1/2


……

It is found that policy routing is applied

on fei_1/2, while it should be applied on

fei_1/1.

2.3 Solution

Modify configuration as follows.

interface fei_1/2

no ip policy route-map test

!

interface fei_1/1


Use t race r t command on a PC

with an address in network segment

202.102.11.0/24 to test. Use a random

destination address, for example, www.

sina.com.cn. Result is shown below.

C : \ D o c u m e n t s a n d S e t t i n g s \

Administrator>tracert www.sina.com.cn

Tracing route to jupiter.sina.com.cn

[202.108.33.32]

over a maximum of 30 hops:

1 < 1 m s < 1 m s < 1 m s

202.102.11.254

2 <1 ms <1 ms <1 ms 192.168.0.1

3 1 ms 1 ms 1 ms 202.0.1.1

……

Result shows that next hop of users with IP

address 202.102.11.0/24 is 212.0.1.1/30 of ISP1.

Use the same command on a PC with an

address in network segment 222.1.0.0/24 to test.

Result is shown below.

C:\DocumentsandSettings\Administrator>tracert

www.sina.com.cn

Tracing route to jupiter.sina.com.cn [202.108.33.32]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 222.1.0.254

2 <1 ms <1 ms <1 ms 192.168.0.1

3 1 ms 1 ms 1 ms 200.30.10.1

……

Result shows that next hop of users with

IP address in network segment 222.1.0.0/24 is

200.30.10.1/30 of ISP2.

Now the malfunction is solved.

2.4 Experience Summary

Policy routing should be applied on interfaces

through which data flows into routers. ■

www.zte.com.cn

23Data Products

VRRP Configuration⊙ Qian Yuemei, ZTE Corporation

Keyword: VRRP, router redundancy, backup

1 VRRP OverviewVirtual Router Redundancy Protocol (VRRP)

has the following concepts:● VRRP router

Routers that run VRRP are called VRRP routers.

It can be one or more than one virtual routers.● Virtual router

Virtual router is an abstract object managed by

VRRP that works as default router in a LAN.

It consists of a virtual router ID (VRID) and a

group of associated IP addresses in a LAN.

A VRRP router can has more than one virtual

router.● IP address owner

A router that uses LAN interface address as the

IP address of virtual router is called IP address

owner. When VRRP is configured, IP address

owner responds to data packets to this address.● Master router

A master router transmits data packets that are

associated with IP addresses of virtual routers.

It also responds to ARP requests for

these IP addresses. IP address owner

works as Master.● Backup router

Backup routers are a group of available

routers. When the master router is not

valid, a backup router works as master.

Master router transmits keepalive

advertisement. Transmission frequency

d e p e n d s o n p a r a m e t e r v a l u e o f

advertisement interval. By default, it is 1

second.

When a router has the IP address of

virtual router, priority of this virtual router

is 255 and it is unchangeable. Priority

values of other routers can be modified,

with default value 100. When the master

router is rebooted or interface is shutdown,

priority is set to 0. This means the master

router gives up its position and backup

routers begin to elect a new master router.



If backup routers do not receive

keepalive advertisement from the master

router, they consider themselves as

master routers automatically and advertise

themselves.

Wait ing t ime of backup router is

calculated in the fol lowing way: 3×

advertisement interval+(256-priority)/256,

where priority is the value of backup

priority.

When the master router is rebooted

or the interface is shutdown manually, the

master router transmits a special keepalive

advertisement to notify backup routers that

a new master router is required.

Virtual router responds to ARP request

with a special virtual MAC address. The

master router responds to ARP request

with this MAC address. This makes IP

address and MAC address are unique for

clients no matter how the master router

and backup routers are changed. The

virtual MAC address format is as follows:

00005E:0001XX (XX is the virtual router

ID).

When multiple virtual routers are

created on an interface, each virtual router

ID should be unique. When virtual routers

are created on different interfaces, virtual

router ID can be used repeatedly.

2 Working MechanismVRRP is used to configure multiple router

interfaces in a broadcast domain into a group to

form a virtual router and assigns an IP address to

the router to function as its interface address. This

interface address may be the address of one of

router interfaces or the third party address.

Router is used as the master router if its

interface address is used and other routers are used

as the backup ones. The router with high priority is

used as the master router if the third party address

is used. If two routers have the same priority, the

one with the greater interface address wins.

As shown in Figure 1, set the IP address of

the virtual router to gateway on the host in this

broadcast domain. The master router is replaced

with the backup router with the highest priority if

the master router is faulty, without affecting the

host in this domain. The host in this domain cannot

communicate with outside world only when all

routers in the VRRP group work abnormally.

If uplink of master router is down, its state

“Master” is not changed. Host routes in this domain

still go to this router. This causes that host in this

domain cannot communicate with outside world.

Link state detection is added in VRRP to solve this

problem.

Configure a VRRP group to trace a link state.

When interface state changes from up to down, its

priority decreases. When interface state becomes

up from down, its priority increases.

These routers can be configured into multiple

groups for mutual backup. The hosts in the

domain use different IP addresses as gateway to

implement data load balance.

3 Classical Topologies

3.1 Basic VRRP Configuration Topology

As shown in Figure 2, DUT1 and DUT2 run Figure 1. VRRP Packet Transmission

www.zte.com.cn

25Data Products

VRRP protocol. DUT1 interface address 20.1.1.1 is

used as the VRRP virtual address, therefore DUT1

is considered as a master router.

3.2 Symmetric VRRP Configuration Topology

Two VRRP groups are booted, where PC1

and PC2 use virtual router in Group 1 as default

gateway with address 20.1.1.1. PC3 and PC4 use

virtual router in Group 2 as default gateway with

address 20.1.1.2. R1 and R2 serve as mutual

backup. Four hosts cannot communicate with

outside world until both routers become invalid, as

shown in Figure3.

3.3 Mult i -Backup VRRP Configuration Topology

In multi-backup VRRP configuration, each

router is set as the master router of a virtual router

and also set as the backup router of other backup

routers. Once the master router is in fault, one

of the backup routers takes IP address of virtual

router. Network topology is shown in Figure 4.

As each master router has more than one

backup router, it is required to set priorities for

these backup routers. When the master router is

in fault, the backup router with the highest priority

becomes the master router. When there is more

than one backup router with the second highest

priority, the one with the highest IP address

becomes the master router.

3.4 Configuring VRRP

To configure VRRP, perform the following steps.

(1)To configure virtual IP address at interface to

run VRRP, use the following command.

Figure 2. Basic VRRP Configuration Topology

Figure 3. Symmetric VRRP Configuration Topology

Figure 4. Multi-Backup VRRP Configuration Topology

Format FunctionZXR10(config-if)#vrrp <group> ip <ip-address> [secondary]

This configures virtual IP address at interface to run VRRP



Parameters in this command are

described in Table 1.

(2)To configure VRRP priority on

interface, use the following command.

function is provided.

2) To track l ink state, use the fol lowing

command.Parameter Description

<group>

Group number of group that runs VRRPRange: 0~255Multiple VRRP groups are allowed to run in the same interface.

<ip-address>Virtual IP address set for VRRP groupThis address can be the same with interface address, or different from any interface addresses.

[secondary]This parameter means this router supports multiple virtual IP addresses. Hosts connecting with the router can use any of these addresses as gateway.


Format FunctionZXR10(config-if)#vrrp <group> priority <priority>

This configures VRRP priority on interface

Note: Priority range is 1~254. The

bigger value is, the higher priority is. By

default, priority is 100.

When VRRP virtual IP address is the

same with that of an interface, priority of

this interface is set to 255 automatically.

Therefore, this router becomes master

router. When VRRP virtual IP address is

different with any interface addresses,

master router is elected according to

VRRP priority. Router with the highest

priority becomes master router.

(3) To configure VRRP up link status

track, perform the following steps.

1) To track interface state or protocol

state, use the following command.

Format FunctionZXR10(config)# track <track-num> interface <type-name> line-protocol

This tracks interface state or protocol state

Note: ● <track-num> means track ID, ranging

from 1 to 256.● <type-name> means interface to be

tracked.● At present, only interface state track

Format FunctionZXR10(config-if)# vrrp <group> track <track-num> [decrement <priority>]

This tracks link state

Note: <priority> means priority value that is to

be reduced. It ranges from 1 to 254, with default

value 10.

(4) To configure an interval for sending a VRRP

advertisement on the interface, use the following

command.

Format Function

ZXR10(config-if)#vrrp <group> advertise [msec] <interval>

This configures an interval f o r s e n d i n g a V R R P adver t isement on the interface

Note: ● Msec means changing unit of advertisement

interval from second to millisecond.● <interval> means interval of master router to

transmit VRRP advertisement. When it is in its

unit of second, it ranges from 1 to 255. When it

is in its unit of millisecond, it ranges from 100 to

1000. Default value is 1 second.

(5) To configure whether the virtual equipment

can preempt in backup status, use the following

command.

Format FunctionZXR10(config-if)#vrrp <group> preempt [delay <seconds>]

This configures whether the virtual equipment can preempt in backup status

Note: ● Delay <seconds> is delay time before VRRP

router advertises it self as master router. It

ranges from 0 to 3600 (unit: second), the

default value is 0.● By default, router is in preempting mode. When

user sets router not to preempt, the master

router and backup router are not changed over

when backup router has higher priority.

www.zte.com.cn

27Data Products

● In preempting mode, when a new VRRP router

has higher priority than the master router, the

router preempts master position. Therefore, IP

address owner has master position after it is

rebooted.

4 Examples of VRRP Configuration

4.1 Basic VRRP Configuration Example

As shown in Figure 2, virtual IP address of

VRRP group is 20.1.1.1. DUT1 is the master

router, with down link IP 20.1.1.1 and default

priority 255. DUT2 is the backup router, with down

link IP 20.1.1.2 and default priority 200. Track

function is configured on both routers. Decrement

priority is 100. Configure a loopback address on

R1. Configure a gateway on PC that pings to R1

loopback address successfully.

DUT1 configuration:

ZXR10(config)#interface fei_1/1

Z X R 1 0 ( c o n f i g - i f ) # i p a d d r e s s 1 0 . 1 . 1 . 1

255.255.255.252

ZXR10(config-if)#exit



255.255.255.0

ZXR10(config-if)#vrrp 1 ip 20.1.1.1

ZXR10(config-if)#vrrp 1 track 1 decrement 100


ZXR10(config)#router ospf 1

ZXR10(config-router)#network 10.1.1.0 0.0.0.3

area 0


area 0

ZXR10(config-router)#exit

ZXR10(config)#track 1 interface fei_1/1 line-

protocol

DUT2 configuration:


ZXR10(config-if)#ip address 10.1.1.5

255.255.255.252




255.255.255.0


ZXR10(config-if)#vrrp 1 priority 200

ZXR10(config-if)#vrrp 1 track 1 decrement

100



ZXR10(config-router)#network 10.1.1.4

0.0.0.3 area 0


0.0.0.255 area 0


ZXR10(config)#track 1 interface fei_1/1

line-protocol

R1 configuration:

ZXR10(config)#interface loopback1


255.255.255.255




255.255.255.252




255.255.255.252




0.0.0.3 area 0


0.0.0.3 area 0

ZXR10(con f ig - rou te r )# red is t r ibu te

connected




4.2 Symmetric VRRP Configuration Example

As shown in Figure 3, there are two

VRRP groups. PC1 and PC2 are in the

same group, using gateway 20.1.1.1. PC3

and PC4 are in the same group, using

gateway 20.1.1.2. Configure a loopback

address on R1. Configure a gateway on

PC that pings to R1 loopback address

successfully.

DUT1 configuration:



255.255.255.252




255.255.255.0






0.0.0.3 area 0


0.0.0.255 area 0


DUT2 configuration:



255.255.255.252




255.255.255.0






area 0


area 0


R1 configuration:


Z X R 1 0 ( c o n f i g - i f ) # i p a d d r e s s 1 . 1 . 1 . 1

255.255.255.255




255.255.255.252




255.255.255.252

www.zte.com.cn

29Data Products




area 0


area 0

ZXR10(config-router)# redistribute connected


4.3 Mult i -Backup VRRP Configuration Example

Topology is shown in Figure 4. Virtual router ID

and priority of each device are shown as follows:

DUT1 configuration:



255.255.255.252




255.255.255.0









area 0


area 0


DUT2 configuration:



255.255.255.252




255.255.255.0









0.0.0.3 area 0


0.0.0.255 area 0


DUT3 configuration:



255.255.255.252




255.255.255.0


Virtual Router Default Priority Configured Priority

VRID=1 255 255

VRID=2 100 200

VRID=3 100 200

DUT1:


VRID=1 100 200

VRID=2 255 255

VRID=3 100 100

DUT1:


VRID=1 100 100

VRID=2 100 100

VRID=3 255 255

DUT1:










0.0.0.3 area 0


0.0.0.255 area 0


R1 configuration:



255.255.255.255




255.255.255.252




255.255.255.252




255.255.255.252




area 0


area 0


area 0

ZXR10(config-router)# redistribute connected


5 VRRP Maintenance and Diagnosis(1)To show the configuration information of all

the VRRP groups, use the following command.

Format FunctionZXR10#show vrrp [<group>|brief|interface <interface-name>|all]

T h i s s h o w s t h e configuration information of all the VRRP groups

Example:

In basic VRRP configuration example, when

DUT1 up link is normal, use this command to show

VRRP group configuration information.

DUT1#show vrrp

fei_1/2 - Group 1

State is Master

Virtual IP address is 20.1.1.1

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 1.000 sec

Preemption is enabled

min delay is 0.000 sec

Priority is 255 (config 100)

Authentication is disabled

Track object 1 decrement 100

Master Router is 20.1.1.1 (local), priority is 255

Master Advertisement interval is 1.000 sec

Master Down interval is 3.003 sec

DUT2#show vrrp

fei_1/2 - Group 1

State is Backup




www.zte.com.cn

31Data Products






Master Router is 20.1.1.1 , priority is 255


Master Down interval is 3.218 sec (expires in 2.318

sec)

When DUT1 uplink is down, priority decreases

by 100. DUT1 priority becomes 155 and DUT2

priority is still 200, therefore DUT2 becomes the

master router and DUT1 becomes the backup

router.

DUT1#show vrrp

fei_1/2 - Group 1

State is Backup









Master Router is 20.1.1.2 , priority is 200


Master Down interval is 3.394 sec (expires in 3.194

sec)

DUT2#show vrrp

fei_1/2 - Group 1

State is Master









Master Router is 20.1.1.2 (local), priority

is 200

Master Advertisement interval is 1.000

sec

Master Down interval is 3.218 sec

(2)To show all the track configuration

information, use the following command.

Format Function

ZXR10#show track [<track-num>] T h i s s h o w s a l l t h e t r a c k configuration information

Example: use this command to show

track information in symmetric VRRP

configuration example.

DUT1#show track

Track 1

Interface fei_1/1 line-protocol

Line protocol is up

6 change, last change 00:44:10

Tracked by :

VRRP fei_1/2 1

(3) To t u r n o n V R R P d e b u g

information switch, use the following

command.

Format FunctionZXR10#debug vrrp {state | packet | event | error | all }

T h i s t u r n s o n V R R P d e b u g information switch

Example:

This shows an example of debugging

VRRP.

3952-1#debug vrrp all

VRRP debugging is on

00:54:47: VRRP: Interface vlan2 Grp

1 Advertisement priority 150, ipaddr

10.10.10.3

00:54:47: VRRP: Grp 1 Event - Advert

higher or equal priority



00:54:49: VRRP: Interface vlan2 Grp

1 Advertisement priority 150, ipaddr

10.10.10.3

00:54:49: VRRP: Grp 1 Event - Advert

higher or equal priority

00:54:58: VRRP: Interface vlan2 Grp 1

sending Advertisement

00:54:58: VRRP: Grp 1 Event - Master

down timer expired

00:54:58: VRRP: Grp 1 changing to

V_STATE_MASTER

16:34:45 08/18/2007 UTC alarm 22016

occurred %VRRP% Group 1 of vlan2 changing to

Master sent by MCP

00:54:59: VRRP: Interface vlan2 Grp 1 sending

Advertisement

0 0 : 5 5 : 0 5 : V R R P : I n t e r f a c e v l a n 2 G r p 1

Advertisement priority 150, ipaddr 10.10.10.3

……

Note: The use o f the debug command

may affect the performance of routers. This is

recommended that the no command be used to

disable the debug command after debugging. ■

www.zte.com.cn

33Data Products

BGP Route⊙ Yang Zhiwei, ZTE Corporation

1 Topology IntroductionAs shown in Figure 1, EBGP is configured on

two GER routers for interaction.

2 BGP Route AdvertisementBGP (Border Gateway Protocol) is a common

inter-area routing protocol. After BGP neighbor

relationship is established, routers learn routers

advertised by peers and advertise their own routes

according to their configuration.

BGP is used to advertise routers. Each BGP

router advertises local network to Internet, then

thousands of route entries are advertised by these

routers. That is why users can get various services

on Internet.

Before BGP routers advertise routes, these

routes must exit in IGP (such as static, RIP, OSPF

and IS-IS) routing tables. Sources of BGP route

update are IGP routes that are added to BGP. This

has influence on Internet route stability.

There are two modes to add routes to BGP:

dynamic and static. Static mode solves

the problem of route instability effectively.

It is to add route entries to BGP manually.

Therefore, these route entries are not

affected by IGP fluctuation and avoid

repeat ing update caused by route

fluctuation. When subnets are not divided

well and clearly, static mode also causes

data block.

3 Advertisement ModesThere are two commands that are

used in static mode.● network● aggregate-address

Keyword: BGP, Static Route Advertisement, Network, Aggregate-Address

Figure 1. EBGP Topology



3.1 Network Command

Network command is most commonly

used to advertise routes in BGP. Its format

is as follows:

network <ip-address> <net-mask>

This command designates destination

network segment and mask, so a pack of

routes that match this condition are added

to BGP routing table and are advertised

after filtration. This pack of routes includes

routes to all subnets in this network

segment.

For example, use network 10.61.8.0

255.255.254.0 command to add routes

to BGP. If network segment 10.61.8.0/23

in IGP routing table has subnets such as

network segment 10.61.9.0/30, all routes

to network segment 10.61.8.0/23 and its

subnets are added to BGP. If network

segment 10.61.8.0/23 does not exist in

IGP routing table and there is no subnet,

no routes are added to BGP.

As shown in F igu re 1 , t he two

GER routers establish EBGP neighbor

relationship. Use network <ip-address>

<net-mask> command to add route

information on GER-1 to EBGP. IGP

routing table of GER-1 is shown below:

GER-1#show ip route

IPv4 Routing Table:

Dest Mask Gw Interface

Owner pri metric

10.61.4.0 255.255.255.192 10.61.4.226

fei_3/1 ospf 110 11

1 0 . 6 1 . 4 . 1 6 2 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5

10.61.4.210 fei_3/8 ospf 110 2

1 0 . 6 1 . 4 . 1 6 5 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5

10.61.4.226 fei_3/1 ospf 110 1

1 0 . 6 1 . 4 . 1 6 6 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5

10.61.4.210 fei_3/8 ospf 110 1

1 0 . 6 1 . 4 . 1 9 6 2 5 5 . 2 5 5 . 2 5 5 . 2 5 2

10.61.4.210 fei_3/8 ospf 110 2

10.61.4.228 255.255.255.252 10.61.4.210

fei_3/8 ospf 110 11

10.61.8.0 255.255.255.0 10.61.4.210 fei_3/8

ospf 110 20

10.61.9.0 255.255.255.252 10.61.9.1

loopback10 direct 0 0

Configuration of BGP route advertisement is

shown below:

GER-1#

router bgp 65510

no synchronization

aggregate-address 10.61.4.0 255.255.255.0 count

0 summary-only


0 summary-only

network 10.61.8.0 255.255.254.0

neighbor 59.43.185.17 remote-as 4809

neighbor 59.43.185.17 activate

neighbor 59.43.185.17 route-map filter in



neighbor 10.61.4.162 next-hop-self

neighbor 10.61.4.162 update-source loopback1

!

The route advertised to BGP neighbor is shown

below:

GER-1#show ip bgp neighbor out 59.43.185.17

Routes Sent to This neighbor:

Dest NextHop Metric LocPrf Path

10.61.8.0/23 59.43.185.18 i

10.61.9.0/30 59.43.185.18 i

10.61.4.0/24 59.43.185.18 i

Above result shows that route to 10.61.8.0/23

is advertised with command network 10.61.8.0

255.255.254.0. Routes to subnets 10.61.8.0/23

www.zte.com.cn

35Data Products

and 10.61.9.0/30 are also advertised.

3.2 Aggregate-address Command

Aggregate-address command format is as

follows:● aggregate-address <ip-address> <net-mask>

[count <count>] [as-set] [summary-only] [strict]● aggregate-address <ip-address> <net-mask>

subnet <subnet-address> <subnet-mask>

Parameters in these two commands are

described in Table 1.

To use aggregate-address command to add

routes to BGP, perform the following steps.

(1) As shown in Figure 1, to establish BGP

neighbor relationship between the two routers,

configure the following command on GER-1.

router bgp 65510

no synchronization


0 summary-only


0 summary-only


0 summary-only



neighbor 59.43.185.17 route-map filter in



neighbor 10.61.4.162 next-hop-self

neighbor 10.61.4.162 update-source loopback1

!

(2) Use show ip bgp neighbor out command to

view related information. Result shows that route to

10.61.8.0 255.255.255.0 is not advertised to BGP

neighbor successfully, as shown below:

GER-1#show ip bgp neighbor out 59.43.185.17


Dest NextHop Metric LocPrf

Path

10.61.4.0/24 59.43.185.18 i

Routes in local IGP routing table of

GER-1 are show below:

GER-1#show ip route

IPv4 Routing Table:

Dest Mask Gw Interface

Owner pri metric

……

10.61.8.0 255.255.255.0 10.61.4.210

fei_3/8 ospf 110 20

……

A g g r e g a t e d r o u t e s c a n n o t b e

advertised according to above result.

(3) Use the following command to

replace aggregate-address 10.61.8.0

255.255.255.0 count 0 summary-only

command.

a g g r e g a t e - a d d r e s s 1 0 . 6 1 . 8 . 0


(4) Use show ip bgp neighbor out

command to view related information.

Result shows that only summary route to


<ip-address> Network address to be aggregated

<net-mask> Mask of network address to be aggregated

count <count>

Number of subnets that routes to be aggregated should matchValue range: 0~255Default value: 1

as-set Generating AS path

summary-only Filtering special routes after update

strictAccording to RFC1771, only routes with the same MED and NEXT_HOP attributes can be aggregated. Otherwise loosen requirements.

<subnet-address> IP addresses of subnets to be aggregated

<subnet-mask> Masks of subnets to be aggregated




10.61.8.0 255.255.255.0 is advertised, as

shown below:

GYHM-GER-1#show ip bgp neighbor out

59.43.185.17



Path

10.61.8.0/23 59.43.185.18 i

10.61.4.0/24 59.43.185.18 i

(5) Use the following command to

replace aggregate-address 10.61.8.0


command.

a g g r e g a t e - a d d r e s s 1 0 . 6 1 . 8 . 0

255.255.254.0 count 0

(6) Use show ip bgp neighbor out

command to view related information.

Result is shown below:

GYHM-GER-1#show ip bgp neighbor

out 59.43.185.17



Path

10.61.8.0/23 59.43.185.18 i

10.61.9.0/30 59.43.185.18 i

10.61.4.0/24 59.43.185.18 i

Results of above steps show the following

points:● summary-only means only summary route after

aggregation is advertised. Routes to subnets

are advertised after aggregation without this

parameter.● Default value of count <count> parameter is

1. When this value is 0, as long as there is

any subnet of 10.61.8.0 255.255.254.0 in IGP

routing table, aggregated route 10.61.8.0/23 is

advertised. When this value is modified to other

values except 0, use additional commands to

designate subnet segments that are advertised,

for example:

aggregate-address 10.61.8.0 255.255.254.0

subnet 10.61.8.0 255.255.255.0

aggregate-address 10.61.8.0 255.255.254.0

subnet 10.61.9.0 255.255.255.252

Above commands mean that there are routes

to subnet segments in IGP routing table and

the number equals to the value of count

<count> parameter; corresponding routes are

aggregated and advertised. ■

www.zte.com.cn

37Data Products