IOS-XR Cisco Next Generation Router OS Architecture
Lim Fung, CTG Technical Marketing [email protected] ID 20PT Router OS Evolution
Control Plane Applications Control Plane Data Plane Management Plane
Control Plane Data Plane Management Plane
Forwarding Plane Applications
Control Plane Data Plane Management Plane
SSH
SSH
Network Stack
SSH
L2 Drivers L2 ACL FIB QoS LPTS PFI Interface
BGB RIP ISIS OSPF Routing PIM IGMP RIB CLI SNMP XML NetFlow Alarm Per.fMgmt Host Service Host
System Forward Checkpoint DB Multicast IPC System DB Infrastructure Infrastructure Distributed Infrastructure
Scheduler Synch. Services IPC Mech Memory Mgmt
OS Scheduler
Management Plane Applications Plane Management InfrastructureHA
Kernel System Services
. Monolithic Kernel . Micro Kernel . Centralized Infrastructure . Distributed Infrastructure . Integrated Network stack . Independent Network stack . Centralized applications . Distributed applications
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 IOS-XR Software Architecture
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 • Modular—Runtime SW upgrade/downgrade support • Distributed—scalable with multi chassis support • Platform Independent—POSIX compliant • Management Interface—Unified Data Model (XML) • High Availability—Hot Standby and Process Restart • Security—Control, Data and Management Plane • Logical Router—Router Partitioning (SDR)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Cisco IOS-XR Software Modularity Microkernel architecture
BGP OSPF BGP RIP OSPF BGP OSPF EIGRP ISIS LDP VPN ISIS EIGRP ISIS
RIP VPN Telnet RIP VPN SSH Server SSH Telnet SSH Telnet Server Server LDP ACLs ACLs LDP ACLs
IPv4 Forwarding IPv4 Forwarding IPv4 Forwarding TCP/IP Drivers TCP/IP Drivers TCP/IP Drivers
Timers Scheduler Timers Scheduler Timers Scheduler
Monolithic Kernel Microkernel IOS BSD based routers IOS XR
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 IOS XR Modular Packaged Software
RP DRP LC
Manage- Manage- Security Security GMPLS Multi-cast Opt’l ability ability Opt’l Opt’l
GMPLS Multi-cast GMPLS Multi-cast Line Card
Forwarding RPL BGP RPL BGP Mand Base OSPF ISIS OSPF ISIS
Forwarding Forwarding OS Mand Mand Mand Base Base SC Admin OS Base OS Admin Mand
OS
. Upgrade specific packages/Composites Across Entire system Useful once a feature is qualified and you want to roll it without lot of cmd Targeted Install to specific cards Useful while a feature is being qualified Reduces churn in the system to card boundary . Point Fix for software faults
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 . Ability to upgrade independently Multi- MPLS MPLS, Multicast, Routing protocols cast and Line Cards RPLRouting BGP . Ability to run different versions on Composite different nodes OSPF ISIS . Ability to release software packages async Manageability Security . Ability to have composites into ForwardingHost one manageable unit if desired Composite Base . Notion of optional packages if IOX Admin technology not desired on device OS (Multicast, MPLS) Line card
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Distributed In-Memory Database (IMDB)
. Reliable DRP RP-A Management Multicast IPC Applications Local- (CLI/XML?SNMP) improves scale DRP Global and performance Local-Ra Global Consolidated System View . Distributed data
IP OSPF BGP ISIS IP OSPF BGP ISIS management Intf Intf model improves performance and Scale Reliable Multicast and Unicast IPC
. Single LCa Consolidated Local-LCa view of the system eases IP ARP ACL QOS maintenance Intf PPP VLAN
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Distributed Control Plane
BGP BGP MPLS Multicast RESILLIENT IS-IS SYSTEM PROCESS DISTRIBUTION
RP1 RP2 RP3 RP4 RPn
. Routing protocols and signaling protocols can run in one or more (D)RP . Each (D)RP can have redundancy support with standby (D)RP . Out of resources handling for proactive planning
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Distributed Forwarding Infrastructure
RP RP LC-CPU
IP IM VLAN PPP IM NetFlow Stack Drivers Global Int. Mgr. ARP HDLC NetFlow VLAN PPP ARP
CPU FIB Ingress FIB
Global Ingress Egress IDB & AIB CPU AIB & IDB FIB
Switching Fabric Switching Fabric Egress CPU CPU AIB & IDB
LC LC LC LC
Single Stage Forwarding Two Stage Forwarding . Single global Adjacency Information . Each line card has independent AIB only Base (AIB) distributed to all line cards for local interfaces . Single global Interface Management . Each line card has independent Interface DB distributed to all line cards DB for local interfaces . Only Ingress FIB – forces forwarding . Both Ingress and Egress FIB – allows features to be run in RP forwarding features to be independently run in LCs
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 IOS XR HA Software Design Principles (Layered Approach)
NSR (GR), ISSU
Non-Stop Forwarding
Separate Control and Data Planes
RP/DRP Redundancy Active/Standby Failover
Process Restartability: Active State Check pointing
All subsystems: Separate Address Spaces memory faults affect only 1 process, recovery = restart process
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 IOS XR Software Architecture Overview
Process File System . TRUE Microkernel Manager (Mach, QNX) MMU with full protection Applications, drivers, and FAULT protocols are protected ApplicationFAULT Driver
. Monolithic Kernel (BSD/Linux, NT) ApplicationFAULT Application MMU with partial protection Applications are protected Kernel File System Network FAULTDriver
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 In Service Software Upgrade (ISSU)
. Changing software with no impact to transit traffic . What customers expect Maintenance release upgrades without impact Major release upgrades to/from any version without any impact . What we have today Some SMUs with limited scope will “ISSU” on same RP Other upgrades may require node or chassis reset Major releases Maintenance releases Complex SMUs
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Minimally Disruptive Restart (MDR)
. Reduces forwarding disruption during software upgrade . Forwarding hardware keeps forwarding while software resets . RP spoofs packets normally generated by LC CPU FR LMI ATM OAM PPP HDLC
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Protected Process Memory Space
. Each process has a virtual memory space Kernel/MMU maps virtual address to physical address (at page level) Threads share the memory space . One process cannot corrupt another’s memory Process can only access virtual space In IOS – all processes shared same virtual space 0x000000
. Communication between processes via controlled APIs 0x100000 . Limited use of shared memory 0x200000 0x300000
0x400000 1 0x00000 0x500000 OSPF 2 0x10000 3 0x20000 0x600000 0x700000
0x800000
0x900000
0xa00000
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Preemptive Multitasking
Sleeping . Default priority is 10 Waiting . Higher priority processes can interrupt In IOS, must wait for running process to finish . FIFO within same priority . Threads run while parent process is running 10 50 50 . CRS/16 and DRP have two CPUs 16 50 62 10 50 10 Running 50 50 Ready 16 50 62 10 10 10 16 50 16 10 16 16 62
62 50 50 50 16 16 10 10 10
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Local Packet Transport Services: Protection of Control Plane
Application1 Transit Traffic Received Traffic on RP Application1 LPTS on RP Forwarding Internal Information FIB (IFIB) Base (FIB)
Bad packets Local Stack
on LC
. LPTS enables applications to reside on any or all RPs, DRPs, or LCs Active/Standby, Distributed Applications, Local processing . IFIB forwarding is based on matching control plane flows Built in dynamic “firewall” for control plane traffic . LPTS is transparent and automatic BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Local Packet Transport Service LPTS Overview . There is no longer a single RP . IOS XR is a fully distributed operating system with applications running in multiple physical locations . LPTS enables distributed applications to reside on any or all RPs, DRPs, or LCs . Filters and polices (in hardware) local ‘receive’ packets and sends them only to the nodes that need them . Packet rate correlates with trust . Handles fragments, also checks TTL/hop count . High Availability for NSR (Non-Stop Routing)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 IOS XR LPTS in action
. LPTS is an automatic, built in “firewall” for control plane traffic. Router bgp . Every Control and Management packet from neighbor 202.4.48.99 the line card is rate limited in hardware to …ttl_security ! protect RP and LC CPU from attacks mpls ldp … ! LC 1 IFIB TCAM HW Entries
Local port Remote port Rate Priority
Any ICMP ANY ANY 1000 low
any 179 any any 100 medium
Socket LPTS LPTS any 179 202.4.48.99 any 1000 medium ttl BGP 202.4.48.1 179 202.4.48.99 2223 10000 medium 255
200.200.0.2 13232 200.200.0.1 646 100 medium
LDP
SSH LC 2 IFIB TCAM HW Entries …
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential TCP Handshake22 IOS-XR CLI and Configuration
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 XR Command Modes
SDR Exec – Normal operations - monitoring routing and CEF
RP/0/RP0/CPU0:router# show ipv4 interfaces brief show running-config show install active show cef summary location 0/5/CPU0
SDR Config – Configuration for L3 Node
RP/0/RP0/CPU0:router(config)# router bgp 100 taskgroup admins policy-map foo mpls ldp ipv4 access-list block-junk
Admin – Chassis operations, outside of SDRs
RP/0/RP0/CPU0:router(admin)# show controllers fabric plane all (CRS) config-register 0x0 show controllers fabric clock (12K) install add (also in SDR)
Admin Config
RP/0/RP0/CPU0:router(admin-config)# sdr backbone location 0/5/* pairing reflector location 0/3/* 0/4/*
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Node Addressing Example using CRS
POWER [RACK]/SM0/SP POWER SUPPLIES SUPPLIES interface gig [RACK/SLOT/BAY/PORT] CRS-1 AIR OUT CABLE MGMT FAN TRAY [RACK]/0/CPU0 F A FAN [RACK]/0/SM0 B PLIM PLIM [RACK]/RP1/CPU0 MSC MSC CTRL R I C CABLE MGMT CABLE MGMT RP/0/RP0/CPU0:CRS#show platform F Thu Nov 3 08:41:20.462 DST Node Type PLIM State Config State A R R ------B PLIM P P PLIM 0/0/CPU0 MSC Jacket Card IOS XR RUN PWR,NSHUT,MON MSC MSC 0/0/0 MSC(SPA) 8X1GE OK PWR,NSHUT,MON R 0/1/CPU0 MSC-140G 14-10GbE IOS XR RUN PWR,NSHUT,MON I 0/3/CPU0 MSC 4OC192-POS/DPT IOS XR RUN PWR,NSHUT,MON 0/RP0/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON C AIR 0/RP1/CPU0 RP(Standby) N/A IOS XR RUN PWR,NSHUT,MON FAN TRAY INTAKE
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Two Stage Commit
hostname Backbone-CRS Active Configuration line default exec-timeout 1440 0 Before Commit ! taskgroup ops task read boot task write boot task execute bgp ! router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 7.7.7.77/32 7.1.9.1
hostname Backbone-CRS line default Enter Proposed Changes Active Configuration exec-timeout 1440 0 After Commit ! Interface gig 0/3/0/0 ipv4 address 9.9.9.9/24 ! interface gig 0/3/0/0 taskgroup ops ipv4 address 9.9.9.9/24 task read boot task write boot task execute bgp Commit ! router ospf 100 router ospf 100 area 0 area 0 interface gig 0/3/0/0 Changes take effect interface gig 0/3/0/0 area 1 area 1 interface pos 0/4/0/0 interface pos 0/4/0/0 ! router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 Target Configuration 7.7.7.77/32 7.1.9.1
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Monitoring Configuration From SDR Exec Mode
RP/0/RP0/CPU0:CRS#show running-config Building configuration... !! Last configuration change at 12:17:03 UTC Wed Jun 28 2006 by ww ! hostname CRS line default exec-timeout 1440 0 …
RP/0/RP0/CPU0:CRS#show config commit list SNo. Label/ID User Line Client Time Stamp ~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~ 1 1000000296 ww con0_RP0_C CLI 12:17:03 UTC Wed Jun 28 2006 2 1000000295 ww con0_RP0_C CLI 12:16:47 UTC Wed Jun 28 2006 3 1000000294 ww vty0 CLI 12:09:03 UTC Wed Jun 28 2006 4 1000000293 admin vty0 CLI 06:47:51 UTC Wed Jun 28 2006 5 1000000292 admin vty0 CLI 06:47:18 UTC Wed Jun 28 2006
RP/0/RP0/CPU0:CRS#show config commit changes last 5 Building configuration... hostname CRS policy-map edge class prec_5 bandwidth remaining percent 50
RP/0/RP0/CPU0:CRS#show config sessions Session Line User Date Lock 00000201-0014e0da-00000000 vty0 ww Wed Jun 28 12:58:14 2006 *
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 IOS-XR: Task Based Authentication
Read Write Execute Debug aaa aaa aaa aaa acl acl acl acl admin admin admin admin atm atm atm atm basic-services basic-services basic-services basic-services bcdl bcdl bcdl bcdl bfd bfd bfd bfd bgp bgp bgp bgp taskgroup basic-admin usergroup noc-staff task read acl taskgroup operator task read bfd taskgroup basic-admin task read bgp inherit usergroup all-users task write acl ! task write bfd usergroup allusers task write bgp taskgroup basic-stuff task debug bgp
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Software Installation
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Software Install Terminology
Mini?
PIE? Package? SMU?
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 IOS XR Software Packages
MPLS Multicast Security Manageability IPSec, Encryption, ORB, XML, MPLS, UCP PIM, MFIB, IGMP Decryption Alarms management
Routing: RIB, BGP, ISIS, OSPF, RPL
Forwarding Line Card Platform independent Platform Dependent FIB, ARP, QoS, ACL, etc LC ucode & drivers
Base Admin Interface manager, Resource Management: System database, checkpoint services Rack, Fabric, LR management Configuration management, etc.
OS: Kernel, file system, memory management, and other slow changing core
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 PIE – Package Installation Envelope
. PIEs are a delivery mechanism for packages Used to deliver Major release – New functionality (4.0, 4.1, 4.2) Maintenance release – SW fixes (4.0.1, 4.0.2, 4.1.1) SMU – Fix for a specific bug . Includes authentication info . Installed from admin or SDR exec mode (self study students check speaker notes) . .vm files are the other delivery mechanism .vm files are bootable images Used as the Initial Install for GSR migration
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Mini – Bundle of Mandatory Packages
. Composite image with mandatory packages . Two types - .vm and .pie (both approx 80MB) . Multiple uses Quickly run an image without installing it (.vm) Initial install of IOS XR software (.vm) Recovery if system is corrupted (.vm) Major/Maintenance upgrade (.pie)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Software Release Delivery
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Software Release Delivery
. Example from CCO – ASR9K-iosxr-4.1.1.tar . Which includes Unicast Routing Composite PIE (aka mini) Routing, LC, Forwarding, Admin, Base, MBI (min boot image) Optional PIEs Manageability MPLS Multicast Security
BRKSPM -2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Software Release Delivery RP/0/RSP0/CPU0:PE1(admin)#show install active Thu Nov 3 13:40:45.771 UTC Secure Domain Router: Owner
Node 0/RSP0/CPU0 [RP] [SDR: Owner] Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-4.1.1/mbiasr9k-rp.vm Active Packages: disk0:asr9k-mini-p-4.1.1 disk0:asr9k-k9sec-p-4.1.1 disk0:asr9k-mpls-p-4.1.1 disk0:asr9k-mgbl-p-4.1.1 disk0:asr9k-mcast-p-4.1.1
Node 0/0/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-4.1.1/lc/mbiasr9k-lc.vm Active Packages: disk0:asr9k-mini-p-4.1.1 disk0:asr9k-mpls-p-4.1.1 BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Software Maintenance Updates (SMU)
. SMU is named by (1) release and (2) Bug ID . Usually 50-200kb PIE file . Examples: hfr-rout-3.2.2.CSCei63263.pie hfr-base-3.2.2.CSCeh52427.pie
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 TURBOBOOT Install (CRS-1) Boot from .vm file and install to RP disks and LC flash
Step 1 Load “mini” .vm image into memory Boot from disk or network
Routing
Line card MEM DISK MEM DISK MEM DISK MEM DISK Forwarding RP0 RP1 DRP0 DRP1
Admin MEM MEM MEM MEM MEM MEM MEM MEM Base
OS-MBI Flash Flash Flash Flash Flash Flash Flash Flash LC0 LC1 LC2 LC3 LC4 LC5 LC6 LC7 Disk0, Disk1, or TFTP Server
Step 2 Step 3 Router installs packages to flash Reload from disk disks on RPs and flash on LCs
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 PIE Installation Concepts
. PIE install used once system is operational . Packages can be added or upgraded . System performs sanity checks . Install from SDR Exec or Admin Mode Install from SDR impacts just that SDR . 3 phase install Add – Copy package and unpack Activate – Restart processes/nodes with new code Commit – Lock activated packages through reload
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 install add Command Copy image to disk, verify, and unpack
RP/0/0/CPU0:P4(admin)#install add tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I
Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation completes. RP/0/0/CPU0:P4(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 3: [ 0%] Install operation 'add /tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I to disk0:' assigned request id: 3 Install 3: [ 1%] Downloading PIE file from /tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I Install 3: [ 1%] Transferred 3298994 Bytes Install 3: [ 1%] Downloaded the package to the router Install 3: [ 1%] Verifying the package Install 3: [ 1%] [OK] Install 3: [ 1%] Verification of the package successful [OK] Install 3: [ 95%] Going ahead to install the package... Install 3: [ 95%] Add of '/tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I' completed. Install 3: [100%] Add successful. Install 3: [100%] The following package(s) and/or SMU(s) are now available to be activated: Install 3: [100%] disk0:c12k-mcast-3.2.85 Install 3: [100%] Please carefully follow the instructions in the release notes when activating any software Install 3: [100%] Idle timeout on this line will now be resumed for synchronous install operations
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 install activate Command Begin executing new software
RP/0/0/CPU0:P4(admin)#install activate disk0:c12k-mcast-3.2.85 Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation... RP/0/0/CPU0:P4(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 3: [ 0%] Install operation 'activate disk0:c12k-mcast-3.2.85' assigned request id: 3 Install 3: [ 1%] Performing Inter-Package Card/Node/Scope Version Dependency Checks Install 3: [ 1%] [OK] Install 3: [ 1%] Checking API compatibility in software configurations... Install 3: [ 1%] [OK] Install 3: [ 10%] Updating software configurations. Install 3: [ 10%] RP,DRP: Install 3: [ 10%] Activating c12k-mcast-3.2.85 Install 3: [ 10%] Checking running configuration version compatibility with newly activated… Install 3: [ 10%] No incompatibilities found between the activated software and router… configuration. … RP/0/0/CPU0:Nov 12 14:24:01.249 : instdir[181]: %INSTMGR-6-SOFTWARE_CHANGE_END : Software change transaction 3 is COMPLETE. Install 3: [100%] Performing software change Install 3: [100%] Activation operation successful. Install 3: [100%] NOTE: The changes made to software configurations will not be Install 3: [100%] persistent across RP reloads. Use the command 'install commit' Install 3: [100%] to make changes persistent. Install 3: [100%] Idle timeout on this line will now be resumed for synchronous install operations
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 install commit Command Lock in activated software across reload
RP/0/0/CPU0:P5(admin)#install commit Install: The idle timeout on this line will be suspended for synchronous install operations Install 5: [ 1%] Install operation 'commit' assigned request id: 5 Install 5: [100%] Committing uncommitted changes in software configurations. Install 5: [100%] Commit operation successful. Install 5: [100%] Idle timeout on this line will now be resumed for synchronous operations
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Deactivating Packages
RP/0/0/CPU0:P5(admin)#install deactivate disk0:c12k-rp-mgbl-3.2.85 Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation completes. RP/0/0/CPU0:P5(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 8: [ 0%] Install operation 'deactivate disk0:c12k-mgbl-3.2.85' assigned request id: 8 Install 8: [ 1%] Package 'disk0:c12k-mgbl-3.2.85' is not active and cannot be deactivated. Install 8: [ 1%] Idle timeout on this line will now be resumed for synchronous install operations
Package features no longer available Package still installed Package can be reactivated
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Routing Protocols
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 OSPF Configuration Basics
. Enable by assigning interfaces to areas . All configuration under router ospf
router ospf 100
area 0 area 1
interface gig 0/4/0/0 interface gig 0/3/0/0
interface gig 0/5/0/4 interface gig 0/3/0/1
interface gig 0/5/0/5 passive enable
interface gig 0/3/0/2
cost 40
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 OSPF Sample Configuration
router ospfv3 32 area 0 interface GigabitEthernet0/5/0/0 ! interface GigabitEthernet0/5/0/1 cost 30 ! ! area 1 interface GigabitEthernet0/5/0/2 cost 40 passive ! router ospf 101 area 0 interface GigabitEthernet0/5/0/0 ! interface GigabitEthernet0/5/0/1 ! interface GigabitEthernet0/5/0/2
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 ISIS Configuration Basics
. Enable by assigning interfaces to ISIS . All configuration under router isis
router isis
net 49.0001.0000.0000.000c.00
interface gig 0/4/0/0
address-family ipv4 unicast
interface gig 0/4/0/1
address-family ipv4 unicast
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 ISIS Sample Configuration
router isis 7 net 49.0001.0000.0000.000c.00 interface Loopback0 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/1 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/2 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/3 address-family ipv4 unicast
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 EIGRP Configuration Basics
. Enable by assigning interfaces to EIGRP . All configuration under router eigrp
router eigrp
address-family ipv4
interface GigabitEthernet0/4/0/0
interface GigabitEthernet0/4/0/0
interface mgmtEth 0/7/CPU0/0
passive-interface
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 EIGRP Sample Configuration
router eigrp 7 address-family ipv4 interface MgmtEth0/7/CPU0/0 passive-interface ! interface GigabitEthernet0/4/0/0 ! interface GigabitEthernet0/4/0/1 ! interface GigabitEthernet0/4/0/2 ! interface GigabitEthernet0/4/0/3 ! !
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Static Routes Static Routing Configuration Modes
router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 7.7.7.77/32 7.1.9.1 8.8.8.1/32 GigabitEthernet0/5/0/1.101 8.8.8.1/32 GigabitEthernet0/5/0/1.102 8.8.8.2/32 5.1.1.2 8.8.8.2/32 5.2.1.2 ! router static address-family ipv6 unicast …
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 IOS XR BGP – Key Concepts
. Address Families Configure separately Must be initialized . Neighbor Based Configuration . Configuration Templates Neighbor Group Session Group Address Family Group . Distributed BGP . (Route Policy Language)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 Address Families
. Most configuration is address family specific . Must be initialized under bgp global configuration router bgp 600 address-family ipv4 unicast . Additional configuration under neighbor AF mode router bgp 600 neighbor 5.5.5.5 address-family ipv4 unicast route-policy filter_peers in . Examples of address families supported in 4.1.0 IPv4 unicast/multicast/mvpn IPv6 unicast/multicast/mvpn L2 VPN VPNv4 unicast VPNv6 unicast
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Configuration Basics Minimal Configuration
. Assign BGP AS Number . Initialize an address family . Create a neighbor . Assign a remote AS . Enable an address family within the neighbor . Apply filters in and out on EBGP links router bgp 100 address-family ipv4 unicast ! neighbor 1.1.1.1 remote-as 200 address-family ipv4 unicast route-policy filter-in in route-policy filter-out out
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Comparison of Cisco IOS and IOS XR BGP
IOS BGP Configuration IOS XR BGP Configuration
router bgp 1 RP/0/1/CPU0:IOS XR#sh run router bgp no bgp default ipv4-unicast router bgp 300 bgp log-neighbor-changes bgp router-id 2.2.2.2 neighbor 1.1.1.1 remote-as 1 address-family ipv4 unicast neighbor 1.1.1.1 update-source Loopback0 ! maximum-paths 8 neighbor 192.1.1.2 ! remote-as 400 address-family ipv4 address-family ipv4 unicast neighbor 1.1.1.1 activate route-policy filter-in in maximum-paths 8 route-policy filter-out out no auto-summary ! no synchronization ! exit-address-family !
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 IOS-XR RPL Big Picture
. Programming Language . Used to filter routing information Remove routes Change attributes . Common tool for XR applications BGP policy and show commands IGPs . Replaces route maps (and more!) . Scalable – fewer CLI lines, improved clarity
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 RPL Concept Map
Control Flow Sets Using RPL
if, then, else Named vs. Inline Attach Points Boolean Types BGP
Order of Ops AS Path Process
Compound Prefix Neighbor Hierarchy Community VPN Show CMDs Parameters Extended Com VPN RD IGP Actions Default Pass Redistribution Drop Set Show Commands
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Basic Flow Control
. Basic Conditional Statement if as-path in as-path-set-1 then drop endif
. Branching Options
if med eq 150 then set local-preference 10 elseif med eq 200 then set local-preference 60 else set local-preference 0 endif
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 RPL Attach Points
. Attach points connect policies to things that use them BGP neighbor policy IGP redistribution Show commands Many others
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 MPLS Big Picture
. Functionality Similar to IOS No TDP Traffic Engineering supported (not covered) . L3 VPN support since release 3.3 . L2 VPN support since release 3.4
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 . Basic Configuration
mpls ldp router-id 6.6.6.6 ! interface GigabitEthernet0/4/0/0 interface GigabitEthernet0/4/0/1 interface GigabitEthernet0/4/0/2 interface GigabitEthernet0/4/0/3
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 vrf
address-family ipv4 unicast redistribute connected
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63 Reusable template for VPN l2vpn type (MPLS or L2TPv3) pw-class [class-name] encapsulation mpls protocol ldp Tunnel Parameters
xconnect group [group-name] p2p [circuit-name] interface GigabitEthernet0/1/0/0 neighbor 12.12.12.12 pw-id 100 pw-class [class-name] interface GigabitEthernet0/1/0/0 l2transport Put interface into L2VPN mode
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64 Carrier Grade v6 (CGv6)
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65 What Is CGv6?
. Solutions that enable IPv4 to IPv6 Transition . Offers set of functions that can be deployed as needed to achieve: IPv4 Preservation – continue to use existing legacy IPv4 assets, infrastructure, back-end ops, etc. as needed in the post-IPv4 run-out world Incremental IPv6 Transition – select network elements supporting and enabling IPv6 connectivity . Advantages are: Post run-out business continuity Low-risk, minimal cost transition to IPv6
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66 Enterprise NAT Carrier Grade NAT (CGN) . Positioned for Enterprise . Positioned for Service Providers . Emphasis on ALGs . Emphasis on Scale, Performance, Throughput . Expensive logging using Syslog . Lightweight logging using Netflow v9 . Legacy Enterprise NAT ‘unfriendly’ . OTT Applications just work (e.g. Applications (e.g. SunRPC, YouTube, Skype, Bitorrent, etc) as NetBIOS, etc.) per NAT CPE . Limited Scale + Performance . Massive Scale + Performance . (e.g. few Thousand conn/sec rate) . (e.g. 1 Million conns/sec rate, 20 Million concurrent connections) . High CAPEX / OPEX per subscriber . Low CAPEX / OPEX per subscriber . Expensive to scale . Designed to scale
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67 CGv6 NAT44 Feature Set
. SP-Class . 1 + 1 Warm Standby Performance/Scale 20M Translations . TCP/UDP Timers 1M connection setups/sec . Active FTP ALG 10G full-duplex performance . Hairpinning . NAT Behavior Compliance RFC4787, RFC5382, . Static Port Forwarding RFC5508 . Port Limit per private IP . CGN Bypass source address . Endpoint Independent Mapping . Multi-core Load Sharing (VRF ID, SA) in Private . Netflow v9 Logging without Public performance impact (DA) in Private Public
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68 Conclusion
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72 . IOS XR is designed to meet the stringent requirements of network operators • A high level of scalability • Distributed forwarding architecture • Exceptionally high reliability and resiliency • Service separation and flexibility • Robust security • Hierarchical configuration and robust configuration management • Better manageability
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73 Complete Your Session Evaluation
. Please give us your feedback!! Complete the evaluation form you were given when you entered the room . This is session 5.4
Don’t forget to complete the overall event evaluation form included in your registration kit
YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS
BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74 BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75