IOS-XR Cisco Next Generation Router OS Architecture

Home , Cisco IOS, Cisco IOS XR, Monolithic Kernel

Lim Fung, CTG Technical Marketing [email protected] ID 20PT Router OS Evolution

Control Plane Applications Control Plane Data Plane Management Plane

Control Plane Data Plane Management Plane

Forwarding Plane Applications

Control Plane Data Plane Management Plane

SSH

Network Stack

SSH

L2 Drivers L2 ACL FIB QoS LPTS PFI Interface

BGB RIP ISIS OSPF Routing PIM IGMP RIB CLI SNMP XML NetFlow Alarm Per.fMgmt Host Service Host

System Forward Checkpoint DB Multicast IPC System DB Infrastructure Infrastructure Distributed Infrastructure

Scheduler Synch. Services IPC Mech Memory Mgmt

OS Scheduler

Management Plane Applications Plane Management InfrastructureHA

Kernel System Services

. Monolithic Kernel . Micro Kernel . Centralized Infrastructure . Distributed Infrastructure . Integrated Network stack . Independent Network stack . Centralized applications . Distributed applications

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 • Modular—Runtime SW upgrade/downgrade support • Distributed—scalable with multi chassis support • Platform Independent—POSIX compliant • Management Interface—Unified Data Model (XML) • High Availability—Hot Standby and Process Restart • Security—Control, Data and Management Plane • Logical Router—Router Partitioning (SDR)

BGP OSPF BGP RIP OSPF BGP OSPF EIGRP ISIS LDP VPN ISIS EIGRP ISIS

RIP VPN Telnet RIP VPN SSH Server SSH Telnet SSH Telnet Server Server LDP ACLs ACLs LDP ACLs

IPv4 Forwarding IPv4 Forwarding IPv4 Forwarding TCP/IP Drivers TCP/IP Drivers TCP/IP Drivers

Timers Scheduler Timers Scheduler Timers Scheduler

Monolithic Kernel Microkernel IOS BSD based routers IOS XR

RP DRP LC

Manage- Manage- Security Security GMPLS Multi-cast Opt’l ability ability Opt’l Opt’l

GMPLS Multi-cast GMPLS Multi-cast Line Card

Forwarding RPL BGP RPL BGP Mand Base OSPF ISIS OSPF ISIS

Forwarding Forwarding OS Mand Mand Mand Base Base SC Admin OS Base OS Admin Mand

. Upgrade specific packages/Composites Across Entire system Useful once a feature is qualified and you want to roll it without lot of cmd Targeted Install to specific cards Useful while a feature is being qualified Reduces churn in the system to card boundary . Point Fix for software faults

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 . Ability to upgrade independently Multi- MPLS MPLS, Multicast, Routing protocols cast and Line Cards RPLRouting BGP . Ability to run different versions on Composite different nodes OSPF ISIS . Ability to release software packages async Manageability Security . Ability to have composites into ForwardingHost one manageable unit if desired Composite Base . Notion of optional packages if IOX Admin technology not desired on device OS (Multicast, MPLS) Line card

. Reliable DRP RP-A Management Multicast IPC Applications Local- (CLI/XML?SNMP) improves scale DRP Global and performance Local-Ra Global Consolidated System View . Distributed data

IP OSPF BGP ISIS IP OSPF BGP ISIS management Intf Intf model improves performance and Scale Reliable Multicast and Unicast IPC

. Single LCa Consolidated Local-LCa view of the system eases IP ARP ACL QOS maintenance Intf PPP VLAN

BGP BGP MPLS Multicast RESILLIENT IS-IS SYSTEM PROCESS DISTRIBUTION

RP1 RP2 RP3 RP4 RPn

. Routing protocols and signaling protocols can run in one or more (D)RP . Each (D)RP can have redundancy support with standby (D)RP . Out of resources handling for proactive planning

RP RP LC-CPU

IP IM VLAN PPP IM NetFlow Stack Drivers Global Int. Mgr. ARP HDLC NetFlow VLAN PPP ARP

CPU FIB Ingress FIB

Global Ingress Egress IDB & AIB CPU AIB & IDB FIB

Switching Fabric Switching Fabric Egress CPU CPU AIB & IDB

LC LC LC LC

Single Stage Forwarding Two Stage Forwarding . Single global Adjacency Information . Each line card has independent AIB only Base (AIB) distributed to all line cards for local interfaces . Single global Interface Management . Each line card has independent Interface DB distributed to all line cards DB for local interfaces . Only Ingress FIB – forces forwarding . Both Ingress and Egress FIB – allows features to be run in RP forwarding features to be independently run in LCs

NSR (GR), ISSU

Non-Stop Forwarding

Separate Control and Data Planes

RP/DRP Redundancy Active/Standby Failover

Process Restartability: Active State Check pointing

All subsystems: Separate Address Spaces memory faults affect only 1 process, recovery = restart process

Process File System . TRUE Microkernel Manager (Mach, QNX) MMU with full protection Applications, drivers, and FAULT protocols are protected ApplicationFAULT Driver

. Monolithic Kernel (BSD/Linux, NT) ApplicationFAULT Application MMU with partial protection Applications are protected Kernel File System Network FAULTDriver

. Changing software with no impact to transit traffic . What customers expect Maintenance release upgrades without impact Major release upgrades to/from any version without any impact . What we have today Some SMUs with limited scope will “ISSU” on same RP Other upgrades may require node or chassis reset Major releases Maintenance releases Complex SMUs

. Reduces forwarding disruption during software upgrade . Forwarding hardware keeps forwarding while software resets . RP spoofs packets normally generated by LC CPU FR LMI ATM OAM PPP HDLC

. Each process has a virtual memory space Kernel/MMU maps virtual address to physical address (at page level) Threads share the memory space . One process cannot corrupt another’s memory Process can only access virtual space In IOS – all processes shared same virtual space 0x000000

. Communication between processes via controlled APIs 0x100000 . Limited use of shared memory 0x200000 0x300000

0x400000 1 0x00000 0x500000 OSPF 2 0x10000 3 0x20000 0x600000 0x700000

0x800000

0x900000

0xa00000

Sleeping . Default priority is 10 Waiting . Higher priority processes can interrupt In IOS, must wait for running process to finish . FIFO within same priority . Threads run while parent process is running 10 50 50 . CRS/16 and DRP have two CPUs 16 50 62 10 50 10 Running 50 50 Ready 16 50 62 10 10 10 16 50 16 10 16 16 62

62 50 50 50 16 16 10 10 10

Application1 Transit Traffic Received Traffic on RP Application1 LPTS on RP Forwarding Internal Information FIB (IFIB) Base (FIB)

Bad packets Local Stack

on LC

. LPTS enables applications to reside on any or all RPs, DRPs, or LCs Active/Standby, Distributed Applications, Local processing . IFIB forwarding is based on matching control plane flows Built in dynamic “firewall” for control plane traffic . LPTS is transparent and automatic BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Local Packet Transport Service LPTS Overview . There is no longer a single RP . IOS XR is a fully distributed operating system with applications running in multiple physical locations . LPTS enables distributed applications to reside on any or all RPs, DRPs, or LCs . Filters and polices (in hardware) local ‘receive’ packets and sends them only to the nodes that need them . Packet rate correlates with trust . Handles fragments, also checks TTL/hop count . High Availability for NSR (Non-Stop Routing)

. LPTS is an automatic, built in “firewall” for control plane traffic. Router bgp . Every Control and Management packet from neighbor 202.4.48.99 the line card is rate limited in hardware to …ttl_security ! protect RP and LC CPU from attacks mpls ldp … ! LC 1 IFIB TCAM HW Entries

Local port Remote port Rate Priority

Any ICMP ANY ANY 1000 low

any 179 any any 100 medium

Socket LPTS LPTS any 179 202.4.48.99 any 1000 medium ttl BGP 202.4.48.1 179 202.4.48.99 2223 10000 medium 255

200.200.0.2 13232 200.200.0.1 646 100 medium

LDP

SSH LC 2 IFIB TCAM HW Entries …

SDR Exec – Normal operations - monitoring routing and CEF

RP/0/RP0/CPU0:router# show ipv4 interfaces brief show running-config show install active show cef summary location 0/5/CPU0

SDR Config – Configuration for L3 Node

RP/0/RP0/CPU0:router(config)# router bgp 100 taskgroup admins policy-map foo mpls ldp ipv4 access-list block-junk

Admin – Chassis operations, outside of SDRs

RP/0/RP0/CPU0:router(admin)# show controllers fabric plane all (CRS) config-register 0x0 show controllers fabric clock (12K) install add (also in SDR)

Admin Config

RP/0/RP0/CPU0:router(admin-config)# sdr backbone location 0/5/* pairing reflector location 0/3/* 0/4/*

POWER [RACK]/SM0/SP POWER SUPPLIES SUPPLIES interface gig [RACK/SLOT/BAY/PORT] CRS-1 AIR OUT CABLE MGMT FAN TRAY [RACK]/0/CPU0 F A FAN [RACK]/0/SM0 B PLIM PLIM [RACK]/RP1/CPU0 MSC MSC CTRL R I C CABLE MGMT CABLE MGMT RP/0/RP0/CPU0:CRS#show platform F Thu Nov 3 08:41:20.462 DST Node Type PLIM State Config State A R R ------B PLIM P P PLIM 0/0/CPU0 MSC Jacket Card IOS XR RUN PWR,NSHUT,MON MSC MSC 0/0/0 MSC(SPA) 8X1GE OK PWR,NSHUT,MON R 0/1/CPU0 MSC-140G 14-10GbE IOS XR RUN PWR,NSHUT,MON I 0/3/CPU0 MSC 4OC192-POS/DPT IOS XR RUN PWR,NSHUT,MON 0/RP0/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON C AIR 0/RP1/CPU0 RP(Standby) N/A IOS XR RUN PWR,NSHUT,MON FAN TRAY INTAKE

hostname Backbone-CRS Active Configuration line default exec-timeout 1440 0 Before Commit ! taskgroup ops task read boot task write boot task execute bgp ! router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 7.7.7.77/32 7.1.9.1

hostname Backbone-CRS line default Enter Proposed Changes Active Configuration exec-timeout 1440 0 After Commit ! Interface gig 0/3/0/0 ipv4 address 9.9.9.9/24 ! interface gig 0/3/0/0 taskgroup ops ipv4 address 9.9.9.9/24 task read boot task write boot task execute bgp Commit ! router ospf 100 router ospf 100 area 0 area 0 interface gig 0/3/0/0 Changes take effect interface gig 0/3/0/0 area 1 area 1 interface pos 0/4/0/0 interface pos 0/4/0/0 ! router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 Target Configuration 7.7.7.77/32 7.1.9.1

RP/0/RP0/CPU0:CRS#show running-config Building configuration... !! Last configuration change at 12:17:03 UTC Wed Jun 28 2006 by ww ! hostname CRS line default exec-timeout 1440 0 …

RP/0/RP0/CPU0:CRS#show config commit list SNo. Label/ID User Line Client Time Stamp ~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~ 1 1000000296 ww con0_RP0_C CLI 12:17:03 UTC Wed Jun 28 2006 2 1000000295 ww con0_RP0_C CLI 12:16:47 UTC Wed Jun 28 2006 3 1000000294 ww vty0 CLI 12:09:03 UTC Wed Jun 28 2006 4 1000000293 admin vty0 CLI 06:47:51 UTC Wed Jun 28 2006 5 1000000292 admin vty0 CLI 06:47:18 UTC Wed Jun 28 2006

RP/0/RP0/CPU0:CRS#show config commit changes last 5 Building configuration... hostname CRS policy-map edge class prec_5 bandwidth remaining percent 50

RP/0/RP0/CPU0:CRS#show config sessions Session Line User Date Lock 00000201-0014e0da-00000000 vty0 ww Wed Jun 28 12:58:14 2006 *

Read Write Execute Debug aaa aaa aaa aaa acl acl acl acl admin admin admin admin atm atm atm atm basic-services basic-services basic-services basic-services bcdl bcdl bcdl bcdl bfd bfd bfd bfd bgp bgp bgp bgp taskgroup basic-admin usergroup noc-staff task read acl taskgroup operator task read bfd taskgroup basic-admin task read bgp inherit usergroup all-users task write acl ! task write bfd usergroup allusers task write bgp taskgroup basic-stuff task debug bgp

Mini?

PIE? Package? SMU?

MPLS Multicast Security Manageability IPSec, Encryption, ORB, XML, MPLS, UCP PIM, MFIB, IGMP Decryption Alarms management

Routing: RIB, BGP, ISIS, OSPF, RPL

Forwarding Line Card Platform independent Platform Dependent FIB, ARP, QoS, ACL, etc LC ucode & drivers

Base Admin Interface manager, Resource Management: System database, checkpoint services Rack, Fabric, LR management Configuration management, etc.

OS: Kernel, file system, memory management, and other slow changing core

. PIEs are a delivery mechanism for packages Used to deliver Major release – New functionality (4.0, 4.1, 4.2) Maintenance release – SW fixes (4.0.1, 4.0.2, 4.1.1) SMU – Fix for a specific bug . Includes authentication info . Installed from admin or SDR exec mode (self study students check speaker notes) . .vm files are the other delivery mechanism .vm files are bootable images Used as the Initial Install for GSR migration

. Composite image with mandatory packages . Two types - .vm and .pie (both approx 80MB) . Multiple uses Quickly run an image without installing it (.vm) Initial install of IOS XR software (.vm) Recovery if system is corrupted (.vm) Major/Maintenance upgrade (.pie)

. Example from CCO – ASR9K-iosxr-4.1.1.tar . Which includes Unicast Routing Composite PIE (aka mini) Routing, LC, Forwarding, Admin, Base, MBI (min boot image) Optional PIEs Manageability MPLS Multicast Security

BRKSPM -2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Software Release Delivery RP/0/RSP0/CPU0:PE1(admin)#show install active Thu Nov 3 13:40:45.771 UTC Secure Domain Router: Owner

Node 0/RSP0/CPU0 [RP] [SDR: Owner] Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-4.1.1/mbiasr9k-rp.vm Active Packages: disk0:asr9k-mini-p-4.1.1 disk0:asr9k-k9sec-p-4.1.1 disk0:asr9k-mpls-p-4.1.1 disk0:asr9k-mgbl-p-4.1.1 disk0:asr9k-mcast-p-4.1.1

Node 0/0/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-4.1.1/lc/mbiasr9k-lc.vm Active Packages: disk0:asr9k-mini-p-4.1.1 disk0:asr9k-mpls-p-4.1.1 BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Software Maintenance Updates (SMU)

. SMU is named by (1) release and (2) Bug ID . Usually 50-200kb PIE file . Examples: hfr-rout-3.2.2.CSCei63263.pie hfr-base-3.2.2.CSCeh52427.pie

Step 1 Load “mini” .vm image into memory Boot from disk or network

Routing

Line card MEM DISK MEM DISK MEM DISK MEM DISK Forwarding RP0 RP1 DRP0 DRP1

Admin MEM MEM MEM MEM MEM MEM MEM MEM Base

OS-MBI Flash Flash Flash Flash Flash Flash Flash Flash LC0 LC1 LC2 LC3 LC4 LC5 LC6 LC7 Disk0, Disk1, or TFTP Server

Step 2 Step 3 Router installs packages to flash Reload from disk disks on RPs and flash on LCs

. PIE install used once system is operational . Packages can be added or upgraded . System performs sanity checks . Install from SDR Exec or Admin Mode Install from SDR impacts just that SDR . 3 phase install Add – Copy package and unpack Activate – Restart processes/nodes with new code Commit – Lock activated packages through reload

RP/0/0/CPU0:P4(admin)#install add tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I

Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation completes. RP/0/0/CPU0:P4(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 3: [ 0%] Install operation 'add /tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I to disk0:' assigned request id: 3 Install 3: [ 1%] Downloading PIE file from /tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I Install 3: [ 1%] Transferred 3298994 Bytes Install 3: [ 1%] Downloaded the package to the router Install 3: [ 1%] Verifying the package Install 3: [ 1%] [OK] Install 3: [ 1%] Verification of the package successful [OK] Install 3: [ 95%] Going ahead to install the package... Install 3: [ 95%] Add of '/tftp://172.21.116.8/c12k-mcast.pie-3.2.85.3I' completed. Install 3: [100%] Add successful. Install 3: [100%] The following package(s) and/or SMU(s) are now available to be activated: Install 3: [100%] disk0:c12k-mcast-3.2.85 Install 3: [100%] Please carefully follow the instructions in the release notes when activating any software Install 3: [100%] Idle timeout on this line will now be resumed for synchronous install operations

RP/0/0/CPU0:P4(admin)#install activate disk0:c12k-mcast-3.2.85 Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation... RP/0/0/CPU0:P4(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 3: [ 0%] Install operation 'activate disk0:c12k-mcast-3.2.85' assigned request id: 3 Install 3: [ 1%] Performing Inter-Package Card/Node/Scope Version Dependency Checks Install 3: [ 1%] [OK] Install 3: [ 1%] Checking API compatibility in software configurations... Install 3: [ 1%] [OK] Install 3: [ 10%] Updating software configurations. Install 3: [ 10%] RP,DRP: Install 3: [ 10%] Activating c12k-mcast-3.2.85 Install 3: [ 10%] Checking running configuration version compatibility with newly activated… Install 3: [ 10%] No incompatibilities found between the activated software and router… configuration. … RP/0/0/CPU0:Nov 12 14:24:01.249 : instdir[181]: %INSTMGR-6-SOFTWARE_CHANGE_END : Software change transaction 3 is COMPLETE. Install 3: [100%] Performing software change Install 3: [100%] Activation operation successful. Install 3: [100%] NOTE: The changes made to software configurations will not be Install 3: [100%] persistent across RP reloads. Use the command 'install commit' Install 3: [100%] to make changes persistent. Install 3: [100%] Idle timeout on this line will now be resumed for synchronous install operations

RP/0/0/CPU0:P5(admin)#install commit Install: The idle timeout on this line will be suspended for synchronous install operations Install 5: [ 1%] Install operation 'commit' assigned request id: 5 Install 5: [100%] Committing uncommitted changes in software configurations. Install 5: [100%] Commit operation successful. Install 5: [100%] Idle timeout on this line will now be resumed for synchronous operations

RP/0/0/CPU0:P5(admin)#install deactivate disk0:c12k-rp-mgbl-3.2.85 Install: The idle timeout on this line will be suspended for synchronous install operations Install: Starting install operation. Do not insert or remove cards until the operation completes. RP/0/0/CPU0:P5(admin)# Install: Now operating in asynchronous mode. Do not attempt subsequent install operations until this operation is complete. Install 8: [ 0%] Install operation 'deactivate disk0:c12k-mgbl-3.2.85' assigned request id: 8 Install 8: [ 1%] Package 'disk0:c12k-mgbl-3.2.85' is not active and cannot be deactivated. Install 8: [ 1%] Idle timeout on this line will now be resumed for synchronous install operations

Package features no longer available Package still installed Package can be reactivated

. Enable by assigning interfaces to areas . All configuration under router ospf

router ospf 100

area 0 area 1

interface gig 0/4/0/0 interface gig 0/3/0/0

interface gig 0/5/0/4 interface gig 0/3/0/1

interface gig 0/5/0/5 passive enable

interface gig 0/3/0/2

cost 40

router ospfv3 32 area 0 interface GigabitEthernet0/5/0/0 ! interface GigabitEthernet0/5/0/1 cost 30 ! ! area 1 interface GigabitEthernet0/5/0/2 cost 40 passive ! router ospf 101 area 0 interface GigabitEthernet0/5/0/0 ! interface GigabitEthernet0/5/0/1 ! interface GigabitEthernet0/5/0/2

. Enable by assigning interfaces to ISIS . All configuration under router isis

router isis

net 49.0001.0000.0000.000c.00

interface gig 0/4/0/0

address-family ipv4 unicast

interface gig 0/4/0/1

address-family ipv4 unicast

router isis 7 net 49.0001.0000.0000.000c.00 interface Loopback0 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/1 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/2 address-family ipv4 unicast ! ! interface GigabitEthernet0/4/0/3 address-family ipv4 unicast

. Enable by assigning interfaces to EIGRP . All configuration under router eigrp

router eigrp

address-family ipv4

interface GigabitEthernet0/4/0/0

interface mgmtEth 0/7/CPU0/0

passive-interface

router eigrp 7 address-family ipv4 interface MgmtEth0/7/CPU0/0 passive-interface ! interface GigabitEthernet0/4/0/0 ! interface GigabitEthernet0/4/0/1 ! interface GigabitEthernet0/4/0/2 ! interface GigabitEthernet0/4/0/3 ! !

router static address-family ipv4 unicast 0.0.0.0/0 7.1.9.1 7.7.7.77/32 7.1.9.1 8.8.8.1/32 GigabitEthernet0/5/0/1.101 8.8.8.1/32 GigabitEthernet0/5/0/1.102 8.8.8.2/32 5.1.1.2 8.8.8.2/32 5.2.1.2 ! router static address-family ipv6 unicast …

. Address Families Configure separately Must be initialized . Neighbor Based Configuration . Configuration Templates Neighbor Group Session Group Address Family Group . Distributed BGP . (Route Policy Language)

. Most configuration is address family specific . Must be initialized under bgp global configuration router bgp 600 address-family ipv4 unicast . Additional configuration under neighbor AF mode router bgp 600 neighbor 5.5.5.5 address-family ipv4 unicast route-policy filter_peers in . Examples of address families supported in 4.1.0 IPv4 unicast/multicast/mvpn IPv6 unicast/multicast/mvpn L2 VPN VPNv4 unicast VPNv6 unicast

. Assign BGP AS Number . Initialize an address family . Create a neighbor . Assign a remote AS . Enable an address family within the neighbor . Apply filters in and out on EBGP links router bgp 100 address-family ipv4 unicast ! neighbor 1.1.1.1 remote-as 200 address-family ipv4 unicast route-policy filter-in in route-policy filter-out out

IOS BGP Configuration IOS XR BGP Configuration

router bgp 1 RP/0/1/CPU0:IOS XR#sh run router bgp no bgp default ipv4-unicast router bgp 300 bgp log-neighbor-changes bgp router-id 2.2.2.2 neighbor 1.1.1.1 remote-as 1 address-family ipv4 unicast neighbor 1.1.1.1 update-source Loopback0 ! maximum-paths 8 neighbor 192.1.1.2 ! remote-as 400 address-family ipv4 address-family ipv4 unicast neighbor 1.1.1.1 activate route-policy filter-in in maximum-paths 8 route-policy filter-out out no auto-summary ! no synchronization ! exit-address-family !

. Programming Language . Used to filter routing information Remove routes Change attributes . Common tool for XR applications BGP policy and show commands IGPs . Replaces route maps (and more!) . Scalable – fewer CLI lines, improved clarity

Control Flow Sets Using RPL

if, then, else Named vs. Inline Attach Points Boolean Types BGP

Order of Ops AS Path Process

Compound Prefix Neighbor Hierarchy Community VPN Show CMDs Parameters Extended Com VPN RD IGP Actions Default Pass Redistribution Drop Set Show Commands

. Basic Conditional Statement if as-path in as-path-set-1 then drop endif

. Branching Options

if med eq 150 then set local-preference 10 elseif med eq 200 then set local-preference 60 else set local-preference 0 endif

. Attach points connect policies to things that use them BGP neighbor policy IGP redistribution Show commands Many others

. Functionality Similar to IOS No TDP Traffic Engineering supported (not covered) . L3 VPN support since release 3.3 . L2 VPN support since release 3.4

mpls ldp router-id 6.6.6.6 ! interface GigabitEthernet0/4/0/0 interface GigabitEthernet0/4/0/1 interface GigabitEthernet0/4/0/2 interface GigabitEthernet0/4/0/3

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62 vrf Create VRF address-family ipv4 unicast import route-target export route-target import route-policy Attach to interface export route-policy interface Initialize address vrf family ipv4 address (note: must remove old address) router bgp address-family vpnv4 unicast neighbor address-family vpnv4 unicast Advertise Local Route vrf rd

address-family ipv4 unicast redistribute connected

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63 Reusable template for VPN l2vpn type (MPLS or L2TPv3) pw-class [class-name] encapsulation mpls protocol ldp Tunnel Parameters

xconnect group [group-name] p2p [circuit-name] interface GigabitEthernet0/1/0/0 neighbor 12.12.12.12 pw-id 100 pw-class [class-name] interface GigabitEthernet0/1/0/0 l2transport Put interface into L2VPN mode

. Solutions that enable IPv4 to IPv6 Transition . Offers set of functions that can be deployed as needed to achieve: IPv4 Preservation – continue to use existing legacy IPv4 assets, infrastructure, back-end ops, etc. as needed in the post-IPv4 run-out world Incremental IPv6 Transition – select network elements supporting and enabling IPv6 connectivity . Advantages are: Post run-out business continuity Low-risk, minimal cost transition to IPv6

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66 Enterprise NAT Carrier Grade NAT (CGN) . Positioned for Enterprise . Positioned for Service Providers . Emphasis on ALGs . Emphasis on Scale, Performance, Throughput . Expensive logging using Syslog . Lightweight logging using Netflow v9 . Legacy Enterprise NAT ‘unfriendly’ . OTT Applications just work (e.g. Applications (e.g. SunRPC, YouTube, Skype, Bitorrent, etc) as NetBIOS, etc.) per NAT CPE . Limited Scale + Performance . Massive Scale + Performance . (e.g. few Thousand conn/sec rate) . (e.g. 1 Million conns/sec rate, 20 Million concurrent connections) . High CAPEX / OPEX per subscriber . Low CAPEX / OPEX per subscriber . Expensive to scale . Designed to scale

. SP-Class . 1 + 1 Warm Standby Performance/Scale 20M Translations . TCP/UDP Timers 1M connection setups/sec . Active FTP ALG 10G full-duplex performance . Hairpinning . NAT Behavior Compliance RFC4787, RFC5382, . Static Port Forwarding RFC5508 . Port Limit per private IP . CGN Bypass source address . Endpoint Independent Mapping . Multi-core Load Sharing (VRF ID, SA) in Private  . Netflow v9 Logging without Public performance impact (DA) in Private  Public

BRKSPM-2604_c1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72 . IOS XR is designed to meet the stringent requirements of network operators • A high level of scalability • Distributed forwarding architecture • Exceptionally high reliability and resiliency • Service separation and flexibility • Robust security • Hierarchical configuration and robust configuration management • Better manageability

. Please give us your feedback!! Complete the evaluation form you were given when you entered the room . This is session 5.4

Don’t forget to complete the overall event evaluation form included in your registration kit

YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS