sros 9.0 lab guide

All Rights Reserved © 2011, Alcatel-Lucent


7750 Service Router7750SR Services Implementation

Course v1

TRAINING MANUAL

3FL30710AAAAZZZZEdition 1

Lab Guide

SROS 9.0

Copyright © 2011 by Alcatel-Lucent - All rights reservedPassing on and copying of this document, use and

communication of its contents not permitted without written authorization from Alcatel-Lucent


All Rights Reserved © Alcatel-Lucent 2011

2

Empty Page



3

Table of Contents

� Switch to notes view!Lab Exercises

1. Basic Configuration

2. System and Network Configuration

3. IGP Configuration

4. MPLS Configuration

5. Services Configuration

6. ePipe Configuration

7. VPLS Configuration

8. IES Configuration

9. VPRN Configuration

10. Basic QoS Configuration



4

Empty Page



Module 1Basic Configuration

Lab Exercises



6

Objectives

� Upon successful completion of this module, the student will be familiar with CLI navigation and be able to perform the following operations:� Log in to the system

� Change the system time and date

� Change the system name

� Manipulate the BOF

� Saving the configuration

� Operate the File system

� Activate the IOMs, MDAs, and ports



7

Switch to notes view!Introduction

Lab Instruction Format

Note: The following information explains the format used for the labs and is for information

purposes only.

The CLI system prompt is shown in bolded text followed by # or $, for example:

Node#

or

Node>config>system>security#

The CLI command string is shown in unbolded text.

Node# show time ↵

The ↵ symbol indicates that the Enter key should be pressed.

As shown above, system commands such configure, show, security, etc. are shown as unbolded. These commands can be typed in or partially typed in and completed by pressing the Tab, Space or Enter key. Text that must be manually entered is shown delimited by the < and > symbols.

Node# admin set-time <YYYY/MM/DD hh:mm> ↵

This indicates that the year, month, day, and time must be entered manually.

Note: Network nodes store the BOF and configuration files on Compact Flash 3 (CF3). Simulators

store the BOF file on the floppy drive (CF1); configuration files can be stored on CF1 or the hard

drive (CF2), if so equipped.

Try the help commands ( ? ) and auto-completion commands as much as possible. This will greatly improve your CLI configuration skills and understandings.



8

Switch to notes view!Log In to Your Node

1. Fill in the IP addresses of the management Ethernet ports and the port numbers of the network ports for each PE in the network diagram drawing at the end of the module. Make sure these Management IP-addresses, provided by the instructor, match the respective Node. You can ping the address from you workstation and verify the activity on the management Ethernet port that was assigned to you.

2. Check the wiring on the hardware to find the network port numbers.

3. Telnet from your workstation to your assigned Node using the management Ethernet port IP address configured in the BOF.

Note: By default, Telnet is disabled. This means that the attempt to connect to the PE using Telnet

will fail. Use SSH to connect to your PE. The username and password is “admin”.

4. Verify your SSH connection. Can you see your connection? Does the Remote address match your workstation’s IP-address?

Node# show system security ssh ↵Node# show system connections ↵

5. After the SSH connection is established, enable the Telnet-server and retry Step 2. The Telnet connection should now be allowed.

Node# configure ↵Node>config# system ↵Node>config>system# security ↵Node>config>system>security# telnet-server ↵

6. Verify your configuration.

Node>config>system>security# info ↵

Note: The “info” command shows the most important, often non-default, settings within a

configuration context. The “info detail” command shows ALL settings, including the default,

within a configuration context.

7. Verify your Telnet connection (see step 4). What has changed in the Connections-list?



9

Switch to notes view!Set the Login Settings

1. Disable the login idle timeout (default 30 minutes).

Node# configure system login-control idle-timeout 5 ↵<minutes> : [1..1440]

<disable> : keyword

2. Set the number of incoming telnet sessions to the maximum.

Node# configure system login-control telnet inbound-max-s essions 7 ↵

Set the System Time and Date

1. Set the time and date to the local time and date. Verify your configuration.

Node# admin set-time <YYYY/MM/DD hh:mm> ↵Node# show time ↵

Change the System Name

1. Change the system name to PE<x> (<x> = your PE number).

Node# configure system name PE<x> ↵

Note: After you have successfully changed the system name the CLI system prompt will now display

the new system name.

PEx#



10

Switch to notes view!Save the BOF and Configuration File

Note: When a 7750 SR boots up, it will execute the bootloader (boot.ldr) on the Compact Flash card

CF3 (CF1 for a simulator), then load the BOF (bof.cfg), also on CF3 (CF1 for a simulator), which

indicates where to find the image (.tim files) and configuration files (.cfg files), installs the

management Ethernet and serial console port (default value 115200) and (de)activates

persistence, used for the SAM application.

1. View the BOF and verify the configuration and image files and their location on the flash cards using the file structure. What is the image file used, and where is it stored?

PEx# show bof ↵PEx# file ↵PEx>file cf3: \# dir ↵

2. Create your personal directory that will contain your configuration file.

PEx>file cf3: \# md <your_directory> ↵

3. Change the configuration file in the BOF to a filename of your choice in the directory created in step 2.

PEx# bof ↵PEx>bof# primary-config cf3:\<your_directory>\<your_filename> .cfg ↵



11

Switch to notes view!Activate the IOMs, MDAs and MDA ports

1. Verify the state of the IOMs. How many IOMs are provisioned?

PEx# show card ↵

Note: The “show card detail” command provides more detail information and includes detail

information on the flash cards as well.

2. Provision the IOMs and verify the new state as shown in step 1. What is the state now?

PEx# configure card <1> ↵PEx>config>card# card-type <equipped card-type> ↵

3. Verify the state of the MDAs. How many MDAs are provisioned?

PEx>config>card# show mda ↵

4. Provision the MDAs and verify the new state as shown in step 1. What is the state now?

PEx>config>card# mda <1> ↵PEx>config>card>mda# mda-type <equipped mda-type> ↵

5. Verify the state of the ports. What is their state?

PEx# show port ↵

6. Enable the ports.

PEx# configure port <X/X/X> no shutdown ↵

Note: you can enable each port one by one, or use a range command to enable a series of ports.

PEx# configure port <X/X/[Y..Z]> no shutdown ↵

Note: The brackets denoting the range of ports. Auto-completion does not work after closing the

bracket.

7. Verify that all the ports shown in the network diagram are Administratively and Operationally UP and are configured as network ports (mode) (see step 5). What is their MTU size?



12

1.1.1.1/32

PE 1

2.2.2.2/32

PE 2

3.3.3.3/32

PE 3

4.4.4.4/32

PE 4

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32

Network Diagram

.1 .1

.1

.2.2

.2

.3.3

.3

.4 .4

.4



13

Empty Page



14

End of ModuleLab Exercises Basic Configuration



Module 2System And Network Configuration

Lab Exercises



16

Objectives

� Upon successful completion of this module, the student will be able to provision system physical and logical interfaces and be able to perform the following operations:� Configure the system and network interfaces

� Ping a neighbor

� Debug the ICMP and ARP messages



17

Switch to notes view!Configure the System Interface

Note: The system interface identifies each node within a network as a logical entity. It is a loopback

interface with no physical port assigned to it. This way, when a port should go down, the system

interface can still be available in the network.

1. Configure the System Interface (‘system’ is a fixed reserved name to identify the node in a network topology).

PEx# configure router ↵PEx>config>router# interface system ↵PEx>config>router>if# address <X.X.X.X>/32 ↵

Note: <X.X.X.X> = your assigned PE number as shown on the lab diagram.

2. Verify the state of the configured system interface. Make sure that the interface is administratively and operationally UP.

PEx# show router interface ↵

Configure the Network Interfaces

1. Configure the network interfaces as shown in the lab diagram.

PEx# configure router ↵PEx>config>router# interface <topex> ↵

Note: Use a name that will easily identify the interface, for example <topex> where x is the PE

number of the neighboring router.

PEx>config>router>if# address <X.X.X.X/X> ↵PEx>config>router>if# port <Y/Y/Y> ↵

Note: Use the IP-addresses and port numbers as shown on the lab diagram.

<X.X.X.X/X> = the IP-address and subnet mask of the interface.

<Y/Y/Y> = the port number of the interface.

2. Check the router interfaces, they should all be administratively and operationally UP.

PEx# show router interface ↵



18

Switch to notes view!Ping a neighbour

1. Verify the routing table that should now contain the locally attached networks, including the system interface’s IP-address. What is the preference and metric of the locally connected networks?

PEx# show router route-table ↵

Note: these local destinations were manually configured, no remote addresses are known at this

point.

2. Activate the debug-trace session for the ICMP and ARP packets.

PEx# configure log log-id 10 ↵PEx>config>log>log-id$ from debug-trace ↵PEx>config>log>log-id$ to session ↵PEx# debug router ip arp ↵Pex# debug router ip icmp ↵

Clear and view the ARP cache.

PEx# clear router arp all ↵PEx# show router arp ↵

4. Ping the network interfaces of the neighbouring routers. Is the ping successful if you change the source IP-address to your system address? If not, why not?

PEx# ping X.X.X.X ↵

Note: the ARP and ICMP messages are going in two directions and the router’s ARP cache will be

updated with a new entry.

5. Re-evaluate the ARP cache. What is the new entry? Where is this entry coming from, verify with your neighbour.

Note: these messages will only be displayed for the duration of this session. To deactivate the debug:

PEx# no debug ↵

Note: To see the MAC-address of a port:

PE<x># show port <X/X/X> detail ↵



19Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32



20

End of ModuleLab Exercises System And Network Configuration



Module 3IGP Configuration

Lab Exercises



22

Objectives

� Upon successful completion of this module, the student will be able to configure the static and dynamic interior routing protocols on a node and be able to perform the following operations:� Configure static and default routes

� Configure OSPF

� Configure IS-IS

� Influence metrics

� Enable route redistribution using route policies



23

Switch to notes view!Configure static and default routes

1. Configure a static route to the system interface of your clockwise neighbor.

PEx# configure router static-route <X.X.X.X>/32 next-hop <Y.Y.Y.Y>

Note: <X.X.X.X> = the system IP address of your clockwise neighbor

<Y.Y.Y.Y> = the IP-address of this neighbor’s network interface on the connecting link.

2. View the routing table. Which routes are added and what is different compared to the local attached destinations?

Note: a static route will only be active in the routing table if its next-hop is valid.

3. Ping the system address of your neighbor with the source IP-address of your network interface on the connecting link. Why is it necessary to change the source IP-address?

4. Remove the static route configured in Step 1 and configure a default route to your clockwise neighbor.

PEx# configure router no static-route <X.X.X.X>/32 next- hop <Y.Y.Y.Y> ↵PEx# configure router static-route 0.0.0.0/0 next-hop Y. Y.Y.Y ↵

Note: <X.X.X.X> = the system IP address of your clockwise neighbor

<Y.Y.Y.Y> = the IP-address of the neighbor’s network interface on the connecting link.

5. When all the nodes have completed Step 4, ping the opposite router using his system interface IP-address. Will the ICMP reply use the same path as the ICMP request?

6. Perform a trace-route to an unused IP-address, for example 10.10.10.10. What is the result?

PEx# traceroute 10.10.10.10 ↵

7. Remove all remaining static and default routes.

PEx# configure router no static-route 0.0.0.0/0 next-hop <Y.Y.Y.Y> ↵



24

Switch to notes view!Configure OSPF

Note: In this course only single hierarchical topologies are used. Disable IS-IS when enabled.

1. Configure OSPF using area 0.0.0.0 as the backbone-area.

PEx# configure router ospf ↵PEx>config>router>ospf$ area 0.0.0.0 ↵

2. Configure OSPF on the system interface and all the network interfaces in the area 0.0.0.0.

PEx>config>router>ospf>area$ interface system ↵PEx>config>router>ospf>area>if$ back ↵PEx>config>router>ospf>area# interface <topex> ↵(PEx>config>router>ospf>area>if$ interface-type point-to-point ↵)

Note: It is common practice to configure the interfaces point-to-point rather than the default

broadcast to avoid the DR/BDR overhead.

PEx>config>router>ospf>area>if$ back ↵

Note: the last 2 (3) commands must be entered for all the network interfaces.

3. Verify your configuration.

PEx# show router ospf status ↵PEx# show router ospf area ↵PEx# show router ospf interface ↵

Note: There is one area and 4 interfaces, that can be DR (Designated Router) or BDR (Backup Designated Router) when configured as broadcast interfaces.

4. When all the nodes have finished Step 3, view the OSPF forwarding database. Make sure all the networks and system addresses are included and reachable, use Ping to verify. What is the preference and metric to reach the other Pes?

PEx# show router route-table protocol ospf ↵

5. View the OSPF adjacency database.

PEx# show router ospf neighbor ↵



25

Switch to notes view!6. View the OSPF link state database. What does this database represent?

PEx# show router ospf database ↵

7. Turn on simple authentication (password) with a matching authentication key (choose one to use with your neighbour).

PEx>config>router>ospf>area>if# authentication-type password ↵PEx>config>router>ospf>area>if# authentication-key <your_password> ↵

Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.

8. Debug the OSPF packets. Perform a shut/no shut on OSPF and evaluate the packets. What is the difference between Hello-packets with and without authentication.

PEx# debug router ospf packets ↵

9. Turn debug off.

PEx# no debug ↵



26

Switch to notes view!Configure ISIS

Note: In this course only single hierarchical topologies are used. Disable OSPF when enabled.

1. Configure IS-IS using area 49.0051.

PEx# configure router isis ↵PEx>config>router>isis# area-id 49.0051 ↵

2. Configure IS-IS on the system interface and all the network interfaces.

PEx>config>router>isis# interface system ↵PEx>config>router>isis>if# back ↵PEx>config>router>isis# interface <topex> ↵(PEx>config>router>isis>if$ interface-type point-to-point ↵)

Note: It is common practice to configure the interfaces point-to-point rather than the default

broadcast to avoid the DIS overhead.

PEx>config>router>isis>if# back ↵

Note: The last 2 (3) lines must be entered for all the network interfaces.

PEx>config>router>isis# reference-bandwidth 100000000 ↵

Note: With this command the reference bandwidth can be set and the metrics of the links will be

calculated: reference-bandwidth/bandwidth (In OSPF this is done by default).

3. Special case for IS-IS: In regular IS-IS SPF operation, “narrow metrics” are used, meaning the maximum metric value of any given link will be limited to 63, regardless of the result of calculation in relation to the reference bandwidth given above.

To overcome this restriction, “wide metrics” can be enabled, which is an additional attribute carried in the so called “traffic engineering TLVs (Type-Length-Value packet field formats).

Wide metric support necessitates the support for traffic engineering extensions on the IGP, which is an optionally enabled feature. Some other uses of traffic engineering is discussed further in the next MPLS section.

PEx>config>router>isis# traffic engineering ↵PEx>config>router>isis# level 1 wide-metrics-only ↵PEx>config>router>isis# level 2 wide-metrics-only ↵



27

Switch to notes view!4. Verify your configuration.

PEx# show router isis status ↵

Note: this command shows the area-ids this node belongs to. There can be up to 3 area-ids configured.

PEx# show router isis interface ↵

Note: There are 4 interfaces. The system interface has a metric of 0, all the links have a metric of 10 by default. A reference bandwidth can be configured (same as OSPF by default).

5. When all the nodes have finished step 3, view the ISIS forwarding database. Make sure all the networks and system addresses are included and reachable, use Ping to verify. What is the preference and metric to reach the other PEs?

PEx# show router route-table protocol isis ↵

6. View the Is-IS adjacency database.

PEx# show router isis adjacency ↵

7. View the IS-IS link state database.

PEx# show router isis database ↵

8. Turn on simple authentication (password) with a matching authentication key (choose one with your neighbour).

PEx>config>router>isis>if# hello-authentication-type password ↵PEx>config>router>isis>if# hello-authentication-key <your_password> ↵

Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.

9. Debug the IS-IS packets. Perform a shut/no shut on IS-IS and evaluate the packets. What is the difference between Hello-packets with and without authentication?

PEx# debug router isis packets ptop-hello detail ↵

10.Turn debug off.

PEx# no debug ↵



28

Metrics

1. Verify that the routing table contains all the destinations. What is the metric of the system interface of the opposite router? Trace the route to this IP-address. What path is taken?

2. Adjust the metric of the outgoing interface used by the path in Step 1 to 5000.

PEx# configure router ospf area 0 interface <topex> metri c 5000 ↵PEx# configure router isis interface <topex> level 1 metr ic 5000 ↵

3. Repeat Step 1. What has changed?

Note: When a router learns more then one route to a certain destination, the best route will be

selected. First the preference of the routing protocol the destination was learned on is compared

and the lowest preference is selected. Then, if this routing protocol still offers more then one

route to the destination, the route with the lowest metric will be selected and inserted into the

routing table. The administrator can influence this process by changing the preference and the

metrics as demonstrated in this lab exercise (metric). When a prefix has multiple routes with

equal preferences and metrics, only one is selected except when ECMP is activated.

4. Turn on ECMP up to 2 possible routes and evaluate the routing table once more. Are there routes occurring twice in the routing table now? How is this possible?

PEx# configure router ecmp 2 ↵

5. Set the metrics back to the default value and disable ECMP.

PEx# configure router ospf area 0 interface <topex> no me tric ↵PEx# configure router isis interface <topex> level 1 no m etric ↵PEx# configure router no ecmp ↵



29

Route Policies and Redistribution

1. Create a new interface <toce>, on your PE router as displayed below. This interface will be a loopback interface, meaning it is not attached to any physical ports, but merely a logical entity that is always up and running as long as the router itself is operational.

PEx# configure router interface toce ↵PEx>config>router>if$ address 192.168.<XX>.1/30 ↵

Note: <XX> = your PE number.

PEx>config>router>if$ loopback ↵

2. Check if this new IP address has been added to the route-table of your PE as a “Local” entry.

3. Ask your neighbors to ping this IP address. Also try to ping their newly created loopback interface IP addresses. Why doesn’t this work?

4. Create a policy on your PE that will accept the directly connected (sub)networks.

PEx# configure router ↵PEx>config>router# policy-options ↵PEx>config>router>policy-options# begin ↵PEx>config>router>policy-options# policy-statement <policy_name> ↵PEx>config>router>policy-options>policy-statement# default-action reject ↵PEx>config>router>policy-options>policy-statement# entry 10 ↵PEx>config>router>policy-options>policy-statement>entry# from protocol direct ↵PEx>config>router>policy-options>policy-statement>entry# action accept ↵PEx>config>router>policy-options>policy-statement>entry>action# back ↵PEx>config>router>policy-options>policy-statement>entry# back ↵PEx>config>router>policy-options>policy-statement># back ↵PEx>config>router>policy-options># commit ↵



30

5. Verify the policy.

PEx>show router policy ↵

Note: Until now, only a policy statement has been configured. It is not yet assigned to a routing

protocol and is therefore not used yet.

6. Apply the policy as an export policy to your IGP. This will redistribute the connected (sub)networkinto your IGP domain.

PEx>config>router>ospf># export <policy_name> ↵PEx>config>router>isis># export <policy_name> ↵

7. In the case of OSPF, the PE router needs to be marked as an ASBR (Autonomous System Boundary Router) in order to get redistribution to work. This is not required for IS-IS.

PEx>config>router>ospf># asbr ↵

8. When all the nodes have finished step 6, verify the routing table. You should have 4 new entries: the added local directly connected (sub)network and the others learned remotely over your IGP.

9. Repeat step 3. Are the pings successful now?



31Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32



32

End of ModuleLab Exercises IGP Configuration



Module 4MPLS Configuration

Lab Exercises



34

Objectives

� Upon successful completion of this module, the student will be able to configure:� Static LSP’s

� LDP

� RSVP-TE with bandwidth constraints

� MPLS Fast Reroute



35

Switch to notes view!Configure static LSP’s

Note: In this lab exercise, you will create a static LSP from your router to the router opposite you (see lab network diagram).

2 Verify the label range for static labels. What labels can be uses for static LSPs?

PEx# show router mpls label-range ↵

3 Verify the available labels, the ones in use (should not be any for the moment) cannot be used for this lab exercise.

PEx# show router mpls label 32 131071 in-use ↵Note: for now, no labels have been used.

4 Configure a static LSP to your opposite router.

PEx>config>router>mpls># static-lsp <static_lsp_name> ↵PEx>config>router>mpls>static-lsp# to <Y.Y.Y.Y> ↵

Note: Y = your opposite PE number.

PEx>config>router>mpls>static-lsp# push <XY1> nexthop <Z.Z.Z.Z> ↵Note: X = your PE number.

Y = your opposite PE number.

Z = the IP-address of the connected interface of your clockwise neighbour.

PEx>config>router>mpls>static-lsp# no shutdown ↵



36

Switch to notes view!5. Configure the swap action for the transit LSP, originating from your counter-clockwise router and terminating on your clockwise router.

PEx>config>router>mpls# interface <topex> ↵PEx>config>router>mpls>if# label-map <XY1> ↵PEx>config>router>mpls>if>label-map# swap <XY2> next-hop <10.Z.1.Z> ↵

PEx>config>router>mpls>if>label-map# no shutdown ↵

Note: <topex> = your interface to your counter clockwise PE neighbour.

X = your counter clockwise PE number.

y = your clockwise PE number.

Z = the IP-address of the connected interface of your clockwise neighbour.

6. Configure the pop action for the terminating LSP, originating from your opposite router and terminating on your router.

PEx>config>router>mpls# interface <topex> ↵PEx>config>router>mpls>if# label-map <XY2> ↵

PEx>config>router>mpls>if>label-map# pop ↵PEx>config>router>mpls>if>label-map# no shutdown ↵

Note: <topex> = your interface to your counter clockwise PE neighbour.

X = your opposite PE number.

y = your PE number.

7. Repeat step 2 and 3, how many labels are being used now?

8. Verify the three static LSP’s on your router: the originating static LSP, the transiting static LSP and the terminating LSP.

PEx# show router mpls status ↵PEx# show router mpls static-lsp ↵

PEx# show router mpls static-lsp transit ↵PEx# show router mpls static-lsp terminate ↵



37

Switch to notes view!Configure LDP

1. Enable and provision LDP on all your network interfaces.

PEx# configure router ldp ↵PEx>config>router>ldp$ interface-parameters ↵PEx>config>router>ldp>if-params$ interface <topex> ↵PEx>config>router>ldp>if-params>if$ back ↵

Note: repeat the last 2 commands for all the network interfaces.

PEx>config>router>ldp# no shutdown ↵

Note: when LDP is enabled, by default targeted LDP is also enabled. This will be used later on by the service and can be disabled at this point, but this is not necessary. It must be reactivated later

when Layer 2 VPN’s are configured.

2. Verify the state of the LDP parameters. How many sessions are active? What is the label distribution, the label retention and control mode? Are the interfaces up?

PEx# show router ldp status ↵PEx# show router ldp discovery ↵PEx# show router ldp session ↵PEx# show router ldp parameters ↵PEx# show router ldp interface ↵

3. Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?

PEx# show router ldp bindings ↵

Note: By default LDP will signal labels for the system address of the PE. To have labels distributed

for directly connected networks, an export policy is needed (see Step 8).

4. Verify the Label Forwarding Information Base (LFIB). What label will your router use to send a packet to the system address (FEC) of your own router, your clockwise router, your opposite router and your counter clockwise router?

PEx# show router ldp bindings active ↵



38

Switch to notes view!5. Verify the LSP across the network.

PEx# oam lsp-ping prefix <X.X.X.X>/32 ↵PEx# oam lsp-trace prefix <X.X.X.X>/32 ↵

Note: <X.X.X.X> = the IP-address of the system interface of your opposite router.

6. Change the metric of the IGP interface on the diagonal link to your opposite router to 5000 and retry step 5. Why is the LSP trace different now?

7. Set the metric of the IGP back to it’s default value (no metric).

8. Export the directly connected networks into LDP with an export policy. Verify the LIB and LFIB.

Note: You can use the policy defined in the IGP Lab.

PEx>config>router>ldp# export <policy> ↵

9. Verify again the LIB and LFIB. Which additional entries do you see now in the databases?

PEx# show router ldp bindings ↵PEx# show router ldp bindings active ↵

10.Remove the export policy.

PEx>config>router>ldp# no export ↵



39

Switch to notes view!Configure RSVP-TE with Bandwidth Constraints

1. Enable traffic-engineering on your IGP.

PEx# configure router ospf traffic-engineering ↵PEx# configure router isis traffic-engineering ↵

2. Verify the status of traffic-engineering on your IGP. Where can you see that traffic-engineering is enabled?

PEx# show router ospf status ↵PEx# show router isis status ↵

3. If not previously configured, enable MPLS on your system and the network interfaces.

PEx# configure router mpls ↵PEx>config>router>mpls# interface <topex> ↵PEx>config>router>mpls>if# back ↵

Note: repeat the last two commands for all the network interfaces. The system interface is added by

default.

4. The previous step automatically enables RSVP on the interfaces. Verify.

PEx# show router mpls interface ↵PEx# show router rsvp interface ↵

5. Verify the capacity of your port facing your clockwise neighbour. What is the operational speed?

PEx# show port <X/X/X> ↵

Note: <X/X/X> = the port number facing your clockwise neighbour

6. Set the total maximum amount of reservable bandwidth by RSVP to 100% on the RSVP interface.Verify the available bandwidth.

PEx# configure router rsvp interface <topex> ↵PEx>config>router>rsvp>if# subscription 100 ↵Note: you can oversubscribe the interface up to 1000 percent.

PEx# show router rsvp interface <topex> detail ↵



40

7. Verify in the Traffic Engineering Database how the traffic engineering extensions of the IGP configured in step 1 flood the available bandwidth capacities of the link through the network.

PEx# show router ospf opaque-database detail ↵PEx# show router isis database level 1 detail ↵

8. Create a strict path to the other routers using the long way around the outer ring.

PEx# configure router mpls ↵PEx>config>router>mpls# path <p-topex> ↵PEx>config>router>mpls>path# hop <Y> <X.X.X.X> strict ↵PEx>config>router>mpls>path# no shutdown

Note: <Y> = increments per hop (e.g. 10,20,30,… or 1,2,3,… ).

Note: repeat the last command for every hop to form the p ath.

Note: repeat the last 2 commands for all the paths to the other PE’s.

9. Create a loose path.

PEx>config>router>mpls# path <p-loose> ↵PEx>config>router>mpls>path# no shutdown ↵

10.Verify your configured paths.

PEx# show router mpls path ↵

11. Configure an LSP to all the other PE’s in the network with the strict path as the primary and the loose path as the secondary. Enable CSPF and set the bandwidth for the primary path to 10% of the available bandwidth (see step 4).

PEx# configure router mpls ↵PEx>config>router>mpls# lsp <l-topex> ↵PEx>config>router>mpls>lsp# to <X.X.X.X> ↵Note: <X.X.X.X> = the IP-address of the system interface of the LSP’s tail PE.

PEx>config>router>mpls>lsp# cspf ↵PEx>config>router>mpls>lsp# primary <p-topex> ↵PEx>config>router>mpls>lsp>primary# bandwidth <10%_of_Total_BW> ↵PEx>config>router>mpls>lsp>primary# exit ↵PEx>config>router>mpls>lsp# secondary <p-loose> ↵PEx>config>router>mpls>lsp>secondary# exit ↵PEx>config>router>mpls>lsp# no shutdown ↵



41

12.Verify the LSP configuration. How much bandwidth is reserved for the primary paths? How much bandwidth is reserved for the secondary paths? What is the status of the secondary paths?

PEx# show router mpls path lsp-binding ↵PEx# show router mpls lsp detail ↵PEx# show router mpls lsp path detail ↵

13.Perform an OAM LSP ping and trace on the primary and secondary path of the LSP’s. Are the pings successful? What path is taken by the primary path of the LSP? Does it follow the strict path as configured? Are the OAM LSP ping and trace successful over the secondary path of the LSP?

PEx# oam lsp-ping <l-topex> path <p-topex> ↵PEx# oam lsp-ping <l-topex> path <p-loose> ↵PEx# oam lsp-trace <l-topex> path <p-topex> ↵PEx# oam lsp-trace <l-topex> path <p-loose> ↵

14.Change the secondary path to standby mode and repeat step 13. Why are the OAM ping and trace over the secondary path successful now?

PEx# configure router mpls lsp <l-topex> secondary <p-loos e> standby ↵

15.Verify the state of MPLS and repeat step 7. What is the published bandwidth now?

PEx# show router mpls status ↵



42

Configure one-to-one Fast Reroute

1. Configure Fast Reroute using the one-to-one method with node protection on the LSP to your opposite router.

PEx# configure router mpls lsp <l-topex> fast-reroute one- to-one ↵

Note: at this time the primary path should have a bandwidth reservation of 10% and the secondary

path is in standby mode.

PEx# show router mpls path lsp-binding ↵

2. When all the nodes have finished step 1, verify how many detour LSP’s are created on your router.

PEx# show router mpls status ↵PEx# show router rsvp session (detail) ↵

3. Verify the LSP to your opposite router. What kind of detours are available? Is the detour active?

PEx# show router mpls lsp <l-topex> path detail ↵

4. What label will be used to go to the next hop of the primary path? What label will be used to go to the detour if the primary path fails?

5. Deactivate the secondary path of your LSP to your opposite router.

PEx# configure router mpls lsp <l-topex> secondary <p-loos e> shutdown ↵

Note: this action is necessary to show the active detour. Otherwise the secondary path will take over.

6. Shut the port facing the next hop of your LSP to your opposite router down to enable the detour to take over. Repeat step 3. Is the detour active now?



43Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32



44

End of ModuleLab Exercises MPLS Configuration



Module 5Services Configuration

Lab Exercises



46

Objectives

� Upon successful completion of this module, the student will be able to perform the following operations:� Configure a customer

� Configure an SDP

� Perform an SDP Ping

� Perform an SDP MTU Test

� Mirror a Local Network Port

� Mirror a Remote Network Port



47

Switch to notes view!Configure a Customer

1. Create two customers (100 and 200). Provide the customer a description, contact information and a phone number.

Note: A customer is locally significant, but it is advisable to be consistent throughout the network

(SAM).

PEx# configure service customer 100 create ↵Pex>config>service>cust# description <customer_name> ↵Pex>config>service>cust# contact <customer_contact> ↵Pex>config>service>cust# phone <customer_phone> ↵

Prepare the Ports

1. Change the port facing the customer (see lab diagram) to an access port.

PEx# configure port X/X/X ↵Pex>port# shutdown ↵Pex>port# ethernet mode access ↵Pex>port# no shutdown ↵

2. Change the Maximum Transmission Unit (MTU) size of each network port. What minimum value is necessary?

Note: Since MPLS has been configured on the network interfaces, the port that supports that interface

must have its MTU changed to 1540 bytes. If GRE were used the MTU would have to be changed to 1560. Configure the MTU size on both network ports on each of the nodes in your network.

PEx# configure port <X/X/[1..4]> ethernet mtu 1600 ↵PEx# show port <X/X> ↵



48

Switch to notes view!Configure a full mesh of SDPs

1. Configure a full mesh of SDPs to the other PEs in the network using LDP.

Note: In the following lab exercises these SDPs will be used for L3 VPNs (VPRN). Therefore TLDP signaling must be disabled. By default TLDP signaling is enabled.

PEx# configure service sdp <1X> mpls create ↵PEx>config>service>sdp$ far-end <X.X.X.X> ↵PEx>config>service>sdp$ description <“SDP to PE X over LDP”> ↵PEx>config>service>sdp$ ldp ↵PE>config>service>sdp$ signaling off ↵PEx>config>service>sdp$ no shutdown ↵PEx>config>service>sdp$ exit all ↵

Note: Repeat the above steps for all the other PEs where X is the PE number.

2. Configure a full mesh of SDPs to the other PEs in the network using RSVP-TE

Note: In the following lab exercises these SDPs will be used for L2 VPNs (ePipe, VPLS). Therefore TLDP signaling must be enabled. This is the default setting.

PE# configure service sdp <2X> mpls create ↵PE>config>service>sdp$ far-end <X.X.X.X> ↵PE>config>service>sdp$ description <“SDP to PE X over RSVP-TE”> ↵PE>config>service>sdp$ lsp <l-topex> ↵PE>config>service>sdp$ signaling tldp ↵PE>config>service>sdp$ no shutdown ↵PE>config>service>sdp$ exit all ↵

Note: Repeat the above steps for all the other PEs where X is the PE number.

3. Verify the configured SDPs.

PE# show service sdp (detail) ↵

Note: In case the SDPs are remaining in the operationally down state, check the detail command output carefully to look for som e clues.



49

Switch to notes view!OAM Tools

Note: SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP Ping

OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path as traffic

within the service. The SDP Ping response can be received out-of-band in the control plane, or in-

band using the data plane for a round-trip test.

1. Perform a uni-directional SDP Ping. What is the Path MTU? Why is there no Remote SDP-ID?

PEx# oam sdp-ping <XX> ↵

Note: You have tested the local SDP but have not performed a round-trip test.

<XX> is the local SDP.

2. Perform a round-trip SDP Ping Test. What is the Remote SDP-ID?

PEx# oam sdp-ping <XX> resp-sdp <YY> ↵

Note: This is a round-trip test, both directions are using the SDP.

<XX> is the local SDP and <YY> is the remote SDP.

3. Discover the MTU size supported over your SDPs. What is the MTU?

Note: The Path MTU Discovery tool provides a powerful tool that enables a service provider to get the exact MTU supported between the service ingress and service termination points (accurate to one

byte). It is important to understand the MTU of the entire path end-to-end when provisioning

services, especially for virtual leased line (VLL) services where the service must support the ability

to transmit the largest customer packet.

PEx# oam sdp-mtu <XX> size-inc 1500 1600 step 10 ↵

Note: <XX> is the local SDP.



50

Switch to notes view!Local Mirror Service

Note: The mirror service feature provides a way to capture packets from a port on a router, and sends

a copy of the traffic to another port on the same router or a port on a remote router where they

can be captured by a packet analyzer or sniffer. Each router can mirror packets from a specific port

or service to any destination point in the network, regardless of interface type or speed.

1. Mirror locally a network port of your choice to your access port.

PEx# configure mirror ↵PEx>config>mirror# mirror-dest 1000 create ↵

Note: The mirror destination defines a mirror service ID and a destination for copies of the packets.

The mirrored frame size that is to be transmitted to the mirror destination can be explicitly

configured by using slicing features. This enables mirroring only the parts needed for analysis.

PEx>config>mirror>mirror-dest$ sap X/X/X create ↵

Note: The SAP is your access port (see lab diagram).

PEx>config>mirror>mirror-dest>sap$ exit ↵PEx>config>mirror>mirror-dest# no shutdown ↵

2. Verify that the mirror service is operational.

Pex# show mirror mirror-dest 1000 ↵

3. Mirror the ingress and egress traffic on a local network port, the mirror source. Use a sniffer connected to the SAP to verify if the mirror service works.

PEx# debug mirror-source 1000 port X/X/X ingress egress ↵

4. Remove the local mirror service.

PEx# configure mirror mirror-dest 1000 shutdown ↵PEx# configure mirror no mirror-dest 1000 ↵



51

Switch to notes view!Remote Mirror Service

Note: A port can be mirrored to any of the devices in the network. The mirrored frames are sent from

the source over an SDP service tunnel to a destination node, where they can be analyzed. The

mirror SDP uses static label assignments. This static label must match the static label that you are

going to assign on the remote node.

1. Configure your PE to accept mirrored frames from your clockwise neighbor.

PEx# configure mirror mirror-dest 1001 create ↵PEx>config>mirror>mirror-dest# remote-source far-end <system address of remote

mirror source PE> ing-svc-label 2048 ↵PEx>config>mirror>mirror-dest$ sap <X/X/X> create ↵Note: A packet analyser (sniffer) can be connected on the SAP to monitor the

traffic.

PEx>config>mirror>mirror-dest>sap$ back ↵PEx>config>mirror>mirror-dest# no shutdown ↵

2. Verify that the mirror service is operational.

PEx# show mirror mirror-dest 1001 ↵

3. Configure your PE as a remote mirror source for your opposite neighbour. Direct the ingress and egress traffic from the source port to the SDP and assign an egress label.

Note: The mirror services uses an SDP as a tunnel for mirrored frames. Because the mirror service only

sends traffic in one direction, it is not strictly necessary to create a bi-directional SDP.

PEx# configure mirror mirror-dest 1002 create ↵PEx>config>mirror>mirror-dest$ sdp <XX> egr-svc-label 2048 ↵Note: <XX> is the SDP configured earlier to your counter clockwise neighbour.

PEx>config>mirror>mirror-dest$ no shutdown ↵

PEx# debug mirror-source 1002 port X/X/X ingress egress ↵

4. Verify that the mirror service works.

PEx# show mirror mirror-dest 1002 ↵



52Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32



53

End of ModuleLab Exercises Services Configuration



Module 6ePipe Configuration

Lab Exercises



55

Objectives

� Upon successful completion of this module, the student will be able to perform the following operations:� Configure an ePipe (VLL) service

� Verify an ePipe



56

Switch to notes view!Configure an ePipe

Note: Create an ePipe according to the lab diagram at the end of this module.

1. Configure an ePipe 500 between your PE and your neighbour PE (according to lab diagram).

PEx# config service epipe 500 customer 100 create ↵PEx>config>service>epipe$ sap <X/X/X>:0 create ↵

Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used on the port. Null encapsulation is used if there is only one service being used on the port. If

multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.

Now an access port has been assigned to this service on which customer equipment can be

connected.

PEx>config>service>epipe>sap$ back ↵PEx>config>service>epipe$ spoke-sdp <2X>:500 create ↵

Note: Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the previous lab exercise. The :500 binds the SDP to the service. At this point TLDP labels are signalled to identify the service on each

side of the ePipe.

PEx>config>service>epipe>spoke-sdp$ back ↵PEx>config>service>epipe$ no shutdown ↵

2. Verify the ePipe. What is the label used to reach the remote PE? What is the label used to reach the ePipe service on the remote PE?

PEx# show service sap-using ↵PEx# show service service-using ↵PEx# show service id 500 all ↵PEx# show service id 500 labels ↵PEx# show router ldp bindings ↵

3. Connect two CPEs to the SAPs of the ePipe Service and test your ePipe by passing traffic across it such as a video file or a Ping test.

Note: An ePipe is the equivalent of a wire connecting the two laptops. In order to ping successfully,

both laptops will have to be members of the same subnet.



57

Switch to notes view!OAM Tools

1. Verify the operation of your ePipe service using the Service Ping utility.

Note: Alcatel-Lucent’s Service Ping feature provides end-to-end connectivity testing for an individual service. The Service Ping operates at a higher level than the SDP diagnostics in that it verifies an

individual service and not the collection of services carried within an SDP. The Service Ping is

initiated from a router to verify round-trip connectivity and delay to the far-end of the service.

Alcatel-Lucent’s implementation functions for both GRE and MPLS tunnels and tests the following

from edge-to-edge:

� Tunnel connectivity

� VC label mapping verification

� Service existence

� Service provisioned parameter verification

� Round trip path verification

� Service dynamic configuration verification

PEx# oam svc-ping <X.X.X.X> service 500 ↵

Note: in this service ping test the actual data path that customer traffic would take through the

service was not used. OAM messages were sent and received over the control plane rather than the

data plane. You can use the local-sdp and remote-sdp parameters to send the oam packets over the

same path as customer traffic.

PEx# oam svc-ping <X.X.X.X> service 500 local-sdp remote-s dp ↵

Note: <X.X.X.X> is the system IP address of the remote PE.

Note: The SVC-Ping is a useful OAM feature for a VLL but it does require that the port out to the CPE is up, i.e. there is something connected to the port such as a PC NIC card, when a service is first

configured this may not be the case and so a VCCV-Ping is a better test of a VLL when first

configured.



58

Switch to notes view!2. Verify the operation of your ePipe service using the VCCV Ping utility.

Note: Alcatel-Lucent’s VCCV Ping feature provides end-to-end connectivity verification for an individual ePipe and is used to check connectivity of a VLL in-band. It checks that the destination

(target) PE is the egress for the Layer 2 FEC. It provides a cross-check between the data plane and

the control plane. It is in-band, meaning that the VCCV ping message is sent using the same

encapsulation and along the same path as user packets in that VLL. This is equivalent to the LSP

ping for a VLL service. VCCV ping reuses an LSP ping message format and can be used to test a VLL

configured over an MPLS and GRE SDP. VCCV creates an IP control channel within the ePipe between

PE1 and PE2. PE2 should be able to distinguish, on the receive side, VCCV control messages from

user packets on that VLL.The 7750 SR uses the router alert label immediately above the VC label to

identify the VCCV-ping message. This method has a drawback that if ECMP is applied to the outer

LSP label, such as the transport label, the VCCV message will not follow the same path as the user

packets. When sending the label mapping message for the VLL, PE1 and PE2 include an optional

VCCV TLV in the PW FEC interface parameter field. The TLV indicates that the control channel will

make use of the router alert label method.

PEx# oam vccv-ping <2X>:500 reply-mode ip-routed ↵



59Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32

ePipe 500

ePipe 500



60

End of ModuleLab Exercises ePipe Configuration



Module 7VPLS Configuration

Lab Exercises



62

Objectives

� Upon successful completion of this module, the student will be able to perform the following operations:� Configure a VPLS

� Verify a VPLS



63

Switch to notes view!VPLS Configuration

1. Configure a VPLS service 600 according to the lab diagram at the end of this module.

Note: Remove the SAP from the ePipe service to use it for this lab exercise (VPLS service).

PEx# configure service vpls 600 customer 100 create ↵PEx>config>service>vpls# sap <X/X/X>:0 create ↵

Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used on the port. Null encapsulation is used if there is only one service being used on the port. If

multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.

Now an access port has been assigned to this service on which customer equipment can be

connected.

PEx>config>service>vpls>sap$ back ↵PEx>config>service>vpls# mesh-sdp <2X>:600 create ↵PEx>config>service>vpls>mesh-sdp$ back ↵

Note: Repeat the last two commands for all the remote PEs. The SDPs must form a full mesh to al the

participants in the VPLS service. Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the

previous lab exercise. The :600 binds the SDP to the service. At this point TLDP labels are signalled

to identify the service on all the participants of the VPLS service.

PEx>config>service>vpls# no shutdown ↵

2. Verify the VPLS. What are the labels used to reach the other PEs? What are the labels used to reach the VPLS service on these remote PEs?

PEx# show service sap-using ↵PEx# show service service-using ↵PEx# show service id 600 all ↵PEx# show service id 600 labels ↵PEx# show router ldp bindings ↵

3. Connect CPEs to the SAPs of the VPLS Service and test your VPLS by passing traffic across it such as a video file or a Ping test. Disconnect a network link and see if traffic gets lost. Verify if the RSVP-TE backup scenario’s are operational.

Note: An VPLS is the equivalent of a VLAN connecting one or more switches. In order to ping successfully, all CPEs will have to be members of the same subnet.



64

Switch to notes view!4.4. Verify the forwarding database. What are the age timers? How canVerify the forwarding database. What are the age timers? How can you verify the age timer per you verify the age timer per macmacentry?entry?

PEx# show service fdb-info ↵PEx# show service fdb-mac ↵PEx# show service fdb-mac expiry ↵

OAM Tools

1. Perform a MAC Ping and a MAC Trace to a remote CPE. What information is gained from this OAM tool? Verify the forwarding database. What MAC address is added from this operation? Is the information aging out as it is supposed to?

PEx# oam mac-ping service 600 destination <XX:XX:XX:XX:XX :XX> ↵PEx# oam mac-trace service 600 destination <XX:XX:XX:XX:X X:XX> ↵

Note: <XX:XX:XX:XX:XX:XX> is the MAC address of a remotely connected CPE.

PEx# show service fdb-mac ↵PEx# show chassis ↵

Note: This command shows the CPM MAC address.

2. Populate and Purge a random MAC address. What command can flood this information to the remote PEs participating in the VPLS? Is the information aging out as it is supposed to?

PEx# oam mac-populate 600 mac <00:XX:XX:XX:XX:XX> (flood) ↵PEx# oam mac-purge 600 target <XX:XX:XX:XX:XX:XX> (flood) ↵

3. Activate a continuous Ping form one CPE to another. Next, perform a CPE Ping to one of the CPEs as the destination IP-address and the other CPE as the source IP-address. Is the initial continuous Ping still operational? Why not? How can we resolve this?

PEx# oam cpe-ping service 600 destination <X.X.X.X> sourc e <Y.Y.Y.Y> ↵



65

192.168.4.4/32 192.168.3.3/32

Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32

VPLS 600



66

End of ModuleLab Exercises VPLS Configuration


Module 9iPipe Configuration

Lab Exercises



68

Switch to notes view!

Configure a ipipe Ethernet to Ethernet

1. Configure a iPipe for one of the two customers you created. The iPipe VLLs you create will be from your SR node to any 7750 SR Core node. See diagram above. The iPipe VLL will connect an Ethernet port your SR, to an Ethernet port on the far end SR.

2. You will have to come to an agreement about IP addresses and service ids with the operator configuring the far end.

3. The Ethernet ports should be configured with DOT1Q encapsulation.

Create the iPipe VLL for Ethernet to Ethernet Endpoint

3. Create the iPipe service on the SR

SRx# configure service ipipe 300 customer 100 create

SRx>config>service>ipipe# sap 1/1/3:1 create

SRx>config>service>ipipe>sap$ ce-address 192.0.10.2

(192.0.11.2 is the IP address associated with the SR Ethernet port)

SRx>config>service>ipipe>sap$ exit

SRx>config>service>ipipe> spoke-sdp <sdp-id:service-id> create

SRx>config>service>ipipe> spoke-sdp> ce-address 192.0.10.1

(192.0.11.2 is the IP address associated with far end Ethernet port)

SRx>config>service>ipipe> spoke-sdp> exit

SRx>config>service>ipipe> no shutdown



69

Switch to notes view!4. Create the iPipe service on the SR

SRx# configure service ipipe 300 customer 100 create

SRx>config>service>ipipe# sap 1/1/1:1 create

SRx>config>service>ipipe>sap$ ce-address 192.0.10.1

(192.0.11.2 is the IP address associated with the SR Ethernet port)

SRx>config>service>ipipe>sap$ exit

SRx>config>service>ipipe> spoke-sdp <sdp-id:service-id> create

SRx>config>service>ipipe> spoke-sdp> ce-address 192.0.10.2

(192.0.11.2 is the IP address associated with SR Ethernet port)

SRx>config>service>ipipe> spoke-sdp> exit

SRx>config>service>ipipe> no shutdown

5. Verify the service is up:

6. SRx# show service id 300 base

The service should be ADMIN and Opr “UP”



70

End of ModuleLab Exercises iPipe Configuration


Module 9IES Configuration

Lab Exercises



72

Module Objectives

� Upon successful completion of this module, the student will be able to configure and test a basic Internet Enhanced Service (IES).


IES Lab

Internet Enhanced Service (IES) is a routed connectivity service where the subscriber communicates with an IP router interface to send and receive Internet traffic. IP interfaces defined within the context of an IES service must have a SAP associated as the access point to the subscriber network. Since the traffic in an IES service communicates using an IP interface for the core routing instance, there is no need for the concept of tunneling traffic to a remote router. As such, IES does not require the configuration of any 7750 SR SDPs when configuring the service. The following labs assumes that an IGP (OSPF, IS-IS) is running between all nodes in the network. In the following lab we will create an IES on each node (see network diagram):: The following example shows the configuration for Node 201. 1. Create a customer and the IES

SR# configure service customer 500 create ↵ SR>config>service>cust$ exit ↵ SR# configure service ies 100 customer 500 create ↵ SR>config>service>ies$ description “Web Service” ↵ SR>config>service>ies$


2. Create the customer interface to the Web service

SR>config>service>ies$ interface toClient create ↵ SR>config>service>ies>if$ address xxx.xxx.xxx.xxx/24 ↵

3. Associate a SAP with the client interface

Note: ensure that the port that you want to create the SAP on is configured as an access port. SR# show port ↵ Associate the SAP to the port : SR# configure service ies 100 interface toClient ↵ SR>config>service>ies>if# sap 1/1/1 create ↵ SR>config>service>ies>if>sap# exit all ↵

4. Enable the IES

SR# configure service ies 100 ↵ SR>config>service>ies# no shutdown ↵ Verify that the service is administratively and operationally UP. SR# show service service-using ies ↵


5. Distribute the routing information

SR# configure router ospf ↵ SR>config>router>ospf# area 0.0.0.0 ↵ SR>config>router>ospf>area# interface toClient ↵ SR>config>router>ospf>area>if$ no shutdown ↵ To prevent sending LSA’s to the client , put the interface into passive mode for OSPF. SR>config>router>ospf>area>if$ passive ↵ SR>config>router>ospf>area>if$ exit all ↵

6. Test the IES

Test each service by successfully pinging from each client laptop to every other client laptop.


Accounting Policies

This lab will apply an accounting policy to the service ingress of the IES. Before an accounting policy can be created a target log file must be created to collect the accounting records. 1. Create a log file to collect the accounting records

SR# configure log ↵ SR>config>log# file-id 10 ↵ SR>config>log>file-id$ description “Accounting for IES 100 Ingress” ↵ SR>config>log>file-id$ location cf1: ↵ Check your configuration. Leave the rollover and retention settings at the default values. SR>config>log>file-id$ info detail ↵ ---------------------------------------------- description "Accounting for IES 100 Ing ress" location cf1: rollover 1440 retention 12 ---------------------------------------------- Rollover = how long (minutes) a file will be used before it is closed. Retention = how long (hours) a file will be stored before it is deleted.

SR>config>log>file-id$ exit ↵ SR>config>log#

2. Create an accounting policy Accounting policies must be configured in the config>log context before they can be applied to a service SAP, interface, or an Ethernet or SONET/SDH network port. An accounting policy must define a record type and collection interval. Only one record type can be configured per accounting policy.


When creating accounting policies, one service accounting policy and one network accounting policy can be defined as default. If statistics collection is enabled on a SAP or network port and no accounting policy is applied, then the respective default policy is used. If no default policy is defined, then no statistics are collected unless a specifically defined accounting policy is applied.

SR>config>log# accounting-policy 10 ↵ SR>config>log>acct-policy$ description “IES Service 100 Ingress” ↵ SR>config>log>acct-policy$ record service-ingress-packets ↵ SR>config>log>acct-policy$ to file 10 ↵ SR>config>log>acct-policy$ no shutdown ↵ Check your configuration SR>config>log>acct-policy$ info ↵ ---------------------------------------------- description "IES Service 100 Ingress" record service-ingress-packets to file 10 no shutdown ---------------------------------------------- SR>config>log>acct-policy$ exit all ↵

3. Enable statistics collection on the IES SAP and apply your accounting policy to

the IES SAP

Enable statistics collection on the SAP SR# configure service ies 100 ↵ SR>config>servce>ies# interface toClient sap 1/1/1 ↵ SR>config>servce>ies>if>sap# collect-stats ↵ Apply the accounting policy created in Step 2 SR>config>servce>ies>if>sap# accounting-policy 10 ↵ SR>config>servce>ies>if>sap# back ↵


Verify that stats collection is on and your accounting policy has been applied to the SAP.

SR>config>servce>ies>if# info ↵ ---------------------------------------------- address 10.10.10.1/24 sap 1/1/1 create collect-stats accounting-policy 10 exit ----------------------------------------------

4. Remove the accouting policy.


Lab Diagram

Lapt

op

10.1

0.10

.10/

24

10.1

0.13

.13/

24

10.1

0.12

.12/

24

10.1

0.11

.11/

241/

1/1

1/1/

3

1/1/

1

1/1/

3

1/1/

21/

1/2

1/1/

21/

1/2

1/1/

31/

1/3

1/1/

11/

1/1

No

de

201

No

de

205

No

de

213

No

de

209

Sys

tem

172.

0.0.

201/

32S

yste

m17

2.0.

0.20

5/32

Sys

tem

172.

0.0.

213/

32S

yste

m17

2.0.

0.20

9/32

10.1

0.10

.1/2

4

10.1

0.13

.1/2

4

10.1

0.11

.1/2

4

10.1

0.12

.1/2

4

192.

168.

0.21

4/3019

2.16

8.0.

201/

30

192.

168.

0.20

2/30

192.

168.

0.20

5/30

192.

168.

0.21

3/30

192.

168.

0.20

6/30

192.

168.

0.21

0/30

192.

168.

0.20

9/30

Eth

erne

t Man

agem

ent P

ort

192.

168.

161.

201/

24

Eth

erne

t Man

agem

ent P

ort

192.

168.

161.

213/

24

Eth

erne

t Man

agem

ent

Por

t:192

.168

.161

.205

/24

Eth

erne

t Man

agem

ent P

ort

192.

168.

161.

209/

24

Lapt

op

Lapt

op

Lapt

op

192.

168.

161.

91/3

2

Con

sole

Por

t (S

eria

l)

192.

168.

161.

94/3

2

Con

sole

Por

t (S

eria

l)

192.

168.

161.

93/3

2

Con

sole

Por

t (S

eria

l)

192.

168.

161.

92/3

2

Con

sole

Por

t (S

eria

l)



80

End of Module/LessonIES Configuration



Module 10VPRN Configuration

Lab Exercises



82

Objectives

� Upon successful completion of this module, the student will be able to perform the following operations:� Configure a global Autonomous System (AS) number.

� Configure a global Border Gateway Protocol (BGP) routing instance

� Configure a Customer

� Configure MPLS for Label Distribution Protocol (LDP)

� Configure a routing policy for router redistribution.

� Configure a Service Distribution Point

� Configure the Virtual Private Network Service (VPRN)



83

Switch to notes view!VPRN Configuration

1. Configure a global AS number (65530 public AS number) on each PE router. This number will be used by BGP for advertisement purposes.

PEx# configure router autonomous-system 65530 ↵

2. Configure a global BGP routing instance. This must be configured to support the MP-BGP and establish communications between Provider Edge (PE) devices.

PEx# configure router bgp ↵PEx>config>router>bgp$ group VPRN ↵PEx>config>router>bgp>group$ peer-as 65530 ↵PEx>config>router>bgp>group$ family vpn-ipv4 ↵

Note: This enables MP-BGP.

PEx>config>router>bgp>group$ neighbor <X.X.X.X> ↵PEx>config>router>bgp>group>neighbor$ back ↵

Note: <X.X.X.X> is the system IP-address of all participating PEs in the VPRN. Repeat the 2 steps

above for every PE.

PEx>config>router>bgp>group# back ↵

Note: After all the PEs have completed Step 2, a full mesh of iBGP sessions should be established.

3. Verify the BGP configuration.

PEx# show router bgp summary ↵PEx# show router bgp neighbor ↵PEx# show router bgp group ↵

Note: As a quick check, see if the “show router bgp neighbor” command output displays the state of

the BGP session as “Established” for each of the neighboring PEs:

Peer : 2.2.2.2Group : VPRN--------------------------------------------------- ------------<.......> State : Established Last State : Connect



84

Switch to notes view!4. Configure the VPRN service.

PEx# configure service vprn 700 customer 100 create ↵PEx>config>service>vprn$ route-distinguisher 65530:700 ↵PEx>config>service>vprn$ spoke-sdp <1X> create ↵PEx>config>service>vprn>sdp$ back ↵

Note: Use the SDPs based on LDP created in a previous Lab Exercise. Repeat the last two steps for every other PE in the VPRN.

Note: In VRPN, a shortcut exists to alleviate these last steps. The auto-bind command creates the LDP SDP’s in one command. When t his option is used, there is no need to explicitly specify the SDP’s as done in the previous step.

( PEx>config>service>vprn$ auto-bind ldp ↵ )

PEx>config>service>vprn# vrf-target target:65530:700

Note: In VRPN, the vrf-target command is a combination of the vrf-import and vrf-export command in one command.

PEx>config>service>vprn# interface <tocex> create ↵PEx>config>service>vprn>if$ address 192.168.<XX>.1/30 ↵

Note: <X> = your PE number (see lab diagram).

PEx>config>service>vprn>if$ sap x/x/x create ↵

Note: This commands binds the SAP to the VPRN interface. Remove the SAP from other services if not

already done.

PEx>config>service>vprn# no shutdown ↵

5. Verify your VPRN Service and the VRF.

PEx# show service id 700 all ↵PEx# show router 700 route-table ↵



85

Switch to notes view!6. Connect a PC Workstation on the access port and make sure that the PC has an IP address on the

same network as the CE Interface of the matching PE in your VPRN. Point the default gateway to this CE interface (lab diagram at the end of this module). Ping another CPE PC Workstation in the VPRN. Is the Ping successful?

7. Verify the BGP Table. Are the routes visible? What is the Inner Label or VPN Label? What is the outer Label or Transport Label?

PEx# show router bgp routes ↵PEx# show router bgp neighbor <ip-address> advertised-rout es ↵PEx# show router ldp bindings (active) ↵

OAM Tools

1. Perform a VPRN Ping from your directly connected VPRN interface to a remotely connected PC.

PEx# oam vprn-ping 700 source <X.X.X.X> destination <Y.Y.Y .Y> ↵

2. Perform a VPRN Trace from your directly connected VPRN interface to a remotely connected PC.

PEx# oam vprn-trace 700 source <X.X.X.X> destination <Y.Y .Y.Y> ↵



86

VPRN 20

Network Diagram

1.1.1.1/32

PE 1 1/1/2

1/1/3

1/1/1

1/1/4

2.2.2.2/32

PE 2 1/1/1

1/1/3

1/1/2

1/1/4

3.3.3.3/32

PE 3

1/1/3

1/1/11/1/2

1/1/4

4.4.4.4/32

PE 4 1/1/2

1/1/3

1/1/1

1/1/4

.1

.1

.1 .2 .2

.3.4

.4.4

.2

.3.3

10.12.1.0/29

10.34.1.0/29

10.14.1.0/29

10.23.1.0/29

10.13.1.0/29

10.24.1.0/29

192.168.11.0/30

192.168.44.0/30

192.168.22.0/30

192.168.33.0/30

.1

.1

.1

.1

.2

.2 .2

.2

192.168.1.0/24

192.168.4.0/24

192.168.2.0/24

192.168.3.0/24

CE1 CE2

CE3CE4

192.168.1.1/32

192.168.4.4/32

192.168.2.2/32

192.168.3.3/32

VPRN 700



87

End of ModuleLab Exercises VPRN Configuration



Module 11Basic QoS Configuration

Lab Exercises



89

Objectives

� Upon successful completion of this module, the student will be able to perform the following operations:� Create a basic QoS Policy



90

Switch to notes view!Basic Quality of Service Lab

Configure QoS policies to achieve the following:

Most traffic ingressing on SAP 1/1/1 on VPLS Service XXX should pass through the 7750 unshaped and enter the MPLS network core with a forwarding class of EF.

Web traffic (going from the customer to the web needs to be shaped to a maximum rate of 20Mb/s. The first 10Mb/s of Web traffic should egress the node into the MPLS core network with a QoS FC = BE in-profile, the remainder of the Web traffic should exit with FC = BE out-ot-profile.

The following steps assume a working VPLS Service (ID of XXX) on your node.

1 Display the settings for SAP QoS ingress policy 1 (default policy).

SR# show qos sap-ingress 1 ↵

Note: The default qos ingress policy classifies all incoming traffic as FC “BE” regardless of the settings of any DSCP, 802.1p bits etc.

Sap ingress traffic can be classified into one of eight internal forwarding classes (FC) based on several match criteria (MAC, 802.1p, or L3-L7).

All traffic is marked internally as having come from a SAP or network port.



91

QoS Lab

SAP

Queue 2

Queue 3

FC=Be

FC=Ef

CIR=10000PIR=20000

CIR=0PIR=Max

Be in-profile

Be out-of-profile

lsp-exp-in-profile 5

lsp-exp-out-profile 0

Network Egress Port

Port 1/1/1

Internet

Web Traffic

Non-WebTraffic

(BE in-profile)

(Be out-of-profile default)

Egress Queue 4

CIR=10000PIR=20000



92

Switch to notes view!2. Display the settings for the default SAP ingress and network policies.

SR# configure qos ↵

SR>config>qos# info detail ↵

#------------------------------------------

echo "QoS Policy Configuration"

#------------------------------------------

sap-ingress 1 create

description "Default SAP ingress QoS policy."

scope template

queue 1 auto-expedite create

no parent

adaptation-rule pir closest cir closest

rate max cir 0

mbs default

cbs default

high-prio-only default

exit

…

network 1 create

description "Default network QoS policy."

scope template

ingress

default-action fc be profile out

Note: By default all incoming traffic is classified as BE out-of-profile.

Default queue settings: PIR(rate) = MAX and CIR = 0

3. Create a new SAP ingress policy, policy #10. The default SAP ingress QoS policy (#1) has two queues associated with it, Queue 1 (unicast) and Queue 11 (multipoint). We will be creating two new queues, queues 2 and 3.

SR# configure qos sap-ingress 10 create ↵

SR>config>qos>sap-ingress$ description “Web Traffic Ingress QoS Policy” ↵SR>config>qos>sap-ingress$ info ↵

description "Web Traffic Ingress QoS Policy"

queue 1 create

exit

queue 11 multipoint create

exit



93

Switch to notes view!3. Create new queues for your SAP ingress policy.

SR>config>qos>sap-ingress$ queue 2 create ↵SR>config>qos>sap-ingress>queue$ rate 20000 cir 10000 ↵SR>config>qos>sap-ingress>queue$ back ↵SR>config>qos>sap-ingress$ queue 3 create ↵SR>config>qos>sap-ingress# info ↵

description "Web Traffic Ingress QoS Policy"

queue 1 create

exit

queue 2 create

exit

queue 3 create

exit


exit

4. Create a QoS traffic filter to separate incoming Web traffic from other traffic.

SR>config>qos>sap-ingress# ip-criteria ↵SR>config>qos>sap-ingress>ip-criteria# entry 10 create ↵SR>config>qos>sap-ingress>ip-criteria>entry$ description

www_ingress_filter ↵Note: use IP criteria to identify the web traffic going to a web server.

Note: Protocol 6 identifies TCP in the protocol field of the Ip header

Port 80 is HTTP at the application layer.

SR>config>qos>sap-ingress>ip-criteria>entry$ match protocol 6 dst-port eq 80 ↵



94

Switch to notes view!SR>config>qos>sap-ingress>ip-criteria>entry$ info ↵description "www_ingress_filter"

match protocol 6

dst-port eq 80

exit

action

Note: mark all ingress web traffic as best effort.

SR>config>qos>sap-ingress>ip-criteria>entry$ action fc be ↵SR>config>qos>sap-ingress>ip-criteria>entry$ info ↵description "www_ingress_filter"

match protocol 6

dst-port eq 80

exit

action fc be

SR>config>qos>sap-ingress>ip-criteria# back ↵

Note: set the default FC mapping for traffic that does not match your IP criteria for web traffic.

SR>config>qos>sap-ingress# default-fc ef ↵



95

Switch to notes view!SR>config>qos>sap-ingress# info ↵description "Web Traffic QoS Ingress Policy“

queue 1 create

exit

queue 2 create

exit

queue 2 create

exit


exit

ip-criteria

entry 10 create

description "www_ingress"

match protocol 6

dst-port eq 80

exit

action fc be

exit

exit

default-fc ef

5. Configure the FC to queue mappings

SR>config>qos>sap-ingress# fc ef create ↵SR>config>qos>sap-ingress>fc# queue 3 ↵SR>config>qos>sap-ingress>fc# back ↵SR>config>qos>sap-ingress# info ↵



96

Switch to notes view!description "Web Traffic QoS Ingress Policy"

queue 1 create

exit

queue 2 create

exit

queue 2 create

exit


exit

fc ef create

queue 3

exit

ip-criteria

entry 10 create


match protocol 6

dst-port eq 80

exit

action fc be

exit

exit

default-fc ef

SR>config>qos>sap-ingress# fc be create ↵SR>config>qos>sap-ingress>fc# queue 2 ↵SR>config>qos>sap-ingress>fc# back ↵



97

Switch to notes view!SR>config>qos>sap-ingress# info ↵description "Web Traffic QoS Ingress Policy"

queue 1 create

exit

queue 2 create

exit

queue 3 create

exit


exit

fc be create

queue 2

exit

fc ef create

queue 3

exit

ip-criteria

entry 10 create


match protocol 6

dst-port eq 80

exit

action fc be

exit

exit

default-fc ef

6. Create a SAP egress policy

SR# configure qos sap-egress 11 create ↵SR>conf>qos>sap-egress$ description “QoS Egress Traffic”

SR>conf>qos>sap-egress$ queue 4 create ↵SR>conf>qos>sap-egress>queue$ rate 20000 cir 10000 ↵SR>conf>qos>sap-egress>queue$ back ↵SR>conf>qos>sap-egress$ fc be create ↵SR>conf>qos>sap-egress>fc$ queue 4 ↵SR>conf>qos>sap-egress>fc$ exit all ↵



98

Switch to notes view!7. Apply your SAP policies to the SAP on port 1/1/1/ for VPLS Service XXX

SR# configure service vpls XXX ↵SR>config>service>vpls# sap 1/1/1 ↵SR>config>service>vpls>sap# ingress qos 10 ↵SR>config>service>vpls>sap# egress qos 11 ↵SR>config>service>vpls>sap# exit ↵SR>config>service>vpls# info ↵

description "VPLS XXX"

stp

no shutdown

exit

sap 1/1/1 create

ingress

qos 10

egress

qos 11

exit

exit

mesh-sdp x:xxx create

exit


exit


exit

no shutdown

SR>config>service>vpls# exit all ↵

8. Remap the in-profile Web traffic from the BE queue to an MPLS EXP value of 5 in the MPLS header. This EXP value identifies in-profile Web traffic leaving the node from Queue 2 on a network egress interface.

SR# configure qos network 10 create ↵SR>config>qos>network$ description “Remark In-Profile Web Traffic”

↵SR>config>qos>network$ egress fc be lsp-exp-in-profile 5 ↵



99

Switch to notes view!SR>config>qos>network$ info ↵description "Remark In-Profile Web Traffic"

ingress

exit

egress

fc be

lsp-exp-in-profile 5

exit

exit



100

End of ModuleLab Exercises Quality of Service

sros 9.0 lab guide

Documents

pageall rights

portsall rights

rights reservedpassing

system time

system commands

file system

cli system prompt

cli configuration skills