7. Internet Enhanced Service

This chapter provides information about Internet Enhanced Services when 7210 SAS-T is operated in network mode and in access-uplink mode, and 7210 SAS-Mxp, 7210 SAS-Sx/S 1/10GE, and 7210 SAS-Sx 10/100GE is operated in Network mode, the process overview, and implementation notes.

Note:

For 7210 SAS platforms operating in network mode, IES can provide services or in-band management of the node.

For 7210 SAS platforms operating in access-uplink mode, IES is designed for in-band management of the node only.

This chapter explicitly notes if a feature is supported on 7210 SAS platforms operating in network or access-uplink mode.

7.1. IES service overview

Internet Enhanced Service (IES) is a routed connectivity service where the subscriber communicates with an IP router interface to send and receive Internet traffic. An IES has one or more logical IP routing interfaces each with a SAP which acts as the access point to the subscriber network.

Note:

For 7210 SAS platforms operating in access-uplink mode, IES is designed only for in-band management of the node.

IES allows IP interfaces to participate in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber be unique between other provider addressing schemes and potentially the entire Internet. While IES is part of the routing domain, the usable IP address space may be limited. This allows a portion of the service provider address space to be reserved for service IP provisioning, and be administered by a separate, but subordinate address authority.

IP interfaces defined within the context of an IES service must have a SAP associated as the uplink access point to the subscriber network. Multiple IES services are created to segregate subscriber owned IP interfaces.

The following figure shows a diagram of Internet enhanced service.

Figure 81:  Internet Enhanced Service 

The IES service provides in-band management connectivity. Other features include:

  1. Multiple IES services are created to separate IP interfaces.
  2. More than one IES service can be created for a single customer ID.
  3. More than one IP interface can be created within a single IES service ID. All IP interfaces created within an IES service ID belong to the same customer.

In access-uplink mode, the IES services provide IP connectivity to the node for in-band management of the node. Most of the management tasks supported with the out-of-band management port are supported with in-band management.

7.2. IES features

This section describes various general service features and any special capabilities or considerations as they relate to IES services.

7.2.1. IP interfaces

IES customer IP interfaces can be configured with most of the options found on the core IP interfaces. The advanced configuration options supported are:

  1. VRRP - for IES services with more than one IP interface (available only in network mode)
  2. Secondary IP addresses (available only on 7210 SAS-T (network mode), 7210 SAS-Mxp, 7210 SAS-Sx/S 1/10GE, and 7210 SAS-Sx 10/100GE platforms)
  3. ICMP Options

In network mode, configuration options found on core IP interfaces not supported on IES IP interfaces are:

  1. NTP broadcast receipt

7.2.1.1. IPv6 support for IES IP interfaces (access-uplink operating mode)

Note:

IPv6 addressing is supported for IES IP interfaces in access-uplink mode.

In access-uplink mode, IES IP interfaces associated with access-uplink SAPs support IPv6 addressing. IPv6 can be used for in-band management of the node using the IES IP interface.

Note:

IPv6 IES IP interfaces on access-uplink SAPs are only supported on 7210 SAS-T operating in access-uplink mode.

IPv4 and IPv6 route table lookup entries are shared. Before adding routes for IPv6 destinations, route entries in the routed lookup table needs to be allocated for IPv6 addresses. This can be done using the CLI command config> system> resource-profile> router> max-ipv6-routes. This command allocates route entries for /64 IPv6 prefix route lookups. The system does not allocate any IPv6 route entries by default and user needs to allocate some resources before using IPv6. For the command to take effect the node must be rebooted after making the change. For more information, see the following example and the 7210 SAS-Mxp, R6, R12, S, Sx, T Interface Configuration Guide.

A separate route table (or a block in the route table) is used for IPv6 /128-bit prefix route lookup. A limited amount of IPv6 /128 prefixes route lookup entries is supported. The software enables lookups in this table by default (that is no user configuration is required to enable Ipv6 /128-bit route lookup).

Note:

IPv6 interfaces can be created without allocating IPv6 route entries.

Following features and restrictions is applicable for IPv6 IES IP interfaces:

  1. IPv6 interfaces supports only static routing.
  2. Only port-based ingress QoS policies are supported.
  3. IPv6 filter policies can be used on SAP ingress and egress.
  4. Routing protocols, such as OSPFv3, and others are not supported.
  5. A limited amount of IPv6 /128 prefixes route lookup entries is supported.

7.2.1.2. IPv6 support for IES IP interfaces (network operating mode)

IES IPv6 IP interfaces provide IPv6 connectivity in the routing base instance. It can be used to connect IPv6 networks over an IPv4 cloud using 6PE mechanisms. For more information about the 6PE, refer to the 7210 SAS-Mxp, R6, R12, S, Sx, T Routing Protocols Guide.

IPv4 and IPv6 route table lookup entries are shared. Before adding routes for IPv6 destinations, route entries in the routed lookup table needs to be allocated for IPv6 addresses. This can be done using the CLI command config> system> resource-profile> router> max-ipv6-routes. This command allocates route entries for /64 IPv6 prefix route lookups. The system does not allocate any IPv6 route entries by default and user needs to allocate some resources before using IPv6. For the command to take effect the node must be rebooted after making the change. For more information, see the following example and the 7210 SAS-Mxp, R6, R12, S, Sx, T Basic System Configuration Guide.

A separate route table (or a block in the route table) is used for IPv6 /128-bit prefix route lookup. A limited amount of IPv6 /128 prefixes route lookup entries is supported. The software enables lookups in this table by default (that is no user configuration is required to enable Ipv6 /128-bit route lookup).

In addition, the number IP subnets can be configured by the user using the command configure> system>resource-profile>router>max-ip-subnets. Suitable default are assigned to this parameter. Users can increase the number of subnets if they plan to more IPv6 addresses per IPv6 interface.

Following features and restrictions is applicable for IPv6 IES IP interfaces:

  1. IPv6 interfaces supports static routing, OSPv3, and IS-IS.
  2. A limited amount of IPv6 /128 prefixes route lookup entries is supported on 7210 SAS platforms.

7.2.1.3. Encapsulations

The following SAP encapsulation is supported on IES services in both network mode and access-uplink mode:

  1. Ethernet null
  2. Ethernet dot1q
  3. Ethernet QinQ

In 7210 SAS-T access-uplink mode, the following access-uplink SAP encapsulations are supported:

  1. Ethernet QinQ (access-uplink QinQ SAP)

7.2.2. Routing protocols

IES IP interfaces are restricted to routing protocols that can be configured on the interface. IES IP interfaces support the following routing protocols:

  1. RIP (only supported on the 7210 SAS-Mxp)
  2. OSPF
  3. IS-IS
  4. eBGP for the IPv4 and IPv6 address families (MPBGP is not supported)
  5. IGMP
  6. PIM
  7. BFD
Note:

The SAP for the IES IP interface is created at the IES service level, but the routing protocols for the IES IP interface are configured at the routing protocol level for the main router instance.

7.2.2.1. CPE connectivity check

Static routes are used within many IES services. Unlike dynamic routing protocols, there is no way to change the state of routes based on availability information for the associated CPE. CPE connectivity check adds flexibility so that unavailable destinations will be removed from the service provider routing tables dynamically and minimize wasted bandwidth.

The availability of the far-end static route is monitored through periodic polling. The polling period is configured. If the poll fails a specified number of sequential polls, the static route is marked as inactive.

An ICMP ping mechanism is used to test the connectivity. If the connectivity check fails and the static route is de-activated, the router will continue to send polls and reactivate any routes that are restored.

7.2.3. QoS policies

When applied to 7210 SAS IES services, service ingress QoS policies only create the unicast meters defined in the policy. The multipoint meters are not created on the service. With IES services, service egress QoS policies function as with other services where the class-based queues are created as defined in the policy.

On 7210 SAS ingress, only meters are supported on all the platforms.

Note:

QoS policies only create the unicast meters defined in the policy if PIM is not configured on the associated IP interface; if PIM is configured, the multipoint meters are applied as well.

In access-uplink mode, IES IP interface associated with an access SAP supports use of service ingress QoS policies. IES IP interface associated with an access-uplink SAP does not support use of service ingress QoS policies. IES IP interfaces associated with an access-uplink SAP share the port based ingress and egress QoS policies.

Note that both MAC and IPv4 criteria can be used in the QoS policies for traffic classification in an IES.

7.2.3.1. CPU QoS for IES interfaces in access-uplink mode

In access-uplink mode, IES IP interface bound to routed VPLS services, IES IP interface on access SAPs and IES IP interface on access-uplink SAPs are designed for use with inband management of the node. Consequently, they share a common set of queues for CPU bound management traffic. All CPU bound traffic is policed to predefined rates before being queued into CPU queues for application processing. The system uses meters per application or a set of applications. It does not allocate meters per IP interface. The possibility of CPU overloading has been reduced by use of these mechanisms. Users must use appropriate security policies either on the node or in the network to ensure that this does not happen.

7.2.3.2. CPU QoS for IES access interfaces in network mode

Traffic bound to CPU received on IES access interfaces are policed/rate-limited and queued into CPU queues. The software allocates a policer per IP application or a set of IP applications, for rate-limiting CPU bound IP traffic from all IES access SAPs. The policers CIR/PIR values are set to appropriate values based on feature scaling and these values are not user configurable. The software allocates a set of queues for CPU bound IP traffic from all IES access SAPs. The queues are either shared by a set of IP applications or in some cases allocated to an IP application. The queues are shaped to appropriate rate based on feature scaling. The shaper rate is not user configurable.

Note:

  1. The instance of queues and policers used for traffic received on network port IP interfaces is different for traffic received from access port IP interfaces. Additionally, the network CPU queues are accorded higher priority than the access CPU queues. This is done to provide better security and mitigate the risk of access traffic affecting network traffic.
  2. The 7210 SAS-Mxp allows the user to configure the IP differentiated services code point (DSCP) value for self-generated traffic. On the 7210 SAS-T, 7210 SAS-Sx/S 1/10GE, and 7210 SAS-Sx 10/100GE, IP DSCP marking of self-generated traffic is not user-configurable and is assigned by software.

7.2.4. Filter policies

In network mode, only IP filter policies can be applied to IES services.

In access-uplink mode, only IP filter policies can be applied to IES service when either access SAP or access-uplink SAP is associated with the service.

7.2.5. VRRP support for IES IP interfaces in network operating mode

Note:

IPv4 is supported for IES IPv4 interfaces in network operating mode only.

  1. VRRP is not supported in access-uplink operating mode.
  2. For IPv6 interfaces, VRRP is not supported in both network and access-uplink operating mode.

The Virtual Router Redundancy Protocol (VRRP) for IPv4 is defined in the IETF RFC 3768, Virtual Router Redundancy Protocol. VRRP describes a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router. When this IP interface is specified as a default gateway on hosts directly attached to this LAN, the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address. For more information about use of VRRP, refer to the 7210 SAS-Mxp, R6, R12, S, Sx, T Router Configuration Guide.