5. Router Configuration

The 7705 SAR-Hm series of routers supports standard IP routing as covered in the topics listed below:

  1. IP Router Configuration
  2. Filter Policy Support

5.1. IP Router Configuration

This section describes the following functionality on 7705 SAR-Hm series nodes:

  1. PDN Router Interfaces
    1. IPv4 PDN Router Interface
    2. IPv6 PDN Router Interface
    3. Static Cellular System IPv4 Mode
    4. Static Cellular Interface IPv4 Mode
    5. Dynamic Cellular Interface IPv4 Mode
    6. Static Cellular Interface IPv6 Mode
    7. Dynamic Cellular Interface IPv6 Mode
  2. PDN Router Interface Command Reference
    1. PDN Router Interface Command Hierarchy
    2. PDN Router Interface Command Descriptions

For general information on IP router configuration support, refer to the topics listed below in the “IP Router Configuration” chapter of the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

  1. Configuring IP Router Parameters
    1. Interfaces
      1. Network Interfaces
      2. Network Domains
      3. System Interface
      4. Creating an IP Address Range
    2. Router ID
    3. Autonomous Systems
    4. Confederations
    5. Exporting an Inactive BGP Route from a VPRN
    6. DHCP Relay
    7. Internet Protocol Versions
  2. Aggregate Next Hop
  3. Invalidate Next-Hop Based on ARP/Neighbor Cache State
  4. Router Interface Encryption with NGE
  5. Process Overview
  6. Configuration Notes
  7. Configuring an IP Router with CLI
  8. Service Management Tasks

For descriptions of IP router commands, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide and to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Clear, Show, and Tools Command Reference Guide.

5.1.1. PDN Router Interfaces

A packet data network (PDN) router interface is a type of router interface specific to a cellular port. PDN router interfaces are network-facing only and provide the main routing function over a cellular port. Each PDN connection that operates on a cellular port requires a PDN router interface.

A specific PDN router interface is associated with a specific SIM. Port 1/1/1 is always associated with SIM 1 and port 1/1/2 is always associated with SIM2. Therefore, a PDN router interface configured against port 1/1/1 is associated with SIM 1 and a PDN router interface configured against port 1/1/2 is associated with SIM 2. For information on configuring cellular ports, refer to the 7705 SAR-Hm and SAR-Hmc Interface Configuration Guide.

A PDN router interface is configured using the command config>router>interface interface-name pdn. A PDN router interface supports either IPv4 or IPv6 operation. The address type is determined by the protocol, either IPv4 or IPv6, configured for the PDN profile. A PDN profile must be configured and associated with the PDN router interface in order for a cellular port to attach to a cellular network. The address type is learned by the router interface during the PDN attachment process. Refer to the 7705 SAR-Hm and SAR-Hmc Interface Configuration Guide for information on configuring a PDN profile.

5.1.1.1. IPv4 PDN Router Interface

When a cellular port is configured for IPv4 operation, the associated PDN router interface is always an unnumbered interface; therefore, it cannot be directly configured with an IPv4 address. The IPv4 address assigned to a PDN interface must be specified from a loopback interface or learned directly from the cellular network during the cellular network attachment process. An IPv4 address specified from a loopback interface is used in the following ways:

  1. as the source IPv4 address for GRE-MPLS packets that are sent over a cellular port
  2. as the BGP local-address for BGP sessions over a cellular port
  3. as the T-LDP local-lsr-id for T-LDP signaling sessions

An IPv4 PDN router interface can operate in one of three modes:

  1. static cellular system IPv4 mode
  2. static cellular interface IPv4 mode
  3. dynamic cellular interface IPv4 mode

The mode of operation dictates the way in which the IPv4 address is assigned to the PDN router interface and how it is used in conjunction with services.

For information about the types of services supported on an IPv4 PDN router interface and how an IPv4 PDN interface IP addresses is used by services, see Services over the Cellular PDN Interface.

An IPv4 PDN router interface supports Network Group Encryption (NGE). For information on NGE, see Network Group Encryption.

An IPv4 PDN router interface supports IPSec secure interfaces. For information on IPSec secure interfaces, see IPSec Secured Interface over Cellular.

5.1.1.2. IPv6 PDN Router Interface

When a cellular port is configured for IPv6 operation, the associated PDN router interface is always a numbered interface.

An IPv6 PDN router interface can operate in one of two modes:

  1. static cellular interface IPv6 mode
  2. dynamic cellular interface IPv6 mode

The ipv6>address command is used to determine the mode of operation of the PDN router interface. When the address is specified, the IPv6 PDN router interface is operating in static cellular interface IPv6 mode. When the address is not specified, then it is operating in the dynamic cellular interface IPv6 mode.

For information about the types of services supported on an IPv6 PDN router interface, see Services over the Cellular PDN Interface.

An IPv6 PDN router interface supports IPSec secure interfaces. For information on IPSec secure interfaces, see IPSec Secured Interface over Cellular.

An IPv6 PDN router interface does not support NGE.

5.1.1.2.1. Static Routing on an IPv6 PDN Router Interface

When IPv6 is enabled on the PDN router interface, any static routes configured to use the PDN interface name as the next hop do not require the explicit configuration of the link-local address. This is because cellular networks do not require a next hop.

The CLI output below shows an example of a static route configuration on an IPv6-enabled PDN router interface.

*A:DUT# config# router
                interface "pdn-itf" pdn
                   port 1/1/1      
                   ipv6
                        address 1::1/64
                   exit
                exit
                static-route-entry ::/0
                   next-hop "pdn-itf"
                exit
           exit
     exit

5.1.1.3. Static Cellular System IPv4 Mode

In the static cellular system IPv4 mode of operation, the unnumbered interface under the PDN router interface is configured as the system interface. When the cellular port associated with the PDN interface attaches to the cellular network, the cellular network statically assigns an IP address to the node for the Access Point Name (APN) and associated installed Subscriber Identity Module (SIM). The system interface is then configured with the IP address that matches the cellular network-assigned IP address. The result is that the IP address provided by the cellular network for the PDN router interface and the system IP address of the node are identical.

A PDN router interface is considered operationally up only when the associated cellular port attaches to the network and an IP address is learned from the cellular attachment. The system checks whether the LTE network-assigned IP address matches the system IP address configured on the PDN interface. If it does not match, the PDN router interface is considered down and an alarm is raised.

The CLI output below shows an example of a PDN interface configured for static cellular system IPv4 mode.

*A:DUT# config# router
                interface “system”
                   address 88.0.0.1/32
                   no shutdown
                exit
                interface “pdn1-sim1” pdn
                   port 1/1/1
                   unnumbered “system”
                   no shutdown
                exit
           exit
      exit

When operating in static cellular system IPv4 mode, the following points apply.

  1. Only one cellular IP address can be used on the node. This affects dual SIM operation. If the PDN router interface of one of the dual SIM cellular ports is operating in static cellular system IPv4 mode, then the other PDN router interface must also operate in static cellular system IPv4 mode. The cellular network for each SIM must allocate the same system IP address when the node attaches to the cellular network over either cellular port.
  2. Some wireless service providers require that all packets entering their network from user equipment (UE) attached to their network have a source IP address that matches the IP address that the cellular network assigned to the UE. When this is a requirement and the node is using static cellular system IP mode, the PDN interface must be configured with an IP filter that allows only egress packets with a source IP address that matches the system IP address.
  3. The NSP NFM-P does not require an in-band management VPRN service to manage the node. Instead, the NSP NFM-P uses the system IP address to reach the node.

5.1.1.4. Static Cellular Interface IPv4 Mode

In the static cellular interface IPv4 mode of operation, the unnumbered interface configured under the PDN router interface is a loopback interface that is assigned a static address on the associated cellular port. This statically assigned IP address does not match the system IP address, which is a private address. When the cellular port associated with the PDN interface attaches to the cellular network, the cellular network assigns the same static IP address to the cellular port as the address assigned to the loopback address under the PDN router interface.

The cellular IP address assigned to the PDN router interface never changes after each subsequent cellular attachment. The static address assigned during the PDN attachment process is then used as the PDN router interface IP address for services operation. The PDN router interface is declared operationally up only when the PDN attachment completes and the IP address assigned by the cellular network matches the PDN router interface loopback address. If the address is not the same, the PDN interface stays operationally down and an alarm is raised.

The CLI output below shows an example of a PDN interface configured for static cellular interface IPv4 mode.

*A:DUT# config# router
                interface “pdn-loopback”
                   address 88.0.0.1/32
                   loopback
                   no shutdown
                exit
                interface “pdn1-sim1” pdn
                   port 1/1/1
                   unnumbered “pdn-loopback”
                   no shutdown
                exit
           exit
      exit

When operating in static cellular interface IPv4 mode, consider the following points.

  1. Some wireless service providers require that all packets entering their network from UE attached to their network have a source IP address that matches the IP address that the cellular network assigned to the UE. When this is a requirement and the node is using static cellular interface IPv4 mode, the PDN interface must be configured with an IP filter that allows only egress packets that have a source IP address that matches the IP address that was assigned during the PDN attachment. A filter must be configured on each PDN router interface that requires filtering.
  2. The system IP address used by the NSP NFM-P to manage the node is a private IP address. An in-band management VPRN service is required for the NSP NFM-P to reach the node.

5.1.1.5. Dynamic Cellular Interface IPv4 Mode

In the dynamic cellular interface IPv4 mode of operation, the unnumbered interface configured under the PDN router interface is a loopback interface that has no IP address assigned to it. When the cellular port associated with the PDN interface attaches to the cellular network, the cellular network assigns a dynamic IP address to the cellular port, which is then used as the IP address for the loopback interface under the PDN router interface.

Because cellular IP address allocation is dynamic, the address will change during every PDN attachment. Because the loopback interface associated with the PDN router interface is not configured with any IP address, this allows the node to learn the IP address assigned during the PDN attachment process and then assign that address to the loopback interface. The PDN router interface remains fixed to that address until the cellular port goes down and another PDN attachment is performed. This mode of operation is useful in applications where using dynamic address pools simplifies management and deployment of large numbers of nodes.

In this mode, the PDN router interface is operationally up when the system verifies that the IP address assigned to the interface does not conflict with any other IP address configured on the system. If there is a conflict, the PDN router interface is kept down.

The CLI output below shows an example of a PDN router interface configured for dynamic cellular interface IPv4 mode.

*A:DUT# config# router
                interface “pdn1-loopback”
                   loopback
                   no shutdown
                exit
                interface “pdn1-sim1” pdn
                   port 1/1/1
                   unnumbered “pdn-loopback”
                   no shutdown
                exit
           exit
      exit

When using dynamic cellular interface IPv4 mode, consider the points listed below.

  1. IP/MPLS services cannot be anchored to a fixed address on the node. Instead, only those IP/MPLS services that support dynamic IP address learning and behaviors are supported, such as VPRNs with auto-bind or Layer 2 services using pseudowire templates configured with auto-gre-sdp. See Services Overview for more information.
  2. Some wireless service providers require that all packets entering their network from UE attached to their network have a source IP address that matches the IP address that the cellular network assigned to the UE. When this is a requirement, dynamic cellular interface IPv4 mode should not be used; instead, static cellular interface IPv4 mode should be used. When dynamic cellular interface IPv4 mode is used, there is no way to ensure all packets will meet the source IP address requirement as the node cannot filter a dynamically changing source IP address.
  3. The system IP address used by the NSP NFM-P to manage the node is a private IP address. An in-band management VPRN service is required for the NSP NFM-P to reach the node.

5.1.1.6. Static Cellular Interface IPv6 Mode

In the static cellular interface IPv6 mode of operation, the PDN router interface IPv6 address is configured using the config>router>interface interface-name pdn>ipv6>address command. The cellular IP address assigned to the PDN router interface is never expected to change after each subsequent attachment to the cellular network. The address configured for the PDN router interface must be within the subnet of the network-assigned static IPv6 address upon PDN attachment, and the configured address cannot be the exact address assigned during the attachment. If the configured address is not within the subnet of the network-assigned IPv6 address or matches the network-assigned IPv6 address, then an alarm is raised and the PDN router interface is kept down.

The CLI output below shows an example of a PDN interface configured for static cellular interface IPv6 mode.

A:DUT# config# router
        interface "pdn1-sim1" pdn
            port 1/1/1      
            ipv6
                address fd00:1:1:1::1/64
            exit
            no shutodwn
        exit
    exit
exit

When operating in static cellular interface IPv6 mode, consider the points listed below.

  1. GRE-MPLS based services are not supported as those packets use IPv4 addresses.
  2. IPSec secure interfaces are supported.
  3. Some wireless service providers require that all packets entering their network from UE attached to their network have a source IP address that is within the IPv6 subnet assigned during the PDN attachment process. When this is a requirement and the node is using static cellular interface IPv6 mode, the PDN interface must be configured with an IP filter that allows only egress packets that have a source IP address that is within the subnet that was assigned during the PDN attachment. A filter must be configured on each PDN router interface that requires filtering.
  4. The system IP address used by the NSP NFM-P to manage the node is a private IPv4 address. An in-band management VPRN service is required for the NSP NFM-P to reach the node.

5.1.1.7. Dynamic Cellular Interface IPv6 Mode

In the dynamic cellular interface IPv6 mode of operation, the PDN router interface is not configured with an IPv6 address using the config>router>interface interface-name pdn>ipv6>address command. Instead, the IP address and subnet is learned by the PDN router interface each time the cellular interface attaches to the network. The IP address can change with each attachment. This mode of operation is useful in applications where using a dynamic address pool simplifies the management and deployment of large numbers of nodes.

Upon PDN attachment, the system dynamically allocates an IPv6 address that exists within the subnet of the IPv6 address assigned by the network during the cellular attachment. The PDN router interface remains fixed to that address until the cellular port goes down and another cellular attachment is performed.

In this mode, the PDN router interface is operationally up when the system verifies that the IP address and subnet assigned to the interface does not conflict with any other IP address and subnet configured on the system. If there is a conflict, the PDN router interface is kept down.

The CLI output below shows an example of a PDN router interface configured for dynamic cellular interface IPv6 mode.

*A:DUT# config# router
          interface “pdn1-sim1” pdn
             port 1/1/1
             ipv6
             exit
             no shutdown
         exit
     exit
 exit

When using dynamic cellular interface IPv6 mode, the following points apply.

  1. GRE-MPLS based services are not supported as those packets use IPv4 addresses.
  2. IPSec secure interfaces are supported.
  3. Some wireless service providers require that all packets entering their network from UE attached to their network have a source IP address that is within the subnet -assigned IPv6 address and the subnet assigned to the UE during the cellular network attachment. When this is a requirement, dynamic cellular interface IPv6 mode should not be used; instead, static cellular interface IPv6 mode should be used. When dynamic cellular interface IPv6 mode is used there is no way to ensure that all packets will meet the source IP address requirement as the node cannot filter a dynamically changing source IP address.
  4. The system IP address used by the NSP NFM-P to manage the node is a private IPv4 address. An in-band management VPRN service is required for the NSP NFM-P to reach the node.

5.1.2. PDN Router Interface Command Reference

5.1.2.1. PDN Router Interface Command Hierarchy

The following PDN router interface commands are supported on the 7705 SAR-Hm series of routers.

For a description of the commands shown in black text, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide and to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Clear, Show, and Tools Command Reference Guide.

The commands shown in red text apply specifically to the PDN interface on the 7705 SAR-Hm series and are described in this guide.

config
— router [router-name]
[no] interface interface-name pdn
— cpu-protection policy-id
— no cpu-protection
— description description-string
— no description
[no] enable-ingress-stats
— group-encryption
— no group-encryption
— encryption-keygroup keygroup-id direction {inbound | outbound}
— no encryption-keygroup direction {inbound | outbound}
— ip-exception filter-id direction {inbound | outbound}
— no ip-exception direction {inbound | outbound}
— hold-time
— up ip seconds
— no up ip
— down ip seconds [init-only]
— no down
— icmp
[no] mask-reply
— param-problem [number seconds]
— no param-problem
— redirects [number seconds]
— no redirects
— ttl-expired [number seconds]
— no ttl-expired
— unreachables [number seconds]
— no unreachables
— if-attribute
[no] admin-group group-name [group-name...(up to 5 max)]
— no admin-group
[no] srlg-group group-name [group-name...(up to 5 max)]
— no srlg-group
— ingress
— filter ip ip-filter-id
— no filter ip ip-filter-id
— ip-mtu octets
— no ip-mtu
[no] ipv6
— address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-reference]
— no address ipv6-address/prefix-length
[no] ntp-broadcast
port port-id
— no port
— qos network-policy-id [egress-port-redirect-group queue-group-name] [egress-instance instance-id]] [ingress-fp-redirect-group queue-group-name ingress-instance instance-id]
— no qos
[no] shutdown
— tos-marking-state {trusted | untrusted}
— no tos-marking-state
— unnumbered [ip-addr | ip-int-name]
— no unnumbered
show
router interface interface-name

5.1.2.2. PDN Router Interface Command Descriptions

The commands and parameters described in this section apply specifically to the PDN router interface on the 7705 SAR-Hm series of routers. All other applicable commands, as listed in PDN Router Interface Command Hierarchy, are described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide.

Note:

Not all commands that are visible in the CLI and described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide are supported on the 7705 SAR-Hm series of routers.

interface

Syntax 
interface interface-name pdn
no interface pdn
Context 
config>router
Description 

This command creates a logical IP router interface for the packet data network (PDN). PDN router interfaces are always network-facing interfaces. Once created, attributes such as IP address, port, or system can be associated with the IP interface.

A PDN router interface can be configured for each cellular port.

The no form of the command removes the interface.

Parameters 
interface-name—
an alphanumeric character string describing the interface name, up to a maximum of 32 characters. The interface name must begin with a letter.
pdn—
a mandatory keyword specifying that the interface represents a PDN

port

Syntax 
port port-id
no port
Context 
config>router>interface
Description 

This command binds the PDN router interface to a physical port. The default value is the only supported port identifier.

Default 

1/1/1

Parameters 
port-id—
a value equal to the cellular port identifier on the 7705 SAR-Hm series, configured in the config>port context and in the format slot/mda/port

router

Syntax 
router interface interface-name
Context 
show
Description 

This command displays PDN router interface information.

Output 

The following output is an example of PDN router interface information.

Output Example
*A:Dut# show router interface "pdntest"
===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
pdntest                          Up        Down/Down   Pdn     n/a
   -                                                           -
-------------------------------------------------------------------------------
Interfaces : 1
===============================================================================
*A:Dut#

5.2. Filter Policy Support

For general information on filter policy support, refer to the topics listed below in the “Filter Policies” chapter of the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

  1. ACL Filter Policy Overview
    1. Filter Policy Basics
      1. Filter Policy Packet Match Criteria
      2. IPv4/IPv6 Filter Policy Entry Match Criteria
      3. IP Exception Filters
      4. Filter Policy Actions
      5. Viewing Filter Policy Actions
      6. Filter Policy Statistics
      7. Filter Policy Logging
      8. Filter Policy Management
    2. Filter Policy Advanced Topics
      1. Match List for Filter Policies
      2. Embedded Filters
      3. IP Exception Filters
  2. Configuring Filter Policies with CLI
    1. Common Configuration Tasks
      1. Creating an IPv4 Filter Policy
      2. Creating an IPv6 Filter Policy
      3. Creating an IPv4 Exception Filter Policy
      4. Creating an IPv6 Exception Filter Policy
      5. Creating a Match List for Filter Policies
      6. Applying Filter Policies
      7. Creating a Redirect Policy
  3. Filter Management Tasks

For descriptions of filter commands, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide and to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Clear, Show, and Tools Command Reference Guide.