Configuring a VPRN Service with CLI

This section provides information to configure Virtual Private Routed Network (VPRN) services using the command line interface.

Topics in this section include:

  1. Basic Configuration
  2. Common Configuration Tasks
    1. Configuring VPRN Components
      1. Creating a VPRN Service
      2. Configuring Global VPRN Parameters
      3. Configuring VPRN Log Parameters
      4. Configuring VPRN Protocols - PIM
      5. Configuring VPRN Protocols - BGP
      6. Configuring VPRN Protocols - RIP
      7. Configuring VPRN Protocols - OSPF
      8. Configuring a VPRN Interface
      9. Configuring a VPRN Interface SAP
  3. Configuring Overload State on a Single SFM
  4. Service Management Tasks
    1. Modifying VPRN Service Parameters
    2. Deleting a VPRN Service
    3. Disabling a VPRN Service
    4. Re-enabling a VPRN Service

Basic Configuration

The following fields require specific input (there are no defaults) to configure a basic VPRN service:

  1. customer ID (refer to the 7450 ESS, 7750 SR, and 7950 XRS Services Overview Guide)
  2. specify interface parameters
  3. specify spoke SDP parameters

The following example displays a sample configuration of a VPRN service.

*A:ALA-1>config>service>vprn# info
----------------------------------------------
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                proxy-arp
                exit
                sap 1/1/10:1 create
                    ingress
                        qos 100
                    exit
                    egress
                        qos 1010
                        filter ip 10
                    exit
                exit
                dhcp
                    description "DHCP test"
                exit
                vrrp 1
                exit
            exit
            static-route-entry 6.5.0.0/24 
                next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            pim
                apply-to all
                rp
                    static
                    exit
                    bsr-candidate
                        shutdown
                    exit
                    rp-candidate
                        shutdown
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            no shutdown
----------------------------------------------
*A:ALA-1>config>service>vprn#

Common Configuration Tasks

This section provides a brief overview of the tasks that must be performed to configure a VPRN service and provides the CLI commands.

  1. Associate a VPRN service with a customer ID.
  2. Define an autonomous system (optional).
  3. Define a route distinguisher (mandatory).
  4. Define VRF route-target associations or VRF import/export policies.
  5. Define PIM parameters (optional).
  6. Create a subscriber interface (applies to the 7750 SR only and is optional).
  7. Create an interface.
  8. Define SAP parameters on the interface.
    1. Select node(s) and port(s).
    2. Optional - select QoS policies other than the default (configured in config>qos context).
    3. Optional - select filter policies (configured in config>filter context).
    4. Optional - select accounting policy (configured in config>log context).
    5. Optional - configure DHCP features. (applies to the 7450 ESS and 7750 SR)
  9. Define BGP parameters (optional).
    1. BGP must be enabled in the config>router>bgp context.
  10. Define RIP parameters (optional).
  11. Define spoke SDP parameters (optional).
  12. Create confederation autonomous systems within an AS. (optional).
  13. Enable the service.

Configuring VPRN Components

This section provides VPRN configuration examples for the following entities:

  1. Creating a VPRN Service
  2. Configuring Global VPRN Parameters
  3. Configuring VPRN Log Parameters
  4. Configuring VPRN Protocols - PIM
  5. Configuring Router Interfaces
  6. Configuring VPRN Protocols - OSPF
  7. Configuring a VPRN Interface SAP
  8. Configuring VPRN Protocols - BGP
  9. Configuring VPRN Protocols - RIP

Creating a VPRN Service

Use the following CLI syntax to create a VRPN service. A route distinguisher must be defined and the VPRN service must be administratively up in order for VPRN to be operationally active.

CLI Syntax:
config>service# vprn service-id [customer customer-id]
route-distinguisher [ip-address:number1 | asn:number2]
description description-string
no shutdown

The following example displays a VPRN service configuration.

*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            route-distinguisher 10001:0
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service>vprn# 
 

Configuring Global VPRN Parameters

Refer to VPRN Service Configuration Commands for CLI syntax to configure VPRN parameters.

The following example displays a VPRN service with configured parameters.

*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            autonomous-system 10000
            route-distinguisher 10001:1
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service# 
 

Configuring VPRN Log Parameters

The following output displays a VPRN log configuration example.

B:Dut-C>config>service>vprn# info 
----------------------------------------------
            dhcp
                local-dhcp-server "vprn_1" create
                    use-pool-from-client
                    force-renews
                    no shutdown
                exit
            exit
            snmp
                 community "YsMv96H2KZVKQeakNAq.38gvyr.MH9vA" hash2 r version both
                 community "gkYL94l90FFgu91PiRNvn3Rnl0edkMU1" hash2 rw version v2c
                 access
            log
                filter 1 
                    default-action forward
                    entry 1 
                        action forward
                    exit 
                exit 
                syslog 1
                    address 3ffe::e01:403
                    log-prefix "vprn1"
                exit 
                snmp-trap-group 3
                    trap-target "3" address 3ffe::e01:403 port 9000 snmpv2c notify-
community "vprn1"
                exit 
                log-id 1 
                    filter 1 
                    from main change 
                    to syslog 1
                exit 
                log-id 3 
                    filter 1 
                    from main change 
                    to snmp
                exit 
            exit
...
----------------------------------------------
B:Dut-C>config>service>vprn# 

Configuring a Spoke-SDP

Use the following CLI syntax to configure spoke SDP parameters:

CLI Syntax:
config>service# vprn service-id [customer customer-id]
spoke-sdp sdp-id
no shutdown
interface ip-int-name
spoke-sdp sdp-id:vc-id [vc-type {ether | vlan}]
egress
filter {ip ip-filter-id}
vc-label egress-vc-label
ingress
filter {ip ip-filter-id}
vc-label ingress-vc-label
tos-marking-state {trusted | untrusted}
no shutdown

Use the following CLI syntax to configure spoke SDP parameters for the 7750 SR:

CLI Syntax:
config>service# vprn service-id [customer customer-id]
spoke-sdp sdp-id
no shutdown
interface ip-int-name
spoke-sdp sdp-id:vc-id [vc-type {ether | vlan | vpls}]
egress
filter {ip ip-filter-id}
vc-label egress-vc-label
ingress
filter {ip ip-filter-id}
vc-label ingress-vc-label
tos-marking-state {trusted | untrusted}
no shutdown

The following output displays a spoke SDP configuration.

A:ALA-48>config>service>vprn# info
----------------------------------------------
...
            interface "SpokeSDP" create
                spoke-sdp 3:4 create
                    ingress
                        vc-label 3000
                        filter ip 10
                    exit
                    egress
                        vc-label 2000
                        filter ip 10
                    exit
                exit
            exit
...
            spoke-sdp 3 create
            exit
            no shutdown
----------------------------------------------
A:ALA-48>config>service>vprn#
 

Configuring VPRN Protocols - PIM

Refer to VPRN Service Configuration Commands for CLI syntax to configure VPRN parameters.

The following example displays a VPRN PIM configuration for the 7750 SR:

config>service# info
#------------------------------------------
...
        vprn 1 customer 2 create
            route-distinguisher 1:11
            interface "if1" create
                address 12.13.14.15/32
                loopback
            exit
            interface "if2" create
                address 14.14.14.1/24
                sap 1/1/2:0 create
                exit
            exit
            pim
                interface "if1"
                exit
                interface "if2"
                exit
                rp
                    static
                    exit
                    bsr-candidate
                        shutdown
                    exit
                    rp-candidate
                        shutdown
                    exit
                exit
            exit
            no shutdown
        exit
    exit
#------------------------------------------
config>service#
 

Configuring Router Interfaces

Refer to the Router Configuration Guide for command descriptions and syntax information to configure router interfaces.

The following example displays a router interface configurations:

ALA48>config>router# info
#------------------------------------------
echo "IP Configuration"
#------------------------------------------
...
        interface "if1"
            address 2.2.2.1/24
            port 1/1/33
        exit
        interface "if2"
            address 10.49.1.46/24
            port 1/1/34
        exit
        interface "if3"
            address 11.11.11.1/24
            port 1/1/35
        exit
...
#------------------------------------------
ALA48>config>router# 

Configuring VPRN Protocols - BGP

The autonomous system number and router ID configured in the VPRN context only applies to that particular service.

The minimal parameters that should be configured for a VPRN BGP instance are:

  1. Specify an autonomous system number for the router. See Configuring Global VPRN Parameters.
  2. Specify a router ID - If a new or different router ID value is entered in the BGP context, then the new values takes precedence and overwrites the VPRN-level router ID. See Configuring Global VPRN Parameters.
  3. Specify a VPRN BGP peer group.
  4. Specify a VPRN BGP neighbor with which to peer.
  5. Specify a VPRN BGP peer-AS that is associated with the above peer.

VPRN BGP is administratively enabled upon creation. Minimally, to enable VPRN BGP in a VPRN instance, you must associate an autonomous system number and router ID for the VPRN service, create a peer group, neighbor, and associate a peer AS number. There are no default VPRN BGP groups or neighbors. Each VPRN BGP group and neighbor must be explicitly configured.

All parameters configured for VPRN BGP are applied to the group and are inherited by each peer, but a group parameter can be overridden on a specific basis. VPRN BGP command hierarchy consists of three levels:

  1. the global level
  2. the group level
  3. the neighbor level

For example:

CLI Syntax:
config>service>vprn>bgp# (global level)
group (group level)
neighbor (neighbor level)

The local-address must be explicitly configured if two systems have multiple BGP peer sessions between them for the session to be established.

For more information about the BGP protocol, refer to the Router Configuration Guide.

Configuring VPRN BGP Group and Neighbor Parameters

A group is a collection of related VPRN BGP peers. The group name should be a descriptive name for the group. Follow your group, name, and ID naming conventions for consistency and to help when troubleshooting faults.

All parameters configured for a peer group are applied to the group and are inherited by each peer (neighbor), but a group parameter can be overridden on a specific neighbor-level basis.

After a group name is created and options are configured, neighbors can be added within the same autonomous system to create IBGP connections and/or neighbors in different autonomous systems to create EBGP peers. All parameters configured for the peer group level are applied to each neighbor, but a group parameter can be overridden on a specific neighbor basis.

Configuring Route Reflection

Route reflection can be implemented in autonomous systems with a large internal BGP mesh to reduce the number of IBGP sessions required. One or more routers can be selected to act as focal points, for internal BGP sessions. Several BGP-speaking routers can peer with a route reflector. A route reflector forms peer connections to other route reflectors. A router assumes the role as a route reflector by configuring the cluster cluster-id command. No other command is required unless you want to disable reflection to specific peers.

If you configure the cluster command at the global level, then all subordinate groups and neighbors are members of the cluster. The route reflector cluster ID is expressed in dotted decimal notation. The ID should be a significant topology-specific value. No other command is required unless you want to disable reflection to specific peers.

If a route reflector client is fully meshed, the disable-client-reflect command can be enabled to stop the route reflector from reflecting redundant route updates to a client.

Configuring BGP Confederations

A VPRN can be configured to belong to a BGP confederation. BGP confederations are one technique for reducing the degree of IBGP meshing within an AS. When the confederation command is in the configuration of a VPRN the type of BGP session formed with a VPRN BGP neighbor is determined as follows:

  1. The session is of type IBGP if the peer AS is the same as the local AS.
  2. The session is of type confed-EBGP if the peer AS is different than the local AS AND the peer AS is listed as one of the members in the confederation command.
  3. The session is of type EBGP if the peer AS is different than the local AS AND the peer AS is not listed as one of the members in the confederation command.

VPRN BGP CLI Syntax

Use the CLI syntax to configure VPRN BGP parameters.

The following example displays a VPRN BGP configuration:

*A:ALA-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24   
                next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#

Configuring VPRN Protocols - RIP

PE routers which attach to a particular VPN need to know, for each of that VPN's sites, which addresses in that VPN are at each site. There are several ways that a PE router can obtain this set of addresses. The Routing Information Protocol (RIP) sends routing update messages that include entry changes. The routing table is updated to reflect the new information. This functionality applies only to the 7450 ESS and 7750 SR.

RIP can be used as a PE/CE distribution technique. PE and CE routers may be RIP peers, and the CE may use RIP to tell the PE router the set of address prefixes which are reachable at the CE router's site. When RIP is configured in the CE, care must be taken to ensure that address prefixes from other sites (i.e., address prefixes learned by the CE router from the PE router) are never advertised to the PE. Specifically, if a PE router receives a VPN-IPv4 route, and as a result distributes an IPv4 route to a CE, then that route must not be distributed back from that CE's site to a PE router (either the same router or different routers).

In order to enable a VPRN RIP instance, the RIP protocol must be enabled in the config>service> >vprn>rip context of the VPRN. VPRN RIP is administratively enabled upon creation. Configuring other RIP commands and parameters are optional.

Caution:

Careful planning is essential to implement commands that can affect the behavior of VPRN RIP global, group, and neighbor levels. Because the RIP commands are hierarchical, analyze the values that can disable features on a particular level.

The parameters configured on the VPRN RIP global level are inherited by the group and neighbor levels. Many of the hierarchical VPRN RIP commands can be modified on different levels. The most specific value is used. That is, a VPRN RIP group-specific command takes precedence over a global VPRN RIP command. A neighbor-specific statement takes precedence over a global VPRN RIP and group-specific command. For example, if you modify a VPRN RIP neighbor-level command default, the new value takes precedence over VPRN RIP group- and global-level settings. There are no default VPRN RIP groups or neighbors. Each VPRN RIP group and neighbor must be explicitly configured.

The minimal parameters that should be configured for a VPRN instance are:

  1. Specify a VPRN RIP peer group.
  2. Specify a VPRN RIP neighbor with which to peer.
  3. Specify a VPRN RIP peer-AS that is associated with the above peer.

VPRN RIP command hierarchy consists of three levels:

  1. The global level
  2. The group level
  3. The neighbor level

For example:

CLI Syntax:
config>service>vprn>rip# (global level)
group (group level)
neighbor (neighbor level)

VPRN RIP CLI Syntax

The following example displays a VPRN RIP configuration:

*A:ALA-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service# info 

For more information about the RIP protocol, refer to the Router Configuration Guide.

Configuring VPRN Protocols - OSPF

Each VPN routing instance is isolated from any other VPN routing instance, and from the routing used across the backbone. OSPF can be run with any VPRN, independently of the routing protocols used in other VPRNs, or in the backbone itself. For more information about the OSPF protocol, refer to the Router Configuration Guide.

CLI Syntax:
config>service>vprn>ospf#

VPRN OSPF CLI Syntax

Refer to OSPF Commands for CLI syntax to configure VPRN parameters.

The following example displays the VPRN OSPF configuration shown above:

*A:ALA-48>config>service# info
----------------------------------------------
 vprn 2 customer 1 create
            interface "test" create
            exit
            no shutdown
        exit
            area 0.0.0.0
                virtual-link 1.2.3.4 transit-area 1.2.3.4
                    hello-interval 9
                    dead-interval 40
                exit
    exit
----------------------------------------------
*A:ALA-48>config>service#

For more information about the OSPF protocol, refer to the Router Configuration Guide.

Configuring TMS Parameters

The following example displays a VPRN TMS configuration for the 7750 SR:

configure
    service
        customer 1 create
            description "Default customer"
        exit
        vprn 1 customer 1 create
            ecmp 16
            router-id 0.0.3.1
            autonomous-system 1
            route-distinguisher 1.1.1.3:1
            auto-bind-tunnel
resolution filter
                resolution-filter ldp
            vrf-target target:1:1
            tms-interface "mda-1-1" create
                address 20.12.0.43/32
                description "tms-1-1"
                port 1/1
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-2-1" create
                address 20.12.0.44/32
                description "tms-2-1"
                port 2/1
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-2-2" create
                address 20.12.0.45/32
                description "tms-2-2"
                port 2/2
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-3-1" create
                address 20.12.0.46/32
                description "tms-3-1"
                port 3/1
                password "password=arbor zone-secret=admin"
            exit
            no shutdown
        exit
    exit 
exit 
 
configure service vprn 1
         tms-interface "mda-1-1" create
             address 20.12.0.43/32
             description "tms-1-1"
             port 1/1
             password "password=arbor zone-secret=admin"
         exit
     exit
 
     configure router
        interface "itfToArborCP"
            address 10.12.0.1/24
            port 3/2/4
        exit
     exit

Configuration Notes:

  1. Use the mda-type isa-tms parameter for this configuration
  2. The tms-interface address 20.12.0.43/32 should be configured on the ArborSP via "Administration> Peakflow Appliances"
  3. The port is the card/mda
  4. The tms-interface address 20.12.0.43/32 results in a static route in the Base instance
*A:Dut-C# show router route-table 20.12.0.43/32 
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto    Age         Pref
Next Hop[Interface Name]                                   Metric    
-------------------------------------------------------------------------------
20.12.0.43/32                                 Remote  Static   00h08m49s   5
vprn1:mda-1-1                                                1
-------------------------------------------------------------------------------
  1. The tms-interface zone-secret=admin should match with the zone-secret used on the ArborSP
  2. The tms-interface password=arbor should be used as password during ssh/telnet to tms
  3. The tms-interface ipv6. This is a prerequisite for adding IPv6 TMS routes and scrubbing IPv6 traffic
  4. The connectivity SR/ArborSP goes via port 3/2/4 interface itfToArborCP (10.12.0.1) to an interface (10.12.0.2) of the ArborSP.
  5. On the ArborSP, to reach the TMS, a static route like this is needed: 20.12.0.0/24 with next-hop 10.12.0.1
  6. On the SR, to reach the ArborSP a static route like this is needed (with 138.203.71.202 the mgmt ip address of the ArborSP (eth0):
               static-route-entry 138.203.71.202/32
                   next-hop 10.12.0.2
  7. Use the same ntp server on both SR/ArborSP and enable ntp-server (because CPM is ntp server for isa-tms's)
  8. A policy (in this example "exporttmsgrt") is needed to leak tms routes to bgp
  9. If you want to telnet/ping to tms, then you should enable first following services: ssh 127.1.mda.slot -l admin router management
           ip access add ping all 0.0.0.0/0
           ip access add telnet all 0.0.0.0/0
           ip access commit
           services telnet start
           config write
  1. On the ArborSP
  2. Use a TMS cluster which holds the relevant isa-tms's Administration> Mitigation> TMS-ISA Clusters
  3. Put the TMS cluster in a TMS group Administration> Mitigation> TMS Groups
  4. Use the TMS Group in the mitigation rule (Mitigation> Threat Management> Add> TMS Appliances)

Configuring a VPRN Interface

Interface names associate an IP address to the interface, and then associate the IP interface with a physical port. The logical interface can associate attributes like an IP address, port, Link Aggregation Group (LAG) or the system.

There are no default interfaces.

You can configure a VPRN interface as a loopback interface by issuing the loopback command instead of the sap sap-id command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

When using mtrace/mstat in a Layer 3 VPN context then the configuration for the VPRN should have a loopback address configured which has the same address as the core instance's system address (BGP next-hop).

Refer to OSPF Commands for CLI commands and syntax.

The following example displays a VPRN interface configuration:

*A:ALA-1>config>service>vprn# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                exit
            exit
            static-route 6.5.0.0/24 
                next-hop 10.1.1.2
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#

Configuring Overload State on a Single SFM

A 7450 ESS or 7750 SR system with a single SFM installed has a system multicast throughput that is only a half of a system with dual SFMs installed. For example, in a mixed environment in which IOM1s, IOM2s, and IOM3s are installed in the same system (chassis mode B or C), system multicast throughput doubles when redundant SFMs are used instead of a single SFM. If the required system multicast throughput is between 16G and 32G (which means both SFMs are being actively used), when there is an SFM failure, multicast traffic needs to be rerouted around the node.

Some scenarios include:

  1. there is only one SFM installed in the system
  2. one SFM (active or standby) failed in a dual SFM configuration
  3. the system is in the ISSU process

You can use an overload state in IGP on a 7450 ESS or 7750 SR to trigger the traffic reroute by setting the overload bit or setting the metric to maximum in OSPF. Since PIM uses IGP to find out the upstream router, a next-hop change in IGP will cause PIM to join the new path and prune the old path, which effectively reroutes the multicast traffic downstream. When the problem is resolved, the overload condition is cleared, which will cause the traffic to be routed back to the router.

Configuring a VPRN Interface SAP

A SAP is a combination of a port and encapsulation parameters which identifies the service access point on the interface and within the SR. Each SAP must be unique within a router. A SAP cannot be defined if the interface loopback command is enabled.

When configuring VPRN interface SAP parameters, a default QoS policy is applied to each ingress and egress SAP. Additional QoS policies and scheduler policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.

VPRN interface ATM SAP parameters on a 7750 SR can only be configured on ATM-type MDAs and ATM-configured ports. The periodic-loopback command can only be enabled when the config>system>atm>oam context is enabled. See the Basic System Configuration Guide.

Refer to OSPF Commands for CLI commands and syntax.

The following example displays a VPRN interface SAP configuration:

*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 
                next-hop 10.1.1.2
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#

Configuring IPSec Parameters

The following output displays service with IPSec parameters configured.

*A:ALA-49>config# info
----------------------------------------------
...
    service
        ies 100 customer 1 create
            interface "ipsec-public" create
                address 10.10.10.1/24
                sap ipsec-1.public:1 create
                exit
            exit
            no shutdown
        exit
  vprn 200 customer 1 create
            ipsec
                security-policy 1 create
                    entry 1 create
                        local-ip 172.17.118.0/24
                        remote-ip 172.16.91.0/24
                    exit
                exit
            exit
 route-distinguisher 1:1
            interface “ipsec-private” tunnel create
                sap tunnel-1.private:1 create
                    ipsec-tunnel “remote-office” create
                        security-policy 1
                        local-gateway-address 10.10.10.118 peer 10.10.7.91 delivery-
service 100
                        dynamic-keying
                            ike-policy 1
                            pre-shared-key "humptydumpty"
                            transform 1
                        exit
                        no shutdown
                    exit
                exit
            exit
            interface "corporate-network" create
                address 172.17.118.118/24
                sap 1/1/2 create
                exit
            exit
static-route-entry 172.16.91.0/24
     ipsec-tunnel "remote-office"
            no shutdown
        exit
    exit
...
----------------------------------------------
*A:ALA-49>config#

Service Management Tasks

This section discusses the following service management tasks:

  1. Modifying VPRN Service Parameters
  2. Deleting a VPRN Service

Modifying VPRN Service Parameters

Use the CLI syntax to modify VPRN parameters (VPRN Service Configuration Commands).

The following example displays the VPRN service creation output.

*A:ALA-1>config>service# info
----------------------------------------------
...
vprn 1 customer 1 create
            shutdown
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            maximum-routes 2000
            autonomous-system 10000
            route-distinguisher 10001:1
            interface "to-ce1" create
                address 10.1.1.1/24
                sap 1/1/10:1 create
                exit
            exit
            static-route 6.5.0.0/24 
                next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-ce1"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
        exit
...
----------------------------------------------
*A:ALA-1>config>service>vprn#

Deleting a VPRN Service

An VPRN service cannot be deleted until SAPs and interfaces are shut down and deleted. If protocols and/or a spoke-SDP are defined, they must be shut down and removed from the configuration as well.

Use the following CLI syntax to delete a VPRN service:

CLI Syntax:
config>service#
[no] vprn service-id [customer customer-id]
shutdown
[no] interface ip-int-name
shutdown
[no] sap sap-id]
[no] bgp
shutdown
[no] rip
shutdown
[no] spoke-sdp sdp-id
[no] shutdown

Disabling a VPRN Service

A VPRN service can be shut down without deleting any service parameters.

CLI Syntax:
config>service#
vprn service-id [customer customer-id]
shutdown
Example:
config>service# vprn 1
config>service>vprn# shutdown
config>service>vprn# exit
*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            shutdown
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind-tunnel
                resolution filter
                resolution-filter ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 
                next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
        exit
...
----------------------------------------------
*A:ALA-1>config>service#

Re-enabling a VPRN Service

To re-enable a VPRN service that was shut down.

CLI Syntax:
config>service#
vprn service-id [customer customer-id]
no shutdown