2.11. Configuring an IP Router with CLI

This section provides information to configure an IP router using CLI.

2.11.1. Router Configuration Overview

In a Nokia router, an interface is a logical named entity. An interface is created by specifying an interface name under the config>router context. This is the global router configuration context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters, must start with a letter, and is case-sensitive; for example, the interface name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed.

To create an interface, the following basic configuration tasks must be performed.

  1. Assign a name to the interface.
  2. Associate an IP address with the interface.
  3. Associate the interface with a network interface or the system interface.
  4. Configure appropriate routing protocols.

A system interface and network interface must be configured.

2.11.1.1. System Interface

The system interface is associated with a network entity (such as a specific Nokia router), not a specific interface. The system interface is also referred to as the loopback address. The system interface is associated during the configuration of the following entities:

  1. Termination point of service tunnels
  2. Hops when configuring MPLS paths and LSPs
  3. Addresses on a target router for BGP and LDP peering

The system interface is used to preserve connectivity (when routing reconvergence is possible) when an interface fails or is removed. The system interface is used as the router identifier. A system interface must have an IP address with a 32-bit subnet mask.

2.11.1.2. Network Interface

A network interface can be configured on one of the following entities:

  1. Physical or logical port
  2. SONET/SDH channel

For the 7950 XRS, a network interface can be configured on either a physical port or Ethernet LAG interface.

2.11.2. Basic Configuration

Refer to each specific chapter for specific routing protocol information and command syntax to configure protocols such as OSPF and BGP.

The most basic router configuration must have the following:

  1. System name
  2. System address

The following example shows a router configuration for the 7750 SR and 7450 ESS:

A:ALA-A> config# info
. . .
#------------------------------------------
# Router Configuration
#------------------------------------------
    router
        interface "system"
            address 10.10.10.103/32
        exit
        interface "to-104"
            address 10.0.0.103/24
            port 1/1/1
            exit
        exit
        autonomous-system 100
        confederation 1000 members 100 200 300
   router-id 10.10.10.103
...
    exit
    isis
    exit
...
#------------------------------------------
A:ALA-A> config#

2.11.3. Common Configuration Tasks

The following sections describe basic system tasks.

2.11.3.1. Configuring a System Name

Use the system command to configure a name for the device. The name is used in the prompt string. Only one system name can be configured. If multiple system names are configured, the last one configured will overwrite the previous entry.

If special characters are included in the system name string, such as spaces, #, or ?, the entire string must be enclosed in double quotes. To configure the system name:

CLI Syntax:
config# system
name system-name
Example:
config# system
config>system# name ALA-A
ALA-A>config>system# exit all
ALA-A#

The following example shows the system name output:

A:ALA-A>config>system# info
#------------------------------------------
# System Configuration
#------------------------------------------
        name "ALA-A"
        location "Mt.View, CA, NE corner of FERG 1 Building"
        coordinates "37.390, -122.05500 degrees lat."
        snmp
        exit
 

2.11.3.2. Configuring Interfaces

The following command sequences create a system and a logical IP interface. The system interface assigns an IP address to the interface, then associates the IP interface with a physical port. The logical interface can associate attributes like an IP address or port.

The system interface cannot be deleted.

2.11.3.2.1. Configuring a System Interface

To configure a system interface:

CLI Syntax:
config>router
interface interface-name
address {ip-address/mask | ip-address [netmask]} [broadcast {all-ones | host-ones]
secondary {[address/mask | ip-address] [netmask]} [broadcast {all-ones | host-ones}] [igp-inhibit]

2.11.3.2.2. Configuring a Network Interface

To configure a network interface for the 7450 ESS:

CLI Syntax:
config>router
interface interface-name
address ip-addr{/mask-length | mask} [broadcast {all-ones | host-ones}]
cflowd {acl | interface}
egress
filter ip ip-filter-id
ingress
filter ip ip-filter-id
port port-name

To configure a network interface for the 7750 SR:

CLI Syntax:
config>router
interface interface-name
address ip-addr{/mask-length | mask} [broadcast {all-ones | host-ones}]
cflowd {acl | interface}
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
port port-name

To configure a network interface on the 7950 XRS:

CLI Syntax:
config>router
interface interface-name
address ip-addr{/mask-length | mask} [broadcast {all-ones | host-ones}]
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
port port-name

The following shows interface information about an IP configuration:

A:ALA-A>config>router# info 
#------------------------------------------
# IP Configuration
#------------------------------------------
        interface "system"
            address 10.10.0.4/32
        exit
        interface "to-ALA-2"
            address 10.10.24.4/24
            port 1/1/1
            egress
                filter ip 10
            exit
        exit
...
#------------------------------------------
A:ALA-A>config>router# 

To enable CPU protection:

CLI Syntax:
config>router
interface interface-name
cpu-protection policy-id

CPU protection policies are configured in the config>sys>security>cpu-protection context. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

2.11.3.2.3. Assigning a Key Group to a Router Interface

Use the following CLI syntax to assign a key group to a router interface:

CLI Syntax:
config>router# interface ip-int-name [create]
group-encryption
encryption-keygroup keygroup-id direction {inbound | outbound}

The following example displays a key group assigned to a router interface:

Example:
config>router# interface demo
config>router>if# group-encryption
config>router>if>group-encryp# encryption-keygroup 6 direction inbound
config>router>if>group-encryp# encryption-keygroup 6 direction outbound

The following example displays key group configuration for a router interface.

domain1>config>router# info 
----------------------------------------------
...
        interface demo
            group-encryption
                encryption-keygroup 6 direction inbound
                encryption-keygroup 6 direction outbound
                exit
            no shutdown
            exit
        exit
...
----------------------------------------------

2.11.3.2.4. Configuring IPv6 Parameters

IPv6 interfaces and associated routing protocols may only be configured on the following systems:

  1. 7950 XRS systems.
  2. 7750 SR chassis systems.
  3. 7750 SR-a chassis systems.
  4. 7750 SR-e chassis systems.
  5. 7450 ESS chassis running in mixed-mode, with IPv6 functionality limited to those interfaces on slots with 7750 IOM3-XPs/IMMs (or later) line card.
  6. 7750 SR-c4/12.

The following displays the interface configuration showing the IPv6 default configuration when IPv6 is enabled on the interface:

A:ALA-49>config>router>if>ipv6# info detail
----------------------------------------------
 ‘ port 1/2/37
   ipv6    
      packet-too-big 100 10
      param-problem 100 10
      redirects 100 10
      time-exceeded 100 10
      unreachables 100 10
   exit
----------------------------------------------
A:ALA-49>config>router>if>ipv6# exit all

To configure IPv6 parameters on a router interface:

CLI Syntax:
config>router# interface interface-name
port port-name
ipv6
address {ipv6-address/prefix-length} [eui-64]
icmp6
packet-too-big [number seconds]
param-problem [number seconds]
redirects [number seconds]
time-exceeded [number seconds]
unreachables [number seconds]
neighbor ipv6-address mac-address

The following displays a configuration example showing interface information:

A:ALA-49>config>router>if# info
----------------------------------------------
            address 10.11.10.1/24
            port 1/2/37
            ipv6
                address 2001:db8::1/24
            exit
----------------------------------------------
A:ALA-49>config>router>if# 

2.11.3.2.5. Configuring IPv6 Over IPv4 Parameters

The following sections provide several examples of the features that must be configured (tunnel ingress and egress node) to implement IPv6 over IPv4 relay services for the 7750 SR OS.

2.11.3.2.6. Tunnel Ingress Node

The following example shows the configuration of the interface through which the IPv6 over IPv4 traffic leaves the node. This must be configured on a network interface.

CLI Syntax:
config>router
static-route-entry 3ffe::c8c8:c802/128
indirect 10.200.200.2
interface ip-int-name
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
port port-name

The following example shows an interface configuration:

A:ALA-49>config>router# info
----------------------------------------------
...
        interface "ip-1.1.1.1"
            address 10.1.1.1/30
            port 1/1/1
        exit
...
----------------------------------------------
A:ALA-49>config>router#
 

Both the IPv4 and IPv6 system addresses must be configured:

CLI Syntax:
config>router
interface ip-int-name
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
ipv6
address ipv6-address/prefix-length [eui-64]

The following example shows the configuration of interface information:

A:ALA-49>config>router# info
----------------------------------------------
...
        interface "system"
            address 10.0.113.1/32
            ipv6
                address 3ffe::c8c8:c801/128
            exit
        exit
...
----------------------------------------------
A:ALA-49>config>router#

2.11.3.2.6.1. Learning the Tunnel Endpoint IPv4 System Address

The following example shows the OSPF configuration to learn the IPv4 system address of the tunnel endpoint:

CLI Syntax:
config>router
ospf
area area-id
interface ip-int-name

The following example shows the configuration of OSPF output:

A:ALA-49>config>router# info
----------------------------------------------
...
        ospf
            area 0.0.0.0
                interface "system"
                exit
                interface "ip-1.1.1.1"
                exit
            exit
        exit
----------------------------------------------
A:ALA-49>config>router#

2.11.3.2.6.2. Configuring an IPv4 BGP Peer

The following example shows the configuration of an IPv4 BGP peer with (IPv4 and) IPv6 protocol families:

CLI Syntax:
config>router
bgp
export policy-name [policy-name...(upto 5 max)]
router-id ip-address
group name
family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4]
type {internal | external}
neighbor ip-address
local-as as-number [private]
peer-as as-number

The following example shows the configuration of BGP output:

A:ALA-49>config>router# info
----------------------------------------------
...
        bgp
            export "ospf3"
            router-id 203.0.113.1
            group "main"
                family ipv4 ipv6
                type internal
                neighbor 203.0.113.2
                    local-as 1
                    peer-as 1
                exit
            exit
        exit
...
----------------------------------------------
A:ALA-49>config>router# 
 

2.11.3.2.6.3. An Example of an IPv6 Over IPv4 Tunnel Configuration

The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint.

The following example shows the configuration of a policy to export IPv6 routes into BGP:

CLI Syntax:
config>router
bgp
export policy-name [policy-name...(upto 5 max)]
router-id ip-address
group name
family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4]
type {internal | external}
neighbor ip-address
local-as as-number [private]
peer-as as-number

The following example shows the configuration output:

A:ALA-49>config>router# info
----------------------------------------------
...
        policy-options
            policy-statement "ospf3"
                description "Plcy Stmnt For 'From ospf3 To bgp'"
                entry 10
                    description "Entry From Protocol ospf3 To bgp"
                    from
                        protocol ospf3
                    exit
                    to
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
        exit
...
----------------------------------------------
A:ALA-49>config>router#

2.11.3.2.7. Tunnel Egress Node

The following example shows the configuration of the interface through which the IPv6 over IPv4 traffic leaves the node. It must be configured on a network interface. Both the IPv4 and IPv6 system addresses must be configured.

CLI Syntax:
config>router
static-route 3ffe::c8c8:c801/128
indirect 10.0.113.1
interface ip-int-name
address {ip-address/mask> | ip-address netmask} [broadcast {all-ones | host-ones}]
ipv6
address ipv6-address/prefix-length [eui-64]
port port-name

The following example shows the interface configuration:

A:ALA-49>config>router# info
----------------------------------------------
...
        interface "ip-1.1.1.2"
            address 10.1.1.2/30
            port 1/1/1
        exit
        interface "system"
            address 10.0.113.2/32
            ipv6
                address 3ffe::c8c8:c802/128
            exit
        exit
----------------------------------------------

2.11.3.2.7.1. Learning the Tunnel Endpoint IPv4 System Address

The following example shows the configuration of the OSPF configuration to learn the IPv4 system address of the tunnel endpoint:

CLI Syntax:
config>router
ospf
area area-id
interface ip-int-name

The following example shows the configuration of OSPF information:

A:ALA-49>config>router# info
----------------------------------------------
...
        ospf
            area 0.0.0.0
                interface "system"
                exit
                interface "ip-1.1.1.2"
                exit
            exit
        exit
----------------------------------------------
A:ALA-49>config>router#
 

2.11.3.2.7.2. Configuring an IPv4 BGP Peer

The following example shows the configuration an IPv4 BGP peer with (IPv4 and) IPv6 protocol families:

CLI Syntax:
config>router
bgp
export policy-name [policy-name...(upto 5 max)]
router-id ip-address
group name
family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4]
type {internal | external}
neighbor ip-address
local-as as-number [private]
peer-as as-number

The following example shows the IPv4 BGP peer configuration:

A:ALA-49>config>router# info
----------------------------------------------
...
        bgp
            export "ospf3"
            router-id 203.0.113.2
            group "main"
                family ipv4 ipv6
                type internal
                neighbor 203.0.113.1
                    local-as 1
                    peer-as 1
                exit
            exit
        exit
...
----------------------------------------------
A:ALA-49>config>router#
 

2.11.3.2.7.3. An Example of an IPv6 Over IPv4 Tunnel Configuration

The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint.

The following example shows the configuration of a policy to export IPv6 routes into BGP:

CLI Syntax:
config>router
bgp
export policy-name [policy-name...(upto 5 max)]
router-id ip-address
group name
family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4]
type {internal | external}
neighbor ip-address
local-as as-number [private]
peer-as as-number

The following example shows an IPv6 over IPv4 tunnel configuration:

A:ALA-49>config>router# info
----------------------------------------------
...
        policy-options
            policy-statement "ospf3"
                description "Plcy Stmnt For 'From ospf3 To bgp'"
                entry 10
                    description "Entry From Protocol ospf3 To bgp"
                    from
                        protocol ospf3
                    exit
                    to
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
        exit
----------------------------------------------
A:ALA-49>config>router#

2.11.3.2.8. Router Advertisement

To configure the router to originate router advertisement messages on an interface, the interface must be configured under the router-advertisement context and be enabled (no shutdown). All other router advertisement configuration parameters are optional.

Router advertisement can be configured under the config>router>router-advertisement context or under the config>service>vprn>router-advertisement context. Use the following examples of CLI syntax to enable router advertisement and configure router advertisement parameters.

To configure router advertisement on the 7750 SR:

CLI Syntax:
config>router# router-advertisement
dns-options
rdnss-lifetime seconds
dns-servers ipv6-address
interface ip-int-name
current-hop-limit number
dns-options
rdnss-lifetime {seconds | infinite}
dns-servers ipv6-address
include-dns
managed-configuration
max-advertisement-interval seconds
min-advertisement-interval seconds
mtu mtu-bytes
other-stateful-configuration
prefix ipv6-prefix/prefix-length
autonomous
on-link
preferred-lifetime {seconds | infinite}
valid-lifetime {seconds | infinite}
reachable-time milliseconds
retransmit-time milliseconds
router-lifetime seconds
no shutdown
use-virtual-mac

To configure router advertisement for the 7450 ESS:

CLI Syntax:
config>router# router-advertisement
dns-options
rdnss-lifetime seconds
interface ip-int-name
current-hop-limit number
dns-options
rdnss-lifetime {seconds | infinite}
include-dns
managed-configuration
max-advertisement-interval seconds
min-advertisement-interval seconds
mtu mtu-bytes
other-stateful-configuration
autonomous
on-link
preferred-lifetime {seconds | infinite}
valid-lifetime {seconds | infinite}
reachable-time milliseconds
retransmit-time milliseconds
router-lifetime seconds
no shutdown
use-virtual-mac

The following example shows a router advertisement configuration:

*A:sim131>config>router>router-advert# info 
----------------------------------------------
            interface "n1"
                prefix 2001:db8:3::/64
                exit
                use-virtual-mac
                no shutdown
            exit
----------------------------------------------
*A:sim131>config>router>router-advert# interface n1 
*A:sim131>config>router>router-advert>if# prefix 2001:db8:3::/64 
----------------------------------------------
                    autonomous
                    on-link
                    preferred-lifetime 604800
                    valid-lifetime 2592000
----------------------------------------------
*A:tahi>config>router>router-advert>if>prefix#

2.11.3.2.9. Configuring IPv6 Parameters

The following example shows the IPv6 default configuration when IPv6 is enabled on the interface:

A:ALA-49>config>router>if>ipv6# info detail
----------------------------------------------
  port 1/3/37
   ipv6
      packet-too-big 100 10
      param-problem 100 10
      redirects 100 10
      time-exceeded 100 10
      unreachables 100 10
   exit
----------------------------------------------
A:ALA-49>config>router>if>ipv6# exit all
 

The following example shows an IPv6 configuration:

A:ALA-49>config>router>if# info
----------------------------------------------
            address 10.11.10.1/24
            port 1/3/37
            ipv6
                address 2001:db8::1/24
            exit
----------------------------------------------
A:ALA-49>config>router>if#

2.11.3.2.9.1. An Example of an IPv6 Over IPv4 Tunnel Configuration

The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint.

The following example shows the configuration of a policy to export IPv6 routes into BGP:

CLI Syntax:
config>router
bgp
export policy-name [policy-name...(upto 5 max)]
router-id ip-address
group name
family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4]
type {internal | external}
neighbor ip-address
local-as as-number [private]
peer-as as-number

The following example shows the configuration of the policy output:

A:ALA-49>config>router# info
----------------------------------------------
...
        policy-options
            policy-statement "ospf3"
                description "Plcy Stmnt For 'From ospf3 To bgp'"
                entry 10
                    description "Entry From Protocol ospf3 To bgp"
                    from
                        protocol ospf3
                    exit
                    to
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
        exit
----------------------------------------------
A:ALA-49>config>router#

2.11.3.2.10. Configuring Proxy ARP

To configure proxy ARP, you can configure:

  1. A prefix list in the config>router>policy-options>prefix-list context.
  2. A route policy statement in the config>router>policy-options>policy-statement context and apply the specified prefix list.
    1. In the policy statement entry>to context, specify the host source address(es) for which ARP requests can or cannot be forwarded to non-local networks, depending on the specified action.
    2. In the policy statement entry>from context, specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found. For more information about route policies, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Unicast Routing Protocols Guide.
  3. Apply the policy statement to the proxy-arp configuration in the config>router>interface context.
CLI Syntax:
config>router# policy-options
begin
commit
prefix-list name
prefix ip-prefix/mask [exact | longer | through length | prefix-length-range length1-length2]

To configure the policy statement specified in the proxy-arp-policy policy-statement command:

CLI Syntax:
config>router# policy-options
begin
commit
policy-statement name
default-action {accept | next-entry | next-policy | reject}
entry entry-id
action {accept | next-entry | next-policy | drop | reject}
to
prefix-list name [name...(upto 5 max)]
from
prefix-list name [name...(upto 5 max)]

The following example shows the prefix list and policy statement configuration:

A:ALA-49>config>router>policy-options# info
----------------------------------------------
            prefix-list "prefixlist1"
                    prefix 10.20.30.0/24 through 32
            exit
            prefix-list "prefixlist2"
                    prefix 10.10.10.0/24 through 32
            exit
...
            policy-statement "ProxyARPpolicy"
                entry 10
                    from
                        prefix-list "prefixlist1"
                    exit
                    to
                        prefix-list "prefixlist2"
                    exit
                    action reject
                exit
                default-action accept
                exit
            exit
...
----------------------------------------------
A:ALA-49>config>router>policy-options# 
 

Use the following CLI to configure proxy ARP:

CLI Syntax:
config>router>interface interface-name
local-proxy-arp
proxy-arp-policy policy-name [policy-name...(upto 5 max)]
remote-proxy-arp

The following example shows a proxy ARP configuration:

A:ALA-49>config>router>if# info
----------------------------------------------
            address 192.0.2.59/24
            local-proxy-arp
            proxy-arp
                policy-statement "ProxyARPpolicy"
            exit
----------------------------------------------
A:ALA-49>config>router>if#
 

2.11.3.2.11. Creating an IP Address Range

An IP address range can be reserved for exclusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified as a service prefix. If no service prefix command is configured, no limitation exists.

The no service-prefix ip-prefix/mask command removes all address reservations. A service prefix cannot be removed while one or more services use address(es) in the range to be removed.

CLI Syntax:
config>router
service-prefix ip-prefix/mask [exclusive]

2.11.3.3. Deriving the Router ID

The router ID defaults to the address specified in the system interface command. If the system interface is not configured with an IP address, the router ID inherits the last four bytes of the MAC address. The router ID can also be manually configured in the config>router router-id context. On the BGP protocol level, a BGP router ID can be defined in the config>router>bgp router-id context and is only used within BGP.

If a new router ID is configured, protocols are not automatically restarted with the new router ID. The next time a protocol is initialized, the new router ID is used. An interim period of time can occur when different protocols use different router IDs. To force the new router ID, issue the shutdown and no shutdown commands for each protocol that uses the router ID, or restart the entire router.

It is possible to configure SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP because there is no mechanism to derive the router ID from an IPv6 system interface address.

To configure the router ID:

CLI Syntax:
config>router
router-id router-id
interface ip-int-name
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

The following example shows a router ID configuration:

A:ALA-4>config>router# info
#------------------------------------------
# IP Configuration
#------------------------------------------
        interface "system"
            address 10.10.0.4/32
        exit
    . . . 
        router-id 10.10.0.4
#------------------------------------------
A:ALA-4>config>router# 

2.11.3.4. Configuring a Confederation

Configuring a confederation is optional. The AS and confederation topology design should be carefully planned. Autonomous system (AS), confederation, and BGP connection and peering parameters must be explicitly created on each participating router. Identify AS numbers, confederation numbers, and members participating in the confederation.

See the BGP section for CLI syntax and command descriptions.

To configure a confederation:

CLI Syntax:
config>router
confederation confed-as-num members member-as-num

The following example shows the configuration of the confederation topology in Figure 2.

Note:

  1. Confederations can be preconfigured prior to configuring BGP connections and peering.
  2. Each confederation can have up to 15 members.

The following example shows a confederation configuration:

A:ALA-B>config>router# info
#------------------------------------------
# IP Configuration
#------------------------------------------
        interface "system"
            address 10.10.10.103/32
        exit
        interface "to-104"
            shutdown
            address 10.0.0.103/24
            port 1/1/1
        exit
        autonomous-system 100
        confederation 2002 members 200 300 400
        router-id 10.10.10.103
 
#------------------------------------------
A:ALA-B>config>router# 

2.11.3.5. Configuring an Autonomous System

Configuring an autonomous system is optional. To configure an autonomous system:

CLI Syntax:
config>router
autonomous-system as-number

The following example shows an autonomous system configuration:

A;ALA-A>config>router# info
#------------------------------------------
# IP Configuration
#------------------------------------------
        interface "system"
            address 10.10.10.103/32
        exit
   interface "to-104"
            address 10.0.0.103/24
            port 1/1/1
            exit
        exit
        autonomous-system 100
        router-id 10.10.10.103
#------------------------------------------
A:ALA-A>config>router# 

2.11.3.6. Configuring Overload State on a Single SFM

When a router has fewer than the full set of SFMs functioning, the forwarding capacity can be reduced. Some scenarios include:

  1. fewer than the maximum number of SFMs installed in the system
  2. one or more SFMs have failed
  3. the system is in the ISSU process and the SFM is co-located on the CPM

An overload condition can be set for IS-IS and OSPF to enable the router to still participate in exchanging routing information, but route all traffic away from it when insufficient SFMs are active. This is achieved using the following CLI commands:

CLI Syntax:
config>router>single-sfm-overload [holdoff-time hold-off-time]
config>service>vprn>single-sfm-overload [holdoff-time hold-off-time]
tools>perform>redundancy>forced-single-sfm-overload

These cause an overload state in the IGP to trigger the traffic reroute by setting the overload bit in IS-IS or setting the metric to maximum in OSPF. When PIM uses IS-IS or OSPF to find out the upstream router, a next-hop change in the IS-IS or OSPF will cause PIM to join the new path and prune the old path, which effectively also reroutes the multicast traffic downstream as well as the unicast traffic.

When the problem is resolved, and the required compliment of SFMs become active in the router, the overload condition is cleared, which will cause the traffic to be routed back to the router.

The conditions to set overload are:

  1. 7750 SR-12/SR-7/SR-c12 and 7450 ESS-12/ESS-7/ESS-6 platforms: protocol sets overload if one of the SF/CPMs fails
  2. 7750 SR-12e and 7950 XRS platforms: protocol sets overload if two SFMs fail (two SFMs belonging to different SFM pairs on the XRS-40)

2.12. Service Management Tasks

This section describes IP router service management tasks:

2.12.1. Changing the System Name

The system command sets the name of the device and is used in the prompt string. Only one system name can be configured. If multiple system names are configured, the last one configured will overwrite the previous entry.

To change the system name:

CLI Syntax:
config# system
name system-name

The following example shows the configuration to change the system name:

Example:
A:ALA-A>config>system# name tgif
A:TGIF>config>system#

The following example shows the system name change:

A:ALA-A>config>system# name TGIF
A:TGIF>config>system# info
#------------------------------------------
# System Configuration
#------------------------------------------
        name "TGIF"
    location "Mt.View, CA, NE corner of FERG 1 Building"
    coordinates "37.390, -122.05500 degrees lat."
    synchronize
    snmp
        exit
        security
            snmp
                community "private" rwa version both
            exit
        exit
        . . .
----------------------------------------------
A:TGIF>config>system#

2.12.2. Modifying Interface Parameters

Starting at the config>router level, navigate down to the router interface context.

To modify an IP address:

CLI Syntax:
A:ALA-A>config>router# interface “to-sr1”
A:ALA-A>config>router>if# shutdown
A:ALA-A>config>router>if# no address
A:ALA-A>config>router>if# address 10.0.0.25/24
A:ALA-A>config>router>if# no shutdown

To modify a port:

CLI Syntax:
A:ALA-A>config>router# interface “to-sr1”
A:ALA-A>config>router>if# shutdown
A:ALA-A>config>router>if# no port
A:ALA-A>config>router>if# port 1/1/2
A:ALA-A>config>router>if# no shutdown

The following example shows the interface configuration:

A:ALA-A>config>router# info
#------------------------------------------
# IP Configuration
#------------------------------------------
        interface "system"
            address 10.0.0.103/32
        exit
        interface "to-sr1"
            address 10.0.0.25/24
            port 1/1/2
        exit
        router-id 10.10.0.3
#------------------------------------------
A:ALA-A>config>router# 

2.12.3. Removing a Key Group from a Router Interface

Use the following CLI syntax to remove a key group from a router interface:

CLI Syntax:
config>router# interface ip-int-name
group-encryption
no encryption-keygroup keygroup-id direction {inbound | outbound}

The following example displays a key group removed from a router interface:

Example:
config>router# interface demo
config>router>if# group-encryption
config>router>if>group-encryp# no encryption-keygroup 6 direction inbound
config>router>if>group-encryp# no encryption-keygroup 6 direction outbound

The following example shows that the key group configuration has been removed from a router interface.

domain1>config>router# info 
----------------------------------------------
...
        interface demo
            group-encryption
                exit
            no shutdown
            exit
        exit
...
----------------------------------------------

2.12.4. Changing the Key Group for a Router Interface

The following CLI syntax changes the key group on a router interface. In the example below, the inbound and outbound key groups are changed from key group 6 to key group 8.

CLI Syntax:
config>router# interface ip-int-name
group-encryption
no encryption-keygroup keygroup-id direction {inbound | outbound}
Example:
config>router# interface demo
config>router>if# group-encryption
config>router>if>group-encryp# no encryption-keygroup 6 direction inbound
config>router>if>group-encryp# encryption-keygroup 8 direction outbound
config>router>if>group-encryp# encryption-keygroup 8 direction inbound

The following example shows that the key group configuration has been changed for the router interface.

domain1>config>router# info 
----------------------------------------------
...
        interface demo
            group-encryption
                encryption-keygroup 8 direction inbound
                encryption-keygroup 8 direction outbound
                exit
            no shutdown
            exit
        exit
...
----------------------------------------------

2.12.5. Deleting a Logical IP Interface

The no form of the interface command typically removes the entry, but all entity associations must be shut down and/or deleted before an interface can be deleted.

  1. Before an IP interface can be deleted, it must first be administratively disabled with the shutdown command.
  2. After the interface has been shut down, it can then be deleted with the no interface command.
CLI Syntax:
config>router
no interface ip-int-name
Example:
config>router# interface test-interface
config>router>if# shutdown
config>router>if# exit
config>router# no interface test-interface
config>router#