This chapter describes the VLL service configuration command reference.
This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.
The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.
Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described as follows in Special Cases.
The no form of this command places the entity into an administratively enabled state.
This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the string from the configuration.
no description
This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the string from the configuration.
no description
The Apipe service provides a point-to-point Layer 2 VPN connection to a remote SAP or to another local SAP. An Apipe can connect an ATM or Frame Relay endpoint either locally or over a PSN to a remote endpoint of the same type or of a different type and perform interworking between the two access technologies.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
This command configures a Circuit Emulation Services instance.
When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
After a service is created, the use of the customer customer-id parameter is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.
By default, no services exist until they are explicitly created with this command.
The no form of this command deletes the service instance with the specified service-id. The service cannot be deleted until the service has been shutdown.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
This command configures an Epipe service instance. This command is used to configure a point-to-point epipe service. An Epipe connects two endpoints defined as Service Access Points (SAPs). Both SAPs may be defined in one 7450 ESS, 7750 SR, or 7950 XRS or they may be defined in separate devices connected over the service provider network. When the endpoint SAPs are separated by the service provider network, the far end SAP is generalized into a Service Distribution Point (SDP). This SDP describes a destination and the encapsulation method used to reach it.
No MAC learning or filtering is provided on an Epipe.
When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. After a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.
By default, no epipe services exist until they are explicitly created with this command.
The no form of this command deletes the epipe service instance with the specified service-id. The service cannot be deleted until the service has been shutdown.
Cpipe services are enabled on the 7450 ESS.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
This command configures an Fpipe service. An Fpipe provides a point-to-point L2 VPN connection to a remote SAP or to another local SAP. An Fpipe connects only Frame Relay endpoints either locally or over a PSN to a remote endpoint of the same type.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
This command configures an IP-Pipe service.
To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.
If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.
Commands listed in this section may apply to multiple Apipe, Cpipe, Epipe, Fpipe, and Ipipe contexts.
This command configures a service endpoint.
This command specifies that the node will delay sending the change in the T-LDP status bits for the VLL endpoint when the MC-LAG transitions the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby or when any object in the endpoint. For example, SAP, ICB, or regular spoke SDP, transitions from up to down operational state.
By default, when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of “standby” over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
There is no delay applied to the VLL endpoint status bit advertisement when the MC-LAG transitions the LAG subgroup which hosts the SAP from standby to active or when any object in the endpoint transitions to an operationally up state.
active-hold-delay 0
A value of zero means that when the MC-LAG transitioned the LAG subgroup which hosts the SAP for this VLL endpoint from active to standby, the node sends immediately new T-LDP status bits indicating the new value of standby over the spoke SDPs which are on the mate-endpoint of the VLL. The same applies when any object in the endpoint changes an operational state from up to down.
This command configures the time to wait before reverting back to the primary spoke SDP defined on this service endpoint, after having failed over to a backup spoke SDP.
When this command is enabled, the pseudowire standby bit (value 0x00000020) will be sent to T-LDP peer for each spoke SDP of the endpoint that is selected as a standby.
This command is mutually exclusive with a VLL mate SAP created on a mc-lag/mc-aps or ICB. It is also mutually exclusive with vc-switching.
This command specifies the interworking function that should be applied for packets that ingress or egress SAPs that are part of an Apipe service.
Interworking must be configured before adding a Frame-Relay SAP to an Apipe service. Interworking is applicable only when the two endpoints (that is, the two SAPs or the SAP and the spoke SDP) are of different types. Also, there are limitations on the combinations of SAP type, vc-type, and interworking values as shown in Table 12.
SAP Type | Allowed VC-Type Value | Allowed Interworking Value |
ATM VC | atm-vcc, atm-sdu | — |
fr-dlci | ||
FR DLCI | fr-dlci | — |
atm-sdu | frf-5 |
This command configures the service payload (Maximum Transmission Unit – MTU), in bytes, for the service. This MTU value overrides the service-type default MTU. The service-mtu defines the payload capabilities of the service. It is used by the system to validate the SAP and SDP binding’s operational state within the service.
The service MTU and a SAP’s service delineation encapsulation overhead (4 bytes for a dot1q tag) is used to derive the required MTU of the physical port or channel on which the SAP was created. If the required payload is larger than the port or channel MTU, then the SAP will be placed in an inoperative state. If the required MTU is equal to or less than the port or channel MTU, the SAP will be able to transition to the operative state.
When binding an SDP to a service, the service MTU is compared to the path MTU associated with the SDP. The path MTU can be administratively defined in the context of the SDP. The default or administrative path MTU can be dynamically reduced due to the MTU capabilities discovered by the tunneling mechanism of the SDP or the egress interface MTU capabilities based on the next hop in the tunnel path. If the service MTU is larger than the path MTU, the SDP binding for the service will be placed in an inoperative state. If the service MTU is equal to or less than the path MTU, then the SDP binding will be placed in an operational state.
If a service MTU, port or channel MTU, or path MTU is dynamically or administratively modified, then all associated SAP and SDP binding operational states are automatically re-evaluated.
Binding operational states are automatically re-evaluated.
For i-VPLS and Epipes bound to a b-VPLS, the service-mtu must be at least 18 bytes smaller than the b-VPLS service MTU to accommodate the PBB header.
Because this connects a Layer 2 to a Layer 3 service, adjust either the service-mtu under the Epipe service. The MTU that is advertised from the Epipe side is service-mtu minus EtherHeaderSize.
The no form of this command returns the default service-mtu for the indicated service type to the default value.
By default, if no service-mtu is configured it is (1514 - 14) = 1500.
apipe, fpipe: 1508
ipipe: 1500
epipe: 1514
Table 13 shows MTU values for specific VC types.
SAP VC-Type | Example: Service MTU | Advertised MTU |
Ethernet | 1514 | 1500 |
Ethernet (with preserved dot1q) | 1518 | 1504 |
VPLS | 1514 | 1500 |
VPLS (with preserved dot1q) | 1518 | 1504 |
VLAN (dot1p transparent to MTU value) | 1514 | 1500 |
VLAN (Q-in-Q with preserved bottom Qtag) | 1518 | 1504 |
This command overrides the pseudowire type signaled to type 0x0009 N:1 VCC cell within an Apipe VLL service of vc-type atm-cell. Normally, this service vc-type signals a pseudowire of type 0x0003 ATM Transparent Cell.
This command is not allowed in an Apipe VLL of vc-type value atm-cell if a configured ATM SAP is not using a connection profile. Conversely, if the signaling override command is enabled, only an ATM SAP with a connection profile assigned will be allowed.
The override command is not allowed on Apipe VLL service of vc-type value other than atm-cell. It is also not allowed on a VLL service with the vc-switching option enabled since signaling of the PW FEC in a Multi-Segment PW (MS-PW) is controlled by the T-PE nodes. Therefore, for this feature to be used on a MS-PW, it is required to configure an Apipe service of vc-type atm-cell at the T-PE nodes with the signaled-vc-type-override enabled, and to configure a Apipe VLL service of vc-type atm-vcc at the S-PE node with the vc-switching option enabled.
The no form of this command returns the Apipe VLL service to signal its default pseudowire type.
Commands listed in this section may apply to multiple Apipe, Cpipe, Epipe, Fpipe, and Ipipe contexts.
This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the device. Each SAP must be unique.
All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.
Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.
A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port. Channelized TDM ports are always access ports.
If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded.
The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The following are supported on the 7750 SR only:
Ethernet SAPs support null, dot1q, and qinq is supported for all routers.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed.
By default, no SAPs are defined.
A default SAP has the following format: port-id:*. This type of SAP is supported only on Ethernet MDAs and its creation is allowed only in the scope of Layer 2 services (Epipe and VPLS). This type of SAP is mutually exclusive with a SAP defined by explicit null encapsulation (for example, 1/1/1:0).
Two Frame Relay SAPs cannot be configured on an Apipe service on the 7750 SR. The limitation is for an Apipe service in local mode, which has two SAPs associated with the service, as opposed to a configuration with a SAP and a SDP in remote case, the only combination of the type of SAPs allowed is either two ATM SAPs or an ATM SAP and a Frame Relay SAP. The CLI prevents adding two Frame Relay SAPs under an Apipe service.
If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.
The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period “.” separates the physical port from the channel-id. The port must be configured as an access port.
If the SONET/SDH port is configured as clear-channel then only the port is specified.
port-id | slot/mda/port [.channel] | ||
eth-sat-id | esat-id/slot/port | ||
esat | keyword | ||
id | 1 to 20 | ||
pxc-id | pxc-id.sub-port | ||
pxc | keyword | ||
id | 1 to 64 | ||
sub-port | a, b |
The following is an example of Apipe SAP information.
This command creates the accounting policy context that can be applied to a SAP.
An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.
A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
no accounting policy
This command enables access to the context to configure ATM-related attributes. This command can only be used when a specified context (for example, a channel or SAP) supports ATM functionality such as:
If ATM functionality is not supported for a specified context, the command returns an error.
This command configures egress ATM attributes for the SAP.
This command configures ingress ATM attributes for the SAP.
This command assigns an ATM traffic descriptor profile to a specified context (for example, a SAP).
When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction. When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.
The no form of this command reverts the traffic descriptor to the default traffic descriptor profile.
The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created PVCC-delimited SAPs.
This command enables Link Loss Forwarding (LLF) on an Ethernet port or an ATM port. This feature provides an end-to-end OAM fault notification for Ethernet VLL service and for ATM VLL service of vc-type atm-cell. It brings down the Ethernet port (Ethernet LLF) or sends a SONET/SDH Path AIS (ATM LLF) toward the attached CE when there is a local fault on the Pseudowire or service, or a remote fault on the SAP or pseudowire, signaled with label withdrawal or T-LDP status bits. It ceases when the fault disappears.
The Ethernet port must be configured for null encapsulation.
For the 7750 SR, the ATM port must be configured as a SAP on an Apipe service of vc-type atm-cell. The ATM port must also be configured on the following MDAs:
The ATM port must be configured as a SAP on an Apipe service of vc-type atm-cell. The ATM port must also be configured on the following MDAs:
This feature is also supported in Epipes with BGP-EVPN enabled. In this case, upon removal of the EVPN destination, the port is brought oper-down with flag LinkLossFwd, however the AD per-EVI route for the SAP is still advertised (the SAP is kept oper-up).
The no form of this command disables LLF on an Ethernet port or an ATM port.
no llf
This command enables the context to configure OAM functionality for a PVCC delimiting a SAP.
This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC terminations to monitor and report the status of their connection by propagating fault information through the network and by driving PVCC’s operational status.
When alarm-cells functionality is enabled, a PVCC’s operational status is affected when a PVCC goes into an AIS or RDI state because of an AIS/RDI processing (assuming nothing else affects PVCC’s operational status, for example, if the PVCC goes operationally down, or enters a fault state and becomes operationally up, or exits that fault state). RDI cells are generated when PVCC is operationally down. No OAM-specific SNMP trap is raised whenever an endpoint enters/exits an AIS or RDI state, however, if as result of an OAM state change, the PVCC changes operational status, then a trap is expected from an entity the PVCC is associated with (for example a SAP).
The no command disables alarm-cells functionality for a PVCC. When alarm-cells functionality is disabled, a PVCC’s operational status is no longer affected by a PVCC’s OAM state changes due to AIS/RDI processing (when alarm-cells is disabled, a PVCC will change operational status to operationally up due to alarm-cell processing) and RDI cells are not generated as result of the PVCC going into AIS or RDI state. The PVCC’s OAM status, however, will record OAM faults as previously described.
Enabled for PVCCs delimiting IES SAPs
This command specifies whether this SAP will act as an OAM termination point. ATM SAPs can be configured to tunnel or terminate OAM cells.
When configured to not terminate (the default is no terminate), the SAP will pass OAM cells through the VLL without inspecting them. The SAP will respond to OAM loopback requests that are directed to the local node by transmitting a loopback reply. Other loopback requests are transparently tunneled through the pseudowire. In this mode, it is possible to launch a loopback request toward the directly-attached ATM equipment and see the results of the reply.
When configured to terminate, the SAP will respond to AIS by transmitting RDI and will signal the change of operational status to the other endpoint (for example, through LDP status notifications). The SAP will respond to OAM loopback requests by transmitting a loopback reply. In this mode, it is possible to launch a loopback request toward the directly-attached ATM equipment and see the results of the reply.
For Apipe services, the user has the option of enabling or disabling this option for VC types atm-vcc and atm-sdu since these service types maintain the ATM layer and/or the AAL5 layer across the VLL. It is not supported on atm-vpc and atm-cell apipe vc types since the VLL must pass the VC level (F5) OAM cells.
The terminate option for OAM is the only and default mode of operation supported for an ATM SAP which is part of Epipe, Ipipe, VPLS, and IES/VPRN. This is because the ATM and AAL5 layers are terminated.
For Apipe services, the user has the option of enabling or disabling this option for vc types atm-vcc and atm-sdu since these service types maintain the ATM layer and/or the AAL5 layer across the VLL. It is not supported on atm-vpc and atm-cell Apipe vc types since the VLL must pass the VC level (F5).
The terminate option for OAM is the only and default mode of operation supported for an ATM SAP which is part of Epipe, Ipipe, VPLS, and IES/VPRN. This is because the ATM and AAL5 layers are terminated.
no terminate
This command specifies the admin bandwidth assigned to SAPs, ports and LAGs which is used by SAP bandwidth CAC.
SAP: Attempts to increase the SAP admin bandwidth will fail if there is insufficient available admin bandwidth on its port or LAG, otherwise the port or LAG available admin bandwidth will be reduced by the incremental SAP admin bandwidth. Reducing the SAP admin bandwidth will increase the available admin bandwidth on its port or LAG. This is not supported for PW-SAPs, Ethernet tunnels or subscriber group interface SAPs.
The no version of the command reverts to the default value.
no bandwidth
This command enables accounting and statistical data collection for either the SAP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued the statistics are still accumulated by the cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
no collect-stats
This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid existing DCP policy can be assigned to a SAP or a network interface (this rule does not apply to templates, such as an msap-policy template).
If no dist-cpu-protection policy is assigned to a SAP, then the default access DCP policy (_default-access-policy) is used.
If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP.
This command enables the context to configure egress SAP parameters.
If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing.
This command enables the context to configure ingress SAP Quality of Service (QoS) policies.
If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing.
This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.
This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.
This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, Vport, and so on).
The no form of this command removes an explicit rate value from the aggregate rate returning it to its default value.
This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.
The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.
no policer-control-override
This command, within the SAP ingress and egress contexts, overrides the root arbiter parent policer max-rate that is defined within the policer-control-policy applied to the SAP.
When the override is defined, modifications to the policer-control-policy max-rate parameter have no effect on the SAP’s parent policer until the override is removed using the no max-rate command within the SAP.
The no form of this command returns the policer-control-policy’s parent policer maximum rate to max.
This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.
This command, within the SAP ingress and egress contexts, is used to override the root arbiter’s parent policer min-thresh-separation parameter that is defined within the policer-control-policy applied to the SAP.
When the override is defined, modifications to the policer-control-policy min-thresh-separation parameter have no effect on the SAP’s parent policer until the override is removed using the no min-thresh-separation command within the SAP.
The no form of this command removes the override and allows the min-thresh-separation setting from the policer-control-policy to control the root arbiter’s parent policer’s minimum discard threshold separation size.
no min-thresh-separation
The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.
This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.
The mbs-contribution override command within the SAP ingress and egress contexts is used to override a parent policer’s priority level’s mbs-contribution parameter that is defined within the policer-control-policy applied to the SAP. This override allow the priority level’s burst tolerance to be tuned based on the needs of the SAP’s child policers attached to the priority level.
When the override is defined, modifications to the policer-control-policy priority level’s mbs-contribution parameter have no effect on the SAP’s parent policer priority level until the override is removed using the no mbs-contribution command within the SAP.
The no form of this command removes the override and allows the mbs-contribution setting from the policer-control-policy to control the parent policer’s priority level’s burst tolerance.
no mbs-contribution
This command, within the QoS CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs.
Policer Control Policy Instances
On the SAP side, an instance of a policy is created each time a policy is applied.
When applied to a sub-profile on a 7450 ESS and 7750 SR, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.
Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.
Maximum Rate and Root Arbiter
The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis.
For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.
The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.
Parent Policer PIR Leaky Bucket Operation
The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.
Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.
Tier 1 and Tier 2 Arbiters
As previously stated, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.
Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.
Fair and Unfair Bandwidth Control
Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.
In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.
The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.
In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.
When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.
Parent Policer Priority Level Thresholds
As stated in the Tier 1 and Tier 2 Arbiter subsection, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.
The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.
To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.
Each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.
Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds
Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.
While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.
To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.
The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.
Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.
Policer Control Policy Application
A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).
The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP context.
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.
The no form of this command is used to remove any existing policer overrides.
no policer-overrides
This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.
The no form of this command is used to remove any existing overrides for the specified policer-id.
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.
The no form of this command returns the CBS size to the default value.
no cbs
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured mbs parameter for the specified policer-id.
The no form of this command is used to restore the policer’s mbs setting to the policy defined value.
no mbs
This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured; however, the offsets are applied to the statistics.
The no packet-byte-offset command is used to restore the policer’s packet-byte-offset setting to the policy defined value.
no packet-byte-offset
This command configures the percent rates (CIR and PIR) override.
The percent-rate command within the SAP ingress and egress QoS policy enables supports for a queue’s PIR and CIR rate to be configured as a percentage of the egress port’s line rate or of its parent scheduler’s rate.
When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QOS policy to be used on SAPs on different ports without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.
When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue’s parent scheduler rate. This enables the same QOS policy to be used on SAPs with different parent scheduler rates without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the parent scheduler rate changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.
Queue rate overrides can only be specified in the form as configured in the QoS policy (a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QOS policy.
When no percent-rate is defined within a SAP ingress or egress queue-override, the queue reverts to the defined shaping and CIR rates within the SAP ingress and egress QOS policy associated with the queue.
This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.
The no rate command is used to restore the policy defined metering and profiling rate to a policer.
The SAP QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output, and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow, and red). Due to the potentially large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and indicates how the offered packet types and output conditions should be mapped to the counters.
While a no-stats mode is supported that prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered statistics are available for the policer’s Fair Information Rate (FIR) to be calculated.
Each time the policer’s stat mode is changed, any previous counter values are lost and any new counters are set to zero.
Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. The total/allocated/free statistics can be viewed by using the tools dump resource-usage card fp command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.
The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The current active stat mode setting will continue to be used by the policer.
The command will fail if insufficient policer counter resources exist to implement minimal where the QoS policer is currently applied and has a forwarding class mapping.
The no form of this command attempts to return the policer’s stat-mode setting to minimal.
Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the supported parameters for the policer stat-mode command.
When enabled (the encapsulation type of the access port where this SAP is defined as qinq), the qinq-mark-top-only command specifies which P-bits/DEI bit to mark during packet egress. When disabled, both set of P-bits/DEI bit are marked. When the enabled, only the P-bits/DEI bit in the top Q-tag are marked.
no qinq-mark-top-only
This command associates a Quality of Service (QoS) policy with an egress Service Access Point (SAP).
QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.
The qos command, when used under the egress context, is used to associate egress QoS policies.
The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.
Only one ingress and one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a specified type will return an error.
By default, if no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
This command associates a Quality of Service (QoS) policy with an ingress Service Access Point (SAP).
QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.
The qos command, when used under the ingress context, is used to associate ingress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.
Only one ingress and one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a specified type will return an error.
By default, if no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
This command enables the context to configure override values for the specified SAP egress or ingress QoS queue. These values override the corresponding ones specified in the associated SAP egress or ingress QoS policy. If the policy was created as a template policy, this command overrides the parameter and its description and queue parameters in the policy.
This command configures the HS secondary shaper to be used to apply an aggregate rate and per-scheduling class rates to the SAP egress HSQ queue group.
The no form of this command removes the HS secondary shaper override from the configuration, reverting the SAP egress HSQ queue group to the default HS secondary shaper on that port.
This command configures the egress HS WRR group override parameters.
The no form of this command removes the group ID from the configuration.
This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy maximum rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the percent rate override value from the configuration.
This command overrides the scheduling rate applied to the HS WRR group in Kb/s. A rate can be specified in Kb/s or the keyword max can be used to remove the bandwidth limitation on the HS WRR group. The override rate type must match the corresponding rate type within the applied QoS policy.
The no form of this command removes the rate override value from the configuration.
This command overrides the class weight of this queue at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.
The no form of this command removes the class weight override value from the configuration.
This command overrides the slope policy applied to the HSQ queue group queue.
The no form of this command removes the WRED queue policy override value from the configuration.
This command overrides the WRR relative weight as defined within the associated HS attachment policy.
The no form of this command removes the WRR weight override value from the configuration.
This command specifies the ID of the queue whose parameters are to be overridden.
This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.
no adaptation-rule
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a SONET or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:
Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to figure the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.
On the 7450 ESS and 7750 SR, SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
avg-frame-overhead 0
The queue burst-limit command defines an explicit shaping burst size for a queue. The configured size defines the shaping leaky bucket threshold level that indicates the maximum burst over the queue’s shaping rate.
The no form of this command restores the default burst limit to the specified queue. This is equivalent to specifying burst-limit default within the QoS policies. When specified within a queue-override queue context, any current burst limit override for the queue is removed and the queue’s burst limit is controlled by its defining policy.
no burst-limit
This command can be used to override specific attributes of the specified queue’s CBS parameters.
It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a specific access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.
When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly to drop packets.
The no form of this command returns the CBS size to the default value.
no cbs
This command enables the context to configure queue drop tail parameters.
This command enables the context to configure the queue low drop-tail parameters. The low drop tail defines the queue depth beyond which out-of-profile packets are not accepted into the queue and will be discarded.
This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes. Any out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.
This command overrides specific attributes of the specified queue’s MBS parameters. A queue uses its MBS value to determine whether it has exhausted all of its buffers while enqueuing packets. Once the queue has exceeded the number of buffers allowed by the MBS, all packets are discarded until packets have been drained from the queue.
The sum of the MBS for all queues on an ingress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope associated with a packet. A queue that has not exceeded its MBS is not guaranteed to have buffer available when needed or that the packet’s RED slope will not force the discard of the packet. Setting correct CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.
The no form of this command returns the MBS assigned to the queue to the default value.
mbs default
This command enables queue depth monitoring for the specified queue.
The no form of this command removes queue depth monitoring for the specified queue.
This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.
Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multi-service customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The orphaned state must generate a log entry and a trap message. The SAP which the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.
The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.
When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.
The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. Once a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.
All weight values from all weighted active policers, queues, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the policer, queue, or scheduler. A weight is considered to be active when the pertaining policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.
The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.
If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.
The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.
An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.
The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.
This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters.
The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.
The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile and then out-of-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.
The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.
The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.
This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.
The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).
rate max cir 0
Fractional values are not allowed and must be given as a positive integer.
The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.
Fractional values are not allowed and must be given as a positive integer. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers, or queues.
This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.
This command can be used to override specific attributes of the specified scheduler name. A scheduler defines bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.
Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policers, queues, or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).
If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.
If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:
When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.
If the provided scheduler-name is invalid according to the following criteria, a name syntax error will occur, the command will not execute, and the CLI context will not change.
This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.
The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.
The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.
no parent
A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.
A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.
This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child policers, queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s ‘within CIR’ distribution phase.
The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers or queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.
When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child policers, queues, and schedulers to operate at their maximum rates.
The no form of this command returns the scheduler’s PIR and CIR parameters to the values configured in the applied scheduler policy.
If the cir parameter is set to max, then the CIR rate is set to infinity but bounded by the PIR rate.
The sum keyword specifies that the CIR will be used as the summed CIR values of the children schedulers, policers, or queues.
This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created when the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.
The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues associated with the customer site. Policers or queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.
This command creates the configuration context to define the L2TPv3 tunnel parameters.
The no form of this command deletes the L2TPv3 configuration context.
This command specifies the PW-type for the associated L2TPv3 session.
The support types are either Ethernet or Ethernet-VLAN. If Ethernet-VLAN is configured, a VLAN value must be specified as well.
The no form of this command deletes the PW-type configuration.
This command configures the service and L2TPv3 group to which this L2TPv3 session should be associated. The associated services are used to provide transport for the L2TPv3 tunnel. The service can be specified with either the service-name or router ID. The group name specifies the L2TPv3 group parameters that should be associated with the session.
The no form of this command deletes the router configuration.
router-instance: router-name or vprn-svc-id | ||
router-name | “Base” | |
vprn-svc-id | 1 to 2147483647 |
This command specifies the VC-ID for the L2TPv3 session.
The no form of this command deletes the VC-ID configuration.
This command associates the SAP with a customer-site-name. If the specified customer-site-name does not exist in the context of the service customer ID an error occurs and the command will not execute. If customer-site-name exists, the current and future defined queues on the SAP (ingress and egress) will attempt to use the scheduler hierarchies created within customer-site-name as parent schedulers.
The no form of this command removes the SAP from any multi-service customer site the SAP belongs to. Removing the site can cause existing or future queues to enter an orphaned state.
This command specifies the IP address of the CE device associated with an Ipipe SAP or spoke SDP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. For a spoke SDP, it is the address of the CE device reachable through that spoke SDP (for example, attached to the SAP on the remote node). The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.
On a 7450 ESS, this command specifies the IP address of the CE device associated with an Ipipe SAP. In the case of a SAP, it is the address of the CE device directly attached to the SAP. The address must be a host address (no subnet addresses are accepted) as there must be only one CE device attached to an Ipipe SAP. The CE address specified at one end of an Ipipe will be used in processing ARP messages at the other endpoint, as the router acts as a proxy for ARP messages.
This command configures a multi-chassis ring-node for this SAP.
The no form of this command removes the name from the configuration.
This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application assurance>group>policy>transit-ip-policy context.
Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.
The no form of this command removes the association of the policy to the service.
no transit-policy
This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application assurance>group>policy>transit-ip-policy context.
Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.
The no form of this command removes the association of the policy to the service.
no transit-policy
This command enables the user of a of broadcast MAC on SAP.
An Ipipe VLL service with the ce-address-discovery command enabled forwards unicast IP packets using the broadcast MAC address until the ARP cache is populated with a valid entry for the CE IP and MAC addresses.
The no form of this command enables the user of a of broadcast MAC on SAP.
no use-broadcast-mac
This command assigns a specific MAC address to an Ipipe SAP.
The no form of this command returns the MAC address of the SAP to the default value.
The physical MAC address associated with the Ethernet interface where the SAP is configured.
This command specifies the interval between ARP requests sent on this Ipipe SAP. When the SAP is first enabled, an ARP request will be sent to the attached CE device and the received MAC address will be used in addressing unicast traffic to the CE. Although this MAC address will not expire while the Ipipe SAP is enabled and operational, it is verified by sending periodic ARP requests at the specified interval.
The no form of this command restores mac-refresh to the default value.
mac-refresh 14400
This command configures the application profile name.
This command enables cflowd to collect traffic flow samples through a service interface (SAP) for analysis. When cflowd is enabled on an Ethernet service SAP, the Ethernet traffic can be sampled and processed by the system’s cflowd engine and exported to IPFIX collectors with the l2-ip template enabled.
cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement. When cflowd is enabled at the SAP level, all packets forwarded by the interface are subjected to analysis according to the cflowd configuration.
For L2 services, only ingress sampling is supported.
no cflowd
This command assigns an existing CPU protection policy to the associated service. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.
cpu-protection 254 (for access interfaces)
cpu-protection 255 (for network interfaces)
The configuration of no cpu-protection returns the interface/SAP to the default policies.
If no CPU protection policy is assigned to a service SAP, then a the default policy is used to limit the overall-rate.
This command enables the context to configure Ethernet properties in this SAP.
This command configures an Ethernet tunnel SAP.
An Ethernet tunnel control SAP has the format eth-tunnel-tunnel-id and is not configured with an Ethernet tunnel SAP ID. No Ethernet tunnel tags can be configured under a control SAP since the control SAP uses the control tags configured under the Ethernet tunnel port. This means that at least one member port and control tag must be configured under the Ethernet tunnel port before this command is executed. The control SAP is needed for carrying G.8031 and 802.1ag protocol traffic. This SAP can also carry user data traffic.
An Ethernet tunnel same-fate SAP has the format eth-tunnel-tunnel-id:eth-tunnel-sap-id. Same-fate SAPs carry only user data traffic. Multiple same-fate SAPs can be configured on one Ethernet tunnel port and share the fate of that port, provided the SAPs are properly configured with corresponding tags.
Ethernet tunnel SAPs are supported under VPLS, Epipe and Ipipe services only.
no sap
This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.
The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.
The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.
no aarp
This command associates an AARP instance to an Ipipe spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.
The no form of this command removes the association.
no aarp
This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP’s/network interface’s egress traffic will be re-hashed over LAG as required by the new configuration.
The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.
no lag-link-map-profile
This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.
The no form of this command restores default configuration.
no lag-per-link-hash (equivalent to weight 1 class 1)
This command is used to enable (or disable) frame based accounting on all policers and queues associated with the agg-rate context.
The command is supported on Ethernet ports only; it is not supported on HSMDA Ethernet ports.
Packet byte offset settings are not included in the applied rate when queue frame based accounting is configured; however the offsets are applied to the statistics.
Commands listed in this section may apply to multiple Apipe, Cpipe, Epipe, Fpipe, and Ipipe contexts.
This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.
The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.
The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end SR/ESS devices can participate in the service.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.
No sdp-id is bound to a service.
This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.
The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.
The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an Epipe, VPLS, VPRN, VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.
This command can also be used to associate a GRE tunnel carrying Ethernet payload with an Epipe and terminate it on a PW port referenced within the same Epipe service. The spoke SDP represents a L2oGRE tunnel with SDP delivery type set to eth-gre-bridged. With this configuration, the vc-id is unused since there is no multiplexing of Ethernet payload within the same tunnel. The vc-id value is included only to maintain the expected spoke SDP structure within an EPIPE service. For L2oGRE tunnels, the vc-id can be set to any arbitrary value within its configurable range.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.
No sdp-id is bound to a service.
L2TPv3 SDP types are only supported on Epipe services and not other xpipe services.
VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.
The VC type value for Ethernet is 0x0005.
The VC type value for an Ethernet VLAN is 0x0004.
The VLAN VC-type requires at least one dot1q tag within each encapsulated Ethernet packet transmitted to the far end.
Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.
This command specifies the bandwidth to be used for VLL bandwidth accounting by the VLL CAC feature.
The service manager keeps track of the available bandwidth for each SDP. The maximum value is the sum of the bandwidths of all constituent LSPs in the SDP. The SDP available bandwidth is adjusted by the user configured booking factor.
If an LSP consists of a primary and many secondary standby LSPs, then the bandwidth used in the maximum SDP available bandwidth is that of the active path. Any change to and LSP active path bandwidth will update the maximum SDP available bandwidth. Note however that a change to any constituent LSP bandwidth due to re-signaling of the primary LSP path or the activation of a secondary path which causes overbooking of the maximum SDP available bandwidth causes a warning and a trap to be issued but no further action is taken. The activation of a bypass or detour LSP in the path of the primary LSP does not change the maximum SDP available bandwidth.
When the user binds a VLL service to this SDP, an amount of bandwidth equal to bandwidth is subtracted from the SDP available bandwidth adjusted by the booking factor. When the user deletes this VLL service binding from this SDP, an amount of bandwidth equal to bandwidth is added back into the SDP available bandwidth.
If the total SDP available bandwidth when adding this VLL service is about to overbook, a warning is issued and the binding is rejected. This means that the spoke SDP bandwidth does not update the maximum SDP available bandwidth. In this case, the spoke SDP is put in operational down state and a status message of “pseudowire not forwarding” is sent to the remote SR-series PE node. A trap is also generated. The service manager will not put the spoke SDP into an operationally up state until the user executes a shutdown command and then a no-shutdown command of the spoke SDP and the bandwidth check succeeds. Therefore, the service manager will not automatically audit spoke SDPs subsequently to their creation to check if bandwidth is available.
If the VLL service contains an endpoint with multiple redundant spoke SDPs, each spoke SDP will have its bandwidth checked against the available bandwidth of the corresponding SDP.
If the VLL service performs a pseudowire switching (VC switching) function, each spoke SDP is separately checked for bandwidth against the corresponding SDP.
This feature does not alter the way service packets are sprayed over multiple RSVP LSPs, which are part of the same SDP. That is, by default load balancing of service packets occurs over the SDP LSPs based on service-id, or based on a hash of the packet header if ingress SAP shared queuing is enabled. In both cases, the VLL bandwidth is not checked against the available bandwidth of the selected LSPs but on the total SDP available bandwidth. Therefore, if there is a single LSP per SDP, these two matches.
If class-forwarding is enabled on the SDP, VLL service packets are forwarded to the SDP LSP which the packet forwarding class maps to, or if this is down to the default LSP. However, the VLL bandwidth is not checked against the selected LSP available bandwidth but on the total SDP available bandwidth. If there is a single LSP per SDP, these two matches.
If a non-zero bandwidth is specified for a VLL service and attempts to bind the service to an LDP or a GRE SDP, a warning is issued that CAC failed but the VLL is established. A trap is also generated.
The no form of this command reverts to the default value.
When enabled, this command blocks the transmit direction of a PW when any of the following PW status codes is received from the far end PE:
0x00000001 | Pseudowire Not Forwarding |
0x00000002 | Local Attachment Circuit (ingress) Receive Fault |
0x00000004 | Local Attachment Circuit (egress) Transmit Fault |
0x00000008 | Local PSN-facing PW (ingress) Receive Fault |
0x00000010 | Local PSN-facing PW (egress) Transmit Fault |
The transmit direction is unblocked when the following PW status code is received:
0x00000000 | Pseudowire forwarding (clear all failures) |
This command is mutually exclusive with no pw-status-signaling, and standby-signaling-slave. It is not applicable to spoke SDPs forming part of an MC-LAG or spoke SDPs in an endpoint.
no block-on-peer-fault
This command enables VCCV BFD on the PW associated with the VLL, BGP VPWS, or VPLS service. The parameters for the BFD session are derived from the named BFD template, which must have been first configured using the bfd-template command.
This command configures a named BFD template to be used by VCCV BFD on PWs belonging to the VLL, BGP VPWS, or VPLS service. The template specifies parameters, such as the minimum transmit and receive control packet timer intervals, to be used by the BFD session. Template parameters are configured under the config>router>bfd context.
no bfd-template
This command enables the context to provide access to the various options that control the termination of ATM cell concatenation into an MPLS frame. Several options can be configured simultaneously. The concatenation process for a specified MPLS packet ends when the first concatenation termination condition is met. The concatenation parameters apply only to ATM N:1 cell mode VLL.
This command enables the configuration of AAL5 end-of-message (EOM) to be an indication to complete the cell concatenation operation.
The no form of this command resets the configuration to ignore the AAL5 EOM as an indication to complete the cell concatenation.
This command enables the configuration of CLP change to be an indication to complete the cell concatenation operation.
The no form of this command resets the configuration to ignore the CLP change as an indication to complete the cell concatenation.
This command enables the configuration of the maximum number of ATM cells to accumulate into an MPLS packet. The remote peer will also signal the maximum number of concatenated cells it is willing to accept in an MPLS packet. When the lesser of (the configured value and the signaled value) number of cells is reached, the MPLS packet is queued for transmission onto the pseudowire. It is ensured that the MPLS packet MTU conforms to the configured service MTU.
The no form of this command sets max-cells to the value ‘1’ indicating that no concatenation will be performed.
This command enables the configuration of the maximum amount of time to wait while performing ATM cell concatenation into an MPLS packet before transmitting the MPLS packet. This places an upper bound on the amount of delay introduced by the concatenation process. When this amount of time is reached from when the first ATM cell for this MPLS packet was received, the MPLS packet is queued for transmission onto the pseudowire.
The no form of this command resets max-delay to its default value.
This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.
A control-channel-status no shutdown is allowed only if all of the following are true:
The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.
no control-channel-status
This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.
This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.
no refresh-timer
This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command cannot be used with a non-zero refresh-timer value.
The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). For the 7750 SR only, ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).
The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.
The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an “Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a Apipe, Epipe and Cpipe service.
This command configures the egress SDP context.
This command is used to redirect PW packets to an egress port queue-group for the purpose of shaping.
The egress PW shaping provisioning model allows the mapping of one or more PWs to the same instance of queues, or policers and queues, that are defined in the queue-group template.
Operationally, the provisioning model consists of the following steps:
One or more spoke-sdps can have their FCs redirected to use queues only, or queues and policers in the same queue-group instance.
The following are the constraints and rules of this provisioning model:
When the queue-group name the PW is redirected to exists and the redirection succeeds, the marking of the packet’s DEI/dot1p/DSCP and the tunnel’s DEI/dot1p/DSCP/EXP is performed according to the relevant mappings of the {FC, profile} in the egress context of the network QoS policy applied to the PW. This is true regardless of whether an instance of the queue-group exists or not on the egress port the PW packet is forwarded to. If the packet’s profile value changed due to egress child policer CIR profiling, the new profile value is used to mark the packet’s DEI/dot1p and the tunnel’s DEI/dot1p/EXP, and the DSCP/prec will be remarked if enable-dscp-prec-marking is enabled under the policer.
When the queue-group name the PW is redirected does not exist, the redirection command is failed. In this case, the marking of the packet’s DEI/dot1p/DSCP and the tunnel’s DEI/dot1p/DSCP/EXP fields is performed according to the relevant commands in the egress context of the network QoS policy applied to the network IP interface the PW packet is forwarded to.
The no version of this command removes the redirection of the PW to the queue-group.
This command configures the egress and ingress VC label.
The actual maximum value that can be configured is limited by the config>router>mpls-labels>static-label-range command.
This command configures the ingress SDP context.
This command is used to redirect PW packets to an ingress forwarding plane queue-group for the purpose of rate-limiting.
The ingress PW rate-limiting feature uses a policer in queue-group provisioning model. This model allows the mapping of one or more PWs to the same instance of policers that are defined in a queue-group template.
Operationally, the provisioning model in the case of the ingress PW shaping feature consists of the following steps:
One or more spoke-sdps can have their FCs redirected to use policers in the same policer queue-group instance.
The following are the constraints and rules of this provisioning model when used in the ingress PW rate-limiting feature:
When a PW is redirected to use a policer queue-group, the classification of the packet for the purpose of FC and profile determination is performed according to the default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the PW. This is true regardless of whether an instance of the named policer queue-group exists on the ingress FP the pseudowire packet is received on. The user can apply a QoS filter matching the dot1-p in the VLAN tag corresponding to the Ethernet port encapsulation, the EXP in the outer label when the tunnel is an LSP, the DSCP in the IP header if the tunnel encapsulation is GRE, and the DSCP in the payload’s IP header if the user enabled the ler-use-dscp option and the pseudowire terminates in IES or VPRN service (spoke-interface).
When the policer queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the packet classification is performed according to the default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the network IP interface the pseudowire packet is received on.
The no version of this command removes the redirection of the pseudowire to the queue-group.
This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.
The no form of this command returns the precedence value to the default.
precedence 4
This command enables the context to configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.
For an IES or VPRN spoke-sdp, the pw-path-id is only valid for ethernet spoke-sdps.
The pw-path-id is only configurable if all of the following is true:
The no form of this command deletes the PW path ID.
no pw-path-id
This command configures the attachment group identifier for an MPLS-TP PW.
This command configures the Source Individual Attachment Identifier (SAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke-sdp.
This command configures the Target Individual Attachment Identifier (TAII) for an MPLS-TP spoke SDP. If this is configured on a spoke SDP for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the saii-type2 of the mate spoke SDP.
This command enables or disables the use of entropy labels for spoke SDPs.
If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.
The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.
no entropy-label
This command enables the use of the hash label on a VLL, VPRN or VPLS service bound to any MPLS type encapsulated SDP, as well as to a VPRN service that is using the auto-bind-tunnel with the resolution-filter set to any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option. This feature is also not supported on multicast packets forwarded using RSVP P2MP LSP or mLDP LSP in both the base router instance and in the multicast VPN (mVPN) instance. It is, however, supported when forwarding multicast packets using an IES/VPRN spoke-interface.
When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to one (1).
To allow applications where the egress LER infers the presence of the hash label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.
The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. Note, however, that for VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL PW packets.
Packets generated in CPM and that are forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.
The TTL of the hash label is set to a value of 0.
The user enables the signaling of the hash-label capability under a VLL spoke-sdp, a VPLS spoke-sdp or mesh SDP, or an IES/VPRN spoke interface by adding the signal-capability option. In this case, the decision whether to insert the hash label on the user and control plane packets by the local PE is solely determined by the outcome of the signaling process and can override the local PE configuration. The following are the procedures:
The no form of this command disables the use of the hash label.
no hash-label
This command enables the ability to ignore the operationally down status for service oper state calculation. An Epipe service does not transition to Oper State: Down when a SAP fails and when this optional command is configured under that specific SAP. Only a single SAP in an Epipe may have this optional command included. The command can be used in Epipes with or without EVPN enabled.
The no form of this command disables whether a service ignores the operationally down state of the SAP.
no ignore-oper-down
This command associates an IP filter policy with an ingress or egress Service Distribution Point (SDP). Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a spoke SDP at a time.
The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress spoke SDP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.
IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.
The no form of this command removes any configured filter ID association with the SDP. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use the scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.
This command specifies the operational group to be monitored by the object under which it is configured. The oper-group name must be already configured under the config>service context before its name is referenced in this command.
The no form of this command removes the association.
This command configures the operational group identifier.
The no form of this command removes the group name from the configuration.
This command enables pseudowire status signaling for this spoke SDP binding.
The no form of this command disables the status signaling.
This command indicates that this spoke SDP is expected to be part of a redundant pseudowire connected to a PBB Epipe service. Enabling this parameter will cause traffic forwarded from this spoke SDP into the B-VPLS domain to use a virtual backbone MAC as its source MAC address when both this, and the control pseudowire, are in the active state on this BEB. This virtual backbone MAC is derived from the SDP source-bmac-lsb configuration.
This command will fail when configuring it under a spoke SDP within a PBB-Epipe that is connected to a B-VPLS with mac-notification enabled.
no use-sdp-bmac
This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.
When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.
The no form of this command disables the command.
no vlan-vc-tag
This command binds a service to an existing Service Distribution Point (SDP), using a dynamic MS-PW.
A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.
The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.
When using dynamic MS-PWs, the particular SDP to bind-to is automatically selected based on the Target Attachment Individual Identifier (TAII) and the path to use, specified under spoke SDP FEC. The selected SDP will terminate on the first hop S-PE of the MS-PW. Therefore, an SDP must already be defined in the config>service>sdp context that reaches the first hop router of the MS-PW. The router will in order to associate an SDP with a service. If an SDP to that is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
It differs from the spoke-sdp command in that the spoke-sdp command creates a spoke SDP binding that uses a pseudowire with the PW ID FEC. However, the spoke-sdp-fec command enables pseudowires with other FEC types to be used. Only the Generalized ID FEC (FEC129) may be specified using this command.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.
This command enables single sided automatic endpoint configuration of the spoke SDP. The router acts as the passive T-PE for signaling this MS-PW.
Automatic Endpoint Configuration allows the configuration of a spoke SDP endpoint without specifying the TAII associated with that spoke SDP. It allows a single-sided provisioning model where an incoming label mapping message with a TAII that matches the SAII of that spoke SDP to be automatically bound to that endpoint. In this mode, the far end T-PE actively initiates MS-PW signaling and will send the initial label mapping message using T-LDP, while the router T-PE for which auto-config is specified will act as the passive T-PE.
The auto-config command is blocked in CLI if signaling active has been enabled for this spoke SDP. It is only applicable to spoke SDPs configured under the Epipe, IES and VPRN interface context.
The no form of this command means that the router T-PE either acts as the active T-PE (if signaling active is configured) or automatically determines which router will initiate MS-PW signaling based on the prefix values configured in the SAII and TAII of the spoke SDP. If the SAII has the greater prefix value, then the router will initiate MS-PW signaling without waiting for a label mapping message from the far end. However, if the TAII has the greater value prefix, then the router will assume that the far end T-PE will initiate MS-PW signaling and will wait for that label mapping message before responding with a T-LDP label mapping message for the MS-PW in the reverse direction.
no auto-config
This command specifies the explicit path, containing a list of S-PE hops, that should be used for this spoke SDP. The path-name should correspond to the name of an explicit path configured in the config>service>pw-routing context.
If no path is configured, then each next-hop of the MS-PW used by the spoke SDP will be chosen locally at each T-PE and S-PE.
no path
This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.
The no form of this command returns the precedence value to the default.
precedence 42
This command binds includes the parameters included in a specific PW template to a spoke SDP.
The no form of this command removes the values from the configuration.
This optional command specifies the number of attempts software should make to reestablish the spoke SDP after it has failed. After each successful attempt, the counter is reset to zero.
When the specified number is reached, no more attempts are made and the spoke-sdp is put into the shutdown state.
Use the no shutdown command to bring up the path after the retry limit is exceeded.
The no form of this command reverts the parameter to the default value.
retry-count 30
This command specifies a retry-timer for the spoke SDP. This is a configurable exponential back-off timer that determines the interval between retries to reestablish a spoke SDP if it fails and a label withdraw message is received with the status code “AII unreachable”.
The no form of this command reverts the timer to its default value.
retry-timer 30
This command configures the source attachment individual identifier for the spoke-sdp. This is only applicable to FEC129 AII type 2.
This command enables a user to configure this router as the active pr passive T-PE for signaling this MS-PW, or to automatically select whether this T-PE is active or passive based on the prefix. In an active role, this endpoint initiates MS-PW signaling without waiting for a T-LDP label mapping message to arrive from the far end T-PE. In a passive role, it will wait for the initial label mapping message from the far end before sending a label mapping for this end of the PW. In auto mode, if the SAII has the greater prefix value, then the router will initiate MS-PW signaling without waiting for a label mapping message from the far end. However, if the TAII has the greater value prefix, then the router will assume that the far end T-PE will initiate MS-PW signaling and will wait for that label mapping message before responding with a T-LDP label mapping message for the MS-PW in the reverse direction.
The no form of this command means that the router T-PE automatically selects the which router will initiate MS-PW signaling based on the prefix values configured in the SAII and TAII of the spoke SDP, as previously described.
signaling auto
This command enables standby-signaling-slave for an Epipe.
taii-type2 configures the target attachment individual identifier for the spoke-sdp. This is only applicable to FEC129 AII type 2.
This command is blocked in CLI if this end of the spoke SDP is configured for single-sided auto configuration (using the auto-config command).
This command creates a profile for the user to configure the list of discrete VPI/VCI values to be assigned to an ATM SAP of an Apipe VLL of vc-type atm-cell.
A connection profile can only be applied to a SAP which is part of an Apipe VLL service of vc-type atm-cell. The ATM SAP can be on a regular port or APS port.
A maximum of 8000 connection profiles can be created on the system.
The no form of this command deletes the profile from the configuration.
This command allows the adding of discrete VPI/VCI values to an ATM connection profile for assignment to an ATM SAP of an Apipe VLL of vc-type atm-cell.
Up to a maximum of 16 discrete VPI/VCI values can be configured in a connection profile. The user can modify the content of a profile which triggers a re-evaluation of all the ATM SAPs which are currently using the profile.
The no form of this command deletes the member from the configuration.
This command enables the context to configure the BGP related parameters BGP used for multi-homing and BGP VPWS.
The no form of this command removes the string from the configuration.
This command binds the advertisements received with the route targets (RT) that match the configured list (either the generic or the specified import) to a specific pw-template. If the RT list is not present, or if multiple matches are found, the numerically lowest pw-template is used.
The pw-template-binding applies to BGP-VPWS when enabled in the Epipe.
For BGP VPWS, the following additional rules govern the use of pseudowire-template:
If the value used for Layer 2 MTU (unless the value zero is received), or control word does not match, the pseudowire is created but with the operationally down state.
If the value used for the S (sequenced delivery) flags is not zero the pseudowire is not created.
The tools perform commands can be used to control the application of changes in pw-template for BGP-VPWS.
The no form of this command removes the values from the configuration.
target:{ip-addr:comm-val | 2byte-asnumber:ext-comm-val| 4byte-snumber:comm-val} | ||
ip-addr | a.b.c.d | |
comm-val | 0 to 65535 | |
2byte-asnumber | 0 to 65535 | |
ext-comm-val | 0 to 4294967295 | |
4byte-asnumber | 0 to 4294967295 |
This command configures the Route Distinguisher (RD) component that is signaled in the MPBGP NLRI for L2VPN AFI. This value is used for BGP multi-homing and BGP-VPWS.
An RD value must be configured under BGP node.
Alternatively, the auto-rd option allows the system to automatically generate an RD based on the bgp-auto-rd-range command configured at the service level.
Format: Six bytes, other 2 bytes of type will be automatically generated.
<rd> | <ip-addr:comm-val> | <2byte-asnumber:ext-comm-val>|<4byte-asnumber:comm-val> | |||
ip-addr | a.b.c.d | |||
comm-val | 0 to 65535 | |||
2byte-asnumber | 1 to 65535 | |||
ext-comm-val | 0 to 4294967295 | |||
4byte-asnumber | 0 to 4294967295 |
This command configures the route target (RT) component that is signaled in the related MPBGP attribute to be used for BGP multi-homing and BGP-VPWS when configured in the Epipe service. The ext-comm can have two formats:
This command specifies the name of the VSI export policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
no vsi-export
This command specifies the name of the VSI import policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.
If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.
The policy name list is handled by the SNMP agent as a single entity.
The no form of this command removes the policy from the configuration.
no vsi-import
This command enables the context to configure BGP-VPWS parameters and addressing.
no bgp-vpws
This command creates or edits a remote-ve-name. A single remote-ve-name can be created per BGP VPWS instance if the service is single-homed or uses a single pseudowire to connect to a pair of dual-homed systems. When the service requires active/standby pseudowires to be created to remote dual-homed systems then two remote-ve-names must be configured.
This context defines the remote PE to which a pseudowire will be signaled.
remote-ve-name commands can be added even if bgp-vpws is not shutdown.
The no form of this command removes the configured remote-ve-name from the bgp vpws node. It can be used when the BGP VPWS status is either shutdown or “no shutdown”.
This command configures the name of the local VPWS instance in this service.
The no form of this command removes the ve-name.
This command configures a ve-id for either the local VPWS instance when configured under the ve-name, or for the remote VPWS instance when configured under the remote-ve-name.
A single ve-id can be configured per ve-name or remote-ve-name. The ve-id can be changed without shutting down the VPWS instance. When the ve-name ve-id changes, BGP withdraws the previously advertised route and sends a route-refresh to all the peers which would result in reception of all the remote routes again. The old PWs are removed and new ones are instantiated for the new ve-id value.
When the remote-ve-name ve-id changes, BGP withdraws the previously advertised route and send a new update matching the new ve-id. The old pseudowires are removed and new ones are instantiated for the new ve-id value.
NLRIs received whose advertised ve-id does not match the list of ve-ids configured under the remote ve-id will not have a spoke SDP binding auto-created but will remain in the BGP routing table but not in the Layer 2 route table. A change in the locally configured ve-ids may result in auto-sdp-bindings either being deleted or created, based on the new matching results.
Each ve-id configured within a service must be unique.
The no form of this command removes the configured ve-id. It can be used just when the BGP VPWS status is shutdown. The no shutdown command cannot be used if there is no ve-id configured.
no ve-id
This command administratively enables/disables the local BGP VPWS instance. On de-activation an MP-UNREACH-NLRI is sent for the local NLRI.
The no form of this command enables the BGP VPWS addressing and the related BGP advertisement. The associated BGP VPWS MP-REACH-NLRI will be advertised in an update message and the corresponding received NLRIs must be considered to instantiate the data plane.
This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.
not applicable
This command enables on a per service basis, consistent per-service hashing for Ethernet services over LAG, over Ethernet tunnel (eth-tunnel) using loadsharing protection-type or over CCAG. Specifically, it enables the new hashing procedures for Epipe, VPLS, regular or PBB services.
The following algorithm describes the hash-key used for hashing when the new option is enabled:
The no form of this command implies the use of existing hashing options.
no per-service-hashing
This command configures global PBB parameters.
This command forces the addition of a IEEE 802.1q tag after the Customer MAC (C-MAC) addresses when the PBB header is built, as it egresses a related BVPLS.
It is used to preserve the dot1q and DE bits from the customer domain when the service delimiting qtags are stripped when the packet is ingressing a PBB Epipe or an IVPLS. The VLAN value of the service delimiting QTAG if one exists is used for the corresponding inserted dot1q field. If a service delimiting QTAG does not exist, then the value of zero is used for all the inserted QTAG bits.
The no form of this command sets default behavior.
no force-qtag-forwarding
This command configures a Provider Backbone Bridging (PBB) tunnel with Backbone VPLS (B-VPLS) service information.
This command is used to associate the PW-port with the PXC ports or PXC based LAGs referenced in the FPE. That is, the PW-port becomes anchored by the PXC. This enables an external PW that is mapped to the anchored PW-port to be seamlessly rerouted between the I/O ports without interruption of service on the PW-port. This mapping between the external PW (spoke SDP) and the PXC based PXC-port is performed via an Epipe operating in vc-switching mode (creation time parameter).
no pw-port
This command enables the context to configure PW-port egress-side parameters
This command enables the context to configure PW-port shaper parameters.
This command configures an intermediate destination identifier applicable to ESM PW SAPs.
This command configures specifies the virtual port name of the shaper on the egress side for this PW-port entry.
This command configures the monitoring operational group name, up to 32 characters in length, associated with this PW-port entry.
This command configures a Epipe site.
The no form of this command removes the name from the configuration.
This command configures for how long the service manager waits after a node reboot before running the DF election algorithm. The boot-timer value should be configured to allow for the BGP sessions to come up and for the NLRI information to be refreshed/exchanged.
The no form of this command reverts the default.
boot-timer 10
This command configures a SAP for the site.
The no form of this command removes the SAP ID from the configuration.
This command configures the time-period the system keeps the local sites in standby status, waiting for BGP updates from remote PEs before running the DF (designated-forwarder) election algorithm to decide whether the site should be unblocked. This timer is terminated if an update is received for which the remote PE has transitioned from DF to non-DF.
The no form of this command removes the value from the configuration.
site-activation-timer 2
This command configures the identifier for the site in this service. It must match between services but it is local to the service.
This command configures the BGP multi-homing site minimum down time. When set to a non-zero value, if the site goes operationally down it will remain operationally down for at least the length of time configured for the site-min-down-timer, regardless of whether other state changes would have caused it to go operationally up. This timer is restarted every time that the site transitions from up to down. Setting this parameter to zero allows the minimum down timer to be disabled for this service.
The preceding operation is optimized in the following circumstances:
The no form of this command reverts to default value.
Taken from the value of site-min-down-timer configured for Multi-Chassis BGP multi-homing under the config>redundancy>bgp-multi-homing context.
This command defines the value to advertise in the VPLS preference field of the BGP VPWS and BGP Multi-homing NLRI extended community. This value can be changed without having to shutdown the site itself. The site-preference is only applicable to VPWS services.
When not configured, the default is zero, indicating that the VPLS preference is not in use.
no site-preference, value=0
This timer provides the legacy protocols PPP, MLPPP and HDLC time to establish after the Ethernet fault condition has cleared. The legacy protocol is afforded this amount of time to establish the connection before a fault is declared on the legacy side and propagated to the Ethernet segment. This timer is started as a result of a clearing Ethernet failure. Faults that may exist on the legacy side will not be detected until the expiration of this timer. Until the legacy side connection is established or the timer expires the traffic arriving on the Ethernet SAP from a peer will be discarded. The default value is unlikely to be a representative of all operator requirements and must be evaluated on a case by case basis.
This command enables or disables the propagation of fault from the Ethernet segment to the legacy connection using PPP, MLPPP and HDLC for an Ipipe service. Issuing a “no shutdown” will activate the feature. Issuing a “shutdown” will deactivate the feature and stop fault notification from the Ethernet to PPP, MLPPP and HDLC protocols.
The no form of this command activates the ethernet legacy fault propagation.
When this command is enabled, the node will block the transmit forwarding direction of a spoke SDP based on the pseudowire standby bit received from a T-LDP peer.
This command is present at the endpoint level as well as the spoke SDP level. If the spoke SDP is part of an explicit-endpoint, it will not be possible to change this setting at the spoke SDP level. An existing spoke SDP can be made part of the explicit endpoint only if the settings do not conflict. A newly created spoke SDP, which is part of a specific explicit-endpoint, will inherit this setting from the endpoint configuration.
This command is mutually exclusive with an endpoint that is part of an mc-lag, mc-aps or an ICB.
If the command is disabled, the node assumes the existing independent mode of behavior for the forwarding on the spoke SDP.
no standby-signaling-slave
This command enables the use of VXLAN in the VPLS or Epipe service.
This command configures the static destination VTEP IP used when originating VXLAN packets for the service.
This command associates an operational group to the VXLAN static egress VTEP. If the egress VTEP IP disappears from the routing table, the oper-group status will become operationally down.
The operational group must be monitored in a different service and not in the service where it is defined.
This command enables the router to use the configured IP address as the tunnel source IP address (source VTEP) when originating VXLAN-encapsulated frames for this service. This IP address is also used to set the BGP NLRI next-hop in EVPN route advertisements for the service.
no vxlan-src-vtep
This is the node for service templates.
This command specifies which SAP parameter template should be applied to the l2-ap SAP. This can only be changed when the l2-ap is shutdown.
The no form of this command removes the template, the SAP will use default parameters.
This command enables the context to configure egress filter policies.
This command enables the context to configure ingress SAP Quality of Service (QoS) policies and filter policies.
This command enables the context to configure filter parameters.
This command associates an existing IP filter policy with the template.
This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).
This command associates an existing IPv6 filter policy with the template.
This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).
This command associates an existing MAC filter policy with the template.
This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic).
This command enables the context to configure filter parameters.
This command associates an existing IP filter policy with the template.
This command associates an existing IP filter policy with the template.
This command associates an existing IP filter policy with the template.
This command associates an existing QoS policy with the template.
This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The qos name sap-egress-policy-name variant can be used in all configuration modes.
This command associates a Quality of Service (QoS) policy with an ingress Service Access Point (SAP) for the Epipe SAP template.
This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The qos name sap-ingress-policy-name variant can be used in all configuration modes.
This command specifies whether the service will automatically discover the CE IP addresses.
When enabled, the addresses will be automatically discovered on SAPs that support address discovery, and on the spoke SDPs. When enabled, addresses configuration on the Ipipe SAP and spoke SDPs will not be allowed.
If disabled, CE IP addresses must be manually configured for the SAPs to become operationally up.
no ce-address-discovery
This is the top level of the hierarchy containing Ethernet to Legacy fault notification parameters. This context must activate using the no shutdown command before Ethernet to legacy fault notification can occur for Ipipe services that make use of PPP, MLPPP or HDLC. This is only applicable to Ipipe services with one legacy (PPP, MLPPP or HDLC) connection and an Ethernet SAP. No other services, not other combinations are supported.
This command enables stack-capability signaling in the initial label mapping message of the Ipipe PW to indicate that IPv6 is supported.
When enabled, the 7750 SR includes the stack-capability TLV with the IPv6 stack bit set according to the ce-address-discovery ipv6 keyword, and also checks the value of the stack-capability TLV received from the far end.
This command must be blocked if no ce-address-discovery is specified, or the ipv6 keyword is not included with the ce-address-discovery command.
This command if only applicable to the Ipipe service and must be blocked for all other services.
This command has no effect if both SAPs on the Ipipe service are local to the node.
no stack-capability-signaling
This command enables the context to specify circuit emulation (CEM) properties.
This command specifies the jitter buffer size, in milliseconds, and payload size, in bytes.
The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots as shown in Table 14.
Endpoint Type | Timeslots | Default Jitter Buffer (in ms) |
unstructuredE1 | — | 5 |
unstructuredT1 | — | 5 |
nxDS0 (E1/T1) | — | 32 |
N = 1 | 16 | |
N = 2 to 4 | 8 | |
N = 5 to 15 | 5 | |
nxDS0WithCas (E1) | N | 8 |
nxDS0WithCas (T1) | N | 12 |
Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffers is not allowed. Setting the jitter butter value to 0 sets it back to the default value.
Endpoint Type | Timeslots | Default Payload Size (in bytes) |
unstructuredE1 | — | 256 |
unstructuredT1 | — | 192 |
nxDS0 (E1/T1) | N = 1 | 64 |
N = 2 to 4 | N x 32 | |
N = 5 to 15 | N x 16 | |
N >= 16 | N x 8 | |
nxDS0WithCas (E1) | N | N x 16 |
nxDS0WithCas (T1) | N | N x 24 |
For nxDS0WithCas, the payload size divide by the number of timeslots must be an integer factor of the number of frames per trunk multi-frame (for example, 16 for E1 trunk and 24 for T1 trunk).
For 1xDS0, the payload size must be a multiple of 2.
For NxDS0, where N > 1, the payload size must be a multiple of the number of timeslots.
For unstructuredE1 and unstructuredT1, the payload size must be a multiple of 32 bytes.
Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffer is not allowed.
Setting the payload size to 0 sets it back to the default value.
This command indicates the type of CEM SAP alarm.
The no form of this command removes the parameter from the configuration.
On: stray, malformed, pktloss and overrun
Off: rpktloss, rfault, rrdi
This command defines the Emulated Circuit Identifiers (ECID) to be used for the local (source) end of the circuit emulation service.
The no form of this command removes the ECID from the configuration.
local-ecid 65535
This command defines the Emulated Circuit Identifiers (ECID) to be used for the remote (destination) end of the circuit emulation service.
This command defines the destination IEEE MAC address to be used to reach the remote end of the circuit emulation service.
remote-mac 00:00:00:00:00:00
This command specifies whether an RTP header is used when packets are transmitted to the packet service network (PSN) by the CEM SAP. This mode must be enabled for differential-timed DS1/E1s. It can optionally be enabled for other DS1/E1s for interoperability purposes.
no rtp-header
This command enables the context to configure ETH-CFM parameters.
Allows the individual service SAPs to react to changes in the tunnel MEP state. When tunnel-fault accept is configured at the service level, the SAP will react according to the service type, Epipe will set the operational flag and VPLS, IES and VPRN SAP operational state will become down on failure or up on clear. This command triggers the OAM mapping functions to mate SAPs and bindings in an Epipe service as well as setting the operational flag. If AIS generation is the requirement for the Epipe services this command is not required. See the ais-enable command under config>service>epipe>sap>eth-cfm>ais-enable context for more details. This works in conjunction with the tunnel-fault accept on the individual SAPs. Both must be set to accept to react to the tunnel MEP state. By default the service level command is “ignore” and the sap level command is “accept”. This means simply changing the service level command to “accept” will enable the feature for all SAPs. This is not required for Epipe services that only wish to generate AIS on failure.
tunnel-fault ignore (Service Level)
tunnel-fault accept (SAP Level for Epipe and VPLS)
This command enables the generation and the reception of AIS messages.
This command allows the operator to include all CCM Defect conditions or exclude the Remote Defect Indication CCM (DefRDICCM) as a trigger for generating AIS. AIS generation can only occur when the client-meg-level configuration option has been included. Changing this parameter will evaluate the MEP for AIS triggers based on the new criteria.
This command enables the context to configure per-forwarding class (FC) LMM information collection.
This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.
This command creates individual counters for the specified FCs without regard for profile. All countable packets that match a configured FC, regardless of profile, will be included in this counter.
A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.
Up to eight FCs may be specified. An FC that is specified as part of this command for this specific context cannot be specified as a profile-aware FC using the fc-in-profile command under the same context.
The no form of this command removes all previously defined FCs and stops counting for those FCs.
no fc
This command creates individual counters for the specified FCs with regard for profile. All countable packets that match a configured FC and are deemed to be in-profile will be included in this counter.
A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.
Up to eight FCs may be specified. An FC that is specified as part of this command for this specific context cannot be specified as a profile-unaware FC using the fc command under the same context.
The no form of this command removes all previously defined FCs and stops counting for those FCs.
no fc-in-profile
This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display which entities are collecting stats.
The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.
no collect-lmm-stats
This command configures the client maintenance entity group (MEG) level or levels to use for AIS message generation. Up to 7 levels can be provisioned with the restriction that the client MEG level must be higher than the local MEG level.
This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on operationally down MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non-operational state of the entity or on any CCM defect condition. AIS generation will cease if BOTH operationally up state and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.
no interface-support-enabled (AIS will not be generated or stopped based on the state of the entity on) which the operationally down MEP is configured.
This command specifies the transmission interval of AIS messages in seconds.
This command specifies the priority of AIS messages originated by the node.
This command enables the context to configure Ethernet tunnel SAP parameters.
This command configures Ethernet tunnel SAP path parameters.
The no form of this command removes the values from the configuration.
This command provisions the maintenance endpoint (MEP).
The no form of this command reverts to the default values.
This command enables the generation of CCM messages.
The no form of this command disables the generation of CCM messages.
This command specifies the priority value for CCMs and LTMs transmitted by the MEP.
The no form of this command removes the priority value from the configuration.
The highest priority on the bridge-port.
Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.
no ccm-padding-size
This command enables the reception and local processing of ETH-CSF frames.
This command enables the multiplication factor applied to the receive time used to clear the CSF condition in increments of .5.
multiplier 3.5
This command allows the receiving MEP to ignore the specified TLVs in CCM PDU. Ignored TLVs will be reported as absent and will have no impact on the MEP state machine.
The no form of this command means the receiving MEP will process all recognized TLVs in the CCM PDU.
no ccm-tlv-ignore
For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test then can be done using the following OAM commands:
oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]
A check is performed for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP indicates the problem.
This command is used to specify the threshold value of bit errors.
This command configures the test pattern for eth-test frames.
The no form of this command removes the values from the configuration.
test-pattern all-zeros
This command configures the fault propagation for the MEP.
This command enables the context to configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.
This command enables the context to configure ITU-T Y.1731 ETH-ED expected defect functional parameters.
This command limits the duration of the received ETH-ED expected defect window to the lower value of either the received value from the peer or this parameter.
The no form of this command removes the limitation, and any valid defect window value received from a peer MEP in the ETH-ED PDU will be used.
no max-rx-defect-window
This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.
The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.
no priority
This command enables the reception and processing of the ITU-T Y.1731 ETH-ED PDU on the MEP.
The no form of this command disables the reception of the ITU-T Y.1731 ETH-ED PDU on the MEP.
This command enables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP when a system soft reset notification is received for one or more cards.
The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.
The no form of this command disables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP.
no tx-eth-ed
This command enables the context to configure Nokia ETH-CFM Grace functional parameters.
This command enables the reception and processing of the Nokia ETH-CFM Grace PDU on the MEP.
The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.
The no form of this command disables the reception of the Nokia ETH-CFM Grace PDU on the MEP.
This command enables the transmission of the Nokia ETH-CFM Grace PDU from the MEP when a system soft reset notification is received for one or more cards.
The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.
The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.
The no form of this command disables the transmission of the Nokia ETH-CFM Grace PDU from the MEP.
This command enables the MEP to process service activation streams encapsulated in ETH-CFM LBM frames that are directed to the MEP. The MEP will be allocated additional resources to rapidly respond to a high-speed stream of LBM messages. A MEP created with this option will not validate any TLVs, will not validate the ETH-LBM MAC Address, and will not increment or compute any loopback statistics. Statistical computation and reporting is the responsibility of the test head-end. The ETH-CFM level of the high speed ETH-LBM stream must match the level of a MEP configured with this command. It must not target any lower ETH-CFM level the MEP will terminate. When the service activation test is complete, the MEP may be returned to standard processing by removing this command. If there is available bandwidth, the MEP will respond to other ETH-CFM PDUs, such as ETH-DMM marker packets, using standard processing.
The interaction between this command and the tools perform service id service-id loopback eth command must be carefully considered. It is recommended that either the lbm-svc-act-responder or the tools perform service id service-id loopback eth command be used at any given time within a service. If both commands must be configured, and the target reflection point is the MAC Swap Loopback function, the inbound stream of data must not include ETH-CFM traffic that is equal to or lower than the domain level of any configured MEP which would otherwise extract and process the ETH-CFM message. If the reflection target is a MEP configured with the lbm-svc-act-responder option, the mode (ingress or egress) of the SAP or SDP specified with this tools command and the MEP direction (up or down) must match when the functions are enabled on the same reflection point, and the domain level of the inbound ETH-LBM must be the same as that of the MEP configured with the lbm-svc-act-responder option. At no time should the two functions be conflicting with each other along the path of the stream. This conflict would lead to unpredictable and possibly destabilizing situations.
The no form of this command reverts to MEP LBM standard processing.
no lbm-svc-act-responder
This command specifies the lowest priority defect that is allowed to generate a fault alarm.
low-priority-defect macRemErrXcon
allDef | DefRDICCM, DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM | |
macRemErrXcon | Only DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM | |
remErrXcon | Only DefRemoteCCM, DefErrorCCM, and DefXconCCM | |
errXcon | Only DefErrorCCM and DefXconCCM | |
xcon | Only DefXconCCM | |
noXcon | No defects DefXcon or lower are to be reported |
This command specifies the MAC address of the MEP.
The no form of this command reverts the MAC address of the MEP back to that of the port (if the MEP is on a SAP) or the bridge (if the MEP is on a spoke).
This command enables/disables eth-test functionality on MEP.
This command allows Maintenance Intermediate Points (MIPs). The creation rules of the MIP are dependent on the mhf-creation configuration for the MA.
The no form of this command removes the MIP creation request.
no mip
This command defines the levels of the ETH-CFM PDUs that will silently be discarded on ingress into the SAP or SDP binding from the wire. All ETH-CFM PDUs inbound to the SAP or SDP binding will be dropped that match the configured levels without regard for any other ETH-CFM criteria. No statistical information or drop count will be available for any ETH-PDU that is silently discarded by this option. The operator must configure a complete contiguous list of md-levels up to the highest level that will be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first.
The no form of this command removes the silent discarding of previously matching ETH-CFM PDUs.
no squelch-ingress-levels
This command forces the data path to push two VLAN tags at network egress when sending traffic on SDP bindings or EVPN-MPLS destinations. The VLAN tag values are derived from the service-delimiting tags at the ingress, depending on the configured parameter. At network ingress this command, configured on EVPN-MPLS or the SDP-binding, pops two VLAN tags at most.
The no version of this command does not make the data path to push any VLAN tags in SDP bindings or EVPN-MPLS, or pop two VLAN tags.
no force-qinq-vc-forwarding
This command forces vc-vlan-type forwarding in the data path for spoke and mesh SDPs which have either vc-type. This command is not allowed on vlan-vc-type SDPs.
The no version of this command sets default behavior.
no force-vlan-vc-forwarding
This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface.
Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.
The filter command is used to associate a filter policy with a specified filter-id with an ingress or egress SAP. The filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.
IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.
The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.
IPv6 filters are only supported by the 7450 ESS and 7750 SR but are not supported on a Layer 2 SAP that is configured with QoS MAC criteria. Also, MAC filters are not supported on a Layer 2 SAP that is configured with QoS IPv6 criteria.
This command enables the context to configure L2TPv3 spoke SDPs for Epipe services.
This command configures the RX/TX cookie for L2TPv3 spoke SDPs for Epipe services. The RX cookie must match the configured TX cookie on a far-end node, while the TX cookie must match the configured RX cookie on a far-end node. If a mismatch is detected between the configured (far-end binding cookie) to what is received by the local IP address of the SDP a flag is set and must be manually cleared by an operator.
The purpose of the cookie is to provide validation against misconfiguration of service endpoints, and to ensure that the right service egress is being used.
One egress cookie and up to two ingress cookies may be configured per spoke SDP binding. One or two cookies can be configured for matching ingress packets from the far-end node, in order to support cookie rollover without dropping packets. When a cookie is not configured, SR OS assumes a value of 00:00:00:00:00:00:00:00.
A cookie is not mandatory. An operator may delete an egress cookie or either or both ingress cookies.
no cookie1 cookie2
This command configures HSMDA egress and ingress queue overrides.
This command adds or subtracts the specified number of bytes to the accounting function for each packet handled by the HSMDA queue. Normally, the accounting and leaky bucket functions are based on the Ethernet DLC header, payload and the 4-byte CRC (everything except the preamble and inter-frame gap). For example, this command can be used to add the frame encapsulation overhead (20 bytes) to the queues accounting functions.
The accounting functions affected include:
The secondary shaper leaky bucket, scheduler priority level leaky bucket and the port maximum rate updates are not affected by the configured packet-byte-offset. Each of these accounting functions are frame based and always include the preamble, DLC header, payload and the CRC regardless of the configured byte offset.
The packet-byte-offset command accepts either add or subtract as valid keywords which define whether bytes are being added or removed from each packet traversing the queue. Up to 20 bytes may be added to the packet and up to 43 bytes may be removed from the packet. An example use case for subtracting bytes from each packet is an IP based accounting function. Given a Dot1Q encapsulation, the command packet-byte-offset subtract 14 would remove the DLC header and the Dot1Q header from the size of each packet for accounting functions only. The 14 bytes are not actually removed from the packet, only the accounting size of the packet is affected.
As mentioned previously, the variable accounting size offered by the packet-byte-offset command is targeted at the queue and queue group level. When the queue group represents the last-mile bandwidth constraints for a subscriber, the offset allows the HSMDA queue group to provide an accurate accounting to prevent overrun and underrun conditions for the subscriber. The accounting size of the packet is ignored by the secondary shapers, the scheduling priority level shapers and the scheduler maximum rate. The actual on-the-wire frame size is used for these functions to allow an accurate representation of the behavior of the subscriber’s packets on an Ethernet aggregation network.
The packet-byte-offset value can be overridden for the HSMDA queue at the SAP or subscriber profile level.
The no form of this command removes any accounting size changes to packets handled by the queue. The command does not affect overrides that may exist on SAPs or subscriber profiles associated with the queue.
This command, within the QoS policy hsmda-queue context, is a container for the configuration parameters controlling the behavior of an HSMDA queue. Unlike the standard QoS policy queue command, this command is not used to actually create or dynamically assign the queue to the object which the policy is applied. The queue identified by queue-id always exists on the SAP or subscriber context whether the command is executed or not. In the case of HSMDA SAPs and subscribers, all eight queues exist at the moment the system allocates an HSMDA queue group to the object (both ingress and egress).
Best-Effort, Expedited and Auto-Expedite Queue Behavior Based on Queue-ID
With standard service queues, the scheduling behavior relative to other queues is based on two items, the queues Best-Effort or Expedited nature and the dynamic rate of the queue relative to the defined CIR. HSMDA queues are handled differently. The create time auto-expedite and explicit expedite and best-effort qualifiers have been eliminated and instead the scheduling behavior is based solely on the queues identifier. Queues with a queue-id equal to 1 are placed in scheduling class 1. Queues with queue-id 2 are placed in scheduling class 2. And so on up to scheduling class 8. Each scheduling class is either mapped directly to a strict scheduling priority level based on the class ID, or the class may be placed into a weighted scheduling class group providing byte fair weighted round robin scheduling between the members of the group. Two weighted groups are supported and each may contain up to three consecutive scheduling classes. The weighted group assumes its highest member class inherent strict scheduling level for scheduling purposes. Strict priority level 8 has the highest priority while strict level 1 has the lowest. When grouping of scheduling classes is defined, some of the strict levels will not be in use.
Single Type of HSMDA Queues
Another difference between HSMDA queues and standard service queues is the lack of Multipoint queues. At ingress, an HSMDA SAP or subscriber does not require Multipoint queues since all forwarding types (broadcast, multicast, unicast and unknown) forward to a single destination ñ the ingress forwarding plane on the IOM. Instead of a possible eight queues per forwarding type (for a total of up to 32) within the SAP ingress QoS policy, the hsmda-queues node supports a maximum of eight queues.
Every HSMDA Queue Supports Profile Mode Implicitly
Unlike standard service queues, the HSMDA queues do not need to be placed into the special mode profile at create time in order to support ingress color aware policing. Each queue may handle in-profile, out-of-profile and profile undefined packets simultaneously. As with standard queues, the explicit profile of a packet is dependent on ingress sub-forwarding class to which the packet is mapped.
The no form of this command restores the defined queue-id to its default parameters. All HSMDA queues having the queue-id and associated with the QoS policy are re-initialized to default parameters.
This command specifies the administrative PIR by the user.
This command assigns the weight value to the HSMDA queue.
The no form of this command returns the weight value for the queue to the default value.
This command associates an existing HSMDA weighted-round-robin (WRR) scheduling loop policy to the HSMDA queue.
This command assigns an HSMDA slope policy to the SAP. The policy may be assigned to an ingress or egress HSMDA queue. The policy contains the Maximum Buffer Size (MBS) that will be applied to the queue and the high and low priority RED slope definitions. The function of the MBS and RED slopes is to provide congestion control for an HSMDA queue. The MBS parameter defines the maximum depth a queue may reach when accepting packets. The low and high priority RED slopes provides for random early detection of congestion and slope based discards based on queue depth.
An HSMDA slope policy can be applied to queues defined in the SAP ingress and SAP egress QoS policy HSMDA queues context. Once an HSMDA slope policy is applied to a SAP QoS policy queue, it cannot be deleted. Any edits to the policy are updated to all HSMDA queues indirectly associated with the policy.
Default HSMDA Slope Policy
An HSMDA slope policy named “default” always exists on the system and does not need to be created. The default policy is automatically applied to all HSMDA queues unless another HSMDA slope policy is specified for the queue. The default policy cannot be modified or deleted. Attempting to execute the no hsmda-slope-policy default command results in an error.
The no form of this command removes the specified HSMDA slope policy from the configuration. If the HSMDA slope policy is currently associated with an HSMDA queue, the command will fail.
This command configures an HSMDA egress secondary shaper.
This command associates a filter policy with an ingress or egress Service Access Point (SAP) or IP interface.
Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.
The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress SAP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.
IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.
The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.
This command configures ingress VLAN translation. If enabled with an explicit VLAN value, the preserved VLAN id will be overwritten with this value. This setting is applicable to dot1q encapsulated ports. If enabled with the copy-outer keyword, the outer VLAN id will be copied to inner position on QinQ encapsulated ports. The feature is not supported on:
The no version of the command disables VLAN translation.
no vlan-translation
This command provides ingress VLAN translation for two service-delimiting VLAN values, as opposed to the vlan-translation command that provides translation for only one service-delimiting VLAN value. This command is used with the force-qinq-vc-forwarding command so that the VLAN values that are pushed on SDP bindings or EVPN-MPLS can be normalized (translated). The command has no effect without the configuration of force-qinq-vc-forwarding and cannot be used in non-QinQ SAPs.
The no version of the command disables QinQ VLAN translation.
no qinq-vlan-translation
This command specifies which Dot1Q tag position Dot1P bits in a QinQ encapsulated packet should be used to evaluate Dot1P QoS classification.
The match-qinq-dot1p command allows the top or bottom PBits to be used when evaluating the applied sap-ingress QoS policy’s Dot1P entries. The top and bottom keywords specify which position should be evaluated for QinQ encapsulated packets.
The setting also applies to classification based on the DE indicator bit.
The no form of this command reverts the dot1p and de bits matching to the default tag.
By default, the bottom most service delineating Dot1Q tags Dot1P bits are used. Table 16 defines the default behavior for Dot1P evaluation.
Port / SAP Type | Existing Packet Tags | PBits Used for Match |
Null | None | None |
Null | Dot1P (VLAN ID 0) | Dot1P PBits |
Null | Dot1Q | Dot1Q PBits |
Null | TopQ BottomQ | TopQ PBits |
Null | TopQ (No BottomQ) | TopQ PBits |
Dot1Q | None (Default SAP) | None |
Dot1Q | Dot1P (Default SAP VLAN ID 0) | Dot1P PBits |
Dot1Q | Dot1Q | Dot1Q PBits |
QinQ / TopQ | TopQ | TopQ PBits |
QinQ / TopQ | TopQ BottomQ | TopQ PBits |
QinQ / QinQ | TopQ BottomQ | BottomQ PBits |
no match-qinq-dot1p (no filtering based on p-bits)
(top or bottom must be specified to override the default QinQ dot1p behavior)
Port / SAP Type | Existing Packet Tags | PBits Used for Match |
Null | None | None |
Null | Dot1P (VLAN ID 0) | Dot1P PBits |
Null | Dot1Q | Dot1Q PBits |
Null | TopQ BottomQ | TopQ PBits |
Null | TopQ (No BottomQ) | TopQ PBits |
Dot1Q | None (Default SAP) | None |
Dot1Q | Dot1P (Default SAP VLAN ID 0) | Dot1P PBits |
Dot1Q | Dot1Q | Dot1Q PBits |
QinQ / TopQ | TopQ | TopQ PBits |
QinQ / TopQ | TopQ BottomQ | TopQ PBits |
QinQ / QinQ | TopQ BottomQ | TopQ PBits |
Port / SAP Type | Existing Packet Tags | PBits Used for Match |
Null | None | None |
Null | Dot1P (VLAN ID 0) | Dot1P PBits |
Null | Dot1Q | Dot1Q PBits |
Null | TopQ BottomQ | TopQ PBits |
Null | TopQ (No BottomQ) | TopQ PBits |
Dot1Q | None (Default SAP) | None |
Dot1Q | Dot1P (Default SAP VLAN ID 0) | Dot1P PBits |
Dot1Q | Dot1Q | Dot1Q PBits |
QinQ / TopQ | TopQ | TopQ PBits |
QinQ / TopQ | TopQ BottomQ | TopQ PBits |
QinQ / QinQ | TopQ BottomQ | BottomQ PBits |
Egress SAP Type | Ingress Packet Preserved Dot1P State | Marked (or Remarked) PBits |
Null | No preserved Dot1P bits | None |
Null | Preserved Dot1P bits | Preserved tag PBits remarked using dot1p-value |
Dot1Q | No preserved Dot1P bits | New PBits marked using dot1p-value |
Dot1Q | Preserved Dot1P bits | Preserved tag PBits remarked using dot1p-value |
TopQ | No preserved Dot1P bits | TopQ PBits marked using dot1p-value |
TopQ | Preserved Dot1P bits (used as TopQ and BottomQ PBits) | TopQ PBits marked using dot1p-value, BottomQ PBits preserved |
QinQ | No preserved Dot1P bits | TopQ PBits and BottomQ PBits marked using dot1p-value |
QinQ | Preserved Dot1P bits (used as TopQ and BottomQ PBits) | TopQ PBits and BottomQ PBits marked using dot1p-value |
The QinQ and TopQ SAP PBit/DEI bit marking follows the default behavior defined in the preceding table when qinq-mark-top-only is not specified.
The dot1p dot1p-value command must be configured without the qinq-mark-top-only parameter to remove the TopQ PBits only marking restriction.
A QinQ-encapsulated Ethernet port can have two different sap types:
For a TopQ SAP type, only the outer (top) tag is explicitly specified. For example, sap 1/1/1:10.*
For QinQ SAP type, both inner (bottom) and outer (top) tags are explicitly specified. For example, sap 1/1/1:10.100.
This command enables the context to configure Frame Relay parameters.
This command enables the use of FRF12 headers.
The no form of this command disables the use of FRF12 headers.
This command specifies the maximum length of a fragment to be transmitted.
The no form of this command reverts to the default.
This command enables interleaving of high priority frames and low priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.
When this option is enabled, only frames of the FR SAP non-expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header, among the fragmented frames. In effect, this provides a behavior like in MLPPP Link Fragment Interleaving (LFI).
When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is however not included when the frame size is smaller than the user configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.
The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.
The no form of this command restores the default mode of operation.
no interleave
This command specifies the scheduling class to use for this SAP.
This command specifies the data encapsulation for an ATM PVCC delimited Epipe SAP. The definition references RFC 2684, Multiprotocol Encapsulation over ATM AAL5, and to the ATM Forum LAN Emulation specification. Ingress traffic that does not match the configured encapsulation will be dropped.
encapsulation aal5snap-bridged
This command specifies the data encapsulation for an ATM PVCC delimited Ipipe SAP. The definition references RFC 2684, Multiprotocol Encapsulation over ATM AAL5, and to the ATM Forum LAN Emulation specification. Ingress traffic that does not match the configured encapsulation will be dropped.
encapsulation aal5snap-routed