3.1.1. LSP Diagnostics: LSP Ping and Trace

The router LSP diagnostics are implementations of LSP ping and LSP trace based on RFC 8029, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures. LSP ping provides a mechanism to detect data plane failures in MPLS LSPs. LSP ping and LSP trace are modeled after the ICMP echo request or reply used by ping and trace to detect and localize faults in IP networks.

For a given LDP FEC, RSVP P2P LSP, or BGP IPv4 or IPv6 label route, LSP ping verifies whether the packet reaches the egress label edge router (LER), while in LSP trace mode, the packet is sent to the control plane of each transit label switched router (LSR) which performs various checks to see if it is actually a transit LSR for the path.

The downstream mapping TLV is used in lsp-ping and lsp-trace to provide a mechanism for the sender and responder nodes to exchange and validate interface and label stack information for each downstream of an LDP FEC or an RSVP LSP and at each hop in the path of the LDP FEC or RSVP LSP.

Two downstream mapping TLVs are supported. The original Downstream Mapping (DSMAP) TLV defined in RFC 4379, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures, (obsoleted by RFC 8029) and the new Downstream Detailed Mapping (DDMAP) TLV defined in RFC 6424, Mechanism for Performing Label Switched Path Ping (LSP Ping) over MPLS Tunnels, and RFC 8029.

When the responder node has multiple equal cost next-hops for an LDP FEC prefix, the downstream mapping TLV can further be used to exercise a specific path of the ECMP set using the path-destination option. The behavior in this case is described in the ECMP sub-section below.

3.1.2. LSP Ping/Trace for an LSP Using a BGP IPv4 or IPv6 Label Route

This feature adds support of the Target FEC Stack TLV of type BGP Labeled IPv4 /32 Prefix as defined in RFC 8029.

The new TLV is structured as shown in Figure 23.

Figure 23:  Target FEC Stack TLV for a BGP Labeled IPv4 and IPv6 Prefixes 

The user issues a LSP ping using the existing CLI command and specifying a new type of prefix:

oam lsp-ping bgp-label prefix ip-prefix/mask [src-ip-address ip-address] [fc fc-name [profile {in | out}]] [size octets] [ttl label-ttl] [send-count send-count] [timeout timeout] [interval interval] [path-destination ip-address [interface if-name | next-hop ip-address]] [detail]

This feature supports BGP label IPv4 prefixes with a prefix length of 32 bits only and supports IPv6 prefixes with a prefix length of 128 bits only.

The path-destination option is used to exercise specific ECMP paths in the network when the LSR performs hashing on the MPLS packet.

Similarly, the user issues a LSP trace using the following command:

oam lsp-trace bgp-label prefix ip-prefix/mask [src-ip-address ip-address] [fc fc-name [profile {in | out}]] [max-fail no-response-count] [probe-count probes-per-hop] [size octets] [min-ttl min-label-ttl] [max-ttl max-label-ttl] [timeout timeout] [interval interval] [path-destination ip-address [interface if-name | next-hop ip-address]] [detail]

The following are the procedures for sending and responding to an LSP ping or LSP trace packet. These procedures are valid when the downstream mapping is set to the DSMAP TLV. The detailed procedures with the DDMAP TLV are presented in Using DDMAP TLV in LSP Stitching and LSP Hierarchy.

Note that only BGP label IPv4 /32 prefixes and BGP IPv6 /128 prefixes are supported since only these are usable as tunnels on the Nokia router platforms. The BGP IPv4 or IPv6 label prefix is also supported with the prefix SID attribute if BGP segment routing is enabled on the routers participating in the path of the tunnel.

The responder node must have an IPv4 address to use as the source address of the IPv4 echo reply packet. SR OS uses the system interface IPv4 address. When an IPv4 BGP label route resolves to an IPv6 next-hop and uses an IPv6 transport tunnel, any LSR or LER node which responds to an lsp-ping or lsp-trace message must have an IPv4 address assigned to the system interface or the reply is not sent. In the latter case, the lsp-ping or lsp-trace probe times out at the sender node.

Similarly, the responder node must have an IPv6 address assigned to the system interface so that it gets used in the IPv6 echo reply packet in the case of a BGP-LU IPv6 label route when resolved to an IPv4 or an IPv4-mapped IPv6 next-hop which itself is resolved to an IPv4 transport tunnel.

3.1.3. ECMP Considerations

When the responder node has multiple equal cost next-hops for an LDP FEC or a BGP label prefix, it replies in the Downstream Mapping TLV with the downstream information of the outgoing interface which is part of the ECMP next-hop set for the prefix.

Note that when BGP label route is resolved to an LDP FEC (of the BGP next-hop of the BGP label route), ECMP can exist at both the BGP and LDP levels. The following selection of next-hop is performed in this case:

The following description of the behavior of LSP ping and LSP trace makes ae reference to a FEC in a generic way and which can represent an LDP FEC or a BGP label route. In addition the reference to a downstream mapping TLV means either the DSMAP TLV or the DDMAP TLV.

3.1.4. lsp-ping and lsp-trace over Unnumbered IP Interface

Lsp-ping and p2mp-lsp-ping operate over a network using unnumbered links without any changes. Lsp-trace, p2mp-lsp-trace and ldp-treetrace are modified such that the unnumbered interface is properly encoded in the downstream mapping (DSMAP/DDMAP) TLV.

In a RSVP P2P or P2MP LSP, the upstream LSR encodes the downstream router-id in the “Downstream IP Address” field and the local unnumbered interface index value in the “Downstream Interface Address” field of the DSMAP/DDMAP TLV as per RFC 8029. Both values are taken from the TE database.

In a LDP unicast FEC or mLDP P2MP FEC, the interface index assigned by the peer LSR is not readily available to the LDP control plane. In this case, the alternative method described in RFC 8029 is used. The upstream LSR sets the Address Type to IPv4 Unnumbered, the Downstream IP Address to a value of 127.0.0.1, and the interface index is set to 0. If an LSR receives an echo-request packet with this encoding in the DSMAP/DDMAP TLV, it bypasses interface verification but continues with label validation.

3.1.5. Downstream Detailed Mapping (DDMAP) TLV

The DDMAP TLV provides the same features as the existing DSMAP TLV, plus the enhancement to trace the details of LSP stitching and LSP hierarchy. The latter is achieved using a new sub-TLV of the DDMAP TLV called the FEC stack change sub-TLV. Figure 24 shows the structures of these two objects as defined in RFC 6424.

Figure 24:  DDMAP TLV 

The DDMAP TLV format is derived from the DSMAP TLV format. The key change is that variable length and optional fields have been converted into sub-TLVs. The fields have the same use and meaning as in RFC 8029 as shown in Figure 25.

Figure 25:  FEC Stack Change Sub-TLV 

The operation type specifies the action associated with the FEC stack change. The following operation types are defined.

More details on the processing of the fields of the FEC stack change sub-TLV are provided later in this section.

The user can configure which downstream mapping TLV to use globally on a system by using the following command:

configure test-oam mpls-echo-request-downstream-map {dsmap | ddmap}

This command specifies which format of the downstream mapping TLV to use in all LSP trace packets and LDP tree trace packets originated on this node. The Downstream Mapping (DSMAP) TLV is the original format in RFC 4379 (obsoleted by RFC 8029) and is the default value. The Downstream Detailed Mapping (DDMAP) TLV is the new enhanced format specified in RFC 6424 and RFC 8029.

This command applies to LSP trace of an RSVP P2P LSP, a MPLS-TP LSP, a BGP label route, or LDP unicast FEC, and to LDP tree trace of a unicast LDP FEC. It does not apply to LSP trace of an RSVP P2MP LSP which always uses the DDMAP TLV.

The global Downstream Mapping TLV setting impacts the behavior of both OAM LSP trace packets and SAA test packets of type lsp-trace and is used by the sender node when one of the following events occurs:

A consequence of the rules above is that a change to the value of mpls-echo-request-downstream-map option does not affect the value inserted in the downstream mapping TLV of existing tests.

The following are the details of the processing of the new DDMAP TLV:

3.1.6. Using DDMAP TLV in LSP Stitching and LSP Hierarchy

In addition to performing the same features as the DSMAP TLV, the DDMAP TLV addresses the following scenarios:

In order to properly check a target FEC which is stitched to another FEC (stitching FEC) of the same or a different type, or which is tunneled over another FEC (tunneling FEC), it is necessary for the responding nodes to provide details about the FEC manipulation back to the sender node. This is achieved via the use of the new FEC stack change sub-TLV in the Downstream Detailed Mapping TLV (DDMAP) defined in RFC 6424.

When the user configures the use of the DDMAP TLV on a trace for an LSP that does not undergo stitching or tunneling operation in the network, the procedures at the sender and responder nodes are the same as in the case of the existing DSMAP TLV.

This feature however introduces changes to the target FEC stack validation procedures at the sender and responder nodes in the case of LSP stitching and LSP hierarchy. These changes pertain to the processing of the new FEC stack change sub-TLV in the new DDMAP TLV and the new return code 15 Label switched with FEC change. The following is a description of the main changes which are a superset of the rules described in Section 4 of RFC 6424 to allow greater scope of interoperability with other vendor implementations.

3.1.7. MPLS OAM Support in Segment Routing

MPLS OAM supports Segment Routing extensions to lsp-ping and lsp-trace as specified in draft-ietf-mpls-spring-lsp-ping.

Segment Routing (SR) performs both shortest path and source-based routing. When the data plane uses MPLS encapsulation, MPLS OAM tools such as lsp-ping and lsp-trace can be used to check connectivity and trace the path to any mid-point or endpoint of an SR-ISIS, a SR-OSPF shortest path tunnel, or an SR-TE LSP.

The CLI options for lsp-ping and lsp-trace are under OAM and SAA for the following types of Segment Routing tunnels:

3.1.7.1. SR Extensions for LSP-PING and LSP-TRACE

This section describes how MPLS OAM models the SR tunnel types.

An SR shortest path tunnel, SR-ISIS, or SR-OSPF tunnel, uses a single FEC element in the Target FEC Stack TLV. The FEC corresponds to the prefix of the node SID in a specific IGP instance.

Figure 26 illustrates the format for the IPv4 IGP-prefix segment ID:

Figure 26:  IPv4 IGP-prefix segment ID 

In this format, the fields are as follows:

1. IPv4 Prefix
   This field carries the IPv4 prefix to which the segment ID is assigned. For anycast segment ID, this field carries the IPv4 anycast address. If the prefix is shorter than 32 bits, trailing bits must be set to zero.
2. Prefix Length
   The Prefix Length field is one octet. It gives the length of the prefix in bits (values can be 1 to 32).
3. Protocol
   This field is set to 1 if the IGP protocol is OSPF and is set to 2 if the IGP protocol is IS-IS.

Figure 27 illustrates the format for the IPv6 IGP prefix segment ID:

Figure 27:  IPv6 IGP prefix segment ID 

In this format, the fields are as follows:

1. IPv6 Prefix
   This field carries the IPv6 prefix to which the segment ID is assigned. For anycast segment ID, this field carries the IPv4 anycast address. If the prefix is shorter than 128 bits, trailing bits must be set to zero.
2. Prefix Length
   The Prefix Length field is one octet, it gives the length of the prefix in bits (values can be 1 to 128).
3. Protocol
   This field is set to 1 if the IGP protocol is OSPF and is set to 2 if the IGP protocol is IS-IS.

An SR-TE LSP, as a hierarchical LSP, uses the Target FEC Stack TLV, which contains a FEC element for each node SID and for each adjacency SID in the path of the SR-TE LSP. Because the SR-TE LSP does not instantiate state in the LSR other than the ingress LSR, MPLS OAM is just testing a hierarchy of node SID and adjacency SID segments towards the destination of the SR-TE LSP. The format of the node-SID is as illustrated above. Figure 28 illustrates the format for the IGP-Adjacency segment ID is as follows:

Figure 28:  IGP-Adjacency segment ID 

In this format, the fields are as follows:

1. Adj. Type (Adjacency Type)
   This field is set to 1 when the adjacency segment is parallel adjacency as defined in section 3.5.1 of I-D.ietf-spring-segment-routing. This field is set to 4 when the adjacency segment is IPv4-based and is not a parallel adjacency. This field is set to 6 when the adjacency segment is IPv6-based and is not a parallel adjacency.
2. Protocol
   This field is set to 1 if the IGP protocol is OSPF and is set to 2 if the IGP protocol is IS-IS.
3. Local Interface ID
   This field is an identifier that is assigned by local LSR for a link on which the adjacency segment ID is bound. This field is set to local link address (IPv4 or IPv6). If unnumbered, the 32-bit link identifier defined in RFC 4203 and RFC 5307 is used. If the adjacency segment ID represents parallel adjacencies, as described in section 3.5.1 of I-D.ietf-spring-segment-routing, then this field must be set to zero.
4. Remote Interface ID
   This field is an identifier that is assigned by remote LSR for a link on which adjacency segment ID is bound. This field is set to the remote (downstream neighbor) link address (IPv4 or IPv6). If unnumbered, the 32-bit link identifier defined in RFC 4203 and RFC 5307 is used. If the adjacency segment ID represents parallel adjacencies, as described in section 3.5.1 of I-D.ietf-spring-segment-routing. This field must be set to zero.
5. Advertising Node Identifier
   This field specifies the advertising node identifier. When the Protocol field is set to 1, then the 32 rightmost bits represent the OSPF router ID. If the Protocol field is set to 2, this field carries the 48-bit IS-IS system ID.
6. Receiving Node Identifier
   This field specifies the downstream node identifier. When the Protocol field is set to 1, then the 32 rightmost bits represent OSPF router ID. If the Protocol field is set to 2, this field carries the 48-bit IS-IS system ID.

Both lsp-ping and lsp-trace apply to the following contexts:

1. SR-ISIS or SR-OSPF shortest path IPv4 tunnel
2. SR-ISIS or SR-OSPF3 (OSPFv3 instance ID 0-31) shortest path IPv6 tunnel
3. IS-IS SR-TE IPv4 LSP and OSPF SR-TE IPv4 LSP
4. SR-ISIS IPv4 tunnel stitched to an LDP IPv4 FEC
5. BGP IPv4 LSP or BGP IPv6 LSP (with an IPv4 or an IPv4-mapped-IPv6 next-hop) resolved over an SR-ISIS IPv4 tunnel, an SR-OSPF IPv4 tunnel, or an SR-TE IPv4 LSP. This includes support for BGP LSP across AS boundaries and for ECMP next-hops at the transport tunnel level.
6. BGP IPv4 LSP (with an IPv6 next-hop) or a BGP IPv6 LSP resolved over an SR-ISIS IPv6 tunnel, an SR-OSPF3 IPv6 tunnel, or an SR-TE IPv6 LSP; including support for BGP LSP across AS boundaries and for ECMP next-hops at the transport tunnel level.
7. SR-ISIS or SR-OSPF IPv4 tunnel resolved over IGP IPv4 shortcuts using RSVP-TE LSPs
8. SR-ISIS IPv6 tunnel resolved over IGP IPv4 shortcuts using RSVP-TE LSPs
9. LDP IPv4 FEC resolved over IGP IPv4 shortcuts using SR-TE LSPs

3.1.7.2. Operation on SR-ISIS or SR-OSPF Tunnels

The following operations apply to lsp-ping and lsp-trace.

1. The sender node builds the Target FEC Stack TLV with a single FEC element corresponding to the node SID of the destination of the SR-ISIS or SR-OSPF tunnel.
2. A node SID label that is swapped at an LSR results in the return code of 8, “Label switched at stack-depth <RSC>” as per RFC 8029.
3. A node SID label that is popped at an LSR results in a return code of 3, “Replying router is an egress for the FEC at stack-depth <RSC>”.
4. The lsp-trace command is supported with the inclusion of the DSMAP TLV, the DDMAP TLV, or none (when none is configured, no Map TLV is sent). The downstream interface information is returned along with the egress label for the node SID tunnel and the protocol that resolved the node SID at the responder node.

Figure 29 shows a sample topology for an lsp-ping and lsp-trace for SR-ISIS node SID tunnel.

Figure 29:  Testing MPLS OAM with SR tunnels 

Given this topology, the following is an output example for LSP-PING on DUT-A for target Node SID of DUT-F:

*A:Dut-A# oam lsp-ping sr-isis prefix 10.20.1.6/32 igp-instance 0 detail

LSP-PING 10.20.1.6/32: 80 bytes MPLS payload

Seq=1, send from intf int_to_B, reply from 10.20.1.6

       udp-data-len=32 ttl=255 rtt=1220324ms rc=3 (EgressRtr)

---- LSP 10.20.1.6/32 PING Statistics ----

1 packets sent, 1 packets received, 0.00% packet loss

round-trip min = 1220324ms, avg = 1220324ms, max = 1220324ms, stddev = 0.000ms

The following is an output example for LSP-TRACE on DUT-A for target node SID of DUT-F (DSMAP TLV):

*A:Dut-A# oam lsp-trace sr-isis prefix 10.20.1.6/32 igp-instance 0 detail

lsp-trace to 10.20.1.6/32: 0 hops min, 0 hops max, 108 byte packets

1  10.20.1.2  rtt=1220323ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.4.4 ifaddr=10.10.4.4 iftype=ipv4Numbered MRU=1496

           label[1]=26406 protocol=6(ISIS)

2  10.20.1.4  rtt=1220323ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1496

           label[1]=26606 protocol=6(ISIS)

3  10.20.1.6  rtt=1220324ms rc=3(EgressRtr) rsc=1

The following is an output example for LSP-TRACE on DUT-A for target node SID of DUT-F (DDMAP TLV):

*A:Dut-A# oam lsp-trace sr-isis prefix 10.20.1.6/32 igp-instance 0 downstream-map-tlv ddmap detail

lsp-trace to 10.20.1.6/32: 0 hops min, 0 hops max, 108 byte packets

1  10.20.1.2  rtt=1220323ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.4.4 ifaddr=10.10.4.4 iftype=ipv4Numbered MRU=1496

           label[1]=26406 protocol=6(ISIS)

2  10.20.1.4  rtt=1220324ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1496

           label[1]=26606 protocol=6(ISIS)

3  10.20.1.6  rtt=1220324ms rc=3(EgressRtr) rsc=1

3.1.7.3. Operation on SR-TE LSP

The following operations apply to lsp-ping and lsp-trace.

1. The sender node builds a target FEC Stack TLV that contains FEC elements.
   For lsp-ping, the Target FEC Stack TLV contains a single FEC element that corresponds to the last segment; that is, a node SID or an adjacency SID of the destination of the SR-TE LSP.
   For lsp-trace, the Target FEC Stack TLV contains a FEC element for each node SID and for each adjacency SID in the path of the SR-TE LSP, including that of the destination of the SR-TE LSP.
2. A node SID label popped at an LSR results in a return code of 3 “Replying router is an egress for the FEC at stack-depth <RSC>”.
   An adjacency SID label popped at an LSR results in a return code of 3, “Replying router is an egress for the FEC at stack-depth <RSC>”.
3. A node SID label that is swapped at an LSR results in the return code of 8, "Label switched at stack-depth <RSC>" per RFC 8029, Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures.
   An adjacency SID label that is swapped at an LSR results in the return code of 8, "Label switched at stack-depth <RSC>" per RFC 8029; for example, in SR OS, “rc=8(DSRtrMatchLabel) rsc=1”.
4. The lsp-trace command is supported with the inclusion of the DSMAP TLV, the DDMAP TLV, or none (when none is configured, no Map TLV is sent). The downstream interface information is returned along with the egress label for the node SID tunnel or the adjacency SID tunnel of the current segment as well as the protocol which resolved the tunnel at the responder node.
5. When the Target FEC Stack TLV contains more than one FEC element, the responder node that is the termination of one node or adjacency SID segment SID pops its own SID in the first operation. When the sender node receives this reply, it adjusts the Target FEC Stack TLV by stripping the top FEC before sending the probe for the next TTL value. When the responder node receives the next echo request message with the same TTL value from the sender node for the next node SID or adjacency SID segment in the stack, it performs a swap operation to that next segment.
6. When the path of the SR-TE LSP is computed by the sender node, the hop-to-label translation tool returns the IGP instance that was used to determine the labels for each hop of the path. When the path of an SR-TE LSP is computed by a PCE, the protocol ID is not returned in the SR-ERO by PCEP. In this case, the sender node performs a lookup in the SR module for the IGP instance that resolved the first segment of the path. In both cases, the determined IGP is used to encode the Protocol ID field of the node SID or adjacency SID in each of the FEC elements of a Target FEC Stack TLV.
7. The responder node performs validation of the top FEC in the Target FEC Stack TLV, provided that the depth of the incoming label stack in the packet’s header is higher than the depth of the Target FEC Stack TLV.
8. TTL values can be changed.
   The ttl value in lsp-ping can be set to a value lower than 255 and the responder node replies if the FEC element in the Target FEC Stack TLV corresponds to a node SID resolved at that node. The responder node, however, fails the validation if the FEC element in the Target FEC Stack TLV is the adjacency of a remote node. The return code in the echo reply message can be one of: “rc=4(NoFECMapping)” or “rc=10(DSRtrUnmatchLabel)”.
   The min-ttl and max-ttl values in lsp-trace can be set to values other than default. The minimum TTL value can, however, properly trace the partial path of an SR-TE LSP only if there is no segment termination before the node that corresponds to the minimum TTL value. Otherwise, it fails validation and returns an error as the responder node would receive a target FEC stack depth that is higher than the incoming label stack size. The return code in the echo reply message can be one of: “rc=4(NoFECMapping)”, “rc=5(DSMappingMismatched)”, or “rc=10(DSRtrUnmatchLabel)”.
   This is true when the downstream-map-tlv option is set to any of the ddmap, dsmap, or none values.

The following are sample outputs for lsp-ping and lsp-trace for some SR-TE LSPs. The first one uses a path with strict hops, each corresponding to an adjacency SID, while the second one uses a path with loose hops, each corresponding to a node SID. Assume the topology shown in Figure 30.

Figure 30:  Testing MPLS OAM with SR-TE LSP 

Example 1

The following is an output example for LSP-PING and LSP-TRACE on DUT-A for strict-hop adjacency SID SR-TE LSP, where:

1. source = DUT-A
2. destination = DUT-F
3. path = A-B, B-C, C-E, E-D, D-F

*A:Dut-A# oam lsp-ping sr-te "srteABCEDF" detail

LSP-PING srteABCEDF: 96 bytes MPLS payload

Seq=1, send from intf int_to_B, reply from 10.20.1.6

       udp-data-len=32 ttl=255 rtt=1220325ms rc=3 (EgressRtr)

---- LSP srteABCEDF PING Statistics ----

1 packets sent, 1 packets received, 0.00% packet loss

round-trip min = 1220325ms, avg = 1220325ms, max = 1220325ms, stddev = 0.000ms

*A:Dut-A# oam lsp-trace sr-te "srteABCEDF" downstream-map-tlv ddmap detail

lsp-trace to srteABCEDF: 0 hops min, 0 hops max, 252 byte packets

1  10.20.1.2  rtt=1220323ms rc=3(EgressRtr) rsc=5

1  10.20.1.2  rtt=1220322ms rc=8(DSRtrMatchLabel) rsc=4

     DS 1: ipaddr=10.10.33.3 ifaddr=10.10.33.3 iftype=ipv4Numbered MRU=1520

           label[1]=3 protocol=6(ISIS)

           label[2]=262135 protocol=6(ISIS)

           label[3]=262134 protocol=6(ISIS)

           label[4]=262137 protocol=6(ISIS)

2  10.20.1.3  rtt=1220323ms rc=3(EgressRtr) rsc=4

2  10.20.1.3  rtt=1220323ms rc=8(DSRtrMatchLabel) rsc=3

     DS 1: ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496

           label[1]=3 protocol=6(ISIS)

           label[2]=262134 protocol=6(ISIS)

           label[3]=262137 protocol=6(ISIS)

3  10.20.1.5  rtt=1220325ms rc=3(EgressRtr) rsc=3

3  10.20.1.5  rtt=1220325ms rc=8(DSRtrMatchLabel) rsc=2

     DS 1: ipaddr=10.10.11.4 ifaddr=10.10.11.4 iftype=ipv4Numbered MRU=1496

           label[1]=3 protocol=6(ISIS)

           label[2]=262137 protocol=6(ISIS)

4  10.20.1.4  rtt=1220324ms rc=3(EgressRtr) rsc=2

4  10.20.1.4  rtt=1220325ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1496

           label[1]=3 protocol=6(ISIS)

5  10.20.1.6  rtt=1220325ms rc=3(EgressRtr) rsc=1

Example 2

The following is an output example for LSP-PING and LSP-TRACE on DUT-A for loose-hop Node SID SR-TE LSP, where:

1. source = DUT-A
2. destination = DUT-F
3. path = A, B, C, E

*A:Dut-A# oam lsp-ping sr-te "srteABCE_loose" detail

LSP-PING srteABCE_loose: 80 bytes MPLS payload

Seq=1, send from intf int_to_B, reply from 10.20.1.5

       udp-data-len=32 ttl=255 rtt=1220324ms rc=3 (EgressRtr)

---- LSP srteABCE_loose PING Statistics ----

1 packets sent, 1 packets received, 0.00% packet loss

round-trip min = 1220324ms, avg = 1220324ms, max = 1220324ms, stddev = 0.000ms

*A:Dut-A# oam lsp-trace sr-te "srteABCE_loose" downstream-map-tlv ddmap detail

lsp-trace to srteABCE_loose: 0 hops min, 0 hops max, 140 byte packets

1  10.20.1.2  rtt=1220323ms rc=3(EgressRtr) rsc=3

1  10.20.1.2  rtt=1220322ms rc=8(DSRtrMatchLabel) rsc=2

     DS 1: ipaddr=10.10.3.3 ifaddr=10.10.3.3 iftype=ipv4Numbered MRU=1496

           label[1]=26303 protocol=6(ISIS)

           label[2]=26305 protocol=6(ISIS)

     DS 2: ipaddr=10.10.12.3 ifaddr=10.10.12.3 iftype=ipv4Numbered MRU=1496

           label[1]=26303 protocol=6(ISIS)

           label[2]=26305 protocol=6(ISIS)

     DS 3: ipaddr=10.10.33.3 ifaddr=10.10.33.3 iftype=ipv4Numbered MRU=1496

           label[1]=26303 protocol=6(ISIS)

           label[2]=26305 protocol=6(ISIS)

2  10.20.1.3  rtt=1220323ms rc=3(EgressRtr) rsc=2

2  10.20.1.3  rtt=1220323ms rc=8(DSRtrMatchLabel) rsc=1

     DS 1: ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496

           label[1]=26505 protocol=6(ISIS)

     DS 2: ipaddr=10.10.11.5 ifaddr=10.10.11.5 iftype=ipv4Numbered MRU=1496

           label[1]=26505 protocol=6(ISIS)

3  10.20.1.5  rtt=1220324ms rc=3(EgressRtr) rsc=1

3.1.7.5. Operation on a BGP IPv4 LSP Resolved Over an SR-ISIS IPv4 Tunnel, SR-OSPF IPv4 Tunnel, or SR-TE IPv4 LSP

SR OS enhances lsp-ping and lsp-trace of a BGP IPv4 LSP resolved over an SR-ISIS IPv4 tunnel, an SR-OSPF IPv4 tunnel, or an SR-TE IPv4 LSP. The SR OS enhancement reports the full set of ECMP next-hops for the transport tunnel at both ingress PE and at the ABR or ASBR. The list of downstream next-hops is reported in the DSMAP or DDMAP TLV.

When the user initiates an lsp-trace of the BGP IPv4 LSP with the path-destination option specified, the CPM hash code, at the responder node, selects the outgoing interface to be returned in DSMAP or DDMAP. This decision is based on the modulo operation of the hash value on the label stack or the IP headers (where the DST IP is replaced by the specific 127/8 prefix address in the multipath type 8 field of the DSMAP or DDMAP) of the echo request message and the number of outgoing interfaces in the ECMP set.

Figure 31 depicts a sample topology used in the subsequent BGP over SR-OSPF, BGP over SR-TE (OSPF), BGP over SR-ISIS, and BGP over SR-TE (ISIS) examples.

Figure 31:  Sample Topology for BGP over SR-OSPF, SR-TE (OSPF), SR-ISIS, and SR-TE (ISIS) 

The following are sample outputs of the lsp-trace command for a hierarchical tunnel consisting of a BGP IPv4 LSP resolved over an SR-ISIS IPv4 tunnel, an SR-OSPF IPv4 tunnel, or an SR-TE IPv4 LSP.

BGP over SR-OSPF example output:

*A:Dut-A# oam lsp-trace bgp-label prefix 11.21.1.6/32 detail downstream-map-tlv ddmap path-destination 127.1.1. 

lsp-trace to 11.21.1.6/32: 0 hops min, 0 hops max, 168 byte packets

1  10.20.1.3  rtt=2.31ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496 

           label[1]=27506 protocol=5(OSPF)

           label[2]=262137 protocol=2(BGP)

     DS 2: ipaddr=10.10.11.4 ifaddr=10.10.11.4 iftype=ipv4Numbered MRU=1496 

           label[1]=27406 protocol=5(OSPF)

           label[2]=262137 protocol=2(BGP)

     DS 3: ipaddr=10.10.11.5 ifaddr=10.10.11.5 iftype=ipv4Numbered MRU=1496 

           label[1]=27506 protocol=5(OSPF)

           label[2]=262137 protocol=2(BGP)

2   10.20.1.4  rtt=4.91ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1492 

           label[1]=27606 protocol=5(OSPF)

           label[2]=262137 protocol=2(BGP)

3  10.20.1.6  rtt=4.73ms rc=3(EgressRtr) rsc=2 

3  10.20.1.6  rtt=5.44ms rc=3(EgressRtr) rsc=1 

*A:Dut-A# 

BGP over SR-TE (OSPF) example output:

*A:Dut-A# oam lsp-trace bgp-label prefix 11.21.1.6/32 detail downstream-map-tlv ddmap path-destination 127.1.1.1 

lsp-trace to 11.21.1.6/32: 0 hops min, 0 hops max, 236 byte packets

1  10.20.1.2  rtt=2.13ms rc=3(EgressRtr) rsc=4 

1  10.20.1.2  rtt=1.79ms rc=8(DSRtrMatchLabel) rsc=3 

     DS 1: ipaddr=10.10.4.4 ifaddr=10.10.4.4 iftype=ipv4Numbered MRU=1492 

           label[1]=3 protocol=5(OSPF)

           label[2]=262104 protocol=5(OSPF)

           label[3]=262139 protocol=2(BGP)

2  10.20.1.4  rtt=3.24ms rc=3(EgressRtr) rsc=3 

2  10.20.1.4  rtt=4.46ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1492 

           label[1]=3 protocol=5(OSPF)

           label[2]=262139 protocol=2(BGP)

3  10.20.1.6  rtt=6.24ms rc=3(EgressRtr) rsc=2 

3  10.20.1.6  rtt=6.18ms rc=3(EgressRtr) rsc=1 

*A:Dut-A# 

BGP over SR-ISIS example output:

A:Dut-A# oam lsp-trace bgp-label prefix 11.21.1.6/32 detail downstream-map-tlv ddmap path-destination 127.1.1.1 

lsp-trace to 11.21.1.6/32: 0 hops min, 0 hops max, 168 byte packets

1  10.20.1.3  rtt=3.33ms rc=8(DSRtrMatchLabel) rsc=2 

    DS 1:  ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496 

           label[1]=28506 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

     DS 2: ipaddr=10.10.11.4 ifaddr=10.10.11.4 iftype=ipv4Numbered MRU=1496 

           label[1]=28406 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

     DS 3: ipaddr=10.10.11.5 ifaddr=10.10.11.5 iftype=ipv4Numbered MRU=1496 

           label[1]=28506 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

2  10.20.1.4  rtt=5.12ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1492 

           label[1]=28606 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

3  10.20.1.6  rtt=8.41ms rc=3(EgressRtr) rsc=2 

3  10.20.1.6  rtt=6.93ms rc=3(EgressRtr) rsc=1 

BGP over SR-TE (ISIS) example output:

*A:Dut-A# oam lsp-trace bgp-label prefix 11.21.1.6/32 detail downstream-map-tlv ddmap path-destination 127.1.1.1 

lsp-trace to 11.21.1.6/32: 0 hops min, 0 hops max, 248 byte packets

1  10.20.1.2  rtt=2.60ms rc=3(EgressRtr) rsc=4 

1  10.20.1.2  rtt=2.29ms rc=8(DSRtrMatchLabel) rsc=3 

     DS 1: ipaddr=10.10.4.4 ifaddr=10.10.4.4 iftype=ipv4Numbered MRU=1492 

           label[1]=3 protocol=6(ISIS)

           label[2]=262094 protocol=6(ISIS)

           label[3]=262139 protocol=2(BGP)

2  10.20.1.4  rtt=4.04ms rc=3(EgressRtr) rsc=3 

2  10.20.1.4  rtt=4.38ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.9.6 ifaddr=10.10.9.6 iftype=ipv4Numbered MRU=1492 

           label[1]=3 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

3  10.20.1.6  rtt=6.64ms rc=3(EgressRtr) rsc=2 

3  10.20.1.6  rtt=5.94ms rc=3(EgressRtr) rsc=1

Assuming the topology in Figure 32 has the addition of an External Border Gateway Protocol (eBGP) peering between nodes B and C, the BGP IPv4 LSP spans the AS boundary and resolves to an SR-ISIS tunnel or an SR-TE LSP within each AS.

Figure 32:  Sample Topology for BGP Over SR-ISIS in Inter-AS Option C and BGP Over SR-TE (ISIS) in Inter-AS Option C 

BGP over SR-ISIS in inter-AS option C example output:

*A:Dut-A# oam lsp-trace bgp-label prefix 11.20.1.6/32 src-ip-address 11.20.1.1 detail downstream-map-tlv ddmap path-destination 127.1.1.1 

lsp-trace to 11.20.1.6/32: 0 hops min, 0 hops max, 168 byte packets

1  10.20.1.2  rtt=2.69ms rc=3(EgressRtr) rsc=2 

1  10.20.1.2  rtt=3.15ms rc=8(DSRtrMatchLabel) rsc=1 

     DS 1: ipaddr=10.10.3.3 ifaddr=10.10.3.3 iftype=ipv4Numbered MRU=0 

           label[1]=262127 protocol=2(BGP)

2  10.20.1.3  rtt=5.26ms rc=15(LabelSwitchedWithFecChange) rsc=1 

     DS 1: ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496 

           label[1]=26506 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

           fecchange[1]=PUSH fectype=SR Ipv4 Prefix prefix=10.20.1.6 remotepeer=10.10.5.5 

3  10.20.1.5  rtt=7.08ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.10.6 ifaddr=10.10.10.6 iftype=ipv4Numbered MRU=1496 

           label[1]=26606 protocol=6(ISIS)

       label[2]=262139 protocol=2(BGP)

4  10.20.1.6  rtt=9.41ms rc=3(EgressRtr) rsc=2 

4  10.20.1.6  rtt=9.53ms rc=3(EgressRtr) rsc=1

BGP over SR-TE (ISIS) in inter-AS option C example output:

*A:Dut-A# oam lsp-trace bgp-label prefix 11.20.1.6/32 src-ip-address 11.20.1.1 detail downstream-map-tlv ddmap path-destination 127.1.1.1 

lsp-trace to 11.20.1.6/32: 0 hops min, 0 hops max, 168 byte packets

1  10.20.1.2  rtt=2.77ms rc=3(EgressRtr) rsc=2 

1  10.20.1.2  rtt=2.92ms rc=8(DSRtrMatchLabel) rsc=1 

     DS 1: ipaddr=10.10.3.3 ifaddr=10.10.3.3 iftype=ipv4Numbered MRU=0 

           label[1]=262127 protocol=2(BGP)

2  10.20.1.3  rtt=4.82ms rc=15(LabelSwitchedWithFecChange) rsc=1 

     DS 1: ipaddr=10.10.5.5 ifaddr=10.10.5.5 iftype=ipv4Numbered MRU=1496 

           label[1]=26505 protocol=6(ISIS)

           label[2]=26506 protocol=6(ISIS)

           label[3]=262139 protocol=2(BGP)

           fecchange[1]=PUSH fectype=SR Ipv4 Prefix prefix=10.20.1.6            remotepeer=0.0.0.0 (Unknown)

           fecchange[2]=PUSH fectype=SR Ipv4 Prefix prefix=10.20.1.5            remotepeer=10.10.5.5 

3  10.20.1.5  rtt=7.10ms rc=3(EgressRtr) rsc=3 

3  10.20.1.5  rtt=7.45ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.10.6 ifaddr=10.10.10.6 iftype=ipv4Numbered MRU=1496 

           label[1]=26606 protocol=6(ISIS)

           label[2]=262139 protocol=2(BGP)

4  10.20.1.6  rtt=9.23ms  c=3(EgressRtr) rsc=2 

4  10.20.1.6  rtt=9.46ms rc=3(EgressRtr) rsc=1 

*A:Dut-A

3.1.7.6. Operation on an SR-ISIS IPv4 Tunnel, IPv6 Tunnel, or SR-OSPF IPv4 Tunnel Resolved Over IGP IPv4 Shortcuts Using RSVP-TE LSPs

When IGP shortcut is enabled in an IS-IS or an OSPF instance and the family SRv4 or SRv6 is set to resolve over RSVP-TE LSPs, a hierarchical tunnel is created whereby an SR-ISIS IPv4 tunnel, an SR-ISIS IPv6 tunnel, or an SR-OSPF tunnel resolves over the IGP IPv4 shortcuts using RSVP-TE LSPs.

The following sample outputs are of the lsp-trace command for a hierarchical tunnel consisting of an SR-ISIS IPv4 tunnel and an SR-OSPF IPv4 tunnel, resolving over an IGP IPv4 shortcut using a RSVP-TE LSP.

The topology, as shown in Figure 33, is used for the following SR-ISIS over RSVP-TE and SR-OSPF over RSVP-TE example outputs.

Figure 33:  Sample Topology for SR-ISIS Over RSVP-TE and SR-OSPF Over RSVP-TE 

SR-ISIS over RSVP-TE example output:

*A:Dut-F# oam lsp-trace sr-isis prefix 10.20.1.1/32 detail path-destination 127.1.1.1 igp-instance 1 

lsp-trace to 10.20.1.1/32: 0 hops min, 0 hops max, 180 byte packets

1  10.20.1.4  rtt=5.05ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.4.2 ifaddr=10.10.4.2 iftype=ipv4Numbered MRU=1500 

           label[1]=262121 protocol=4(RSVP-TE)

           label[2]=28101 protocol=6(ISIS)

2  10.20.1.2  rtt=5.56ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.1.1 ifaddr=10.10.1.1 iftype=ipv4Numbered MRU=1500 

           label[1]=262124 protocol=4(RSVP-TE)

           label[2]=28101 protocol=6(ISIS)

3  10.20.1.1  rtt=7.30ms rc=3(EgressRtr) rsc=2 

3  10.20.1.1  rtt=5.40ms rc=3(EgressRtr) rsc=1 

*A:Dut-F#

SR-OSPF over RSVP-TE example output:

*A:Dut-F# oam lsp-trace sr-ospf prefix 10.20.1.1/32 detail path-destination 127.1.1.1 igp-instance 2 

lsp-trace to 10.20.1.1/32: 0 hops min, 0 hops max, 180 byte packets

1  10.20.1.4  rtt=3.24ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.4.2 ifaddr=10.10.4.2 iftype=ipv4Numbered MRU=1500 

           label[1]=262125 protocol=4(RSVP-TE)

           label[2]=27101 protocol=5(OSPF)

2  10.20.1.2  rtt=5.77ms rc=8(DSRtrMatchLabel) rsc=2

     DS 1: ipaddr=10.10.1.1 ifaddr=10.10.1.1 iftype=ipv4Numbered MRU=1500 

           label[1]=262124 protocol=4(RSVP-TE)

           label[2]=27101 protocol=5(OSPF)

3  10.20.1.1  rtt=7.19ms rc=3(EgressRtr) rsc=2 

3  10.20.1.1  rtt=8.41ms rc=3(EgressRtr) rsc=1 

3.1.7.7. Operation on an LDP IPv4 FEC Resolved Over IGP IPv4 Shortcuts Using SR-TE LSPs

When IGP shortcut is enabled in an IS-IS or an OSPF instance and the family IPv4 is set to resolve over SR-TE LSPs, a hierarchical tunnel is created whereby an LDP IPv4 FEC resolves over the IGP IPv4 shortcuts using SR-TE LSPs.

The following are sample outputs of the lsp-trace command for a hierarchical tunnel consisting of a LDP IPv4 FEC resolving over a IGP IPv4 shortcut using a SR-TE LSP.

The topology, as shown in Figure 34, is used for the following LDP over SR-TE (ISIS) and LDP over SR-TE (OSPF) example outputs.

Figure 34:  Sample Topology for LDP Over SR-TE (ISIS) and LDP Over SR-TE (OSPF) 

LDP over SR-TE (ISIS) example output:

*A:Dut-F# oam lsp-trace prefix 10.20.1.1/32 detail path-destination 127.1.1.1  

lsp-trace to 10.20.1.1/32: 0 hops min, 0 hops max, 184 byte packets

1  10.20.1.4  rtt=2.33ms rc=8(DSRtrMatchLabel) rsc=3 

     DS 1: ipaddr=10.10.4.2 ifaddr=10.10.4.2 iftype=ipv4Numbered MRU=1492 

           label[1]=28202 protocol=6(ISIS)

           label[2]=28201 protocol=6(ISIS)

           label[3]=262138 protocol=3(LDP)

2  10.20.1.2  rtt=6.39m rc=3(EgressRtr) rsc=3

2  10.20.1.2  rtt=7.29ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.1.1 ifaddr=10.10.1.1 iftype=ipv4Numbered MRU=1492

           label[1]=28101 protocol=6(ISIS)

           label[2]=262138 protocol=3(LDP)

3  10.20.1.1  rtt=8.34m rc=3(EgressRtr) rsc=2 

3  10.20.1.1  rtt=9.37ms rc=3(EgressRtr) rsc=1

 

*A:Dut-F# oam lsp-ping prefix 10.20.1.1/32 detail 

LSP-PING 10.20.1.1/32: 80 bytes MPLS payload

Seq=1, send from intf int_to_D, reply from 10.20.1.1

     udp-data-len=32 ttl=255 rtt=8.21ms rc=3 (EgressRtr)

---- LSP 10.20.1.1/32 PING Statistics ----

1 packets sent, 1 packets received, 0.00% packet loss

round-trip mi = 8.21ms, avg = 8.21ms, max = 8.21ms, stddev = 0.000ms

===============================================================================

LDP Bindings (IPv4 LSR ID 10.20.1.6)

             (IPv6 LSR ID fc00::a14:106)

===============================================================================

Label Status:

        U - Label In Use, N - Label Not In Use, W - Label Withdrawn

        WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route

        e - Label ELC

FEC Flags:

        LF - Lower FEC, UF - Upper FEC, M - Community Mismatch, BA - ASBR Backup FEC

===============================================================================

LDP IPv4 Prefix Bindings

===============================================================================

Prefix                                      IngLbl                    EgrLbl

Peer                                        EgrIntf/LspId             

EgrNextHop                                                            

-------------------------------------------------------------------------------

10.20.1.1/32                                  --                      262138

10.20.1.1:0                                 LspId 655467              

10.20.1.1                                                             

                                                                       

10.20.1.1/32                                262070U                   262040

10.20.1.3:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262070U                   --

10.20.1.4:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262070U                   262091

10.20.1.5:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                  --                      262138

fc00::a14:101[0]                              --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262070U                   262040

fc00::a14:103[0]                              --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262070U                   262091

fc00::a14:105[0]                              --                      

  --                                                                  

                                                                       

-------------------------------------------------------------------------------

No. of IPv4 Prefix Bindings: 7

===============================================================================

 

 

 

LDP over SR-TE (OSPF) example output:

*A:Dut-F# oam lsp-trace prefix 10.20.1.1/32 detail path-destination 127.1.1.1 

lsp-trace to 10.20.1.1/32: 0 hops min, 0 hops max, 184 byte packets

1  10.20.1.4  rtt=2.73ms rc=8(DSRtrMatchLabel) rsc=3 

     DS 1: ipaddr=10.10.4.2 ifaddr=10.10.4.2 iftype=ipv4Numbered MRU=1492 

           label[1]=27202 protocol=5(OSPF)

           label[2]=27201 protocol=5(OSPF)

           label[3]=262143 protocol=3(LDP)

2  10.20.1.2  rtt=6.77ms rc=3(EgressRtr) rsc=3 

2  10.20.1.2  rtt=6.75ms rc=8(DSRtrMatchLabel) rsc=2 

     DS 1: ipaddr=10.10.1.1 ifaddr=10.10.1.1 iftype=ipv4Numbered MRU=1492 

           label[1]=27101 protocol=5(OSPF)

           label[2]=262143 protocol=3(LDP)

3  10.20.1.1  rtt=7.10ms rc=3(EgressRtr) rsc=2 

3  10.20.1.1  rtt=7.53ms rc=3(EgressRtr) rsc=1 

 

*A:Dut-F# oam lsp-ping prefix 10.20.1.1/32 detail 

LSP-PING 10.20.1.1/32: 80 bytes MPLS payload

Seq=1, send from intf int_to_D, reply from 10.20.1.1

       udp-data-len=32 ttl=255 rtt=8.09ms rc=3 (EgressRtr)

 

---- LSP 10.20.1.1/32 PING Statistics ----

1 packets sent, 1 packets received, 0.00% packet loss

round-trip min = 8.09ms, avg = 8.09ms, max = 8.09ms, stddev = 0.000ms

 

===============================================================================

LDP Bindings (IPv4 LSR ID 10.20.1.6)

             (IPv6 LSR ID fc00::a14:106)

===============================================================================

Label Status:

        U - Label In Use, N - Label Not In Use, W - Label Withdrawn

        WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route

        e - Label ELC

FEC Flags:

        LF - Lower FEC, UF - Upper FEC, M - Community Mismatch, BA - ASBR Backup FEC

===============================================================================

LDP IPv4 Prefix Bindings

===============================================================================

Prefix                                      IngLbl                    EgrLbl

Peer                                        EgrIntf/LspId             

EgrNextHop                                                            

-------------------------------------------------------------------------------

10.20.1.1/32                                  --                      262143

10.20.1.1:0                                 LspId 655467              

10.20.1.1                                                             

                                                                       

10.20.1.1/32                                262089U                   262135

10.20.1.3:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262089U                     --

10.20.1.4:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262089U                   262129

10.20.1.5:0                                   --                      

  --                                                                  

                                                                       

10.20.1.1/32                                  --                      262143

fc00::a14:101[0]                              --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262089U                   262135

fc00::a14:103[0]                              --                      

  --                                                                  

                                                                       

10.20.1.1/32                                262089U                   262129

fc00::a14:105[0]                              --                      

  --                                                                  

                                                                       

-------------------------------------------------------------------------------

No. of IPv4 Prefix Bindings: 7

===============================================================================

3.1.8. MPLS OAM Support in IPv4 or IPv6 SR Policies

This feature extends the support of lsp-ping, lsp-trace, and ICMP tunneling probes to IPv4 and IPv6 SR policies.

This feature describes the CLI options for lsp-ping and lsp-trace commands under the OAM and SAA contexts for the following type of Segment Routing tunnel: sr-policy.

The CLI does not require entry of the SR policy head-end parameter that corresponds to the IPv4 address of the router where the static SR policy is configured or where the BGP NRLRI of the SR policy is sent to by a controller or another BGP speaker. SR OS expects its IPv4 system address in the head-end parameter of both the IPv4 and IPv6 SR policy NLRIs, otherwise SR OS does not import the NRLI.

The source IPv4 or IPv6 address can be specified to encode in the Echo Request message of the LSP ping or LSP trace packet.

The endpoint command specifies the endpoint of the policy and which can consist of an IPv4 address, and therefore matching to a SR policy in the IPv4 tunnel-table, or an IPv6 address and therefore matching to a SR policy in the IPv6 tunnel-table.

The color command must correspond to the SR policy color attribute that is configured locally in the case of a static policy instance or signaled in the NLRI of the BGP signaled SR policy instance.

The endpoint and color commands test the active path (or instance) of the identified SR policy only.

The lsp-ping and lsp-trace commands can test one segment list at a time by specifying one segment list of the active instance of the policy or active candidate path. In this case, the segment-list id command is configured or segment list 1 is tested by default. The segment-list ID corresponds to the same index that was used to save the SR policy instance in the SR policy database. In the case of a static SR policy, the segment-list ID matches the segment list index entered in the configuration. In both the static and the BGP SR policies, the segment-list ID matches the index displayed for the segment list in the output of the show command of the policies.

The exercised segment list corresponds to a single SR-TE path with its own NHLFE or super NHLFE in the data path.

The ICMP tunneling feature support with SR policy is described in ICMP-Tunneling Operation and does not require additional CLI commands.

3.1.9. Segment Routing IPv6 (SRv6) OAM

The network setup illustrated in Figure 35 shows an example configuration of segment routing using SRv6 that is discussed in this section. See the 7750 SR and 7950 XRS Segment Routing and PCE User Guide for further information about the SRv6 feature.

Figure 35:  SRv6 OAM Network Setup 

As shown in Figure 35, the network administrator originates an ICMP ping or a UDP traceroute probe on node R1 to test the path of an SRv6 locator of node D, an SRv6 segment identifier (SID) owned by node D, or an IP prefix resolved to an SRv6 tunnel towards node D. R1 is referred to as the sender node. Node D is referred to as the target node because it owns the target locator or SID that is being tested. In general, a target node can be any router in the SRv6 network domain which either owns the target locator or SID, or a router in which the OAM probe was extracted due to matching a local route or due to the value of the hop-limit field setting in the packet.

The primary path to D is through R2 and R4. The link-protect TI-LFA backup path is through R3 as a PQ node and then R2 and R4.

The classic ping and traceroute OAM CLI commands are used to test an IPv4 or IPv6 prefix in a virtual routing and forwarding (VRF) table or in the base router table when resolved to an SRv6 tunnel, for example:

ping address [detail] [source ip-address]

traceroute address [detail] source ip-address]

The same CLI commands are used to test the address of an SRv6 locator or a SID. In this case, the user enters the IPv6 address of the target locator prefix or the target SID.

The source address encoded in the outer IPv6 header of the ping or traceroute packet is derived from the following steps, in ascending order:

3.1.9.1. Ping or Traceroute of SRv6 Remote Locator or Remote SID (End, End.X, End.DT4, End.DT6, End.DT46)

The features in this section comply to draft-ietf-6man-spring-srv6-oam, Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 Data plane (SRv6).

3.1.9.1.1. Ingress PE Router (Sender Node) Behavior

The packet is encoded with a destination address set to the remote locator prefix or the specific remote SID, and the next-header field is ICMPv6 (for ping’s Echo request message) or UDP (for traceroute).The packet is encapsulated as shown in Figure 36. When the Topology-Independent Loop-Free Alternate (TI-LFA) or Remote LFA repair tunnel is activated, the LFA segment routing header (LFA SRH) is also pushed on the encapsulation of the SRv6 tunnel to the node D.

Figure 36:  Packet Encapsulation for Ping or Traceroute of a Remote Locator/SID 

The outer IPv6 header hop-limit field is set according to the operation of the probe. For ping, the hop limit uses the default 254 or a user-entered value.

For traceroute, the hop limit is incrementally increased using one of the following:

1. from 1 until the packet reaches the egress PE
2. from the configured minimum value to the maximum value or until the packet reaches the egress PE

The ingress PE looks up the prefix of the locator or SID in the routing table and if a route exists, it forwards the packet to the next hop. The ingress PE does not check if the target SID or locator has been received in ISIS or BGP.

3.1.9.1.2. Transit P Router Behavior

ICMP ping and UDP traceroute operate similarly to any data or OAM IPv6 packet when expiring (the value in the hop-limit field is equal to or less than 1) at a transit SRv6 node, whether or not this node is a SID termination.

The data path at the ingress network interface where the packet is received extracts the packet to the CPM.

The CPM originates a TTL expiry ICMP reply message Type: "Time Exceeded", Code: "Time to Live exceeded in Transit".

The CPM sends the reply to the SRv6 router whose address is encoded in the SA field of the outer IPv6 header in the received packet. The source address is set to the system IPv6 address if configured or the address of the interface used to forward the packet to the next hop.

When the expired packet is a UDP traceroute, meaning that the next-header field is set to protocol UDP, and the UDP port range matches that of the UDP traceroute probe, the target node copies into the payload of the reply message the leading bytes (up to 128 bytes) in the received packet encapsulation, and include the outer IPv6 header and the SRH, if any.

When the hop-limit field value is higher than 1, the packet is processed in the data path similar to how any SRv6 user data packet is processed in the transit router. See the 7750 SR and 7950 XRS Segment Routing and PCE User Guide for further information.

3.1.9.1.3. Egress PE Router (Target Node) Behavior

The data path in the ingress network port in the destination router that owns the target SID extracts the packet to CPM.

A UDP traceroute packet is extracted based on the hop-limit field value of 1 before the route lookup.

An ICMP ping packet is extracted after the route lookup matches a FIB entry of a local locator, End, or End.X SID.

The CPM checks that the target locator or SID address matches a local entry. This means that the locator or SID has either been configured manually by the user or it has been auto-allocated by the locator module for use by IS-IS or BGP.

A match on the locator requires an exact match on the locator field and that both the function and argument fields be zero.

A match on a SID requires both the locator and function fields to match. The argument field is not checked.

When a match on a local locator or SID exists, the CPM replies with the following:

1. an ICMPv6 echo reply message in the case of ICMPv6 Ping.
   The source address of the packet is set to the address in the DA field of the packet of the received echo request message.
2. an ICMPv6 message (Type: “Destination unreachable”, Code: “Port Unreachable”) in the case of UDP traceroute.
   The source address is set to the system IPv6 address if configured or the address of the interface used to forward the packet to the next hop.
   The target node copies into the payload of the reply message the leading bytes (up to 128 bytes) in the received packet encapsulation, and which include the outer IPv6 header and the SRH if any

The responder node copies into the payload of the reply message the leading bytes (up to 128 bytes) in the received packet encapsulation, and including the outer IPv6 header and the SRH, if any.

Figure 37 and Figure 38 illustrate the packet encapsulation from ingress PE to egress PE for both the primary path and the backup path. For the backup path, both the PSP and USP types of the LFA SRH are shown.

Figure 37:  End-to-End Packet Encapsulation for Ping or Traceroute of a Remote Locator or SID (1) 

Figure 38:  End-to-End Packet Encapsulation for Ping or Traceroute of a Remote Locator or SID (2) 

3.1.9.1.4. Ping or Traceroute of an IPv4 or IPv6 VRF Prefix Resolved to an SRv6 Tunnel

This feature implements the existing behavior of a ping or a traceroute packet, originated at the ingress PE node, for a prefix resolved to a SRv6 tunnel.If the OAM ping or traceroute packet is received from the CE router and expires (hop- limit field value equal to or less than 1), the ingress PE node responds as per current behavior. If the packet does not expire (hop-limit field value greater than 1), it is forwarded over the SRv6 tunnel as a data path packet.

3.1.9.1.4.1. Ingress PE Router (Sender Node) Behavior

The CPM originated ping/traceroute packet is encoded with DA set to End.DT4, End.DT6, or End.DT46 SID and the next-header field set to IPv6 (IPv6 VRF prefix) or to IPv4 (IPv4 VRF prefix). The next-header field of the inner IPv6 header is set to ICMPv6 (for ping) or to UDP (for traceroute).

The packet is encapsulated as shown in Figure 39. The LFA SRH is also shown in the packet encapsulation of the SRv6 tunnel to node D when the TI-LFA or Remote LFA repair tunnel is activated.

Figure 39:  Packet Encapsulation for Ping or Traceroute of a VRF IPv6 Prefix over an SRv6 Tunnel 

The outer IPv6 header hop-limit field is set to the default value 254.

3.1.9.1.4.2. Transit P Router Behavior

The packet is processed in the data path, like any SRv6 user-data packet, by the transit router. See the 7750 SR and 7950 XRS Segment Routing and PCE User Guide for further information.

3.1.9.1.4.3. Egress PE Router Behavior

At the target node, if the packet matches a local locator prefix entry in the FIB and the payload type is either IPv4 or IPv6, then it is handed to the SRv6 Forwarding Path Extension (FPE).

The egress data path of the SRv6 FPE removes the SRv6 headers and passes the inner IPv6 packet to the ingress data path which performs regular exception handling for an ICMP ping or a UDP traceroute packet.

3.1.9.1.5. Ping or Traceroute of an IPv4 or IPv6 Global Routing Instance Prefix Resolved to an SRv6 Tunnel

This behavior acts the same as described in Ping or Traceroute of an IPv4 or IPv6 VRF Prefix Resolved to an SRv6 Tunnel.

3.1.10. LDP Tree Trace: End-to-End Testing of Paths in an LDP ECMP Network

Figure 40 shows an IP/MPLS network which uses LDP ECMP for network resilience. Faults that are detected through IGP or LDP are corrected as soon as IGP and LDP re-converge. The impacted traffic is forwarded on the next available ECMP path as determined by the hash routine at the node that had a link failure.

Figure 40:  Network Resilience Using LDP ECMP 

However, there are faults which the IGP/LDP control planes may not detect. These faults may be due to a corruption of the control plane state or of the data plane state in a node. Although these faults are very rare and mostly due to misconfiguration, the LDP Tree Trace OAM feature is intended to detect these “silent” data plane and control plane faults. For example, it is possible that the forwarding plane of a node has a corrupt Next Hop Label Forwarding Entry (NHLFE) and keeps forwarding packets over an ECMP path only to have the downstream node discard them. This data plane fault can only be detected by an OAM tool that can test all possible end-to-end paths between the ingress LER and the egress LER. A corruption of the NHLFE entry can also result from a corruption in the control plane at that node.

3.1.11. LDP ECMP Tree Building

When the LDP tree trace feature is enabled, the ingress LER builds the ECMP tree for a given FEC (egress LER) by sending LSP trace messages and including the LDP IPv4 Prefix FEC TLV as well as the downstream mapping TLV. In order to build the ECMP tree, the router LER inserts an IP address range drawn from the 127/8 space. When received by the downstream LSR, it uses this range to determine which ECMP path is exercised by any IP address or a sub-range of addresses within that range based on its internal hash routine. When the MPLS echo reply is received by the router LER, it records this information and proceed with the next echo request message targeted for a node downstream of the first LSR node along one of the ECMP paths. The sub-range of IP addresses indicated in the initial reply are used since the objective is to have the LSR downstream of the router LER pass this message to its downstream node along the first ECMP path.

The following figure illustrates the behavior through the following example adapted from RFC 8029:

LSR A has two downstream LSRs, B and F, for PE2 FEC. PE1 receives an echo reply from A with the Multipath Type set to 4, with low/high IP addresses of 127.1.1.1->127.1.1.255 for downstream LSR B and 127.2.1.1->127.2.1.255 for downstream LSR F. PE1 reflects this information to LSR B. B, which has three downstream LSRs, C, D, and E, computes that 127.1.1.1->127.1.1.127 would go to C and 127.1.1.128-> 127.1.1.255 would go to D. B would then respond with 3 Downstream Mappings: to C, with Multipath Type 4 (127.1.1.1->127.1.1.127); to D, with Multipath Type 4 (127.1.1.127->127.1.1.255); and to E, with Multipath Type 0.

The router supports multipath type 0 and 8, and up to a maximum of 36 bytes for the multipath length and supports the LER part of the LDP ECMP tree building feature.

A user configurable parameter sets the frequency of running the tree trace capability. The minimum and default value is 60 minutes and the increment is 1 hour.

The router LER gets the list of FECs from the LDP FEC database. New FECs are added to the discovery list at the next tree trace and not when they are learned and added into the FEC database. The maximum number of FECs to be discovered with the tree building feature is limited to 500. The user can configure FECs to exclude the use of a policy profile.

3.1.12. Periodic Path Exercising

The periodic path exercising capability of the LDP tree trace feature runs in the background to test the LDP ECMP paths discovered by the tree building capability. The probe used is an LSP ping message with an IP address drawn from the sub-range of 127/8 addresses indicated by the output of the tree trace for this FEC.

The periodic LSP ping messages continuously probes an ECMP path at a user configurable rate of at least 1 message per minute. This is the minimum and default value. The increment is 1 minute. If an interface is down on a router LER, then LSP ping probes that normally go out this interface are not sent.

The LSP ping routine updates the content of the MPLS echo request message, specifically the IP address, as soon as the LDP ECMP tree trace has output the results of a new computation for the path in question.

3.1.13. LSP Ping for RSVP P2MP LSP (P2MP)

The P2MP LSP ping complies to RFC 6425, Detecting Data Plane Failures in Point-to-Multipoint Multiprotocol Label Switching (MPLS) - Extensions to LSP Ping.

An LSP ping can be generated by entering the following OAM command:

The echo request message is sent on the active P2MP instance and is replicated in the data path over all branches of the P2MP LSP instance. By default, all egress LER nodes which are leaves of the P2MP LSP instance replies to the echo request message.

The user can reduce the scope of the echo reply messages by explicitly entering a list of addresses for the egress LER nodes that are required to reply. A maximum of 5 addresses can be specified in a single execution of the p2mp-lsp-ping command. If all 5 egress LER nodes are router nodes, they can parse the list of egress LER addresses and reply. RFC 6425 specifies that only the top address in the P2MP egress identifier TLV must be inspected by an egress LER. When interoperating with other implementations, the router egress LER responds if its address is anywhere in the list. Furthermore, if another vendor implementation is the egress LER, only the egress LER matching the top address in the TLV may respond.

If the user enters the same egress LER address more than once in a single p2mp-lsp-ping command, the head-end node displays a response to a single one and displays a single error warning message for the duplicate ones. When queried over SNMP, the head-end node issues a single response trap and issues no trap for the duplicates.

The timeout parameter should be set to the time it would take to get a response from all probed leaves under no failure conditions. For that purpose, its range extends to 120 seconds for a p2mp-lsp-ping from a 10 second lsp-ping for P2P LSP. The default value is 10 seconds.

The router head-end node displays a “Send_Fail” error when a specific S2L path is down only if the user explicitly listed the address of the egress LER for this S2L in the ping command.

Similarly, the router head-end node displays the timeout error when no response is received for an S2L after the expiry of the timeout timer only if the user explicitly listed the address of the egress LER for this S2L in the ping command.

The user can configure a specific value of the ttl parameter to force the echo request message to expire on a router branch node or a bud LSR node. The latter replies with a downstream mapping TLV for each branch of the P2MP LSP in the echo reply message. Note that a maximum of 16 downstream mapping TLVs can be included in a single echo reply message. It also sets the multipath type to zero in each downstream mapping TLV and not include any egress address information for the reachable egress LER nodes for this P2MP LSP.

If the router ingress LER node receives the new multipath type field with the list of egress LER addresses in an echo reply message from another vendor implementation, it ignores but not cause an error in processing the downstream mapping TLV.

If the ping expires at an LSR node which is performing a re-merge or cross-over operation in the data path between two or more ILMs of the same P2MP LSP, there is an echo reply message for each copy of the echo request message received by this node.

The output of the command without the detail parameter specified provides a high-level summary of error codes and/or success codes received.

The output of the command with the detail parameter specified shows a line for each replying node as in the output of the LSP ping for a P2P LSP.

The display is delayed until all responses are received or the timer configured in the timeout parameter expired. No other CLI commands can be entered while waiting for the display. A control-C (^C) command aborts the ping operation.

For more information about P2MP refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide.

3.1.14. LSP Trace for RSVP P2MP LSP

The P2MP LSP trace complies to RFC 6425. An LSP trace can be generated by entering the following OAM command:

The LSP trace capability allows the user to trace the path of a single S2L path of a P2MP LSP. Its operation is similar to that of the p2mp-lsp-ping command but the sender of the echo reply request message includes the downstream mapping TLV to request the downstream branch information from a branch LSR or bud LSR. The branch LSR or bud LSR then also includes the downstream mapping TLV to report the information about the downstream branches of the P2MP LSP. An egress LER does not include this TLV in the echo response message.

The probe-count parameter operates in the same way as in LSP trace on a P2P LSP. It represents the maximum number of probes sent per TTL value before giving up on receiving the echo reply message. If a response is received from the traced node before reaching maximum number of probes, then no more probes are sent for the same TTL. The sender of the echo request then increments the TTL and uses the information it received in the downstream mapping TLV to start sending probes to the node downstream of the last node which replied. This continues until the egress LER for the traced S2L path replied.

Since the command traces a single S2L path, the timeout and interval parameters keep the same value range as in LSP trace for a P2P LSP.

The P2MP LSP Trace makes use of the Downstream Detailed Mapping (DDMAP) TLV. The following excerpt from RFC 6424 details the format of the new DDMAP TLV entered in the path-destination belongs to one of the possible outgoing interface of the FEC.

The Downstream Detailed Mapping TLV format is derived from the Downstream Mapping (DSMAP) TLV format. The key change is that variable length and optional fields have been converted into sub-TLVs. The fields have the same use and meaning as in RFC 8029.

Similar to p2mp-lsp-ping, an LSP trace probe results on all egress LER nodes eventually receiving the echo request message but only the traced egress LER node replies to the last probe.

Also any branch LSR node or bud LSR node in the P2MP LSP tree may receive a copy of the echo request message with the TTL in the outer label expiring at this node. However, only a branch LSR or bud LSR which has a downstream branch over which the traced egress LER is reachable must respond.

When a branch LSR or BUD LSR node responds to the sender of the echo request message, it sets the global return code in the echo response message to RC=14 - "See DDMAP TLV for Return Code and Return Sub-Code" and the return code in the DDMAP TLV corresponding to the outgoing interface of the branch used by the traced S2L path to RC=8 - "Label switched at stack-depth <RSC>".

Since a single egress LER address, for example an S2L path, can be traced, the branch LSR or bud LSR node sets the multipath type of zero in the downstream mapping TLV in the echo response message as no egress LER address need to be included.

3.1.15. Tunneling of ICMP Reply Packets over MPLS LSP

This feature enables the tunneling of ICMP reply packets over MPLS LSP at an LSR node as per RFC 3032. At an LSR node, including an ABR, ASBR, or data path Router Reflector (RR) node, the user enables the ICMP tunneling feature globally on the system using the config>router>icmp-tunneling command.

This feature supports tunneling ICMP replies to a UDP traceroute message. It does not support tunneling replies to an icmp ping message. The LSR part of this feature consists of crafting the reply ICMP packet of type=11- 'time exceeded', with a source address set to a local address of the LSR node, and appending the IP header and leading payload octets of the original datagram. The system skips the lookup of the source address of the sender of the label TTL expiry packet, which becomes the destination address of the ICMP reply packet. Instead, CPM injects the ICMP reply packet in the forward direction of the MPLS LSP the label TTL expiry packet was received from. The TTL of pushed labels should be set to 255.

The source address of the ICMP reply packet is determined as follows:

When the packet is received by the egress LER, it performs a regular user packet lookup in the data path in the GRT context for BGP shortcut, 6PE, and BGP label route prefixes, or in VPRN context for VPRN and 6VPE prefixes. It then forwards it to the destination, which is the sender of the original packet which TTL expired at the LSR.

If the egress LER does not have a route to the destination of the ICMP packet, it drops the packets.

The rate of the tunneled ICMP replies at the LSR can be directly or indirectly controlled by the existing IOM level and CPM levels mechanisms. Specifically, the rate of the incoming UDP traceroute packets received with a label stack can be controlled at ingress IOM using the distributed CPU protection feature. The rate of the ICMP replies by CPM can also be directly controlled by configuring a system wide rate limit for packets ICMP replies to MPLS expired packets which are successfully forwarded to CPM using the command 'configure system security vprn-network-exceptions'. Note that while this command's name refers to VPRN service, this feature rate limits ICMP replies for packets received with any label stack, including VPRN and shortcuts.

The 7450 ESS, 7750 SR and 7950 XRS router implementation supports appending to the ICMP reply of type Time Exceeded the MPLS label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination unreachable.

The new MPLS Label Stack object permits an LSR to include label stack information including label value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR node. The ICMP message continues to include the IP header and leading payload octets of the original datagram.

In order to include the MPLS Label Stack object, the SR OS implementation adds support of RFC 4884, Extended ICMP to Support Multi-Part Messages, which defines extensions for a multi-part ICMPv4/v6 message of type Time Exceeded. Section 5 of RFC 4884 defines backward compatibility of the new ICMP message with extension header with prior standard and proprietary extension headers.

In order to guarantee interoperability with third party implementations deployed in customer networks, the router implementation is able to parse in the receive side all possible encapsulations formats as defined in Section 5 of RFC 4884. Specifically:

The new MPLS Label Stack object permits an LSR to include label stack information including label value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR node. The ICMP message continues to include the IP header and leading payload octets of the original datagram.

In the transmit side, when the MPLS Label Stack object is added as an extension to the ICMP reply message, it is appended to the message immediately following the "original datagram" field taken from the payload of the received traceroute packet. The size of the appended "original datagram" field contains exactly 128 octets. If the original datagram did not contain 128 octets, the "original datagram" field is zero padded to 128 octets.

For sample output of the traceroute OAM tool when the ICMP tunneling feature is enabled see, Traceroute with ICMP Tunneling In Common Applications.

3.1.16. QoS Handling of Tunneled ICMP Reply Packets

When the ICMP reply packet is generated in CPM, its FC is set by default to NC1 with the corresponding default ToS byte value of 0xC0. The DSCP value can be changed by configuring a different value for an ICMP application under the config>router>sgt-qos icmp context.

When the packet is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to its CPM assigned FC and profile parameter values. The marking of the packet's EXP is dictated by the {FC, profile}-to-EXP mapping in the network QoS policy configured on the outgoing network interface. The ToS byte, and DSCP value for that matter, assigned by CPM are not modified by the IOM.

3.1.17. Summary of UDP Traceroute Behavior With and Without ICMP Tunneling

At a high level, the major difference in the behavior of the UDP traceroute when ICMP tunneling is enabled at an LSR node is that the LSR node tunnels the ICMP reply packet towards the egress of the LSP without looking up the traceroute sender's address. When ICMP tunneling is disabled, the LSR looks it up and replies if the sender is reachable. However there are additional differences in the two behaviors and they are summarized in the following.

In the presence of ECMP, CPM generated UDP traceroute packets are not sprayed over multiple ECMP next-hops. The first outgoing interface is selected. In addition, a LSR ICMP reply to a UDP traceroute is also forwarded over the first outgoing interface regardless if ICMP tunneling is enabled or not. When ICMP tunneling is enabled, it means the packet is tunneled over the first downstream interface for the LSP when multiple next-hops exist (LDP FEC or BGP label route). In all cases, the ICMP reply packet uses the outgoing interface address as the source address of the reply packet.

3.1.18. SDP Diagnostics

The router SDP diagnostics are SDP ping and SDP MTU path discovery.

3.1.19. SDP Ping

SDP ping performs in-band unidirectional or round-trip connectivity tests on SDPs. The SDP ping OAM packets are sent in-band, in the tunnel encapsulation, so it follows the same path as traffic within the service. The SDP ping response can be received out-of-band in the control plane, or in-band using the data plane for a round-trip test.

For a unidirectional test, SDP ping tests:

For a round-trip test, SDP ping uses a local egress SDP ID and an expected remote SDP ID. Since SDPs are unidirectional tunnels, the remote SDP ID must be specified and must exist as a configured SDP ID on the far-end router SDP round trip testing is an extension of SDP connectivity testing with the additional ability to test:

3.1.20. SDP MTU Path Discovery

In a large network, network devices can support a variety of packet sizes that are transmitted across its interfaces. This capability is referred to as the Maximum Transmission Unit (MTU) of network interfaces. It is important to understand the MTU of the entire path end-to-end when provisioning services, especially for virtual leased line (VLL) services where the service must support the ability to transmit the largest customer packet.

The Path MTU discovery tool provides a powerful tool that enables service provider to get the exact MTU supported by the network's physical links between the service ingress and service termination points (accurate to one byte).

3.1.21. Service Diagnostics

Nokia’s Service ping feature provides end-to-end connectivity testing for an individual service. Service ping operates at a higher level than the SDP diagnostics in that it verifies an individual service and not the collection of services carried within an SDP.

Service ping is initiated from a router to verify round-trip connectivity and delay to the far-end of the service. Nokia’s implementation functions for both GRE and MPLS tunnels and tests the following from edge-to-edge:

3.1.22. VPLS MAC Diagnostics

While the LSP ping, SDP ping and service ping tools enable transport tunnel testing and verify whether the correct transport tunnel is used, they do not provide the means to test the learning and forwarding functions on a per-VPLS-service basis.

It is conceivable, that while tunnels are operational and correctly bound to a service, an incorrect Forwarding Database (FDB) table for a service could cause connectivity issues in the service and not be detected by the ping tools. Nokia has developed VPLS OAM functionality to specifically test all the critical functions on a per-service basis. These tools are based primarily on the IETF document draft-stokes-vkompella-ppvpn-hvpls-oam-xx.txt, Testing Hierarchical Virtual Private LAN Services.

The VPLS OAM tools are:

3.1.23. MAC Ping

For a MAC ping test, the destination MAC address (unicast or multicast) to be tested must be specified. A MAC ping packet is sent through the data plane. The ping packet goes out with the data plane format.

In the data plane, a MAC ping is sent with a VC label TTL of 255. This packet traverses each hop using forwarding plane information for next hop, VC label, and so on. The VC label is swapped at each service-aware hop, and the VC TTL is decremented. If the VC TTL is decremented to 0, the packet is passed up to the management plane for processing. If the packet reaches an egress node, and would be forwarded out a customer facing port, it is identified by the OAM label below the VC label and passed to the management plane.

MAC pings are flooded when they are unknown at an intermediate node. They are responded to only by the egress nodes that have mappings for that MAC address.

3.1.24. MAC Trace

A MAC trace functions like an LSP trace with some variations. Operations in a MAC trace are triggered when the VC TTL is decremented to 0.

Like a MAC ping, a MAC trace is sent using the data plane.

When a traceroute request is sent via the data plane, the data plane format is used. The reply can be via the data plane or the control plane.

A data plane MAC traceroute request includes the tunnel encapsulation, the VC label, and the OAM, followed by an Ethernet DLC, a UDP, and IP header. If the mapping for the MAC address is known at the sender, the data plane request is sent down the known SDP with the appropriate tunnel encapsulation and VC label. If the mapping is not known, it is sent down every SDP (with the appropriate tunnel encapsulation per SDP and appropriate egress VC label per SDP binding).

The tunnel encapsulation TTL is set to 255. The VC label TTL is initially set to the min-ttl (default is 1). The OAM label TTL is set to 2. The destination IP address is the all-routers multicast address. The source IP address is the system IP of the sender.

The destination UDP port is the LSP ping port. The source UDP port is whatever the system provides (this source UDP port is the demultiplexer that identifies the particular instance that sent the request, when correlating the reply).

The Reply Mode is either 3 (that is, reply using the control plane) or 4 (that is, reply through the data plane), depending on the reply-control option. By default, the data plane request is sent with Reply Mode 3 (control plane reply).

The Ethernet DLC header source MAC address is set to either the system MAC address (if no source MAC is specified) or to the specified source MAC. The destination MAC address is set to the specified destination MAC. The EtherType is set to IP.

3.1.25. CPE Ping

The Nokia-specific CPE ping function provides a common approach to determine if a destination IPv4 address can be resolved to a MAC address beyond the Layer 2 PE, in the direction of the CPE. The function is supported for both VPLS and Epipe services and on a number of different connection types. The service type determines the packet format for network connection transmissions. The transmission of the packet from a PE egressing an access connection is a standard ARP packet. This allows for next-hop resolution for even unmanaged service elements. In many cases, responses to ICMP echo requests are restricted to trusted network segments only; however, ARP packets are typically processed.

If the ARP response is processed on a local SAP connection on the same node from which the command was executed, the detailed SAP information is returned as part of the display function. If the response is not local, the format of the display depends on the service type.

The VPLS service construct is multipoint by nature, and simply returning a positive response to a reachability request would not supply enough information. For this reason, VPLS service CPE ping requests use the Nokia-specific MAC ping packet format. Execution of the CPE ping command generates a MAC ping packet using a broadcast Layer 2 address on all non-access ports. This packet allows for more information about the location of the target. A positive result displays the IP address of the Layer 2 PE and SAP information for the target location.

Each PE, including the local PE, that receives a MAC ping proxies an ARP request on behalf of the original source, as part of the CPE ping function. If a response is received for the ARP request, the Layer 2 PE processes the request, translates the ARP response, and responds back to the initial source with the appropriate MAC ping response and fields.

The MAC ping OAM tool makes it possible to detect whether a particular IPv4 address and MAC address have been learned in a VPLS, and on which SAP the target was found.

The Epipe service construction is that of cross-connection, and returning a positive response to a reachability request is an acceptable approach. For this reason, Epipe service CPE ping requests use standard ARP requests and proxy ARP processing. A positive result displays remote-SAP for any non-local responses. Since Epipe services are point-to-point, the path towards the remote SAP for the service should already be understood.

Nokia recommends that a source IP address of all zeros (0.0.0.0) is used, which prevents the exposure of the provider IP address to the CPE.

The CPE ping function requires symmetrical data paths for proper functionality. Issues may arise when the request egresses a PE and the response arrives on a related but different PE. When dealing with asymmetrical paths, the return-control option may be used to bypass some of the asymmetrical path issues. Asymmetrical paths can be common in all active multi-homing solutions.

For all applications except basic VPLS services (SAP and SDP bindings without a PBB context), CPE ping functionality requires minimum FP2-based hardware for all connections that may be involved in the transmission or processing of the proxy function.

This approach should only be considered for unmanaged solutions where standard Ethernet CFM (ETH-CFM) functions cannot be deployed. ETH-CFM has a robust set of fault and performance functions that are purpose-built for Ethernet services and transport.

Connection types used to support VPLS and Epipes include SAPs, SDP bindings, B-VPLS, BGP-AD, BGP-VPWS, BGP-VPLS, and MPLS-EVPN.

3.1.26. CPE Ping for PBB Epipe

CPE ping has been supported for VPLS services since Release 3.0 of SR OS. It enables the connectivity of the access circuit between a VPLS PE and a CPE to be tested, even if the CPE is unmanaged and, therefore, the service provider cannot run standardized Ethernet OAM to the CPE. The command cpe-ping for a specific destination IP address within a VPLS is translated into a mac-ping towards a broadcast MAC address. All destinations within the VPLS context are reached by this ping to the broadcast MAC address. At all these destinations, an ARP is triggered for the specific IP address (with the IP destination address equal to the address from the request, mac-da equal to all ones, mac-sa equal to the CPM-mac-address and the IP source address, which is the address found in the request). The destination receiving a response replies back to the requester.

Release 10.0 extended the CPE ping command for local, distributed, and PBB Epipe services provisioned over a PBB VPLS. CPE ping for Epipe implements an alternative behavior to CPE ping for VPLS that enables fate sharing of the CPE ping request with the Epipe service. Any PE within the Epipe service (the source PE) can launch the CPE ping. The source PE builds an ARP request and encapsulates it to be sent in the Epipe as if it came from a customer device by using its chassis MAC as the source MAC address. The ARP request then egresses the remote PE device as any other packets on the Epipe. The remote CPE device responds to the ARP and the reply is transparently sent on the Epipe towards the source PE. The source PE then looks for a match on its chassis MAC in the inner customer DA. If a match is found, the source PE device intercepts this response packet.

This method is supported regardless of whether the network uses SDPs or SAPs. It is configured using the existing oam>cpe-ping CLI command.

Note: This feature does not support IPv6 CPEs.

3.1.27. MAC Populate

MAC populate is used to send a message through the flooding domain to learn a MAC address as if a customer packet with that source MAC address had flooded the domain from that ingress point in the service. This allows the provider to craft a learning history and engineer packets in a particular way to test forwarding plane correctness.

The MAC populate request is sent with a VC TTL of 1, which means that it is received at the forwarding plane at the first hop and passed directly up to the management plane. The packet is then responded to by populating the MAC address in the forwarding plane, similar to a conventional learn, although the MAC is an OAM-type MAC in the FDB to distinguish it from customer MAC addresses.

This packet is then taken by the control plane and flooded out the flooding domain (squelching, appropriately, the sender and other paths that would be squelched in a typical flood).

This controlled population of the FDB is very important to manage the expected results of an OAM test. The same functions are available by sending the OAM packet as a UDP/IP OAM packet. It is then forwarded to each hop and the management plane has to do the flooding.

Options for MAC populate are to force the MAC in the table to type OAM (in case it already existed as dynamic or static or an OAM-induced learning with some other binding). This prevents new dynamic learning from overwriting the existing OAM MAC entry, to allow customer packets with this MAC to either ingress or egress the network, while still using the OAM MAC entry.

Finally, an option to flood the MAC populate request causes each upstream node to learn the MAC, populate the local FDB with an OAM MAC entry, and to flood the request along the data plane using the flooding domain.

An age can be provided to age a particular OAM MAC after a different interval than other MACs in a FDB.

3.1.28. MAC Purge

MAC purge is used to clear the FDBs of any learned information for a particular MAC address. This allows one to do a controlled OAM test without learning induced by customer packets. In addition to clearing the FDB of a particular MAC address, the purge can also indicate to the control plane not to allow further learning from customer packets. This allows the FDB to be clean, and be populated only via a MAC Populate.

MAC purge follows the same flooding mechanism as the MAC populate.

3.1.29. VLL Diagnostics

3.1.30. VCCV Ping

VCCV ping is used to check connectivity of a VLL in-band. It checks that the destination (target) PE is the egress for the Layer 2 FEC. It provides a cross-check between the data plane and the control plane. It is in-band, meaning that the VCCV ping message is sent using the same encapsulation and along the same path as user packets in that VLL. This is equivalent to the LSP ping for a VLL service. VCCV ping reuses an LSP ping message format and can be used to test a VLL configured over an MPLS and GRE SDP.

3.1.30.1. VCCV-Ping Application

VCCV effectively creates an IP control channel within the pseudowire between PE1 and PE2. PE2 should be able to distinguish on the receive side VCCV control messages from user packets on that VLL. There are three possible methods of encapsulating a VCCV message in a VLL which translates into three types of control channels:

1. Use of a Router Alert Label immediately above the VC label. This method has the drawback that if ECMP is applied to the outer LSP label (for example, transport label), the VCCV message does not follow the same path as the user packets. This effectively means it does not troubleshoot the appropriate path. This method is supported by the 7450 ESS, 7750 SR, and 7950 XRS routers.
2. Use of the OAM control word as shown:

                                                           

      0                   1                   2                   3

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      |0 0 0 1| FmtID |   Reserved    |         Channel Type          |

      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The first nibble is set to 0x1. The Format ID and the reserved fields are set to 0 and the channel type is the code point associated with the VCCV IP control channel as specified in the PWE3 IANA registry (RFC 4446). The channel type value of 0x21 indicates that the Associated Channel carries an IPv4 packet.

The use of the OAM control word assumes that the draft-martini control word is also used on the user packets. This means that if the control word is optional for a VLL and is not configured, the PE node only advertises the router alert label as the CC capability in the Label Mapping message. This method is supported by the 7450 ESS, 7750 SR and 7950 XRS routers.

1. Set the TTL in the VC label to 1 to force PE2 control plane to process the VCCV message. This method is not guaranteed to work under all circumstances. For instance, the draft mentions some implementations of penultimate hop popping overwrite the TTL field. This method is not supported by the 7450 ESS, 7750 SR, and 7950 XRS routers.

When sending the label mapping message for the VLL, PE1 and PE2 must indicate which of the above OAM packet encapsulation methods (for example, which control channel type) they support. This is accomplished by including an optional VCCV TLV in the pseudowire FEC Interface Parameter field. The format of the VCCV TLV is shown below:

0                   1                   2                   3

   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   |      0x0c     |       0x04    |   CC Types    |   CV Types    |

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Note that the absence of the optional VCCV TLV in the Interface parameters field of the pseudowire FEC indicates the PE has no VCCV capability.

The Control Channel (CC) Type field is a bitmask used to indicate if the PE supports none, one, or many control channel types.

1. 0x00 None of the following VCCV control channel types are supported
2. 0x01 PWE3 OAM control word
3. 0x02 MPLS Router Alert Label
4. 0x04 MPLS inner label TTL = 1

If both PE nodes support more than one of the CC types, then the router PE uses of the one with the lowest type value. For instance, OAM control word is used in preference to the MPLS router alert label.

The Connectivity Verification (CV) bitmask field is used to indicate the specific type of VCCV packets to be sent over the VCCV control channel. The valid values are:

0x00 None of the below VCCV packet type are supported.

0x01 icmp ping. Not applicable to a VLL over a MPLS or GRE SDP and as such is not supported by the 7450 ESS, 7750 SR, and 7950 XRS routers.

0x02 LSP ping. This is used in VCCV ping application and applies to a VLL over an MPLS or a GRE SDP. This is supported by the 7450 ESS, 7750 SR, and 7950 XRS routers.

A VCCV ping is an LSP echo request message as defined in RFC 8029. It contains an L2 FEC stack TLV which must include within the sub-TLV type 10 “FEC 128 Pseudowire”. It also contains a field which indicates to the destination PE which reply mode to use. There are four reply modes defined in RFC 8029:

Reply mode, meaning:

1. Do not reply. This mode is supported by the routers.
2. Reply via an IPv4/IPv6 UDP packet. This mode is supported by the routers.
3. Reply with an IPv4/IPv6 UDP packet with a router alert. This mode sets the router alert bit in the IP header and is not be confused with the CC type which makes use of the router alert label. This mode is not supported by the routers.
4. Reply via application level control channel. This mode sends the reply message inband over the pseudowire from PE2 to PE1. PE2 encapsulates the Echo Reply message using the CC type negotiated with PE1. This mode is supported by the routers.

The reply is an LSP echo reply message as defined in RFC 8029. The message is sent as per the reply mode requested by PE1. The return codes supported are the same as those supported in the router LSP ping capability.

The VCCV ping feature is in addition to the service ping OAM feature which can be used to test a service between router nodes. The VCCV ping feature can test connectivity of a VLL with any third party node which is compliant to RFC 5085.

Figure 41:  VCCV-Ping Application 

3.1.30.2. VCCV Ping in a Multi-Segment Pseudowire

Figure 42 shows an example of an application of VCCV ping over a multi-segment pseudowire.

Pseudowire switching is a method for scaling a large network of VLL or VPLS services by removing the need for a full mesh of T-LDP sessions between the PE nodes as the number of these nodes grow over time. Pseudowire switching is also used whenever there is a need to deploy a VLL service across two separate routing domains.

In the network, a Termination PE (T-PE) is where the pseudowire originates and terminates. The Switching PE (S-PE) is the node which performs pseudowire switching by cross-connecting two spoke SDPs.

VCCV ping is extended to be able to perform the following OAM function:

1. VCCV ping to a destination PE. A VLL FEC ping is a message sent by T-PE1 to test the FEC at T-PE2. The operation at T-PE1 and T-PE2 is the same as in the case of a single-segment pseudowire. The pseudowire switching node, S-PE1, pops the outer label, swaps the inner (VC) label, decrements the TTL of the VC label, and pushes a new outer label. The PE1 node does not process the VCCV OAM Control Word unless the VC label TTL expires. In that case, the message is sent to the CPM for further validation and processing. This is the method described in draft-hart-pwe3-segmented-pw-vccv.

Note that the originator of the VCCV ping message does not need to be a T-PE node; it can be an S-PE node. The destination of the VCCV ping message can also be an S-PE node.

VCCV trace to trace the entire path of a pseudowire with a single command issued at the T-PE. This is equivalent to LSP trace and is an iterative process by which T-PE1 sends successive VCCV ping messages while incrementing the TTL value, starting from TTL=1. The procedure for each iteration is the same as above and each node in which the VC label TTL expires checks the FEC and replies with the FEC to the downstream S-PE or T-PE node. The process is terminated when the reply is from T-PE2 or when a timeout occurs.

Figure 42:  VCCV Ping over a Multi-Segment Pseudowire 

3.1.31. Automated VCCV-Trace Capability for MS-Pseudowire

Although tracing of the MS-pseudowire path is possible using the methods explained in previous sections, these require multiple manual iterations and that the FEC of the last pseudowire segment to the target T-PE/S-PE be known a priori at the node originating the echo request message for each iteration. This mode of operation is referred to as a “ping” mode.

The automated VCCV-trace can trace the entire path of a pseudowire with a single command issued at the T-PE or at an S-PE. This is equivalent to LSP-trace and is an iterative process by which the ingress T-PE or T-PE sends successive VCCV-ping messages with incrementing the TTL value, starting from TTL=1.

The method is described in draft-hart-pwe3-segmented-pw-vccv, VCCV Extensions for Segmented Pseudo-Wire, and is pending acceptance by the PWE3 working group. In each iteration, the source T-PE or S-PE builds the MPLS echo request message in a way similar to VCCV Ping. The first message with TTL=1 has the next-hop S-PE T-LDP session source address in the Remote PE Address field in the pseudowire FEC TLV. Each S-PE which terminates and processes the message includes in the MPLS echo reply message the FEC 128 TLV corresponding the pseudowire segment to its downstream node. The inclusion of the FEC TLV in the echo reply message is allowed in RFC 8029. The source T-PE or S-PE can then build the next echo reply message with TTL=2 to test the next-next hop for the MS-pseudowire. It copies the FEC TLV it received in the echo reply message into the new echo request message. The process is terminated when the reply is from the egress T-PE or when a timeout occurs. If specified, the max-ttl parameter in the vccv-trace command stops on S-PE before reaching T-PE.

The results VCCV-trace can be displayed for a fewer number of pseudowire segments of the end-to-end MS-pseudowire path. In this case, the min-ttl and max-ttl parameters are configured accordingly. However, the T-PE/S-PE node still probes all hops up to min-ttl in order to correctly build the FEC of the desired subset of segments.

Note that this method does not require the use of the downstream mapping TLV in the echo request and echo reply messages.

3.1.32. IGMP Snooping Diagnostics

3.1.33. MFIB Ping

The multicast forwarding information base (MFIB) ping OAM tool allows to easily verify inside a VPLS which SAPs would normally egress a certain multicast stream. The multicast stream is identified by a source unicast and destination multicast IP address, which are mandatory when issuing an MFIB ping command.

An MFIB ping packet is sent through the data plane and goes out with the data plane format containing a configurable VC label TTL. This packet traverses each hop using forwarding plane information for next hop, VC label, and so on. The VC label is swapped at each service-aware hop, and the VC TTL is decremented. If the VC TTL is decremented to 0, the packet is passed up to the management plane for processing. If the packet reaches an egress node, and would be forwarded out a customer facing port (SAP), it is identified by the OAM label below the VC label and passed to the management plane.

3.1.34. ATM Diagnostics

ATM Diagnostics applies to the 7450 ESS and 7750 SR only.

The ATM OAM ping allows operators to test VC-integrity and endpoint connectivity for existing PVCCs using OAM loopback capabilities.

If portId:vpi/vci PVCC does not exist, a PVCC is administratively disabled, or there is already a ping executing on this PVCC, then this command returns an error.

Because oam atm-ping is a dynamic operation, the configuration is not preserved. The number of oam atm-ping operations that can be performed simultaneously on a 7750 SR or 7450 ESS is configurable as part of the general OAM MIB configuration.

An operator can specify the following options when performing an oam atm-ping:

The result of ATM ping shows if the ping to a given location was successful. It also shows the round-trip time the ping took to complete (from the time the ping was injected in the ATM SAR device until the time the ping response was given to S/W by the ATM SAR device) and the average ping time for successful attempts up to the given ping response.

An OAM ATM ping in progress times out if a PVCC goes to the operational status down as result of a network failure, an administrative action, or if a PVCC gets deleted. Any subsequent ping attempts fails until the VC’s operational state changes to up.

To stop a ping in progress, an operator can enter “CTRL – C”. This stops any outstanding ping requests and returns a ping result up to the point of interruption (a ping in progress during the above stop request fails).

3.1.35. MPLS-TP On-Demand OAM Commands

Ping and Trace tools for PWs and LSPs are supported with both IP encapsulation and the MPLS-TP on demand CV channel for non-IP encapsulation (0x025).

3.1.36. MPLS-TP Pseudowires: VCCV-Ping/VCCV-Trace

The 7450 ESS, 7750 SR, and 7950 XRS routers support VCCV Ping and VCCV Trace on single segment PWs and multi-segment PWs where every segment has static labels and a configured MPLS-TP PW Path ID. It also supports VCCV Ping and Trace on MS-PWs here a static MPLS-TP PW segment is switched to a dynamic T-LDP signaled segment.

Static MS-PW PWs are referred to with the sub-type static in the vccv-ping and vccv-trace command. This indicates to the system that the rest of the command contains parameters that are applied to a static PW with a static PW FEC.

Two ACH channel types are supported: the IPv4 ACH channel type, and the non-IP ACH channel type (0x0025). This is known as the non-ip associated channel. This is the default for type static. The Generic ACH Label (GAL) is not supported for PWs.

If the IPv4 associated channel is specified, then the IPv4 channel type is used (0x0021). In this case, a destination IP address in the 127/8 range is used, while the source address in the UDP/IP packet is set to the system IP address, or may be explicitly configured by the user with the src-ip-address option. This option is only valid if the ipv4 control-channel is specified.

The reply mode is always assumed to be the same application level control channel type for type static.

As with other PW types, the downstream mapping and detailed downstream mapping TLVs (DSMAP/DDMAP TLVs) are not supported on static MPLS-TP PWs.

The follow CLI command description shows the options that are only allowed if the type static option is configured. All other options are blocked.

vccv-ping static sdp-id:vc-id [target-fec-type pw-id-fec sender-src-address ip-addr remote-dst-address ip-address pw-id pw-id pw-type pw-type] [dest-global-id global-id dest-node-id node-id] [assoc-channel ipv4 | non-ip] [fc fc-name [profile {in | out}]] [size octets] [count send-count] [timeout timeout] [interval interval] [ttl vc-label-ttl] [src-ip-address ip-addr]

vccv-trace static sdp-id:vc-id [assoc-channel ipv4 | non-ip] [src-ip-address ipv4-address] [target-fec-type pw-id sender-src-address ip-address remote-dst-address ip-address pw-id pw-id pw-type pw-type] [detail] [fc fc-name [profile in | out]] [interval interval-value] [max-fail no-response-count] [max-ttl max-vc-label-ttl] [min-ttl min-vc-label-ttl] [probe-count probe-count] [size octets] [timeout timeout-value]

If the spoke SDP referred to by the sdp-id:vc-id has an MPLS-TP PW-Path-ID defined, then those parameters are used to populate the static PW TLV in the target FEC stack of the vccv-ping or vccv-trace packet. If a Global-ID and Node-ID is specified in the command, then these values are used to populate the destination node TLV in the vccv-ping or vccv-trace packet.

The global-id/node-id are only used as the target node identifiers if the vccv-ping is not end-to-end (for example, a TTL is specified in the vccv-ping or trace command and it is < 255), otherwise the value in the PW Path ID is used. For vccv-ping, the dest-node-id may be entered as a 4-octet IP address <a.b.c.d> or 32-bit integer <1 to 4294967295>. For vccv-trace, the destination node-id and global-id are taken form the spoke SDP context.

The same command syntax is applicable for SAA tests configured under configure saa test a type.

3.1.37. MPLS-TP LSPs: LSP-Ping/LSP Trace

For lsp-ping and lsp-trace commands:

The following commands are only valid if the sub-type static option is configured, implying that the lsp-name refers to an MPLS-TP tunnel LSP:

path-type. Values: active, working, protect. Default: active.

dest-global-id <global-id> dest-node-id <node-id>: Default: to global-id:node-id from the LSP ID.

assoc-channel: If this is set to none, then IP encapsulation over an LSP is used with a destination address in the 127/8 range. If this is set to ipv4, then IPv4 encapsulation in a G-ACh over an LSP is used with a destination address in the 127/8 range The source address is set to the system IP address, unless the user specifies a source address using the src-ip-address option. If this is set to non-ip, then non-IP encapsulation over a G-ACh with channel type 0x00025 is used. This is the default for sub-type static. Note that the encapsulation used for the echo reply is the same as the encapsulation used for the echo request.

downstream-map-tlv: LSP Trace commands with this option can only be executed if the control-channel is set to none. The DSMAP/DDMAP TLV is only included in the echo request message if the egress interface is either a numbered IP interface, or an unnumbered IP interface. The TLV is not included if the egress interface is of type unnumbered-mpls-tp.

For lsp-ping, the dest-node-id may be entered as a 4-octet IP address in the format a.b.c.d, or as a 32-bit integer in the range of 1 to 4294967295. For lsp-trace, the destination node-id and global-id are taken form the spoke-sdp context.

The send mode and reply mode are always taken to be an application level control channel for MPLS-TP.

The force parameter causes an LSP ping echo request to be sent on an LSP that has been brought oper-down by Bi-directional Forwarding Detection (BFD) (LSP-Ping echo requests would normally be dropped on oper-down LSPs). This parameter is not applicable to SAA.

The LSP ID used in the LSP ping packet is derived from a context lookup based on lsp-name and path-type (active/working/protect).

Dest-global-id and dest-node-id refer to the target global/node id. They do not need to be entered for end-to-end ping and trace, and the system uses the destination global ID and node ID from the LSP ID.

The same command syntax is applicable for SAA tests configured under config>saa>test.

3.1.38. VXLAN Ping Supporting EVPN for VXLAN

EVPN is an IETF technology per RFC7432 that uses a new BGP address family and allows VPLS services to be operated as IP-VPNs, where the MAC addresses and the information to setup the flooding trees are distributed by BGP. The EVPN VXLAN connections, VXLAN Tunnel Endpoint (VTEP), uses a connection specific OAM Protocol for on demand connectivity verification. This connection specific OAM tool, VXLAN Ping, is described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN, within the VXLAN Section.

3.1.39. Show Commands

The sample outputs in the following section are examples only; actual displays may differ depending on supported functionality and user configuration.

3.1.40. BFD

The existing show>router>bfd is enhanced for MPLS-TP, as follows:

show>router>bfd>mpls-tp-lsp

This command displays the MPLS –TP paths for which BFD is enabled.

show>router>bfd>session [src ip-address [dest ip-address | detail]] | [mpls-tp-path lsp-id… [detail]]

This command shows the details of the BFD session on a particular MPLS-TP path, where lsp-id is the fully qualified lsp-id to which the BFD session is in associated.

A sample output is shown below:

3.1.41. MPLS Performance Monitoring (MPLS PM)

RFC 6374, Packet Loss and Delay Measurement for MPLS Networks, provides a standard packet format and process for measuring delay of a unidirectional or MPLS-TP using the General Associated Channel (G-ACh), channel type 0x000C. Unidirectional LSPs, such as RSVP-TE, require an additional TLV to return a response to the querier (the launch point). RFC 7876, UDP Return Path for Packet Loss and Delay Measurement for MPLS Networks, defines the source IP information to include in the UDP Path Return TLV so the responding node can reach the querier using an IP network. The MPLS DM PDU does not natively include any IP header information. With MPLS TP there is no requirement for the TLV defined in RFC 7876.

The function of MPLS delay measurement is similar regardless of LSP type. The querier sends the MPLS DM query message toward the responder, transported in an MPLS LSP. The responder extracts the required PDU information to respond appropriately.

Launching MPLS DM tests are configured in the config>oam-pm>session session-name test-family mpls context. Basic architectural OAM PM components are required to be completed along with the MPLS specific configuration. The test PDU includes the following PDU settings;

TVLs can also be included, based on the configuration.

The maximum pad size of 257 is a result of the structure of the defined TLV. The length field is one byte, limiting the overall value filed to 255 bytes.

The reflector processes the inbound MPLS DM PDU and respond back to the querier based on the received information, using the response flag setting. Specific to the timestamp, the responder responds using the Query Timestamp Format, filling in the Timestamp 2 and Timestamp 3 values.

When the response arrives back at the querier, the delay metrics are computed. The common OAM-PM computation model and naming are used to simplify and rationalize the different technologies that leverage the OAM-PM infrastructure. The common methodology reports unidirectional and round trip delay metrics for Frame Delay (FD), InterFrame Delay Variation (IFDV), and Frame Delay Range (FDR). The term frame is not indicative of the underlying technology being measured. It represents a normal cross technology naming with applicability to the appropriate naming for the measured technology. The common normal naming requires a mapping to the supported delay measurements included in RFC 6374.

Since OAM-PM uses a common reporting model, unidirectional (forward and backward, and round trip) are always reported. With unidirectional LSPs, the T4 and T3 timestamps are zeroed but the backward and round trip directions are still reported. In the case of unidirectional LSPs, the backward and round trip values are of no significance for the measured MPLS network.

An MPLS DM test may measure the endpoints of the LSP when the TTL is set equal to or higher than the termination point distance. Midpoints along the path that support MPLS DM response functions can be queried by a test setting a TTL to expire along the path. The MPLS DM launch and reflection, including mid-path transit nodes, capability is disabled by default. To launch and reflect MPLS DM test packets config>test-oam>mpls-dm must be enabled.

The SR OS implementation supports MPLS DM Channel Type 0x000C from RFC 6374 function for the following.

The following functions are not supported.

3.1.42. BIER OAM

BIER supports the bier-ping and bier-trace OAM tools. FP4 hardware is required and only IPv4 is supported. The tools are not supported:

A bier-ping packet is sent in a certain subdomain. The user can specify the subdomain in which the BIER OAM packet must be generated. In addition, the BIER OAM packet has to be destined to a BFER or a set of BFERs. Multiple BFERs can be specified for bier-ping. A single BFER can be specified for bier-trace. The BFER can be specified in one of the following ways:

3.1.43. ICMP ping check connectivity Checking using ICMP Echo Request and Response

In certain network configurations, it is not always possible to deploy preferred standards-based purpose-built robust connectivity verification tools such as Bidirectional Forwarding Detection (BFD), or Ethernet Connectivity Fault Management Continuity Check Message (ETH-CCM), or other more suited tools. When circumstances prevent the preferred connectivity validation methods, ICMP echo request and response ping connectivity check (icmp ping check) using ping templates can be used as an alternate connectivity checking method. Before deploying this approach an understanding of the treatment of these types of packets on the involved network elements is required. The ping check affects the operational state of the VRPN or IES service IPv4 interface (the service IP interface) being verified.

Deployment of this feature requires the following:

The ping template defines timers and thresholds that determine the basis for connectivity verification and influence the service IP interface operational state. The configuration of the ping template is located in the config>test-oam>icmp context. The configuration options are separated to allow different failure detection and recovery behaviors.

The transmission frequency (interval), loss detection (timeout) and threshold (failure-threshold) are used to check connectivity when the service IP interface is steady and operationally up, or steady and operationally down. When these values are monitoring connectivity and the service IP interface is operationally up, consecutive failures that reach the failure threshold transitions the interface to operationally down. When these values are monitoring connectivity and the service IP interface is operationally down, a first success triggers the recovery values to complete the validation. For example, if the interval 10 (seconds), timeout 5 (seconds) and failure-threshold 3 (count) the failure detection takes 30 seconds.

When a service IP interface transitions from operationally up to operationally down because of icmp ping check the log event “UTC WARNING: SNMP #2004 vprn1000999 int-PE-CE-999. Interface int-PE-CE-999 is not operational” is generated.

When a service IP interface has transitioned from operationally up to the operationally down state because of icmp ping check, the transmission continues at the specified interval until there is a successful ICMP echo response related to the ICMP echo request. When the first success is received, there is a possible transition from operationally down to operationally up and the function moves to the recovering phase. The icmp ping check packets for the affected service IP interface starts to transmit at frequency (reactivation-interval), invoking loss detection (reactivation-timeout) and consecutive success count (reactivation-threshold). If the reactivation threshold is reached, the service IP interface transitions from operationally down to operationally up. The transmission frequency (interval), loss detection (timeout) and threshold (failure-threshold) are used to monitor the service IP interface.

When a service IP interface transitions from operationally down to operationally up because of icmp ping check the log event “UTC WARNING: SNMP #2005 vprn1000999 int-PE-CE-999. Interface int-PE-CE-999 is operational” is generated.

If a failure occurs in the recovering phase, the reactivation-failure-threshold is consulted to determine the number of retries that should be attempted in this phase. This option allows a service IP interface a specified number of retries in this phase before returning to transmitting at interval and those associated values. The reactivation-failure-threshold parameter is bypassed if there was a previous success for the service IP interface in the recovery phase for the latest transition. This parameter determines the number of consecutive failures, without a previous success, before declaring the recovering is not proceeding and returns to the interval values. In larger scale environments this value may need to be increased.

Only packets related to the icmp ping check, ICMP echo request and ARP packets specifically associated with the assigned local ping template, can be sent when the interface is operationally down because of an icmp ping check failure. Only packets related to the icmp ping check, ICMP echo response and ARP packets specifically associated with the assigned local ping template, can be received when the interface is operationally down because of the ping check failure.

A ping check function should never be configured on both peers. This leads to deadlock conditions that can only be resolved by manually disabling the ping template under the interface. As previously stated, only packets associated with the local ping template can be transmitted and received on a service IP interface when the interface is operationally down because of icmp check.

The configured ping template values can be updated without having to change the administrative state or existing references. However, the service IP interfaces that reference a specific ping template configuration imports the values when the ping-template is administratively enabled under the service IP interface. There is no automatic updating of modified ping template values on service IP interfaces referencing a ping-template. In order to push the changes to the referencing service IP interface the command tools>perform>test-oam>icmp>ping-template-sync template-name is available. This command updates all interfaces that reference the specified ping-template. Executing this command updates all the referencing service IP interfaces in the background after the command is accepted. If there is an HA event and the tools command has not completed updating, all the interfaces that had were not updated at the time of the HA event do not receive the new values. If an HA event occurs and there is a concern that all interfaces may not have received the update the command should be executed again on the newly active. The command does not survive an HA event.

For a service IP interface to import and start using the icmp ping check, the ping-template template-name must be enabled and the destination-address ip-address, must be configured. When the ping-template is added to the service IP interface the values associated with that ping-template are imported. When the ping-template’s administrative state under the service IP interface is enabled, the values are checked again to ensure the latest values associated with the ping-template are being used. The source ip address of the packet is the primary IPv4 address of the service IP interface. This is not a configurable parameter.

When the ping-template command is administratively enabled under a service IP interface that is operationally up, the interface is assumed to have connectivity until proven otherwise. This means the interface state is not affected unless the ping template determines that there are connectivity issues based on the interval, timeout, and failure-threshold commands. If the desired behavior is for the ping-template to validate service IP interface connectivity before allowing the service IP interface to become operational, the service IP interface can be administratively disabled, the ping-template enabled under that interface, and then the interface administratively enabled. This is considered to be operationally down due to underlying conditions.

When the ping-template command is administratively enabled under a service IP interface that is operationally down because of an underlying condition unrelated to icmp ping check, when the underlying condition is cleared, the icmp ping check prevents the interface from entering the operationally up state until it can verify the connectivity. When the underlying condition is cleared the icmp ping check function enters the recovering phase using the reactivation-interval, reactivation-timeout, reactivation-threshold and the reactivation-failure-threshold values.

When a node is rebooted, service IP interfaces, with administratively enabled ping templates, must verify the interface connectivity before allowing it to progress to an operationally up state. This ensures that the interface does not bounce from operationally up to operationally down after a reboot and the service IP interface state is properly reflected when the reboot is complete. Service IP interfaces that have an administratively enabled ping-template enter the recovering phase using the reactivation-interval, reactivation-timeout, reactivation-threshold and the reactivation-failure-threshold values following a reboot.

When a soft reset condition is raised icmp ping check state for the service IP interface is held in the same state it entered the process until the soft reset is complete. The interfaces exit the soft reset in the same phase they entered but all counters are cleared. The service IP interfaces that have an administratively enabled ping template enter this held state if they are in any way related to any hardware that is undergoing a soft reset. Two examples to demonstrate the expected behavior are shown below. When a service IP interface is related to a LAG, if a single port member in that LAG is affected by the soft reset, the interface enters this held state. Similarly, if the service IP interface is connected using an R-VPLS configuration it enters the held state.

The protocol used to determine the icmp ping check function has been added to the distributed CPU protection list of protocols, icmp-ping-check. The distributed CPU protection function can be used to limit the amount of icmp ping check packets received on a service IP interface with an enabled ping template. This is an optional configuration that would prevent crossover impact on unrelated service IP interfaces using icmp ping check because of a rogue interface.

The show>service>id>interface ip-int-name detail command has been updated with the ping-template values and operational information. The most effective way to view the output is to use a match criterion for “Ping Template Values in Use”. The “Ping Template Values in Use” section of the output reports the current values that were imported from the referenced config>test-oam>icmp>ping-template. The “Operational Data” section of the output includes the administrative state (Up or Down) and destination address being tested (IP address or notConfigured). It also includes the current interval in use (interval or reactivation-interval) and the current state being reported, (operational, notRunning, failed). There are also pass and fail counters reporting, while in the current state, the number of consecutive passes or fails that have occurred. This provides a stability indicator. If these values are low, it may indicate that even though no operational state transitions have occurred there are intermittent but frequent failures. If neither of these counter are incrementing it is likely an underlying condition has been detected and the icmp ping check is not attempting to send and cannot receive connectivity packets. These counters are cleared when moving between different intervals, and for a soft reset.

The show>test-oam>icmp>ping-template and show>test-oam>icmp>ping-template-using have been added to display the various config>test-oam>icmp>ping-template configurations and services referencing the ping templates.

Using icmp ping check enabled on service IP interfaces incur longer recovery delays on failure and reboot because of the additional validations required to validate those interfaces.

The icmp ping check function supports IPv4 interfaces created on SAPs in VRPN and IES services and R-VPLS services, as well as Ethernet satellite (esat) connections. When the service IP interface is making use of an R-VPLS configuration, the interface between the VRPN or IES service and the VPLS service is a virtual connection. In order for the icmp ping check to function properly in R-VPLS environments, the connection being used to validate the peer must be reachable over a SAP.

The icmp ping check should only be used when other purpose-built connectivity checking is not a deployable solution. Interaction with contending protocols may be unexpended.

The interaction between icmp ping check and service IP interface hold-time, in general, the hold-time up option delays the deactivation of the associated IP interface by the specified number of seconds. The hold-time down option delays the activation of the associated IP interface by the specified number of seconds.

With the hold-time up option, if a service IP interface is about to transition from operational up to down because the port transitioned from operational up to down, loss of signal, administrative down, and so on, then hold-time up timer is started. The interface remains operationally up until the timer expires. The icmp ping check runs in parallel because the underlying operational state has been delayed. If it lasts longer than the detection for the icmp ping check it could fail while the interval is counting down. If the hold-time up counter expires the interface transitions to operationally down and the icmp ping check now recognizes the underlying issue and stops trying to transmit. Normal underlying condition recovery noted earlier in this section follow.

If however, the hold-time up is short circuited because the port returns to an operationally up state before the expiration of the hold-time up, the following interactions are noted.

With the hold-time down option, if a service IP interface is about to transition from operationally down to up because the port transitioned from operationally down to up, the interface remains down until the expiration of the down timer. When the timer expires, the icmp ping check follows the normal underlying condition recovery noted earlier in this section follows.

These validations do not support or impact IPv6 interfaces.

There is no support for config>system>enable-icmp-vse Nokia-specific ICMP packets on interfaces that are using ping templates.

ICMP ping check connectivity is only supported on FP3-based and above platforms and should not be configured on any service IP interfaces that are configured over hardware that does not meet this requirement.

3.2.1. Two-Way Active Measurement Protocol (TWAMP)

Two-Way Active Measurement Protocol (TWAMP) provides a standards-based method for measuring the IP performance (packet loss, delay, and jitter) between two devices. TWAMP leverages the methodology and architecture of One-Way Active Measurement Protocol (OWAMP) to define a way to measure two-way or round-trip metrics.

There are four logical entities in TWAMP: the control-client, the session-sender, the server, and the session-reflector. The control-client and session-sender are typically implemented in one physical device (the “client”) and the server and session-reflector in a second physical device (the “server”). The router acts as the “server”.

The control-client and server establish a TCP connection and exchange TWAMP-Control messages over this connection. When a server accepts the TCP control session from the control-client, it responds with a server greeting message. This greeting includes the various modes supported by the server. The modes are a bit mask. Each bit in the mask represents a functionality supported on the server. When the control-client wants to start testing, the client communicates the test parameters to the server, requesting any of the modes that the server supports. If the server agrees to conduct the described tests, the test begin as soon as the client sends a Start-Sessions or Start-N-Session message. As part of a test, the session-sender sends a stream of UDP-based test packets to the session-reflector, and the session-reflector responds to each received packet with a response UDP-based test packet. When the session-sender receives the response packets from the session-reflector, the information is used to calculate two-way delay, packet loss, and packet delay variation between the two devices. The exchange of test PDUs is referred to as TWAMP Test.

The TWAMP test PDU does not achieve symmetrical packet size in both directions unless the frame is padded with a minimum of 27 bytes. The session-sender is responsible for applying the required padding. After the frame is appropriately padded, the session-reflector reduces the padding by the number of bytes needed to provide symmetry.

Server mode support includes:

3.2.2. Two-Way Active Measurement Protocol Light (TWAMP Light)

TWAMP Light is an optional model included in the TWAMP standard RFC5357 that uses standard TWAMP test packets but provides a lightweight approach to gathering ongoing IP delay and synthetic loss performance data for base router and per VPRN statistics. Full details are described in Appendix I of RFC 5357 (Active Two Way Measurement Protocol). The SR OS implementation supports the TWAMP Light model for gathering delay and loss statistics.

For TWAMP Light, the complete TWAMP model is replaced with a simple session-sender session-reflector.

TWAMP Light maintains the TWAMP test packet exchange but eliminates the TWAMP TCP control connection with local configurations; however, not all negotiated control parameters are replaced with local configuration. For example, CoS parameters communicated over the TWAMP control channel are replaced with a reply-in-kind approach. The reply-in-kind model reflects back the received CoS parameters, which are influenced by the reflector’s QoS policies.

The reflector function is configured under the config>router>twamp-light command hierarchy for base router reflection, and under the config>service>vprn>twamp-light command hierarchy for per VPRN reflection. The TWAMP Light reflector function is configured per context and must be activated before reflection can occur; the function is not enabled by default for any context. The reflector requires the operator to define the TWAMP Light UDP listening port that identifies the TWAMP Light protocol and the prefixes that the reflector accepts as valid sources for a TWAMP Light request. Prior to release 13.0r4, if the configured TWAMP Light reflector UDP listening port was in use by another application on the system, a minor OAM message was presented indicating the UDP port was unavailable and that activation of the reflector is not allowed.

Notes: The TWAMP Light Reflector udp-port udp-port-number range configured as part of the config>service | router>twamp-light create command implements a restricted reserved UDP port range that must be adhere to range [862,64364..64373] prior to an upgrade or reboot. Configurations outside of this range results in a failure of the TWAMP Light reflector or the prevention of the upgrade operation. If an In Service Software Upgrade (ISSU) function is invoked and the udp-port udp-port-number range is outside of the allowable range and the TWAMP Light Reflector is in a no shutdown state, the ISSU operation is not allowed to proceed until, at a minimum, the TWAMP Light Reflector is shutdown. If the TWAMP Light Reflector is shutdown, the ISSU is allowed to proceed, but the TWAMP Light Reflector is not allowed to activate with a no shutdown until the range is brought in line the allowable range. A non-ISSU upgrade is be allowed to proceed regardless of the state (shutdown or no shutdown) of the TWAMP Light Reflector. The configuration is allowed to load, but the TWAMP Light Reflector remains inactive following the reload when the range is outside the allowable range. When the udp-port udp-port-number for a TWAMP Light Reflector is modified, all tests that were using the services of that reflector must update the dest-udp-port udp-port-number configuration parameter to match the new reflector listening port.

If the source IP address in the TWAMP Light packet arriving on the responder does not match a configured IP address prefix, the packet is dropped. Multiple prefix entries may be configured per context on the responder. Configured prefixes can be modified without shutting down the reflector function. An inactivity timeout under the config>oam-test>twamp>twamp-light command hierarchy defines the amount of time the reflector keeps the individual reflector sessions active in the absence of test packets. A responder requires CPM3 and beyond hardware.

Launching TWAMP Light test packets is under the control of the OAM Performance Monitoring (OAM-PM) architecture and as such adheres to those rules. This functionality is not available through interactive CLI or interactive SNMP, it is only available under the OAM-PM configuration construct. OAM-PM reports TWAMP Light delay and loss metrics. The OAM-PM architecture includes the assignment of a Test-ID. This protocol does not carry the 4-byte test ID in the packet. This is for local significance and uniformity with other protocols under the control of the OAM-PM architecture.

The OAM-PM construct allows various test parameters to be defined. These test parameters include the IP session-specific information which allocates the test to the specific routing instance, the source and destination IP address, the destination UDP port (which must match the UDP listening port on the reflector), the source UDP port and a number of other parameters that allow the operator to influence the packet handling. The source UDP port should only be configured when TWAMP distributed mode is being deployed. The probe interval and TWAMP Light packet padding size can be configured under the specific session. The pad size, the size of the all 0's pad, can configured to ensure that the TWAMP packet is the same size in both directions. The session-sender role facilitated by the OAM-PM TWAMP Light testing only sets the multiplier bits in the Error Estimate field contained in the TWAMP test packet. The 8-bit multiplier field is set to 00000001. The preceding 8 bits of the Error Estimate field comprised of S (1 bit - Time Sync), Z (1 bit MBZ) and Scale (6 bits) are set to 0.

TWAMP Test uses a single packet to gather both delay and loss metrics. This means there is special consideration over those approaches that utilize a specific tool per metric type.

In the TWAMP-Light case the interval parameter, which defines the probe spacing, is a common option applicable to all metrics collected under a single session. This requires the parameter to be removed from any test specific configurations, like the timing parameter associated with loss, specifically availability. Packet processing marks all fields in the PDU to report both delay and loss. The record-stats option can be used to refine which fields to process as part of the OAM-PM architecture. The default collection routine includes delay field processing only, record-stats delay. This is to ensure backward compatibility with previous releases that only supported the processing delay fields in the PDU. Enabling the processing of loss information requires the modification of the record-stats parameter. Adding loss to an active test requires the active test to be shutdown, modified and activate with the no shutdown command. It is critical to remember that the no shutdown action clears all previously allocated system memory for every test. Any results not written to flash or collected through SNMP are lost.

The record-stats setting do not change the configuration validation logic when a test is activated with the no shutdown command. Even if the loss metrics are not being processed and reported the configuration logic must ensure that the TWAMP test parameters are within the acceptable configuration limits, this includes default loss configuration statements. An operator has the ability to configure a TWAMP Light interval of 10s (10000ms) and record only delay statistics. The default timing parameter, used to compute and report availability and reliability, should allow for the activation of the test without a configuration violation. This requires the frame-per-delta-t frames default value of 1. An availability window cannot exceed 100s regardless of the record-stats setting. Computing the size of the availability window is a product of (interval*frames-per-delta-t*consec-delta-t).

The statistics display for the session with show all statistics that are being collected based on the record-stats configuration. If either of the metrics is not being recorded the statistics display “NONE” for the excluded metrics.

Multiple tests sessions between peers are allowed. These test sessions are unique entities and may have different properties. Each test generates TWAMP packets specific to their configuration.

TWAMP Light is supported on deployments that use IPv4 or IPv6 addressing, which may each have their own hardware requirements. All IP addressing must be unicast. IPv6 addresses cannot be a reserved or a link local address. Multiple test sessions may be configured between the same source and destination IP endpoints. The tuple Source IP, Destination IP, Source UDP, and Destination UDP provide a unique index for each test point.

The OAM-PM architecture does not validate any of the TWAMP Light test session information. A test session is allowed to be activated regardless of the validity of session information. For example, if the source IP address configured is not local within the router instance that the test is allocated, the session controller starts sending TWAMP Light test packets but does not receive any responses.

See OAM Performance Monitoring (OAM-PM) for more information about the integration of TWAMP Light and the OAM-PM architecture, including hardware dependencies.

3.4.1. ETH-CFM Building Blocks

The IEEE and the ITU-T use their own nomenclature when describing administrative contexts and functions. This introduces a level of complexity to configuration, discussion and different vendors naming conventions. The SR OS CLI has chosen to standardize on the IEEE 802.1ag naming where overlap exists. ITU-T naming is used when no equivalent is available in the IEEE standard. In the following definitions, both the IEEE name and ITU-T names are provided for completeness, using the format IEEE Name/ITU-T Name.

Maintenance Domain (MD)/Maintenance Entity (ME) is the administrative container that defines the scope, reach and boundary for testing and faults. It is typically the area of ownership and management responsibility. The IEEE allows for various formats to name the domain, allowing up to 45 characters, depending on the format selected. ITU-T supports only a format of “none” and does not accept the IEEE naming conventions.

Maintenance Association (MA)/Maintenance Entity Group (MEG) is the construct where the different management entities are contained. Each MA is uniquely identified by its MA-ID. The MA-ID is comprised of the MD level and MA name and associated format. This is another administrative context where the linkage is made between the domain and the service using the bridging-identifier configuration option. The IEEE and the ITU-T use their own specific formats. The MA short name formats (0 to 255) have been divided between the IEEE (0 to 31, 64 to 255) and the ITU-T (32 to 63), with five currently defined (1 to 4, 32). Even though the different standards bodies do not have specific support for the others formats a Y.1731 context can be configured using the IEEE format options.

Note: When a VID is used as the short MA name, 802.1ag does not support VLAN translation because the MA-ID must match all the MEPs. The default format for a short MA name is an integer. Integer value 0 means the MA is not attached to a VID. This is useful for VPLS services on SR OS platforms because the VID is locally significant.

Note: The double quote character (“) included as part of the ITU-T recommendation T.50 is not a supported character on the SR OS.

Maintenance Domain Level (MD Level)/Maintenance Entity Group Level (MEG Level) is the numerical value (0-7) representing the width of the domain. The wider the domain (higher the numerical value) the farther the ETH-CFM packets can travel. It is important to understand that the level establishes the processing boundary for the packets. Strict rules control the flow of ETH-CFM packets and are used to ensure proper handling, forwarding, processing and dropping of these packets. ETH-CFM packets with higher numerical level values flows through MEPs on MIPs on endpoints configured with lower level values. This allows the operator to implement different areas of responsibility and nest domains within each other. Maintenance association (MA) includes a set of MEPs, each configured with the same MA-ID and MD level used to verify the integrity of a single service instance.

Note: Domain format and requirements that match that format, as well as association format and those associated requirements, and the level must match on peer MEPs.

Maintenance Endpoints/MEG Endpoints (MEP) are the workhorses of ETH-CFM. A MEP is the unique identification within the association (1-8191). Each MEP is uniquely identified by the MA-ID, MEP-ID tuple. This management entity is responsible for initiating, processing and terminating ETH-CFM functions, following the nesting rules. MEPs form the boundaries which prevent the ETH-CFM packets from flowing beyond the specific scope of responsibility. A MEP has direction, up or down. Each indicates the directions packets are generated; up toward the switch fabric, down toward the SAP away from the fabric. Each MEP has an active and passive side. Packets that enter the active point of the MEP are compared to the existing level and processed accordingly. Packets that enter the passive side of the MEP are passed transparently through the MEP. Each MEP contained within the same maintenance association and with the same level (MA-ID) represents points within a single service. MEP creation on a SAP is allowed only for Ethernet ports with NULL, q-tags, q-in-q encapsulations. MEPs may also be created on SDP bindings. A vMEP is a service level MEP configuration that installs ingress (down MEP-like) extraction on the supported ETH-CFM termination points within a VPLS configuration.

Maintenance Intermediate Points/MEG Intermediate Points (MIPs) are management entities between the terminating MEPs along the service path. MIPs provide insight into the service path connecting the MEPs. MIPs only respond to Loopback Messages (LBM) and Linktrace Messages (LTM). All other CFM functions are transparent to these entities.

MIP creation is the result of the mhf-creation mode and interaction with related MEPs, and with the direction of the MEP. Two different authorities can be used to determine the MIPs that should be considered and instantiated. The domain and association or the default-domain hierarchies match the configured bridge identifier and VLAN to the service ID and any configured primary VLAN. When a primary VLAN MIP is not configured, the VLAN is either ignored or configured as none.

The domain and association MIP creation function triggers a search for all ETH-CFM domain association bridge identifier matches to the service it is linked to. A MIP candidate is then be evaluated using the mhf-creation mode and the rules that govern the algorithm. The domain association mhf-creation modes and their uses are listed below:

For all modes except static mode, only a single MIP can be created. All candidates are collected and the lowest-level valid MIP is created. In static mode, all valid MIPs are created for the bridge identifier VLAN pair. A MIP is considered invalid if the level of the MIP is equal to or below a downward-facing MEP, or below the level of an upward-facing MEP and the MIP shares the same service component as the Up MEP.

Not all creation modes require the mip creation statement within the service. The explicit and default mhf-creation modes may instantiate a MIP without the mip creation statement under the service if a lower-level MEP exists for the domain association bridge identifier. If a lower-level MEP does not exist, the default and static mhf-creation modes require the mip creation statement on the service connection.

MEPs require the domain and association configurations to ensure that all ETH-CFM PDUs can be supported. MIPs have restricted ETH-CFM PDU support: ETH-LB and ETH-LT. These two protocols do not require the configuration of a domain and association. MIPs may be created outside of the association context using the default-domain table.

The default-domain table is an object table populated with values that are used for MIP creation. The table is indexed by the bridge identifier and VLAN. An index entry is automatically added when the mip creation statement is added under a SAP or SDP binding. When an index entry is added, the bridge identifier is set to the service ID and the VLAN is set to the primary-vlan-enable vlan-id. If the MIP does not use primary VLAN functionality, the VLAN is configured as none. When the entry has been added to the default-domain table, the default values can be configured. The default-domain table defers to the system-wide, read-only values.

Because there are two different locations able to process the MIP creation logic, a per-bridge identifier VLAN authority must be determined. The authority is a component, table, or configuration that is responsible for executing the MIP creation algorithm. In general, any domain association bridge identifier that could be used to create a specific MIP is authoritative. Other configurations influence the authority, such as the type of MIP (primary VLAN or non-primary VLAN), the different mhf-creation modes, the interaction of those modes with MEPs, and the direction of the MEP.

The following rules provide some high-level guidelines to determine the authority.

When the authority for MIP creation is determined, the MIP attributes are derived from that creation table. The default domain table defers to the read-only, system-wide MIP values and inherits those defaults. Some of the objects under the default-domain hierarchy must be configured using the same statement to avoid transient and unexpected MIP creation while the configuration is being completed. To this end, the mhf-creation mode and level have been combined in the same configuration statement.

The standard mhf-creation modes (none, default, explicit) are configurable as part of the default-domain table. Static mode can only be configured under the domain association bridge identifier. This is because default domain table indexing precludes multiple MIPs at different levels.

MIP creation requires configuration. The default values in both the domain association and the default domain table prevent MIP instantiation.

The show eth-cfm mip-instantiation command can be used to check the authority for each MIP.

There are two locations in the configuration where ETH-CFM is defined. The first location, where the domains, associations (including links to the service), MIP creation method, common ETH-CFM functions, and remote MEPs are defined under the top-level eth-cfm command. The second location is within the service or facility.

Table 11 is a general table that indicates ETH-CFM support for the different services and SAP or SDP binding. It is not meant to indicate the services that are supported or the requirements for those services on the individual platforms.

Figure 43:  MEP and MIP 

Figure 44 illustrates the usage of an Epipe on two different nodes that are connected using ether SAP 1/1/2:100.31. The SAP 1/1/10:100.31 is an access port that is not used to connect the two nodes.

Figure 44:  MEP Creation 

Examining the configuration from NODE1, MEP 101 is configured with a direction of UP causing all ETH-CFM traffic originating from this MEP to generate into the switch fabric and out the mate SAP 1/1/2:100.31. MEP 111 uses the default direction of DOWN causing all ETH-CFM traffic that is generated from this MEP to send away from the fabric and only egress the SAP on which it is configured, SAP 1/1/2:100.31.

Further examination of the domain constructs reveal that the configuration properly uses domain nesting rules. In this case, the Level 3 domain is completely contained in a Level 4 domain.

Figure 45 illustrates the creation of an explicit MIP using the association MIP construct.

Figure 45:  MIP Creation Example (NODE1) 

An addition of association 2 under domain 4 includes the mhf-creation explicit statement. This means that when the level 3 MEP is assigned to the SAP 1/1/2:100.31 using the definition in domain 3 association 1, creating the higher level MIP on the same SAP. Since a MIP does not have directionality “Both” sides are active. The service configuration and MEP configuration within the service did not change.

Figure 46 illustrates a simpler method that does not require the creation of the lower level MEP. The operator simply defines the association parameters and uses the mhf-creation default setting, then places the MIP on the SAP of their choice.

Figure 46:  MIP Creation Default 

NODE1:

NODE2:

Figure 47 shows the detailed IEEE representation of MEPs, MIPs, levels and associations, using the standards defined icons.

SAPs support a comprehensive set of rules including wild cards to map packets to services. For example, a SAP mapping packets to a service with a port encapsulation of QinQ may choose to only look at the outer VLAN and wildcard the inner VLAN. SAP 1/1/1:100.* would map all packets arriving on port 1/1/1 with an outer VLAN 100 and any inner VLAN to the service the SAP belongs to. These powerful abstractions extract inbound ETH-CFM PDUs only when there is an exact match to the SAP construct. In the case of the example when then an ETH-CFM PDU arrives on port 1/1/1 with a single VLAN with a value of 100 followed immediately with e-type (0x8902 ETH-CFM). Furthermore, the generation of the ETH-CFM PDUs that egress this specific SAP are sent with only a single tag of 100. The primary VLAN is required if the operator needs to extract ETH-CFM PDUs or generate ETH-CFM PDUs on wildcard SAPs and the offset includes an additional VLAN that was not part of the SAP configuration.

Table 12 shows how packets that would normally bypass the ETH-CFM extraction would be extracted when the primary VLAN is configured. This assumes that the processing rules for MEPs and MIPs is met, E-type 0x8902, Levels and OpCodes.

The mapping of the service data remains unchanged. The primary VLAN function allows for one additional VLAN offset beyond the SAP configuration, up to a maximum of two VLANs in the frame. If a fully qualified SAP specifies two VLANs (SAP 1/1/1:10.10) and a primary VLAN of 12 is configured for the MEP there is no extraction of ETH-CFM for packets arriving tagged 10.10.12. That exceeds the maximum of two tags.

The mapping or service data based on SAPs has not changed. ETH-CFM MPs functionality remains SAP specific. In instances where as service includes a specific SAP with a specified VLAN (1/1/1:50) and a wildcard SAP on the same port (1/1/1:*) it is important to understand how the ETH-CFM packets are handled. Any ETH-CFM packet with etype 0x8902 arriving with a single tag or 50 would be mapped to a classic MEP configured under SAP 1/1/1:50. Any packet arriving with an outer VLAN of 50 and second VLAN of 10 would be extracted by the 1/1/1:50 SAP and would require a primary VLAN enabled MEP with a value of 10, assuming the operator would like to extract the ETH-CFM PDU of course. An inbound packet on 1/1/1 with an outer VLAN tag of 10 would be mapped to the SAP 1/1/1:*. If ETH-CFM extraction is required under SAP 1/1/1:* a primary VLAN enabled MEP with a value of 10 would be required.

The packet that is generated from a MEP or MIP with the primary VLAN enabled is include that VLAN. The SAP encapsulates the primary VLAN using the SAP encapsulation.

Primary VLAN support includes UP MEPs, DOWN MEPs and MIPs on Ethernet SAPs, including LAG, as well as SDP bindings for Epipe and VPLS services. Classic MEPs, those without a primary VLAN enabled, and a primary VLAN enabled MEPs can co-exist under the same SAP or SDP binding. Classic MIPs and primary VLAN-enabled MIPs may also coexist. The enforcement of a single classic MIP per SAP or SDP binding continues to be enforced. However, the operator may configure multiple primary VLAN-enabled MIPs on the same SAP or SDP binding. MIPs in the primary VLAN space must include the mhf-creation static configuration under the association and must also include the specific VLAN on the MIP creation statement under the SAP. The no version of the mip command must include the entire statement including the VLAN information.

The eight MD Levels (0 to 7) are specific to context in which the Management Point (MP) is configured. This means the classic MPs have a discrete set of the levels from the primary VLAN enabled space. Each primary VLAN space has its own eight Level MD space for the specified primary VLAN. Consideration must be given before allowing overlapping levels between customers and operators should the operator be provision a customer facing MP, like a MIP on a UNI. CPU Protection extensions for ETH-CFM are VLAN unaware and based on MD Level and the OpCode. Any configured rates are applied to the Level and OpCode as a group.

There are two configuration steps to enable the primary VLAN. Under the bridging instance, contained within the association context (config>eth-cfm>domain>assoc>bridge), the VLAN information must be configured. Until this is enabled using the primary-vlan-enable option as part of the MEP creation step or the MIP statement (config>service>…>{sap | mesh-sdp | spoke-sdp}>eth-cfm) the VLAN specified under the bridging instance remains inactive. This is to ensure backward interoperability.

Primary VLAN functions require an FP2-based card or better. Primary VLAN is not supported for vpls-sap-templates, sub-second CCM intervals, or vMEPs.

Figure 47:  MEP, MIP and MD Levels 

An operator may see the following INFO message (during configuration reload), or MINOR (error) message (during configuration creation) when upgrading to 11.0r4 or later if two MEPs are in a previously undetected conflicting configuration. The messaging is an indication that a MEP, the one stated in the message using format (domain md-index/association ma-index/mep mep-id), is already configured and has allocated that context. During a reload (INFO) a MEP that encounters this condition is created but its state machine is disabled. If the MINOR error occurs during a configuration creation this MEP fails the creation step. The indicated MEP must be correctly re-configured.

3.4.2. Loopback

A loopback message is generated by an MEP to its peer MEP or a MIP (Figure 48). The functions are similar to an IP ping to verify Ethernet connectivity between the nodes.

Figure 48:  CFM Loopback 

The following loopback-related functions are supported:

The ETH-LBM (loopback) function includes parameters for sub second intervals, timeouts, and new padding parameters.

When an ETH-LBM command is issued using a sub second interval (100ms), the output success is represented with a “!” character, and a failure is represented with a “.” The updating of the display waits for the completion of the previous request before producing the next result. However, the packets maintain the transmission spacing based on the interval option specified in the command.

When the interval is one seconds or higher, the output provides detailed information that includes the number of bytes (from the LBR), the source MEP ID (format md-index/ma-index/mepid), and the sequence number as it relates to this test and the result.

Since ETH-LB does not support standard timestamps, no indication of delay is produced as these times are not representative of network delay.

By default, if no interval is included in the command, the default is back to back LBM transmissions. The maximum count for such a test is 5.

3.4.3. Loopback Multicast

Multicast loopback also supports the new intervals (see 3.4.2). However, the operator must be careful when using this approach. Every MEP in the association responds to this request. This means an exponential impact on system resources for large scale tests. If the multicast option is used and there with an interval of 1 (100ms) and there are 50 MEPs in the association, this results in a 50 times increase in the receive rate (500pps) compared to a unicast approach. Multicast displays are not be updated until the test is completed. There is no packet loss percentage calculated for multicast loopback commands.

This on demand operation tool is used to quickly check the reachability of all MEPs within an Association. A multicast address can be coded as the destination of an oam eth-cm loopback command. The specific class 1 multicast MAC address or the keyword “multicast” can be used as the destination for the loopback command. The class 1 ETH-CFM multicast address is in the format 01:80:C2:00:00:3x (where x = 0 - 7 and is the number of the domain level for the source MEP). When the “multicast” option is used, the class 1 multicast destination is built according to the local MEP level initiating the test.

Remote MEPs that receive the multicast loopback message, configured at the equivalent level, are terminated and process the multicast loopback message by responding with the appropriate unicast loopback response (ETH-LBR). Regardless of whether a multicast or unicast ETH-LBM is used, there is no provision in the standard LBR PDU to carry the MEP-ID of the responder. This means only the remote MEP MAC Address will be reported and subsequently displayed. MIPs do not extract a multicast LBM request. The LBM multicast is transparent to the MIP.

MEP loopback stats are not updated as a result of this test being run. That means the received, out-of-order and bad-msdu counts are not affected by multicast loopback tests. The multicast loopback command is meant to provide immediate connectivity troubleshooting feedback for remote MEP reachability only.

3.4.4. Linktrace

A linktrace message is originated by an MEP and targeted to a peer MEP in the same MA and within the same MD level (Figure 49). Linktrace traces a specific MAC address through the service. The peer MEP responds with a linktrace reply message after successful inspection of the linktrace message. The MIPs along the path also process the linktrace message and respond with linktrace replies to the originating MEP if the received linktrace message that has a TTL greater than 1 and forward the linktrace message if a look up of the target MAC address in the Layer 2 FDB is successful. The originating MEP shall expect to receive multiple linktrace replies and from processing the linktrace replies, it can put together the route to the target bridge.

A traced MAC address is carried in the payload of the linktrace message, the target MAC. Each MIP and MEP receiving the linktrace message checks whether it has learned the target MAC address. In order to use linktrace the target MAC address must have been learned by the nodes in the network. If so, a linktrace message is sent back to the originating MEP. Also, a MIP forwards the linktrace message out of the port where the target MAC address was learned.

The linktrace message itself has a multicast destination address. On a broadcast LAN, it can be received by multiple nodes connected to that LAN. But, at most, one node sends a reply.

Figure 49:  CFM Linktrace 

The following linktrace related functions are supported:

The following output includes the SenderID TLV contents if it is included in the LBR.

3.4.5. Continuity Check (CC)

A Continuity Check Message (CCM) is a multicast frame that is generated by a MEP and multicast to all other MEPs in the same MA. The CCM does not require a reply message. To identify faults, the receiving MEP maintains an internal list of remote MEPs it should be receiving CCM messages from.

This list is based off of the remote-mepid configuration within the association the MEP is created in. When the local MEP does not receive a CCM from one of the configured remote MEPs within a pre-configured period, the local MEP raises an alarm.

Figure 50:  CFM Continuity Check 

Figure 51:  CFM CC Failure Scenario 

An MEP may be configured to generate ETH-CC packet using a unicast destination Layer 2 MAC address. This may help reduce the overhead in some operational models where Down MEPs per peer are not available. For example, mapping an I-VPLS to a PBB core where a hub is responsible for multiple spokes is one of the applicable models. When ETH-CFM packets are generated from an I-context toward a remote I-context, the packets traverse the B-VPLS context. Since many B-contexts are multipoint, any broadcast, unknown or multicast packet is flooded to all appropriate nodes in the B-context. When ETH-CC multicast packets are generated, all the I-VPLS contexts in the association must be configured with all the appropriate remote MEPids. If direct spoke to spoke connectivity is not part of the validation requirement, the operational complexity can be reduced by configuring unicast DA addressing on the “spokes” and continuing to use multicast CCM from the “hub”. When the unicast MAC is learned in the forwarding DB, traffic is scoped to a single node.

Figure 52:  Unicast CCM in Hub & Spoke Environments 

Defect condition, reception, and processing remains unchanged for both hub and spokes. When an ETH-CC defect condition is raised on the hub or spoke, the appropriate defect condition is set and distributed throughout the association from the multicasting MEP. For example, should a spoke raise a defect condition or timeout, the hub sets the RDI bit in the multicast ETH-CC packet which is received on all spokes. Any local hub MEP defect condition continues to be propagated in the multicast ETH-CC packet. Defect conditions are cleared as per normal behavior.

The forwarding plane must be considered before deploying this type of ETH-CC model. A unicast packet is handled as unknown when the destination MAC does not exist in local forwarding table. If a unicast ETH-CC packet is flooded in a multipoint context, it reaches all the appropriate I-contexts. This causes the spoke MEPs to raise the “DefErrorCCM” condition because an ETH-CC packet was received from a MEP that has not been configured as part of the receiving MEPs database.

The remote unicast MAC address must be configured and is not automatically learned. A MEP cannot send both unicast and multicast ETH-CC packets. Unicast ETH-CC is only applicable to a local association with a single configured remote peer. There is no validation of MAC addresses for ETH-CC packets. The configured unicast destination MAC address of the peer MEP only replaces the multicast class 1 destination MAC address with a unicast destination.

Unicast CCM is not supported on any MEPs that are configured with sub second CCM-intervals.

The following functions are supported:

The optional ccm-tlv-ignore command ignores the reception of interface-status and port-status TLVs in the ETH-CCM PDU on Facility MEPs (port, LAG, QinQ, tunnel and router). No processing is performed on the ignored ETH-CCM TLVs values.

Any TLV that is ignored is reported as absent for that remote peer and the values in the TLV do not have an impact on the ETH-CFM state machine. This the same behavior as if the remote MEP never included the ignored TLVs in the ETH-CCM PDU. If the TLV is not properly formed, the CCM PDU fails the packet parsing process, which causes it to be discarded and a defect condition is raised.

There are various display commands that are available to show the status of the MEP and the list of remote peers.

3.4.6. CC Remote Peer Auto-Discovery

As specified in the section “Continuity Checking (CC),” all remote MEP-IDs must be configured under the association using the remote-mepid command in order to accept them as peers. When a CCM is received from a MEP-ID that has not been configured, the “unexpected MEP” causes the defErrorCCM condition to be raised. The defErrorCCM is raised for all invalid CC reception conditions.

The auto-mep-discovery option allows for the automatic adding of remote MEP-IDs contained in the received CCM. Once learned, the automatically discovered MEP behave the same as a manually configured entry. This includes the handling and reporting of defect conditions. For example, if an auto discovered MEP is deleted from its host node, it experiences the standard timeout on the node which auto discovered it.

When this function is enabled, the “unexpected MEP” condition no longer exists. That is because all MEPs are accepted as peers and automatically added to the MEP database upon reception. There is an exception to this statement. If the maintenance association has reached its maximum MEP count, and no new MEPs can be added, the “unexpected MEP” condition raises the defErrorCCM defect condition. This is because the MEP was not added to the association and the remote MEP is still transmitting CCM.

The clear eth-cfm auto-discovered-meps [mep-id] domain md-index association ma-index is available to remove auto discovered MEPs from the association. When the optional mep-id is included as part of the clear command, only that specific MEP-ID within the domain and association is cleared. If the optional mep-id is omitted when the clear command is issued, all auto discovered MEPs that match the domain and association will be cleared. The clear command is only applicable to auto- discovered MEPs.

If there is a failure to add a MEP to the MEP database and the action was manual addition using the “remote-mepid” configuration statement, the error “MINOR: ETH_CFM #1203 Reached maximum number of local and remote endpoints configured for this association” is produced. When failure to add a MEP to the database through an auto discovery, no event is created. The CCM Last Failure indicator tracks the last CCM error condition. The decode can be viewed using the show eth-cfm mep mep-id domain md-index association ma-index command. An association may include both the manual addition of remote peers using the remote-mepid and the auto-mep-discovery option.

The all-remote-mepid display includes an additional column AD to indicate where a MEP has been auto discovered, using the indicator T.

Auto discovered MEPs do not survive a system reboot. These are not permanent additions to the MEP database and are not reloaded after a reboot. The entries are relearned when the CCM is received. Auto discovered MEPs can be changed to manually created entries simply by adding the appropriate remote-mepid statement to the proper association. At that point, the MEP is no longer considered auto discovered and can no longer be cleared.

If a remote-mepid statement is removed from the association context and auto-mep-discovery is configured and a CC message arrives from that remote MEP, it is added to the MEP database, this time as an auto discovered MEP.

The individual MEP database for an association must not exceed the maximum number of MEPs allowed. A MEP database consists of all local MEPs plus all configured remote-mepids and all auto-discovered MEPs. If the number of MEPs in the association has reached capacity, no new MEPs may be added. The number of MEPs must be brought below the maximum value before MEPs can be added. Also, the number of MEPs across all MEP databases must not exceed the system maximum. The number of MEPs supported per association and the total number of MEPs across all associations is platform dependent.

3.4.7. ETH-CFM Grace Overview

ETH-CFM grace is an indication that MEPs on a node undergoing a maintenance operation may be expected to be unable to transmit or receive ETH-CC PDUs, failing to satisfy the peers requirements. Without the use of a supporting grace function, CCM-enabled MEPs time out after an interval of 3.5 × ccm-interval. During planned maintenance operations, the use of grace can extend the timeout condition to a longer interval.

The Ethernet CFM system-wide configuration eth-cfm>system>[no] grace-tx-enable command controls the transmission of ETH-CFM grace. The ETH-CFM grace function is enabled by the Soft Reset notification by default. The ETH-CFM grace function determines the individual MEP actions based on their configured parameters.

To transmit a grace PDU, the MEP must be administratively enabled and ETH-CC must also be enabled. The ETH-CC interval is ignored. Grace transmission uses the class 1 DA, with the last nibble (4 bits) indicating the domain level, for all grace-enabled MEPs. When a grace event occurs, all MEPs on a node that are configured for grace actively participate in the grace function until the grace event has completed. When a soft reset occurs, ETH-CFM does not determine which peers are directly affected by a soft reset of a specific IOM or line card. This means that all MEPs enter a grace state, regardless of their location on the local node.

The grace process prevents the local MEP from presenting a new timeout condition, and prevents its peer, also supporting a complementary grace process, from declaring a new timeout defect (DefRemoteCCM). Other defects, unrelated to timeout conditions, are processed as during normal operation. This includes the setting, transmission, and reception processing of the RDI flag in the CCM PDU. Since the timeout condition has been prevented, it can be assumed that the RDI is caused by some other unrelated CCM defect condition. Entering the grace period does not clear existing defect conditions, and any defect condition that exists at the start of the grace period is maintained and cleared using normal operation.

Two approaches are supported for ETH-CFM grace:

Both approaches use the same triggering infrastructure but have unique PDU formats and processing behaviors. Only one grace transmission function can be active under an individual MEP. MEPs can be configured to receive and process both grace PDU formats. If a MEP receives both types of grace PDUs, the last grace PDU received becomes the authority for the grace period, using its procedures. If the operator needs to clear a grace window or expected defect window on a receiving peer, the appropriate authoritative reception function can be disabled.

Active AIS server transmissions include a vendor-specific TLV that instructs the client to extend the timeout of AIS during times of grace. When the grace period is completed, the server MEP removes the TLV and the client reverts to standard timeout processing based on the interval in the AIS PDU.

3.4.8. CCM Hold Timers

In some cases, the requirement exists to prevent a MEP from entering the defRemoteCCM defect, remote peer timeout, for more time than the standard 3.5 times the ccm-interval. Both the IEEE 802.1ag standard and ITU-T Y.1731 recommendation provide a non-configurable 3.5 times the CCM interval to determine a peer time out. However, when sub-second CCM timers (10 ms/100 ms) are enabled, the carrier may want to provide additional time for different network segments to converge before declaring a peer lost because of a timeout. To maintain compliance with the specifications, the ccm-hold-timer down delay-down option artificially increases the amount of time it takes for a MEP to enter a failed state if the peer times out. This timer is only additive to CCM timeout conditions. All other CCM defect conditions, like defMACStatus, defXconCCM, and so on, maintain their existing behavior of transitioning the MEP to a failed state and raising the proper defect condition without delay.

When the ccm-hold-timer down delay-down option is configured, the following calculation is used to determine the remote peer time out: 3.5 × ccm-interval + ccm-hold-timer down delay-down.

This command is configured under the association. Only sub-second CCM-enabled MEPs support this hold timer. Ethernet tunnel paths use a similar but slightly different approach and continue to use the existing method. Ethernet tunnels are blocked from using this new hold timer.

It is possible to change this command on the fly without deleting it first. Entering the command with the new values change the values without having to first delete the command.

It is possible to change the ccm-interval of a MEP on the fly without first deleting it. This means it is possible to change a sub-second CCM-enabled MEP to 1 second or more. The operator is prevented from changing an association from a sub second CCM interval to a non-sub second CCM interval when a ccm-hold-timer is configured in that association. The ccm-hold-timer must be removed using the no option prior to allowing the transition from sub second to non-sub second CCM interval.

3.4.9. ITU-T Y.1731 Alarm Indication Signal (ETH-AIS)

Alarm Indication Signal (AIS) provides a MEP the ability to signal a fault condition in the reverse direction of the MEP, out the passive side. When a fault condition is detected the MEP generates AIS packets at the configured client levels and at the specified AIS interval until the condition is cleared. Currently a MEP that is configured to generate AIS must do so at a level higher than its own. The MEP configured on the service receiving the AIS packets is required to have the active side facing the receipt of the AIS packet and must be at the same level as the AIS. The absence of an AIS packet for 3.5 times the AIS interval set by the sending a node clear the condition on the receiving MEP.

AIS generation is not subject to the CCM low-priority-defect parameter setting. When enabled, AIS is generated if the MEP enters any defect condition, by default this includes CCM RDI condition.

To prevent the generation of AIS for the CCM RDI condition, the AIS version of the low-priority-defect parameter (under the ais-enable command) can be configured to ignore RDI by setting the parameter value to macRemErrXcon. The low-priority-defect parameter is specific and influences the protocol under which it is configured. When the low-priority-defect parameter is configured under CCM, it only influences CCM and not AIS. When the low-priority-defect parameter is configured under AIS, it only influences AIS and not CCM. Each protocol can make use of this parameter using different values.

AIS configuration has two components: receive and transmit. AIS reception is enabled when the command ais-enable is configured under the MEP. The transmit function is enabled when the client-meg-level is configured.

Alarm Indication Signal function is used to suppress alarms at the client (sub) layer following detection of defect conditions at the server (sub) layer. Due to independent restoration capabilities provided within the Spanning Tree Protocol (STP) environments, ETH-AIS is not expected to be applied in the STP environment.

Transmission of frames with ETH-AIS information can be enabled or disabled on a MEP. Frames with ETH-AIS information can be issued at the client MEG Level by a MEP, including a Server MEP, upon detecting the following conditions:

For a point-to-point ETH connection at the client (sub) layer, a client layer MEP can determine that the server (sub) layer entity providing connectivity to its peer MEP has encountered defect condition upon receiving a frame with ETH-AIS information. Alarm suppression is straightforward since a MEP is expected to suppress defect conditions associated only with its peer MEP.

For multipoint ETH connectivity at the client (sub) layer, a client (sub) layer MEP cannot determine the specific server (sub) layer entity that has encountered defect conditions upon receiving a frame with ETH-AIS information. More importantly, it cannot determine the associated subset of its peer MEPs for which it should suppress alarms since the received ETH-AIS information does not contain that information. Therefore, upon receiving a frame with ETH-AIS information, the MEP suppresses alarms for all peer MEPs whether or not there is still connectivity.

Only a MEP, including a server MEP, is configured to issue frames with ETH-AIS information. Upon detecting a defect condition the MEP can immediately start transmitting periodic frames with ETH-AIS information at a configured client MEG Level. A MEP continues to transmit periodic frames with ETH-AIS information until the defect condition is removed. Upon receiving a frame with ETH-AIS information from its server (sub) layer, a client (sub) layer MEP detects AIS condition and suppresses alarms associated with all its peer MEPs. A MEP resumes alarm generation upon detecting defect conditions once AIS condition is cleared.

AIS may also be triggered or cleared based on the state of the entity over which it has been enabled. Including the optional command interface-support-enable under the ais-enable command tracks the state of the entity and invoke the appropriate AIS action. This means that operators are not required to enable CCM on a MEP in order to generate AIS if the only requirement is to track the local entity. If a CCM enabled MEP is enabled in addition to this function then both are used to act upon the AIS function. When both CCM and interface support are enabled, a fault in either triggers AIS. In order to clear the AIS state, the entity must be in an UP operational state and there must be no defects associated with the MEP. The interface support function is available on both service MEPs and facility MEPs both in the Down direction only, with the following exception. An Ethernet QinQ Tunnel Facility MEP does not support interface-support-enable. Many operational models for Ethernet QinQ Tunnel Facility MEPs are deployed with the SAP in the shutdown state.

The following specific configuration information is used by a MEP to support ETH-AIS:

A MIP is transparent to frames with ETH-AIS information and therefore does not require any information to support ETH-AIS functionality.

It is important to note that Facility MEPs do not support the generation of AIS to an explicitly configured endpoint. An explicitly configured endpoint is an object that contains multiple individual endpoints, as in pseudowire redundancy.

AIS is enabled under the service and has two parts, receive and transmit. Both components have their own configuration option. The ais-enable command under the SAP allows for the processing of received AIS packets at the MEP level. The client-meg-level command is the transmit portion that generates AIS if the MEP enter a fault state.

When MEP 101 enters a defect state, it starts to generate AIS out the passive side of the MEP, away from the fault. In this case, the AIS generates out sap 1/1/10:100.31 since MEP 101 is an up MEP on that SAP. The Defect Flag indicates that an RDI error state has been encountered. The Eth-Ais Tx Counted value is increasing, indicating that AIS is actively being sent.

A single network event may, in turn, cause the number of AIS transmissions to exceed the AIS transmit rate of the network element. A pacing mechanism is in place to assist the network element to gracefully handle this overload condition. Should an event occur that causes the AIS transmit requirements to exceed the AIS transmit resources, a credit system is used to grant access to the resources. Once all the credits have been used, any remaining MEPs attempting to allocate a transmit resource are placed on a wait list, unable to transmit AIS. If a credit be released, when the condition that caused the MEP to transmit AIS is cleared, a MEP on the wait list consumes the newly available credit. If it is critical that AIS transmit resources be available for every potential event, consideration must be given to the worst case scenario and the configuration should never exceed the potential. Access to the resources and the wait list are ordered and maintained in first come first serve basis.

A MEP that is on the wait list only increments the “Eth-Ais Tx Fail” counter and not the “Eth-Ais TxCount” for every failed attempt while the MEP is on the wait list.

There is no synchronization of AIS transmission state between peer nodes. This is particularly important when AIS is used to propagate fault in ETH-CFM MC-LAG linked designs.

3.4.10. ITU-T Y.1731 Client Signal Fail (ETH-CSF)

Client signal fail (CSF) is a method that allows for the propagation of a fault condition to a MEP peer, without requiring ETH-CC or ETH-AIS. The message is sent when a MEP detects an issue with the entity in the direction the MEP to its peer MEP. A typical deployment model is an UP MEP configured on the entity that is not executing ETH-CC with its peer. When the entity over which the MEP is configured fails, the MEP can send the ETH-CSF fault message.

In order to process the reception of the ETH-CSF message, the csf-enable function must be enabled under the MEP. When processing of the received CSF message is enabled, the CSF is used as another method to trigger fault propagation, assuming fault propagation is enabled. If CSF is enabled but fault propagation is not enabled, the MEP shows the state of CSF being received from the peer. And lastly, when there is no fault condition, the CSF Rx State displays DCI (Client defect clear) indicating there are no existing failures, even if no CSF has been received. The CSF Rx State indicates the various fault and clear conditions received from the peer during the event.

CSF carries the type of defect that has been detected by the local MEP generating the CSF message.

Clearing the CSF state can be either implicit, time out, or explicit, requiring the client to send the PDU with the clear indicator (011 – DCI – Client defect clear indication). The receiving node uses the multiplier option to determine how to clear the CSF condition. When the multiplier is configured as non-zero (in increments of half seconds between 2 and 30) the CSF is cleared when CSF PDUs have not been received for that duration. A multiplier value of 0 means that the peer that has generated the CSF must send the 011 – DCI flags. There is no timeout condition.

Service-based MEP supports the reception of the ETH-CSF as an additional trigger for the fault propagation process. Primary VLAN and Virtual MEPs do not support the processing of the CSF PDU. CSF is transparent to MIPs. There is no support for the transmission of ETH-CSF packets on any MEP.

3.4.11. ITU-T Y.1731 Test (ETH-TST)

Ethernet test provides a MEP with the ability to send an in-service on-demand function to test connectivity between two MEPs. The test is generated on the local MEP and the results are verified on the destination MEP. Any ETH-TST packet generated that exceeds the MTU is silently dropped by the lower level processing of the node.

Specific configuration information required by a MEP to support ETH-test is the following:

A MIP is transparent to the frames with ETH-Test information and does not require any configuration information to support ETH-Test functionality.

Both nodes require the eth-test function to be enabled in order to successfully execute the test. Since this is a dual-ended test, initiate on sender with results calculated on the receiver, both nodes need to be check to see the results.

3.4.12. ITU-T Y.1731 One-Way Delay Measurement (ETH-1DM)

One-way delay measurement provides a MEP with the ability to check unidirectional delay between MEPs. An ETH-1DM packet is timestamped by the generating MEP and sent to the remote node. The remote node timestamps the packet on receipt and generates the results. The results, available from the receiving MEP, indicate the delay and jitter. Jitter, or delay variation, is the difference in delay between tests. This means the delay variation on the first test is not valid. It is important to ensure that the clocks are synchronized on both nodes to ensure the results are accurate. NTP can be used to achieve a level of clock synchronization between the nodes.

Note: Accuracy relies on the nodes ability to timestamp the packet in hardware, and the support of PTP for clock sync.

3.4.13. ITU-T Y.1731 Two-Way Delay Measurement (ETH-DMM)

Two-way delay measurement is similar to one-way delay measurement except it measures the round trip delay from the generating MEP. In this case, clock synchronization issues do not influence the round-trip test results because four timestamps are used. This allows the time it takes for the remote node to process the frame to be removed from the calculation, and as a result, clock variances are not included in the results. The same consideration for first test and hardware based time stamping stated for one-way delay measurement are applicable to two-way delay measurement.

Delay can be measured using one-way and two-way on demand functions. The two-way test results are available single-ended, test initiated, calculation and results viewed on the same node. There is no specific configuration under the MEP on the SAP in order to enable this function. An example of an on demand test and results are below. The latest test result is stored for viewing. Further tests overwrite the previous results. Delay Variation is only valid if more than one test has been executed.

3.4.14. ITU-T Y.1731 Synthetic Loss Measurement (ETH-SLM)

Note: Release 9.0 R1 uses pre-standard OpCodes and does not interoperate with any other release or future release.

This synthetic loss measurement approach is a single-ended feature that allows the operator to run on-demand and proactive tests to determine “in”, “out” loss and “unacknowledged” packets. This approach can be used between peer MEPs in both point to point and multipoint services. Only remote MEP peers within the association and matching the unicast destination respond to the SLM packet.

The specification uses various sequence numbers in order to determine in which direction the loss occurred. Nokia has implemented the required counters to determine loss in each direction. In order to properly use the information that is gathered the following terms are defined:

The per probe specific loss indicators are available when looking at the on-demand test runs, or the individual probe information stored in the MIB. When tests are scheduled by Service Assurance Application (SAA) the per probe data is summarized and per probe information is not maintained. Any “unacknowledged” packets are recorded as “in-loss” when summarized.

The on-demand function can be executed from CLI or SNMP. The on demand tests are meant to provide the carrier a means to perform on the spot testing. However, this approach is not meant as a method for storing archived data for later processing. The probe count for on demand SLM has a range of one to 100 with configurable probe spacing between one second and ten seconds. This means it is possible that a single test run can be up to 1000 seconds in length. Although possible, it is more likely the majority of on demand case are run up to 100 probes or less at a one second interval. A node may only initiate and maintain a single active on demand SLM test at any given time. A maximum of one storage entry per remote MEP is maintained in the results table. Subsequent runs to the same peer overwrite the results for that peer. This means when using on demand testing the test should be run and the results checked prior to starting another test.

The proactive measurement functions are linked to SAA. This backend provides the scheduling, storage and summarization capabilities. Scheduling may be either continuous or periodic. It also allows for the interpretation and representation of data that may enhance the specification. As an example, an optional TLV has been included to allow for the measurement of both loss and delay/jitter with a single test. The implementation does not cause any interoperability because the optional TLV is ignored by equipment that does not support this. In mixed vendor environments loss measurement will continue to be tracked but delay and jitter only reports round trip times. It is important to point out that the round trip times in this mixed vendor environment include the remote nodes processing time because only two time stamps are included in the packet. In an environment where both nodes support the optional TLV to include time stamps unidirectional and round trip times are reported. Since all four time stamps are included in the packet, the round trip time in this case does not include remote node processing time. Of course, those operators that wish to run delay measurement and loss measurement at different frequencies are free to run both ETH-SL and ETH-DM functions. ETH-SL is not replacing ETH-DM. Service Assurance is only briefly discussed here to provide some background on the basic functionality.

The ETH-SL packet format contains a test-id that is internally generated and not configurable. The test-id is visible for the on demand test in the display summary. It is possible a remote node processing the SLM frames receive overlapping test-ids as a result of multiple MEPs measuring loss between the same remote MEP. For this reason, the uniqueness of the test is based on remote MEP-ID, test-id and source MAC of the packet.

ETH-SL is applicable to up and down MEPs and as per the recommendation transparent to MIPs. There is no coordination between various fault conditions that could impact loss measurement. This is also true for conditions where MEPs are placed in shutdown state as a result of linkage to a redundancy scheme like MC-LAG. Loss measurement is based on the ETH-SL and not coordinated across different functional aspects on the network element. ETH-SL is supported on service based MEPs.

It is possible that two MEPs may be configured with the same MAC on different remote nodes. This causes various issues in the FDB for multipoint services and is considered a misconfiguration for most services. It is possible to have a valid configuration where multiple MEPs on the same remote node have the same MAC. In fact, this is somewhat likely. Only the first responder is used to measure packet loss. The second responder is dropped. Since the same MAC for multiple MEPs is only truly valid on the same remote node.

There is no way for the responding node to understand when a test is completed. For this reason a configurable inactivity-timer determines the length of time a test is valid. The timer maintains an active test as long as it is receiving packets for that specific test, defined by the test-id, remote MEP Id and source MAC. When there is a gap between the packets that exceeds the inactivity timer value, the responding node releases the index in the table and responds with a sequence number of 1, regardless of the sequence number sent by the instantiating node. Expiration of this timer causes the reflecting peer to expire the previous test. Packets that follow the expiration of a text are viewed as a new test. The default for the inactivity-timer is 100 second and has a range of ten to 100 seconds.

Only the configuration is supported by HA. There is no synchronization of data between active and standby. Any unwritten, or active tests are lost during a switchover and the data is not recoverable.

ETH-SL provides a mechanism for operators to pro-actively trend packet loss.

3.4.15. ITU-T Y.1731 Frame Loss Measurement (ETH-LMM)

The Ethernet Frame Loss Measurement allows the collection of frame counters in order to determine the unidirectional frame loss between point-to-point ETH-CFM MEP peers. This measurement does not count its own PDU in order to determine frame loss. The ETH-LMM protocol PDU includes four counters which represent the data sent and received in each direction: Transmit Forward (TxFCf), Receive Forward (RxFCf), Transmit Backward (TxFCb) and the Receive Backward (RxFCb).

The ETH-LMM protocol is designed specifically for point-to-point connections. It is impossible for the protocol to accurately report loss if the point-to-point relationship is broken; for example, if a SAP or MPLS binding receives data from multiple peers, as can be the case in VPLS deployments, this protocol would not be reliable indicator of frame loss.

The loss differential between transmit and receive is determined the first time an LMM PDU is sent. Each subsequent PDU for a specific test performs a computation of differential loss from that epoch. Each processing cycle for an LMR PDU determines if there is a new maximum or minimum loss window, adds any new loss to the frame loss ratio computation, and updates the four raw transmit and receive counters. The individual probe results are not maintained; these results are only used to determine a new minimum or maximum. A running total of all transmit and receive values is used to determine the average Frame Loss Ratio (FLR) at the completion of the measurement interval. The data set includes the protocol information in the opening header, followed by the frame counts in each direction, and finally the FLR percentages.

The user must understand the caveats of service before selecting this method of loss measurement. Statistics are maintained per forwarding complex. Multiple path environments may spread frames between the same two peers across different forwarding complexes (for example, link aggregation groups). The ETH-LMM protocol has no method to rationalize different transmit and receive statistics when there are complex changes or when any statistics are cleared on either of the peer entities. The protocol resynchronizes but the data collected for that measurement interval is invalid. The protocol has no method to determine if the loss is true loss or whether some type of complex switch has occurred or statistics were cleared. Consequently, the protocol cannot use any suspect flag to mark the data as invalid. Higher level systems must coordinate network events and administrative actions that can cause the counters to become non-representative of the service data loss.

Packet reordering also affect frame loss and gain reporting. If there is queuing contention on the local node or if path differences in the network cause interleaved or delayed frames, the counter stamped into the LMM PDU can introduce frame gain or loss in either direction. For example, if the LMM PDU is stamped with the TxFCf counter and the LMM PDU traffic is interleaved, the interleaving cannot be accounted for in the counter and a potential gain is realized in the forward direction. This is because the original counter included as the TxFCf value does not include the interleaved packets and the RxFCf counter on the remote peer includes them. Gains and losses even out over the life of the measurement interval. Absolute values are used for any negative values, per interval or at the end of the measurement interval.

Launching a single-ended test is under the control of the OAM Performance Monitoring (OAM-PM) architecture, and the test adheres to the rules of OAM-PM. The ETH-LMM functionality is only available under the OAM-PM configuration. This feature is not available through interactive CLI or SAA. OAM-PM requires the configuration of a test ID for all OAM-PM tests. The ETH-LMM protocol does not define the necessity for this ID, nor does it carry the 4-byte test ID in the packet. This is for local significance and uniformity with other protocols under the control of the OAM-PM architecture.

Support is included for point-to-point Up and Down Service MEPs and Down Facility MEPs (port, LAG, and base router interfaces). Base router interface accuracy may be affected by the Layer 2 or Layer 3 inter-working functions, routing protocol, ACLs, QoS policies, and other Layer 3 functions that were never meant to be accounted for by an Ethernet frame loss measurement tool. Launch functions require IOM/IMM or later, as well as a SF/CPM3 or later.

Resource contention extends beyond the sharing of common LMM resources used for packet counting and extraction. There is also protocol-level contention. For example, Cflowd cannot be counted or sampled on an entity that is collecting LMM statistics. Collection of statistics per Ethernet SAP, per MPLS SDP binding, or per facility is not enabled by default.

ETH-LMM is not supported in the following models:

QinQ tunnel collection will be the aggregate of all outer VLANs that share the VLAN with the tunnel. If the QinQ is configured to collect LMM statistics, then any service MEP that shares the same VLAN as the QinQ tunnel will be blocked from configuring the respective collect-lmm-stats command. The reverse is also true; if a fully qualified SAP is configured to collect LMM statistics, the QinQ tunnel that shares the outer VLAN will be blocked from configuring the respective collect-lmm-stats command.

QoS models contribute significantly to the accuracy of the LMM counters. If the QoS function is beyond the LMM counting function, it can lead to mismatches in the counter and transmit and receive information.

3.4.15.1. ETH-LMM Single SAP Counter

A single LMM counter per SAP or per MPLS SDP binding or per facility counter is the most common option for deployment of the LMM frame-based counting model. This single counter model requires careful consideration for the counter location. Counter integrity is lost when counting incurs entity conflicts, as is typical in facility MEP and service MEP overlap. The operator must choose one type of facility MEP or the service MEP. If a facility MEP is chosen (Port, LAG, QinQ Tunnel or Base Router Interface) care must be taken to ensure the highest configured MEP performs the loss collection routine.

Configuring loss collection on a lower level MEP will lead to additive gain introduced in both directions. Although the collection statement is not blocked by CLI or SNMP when there are potential conflicts, only one can produce accurate results. The operator must be aware of lower level resource conflicts. For example, a null based service SAP, any default SAP context or SAP that covers the entire port or facility resource, such as sap 1/1/1, will always count the frame base loss counter against the SAP and never the port, regardless of the presences of a MEP or the collect-lmm-stats configuration on the SAP. Resource contention extends beyond the sharing of common resources used for packet counting and extraction.

In order for this feature to function with accurate measurements, the collect-lmm-stats is required under the ETH-CFM context for the Ethernet SAP or MPLS SDP binding or under the MEP in the case of the facility MEP. If this command is not enabled on the launch and reflector, the data in the ETH-LMM and ETH-LMR PDU will not be representative and the data captured will be invalid.

The show>service>sdp-using eth-cfm and show>service>sap-using eth-cfm commands have been expanded to include the collect-lmm-stats option for service based MEPs. The show>eth-cfm>cfm-stack-table facility command has been expanded to include collect-lmm-stats to view all facility MEPs. Using these commands with this new option displays the entities that are currently collecting LMM counter.

The counter will include all frames that are transmitted or received regardless of class of service or discard eligibility markings. Locally transmitted and locally terminated ETH-CFM frames on the peer collecting the statistics will not be included in the counter. However, there are deployment models that will introduce artificial frame loss or gain when the ETH-CFM launch node and the terminating node for some ETH-CFM packets are not the same peers. Figure 53 demonstrates this issue.

Figure 53:  Mismatched LMM Statistical Counters 

3.4.16. ETH-CFM Destination Options

ETH-CFM relies on Ethernet addressing and reachability. ETH-CFM destination addressing may be derived from the Ethernet encapsulation, or may be a target address within the ETH-CFM PDU. Addressing is the key to identifying both the source and the destination management points (MPs).

The SR OS implementation dynamically assigns the MP MAC address using the appropriate pool of available hardware addresses on the network element, which simplifies the configuration and maintenance of the MP. The MP MAC address is tied to the specific hardware element, and its addressing can change when the associated hardware is changed.

The optional mac-address mac-address configuration command can be used to eliminate the dynamic nature of the MEP MAC addressing. This optional configuration associates a configured MAC address with the MEP in place of dynamic hardware addressing. The optional mac-address configuration is not supported for all service types.

ETH-CFM tests can adapt to changing destination MAC addressing by using the remote-mepid mep-id command in place of the unicast statically-configured MAC address. SR OS maintains a learned remote MAC table (visible by using the show>eth-cfm>learned-remote-mac command) for all MEPs that are configured to use ETH-CC messaging. Usually, when the remote-mepid mep-id command is used as part of a supported test function, the test will search the learned remote MAC table for a unicast address that associates the local MEP and the requested remote MEP ID. If a unicast destination address is found for that relationship, it will be used as the unicast destination MAC address.

The learned remote MAC table is updated and maintained by the ETH-CC messaging process. Once an address is learned and recorded in the table, it is maintained even if the remote peer times out or the local MEP is shut down. The address will not be maintained in the table if the remote-mepid statement is removed from the associated context by using the no remote-mepid mep-id command for a peer. The CCM database will clear the peer MAC address and enter an all-0 MAC address for the entry when the peer times out. The learned remote MAC table will maintain the previously learned peer MAC address. If an entry must be deleted from the learned remote MAC table, the clear>learned-remote-mac [mep mep-id [remote-mepid mep-id]] domain md-index association ma-index command can be used. Deleting a local MEP will remove the local MEP and all remote peer relationships, including the addresses previously stored in the learned remote MAC table.

The individual ETH-CFM test scheduling functions that use the remote-mepid mep-id option have slightly different operational behaviors.

Global interactive CFM tests support the remote-mepid mep-id option as an alternative to mac-address. A test will only start if a learned remote MAC table contains a unicast MAC address for the remote peer, and will run to completion with that MAC address. If the table does not contain the required unicast entry associated with the specified remote MEP ID, the test will fail to start.

SAA ETH-CFM test types support the remote-mepid mep-id option as an alternative to mac-address. If, at the scheduled start of the individual run, the learned remote MAC table contains a unicast learned remote MAC address for the remote peer, the test will run to completion with the initial MAC address. If the table does not contain the required entry, the test will terminate after the lesser window of either the full test run or 300 s. A run that cannot successfully determine a unicast MAC address will designate the last test result as “failed”. If a test is configured with the continuous configuration option, it will be rescheduled; otherwise, the test will not be rescheduled.

OAM-PM Ethernet test families, specifically DMM, SLM, and LMM, support the remote-mepid mep-id option as an alternative to the dest-mac ieee-address configuration. If the learned remote MAC table contains a unicast learned remote MAC address for the remote peer, the test will use this MAC address as the destination. OAM-PM will adapt to changes for MAC addressing during the measurement interval when the remote-mepid mep-id option is configured. It should be expected that the measurement interval will include update-induced PM errors during the transition. If the table does not contain the required entry, the test will not attempt to transmit test PDUs, and will present the “Dest Remote MEP Unknown” detectable transmission error.

3.4.17. ITU-T Y.1731 Ethernet Bandwidth Notification (ETH-BN)

The Ethernet Bandwidth Notification (ETH-BN) function is used by a server MEP to signal changes in link bandwidth to a client MEP.

This functionality is for point-to-point microwave radios to modify the downstream traffic rate toward the microwave radio to match its microwave link rate. When a microwave radio uses adaptive modulation, the capacity of the radio can change based on the condition of the microwave link. For example, in adverse weather conditions that cause link degradation, the radio can change its modulation scheme to a more robust one (which will reduce the link bandwidth) to continue transmitting. This change in bandwidth is communicated from the server MEP on the radio, using ETH-BNM (Ethernet Bandwidth Notification Message), to the client MEP on the connected router. The server MEP transmits periodic frames with ETH-BN information including the interval, the nominal, and currently available bandwidth. A port MEP with the ETH-BN feature enabled will process the information contained in the CFM PDU and the associated port egress rate can be modified appropriately to adjust the rate of traffic sent to the radio.

A port MEP, that is not a LAG member port, supports the client side reception and processing of the ETH-BN CFM PDU sent by the server MEP. By default, processing is disabled. The config>port>ethernet>eth-cfm>mep>eth-bn>no receive CLI command sets the ETH-BN processing state on the port MEP. A port MEP supports untagged packet processing of ETH-CFM PDUs at domain levels zero (0) and one (1) only. The port client MEP sends the ETH-BN rate information received to be applied to the port egress rate in a QoS update. A pacing mechanism limits the number of QoS updates sent. The config>port>ethernet>eth-cfm>mep>eth-bn>rx-update-pacing CLI command allows the updates to be paced using a configurable range of one (1) to 600 seconds (the default is five seconds). The pacing timer begins to countdown following the most recent QoS update sent to the system for processing. When the timer expires, the most recent update that arrived from the server MEP is compared to the most recent value sent for system processing. If the value of the current bandwidth is different than the previously processed value, the update is sent and the process begins again. Updates with a different current bandwidth that arrive when the pacing timer has already expired are not be subject to a timer delay. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Interface Configuration Guide for more information on these commands.

A complimentary QoS configuration is required to allow the system to process nominal bandwidth updates from the CFM engine. The config>port>ethernet>no eth-bn-egress-rate-changes CLI command is required to enable the QoS function to update the port egress rates based on the current available bandwidth updates from the CFM engine. By default, the function is disabled.

Both the CFM and the QoS functions must be enabled for the changes in current bandwidth to dynamically update the egress rate.

When the MEP enters a state that prevents it from receiving the ETH-BNM, the current bandwidth last sent for processing is cleared and the egress rate reverts to the configured rate. Under these conditions, the last update cannot be guaranteed as current. Explicit notification is required to dynamically update the port egress rate. The following types of conditions lead to ambiguity:

If the eth-bn-egress-rate-changes is disabled using the no option, CFM continues to send updates, but the updates are held without affecting the port egress rate.

The ports supporting ETH-BN MEPs can be configured for network, access, or hybrid modes. When ETH-BN is enabled on a port MEP and the config>port>ethernet>eth-cfm>mep>eth-bn>receive and the QoS config>port>ethernet>eth-bn-egress-rate-changes contexts are configured, the egress rate is dynamically changed based on the current available bandwidth indicated by the ETH-BN server.

The port egress rate is capped by the minimum of the configured egress-rate and the maximum port rate and the minimum egress rate is one kbyte. If a current bandwidth of zero is received, it does not affect the egress port rate and the previously processed current bandwidth will continue to be used.

The client MEP requires explicit notification of changes to update the port egress rate. The system does not timeout any previously-processed current bandwidth rates using a timeout condition. The specification does allow a timeout of the current bandwidth if a frame has not been received in 3.5 times the ETH-BNM interval. However, the implicit approach can lead to misrepresented conditions and has not been implemented.

When starting or restarting the system, the configured egress rate is used until a ETH-BNM arrives on the port with a new bandwidth request from the ETH-BN server MEP.

An event log is generated each time the egress rate is changed based on reception of a BNM. If a BNM is received that does not result in a bandwidth change, no event log is generated.

The destination MAC address can be a Class 1 multicast MAC address (that is, 01-80-C2-00-0x) or the MAC address of the port MEP configured. Standard CFM validation and identification must be successful to process any CFM PDU.

For information on the eth-bn-egress-rate-changes command, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Interface Configuration Guide.

The PDU used for ETH-BN information is called the Bandwidth Notification Message (BNM). It is a sub-OpCode within the Ethernet Generic Notification Message (ETH-GNM).

Table 13 shows the BNM PDU format fields.

The show eth-cfm mep eth-bandwidth-notification display output includes the ETH-BN values received and extracted from the PDU, including a last reported value and the pacing timer. If the n/a value appears in the field, it means that field has not been processed.

The base show eth-cfm mep output is expanded to include the disposition of the ETH-BN receive function and the configured pacing timer.

The show port port-id detail is expanded to include and Ethernet Bandwidth Notification Message Information section. This section includes the ETH-BN Egress Rate disposition and the current Egress BN rate being used.

3.8.1. CFM Connectivity Fault Conditions

CFM MEP declares a connectivity fault when its defect flag is equal to or higher than its configured lowest defect priority. The defect can be any of the following depending on configuration:

The following additional fault condition applies to Y.1731 MEPs:

Setting the lowest defect priority to allDef may cause problems when fault propagation is enabled in the MEP. In this scenario, when MEP A sends CCM to MEP B with interface status down, MEP B will respond with a CCM with RDI set. If MEP A is configured to accept RDI as a fault, then it gets into a dead lock state, where both MEPs will declare fault and never be able to recover. The default lowest defect priority is DefMACstatus. In general terms, when a MEP propagates fault to a peer the peer receiving the fault must not reciprocate with a fault back to the originating MEP with a fault condition equal to or higher than the originating MEP low-priority-defect setting. It is also very important that different Ethernet OAM strategies should not overlap the span of each other. In some cases, independent functions attempting to perform their normal fault handling can negatively impact the other. This interaction can lead to fault propagation in the direction toward the original fault, a false positive, or worse, a deadlock condition that may require the operator to modify the configuration to escape the condition. For example, overlapping Link Loss Forwarding (LLF) and ETH-CFM fault propagation could cause these issues.

3.8.2. CFM Fault Propagation Methods

When CFM is the OAM module at the other end, it is required to use any of the following methods (depending on local configuration) to notify the remote peer:

For using AIS for fault propagation, AIS must be enabled for the MEP. The AIS configuration needs to be updated to support the MD level of the MEP (currently it only supports the levels above the local MD level).

Note that the existing AIS procedure still applies even when fault propagation is disabled for the service or the MEP. For example, when a MEP loses connectivity to a configured remote MEP, it generates AIS if it is enabled. The new procedure that is defined in this document introduces a new fault condition for AIS generation, fault propagated from SMGR, that is used when fault propagation is enabled for the service and the MEP.

The transmission of CCM with interface status TLV is triggered and does not wait for the expiration of the remaining CCM interval transmission. This rule applies to CFM fault notification for all services.

For a specific SAP and SDP-binding, CFM and SMGR can only propagate one single fault to each other for each direction (up or down).

When there are multiple MEPs (at different levels) on a single SAP and SDP-binding, the fault reported from CFM to SMGR will be the logical OR of results from all MEPs. Basically, the first fault from any MEP will be reported, and the fault will not be cleared as long as there is a fault in any local MEP on the SAP and SDP-binding.

3.8.3. Epipe Services

Down and up MEPs are supported for Epipe services as well as fault propagation. When there are both up and down MEPs configured in the same SAP and SDP-binding and both MEPs have fault propagation enabled, a fault detected by one of them will be propagated to the other, which in turn will propagate fault in its own direction.

3.8.4. CFM Detected Fault

When a MEP detects a fault and fault propagation is enabled for the MEP, CFM needs to communicate the fault to SMGR, so SMGR will mark the SAP or SDP-binding faulty but still oper up. CFM traffic can still be transmitted to or received from the SAP and SDP-binding to ensure when the fault is cleared, the SAP will go back to normal operational state. Since the operational status of the SAP and SDP-binding is not affected by the fault, no fault handling is performed. For example, applications relying on the operational status are not affected.

If the MEP is an up MEP, the fault is propagated to the OAM components on the same SAP or SDP binding; if the MEP is a down MEP, the fault is propagated to the OAM components on the mate SAP or SDP-binding at the other side of the service.

3.8.5. Ipipe Services

3.8.5.1. CFM Detected Fault

Deployment of solutions that include legacy to Ethernet aggregation should involve fault inter-working consideration. Protocols like Frame Relay propagate fault using the Local Management Interface (LMI). However, other protocols do not include a dedicated management interface over which to indicate fault. PPP, MLPPP and Cisco HDLC must use a different mechanism to communicate fault between the two different connection types.

The eth-legacy-fault-notification option and the associated parameters along with Ethernet CFM fault propagation on the Ethernet SAP MEP must be enabled in order to properly inter-work the Ethernet and PPP, MLPPP or Cisco HDLC connections. Figure 54 shows the various high level functions that inter-work Ethernet aggregation and legacy interfaces using point to point Ipipe services.

Figure 54:  Fault Propagation Model 

In general the Ipipe service requires the ce-address information to be learned or manually configured as part of the Ethernet SAP object before the legacy interface connection can be established. IPv6 includes an optimization that uses the Link Local IPv6 address to start the legacy negotiation process and does not require the ce-addressing described previously. This IPv6 optimization does not align well with fault inter-working functions and is disabled when the eth-legacy-fault-notification function is enabled.

Fault propagation is not active from the Ethernet SAP to the legacy connection if the ce-address information for the Ethernet SAP has not been learned or configured. If both IPv4 and IPv6 are configured, each protocol will require ce-addressing to be learned or configured enabling fault inter-working for that protocol. Once the ce-address has been learned or configured for that protocol, fault inter-working will be active for that protocol. If either IPv4 or IPv6 ce-addressing from the Ethernet SAP is resident, the access legacy SAP will be operational. The NCP layer will indicate which unique protocol is operational. Fault propagation toward the Ethernet SAP from the legacy connection will still be propagated even if the ce-address is not resident within the Ipipe under the following conditions; if any SAP or the Service is shutdown, or the legacy SAP is not configured.

The learned Ethernet ce-address is a critical component in Ipipe service operation and fault propagation. In order to maintain the address information the keep option must be configured as part of the ce-address-discovery command. If the keep command is not configured, the address information is lost when the Ethernet SAP transitions to a non-operational state. When the address information is flushed, the Ipipe service will propagate the fault to the legacy PPP, MLPPP and Cisco HDLC connections. The lack of the ce-addressing on the Ethernet SAPs may cause a deadlock condition that requires operator intervention to resolve the issue. The keep command must be configured when the eth-legacy-fault-notification functionality is enabled with PPP, MLPPP and Cisco HDLC legacy interfaces, and fault propagation is required using this type of aggregation deployment. The keep option is specific to and only supported when eth-legacy-fault-notification is configured. If the keep option is configured as part of the ce-address-discovery command, the eth-legacy-fault-propagation cannot be removed. Configuration changes to the ce-address-discovery command may affect the stored ce-address information. For example, if the eth-legacy-fault-notification ipv6 keep is changed to ce-address-discovery keep, the stored IPv6 ce-address information is flushed. If the keep option is removed, all discovered ce-address information is flushed if the SAP is operationally down.

The ce-address stored in the Ipipe service as part of the discovery process will be updated if a new ARP arrives from the layer three device connected to the Ethernet SAP. If the layer three device connected to the Ethernet SAP does not send an ARP to indicate the addressing information has been changed, the ce-address stored locally as part of the previous discovery function will be maintained. If changes are made to the layer three device connected to the Ethernet SAP that would alter the ARP information and that device does not generate an ARP packet, or the Ipipe inter-working device does not receive the ARP packet, for example, the Ethernet SAP is admin down for IPv4, or the service is operationally down for IPv6, the stored ce-address retained by the Ipipe as a result of the keep operation will be stale. This stale information will result in a black hole for service traffic. The clear service id service-id arp can be used to flush stale ARP information. This will not solicit a arp from a peer.

The keep option will not maintain the ce-address information when the Ethernet SAP is administratively shutdown or when the node reboots.

Once all the ce-addressing has been populated in the Ipipe the legacy interfaces establishment will commence. The successful establishment of these connections will render the Ipipe service functional. Legacy connection faults and Ethernet SAP faults may now be propagated.

Should the Ethernet SAP enter a non-operational state as a result of a cable or validation protocol (ETH-CCM), the fault will be inter-worked with the specific legacy protocol. Ethernet faults will inter-work with the legacy interfaces in the following manner:

1. PPP: LCP and all NCPs will be shutdown and a terminate-request sent to the far-end.
2. MLPPP: LCP will remain operational but the NCP will be shutdown
3. HDLC: Suspension of the keepalive messages. The keepalive interval will influence the recovery time. If the recovery timer (discussed later) is equal to the keepalive interval, recovery of the legacy interface recovery may occur after a fault is propagated toward the Ethernet network.
4. Frame Relay (does not include support for the eth-legacy-fault-propagation): Signal using LMI messaging

As previously stated, inter-working faults on the legacy connection with the Ethernet infrastructure requires a Down MEP with CCM-enabled configured on the Ethernet SAP with fault-propagation enabled. There are two different methods to propagate fault from a CCM-enabled MEP; use-int-tlv or suspend-ccm. The use-int-tlv approach will cause the CCM message to include the Interface Status TLV with a value of is Down. This will raise a defMACStatus priority error on the peer MEP. The suspend-ccm approach will cause the local MEP to suspend transmissions of the CCM messages to the peer MEP. This will raise a defRemoteCCM timeout condition on the peer. The peer must accept these notifications and processes these fault conditions on the local MEP. When the MEP receives these errors, it must not include a defect condition in the CCM messages it generates that is above the peers low-priority-defect setting. In standard operation, the MEP receiving the error should only set the RDI bit in the CCM header. If the MEP improperly responds with a defect condition that is higher than the low-priority-defect of the MEP that had generated the initial fault then a deadlock condition will occur and operator intervention will be required. The two CFM propagation methods and the proper responses are shown in Figure 55.

Figure 55:  Fault Propagation from Legacy to Ethernet 

From a protocol (NCP) perspective, PPP and MLPPP connections have a micro view. Those connections understand the different protocols carried over the PPP and MLPPP connections, and individual protocol errors that can occur. The Ethernet SAP has a macro view without this layer three understanding. When the dual stack IPv4 and IPv6 is deployed, fault can only be propagated from the legacy connection toward the associated Ethernet SAP if both protocols fail on the PPP or MLPPP. If either of the protocols are operational then PPP or MLPPP will not propagate fault in the direction of the Ethernet connection.

Ethernet connection faults are prioritized over legacy faults. When an Ethernet fault is detected, any fault previously propagated from the PPP, MLPPP or Cisco HDLC will be squelched in favor of the higher priority Ethernet SAP failure. All legacy fault conditions, including admin port down, will in turn be dismissed for the duration of the Ethernet fault and will not be rediscovered until the expiration of the recovery-timer. This configurable timer value is the amount of time the process waits to allow the legacy connections to recover and establish following the clearing of the Ethernet fault. If the timer value is too short then false positive propagation will occur from the legacy side to the Ethernet connection. If the timer value is too long then secondary legacy faults will not be propagated to the associated Ethernet SAP for an extended period of time, delaying the proper state on the layer three device connected to the Ethernet SAP. Any packets arriving on the Ethernet SAP will be dropped until the legacy connection has recovered. As soon as the legacy connection recovers forwarding across the Ipipe will occur regardless of the amount of time remaining for the recovery timer. Operators are required to adjust this timer value to their specific network requirements. If the timer adjustment is made while the service is active, the new timer will replace the old value and the new value will start counting down when called.

If the eth-legacy-fault-notification command is disabled from an active Ipipe service then any previously reported fault will be cleared and the recovery-timer will be started. If the eth-legacy-fault-notification command is added to an active Ipipe service, the process will check for outstanding faults and take the appropriate action.

Cisco HDLC behavior must be modified in order to better align with the fault inter-working function. In order to enable the eth-legacy-fault-notification, keepalives must be enabled. The following describes the new behavior for the Cisco HDLC port:

1. Operationally up if it is receiving keepalives and has physical link (same behavior in either case)
2. Operationally up if keepalives are disabled locally and has physical link (irrelevant for this feature because keepalives must be enabled). This is included for completeness.
3. Operationally down when no keepalives are received and keepalives are locally enabled (same behavior in either case)
4. Operationally down when there is no physical port (same behavior in either case)
5. Operationally Down if it is part of a SAP but there no ce-address and has physical link (altered behavior)
6. Operationally Down if it is part of a SAP but the SAP is shutdown and has physical link (altered behavior)
7. Operationally Down if it is part of a SAP and the service is shutdown and has physical link (altered behavior)

The show service command has been expanded to include the basic Ethernet Legacy Fault Notification information and the specific SAP configuration.

The “Eth Legacy Fault Notification” section displays the configured recovery-timer value and whether the eth-legacy-fault-notification is active “Admin State: inService” (no shutdown) or inactive “Admin State: outOfService” (shutdown).

The “Ipipe SAP Configuration Information” displays the current Ethernet fault propagated to the associated legacy connection state; “Legacy Fault Notify”: False indicates no fault is currently being propagated and True indicates fault is currently being propagated. The “Recvry Timer Rem” is used to show the amount of time remaining before the recovery timer expires. A time in seconds will only be displayed for this parameter if an Ethernet fault has cleared and the recovery timer is currently counting down to 0.0 seconds.

A number of examples have been included using the service configuration below to demonstrate the various conditions. Many of the display commands have been trimmed in an effort to present feature relevant information.

configure service ipipe 201 name "XYZ Ipipe 201" create 

            description "IPIPE_PPP"

            service-mtu 1514

            eth-legacy-fault-notification

                recovery-timer 300

                no shutdown

            exit

            ce-address-discovery ipv6 keep

            sap 1/1/4:21 create

                description "Default sap description for service id 201"

                eth-cfm

                    mep 22 domain 1 association 45 direction down

                        fault-propagation-enable use-if-tlv

                        ccm-enable

                        no shutdown

                    exit

                exit

            exit

            sap 2/2/1.1.2.1 create

                description "Default sap description for service id 201"

            exit

            no shutdown

The following output is an example of a service fully operational with no faults.

show service id 201 all 

===============================================================================

Service Detailed Information

===============================================================================

Service Id        : 201                 Vpn Id            : 201

Service Type      : Ipipe

Name              : XYZ Ipipe 201

Description       : IPIPE_PPP

Customer Id       : 1                   Creation Origin   : manual

Last Status Change: 01/07/2015 15:07:54

Last Mgmt Change  : 01/07/2015 15:07:53

Admin State       : Up                  Oper State        : Up

MTU               : 1514

Vc Switching      : False

SAP Count         : 2                   SDP Bind Count    : 0

CE IPv4 Discovery : Enabled             Keep address      : Yes

CE IPv6 Discovery : Enabled             Stack Cap Sig     : Disabled

 

Eth Legacy Fault Notification

-------------------------------------------------------------------------------

Recovery Timer    : 30.0 secs           Admin State       : inService

-------------------------------------------------------------------------------

ETH-CFM service specifics

-------------------------------------------------------------------------------

Tunnel Faults     : ignore

-------------------------------------------------------------------------------

Service Destination Points(SDPs)

-------------------------------------------------------------------------------

No Matching Entries

-------------------------------------------------------------------------------

Service Access Points

-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

SAP 1/1/4:21

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 1/1/4:21                 Encap             : q-tag

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : None

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:07:53

Last Mgmt Change   : 01/07/2015 15:07:52

Sub Type           : regular

Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1518                     Oper MTU          : 1518

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

Q Frame-Based Acct : Disabled                 Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Disabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

ETH-CFM SAP specifics

-------------------------------------------------------------------------------

Tunnel Faults      : n/a                      AIS               : Disabled

MC Prop-Hold-Timer : n/a

Squelch Levels     : None

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 32.32.32.1

SAP MAC Address    : fe:ed:01:01:00:04        Mac Refresh Inter*: 14400

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

32.32.32.1                              fe:4e:01:01:00:03 dynamic

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

fe80::fc2e:ffff:fe00:0                  fe:4e:01:01:00:03 dynamic

3ffe::2020:2001                         fe:4e:01:01:00:03 dynamic

 

. . . snip . . .

 

-------------------------------------------------------------------------------

Eth-Cfm MEP Configuration Information

-------------------------------------------------------------------------------

Md-index           : 1                        Direction         : Down

Ma-index           : 45                       Admin             : Enabled

MepId              : 22                       CCM-Enable        : Enabled

IfIndex            : 35782656                 PrimaryVid        : 21

Description        : (Not Specified)

FngAlarmTime       : 0                        FngResetTime      : 0

FngState           : fngReset                 ControlMep        : False

LowestDefectPri    : macRemErrXcon            HighestDefect     : none

Defect Flags       : None

Mac Address        : fe:ed:01:01:00:04        Collect LMM Stats : disabled

CcmLtmPriority     : 7                        CcmPaddingSize    : 0 octets

CcmTx              : 471                      CcmSequenceErr    : 0

CcmIgnoreTLVs      : (Not Specified)

Fault Propagation  : useIfStatusTLV           FacilityFault     : n/a

MA-CcmInterval     : 1                        MA-CcmHoldTime    : 0ms

MA-Primary-Vid     : Disabled

Eth-1Dm Threshold  : 3(sec)                   MD-Level          : 1

Eth-Ais            : Disabled

Eth-Ais Tx defCCM  : allDef

Eth-Tst            : Disabled

Eth-CSF            : Disabled

 

Redundancy:

    MC-LAG State   : n/a

LbRxReply          : 0                        LbRxBadOrder      : 0

LbRxBadMsdu        : 0                        LbTxReply         : 0

LbSequence         : 1                        LbNextSequence    : 1

LtRxUnexplained    : 0

* indicates that the corresponding row element may have been truncated.

-------------------------------------------------------------------------------

SAP 2/2/1.1.2.1

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 2/2/1.1.2.1              Encap             : ipcp

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : None

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:08:03

Last Mgmt Change   : 01/07/2015 15:07:54

Sub Type           : regular

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1600                     Oper MTU          : 1600

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

                                              Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Enabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 0.0.0.0

Legacy Fault Notify: False                    Recvry Timer Rem  : 0.0 secs

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv4 ARP entries

 

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

fe80::13:9295:9ba:5e2                                     dynamic

 

. . . snip . . . 

 

show port 2/2/1.1.2.1 

===============================================================================

TDM DS0 Chan Group

===============================================================================

Description        : DS0GRP

Interface          : 2/2/1.1.2.1

TimeSlots          : 2-32

Speed              : 64                      CRC                  : 16

Admin Status       : up                      Oper Status          : up

BER SF Link Down   : disabled

Last State Change  : 01/07/2015 15:08:09     Chan-Grp IfIndex     : 608206967

Configured Address : fe:ee:02:02:00:01

Hardware Address   : fe:ee:02:02:00:01

 

Configured mode    : access                  Encap Type           : ipcp

Admin MTU          : 1600                    Oper MTU             : 1600

Scramble           : false

Physical Link      : yes                     Bundle Number        : none

Idle Cycle Flags   : flags                   Load-balance-algo    : Default

Payload Fill Type  : n/a                     Payload Pattern      : N/A

Signal Fill Type   : n/a                     Signal Pattern       : N/A

Ing. Pool % Rate   : 100                     Egr. Pool % Rate     : 100

Egr. Sched. Pol    : N/A

===============================================================================

===============================================================================

Traffic Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Octets                                            117200                 246356

Packets                                              983                   1004

Errors                                                 0                      0

===============================================================================

Port Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Packets                                              983                   1004

Discards                                               0                      0

Unknown Proto Discards                                 0

===============================================================================

 

show port 2/2/1.1.2.1 ppp 

===============================================================================

PPP Protocols for 2/2/1.1.2.1

===============================================================================

Protocol  State         Last Change         Restart Count   Last Cleared

-------------------------------------------------------------------------------

lcp       opened        01/07/2015 15:08:08          1      01/07/2015 15:07:22

ipcp      opened        01/07/2015 15:08:08          1      01/07/2015 15:07:22

mplscp    initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

bcp       initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

osicp     initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

ipv6cp    opened        01/07/2015 15:08:20          1      01/07/2015 15:07:22

===============================================================================

===============================================================================

PPP Statistics

===============================================================================

Local Mac address  : fe:ee:02:02:00:01  Remote Mac address :

Local Magic Number : 0x7cda9060         Remote Magic Number: 0x23b8f81

Local IPv4 address : 32.32.32.1         Remote IPv4 address: 32.32.32.2

Local IPv6 address : fe80::fc2e:ffff:fe00:0

Remote IPv6 address: fe80::13:9295:9ba:5e2

 

Line Monitor Method: keepalive

 

Keepalive statistics

 

Request interval   : 10           Threshold exceeded : 0

Drop Count         : 3            In packets         : 48

Time to link drop  : 00h00m30s    Out packets        : 48

Last cleared time  : 01/07/2015 15:07:22

 

PPP Header Compression

 ACFC              : Disabled     PFC                : Disabled

===============================================================================

 

show service sap-using

===============================================================================

Service Access Points

===============================================================================

PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr

                                           QoS   Fltr    QoS   Fltr

-------------------------------------------------------------------------------

1/1/4:21                        201        1     none    1     none   Up   Up

2/2/1.1.2.1                     201        1     none    1     none   Up   Up

-------------------------------------------------------------------------------

Number of SAPs : 8 

The same service is used to demonstrate an Ethernet SAP failure condition propagating fault to the associated PPP connection. In this case an ETH-CCM time out has occurred. Only the changes have been highlighted.

The log events below will be specific to the failure type and the protocols involved.

166 2015/01/07 15:18:07.26 UTC MINOR: ETH_CFM #2001 Base

"MEP 1/45/22 highest defect is now defRemoteCCM"

 

167 2015/01/07 15:18:07.31 UTC MINOR: PPP #2004 Base 2/2/1.ds0grp-1.2.1

"Port 2/2/1.ds0grp-1.2.1 ipcp left 'opened' state"

 

168 2015/01/07 15:18:07.31 UTC MINOR: PPP #2004 Base 2/2/1.ds0grp-1.2.1

"Port 2/2/1.ds0grp-1.2.1 ipv6cp left 'opened' state"

 

169 2015/01/07 15:18:07.30 UTC MINOR: PPP #2002 Base 2/2/1.ds0grp-1.2.1

"Port 2/2/1.ds0grp-1.2.1 lcp left 'opened' state"

 

170 2015/01/07 15:18:07.30 UTC WARNING: SNMP #2004 Base 2/2/1.ds0grp-1.2.1

"Interface 2/2/1.ds0grp-1.2.1 is not operational"

 

171 2015/01/07 15:18:07.30 UTC MAJOR: SVCMGR #2210 Base

"Processing of an access port state change event is finished and the status of all a

ffected SAPs on port 2/2/1.1.2.1 has been updated."

 

show service id 201 all

===============================================================================

Service Detailed Information

===============================================================================

Service Id        : 201                 Vpn Id            : 201

Service Type      : Ipipe

Name              : XYZ Ipipe 201

Description       : IPIPE_PPP

Customer Id       : 1                   Creation Origin   : manual

Last Status Change: 01/07/2015 15:07:54

Last Mgmt Change  : 01/07/2015 15:07:53

Admin State       : Up                  Oper State        : Up

MTU               : 1514

Vc Switching      : False

SAP Count         : 2                   SDP Bind Count    : 0

CE IPv4 Discovery : Enabled             Keep address      : Yes

CE IPv6 Discovery : Enabled             Stack Cap Sig     : Disabled

 

Eth Legacy Fault Notification

-------------------------------------------------------------------------------

Recovery Timer    : 30.0 secs           Admin State       : inService

 

-------------------------------------------------------------------------------

ETH-CFM service specifics

-------------------------------------------------------------------------------

Tunnel Faults     : ignore

-------------------------------------------------------------------------------

Service Destination Points(SDPs)

-------------------------------------------------------------------------------

No Matching Entries

-------------------------------------------------------------------------------

Service Access Points

-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

SAP 1/1/4:21

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 1/1/4:21                 Encap             : q-tag

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : OamDownMEPFault

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:07:53

Last Mgmt Change   : 01/07/2015 15:07:52

Sub Type           : regular

Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1518                     Oper MTU          : 1518

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

Q Frame-Based Acct : Disabled                 Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Disabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

ETH-CFM SAP specifics

-------------------------------------------------------------------------------

Tunnel Faults      : n/a                      AIS               : Disabled

MC Prop-Hold-Timer : n/a

Squelch Levels     : None

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 32.32.32.1

SAP MAC Address    : fe:ed:01:01:00:04        Mac Refresh Inter*: 14400

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

32.32.32.1                              fe:4e:01:01:00:03 dynamic

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

fe80::fc2e:ffff:fe00:0                  fe:4e:01:01:00:03 dynamic

3ffe::2020:2001                         fe:4e:01:01:00:03 dynamic

 

. . . snip . . . 

 

-------------------------------------------------------------------------------

Eth-Cfm MEP Configuration Information

-------------------------------------------------------------------------------

Md-index           : 1                        Direction         : Down

Ma-index           : 45                       Admin             : Enabled

MepId              : 22                       CCM-Enable        : Enabled

IfIndex            : 35782656                 PrimaryVid        : 21

Description        : (Not Specified)

FngAlarmTime       : 0                        FngResetTime      : 0

FngState           : fngDefectReported        ControlMep        : False

LowestDefectPri    : macRemErrXcon            HighestDefect     : defRemoteCCM

Defect Flags       : bDefRemoteCCM

Mac Address        : fe:ed:01:01:00:04        Collect LMM Stats : disabled

CcmLtmPriority     : 7                        CcmPaddingSize    : 0 octets

CcmTx              : 650                      CcmSequenceErr    : 0

CcmIgnoreTLVs      : (Not Specified)

Fault Propagation  : useIfStatusTLV           FacilityFault     : n/a

MA-CcmInterval     : 1                        MA-CcmHoldTime    : 0ms

MA-Primary-Vid     : Disabled

Eth-1Dm Threshold  : 3(sec)                   MD-Level          : 1

Eth-Ais            : Disabled

Eth-Ais Tx defCCM  : allDef

Eth-Tst            : Disabled

Eth-CSF            : Disabled

 

Redundancy:

    MC-LAG State   : n/a

LbRxReply          : 0                        LbRxBadOrder      : 0

LbRxBadMsdu        : 0                        LbTxReply         : 0

LbSequence         : 1                        LbNextSequence    : 1

LtRxUnexplained    : 0

* indicates that the corresponding row element may have been truncated.

 

-------------------------------------------------------------------------------

SAP 2/2/1.1.2.1

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 2/2/1.1.2.1              Encap             : ipcp

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : PortOperDown

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:08:03

Last Mgmt Change   : 01/07/2015 15:07:54

Sub Type           : regular

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1600                     Oper MTU          : 1600

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

                                              Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Enabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 0.0.0.0

Legacy Fault Notify: True                     Recvry Timer Rem  : 0.0 secs

 

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv4 ARP entries

 

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv6 Neighbor entries

 

. . . snip . . .

 

show port 2/2/1.1.2.1

===============================================================================

TDM DS0 Chan Group

===============================================================================

Description        : DS0GRP

Interface          : 2/2/1.1.2.1

TimeSlots          : 2-32

Speed              : 64                      CRC                  : 16

Admin Status       : up                      Oper Status          : down

BER SF Link Down   : disabled

Last State Change  : 01/07/2015 15:18:07     Chan-Grp IfIndex     : 608206967

Configured Address : fe:ee:02:02:00:01

Hardware Address   : fe:ee:02:02:00:01

 

Configured mode    : access                  Encap Type           : ipcp

Admin MTU          : 1600                    Oper MTU             : 1600

Scramble           : false

Physical Link      : yes                     Bundle Number        : none

Idle Cycle Flags   : flags                   Load-balance-algo    : Default

Payload Fill Type  : n/a                     Payload Pattern      : N/A

Signal Fill Type   : n/a                     Signal Pattern       : N/A

Ing. Pool % Rate   : 100                     Egr. Pool % Rate     : 100

Egr. Sched. Pol    : N/A

===============================================================================

===============================================================================

Traffic Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Octets                                            117764                 247052

Packets                                             1025                   1034

Errors                                                 0                      0

===============================================================================

Port Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Packets                                             1025                   1034

Discards                                               0                      0

Unknown Proto Discards                                 0

===============================================================================

*A:Dut-B# show port 2/2/1.1.2.1 ppp

 

===============================================================================

PPP Protocols for 2/2/1.1.2.1

===============================================================================

Protocol  State         Last Change         Restart Count   Last Cleared

-------------------------------------------------------------------------------

lcp       initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

ipcp      initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

mplscp    initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

bcp       initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

osicp     initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

ipv6cp    initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

===============================================================================

===============================================================================

PPP Statistics

===============================================================================

Local Mac address  : fe:ee:02:02:00:01  Remote Mac address :

Local Magic Number : 0x0                Remote Magic Number: 0x0

Local IPv4 address : 0.0.0.0            Remote IPv4 address: 0.0.0.0

Local IPv6 address : ::

Remote IPv6 address: ::

 

Line Monitor Method: keepalive

 

Keepalive statistics

 

Request interval   : 10           Threshold exceeded : 0

Drop Count         : 3            In packets         : 61

Time to link drop  : 00h00m30s    Out packets        : 61

Last cleared time  : 01/07/2015 15:07:22

 

PPP Header Compression

 ACFC              : Disabled     PFC                : Disabled

=============================================================================== 

The following output displays an example when the Ethernet fault condition clears a transitional state occurs.

172 2015/01/07 15:34:33.32 UTC MINOR: ETH_CFM #2001 Base

"MEP 1/45/22 highest defect is now none"

 

show service id 201 all

===============================================================================

Service Detailed Information

===============================================================================

Service Id        : 201                 Vpn Id            : 201

Service Type      : Ipipe

Name              : XYZ Ipipe 201

Description       : IPIPE_PPP

Customer Id       : 1                   Creation Origin   : manual

Last Status Change: 01/07/2015 15:07:54

Last Mgmt Change  : 01/07/2015 15:07:53

Admin State       : Up                  Oper State        : Up

MTU               : 1514

Vc Switching      : False

SAP Count         : 2                   SDP Bind Count    : 0

CE IPv4 Discovery : Enabled             Keep address      : Yes

CE IPv6 Discovery : Enabled             Stack Cap Sig     : Disabled

 

Eth Legacy Fault Notification

-------------------------------------------------------------------------------

Recovery Timer    : 30.0 secs           Admin State       : inService

-------------------------------------------------------------------------------

ETH-CFM service specifics

-------------------------------------------------------------------------------

Tunnel Faults     : ignore

-------------------------------------------------------------------------------

Service Destination Points(SDPs)

-------------------------------------------------------------------------------

No Matching Entries

-------------------------------------------------------------------------------

Service Access Points

-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

SAP 1/1/4:21

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 1/1/4:21                 Encap             : q-tag

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : None

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:07:53

Last Mgmt Change   : 01/07/2015 15:07:52

Sub Type           : regular

Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1518                     Oper MTU          : 1518

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

Q Frame-Based Acct : Disabled                 Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Disabled

Lag Link Map Prof  : (none)

 

-------------------------------------------------------------------------------

ETH-CFM SAP specifics

-------------------------------------------------------------------------------

Tunnel Faults      : n/a                      AIS               : Disabled

MC Prop-Hold-Timer : n/a

Squelch Levels     : None

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 32.32.32.1

SAP MAC Address    : fe:ed:01:01:00:04        Mac Refresh Inter*: 14400

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

32.32.32.1                              fe:4e:01:01:00:03 dynamic

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

fe80::fc2e:ffff:fe00:0                  fe:4e:01:01:00:03 dynamic

3ffe::2020:2001                         fe:4e:01:01:00:03 dynamic

 

. . . snip . . . 

 

-------------------------------------------------------------------------------

Eth-Cfm MEP Configuration Information

-------------------------------------------------------------------------------

Md-index           : 1                        Direction         : Down

Ma-index           : 45                       Admin             : Enabled

MepId              : 22                       CCM-Enable        : Enabled

IfIndex            : 35782656                 PrimaryVid        : 21

Description        : (Not Specified)

FngAlarmTime       : 0                        FngResetTime      : 0

FngState           : fngReset                 ControlMep        : False

LowestDefectPri    : macRemErrXcon            HighestDefect     : none

Defect Flags       : None

Mac Address        : fe:ed:01:01:00:04        Collect LMM Stats : disabled

CcmLtmPriority     : 7                        CcmPaddingSize    : 0 octets

CcmTx              : 1603                     CcmSequenceErr    : 0

CcmIgnoreTLVs      : (Not Specified)

Fault Propagation  : useIfStatusTLV           FacilityFault     : n/a

MA-CcmInterval     : 1                        MA-CcmHoldTime    : 0ms

MA-Primary-Vid     : Disabled

Eth-1Dm Threshold  : 3(sec)                   MD-Level          : 1

Eth-Ais            : Disabled

Eth-Ais Tx defCCM  : allDef

Eth-Tst            : Disabled

Eth-CSF            : Disabled

 

Redundancy:

    MC-LAG State   : n/a

LbRxReply          : 0                        LbRxBadOrder      : 0

LbRxBadMsdu        : 0                        LbTxReply         : 0

LbSequence         : 1                        LbNextSequence    : 1

LtRxUnexplained    : 0

* indicates that the corresponding row element may have been truncated.

-------------------------------------------------------------------------------

SAP 2/2/1.1.2.1

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 2/2/1.1.2.1              Encap             : ipcp

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : PortOperDown

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:08:03

Last Mgmt Change   : 01/07/2015 15:07:54

Sub Type           : regular

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1600                     Oper MTU          : 1600

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

                                              Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Enabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 0.0.0.0

Legacy Fault Notify: False                    Recvry Timer Rem  : 28.8 secs

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv4 ARP entries

 

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv6 Neighbor entries

 

. . . snip . . .

 

show port 2/2/1.1.2.1

===============================================================================

TDM DS0 Chan Group

===============================================================================

Description        : DS0GRP

Interface          : 2/2/1.1.2.1

TimeSlots          : 2-32

Speed              : 64                      CRC                  : 16

Admin Status       : up                      Oper Status          : down

BER SF Link Down   : disabled

Last State Change  : 01/07/2015 15:18:07     Chan-Grp IfIndex     : 608206967

Configured Address : fe:ee:02:02:00:01

Hardware Address   : fe:ee:02:02:00:01

 

Configured mode    : access                  Encap Type           : ipcp

Admin MTU          : 1600                    Oper MTU             : 1600

Scramble           : false

Physical Link      : yes                     Bundle Number        : none

Idle Cycle Flags   : flags                   Load-balance-algo    : Default

Payload Fill Type  : n/a                     Payload Pattern      : N/A

Signal Fill Type   : n/a                     Signal Pattern       : N/A

Ing. Pool % Rate   : 100                     Egr. Pool % Rate     : 100

Egr. Sched. Pol    : N/A

===============================================================================

===============================================================================

Traffic Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Octets                                            119518                 247124

Packets                                             1123                   1036

Errors                                                 0                      0

===============================================================================

Port Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Packets                                             1123                   1036

Discards                                               0                      0

Unknown Proto Discards                                 0

===============================================================================

show port 2/2/1.1.2.1 ppp

===============================================================================

PPP Protocols for 2/2/1.1.2.1

===============================================================================

Protocol  State         Last Change         Restart Count   Last Cleared

-------------------------------------------------------------------------------

lcp       request sent  01/07/2015 15:34:33          1      01/07/2015 15:07:22

ipcp      initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

mplscp    initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

bcp       initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

osicp     initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

ipv6cp    initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

===============================================================================

===============================================================================

PPP Statistics

===============================================================================

Local Mac address  : fe:ee:02:02:00:01  Remote Mac address :

Local Magic Number : 0x0                Remote Magic Number: 0x0

Local IPv4 address : 32.32.32.1         Remote IPv4 address: 0.0.0.0

Local IPv6 address : fe80::fc2e:ffff:fe00:0

Remote IPv6 address: ::

 

Line Monitor Method: keepalive

 

Keepalive statistics

 

Request interval   : 10           Threshold exceeded : 0

Drop Count         : 3            In packets         : 61

Time to link drop  : 00h00m30s    Out packets        : 61

Last cleared time  : 01/07/2015 15:07:22

 

PPP Header Compression

 ACFC              : Disabled     PFC                : Disabled

=============================================================================== 

An example of the legacy fault propagation to the associated Ethernet SAP and the remote peer using the ETH-CFM fault propagation, assuming no Ethernet Fault is taking precedence.

173 2015/01/07 15:35:03.31 UTC MINOR: SVCMGR #2203 Base

"Status of SAP 2/2/

1.1.2.1 in service 201 (customer 1) changed to admin=up oper=down flags=PortOperDown

 "

 

show service id 201 all

===============================================================================

Service Detailed Information

===============================================================================

Service Id        : 201                 Vpn Id            : 201

Service Type      : Ipipe

Name              : XYZ Ipipe 201

Description       : IPIPE_PPP

Customer Id       : 1                   Creation Origin   : manual

Last Status Change: 01/07/2015 15:07:54

Last Mgmt Change  : 01/07/2015 15:07:53

Admin State       : Up                  Oper State        : Up

MTU               : 1514

Vc Switching      : False

SAP Count         : 2                   SDP Bind Count    : 0

CE IPv4 Discovery : Enabled             Keep address      : Yes

CE IPv6 Discovery : Enabled             Stack Cap Sig     : Disabled

 

Eth Legacy Fault Notification

-------------------------------------------------------------------------------

Recovery Timer    : 30.0 secs           Admin State       : inService

 

-------------------------------------------------------------------------------

ETH-CFM service specifics

-------------------------------------------------------------------------------

Tunnel Faults     : ignore

 

-------------------------------------------------------------------------------

Service Destination Points(SDPs)

-------------------------------------------------------------------------------

No Matching Entries

-------------------------------------------------------------------------------

Service Access Points

-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

SAP 1/1/4:21

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 1/1/4:21                 Encap             : q-tag

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Up

Flags              : None

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:07:53

Last Mgmt Change   : 01/07/2015 15:07:52

Sub Type           : regular

Dot1Q Ethertype    : 0x8100                   QinQ Ethertype    : 0x8100

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1518                     Oper MTU          : 1518

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

Q Frame-Based Acct : Disabled                 Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Disabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

ETH-CFM SAP specifics

-------------------------------------------------------------------------------

Tunnel Faults      : n/a                      AIS               : Disabled

MC Prop-Hold-Timer : n/a

Squelch Levels     : None

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 32.32.32.1

SAP MAC Address    : fe:ed:01:01:00:04        Mac Refresh Inter*: 14400

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

32.32.32.1                              fe:4e:01:01:00:03 dynamic

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

fe80::fc2e:ffff:fe00:0                  fe:4e:01:01:00:03 dynamic

3ffe::2020:2001                         fe:4e:01:01:00:03 dynamic

 

. . . snip . . .

 

-------------------------------------------------------------------------------

Eth-Cfm MEP Configuration Information

-------------------------------------------------------------------------------

Md-index           : 1                        Direction         : Down

Ma-index           : 45                       Admin             : Enabled

MepId              : 22                       CCM-Enable        : Enabled

IfIndex            : 35782656                 PrimaryVid        : 21

Description        : (Not Specified)

FngAlarmTime       : 0                        FngResetTime      : 0

FngState           : fngReset                 ControlMep        : False

LowestDefectPri    : macRemErrXcon            HighestDefect     : none

Defect Flags       : bDefRDICCM

Mac Address        : fe:ed:01:01:00:04        Collect LMM Stats : disabled

CcmLtmPriority     : 7                        CcmPaddingSize    : 0 octets

CcmTx              : 1690                     CcmSequenceErr    : 0

CcmIgnoreTLVs      : (Not Specified)

Fault Propagation  : useIfStatusTLV           FacilityFault     : n/a

MA-CcmInterval     : 1                        MA-CcmHoldTime    : 0ms

MA-Primary-Vid     : Disabled

Eth-1Dm Threshold  : 3(sec)                   MD-Level          : 1

Eth-Ais            : Disabled

Eth-Ais Tx defCCM  : allDef

Eth-Tst            : Disabled

Eth-CSF            : Disabled

 

Redundancy:

    MC-LAG State   : n/a

LbRxReply          : 0                        LbRxBadOrder      : 0

LbRxBadMsdu        : 0                        LbTxReply         : 0

LbSequence         : 1                        LbNextSequence    : 1

LtRxUnexplained    : 0

* indicates that the corresponding row element may have been truncated.

 

-------------------------------------------------------------------------------

SAP 2/2/1.1.2.1

-------------------------------------------------------------------------------

Service Id         : 201

SAP                : 2/2/1.1.2.1              Encap             : ipcp

Description        : Default sap description for service id 201

Admin State        : Up                       Oper State        : Down

Flags              : PortOperDown

Multi Svc Site     : None

Last Status Change : 01/07/2015 15:35:03

Last Mgmt Change   : 01/07/2015 15:07:54

Sub Type           : regular

Split Horizon Group: (Not Specified)

 

Admin MTU          : 1600                     Oper MTU          : 1600

Ingr IP Fltr-Id    : n/a                      Egr IP Fltr-Id    : n/a

Ingr Mac Fltr-Id   : n/a                      Egr Mac Fltr-Id   : n/a

Ingr IPv6 Fltr-Id  : n/a                      Egr IPv6 Fltr-Id  : n/a

                                              qinq-pbit-marking : both

                                              Egr Agg Rate Limit: max

Endpoint           : N/A

                                              Limit Unused BW   : Disabled

Agg Burst Limit    : default

 

Acct. Pol          : None                     Collect Stats     : Disabled

 

Application Profile: None

Transit Policy     : None

 

Oper Group         : (none)                   Monitor Oper Grp  : (none)

Host Lockout Plcy  : n/a

Ignore Oper Down   : Enabled

Lag Link Map Prof  : (none)

-------------------------------------------------------------------------------

Ipipe SAP Configuration Information

-------------------------------------------------------------------------------

Configured CE IPv4 : n/a                      Discovered CE IPv4: 0.0.0.0

Legacy Fault Notify: False                    Recvry Timer Rem  : 0.0 secs

 

-------------------------------------------------------------------------------

Ipipe SAP IPv4 ARP Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv4 ARP entries

 

-------------------------------------------------------------------------------

Ipipe SAP IPv6 Neighbor Entry Info

-------------------------------------------------------------------------------

No Ipipe SAP IPv6 Neighbor entries

 

. . . snip . . .

 

show port 2/2/1.1.2.1

===============================================================================

TDM DS0 Chan Group

===============================================================================

Description        : DS0GRP

Interface          : 2/2/1.1.2.1

TimeSlots          : 2-32

Speed              : 64                      CRC                  : 16

Admin Status       : up                      Oper Status          : down

BER SF Link Down   : disabled

Last State Change  : 01/07/2015 15:18:07     Chan-Grp IfIndex     : 608206967

Configured Address : fe:ee:02:02:00:01

Hardware Address   : fe:ee:02:02:00:01

 

Configured mode    : access                  Encap Type           : ipcp

Admin MTU          : 1600                    Oper MTU             : 1600

Scramble           : false

Physical Link      : yes                     Bundle Number        : none

Idle Cycle Flags   : flags                   Load-balance-algo    : Default

Payload Fill Type  : n/a                     Payload Pattern      : N/A

Signal Fill Type   : n/a                     Signal Pattern       : N/A

Ing. Pool % Rate   : 100                     Egr. Pool % Rate     : 100

Egr. Sched. Pol    : N/A

===============================================================================

===============================================================================

Traffic Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Octets                                            119518                 248132

Packets                                             1123                   1064

Errors                                                 0                      0

===============================================================================

Port Statistics

===============================================================================

                                                   Input                 Output

-------------------------------------------------------------------------------

Packets                                             1123                   1064

Discards                                               0                      0

Unknown Proto Discards                                 0

===============================================================================

 

show port 2/2/1.1.2.1 ppp

===============================================================================

PPP Protocols for 2/2/1.1.2.1

===============================================================================

Protocol  State         Last Change         Restart Count   Last Cleared

-------------------------------------------------------------------------------

lcp       request sent  01/07/2015 15:36:05          1      01/07/2015 15:07:22

ipcp      initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

mplscp    initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

bcp       initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

osicp     initial       11/30/2014 09:20:08          0      01/07/2015 15:07:22

ipv6cp    initial       01/07/2015 15:18:07          1      01/07/2015 15:07:22

===============================================================================

===============================================================================

PPP Statistics

===============================================================================

Local Mac address  : fe:ee:02:02:00:01  Remote Mac address :

Local Magic Number : 0x0                Remote Magic Number: 0x0

Local IPv4 address : 32.32.32.1         Remote IPv4 address: 0.0.0.0

Local IPv6 address : fe80::fc2e:ffff:fe00:0

Remote IPv6 address: ::

 

Line Monitor Method: keepalive

 

Keepalive statistics

 

Request interval   : 10           Threshold exceeded : 0

Drop Count         : 3            In packets         : 61

Time to link drop  : 00h00m30s    Out packets        : 61

Last cleared time  : 01/07/2015 15:07:22

 

PPP Header Compression

 ACFC              : Disabled     PFC                : Disabled

===============================================================================

This feature is only supported for an Ipipe service that has a single legacy connection with an encap-type PPP, MLPPP or Cisco-HDLC and an Ethernet SAP. No other combinations are supported. Deployments using APS cannot use this fault propagation functionality.

The propagation of fault is based on the interaction of a number of resources and software functions. This means that propagation and recovery will vary based on the type of failure, the scale of the failure, the legacy protocol, the system overhead at the time of the action, and other interactions.

Before maintenance operations are performed the operation should be aware of the operational state of the service and any fault propagation state. Admin legacy port state down conditions do not cause fault propagation, it is the operational port state that conveys fault. During a Major ISSU operation, legacy faults will be cleared and not propagated toward the Ethernet network. In order to prevent this clearing of faults, the operator may consider shutting down the Ethernet port or shutdown the ETH-CFM MEPs to cause a timeout upstream.

Note: The CLI commands for these functions can be found in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN.

3.8.6. VPLS Service

For VPLS services, on down MEPs are supported for fault propagation.

3.8.7. IES and VPRN Services

For IES and VPRN services, only down MEP is supported on Ethernet SAPs and spoke SDP bindings.

When a down MEP detects a fault and fault propagation is enabled for the MEP, CFM communicates the fault to the SMGR. The SMGR marks the SAP/SDP binding as operationally down. CFM traffic can still be transmitted to or received from the SAP and SDP-binding to ensure when the fault is cleared and the SAP will go back to normal operational state.

Because the SAP and SDP-binding goes down, it is not usable to upper applications. In this case, the IP interface on the SAP and SDP-binding go down. The prefix is withdrawn from routing updates to the remote PEs. The same applies to subscriber group interface SAPs on the 7450 ESS and 7750 SR.

When the IP interface is administratively shutdown, the SMGR notifies the down MEP and a CFM fault notification is generated to the CPE through interface status TLV or suspension of CCM based on local configuration.

3.8.8. Pseudowire Switching

When the node acts as a pseudowire switching node, meaning two pseudowires are stitched together at the node, the SMGR will not communicate pseudowire failures to CFM. Such features are expected to be communicated by pseudowire status messages, and CFM will run end-to-end on the head-end and tail-end of the stitched pseudowire for failure notification.

3.8.9. LLF and CFM Fault Propagation

LLF and CFM fault propagation are mutually exclusive. CLI protection is in place to prevent enabling both LLF and CFM fault propagation in the same service, on the same node and at the same time. However, there are still instances where irresolvable fault loops can occur when the two schemes are deployed within the same service on different nodes. This is not preventable by the CLI. At no time should these two fault propagation schemes be enabled within the same service.

3.8.10. 802.3ah EFM OAM Mapping and Interaction with Service Manager

802.3ah EFM OAM declares a link fault when any of the following occurs:

When 802.3ah EFM OAM declares a fault, the port goes into operation state down. The SMGR communicates the fault to CFM MEPs in the service.

OAM fault propagation in the opposite direction (SMGR to EFM OAM) is not supported.

3.10.1. Session

This is the overall collection of different tests, the test parameters, measurement intervals, and mapping to configured storage models. It is the overall container that defines the attributes of the session.

Session Type: Assigns the mantra of the test to either proactive (default) or on-demand. Individual test timing parameters will be influenced by this setting. A proactive session will start immediately following the no shutdown of the test. A proactive test will continue to execute until a manual shutdown stops the individual test. On-demand tests do not start immediately following the no shutdown command. The operator must start an on-demand test by using the oam oam-pm session start command and specifying the applicable protocol. The operator can override the no test-duration default by configuring a fixed amount of time the test will execute, up to 24 hours (86400 seconds). If an on-demand test is configured with a test-duration, it is important to shut down and delete the tests when they are completed and all the results collected. This will free all system memory that has been reserved for storing the results. In the event of a high-availability event that causes the backup CPM to become the newly active, all on-demand tests will need to be restarted manually using the oam oam-pm session start command for the specific protocol.

Test Family: The main branch of testing that will be addressed a specific technology. The available test parameters for the session will be based off the test family. The destination, source, and the priority are common to all tests under the session and defined separately from the individual test parameters.

Test Parameters: The parameters include individual tests with the associated parameters including start and stop times and the ability to activate and deactivate the individual test.

Measurement Interval: Assignment of collection windows to the session with the appropriate configuration parameters and accounting policy for that specific session.

The “Session” can be viewed as the single container that brings all aspects of individual tests and the various OAM-PM components under a single umbrella. If any aspects of the session are incomplete, the individual test may fail to be activated with a no shutdown command. If this situation occurs an error, it will indicate with “Invalid session parameters”.

3.10.2. Standard PM Packets

A number of standards bodies define performance monitoring packets that can be sent from a source, processed, and responded to by a reflector. The protocol may be solely focused on measuring a single specific performance criteria or multiple. The protocols available to carry out the measurements will be based on the test family type configured for the session.

Ethernet PM delay measurements are carried out using the Two Way Delay Measurement Protocol version 1 (DMMv1) defined in Y.1731 by the ITU-T. This allows for the collection of Frame Delay (FD), InterFrame Delay Variation (IFDV), Frame Delay Range (FDR) and Mean Frame Delay (MFD) measurements, round trip, forward, and backward.

DMMv1 adds the following to the original DMM definition:

DMMv1 and DMM are backwards compatible and the interaction is defined in Y.1731 ITU-T-2011 Section 11 “OAM PDU validation and versioning.”

Ethernet PM loss measurements are carried out using the Synthetic Loss Measurement (SLM) defined in Y.1731 by the ITU-T. This allows for the calculation of Frame Loss Ratio (FLR) and availability. The ITU-T also defines a frame loss measurement (LMM) approach that provides frame loss ratio (FLR) and raw transmit and receive frame counters in each direction and availability metrics.

IP Performance data uses the TWAMP test packet for gathering both delay and loss metrics. OAM-PM supports Appendix I of RFC 5357 (TWAMP Light). The SR OS supports the gathering of delay metrics Frame Delay (FD), InterFrame Delay Variation (IFDV), Frame Delay Range (FDR) and Mean Frame Delay (MFD) round trip, forward and backward.

A session can be configured with one test or multiple tests. Depending on sessions test type family, one or more test configurations may need to be included in the session to gather both delay and loss performance information. Each test that is configured within a session will share the common session parameters and common measurement intervals. However, each test can be configured with unique per test parameters. Using Ethernet as an example, both DMM and SLM would be required to capture both delay and loss performance data. IP performance measurement uses a single TWAMP packet for both delay and synthetic loss.

Each test must be configured with a TestID as part of the test parameters. This uniquely identifies the test within the specific protocol. A TestID must be unique within the same test protocol. Again using Ethernet as an example, DMM and SLM tests within the same session can use the same TestID because they are different protocols. However, if a TestID is applied to a test protocol (like DMM or SLM) in any session, it cannot be used for the same protocol in any other session. When a TestID is carried in the protocol, as it is with DMM and SLM, this value does not have global significance. When a responding entity must index for the purpose of maintaining sequence numbers, as in the case of SLM, the tuple TestID, Source MAC, and Destination MAC are used to maintain the uniqueness on the responder. This means the TestID has only local and not global significance. TWAMP test packets also require a TestID to be configured but do not carry this information in the PDU. However, it is required for uniform provisioning under the OAM-PM architecture. TWAMP uses a four tuple Source IP, Destination IP, Source UDP, and Destination UDP to maintain unique session indexes.

3.10.3. Detectable Transmit Errors

Each OAM-PM session test contains both an administrative and an operational state. The administrative state is linked to the shutdown or no shutdown configuration for the test. The operational state indicates if the test is actively sending or trying to send test frames. For all proactive session types, the administrative and operational states are linked. The test immediately starts and attempts to send test frames as soon as the no shutdown command is accepted. Sessions configured using the session-type on-demand command do not link the two states. The operational state is up when the test is actively generating or attempting to generate test frames. This does not occur at the time the no shutdown command is accepted. The oam oam-pm ... start command is required to commence the transmission of the test frames for on-demand tests. When the manually issued start command is accepted, the operational state changes to up. At the expiration of the test duration, or when the test is manually stopped using the oam oam-pm ... stop command, the operational state transitions to down.

A new field, “Detectable Tx Err”, has been added to each Ethernet and IP OAM-PM test to indicate if there is a detectable transmit error that is preventing the test frames from being sent. This does not affect the two existing states. Detectable Tx Err information can be used to assist in troubleshooting, as it conveys information about a current detectable error state. No log events are created and no historical references are maintained when the error condition clears or changes.

The Detectable Tx Err condition is checked for each test which is operationally up and attempting to send frames. The audit function checks to see if a transmit error condition exists that could prevent the packet from being sent; for example, the source MEP is not fully configured, or the IP interface associated with the source is down. A raised detectable transmit error is cleared for the test if the audit process executes and finds no further detectable transmit error conditions. The interval of the audit function depends on a number of factors, such as the test family, the probe interval, and the number of active tests.

This is an ongoing maintenance function that executes while the test is operationally up. A maximum of one detectable transmit error can be presented to the operator. However, more underlying conditions may be detected should the existing condition be cleared.

When a test’s operational state is anything other than up, the detection process will stop and any Detectable Tx Error fields will display a value of “none”. History is not maintained for detectable transmit errors.

Not all errors are detectable. This function is only meant to guide the operator to a potential area of concern. There is a very large dependency on the direction of the MEP, the service type, the test protocol, and resource requirements that the test maintains over the underlying entity; any of these can influence the reporting of certain errors. Tests requiring the resources of an Up MEP, for example, will typically only report the conditions relating to incomplete configuration or the administrative state of the MEP. Up MEPs ignore the presence of egress connections and service states. However, LMM tests will report an unexpected error condition when the Up MEP SDP binding is down because it explicitly requires resources from the non-operational SDP binding. The same cannot be said if an LMM test was executing from an Up MEP configured over a non-operational SAP.

The TIMETRA-OAM-PM-MIB TEXTUAL-CONVENTION TmnxOamPmDetectableTxError MIB lists all possible detectable error conditions.

The show oam-pm session session-name command provides a detailed view of the session, including each test and the Detectable Tx Err field for those tests.

The show oam-pm sessions detectable-tx-errors command lists all sessions that include a test with a detectable transmit error and the associated error.

3.10.4. Measurement Intervals

A measurement interval is a window of time that compartmentalizes the gathered measurements for an individual test that has occurred during that time. Allocation of measurement intervals, which equates to system memory, is based on the metrics being collected. This means that when both delay and loss metrics are being collected, they allocate their own set of measurement intervals. If the operator is executing multiple delay and loss tests under a single session then multiple measurement intervals will be allocated one per criteria per test.

Measurement intervals can be five minutes (5-min), 15 minutes (15-min), one hour (1-hour), and one day (1-day) in duration. The boundary-type defines the start of the measurement interval and can be aligned to the local time of day clock (wall clock), with or without an optional offset. The boundary-type can be test-aligned, which means the start of the measurement interval coincides with the no shutdown of the test, for proactive tests. By default the start boundary is clocked aligned without an offset. When this configuration is deployed, the measurement interval will start at zero, in relation to the length. When a boundary is clock aligned and an offset is configured, that amount of time will be applied to the measurement interval. Offsets are configured on a per measurement interval basis and only applicable to clock-aligned and not test aligned measurement intervals. Only offsets less than the measurement interval duration are be allowed. Table 15 provides some examples of the start times of each measurement interval.

Although test aligned approaches may seem beneficial for simplicity, there are some drawbacks that need to be considered. The goal of time based and well-defined collection windows allows for the comparison of measurements across common windows of time throughout the network and for relating different tests or sessions. It is suggested that proactive sessions use the default clock-aligned boundary type. On-demand sessions may make use of test-aligned boundaries. On-demand tests are typically used for troubleshooting or short term monitoring that does not require alignment or comparison to other PM data.

The statistical data collected and the computed results from each measurement interval will be maintained in volatile system memory by default. The number of intervals-stored is configurable per measurement interval. Different measurement interval lengths will have different defaults and ranges. The interval-stored parameter defines the number of completed individual test runs to store in volatile memory. There is an additional allocation to account for the active measurement interval. In order to look at the statistical information for the individual tests and a specific measurement interval stored in volatile memory, the show oam-pm statistics … interval-number can be used. If there is an active test, it can be viewed using the interval-number 1. In this case, the first completed record would be 2, previously completed would number back to the maximum intervals stored value plus one.

As new tests for the measurement interval complete, the older entries will get renumbered to maintain their relative position to the current test. As the retained test data for a measurement interval consumes the final entry, any subsequent entries will cause the removal of the oldest data.

There are obvious drawbacks to this storage model. Any high availability function that causes an active CPM switch will flush the results that were in volatile memory. Another consideration is the large amount of system memory consumed using this type of model. Given the risks and resource consumption this model incurs, an alternate method of storage is supported. An accounting policy can be applied to each measurement interval in order write the completed data in system memory to non-volatile flash in an XML format. The amount of system memory consumed by historically completed test data must be balanced with an appropriate accounting policy. It is recommended that the only necessary data be stored in non-volatile memory to avoid unacceptable risk and unnecessary resource consumption. It is also suggested that a large overlap between the data written to flash and stored in volatile memory is unnecessary.

The statistical information is system memory is also available by SNMP. If this method is chosen then a balance must be struck between the intervals retained and the times at which the SNMP queries collect the data. One must be cautious when determining the collection times through SNMP. If a file completes while another file is being retrieved through SNMP then the indexing will change to maintain the relative position to the current run. Proper spacing of the collection is key to ensuring data integrity.

The OAM-PM XML File contains the following keywords and MIB references.