iTN165-CES (A) Configuration Guide (Rel - 01)

www.raisecom.
com
iTN165-CES (A) Configuration Guide (Rel_01)
Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any assistance, please contact our local office or company headquarters. Website: http://www.raisecom.com Tel: 8610-82883305 Fax: 8610-82883056 Email: export@raisecom.com Address: Building 2, No. 28, Shangdi 6th Street, Haidian District, Beijing, P.R.China Postal code: 100085
-----------------------------------------------------------------------------------------------------------------------------------------
Notice
Copyright 2013 Raisecom All rights reserved. No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom Technology Co., Ltd. is the trademark of Raisecom Technology Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Raisecom iTN165-CES (A) Configuration Guide
Preface
Preface
Objectives
This guide introduces features and related configurations supported by the iTN165-CES, including basic principles and configuration procedures of Ethernet, clock synchronization, network reliability, DHCP Client, OAM, security, QoS, and system management and maintenance. In addition, this guide provides related configuration examples. The appendix of this guide provides terms and abbreviations involved in this guide. This guide help you master principles and configurations of the iTN165-CES systematically, as well as networking with the iTN165-CES.
Versions
The following table lists the product versions related to this document. Product name iTN165-4GE4E1 iTN165-4GE4E1-BL iTN165-4GEE1 iTN165-4GEV35 iTN165-4GE4E1S iTN165-4GE4E1S-BL iTN165-4GEE1S iTN165-4GEV35S Product version P100R001 P100R001 P100R001 P100R001 P100R001 P100R001 P100R001 P100R001 Hardware version A.00 or later A.00 or later A.00 or later A.00 or later A.00 or later A.00 or later A.00 or later A.00 or later
Conventions
Symbol conventions
The symbols that may be found in this document are defined as follows.
Raisecom Technology Co., Ltd.
Preface
Symbol
Description Indicates a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation that, if not avoided, could cause equipment damage, data loss, and performance degradation, or unexpected results. Provides additional information to emphasize or supplement important points of the main text. Indicates a tip that may help you solve a problem or save time.
General conventions
Convention Times New Roman Arial Boldface Italic Lucida Console Description Normal paragraphs are in Times New Roman. Paragraphs in Warning, Caution, Notes, and Tip are in Arial. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Terminal display is in Lucida Console.
Command conventions
Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. Only one is selected. Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
ii
Preface
Convention [ x | y | ... ] *
Description Optional alternative items are grouped in square brackets and separated by vertical bars. A minimum of none or a maximum of all can be selected.
Change history
Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.
Issue 01 (2013-07-22)
Initial commercial release
iii
Contents
Contents
1 Basic configurations ..................................................................................................................... 1
1.1 CLI ................................................................................................................................................................... 1 1.1.1 Overview ................................................................................................................................................. 1 1.1.2 Levels ...................................................................................................................................................... 2 1.1.3 Modes...................................................................................................................................................... 2 1.1.4 Keystrokes............................................................................................................................................... 4 1.1.5 Flitering commands................................................................................................................................. 5 1.1.6 Viewing command history ...................................................................................................................... 6 1.1.7 Acquiring help ......................................................................................................................................... 6 1.2 Accessing device .............................................................................................................................................. 8 1.2.1 Accessing device through Console interface ........................................................................................... 8 1.2.2 Accessing device through Telnet ........................................................................................................... 10 1.2.3 Accessing device through SSHv2 ......................................................................................................... 12 1.2.4 Managing users ..................................................................................................................................... 13 1.2.5 Checking configurations ....................................................................................................................... 14 1.3 Zero-configuration ......................................................................................................................................... 14 1.3.1 Introduction ........................................................................................................................................... 14 1.3.2 Preparing for zero-configuration ........................................................................................................... 15 1.3.3 Configuring DHCP Client ..................................................................................................................... 15 1.3.4 (Optional) configuring zero-configuration polling ................................................................................ 16 1.3.5 Checking configurations ....................................................................................................................... 16 1.4 Configuring IP address of device ................................................................................................................... 17 1.4.1 Configuring IP address of device .......................................................................................................... 17 1.4.2 Checking configurations ....................................................................................................................... 17 1.5 Configuring time management ....................................................................................................................... 17 1.5.1 Configuring time and time zone ............................................................................................................ 17 1.5.2 Configuring DST .................................................................................................................................. 18 1.5.3 Configuring NTP/SNTP ........................................................................................................................ 18 1.5.4 Checking configurations ....................................................................................................................... 20 1.6 Configuring static routing .............................................................................................................................. 20 1.7 Configuring Ethernet interface ....................................................................................................................... 21 1.7.1 Configuring basic attributies of interfaces ............................................................................................ 21
iv
Contents
1.7.2 Configuring interface statistics ............................................................................................................. 21 1.7.3 Configuring flow control on interfaces ................................................................................................. 21 1.7.4 Opening/Shuting down interfaces ......................................................................................................... 22 1.7.5 Checking configurations ....................................................................................................................... 22 1.8 Configuring SNMP ........................................................................................................................................ 23 1.8.1 Configuring the IP address of SNMP interface ..................................................................................... 23 1.8.2 Configuring SNMP basic functions ...................................................................................................... 23 1.8.3 Configuring Trap ................................................................................................................................... 24 1.8.4 Checking configurations ....................................................................................................................... 24 1.9 Configuring Banner ........................................................................................................................................ 25 1.9.1 Preparing for configurations ................................................................................................................. 25 1.9.2 Configuring Banner............................................................................................................................... 25 1.9.3 Enabling Banner display ....................................................................................................................... 25 1.9.4 Checking configurations ....................................................................................................................... 26 1.10 Configuration examples ............................................................................................................................... 26 1.10.1 Examples for configuring SNMP ........................................................................................................ 26
2 Ethernet ......................................................................................................................................... 29
2.1 Introduction .................................................................................................................................................... 29 2.1.1 MAC address table ................................................................................................................................ 29 2.1.2 VLAN ................................................................................................................................................... 32 2.1.3 QinQ...................................................................................................................................................... 34 2.1.4 VLAN mapping..................................................................................................................................... 37 2.1.5 Loopback detection ............................................................................................................................... 37 2.1.6 Interface protection ............................................................................................................................... 38 2.1.7 Layer 2 protocol transparent transmission ............................................................................................ 39 2.1.8 ARP ....................................................................................................................................................... 39 2.1.9 Port mirroring........................................................................................................................................ 40 2.2 Configuring MAC address table..................................................................................................................... 41 2.2.1 Preparing for configurations ................................................................................................................. 41 2.2.2 Configuring static MAC address entries ............................................................................................... 42 2.2.3 Configuring dynamic MAC address entries .......................................................................................... 42 2.2.4 Configuring blackhole MAC address entries ........................................................................................ 42 2.2.5 Checking configurations ....................................................................................................................... 43 2.3 Configuring VLAN ........................................................................................................................................ 43 2.3.1 Preparing for configurations ................................................................................................................. 43 2.3.2 Configuring VLAN properties .............................................................................................................. 44 2.3.3 Configuring interface modes ................................................................................................................. 44 2.3.4 Configuring VLANs based on Access interfaces .................................................................................. 44 2.3.5 Configuring VLANs based on Trunk interfaces.................................................................................... 45 2.3.6 Checking configurations ....................................................................................................................... 46 2.4 Configuring basic QinQ ................................................................................................................................. 46
Contents
2.4.1 Preparing for configurations ................................................................................................................. 46 2.4.2 Configuring basic QinQ ........................................................................................................................ 47 2.4.3 Configuring egress interface to Trunk mode ......................................................................................... 47 2.4.4 Checking configurations ....................................................................................................................... 47 2.5 Configuring selective QinQ ........................................................................................................................... 47 2.5.1 Preparing for configurations ................................................................................................................. 47 2.5.2 Configuring selective QinQ .................................................................................................................. 48 2.5.3 Checking configurations ....................................................................................................................... 48 2.6 Configuring VLAN mapping ......................................................................................................................... 48 2.6.1 Preparing for configurations ................................................................................................................. 48 2.6.2 Configuring 1:1 VLAN mapping .......................................................................................................... 49 2.6.3 Checking configurations ....................................................................................................................... 49 2.7 Configuring loopback detection ..................................................................................................................... 49 2.7.1 Preparing for configurations ................................................................................................................. 49 2.7.2 Configuring loopback detection ............................................................................................................ 50 2.7.3 Checking configurations ....................................................................................................................... 50 2.8 Configuring interface protection .................................................................................................................... 51 2.8.1 Preparing for configurations ................................................................................................................. 51 2.8.2 Configuring interface protection ........................................................................................................... 51 2.8.3 Checking configurations ....................................................................................................................... 51 2.9 Configuring Layer 2 protocol transparent transmission ................................................................................. 52 2.9.1 Preparing for configurations ................................................................................................................. 52 2.9.2 Configuring transparent transmission parameters ................................................................................. 52 2.9.3 Checking configurations ....................................................................................................................... 53 2.10 Configuring ARP .......................................................................................................................................... 53 2.10.1 Preparing for configurations ............................................................................................................... 53 2.10.2 Configuring ARP address entries ........................................................................................................ 53 2.10.3 Checking configurations ..................................................................................................................... 54 2.11 Configuring port mirroring ........................................................................................................................... 54 2.11.1 Preparing for configurations ................................................................................................................ 54 2.11.2 Configuring port mirroring .................................................................................................................. 55 2.11.3 Checking configurations ..................................................................................................................... 55 2.12 Maintenance ................................................................................................................................................. 56 2.13 Configuration examples ............................................................................................................................... 56 2.13.1 Examples for configuring MAC address table .................................................................................... 56 2.13.2 Example for configuring VLAN and interface protection ................................................................... 58 2.13.3 Examples for configuring basic QinQ ................................................................................................. 62 2.13.4 Examples for configuring selective QinQ ........................................................................................... 64 2.13.5 Examples for configuring VLAN mapping ......................................................................................... 67 2.13.6 Examples for configuring loopback detection..................................................................................... 70 2.13.7 Examples for configuring Layer 2 protocol transparent transmission ................................................ 71 2.13.8 Examples for configuring ARP ........................................................................................................... 73 Raisecom Technology Co., Ltd. vi
Contents
2.13.9 Examples for configuring port mirroring ............................................................................................ 75
3 Clock synchronization ............................................................................................................... 77

3.1 Introduction .................................................................................................................................................... 77 3.2 Configuring clock synchronization based on synchronous E thernet .......................................................... 78 3.2.1 Preparing for configurations ................................................................................................................. 78 3.2.2 Configuring clock source properties ..................................................................................................... 79 3.2.3 Operating clock source manually .......................................................................................................... 80 3.2.4 Configuring input/output clock signals ................................................................................................. 80 3.2.5 Checking configurations ....................................................................................................................... 80 3.3 Maintenance ................................................................................................................................................... 81 3.4 Configuration examples ................................................................................................................................. 81 3.4.1 Examples for configuring clock synchronization based on synchronous Ethernet ............................... 81
4 MPLS-TP ....................................................................................................................................... 84
4.1 Introduction .................................................................................................................................................... 84 4.1.1 Network structure .................................................................................................................................. 84 4.1.2 Basic concepts ....................................................................................................................................... 85 4.1.3 Static LSP ............................................................................................................................................. 89 4.1.4 MPLS forwarding process .................................................................................................................... 90 4.1.5 MPLS L2VPN ....................................................................................................................................... 93 4.1.6 MPLS-TP OAM .................................................................................................................................... 97 4.1.7 MPLS-TP linear protection switching ................................................................................................... 98 4.2 Configuring basic functions of MPLS .......................................................................................................... 100 4.2.1 Preparing for configurations ............................................................................................................... 100 4.2.2 Configuring basic functions of MPLS ................................................................................................ 101 4.2.3 Checking configurations ..................................................................................................................... 101 4.3 Configuring static LSP ................................................................................................................................. 101 4.3.1 Preparing for configurations ............................................................................................................... 101 4.3.2 Configuring static LSP ........................................................................................................................ 102 4.3.3 Configuring static bidirectional corouted LSP .................................................................................... 102 4.3.4 Configuring Tunnel ............................................................................................................................. 104 4.3.5 Checking configurations ..................................................................................................................... 104 4.4 Configuring MPLS L2VPN ......................................................................................................................... 105 4.4.1 Preparing for configurations ............................................................................................................... 105 4.4.2 Configuring MPLS L2VPN ................................................................................................................ 105 4.4.3 Checking configurations ..................................................................................................................... 106 4.5 Configuring MPLS-TP OAM ....................................................................................................................... 106 4.5.1 Preparing for configurations ............................................................................................................... 106 4.5.2 Enabling MPLS-TP CFM ................................................................................................................... 107 4.5.3 Configuring MPLS-TP CFM .............................................................................................................. 107 4.5.4 Configuring fault detection ................................................................................................................. 109 4.5.5 Configuring fault acknowledgement ................................................................................................... 110 Raisecom Technology Co., Ltd. vii
Contents
4.5.6 Configuring fault location ................................................................................................................... 110 4.5.7 Configuring AIS .................................................................................................................................. 111 4.5.8 Configuring LCK ................................................................................................................................ 111 4.5.9 Configuring basic information about MPLS-TP SLA operation ......................................................... 112 4.5.10 Configuring SLA shceduling information and enabling SLA operation scheduling ......................... 113 4.5.11 Checking configurations ................................................................................................................... 113 4.6 Configuring MPLS-TP linear protection switching ..................................................................................... 114 4.6.1 Preparing for configurations ............................................................................................................... 114 4.6.2 Configuring MPLS-TP linear protection switching ............................................................................ 114 4.6.3 Checking configurations ..................................................................................................................... 115 4.7 Maintenance ................................................................................................................................................. 115 4.8 Configuration examples ............................................................................................................................... 116 4.8.1 Examples for configuring bidirectional static LSP ............................................................................. 116 4.8.2 Examples for configuring static LSP to carry static L2VC ................................................................. 119 4.8.3 Examples for configuring MPLS-TP linear protection switching ....................................................... 124
5 TDMoP ........................................................................................................................................ 130

5.1 Introduction .................................................................................................................................................. 130 5.1.1 Principles of TDMoP technology ........................................................................................................ 130 5.1.2 TDMoP service encapsulation protocol .............................................................................................. 132 5.1.3 TDMoP clock recovery technology .................................................................................................... 138 5.1.4 TDMoP delay jitter buffer technology ................................................................................................ 141 5.2 Configuring TDM interfaces ........................................................................................................................ 141 5.2.1 Preparing for configurations ............................................................................................................... 141 5.2.2 Configuring E1 interfaces ................................................................................................................... 141 5.2.3 Configuring V.35 interfaces ................................................................................................................ 142 5.2.4 Checking configurations ..................................................................................................................... 142 5.3 Configuring PW ........................................................................................................................................... 143 5.3.1 Preparing for configurations ............................................................................................................... 143 5.3.2 Configuring IP address of TDMoP sub-card ....................................................................................... 143 5.3.3 Creating Tunnel ................................................................................................................................... 143 5.3.4 Creating PW and configuring PW properties ...................................................................................... 144 5.3.5 Cheking configurations ....................................................................................................................... 146 5.4 Configuring TDMoP clock ........................................................................................................................... 146 5.4.1 Preparing for configurations ............................................................................................................... 146 5.4.2 Configuring Rx clock source of TDM interfaces ................................................................................ 146 5.4.3 Checking configurations ..................................................................................................................... 147 5.5 Maintenance ................................................................................................................................................. 147 5.6 Configuration examples ............................................................................................................................... 147 5.6.1 Examples for configuring CESoPSN emulation services ................................................................... 147 5.6.2 Examples for configuring SAToP emulation services ......................................................................... 150
6 Network reliability ................................................................................................................... 154

Raisecom Technology Co., Ltd. viii
Contents
6.1 Introduction .................................................................................................................................................. 154 6.1.1 Link aggregation ................................................................................................................................. 154 6.1.2 Interface backup .................................................................................................................................. 156 6.1.3 ELPS ................................................................................................................................................... 158 6.1.4 ERPS ................................................................................................................................................... 161 6.1.5 Failover ............................................................................................................................................... 167 6.2 Configuring link aggregation ....................................................................................................................... 167 6.2.1 Preparing for configurations ............................................................................................................... 167 6.2.2 Configuring manual link aggregation ................................................................................................. 167 6.2.3 Configuring static LACP link aggregation .......................................................................................... 168 6.2.4 Checking configurations ..................................................................................................................... 170 6.3 Configuring interface backup ....................................................................................................................... 170 6.3.1 Preparing for configurations ............................................................................................................... 170 6.3.2 Configuring basic functions of interface backup ................................................................................ 170 6.3.3 (Optional) configuring interface forced switch ................................................................................... 171 6.3.4 Checking configurations ..................................................................................................................... 172 6.4 Configuring ELPS ........................................................................................................................................ 172 6.4.1 Preparing for configurations ............................................................................................................... 172 6.4.2 Creating protection lines ..................................................................................................................... 172 6.4.3 Configuring ELPS fault detection modes............................................................................................ 173 6.4.4 (Optional) configuring ELPS switching control ................................................................................. 174 6.4.5 Checking configurations ..................................................................................................................... 175 6.5 Configuring ERPS ........................................................................................................................................ 175 6.5.1 Preparing for configurations ............................................................................................................... 175 6.5.2 Creating ERPS protection ring ............................................................................................................ 176 6.5.3 (Optional) creating ERPS protection sub-ring .................................................................................... 177 6.5.4 Configuring ERPS fault detection modes ........................................................................................... 178 6.5.5 (Optional) configuring ERPS switching control ................................................................................. 179 6.5.6 Checking configurations ..................................................................................................................... 179 6.6 Configuring failover ..................................................................................................................................... 179 6.6.1 Preparing for configurations ............................................................................................................... 179 6.6.2 Configuring failover ............................................................................................................................ 180 6.6.3 Checking configurations ..................................................................................................................... 180 6.7 Maintenance ................................................................................................................................................. 180 6.8 Configuration examples ............................................................................................................................... 181 6.8.1 Examples for configuring manual link aggregation ............................................................................ 181 6.8.2 Examples for configuring static LACP link aggregation .................................................................... 183 6.8.3 Examples for configuring interface backup ........................................................................................ 185 6.8.4 Examples for configuring 1:1 ELPS ................................................................................................... 188 6.8.5 Examples for configuring single-ring ERPS ....................................................................................... 190 6.8.6 Examples for configuring intersecting-ring ERPS .............................................................................. 194
ix
Contents
7 DHCP Client .............................................................................................................................. 201

7.1 Introduction .................................................................................................................................................. 201 7.1.1 Working principles of DHCP .............................................................................................................. 201 7.1.2 DHCP packets ..................................................................................................................................... 203 7.1.3 DHCP Client ....................................................................................................................................... 204 7.2 Configuring DHCP Client ............................................................................................................................ 205 7.2.1 Preparing for configurations ............................................................................................................... 205 7.2.2 (Optional) configuring DHCPv4 Client information .......................................................................... 205 7.2.3 Enabling DHCPv4 Client .................................................................................................................... 206 7.2.4 (Optional) renewing IPv4 addresses ................................................................................................... 206 7.2.5 Checking configurations ..................................................................................................................... 206 7.3 Configuration examples ............................................................................................................................... 207 7.3.1 Examples for configuring DHCPv4 Client ......................................................................................... 207
8 OAM ............................................................................................................................................ 209

8.1 Introduction .................................................................................................................................................. 209 8.1.1 EFM .................................................................................................................................................... 210 8.1.2 CFM .................................................................................................................................................... 211 8.1.3 SLA ..................................................................................................................................................... 213 8.1.4 RFC2544 ............................................................................................................................................. 214 8.2 Configuring EFM ......................................................................................................................................... 218 8.2.1 Preparing for configurations ............................................................................................................... 218 8.2.2 Configuring basic functions of EFM ................................................................................................... 218 8.2.3 Configuring active functions of EFM ................................................................................................. 219 8.2.4 Configuring passive functions of EFM ............................................................................................... 220 8.2.5 Configuring loopback timeout ............................................................................................................ 222 8.2.6 Checking configurations ..................................................................................................................... 222 8.3 Configuring CFM ......................................................................................................................................... 223 8.3.1 Preparing for configurations ............................................................................................................... 223 8.3.2 Enabling CFM ..................................................................................................................................... 223 8.3.3 Configuring basic functions of CFM .................................................................................................. 223 8.3.4 Configuirng fault detection ................................................................................................................. 224 8.3.5 Configuring fault acknowledgement ................................................................................................... 226 8.3.6 Configuring fault location ................................................................................................................... 227 8.3.7 ConfiguringAIS ................................................................................................................................... 228 8.3.8 Configuring ETH-LCK ....................................................................................................................... 228 8.3.9 Checking configurations ..................................................................................................................... 229 8.4 Configuring SLA .......................................................................................................................................... 229 8.4.1 Preparing for configurations ............................................................................................................... 229 8.4.2 Configuring basic SLA operation information .................................................................................... 230 8.4.3 Configuring SLA scheduling information and enabling operation scheduling ................................... 232
Contents
8.4.4 Configuring basic ETH-Test throughput test operation information and enabling operation scheduling ..................................................................................................................................................................... 232 8.4.5 Checking configurations ..................................................................................................................... 233 8.5 Configuring RFC2544 .................................................................................................................................. 234 8.5.1 Preparing for configurations ............................................................................................................... 234 8.5.2 Configuring RFC2544 basic information ............................................................................................ 235 8.5.3 Configuring RFC2544 throughput test ................................................................................................ 236 8.5.4 Configuring RFC2544 latency test ...................................................................................................... 236 8.5.5 Configuring RFC2544 frame loss rate test .......................................................................................... 237 8.5.6 Checking configurations ..................................................................................................................... 237 8.6 Maintenance ................................................................................................................................................. 238 8.7 Configuration examples ............................................................................................................................... 238 8.7.1 Examples for configuring EFM .......................................................................................................... 238 8.7.2 Examples for configuring CFM .......................................................................................................... 240 8.7.3 Examples for configuring SLA ........................................................................................................... 243 8.7.4 Examples for configuring ETH-Test throughput test .......................................................................... 245 8.7.5 Examples for configuring RFC2544 throughput test .......................................................................... 248
9 Security........................................................................................................................................ 251
9.1 Introduction .................................................................................................................................................. 251 9.1.1 ACL..................................................................................................................................................... 251 9.1.2 RADIUS.............................................................................................................................................. 252 9.1.3 TACACS+ ........................................................................................................................................... 252 9.1.4 Storm control ...................................................................................................................................... 252 9.2 Configuring ACL ......................................................................................................................................... 253 9.2.1 Preparing for configurations ............................................................................................................... 253 9.2.2 Configuring IP ACL ............................................................................................................................ 253 9.2.3 Configuring MAC ACL ...................................................................................................................... 254 9.2.4 Configuring MAP ACL ....................................................................................................................... 254 9.2.5 Applying ACL to device ...................................................................................................................... 256 9.2.6 Checking configurations ..................................................................................................................... 258 9.3 Configuring RADIUS .................................................................................................................................. 258 9.3.1 Preparing for configurations ............................................................................................................... 258 9.3.2 Configuring RADIUS authentication .................................................................................................. 258 9.3.3 Configuring RADIUS accounting ....................................................................................................... 259 9.3.4 Checking configurations ..................................................................................................................... 260 9.4 Configuring TACACS+ ................................................................................................................................ 260 9.4.1 Preparing for configurations ............................................................................................................... 260 9.4.2 Configuring TACACS+ authentication ............................................................................................... 260 9.4.3 Checking configurations ..................................................................................................................... 261 9.5 Configuring storm control ............................................................................................................................ 261 9.5.1 Preparing for configurations ............................................................................................................... 261 9.5.2 Configuring storm control ................................................................................................................... 261 Raisecom Technology Co., Ltd. xi
Contents
9.5.3 Checking configurations ..................................................................................................................... 262 9.6 Maintenance ................................................................................................................................................. 262 9.7 Configuration examples ............................................................................................................................... 262 9.7.1 Examples for configuring ACL ........................................................................................................... 262 9.7.2 Examples for configuring RADIUS .................................................................................................... 263 9.7.3 Examples for configuring TACACS+ ................................................................................................. 265 9.7.4 Examples for configuring storm control ............................................................................................. 266
10 QoS ............................................................................................................................................. 268

10.1 Introduction ................................................................................................................................................ 268 10.1.1 Priority trust ...................................................................................................................................... 269 10.1.2 Priority mapping ............................................................................................................................... 269 10.1.3 Traffic classification .......................................................................................................................... 270 10.1.4 Traffic policy ..................................................................................................................................... 271 10.1.5 Queue scheduling .............................................................................................................................. 272 10.1.6 Congestion avoidance ....................................................................................................................... 274 10.1.7 Queue shaping ................................................................................................................................... 274 10.1.8 Rate limiting based on interface and VLAN ..................................................................................... 275 10.2 Configuring priority trust and priority mapping ......................................................................................... 275 10.2.1 Preparing for conifgurations ............................................................................................................. 275 10.2.2 Configuring priority trust .................................................................................................................. 275 10.2.3 Configuring DSCP priority re-marking ............................................................................................. 276 10.2.4 Configuring mapping relationship between DSCP priority and local priority .................................. 276 10.2.5 Configuring mapping relationship between CoS priority and local priority ..................................... 277 10.2.6 Configuring mapping relationship between local priority and CoS priority ..................................... 277 10.2.7 Checking configurations ................................................................................................................... 278 10.3 Configuring traffic classification and traffic policy ................................................................................... 278 10.3.1 Preparing for configurations ............................................................................................................. 278 10.3.2 Creating and configuring traffic classification .................................................................................. 279 10.3.3 Creating and configuring traffic policing profile .............................................................................. 279 10.3.4 Creating and configuring traffic policy ............................................................................................. 280 10.3.5 Checking configurations ................................................................................................................... 282 10.4 Configuring queue scheduling.................................................................................................................... 282 10.4.1 Preparing for configurations ............................................................................................................. 282 10.4.2 Configuring queue scheduling .......................................................................................................... 283 10.4.3 Configuring WRR/SP+WRR queue scheduling................................................................................ 283 10.4.4 Configuring DRR/SP+DRR queue scheduling ................................................................................. 283 10.4.5 Checking configurations ................................................................................................................... 284 10.5 Configuring congestion avoidance and queue shaping .............................................................................. 284 10.5.1 Preparing for configurations ............................................................................................................. 284 10.5.2 Configuring queue-based WRED...................................................................................................... 284 10.5.3 Configuring queue shaping ............................................................................................................... 285
xii
Contents
10.5.4 Checking configurations ................................................................................................................... 285 10.6 Configuring rate limiting based on interface and VLAN ........................................................................... 285 10.6.1 Preparing for configurations ............................................................................................................. 285 10.6.2 Configuring interface-based rate limiting ......................................................................................... 286 10.6.3 Configuring VLAN-based/QinQ-based rate limiting ........................................................................ 286 10.6.4 Configuring rate limiting based on interface+VLAN ....................................................................... 286 10.6.5 Checking configurations ................................................................................................................... 286 10.7 Maintenance ............................................................................................................................................... 287 10.8 Configuration examples ............................................................................................................................. 287 10.8.1 Examples for configuring rate limiting based on traffic policy ......................................................... 287 10.8.2 Examples for configuring queue scheduling and congestion avoidance ........................................... 290 10.8.3 Examples for configuring interface-based rate limiting .................................................................... 293
11 System management and maintenance............................................................................... 296

11.1 Introduction ................................................................................................................................................ 296 11.1.1 Management files .............................................................................................................................. 296 11.1.2 Load and upgrade .............................................................................................................................. 297 11.1.3 System log ......................................................................................................................................... 298 11.1.4 Alarm management ........................................................................................................................... 298 11.1.5 CPU protection .................................................................................................................................. 303 11.1.6 CPU monitoring ................................................................................................................................ 304 11.1.7 RMON............................................................................................................................................... 304 11.1.8 Optical module DDM ........................................................................................................................ 304 11.1.9 Loopback........................................................................................................................................... 305 11.1.10 Extended OAM ............................................................................................................................... 307 11.1.11 LLDP ............................................................................................................................................... 307 11.1.12 Fault detection ................................................................................................................................. 309 11.2 Managing files ............................................................................................................................................ 311 11.2.1 Managing BootROM file .................................................................................................................. 311 11.2.2 Managing system files....................................................................................................................... 311 11.2.3 Managing configuration files ............................................................................................................ 312 11.2.4 Checking configurations ................................................................................................................... 313 11.3 Load and upgrade ....................................................................................................................................... 313 11.3.1 Configuring TFTP auto-loading mode .............................................................................................. 313 11.3.2 Upgrading system software through BootROM ................................................................................ 314 11.3.3 Upgrading system software through FTP/TFTP ............................................................................... 316 11.3.4 Checking configurations ................................................................................................................... 317 11.4 Configuring system log .............................................................................................................................. 317 11.4.1 Preparing for configurations.............................................................................................................. 317 11.4.2 Configuring basic information about system log .............................................................................. 317 11.4.3 Configuring system log output destination........................................................................................ 318 11.4.4 Checking configurations ................................................................................................................... 319
xiii
Contents
11.5 Configuring alarm management ................................................................................................................. 319 11.5.1 Preparing for configurations .............................................................................................................. 319 11.5.2 Configuring basic functions of alarm management ........................................................................... 320 11.5.3 Configuring hardware monitoring alarm output ................................................................................ 321 11.5.4 Configuring Layer 3 dying-gasp and link-fault alarms ..................................................................... 322 11.5.5 Checking configurations ................................................................................................................... 322 11.6 Configuring CPU protection....................................................................................................................... 323 11.6.1 Preparing for configurations .............................................................................................................. 323 11.6.2 Configuring CPU protection ............................................................................................................. 323 11.6.3 Checking configurations ................................................................................................................... 324 11.7 Configuring CPU monitoring ..................................................................................................................... 324 11.7.1 Preparing for configurations .............................................................................................................. 324 11.7.2 Viewing CPU monitoring information .............................................................................................. 325 11.7.3 Configuring CPU monitoring alarm .................................................................................................. 325 11.7.4 Checking configruations ................................................................................................................... 325 11.8 Configuring RMON ................................................................................................................................... 326 11.8.1 Preparing for configurations .............................................................................................................. 326 11.8.2 Configuring RMON statistics ............................................................................................................ 326 11.8.3 Configuring RMON historical statistics ............................................................................................ 326 11.8.4 Configuring RMON alarm group ...................................................................................................... 326 11.8.5 Configuring RMON event group ...................................................................................................... 327 11.8.6 Checking configurations ................................................................................................................... 327 11.9 Configuring optical module DDM ............................................................................................................. 327 11.9.1 Preparing for configurations .............................................................................................................. 327 11.9.2 Enabling optical module DDM ......................................................................................................... 327 11.9.3 Enabling optical module parameter anomaly Trap ............................................................................ 328 11.9.4 Checking configurations ................................................................................................................... 328 11.10 Configuring Loopback ............................................................................................................................. 328 11.10.1 Preparing for configurations ............................................................................................................ 328 11.10.2 Configuring parameters of interface loopback rules ....................................................................... 329 11.10.3 Configuring source/destination MAC address translation ............................................................... 329 11.10.4 Configuring destination IP address translation ................................................................................ 330 11.10.5 Enabling loopback by selecting loopback rule ................................................................................ 331 11.10.6 Checking configurations ................................................................................................................. 331 11.11 Configuring extended OAM ..................................................................................................................... 331 11.11.1 Preparing for configurations ............................................................................................................ 331 11.11.2 Establishing OAM links .................................................................................................................. 332 11.11.3 Checking configurations .................................................................................................................. 332 11.12 Configuring LLDP ................................................................................................................................... 332 11.12.1 Preparing for configurations............................................................................................................ 332 11.12.2 Enabling global LLDP .................................................................................................................... 332 11.12.3 Enabling interface LLDP ................................................................................................................ 333 Raisecom Technology Co., Ltd. xiv
Contents
11.12.4 Configuring basic functions of LLDP ............................................................................................. 333 11.12.5 Configuring LLDP alarm ................................................................................................................ 334 11.12.6 Checking configurations ................................................................................................................. 334 11.13 Configuring fault detection....................................................................................................................... 334 11.13.1 Viewing device status ...................................................................................................................... 334 11.13.2 Configuring task scheduling ............................................................................................................ 335 11.13.3 PING and Traceroute....................................................................................................................... 335 11.14 Maintenance ............................................................................................................................................. 336 11.15 Configuration examples............................................................................................................................ 336 11.15.1 Examples for configuring RMON alarm group ............................................................................... 336 11.15.2 Examples for configuring LLDP basic functions ............................................................................ 338 11.15.3 Examples for outputting system logs to log host ............................................................................. 341 11.15.4 Examples for configuring hardware monitoring alarm output ........................................................ 343
12 Appendix .................................................................................................................................. 345

12.1 Terms .......................................................................................................................................................... 345 12.2 Abbreviations ............................................................................................................................................. 347
xv
Figures
Figures
Figure 1-1 Logging in to the iTN165-CES through the Console interface ............................................................ 9 Figure 1-2 Configuring parameters for Hyper Terminal ...................................................................................... 10 Figure 1-3 The iTN165-CES working as the Telnet Server ................................................................................. 11 Figure 1-4 The iTN165-CES working as the Telnet Client .................................................................................. 11 Figure 1-5 Realizing zero-configuration through a local device, such as the iTN2100 ....................................... 15 Figure 1-6 Configuring SNMP ............................................................................................................................. 26 Figure 2-1 MAC address entries .......................................................................................................................... 30 Figure 2-2 Partitioning VLANs ............................................................................................................................ 32 Figure 2-3 Format of the 802.1Q-based VLAN frame ......................................................................................... 32 Figure 2-4 Structure of QinQ packet .................................................................................................................... 35 Figure 2-5 Structure of TCI in S-TAG and C-TAG .............................................................................................. 35 Figure 2-6 Typical networking application with basic QinQ ............................................................................... 36 Figure 2-7 1:1 VLAN mapping ............................................................................................................................ 37 Figure 2-8 Loopback detection ............................................................................................................................ 38 Figure 2-9 Structure of ARP frame ...................................................................................................................... 39 Figure 2-10 Principle of port mirroring ................................................................................................................ 41 Figure 2-11 Configuring MAC address table ....................................................................................................... 57 Figure 2-12 Configuring VLAN........................................................................................................................... 59 Figure 2-13 Configuring basic QinQ.................................................................................................................... 62 Figure 2-14 Configuring selective QinQ .............................................................................................................. 65 Figure 2-15 Configuring VLAN mapping ............................................................................................................ 68 Figure 2-16 Configuring loopback detection ....................................................................................................... 70 Figure 2-17 Configuring Layer 2 protocol transparent transmission ................................................................... 71 Figure 2-18 Configuring ARP .............................................................................................................................. 74 Figure 2-19 Configuring port mirroring ............................................................................................................... 75 Figure 3-1 Principles of synchronous Ethernet .................................................................................................... 78
xvi
Figures
Figure 3-2 Configuring clock synchronization based on synchronous Ethernet .................................................. 81 Figure 4-1 MPLS network structure ..................................................................................................................... 85 Figure 4-2 Structure and encapsulation position of the label ............................................................................... 86 Figure 4-3 Structure of the label stack ................................................................................................................. 87 Figure 4-4 Operation process of a label ............................................................................................................... 87 Figure 4-5 Label distribution................................................................................................................................ 88 Figure 4-6 Networking with static LSP ................................................................................................................ 89 Figure 4-7 Structure of the Tunnel ID .................................................................................................................. 90 Figure 4-8 Forwarding process of MPLS packets ................................................................................................ 92 Figure 4-9 CE accessing the network through Ethernet AC ................................................................................. 93 Figure 4-10 MPLS L2VPN model ....................................................................................................................... 94 Figure 4-11 MPLS L2VPN label stack processing process .................................................................................. 94 Figure 4-12 CCC MPLS L2VPN topology .......................................................................................................... 95 Figure 4-13 Martini MPLS L2VPN topology ...................................................................................................... 96 Figure 4-14 Packet format when the GACH is used as the control channel of the PW layer............................... 97 Figure 4-15 Packet format when the GACH is used as the control channel of the LSP layer .............................. 98 Figure 4-16 Packet format when the GACH is used as the control channel of the Section layer......................... 98 Figure 4-17 ACH packet format ........................................................................................................................... 98 Figure 4-18 1+1 protection switching structure ................................................................................................... 99 Figure 4-19 1:1 protection switching structure .................................................................................................. 100 Figure 4-20 Configuring the bidirectional static LSP ........................................................................................ 116 Figure 4-21 Configuring the static LSP to carry the static L2VC ...................................................................... 120 Figure 4-22 Configuring MPLS-TP linear protection switching ........................................................................ 124 Figure 5-1 Principles of PWE3 .......................................................................................................................... 131 Figure 5-2 TDMoP circuit emulation protocol stack .......................................................................................... 132 Figure 5-3 SAToP encapsulation principles ........................................................................................................ 133 Figure 5-4 Structure of the SAToP control word ................................................................................................ 133 Figure 5-5 Structure of RTP packet header ........................................................................................................ 134 Figure 5-6 CESoPSN encapsulation principles .................................................................................................. 136 Figure 5-7 Structure of the CESoPSN control word .......................................................................................... 136 Figure 5-8 Format for CESoPSN encapsulation of basic NxDS0 data .............................................................. 138 Figure 5-9 Format for CESoPSN encapsulation of basic NxDS0 signaling....................................................... 138 Figure 5-10 Format for CESoPSN encapsulation of basic NxDS0 and signaling .............................................. 138
xvii
Figures
Figure 5-11 Principle of self-adaptive clock recovery ....................................................................................... 139 Figure 5-12 Principle of differential clock recovery .......................................................................................... 140 Figure 5-13 Principle of external clock input ..................................................................................................... 140 Figure 5-14 Principle of link loopback clock ..................................................................................................... 140 Figure 5-15 Configuring CESoPSN emulation services .................................................................................... 148 Figure 5-16 Configuring SAToP emulation services .......................................................................................... 151 Figure 6-1 Link aggregation ............................................................................................................................... 155 Figure 6-2 Principles of interface backup .......................................................................................................... 157 Figure 6-3 Principles of VLAN-based interface backup .................................................................................... 158 Figure 6-4 Structure of APS packet .................................................................................................................... 159 Figure 6-5 ELPS 1+1 and 1:1 protection switching modes ................................................................................ 160 Figure 6-6 Unidirectional protection switching ................................................................................................. 161 Figure 6-7 Structure of the R-APS packet .......................................................................................................... 162 Figure 6-8 ERPS ring network ........................................................................................................................... 163 Figure 6-9 Idle state of Ethernet ring network ................................................................................................... 165 Figure 6-10 Protection state of Ethernet ring network ....................................................................................... 165 Figure 6-11 Sub-ring model ............................................................................................................................... 166 Figure 6-12 Interface-to-interface failover ......................................................................................................... 167 Figure 6-13 Configuring manual link aggregation ............................................................................................. 181 Figure 6-14 Configuring static LACP link aggregation ..................................................................................... 183 Figure 6-15 Configuring interface backup ......................................................................................................... 186 Figure 6-16 Configuring 1:1 ELPS .................................................................................................................... 188 Figure 6-17 Configuring single-ring ERPS ........................................................................................................ 191 Figure 6-18 Configuring intersecting-ring ERPS ............................................................................................... 195 Figure 7-1 Typical DHCP application ................................................................................................................ 202 Figure 7-2 Structure of DHCP packet ................................................................................................................ 203 Figure 7-3 DHCP Client ..................................................................................................................................... 205 Figure 7-4 Configuring DHCPv4 Client ............................................................................................................ 207 Figure 8-1 Architecture of Ethernet OAM ......................................................................................................... 209 Figure 8-2 OAM remote loopback ..................................................................................................................... 211 Figure 8-3 MEP and MIP ................................................................................................................................... 212 Figure 8-4 Throughput test ................................................................................................................................. 215 Figure 8-5 Frame loss rate test ........................................................................................................................... 216
xviii
Figures
Figure 8-6 Latency test ....................................................................................................................................... 216 Figure 8-7 RFC2544 test .................................................................................................................................... 217 Figure 8-8 Configuring EFM ............................................................................................................................. 238 Figure 8-9 Configuring CFM ............................................................................................................................. 240 Figure 8-10 Configuring SLA ............................................................................................................................ 244 Figure 8-11 Configuring ETH-Test throughput test ........................................................................................... 246 Figure 8-12 Configuring RFC2544 throughput test ........................................................................................... 248 Figure 9-1 Configuring ACL .............................................................................................................................. 262 Figure 9-2 Configuring RADIUS ....................................................................................................................... 264 Figure 9-3 Configuring TACACS+ .................................................................................................................... 265 Figure 9-4 Configuring storm control ................................................................................................................ 266 Figure 10-1 Application of QoS ......................................................................................................................... 269 Figure 10-2 Traffic classification process .......................................................................................................... 270 Figure 10-3 Structure of IP packet header .......................................................................................................... 271 Figure 10-4 Structures of ToS priority and DSCP priority ................................................................................. 271 Figure 10-5 Structure of VLAN packet .............................................................................................................. 271 Figure 10-6 Structure of CoS priority ................................................................................................................ 271 Figure 10-7 SP scheduling ................................................................................................................................. 272 Figure 10-8 WRR scheduling ............................................................................................................................. 273 Figure 10-9 DRR scheduling.............................................................................................................................. 273 Figure 10-10 Configuring rate limiting based on traffic policy ......................................................................... 288 Figure 10-11 Configuring queue scheduling ...................................................................................................... 291 Figure 10-12 Configuring interface-based rate limiting ..................................................................................... 294 Figure 11-1 Interface loopback .......................................................................................................................... 305 Figure 11-2 The iTN165-CES working as a managed remote device ................................................................ 307 Figure 11-3 Structure of LLDPDU packet ......................................................................................................... 308 Figure 11-4 Structure of TLV packet .................................................................................................................. 308 Figure 11-5 Principle of PING ........................................................................................................................... 310 Figure 11-6 Principle of Traceroute ................................................................................................................... 310 Figure 11-7 Configuring RMON alarm group ................................................................................................... 337 Figure 11-8 Configuring LLDP basic functions ................................................................................................. 338 Figure 11-9 Outputting system logs to log host ................................................................................................. 341 Figure 11-10 Configuring hardware monitoring alarm output ........................................................................... 343
xix
Tables
Tables
Table 2-1 Interfaces modes and packet forwarding modes .................................................................................. 33 Table 2-2 Structure of TCI in the S-TAG and C-TAG.......................................................................................... 35 Table 5-1 Fields of the SAToP control word ..................................................................................................... 134 Table 5-2 Fields of the RTP packet header ......................................................................................................... 135 Table 5-3 Fields of the CESoPSN control word ................................................................................................ 136 Table 6-1 Values of fields in APS specific information ...................................................................................... 159 Table 6-2 Fields in the R-APS specific information........................................................................................... 162 Table 7-1 Fields of DHCP packet ....................................................................................................................... 203 Table 10-1 Mapping relationship between local priority and DSCP priority ..................................................... 270 Table 10-2 Mapping relationship between local priority and CoS priority ........................................................ 270 Table 11-1 Alarm fields ..................................................................................................................................... 300 Table 11-2 Alarm levels ..................................................................................................................................... 300 Table 11-3 TLV types ......................................................................................................................................... 308
xx
1 Basic configurations
Basic configurations
This chapter describes basic information and configuration procedures of the iTN165-CES, as well as related configuration examples, including following sections:

CLI Accessing device Zero-configuration Configuring IP address of device Configuring time management Configuring static routing Configuring Ethernet interface Configuring SNMP Configuring Banner Configuration examples
1.1 CLI
1.1.1 Overview
The Command-line Interface (CLI) is a medium for you communicating with the iTN165CES. You can configure, monitor, and manage the iTN165-CES through the CLI. You can log in to the iTN165-CES through the terminal equipment or through a computer that runs the terminal emulation program. Enter commands at the system prompt. The CLI supports following features:

Configure the iTN165-CES locally through a console. Configure the iTN165-CES locally or remotely through Telnet/ Secure Shell v2 (SSHv2). Commands are classified into different levels. You can execute the commands that correspond to your level only. The commands available to you depend on which mode you are currently in. Keystrokes can be used to execute commands.
Check or execute a historical command by checking command history. The last 20 historical commands can be saved on the iTN165-CES. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode. The iTN165-CES supports multiple intelligent analysis methods, such as fuzzy match and context association.
1.1.2 Levels
The iTN165-CES classifies CLI into 15 levels in a descending order:
14: checking level. You can execute basic commands, such as ping, clear, and history, to perform network diagnostic function, clear system information and show command history. 510: monitoring level. You can execute these commands, such as show, for system maintenance. 1114: configuration level. You can execute these commands for configuring services, such as Virtual Local Area Network (VLAN) and Internet Protocol (IP) route. 15: management level. You can execute these commands for running systems.
1.1.3 Modes
The command mode is an environment where a command is executed. A command can be executed in one or multiple certain modes. The commands available to you depend on which mode you are currently in. After connecting the iTN165-CES, enter the user name and password to enter the user EXEC mode, where the following command is displayed:
Raisecom>
Enter the enable command and press Enter. Then enter the correct password, and press Enter to enter privileged EXEC mode. The default password is raisecom.
Raisecom>enable Password: Raisecom#
In privileged EXEC mode, enter the config command to enter global configuration mode.
Raisecom#config Raisecom(config)#
The CLI prompts Raisecom is a default host name. You can modify it by executing the hostname string command in privileged EXEC mode. Command executed in global configuration mode can also be executed in other modes. The functions vary on command modes. You can enter the exit or quit command to return to upper command mode. However, in privileged EXEC mode, you need to execute the disable command to return to user EXEC mode. You can execute the end command to return to privileged EXEC mode from any modes but user EXEC mode and privileged EXEC mode. Command modes supported by the iTN165-CES are listed in the following table. Mode User EXEC Access mode Log in to the iTN165-CES, and then enter the correct user name and password. In user EXEC mode, enter the enable command and correct password. In privileged EXEC mode, enter the config command. In global configuration mode, enter the interface interface-type interface-number command. In global configuration mode, enter the interface tdm interface-number command. In global configuration mode, enter the cespw pw-name command. In global configuration mode, enter the interface ip if-number command. In global configuration mode, enter the vlan vlan-id command. In global configuration mode, enter the service cis-id level malevel command. In global configuration mode, enter the class-map class-mapname command. In global configuration mode, enter the policy-map policymap-name command. Prompt
Raisecom>
Privileged EXEC
Raisecom#
Global configuration Physical layer interface configuration TDM interface configuration PW configuration
Raisecom(config)#
Raisecom(config-port)#
Raisecom(config-tdmport)#
Raisecom(config-cespw)#
Layer 3 interface configuration VLAN configuration Service instance configuration Traffic classification configuration Traffic policy configuration
Raisecom(config-ip)#
Raisecom(config-vlan)#
Raisecom(configservice)#
Raisecom(config-cmap)#
Raisecom(config-pmap)#
Mode Traffic policy bound with traffic classification configuration CoS-to-Pri configuration
Access mode In traffic policy configuration mode, enter the class-map classmap-name command. In global configuration mode, enter the mls qos mapping costo-local-priority profile-id command. In global configuration mode, enter the mls qos mapping dscp-to-local-priority profile-id command. In global configuration mode, enter the access-list-map aclnumber { deny | permit } command. In global configuration mode, enter the interface port-channel port-channel-number command. In global configuration mode, enter the clock-mgmt slot slotnumber command.
Prompt
Raisecom(config-pmap-c)#
Raisecom(cos-to-pri)#
DSCP-to-Pri configuration
Raisecom(dscp-to-pri)#
Access Control List (ACL) configuration
Raisecom(config-aclmap)#
Aggregation group configuration Clock configuration
Raisecom(configaggregator)#
Raisecom(config-clock)#
1.1.4 Keystrokes
The iTN165-CES supports following keystrokes. Keystroke Press the up arrow () key. Press the down arrow () key. Press the left arrow () key. Press the right arrow () key. Press the Backspace key. Description The previous command is displayed. The next command is displayed. Move the cursor back one character. Move the cursor forward one character. Erase the character to the left of the cursor.
Keystroke Press the Tab key.
Description When you press it after entering a complete keyword, the cursor moves forward a space. When you press it again, the keywords matching the complete keyword are displayed. When you press it after entering an incomplete keyword, the system automatically executes some commands:
If the incomplete keyword matches a unique complete keyword, the unique complete keyword replaces the incomplete keyword, with the cursor forward a space from the unique complete keyword. If the incomplete keyword matches no or more complete keywords, the prefix is displayed. You can press the Tab key to alternate the matched complete keywords, with the cursor at the end of the matched complete keyword. Then, press the Space bar to enter the next keyword. If the incomplete keyword is wrong, you can press the Tab key to wrap, and then error information is displayed. However, the input incomplete keyword remains.
Press Ctrl + A. Press Ctrl + C. Press Ctrl + D or the Delete key. Press Ctrl + E. Press Ctrl + K. Press Ctrl + X. Press Ctrl + Z. Press the Space bar or y. Press the Enter key.
Move the cursor to the beginning of the command line. The ongoing command will be interrupted, such as ping, and traceroute. Delete the character at the cursor. Move the cursor to the end of the command line. Delete all characters from the cursor to the end of the command line. Delete all characters from the cursor to the beginning of the command line. Return to privileged EXEC mode from the current mode (excluding user EXEC mode). Scroll down one screen. Scroll down one line.
1.1.5 Flitering commands

The iTN165-CES provides a series of commands which begin with "list" to show configuration, running status, or diagnostic message of the device. You can add filtering rules to remove unwanted information. The list command supports 3 filtering modes:
| begin string: show all commands which start from matched specific character string.
Raisecom Technology Co., Ltd. 5

| exclude string: show all commands which do not match specific character string. | include string: show all commands which only match specific character string.
1.1.6 Viewing command history

The iTN165-CES support viewing or executing a historical command through the history command in any command mode. By default, the last 20 historical commands are saved. The iTN165-CES can save a maximum of 20 historical commands through the terminal history command in user EXEC mode.
1.1.7 Acquiring help

Complete help
You can acquire complete help under following three conditions:
You can enter a question mark (?) at the system prompt to display a list of commands and brief descriptions available for each command mode.
Raisecom>?
The output is displayed as follows:
clear enable exit help history language list quit terminal
Clear screen Turn on privileged mode command Exit current mode and down to previous mode Message about help Most recent history command Language of help message List command Exit current mode and down to previous mode Configure terminal
After you enter a keyword, press the Space and enter a question mark (?), all correlated commands and their brief descriptions are displayed if the question mark (?) matches another keyword.
Raisecom(config)#ntp?
peer Configure NTP peer refclock-master Set local clock as reference clock server Configure NTP server
After you enter a parameter, press the Space and enter a question mark (?), associated parameters and descriptions of these parameters are displayed if the question mark (?) matches a parameter.
Raisecom(config)#interface client ?
{1-4} Port number list <1-4> Port number
Incomplete help
You can acquire incomplete help under following three conditions:
After you enter part of a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed.
Raisecom(config)#c?
cespw cfm class-map clear clock-mgmt command-log cpu create
cespw Connectivity fault management protocol Set class map Clear screen Clock management Log the command to the file Configure cpu parameters Create static VLAN
After you enter a command, press the Space, and enter a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed.
Raisecom(config)#show li?
link-aggregation link-fault
Link aggregation link-fault
After you enter a partial command name and press the Tab, the full form of the keyword is displayed if there is a unique match command.
Error messages
The following table lists some error messages that you might encounter while using the CLI to configure the iTN165-CES. Error information % " * " Incomplete command. % Invalid input at '^' marked. % Ambiguous input at '^' marked, follow keywords match it. % Unconfirmed command. % Unknown command. % You Need higher priority! Description The input command is incomplete. The keyword marked with "^" is invalid or does not exist. The keyword marked with "^" is unclear. The input command is not unique. The input command does not exist. You need more authority to exist the command.
1.2 Accessing device

When you first enable the iTN165-CES, you need to access the device through the Console interface and then configure its IP address. You cannot access the iTN165CES through Telnet/SSHv2 unless you enable Telnet/SSHv2 service. You can configure the iTN165-CES through the CLI after accessing it through the following 3 modes:

Accessing the iTN165-CES through the Console Interface Accessing the iTN165-CES through Telnet Accessing the iTN165-CES through SSHv2
1.2.1 Accessing device through Console interface
The Console interface of the iTN165-CES is a Universal Serial Bus (USB) A female interface, which is translated into a Universal Asynchronous Receiver/Transmitter (UART) in the device. The Console interface is used as an interface for the iTN165-CES being connected to a PC that runs the terminal emulation program. You can configure and manage the iTN165-CES through this interface. This management method does not involve network communication.
You must log in to the iTN165-CES through the Console interface under the following 2 conditions:

The iTN165-CES is powered on for the first time. You cannot login through Telnet.
The process for logging in to the iTN165-CES is shown as follows: To log in to the iTN165-CES through the Console interface, follow these steps: Step 1 Download the USB_Console_Driver.zip file from http://www.raisecom.com/Drive/USB_Console_Driver.zip and then install it to the PC. Step 2 Right-click My Computer and then choose Manage from the right-click menu. Choose System Tools > Device Manager > Ports to view whether the USB driver program is installed successfully. Then record the COM interface to be used, such as RAISECOM Gazelle USB to UART Bridge (COM1). Step 3 Connect the Console interface of the iTN165-CES to the USB interface of the PC through a dual USM male interface cable, as shown in Figure 1-1. Figure 1-1 Logging in to the iTN165-CES through the Console interface
Step 4 Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft Windows XP. Enter the connection name at the Connection Description dialog box and then click OK. Step 5 Select COM 1 at the Connect To dialog box and then click OK. Step 6 Configure parameters as shown in Figure 1-2 and then click OK
Figure 1-2 Configuring parameters for Hyper Terminal
Step 7 Enter the configuration interface and then enter the user name and password to log in to the iTN165-CES. By default, both the user name and password are set to raisecom.
Hyper Terminal is not available on Windows Vista or later Windows Operating Systems (OSs). For these OSs, download Hyper Terminal package and install it. This program is free for personal application.
1.2.2 Accessing device through Telnet

Through Telnet, you can remotely log in to the iTN165-CES through a PC. In this way, it is not necessary to prepare a PC for each iTN165-CES. The iTN165-CES supports the following two Telnet services:
Telnet Server: as shown in Figure 1-3, connect the PC and the iTN165-CES and ensure that the route between them is reachable. You can log in to and configure the iTN165CES by running Telnet program on a PC. Now the iTN165-CES provides Telnet server service.
10
Figure 1-3 The iTN165-CES working as the Telnet Server
Before logging in to the iTN165-CES through Telnet, you must log in to the iTN165CES through the Console interface, configure the IP address of the SNMP interface, and enable Telnet service. Step 1 2 3 4 5
Raisecom#config Raisecom(config)#management-port ip address ip-address [ ip-mask ] Raisecom(config)#telnet-server accept
Command
Description Enter global configuration mode. Configure the IP address of the SNMP interface. (Optional) configure the interface that supports Telnet. (Optional) close the specified Telnet session. (Optional) configure the maximum number of Telnet sessions supported by the iTN165CES. By default, up to 5 Telnet sessions are available.
interface-type interface-list
Raisecom(config)#telnet-server close terminal-telnet session-number Raisecom(config)#telnet-server maxsession session-number
Telnet Client: after connecting the iTN165-CES through the terminal emulation program or Telnet, you can log in to, manage, and configure another iTN165-CES through Telnet. As shown in Figure 1-4. The iTN165-CES provides both Telnet server and Telnet client services.
Figure 1-4 The iTN165-CES working as the Telnet Client
11
Step 1
Command
Raisecom#telnet ip-address [ port port-number]
Description Log in to other devices through Telnet.
1.2.3 Accessing device through SSHv2

SSHv2 is a network security protocol, which can effectively prevent the disclosure of information in remote management through data encryption, and provides greater security for remote login and other network services in network environment. SSHv2 builds up a secure channel over TCP. Besides, SSHv2 is in support of other service ports as well as standard port 22, thus to avoid illegal attack from network. Before accessing the iTN165-CES via SSHv2, you must log in to the iTN165-CES through the Console interface and enables SSH service. Step 1 2 Command
Raisecom#config Raisecom(config)#generate ssh-key length
Description Enter global configuration mode. Generate local SSHv2 key pair and designate its length. By default, the length of the local SSHv2 key pair is set to 512 bits. Start SSHv2 server. By default, the iTN165-CES does not start the SSHv2 server. (Optional) configure SSHv2 authentication method. By default, the iTN165-CES adopts the password authentication mode. (Optional) when the rsa-key authentication method is adopted, type the public key of clients to the iTN165-CES. (Optional) configure SSHv2 authentication timeout. The iTN165-CES refuses to authenticate and open the connection when client authentication time exceeds the upper threshold. By default, the SSHv2 authentication timeout is set to 600s. (Optional) configure the allowable times for SSHv2 authentication failure. The iTN165-CES refuses to authenticate and open the connection when client authentication failure times exceed the upper threshold. By default, the allowable times for SSHv2 authentication failure are set to 20. (Optional) configure the SSHv2 listening port ID. By default, the SSHv2 listening port ID is set to 22.
3 4
Raisecom(config)#ssh2 server
Raisecom(config)#ssh2 server authentication { password | rsa-key } Raisecom(config)#ssh2 server authentication public-key Raisecom(config)#ssh2 server authentication-timeout period
5 6
Raisecom(config)#ssh2 server authentication-retries times
Raisecom(config)#ssh2 server port port-number
When configuring the SSHv2 listening port ID, the input parameter cannot take effect immediately without reboot the SSHv2 service.
12
Step 9
Command
Raisecom(config)#ssh2 server session session-list enable
Description (Optional) enable SSHv2 session. By default SSHv2 session is enabled
1.2.4 Managing users

When you start the iTN165-CES for the first time, connect the PC through Console interface to the device, input the initial user name and password in Hyper Terminal to log in to and configure the iTN165-CES.
By default, both the user name and password are raisecom If there is not any privilege restriction, any remote can log in to the iTN165-CES via Telnet when the Simple Network Management Protocol (SNMP) interface or other service interfaces of device are configured with IP addresses. This is unsafe to the iTN165-CES and network. Creating user and setting password and privilege helps to manage the login users and ensures network and device security. Step 1 2 3
password
Raisecom#user name user-name privilege
Command
Raisecom#user name user-name password
Description Create or modify the user name and password. Configure the level and privilege of the user. Configure the priority rule for the user to perform the command line. The allow-exec parameter will allow the user to perform commands higher than the current priority. The disallow-exec parameter disallows the user to perform commands that match the keyword.
privilege-level Raisecom#user user-name { allow-exec | disallow-exec } first-keyword [ secondkeyword ]
Raisecom#user login { local-user | radius-user | local-radius | radius-local [ server-no-response ] } Raisecom#enable login { local-user | radius-user | local-radius | radius-local [ server-no-response ] } Raisecom#user login { local-user | tacacs-user | local-tacacs | tacacs-local [ server-no-response ] } Raisecom#enable login { local-user | tacacs-user | local-tacacs | tacacs-local [ server-no-response ] }
(Optional) configure the authentication mode for logging the iTN165-CES when the RADIUS service is adopted. (Optional) configure the authentication mode for entering privileged EXEC mode when the RADIUS service is adopted. (Optional) configure the authentication mode for logging the iTN165-CES when the TACACS+ service is adopted. (Optional) configure the authentication mode for entering privileged EXEC mode when the TACACS+ service is adopted.
13
1.2.5 Checking configurations

No. 1 Command
Raisecom#show user [ detail ]
Description Show the user information.
1.3 Zero-configuration
With wide application of the Packet Transport Network (PTN) technology in mobile backhaul and professional fields, a great number of the iTN200 and the iTN100 devices will be applied in a large scale. However, these devices are scattered at the remote end. When a project is to be implemented, the maintenance personnel must configure then manually. This consumes lots of time and effort. In addition, this may cause errors and influence the working efficiency. To resolve these problems, the local device automatically configures parameters, such as the IP address and default gateway, for remote devices to manage them. In addition, users can transmit/receive data quickly. That is why zero-configuration is introduced. With zero-configuration, developed by Raisecom, devices, which support this feature, can be discovered and managed by the NView NNM system once being installed and powered on, without being configured. This simplifies implementation, facilitates wide-scale deployment, and reduces operation and maintenance cost. In addition, it enables users to transmit/receive data quickly.
1.3.1 Introduction
As a remote device, the iTN165-CES realizes zero-configuration through a local device, such as the iTN2100. Figure 1-5 shows how the iTN165-CES realizes zero-configuration through a local device, such as the iTN2100. The iTN165-CES is a remote device at the PTN. The iTN2100 assigns parameters, such as the IP address and management VLAN to it. After being powered on, the iTN165-CES establishes an OAM link with the iTN2100 and obtains required parameters from it. And then the iTN165-CES updates its configurations automatically to realize the zero-configuration feature. Therefore, the iTN165-CES can be realized by the NView NNM system to realize the zeroconfiguration feature.
14
Figure 1-5 Realizing zero-configuration through a local device, such as the iTN2100
By default, remote devices are enabled with zero-configuration. After being powered on, they will apply for IP addresses, VLAN IDs, and default gateways automatically. If a remote device is configured an IP address, it cannot perform zero-configuration.
1.3.2 Preparing for zero-configuration

Scenario
In general, after remote devices are connected to the local device and the DHCP Server is configured properly, remote devices can apply for IP addresses automatically once being powered on. When you need to modify parameters about zero-configuration, see this section.
Prerequisite

Both local and remote devices work in zero-configuration mode. IP 0 interface is related to an activated VLAN. The physical interface, connected to the zero-configuration server, is added to the VLAN. The uplink interface is UP.
1.3.3 Configuring DHCP Client

IP addresses assigned through zero-configuration are valid permanently. Step 1 Command
Raisecom#config
Description Enter global configuration mode.

Step 2
Command
Raisecom(config)#ip dhcp client mode { zeroconfig | normal }
Description Configure the DHCP Client working as a zeroconfiguration remote device or a common client. By default, the DHCP Client works as a zero-configuration remote device.
3 4
Raisecom(config)#interface ip
if-number
Raisecom(config-ip)#ip address dhcp [ server-ip ip-address ]
Enter IP interface configuration mode. Only IP 0 interface supports being configured with DHCP Client. Enable zero-configuration. Meanwhile, you can specify the IP address of the local DHCP Server. If you specify the IP address of the DHCP Server, you can receive the IP address from the specified DHCP Server only. Configure information about the DHCP Client, including the hostname, Class ID, and Client ID. The information is included in the packet sent by the DHCP Client.
Raisecom(config-ip)#ip dhcp client { class-id class-id | client-id client-id | hostname host-name }
If the IP 0 interface of the remote device has obtained an IP address through DHCP, it is believed that the remote device has obtained the IP address successfully, regardless of whether the default gatway is configured successfully or not. The manually-configured IP address of IP 0 interface and the one automaticallyobtained through zero-configuration can be mutually overridden. IP address of other IP interfaces of the remote device cannot be at the same network segment with the one of the IP 0 interface. After the IP 0 interface of the remote device has obtained an IP address automatically, if you re-perform this command to make apply for an IP address from another DHCP Server, the remote device will release the original IP address.
1.3.4 (Optional) configuring zero-configuration polling

Step 1 2 Command
Raisecom#config Raisecom(config)#ip dhcp client zeroconfig polling period hour
Description Enter global configuration mode. Configure the zero-configuration polling period. It ranges from 1 to 24 hours. By default, it is set to 2 hours.

No. 1 Command
Raisecom#show ip dhcp client
Description Show configurations and automatically-obtained information about the DHCP Client.
16
1.4 Configuring IP address of device

If a remote device has applied an IP address through zero-configuration, there is no need to manually configure an IP address for it.
1.4.1 Configuring IP address of device

The remote device can get an IP address through the following 2 modes:

Manually configure an IP address. Get an IP address through the DHCP Server.
By default, the system has a default VLAN 1. If you need to relate the IP address to another VLAN ID, you must create and activate it in advance. Step 1 2 3 4 Command
Raisecom#config Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ipaddress [ ip-mask ] [ vlan-id ] Raisecom(config-ip))#ip address dhcp [ server-ip server-ip-address ]
Description Enter global configuration mode. Enter Layer 3 interface configuration mode. Configure an IP address and relate it to a VLAN. Get an IP address through DHCP Server.

No. 1 2 3 4 Command
Raisecom#show ip interface brief Raisecom#show ip interface ip if-number Raisecom#show interface ip vlan Raisecom#show ip dhcp client
Description Show basic configurations on the IP interface. Show detailed configurations on the IP interface. Show the IP address and its related VLAN. Show DHCP Client configurations.
1.5 Configuring time management

1.5.1 Configuring time and time zone
To ensure that the iTN165-CES can cooperate with other devices, you need to configure system time and time zone precisely for the iTN165-CES.
17
Step 1
Command
Raisecom#clock set hour minute
Description Configure the system time. By default, the system time is set to 8:00:00, Jan 1, 2000. Configuring system time zone. By default, it is GMT + 8:00.
second year month day

Raisecom#clock timezone { + | } hour minute timezone-name
1.5.2 Configuring DST

Daylight Saving Time (DST) is set locally to save energy, but vary in details. Thus, you need to consider detailed DST rules locally before configuration. Step 1 Command
Raisecom#clock summer-time enable
Description Enable DST on the iTN165-CES. By default, DST is disabled.
Raisecom#clock summer-time recurring { start-week | last } { sun | mon | tue | wed | thu | fri | sat } startmonth hour minute { end-week | last } { sun | mon | tue | wed | thu | fri | sat } end-month hour minute offset
Configure the begin time and end time of DST. By default, the time offset is set to 60 minutes.
For example, if DST starts from 02:00 a.m. second Monday of April to 02:00 a.m. second Monday of September, the clock is moved ahead 60 minutes. Thus, the period between 02:00 and 03:00 second Monday of April does not exist. Configuring time during this period will fail. DST in the Southern Hemisphere is opposite to that in the Northern Hemisphere. It is from September this year to April next year. If the starting month is later than the ending month, the system judges that it is located in the Southern Hemisphere.
1.5.3 Configuring NTP/SNTP
SNTP and NTP are mutually exclusive. If you have configured the IP address of the NTP server on the iTN165-CES, you cannot configure SNTP on the iTN165-CES, and vice versa. Network Time Protocol (NTP) is a time synchronization protocol defined by RFC1305. It is used to perform time synchronization between the distributed time server and clients. NTP transmits data based on UDP, using UDP port 123. NTP is used to perform time synchronization on all devices with clocks in the network. Therefore, these devices can provide various applications based on the uniformed time. In addition, NTP can ensure a very high accuracy with an error about 10ms.
18
Devices, which support NTP, can both be synchronized by other clock sources and can synchronize other devices as the clock source. The iTN165-CES supports performing time synchronization through multiple NTP working modes:
Server/Client mode
In this mode, the client sends clock synchronization message to different servers. The servers work in server mode automatically after receiving the synchronization message and send response messages. The client receives response messages, performs clock filtering and selection, and is synchronized to the preferred server. In this mode, the client can be synchronized to the server but the server cannot be synchronized to the client.
Symmetric peer mode
In this mode, the device working in the symmetric active mode sends clock synchronization messages to the device working in the symmetric passive mode. The device that receives this message automatically enters the symmetric passive mode and sends a reply. By exchanging messages, the symmetric peer mode is established between the two devices. Then, the two devices can synchronize, or be synchronized by each other. Step 1 2 3 Command
Raisecom#config Raisecom(config)#ntp server ip-address [ version [ v1 | v2 | v3 ] ] Raisecom(config)#ntp peer ip-address [ version [ v1 | v2 | v3 ] ]
Description Enter global configuration mode. (Optional) configure the NTP server address for the client that works in server/client mode. (Optional) configure the NTP server address for the iTN165-CES that works in symmetric peer mode. Configure the NTP reference clock source in server/client mode.
Raisecom(config)#ntp refclock-master [ clock-source ] [ stratum ]
If the iTN165-CES is configured as the NTP reference clock source, it cannot be configured as the NTP server or NTP symmetric peer; and vice versa.
SNTP
RFC1361 simplifies NTP and provides Simple Network Time Protocol (SNTP). Compared with NTP, SNTP supports the server/client mode only. In SNTP mode, the iTN165-CES only supports working as the SNTP client to be synchronized by the server. Step 1
Raisecom#config
Command

Step 2
Command
Raisecom(config)#sntp server ip-address
Description (Optional) configure the SNTP server address for the device that works in symmetric peer mode.

No. 1 2 3 4 Command
Raisecom#show clock [ summer-time recurring ] Raisecom#show sntp Raisecom#show ntp status Raisecom#show ntp associations [ detail ]
Description Show configurations on the system time, time zone, and DST. Show SNTP configurations. Show NTP configurations. Show NTP association configurations.
1.6 Configuring static routing

Configure static routing for simple topology network. You need to configure static routing manually to create an intercommunication network. Before configuring static routing, configure the IP address of the Layer 3 interface properly. Step 1 2
Raisecom#config Raisecom(config)#ip route ip-address ip-mask
Command
Description Enter global configuration mode. Configure the static routing to the destination network whose IP address is set to ip-address, Configure the default management distance of static routing. By default, the default management distance is set to 1.
next-hop-ip-address
Raisecom(config)#ip route static distance
distance
Raisecom(config)#show ip route [ dest-ipaddress | detail | ip-access-list acl-id | protocol { direct | static } | statistics ]
Show the routing table information of the device.
20
1.7 Configuring Ethernet interface

1.7.1 Configuring basic attributies of interfaces
The interconnected devices cannot communicate normally if their interface attributes (such as MTU, duplex mode, and speed) are inconsistent, and then you have to adjust the interface attributes to make the devices at two ends match each other. Step 1 2 Command
Raisecom#config Raisecom(config)#system mtu size
Description Enter global configuration mode. Configure the Maximum Transmission Unit (MTU) for all interfaces. MTU is the maximum number of bytes allowed to pass through the interface (without fragment). When the length of the forward message exceeds the maximum value, the device will discard this message automatically. By default, the MTU of the interface is set to 1526 bytes.
3 4
Raisecom(config)#interface
Raisecom(config-port)#duplex { auto | full | half } Raisecom(config-port)#speed { auto | 10 | 100 | 1000 }
Enter Ethernet electrical interface configuration mode. Configure the duplex mode of the interface. By default, the duplex mode is set to auto. Configure the speed of the interface. By default, the speed is automatically negotiated
1.7.2 Configuring interface statistics

Step 1 2
Raisecom#config Raisecom(config)#dynamic statistics time
Command
Description Enter global configuration mode. Configure the interval for interface dynamic statistics. By default, the interval is set to 2s.
period
Raisecom(config)#clear interface interfacetype interface-number statistics
Clear interface statistics saved at the device.
1.7.3 Configuring flow control on interfaces

When speeds of interface for sending and receiving data are inconsistent, data will overflow. Therefore, there should be a mechanism (flow control) to coordinate the 2 interfaces for sending and receiving data properly.
21
Half-duplex: back-pressure flow control is adopted to emulate collision in Ethernet. In half-duplex Ethernet, when a collision occurs, the Tx host will stop sending data. Emulation makes the host with a greater speed stop sending data to control the traffic. Back-pressure flow control is realized through hardware without being configured manually. Full duplex: IEEE 802.3x flow control is adopted. After the client sends a request to the server, when the Autonomous System (AS)/network is congested, the client will sends a PAUSE frame to the server to make the server stop sending data to the client. Command Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable IEEE 802.3x flow control on interfaces. By default, IEEE 802.3x flow control is disabled on interfaces.
Step 1 2 3
Raisecom#config Raisecom(config)#interface
interface-type interface-number
Raisecom(config-port)#flowcontrol { receive | send } on
1.7.4 Opening/Shuting down interfaces

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Shut down the current interface. By default, the interface is open. You can use the no shutdown command to re-open an interface after it is shut down.
Raisecom(config-port)#shutdown
Raisecom(config-port)#forcetransmit enable
Enable unidirectional force transmission on interfaces.

No. 1 2 3 4 5 Command
Raisecom#show interface interface-type interface-list [ statistics ] Raisecom#show system mtu Raisecom#show interface interface-type interface-list statistics dynamic [ detail ] Raisecom#show interface interface-type interface-list flowcontrol Raisecom#show interface force-transmit
Description Show interface status. Show the system MTU. Show interface statistics. Show interface flow control information. Show unicast forced transmission configurations,
22
1.8 Configuring SNMP

1.8.1 Configuring the IP address of SNMP interface
To perform out-of-band management on the iTN165-CES through the SNMP interface, you should configure the IP address of the SNMP interface. Step 1 2 Command
Raisecom#config Raisecom(config)#management-port ip address ip-address [ ip-mask ]
Description Enter global configuration mode. Configure the IP address of the SNMP interface. By default, it is set to 192.168.4.28 and the subnet mask is set to 255.255.255.0.
1.8.2 Configuring SNMP basic functions

Configuring SNMP v1 and SNMP v2c
Step 1 2
Raisecom#config Raisecom(config)#snmp-server community name [ view view ] { ro | rw } Raisecom(config)#snmp-server contact
Command
Description Enter global configuration mode. Create the community name and configure the related view and authority. (Optional) configure the identifier and contact mode of the administrator. (Optional) configure the mapping relationship between the user and the access group. (Optional) specify the physical location of the iTN165-CES.
contact
Raisecom(config)#snmp-server group name user user { v1sm | v2csm | usm }
Raisecom(config)#snmp-server location
location
Configuring SNMP v3
Step 1 2
Raisecom#config Raisecom(config)#snmp-server access groupname [ read view-name ] [ write view-name ] [ notify view-name ] [ context context-name { exact| prefix } ] usm { authnopriv | authpriv | noauthnopriv }
Command
Description Enter global configuration mode. Create and configure the SNMP access group.
23
Step 3 4 5
syscontact
Command
Raisecom(config)#snmp-server contact
Description (Optional) configure the identifier and contact mode of the administrator. (Optional) specify the physical location of the iTN165-CES. Create the user name and configure the authentication mode.
Raisecom(config)#snmp-server location
sysLocation
Raisecom(config)#snmp-server user user-name [ remote engine-id ] [ { authentication | authkey } { md5 | sha } password [ privacy password ] ] Raisecom(config)#snmp-server view view-name oid-tree [ mask ] { included | excluded }
Configure the SNMP view.
1.8.3 Configuring Trap

Trap means refers to unrequested information sent to the NView NNM system automatically, which is used to report some critical events. Before configuring Trap, you should configure the SNMP target host. Step 1 2
Raisecom#config Raisecom(config)#snmp-server host ipaddress version { 1 | 2c } name [ udpport port-id ] Raisecom(config)#snmp-server hostipaddress version 3 { authnopriv | authpriv | noauthnopriv } name [ udpport port-id ]
Command
Description Enter global configuration mode. Configure SNMP v1-/SNMP v2c-based Trap target host.
(Optional) configure SNMP v3-based Trap target host.
Raisecom(config)#snmp-server enable traps
Enable Trap.

No. 1 2 3 4 5 6 7 Command
Raisecom#show management-port ip-address Raisecom#show snmp access Raisecom#show snmp community Raisecom#show snmp config Raisecom#show snmp group
Description Show the IP address of the SNMP interface. Show SNMP access group configurations. Show SNMP community configurations. Show SNMP basic configurations. Show the mapping relationship between SNMP users and the access group. Show Trap target host information. Show SNMP statistics.
Raisecom#show snmp host Raisecom#show snmp statistics
24
No. 8 9
Command
Raisecom#show snmp user Raisecom#show snmp view
Description Show SNMP user information. Show SNMP view information.
1.9 Configuring Banner

1.9.1 Preparing for configurations
Scenario
Banner is a message to display when you log in to or exit from the iTN165-CES, such as the precautions or disclaimer. You can configure Banner of the iTN165-CES as required. After Banner display is enabled, the configured Banner information appears when you log in to or exit from the iTN165-CES.
Prerequisite
N/A
1.9.2 Configuring Banner

Step 1 2
Raisecom#config Raisecom(config)#banner login word Enter text message followed by the character word to finish.User can stop configuration by inputing Ctrl+c
Command
Description Enter global configuration mode. Configure the Banner contents.
message word
The word parameter is a 1-byte character. It is the beginning and end marker of the Banner contents. These 2 marks must be the identical character. The message parameter is the Banner contents. Up to 2560 characters are supported.
1.9.3 Enabling Banner display

Step 1 Command
Raisecom#config
25
Step 2
Command
Raisecom(config)#banner enable
Description Enable Banner display. By default, Banner display is disabled.
Raisecom(config)#write
Save Banner configurations to ensure saving them after the iTN165-CES is rebooted.

No. 1 Command
Raisecom#show banner login
Description View Banner status and configured Banner contents.
1.10 Configuration examples

1.10.1 Examples for configuring SNMP
Networking requirements
As shown in Figure 1-6, the route between the NView NNM system and iTN is reachable. The IP address and sub-net mask of the NView NNM system are set to 192.168.1.1 and 255.255.255.0 respectively. The IP address of the iTN Ethernet interface connected to the network is set to 192.168.2.1. The NView NNM system manages the iTN through the switch. Figure 1-6 Configuring SNMP
Configuration steps
Step 1 Configure the IP address of the SNMP interface.
26
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address 192.168.2.1 255.255.255.0 1
Step 2 Configure the static route between the NView NNM system and the iTN.
Raisecom(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.2
Step 3 Configure the SNMP community.
Raisecom(config)#snmp-server community raisecom rw Raisecom(config)#snmp-server community raisecom ro
Step 4 Configure the SNMP Trap target address.
Raisecom(config)#snmp-server host 192.168.1.1 version 2c raisecom Raisecom(config)#exit
Step 5 Save configurations.
Checking results
Use the show ip route command to show static routing configurations.
Raisecom(config)#show ip route Codes: C - Connected, S - Static, R - RIP, O - OSPF ----------------------------------------------------------S 192.168.1.0[255.255.255.0],Via 192.168.2.2 C 192.168.18.0[255.255.255.0],is directly connected , Interface 0 Total route count: 2
Use show snmp community the command to show SNMP community configurations.
Raisecom#show snmp community Index Community Name View Name Permission -----------------------------------------------------------1 raisecom internet rw
27

2 raisecom internet ro
28
2 Ethernet
Ethernet
This chapter describes principles and configuration procedures of Ethernet, as well as related configuration examples, including following sections:

Introduction Configuring MAC address table Configuring VLAN Configuring basic QinQ Configuring selective QinQ Configuring VLAN mapping Configuring loopback detection Configuring interface protection Configuring Layer 2 protocol transparent transmission Configuring ARP Configuring port mirroring Maintenance Configuration examples
2.1 Introduction
2.1.1 MAC address table
MAC address entries
The MAC address table is a Layer 2 forwarding table recording related information about devices that are connected to the device. All packets received by the interface are forwarded based on the MAC address table. Based on the destination MAC address of the packet, the device queries the MAC address to locate the forwarding interface quickly.
29
2 Ethernet
Figure 2-1 MAC address entries
A MAC address entry includes the following information

MAC Address: destination MAC address Port: forwarding interface VLAN ID: VLAN ID of the interface Flags: Type of the MAC address table
Classification of MAC address table

The MAC address table is divided into the static MAC address table and dynamic MAC address table. MAC address entries include static MAC address entries, dynamic MAC address entries, and blackhole MAC address entries.
Static MAC address entries The static MAC address table can be added/deleted manually and is not aged. The static MAC address table is reserved after the device is reset.
Dynamic MAC address entries The dynamic MAC address table is created by automatically learning the source MAC addresses of received packets. It can be aged based on the configured aging time. In general, the dynamic MAC address table is not reserved after the device is reset.
Black MAC address entries The blackhole MAC address table can be added/deleted manually and is not aged. The device will directly discard the packet whose source/destination MAC address is a blackhole MAC address.
Forwarding modes of MAC address

When forwarding packets, based on the information about MAC address entries, Ethernet devices adopt following modes:
Unicast: when a MAC address entry, which is related to the destination MAC address of a packet, is listed in the MAC address table, the device will directly forward the packet to the received interface through the egress interface of the MAC address entry.
30
2 Ethernet
Multicast: when receiving a packet whose destination address is a multicast MAC address, if the related destination address is listed in the MAC address table, the Ethernet device will forward the packet through the egress interface of the MAC address entry. Broadcast: when an Ethernet device receives an all-F packet, or when the Ethernet device receives a packet whose MAC address is not listed in the MAC address table, it will flood the packet to all interfaces in the same VLAN except for the interface that receives this packet.
MAC address learning

Most dynamic MAC address entries are created and maintained through MAC address learning. When a packet is sent to a device, the device will look up the MAC address table for the interface ID that is related to the destination MAC address and VLAN ID of the packet. If successful, the device will forward the packets to the received interface. Meanwhile, the device will add the relevant source MAC address, interface ID, as well as VLAN ID to the MAC address table. If the MAC address is created, the device will update the aging time. When a packet is sent to the learned MAC address through other interfaces, the packet will be directly forwarded to the received interface according to the MAC address table. If the destination MAC address is not listed in the MAC address, the device floods the packets to all interfaces except for the interface that receives this packet. In addition, the source MAC address of the packet will be added to the MAC address table on the device.
MAC address limit

MAC address limit is used to restrict the number of MAC address entries. When the number of access users exceeds the threshold, the MAC addresses of newly-accesses users will be discarded directly. MAC address limit restricts learned dynamic MAC addresses.
Interface-based MAC address limit: learn source MAC addresses of packets in all VLANs received the interface. If the number of learned MAC addresses reaches the threshold, the device will not learn any MAC address. At this time, if the source MAC address of the packet received by the interface is unknown (the source MAC address is not listed in the learned MAC address table), the packet will be discarded. VLAN-based MAC address limit: learn source MAC addresses of packets in specified VLANs. If the number of learned MAC addresses reaches the threshold, the device will not learn any MAC address.
The iTN165-CES supports interface-based MAC address limit.
MAC address aging

MAC address aging ensures real-time update of valid dynamic MAC address entries in the MAC address table. It can prevent failing to forward packets caused by failing to learned new MAC address entry when the threshold of the MAC address table is exceeded. When creating a dynamic MAC address entry, the system enables the aging timer. If a packet with the same MAC address is received during the aging time. the aging timer is updated. Otherwise, the MAC address entry is deleted.
31
2 Ethernet
2.1.2 VLAN
Overview of VLAN
Virtual Local Area Network (VLAN) is a Layer 2 isolation technology that partitions devices in a LAN logically to different parts. These parts are independent and cannot communicate with each other. However, they can communicate through the router or Layer 3 switch. By partitioning VLANs, you can isolate broadcast domains and reduce broadcast storms. Figure 2-2Figure 2-2 shows how to partition a VLAN. Figure 2-2 Partitioning VLANs
Format of VLAN frame

VLANs supported by the iTN165-CES meet the IEEE 802.1Q standard. The iTN165-CES supports 4094 concurrent VLANs. The IEEE 802.1Q modifies the format of the Ethernet frame. It adds a 4-byte 802.1Q Tag between the source MAC address filed and the protocol type field, as shown in Figure 2-3. Figure 2-3 Format of the 802.1Q-based VLAN frame
Tag Protocol Identifier (TPID): it is a new frame type defined by the IEEE. It is a 2-byte field. When it is set to 0x8100, it indicates that the frame is an 802.1Q-Tag frame. The device, which does not support 802.1Q, will discard the 802.1Q-Tag packet.
2 Ethernet
Priority: a 3-bit field which indicates the frame priority level. Values are from 0 (best effort) to 7 (highest). The bigger the number is, the higher the priority is. When the network is congested, the device sends packets with higher priorities first. Canonical Format Indicator (CFI): a 1-bit field used for identifying whether the MAC address is in classical format. It indicates a classical MAC address when the value is set to 0. It indicates a non-classical MAC address when the value is set to 1. It is used to distinguish the format of frames when the bus Ethernet and Fiber Distributed Digital Interface (FDDI)/Token Ring network exchange data. VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. The value ranges from 1 to 4094. A Port VLAN ID (PVID) is a default VLAN ID. In a port-based VLAN, each port has a PVID. When an Untagged packet is sent to the port, the RC1108 will forward this packet according to the PVID Tag. VLANs supported by the RC1108 meet the IEEE 802.1Q standard. The iTN165-CES supports 4094 concurrent VLANs.
Interface modes and packet forwarding modes

The iTN165-CES interface modes are divided into Access mode and Trunk mode. Table 2-1 lists comparison on interface modes and packet forwarding modes. Table 2-1 Interfaces modes and packet forwarding modes Interface type Access Forwarding modes for ingress packet Untag packet Add the Access VLAN Tag to packets.
Tag packet If the VLAN ID of a packet is identical to the Access VLAN ID or the VLAN ID is in the allowed VLAN IDs of the interface, receive the packet. If the VLAN ID of a packet is not identical to the Access VLAN ID, or the VLAN ID is not in the allowed VLAN IDs of the interface, discard the packet.
Forwarding modes for egress packet If the VLAN ID of a packet is identical to the Access VLAN ID, send the packet after removing its Tag. If the VLAN ID of a packet is in the allowed VLAN ID list of the interface, send the packet after removing its Tag. If the VLAN ID of a packet is not in the allowed VLAN ID list of the interface, discard the packet.
33
2 Ethernet
Interface type Trunk
Forwarding modes for ingress packet Untag packet Add the Native VLAN Tag to packets.
Tag packet If the VLAN ID of a packet is in the VLAN ID list of the interface, receive the packet. If the VLAN ID of a packet is not in the allowed VLAN ID list of the interface, discard the packet.
Forwarding modes for egress packet If the VLAN ID of a packet is identical to the native VLAN and the allowed VLAN ID is in the VLAN ID list of the interface , send the packet after removing its original Tag. If the VLAN ID of a packet is not identical to the native VLAN and VLAN ID is not in the allowed VLAN ID list of the interface, send the packet with taking its original Tag. If the VLAN ID of a packet is not identical to the native VLAN ID, or the VLAN ID is not in the allowed VLAN IDs of the interface, discard the packet.
2.1.3 QinQ
QinQ (also called Stacked VLAN or Double VLAN) is a Layer 3 tunnel technology based on IEEE 802.1Q. It is defined in 802.1ad standard. QinQ is a simple Layer 2 VPN tunnel technology. QinQ encapsulates an outer VLAN Tag for a private packet, so that the packet traverses the backbone network of the Internet service provider (ISP) carrying double VLAN tags. In the ISP, the packet is transmitted according to the outer VLAN Tag (public VLAN Tag). And the private VLAN Tag is transmitted as the data in the packet.
Structure of QinQ packet

QinQ packets carry double VLAN Tags when they traverse the backbone network. The inner one is a private VLAN Tag while the outer one is the public VLAN Tag assigned by the Carrier. The IEEE 802.1ad standard defines the inner one as the Customer VLAN (C-VLAN) and the outer one ad the Service VLAN (S-VLAN). In general, the Maximum Transmission Unit (MTU) of the device is set to 1500 bytes, When the outer VLAN Tag is added to a packet, the packet size is added with 4 bytes. Therefore, you should increase the MTU value properly (at least 1504 bytes). Figure 2-4 shows the structure of the QinQ packet.
34
2 Ethernet
Figure 2-4 Structure of QinQ packet
Structures of the S-VLAN and C-VLAN are similar. They are divided in to TPID and Tag Control Information (TCI). The TPID and TCI are 2-byte fields. The TPID is used to identify the VLAN tag type. The inner VLAN Tag is fixed to 0x8100 while the outer VLAN Tag can be configured.
The IEEE 802.1ad defines the TPID value of the S-VALN as 0x88a8. However, the value may vary on vendors. To ensure that these devices can communicate with each other, we recommend setting the identical TPID value. Figure 2-5 shows the structure of TCI in the S-TAG and C-TAG. Figure 2-5 Structure of TCI in S-TAG and C-TAG
Table 2-2 describes the structure of TCI in the S-TAG and C-TAG. Table 2-2 Structure of TCI in the S-TAG and C-TAG Field PCP CFI DEI Full form Priority Code Point Canonical Format Indicator Drop Eligible Indicator Length 3bit 1bit 1bit Description Priority Code Point Canonical Format Indicator Drop Eligible Indicator, cooperating with PCP to indicate the priority of the S-TAG frame
35
2 Ethernet
Field VID
Full form VLAN ID
Length 12bit
Description Ranging from 0 to 4094
Basic QinQ
Basic QinQ is realized based on the interface. After an interface is enabled with basic QinQ, when it receives a Tag packet, the device adds the VLAN Tag of the interface to the packet. Therefore, the packet traverses the network with double Tags. If the interface receives an Untag packet, the device adds the VLAN Tag of the interface to the packet. Therefore, the packet traverses the network with the native VLAN Tag of the interface. Figure 2-6 shows the typical networking application with basic QinQ. Figure 2-6 Typical networking application with basic QinQ
A packet is sent to the PE by the customer equipment, and the packet carries a Tag VLAN 100. When passing through the Client interface of the PE, the packet is added with an outer Tag VLAN 200. And then the packet is sent to the Carrier network through the Line interface of the PE. When the packet with the outer Tag is sent to the other PE, this PE will remove the outer Tag from the packet and then send the packet to the other customer equipment. Now, the packet only carries the TAG VLAN 100.
Selective QinQ
Selective QinQ is an enhanced application for basic QinQ. It is realized based on the interface and VLAN. Based on some features, selective QinQ can perform traffic classification on users' data and encapsulate different data flows with different VLAN Tags. With selective QinQ, you can encapsulate different Tags for packets with different inner Tags based on the mapping rule. In addition to all functions realized by basic QinQ, selective QinQ can also perform different operations on packets received by the same interface based on different VLAN Tags.

Ingress interface: add different outer VLAN tags to packets based on the inner VLAN ID. Egress interface: identify the CoS priority of the outer VLAN based on the one of the inner VLAN.
Selective QinQ can isolate the Carrier network from the user network and provide a great number of features and more flexible networking capabilities. With selective QinQ, devices can classify customer devices on the interface that is connected to the access layer,
2 Ethernet
encapsulating different outer Tag for various customer devices. In addition, selective QinQ adopts the outer Tag to configure the QoS policy in the public network, flexibly configure the data transmission priority, and provide related services for users.
2.1.4 VLAN mapping

VLAN Mapping is mainly used to replace the VLAN Tag of Ethernet packets, making packets transmitted according to new VLAN forwarding rules. VLAN Mapping is mainly used in the network where a great number of devices need to be isolated through VLAN. By replacing the inner VLAN Tags of packets, VLAN mapping can map private VLANs to public VLANs, realizing VLAN aggregation. Therefore, services can be processed and forwarded based on the Carrier's network plan. The iTN165-CESsupports 1:1 VLAN mapping only. When the iTN165-CESreceives packets with private VLAN Tag, the device will match the private VLAN Tag according to configured VLAN mapping rules. If successful, the private VLAN Tag is replaced according to configured VLAN mapping rules, as shown in Figure 2-7. Figure 2-7 1:1 VLAN mapping
2.1.5 Loopback detection

The loopback detection can address the influence on network caused by a loopback, providing the self-detection, fault-tolerance and robustness. When an interface is enabled with loopback detection, the interface sends the Loopback detection packet periodically. The period can be configured. By default, it is set to 4s. The interface, where loopback detection is enabled, will check the source MAC address of the Loopback-detection packet and compare to the one of the device. If these 2 MAC addresses are identical, it is believed that a loopback is generated on some interface, Otherwise, the device discards the packet.
37
2 Ethernet
Loopback types
In general, there are self-loopback, internal loopback, and external loopback, as shown in Figure 2-8.

Self-loopback: a loopback generated on the same Ethernet interface of a device, such as the one between Switch B and User network B Internal loopback: a loopback generated between different Ethernet interfaces of a device, such as the one between Switch C and User network A External loopback: a loopback generated between Ethernet interfaces of different devices, such as the one among Switch A, Switch B, Switch C, and User Network C
Figure 2-8 Loopback detection
Processing modes of loopbacks

When a loopback is generated, the device can process it based on its type:

Self-loopback: shut down the interface if the ID of the interface for sending the packet is identical to the one of the interface for receiving the packet. Internal loopback: shut down the interface with a greater ID and keep the interface with a smaller ID UP if the ID of the interface for sending the packet and the one of the interface for receiving the packet are different. External loopback: in general, the device does not process the loopback. The device sends Trap only without blocking the interface. You can manually block one interface as required.
Loopback detection modes

Loopback detection can be performed based on the interface, or interface and VLAN.
2.1.6 Interface protection

With interface protection, you can add an interface, which needs to be controlled, to an interface protection group, isolating Layer 2/Layer 3 data in the interface protection group. This can provide physical isolation between interfaces, enhance network security, and provide flexible networking scheme for users. After being configured with interface protection, interfaces in an interface protection group cannot transmit packets to each other. Packet cannot be transmitted to each other only when interfaces are in the same interface protection group.
2 Ethernet
2.1.7 Layer 2 protocol transparent transmission

The transparent transmission function is a main function for Ethernet devices. In general, the Carrier's edge device charges for transparently transmission of Layer 2 protocol packets. The transparent transmission function is enabled on the interface where the Carrier's edge device is connected to the user network. A Layer 2 protocol packet is transmitted through the ingress interface and is encapsulated on the edge device (the ingress interface) of the Internet Service Provider (ISP). And then the Layer 2 protocol packet is transmitted to the Carrier network. The Layer 2 protocol packet traverses the ISP to the other edge device (the egress interface). Then this edge device decapsulates the Layer 2 protocol packet and transmits it to the user network through the egress interface. The transparent transmission function consists of encapsulation and decapsulation processes. And basic principles are shown as follows:
Encapsulation: on the ingress interface of the ISP, the device adopts a special multicast address (by default, it is 010E.5E00.0003) to modify the destination MAC address of the Layer 2 protocol packet. In the ISP, the modified packet is taken as a data to be forwarded in the VLAN where the user belongs. Intermediate processing: Layer 2 protocol transparent transmission can work with QinQ. In addition, Layer 2 protocol transparent transmission can be operated alone. In real, after the MAC address of a Layer 2 protocol packet is modified, the device decides whether to encapsulate the outer VLAN Tag for packets based on the configured transparent transmission mode to make packet traverse the Carrier network properly. Decapsulation: on the egress interface of the ISP, the device recognizes the specified multicast address (by default, it is 010E.5E00.0003) and restores it to the original destination MAC address of the Layer 2 protocol packet. And then the device decides whether to remove the outer VLAN Tag of packets based on the configured transparent transmission mode and then transmits it to the specified user network.
The iTN165-CES supports Layer 2 protocol transparent transmission.
2.1.8 ARP
Address Resolution Protocol (ARP) is used for resolution of network layer IP addresses into data link layer hardware addresses.
Structure of ARP frame

Figure 2-9 shows the structure of ARP frame. Figure 2-9 Structure of ARP frame
39
2 Ethernet
The ARP frame size is 28 bytes, there is the sender hardware address in the Ethernet data frame header and ARP request data header, This field is required for all networks but Ethernet.

Hardware Type (HTYPE): it is a 2-byte field used to define the network type. 1 is Ethernet. Protocol Type (PTYPE): it is a 2-byte field used to define the ARP type. 0x0800 is IPv4. Hardware Length (HLEN): it is a 1-byte field used to define the length of a hardware address. Ethernet address size is 6. Protocol Length (PLEN): it is a 1-byte field used to define the length of a logical address. IPv4 address size is 4. Operation (OP): it is a 2-byte field used to define the ARP packet type. ARP request packet is 1 and ARP replay packet is 2. Sender Hardware Address (SHA): it is a 6-byte field used to define the MAC address of the sender. Sender Protocol Address (SPA): it is a 4-byte field used to define the IP address of the sender. Target Hardware Address (THA): it is a 6-byte field used to define the destination MAC address. Target Protocol Address (TPA): it is a 4-byte field used to define the destination IP address.
ARP address entries

ARP address entries are classified into the following types:
Static ARP address entry: static entry is used to perform static binding on an IP address and a MAC address. The iTN165-CES and router cannot adjust the secondary mapping relationship dynamically. It is used to prevent ARP dynamic learning fraud. Static ARP address entries should be manually added and deleted and are not aged. In addition, static ARP address entries are saved on all devices in a network. Dynamic ARP address entry: entries that are automatically learned through ARP. Dynamic ARP address entries are automatically generated by the iTN165-CES. You can adjust some parameters as required. You should not manually add or delete dynamic ARP address entries. However, you need to set the aging time for them. Aging is a dynamic update mechanism for ARP address entries. Because devices of the learned ARP address entry may fail or be removed after a period, aging can be used to detect the device periodically to enhance network reliability and stability.
2.1.9 Port mirroring

Port mirroring refers to mirroring packets of the source ports to the monitor port without affecting packets forwarding. The monitor port is connected to the data monitoring device. You can use this function to monitor the receiving and sending status of some port, monitor the network, and troubleshoot problems.
40
2 Ethernet
Figure 2-10 Principle of port mirroring
Basic principles for the port mirroring are displayed in Figure 2-10. PC 1 accesses the network through Client 1 of the iTN165-CES. PC 2 is the monitor PC and is connected to Client 2 of the iTN165-CES. When needing to monitor packets sent by PC 1, you need to configure Client 1 as the mirroring port and enable port mirroring for packets on the ingress port. Configure Client 2 as the monitor port, that is, the mirroring destination port. When forwarding a packet sent by PC 1, the iTN165-CES mirrors one to Client 2. Monitor devices connected to Client 2 receive and analyze this mirrored packet. The iTN165-CES supports port mirroring based on ingress and egress ports.
2.2 Configuring MAC address table

Scenario
Static MAC addresses need be set for fixed servers, fixed and important hosts for special persons (managers, financial staffs, etc.), to ensure all data traffic to these MAC addresses are correctly forwarded from the interface that is related to these static MAC addresses. For interfaces with fixed static MAC addresses, you can disable the MAC address learning to avoid other hosts visiting LAN data from these interfaces. To avoid the explosive growth of MAC address table entries, you need to configure the aging time for a MAC address table.
41
2 Ethernet
Prerequisite
N/A
2.2.2 Configuring static MAC address entries

Step 1 2
Raisecom#config
Command
Description Enter global configuration mode. Configure static unicast MAC addresses.
Raisecom(config)#mac-address-table static unicast macaddress vlan vlan-id interface-type interface-number
2.2.3 Configuring dynamic MAC address entries

Step 1 2 Command
Raisecom#config Raisecom(config)#mac-address-table learning enable { interface-type interface-number | vlanlist vlanlist } Raisecom(config)#mac-address-table aging-time { 0 | second }
Description Enter global configuration mode. Enable MAC address learning. By default, MAC address learning is enabled on the iTN165-CES. Configure the aging time of dynamic MAC addresses. By default, the aging time of dynamic MAC addresses is set to 300s. Configure VLAN-based MAC address limit threshold. By default, no VLAN-based MAC address limit threshold is configured. Enter physical layer interface configuration mode. Configure interface-based MAC address limit threshold. By default, no interface-based MAC address limit threshold is configured.
Raisecom(config)#mac-address-table threshold threshold-value vlan
vlan-id
5 6
Raisecom(config-port)#mac-addresstable threshold threshold-value
2.2.4 Configuring blackhole MAC address entries

Step 1 2
Raisecom#config Raisecom(config)#mac-address-table blackhole mac-address vlan vlan-id
Command
Description Enter global configuration mode. Configure the blackhole MAC address.
42
2 Ethernet

No. 1 2 3 4 Command
Raisecom#show mac-address-table static [ interfacetype interface-number | vlan vlan-id ] Raisecom#show mac-address-table l2-address [ vlan vlan-id | interface-type interface-number | count ] Raisecom#show mac aging-time
Description Show static MAC addresses. Show all MAC addresses. Show the aging time of MAC addresses. Show MAC address limit configurations.
Raisecom#show mac-address-table threshold [ interface-type interface-list ]
2.3 Configuring VLAN

Scenario
The main function of VLAN is to carve up logic network segments. There are 2 typical application modes:
Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that connect to the device are carved up by VLANs. So hosts in the same VLAN can communicate, but hosts between different VLANs cannot communicate. For example, the financial department needs to be separated from other departments and they cannot access each other. In general, the port connected to the host is in Access mode. Big LAN or enterprise network: Multiple Layer 2 devices connect to multiple hosts and these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of multiple devices, which have identical VLAN, can communicate, but hosts between different VLANs cannot communicate. This mode is used for enterprises that have many people and need a lot of hosts, and the people and hosts are in the same department but different positions. Hosts in one department can access each other, so you has to carve up VLAN on multiple devices. Layer-3 devices like a router are required if you want to communicate among different VLANs. The concatenated ports among devices are in Trunk mode.
When you need to configure an IP address for a VLAN, you can relate a Layer 3 interface to the VLAN. Each Layer 3 interface corresponds to an IP address and is related to a VLAN.
Prerequisite
N/A
43
2 Ethernet
2.3.2 Configuring VLAN properties

Step 1 2
Raisecom#config Raisecom(config)#create vlan vlan-list { active | suspend } Raisecom(config)#vlan vlan-id
Command
Description Enter global configuration mode. Create one or more VLANs. Create a VLAN and enter the VLAN configuration mode. Enter VLAN configuration mode. (Optional) configure the VLAN name. Activate/Suspend the VLAN.
3 4 5
Raisecom(config)#vlan vlan-id Raisecom(config-vlan)#name string Raisecom(config-vlan)#state { active | suspend }
VLANs that are created by using the vlan vlan-id command are in Suspend status. If you need them to take effect, you need to use the state command to activate them. By default, there is a VLAN in the system, that is, the default VLAN (VLAN 1). All interfaces in Activate mode belong to default VLAN 1. By default, the default VLAN (VLAN 1) is named as "Default" and the cluster VLAN (VLAN 2) has no name. Other VLANs are named as VLAN+4-digit VLAN ID. For example VLAN 3 is names as VLAN0003 while VLAN4094 is named as VLAN4094. All configurations of a VLAN cannot take effect until the VLAN is activated. When a VLAN is in Suspend status, you can also configure the VLAN, such as deleting/adding interfaces. The system will save these configurations. Once the VLAN is activated, these configurations will take effect.
2.3.3 Configuring interface modes

Step 1 2 3
Raisecom#config Raisecom(config)#interface interface-type
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Set the interface mode to Access or Trunk.
interface-number
Raisecom(config-port)#switchport mode { access | trunk }
2.3.4 Configuring VLANs based on Access interfaces

Step 1
Raisecom#config
Command
44
2 Ethernet
Step 2 3
interface-number
Command
Raisecom(config)#interface interface-type
Description Enter physical layer interface configuration mode. Set the interface mode to Access and add Access interfaces to the VLAN. (Optional) configure the allowed VLANs of the Access interface.
Raisecom(config-port)#switchport mode access Raisecom(config-port)#switchport access vlan
vlan-id
Raisecom(config-port)#switchport access egressallowed vlan { all | [ add | remove ] vlanlist } [confirm]
The interface permits Access VLAN packets passing regardless of configurations for VLAN list on the Access interface. The forwarded packets do not carry VLAN TAG. When configuring Access VLAN, the system will automatically create and activate a VLAN if you do not create and activate the VLAN in advance. If you manually delete or suspend an Access VLAN, the system will automatically configure the Access VLAN as the default VLAN. When Access VLAN is configured as a non-default Access VLAN, the default Access VLAN 1 is the VLAN that is allowed to pass on Access egress interface. You can delete the Access VLAN 1 by deleting the VLAN from Allowed VLAN list on Access egress interface. If the configured Access VLAN is not the default VLAN and there is no default VLAN in the VLAN list on the Access interface, the interface does not permit default VLAN packets passing.
2.3.5 Configuring VLANs based on Trunk interfaces

Step 1 2 3 4 5
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Set the interface mode to Trunk. Configure interface Native VLAN. (Optional) configure the allowed VLANs of the Trunk interface.
interface-number
Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan vlan-list Raisecom(config-port)#switchport trunk allowed vlan { all | vlan-list } [ confirm ] Raisecom(config-port)#switchport trunk allowed vlan { add add-vlan-list | remove vlan-list } Raisecom(config-port)#switchport trunk untagged vlan { all | vlan-list } [ confirm ] Raisecom(config-port)#switchport trunk untagged vlan { add vlan-list | remove vlan-list }
(Optional) configure VLANs whose Tags can be deleted on the Trunk interface.
45
2 Ethernet
The Trunk interface permits Native VLAN packets passing regardless of configurations for Trunk Allowed VLAN list and Trunk Untagged VLAN list on the interface. And forwarded packets do not carry VLAN TAG. When configuring a Native VLAN, the system will automatically create and activate a VLAN if you do not create and activate the VLAN in advance. If you manually delete or suspend a Native VLAN, the system will automatically set the interface Trunk Native VLAN as the default VLAN. The interface permits Trunk Allowed VLAN packets passing. If the VLAN is a Trunk Untagged VLAN, the VLAN TAG of the packet is removed on the egress interface. Otherwise, the packet is not modified. If the configured Native VLAN is not the default VLAN and there is no default VLAN in the VLAN list on the Trunk interface, the interface will not permit default VLAN packets passing. When configuring a Trunk Untag VLAN list, the system automatically adds all Untagged VLAN to the Trunk allowed VLAN.

No. 1 2 Command
Raisecom#show vlan Raisecom#show interface interfacetype interface-number switchport
Description Show VLAN configurations. Show interface VLAN configurations.
2.4 Configuring basic QinQ

Scenario
With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID. Therefore, the data between devices on both ends of the ISP network can be transparently transmitted, without conflicting with the VLAN ID in Carrier network.
Prerequisite
Before configuring basic QinQ, you must finish following operations:

Connect interfaces and configure physical parameters of interfaces. Make the physical layer Up. Create a VLAN.
46
2 Ethernet
2.4.2 Configuring basic QinQ

Step 1 2 3 4 5 6
Command
Description Enter global configuration mode. Enter interface configuration mode. (Optional) configure the TPID value. Enable basic QinQ on the interface. Add the Access interface to the VLAN. Add the Trunk interface to the VLAN.
interface-number
Raisecom(config-port)#mls double-tagging tpid
tpid
Raisecom(config-port)#switchport qinq dot1qtunnel Raisecom(config-port)#switchport access vlan
vlan-id
Raisecom(config-port)#switchport trunk native vlan vlan-id
2.4.3 Configuring egress interface to Trunk mode

Step 1 2 3
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure the egress interface to Trunk mode, allowing double Tag packets to pass.
interface-number
Raisecom(config-port)#switchport mode trunk

No. 1 Command
Raisecom#show switchport qinq
Description Show basic QinQ configurations.
2.5 Configuring selective QinQ

Scenario
Differentiated from basic QinQ, the outer VLAN Tag for selective QinQ can be selected according to service types. Set different VLAN IDs for services in the user network. Differentiate voice, video and data services in the ISP by adding different outer VLAN Tags to classify services when forwarding them, realizing the VLAN mapping between inner and outer VLAN tags.
2 Ethernet
Prerequisite
Before configuring selective QinQ, you must finish following operations:

2.5.2 Configuring selective QinQ

Step 1 2 3 4 5
Raisecom#config Raisecom(config)#mls double-tagging inner-tpid tpid
Command
Description Enter global configuration mode. (Optional) configure the TPID value of the inner Tag. Enter interface configuration mode. Configure the TPID value of the outer VLAN Tag on the interface. Configure VLAN-based selective QinQ on ingress interface.
interface-number
Raisecom(config-port)#mls double-tagging tpid tpid
Raisecom(config-port)#switchport vlan-mapping cvlan vlan-list [ cos cos-value ] add-outer vlan-id [ cos cos-value ]

No. 1 2 Command
Raisecom(config)#show switchport qinq Raisecom(config)#show interface interface-type interface-number vlan-mapping add-outer
Description Show basic QinQ configurations. Show selective QinQ configurations on the interface.
2.6 Configuring VLAN mapping

Scenario
Differentiated from QinQ, VLAN mapping only changes VLAN tag but does not encapsulate additional multilayer VLAN Tag. You just need to change VLAN Tag to make packets transmitted according to Carrier VLAN mapping rules, without increasing frame length of the original packet. VLAN mapping is used in following situations:

Map user services into one carrier VLAN ID. Map multi-user services into one carrier VLAN ID.
48
2 Ethernet
Prerequisite
Before configuring VLAN mapping, you must finish following operations:

2.6.2 Configuring 1:1 VLAN mapping

Step 1 2 3
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure interface-based 1:1 VLAN mapping rule.
interface-number
Raisecom(config-port)switchport vlanmapping { ingress | egress } [ outer ] vlan-list [ cos cos-value ] [ inner vlanlist ] [ cos cos-value ] translate [ outervid vlan-id ] [ outer-cos cos-value ] [ inner-vid vlan-id ] [ inner-cos cosvalue ]

No. 1 Command
Raisecom#show interface interface-type interface-number vlan-mapping { egress | ingress } translate
Description Show 1:1 VLAN mapping configurations.
2.7 Configuring loopback detection

Scenario
In the network, hosts or Layer 2 devices connected to access devices may form a loopback intentionally or involuntary. Enable loopback detection on downlink interfaces of all access devices to avoid the network congestion generated by unlimited copies of data traffic. Once a loopback is detected on a port, the interface will be blocked.
Prerequisite
Before configuring loopback detection, you need to configure physical parameters on an interface and make the physical layer Up.
49
2 Ethernet
2.7.2 Configuring loopback detection
Loopback detection and STP are mutually exclusive. They cannot be enabled simultaneously. For directly connected devices, you cannot enable loopback detection on both ends simultaneously. Otherwise, interfaces on both ends will be blocked. Step 1 2 3 Command
Raisecom#config Raisecom(config)#loopback-detection enable interface-type interface-list Raisecom(config)#loopback-detection mode { port-based | vlan-based }
Description Enter global configuration mode. Enable loopback detection on an interface. (Optional) configure the loopback detection mode. By default, the loopback detection is set to VLAN-based loopback detection.
Raisecom(config)#loopback-detection loop { discarding | trap-only | shutdown } interface-type interface-
list
(Optional) configure the mode for an interface to process loopback detection packets from other interfaces.
To ensure that loopback detection runs properly, we recommend selecting the discarding mode. In addition, the iTN165CES supports up to 15 VLAN-based loopback detection. 5
Raisecom(config)#loopback-detection hello-time period
Configure the interval for sending loopback detection packet. By default, the interval is set to 4s.
Raisecom(config)#loopback-detection down-time { second | infinite }
(Optional) configure the time to automatically restore the blocked interface caused by loopback. By default, it is set to infinite.
Raisecom(config)#loopback-detection loop upstream interface-type interfacelist [ delete-vlan ]
(Optional) configure the processing mode of the uplink interface when it detects a loopback.

No. 1 2 Command
Raisecom#show loopback-detection [ interface-type interface-list ] Raisecom#show loopback-detection statistics [ interface-type interface-list ]
Description Show interface-based loopback detection configurations. Show loopback detection statistics.
50
2 Ethernet
No. 3
Command
Raisecom#show loopback-detection block-vlan [ interface-type interface-list ] Raisecom#show loopback-detection vlan-list vlan-list
Description Show information about the blocked VLAN.
Show VLAN-based loopback detection configurations.
2.8 Configuring interface protection

Scenario
To isolate Layer 2/Layer 3 data in an interface protection group and provide physical isolation between interfaces, you need to configure interface protection. By adding interfaces that need to be controlled to an interface protection group, you can enhance network security and provide flexible networking scheme for users.
Prerequisite
N/A
2.8.2 Configuring interface protection

Step 1 2 3
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable interface protection. By default, downlink interfaces are isolated from each other.
interface-number
Raisecom(config-port)#switchport protect

No. 1 Command
Raisecom#show switchport protect
Description Show interface protection configurations.
51
2 Ethernet
2.9 Configuring Layer 2 protocol transparent transmission

Scenario
In the ISP, destination multicast addresses for some Layer 2 protocol packets cannot be forwarded. The Layer 2 protocol transparent transmission is configured to make the Layer 2 protocol packet of the user network traverse the ISP network and to realize the Layer 2 protocol run in the same user network at different locations. With the Layer 2 protocol transparent transmission, you can modify the multicast addresses for Layer 2 protocol packets, forwarding them across the ISP. In addition, you can decapsulate the modified multicast address to the original one on the egress interface. Therefore, the same user network at different locations can run the same Layer 2 protocol.
Prerequisite
Before configuring the Layer 2 protocol f transparent transmission, you need to configure physical parameters on an interface and make the physical layer Up.
2.9.2 Configuring transparent transmission parameters

Step 1 2 Command
Raisecom#config Raisecom(config)#relay destinationaddress mac-address
Description Enter global configuration mode. (Optional) configure the destination MAC address of a Layer 2 protocol packet. By default, the destination MAC address is set to 010E.5E00.0003. The multicast destination MAC address should not begin with 0180C2/010E5E. However, the default value (010E.5E00.0003) is excluded.
3 4 5
Raisecom(config)#relay cos cos-value
(Optional) configure the CoS value of a Layer 2 protocol packet. Enter interface configuration mode. (Optional) specify the egress interface for a Layer 2 protocol packet. By default, no egress interface is specified for a Layer 2 protocol packet. Other interfaces can transmit the Layer 2 protocol packet transparently.
Raisecom(config)#interface interface-
type interface-number
Raisecom(config-port)#relay
Raisecom(config-port)#relay vlan
vlan-id
(Optional) specify a VLAN for a Layer 2 protocol packet. By default, no VLAN is specified for a Layer 2 protocol packet. All VLANs under the interface allow the Layer 2 protocol packet to pass.
52
2 Ethernet
Step 7
Command
Raisecom(config-port)#relay { all | cdp | dot1x | lacp | pvst | stp | vtp }
Description Configure transparent transmission packet types on an interface and disable related protocols.

No. 1 2 Command
Raisecom#show relay [ interface-type interface-list ] Raisecom#show relay statistics [ interface-type interface-list ]
Description Show Layer 2 protocol transparent transmission configurations. Show transparent transmission packet statistics.
2.10 Configuring ARP

Scenario
The mapping relationship between IP addresses and MAC addresses is saved in the ARP address table. In general, ARP address entries are dynamically maintained by the device. The device automatically finds the mapping relationship between IP addresses and MAC addresses based on ARP. You can manually configure the device just for preventing ARP dynamic learning fraud and for adding static ARP address entries.
Prerequisite
N/A
2.10.2 Configuring ARP address entries
When you configure static ARP address entries, IP addresses of these static ARP address entries must be at the IP network of Layer 3 interfaces on the iTN165-CES. Step 1 2
Raisecom#config Raisecom(config)#arp ip-address mac-address
Command
Description Enter global configuration mode. Enter static ARP address entries.
53
2 Ethernet
Step 3
Command
Raisecom(config)#arp aging-time second
Description Configure the aging time of dynamic ARP address entries. By default, the aging time is set to 1200s.
Raisecom(config)#arp mode { learn-all | learn-reply-only }
Configure the ARP learning mode. By default, the ARP learning mode is set to learn-reply-only. Enter IP interface configuration mode. Enable ARP dynamic learning on the IP interface. By default, ARP dynamic learning is enabled.
5 6
Raisecom(config)#interface ip interface-
number
Raisecom(config-ip)#arp learning enable
Raisecom(config-ip)#arp max-learning-num
max-learning-num
Configure the threshold of dynamicallylearned ARP address entries.

No. 1 2 3 4 Command
Raisecom#show arp Raisecom#show arp ip-address
Description Show configurations on all entries in the ARP address table. Show configurations on ARP address entries related to a specified IP address. Show configurations on ARP address entries related to Layer 3 interfaces, Show configurations on static ARP address entries.
Raisecom#show arp ip if-number
Raisecom#show arp static
2.11 Configuring port mirroring

Scenario
Port mirroring is used for the administrator to monitor data traffic in a network. By mirroring traffic on a mirroring port to a monitor port, the administrator can get traffics that have fault and anomaly. The port mirroring is used to locate, analyze and resolve faults.
Prerequisite
N/A
54
2 Ethernet
2.11.2 Configuring port mirroring
There can be multiple mirroring ports. However, there is only one monitor port. After port mirroring takes effect, packets on both ingress and egress ports will be copied to the monitor port. The mirroring port and the monitor port should not be the same one. Command Description Enter global configuration mode. Enable the port mirroring. By default, the port mirroring is disabled.
Step 1 2
Raisecom#config
Raisecom(config)#mirror enable
Raisecom(config)#mirror monitor-port
Configure the monitor port. By default, the monitor port index is set to 1.
Packets that are mirrored to the monitor port will not follow VLAN configurations on the mirroring port and all packets can pass the interface. 4
Raisecom(config)#mirror source-port-list { both | ingress | egress } interface-
type interface-list
Configure the mirroring port and the mirroring rules. By default, there is no mirroring port.
When a mirroring port list is configured on the ingress or egress port, the mirroring port list on the other port will be automatically cleared. 5
Raisecom(config)#mirror monitor-cpu
(Optional) mirror packets to the CPU.

No. 1 Command
Raisecom(config)#show mirror
Description Show port mirroring configurations.
55
2 Ethernet
2.12 Maintenance
Command
Raisecom(config)#clear mac-addresstable { all | dynamic | static } Raisecom(config)#search mac-address mac-address { all | dynamic | static } [ interace-type interface-number ] [ vlan vlan-id ] Raisecom(config)#clear relay statistics [ interface-type interfacelist ] Raisecom(config-port)#clear loopbackdetection statistic
Description Clear MAC addresses. Search MAC addresses.
Clear Layer 2 transparent transmission packet statistics. Clear loopback detection statistics.

2.13.1 Examples for configuring MAC address table
As shown in Figure 2-11, LAN 1 and LAN 2 are in VLAN 10. The MAC address of PC 1 is 000e.5e01.0105 and the MAC address of PC 2 is 000e.5e02.0207. PC 2 accessed the network illegally by using the MAC address of PC 1. To prevent PC 2 from accessing the network without influencing other devices accessing the network through Client 2, perform the following operations.

On Client 1 of the iTN, configure a static MAC address entry that is related to the MAC address of PC 1 and disable dynamic MAC address learning. On Client 2 of the iTN, set the MAC address of PC 2 to a blackhole MAC address and enable dynamic MAC address learning. Set the aging time to 400s.
56
2 Ethernet
Figure 2-11 Configuring MAC address table
Configuration steps
Step 1 Create VLAN 10 and then add interfaces to VLAN 10.
Raisecom#config Raisecom(config)#create vlan 10 active Raisecom(config)#interface client 1 Raisecom(config-port)#switchport mode access Raisecom(config-port)#switchport access vlan 10 Raisecom(config-port)#exit Raisecom(config-port)#interface client 2 Raisecom(config-port)#switchport mode access Raisecom(config-port)#switchport access vlan 10 Raisecom(config-port)#exit
Step 2 On Client 1, configure a static unicast MAC address (000e.5e01.0105), which belongs to VLAN 10 and disable dynamic MAC address learning.
Raisecom(config)#mac-address-table static unicast 000e.5e01.0105 vlan 10 client 1 Raisecom(config)#mac-address-table learning disable client 1
Step 3 On Client 1, configure a blackhole MAC address (000e.5e02.0207), which belongs to VLAN 10, enable dynamic MAC address learning, and set the aging time to 400s.
Raisecom(config)#mac-address-table blackhole 000e.5e02.0207 vlan 10
57

Raisecom(config)#mac-address-table learning enable client 2 Raisecom(config)#mac-address-table aging-time 400
2 Ethernet
Raisecom#write
Checking results
Use the show mac-address-table l2-address command to show MAC address configurations.
Raisecom#show mac-address-table l2-address Aging time:400 seconds Mac Address Port Vlan Flags ---------------------------------------------000E.5E01.0105 client1 10 static 000E.5E02.0207 -10 blackhole
2.13.2 Example for configuring VLAN and interface protection

As shown in Figure 2-12, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN 20. iTN A and iTN B are connected through a Trunk interface and disallow packets of VLAN 20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other. Enable interface protection on PC 1 and PC 2 to make them fail to communicate. However, PC 1 and PC 2 can communicate with PC 5 respectively.
58
2 Ethernet
Figure 2-12 Configuring VLAN
Configuration steps
Step 1 Create and activate VLAN 10 and VLAN 20 on iTN A and iTN B respectively.
Configure iTN A.
iTNA#config iTNA(config)#create vlan 10,20 active
Configure iTN B.
iTNB#config iTNB(config)#create vlan 10,20 active
Step 2 Add client 1 (Access) and client 2 (Access) of iTN B to VLAN 10. Add client 3 (Access) to VLAN 20. The line1 interface is in Trunk mode and allows packets of VLAN 10 to pass.
iTNB(config)#interface client 1 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 10 iTNB(config-port)#exit iTNB(config)#interface client 2 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 10 iTNB(config-port)#exit iTNB(config)#interface client 3
59

iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 20 iTNB(config-port)#exit iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport trunk allow vlan 10 iTNB(config-port)#exit
2 Ethernet
Step 3 Add client 2 (Access) of iTN A to VLAN 10. Add client 1 (Trunk) to VLAN 20. The line1 interface is in Trunk mode and allows packets of VLAN 10 to pass.
iTNA(config)#interface client 2 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 10 iTNA(config-port)#exit iTNA(config)#interface client 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk native vlan 20 iTNA(config-port)#exit iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allow vlan 10
Step 4 Enable interface protection on client 1 and client 2 of iTN B.
iTNB(config)#interface client 1 iTNB(config-port)#switchport protect iTNB(config-port)#exit iTNB(config)#interface client 2 iTNB(config-port)#switchport protect
Step 5 Save configurations of iTN A and iTN B, taking iTN A for an example.
iTNA#write
Checking results
Use the show vlan command to show VLAN configurations. Take iTN B for an example.
iTNB#show vlan VLAN Name State Status Port Untag-Port Priority Create-Time ---------------------------------------------------------------------
60

1 2 10 20 Default VLAN0010 VLAN0020 active active active active static other static static L:1,2;C:1-4 L:1,2;C:1-4 L:1;C:1,2 C:3 L:1,2;C:1-4 -n/a -C:1,2 -C:3 --
2 Ethernet
0:0:15 0:0:17 1:0:50 0:0:26
Use the show interface interface-type interface-number switchport command to show VLAN configurations on an interface. Take iTN B for an example.
iTNB#show interface client 1 switchport Interface: client 1 Administrative Mode: access Operational Mode: access Access Mode VLAN: 10 Administrative Access Egress VLANs: 1 Operational Access Egress VLANs: 1,10 Trunk Native Mode VLAN: 1 Administrative Trunk Allowed VLANs: 1-4094 Operational Trunk Allowed VLANs: n/a Administrative Trunk Untagged VLANs: 1 Operational Trunk Untagged VLANs: 1
Use the show switchport protect command to show interface protection configuration. Take iTN B for an example.
iTNB#show switchport protect Port Protected State -------------------------L:1 disable L:2 disable C:1 enable C:2 enable C:3 disable
By executing the ping command between PC 1 and PC 5, PC 2 and PC 5, PC 3 and PC 4 to check VLAN configurations on the Trunk interface.

If PC1 can ping through PC 5, VLAN 10 communicates properly. If PC 2 can ping through PC 5, VLAN 10 communicates properly. If PC 3 cannot ping through PC 4, VLAN 20 communicates improperly.
By executing the ping command between PC 1 and PC 2, check interface protection configurations.
If PC1 cannot ping through PC 2, interface protection takes effect.
61
2 Ethernet
2.13.3 Examples for configuring basic QinQ

As shown in Figure 2-13, iTN A and iTN B are connected to VLAN 100 and VLAN 200 respectively. To communicate through the ISP, Department A and Department C, Department B and Department D should set the outer Tag to VLAN 1000. Configure client 2 and client 3 on iTN A and iTN B working in dot1q-tunnel mode and being connected to VLAN 100 and VLAN 200. line 1 is used to connect the ISP network, which works in Trunk mode and allows packets with double tag to pass. The TPID is set to 0x9100. Figure 2-13 Configuring basic QinQ
Configuration steps
Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000.
Configure iTN A.
iTNA#config iTNA(config)#create vlan 100,200,1000 active
Configure iTN B.
62

iTNB#config iTNB(config)#create vlan 100,200,1000 active
2 Ethernet
Step 2 Configure client 2 and client 3 working in dot1q-tunnel mode.
Configure iTN A.
iTNA(config)#interface client 2 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 1000 iTNA(config-port)#switchport qinq dot1q-tunnel iTNA(config-port)#exit iTNA(config)#interface client 3 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 1000 iTNA(config-port)#switchport qinq dot1q-tunnel iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface client 2 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 1000 iTNB(config-port)#switchport qinq dot1q-tunnel iTNB(config-port)#exit iTNB(config)#interface client 3 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 1000 iTNB(config-port)#switchport qinq dot1q-tunnel iTNB(config-port)#exit
Step 3 Configure line 1 allowing packets with double Tag to pass. Set the TPID value to 0x9100.
Configure iTN A.
iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#mls double-tagging tpid 9100 iTNA(config-port)#switchport trunk allowed vlan 1000 iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk
63

iTNB(config-port)#mls double-tagging tpid 9100 iTNB(config-port)#switchport trunk allowed vlan 1000 iTNB(config-port)#exit
2 Ethernet
iTNA#write
Checking results
Use the show switchport qinq command to show QinQ configurations. Take iTN A for an example.
iTNA#show switchport qinq Inner TPID:: 0x8100 Port QinQ Status Outer TPID on port ---------------------------------------------------L:1 -0x9100 L:2 -0x8100 C:1 -0x8100 C:2 Dot1q-tunnel 0x8100 C:3 Dot1q-tunnel 0x8100 C:4 -0x8100 C:5 -0x8100 C:6 -0x8100
2.13.4 Examples for configuring selective QinQ

As shown in Figure 2-14, services in the ISP are divided in to PC service and IP service. Therefore, configure the PC service with VLAN 1000 and configure the IP service with VLAN 2000. Perform following configurations on iTN A and iTN B. Add outer Tag VLAN 1000 to VLANs 100150 that are assigned to PC service. Add outer Tag VLAN 2000 to VLANs 300400 that are assigned to IP service. Make users properly communicate with the server through the ISP. The TPID is set to 0x9100.
64
2 Ethernet
Figure 2-14 Configuring selective QinQ
Configuration steps
Step 1 Create and activate VLANs.
Configure iTN A.
iTNA#config iTNA(config)#create vlan 100-150,300-400,1000,2000 active
Configure iTN B.
iTNB#config iTNB(config)#create vlan 100-150,300-400,1000,2000 active
Step 2 Configure client 2 and client 3 working in dot1q-tunnel mode.
Configure iTN A.
iTNA(config)#interface client 2 iTNA(config-port)#switchport mode trunk
65
2 Ethernet
iTNA(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000 iTNA(config-port)#switchport trunk untagged vlan 1000,2000 confirm iTNA(config-port)#exit iTNA(config)#interface client3 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000 iTNA(config-port)#switchport trunk untagged vlan 1000,2000 confirm iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface client 2 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000 iTNB(config-port)#switchport trunk untagged vlan 1000,2000 confirm iTNB(config-port)#exit iTNB(config)#interface client 3 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000 iTNB(config-port)#switchport trunk untagged vlan 1000,2000 confirm iTNB(config-port)#exit
Step 3 Configure client 1 allowing packets with double Tag to pass. Set the TPID value rto 0x9100.
Configure iTN A.
iTNA(config)#interface client 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#mls double-tagging tpid 9100 iTNA(config-port)#switchport trunk allowed vlan 1000,2000 confirm iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface client 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#mls double-tagging tpid 9100 iTNB(config-port)#switchport trunk allowed vlan 1000,2000 confirm iTNB(config-port)#exit
iTNA#write
66
2 Ethernet
Checking results
Use the show interface interface-type [ interface-number ] vlan-mapping add-outer command to show QinQ configurations. Take iTN A for an example.
iTNA#show interface client 2 vlan-mapping add-outer Based outer VLAN QinQ mapping rule: Original Original Add-outer Add-outer Hardware Hardware Port Outer VLAN COS VLAN COS Status ID ------------------------------------------------------------------------C2 100-150 -1000 -Enable 1 iTNA#show interface client 3 vlan-mapping add-outer Based outer VLAN QinQ mapping rule: Original Original Add-outer Add-outer Hardware Hardware Port Outer VLAN COS VLAN COS Status ID ------------------------------------------------------------------------C3 300-400 -2000 -Enable 2
2.13.5 Examples for configuring VLAN mapping

As shown in Figure 2-15, client 2 and client 3 of iTN A is connected to Department A and Department B. Department A is in VLAN 100 and Department B is in VLAN 200. client 2 and client 3 of iTN B are connected to Department C and Department D. Department C is in VLAN 100 and Department D is in VLAN 200. To make Departments A and C and Department B and D communicate with each other, you can configure 1:1 VLAN mapping on iTN A and iTN B. In the ISP, VLAN 1000 is assigned to Department A and Department C for transmitting data. VLAN 2008 is assigned to Department B and Department D for transmitting data.
67
2 Ethernet
Figure 2-15 Configuring VLAN mapping
Configuration steps
Configurations on iTN A and iTN B are identical. Therefore, only configurations on iTN A are described. Step 1 Create and activate VLANs.
Raisecom#config Raisecom(config)#create vlan 100,200,1000,2008 active
Step 2 Configure line 1 working in Trunk mode, allowing packets of VLAN 100, VLAN 200, VLAN 1000, and VLAN 2008 to pass. Enable VLAN mapping on line 1.
iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allowed vlan 100,200,1000,2008 iTNA(config-port)#switchport vlan-mapping egress 100 translate 1000 iTNA(config-port)#switchport vlan-mapping egress 200 translate 2008 iTNA(config-port)#exit
68
2 Ethernet
Step 3 Configure client 2 working in Access mode, allowing packets of VLAN 100 and VLAN 1000 to pass. Enable VLAN mapping on client 2.
iTNA(config)#interface client 2 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 100 iTNA(config-port)#switchport access vlan 1000 iTNA(config-port)#switchport vlan-mapping egress 1000 translate 100 iTNA(config-port)#exit
Step 4 Configure client 3 working in Trunk mode, allowing packets of VLAN 200 and VLAN 2008 to pass. Enable VLAN mapping on client 3.
iTNA(config)#interface client 3 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allowed vlan 200,2008 iTNA(config-port)#switchport vlan-mapping egress outer 2008 outer translate 200 iTNA(config-port)#exit
iTNA#write
Checking results
Use the show interface interface-type interface-number vlan-mapping egress translate command to show 1:1 VLAN mapping configurations.
iTNA(config)#show interface client 2 vlan-mapping egress translate Direction: Egress Based outer-inner VLAN QinQ mapping rule: ----------------------------------------Interface : C2 Hardware-ID: 5 Original Outer VLANs: 1000 Original Outer COS: -Original Inner VLANs: -Original Inner COS: -Outer-tag Mode: Translate New Outer-VID: 100 New Outer-COS: -Inner-tag Mode: -New Inner-VID: -New Inner-COS: --
69
2 Ethernet
2.13.6 Examples for configuring loopback detection

As shown in Figure 2-16, line 1 of iTN A is connected to the core network. client 1 and client 2 of iTN A are connected to the user network. Enable loopback detection on iTN A to detect the loop generated in the user network immediately and block the related interface. Figure 2-16 Configuring loopback detection
Configuration steps
Step 1 Create VLAN 3 and add client 1 and client 2 to VLAN 3.
Raisecom(config)#create vlan 3 active Raisecom(config)#interface client 1 Raisecom(config-port)#switchport access vlan 3 Raisecom(config-port)#exit Raisecom(config)#interface client 2 Raisecom(config-port)#switchport access vlan 3 Raisecom(config-port)#exit
Step 2 Enable loopback detection on client 1 and client 2.
Raisecom(config)#loopback-detection enable client 1-2 Raisecom(config)#loopback-detection hello-time 3
70

Raisecom#write
2 Ethernet
Checking results
Use the show loopback-detection command to show loopback detection status on client 2.
Raisecom#show loopback-detection client 2 Destination address: ffff.ffff.ffff Mode:Vlan-based Period of loopback-detection:3s Restore time:infinite Port PortState State Status loop vlanlist --------------------------------------------------------------------C2 Down Ena no trap-only --
2.13.7 Examples for configuring Layer 2 protocol transparent transmission

As shown in Figure 2-17, iTN A and iTN B are connected to VLAN 100 and VLAN 200 respectively. To make users in the same network run STP, you need to configure Layer 2 protocol transparent transmission on iTN A and iTN B, Figure 2-17 Configuring Layer 2 protocol transparent transmission
Configuration steps
Step 1 Create and activate VLAN 100 and VLAN 200.
Configure iTN A.
iTNA#config iTNA(config)#create vlan 100,200 active
71
2 Ethernet
Configure iTN B.
iTNB#config iTNB(config)#create vlan 100,200 active
Step 2 Configure client 1 working in Access mode; set the Access VLAN to 100; enable STP.
Configure iTN A.
iTNA(config)#interface client 1 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 100 iTNA(config-port)#relay stp iTNA(config-port)#relay line 1 iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface client 1 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 100 iTNB(config-port)#relay stp iTNB(config-port)#relay line 1 iTNB(config-port)#exit
Step 3 Configure client 2 working in Access mode; set the Access VLAN to 200; enable STP.
Configure iTN A.
iTNA(config)#interface client 2 iTNA(config-port)#switchport mode access iTNA(config-port)#switchport access vlan 200 iTNA(config-port)#relay stp iTNA(config-port)#relay line 1 iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface client 2 iTNB(config-port)#switchport mode access iTNB(config-port)#switchport access vlan 200 iTNB(config-port)#relay stp iTNB(config-port)#relay line 1 iTNB(config-port)#exit
72
2 Ethernet
Step 4 Configure line 1 working in Trunk mode.
Configure iTN A.
iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit
iTNA#write
Checking results
Use the show relay command to show Layer 2 protocol transparent transmission configurations on client 1. Take iTN A for an example.
iTNA#show relay COS for Encapsulated Packets: 5 Destination MAC Address for Encapsulated Packets: 010E.5E00.0003 Port vlan Egress-Port Protocol Drop-Threshold Shutdown-Threshold --------------------------------------------------------------------C1(up) -line1 stp(enable) --dot1x --lacp --cdp --vtp --pvst ---
2.13.8 Examples for configuring ARP

As shown in Figure 2-18, the iTN device is connected to PCs. The iTN device is connected to the Router through line 1. The IP address of the Router is set to 192.168.1.10/24 and the MAC address is set to 0050.8D4B.FD1E.
2 Ethernet
Set the aging time of dynamic ARP address entries to 600s. To improve the security on communication between the iTN device and Router, you need to configure the related static ARP entry on the iTN device. Figure 2-18 Configuring ARP
Configuration steps
Step 1 Add a static ARP entry.
Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e
Step 2 Set the aging time of dynamic ARP address entries to 600s.
Raisecom(config)#arp aging-time 600
Raisecom#write
Checking results
Use the show arp command to show all entries in the ARP address mapping table.
74

Raisecom#show arp Aging time: 600 seconds Ip Address Mac Address Type Interface ip ------------------------------------------------------192.168.1.10 0050.8d4b.fd1e static 0 Total: 1 Static: 1 Dynamic: 0
2 Ethernet
2.13.9 Examples for configuring port mirroring

As shown in Figure 2-19, user network 1 is connected to the iTN165 through Client 1 and user network 2 is connected to the iTN165through Client 2. The network administrator needs to monitor packets transmitted to and sent by user network 1 through the Monitor PC and then gets anomalous data traffic, analyze causes and address problems. The monitor PC is connected to the iTN165through Client 3. Figure 2-19 Configuring port mirroring
Configuration steps
Step 1 Enable port mirroring.
Raisecom#config Raisecom(config)#mirror enable
Step 2 Set Client 3 to the monitor port.
Raisecom(config)#mirror monitor-port client 3
75
2 Ethernet
Step 3 Set Client 1 to the mirroring port and set the mirroring rule to both.
Raisecom(config)#mirror source-port-list both client 1
Checking results
Use the show mirror command to show port mirroring configurations.
Raisecom(config)#show mirror Mirror: Enable Monitor port: client 3 -----------the ingress mirror rule----------Mirrored ports: client 1 -----------the egress mirror rule----------Mirrored ports: client 1
76
3 Clock synchronization
Clock synchronization
This chapter describes principles and configuration procedures of clock synchronization, as well as related configuration examples, including following sections:

Introduction Configuring clock synchronization based on synchronous E thernet Maintenance Configuration examples
The iTN165-4GE4E1S, iTN165-4GEE1S, and iTN165-4GEV35S support this feature.
3.1 Introduction
Physical-layer synchronization technologies are widely used in the traditional TDM network. Each node can extract clock signals from the physical link or the exterior synchronization interface. It selects the clock source with best quality from multiple clock sources, takes it as the local clock, and transmits it to the downstream devices. Therefore, it synchronizes clocks of all devices to the master reference clock by locking the host. The synchronous Ethernet technology adopted by the PTN has the similar principle, as shown in Figure 3-1. Step 1 iTN B outputs the clock with high precision to the physical-layer chip. Step 2 The physical-layer chip uses the clock to transmit the data. Step 3 Based on the clock data recovery technology integrated in the physical-layer chip, iTN A recovers the clock signals from the serial data flow and then transmits the clock signals to the clock sub-card. Step 4 After being processed by the clock sub-card, these clock signals are sent to other clocks through interfaces. Therefore, upstream clocks and downstream clocks are concatenated and clock synchronization is realized in PTN.
77
Figure 3-1 Principles of synchronous Ethernet
The clock synchronization mechanism of the synchronous Ethernet is mature and reliable. It can meet timing interface metrics defined by International Telecommunications Union Telecommunication Standardization Sector (ITU-T) G.832. In addition, it cannot be influenced by network load changes. However, because clock signals are transmitted along the clock link, the synchronous Ethernet technology asks all paths of the clock link to have the synchronous Ethernet feature. The iTN165-CES supports the synchronous Ethernet technology.
3.2 Configuring clock synchronization based on synchronous E thernet

Scenario
In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot when sending the digital pulse signal and the receiver can extract the pulse from the specified timeslot. To realize this, you must resolve the synchronization problem. The synchronous Ethernet technology can perform clock synchronization in the PTN. Because it does not support phase synchronization, synchronous Ethernet technology is applied for the base station, fixed network TDM relay, leased clock network relay, and wireless base stations which have no requirement on phase synchronization, such as Global System for Mobile Communications (GSM) and Wideband Code Division Multiple Access (WCDMA). The iTN165-CES supports selecting the optimum clock source automatically or selecting the specified clock source manually.
Prerequisite
N/A
78
3.2.2 Configuring clock source properties

Step 1 2 Command
Raisecom#config Raisecom(config)#synce enable
Description Enter global configuration mode. Enable synchronous Ethernet. By default, synchronous Ethernet is disabled on the iTN165-CES.
Raisecom(config)#synce source { line interface-number | external 2m interface-number | internal | pdh interface-number } priority
Configure the priority of the clock source. By default, the local crystal oscillator has the lowest priority and other clock sources are not configured with priority. (Optional) enable SSM quality level. By default, the iTN165-CES uses the standard SSM quality level to select the clock source. Configure the clock source management quality level. By default, no clock source management quality level is configured. Configure the mode for selecting the clock source. By default, the iTN165-CES selects the forced-free run mode. It means the iTN165-CES uses the local crystal oscillator as the clock source. Configure the iTN165-CES to search a line clock source from the outside of the ring network. By default, the iTN165-CES does not search a line clock source from the outside of the ring network.
priority
Raisecom(config)# synce qualitylevel { standard | extend }
Raisecom(config)#synce source { line interface-number | external 2m interface-number | internal | pdh interface-number } qualitylevel quality-level Raisecom(config)#synce operationtype { auto-select | forcedfreerun }
Raisecom(config)#synce source line interface-number ring-outside
Raisecom(config)#synce revertive enable Raisecom(config)#synce source { line interface-number | external 2m interface-number | pdh interface-number } wait-to-restoretime minutes Raisecom(config)#synce source { line interface-number | external 2m interface-number | pdh interface-number } hold-off-time
Enable auto reverse mode. By default, auto reverse mode is enabled. Configure the Wait To Restore (WTR) time of the clock source. By default, the WTR time of the clock source is set to 5 minutes. Configure the hold-off time of the clock source. By default, the hold-off time of the clock source is set to 1800ms. Configure the quality level threshold of the synchronous Ethernet packets. By default, the quality level threshold of the synchronous Ethernet packets is set to 0.
10
time
11
Raisecom(config)#synce qualitylevel transmit-threshold threshold
12
Raisecom(config)#synce trap enable
Enable synchronous Ethernet Trap. By default, synchronous Ethernet Trap is enabled.
79
3.2.3 Operating clock source manually

Step 1 2
Raisecom#config Raisecom(config)#synce manual-source { line interface-number | external 2m interfacenumber | internal | pdh interface-number } Raisecom(config)#synce forced-source { line interface-number | external 2m interfacenumber | internal | pdh interface-number } Raisecom(config)#synce lockout-source { line interface-number | external 2m interfacenumber | internal | pdh interface-number }
Command
Description Enter global configuration mode. Switch the clock source manually.
Switch the clock source forcibly.
Lock out the clock source manually.
3.2.4 Configuring input/output clock signals

Step 1 2 3 Command
Raisecom#config Raisecom(config)#clock-mgmt slot
Description Enter global configuration mode. Enter clock configuration mode. (Optional) enable 2 Mbit/s clock signal input and configure its mode. By default, 2 Mbit/s clock signal input is enabled on the iTN165-CES. Configure the quality level threshold of output 2 Mbit/s clock signals. By default, no threshold is configured.
slot-number
Raisecom(config-clock)#external2m interface-number mode { { e1 | e1-crc } [ sa sa-value ] | 2mhz } Raisecom(config-clock)# external-2m interface-number output shutdown-threshold quality-level quality-level

No. 1 2 3 4 Command
Raisecom#show synce [ source ]
Description Show configurations on clock synchronization based on synchronous Ethernet. Show synchronization status message based on synchronous Ethernet. Show clock signal configurations. Show extended SSM information of the synchronous Ethernet clock source.
Raisecom#show synce ssm [ source | statistic ] Raisecom#show clock-mgmt slot slot-id Raisecom#show synce source extend-ssm
80
3.3 Maintenance
Command
Raisecom(config)#clear synce ssm statistic Raisecom(config)#clock-mgmt trap enable
Description Clear synchronization status statistics of synchronous Ethernet. Enable clock sub-card Trap.

3.4.1 Examples for configuring clock synchronization based on synchronous Ethernet
As shown in Figure 3-2, iTN B accesses RNC through the 2 Mbit/s clock interface to get high-accurate clock signals and then transmits these clock signals to iTN A through Line 1. After receiving the clock signals, iTN A transmits them to Node B through Client 1. Figure 3-2 Configuring clock synchronization based on synchronous Ethernet
Configuration steps
Step 1 Configure clock source properties.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#synce enable iTNA(config)#synce operation-type auto-select iTNA(config)#synce source line 1 priority 1
81
iTNA(config)#synce source line 1 wait-to-restore-time 0
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#synce enable iTNB(config)#synce operation-type auto-select iTNB(config)#synce source external 2m 1 priority 1 iTNB(config)#synce source external 2m 1 wait-to-restore-time 0 iTNB(config)#synce source external 2m 1 quality-level 0
iTNA#write
Checking results
Use the show synce command to show clock synchronization configurations of the synchronous Ethernet. Show clock synchronization configurations on iTN A.
iTNA#show synce Synce : enable Synce running status(PLL): freerun(forced) Current clock source: line 1(Ql:0) Previous clock source: internal(Ql:8) Synce trap : enable Revertive mode : enable Transmit quality level threshold: 0 Latest switch time : 2011-08-18,15:38:21.381
Show clock synchronization configurations on iTN B.
iTNB#show synce Synce : enable Synce running status(PLL):lockedauto-select Current clock source: ext 2m 1(Ql:0) Previous clock source: internal(Ql:8) Synce trap : enable Revertive mode : enable Transmit quality level threshold: 0 Latest switch time : 2011-08-18,15:38:21.381
82
Use the show synce ssm command to show SSM status of the synchronous Ethernet. Show SSM status on iTN A.
iTNA#show synce ssm Quality level mode : enable Ssm source name : line 1 Ssm state : locked Ssm quality level : 0
Show SSM status on iTN B.
iTNB#show synce ssm Quality level mode : enable Ssm source name : external 2m 1 Ssm state : locked Ssm quality level : 0
83
4 MPLS-TP
MPLS-TP
This chapter describes principles and configuration procedures of MPLS-TP, as well as related configuration examples, including following sections:

Introduction Configuring basic functions of MPLS Configuring static LSP Configuring MPLS L2VPN Configuring MPLS-TP OAM Configuring MPLS-TP linear protection switching Maintenance Configuration examples
4.1 Introduction
4.1.1 Network structure
The MPLS-TP network structure is identical to the MPLS network structure, as shown in Figure 4-1. The MPLS network is composed by the Label Switching Router (LSR). The network area composed by the LSR is called MPLS domain. The LSP locates at the edge of the MPLS domain and connects other networks is called Label Edge Router (LER). The LSR in the MPLS domain can also be called the Core LSR. If a LSR has one or more neighbouring nodes that do not operate MPLS, this LSR is a LER. The LSR, whose neighbouring nodes operate MPLS, is a core LSR.
84
4 MPLS-TP
Figure 4-1 MPLS network structure
4.1.2 Basic concepts

With multi-year development, the MPLS technology has a complete structure. Although MPLS-based functions are developed gradually, the basic structure of the MPLS is not changed. RFC3031 and RFC3032 describe the basic structure of MPLS in detail.
FEC
Forwarding Equivalence Class (FEC) is a term used to describe a set of packets with similar and/or identical characteristics (destination IP address, forwarding path, and Class of Service). Packets in the same FEC may be forwarded the same way in the MPLS network.
Label
The label is a short fixed length physically contiguous identifier which is used to identify a FEC, usually of local significance. In some case, such as performing load sharing, a FEC may have multiple labels simultaneously. However, a label belongs to a FEC only. Each label is represented by 4 bytes, as shown in Figure 4-2. Each label is broken down the following fields:

Label: this 20-bit field carries the actual value of the label. It is used to identify a FEC. Exp: Experimental Use. This 3-bit filed is used to experimental use. In general, it is used to identify the Class of Service (CoS). S: Bottom of Stack. It is a 1-bit field. MPLS supports multiple labels. This bit is set to 1 for the last entry in the label stack (i.e., for the bottom of the stack). Time To Live (TTL): This 8-bit field is used to encode a time-to-live value. Whenever a packet passes through a router, its TTL gets decremented by 1; if the TTL reaches 0 before the packet has reached its destination, the packet gets discarded.
85
4 MPLS-TP
Figure 4-2 Structure and encapsulation position of the label
LSR
The LSR is a network device for switching and forwarding MPLS labels. It is also called a MPLS node. LSR is the basic element of the MPLS network. All LSRs support the MPLS.
LER
The LSR locating at the edge of the MPLS domain is called a LER. If a LSR has one or more neighbouring nodes that do not operate MPLS, this LSR is a LER. LER is responsible for assigning FECs for packets entering the MPLS domain and pushing labels for these FECs to forward packets. When packets leave from the MPLS domain, the labels are popped out and then packets are forwarded.
LSP
The path along which the same FEC traverses the MPLS network is called the LSP. In terms of function, LSP acts as the virtual circuit of the ATM and Frame Relay (FR). It is a unidirectional path from the ingress interface to the egress interface.
Ingress node, Transit node, and Egress node

The LSP is a unidirectional path. LSRs on the LSP can be divided into the following types:
Ingress node: the begin mode of the LSP. One LSP has an Ingress node only. The Ingress node is responsible for pushing labels for packets to encapsulate them into MPLS packets for forwarding. Transit node: middle node of the LSP. One LSP may have multiple Transit Nodes. The Transit node is responsible for looking up the label forwarding table to forward MPLS packets by switching labels. Egress node: the end node of the LSP. One LSP has an Egress node only. The Egress node is responsible for popping out the label and recovering the packets to the original ones for forwarding.
Label space
The label space is the mode used to specify the label distribution and assignment. It is divided into the following 2 types:

Per-Platform Label Space: the whole LSR can only generate a unique label for the specified FEC. Per-Interface Label Space: each interface of the LSR can generate a label for a specified FEC.
86
4 MPLS-TP
Label stack
The label stack is an ordered set of labels. MPLS packets support carrying multiple labels simultaneously. The label closer to the Layer 2 header is called a top label or an outer label. The label closer to the IP header is called a bottom label or an inner label. Theoretically, the MPLS label can be embedded infinitely. Figure 4-3 Structure of the label stack
The label stack organizes labels in a Last In First Out form. It processes labels from the top of the stack.
Operations of label
Operations of a label include push, swap, and pop. They are basic actions for label forwarding and components of the label forwarding table.
Push: when an IP packet enters the MPLS network, the MPLS edge device inserts a new label between the Layer 2 header and the IP header of the IP packet. Or the MPLS middle device adds a new label on the top of the stack (embed and encapsulate the label) as required. Swap: when the MPLS packet is forwarded across the MPLS network, based on the label forwarding table, the top label of the MPLS packet is deleted and a label assigned by the next-hop device is added. Pop: when the MPLS packet leaves form the MPLS network, the label is removed.
Figure 4-4 Operation process of a label
Label distribution and label retention

The label distribution process is shown as below: Step 1 Group packets which have an identical destination address into a FEC.
4 MPLS-TP
Step 2 Get a label from the MPLS label pool and distribute it to the FEC. Step 3 The LSR records the relationship between the label and the FEC and encapsulates it to a message. And then it sends the message to the upstream LSR, As shown in Figure 4-5, LSR-C groups packets, to be sent to 192.168.1.0/24, into a FEC. And then it distributes a label to the FEC and notifies the upstream LSR. Therefore, the label is distributed by the downstream LSR. Figure 4-5 Label distribution
There are 2 modes for distributing labels: Downstream Unsolicited (DU) and Downstreamon-Demand (DoD).
DU: after the LDP session is established successfully. The downstream LSP sends a Label Mapping Message (LMM) to the upstream LSR automatically. The upstream LSR saves the LMM and processes it based on the routing table. DoD: the upstream LSR sends a Label Request Message (LRM) to the downstream LSR, which includes descriptions about the FEC. The downstream LSR distributes a label to the FEC and sends the LMM to the upstream LSR. The time for the downstream LSR sending LMM depends on the label distribution control mode used by the downstream LSR. There are Ordered and Independent label distribution control modes.
Ordered label distribution control mode: a LSR cannot send the LMM to the upstream LSR unless it receives the LMM sent by the downstream LSR. Independent label distribution control mode: a LSR sends LMM to the upstream LSR immediately regardless of whether it receives a LMM sent by the downstream LSR.
In general, the upstream LSR selects its downstream LSR based on the routing information, as shown in Figure 4-5. LSRs on LSP 1 use the Ordered label distribution control mode while LSR E on LSP 2 uses the Independent label distribution control mode. Label retention refers to a mode for a current LMM that is received but not used by a LSR. There are 2 label retention modes: liberal label retention and conservative label retention.
Liberal label retention: the device reserves the LMM sent by the neighbor LSR regardless of whether the neighbor LSP is the next-hop address of the specified FEC. In this mode, the device can adapt to the network topology change quickly. It reduces the convergence time of LSP when the routing converged or the next-hop address is changed.
88
4 MPLS-TP
Conservative label retention: the device reserves the LMM sent by the neighbor LSR only when the neighbor LSP is the next-hop address of the specified FEC. In this mode, memory and label space are saved.
Label distribution protocols

The label distribution protocol is a MPLS control protocol (also called signaling protocol), used to classify FECs, distribute labels, as well as establish and maintain LSPs. MPLS can use multiple LDPs, such as Label Distribution Protocol (LDP), Constraint-Routing Label Distribution Protocol (CR-LDP), Resource Reservation Protocol Traffic Engineering (RSVP-TE), and Multiprotocol Extensions for Border Gateway Protocol (MP-BGP).
4.1.3 Static LSP

MPLS needs to assign labels for packets in advance and establish a LSP. And then it can forward packets. Labels are assigned by the downstream device and distributed to the upstream devices as shown in Figure 4-6. The downstream LSR partitions FECs based on the IP routing table and assigns labels to specified FECs. And then the downstream LSR informs the upstream LSR through the label distribution protocol to establish a label forwarding table and LSP. Figure 4-6 Networking with static LSP
LSPs are divided into static LSP and dynamic LSP.

Static LSP: manually configured by the administrator Dynamic LSP: dynamically established by using the routing protocol and the label distribution protocol
At present, the iTN165-CES supports the static LSP only. The static LSP is established by the administrator by manually assigning labels for all FECs. To manually assign labels, the egress label value of the last node is the ingress label value of the next mode. For the static LSP, all LSRs cannot sense each other and then learn status of the whole LSP. Therefore, the static LSP is of local significance.
Configure the Ingress node of the static LSP and enable MPLS on the egress interface. If there is the Address Resolution Protocol (ARP) information of the next-hop device on the iTN165-CES, the static LSP is in UP status regardless of whether it has the Transit/Egress node. If the Ingress node needs to push the label correctly, there must be a routing entry (including the destination address, next-hop address, and mask) in the local routing table, which is accurately matched with the specified destination IP address. Configure the Transit node of the static LSP and enable MPLS on both ingress and egress interfaces. If the physical layer and protocol layer of ingress and egress interfaces are in UP status and there is the Address Resolution Protocol (ARP) information of the
89
4 MPLS-TP
next-hop device on the iTN165-CES, the static LSP is in UP status regardless of whether it has the Ingress /Egress/other Transit nodes.
Configure the Egress node of the static LSP and enable MPLS on the ingress interface. If the physical layer and protocol layer of the ingress interface are in UP status and there is the Address Resolution Protocol (ARP) information of the next-hop device on the iTN165-CES, the static LSP is in UP status regardless of whether it has the Ingress/Transit nodes.
The static LSP does not use the label distribution protocol and does not exchange the control packet. Therefore, it consumes fewer resources. It is suitable for simple and stable small-size network. However, the LSP, established by statically assigning labels, cannot be dynamically adjusted according to the network topology changes. The administrator needs to manually adjust the static LSP.
4.1.4 MPLS forwarding process

Tunnel ID
To provide a uniform interface for upper applications (such as VPN and routing management) that use Tunnels, the system assigns assign an ID for each Tunnel, which is called Tunnel ID. The Tunnel ID is valid locally. The Tunnel ID has 32 bits. The length of fields in each Tunnel may be different. Figure 4-7 shows the structure of the Tunnel ID. Figure 4-7 Structure of the Tunnel ID
Token: an index used to search the MPLS forwarding information in the MPLS forwarding table Sequence-number: sequence number of the Tunnel ID Slot-number: slot ID of the egress interface, specifying the slot for sending packets Tunnel Type: Tunnel type, including the following types:

LSP: LSP Tunnel dynamically established through LDP and without no restriction CRLSP: LSP Tunnel dynamically established through CR-LDP/RSVP-TP with restrictions MPLS Local IGNET: in Option B/Option C inter-Autonomous System (inter-AS) VPN, the VPN routing information (including the L2VPN label block) notified to the BGP symmetric peer by ASBR must include the Tunnel information. However, no Tunnel is configured between ASBRs. To transmit information of extra-AS VPN to the BGP symmetric peer in the inter-AS VPN, the EBGP of the ASBR generates a MPLS Local IFNET Tunnel for the MPLS interface between ASBRs. Global: all Tunnels share a public global space. The Token value is unique. Global with reserved tokens: be similar to the Global mode. In this mode, some Token values are reserved. The Token value begins with a specified one. Per slot: each slot has an independent Token space. Token values for the same slot must be different. However, Token values may be identical for different slots. Per slot with reserved slot: be similar to the Per slot mode. In this mode, some Token values are reserved. The Token value begins with a specified one.
Allocation Method: distribution mode of Token, including the following modes:

90

4 MPLS-TP
Per slot with different avail value: be similar to the Per slot mode. Token value ranges of slots are different. Mixed: both the global space and slot space are created. The device selects a mode based on the egress interface. Mixed with 2 global space: global space 1, global space 2, and slot space are created. 2 global space: global space 1 and global space 2 are created.
NHLFE
Next Hop Label Forwarding Entry (NHLFE) describes operations performed on a label and directs how to forward MPLS packets. The NHLFE includes the Tunnel ID, egress interface ID, next-hop address, outgoing label, and label operation type.
ILM
Incoming Label Map (ILM) maps incoming labels to a group NHLFEs to form the mapping relationship between labels and NHLFEs. After receiving a packet with a label, the LSR searches the related ILM entry. If the Token value of the ILM entry is not null, the LSR will search the NHLFE related to the Token value to confirm the label operation to be performed. The ILM entry including the Tunnel ID, incoming label, and egress interface ID.
FTN
FEC-to-NHLFE (FTN) maps the FEC to a NHLFE on the Ingress node. After receiving a packet without a label, the LSR searches the related forwarding entry. If the Token value of the forwarding entry is not null, forward the packet through MPLS. Otherwise, the LSR will search the NHLFE related to the Token value to confirm the label operation to be performed.
MPLS forwarding process

As shown in Figure 4-8, the MPLS establishes a LSP, whose destination address is set to 192.168.1.1/24.
91
4 MPLS-TP
Figure 4-8 Forwarding process of MPLS packets
The forwarding process of MPLS packets is shown as below: After a packet enters the MPLS domain, the system will check whether the Token value related to the destination address of the packet is set to 0x0 in the FIB table. If yes, the packet enters IP forwarding process. Otherwise, the packet enters MPLS forwarding process. During the MPLS forwarding process, perform the following operations on the Ingress node: 1. 2. 3. 4. View the FIB table and find the Tunnel ID based on the destination IP address. Fine the NHLFE based on the Tunnel ID and relate the FIB entry to the NHLFE. View the NHLFE to learn the egress interface ID, next-hop address, outgoing label, and label operation type. The label operation type is set to Push. Encapsulate the label into the IP packet, process the EXP field based on the QoS policy, process TTL field, and then send the encapsulated MPLS packet to the next-hop address.
Perform the following operation on the Transit node: 1. 2. 3. 4. Search the ILM table based on the label value of the MPLS packet to find the Token value. Find the NHLFE based on the Token value. View the NHLFE to learn the egress interface ID, next-hop address, outgoing label, and label operation type. The label operation type is set to Swap. Replace the old label of the MPLS packet with a new one, process the EXP and TTL fields, and then send the MPLS packet to the next-hop address.
After receiving the MPLS packet, the Egress node will directly pop the label out if the label value is set to 0 or 2. In addition, it will process the EXP and TTL fields and then forward the packet through IP.
When the label value is set to 3, it indicates that the EXP and TTL fields have been processed at the second hop address. There is no need to process them at the last hop address.
92
4 MPLS-TP
If no PHP is configured, view the ILM table to learn that the Token value is null. It indicates finishing label forwarding to pop the label out directly. And then it will process the EXP and TTL fields. At this time, it there is no label in the label stack, perform IP forwarding. Otherwise, perform next-layer label forwarding.
4.1.5 MPLS L2VPN

Overview
The traditional VPN has some disadvantages:
Depend on specified medium (such as ATM/FR): to provide ATM-based VPN services, the Carrier must establish an ATM network that covers all service ranges. To provide FRbased VPN services, the Carrier must establish a FR network that covers all service ranges. It wastes a lot of resources. Complex deployment: especially when adding a new site to an existing VPN, you need to modify positions of all edge nodes that access the VPN site.
Because of the above disadvantages, new VPN schemes are introduced. MPLS L2VPN is one of them. MPLS L2VPN provides Layer 2 VPN services based on the MPLS network. Therefore, the Carrier can provide Layer 2 VPN service based on different data link layer protocol on a uniform MPLS network, including ATM, FR, VLAN, Ethernet, and PPP. Simply, MPLS L2VPN transmits Layer 2 data transparently across the MPLS network. In terms of user, the MPLS network is a Layer 2 switching network where you can establish Layer 2 connection between different nodes. As shown in Figure 4-9, taking Ethernet for an example, each Customer Edge (EC) device is configured with an Ethernet Attachment Circuit (AC) and is connected to the remote CE device through the MPLS network. This is similar to the connection realized through the Ethernet. Figure 4-9 CE accessing the network through Ethernet AC
93
4 MPLS-TP
Network model
Figure 4-10 shows the MPLS L2VPN model, which composed by 6 parts. Figure 4-10 MPLS L2VPN model
CE device: it has an interface to directly connect to the Internet Service Provider (ISP) network. The CE device can be a router, switch, or a PC. The CE device does not sense the VPN and does not need to support MPLS. Provider Edge (PE) device: the edge device of the ISP network. It is connected to the user's CE device. In the MPLS network, packets entering or leaving from the VPN are processed on the PE device. Provider (P) device: the backbone router in the ISP network. It is not directly connected to the CE device. The P device just needs to provide basic MPLS forwarding capability. AC: it is an independent link or circuit used to connect the CE device and the PE device. The AC properties include the encapsulation type, Maximum Transmission Unit (MTU) and interface parameters of specified links. Virtual Circuit (VC): it is a logical connection between 2 PE nodes identified by the VC label. After performing the neighboring discovery work, 2 opposite unidirectional VCs are established between a pair of PEs. These 2 VCs and the Tunnel form a bidirectional Pseudo Wire (PW). Tunnel: it is used to carry the VC and transmit user data transparently.
MPLS L2VPN transparently transmits user packets in the MPLS network through the label stack.

Outer label (Tunnel label): transmits packets from one PE device to another PE device. Inner label (VC label): differentiate connections in different VPNs. The Rx PE device decides the CE device to which packets are forwarded.
Figure 4-11 shows the changes of the label stack during the MPLS L2VPN forwarding process. Figure 4-11 MPLS L2VPN label stack processing process
Layer2 Protocol Data Unit (L2PDU): the link-layer packet T: Tunnel label V: VC label T': the outer label is replaced during the forwarding process.
4 MPLS-TP
As shown in Figure 4-11, the packet sent by CE 1 is added with 2 labels by PE 1 and then is transmitted to PE 2. PE 2 removes the labels and then forwards the packet to CE 2.
Implementation modes
MPLS L2VPN is realized through the following 3 modes:
Circuit Cross Connect (CCC): MPLS L2VPN is realized by manually configuring the circuit cross connection. It fits for a small and simple MPLS network. This mode consumes fewer resources and is easy for configuration because no signaling negotiation is performed and no control packet is exchanged. The connection mode is divided into local connection and remote connection.
Local connection: a connection established between 2 local CEs. These 2 CEs are connected to the same PE. The PE works as a Layer 2 switching. In this mode, packets can be exchanged directly without configuring the static LSP. Remote connection: a connection established between the local and remote CEs. These 2 CEs are connected to different PEs. You need to configure a static LSP to transmit the packet from one PE to the other one.
CCC MPLS L2VPN supports local and remote connections. Figure 4-12 shows the CCC MPLS L2VPN topology. Figure 4-12 CCC MPLS L2VPN topology
Site 1 and Site 2 of VPN 1 are connected through CCC remote connection (displayed with blue dotted line). There must be 2 static LSPs between Site 1 and Site 2. One static LSP is from PE 1 to PE 3, referring to the LSP from Site 1 to Site 2. The other one is from PF 3 to PE 1, referring the LSP from Site 2 to Site 1. The 2 blue dotted lines are VCs (CCC remote connections), providing L2VPN connection. Site 1 and Site 2 of VPN 2 are connected through CCC local connection (displayed with black dotted line). The PE 2 to which that access acts as a Layer 2 switch. There is no need to establish a LSP between CEs. CEs can directly exchange link-type data, such as VLAN and Ethernet. In this mode, no label or signaling is needed to transmit L2VPN information so long as the ISP network supports MPLS forwarding. In addition, it can provide QoS guarantee because the CCC LSP is private.
Martini: use the LDP as the signaling for transmitting VC information. In Martini mode, inner and outer labels are used. The inner label uses the extended LDP as the signaling to exchange packet and the outer label is the Tunnel label.
4 MPLS-TP
In Martini mode, a LSP between PEs can be shared by multiple VCs. In addition, only the PEs need to save the mapping relationship between VC Labels and LSPs. The P device has a great expansibility because it does not save any L2VPN information. When needing to add a VC, configure a unidirectional VC on related 2 PEs only without influencing network performance. In Martini mode, the VC Type + VC ID between 2 CEs is used to identify a VC.

VC Type: identify the encapsulation type of the VC, such as the VLAN. VC ID: identify the VC uniquely. For all VCs of a VC Type, their VC IDs must be unique on all PEs.
The PE, connected to 2 CEs, exchanges the VC label through the LDP. In addition, it binds the related CEs based on the VC ID. To successfully establish a VC for transmitting Layer 2 data, perform the following operations:

AC interfaces are Up. The Tunnel between PEs is established successfully. Labels are exchanged and bound.
In Martini mode, the outer label is used to transmit the data of all VCs across the ISP network. The inner VC label is used to distinguish user data. Therefore, a LSP can be shared by multiple VCs in the ISP network. To deploy Martini MPLS L2VPN, you must ensure that the ISP network can establish the LSP Tunnel automatically. Therefore, the LSP network should forward MPLS forwarding and MPLS LDP. The Martini MPLS L2VPN supports Graceful Restart (GR). After data is switched, the VC label is not changed. During protection switching, VCs are Up. Packets are transmitted through VCs without being influenced. The Martini MPLS L2VPN supports remote connection only. Figure 4-13 shows the Martini MPLS L2VPN topology. Figure 4-13 Martini MPLS L2VPN topology
Site 1 and Site 2 of VPN 1 are connected through Martini remote connection (black dotted line) while Site 1 and Site 2 of VPN 2 are connected through Martini remote connection (blue dotted line). In the ISP network, VPN 1 and VPN 2 can be connected through 2 different LSPs. In addition, they can be connected by sharing one LSP.
Static Virtual Circuit (SVC): be similar to the Martini mode. However, it does not use the LDP as the signaling for transmitting the VC label and link information. Instead, it configures the VC label manually.
96
4 MPLS-TP
The establishment mode of the SVC outer label (private Tunnel) is identical to the one in Martini mode. The inner label is manually specified when you configure the VC. No signaling is needed to transmit label information between PEs. Therefore, the SVC network topology and packet exchange process are identical to the ones in the Martini mode. At present, the iTN165-CES supports SVC MPLS L2VPN only.
4.1.6 MPLS-TP OAM

Overview
MPLS-TP OAM can detect, identify, and locate MPLS user-layer faults effectively. It can perform protection switching quickly when the link/node fails. OAM is an effective method for reducing network maintenance cost. The MPLS-TP OAM mechanism is used for MPLS-layer maintenance and management. MPLS-TP OAM is a mechanism totally independent from any upper/lower network. It realizes the following functions:

Effectively detect, identify, and locate MPLS user layer faults. Effectively measure network utilization rate and network performance. Perform protection switching quickly when the link/node fails to reduce fault dwell time and improve network reliability.
On the iTN165-CES, MPLS-TP OAM cooperates with the Generic Associated Channel (GACH) defined in RFC5586 and OAM technology defined in G.8113.1. For related contents about Y.1731, see sections 8.1.2 CFM and 8.1.3 SLA.
GACH
OAM packet types used in the MPLS-TP are similar to the ones defined in Ethernet OAM. In the MPLS-TP network, GACH is used as the control channel of the PW layer (VC+Tunnel), LSP layer, and Section layer (physical link). By encapsulating and transmitting OAM packets defined in Y.1731 through GACH, you can realize MPLS-TP-based OAM. When the GACH is used as the control channel of the above mentioned layers, it packet formats are shown in Figure 4-14, Figure 4-15, and Figure 4-16. Figure 4-14 Packet format when the GACH is used as the control channel of the PW layer
97
4 MPLS-TP
Figure 4-15 Packet format when the GACH is used as the control channel of the LSP layer
Figure 4-16 Packet format when the GACH is used as the control channel of the Section layer
Generic Associated Channel Label (GAL): is a reserved label assigned to the MPLS-TP by the IANA. It is used to distinguish OAM packets from other common service packets. It is a 10-bit label. The label ID is fixed to 13. Associated Channel Header (ACH): it is used to indicate the control channel, as shown in Figure 4-17. It is designed to transmit OAM, Automatic Protection Switching (APS), Signalling Communication Channel (SCC) packets.
Figure 4-17 ACH packet format
The following describes files of the ACH.

The first 4 bits are fixed to 0001. It indicates an ACH channel. The Version is a 4-bit field. It indicates the channel version. At present, it is unified to 0. The Reserved field occupies 8 bits. It is used as a reserved bit for further extension. The Channel Type is a 16-bit field. It indicates the channel type.
ACH can carry one or more Type Length Value (TLV). The channel type decides whether the ACH carries TLV and which TLV are carried.
ACH TLV Header: it indicates the length of the TLV.
4.1.7 MPLS-TP linear protection switching

MPLS-TP linear protection switching is used to configure the related protection line (backup link) for the working link (primary link) in advance and assign bandwidth for the protection link. The working link and protection link forms a protection group. When the working link fails, the data flow is switched to the protection link quickly to avoid packet loss or delay problems caused by LSP failure and to improve the network reliability. The MPLS-TP linear protection switching is an end-to-end protection structure. MPLS-TP linear protection switching is divided into 1+1 protection switching and 1:1 protection switching. 1+1 protection switching can be unidirectional protection switching or
4 MPLS-TP
bidirectional protection switching. 1:1 protection switching is bidirectional protection switching. At present, the iTN165-CES supports 1:1 protection switching only.
1+1 protection switching

1+1 protection switching can be unidirectional protection switching or bidirectional protection switching. Data flow can be switched from the working link to the protection link in affected connection direction. Or data flow can be switched from the working link to the protection link in both affected and unaffected connection directions. Bidirectional protection switching needs the APS protocol to cooperate the connection of both ends. Figure 4-18 shows the 1+1 protection switching structure. Figure 4-18 1+1 protection switching structure
The sender sends packets through both the working link and the protection link. The receiver receives packets from the working link and detects the status of working and protection links between the sender and receiver. When the receiver detects that the working link fails and the protection link works normally, it switches services to the protection link.
1:1 protection switching

1:1 protection switching is bidirectional protection switching. Data flow can be switched from the working link to the protection link in both affected and unaffected connection directions. Bidirectional protection switching needs the APS protocol to cooperate the connection of both ends. Figure 4-19 shows the 1:1 protection switching structure.
99
4 MPLS-TP
Figure 4-19 1:1 protection switching structure
The sender sends packets through the configured working link and the receiver receives packets from the working link. When a fault occurs on the working link between the sender and receiver, it is detected at the receiver. And then 1:1 protection switching is triggered through APS protocol. The whole process is shown as below: Step 1 The receiver detects a fault. Step 2 The receiver exchanges packets with the sender through both the working link and the protection link and sends the APS command for requesting protection switching. Step 3 The sender sends the APS command to confirm the protection switching request. Meanwhile, it sends packets to the receiver through the working link and protection link. Step 4 The sender and receiver switch services to the protection link for transmission.
4.2 Configuring basic functions of MPLS

Scenario
Basic functions of MPLS are the basis for other MPLS functions taking effect. Basic functions of MPLS include enabling MPLS globally and on an interface. Configuring the LSR ID is the basis for enabling global MPLS.
Prerequisite
MPLS on an interface cannot take effect unless global MPLS is enabled and the IP interface is configured with an IP address and is related to a VLAN.
100
4 MPLS-TP
4.2.2 Configuring basic functions of MPLS

Step 1 2 Command
Raisecom#config Raisecom(config)#mpls lsr-id lsr-id
Description Enter global configuration mode. Configure the LSR ID. In general, the IP address of some IP interface is taken as the LSR ID. By default, no LSR ID is configured.
Raisecom(config)#mpls enable
Enable global MPLS. By default, global MPLS is disabled.
4 5
Raisecom(config)#interface ip if-number Raisecom(config-ip)#mpls enable
Enter Layer 3 interface configuration mode. Enable MPLS on the Layer 3 interface. By default, MPLS is enabled on the Layer 3 interface.

No. 1 2 Command
Raisecom(config)#show mpls Raisecom(config)#show mpls interface
Description Show global MPLS configurations. Show MPLS configurations on an interface.
4.3 Configuring static LSP

Scenario
The static LSP is established by the administrator by manually assigning labels for all FECs. It is suitable for simple and stable small-size network. To manually assign labels, the egress label value of the last node is the ingress label value of the next mode. The static LSP does not use the label distribution protocol and does not exchange the control packet. Therefore, it consumes fewer resources. However, the LSP, established by statically assigning labels, cannot be dynamically adjusted according to the network topology changes. The administrator needs to manually adjust the static LSP.
Prerequisite
Before configuring the static LSP, you need to configure basic functions of MPLS.
101
4 MPLS-TP
4.3.2 Configuring static LSP

Configuring static LSP of Ingress node
Step 1 2
Raisecom#config Raisecom(config)#mpls static-lsp ingress lsp-name ip-address [ mask ] nexthop-mac mac-address vlan vlan-id interface-type interface-number out-label out-label lsrid egress-lsr-id tunnel-id tunnel-id
Command
Description Enter global configuration mode. Configure the static LSP on the Ingress node.
Configuring static LSP of Transit node

Step 1 2
Raisecom#config Raisecom(config)# mpls static-lsp transit lsp-name in-label in-label nexthop-mac mac-address vlan vlan-id interface-type interface-number out-label out-label lsrid ingress-lsr-id egress-lsr-id tunnel-id tunnel-id [ standby ]
Command
Description Enter global configuration mode. Configure the static LSP on the Transit node.
Configuring static LSP of Egress node

Step 1 2 Command
Raisecom#config Raisecom(config)# mpls static-lsp egress lsp-name in-label in-label lsrid ingress-lsr-id tunnel-id tunnel-id
Description Enter global configuration mode. Configure the static LSP on the Egress node.
4.3.3 Configuring static bidirectional corouted LSP
After configuring the static bidirectional corouted LSP, you need to configure the forward LSP and backward LSP on the Ingress and Egress nodes in bidirectional corouted LSP configuration mode. On the Ingress node, the received MPLS packets carry the incoming label. On the Egress node, the transmitted MPLS packets carry the outgoing label.
102
4 MPLS-TP
Configuring static bidirectional LSP on the Ingress node

Step 1 2
Raisecom#config Raisecom(config)#mpls bidirectional static-lsp ingress lsp-name lsr-id egress-lsr-id tunnel-id
Command
Description Enter global configuration mode. Create a static bidirectional corouted LSP on the Ingress node and enter bidirectional Ingress configuration mode. Configure the forward egress LSP without IP capability in directional Ingress configuration mode. Configure the backward ingress LSP in directional Ingress configuration mode.
tunnel-id
Raisecom(config-ingress-lsp)#forward destnetwork [ mask ] nexthop-mac mac-address vlan vlan-id interface-type interface-number outlabel out-label Raisecom(config-ingress-lsp)#backward in-label
in-label
Configuring static bidirectional LSP on the Transit node

Step 1 2
Raisecom#config Raisecom(config)#mpls bidirectional static-lsp transit lsp-name lsr-id ingress-lsr-id egresslsr-id tunnel-id tunnel-id [ standby ]
Command
Description Enter global configuration mode. Create a static bidirectional corouted LSP on the Transit node and enter bidirectional Transit configuration mode. Configure the forward LSP without IP capability in directional Transit configuration mode. Configure the backward LSP without IP capability in directional Transit configuration mode.
Raisecom(config-transit-lsp)#forward in-label in-label nexthop-mac mac-address vlan vlan-id interface-type interface-number out-label out-
label
Raisecom(config-transit-lsp)#backward in-label in-label nexthop-mac mac-address vlan vlan-id interface-type interface-number out-label out-
label
Configuring static bidirectional LSP on the Egress node

Step 1 2
Raisecom#config Raisecom(config)#mpls bidirectional static-lsp egress lsp-name [ lsr-id ingress-lsr-id tunnel-id tunnel-id ]
Command
Description Enter global configuration mode. Create a static bidirectional corouted LSP on the Ingress node and enter bidirectional Egress configuration mode. Configure the forward ingress LSP in directional Egress configuration mode.
Raisecom(config-egress-lsp)#forward in-label in-
label
103
4 MPLS-TP
Step 4
Command
Raisecom(config-egress-lsp)#backward dest-network [ mask ] nexthop-mac mac-address vlan vlan-id interface-type interface-number out-label out-
Description Configure the backward egress LSP in bidirectional Egress configuration mode.
label
4.3.4 Configuring Tunnel

Step 1 2 Command
Raisecom#config Raisecom(config)#interface tunnel
Description Enter global configuration mode. Configure the static MPLS TE Tunnel. By default no static MPLS TE Tunnel is configured. Configure the destination IP address.
tunnel-number
Raisecom(configtunnelif)#destination destination-
ip-address
Raisecom(config-tunnelif)#mpls tunnel-id tunnel-id
Configure the MPLS TE Tunnel interface.

No. 1 2 3 4 5 6 7 Command
Raisecom#show mpls lsp statistics Raisecom#show mpls bidirectional static-lsp [ lsp-name ] Raisecom#show mpls statistics bidirectional lsp Raisecom#show mpls static-lsp [ egress | ingress | transit |lsp-name ] Raisecom#show mpls statistics lsp [ lspname ] Raisecom#show mpls label [ label-id [ to label-id ] ] Raisecom#show mpls tunnel [ tunnel-name ]
Description Show LSP statistics. Show bidirectional LSP configurations. Show MPLS packet statistics of the bidirectional LSP. Show static LSP configurations. Show LSP-based MPLS packet statistics. Show information about assigned MPLS label or status about a specified label. Show Tunnel configurations.
104
4 MPLS-TP
4.4 Configuring MPLS L2VPN

Scenario
With MPLS L2VPN, the Carrier can provide Layer 2 VPN service based on different media on a uniform MPLS network, including VLAN, Ethernet, and so on. Meanwhile, the MPLS network can still provide traditional services, such as IP, MPLS L3VPN, traffic engineering, and QoS.
Prerequisite
At present, the iTN165-CES does not support dynamic routing. When the iTN165-CES communicates with the device that supports dynamic routing, you need to add a route to the iTN165-CES on the device.
4.4.2 Configuring MPLS L2VPN

L2VC is required when you configuring Martini/SVC MPLS L2VPN. Step 1 2 Command
Raisecom#config Raisecom(config)#mpls l2vpn
Description Enter global configuration mode. Enable global MPLS L2VPN. By default, global MPLS L2VPN is enabled.
3 4
Raisecom(config-port)#mpls l2vpn
Enter physical layer interface configuration mode. Enable MPLS L2VPN on an interface. By default, MPLS L2VPN on an interface is enabled.
Raisecom(config-port)#mpls static-l2vc [ vlan vlan-id ] destination ip-address { raw | tagged } vc-id vc-id { in-label in-label out-label out-label | vc-label label-id } [ no-controlword ] [ mtu value ] [ tpid { 0x8100 | 0x88a8 | 0x9100 } ]
(Optional) configure static L2VC.
When the existing service is bound to other VPN Tunnels, you cannot configure MPLS L2VPN on it. When the encapsulation mode of a packet is set to raw, in the ingress PW direction, if the TPID of the packet received by the PE is identical to the VLAN ID of the interface, the VLAN Tag is automatically deleted. Otherwise, no change is made. In the egress PW direction, the PE directly sends the packet to the AC. When the encapsulation mode of a packet is set to tagged, in the ingress PW direction, if the TPID of the packet received by the PE is identical to the VLAN ID
4 MPLS-TP
of the interface, sustain the VLAN Tag. Otherwise, add the default VLAN Tag of the interface to the packet. In the egress PW direction, the PE directly sends the packet to the AC.

No. 1 Command
Raisecom#show mpls l2vc [ static ] [ statistic ] [ { port-list | interface-type } interface-list ] [ vlan vlan-id ] Raisecom#show mpls l2vpn
Description Show L2VC configurations.
Show L2VPN configurations.
4.5 Configuring MPLS-TP OAM

Scenario
To extend the application of MPLS-TP technology in Telecom-grade network, the MPLS-TP network needs to achieve the same service level as the Telecom-grade transport network. Connectivity Fault Management (CFM) helps the MPLS-TP network to resolve the problem by providing complete OAM tools. CFM can provide the following OAM functions for the MPLS-TP network:

Fault detection (Continuity Check, CC) Fault acknowledgement (LoopBack, LB) Fault location (LinkTrace, LT) Alarm Indication Signal (AIS) Client Signal Fail (CSF) Lock (LCK) Packet Delay and Packet Delay Variation Measurements (DM) Frame Loss Measurements (LM)
The principle of MPLS-TP OAM is similar to the one of Ethernet-based OAM. Only the carrying modes of related packets are different. To ensure that users can get qualified network services. The Carrier and users sign a Service Level Agreement (SLA). To effectively fulfil the SLA, the Carrier needs to deploy the SLA feature on the device to measure the network performance and takes the measurement result as the basis for ensuring the network performance. SLA selects 2 detection points, configures, and schedules the SLA operation on one detection point to detect the network performance between the 2 detection points. The SLA feature counts the round-trio packet loss ratio, round-trip/unidirectional (SD/DS) delay, jitter, jitter variance, and jitter distribution and reports them to the upper monitoring
106
4 MPLS-TP
software (such as the NView NNM system). And then the upper monitoring software analyses the network performance to get a data meeting users' requirements.
Prerequisite
Before configuring MPLS-TP OAM, perform the following operations:

Connect the interface and configure physical parameters of the physical. Make the physical layer Up. Configure basic functions of MPLS. Before configuring SLA, you need to deploy CFM between devices that need to detect the network performance.
4.5.2 Enabling MPLS-TP CFM
The fault detection and fault location cannot take effect unless CFM is enabled. Before enabling the CFM packet delivery feature, you should configure the relationship between the service instance and static L2VC. Command Description Enter global configuration mode. Enable global MPLS-TP CFM. By default, global MPLS-TP CFM is disabled. Enter physical layer interface configuration mode. (Optional) enable CFM on an interface. By default, CFM is enabled on an interface.
Step 1 2
Raisecom#config Raisecom(config)# mpls-tp cfm enable Raisecom(config)#interface
3 4
Raisecom(config-port)#cfm enable
4.5.3 Configuring MPLS-TP CFM

Associating service instance to LSP/PW/Section layer
Step 1 2 Command
Raisecom#config Raisecom(config)#mpls-tp cfm channel-type { 0x7ffa | 0x8902 | channel-type }
Description Enter global configuration mode. (Optional) configure the MPLS-TP CFM control channel type. By default, the MPLS-TP CFM control channel type is set to 0x7ffa.
Modifying the control channel type is only for the device communicating with devices from other vendors.
107
4 MPLS-TP
Step 3 4 5
Command
Raisecom(config)#mpls-tp cfm domain level level Raisecom(config)#mpls-tp service cis-id level level Raisecom(config-service)#service lsp { bidirection lsp-name | ingress in-lsp-name [ egress out-lsp-name ] | egress out-lspname } Raisecom(config-service)#service lsp transit forward lsp-in backward lsp-out ttl ttl Raisecom(config-service)#service lsp transit bidirection lsp-name lsr-id lsr-id ttl ttl Raisecom(config-service)#service pw transit forward vc-id vc-id destination ip-address backward vc-id vc-id destination ip-
Description Create a MPLS-TP Maintenance Domain (MD). Create a service instance and enter service instance configuration mode. (Optional) associate the service instance to a static LSP based on the static bidirectional LSP, ingress static LSP, or egress static LSP.
(Optional) configure the server instance connected by the subnet based on the ingress static LSP or egress static LSP. Configure the service instance based on the subnet connection of the bidirectional LSP. (Optional) associate the service instance to the Transit PW.
address
10
Raisecom(config-service)#service section { interface-type interface-number | port-channel port-channel } Raisecom(config-service)#service section dest-mac mac-address
(Optional) associate the service instance to the Section.
(Optional) configure the destination MAC address of the Section-layer CC.
Configuring MEPs based on MPLS-TP service instances

Step 1 2 3 4 5
Raisecom#config Raisecom(config)#mpls-tp cfm domain level
Command
Description Enter global configuration mode. Create a MPLS-TP MD. Create a service instance and enter service instance configuration mode. Configure the VC ID associated to the service instance. Configure a MEP based on the service instance.
level
Raisecom(config)#mpls-tp service csi-id level level Raisecom(config-service)#service vc-id vc-id destination ip-address Raisecom(config-service)#service mep mpid
mep-id
Before enabling the CFM packet delivery feature, you should configure the relationship between the service instance and static L2VC.
4 MPLS-TP
4.5.4 Configuring fault detection

Step 1 2 Command
Raisecom#config Raisecom(config)#mpls-tp cfm remote mep age-time minute
Description Enter global configuration mode. (Optional) configure the aging time of the Remote MEP (RMEP). By default, the aging time of the learned RMEP is set to 100min.
Raisecom(config)#mpls-tp cfm errors archive-hold-time minute
(Optional) configure the hold time of error CC packets. By default, the hold time of error CC packets is set to 100min. When the new hold time is configured, the system will check the database immediately. If any data exceeds the hold time, it will be deleted from the database. Enter service instance configuration mode. (Optional) configure the interval for sending service instance CC packet. By default, the interval for sending service instance CC packet is set to 1s. When the CC packet delivery is enabled, the interval for sending CC packet cannot be modified. Enable MEP sending CC packet. By default, the MEP does not send CC packet. You can use the service cc disable mep { mepid-list | all } command to disable CC packet delivery.
4 5
Raisecom(config)#mpls-tp service cis-id level level Raisecom(configservice)#service cc interval { 1 | 10 | 60 | 600 | 3ms | 10ms | 100ms }
Raisecom(configservice)#service cc enable mep { mep-id-list | all }
Raisecom(configservice)#service remote-mep mep-id [ interface-type interface-number ] Raisecom(configservice)#service remote-mep cccheck enable
(Optional) configure the static RMEP. It cooperates with CC packet detection feature.
(Optional) enable REMP CC packet check. After REMP CC packet check is enabled, once receiving the CC packet, the service instance will check whether the dynamically learned RMEP ID is identical to the staticallyconfigured one. If they are inconsistent, the service instance takes the CC packet as an errored one. By default, REMP CC packet check is disabled.
Raisecom(configservice)#service remote-mep learning active
(Optional) enable RMEP learning dynamic import. After RMEP learning dynamic import is enabled, once receiving the CC packet, the service instance will automatically translate the learned dynamic RMEP into static RMEP. By default, RMEP learning dynamic import is disabled.
109
4 MPLS-TP
Step 10
Command
Raisecom(configservice)#service priority
Description (Optional) configure CFM OAM packet priority. After the CFM OAM packet priority is configured, CCM, LBM, LTM, DDM packets sent by all MEPs in a service instance will use the specified priority. By default, the CFM OAM packet priority is set to 6.
priority
4.5.5 Configuring fault acknowledgement

Step 1 2 3
Raisecom#config Raisecom(config)#mpls-tp service cis-id level level Raisecom(config-service)#ping { egress | ingress } ttl time [ count count ] [ size size ][ source mep-id ] [ timeout time ] [ padding { null | null-crc | prbs | prbs-crc } ]
Command
Description Enter global configuration mode. Enter service instance configuration mode. Execute MPLS-TP layer Ping to acknowledge the fault. By default, the number of transmitted LBM packets is set to 5. The packet TLV is set to 64. In addition, the service instance automatically searches for an available source MEP.
Before executing this command, you must ensure that the global CFM is enabled. Otherwise, the Ping operation fails. If no MEP is configured for the service instance, the Ping operation will fails because no source MEP is found. The Ping operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is. The Ping operation will fail if another user is using the specified source MEP to initiate the Ping operation.
4.5.6 Configuring fault location

Step 1 2 3 Command
Raisecom#config Raisecom(config)#mpls-tp service cis-id level level Raisecom(configservice)#traceroute mep mep-id [ ttl ttl ] [ source mep-id ] [ interface-mode ] [ timeout time ]
Description Enter global configuration mode. Enter service instance configuration mode. Execute MPLS-TP layer Traceroute to locate the fault. By default, the packet TLV is set to 64. In addition, the service instance automatically searches for an available
110
4 MPLS-TP
Step
Command
Raisecom(configservice)#traceroute mip icc icc node-id [ interface-num number ] [ ttl ttl ] [ timeout time ] Raisecom(configservice)#traceroute ttl ttl [ interface-mode ] [ timeout time ]
Description source MEP.
Before executing this command, you must ensure that the global CFM is enabled. Otherwise, the Traceroute operation fails. The Traceroute operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is. The Traceroute operation will fail if another user is using the specified source MEP to initiate the Ping operation.
4.5.7 Configuring AIS

Steps 6 is optional and perform it as required. Step 1 2 3 Command
Raisecom#config Raisecom(config)#mpls-tp service cis-id level level Raisecom(config-service)#service ais enable
Description Enter global configuration mode. Enter service instance configuration mode. Enable AIS delivery. By default, AIS delivery is disabled. You can use the service ais disable command to disable AIS delivery.
Raisecom(config-service)#service ais period { 1 | 60 } Raisecom(config-service)#service ais level level [ vlan vlan-id ] Raisecom(config-service)#service suppress-alarms enable mep { all | mep-list }
Configure the AIS delivery period. By default, the AIS delivery period is set to 1s. Configure the level of client-layer MD to which the AIS is sent. Enable MEP alarm inhibition.
5 6
4.5.8 Configuring LCK

Step 1 Command
Raisecom#config
111
4 MPLS-TP
Step 2 3
Command
Raisecom(config)#mpls-tp service cis-id level level Raisecom(config-service)#service lck start mep { mep-id | all } Raisecom(config-service)#service lck period { 1 | 60 } Raisecom(config-service)#service lck lsp lsp-name
Description Enter service instance configuration mode. Enable LCK packet delivery. By default, LCK packet delivery is disabled. Configure the LCK packet delivery period. By default, the LCK packet delivery period is set to 1s. Configure the relationship between the LCK and the LSP layer.
4.5.9 Configuring basic information about MPLS-TP SLA operation

Step 1 2
Raisecom#config
Command
Description Enter global configuration mode. Configure mpls-y1731-echo PW-layer operations based on the destination MEP ID. Configure mpls-y1731-echo LSP-layer operations based on the destination MEP ID. Configure mpls-y1731-jitter PW-layer operations based on the destination MEP ID. Configure mpls-y1731-jitter LSP-layer operations based on the destination MEP ID. Configure mpls-y1731-loss PW-layer operations based on the destination MEP ID. Configure mpls-y1731-loss LSP-layer operations based on the destination MEP ID. Create mpls-y1731-echo PWlayer operations quickly. Create mpls-y1731-echo LSPlayer operations quickly. Create mpls-y1731-jitter PWlayer operations quickly.
Raisecom(config)#sla oper-num mpls-y1731-echo remotemep mep-id level level l2vc l2vc-id [ tc tc-id ]
Raisecom(config)#sla oper-num mpls-y1731-echo remotemep mep-id level level lsp-ingress lsp-egress-name lsp-egress lsp-ingress-name [ tc tc-id ] Raisecom(config)#sla oper-num mpls-y1731-jitter remote-mep mep-id level level l2vc l2vc-id [ tc tcid ] [ interval period ] [ packets packets-num ] Raisecom(config)#sla oper-num mpls-y1731-jitter remote-mep mep-id level level lsp-ingress lsp-egressname lsp-egress lsp-ingress-name [ tc tc-id ] [ interval period ] [ packets packets-num ] Raisecom(config)#sla oper-num mpls-y1731-pkt-loss remote-mep mep-id level level l2vc l2vc-id [ tc tcid ] [ interval period ] [ packets packets-num ] Raisecom(config)#sla oper-num mpls-y1731-pkt-loss remote-mep mep-id level level lsp-ingress lsp-egressname lsp-egress lsp-ingress-name [ tc tc-id ] [ interval period ] [ packets packets-num ] Raisecom(config)#sla mpls-y1731-echo quick-input level level l2vc l2vc-id Raisecom(config)#sla mpls-y1731-echo quick-input level level lsp-ingress lsp-egress-name lsp-egress lsp-
8 9
ingress-name
10
Raisecom(config)#sla mpls-y1731-jitter quick-input level level l2vc l2vc-id
112
4 MPLS-TP
Step 11
Command
Raisecom(config)#sla mpls-y1731-jitter quick-input level level lsp-ingress lsp-egress-name lsp-egress
Description Create mpls-y1731-jitter LSPlayer operations quickly. Configure SLA scheduling information and enable SLA operation scheduling. By default, SLA operation scheduling is disabled.
lsp-ingress-name
12
Raisecom(config)#sla schedule oper-num [ life { forever | life-time } ] [ period period ]
4.5.10 Configuring SLA shceduling information and enabling SLA operation scheduling
Step 1 2 Command
Raisecom#config Raisecom(config)#sla schedule opernum [ life { forever | life-time } ] [ period period ]
Description Enter global configuration mode. Configure SLA scheduling information and enable SLA operation scheduling. By default, SLA operation scheduling is disabled.

No. 1 2 3 4 5 6 Command
Raisecom#show mpls-tp cfm Raisecom#show mpls-tp cfm domain [ level level ] Raisecom#show mpls-tp cfm errors [ level level ] Raisecom#show mpls-tp cfm ais [ level level ] Raisecom#show mpls-tp cfm lck [ level level ] Raisecom#show mpls-tp cfm local-mp [ interface interface-type interfacenumber | level level ] Raisecom#show mpls-tp cfm remote-mep static Raisecom#show mpls-tp cfm remote-mep [ level level [ service service-instance [ mep mep-id ] ] ] Raisecom#show mpls-tp cfm suppressalarms [ level level ] Raisecom#show sla { all | oper-num } configuration
Description Show MPLS-TP CFM global configurations. Show MD and service instance configurations. Show error CCM database information. Show AIS configurations. Show LCK configurations. Show local MEP configurations.
7 8
Show static RMEP configurations. Show RMEP discovery information.
9 10
Show CFM alarm inhibition configurations. Show SLA configurations.
113
4 MPLS-TP
No. 11 12
Command
Raisecom#show sla { all | oper-num } result Raisecom#show sla { all | oper-num } statistic
Description Show the last test information of the operation. Show operation scheduling statistics. Statistics of an operation (differed by the operation ID) is recorded up to 5 groups. If the number exceeds 5, the most aged (calculated based on the begin time of the operation scheduling) statistics will be aged.
4.6 Configuring MPLS-TP linear protection switching

Scenario
MPLS-TP linear protection switching protects the primary link by providing a backup link. Therefore, it provides end-to-end protection for LSP links between devices.
Prerequisite

Configure MPLS basic functions. Configure the static LSP. Configure MPLS-TP OAM.
4.6.2 Configuring MPLS-TP linear protection switching

Before configuring MPLS-TP linear protection switching, you should attach the bidirectional/ingress/egress static LSP to the related service instance. Step 1 2 Command
Raisecom#config Raisecom(config)#mpls-tp lineprotection association aps-name
Description Enter global configuration mode. Configure the information about service instance associated to MPLS-TP APS. Create association information about service instances and APS of working line and protection line. Create MPLS-TP linear protection switching lines.
level ma-name
Raisecom(config)#mpls-tp lineprotection aps-id lsp working
ingress-aps-name egress-aps-name protection ingress-aps-name egress-aps-name one-to-one [ non-
revertive ] Raisecom(config)#mpls-tp lineprotection aps-id name string
(Optional) configure the name of the MPLS-TP protection line.
114
4 MPLS-TP
Step 5
Command
Raisecom(config)#mpls-tp lineprotection aps-id { working | protection } failure-detect [ cc ] [ phisycal-link ] [ sd ] Raisecom(config)#mpls-tp lineprotection trap enable Raisecom(config)#mpls-tp lineprotection aps-id force-switch Raisecom(config)#mpls-tp lineprotection aps-id hold-off-timer hold-off-timer Raisecom(config)#mpls-tp lineprotection aps-id lockout Raisecom(config)#mpls-tp lineprotection aps-id manual-switch Raisecom(config)#mpls-tp lineprotection aps-id manual-switchto-work Raisecom(config)#mpls-tp lineprotection aps-id wtr-timer wtr-
Description Configure the fault detection modes of MPLS-TP working/protection line, including CC fault detection, physical-link fault detection, and SD fault detection. Enable MPLS-TP linear protection switching Trap. Switch the traffic from the working line to the protection line forcibly. Configure the Hold OFF timer. It ranges from 0 to 100 ms. By default, the Hold OFF timer is set to 0. Lock out MPLS-TP linear protection switching. Switch the traffic from the working line to the protection line manually. Switch the traffic from the protection line to the working line manually. Configure the WTR timer. It ranges from 1 to 12min. By default, the WTR timer is set to 5min.
6 7 8
9 10 11
12
timer

No. 1 2 3 4 Command
Raisecom#show mpls-tp line-protection association Raisecom#show mpls-tp line-protection [ aps-id ] config Raisecom#show mpls-tp line-protection [ aps-id ] statistics Raisecom#show mpls-tp line-protection [ aps-id ] status
Description Show APS association information of MPLSTP linear protection switching. Show MPLS-TP linear protection switching configurations. Show MPLS-TP linear protection switching statistics. Show APS information of MPLS-TP linear protection switching.
4.7 Maintenance
Command
Raisecom(config)#clear cfm errors [ level md-level ]
Description Clear errored CCM records.
115
4 MPLS-TP
Command
Raisecom(config)#clear cfm remote-mep [ level md-level ] Raisecom(config)#clear mpls statistics lsp Raisecom(config)#clear mpls aps aps-id command
Description Clear information about the found RMEP. Clear static LSP statistics. Clear all commands except for commands related to APS policy association and binding. Clear APS policy statistics.
Raisecom(config)#clear mpls aps [ aps-id ] statistics

4.8.1 Examples for configuring bidirectional static LSP
As shown in Figure 4-20, User A has branches at 2 locations. You need to establish VPN between the 2 locations. Therefore, devices at these 2 locations can communicate with each other. Because the network is small and stable, you can configure the bidirectional static LSP between iTN A and iTN B and take it as the private Tunnel of the L2VPN. Figure 4-20 Configuring the bidirectional static LSP
Configuration steps
Step 1 Configure MPLS basic functions.
Configure iTN A.
iTNA(config)#mpls lsr-id 192.168.1.1 iTNA(config)#mpls enable
116
4 MPLS-TP
Configure iTN B.
iTNB(config)#mpls lsr-id 192.168.4.2 iTNB(config)#mpls enable
Configure iTN C.
iTNC(config)#mpls lsr-id 192.168.1.2 iTNC(config)#mpls enable
Step 2 Configure the bidirectional static LSP between iTN A and iTN B.
Configure iTN A.
iTNA(config)#mpls bidirectional static-lsp ingress lspAB lsr-id 192.168.4.2 tunnel-id 1 iTNA(config-ingress-lsp)#forward 192.168.4.0 nexthop-mac 000e.5e11.1113 vlan 1 line 1 out-label 1001 iTNA(config-ingress-lsp)#backward in-label 2001
Configure iTN C.
iTNC(config)#mpls bidirectional static-lsp transit lspAB lsr-id 192.168.1.1 192.168.4.2 tunnel-id 1 iTNC(config-transit-lsp)#forward in-label 1001 nexthop-mac 000e.5e11.1112 vlan 1 line 2 out-label 1002 iTNC(config-transit-lsp)#backward in-label 2002 nexthop-mac 000e.5e11.1111 vlan 1 line 1 out-label 2001
Configure iTN B.
iTNB(config)#mpls bidirectional static-lsp egress lspAB lsr-id 192.168.1.1 tunnel-id 1 iTNB(config-egress-lsp)#forward in-label 1002 iTNB(config-egress-lsp)#backward 192.168.1.0 nexthop-mac 000e.5e11.1113 vlan 1 line 1 out-label 2002
Checking results
Use the show mpls bidirectional static-lsp command to show bidirectional static LSP configurations on iTN A, iTN B, and iTN C.
117
4 MPLS-TP
Show bidirectional static LSP configurations on iTN A.
iTNA(config)#show mpls bidirectional static-lsp lspAB LSP-Index: 1 LSP-Name: lspAB LSR-Role: Ingress LSP-Flag: Working Ingress-Lsr-Id: 1.1.1.1 Egress-Lsr-Id: 192.168.4.2 Forward Destination: 192.168.4.0 Forward In-Label: -Forward Out-Label: 1001 Forward In-Interface: -Forward Out-Interface: line 1 Forward Next-Hop: -Forward Next-Mac: 000E.5E11.1113 Forward Vlan-Id: 1 Backward Destination: -Backward In-Label: 2001 Backward Out-Label: -Backward In-Interface: all interfaces Backward Out-Interface: -Backward Next-Hop: -Backward Next-Mac: -Backward Vlan-Id: -Tunnel-Id: 1 LSP Status: Up
Show bidirectional static LSP configurations on iTN B.
iTNB(config)#show mpls bidirectional static-lsp lspAB LSP-Index: 2 LSP-Name: lspAB LSR-Role: Egress LSP-Flag: Working Ingress-Lsr-Id: 192.168.1.1 Egress-Lsr-Id: 1.1.1.1 Forward Destination: -Forward In-Label: 1002 Forward Out-Label: -Forward In-Interface: all interfaces Forward Out-Interface: -Forward Next-Hop: -Forward Next-Mac: -Forward Vlan-Id: -Backward Destination: 192.168.1.0 Backward In-Label: -Backward Out-Label: 2002 Backward In-Interface: -Backward Out-Interface: line 1 Backward Next-Hop: --
118

Backward Next-Mac: Backward Vlan-Id: Tunnel-Id: LSP Status: 000E.5E11.1113 1 1 Up
4 MPLS-TP
Show bidirectional static LSP configurations on iTN C.
iTNC(config)#show mpls bidirectional static-lsp lspAB LSP-Index: 3 LSP-Name: lspAB LSR-Role: Transit LSP-Flag: Working Ingress-Lsr-Id: 192.168.1.1 Egress-Lsr-Id: 192.168.4.2 Forward Destination: -Forward In-Label: 1001 Forward Out-Label: 1002 Forward In-Interface: all interfaces Forward Out-Interface: line 2 Forward Next-Hop: -Forward Next-Mac: 000E.5E11.1112 Forward Vlan-Id: 1 Backward Destination: -Backward In-Label: 2002 Backward Out-Label: 2001 Backward In-Interface: all interfaces Backward Out-Interface: line 1 Backward Next-Hop: -Backward Next-Mac: 000E.5E11.1111 Backward Vlan-Id: 1 Tunnel-Id: 1 LSP Status: Up
4.8.2 Examples for configuring static LSP to carry static L2VC

As shown in Figure 4-21, CE devices and PE devices are connected through line interfaces. To make CE A and CE B communicate with each other, you should create the static L2VC based on the static LSP between PE A and PE B.
119
4 MPLS-TP
Figure 4-21 Configuring the static LSP to carry the static L2VC
Configuration steps
Step 1 Configure CE A. Create VLANs and add the specified interface to VLANs. Configure the IP address. Configurations on CE B are identical to the ones on CE A.
Raisecom#hostname CEA CEA#config CEA(config)#create vlan 2-4 active CEA(config)#interface ip 0 CEA(config-ip)#ip address 10.0.0.1 3 CEA(config-ip)#exit CEA(config)#interface line 1 CEA(config-port)#switchport mode trunk
Step 2 Configure IP addresses for PE A and PE B and create VLANs for PE A, PE B, and P.
Configure PE A.
Raisecom#hostname PEA PEA#config PEA(config)#create vlan 2-4 active PEA(config)#interface ip 0 PEA(config-ip)#ip address 10.0.0.2 4 PEA(config-ip)#exit PEA(config)#interface line 1 PEA(config-port)#switchport mode trunk PEA(config-port)#interface line 2 PEA(config-port)#switchport mode trunk PEA(config-port)#exit
Configure PE B.
Raisecom#hostname PEB PEB#config PEB(config)#create vlan 2-4 active
120

PEB(config)#interface ip 0 PEB(config-ip)#ip address 20.0.0.2 4 PEB(config-ip)#exit PEB(config)#interface line 1 PEB(config-port)#switchport mode trunk PEB(config-port)#interface line 2 PEB(config-port)#switchport mode trunk PEB(config-port)#exit
4 MPLS-TP
Configure P.
Raisecom#hostname P P#config P(config)#create vlan 2-4 active P(config)#interface line 1 P(config-port)#switchport mode trunk P(config-port)#interface line 2 P(config-port)#switchport mode trunk P(config-port)#exit
Step 3 Enable MPLS on PE A, PE B, and P and configure the static LSP. Create the Tunnel between PE A and PE B and configure the static L2VC.
Configure PE A.
PEA(config)#mpls lsr-id 10.0.0.2 PEA(config)#mpls enable PEA(config)#mpls static-lsp ingress a2b 20.0.0.2 255.255.255.255 nexthopmac 000e.5e11.1113 vlan 4 line 2 out-label 301 lsr-id 20.0.0.2 tunnel-id 1 PEA(config)#mpls static-lsp egress b2a in-label 201 lsr-id 20.0.0.2 tunnel-id 2 PEA(config)#mpls l2vpn PEA(config)#interface line 1 PEA(config-port)#mpls static-l2vc destination 20.0.0.2 raw vc-id 1 vclabel 301 tunnel-interface 1 PEA(config-port)#exit
Configure PE B.
PEB(config)#mpls lsr-id 20.0.0.2 PEB(config)#mpls enable PEB(config)#mpls static-lsp egress a2b in-label 302 lsr-id 10.0.0.2 tunnel-id 1 PEB(config)#mpls static-lsp ingress b2a 10.0.0.2 255.255.255.255 nexthopmac 000e.5e11.1113 vlan 4 line 1 out-label 202 lsr-id 10.0.0.2 tunnel-id 2 PEB(config)#mpls l2vpn
121
4 MPLS-TP
PEB(config)#interface line 1 PEB(config-port)#mpls static-l2vc destination 10.0.0.2 raw vc-id 1 vclabel 201 tunnel-interface 2 PEB(config-port)#exit
Configure P.
P(config)#mpls P(config)#mpls P(config)#mpls 000e.5e11.1112 tunnel-id 1 P(config)#mpls 000e.5e11.1111 tunnel-id 2
lsr-id 10.0.0.3 enable static-lsp transit a2b in-label 301 nexthop-mac vlan 4 line 2 out-label 302 lsr-id 10.0.0.2 20.0.0.2 static-lsp transit b2a in-label 202 nexthop-mac vlan 4 line 1 out-label 201 lsr-id 20.0.0.2 10.0.0.2
Checking results
Use the show mpls static-lsp command to show static LSP configurations, taking PE A for an example.
PEA(config)#show mpls static-lsp LSP-Index: 2 LSP-Name: b2a LSR-Role: Ingress LSP-Flag: Working Ingress-Lsr-Id: 10.0.0.2 Egress-Lsr-Id: 20.0.0.2 FEC: 20.0.0.2 In-Label: -Out-Label: 203 In-Interface: -Out-Interface: line 1 Next-Hop: -Next-Mac: 000E.5E12.1113 Vlan-Id: 4 Tunnel-Id: 2 LSP Status: Down LSP-Index: 3 LSP-Name: a2b LSR-Role: Egress LSP-Flag: Working Ingress-Lsr-Id: 20.0.0.2 Egress-Lsr-Id: 10.0.0.2 FEC: -In-Label: 303 Out-Label: -In-Interface: all interfaces Out-Interface: --
122

Next-Hop: Next-Mac: Vlan-Id: Tunnel-Id: LSP Status: ---1 Up
4 MPLS-TP
Use the show interface tunnel command to show whether the Tunnel is created successfully, taking PE A for an example.
PEA(config)#show interface tunnel Interface tunnel 1 Encapsulation is MPLS Tunnel source 10.0.0.2, destination 20.0.0.2, Tunnel protocol static, tunnel id 1 ,explicit-path:--, Tunnel related LSP Type: Unidirectinal, LSP-name: a2b, Tunnel current state : UP Last up time: 2013-3-16, 12:26:17
Use the show mpls l2vc command to show static L2VC configurations, taking PE A for an example.
PEA(config-port)#show mpls l2vc Client Interface : line 1 Client Vlan : All VC ID : 1 Encapsulation Type: raw Tunnel Type : mplsNonTe Destination : 20.0.0.2 Tunnel Policy : -Tunnel Number : 1 Local VC Label : 201 Remote VC Label : 201 AC Status : down VC State : lowerLayerDown VC Signal : manual PW Control Word : enable Local VC MTU : 1500 Remote VC MTU : -TPID : 0x8100 SVLAN : -Create Time : 1970-01-01,09:02:37 Up Time : 0 days, 0 hours, 0 minutes 0.0 second Last Change Time : 1970-01-01,09:02:37 ---------------------------------------Total l2vc : 1 0 up 1 down
123
4 MPLS-TP
4.8.3 Examples for configuring MPLS-TP linear protection switching

As shown in Figure 4-22, PE A and PE B communicate with each other through the MPLS network. To enhance the link reliability, you need to configure linear protection switching between PE A and PE B. LSPs among PE A, P A, and PE B are working links. LSPs among PE A, P B, and PE B are protection links. It requires that service can be quickly switched to the protection link for transmission when the working link fails.

The static LSP among PE A, P A, and PE B is named as a2bA. The static LSP among PE A, P B, and PE B is named as a2bB. The static LSP among PE B, P A, and PE B is named as b2aA. The static LSP among PE B, P B, and PE A is named as b2aB.
Figure 4-22 Configuring MPLS-TP linear protection switching
Configuration steps
Step 1 Configure VLANs and add specified interfaces to VLANs. Configure IP addresses and static routings. Configurations on CE devices are not described in this guide.
Configure PE A.
Raisecom#hostname PEA PEA#config PEA(config)#create vlan 20,30,40,50 active PEA(config)#interface ip 0 PEA(config-ip)#ip address 20.0.0.1 20 PEA(config-ip)#interface ip 1 PEA(config-ip)#ip address 50.0.0.1 50 PEA(config-ip)#exit PEA(config)#interface line 1 PEA(config-port)#switchport access vlan 20
124

PEA(config-port)#interface line 2 PEA(config-port)#switchport access vlan 50 PEA(config-port)#exit
4 MPLS-TP
Configure PE B.
Raisecom#hostname PEB PEB#config PEB(config)#create vlan 20,30,40,50 active PEB(config)#interface ip 0 PEB(config-ip)#ip address 30.0.0.1 30 PEB(config-ip)#interface ip 1 PEB(config-ip)#ip address 40.0.0.1 40 PEB(config-ip)#exit PEB(config)#interface line 1 PEB(config-port)#switchport access vlan 30 PEB(config-port)#interface line 2 PEB(config-port)#switchport access vlan 40 PEB(config-port)#exit
Configure P A.
Raisecom#hostname PA PA#config PA(config)#create vlan 20,30,40,50 active PA(config)#interface ip 0 PA(config-ip)#ip address 20.0.0.2 20 PA(config)#interface line 1 PA(config-port)#switchport mode trunk PA(config-port)#switchport trunk allowed vlan 20-50 PA(config-port)#interface line 2 PA(config-port)#switchport mode trunk PA(config-port)#switchport trunk allowed vlan 20-50 PA(config-port)#exit
Configure P B.
Raisecom#hostname PB PB#config PB(config)#create vlan 20-70 active PB(config)#interface ip 0 PB(config-ip)#ip address 50.0.0.2 50 PB(config-ip)#exit PB(config)#interface line 1 PA(config-port)#switchport mode trunk PA(config-port)#switchport trunk allowed vlan 20-50 PB(config-port)#interface line 2
125

PA(config-port)#switchport mode trunk PA(config-port)#switchport trunk allowed vlan 20-50 PB(config-port)#exit
4 MPLS-TP
Step 2 Enable MPLS on PE A, PE B, P A, and P B. Configure static LSPs from PE A to PE B, as well as from PE B to PE A. Create Tunnels between PE A and PE B and configure the static L2VC.
Configure PE A.
PEA(config)#mpls lsr-id 20.0.0.1 PEA(config)#mpls enable PEA(config)#interface ip 0 PEA(config-ip)#mpls enable PEA(config-ip)#interface ip 1 PEA(config-ip)#mpls enable PEA(config-ip)#exit PEA(config)#mpls static-lsp ingress a2bA 30.0.0.1 nexthop-mac 000e.5e11.1113 vlan 20 line 1 out-label 103 lsr-id 40.0.0.1 tunnel-id 1 PEA(config)#mpls static-lsp egress b2aA in-label 301 lsr-id 40.0.0.1 tunnel-id 2 PEA(config)#mpls static-lsp ingress a2bB 40.0.0.1 nexthop-mac 000e.5e11.1114 vlan 50 line 2 out-label 104 lsr-id 40.0.0.1 tunnel-id 3 PEA(config)#mpls static-lsp egress b2aB in-label 401 lsr-id 40.0.0.1 tunnel-id 4 PEA(config)#mpls l2vpn PEA(config)#interface line 1 PEA(config-port)#mpls l2vpn PEA(config-port)#mpls static-l2vc destination 30.0.0.1 raw vc-id 1 vclabel 100 tunnel-interface 1 PEA(config-port)#exit
Configure PE B.
PEB(config)#mpls lsr-id 60.0.0.1 PEB(config)#mpls enable PEB(config)#interface ip 0 PEB(config-ip)#mpls enable PEB(config-ip)#interface ip 1 PEB(config-ip)#mpls enable PEB(config-ip)#exit PEB(config)#mpls static-lsp egress a2bA in-label 302 lsr-id 20.0.0.1 tunnel-id 1 PEB(config)#mpls static-lsp ingress b2aA 20.0.0.1 nexthop-mac 000e.5e11.1113 vlan 30 line 1 out-label 203 lsr-id 20.0.0.1 tunnel-id 2 PEB(config)#mpls static-lsp egress a2bB in-label 402 lsr-id 20.0.0.1 tunnel-id 3 PEB(config)#mpls static-lsp ingress b2aB 50.0.0.1 nexthop-mac 000e.5e11.1114 vlan 40 line 2 out-label 204 lsr-id 20.0.0.1 tunnel-id 4 PEB(config)#mpls l2vpn
126
4 MPLS-TP
PEB(config)#interface line 2 PEB(config-port)#mpls static-l2vc destination 50.0.0.1 raw vc-id 2 vclabel 200 tunnel-interface 2 PEB(config-port)#exit
Configure P A.
PA(config)#mpls lsr-id 20.0.0.2 PA(config)#mpls enable PA(config)#interface ip 0 PA(config-ip)#mpls enable PA(config-ip)#exit PA(config)#mpls static-lsp transit a2bA 000e.5e11.1112 vlan 30 line 2 out-label tunnel-id 1 PA(config)#mpls static-lsp transit b2aA 000e.5e11.1111 vlan 20 line 1 out-label tunnel-id 2
in-label 103 nexthop-mac 302 lsr-id 20.0.0.1 40.0.0.1 in-label 203 nexthop-mac 301 lsr-id 40.0.0.1 20.0.0.1
Configure P B.
PB(config)#mpls lsr-id 50.0.0.2 PB(config)#mpls enable PB(config)#interface ip 0 PB(config-ip)#mpls enable PB(config-ip)#exit PB(config)#mpls static-lsp transit a2bB 000e.5e11.1112 vlan 40 line 2 out-label tunnel-id 3 PA(config)#mpls static-lsp transit b2aB 000e.5e11.1111 vlan 50 line 1 out-label tunnel-id 4
in-label 103 nexthop-mac 302 lsr-id 20.0.0.1 40.0.0.1 in-label 203 nexthop-mac 301 lsr-id 40.0.0.1 20.0.0.1
Step 3 Configure CFM on PE A and PE B.
Configure PE A.
PEA(config)#mpls-tp cfm domain level 7 PEA(config)#mpls-tp service ma1 level 7 PEA(config-service)#service lsp ingress a2bA egress b2aA PEA(config-service)#service mep down mpid 1 line 1 PEA(config-service)#service cc enable mep 1 PEA(config-service)#service remote-mep 2 line 1 PEA(config-service)#mpls-tp service ma2 level 7 PEA(config-service)#service lsp ingress a2bB egress b2aB PEA(config-service)#service mep down mpid 3 line 2 PEA(config-service)#service cc enable mep 3 PEA(config-service)#service remote-mep 4 line 2
127

PEA(config-service)#exit PEA(config)#cfm enable
4 MPLS-TP
Configure PE B.
PEB(config)#mpls-tp cfm domain level 7 PEB(config)#mpls-tp service ma1 level 7 PEB(config-service)#service lsp ingress b2aA egress a2bA PEB(config-service)#service mep down mpid 2 line 1 PEB(config-service)#service cc enable mep 2 PEB(config-service)#service remote-mep 1 line 1 PEB(config-service)#mpls-tp service ma2 level 7 PEB(config-service)#service lsp ingress b2aB egress a2bB PEB(config-service)#service mep down mpid 4 line 2 PEB(config-service)#service cc enable mep 4 PEB(config-service)#service remote-mep 3 line 2 PEB(config-service)#exit PEB(config)#cfm enable
Step 4 Configure MPLS-TP linear protection switching on PE A and PE B.
Configure PE A.
PEA(config)#mpls-tp line-protection association 1 apsab1 7 ma1 PEA(config)#mpls-tp line-protection association 1 apsab2 7 ma2 PEA(config)#mpls-tp line-protection 1 lsp working apsa2b1 apsab1 protection apsa2b2 apsab2 one-to-one
Configure PE B.
PEB(config)#mpls-tp line-protection association 2 apsba1 7 ma1 PEB(config)#mpls-tp line-protection association 2 apsba2 7 ma2 PEB(config)#mpls-tp line-protection 2 lsp working apsba1 apsba1 protection apsba2 apsba2 one-to-one
Checking results
Use the show mpls-tp line-protection status command to show the MPLS-TP linear protection group status, taking PE A for an example.
PEA(config)#show mpls-tp line-protection status Id Type Direction(Configured) Direction(Negotiated) Revert Aps State Signal(Requested/Bridged)
128
4 MPLS-TP
-------------------------------------------------------------------------------
129
5 TDMoP
TDMoP
This chapter describes principles and configuration procedures of Time Division Multiplex over Packet (TDMoP), as well as related configuration examples, including following sections:

Introduction Configuring TDM interfaces Configuring PW Configuring TDMoP clock Maintenance Configuration examples
5.1 Introduction
5.1.1 Principles of TDMoP technology
With TDMoP, TDM CS service can be transparently transmitted on a PSN. TDMoP is the combination of traditional CS network and PSN and can share resources and support network expansion. Based on this, multiple international standardization organizations draft standards for TDMoP, among which the IETF PWE3 working team releases the most complete TDMoP standard and solution. This becomes dominant among all standards and solutions. The TDMoP services supported by the iTN165-CES are PWE3-based circuit emulation.
Overview of PWE3
PWE3 is a protocol structure for end-to-end tunnel transmission Layer 2 emulation services. For details, see RFC3985. Figure 5-1 shows the principle of PWE3. Step 1 CE 1 transmits TDM service data to PE 1 through AC. Step 2 PE1 encapsulates TDM service data to PW messages through related protocols to form one or multiple PWs.
130
5 TDMoP
Step 3 PW messages are carried through the Tunnel defined by a PSN protocol, such as MPLS, Metro Ethernet Forum (MEF), or UDP/IP, traverse the PSN, and reach PE 2. Step 4 PE 2 removes headers of PW messages at the egress interface, decapsulates and transmits TDM service data to CE 2 through AC. Figure 5-1 Principles of PWE3
CE: connected to the ISP network through the TDM interface. A CE may be a TDM device or router. The CE cannot sense the PSN. AC: an E1/T1 link that connects a CE and a PE. PE: a device at the edge of ISP network, connected to a CE through its downlink interface and the PSN through its uplink interface. In uplink direction, the PE encapsulates received TDM service data into emulation messages and then transmits emulation messages to the PTN through the uplink interface. In downlink direction, the PE decapsulates received emulation messages to TDM service data, and transmits TDM service data to the CE. Tunnel: a tunnel transparently transmitting TDM emulation messages across the PSN
TDM interface
At present, TDMoP is used to emulate low-speed PDH services and transparently transmit E1/T1 services on a PSN. E1/T1, early used in voice communication, is widely used in data communication now. The E1 interface, a physical layer interface, can connect Public Switched Telephone Network (PSTN) devices, private network devices, and user access network devices. It carries Layer 2 services, such as TDM, frame relay, and ATM services. The E1 interface has following features:

Be used in European and China, etc. The E1 interface speed is 2.048 Mbit/s. An E1 frame is composed of 32 timeslots, numbering TS0 through TS31. The speed of each timeslot is 64 Kbit/s. An E1 frame is 256 bits long, and takes 125 s to be transmitted. Each timeslot is 8 bits long. E1 data is in three modes: framed, multiframed, and unframed. In a multiframed E1, TS0 carries Frame Alignment Signal (FAS), CRC-4, and peer alarm indicator, and TS16 carries Channel Associated Signaling (CAS), multi-FAS, and multiframe peer alarm indicator. In a framed E1, TS0 carries FAS and uses out-of-band Common Channel Signaling (CCS), and TS16 carries service data. Namely, TS1 through TS31 carry service data. Unframed E1 is used on the 2.048 Mbit/s private network, and has no timeslots.
5 TDMoP
Tunnel
Tunnel is a tunnel that carries TDM service to traverse the PSN. It is a path used to transparently transmit data between the local PE and peer PE. TDM service data is encapsulated in PW emulation messages, and thus is invisible to the Tunnel. A Tunnel can carry one or multiple PWs. When the PSN is a MPLS network, the Tunnel is defined by the MPLS outer label. The position of the Tunnel in the TDMoP protocol stack is shown in Figure 5-2. The PW demultiplexing layer and PSN layer define the Tunnel. The PW de-multiplexing layer belongs to the PWE3 data layer. It cooperates with the PSN layer to transparently transmit emulation packets. Figure 5-2 TDMoP circuit emulation protocol stack
PW
PW is a mechanism that encapsulates TDM service data into PW emulation messages and then uses the Tunnel to carry these PW emulation messages to traverse the PSN. PW supports the following functions:

Encapsulate TDM service data into PW emulation messages. Provide a Tunnel that can carry a PW emulation message to traverse the PSN. Establish PW connection, distribute and exchange PW labels at the Tunnel ends. Sort PW messages and extract clock signals. Manage data status and alarms of TDMoP circuit emulation services.
With distribution and exchange of PW labels, TDMoP circuit emulation services can be forwarded among different nodes in the PSN. The PW label is used to identify PW emulation message flows in the same channel, so same PW labels cannot coexist in a Tunnel. The PW label is defined by the innermost label of the MPLS protocol. The iTN165-4GEE1 provides up to 31 PWs. The iTN165-4GE4E1/iTN165-4GE4E1-BL provides up to 64 PWs. The iTN165-4GEV35 provides up to 1 PW.
5.1.2 TDMoP service encapsulation protocol

TDMoP technology is used to transparently transmit TDM services across the PSN. TDM services are encapsulated into emulation messages by using the adaption protocol and then are transmitted to the PSN for transparent transmission.
132
5 TDMoP
TDM services are grouped into 2 types based on the structure: encapsulation protocols are divided into structured and unstructured protocols, including:

Structure-Agnostic TDM over Packet (SAToP) Structure-Aware TDM Circuit Emulation Service over Packet-Switched Network (CESoPSN)
SAToP
SAToP provides emulation for low-speed PDH circuit services, such as E1, T1, E3, and T3 services. It encapsulates unstructured services only. It takes TDM services as a serial data flow, fragments and encapsulates it into PW packets for transmission. SAToP is defined by the RFC4553. SAToP encapsulation principles of MPLS-based TDM data are shown in Figure 5-3. E1/T1 data flow is taken as binary codes to be fragmented into data packets with a fixed length and then be encapsulated into TDM payload. The outer lay is encapsulated by the Real-time Transport Protocol (RTP) header, SAToP control word, and MPLS label. Therefore, a PW emulation message is composed.
Varying on protocols used in the PSN, positions of the SAToP control word in the emulation packets are different. For details, see RFC4553. Figure 5-3 SAToP encapsulation principles
SAToP control word
An emulation message encapsulated by the SAToP protocol contains a 4-byte control word, as shown in Figure 5-4. Figure 5-4 Structure of the SAToP control word
Table 5-1 describes fields of the SAToP control word.
133
5 TDMoP
Table 5-1 Fields of the SAToP control word Field 0000 Length (bit) 4 Description Provide the necessary MPLS payload discrimination. By default, the value is set to 0. L 1 If the value is set to 1, it indicates the TDM link fails. That is, the TDM data encapsulated by SAToP is incorrect. If the value is set to 1, it indicates the PSN-side packet loss ratio exceeds the preconfigured threshold, notifying the peer that the local is in the packet loss status. By default, the value is set to 0. Indicate the packet is encapsulated in fragment. By default, the value is set to 0. Indicate the size of SAToP packet (defined as SAToP overhead size + TDM payload size). The value must be set to 0 if the length is more than 64 bytes. Indicate the serial number for the SAToP encapsulated packet, used for detecting packet loss ratio.
Reserved Fragmentation Length
2 2 6
Sequence number
16
RTP
RTP supports end-to-end transmission of real-time data across a network, such as unicastbased and multicast-based voice, video, and emulation services. Varying on protocols adopted by the PSN, positions of the RTP field in emulation messages are different. The RTP field precedes the SAToP control word for UDP/IP PSN, while the RTP field follows the SAToP control word in other PSN networks. The RTP field is an optional 12byte filed in an encapsulation protocol header. RTP provides a sequence number for identifying the emulation packet, whose function is similar to the sequence number of the SAToP control word. However, the RTP sequence number does not coexist with the sequence number of the SAToP control word. The RTP structure is shown in Figure 5-5. Figure 5-5 Structure of RTP packet header
Table 5-2 describes fields of the RTP packet header.
134
5 TDMoP
Table 5-2 Fields of the RTP packet header Field V P Length (bit) 2 1 RTP protocol version Padding flag If the value is set to 1, it indicates that one or more extra 8bit are padded at the end of the message. The padding is not valid payload. X 1 Extended flag If the value is set to 1, it indicates that an extended packet header is padded after the RTP packet header. CC 4 Contributing Sources (CSRC) counter It indicates the number of CSRC identifiers. M 1 Marker Different payloads have different markers. PT Sequence number 7 16 Valid information carried in the payload Sequence number of a RTP packet It grows by 1 when a packet is sent. With it, the receiver detects packet loss ratio and resorts packets. Timestamp 32 Time index for the first sample of the RTP packet It has two modes: absolute mode and differentiated mode. With it, the receiver calculates delay and jitter. SSRC CSRC 32 32 Synchronization Source (SSRC) Identifier, used to detect error connection Contributing Source (CSRC) Identifier, used to identify all contributing sources contained in the valid payload of the RTP packet Description
TDM payload
In SAToP encapsulation mode, TDM frame structure and its internal signaling are not identified and processed. Instead, TDM service data is fragmented and encapsulated, and then transparently transmitted.
The length of SAToP encapsulation packet takes byte as the unit. After a PW connection is established, the length of SAToP encapsulation packets is fixed accordingly. For a PW, the length in both two directions must be identical and keeps fixed in the whole working period. The length of SAToP encapsulation packets cannot exceed the MTU between 2 PEs.
135
5 TDMoP
CESoPSN
CESoPSN, defined by the RFC5086, emulates low-speed PDH circuit services, such as E1, T1, E3, and T3 services. It provides structured TDM emulation service transmission, has a frame structure, and can recognize and process TDM internal frame signaling. CESoPSN discards idle timeslots and encapsulates timeslots in use, thus improving bandwidth utilization. Figure 5-6 shows CESoPSN encapsulation principle for MPLS-based TDM data. Frame structure of E1/T1 specified timeslot is encapsulated into the TDM payload. The outer lay is encapsulated by the RTP header, CESoPSN control word, and MPLS label. Therefore, a PW emulation message is composed. The length of the TDM payload in the packet is a multiple of the length of E1/T1 frame structure (125 s).
Varying on protocols used in the PSN, positions of the CESoPSN control word in the emulation packets are different. For details, see RFC5086. Figure 5-6 CESoPSN encapsulation principles
CESoPSN control word
The CESoPSN encapsulation protocol contains a 4-byte control word, whose format is shown in Figure 5-7. Figure 5-7 Structure of the CESoPSN control word
Table 5-3 describes fields of the CESoPSN control word. Table 5-3 Fields of the CESoPSN control word Field 0000 Length (bit) 4 Description Provide the necessary MPLS payload discrimination. By default, the value is set to 0. L 1 If the value is set to 1, it indicates the TDM link fails. That is, the TDM data encapsulated by CESoPSN is incorrect.
136
5 TDMoP
Field R
Length (bit) 1
Description If the value is set to 0, it indicates the PSN-side packet loss ratio exceeds the preconfigured threshold, notifying the peer that the local is in the packet loss status. It indicates signaling detection at the AC side. Combination of M and L indicates that packet received from the PSN side is a signaling packet or a service packet. Indicate the packet is encapsulated in fragment. By default, the value is set to 0. Indicate the size of CESoPSN packet (defined as CESoPSN overhead size + TDM payload size). The value must be set to 0 if the length is more than 64 bytes. Indicate the serial number for the SAToP encapsulated packet, used for detecting packet loss ratio.
Fragmentation Length
2 6
Sequence number
16
RTP
The RTP field precedes the CESoPSN control word for UDP/IP PSN, while the RTP field follows the CESoPSN control word in other PSN networks. The RTP field is an optional 12byte filed in an encapsulation protocol header, whose structure and function are identical to ones of SAToP protocol.
TDM payload
The payload of a CESoPSN encapsulation packet is a basic NxDS0 data queue with or without signaling. Signaling and basic NxDS0 data can be encapsulated independently or together. There are three encapsulation modes: encapsulation of basic NxDS0 data, encapsulation of NxDS0 signaling, and encapsulation of NxDS0 data and signaling.
After a PW connection is established, the length of a CESoPSN encapsulation packet is fixed accordingly. The length value is related to the delay of the encapsulation packet. The delay of the emulation packet is consistent, which can simplify compensation mechanism of PW packet loss. The delay of the CESoPSN encapsulation packet ranges from 1ms to 5ms, with its unit of 125 s. After a PW is established, the length of a CESoPSN encapsulation packet is fixed accordingly. The length of PW encapsulation packets in all directions must be identical. CESoPSN encapsulation packet discards invalid TDM service data and then the L field of the CESoPSN control word is set to 1. Encapsulation of basic NxDS0 data
As shown in Figure 5-8, the payload of a CESoPSN encapsulation packet consists of M frames (Frame 1 to Frame M). A frame has N timeslots in use (that is, NxDS0 carrying data). When the CESoPSN encapsulation packet is forwarded through the PW, Frame 1 of the payload will be forwarded first. The length of the CESoPSN encapsulation packet is a multiple of a frame, and is related to the delay.
5 TDMoP
Figure 5-8 Format for CESoPSN encapsulation of basic NxDS0 data
Encapsulation of basic NxDS0 signaling
As shown in Figure 5-9, the payload of the CESoPSN packet consists of N signaling codes of DS0 channel, which means the payload of the CESoPSN packet only contains DS0 signaling. This encapsulation mode is a supplement of basic NxDS0 encapsulation mode. Figure 5-9 Format for CESoPSN encapsulation of basic NxDS0 signaling
A signaling encapsulation packet uses an independent sequence number. Values of some bits in the control word of the signaling encapsulation packet are set as follows: L = 0, M = 11, and R = 0. If the RTP header exists in the signaling encapsulation packet, a PT mark is assigned specially to the packet with independent SSRC. Encapsulation of basic NxDS0 and signaling
As shown in Figure 5-10, a CESoPSN encapsulation packet consists of M frames (Frame 1 to Frame M). A frame contains N NxDS0 with data. The signalling also contains signalling codes corresponding to NxDS0. Each signaling code occupies 4 bits. A byte is composed of 2 DS0 signaling codes or a DS0 signaling code and padding bits (if not adequate for a byte). Figure 5-10 Format for CESoPSN encapsulation of basic NxDS0 and signaling
The iTN165-CES supports CESoPSN and SAToP encapsulation protocols.
5.1.3 TDMoP clock recovery technology

The key to TDMoP is clock synchronization. A feature of TDM services is high real-time requirement; that is, the clocks of both the sender and the receiver must be in the same precision grade. At present, the main clock synchronization mechanisms used by TDMoP technology are as below:

Self-adaptive clock recovery Differential clock recovery External clock input
138

5 TDMoP
Link loopback clock System clock
Self-adaptive clock recovery

Self-adaptive clock recovery, based on queue buffering, traces IP Packet Delay Variation (IPDV) through the length of packet queue of the receiver. This is a basis of clock synchronization between the sender and the receiver. Figure 5-11 shows the principle of self-adaptive clock recovery. Figure 5-11 Principle of self-adaptive clock recovery
The process for self-adaptive clock recovery is shown as follows: Step 1 A source Inter-Working Function (IWF) device sends its source clock signals to the destination IWF device. Step 2 The destination IWF device buffers all received signals in a queue, and then sends local clock signals out. Step 3 If the source IWF clock is not synchronized with the destination IWF clock, the length of the buffering queue on the destination IWF changes. Detailed descriptions are shown as follows:

If the length increases, the destination clock runs slower than the source clock; thus advance the destination clock. If the length decreases, the destination clock runs faster than the source clock; thus slow down the destination clock.
Self-adaptive clock recovery is a passive feedback mechanism. When the clock is adjusted properly, clock synchronization between the source IWF device and the destination IWF device on the PSN is complete.
Differential clock recovery

Differential clock recovery, based on the Primary Reference Clock (PRC), sends the coded differential value between the source clock the PRC to the destination. The destination compares the destination clock with the PRC and then adjusts its clock. This mechanism is not affected by delay jitter of the PSN. Therefore, it is always used when delay jitter is out of control. Figure 5-12 shows the principle of differential clock recovery.
139
5 TDMoP
Figure 5-12 Principle of differential clock recovery
External clock input

External clock input (GPS/IEEE1588/synchronization Ethernet) technology is used to establish a clock synchronization network, where clock signals are sent to a device. In this mechanism, different nodes should have the same external clock source and devices should have external clock input interface. External clock source is diverse, such as GPS, IEEE1588, or synchronization Ethernet. The external clock input of the iTN165-CES is provided by devices that support clock sub-card, as shown in Figure 5-13. Figure 5-13 Principle of external clock input
Link loopback clock

The clock source of the TDMoP device is recovered from the TDM interface or serial link port, as shown in Figure 5-14. Figure 5-14 Principle of link loopback clock
140
5 TDMoP
5.1.4 TDMoP delay jitter buffer technology

Delay jitter is the delay change of frames in a network. That is, after transmission, the delay for each frame in the network is variable. This changeable delay is called jitter. The cause to delay jitter is that the bearing network (PSN) of TDM services is asynchronous and frames are transmitted in different paths. Frame Packet jitter has great impact on performance of emulation services. Therefore, compensation must be taken to emulation services. The jitter buffer on the destination can reduce the impact caused by frame delay changes. It buffers early or late packets. Its capacity should be set properly. If its capacity is greater, the destination can buffer more frames, but produce greater delay upon reconstruction of TDM services. If its capacity is smaller, the destination can buffer fewer frames. Manual configuration of its capacity is preferred. Jitter buffer is set according to the measurement and estimation of PSN delay when a PW is established. The iTN165-CESsupports manually configuring the Jitter Buffer size through CLI.
5.2 Configuring TDM interfaces

Scenario
The iTN165-CES accesses TDM services through the TDM interface. When providing circuit emulation services, you need to configure basic properties and related features of TDM interfaces, such as the link type and Rx clock source of TDM interfaces, and codes of TDM idle timeslots. Circuit emulation services are encapsulated based on the TDM interface type. When a TDM interface is in framed/multiframed mode, TDM frame structure can be recognized and structured encapsulation mode is adopted. When a TDM interface is in unframed mode, unstructured encapsulation mode is adopted. In structured encapsulation mode, PW can be only related to timeslots that carry services. Timeslots related to the PW are occupied timeslots and the ones does not carry services are idle timeslots.
Prerequisite
N/A
5.2.2 Configuring E1 interfaces
These configurations are available for the device whose TDM interface is an E1 interface. Step 1 Command
Raisecom#config

5 TDMoP
Step 2 3
Command
Raisecom(config)#interface tdm
Description Enter TDM interface configuration mode. Configure the link type of the TDM interface (E1 interface). By default, the link type is set to E1 unframed mode. Configure the code of idle timeslots for the TDM interface (E1 interface). By default, the code is set to 0x7e.
interface-number
Raisecom(config-tdm-port)#tdm-type { e1-unframed | e1-framed | e1-crcframed | e1-framed-cas | e1-crcframed-cas | t1-unframed | t1-d4 | t1-d4-cas | t1-esf | t1-esf-cas } Raisecom(config-tdm-port)#ts-idlecode ts-code
5.2.3 Configuring V.35 interfaces
These configurations are available for the device whose TDM interface is a V.35 interface. Step 1 2 3 4 Command
Raisecom#config Raisecom(config)#interface tdm 1 Raisecom(config-tdm-port))# bandwidth-speed N Raisecom(config-tdm-port))#clockpolarity { normal | invert } Raisecom(config-tdm-port))#cts { on | rts } Raisecom(config-tdm-port))#dcd { on | off }
Description Enter global configuration mode. Enter TDM interface configuration mode. Configure the speed of the V.35 interface. By default, the speed is set to 2048 Kbit/s. Configure the clock polarity of the V.35 interface. By default, the clock polarity is set to normal. Configure Clear to Send (CTS) on the V.35 interface. By default, CTS is enabled. Configure Data Carrier Detect (DCD) on the V.35 interface. By default, CTS is enabled.

No. 1 2 Command
Raisecom(config-tdm)#show tdm interface Raisecom(config-tdm)#show pw-status
Description Show configurations of the current TDM interface. Show the status of the PW associated to the current TDM interface.
142
5 TDMoP
5.3 Configuring PW
Scenario
TDM service data flow is received by the TDM interface and then is encapsulated to PW packets via a protocol. PW packets of the same type form the PW service flow, which is transmitted through the Tunnel to traverse the PSN. After reaching the peer device, PW service flow is de-capsulated to the original TDM service data flow and the TDM service data flow is forwarded through the TDM interface. The iTN165-CESsupports MPLS-/MEF-/IP-based PSN. Therefore, Tunnels are grouped in these 3 types. Properties of a MPLS Tunnel are defined by the LSP and L2VPN of the MPLS protocol. For details about how to create a MPLS Tunnel, see related configurations. MPLS/IP-based PW packets select a transport path based on the IP address. The source IP address of a PW packet is the IP address of the TDMoP sub-card.
Prerequisite
N/A
5.3.2 Configuring IP address of TDMoP sub-card
The IP address of the TDMoP sub-card and the management IP address of the iTN165-CES should be in different network segments. Step 1 2 Command
Raisecom#config Raisecom(config)#tdmop-ip-address ip-address [ ip-mask ]
Description Enter global configuration mode. Configure the IP address of the TDMoP sub-card.
5.3.3 Creating Tunnel

The Tunnel is a tunnel to carry PWs to traverse the PSN. Before configuring PWs, you must configure the Tunnel.
When Tunnel packets are Tag ones, CVLAN ID and priority are required parameters while SVLAN ID and priority are optional parameters. When Tunnel packets are Double-tag ones, CVLAN ID, SVLAN ID, and priority are required parameters. When Tunnel packets are Untag ones, you do not need to configure the CVLAN ID and SVLAN ID.
143
5 TDMoP
Step 1 2
Command
Raisecom#config Raisecom(config)#mef tunnel tunnel-name dest-mac-address mac-address tag-vlan-mode { double-tag | tag | untag } [ cvlan-id vlan-id pri privalue ] [ svlan-id vlan-id pri pri-value ]
Description Enter global configuration mode. Create a MEF Tunnel and configure basic properties of the Tunnel, including the destination MAC address, VLAN mode, VLAN ID, and priority.
The destination MAC address of a MEF Tunnel is the MAC address of the TDMoP sub-card on the remote device. Create an IP Tunnel and configure basic properties of the Tunnel, including the destination IP address, TTL, ToS, next-hop address and type, VLAN mode, VLAN ID, and priority. You can use the no tunnel tunnel-name command to delete a created Tunnel.
Raisecom(config)#ip tunnel tunnel-name slot-id dest-ipaddress ip-address [ ip-ttl ttlvalue ] [ ip-tos tos-value ] [ nexthop-type { ip nexthop-addr ip-address | mac nexthop-addr mac-address } ] tag-vlan-mode { double-tag | tag | untag } [ cvlan-id vlan-id pri privalue ] [ svlan-id vlan-id pri pri-value ]
The destination IP address of an IP Tunnel is the IP address of the TDMoP sub-card on the remote device.
5.3.4 Creating PW and configuring PW properties

Step 1 2 Command
Raisecom#config Raisecom(config)#mpls cespw pwname vc-id vc-id type { cesop | satop } tdmport interfacenumber timeslot { all | tsstring } in-label label-value out-label label-value destination ip-address [ tunnel-interface interfacenumber ] Raisecom(config)#mef cespw pwname type { cesop | satop } tdmport interface-number timeslot { all | tsstring } inlabel label-value out-label label-value tunnel tunnel-name Raisecom(config)#ip cespw pwname type { cesop | satop } tdmport interface-number timeslot { all | tsstring } inlabel label-value out-label label-value tunnel tunnel-name
Description Enter global configuration mode. Create a MPLS PW and configure basic properties of the PW, including the encapsulation protocol type, in-label value, out-label value, related TDM interface ID, timeslot ID, and destination IP address.
Create a MEF PW and configure basic properties of the PW, including the encapsulation protocol type, related TDM interface ID, bound timeslot ID, in-label value, outlabel value, and bound Tunnel name.
Create an IP PW and configure basic properties of the PW, including the encapsulation protocol type, related TDM interface ID, bound timeslot ID, in-label value, out-label value, and bound Tunnel name.
144
5 TDMoP
Step 3 4
Command
Raisecom(config)#cespw pw-name Raisecom(config-pw)#load-time
Description Enter PW configuration mode. Configure the PW packet encapsulation time, the PW packet encapsulation time is a multiple of 125 s. By default, the PW packet encapsulation time is 1000 s.
load-time
Raisecom(config-pw)#frame-size
size-value
(Optional) configure the number of TDM frames encapsulated into PW packets.
The function of this command is identical to the one of the load-time load-time command. The latter configured one takes effect. 6
Raisecom(config-pw)#jitterbuffer jitter-buffer Raisecom(config-pw)#rtp-header enable
Configure the PW Jitter Buffer size. By default, the PW Jitter Buffer size is set to 8000 s. Enable RTP of the PW packet header.
When the TDMoP system adopts the differential clock mechanism, you must enable RTP of the PW packet header. 8
Raisecom(config-pw)#sesthreshold ses-threshold
Configure the packet loss ratio threshold for a PW entering Severely Errored Second (SES) status. By default, the packet loss ratio threshold for a PW entering SES status is set to 30%.
Raisecom(config-cespw)#cespwexp exp-priority Raisecom(config-pw)#oos-act { not-care | oos-suppression } Raisecom(config-pw)#out-synchthreshord out-synch-threshord Raisecom(config-pw)#connect enable
Configure the EXP priority of the PW packets. By default, the PW EXP priority is set to 0. Configure the Out of Service (OOS) action of a PW. By default, the PW OOS action is set to not-care. Configure the sequential frame loss threshold. By default, the sequential frame loss threshold is set to 15. Enable PW connection. Services cannot be transmitted unless the PW connection is created. By default, PW connection is disabled.
10
11
12
Values of the in-label and out-label of a PW must be different. The PW Jitter Buffer size must be equal to or greater than the PW packet encapsulation time.
145
5 TDMoP
5.3.5 Cheking configurations

No. 1 2 3 Command
Raisecom(config-cespw)#show cespw interface Raisecom(config)#show tunnel tunnel-name Raisecom(config)#show tdmop info
Description Show PW interface configurations and status. Show Tunnel configurations. Show TDMoP global configurations.
5.4 Configuring TDMoP clock

Scenario
The TDMoP system supports clock synchronization in nature. The PTN is an STDM-based best-effort network. It may cause end-to-end delay TDM services are encapsulated into Ethernet packets and then are transmitted cross the PTN. This also influences the performance for de-encapsulating TDM services. However, TDMoP clock recovery technology can reduce impact caused by PTN delay. The clock recovery mechanism adopted by the TDMoP system depends on the Rx clock source of the TDM interface.
Prerequisite
Create a PW.
5.4.2 Configuring Rx clock source of TDM interfaces

Step 1 2 3
Raisecom#config Raisecom(config)#interface tdm interface-
Command
Description Enter global configuration mode. Enter TDM interface configuration mode. Configure the recovery clock source PW.
number
Raisecom(config-tdm-port)#adaptive-pwname
pw-name
When the Rx clock source of a TDM interface is an Ethernet recovery clock source or a differential clock source, you need to configure a PW as the recovery clock source in advance.
146
5 TDMoP
Step 4
Command
Raisecom(config-tdm)#tx-clock-src { adaptive | differential | external | loopback | system }
Description Configure the clock source of a TDM interface (E1 interface). By default, the clock source of the TDM interface is set to system clock. Configure the clock source of a TDM interface (V.35 interface). By default, the clock source of the TDM interface is set to system clock.
Raisecom(config-tdm-port)#tx-clock-src { adaptive | system | teminal }

No. 1 Command
Raisecom(config-tdm)#show tdm interface
Description Show configurations on the clock of the current TDM interface.
5.5 Maintenance
Command
Raisecom(config-tdm-port)#loopback { internal | external | bidirectional }
Description Configure loopback mode of a TDM interface. By default, no loopback is configured the TDM interface. Clear TDM interface statistics. Clear PW statistics.
Raisecom(config-tdm-port)#clearstatistics Raisecom(config-cespw)#clearstatistics

5.6.1 Examples for configuring CESoPSN emulation services
As shown in Figure 5-15, the user has offices in sites A and B. Telephones of sites A and B access the PTN through iTN A and iTN B respectively. Telephones of sites A and B need to communicate with each other through the PTN. Configurations are shown as below:
Site A:

5 TDMoP
Occupied timeslots: TS6TS10 and TS17TS31 Idle timeslots: TS1TS5 and TS11TS15 Occupied timeslots: TS6TS10 and TS17TS31 Idle timeslots: TS1TS5 and TS11TS15
Site B:

MAC address of iTN B: 192.168.10.1 (configured on the iTN A) Encapsulation protocol: CESoPSN protocol LSR ID of iTN A: 10.1.1.1
Figure 5-15 Configuring CESoPSN emulation services
Configuration steps
Configuration steps of iTN A are identical to the ones of iTN B. In this guide, only configurations on iTN A are described. Step 1 Configure the TDM interface.
Raisecom#config Raisecom(config)#interface tdm 1 Raisecom(config-tdm-port)#tdm-type e1-crc-framed-cas Raisecom(config-tdm-port)#ts-idle-code 20 Raisecom(config-tdm-port)#exit
Step 2 Create a PW and configure basic properties of the PW.
Raisecom(config)#mpls lsr-id 10.1.1.1 Raisecom(config)#mpls enable Raisecom(config)#mpls static-lsp ingress lsp-1 192.168.10.1 255.255.255.255 nexthop-mac 192.168.27.1 out-label 2000 Raisecom(config)#mpls tunnel tunnel-a static-lsp lsp-1
148
5 TDMoP
Raisecom(config)#mpls cespw 100 type cesop tdmport 1 timeslot 6-10,1731 in-label 100 out-label 200 destination 192.168.10.1 Raisecom(config)#cespw 100 Raisecom(config-cespw)#load-time 1000 Raisecom(config-cespw)#jitter-buffer 8000 Raisecom(config-cespw)#rtp-header enable Raisecom(config-cespw)#ses-threshold 35 Raisecom(config-cespw)#oos-act oos-suppression Raisecom(config-cespw)#out-synch-threshord 10 Raisecom(config-cespw)#exit
Step 3 Configure the TDMoP clock.
Raisecom(config)#interface tdm 1 Raisecom(config-tdm)#adaptive-pwname 100 Raisecom(config-tdm)#tx-clock-src differential Raisecom(config-tdm)#exit
Step 4 Enable PW connection.
Raisecom(config)#cespw 100 Raisecom(config-pw)#connect enable
Raisecom#write
Checking results
Use the show tdm interface command to show TDM interface configurations.
Raisecom(config-tdm-port)#show tdm port tdm type line coding loopback idle code tx clock source alarm Statistics: ES SES UAS
tdm interface ...1 ...(e1-crc-framed-cas) ...(HDB3) ...(no loopback) ...(0x20) ...(differential) ...( los lof ) ...(10) ...(10) ...(18887)
149
5 TDMoP
Use the show cespw interface command to show PW configurations.
Raisecom(config-cespw)#show pw id pw name pw payload type TDM port index TDM ds0 number 1 2 3 4 5 6 9 10 11 12 13 14 17 18 19 20 21 22 25 26 27 28 29 30 pw in label pw out label pw load time jitter buffer ses threshold pw exp pw rtp-header out-synch-threshold pw oos-act pw connection config pw oper status pw local status RX PKTS TX PKTS
cespw interface ...(1) ...(100) ...(cesop) ...(1) ...(4) 7 8 15 16 23 24 31 ...(100) ...(200) ...(1000) ...(8000) ...(35%) ...(0) ...(enable) ...(10) ...(oos-suppression) ...(enable) ...(up) ...(normal) ...(167) ...(167)
5.6.2 Examples for configuring SAToP emulation services

As shown in Figure 5-16, a company has many branches in multiple cities. Branches and the headquarter are connected through the PTN to transmit services. After being connected to iTN A through the E1 lease cable, Department A accesses the PTN. And then services of Department A traverse the PTN through the transparent transmission feature of TDM emulation services to realize data communication among all branches. Perform the following configurations on iTN A:

IP address of iTN B: 192.168.11.1 Encapsulation protocol: SAToP LSR ID of iTN A: 10.1.1.1
150
5 TDMoP
Figure 5-16 Configuring SAToP emulation services
Configuration steps
Configuration steps of iTN A are identical to the ones of iTN B. In this guide, only configurations on iTN A are described. Step 1 Configure the TDM interface (this step can be ignored).
Raisecom#config Raisecom(config)#interface tdm 1 Raisecom(config-tdm)#tdm-type e1-unframed Raisecom(config-tdm)#exit
Step 2 Configure the PW.
Raisecom(config)#mpls lsr-id 10.1.1.1 Raisecom(config)#mpls enable Raisecom(config)#mpls static-lsp ingress lsp-2 192.168.11.1 255.255.255.255 nexthop 92.168.27.1 out-label 2000 Raisecom(config)#mpls tunnel tunnel-a static-lsp lsp-2 Raisecom(config)#mpls pw 60 satop tdmport 1/4 timeslot all in-label 100 out-label 200 destination 192.168.11.1 Raisecom(config)#pw 60 Raisecom(config-pw)#load-time 1500 Raisecom(config-pw)#jitter-buffer 6000 Raisecom(config-pw)#rtp-header enable Raisecom(config-pw)#ses-threshold 40 Raisecom(config-pw)#oos-act oos-suppression Raisecom(config-pw)#out-synch-threshord 10 Raisecom(config-pw)#exit
Step 3 Configure the TDMoP clock.
Raisecom(config)#interface tdm 1 Raisecom(config-tdm-port)#adaptive-pwname 60 Raisecom(config-tdm-port)#tx-clock-src differential Raisecom(config-tdm-port)#exit
151
5 TDMoP
Step 4 Enable PW connection.
Raisecom(config)#cespw 60 Raisecom(config-cespw)#connect enable
Raisecom#write
Checking results
Use the show tdm interface command to show TDM interface configurations.
Raisecom(config-tdm-port)#show tdm port tdm type line coding loopback tx clock source alarm Statistics: ES SES UAS
tdm interface ...(1) ...(e1-unframed) ...(HDB3) ...(no loopback) ...(differential) ...( los ) ...(10) ...(10) ...(19472)
Use the show cespw interface command to show PW configurations.
Raisecom(config-cespw)#show cespw interface pw id ...(65) pw name ...(60) pw payload type ...(satop) TDM port index ...(1) pw in label ...(100) pw out label ...(200) pw load time ...(1500) jitter buffer ...(6000) ses threshold ...(40%) pw exp ...(0) pw rtp-header ...(enable) out-synch-threshold ...(10) pw oos-act ...(oos-suppression) pw connection config ...(enable) pw oper status ...(up) pw local status ...(normal) RX PKTS ...(0)
152

TX PKTS ...(0)
5 TDMoP
153
6 Network reliability
Network reliability
This chapter describes principles and configuration procedures of network reliability, as well as related configuration examples, including following sections:

Introduction Configuring link aggregation Configuring interface backup Configuring ELPS
Configuring ERPS Configuring failover Maintenance Configuration examples
6.1 Introduction
To enhance the reliability of Ethernet and to meet the requirements on the Telecom network, you can deploy specified reliability technology in the Ethernet. Network reliability technologies supported by the iTN165-CES include link aggregation, interface backup, Ethernet Linear Protection Switching (ELPS), Ethernet Ring Protection Switching (ERPS), and failover.
6.1.1 Link aggregation

Link aggregation is a load-sharing technology. With link aggregation, multiple physical Ethernet interfaces are combined to form a logical aggregation group. Multiple physical links in one aggregation group are taken as a logical link. Link aggregation helps share traffics among member interfaces in an aggregation group. These aggregated links can back up data for each other dynamically. In addition to effectively improving the reliability on links between devices, link aggregation can help gain greater bandwidth without upgrading hardware. For related protocols, see IEEE 802.3ad.
154
Figure 6-1 Link aggregation
As shown in Figure 6-1, iTN A and iTN B are connected through 2 Ethernet physical links. You can bind these 2 links to form a logical link Aggregation 1. This logical link has the following advantages:
Improving link reliability: members in the link aggregation group can back up data for each other dynamically. When a link fails, the other links can replace it to improve link reliability effectively. Increasing link capacity: by binding multiple physical links, you can get greater bandwidth without upgrading the existing device. The capacity of a physical link equals to the sum capacity of all physical links. Sharing load: traffic are distributed to different members based on some algorithm, to realize link-level load-sharing. Optimizing network management: member interfaces in a LAG are managed as a logical interface. Saving IP addresses: only one IP address is required for a LAG without configuring IP addresses for member interfaces in the LAG.
In link aggregation, multiple Ethernet interfaces are bound to a LAG. These Ethernet interfaces are called member interfaces and the logical interface is named as the Trunk interface, The number of LAGs supported by devices is different. In addition, the number of member interfaces supported by the LAG varies on the device. The iTN165-CES supports up to 3 LAGs and each LAG supports up to 4 member interfaces. At least one active interface and up to 5 interfaces support the LAG.
Link aggregation modes
Manual aggregation mode In this mode, multiple physical interfaces are added to a LAG to form a logical interface. Links connected to the logical interface share the traffic.
Static LACP aggregation mode It is a mode of the LACP. In this mode, you must enable LACP in advance. The Selection Logic of the LACP decides how to select the Trunk interface,
Dynamic LACP aggregation mode In this mode, you must enable LACP in advance. The system creates and delete the LAG and member interfaces automatically. Interfaces cannot be aggregated dynamically unless the following requirements are met:

Basic configurations of interfaces are identical. Speed and duplex configurations of interfaces are identical. Interfaces are connected to the same device. The peer interfaces meet these requirements.
The iTN165-CES supports manual aggregation and static LACP aggregation modes.
155
Load-sharing
Load-sharing is a cluster technology used to enhance the capability for processing services and ensure service reliability by sharing traffic among multiple devices/links. If an interface meets all requirements for an active interface, the interface will be the active interface of a LAG. Therefore, the interface can share traffic with other active ones based on the link aggregation load-sharing mode or load-sharing algorithm, The load-sharing algorithm is realized by directly mapping or mapping based on the CRC Hash value of the MAC address. With different load-sharing modes and their combination, interfaces can share traffic in a LAG. There are 6 load-sharing modes:

Load-sharing based on the source MAC address Load-sharing based on the destination MAC address Load-sharing based on the OR result of the source and destination MAC addresses Load-sharing based on the source IP address Load-sharing based on the destination IP address Load-sharing based on the OR result of the source and destination IP addresses
6.1.2 Interface backup

Overview of interface backup
Interface backup is used for interfaces on a device to back up data for each other. In general, the primary interface is used to transmit services while the backup interface is in standby status. When services cannot be transmitted properly because the primary interface or primary link fails, the backup interface is activated to transmit services. This helps to enhance network reliability. At present, the dual uplink networking application is a commonly-used one. In dual uplink networking, Spanning Tree Protocol (STP) is used to block the redundancy link and implement backup. Though STP can meet users' backup requirements, it fails to meet switching requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the convergence is second level only. It is not a satisfied performance parameter for advanced Ethernet devices applied to the Telecom-grade network. Interface backup, targeted for dual uplink networking, implements backup and fast convergence. It is designed for the dual uplink networking application to ensure the performance and simplify configurations.
Interface backup is another resolution of STP. You can achieve link redundancy by manually configuring interface backup when STP is disabled. If the device is enabled with STP, you need to disable interface backup. STP provides functions similar to the ones realized by interface backup. Interface backup is realized by configuring the interface backup group. An interface backup group contains a pair of interfaces, where an interface is the primary interface and the other interface is a backup interface. The link, where the primary interface is, is called a primary link. The link, where the backup interface is, is called a backup link. In general, the backup interface is blocked, used for redundancy backup.
Member interfaces in the interface backup group supports physical interfaces and Link Aggregation Group (LAG) but do not support Layer 3 interfaces. In the interface backup group, when an interface is in Up status, the other interface is in standby status. Only one interface can be in Up status. When the interface in Up status fails, the standby interface can be switched to Up status to sustain a normal link.
Principles of interface backup

Figure 6-2 Principles of interface backup
As shown in Figure 6-2, Line 1 and Line 2 on iTN A are connected to their uplink devices respectively. The interface forwarding status is as below:
Under normal conditions, Line 1 is the primary interface while Line 2 is the backup interface. Line 1 and its uplink device forward packet while Line 2 and its uplink device do not forward packets. When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 and its uplink device forward packets. When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 restores to forwarding packets and Line 2 restores to standby status.
When a switching between the primary interface and the backup interface occurs, the iTN A sends a Trap to the NView NNM system. By applying interface backup to different VLANs, you can make 2 interfaces forward packets simultaneously in different VLANs. As shown in Figure 6-3, by configuring a VLAN and adding interfaces to the VLAN, you can realize VLAN-based interface backup.
157
Figure 6-3 Principles of VLAN-based interface backup
In different VLANs, interface forwarding status is shown as below:
Under normal conditions, in VLANs 10001500, Line 1 is the primary interface and Line 2 is the backup interface. In VLANs 15012000, Line 2 is the primary interface and Line 1 is the backup interface. Therefore, Line 1 forwards traffic of VLANs 10001500, and Line 2 forwards traffics of VLANs 15012000. When Line 1 fails or the link between Line 1 and its uplink device fails, Line 2 forwards traffic of VLANs 10002000. When Line 1 restores normally and keeps Up for a period (restore-delay), Line 1 forwards traffic of VLANs 10001500, and Line 2 forwards traffics of VLANs 1501 2000.
VLAN-based interface backup can be used for load-sharing. In addition, it does not depend on configurations of the uplink device. It facilitates operations.
6.1.3 ELPS
Overview of ELPS
Ethernet Linear Protection Switching (ELPS) is an end-to-end protection technology based on Automatic Protection Switching (APS) protocol of the ITU-TG.8031 recommendation. It is used to protect an Ethernet connection. It can be applied to various network structures, such as the ring network. APS packet is a kind of Connectivity Fault Management (CFM) packet. It is an APS packet when the OpCode value in the CFM packet is set to 0x39. The outer structure of the APS packet is defined by the ITU-T Y.1731. Based on this, the G.8031 defines APS specific information by using 4 bytes. Figure 6-4 shows the structure of the APS packet.
158
Figure 6-4 Structure of APS packet
As shown in Figure 6-4, the MEL field is inserted with the Maintenance Entity Group (MEG) level of the APS packet. For descriptions about the Version, OpCode, Flags, and END TLV, see ITU-T Y.1731 and their values are listed in Figure 6-4. Table 6-1 describes fields in the APS specific information. Table 6-1 Values of fields in APS specific information Field Request/State Value 1111 1110 1101 1011 1001 0111 0110 0101 0100 0010 0001 0000 Others Protection Type A 0 1 B 0 1 D 0 Description Lockout of protection (LO) with highest priority Signal fail for protection (SF-P) Forced switch (FS) Signal fail for working (SF-W) Signal degradation (SD) Manual switch (MS) Depreciated Wait to restore (WTR) Exercise (EXER) Reverse request (RR) Do not revert (DNR) No request (NR) Reserved No APS channel APS channel 1+1 protection switching (with fixed bridge) 1:1 protection switching (with fixed bridge) Unidirectional protection switching
159
The request type, indicating the condition signal, command signal, and status signal of the protection line. Priorities of these 3 signals are descending.
Four protection types identified by value 1 or 0
Field
Value 1 R 0 1
Description Bidirectional protection switching Non-revertive mode Revertive mode No signal Normal service signals Reserved No signal Normal service signals Reserved The local request signals carried by the protection line Signals of bridge connection in the protection line
Requested signal
0 1 2255
Bridged signal
0 1 2255
Reserved
All 0
Reserved field. This filed should be ignored when being received.
The G.8031 defines 1+1 protection switching and 1:1 protection switching. ELPS technology takes a simple, fast, and predictable mode to realize network resource switching, easier for Carrier to plan network more efficiently and learn network active status.
ELPS protection switching modes

As shown in Figure 6-5, ELPS supports 1+1 and 1:1 protection switching modes. Figure 6-5 ELPS 1+1 and 1:1 protection switching modes
1+1 protection switching: each working line is assigned with a protection line. In general, in the protection domain, the source end sends traffic through the working and protection lines while the destination end receives the traffic from one line. The destination end selects the working/protection line based on some pre-configured standard, such as the server failure indication. Services are switched to the protection line directly when the working line fails.
1:1 protection switching: each working line is assigned with a protection line. The source end sends traffic through the working/protection line. In general, the source sends traffic through the working line. The protection line is a backup line. When the working line
160
fails, the source end and destination end communicate through APS protocol to switch traffic to the protection line simultaneously. Based on whether the source end and destination end switch traffic simultaneously, ELPS is divided into unidirectional switching and bidirectional switching:
Unidirectional switching: as shown in Figure 6-6, when one direction of a line fails, one end can receive the traffic while the other end fails to receive the traffic. The end failing to receive the traffic detects a fault and switches the traffic. And the other end does not detect the fault and switch traffic. Therefore, both ends may receive the traffic through different lines.
Figure 6-6 Unidirectional protection switching
Bidirectional switching: when a line fails, even in one direction, both ends communicate through APS protocol to switch traffic to the protection line. Therefore, both ends receive and send the traffic through the same line.
1+1 protection switching is divided into unidirectional switching and bidirectional switching. 1:1 protection switching supports bidirectional switching only. ELPS provides 3 modes to detect a fault.

Detect faults based on the physical interface status: learning link fault quickly and switching services immediately, suitable for detecting the fault between neighbor devices. Detect faults based on CFM: suitable for multi-device crossing detection. Detect faults based on the physical interface and CFM: sending Trap when detecting a fault on the physical link/CFM.
The iTN165-CES supports 1:1 bidirectional protection switching and the 3 fault detection modes.
6.1.4 ERPS
Overview of ERPS
Ethernet Ring Protection Switching (ERPS) is a protection switching technology based on the Ring Automatic Protection Switching (R-APS) protocol of the ITU-TG.8032 recommendation. It is used in Ethernet rings. Generally, ERPS can avoid broadcast storm caused by data loopback in Ethernet rings. When a link/device on the Ethernet ring fails, traffic can be quickly switched to the backup link to ensure restoring services quickly.
161
Similar to the ELPS APS packet, R-APS packet is a CFM packet, which is defined by the Y.1731 and G.8032. Figure 6-7 shows the structure of the R-APS packet. Figure 6-7 Structure of the R-APS packet
Table 6-2 describes items in the R-APS specific information. Table 6-2 Fields in the R-APS specific information Field Request/State Value 1011 Description Signal fail. It is a R-APS packet which is sent by the node that detects the link fault. It is used to identify the local SF event. No request (NR), which is sent by the node that detects the link fault. It is used to identify that the generated SF event is cleared. Reserved The RPL is blocked. For all non RPL Owner nodes, the value is set to 0. The blocked RPL is released. FDB refresh by be triggered. The FDB refresh is not trigged. The MAC address of the node, which is unique. Reserved field. This filed should be ignored when being received.
0000
Others Status R B 0 1 D N F Node ID Reserved 0 1 All 0
162
Filtering DataBase (FDB) clearing refers to removing MAC addresses of learned FDBs of the node. ERPS adopts advantages of multiple ring network technologies, such as Ethernet Automatic Protection Switching (EAPS), Resilient Packet Ring (RPR), Synchronous Digital Hierarchy (SDH), and STP. It is the newest mature standard of the Ethernet ring protection switching technology, providing the following functions:

Optimizing the detection mechanism Detecting bidirectional faults Support multi-network and multi-domain structures Realizing 50ms protection switching performance Supporting multiple working modes, such as primary-to-backup and load-sharing modes
ERPS uses the control VLAN in the ring network to transmit ring network control information. Meanwhile, combining with the topology feature of the ring network, it discovers link fault quickly and enable the backup link to restore service fast.
Related concepts of ERPS

Figure 6-8 ERPS ring network
Related concepts of ERPS are shown as below:

Ring Protection Link (RPL): it is a link between RPL nodes. In normal status, the interface of the link is blocked to avoid a loopback. One Ethernet ring has a RPL only. RPL Owner: it is a node connected to the RPL. It is specified by the user, used to block/release the RPL interface. In normal status, it blocks the RPL interface to avoid a loopback. RPL Neighbor: it is the other node connected to the RPL. It cooperates with the RPL Owner to provide protection switching. Control VLAN: it is an independent VLAN channel used by ERPS to carry R-APS packets. It is identical to the VLAN monitored in the CFM domain. However, the control VLAN ID should not be identical to the service VLAN ID.
163
Properties (level, domain name, MA name, and VLAN ID) of all CFM domains must be identical. Otherwise, ERPS ring fails to be established. During ERPS protection switching process, 3 timers are used.
Guard Timer: it is used to filter outdated R-APS packets to avoid error protection switching actions on the node. When the Guard Timer is running, received R-APS packets will be discarded. WTR Timer: the WTR Timer on the RPL Owner begins to time when the working line recovers from a fault. In addition, a WTR running signal is output during the WTR Timer running process. Services are switched back to the working line when the WTR Timer times out. The WTR Timer is used to avoid frequent switching caused by unstable working line. Holdoff Timer: it is used to coordinate other protection switching coexisting with the link protection. When one or more new faults are detected, the Holdoff Timer is triggered. During the Holdoff Timer running process, the system will detect the link status regardless of whether the fault that triggers the Holdoff Timer exists. The system will report the fault to ERPS if it exists.
Basic protection mechanism of ERPS

The G.8032 defines 5 states of the node on the Ethernet ring.

Idle state: the normal working state without no fault Protection state: the state to which services are switched after a fault is detected. The APS process is triggered by the fault detected by the Continuity Check Message (CCM) of Ethernet Operation, Administration and OAM (OAM). Pending state: the state before a fault is resolved FS state: the state when a FS command is being applied MS state: the state when a FS command is being applied
To ensure the protection switching stability, the G.8032 defines a WTR timer. After the RPL Owner receives a fault recovery signal, services cannot be switched back to the working line after the WTR timer times out. Figure 6-9 and Figure 6-10 show the basic protection mechanism of ERPS.
164
Figure 6-9 Idle state of Ethernet ring network
As shown in Figure 6-9, when the Ethernet ring network is in idle state, links have the following features:

All nodes are connected to form a ring. The ERPS protocol sends NR,/RB signals continuously through the RPL Owner. The NR/RB signal indicates that no fault is generated. The RPL is blocked to avoid a loopback. Connected nodes use the OAM CCM packet to monitor links. When a fault is generated during on the Ethernet ring, the ERPS protocol uses the Y.1731 SF type to trigger protection switching.
Figure 6-10 Protection state of Ethernet ring network
As shown in Figure 6-10, when a fault is detected, the system enables APS to enter the protection state.
After the Holdoff Timer times out, the node connected to the failed link blocks the link and sends the SF signal to notify other nodes of the fault. As shown in Figure 6-10, when the link between Nodes D and E fails, the Nodes D and E send the SF signal to other nodes respectively.
The SF signal triggers the RPL Owner to open the RPL interface and triggers all nodes to clear the MAC address table. And then the link enters the protection state.
When a fault is recovered, the links performs fault recovery switching:

Nodes connected to the failed link are stilled blocked. After the Guard Timer times out. Nodes D and E send R-APS NR signals, which indicates no local fault request. When receiving the first NR signal, the RPL Owner enables the WTR timer immediately. After the WTR Timer times out. The RPL Owner blocks the RPL and sends the R-APS signal (NR/RB), which indicates no local fault request. The RPL link is blocked. After receiving the R-APS signal (NR/RB), other nodes refresh the FDB. The Node sending the NR signal will stop sending the packet periodically and release the blocked interface. All nodes on the link return to the idle state.
Sub-ring
The revision of the G.8032 provides the protection mechanism of Ethernet multi-ring. The sub-ring is an attached ring of the existing ring. It is connected with other rings/network through an interconnected node (node connecting multiple rings). The sub-ring is not closed. And interconnected node does not belong to the sub-ring. Figure 6-11 Sub-ring model
As shown in Figure 6-11, nodes B and C are interconnected nodes. The channel connected to the 2 interconnected nodes is called R-APS virtual channel. The R-APS virtual channel is used for the intersecting node on the intersecting ring. If an intersection ring has a R-APS virtual channel, the primary ring provides a virtual channel for APS packets of the sub-ring. It means that APS packets of the sub-ring will be transmitted to the primary ring. Otherwise, the primary ring does not provide a virtual channel for ARP packets of the sub-ring and APS packets of the sub-ring are terminated at the intersecting node. The primary ring and sub-ring are 2 rings. Each ring is configured with a RPL Owner. Protection switching mechanism is similar to the one of the single ring. Each ring processes its own fault. When a shared link fails, the primary ring is switched to the protection state while no action is performed on the sub-ring.
166
6.1.5 Failover
Failover provide an interface linkage scheme to expand the range of link backup. By monitoring the uplinks and synchronizing downlinks, the fault generated on the uplink device can be transmitted to downlink devices to trigger switching. This helps avoid traffic loss when downlink devices cannot sense faults of uplinks. As shown in Figure 6-12, Line 1 is the primary interface and Line 2 is the backup interface. The upstream interfaces (Line 1 and Line 2) and downstream interface (Client 1) are added to a failover group. Once upstream interfaces fail, the downstream interface is in Down statue. The downlink interface returns to Up status once one or both uplink interfaces recover. Therefore, the uplink link status is notified to the downstream devices immediately. Uplink interfaces work properly when the downlink interface fails. Figure 6-12 Interface-to-interface failover
6.2 Configuring link aggregation

Scenario
When needing to provide greater bandwidth and reliability for a link between two devices, you can configure link aggregation. The iTN65-CES supports the following 2 link aggregation modes:

Manual link aggregation mode Static LACP aggregation mode
Prerequisite
Before configuring link aggregation, you need to configure physical parameters of the interface and make the physical layer Up.
6.2.2 Configuring manual link aggregation

Step 1 2 3 4 Command
Raisecom#config Raisecom(config)#interface port-channel
Description Enter global configuration mode. Enter aggregation group configuration mode. Configure manual link aggregation. Return to global configuration mode.
167
port-channel-number
Raisecom(config-aggregator)#mode manual Raisecom(config-aggregator)#exit
Step 5 6 7 8 9
Command
Raisecom(config)#interface interface-
Description Enter physical layer configuration mode. Add member interfaces to the LAG. Exit from global configuration mode. (Optional) enable link aggregation. By default, link aggregation is enabled. (Optional) configuring the load-sharing mode of the LAG. By default, load sharing mode is set to sxordmac, which means selecting the forwarding interface according to OR operation result of source MAC address and destination MAC address.
Raisecom(config-port)#channel group
port-channel-number
Raisecom(config-port)#exit Raisecom(config)#link-aggregation enable Raisecom(config)#link-aggregation loadsharing mode { dip | dmac | smac | sip | sxordip | sxordmac }
In a LAG, member interfaces that share loads must be identically configured. Otherwise, data cannot be forwarded properly. These configurations include STP, QoS, QinQ, VLAN, interface properties, and MAC address learning. STP status on the interface, properties (point-to-point/non point-to-point) of the link connected to the interface, path cost of the interface, STP priority, packet Tx speed limit, whether the interface is configured with loopback protection, root protection, and whether the interface is an edge interface. QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue, WRR queue scheduling, WFQ queue, interface priority, and interface trust mode. QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer VLAN Tags for different inner VLAN IDs. VLAN: the allowed VLAN, default VLAN, and the link type (Trunk and Access) on the interface, and whether VLAN packets carry Tag. Interface properties: speed, duplex mode, and link Up/Down status. MAC address learning: MAC address learning status and MAC address limit.
6.2.3 Configuring static LACP link aggregation

Step 1 Command
Raisecom#config
168
Step 2
Command
Raisecom(config)#lacp system-priority
Description (Optional) configure the system LACP priority. By default, the system LACP priority is set to 32768.
system-priority
The smaller the value is, the higher the system LACP priority is. The end with a higher system LACP priority is the active end. LACP selects the active interface and standby interface based on configurations on the active end. If the system LACP priorities are identical, select the one with a smaller MAC address as the active end. 3 4 5 6 7 8 9 10
Raisecom(config)#lacp timeout { fast | slow } Raisecom(config)#interface port-channel
(Optional) configure the LACP timeout mode. Enter aggregation group configuration mode. Configure the static LACP LAG. (Optional) configure the maximum/minimum number of active links in the LACP LAG. Return to global configuration mode. Enter physical layer configuration mode. Add member interfaces to the LACP LAG. (Optional) configure the LACP mode of member interfaces. By default, the LACP mode is set to active. LACP connection fails if both ends of a link are in passive mode. (Optional) configure the interface LACP priority. Return to global configuration mode. (Optional) enable link aggregation. By default, link aggregation is enabled.
port-channel-number
Raisecom(config-aggregator)#mode lacpstatic Raisecom(config-aggregator)#{ maxactive | min-active } links threshold Raisecom(config-aggregator)#exit Raisecom(config)#interface interface-
Raisecom(config-port)#channel group
port-channel-number
Raisecom(config-port)#lacp mode { active | passive }
11 12 13
Raisecom(config-port)#lacp portpriority port-priority Raisecom(config-port)#exit Raisecom(config)#link-aggregation enable
In a static LACP LAG, a member interface can be an active/standby one. Both the active interface and standby interface can receive and send LACPDU. However, the standby interface cannot forward user packets. The system selects a default interface based on the following conditions in order: whether the neighbour is discovered, maximum interface speed, highest interface LACP priority, smallest interface ID. The default interface is in active status. Interfaces, which have the same speed, peer device, and operation key of the
169
operation key with the default interface, are in active status. Other interfaces are in standby status.

Raisecom#show lacp internal Raisecom#show lacp neighbor Raisecom#show lacp statistics Raisecom#show lacp sys-id Raisecom#show linkaggregation
Description Show local system LACP configurations. Show the neighbour LACP configurations Show interface LACP statistics. Show local system LACP global enabling status, device ID. Show whether the current system is enabled with link aggregation, link aggregation load-sharing mode, member interfaces and currently-active member interfaces in all current aggregation groups.
6.3 Configuring interface backup

Scenario
Interface backup can realize redundancy backup and fast switching of primary and backup links, VLAN-based interface backup can realize load-sharing among different interfaces. Interface backup ensures millisecond level switching and simplifies configurations.
Prerequisite
Before configuring interface backup, perform the following operations:

Create a VLAN. Add interfaces to the VLAN.
6.3.2 Configuring basic functions of interface backup

Step 1 2 Command
Raisecom#config Raisecom(config)#interface interface-
Description Enter global configuration mode. Enter physical layer interface configuration mode. The interface is the primary interface for interface backup.
type primary-interface-number
170
Step 3
Command
Raisecom(config-port)#switchport backup interface-type backupinterface-number [ vlanlist vlanlist ] Raisecom(config-port)#exit Raisecom(config)#switchport backup restore-delay period Raisecom(config)#switchport backup restore-mode { disable | neighbordiscover | port-up }
Description Configure the interface backup group. If the interface backup group specifies no VLAN list, VLAN IDs ranges from 1 to 4094 by default. Return to global configuration mode. (Optional) configure the restore-delay. By default, the restore-delay is set to 15s. (Optional) configure the restore mode.
4 5
port-up: the link recovers once the interface in Up status. neighbor-discover: the link recovers once the interface discovers the neighbour through Raisecom Neighbour Discover Protocol (RNDP). disable: disable backup restore.
By default, the restore mode is set to port-up.
In an interface backup group, an interface is a primary interface or a backup interface. In a VLAN, an interface/LAG is a member of only one interface backup group. If you set a LAG to a member of the interface backup group, you need to set the interface with the smallest interface ID in the LAG to the member of the interface backup interface. When the member interface is in Up status, all interfaces in the aggregation group are in Up status. When the member interface is in Down status, all interfaces in the aggregation group are in Down status.
6.3.3 (Optional) configuring interface forced switch
After forced switch is successfully configured, the primary and backup links will be switched. The working link is switched to the protection link. For example, when both the primary and backup interfaces are in Up status, if the data is being transmitted through the primary link, data will be transmitted to the primary link to the backup link after forced switch is performed. In the CLI, the backup interface ID is an optional parameter. If the primary interface is configured with multiple interface backup pairs, you should input the backup interface ID. Command Description Enter global configuration mode. Enter physical layer interface configuration mode. The interface is the primary interface for interface backup.
171
Step 1 2
Raisecom#config
primary-interface-number
Step 3
Command
Raisecom(config-port)#switchport backup [ interface-type backup-interfacenumber ] force-switch
Description Configure interface forced switch.

No. 1 Command
Raisecom#show switchport backup
Description Show interface backup information.
6.4 Configuring ELPS

Scenario
To make the Ethernet reliability up to Telecom-grade (network self-heal time less than 50ms), you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It is an end-to-end protection technology.
Prerequisite
Before configuring ELPS, perform the following operations:

Connect interfaces and configure physical parameters for them. Make the physical layer Up. Create the management VLAN and VLANs of the working and protection interfaces. Configure CFM detection between devices (preparing for CFM detection mode).
6.4.2 Creating protection lines

Step 1 Command
Raisecom#config
172
Step 2
Command
Raisecom(config)#ethernet lineprotection line-id working
Description Create the ELPS protection line and configure the protection mode. The protection group is in non-revertive mode if you configure the non-revertive parameter.
interface-type interface-number vlanlist protection interface-type interface-number vlanlist one-to-one

[ non-revertive ] [ protocol-vlan vlan-id ]
In revertive mode, when the working line recovers from a fault, traffic is switched from the protection line to the working line. In non-revertive mode, when the working line recovers from a fault, traffic is not switched from the protection line to the working line.
By default, the protection group is in revertive mode. 3 4

Raisecom(config)#ethernet lineprotection line-id name string Raisecom(config)#ethernet lineprotection line-id wtr-timer wtr-
(Optional) configure a name for the ELPS protection line. (Optional) configure the WTR timer. In revertive mode, when the working line recovers from a fault, traffic is not switched to the working line unless the WTR timer times out. By default the WTR time value is set to 5min.
timer
We recommend that WTR timer configurations on both ends keep consistent. Otherwise, we cannot ensure 50ms quick switching. 5
Raisecom(config)#ethernet lineprotection line-id hold-off-timer
holdoff-timer
(Optional) configure the HOLDOFF timer. Hold-off timer configurations on both ends should be consistent. By default, the HOLDOFF timer value is set to 0.
If the HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the HOLDOFF timer value to 0. 6
Raisecom(config)#ethernet lineprotection trap enable
(Optional) enable ELPS Trap. By default, ELPS Trap is disabled.
6.4.3 Configuring ELPS fault detection modes
Fault detection modes of the working line and protection line can be different. However, we recommend that fault detection mode configurations of the working line and protection line keep consistent.
Step 1 2
Raisecom#config
Command
Description Enter global configuration mode. Set the fault detection mode of the working line/protection line to failure-detect physical-link. By default, the fault detection mode is set to failure-detect physical-link.
Raisecom(config)#ethernet line-protection line-id { working | protection } failuredetect physical-link
Raisecom(config)#ethernet line-protection line-id { working | protection } failuredetect cc [ md md-name ] ma ma-name level level mep local-mep-id remote-mep-id
Set the fault detection mode of the working line/protection line to failure-detect cc. This fault detection mode cannot take effect unless you finish related configurations on CFM. Set the fault detection mode of the working line/protection line to failure-detect physical-link-or-cc. In this mode, a Trap is reported when a fault is detected on the physical link/CC. This fault detection mode cannot take effect unless you finish related configurations on CFM.
Raisecom(config)#ethernet line-protection line-id { working | protection } failuredetect physical-link-or-cc [ md md-name ] ma ma-name level level mep local-mep-id
remote-mep-id
6.4.4 (Optional) configuring ELPS switching control
By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ELPS switching control in some special cases. Step 1 2
Raisecom#config Raisecom(config)#ethernet lineprotection line-id lockout
Command
Description Enter global configuration mode. Lock protection switching. After this configuration, the traffic is not switched to the protection line even the working line fails. Switch the traffic from the working line to the protection line forcedly. Switch the traffic from the working line to the protection line manually. Its priority is lower than the one of forced switch and APS. In non-revertive mode, switch the traffic from the protection line to the working line.
3 4
Raisecom(config)#ethernet lineprotection line-id force-switch Raisecom(config)#ethernet lineprotection line-id manual-switch
Raisecom(config)#ethernet lineprotection line-id manual-switch-to-work
174

No. 1 2 3 Command
Raisecom#show ethernet line-protection [ lineid ] Raisecom#show ethernet line-protection statistics Raisecom#show ethernet line-protection aps
Description Show protection line configurations. Show protection line statistics. Show APS information.
6.5 Configuring ERPS

Scenario
With development of Ethernet to Telecom-grade network, voice and video multicast services bring higher requirements on Ethernet redundant protection and fault-recovery time. The fault-recovery time of current STP system is in second level that cannot meet requirements. By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast storm in normal condition. Therefore, the traffic can be quickly switched to the protection line when working lines or nodes on the ring fail. This helps eliminate the loopback, perform protection switching, and automatically recover from faults. In addition, the switching time is shorter than 50ms. The iTN165-CES supports the single ring, intersecting ring, and tangent ring. ERPS provides 2 modes to detect a fault:

Detect faults based on the physical interface status: learning link fault quickly and switching services immediately, suitable for detecting the fault between neighbor devices. Detect faults based on CFM: suitable for unidirectional detection or multi-device crossing detection.
Prerequisite
Before configuring ERPS, perform the following operations:

Connect interfaces and configure physical parameters for them. Make the physical layer Up. Create the management VLAN and VLANs of the working and protection interfaces. Configure CFM detection between devices (preparing for CFM detection mode).
175
6.5.2 Creating ERPS protection ring
Only one device on the protection ring can be set to the Ring Protection Link (RPL) Owner and one device is set to RPL Neighbour. Other devices are set to ring forwarding nodes. In actual, the tangent ring consists of 2 independent single rings. Configurations on the tangent ring are identical to the ones on the common single ring. The intersecting ring consists of a master ring and a sub-ring. Configurations on the master ring are identical to the ones on the common single ring. For details about configurations on the sub-ring, see section 6.5.3 (Optional) creating ERPS protection sub-ring. Step 1 2
Raisecom#config Raisecom(config)#ethernet ring-protection ring-id east interface-type interfacenumber west interface-type interfacenumber node-type rpl-owner rpl { east | west } [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlanlist ]
Command
Description Enter global configuration mode. Create a protection ring and set the node to the RPL Owner. By default, the protocol VLAN is set to 1. Blocked VLANs ranges from 1 to 4094.
The east and west interfaces cannot be the same one.

Raisecom(config)#ethernet ring-protection ring-id east interface-type interfacenumber west interface-type interfacenumber node-type rpl-neighbour rpl { east | west} [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlanlist ] Raisecom(config)#ethernet ring-protection ring-id east interface-type interfacenumber west interface-type interfacenumber [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlanlist ] Raisecom(config)#ethernet ring-protection ring-id name string Raisecom(config)#ethernet ring-protection ring-id version { 1 | 2 } Raisecom(config)#ethernet ring-protection ring-id guard-time guard-time
Create a protection ring and set the node to the RPL Neighbour.
Create a protection line and set the node to the protection forwarding node.
3 4 5
(Optional) configure a name for the protection ring. Up to 32 bytes are supported. (Optional) configure the protocol version. (Optional) after the ring Guard timer is configured, the failed node does not process APS packets during a period. By default, the ring Guard timer is set to 500ms. (Optional) configure the ring WTR timer. In revertive mode, when the working line recovers from a fault, traffic is not switched to the working line unless the WTR timer times out. By default the ring WTR time value is set to 5min.
Raisecom(config)#ethernet ring-protection ring-id wtr-time wtr-time
176
Step 7
Command
Raisecom(config)#ethernet ring-protection ring-id holdoff-time holdoff-time
Description (Optional) configure the ring HOLDOFF timer. Hold-off timer configurations on both ends should be consistent. By default, the ring HOLDOFF timer value is set to 0.
If the ring HOLDOFF timer value is over great, it may influence 50ms switching performance. Therefore, we recommend setting the ring HOLDOFF timer value to 0. 8
Raisecom(config)#ethernet ring-protection trape nable
(Optional) enable ERPS Trap. By default, ERPS Trap is disabled.
6.5.3 (Optional) creating ERPS protection sub-ring
Only the intersecting ring consists of a master ring and a sub-ring. Configurations on the master ring are identical to the ones on the single ring/tangent ring. For details, see section 6.5.2 Creating ERPS protection ring. Configurations of non-intersecting nodes of the intersecting ring are identical to the ones on on the single ring/tagent ring. For details, see section 6.5.2 Creating ERPS protection ring. Command Description Enter global configuration mode. Create the sub-ring on the intersecting node and set the intersecting node to the RPL Owner. By default, the protocol VLAN is set to 1. Blocked VLANs ranges from 1 to 4094.
Step 1 2
Raisecom#config Raisecom(config)#ethernet ringprotection ring-id { east interfacetype interface-number | west interface-type interface-number } node-type rpl-owner [ not-revertive ] [ protocol-vlan vlan-id ] [ blockvlanlist vlanlist ]
The links between 2 intersecting nodes belong to the master ring. Therefore, when you configure the sub-ring on the intersecting node, you can only configure the west or east interface.
Raisecom(config)#ethernet ringprotection ring-id { east interfacetype interface-number | west interface-type interface-number } node-type rpl-neighbour [ notrevertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlanlist ]
Create the sub-ring on the intersecting node and set the intersecting node to the RPL Neighbour.
177
Step
Command
Raisecom(config)#ethernet ringprotection ring-id { east interfacetype interface-number | west interface-type interface-number } [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlanlist ] Raisecom(config)#ethernet ringprotection ring-id raps-vc { with | without }
Description Create the sub-ring on the intersecting node and set the intersecting node to the protection forwarding node.
(Optional) configure the sub-ring virtual channel mode on the intersecting node. By default, the subring virtual channel adopts the with mode.
Transmission modes on 2 intersecting nodes must be identical. 4

Raisecom(config)#ethernet ringprotection ring-id propagate enable
Enable the ring Propagate switch on the intersecting node. By default, the ring Propagate switch is disabled.
6.5.4 Configuring ERPS fault detection modes

Step 1 2
Raisecom#config Raisecom(config)#ethernet ring-protection ring-id { east | west } failure-detect physical-link
Command
Description Enter global configuration mode. Set the ERPS fault detection mode to failuredetect physical-link. By default, the ERPS fault detection mode is set to failure-detect physical-link. Set the ERPS fault detection mode to failuredetect cc. This ERPL fault detection mode cannot take effect unless you finish related configurations on CFM. If you configure the MD, the MA should be below the configured md-level.
Raisecom(config)#ethernet ring-protection ring-id { east | west } failure-detect cc [ md md-name ] ma ma-name level level mep
local-mep-id remote-mep-id
Raisecom(config)#ethernet ring-protection ring-id { east| west } failure-detect physical-link-or-cc [ md md-name] ma maname level level mep local-mep-id remote-
Set the ERPS fault detection mode to failuredetect physical-link-or-cc. In this mode, a Trap is reported when a fault is detected on the physical link/CC. This ERPL fault detection mode cannot take effect unless you finish related configurations on CFM. If you configure the MD, the MA should be below the configured md-level.
mep-id
178
6.5.5 (Optional) configuring ERPS switching control
By default, traffic is automatically switched to the protection line when the working line fails. Therefore, you need to configure ERPS switching control in some special cases. Step 1 2 Command
Raisecom#config Raisecom(config)#ethernet ringprotection ring-id force-switch { east | west }
Description Enter global configuration mode. Switch the traffic on the protection ring to the west/east interface forcedly.
east: block the east interface and switch the traffic to the west interface forcedly. west: block the west interface and switch the traffic to the east interface forcedly.
Raisecom(config)#ethernet ringprotection ring-id manual-switch { east | west }
Switch the traffic on the protection ring to the west/east interface manually. Its priority is lower than the one of forced switch and APS.

No. 1 2 3 Command
Raisecom)#show ethernet ring-protection Raisecom)#show ethernet ring-protection status Raisecom)#show ethernet ring-protection statistics
Description Show ERPS ring configurations. Show ERPS ring status. Show ERPS statistics.
6.6 Configuring failover

Scenario
When the uplink of the middle device fails and the middle device fails to inform the downstream devices of the fault, the traffic cannot be switched to the backup line. This may cause traffic break. The failover feature is used to add the upstream interfaces and downstream interfaces of the middle device to a failover group. In addition, it is used to monitor the upstream interfaces. When all upstream interfaces fail, downstream interfaces are in Down status. When one failed upstream interface receovers from the fault, all downstream interfaces are in Up status.
179
Therefore, faults of the uplinks can be notified to the downstream devices in time. If downstream interfaces fail, upstream interfaces still work properly.
Prerequisite
Before configuring failover, you need to connect interfaces, configure physical parameters of the interfaces and make the physical layer Up.
6.6.2 Configuring failover

Step 1 2 Command
Raisecom#config Raisecom(config)#fault-tracking group group-number upstream interface-type
Description Enter global configuration mode. Create the interface-based failover group.
interface-list
Raisecom(config)#fault-tracking group group-number upstream channel-group
Create the LACP-based failover group.
group-id
Raisecom(config)#fault-tracking group group-number action { shutdown | modify-pvid vlan-id } interface-type
Configure fault processing actions of the interfacebased failover group.
interface-list
Raisecom(config)#fault-tracking group group-number action { delete-vlan vlan-id | suspend-vlan vlan-id }
Raisecom(config)#fault-tracking group group-number action shutdown channelgroup group-id Raisecom(config)#fault-tracking group group-number trap enable
Configure fault processing actions of the LACPbased failover group. Enable the failover group sending Trap to the NView NNM system.

No. 1 Command
Raisecom#show link-statetracking group group-number
Description Show configurations of a failover group.
6.7 Maintenance
180
Command
Raisecom(config)#clear ethernet line-protection ring-id end-to-end command
Description Clear end-to-end protection switching commands, including the lockout, forceswitch, manual-switch, and manualswitch-to-work commands. Clear protection line statistics, including the number of Tx APS packets, Rx APS packets, last switching time, and last status switching time. Clear protection switching commands, including the force-switch and manualswitch commands. Clear protection ring statistics.
Raisecom(config)#clear ethernet line-protection statistics
Raisecom(config)#clear ethernet ring-protection ring-id command
Raisecom(config)#clear ethernet ring-protection ring-id statistics

6.8.1 Examples for configuring manual link aggregation
As shown in Figure 6-13, to improve the reliability of the link between iTN A and iTN B, you can configure manual link aggregation on iTN A and iTN B. Add line 1 and line 2 to a LAG to form a single logical interface. The LAG performs load-sharing to the source MAC address. Figure 6-13 Configuring manual link aggregation
Configuration steps
Step 1 Create a manual LAG.
Configure iTN A.
181

Raisecom#hostname iTNA iTNA#config iTNA(config)#interface port-channel 1 iTNA(config-aggregator)#mode manual iTNA(config-aggregator)#exit
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#interface port-channel 1 iTNB(config-aggregator)#mode manual iTNB(config-aggregator)#exit
Step 2 Add interfaces to the LAG.
Configure iTN A.
iTNA(config)#interface line 1 iTNA(config-port)#channel group 1 iTNA(config-port)#exit iTNA(config)#interface line 2 iTNA(config-port)#channel group 1 iTNA(config-port)#exit
Configure iTN B.
iTNB(config)#interface line 1 iTNB(config-port)#channel group 1 iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#channel group 1 iTNB(config-port)#exit
Step 3 Configure the load-sharing mode of the LAG and enable link aggregation, taking iTN A for an example.
iTNA(config)#link-aggregation load-sharing mode smac iTNA(config)#link-aggregation enable
Step 4 Save configurations, taking iTN A for an example.
182

iTNA#write
Checking results
Use the showlink-aggregation command to show global configurations on manual link aggregation.
iTNA#show link-aggregation Link aggregation status:Enable Load sharing mode:SMAC Load sharing ticket generation algorithm:Direct-map M - Manual S - Static-Lacp D - Dynamic-Lacp GroupID Mode MinLinks MaxLinks UpLinks Member Port List Efficient Port List ------------------------------------------------------------------------1 M 1 1 2 line 1-2 client 1 line 1
6.8.2 Examples for configuring static LACP link aggregation

As shown in Figure 6-14, to improve the reliability of the link between iTN A and iTN B, you can configure static LACP link aggregation on iTN A and iTN B. Add Line 1 and Line 2 to a LAG to form a logical interface. Figure 6-14 Configuring static LACP link aggregation
Configuration steps
Step 1 Configure the static LACP LAG on iTN A and set iTN A to the active end.
Raisecom#hostname iTNA iTNA#config iTNA(config)#lacp system-priority 1000 iTNA(config)#interface port-channel 1
183

iTNA(config-aggregator)#mode lacp-static iTNA(config-aggregator)#exit iTNA(config)#interface line 1 iTNA(config-port)#channel group 1 iTNA(config-port)#lacp port-priority 1000 iTNA(config-port)#lacp mode active iTNA(config-port)#exit iTNA(config)#interface line 2 iTNA(config-port)#channel group 1 iTNA(config-port)#lacp mode active iTNA(config-port)#exit iTNA(config)#link-aggregation enable
Step 2 Configure the static LACP LAG on iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#interface port-channel 1 iTNB(config-aggregator)#mode lacp-static iTNB(config-aggregator)#exit iTNB(config)#interface line 1 iTNB(config-port)#channel group 1 iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#channel group 1 iTNB(config-port)#exit iTNB(config)#link-aggregation enable
iTNA#write
Checking results
Use the showlink-aggregation command on iTN A to show global configurations on static LACP link aggregation.
iTNA#show link-aggregation Link aggregation status:Enable Load sharing mode:SXORDMAC Load sharing ticket generation algorithm:Direct-map M - Manual S - Static-Lacp D - Dynamic-Lacp GroupID Mode MinLinks MaxLinks UpLinks Member Port List Efficient Port List ------------------------------------------------------------------------1 S 1 6 0 1-2
184
Use the show lacp internal command on iTN A to show the local system LACP interface status, flag, interface priority, administration key, operation key, and interface state machine satus.
iTNA#show lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device in Active mode P - Device in Passive mode MP - MLACP Peer Port Interface State Flag Port-Priority Admin-key Oper-key Port-State ------------------------------------------------------------------------L1 Active SA 1000 1 1 0x45 L2 Standby SA 32768 1 1 0x45
Use the show lacp neighbor command on iTN A to show the remote system LACP interface status, flag, interface priority, administration key, operation key, and interface state machine satus.
6.8.3 Examples for configuring interface backup

As shown in Figure 6-15, to make the PC access the server reliably, you need to configure the interface backup group on iTN A and back up services from VLANs 100200 for achieving link protection. Configurations are shown as below:

In VLANs 100150, set Line 1 of iTN A to the primary interface and Line 2 of iTN A to the backup interface. In VLANs 151200, set Line 2 of iTN A to the primary interface and Line 1 of iTN A to the backup interface.
When Line 1 fails, the traffic is switched to Line 2 to keep the link normal. The iTN A should support interface backup while iTN B, iTN C, and iTN D do not need to support interface backup.
185
Figure 6-15 Configuring interface backup
Configuration steps
Step 1 Creates VLANs 100200 and add Line 1 and Line 2 to VLANs 100200.
Raisecom#config Raisecom(config)#create vlan 100-200 active Raisecom(config)#interface line 1 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm Raisecom(config-port)#exit Raisecom(config)#interface line 2 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm Raisecom(config-port)#exit
Step 2 In VLANs 100150, set Line 1 to the primary interface and Line 2 to the backup interface.
Raisecom(config)#interface line 1 Raisecom(config-port)#switchport backup line 2 vlanlist 100-150 Raisecom(config-port)#exit
Step 3 In VLANs 151200, set Line 2 to the primary interface and Line 1 to the backup interface.
Raisecom(config)#interface line 2 Raisecom(config-port)#switchport backup line 1 vlanlist 151-200
186
Raisecom#write
Checking results
Use the show switchport backup command to show interface backup configurations in normal state and in link-failure state. When both Line 1 and Line 2 are in Up status, Line 1 forwards the traffic in VLANs 100150 and Line 2 forwards the traffic in VLANs 151200.
Raisecom#show switchport backup Restore delay: 15s. Restore mode: port-up. Active Port(State) Backup Port(State) Vlanlist --------------------------------------------------------line1 (Up) line2 (Standby) 100-150 line2 (Up) line1 (Standby) 151-200
Manually break the link between iTN A and iTN B to emulate a fault. At this time, Line 1 is in Down status and Line 2 is responsible for forwarding the traffic in VLANs 100200.
Raisecom#show switchport backup Restore delay: 15s Restore mode: port-up Active Port(State) Backup Port(State) Vlanlist ----------------------------------------------------------------line1 (Down) line2 (Up) 100-150 line2 (Up) line1 (Down) 151-200
When Line 1 recovers from a fault, during the WTR time, Line 1 is the standby interface and Line 2 is responsible for forwarding the traffic in VLANs 100200.
Raisecom#show switchport backup Restore delay: 15s. Restore mode: port-up. Active Port(State) Backup Port(State) Vlanlist ------------------------------------------------------------line1(Standby) line2(Up) 100-150 line2(Up) line1(Standby) 151-200
When Line 1 recovers to the Up status and keeps for 15s (restore-delay), Line 1 forwards the traffic in VLANs 100150 and Line 2 forwards the traffic in VLANs 151200.
Raisecom#show switchport backup Restore delay: 15s. Restore mode: port-up. Active Port(State) Backup Port(State) Vlanlist ---------------------------------------------------------------------line1(Up) line2(Standby) 100-150
line2(Up)
line1(Standby)
151-200
6.8.4 Examples for configuring 1:1 ELPS

As shown in Figure 6-16, to enhance reliability of the link between iTN A and iTN B, you need to configure 1:1 ELPS on iTN A and iTN B and detect the fault based on the physical interface status. The working interface line 1 and protection interface line 2 are in VLANs 100200. Figure 6-16 Configuring 1:1 ELPS
Configuration steps
Step 1 Creates VLANs 100200 and add line 1 and line 2 to VLANs 100200.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#create vlan 100-200 active iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allowed vlan 100-200 confirm iTNA(config-port)#exit iTNA(config)#interface line 2 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allowed vlan 100-200 confirm iTNA(config-port)#exit
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#create vlan 100-200 active
188
iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport trunk allowed vlan 100-200 confirm iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport trunk allowed vlan 100-200 confirm iTNB(config-port)#exit
Step 2 Create the 1:1 ELPS protection line.
Configure iTN A.
iTNA(config)#ethernet line-protection 1 working line 1 1,100-200 protection line 2 1,100-200 one-to-one 150
Configure iTN B.
iTNB(config)#ethernet line-protection 1 working line 1 1,100-200 protection line 2 1,100-200 one-to-one 150
Step 3 Configure the fault detection mode.
Configure iTN A.
iTNA(config)#ethernet line-protection 1 working failure-detect physicallink iTNA(config)#ethernet line-protection 1 protection failure-detect physical-link
Configure iTN B.
iTNB(config)#ethernet line-protection 1 working failure-detect physicallink iTNB(config)#ethernet line-protection 1 protection failure-detect physical-link
iTNA#write
189
Checking results
Use the show ethernet line-protection command to show 1:1 ELPS configurations, taking iTN A for an example.
iTNA#show ethernet line-protection 1 Id:1 Name:-ProtocolVlan: 150 Working Entity Information: Port: line1 Vlanlist: 100-200 FaiureDetect:physical MAID: -MdLevel: 0 LocalMep: 0 RemoteMep:0 State/LCK:Active/N Protection Entity Information: Port: line2 Vlanlist: 100-200 FaiureDetect:physical MAID: -MdLevel: 0 LocalMep: 0 RemoteMep:0 State/F/M:Standby/N/N Wtr(m):5 Holdoff(100ms):0
Use the show ethernet line-protection aps command to show 1:1 ELPS APS information, taking iTN A for an example.
iTNA#show ethernet line-protection 1 aps Id Type Direction Revert Aps State Signal(Requested/Bridged) ----------------------------------------------------------------------1-Local 1:1 bi yes yes NR-W null/null 1-Remote 1:1 bi yes yes NR-W null/null
6.8.5 Examples for configuring single-ring ERPS

As shown in Figure 6-17, to enhance Ethernet reliability, iTN A, iTN B, iTN C, and iTN D form an ERPS single ring. iTN A is the RPL Owner and iTN B is the RPL neighbour. The link between iTN A and iTN B are blocked.
190
The fault detection mode on the link between iTN A and iTN D is set to physical-link-or-cc. The default detection mode on other links is set to physical-link. The default value of protocol VLAN is set to 1. Blocked VLAN IDs ranges from 1 to 4094. Figure 6-17 Configuring single-ring ERPS
Configuration steps
Step 1 Add interfaces to VLANs 14094.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit iTNA(config)#interface line 2 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit
191
Configure iTN C.
Raisecom#hostname iTNC iTNC#config iTNC(config)#interface line 1 iTNC(config-port)#switchport mode trunk iTNC(config-port)#exit iTNC(config)#interface line 2 iTNC(config-port)#switchport mode trunk iTNC(config-port)#exit
Configure iTN D.
Raisecom#hostname iTND iTND#config iTND(config)#interface line 1 iTND(config-port)#switchport mode trunk iTND(config-port)#exit iTND(config)#interface line 2 iTND(config-port)#switchport mode trunk iTND(config-port)#exit
Step 2 Configrue CFM.
Configure iTN A.
iTNA(config)#cfm domain md-name md1 level 7 iTNA(config)#service ma1 level 7 iTNA(config-service)#service vlan-list 1 iTNA(config-service)#service mep down mpid 1 line 2 iTNA(config-service)#service remote-mep 2 iTNA(config-service)#service cc enable mep 1 iTNA(config-service)#exit iTNA(config)#cfm enable
Configure iTN D.
iTND(config)#cfm domain md-name md1 level 7 iTND(config)#service ma1 level 7 iTND(config-service)#service vlan-list 1 iTND(config-service)#service mep down mpid 2 line 1 iTND(config-service)#service remote-mep1 iTND(config-service)#service cc enable mep 2 iTND(config-service)#exit iTND(config)#cfm enable
192
Step 3 Create the ERPS protection ring.
Configure iTN A.
iTNA(config)#ethernet ring-protection 1 east line 1 west line 2 node-type rpl-owner rpl east
Configure iTN B.
iTNB(config)#ethernet ring-protection 1 east line 1 west line 2 node-type rpl-neighbour rplwest
Configure iTN C.
iTNC(config)#ethernet ring-protection 1 east line 1 west line 2
Configure iTN D.
iTND(config)#ethernet ring-protection 1 east line 1 west line 2
Step 4 Configure the fault detection mode.
Configure iTN A.
iTNA(config)#ethernet ring-protection 1 west failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 12 22
Configure iTN D.
iTND(config)#ethernet ring-protection 1 east failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 21 32
iTNA#write
193
Checking results
Use the show ethernet ring-protection status command to show ERPS protection ring configurations, taking iTN A for an example. RPLs are blocked to avoid a loop.
iTNA#show ethernet ring-protection status Id/Name Bridge-State Last Occur(ago) East-State West-State sc Trafficvlanlist ------------------------------------------------------------------------1 idle 0 day 0050750 block forwarding 1 1-4094
Manually break the link between iTN B and iTN C to emulate a fault. Use the show ethernet ring-protection status command on iTN A again to show ERPS protection ring status. RPLs are in forwarding status.
iTNA#show ethernet ring-protection status Id/Name Bridge-State Last Occur(ago) East-State West-State sc Trafficvlanlist ------------------------------------------------------------------------1 Protection0 day 0055950 forwardingforwarding 1 1-4094
6.8.6 Examples for configuring intersecting-ring ERPS

As shown in Figure 6-18, to enhance Ethernet reliability, iTN A, iTN B, iTN C, iTN D, iTN E, and iTN F form an ERPS intersecting ring. iTN A, iTN B, iTN C, and iTN D form the master ring. iTN D is the RPL Owner of the master ring and iTN C is the RPL neighbour of the master ring. The blocked interface is line 1 of iTN D. The default value of protocol VLAN is set to 1. iTN A, iTN B, iTN e, and iTN F form the sub-ring. iTN F is the RPL Owner of the sub-ring and iTN A is the RPL neighbour of the sub-ring. The blocked interface is client 1 of iTN F. The default value of protocol VLAN is set to 4094. The virtual channel mode of the sub-ring is set to with mode. Blocked VLAN IDs ranges from 1 to 4094 for both the master ring and the sub-ring. Devices on the master ring adopt the physical-link-or-cc fault detection mode while devices on the sub-ring adopt the physical-link fault detection mode.
194
Figure 6-18 Configuring intersecting-ring ERPS
Configuration steps
Step 1 Add interfaces to VLANs 14094.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit iTNA(config)#interface line 2 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit iTNA(config)#interface client 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#exit
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit iTNB(config)#interface client 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#exit
195
Configure iTN C.
Raisecom#hostname iTNC iTNC#config iTNC(config)#interface line 1 iTNC(config-port)#switchport mode trunk iTNC(config-port)#exit iTNC(config)#interface line 2 iTNC(config-port)#switchport mode trunk iTNC(config-port)#exit
Configure iTN D.
Raisecom#hostname iTND iTND#config iTND(config)#interface line 1 iTND(config-port)#switchport mode trunk iTND(config-port)#exit iTND(config)#interface line 2 iTND(config-port)#switchport mode trunk iTND(config-port)#exit
Configure iTN E.
Raisecom#hostname iTNE iTNE#config iTNE(config)#interface client 1 iTNE(config-port)#switchport mode trunk iTNE(config-port)#exit iTNE(config)#interface client 2 iTNE(config-port)#switchport mode trunk iTNE(config-port)#exit
Configure iTN F.
Raisecom#hostname iTNF iTNF#config iTNF(config)#interface client 1 iTNF(config-port)#switchport mode trunk iTNF(config-port)#exit iTNF(config)#interface client 2 iTNF(config-port)#switchport mode trunk iTNF(config-port)#exit
Step 2 Configure CFM detection on the master ring.

Configure iTN A.
iTNA(config)#cfm domain md-name md1 level 7 iTNA(config)#service ma1 level 7 iTNA(config-service)#service vlan-list 1 iTNA(config-service)#service mep down mpid 1 line 1 iTNA(config-service)#service mep down mpid 2 line 2 iTNA(config-service)#service cc enable mep 1 iTNA(config-service)#service cc enable mep 2 iTNA(config-service)#exit iTNA(config)#cfm enable
Configure iTN B.
iTNB(config)#cfm domain md-name md1 level 7 iTNB(config)#service ma1 level 7 iTNB(config-service)#service vlan-list 1 iTNB(config-service)#service mep down mpid 3 line 1 iTNB(config-service)#service mep down mpid 4 line 2 iTNB(config-service)#service cc enable mep 3 iTNB(config-service)#service cc enable mep 4 iTNB(config-service)#exit iTNB(config)#cfm enable
Configure iTN C.
iTNC(config)#cfm domain md-name md1 level 7 iTNC(config)#service ma1 level 7 iTNC(config-service)#service vlan-list 1 iTNC(config-service)#service mep down mpid 5 line 1 iTNC(config-service)#service mep down mpid 6 line 2 iTNC(config-service)#service cc enable mep 5 iTNC(config-service)#service cc enable mep 6 iTNC(config-service)#exit iTNC(config)#ethernet cfm enable
Configure iTN D.
iTND(config)#cfm domain md-name md1 level 7 iTND(config)#service ma1 level 7 iTND(config-service)#service vlan-list 1 iTND(config-service)#service mep down mpid 7 line 1 iTND(config-service)#service mep down mpid 8 line 2 iTND(config-service)#service cc enable mep 7 iTND(config-service)#service cc enable mep 8 iTND(config-service)#exit
197

iTND(config)#ethernet cfm enable
Step 3 Create the ERPS master ring.
Configure iTN A.
iTNA(config)#ethernet ring-protection 1 east line 1 west line 2
Configure iTN B.
iTNB(config)#ethernet ring-protection 1 east line 1 west line 2
Configure iTN C.
iTNC(config)#ethernet ring-protection 1 east line 1 west line 2node-type rpl-neighbour rpl west
Configure iTN D.
iTND(config)#ethernet ring-protection 1 east line 1 west line 2 node-type rpl-owner rpl east
Step 4 Configure the fault detection mode of the master ring.
Configure iTN A.
iTNA(config)#ethernet ring-protection 1 east failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 18 iTNA(config)#ethernet ring-protection 1 west failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 23
Configure iTN B.
iTNB(config)#ethernet ring-protection 1 east failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 32 iTNB(config)#ethernet ring-protection 1 west failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 45
Configure iTN C.
iTNC(config)#ethernet ring-protection 1 east failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 54 iTNC(config)#ethernet ring-protection 1 west failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 67
Configure iTN D.
iTND(config)#ethernet ring-protection 1 east failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 76 iTND(config)#ethernet ring-protection 1 west failure-detect physicallink-or-cc md md1 ma ma1 level 7 mep 81
Step 5 Configure the ERPS sub-ring.
Configure iTN A.
iTNA(config)#ethernet ring-protection 2 east client 1 node-type rplneighbour protocol-vlan 4094 iTNA(config)#ethernet ring-protection 2 propagate enable
Configure iTN B.
iTNB(config)#ethernet ring-protection 2 east client 1 protocol-vlan 4094 iTNB(config)#ethernet ring-protection 2 propagate enable
Configure iTN E.
iTNE(config)#ethernet ring-protection 2 east client 1 west client 2 protocol-vlan 4094
Configure iTN F.
iTNF(config)#ethernet ring-protection 2 east client 1 west client 2 nodetype rpl-owner rpl east protocol-vlan 4094
iTNA#write
199
Checking results
Use the show ethernet ring-protection status command on iTN A, iTN D, and iTN F to show ERPS protection ring configurations.
iTNA#show ethernet ring-protection status Id/Name Bridge-State Last Occur(ago)East-State West-State sc Trafficvlanlist ----------------------------------------------------------------------1 idle 0 day 0050750 forwarding forwarding 1 1-4094 Id/Name Status Last Occur(ago)East-State West-State sc Trafficvlanlist ----------------------------------------------------------------------2 idle 0 day 0050750 forwarding forwarding 1 1-4094 iTND#show ethernet ring-protection status Id/Name Bridge-State Last Occur(ago) East-State West-State sc Trafficvlanlist ----------------------------------------------------------------------1 idle 0 day 0050750 block forwarding 1 1-4094 iTNF#show ethernet ring-protection status Id/Name Bridge-State Last Occur(ago) East-State West-State sc Trafficvlanlist ----------------------------------------------------------------------2 idle 0 day 0050750 block forwarding 1 1-4094
200
7 DHCP Client
DHCP Client
This chapter describes principles and configuration procedures of DHCP Client, as well as related configuration examples, including following sections:

Introduction Configuring DHCP Client Configuration examples
7.1 Introduction
With continuous extension of network scale and improvement of network complexity, the number of PCs always exceeds the one of available IP addresses. In addition, with wide application of Laptops and wireless network, positions of PCs are changed frequently. Therefore, IP addresses must be updated frequently. This may lead to more complex network configurations. Dynamic Host Configuration Protocol (DHCP) is developed to resolve these problems. With continuous extension of network scale, it is more complex to manage IP addresses.

With the number of PCs in the network increasing continuously, it is the heavy work to configure and modify IP address manually. There are many laptops in the network, whose physical locations are changed frequently. Therefore, you need to modify IP addresses frequently. To improve management efficiency of IP addresses, you should perform centralized management on IP addresses.
To resolve these problems, Dynamic Host Configuration Protocol (DHCP) is introduced. DHCP can automatically assign IP addresses, gateways, IP addresses of Domain Name System (DNS) server for all clients on the network. This helps reduce workload of the administrator and realize centralized management on IP addresses.
7.1.1 Working principles of DHCP

DHCP works in client/server mode. A DHCP Client sends an IP address request to the DHCP Server and the DHCP Server provides an IP address and related configurations for the DHCP Client to realize automatically assigning the IP address. There is one DHCP Server and multiple DHCP Clients (PCs/Laptops) in the typical DHCP application, as shown in Figure 7-1.
7 DHCP Client
Figure 7-1 Typical DHCP application
Working process of DHCP

The following steps show how the DHCP Server provides an IP address for a DHCP Client. Step 1 Requesting an IP address: the DHCP Client broadcasts a DHCPDiscover packet to query DHCP Servers at the network segment for obtaining an IP address and related configurations. Step 2 Providing an IP address: after receiving the DHCPDiscover packet, all DHCP Servers at the network segment will broadcast a DHCPOffer packet. The packet includes the IP address and related configurations provides for the DHCP Client, as well as identification of the DHCP Server. Step 3 Selecting an IP address: after receiving DHCPOffer packets (perhaps multiple packets), in general. The DHCP Client selects the IP address in the first DHCPOffer packet as its own IP address. Meanwhile, the DHCP Client broadcasts a DHCPRequest packet to notify other DHCP Servers to withdraw their DHCPOffer packets. Step 4 Confirming the IP address: after receiving the feedback, the DHCP Server sends a DHCPAck packet to the DHCP Client to confirm the IP address.
Renewing DHCP lease

After receiving an IP address from the DHCP Server, the DHCP Client cannot use the IP address permanently. The IP address has a fixed period, which is called a lease period. The lease period can be specified. If the DHCP Client needs to use the IP address permanently, it must renew the lease period. To new a lease, follow these steps:
When 50% lease period expires, the DHCP Client sends a DHCPRequest packet to the DHCP Server for renewing the lease. If successful, the lease period is changed to a complete one. Otherwise, the DHCP Client sends a DHCPRequest packet when 87.5% lease period expires. When 87.5% lease period expires, the DHCP Client sends a DHCPRequest packet again to the DHCP Server for renewing the lease. If successful, the lease period is changed to a complete one. Otherwise, the DHCP Server will withdraw the IP address.
Applications of DHCP
In general, the DHCP Server can assign IP addresses in the following scenarios:
The network scale is large. In addition, it is the heavy workload to configure IP addresses manually.
202
7 DHCP Client
The number of hosts in the network is greater than the number of IP addresses. You cannot assign a fixed IP address for each host. In addition, the number of host in the network is limited. Only a few hosts in the network need a fixed IP address while most hosts do not need a fixed IP address.
7.1.2 DHCP packets

The DHCP Server and DHCP Clients communicate with each other through the DHCP packets. Figure 7-2 shows the structure of the DHCP packet. Figure 7-2 Structure of DHCP packet
Table 7-1 describes fields of the DHCP packet. Table 7-1 Fields of DHCP packet Name op 1 Length (B) Packet type

Description
1: request packet 2: response packet
htype hlen hops
1 1 1
Hardware address type of a DHCP Client Hardware address length of a DHCP Client Number of DHCP relays that DHCP request packet pass The value is added by 1 once the DHCP request packet passes through a DHCP relay.
xid
Transaction ID, a random number chosen by the DHCP Client. It is used to identify an address request process. Time elapsed since the DHCP Client initiates a DHCP request. At present, it is not used and is set to 0.
secs
203
7 DHCP Client
Name flags 2
Length (B)
Description The first bit is a broadcast response identifier, which is used to identify that the DHCP Server sends the response packet in the unicast/broadcast mode

0: unicast 1: broadcast
Other bits are reserved. ciaddr 4 IP address of the DHCP Client, which is padded when the DHCP Client is being bound, updated, or rebounded. In addition, this IP address can be used to respond the ARP request. IP address of the DHCP Client allocated by the DHCP Server IP address of the DHCP Server IP address of the first DHCP relay where the DHCP request packet pass Hardware address of the DHCP Client Name of the DHCP Server Startup configuration file name and route information of the DHCP Client specified by the DHCP Server Optional variable length fields, including the packet type, valid lease, IP address of the Domain Name System (DNS) server, and IP address of the Windows Internet Name Server (WINs)
yiaddr siaddr giaddr chaddr sname file options
4 4 4 16 64 128 Variable length
7.1.3 DHCP Client

The iTN165-CES can be taken as a DHCP Client to get an IP address from the DHCP Server. The NView NNM system can manage the iTN165-CES after it obtains an IP address from the DHCP Server automatically, as shown in Figure 7-3.
204
7 DHCP Client
Figure 7-3 DHCP Client
7.2 Configuring DHCP Client

Scenario
When the iTN165-CES acts as a DHCP Client, it gets an IP address from the specified DHCP Server. The IP address is used to perform follow-up management on the iTN165-CES. When the IP address of the DHCP Client is dynamically assigned, it has the lease time. When the lease time expires, the DHCP Server will withdraw the IP address. The DHCP Client needs to renew the IP address if it continues to use the IP address. If the lease time does not expire and the DHCP Client does not need to use the IP address, it can release the IP address.
The iTN165-CES supports related configurations of DHCP Clients on IP interface 0 only.
Prerequisite
The iTN165-CES is not enabled with DHCP Server.
7.2.2 (Optional) configuring DHCPv4 Client information

Step 1 2 Command
Raisecom#config Raisecom(config)#interface ip 0
Description Enter global configuration mode. Enter Layer 3 interface configuration mode.
205
7 DHCP Client
Step 3
Command
Raisecom(config-ip)#ip dhcp client { class-id class-id | client-id client-id | hostname hostname }
Description Configure DHCPv4 Client information, including class identifier, client identifier, and host name.
If the iTN165-CES is enabled with DHCPv4 Client, you cannot configure the DHCPv4 Client information.
7.2.3 Enabling DHCPv4 Client

Step 1 2 3 Command
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address dhcp [ server-ip ip-address]
Description Enter global configuration mode. Enter Layer 3 interface configuration mode. Enable DHCPv4 Client and specify the DHCPv4 Server address. It means enabling DHCPv4 Client applying for the IP address.
7.2.4 (Optional) renewing IPv4 addresses

Step 1 2 3
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip dhcp client renew
Command
Description Enter global configuration mode. Enter Layer 3 interface configuration mode. Renew the IPv4 address.

No. 1 Command
Raisecom#show ip dhcp client
Description Show DHCPv4 Client configurations.
206
7 DHCP Client

7.3.1 Examples for configuring DHCPv4 Client
As shown in Figure 7-4, the iTN device acts as the DHCP Client. The DHCP Server needs to assign an IP address to the iTN device. Therefore, the NView NNM system can discover and manage the iTN device. The hostname is set to raisecom. Figure 7-4 Configuring DHCPv4 Client
Configuration steps
Step 1 Configure DHCP Client (the iTN device) information.
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip dhcp client hostname raisecom
Step 2 Apply an IP address in the DHCP mode.
Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address dhcp server-ip 192.168.1.1
Raisecom#write
207
7 DHCP Client
Checking results
Use the show ip dhcp client command to show DHCP Client configurations.
Raisecom#show ip dhcp client Hostname: raisecom Class-ID: Raisecom-ROS_iTN165_2.0.8.20120809 Client-ID: Raisecom-ff00537bc000-IF0 DHCP Client is requesting for a lease. Assigned IP Addr: 0.0.0.0 Subnet mask: 0.0.0.0 Default Gateway: -Client lease Starts: Jan-01-2010 08:00:00 Client lease Ends: Jan-01-2011 08:00:00 Client lease duration: 0(sec) DHCP Server: 192.168.1.1 Tftp server name: -Tftp server IP Addr: -Startup_config filename: -NTP server IP Addr: -Root path: -
208
8 OAM
OAM
This chapter describes principles and configuration procedures of OAM, as well as related configuration examples, including following sections:

Introduction Configuring EFM Configuring CFM Configuring SLA Configuring RFC2544 Maintenance Configuration examples
8.1 Introduction
In aspects of functionality and scale, the Carrier-grade Ethernet OAM can be divided into UNI-to-UNI service-layer OAM for ISP, connectivity OAM for the Carrier, link-level OAM for physical link monitoring, and Ethernet local management interface E-LMI. Figure 8-1 shows the architecture of Ethernet OAM. Figure 8-1 Architecture of Ethernet OAM
209
8 OAM
The iTN165-CES provides multiple hierarchical OAM management and maintenance functions, helping manage and control devices in the network.
8.1.1 EFM
Complying with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level Ethernet OAM technology, used for the Ethernet physical link between two directly connected devices. It provides OAM discovery, OAM link monitoring, remote fault notification, and OAM remote loopback functions.
OAM discovery
The Ethernet OAM connection process is the discovery phase. At this phase, the active OAM entity initiates the OAM connection. Both ends inform each other of their Ethernet OAM configurations and Ethernet OAM capabilities supported by the local node by exchanging the Information OAMPDU. Ain addition, they decide whether to establish OAM connection. If both ends agree on establishment of the OAM connection, Ethernet OAM protocol will work on the link layer. After the OAM connection is established, both ends keep connected by exchanging the Information OAMPDU. If an OAM entity does not receive the Information OAMPDU within 5s, it is believed that connection expires and connection re-establishment is required.
OAM link monitoring

Ethernet OAM monitors the link by exchanging the Event Notification OAMPDU. When a link fails, an OAM entity detects the failure and sends the Event Notification OAMPDU to the peer OAM entity to inform the following threshold events.

Error frame event: the number of error frames exceeds the threshold in a time unit. Error frame period event: the number of error frames exceeds the threshold in a period (specified N frames). Error frame second event: the number of error frames in M seconds exceeds the threshold. Error symbol period event: the number of error symbols exceeds the threshold in a period.
Remote fault notification

When the device fails or is unavailable, it may cause network crash. Therefore, the OAMPDU defines a flag bit (flag domain), which is used to allow the OAM entities to continuously send the Information OAMPDU to the peer for informing the fault.

Link fault: the peer link signal is lost. The OAM entity sends the OAMPDU every a second. Dying Gasp: a fault that cause system crash is generated. For example, the power is off. The OAM entity sends the OAMPDU immediately and continuously. Critical event: a critical event is generated. For example, the voltage exceeds the threshold. The OAM entity sends the OAMPDU immediately and continuously.
OAM remote loopback

OAM remote loopback is used to locate the position where a fault occurs. In addition, together with the instrument, you can test the link quality.
8 OAM
During OAM remote loopback test process, the local OAM entity sends a loopback packet to the remote end to enable it to enter the loopback status. At this time. all packets except for the OAMPDU packet is sent back by the peer OAM entity, as shown in Figure 8-2. The local OAM entity confirms the link quality based on the returned packets. Figure 8-2 OAM remote loopback
8.1.2 CFM
Connectivity Fault Management (CFM) is a network-level Ethernet OAM technology, providing end-to-end connectivity fault detection, fault notification, fault judgement, and fault location. It is used to diagnose fault actively for Ethernet Virtual Connection (EVC), provide cost-effective network maintenance solution, and improve network maintenance via the fault management function. Both ITU-Y.1731 and IEEE 802.1ag can realize CFM and provide end-to-end Ethernet management, including connectivity detection, loopback, and link tracing. In addition, ITUY.1731 can measure the frame loss ratio and frame delay while IEEE 802.1ag provides AIS and LCK features. The iTN165-CES provides CFM that is compatible with both ITU-Y.1731 and IEEE 802.1ag standards.
Related concepts of CFM

CFM consists of following components:
MD
Maintenance Domain (MD), also called Maintenance Entity Group (MEG), is a network that runs CFM. It defines network range of OAM management. MD has a level property, with 8 levels (level 0 to level 7). The bigger the number is, the higher the level is and the larger the MD range is. Protocol packets in a lower-level MD will be discarded after entering a higherlevel MD. If no Maintenance association End Point (MEP) but a Maintenance association Intermediate Point (MIP) is in a high-level MD, the protocol can traverse the higher-level MD. However, packets in a higher-level MD can traverse lower-level MDs. In the same VLAN range, different MDs can be adjacent, embedded, but not crossed.
MA
The Maintenance Association (MA) is also called service instance. It is a part of a MD. One MD can be divided into one or multiple service instances. One service instance corresponds to one service and is mapped to a group of VLANs. VLANs of different service instances cannot
8 OAM
cross. Though a service instance can be mapped to multiple VLANs, one service instance can only use a VLAN for sending or receiving OAM packets.
MEP
As shown in Figure 8-3, the MEP is an edge node of a service instance. MEPs can be used to send and process CFM packets. The service instance and the MD where the MEP locates decide VLANs and levels of packets received and sent by the MEP. For any device that runs CFM in the network, the MEP is called local MEP. For MEPs on other devices of the same service instance, they are called Remote Maintenance association End Points (RMEP). Multiple MEPs can be configured in a service instance. Packets sent by MEPs in one instance take identical S-VLAN TAG, priority, and C-VLAN TAG. A MEP can receive OAM packets sent by other MEPs in the instance, intercept packets which at the same or lower level, and forward packets of higher level. Figure 8-3 MEP and MIP
MIP
As shown in Figure 8-3, the MIP is the internal node of a service instance, which is automatically created by the device. MIP cannot actively send CFM packets but can process and response to LinkTrace Message (LTM) and LoopBack Message (LBM) packets.
MP
MEP and MIP are called Maintenance Point (MP).
Functions of CFM
CFM can provide the following OAM functions:
Fault detection (Continuity Check, CC)
Fault detection refers to using the Connectivity Check (CC) to detect the connectivity of the Ethernet virtual connection for confirming the connection status between MPs. The function is realized by periodically sending Continuity Check Messages (CCMs). One MEP sends CCM and other MEPs in the same service instance can verify the RMEP status when receiving this packet. If the iTN165-CES fails or a link is incorrectly configured, MEPs cannot properly receive or process CCMs sent by RMEPs. If no CCM is received by a MEP
212
8 OAM
during 3.5 CCM intervals, it is believed that the link fails. Then a fault Trap will be sent according to configured alarm priority.
Fault acknowledgement (LoopBack, LB)
Fault acknowledgement is realized through LoopBack (LB). This function is used to verify the connectivity between two MPs through the source MEP sending LoopBack Message (LBM) and the destination MP sending LoopBack Reply (LBR). The source MEP sends a LBM to a MP who needs to acknowledge a fault. When receiving the LBM, the MP sends a LBR to the source MEP. If the source MEP receives this LBR, it is believed that the route is reachable. Otherwise, a connectivity fault occurs.
Fault location (LinkTrace, LT)
Fault location is realized through LinkTrace (LT). The source MEP sends LinkTrace Message (LTM) to the destination MP and all MPs on the LTM transmission route will send a LinkTrace Reply (LTR) to the source MEP. By recording valid LTR and LTM, this function can be used to locate faults.
Alarm Indication Signal (AIS)
This function is used to inhibit alarms when a fault is detected at the server layer (sub-layer). When detecting a fault, the MEP (including the server MEP) sends an AIS frame to the clientlayer MD. By transmitting ETH-AIS frames, the device can inhibit or stop an alarm on MEP (or server MEP). When receiving an AIS frame, the MEP must inhibit alarms for all peer MEPs regardless of connectivity, because this frame does not include information about MEPs that are at the same level with the failed MEP. With AIS, the device can inhibit the alarm information at client level when the server layer (sub-layer) fails. Therefore, the network is easy for maintenance and management.
Ethernet lock signal (Lock, LCK)
This function is used to notify managed lock and service interruption of server layer (sublayer) MEPs. The data traffic is sent to a MEP that expects to receive it. This function helps the MEP that receives ETH-LCK frame to identify a fault. It is a managed lock action for server layer (sub-layer) MEP. Lock is an optional OAM management function. One typical scenario for applying this function is to perform detection when services are interrupted. In general, CFM is an end-to-end OAM technology at the server layer. It helps reduce operation and maintenance cost. In addition, it improves the competitiveness of service providers.
8.1.3 SLA
SLA is an agreement between users and a service provider about the service quality, priority, and responsibility. It is a telecommunication service evaluating standard negotiated by the service provider and users. In technology, SLA is a real-time network performance detection and statistic technology, which can collect statistics on responding time, network jitter, delay, packet loss ratio, and throughput, etc. SLA can be used to monitor related metrics by selecting different tasks for different applications. Ethernet throughput test (ETH-Test involved in this guide) is used for diagnostic test on continuous services. It is a part of ETH-Test technology defined by Y.1731. You can test the Layer 2 network throughput by configuring the test operation and enabling scheduling.
213
8 OAM
Basic concepts involved in SLA are shown as follows:
Operation
It is a static concept. It is a point-to-point SLA network performance test task, including Layer 2 network delay/jitter test (y1731-echo/y1731-jitter) and Layer 3 network delay/jitter test (icmp-echo/icmp-jitter).
Test
It is a dynamic concept. It is used to describe an execution of one operation.
Detection
It is a dynamic concept. It is used to describe a procedure for sending-receiving detection packets in a test. According to the definition of operation, one test can contain multiple detections (For an Echo operation, one test contains one detection only).
Scheduling
It is a dynamic concept. It is used to describe a scheduling of one operation. One scheduling contains multiple periodical tests.
When configuring SLA on the iTN165-CES, note the following items: Up to 16 operations can be configured and scheduled simultaneously. Before performing operation scheduling, configure CFM, You cannot modify the scheduling information or re-schedule an operation before the operation scheduling is finished. Up to 20 detections are sent and 5 pieces of statistics are displayed for a test.
8.1.4 RFC2544
With widely application of Ethernet, more and more users perform data communicate through Ethernet. Ethernet services are configured and established based on SLA signed by the Carrier and users. Users care whether the Carrier can provide trusted service type and QoS. At this time, you can evaluate the network stability by testing the throughput, frame loss rate, and latency. RFC2544 is a network benchmarking test process and test method defined by Internet Engineering Task Force (IETF). It is used to test, evaluate, and analyze network quality or device performance. Therefore, the Carrier, vendors, and users can test the network quality/device performance at the same benchmarking level to reach an agreement on the test method, test process, and test result. RFC2544 defines how to provide the test method and test report of the following performance parameters:

Throughput Frame loss rate Latency Back-to-back
The iTN165-CES supports test the throughput, frame loss rate, and latency based on RFC2544.
214
8 OAM
Throughput
Throughput refers to the maximum data flow to be forwarded when no frame is lost. In general, it is measured by the maximum number of frames/bits forwarded every second. This metric reflects the maximum data flow that can be processed when no frame is lost. Figure 8-4 shows a throughput test application, The Tester is a RFC2544-based tester. You can configure test parameters and view test results through the terminal. The Device Under Test (DUT) is an Ethernet device where the throughput test is to be performed. Figure 8-4 Throughput test
The throughput test process and calculation method are shown as below:

Begin to test the throughput from the maximum frame rate supported by the DUT. Reduce the frame rate to Y when the DUT begins to loss a frame. Increase the frame rate to Y when the DUT does not loss a frame. Use the dichotomy to test the maximum frame rate when the frame rate is equal to Y. The DTU throughput is equals to Y/Xmax 100%. Change the Ethernet frame size and then repeat the above test process to get DUT throughputs of different frame sizes.
Frame loss rate

Frame loss rate refers to the percentage of unforwarded frames to all frames under a fixed load condition. Unforwarded frames refer to the ones that are failed to be forwarded because of lacking resources. This metric reflects the capability of the tested device/network for bearing some load. Figure 8-5 shows a frame loss rate test application. The Tester is a RFC2544-based tester. You can configure test parameters and view test results through the terminal. The Device Under Test (DUT) is an Ethernet device where the frame loss rate test is to be performed.
215
8 OAM
Figure 8-5 Frame loss rate test
The test process and calculation method of the frame loss rate are shown as below:

The Tester sends X frames at the maximum frame rate supported by the DTU. The Tester receives Y frames after the frames are forwarded by the DTU. The DTU frame loss rate is equal to (X-Y)/X 100%.
Latency
For a storage and forwarding device, the time, when the last Bit of the input data frame reach the input interface, is defined as the begin time. The time, when the first Bit of the input data frame reaches to the output interface, is defined as the end time. The difference between the begin time and end time is the latency. For a Bit and forwarding device, the time, when the first Bit of the input data frame reach the input interface, is defined as the begin time. The time, when the first Bit of the input data frame reaches to the output interface, is defined as the end time. The difference between the begin time and end time is the latency. This metric reflects the speed for a tested device/network processing data frames. Figure 8-6 shows a latency test application. The Tester is a RFC2544-based tester. You can configure the test parameters and view test results through the terminal. The Device Under Test (DUT) is an Ethernet device where the latency test is to be performed. Figure 8-6 Latency test
216
8 OAM
The latency test process and calculation method are shown as below:

The Tester sends data at a frame rate that is lower than the DUT throughput. Insert Tagged frames into the data flow. Test and calculate the latency for the DUT forwarding Tagged frames.
Back-to-back
Back-to-back refers to the maximum burst data flow size that can be received by the device when no frame is lost under at maximum rate and minimum packet interval. This metric reflects the capability of tested device/network for processing burst data traffic.
Test conditions
When performing RFC2544-based tests on a device or network, you must ensure that the DUT bears different loads to test performance parameters in a normal status or under the extra data traffic condition.
Use data frames with different sizes to perform the test. The Ethernet frame size can be 64/128/256/512/1024/1208/1518/1536 bytes. The test packet encapsulated by the Ethernet frame is the Y.1731 OAM packet. We recommend that the period for throughput and frame loss rate tests should not be shorter than 60s and the period for latency test should not be shorter than 120s. We recommend that the retry times should not be smaller than 20s and you should get the average value of test results.
Test methods
RFC2544-based test methods include the following types:

For a single device: test device performance parameters through the tester that supports RFC2544 standard. For the network: test network performance parameters through the tester or through the device in the network that supports RFC2544. The iTN165-CES is embedded with RFC2544 and can be used to test network performance.
As shown in Figure 8-7, iTN A sends test data frames at a specified frame rate. The test data frames are forwarded by the DUT to iTN B, where interface loopback is enabled. The test data frame are sent back to iTN A. iTN A counts, calculates, and analyzes received test data frames to get related performance. Figure 8-7 RFC2544 test
217
8 OAM
In Figure 8-7, iTN B must supports interface loopback. It is not required that iTN B supports RFC2544 or iTN B is identical to iTN A.
Test applications
RFC2544 test may involve into the following phases of Ethernet operation:

Ethernet design and construction phase Ethernet test and acceptance phase Ethernet service debugging and connection Ethernet routine maintenance and fault diagnostics
Differences between RFC2544 and ETH-Test Ethernet throughput test are shown as below: RFC2544 needs an independent test environment and is used to test network performance before services are activated. ETH-Test is used to test network performance when services are running.
8.2 Configuring EFM

Scenario
Deploying EFM between directly connected devices can effectively improve the management and maintenance capability of Ethernet links and ensure network running smoothly.
Prerequisite
Before configuring EFM, you need to connect interfaces and configure physical parameters of interfaces. Make the physical layer Up.
8.2.2 Configuring basic functions of EFM

Step 1 2 Command
Raisecom#config Raisecom(config)#oam send-period
Description Enter global configuration mode. (Optional) OAM link connection is established by both ends sending INFO packet to each other. You can use this command to set the interval for sending INFO packets to control the communicate period of the link. By default, the interval is set to 1s (10 100ms).
coefficient
218
8 OAM
Step 3
second
Command
Raisecom(config)#oam timeout
Description (Optional) set the OAM link timeout. When the time for both ends on the OAM link failing to receive OAM packets exceeds the timeout, it believes that the OAM link is broken. The unit is set to second. By default, the PAM link timeout is set to 5s.
4 5
Raisecom(config-port)#oam { active | passive }
Enter physical layer interface configuration mode. Configure a working mode of EFM. When configuring EFM OAM, you must ensure that at least one end is in active mode. Otherwise, you cannot successfully detect a link. Enable OAM on An interface. By default, OAM is disabled on the interface.
Raisecom(config-port)#oam enable
8.2.3 Configuring active functions of EFM
Active functions of EFM must be configured when the iTN165-CES is in active mode.
Configuring iTN165-CES initiating EFM remote loopback
You
can discover network faults in time by periodically detecting loopbacks. By detecting loopbacks in segments, you can locate exact areas where faults occur and you can troubleshoot these faults. When a link is in a remote loopback status, the iTN165-CES returns all packets but OAM packets received by the link to the peer. At this time, the user data packet cannot be forwarded properly. Therefore, disable this function immediately when detection is not required. Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Initiate EFM remote loopback on an interface. The remote loopback can be initiated only when EFM connection is established. In addition, only the active end can initiate EFM remote loopback. (Optional) disable EFM remote loopback immediately after EFM loopback detection is finished.
Raisecom(config-port)#oam remoteloopback
Raisecom(config-port)#no oam remote-loopback
219
8 OAM
Configuring peer OAM event Trap

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable peer OAM event Trap to report link monitoring events to the NView NNM system immediately. By default, peer OAM event Trap is disabled.
Raisecom(config-port)#oam peer event trap enable
(Optional) viewing current variable values of peer device
After EFM connection is established, you can get current link status by getting the current variable values of the peer. Step 1 Command
Raisecom#show oam peer [ link-statistic | oaminfo ] interface-type interface-number-list
Description Get OAM information or variable values about the peer device.
8.2.4 Configuring passive functions of EFM
The passive functions of EFM can be configured regardless of the iTN165-CES is in active or passive mode.
Configuring iTN165-CES responding to EFM remote loopback
The peer EFM remote loopback will not take effect until the remote loopback response is configured on the local device. Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Ignore/respond to EFM remote loopback. By default, the iTN165-CES responds to EFM remote loopback.
Raisecom(config-port)#oam loopback { ignore | process }
220
8 OAM
(Optional) configuring OAM link monitoring
OAM link monitoring is used to detect and report link errors in different conditions. When detecting a fault on a link, the iTN165-CES provides the peer with the generated time, window, and threshold, etc. by OAM event notification packets. The peer receives event notification and reports it to the NView NNM system via SNMP Trap. Besides, the local device can directly report events to the NView NNM system via SNMP Trap. By default, the system sets default value for error generated time, window, and threshold. Step 1 2 3
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure the monitor window and threshold for an error frame event. By default, the monitor window is set to 1s and the threshold is set to 1 error frame.
Raisecom(config-port)#oam errored-frame window window threshold threshold
Raisecom(config-port)#oam errored-frameperiod window window threshold threshold
Configure the monitor window and threshold for an error frame period event. By default, the monitor window is set to 100ms and the threshold is set to 1 error frame.
Raisecom(config-port)#oam errored-frameseconds window window threshold
threshold
Configure the monitor window and threshold for an error frame seconds event. By default, the monitor window is set to 60s and the threshold is set to 1s. Configure the monitor window and threshold for an error symbol event. By default, the monitor window is set to 60s and the threshold is set to 1s.
Raisecom(config-port)#oam erroredsymbol-period window window threshold
threshold
(Optional) configuring OAM fault indication

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable OAM fault indication mechanism, which is used to inform the peer when the local device fails. By default, OAM fault indication is enabled.
Raisecom(config-port)#oam notify { critical-event | dying-gasp | errored-frame | errored-symbolperiod | errored-frame-seconds | errored-frame-period } enable
221
8 OAM
(Optional) configuring local OAM event Trap

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable local OAM event Trap to report link monitoring events to the NView NNM system immediately. By default, local OAM event Trap is disabled.
Raisecom(config-port)#oam event trap enable
8.2.5 Configuring loopback timeout

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure OAM loopback timeout. By default, OAM loopback timeout is set to 3s. Configure OAM loopback packet retry times. By default, OAM loopback packet retry times are set to 2. (Optional) ignore/respond to the peer OAM loopback establishment request. By default, the peer OAM loopback establishment request is ignored.
Raisecom(config-port)#oam loopback timeout second Raisecom(config-port)#oam loopback retry retry-number Raisecom(config-port)#oam loopback { ignore | process }

No. 1 2 3 4 5 6 Command
Raisecom#show oam [ interface-type interface-list ] Raisecom#show oam loopback [interfacetype interface-list ] Raisecom#show oam notify [ interfacetype interface-list ] Raisecom#show oam statistics [ interface-type interface-list ] Raisecom#show oam trap [ interfacetype interface-list ] Raisecom#show oam event [interfacetype interface-list ] [ critical ]
Description Show EFM basic configurations. Show EFM remote loopback configurations. Show OAM link monitoring and fault indication configurations. Show OAM statistics. Show OAM event Trap configurations. Show local OAM link events detected on an interface.
222
8 OAM
8.3 Configuring CFM

Scenario
To expand application of Ethernet technologies at a Telecom network, the Ethernet must ensure the same QoS as the Telecom transport network. CFM solves this problem by providing overall OAM tools for the Telecom Carrier Ethernet.
Prerequisite
Before configuring CFM, you should finish following operations:

Connect interfaces and configure physical parameters of the interfaces. Make the physical layer Up. Create a VLAN. Add interfaces to the VLAN.
8.3.2 Enabling CFM
CFM fault detection and CFM fault location functions cannot take effect until the CFM is enabled. Step 1 2 3 4 Command
Raisecom#config Raisecom(config)#ethernet cfm enable Raisecom(config)#interface
Description Enter global configuration mode. Enable global CFM. By default, global CFM is disabled. Enter physical layer interface configuration mode. (Optional) enable CFM on an interface. By default, CFM is enabled on the interface.
Raisecom(config-port)#ethernet cfm enable
8.3.3 Configuring basic functions of CFM

Step 1 Command
Raisecom#config
223
8 OAM
Step 2
Command
Raisecom(config)#ethernet cfm domain [ md-name domain-name ] level level
Description Create a MD. If a MD name is assigned by the md-name parameter, it indicates that the MD is in IEEE 802.1ag style. And all MAs and CCMs in the MD are in 802.1ag style. Otherwise, the MD is in Y.1731 style and all MAs and CCMs in the MD are in Y.1731 style. If a name is specified for a MD, the name must be unique in global. Otherwise the MD is configured unsuccessfully.
Levels of different MDs must be different. Otherwise the MD is not successfully configured. 3
Raisecom(config)#service cisid level level
Create a service instance and enter service instance configuration mode. Character strings composed by MD name/service instance name are unique in global. If a service instance existed, you can use this command to enter service instance configuration mode directly. Configure VLAN mapping based on the service instance. The VLAN list contains up to 32 VLANs. If you do not use the primary-vlan parameter to specify the primary VLAN, the minimum VLAN is taken as the primary VLAN of the service instance. All MEPs in the service instance send and receive packets through this primary VLAN.
Raisecom(configservice)#service vlan-list vlan-list [ primary-vlan vlanid ]
The primary VLAN is used to send and receive packets. Therefore, all non-primary VLANs are mapped to the primary VLAN in logical. This logical VLAN mapping relationship is global, but VLANs cannot be crossed. For example, service instance 1 is mapped to VLANs 1220 and service instance 2 is mapped to VLANs 1530. Therefore, VLANs 15 20 are crossed. This configuration is illegal. 5
Raisecom(configservice)#service mep [ up | down ] mpid mep-id interface-
Configure MEPs based on a service instance. When configuring a MEP based on a service instance, you must ensure that the service instance is mapped to a VLAN. By default, the MEP is Up. It indicates detecting the fault in uplink direction.
8.3.4 Configuirng fault detection

Step 1 Command
Raisecom#config
224
8 OAM
Step 2
Command
Raisecom(config)#ethernet cfm remote mep age-time minute Raisecom(config)#ethernet cfm errors archive-hold-time minute
Description (Optional) configure the aging time of RMEP. By default, the aging time of RMEP is set to 100min. (Optional) configure the hold time of error CCMs. Fault information reported by all MEPs is saved on the iTN165CES. By default, the hold time OF error CCMs is 100min. When a new holdtime is configured, the system will detect the database immediately. The data will be removed if exceeds the time.
4 5
Raisecom(config)#service cis-id level level Raisecom(configservice)#service cc interval { 1 | 10 | 60 | 600 | 3ms | 10ms | 100ms }
Enter service instance configuration mode. (Optional) configure the interval for sending CCMs. By default, the interval for sending CCMs is 10s. The interval for sending CCM packets cannot be modified when CCM delivery is enabled.
Only when hardware CC is performed during the device sends packets in Down direction, Parameters 3ms | 10ms | 100ms are available. These parameters are not available when software CC is performed. 6
Raisecom(configservice)#service cc enable mep { mep-id-list | all } Raisecom(configservice)#service remote-mep mep-id [ remote-mac macaddress ] [ interface-type interface-number ] Raisecom(configservice)#service remote-mep learning active
Enable MEPs sending CCMs. By default, MEPs do not sending CCMs. (Optional) configure the static RMEP, which cooperates with cc check. The remote-mac mac-address parameter is used to specify the MAC address of the RMEP. (Optional) configure REMP learning dynamic import. After REMP learning dynamic import is enabled, when receiving a CCM, the service instance will automatically translate the dynamically-learned REMP into the staticallyconfigured RMEP. By default, REMP learning dynamic import is disabled.
10
Raisecom(configservice)#service remote-mep cccheck enable Raisecom(configservice)#service cvlan vlan-id
(Optional) enable cc check of the REMP. By default, cc check of the RMEP is disabled. (Optional) configure the CVLAN of a CFM OAM packet, which needs to be configured only in QinQ networking environment. By default, the CFM OAM packet does not carry the CTAG. After the CVLAN is configured for a service instance, CCMs, LBMs, LTMs, and DMMs sent by MEPs in the service instance will carry double TAG, where the CT-TAG is the CVLAN configured by this command.
225
8 OAM
Step 11
Command
Raisecom(configservice)#service priority
Description (Optional) configure the priority of CFM OAM packet. After the priority is configured, CCMs, LBMs, LTMs, and DMMs sent by MEPs in a service instance will use the assigned priority. By default, the priority is set to 7.
priority
8.3.5 Configuring fault acknowledgement

Step 1 2 3 Command
Raisecom#config Raisecom(config)#service cis-id level level Raisecom(config-service)#ping { mac-address | mep mep-id } [ count count ] [ size packetsize ] [ source mep-id ] [ timeout time ] [ padding { prbs | pbrs-crc | null | null-crc } ] Raisecom(config-service)#ping ethernet multicast [ size packet-size ] [ timeout time ] [ padding { prbs | pbrs-crc | null | null-crc } ] Raisecom(config-service)#ping { egress | ingress } ttl ttlvalue [ count count ] [ size packet-size ] [ source mep-id ] [ timeout time ] [ padding { prbs | pbrs-crc | null | null-crc } ]
Description Enter global configuration mode. Enter service instance configuration mode. Perform Layer 2 Ping for acknowledging faults. By default, 5 LBMs are sent. The TLV length of a packet is set to 64. The iTN165-CES automatically looks for an available source MEP. If Layer 2 Ping is performed by specifying the destination MEP ID, CFM cannot finish Ping operation unless it finds the MAC address of the destination MEP based on the MEP ID. The source MEP will save RMEP data in the source MEP database after discovering and stabilizing the RMEP. And then according to MEP ID, the source MEP can find the MAC address of the RMEP in the RMEP database.
Before executing this command, ensure that global CFM is enabled. Otherwise, the Ping operation fails; If there is no MEP in a service instance, Ping operation will fail because of failing to find source MEP; Ping operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is; Ping operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID; Ping operation will fail if other users are using the specified source MEP to perform Ping operation.
8 OAM
8.3.6 Configuring fault location

Step 1 2 Command
Raisecom#config Raisecom(config)#ethernet cfm traceroute cache enable
Description Enter global configuration mode. (Optional) enable the traceroute cache switch. When the traceroute cache switch is disabled, the result will be automatically erased by the traceroute command. By default, the traceroute cache switch is disabled.
Raisecom(config)#ethernet cfm traceroute cache hold-time
minute
(Optional) configure the hold time of data in the traceroute cache. You can configure the hold time when the traceroute cache is enabled. By default, the hold time is set to 100min.
Raisecom(config)#ethernet cfm traceroute cache size size
(Optional) configure the traceroute cache size. You can configure the traceroute cache size when the traceroute cache is enabled. By default, the traceroute cache size is set to 100. The data are not saved when the traceroute cache is disabled.
5 6
Raisecom(config)#service cis-id level level Raisecom(config-service)# traceroute { mac-address [ ttl ttl ] [ source mep-id ] | mep mep -id [ ttl ttl ] [ source mep-id ] [ interface-mode ] [ timeout second ] | mip icc icc-code node-id [ ttl ttl ] [ interface-num interface-num ] [ timeout second ] | ttl ttl [ interface-mode ] [ timeout second ] }
Enter service instance configuration mode. Perform Layer 2 Traceroute for locating faults. By default, the TLV length of a packet is set to 64. The iTN165-CES automatically looks for an available source MEP.
Before executing this command, ensure that global CFM is enabled. Otherwise, the Traceroute operation fails; If there is no MEP in a service instance, Traceroute operation will fail because of failing to find source MEP; Traceroute operation will fail if the specified source MEP is invalid. For example, the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is; Traceroute operation will fail if the Ping operation is performed based on the specified destination MEP ID and the MAC address of destination is not found based on the MEP ID; If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works normally by configuring static RMEP and specifying MAC address. Traceroute operation will fail if other users are using the specified source MEP to perform Traceroute operation.
227
8 OAM
8.3.7 ConfiguringAIS
Configuring AIS on server-layer devices
Step 1 2 3 Command
Raisecom#config Raisecom(config)#service cis-id level level Raisecom(config-service)#service ais enable Raisecom(config-service)#service ais period { 1 | 60 } Raisecom(config-service)#service ais level level
Description Enter global configuration mode. Enter service instance configuration mode. Enable AIS delivery. By default, AIS delivery is disabled. Configure the AIS delivery period. By default, the AIS delivery period is set to 1s. Configure the level of the customer-layer MD to which AIS is sent.
4 5
Configuring AIS on customer-layer devices

Step 1 2 3 Command
Raisecom#config Raisecom(config)#service cis-id level level Raisecom(config-service)#service suppress-alarms enable mep { mepid | all }
Description Enter global configuration mode. Enter service instance configuration mode. Enable alarm inhibition. By default, alarm inhibition is enabled.
8.3.8 Configuring ETH-LCK

Configuring ETH-LCK on server-layer devices
Step 1 2 3 Command
Raisecom#config Raisecom(config)#service cis-id level level Raisecom(config-service)#service lckstart mep { mep-id | all } Raisecom(config-service)#service lck period { 1 | 60 } Raisecom(config-service)#service lcklevel level [ vlan vlan-id ]
Description Enter global configuration mode. Enter service instance configuration mode. Enable LCK delivery. By default, LCK delivery is disabled. Configure the LCK delivery period. By default, the LCK delivery period is set to 1s. Configure the level of the customer-layer MD to which LCK is sent.
4 5
228
8 OAM
Configuring ETH-LCK on customer-layer devices

Step 1 2 3
Raisecom#config Raisecom(config)#service cis-id level level Raisecom(config-service)#service suppressalarms enable mep { mep-id | all }
Command
Description Enter global configuration mode. Enter service instance configuration mode. Enable alarm inhibition. By default, alarm inhibition is enabled.

Raisecom#show ethernet cfm Raisecom#show ethernet cfm domain [ level level ] Raisecom#show ethernet cfm errors [ level level ] Raisecom#show ethernet cfm lck [ level level ] [ source ] Raisecom#show ethernet cfm local-mp [ interface interface-type interface-number | level level ] Raisecom#show ethernet cfm remote-mep [ level level ] static Raisecom#show ethernet cfm remote-mep [ level level [ service service-instance [ mpid mepid ] ] ] Raisecom#show ethernet cfm suppress-alarms [ level level ] Raisecom#show ethernet cfm traceroute-cache
Description Show CFM global configurations. Show configurations on MDs and service instances. Show error CCM database information. Show ETH-LCK signals. Show local MEP configurations.
6 7
Show static RMEP information. Show RMEP delivery information.
8 9
Show CFM alarm inhibition configurations. Show Link-Trace cache route discovery information.
8.4 Configuring SLA

Scenario
To provide users with qualified network services, the SP signs a SLA with users. To carry out SLA effectively, the SP needs to deploy SLA feature on devices to measure the network performance, taking the measured results as an evidence for ensuring the network performance.
229
8 OAM
By selecting two detection points (source and destination iTN devices), SLA configures and schedules SLA operations on a detection point. Therefore, network performance between this 2 detection points can be detected. SLA makes a statistics on round-trip packet loss ratio, round-trip/unidirectional (SD/DS) delay, jitter, jitter variance, jitter distribution, throughput, and LM packet loss test. In addition, it reports these data to the upper monitoring software (such as the NView NNM system) to help analyze network performance for getting an expected result.
Prerequisite
Before configuring SLA, you should finish following operations:
When you configure Layer 2 test operations, deploy CFM between local and remote devices that need to be detected. Layer 2 Ping operation succeeds between local and remote devices. When you configure Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping operation succeeds between local and remote devices.
8.4.2 Configuring basic SLA operation information

Step 1 2
Raisecom#config Raisecom(config)#sla oper-num y1731-echo remotemep mep-id level level svlan vlan-id [ cvlan vlan-id ] [ cos cos-value ] [ dm ] Raisecom(config)#sla oper-num y1731-echo remotemac mac-address level level svlan vlan-id [ cvlan vlan-id ] [ cos cos-value ] [ dm ] Raisecom(config)#sla oper-num y1731-jitter remote-mep mep-id level level svlan vlan-id [ cvlan vlan-id ] [ interval period ] [ packets packets-num ] [ cos cos-value ] [ dm ] Raisecom(config)#sla oper-num y1731-jitter remote-mac mac-address level level svlan vlan-id [ cvlan vlan-id ] [ interval period ] [ packets packets-num ] [ cos cos-value ] [ dm ] Raisecom(config)#sla oper-num icmp-echo destipaddrip-address [ dscp dscp-value ] Raisecom(config)#sla oper-num icmp-jitter destipaddr ip-address [ dscp dscp-value ] [ interval period ] [ packets packets-nums ]
Command
Description Enter global configuration mode. Configure the SLA y1731-echo operation based on the destination MEP ID. Configure the SLA y1731-echo operation based on the destination MAC address. Configure the SLA y1731-jitter operation based on the destination MEP ID. Configure the SLA y1731-jitter operation based on the destination MAC address. Configure basic information of the SLA icmp-echo operation. Configure basic information of the SLA icmp-jitter operation.
6 7
230
8 OAM
Step 8
Command
Raisecom(config)#sla oper-num y1731-pkt-loss remote-mep mep-id level level svlan vlan-id [ cvlan cvlan-id ] [ cos cos-id ] [ interval interval-num ] [ packets packet-num ]
Description Configure the SLA y1731-pkt-loss packet loss test operation based on the MEP ID.
When you perform packet loss ratio test based on the MEP ID, we recommend specifying the MAC address when you use the service remote-mep command to configure the RMEP. 9
Raisecom(config)#sla oper-num y1731-pkt-loss remote-mac mac-address level level svlan vlan-id [ cvlan cvlan-id ] [ cos cos-id ] [ interval interval-num ] [ packets packet-num ] Raisecom(config)#sla y1731-echo quick-input [ level level [ svlan vlan-id ] ] [ dm ] Raisecom(config)#sla y1731-jitter quick-input [ level level [ svlan vlan-id ] ] [ dm ] Raisecom(config)#sla private-tlv enable
Configure the SLA y1731-pkt-loss packet loss test operation based on the destination MAC address. Create the y1731-echo operation quickly. Create the y1731-jitter operation quickly. (Optional) configure whether the SLA operation is padded with the private TLV. By default, the SLA operation is not padded with the private TLV. Configure the delay threshold, jitter threshold, and packet loss ratio threshold. Enable sending Trap when the test result exceeds the threshold.
10 11 12
13
Raisecom(config)# sla oper-num { loss-ratethreshold | delay-threshold | jitter-threshold } { current | average } [ ds | sd | two-way ]
threshold-value
14
Raisecom(config)#sla oper-num loss-pkt-trap { current | average } enable Raisecom(config)#sla oper-num { delay-trap | jitter-trap } { current | average } [ ds | sd | two-way ] enable
After configuring one operation (differed by operation ID), you cannot modify or configure it again. You need to delete the operation in advance if you need to configure it again. SLA supports scheduling up to 100 operations at one time. Before you stop scheduling the same operation, you cannot modify scheduling information or reschedule the operation. If you need to reschedule the operation, you need to finish the scheduling (reach scheduling life time or stop scheduling) before performing the next scheduling. The private TLV is designed for Raisecom devices. When SLA operations are padded with the private TLV, you can configure and schedule any operations. When SLA operations are not padded with the private TLV, VLANs of DMs and
231
8 OAM
LMs should be different. In addition, LB packets cannot be co-scheduled with DMs and LMs. If SLA operations are padded with the private TLV, if may influence communicated with devices from other vendors.
8.4.3 Configuring SLA scheduling information and enabling operation scheduling

Step 1 2
Raisecom#config Raisecom(config)#sla schedule oper-num [ life { forever | life-time } ] [ period period ] [ begin ]
Command
Description Enter global configuration mode. Configure SLA scheduling information, including the life time and execution interval. Enable SLA operation scheduling. By default, operation scheduling is disabled.
The operation life time should not be smaller than the interval for performing SAL operations. The interval for performing SLA operations should not be smaller than 20s.
8.4.4 Configuring basic ETH-Test throughput test operation information and enabling operation scheduling
The prerequisites for configuring throughput test are shown as below: CFM is deployed on local and remote devices. Ping operation succeeds between local and remote devices. Step 1 2
Raisecom#config Raisecom(config)#sla y1731-throughput enable
Command
Description Enter global configuration mode. Enable ETH-Test throughput test. By default, ETH-Test throughput test is disabled.
Raisecom(config)#sla y1731-throughput oper-id { local-mep mep-id remote-mep mep-id | remote-mac mac-address } level level-id svlan vlan-id [ cvlan vlan-id ] [ cos cos-id ]
Create the ETH-Test throughput test operation, including the test operation ID, local MEP ID, remote MEP ID, remote MAC address, MEG level, SVLAN ID, CVLAN ID, and CoS priority.
232
8 OAM
Step 4
Command
Raisecom(config)#sla y1731-throughput oper-id { one-way | two-way } object band-width packet-size pkt-length pattern { null | nullcrc | prbs | prbs-crc } duration lasting-time
Description (Optional) configure parameters of the ETH-Test throughput test operation, including the test operation ID, test direction (unidirectional/bidirectional), destination test bandwidth, test packet size, padding mode of the test packet payload, and hold time. By default, the test operation is a unidirectional one.
Destination test bandwidth: 100 Mbit/s Test packet size: 1024 bytes Padding mode of the test packet payload: null Hold time: 30s.
Raisecom(config)#sla schedule y1731-throughput
oper-id
Enable ETH-Test throughput test operation scheduling. By default, ETH-Test throughput test operation scheduling is disabled.
ETH-Test does not support testing multiple operations at one time. If multiple operations are scheduled, they are tested in order based on the scheduling time. Up to 10 ETH-Test test operations are supported. Operations are distinguished by the operation ID.

No. 1 2 3 4 5 6 Command
Raisecom#show sla { all | oper-num } configuration Raisecom#show sla { all | oper-num } result
Description Show SLA configurations. Show the last test information of an operation. Show operation scheduling statistics. Show ETH-Test throughput test operation configurations. Show test result of the ETH-Test throughput test operation. Show operation scheduling threshold configurations and Trap status.
Raisecom#show sla { all | oper-num } statistic Raisecom#show sla y1731-throughput oper-id configuration Raisecom#show sla y1731-throughput oper-id result Raisecom#show sla { all | oper-num } threshold
233
8 OAM
The show sla y1731-throughput oper-id result command can be used to show statistics of ETH-Test throughput test operation test results. For an operation, up to 5 groups of statistics are supported. If it is over 5, the oldest statistics (from the starting time of the scheduling) will be aged.
8.5 Configuring RFC2544

Scenario
With RFC2544 test, the Carrier can get the network operating quality data to optimize the network construction scheme, reduce network operation and maintenance costs, and improve network operation quality. The RFC2544 test process includes the following items:

Configuring related parameters of the test operation, including global parameters, test frame size, test speed, and test retry times. Scheduling the test operation. Performing the test operation. Reporting test results.
The iTN165-CES schedules and tests the operation by following the following rules:

After a test operation is scheduled, you cannot re-schedule or delete it before the test process is finished. A scheduling command can be used to schedule multiple test operations with same type. These operations are scheduled based on the creation time. Schedule multiple different test operations based on the scheduling time. The result of a performed test operation is saved in the related result table. When Trap is enabled, the NView NNM system can manage the test operation. If a performed test operation is re-scheduled, the original test result table will be cleared.
The iTN165-CES supports scheduling up to 24 operations simultaneously. Only one operation is being scheduled while the others wait for being scheduled.
Prerequisite
The remote device, participating in RFC2544 test, is enabled with interface loopback. When the remote device is enabled with SMAC-based interface loopback, the SMAC should be the MAC address of the local device whose third byte is replaced with the 5F. For example, if the MAC address of the local device is set to 000E.5E12.1212, the SMAC of the loopback packet should be set to 000E.5F12.1212. We recommend that the MTU size of devices, participating in RFC2544 test, is greater than 1540 bytes. OAM remote loopback, MPLS-TP OAM, interface loopback, and ETH-Test are disabled on the iTN165-CES.
8 OAM
VLANs are created on the iTN165-CES. In addition, the interfaces are in Trunk mode.
8.5.2 Configuring RFC2544 basic information

Step 1 2 Command
Raisecom#config Raisecom(config)#rfc2544 enable
Description Enter global configuration mode. Enable RFC2544 benchmarking test. By default, RFC2544 benchmarking test is disabled.
Raisecom(config)#rfc2544 trap enable Raisecom(config)#rfc2544 dmac
Enable RFC2544 Trap. By default, RFC2544 Trap is enabled. Configure the RFC2544 remote device loopback MAC address. By default, the remote device loopback MAC address is set to 0000.0000.0000.
mac-address
Raisecom(config)#rfc2544 { svlan | cvlan } enable
(Optional) enable RFC2544 SVLAN (outer VLAN)/CVLAN (inner VLAN). By default, SVLAN is enabled while CVLAN is disabled.
Raisecom(config)#rfc2544 { svlan | cvlan } tpid tpid
(Optional) configure the TPID of SVLAN/CVLAN. By default, the TPID of SVLAN/CVLAN is set to 0x8100. (Optional) configure the VLAN ID of SVLAN/CVLAN. By default, the VLAN ID of SVLAN/CVLAN is set to 1. (Optional) configure the CoS value of SVLAN/CVLAN. By default, the CoS value of SVLAN/CVLAN is set to 0. (Optional) configure the Y.1731 MEG level of the RFC2544 test packet. By default the MEG level is set to 7.
Raisecom(config)#rfc2544 { svlan | cvlan } vlanid vlan-id Raisecom(config)#rfc2544 { svlan | cvlan } cos cos-value Raisecom(config)#rfc2544 meglevel meg-level
10
Raisecom(config)#rfc2544 payload-pattern { fixed | increasing }
Configure the padding mode of the RFC2544 test packet payload, including fixed and increasing. By default, the padding mode of the RFC2544 test packet payload is set to fixed. (Optional) configure the padding value of RFC2544 test packet payload in fixed mode. By default, the padding value of the payload is set to 0x12345678.
11
Raisecom(config)#rfc2544 fixedpattern pattern-value
Related configurations of RFC2544 do not take effect unless RFC2544 benchmarking test is enabled. If only SVLAN is enabled, the test packet carries one VLAN Tag.

8 OAM
If both SVLAN and CVLAN are enabled, the test packet carries double VLAN Tags. The SVLAN is the outer Tag and the CVLAN is the inner Tag. To enable CVLAN, you must enable SVLAN in advance. In addition, the SVLAN is the outer Tag and the CVLAN is the inner Tag. If SVLAN and CVLAN are disabled, the test packet does not carry the VLAN Tag. CoS priority and VLAN ID configurations do not take effect unless the related VLAN is enabled. VLAN configurations of the test packet have nothing with the ones of the forwarding interface.
8.5.3 Configuring RFC2544 throughput test

Step 1 2
Raisecom#config Raisecom(config)#rfc2544 throughput maxrate rate-value min-rate rate-value step step-value frame-loss frame-value duration duration-second resolution resolution-value trial trial-value
Command
Description Enter global configuration mode. Configure public parameters of RFC2544 throughput test. The default configurations are shown as below:

Maximum speed: 1000 Mbit/s Minimum speed: 1 Mbit/s Speed change granularity: 10 Mbit/s Tolerable test frame loss rate: 0 Test period: 60s Test result precision: 1 Mbit/s Test retry times: 20
Raisecom(config)#rfc2544 throughput testid frame-size { 64 | 128 | 256 | 512 | 1024 | 1280 | 1518 | 1536 } Raisecom(config)#rfc2544 schedule throughput [ all | test-id ]
Configure a throughput test operation, including the operation ID and test frame size. Schedule a RFC2544 throughput test operation.
8.5.4 Configuring RFC2544 latency test

Step 1 2
Raisecom#config Raisecom(config)#rfc2544 latency max-rate rate-value initial-rate rate-value step step-value duration duration-second trial
Command
Description Enter global configuration mode. Configure public parameters of RFC2544 latency test. The default configurations are shown as below:

trial-value
Maximum speed: 1000 Mbit/s Initial speed: 1000 Mbit/s Speed change granularity: 10 Mbit/s Test period: 60s Test retry times: 20
Raisecom(config)#rfc2544 latency test-id frame-size { 64 | 128 | 256 | 512 | 1024 | 1280 | 1518 | 1536 }
Configure a latency test operation, including the operation ID and test frame size.
236
8 OAM
Step 4
Command
Raisecom(config)#rfc2544 schedule latency [ all | test-id ]
Description Schedule a RFC2544 latency test operation.
8.5.5 Configuring RFC2544 frame loss rate test

Step 1 2
Raisecom#config Raisecom(config)#rfc2544 frame-loss duration second trial trial-value
Command
Description Enter global configuration mode. Configure public parameters of RFC2544 frame loss rate test. The default configurations are shown as below:

Test period: 60s Test retry times: 20
Raisecom(config)#rfc2544 frame-loss testid rate rate-value frame-size { 64 | 128 | 256 | 512 | 1024 | 1280 | 1518 | 1536 } Raisecom(config)#rfc2544 schedule frameloss [ all | test-id ]
Configure a frame loss rate test operation, including the operation ID and test frame size. Schedule a RFC2544 frame loss rate test operation.

No. 1 2 3 4 5 6 7 8 9 10 Command
Raisecom#show rfc2544 global-configure Raisecom#show rfc2544 throughputconfiguration Raisecom#show rfc2544 latencyconfiguration Raisecom#show rfc2544 frame-lossconfiguration Raisecom#show rfc2544 throughput Raisecom#show rfc2544 latency Raisecom#show rfc2544 frame-loss
Description Show RFC2544 basic configurations. Show public parameter configurations of throughput test. Show public parameter configurations of latency test. Show public parameter configurations of frame loss rate test. Show throughput test operation configurations. Show latency test operation configurations. Show frame loss rate test operation configurations. Show throughput test results. Show latency test results. Show frame loss rate test results.
Raisecom#show rfc2544 throughput-result Raisecom#show rfc2544 latency-result Raisecom#show rfc2544 frame-loss-result
237
8 OAM
8.6 Maintenance
Command
Raisecom(config-port)#clear oam { event | statistics } Raisecom(config)#clear oam config
Description Clear EFM OAM interface link statistics/OAM frame statistics. Clear EFM OAM configurations to return to Passive and Disable status. Clear CCM error database information. Clear RMEPs. Clear traceroute cache database.
Raisecom(config)#clear ethernet cfm errors [ level level ] Raisecom(config)#clear ethernet cfm remote-mep [ level level ] Raisecom(config)#clear ethernet cfm traceroute-cache

8.7.1 Examples for configuring EFM
As shown in Figure 8-8, to enhance the management and maintenance capability of the Ethernet link between iTN A and iTN B, you need to deploy EFM on iTN A and iTN B. The iTN A is the active end and the iTN B is the passive end. In addition, you need to deploy OAM event Trap on iTN A. Figure 8-8 Configuring EFM
Configuration steps
Step 1 Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#oam active iTNA(config)#interface line 1 iTNA(config-port)#oam enable iTNA(config-port)#oam event trap enable iTNA(config-port)#oam peer event trap enable
238
8 OAM
Step 2 Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#interface line 1 iTNB(config-port)#oam enable
Save configurations of iTN A.
iTNA#write
Save configurations of iTN B.
iTNB#write
Checking results
Use the show oam command on iTN A to show EFM configurations.
iTNA#show oam line 1 Port: line 1 Mode: Active Administrate state: Enable Operation state: Operational Max OAMPDU size: 1518 Send period: 1000 ms Link timeout : 10 s Config revision: 1 Supported functions: Loopback, Event, Variable
Use the show oam trap command on iTN A to show OAM event Trap configurations.
iTNA#show oam trap line 1 Port:line 1 Event trap:Enable Peer event trap:Enable Discovery trap total:0 Discovery trap timestamp:0 days, 0 hours, 0 minutes Lost trap total:0 Lost trap timestamp:0 days, 0 hours, 0 minutes
239
8 OAM
8.7.2 Examples for configuring CFM

As shown in Figure 8-9, the PC communicates with the server through the network where iTN A, iTN B, and iTN C are located. To ensure that the link between the PC and the server provide Carrier-grade service, you need to enable CFM on iTN A, iTN B, and iTN C. CFM is used to detect fault actively, as well as acknowledge and locate these faults. Client 1 of iTN A and Client 1 of iTN C are MEPs. iTN B is the MIP. Detect Ethernet faults on the link between iTN A Client 1 and iTN C Client 1. The MD level is set to 3. Figure 8-9 Configuring CFM
Configuration steps
Step 1 Add interfaces to the VLAN.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#create vlan 100 active iTNA(config)#interface client 1 iTNA(config-port)#switchport access vlan 100 iTNA(config-port)#exit iTNA(config)#interface line 1 iTNA(config-port)#switchport mode trunk iTNA(config-port)#switchport trunk allowed vlan 100 iTNA(config-port)#exit
Configure iTN B.
Raisecom#hostname iTNB iTNB#config
240

iTNB(config)#create vlan 100 active iTNB(config)#interface line 1 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport trunk allowed vlan 100 iTNB(config-port)#exit iTNB(config)#interface line 2 iTNB(config-port)#switchport mode trunk iTNB(config-port)#switchport trunk allowed vlan 100 iTNB(config-port)#exit
8 OAM
Configure iTN C.
Raisecom#hostname iTNC iTNC#config iTNC(config)#create vlan 100 active iTNC(config)#interface client 1 iTNC(config-port)#switchport access vlan 100 iTNC(config-port)#exit iTNC(config)#interface line 1 iTNC(config-port)#switchport mode trunk iTNC(config-port)#switchport trunk allowed vlan 100 iTNC(config-port)#exit
Step 2 Configure CFM fault detection.
Configure iTN A.
iTNA(config)#ethernet cfm domain level 3 iTNA(config)#service ma1 level 3 iTNA(config-service)#service vlan-list 100 iTNA(config-service)#service mep up mpid 301 client 1 iTNA(config-service)#service remote-mep learning active iTNA(config-service)#service cc enable mep all iTNA(config-service)#exit iTNA(config)#ethernet cfm enable iTNA(config)#interface line 1 iTNA(config-port)#ethernet cfm enable iTNA(config-port)#interface client 1 iTNA(config-port)#ethernet cfm enable
Configure iTN B.
iTNB(config)#ethernet cfm domain level 3 iTNB(config)#service ma1 level 3 iTNB(config-service)#service vlan-list 100 iTNB(config-service)#exit iTNB(config)#ethernet cfm enable iTNB(config)#interface line 1
241

iTNB(config-port)#ethernet cfm enable iTNB(config-port)#interface line 2 iTNB(config-port)#ethernet cfm enable
8 OAM
Configure iTN C.
iTNC(config)#ethernet cfm domain level 3 iTNC(config)#service ma1 level 3 iTNC(config-service)#service vlan-list 100 iTNC(config-service)#service mep up mpid 302 client 1 iTNC(config-service)#service remote-mep learning active iTNC(config-service)#service cc enable mep all iTNC(config-service)#exit iTNC(config)#ethernet cfm enable iTNC(config)#interface line 1 iTNC(config-port)#ethernet cfm enable iTNC(config-port)#interface client 1 iTNC(config-port)#ethernet cfm enable
Step 3 Perform CFM fault acknowledgement, taking iTN A for an example.
iTNA(config)#service ma1 level 3 iTNA(config-service)#ping mep 302 source 301 Sending 5 Ethernet CFM loopback messages to 000E.5E00.0002, timeout is 2.5 seconds: !!!!! Success rate is 100 percent (5/5). Ping statistics from 000E.5E00.0002: Received loopback replys<5 /0 /0 > (In order/Out of order/Error)
Step 4 Perform CFM fault location, taking iTN A for an example.
iTNA(config)#service ma1 level 3 iTNA(config-service)#traceroute mep 302 source 301 TTL: <64> Tracing the route to 000E.5E00.0002 on level 3, service ma1. Traceroute send via client1. ------------------------------------------------------------------------Hops HostMac Ingress/EgressPort IsForwarded RelayAction NextHop ------------------------------------------------------------------------1 000E.5E00.0003 C1/L1 Yes rlyFdb 000E.5E00.0003 2 000E.5E00.0003 L1/L2 Yes rlyFdb 000E.5E00.0001 !3 000E.5E00.0001 L1/No rlyHit 000E.5E00.0002
242

iTNA#write
8 OAM
Checking configurations
Use the show ethernet cfm command on iTN devices to show CFM configurations, taking iTN A for an example.
iTNA#show ethernet cfm Port cfm enabled portlist:line:1-4 client:1-12 PC:1-8 Global cfm status: Enable Archive hold time of error CCMs: 100(Min) Remote mep aging time: 100(Min) Device mode: Slave
8.7.3 Examples for configuring SLA

As shown in Figure 8-10, Node B communicates with the RNC through iTN A, iTN B, and iTN C at the ring network, as well as the iTN2100. To make the Ethernet link between RNC and Node B provide Telecom-grade services, you need to deploy CFM on iTN devices. To effectively fulfil the SLA signed with users, the Carrier deploys SLA on iTN A and schedules it periodically. SLA is used to detect the network performance between iTN A and iTN C in time. Perform Layer 2 delay test from iTN C to iTN A. Configure the y1731-echo operation on iTN C as below:

Operation ID: 2 RMEP ID: 2 MD level: 3 VLAN ID: 100 CoS priority: 0 Scheduling lifetime: 20s Test period: 10s
243
8 OAM
Figure 8-10 Configuring SLA
Configuration steps
Step 1 Configure CFM on iTN devices. For detailed configurations, see section 8.7.2 Examples for configuring CFM. Step 2 Configure the y1731-echo operation on iTN C and enable operation scheduling.
iTNC#config iTNC(config)#sla 2 y1731-echo remote-mep 2 level 3 svlan 100 cos 0 iTNC(config)#sla schedule 2 life 20 period 10
Step 3 Save configurations, taking iTN C for an example.
iTNC#write
Checking results
Use the show sla configuration command on iTN C to show SLA configurations.
iTNC(config)#show sla 2 configuration -----------------------------------------------------------------------Operation <2>: Type: Y.1731 echo
244
8 OAM
StartTime: 0 days, 0 : 0 : 50 -----------------------------------------------------------------------Cos: 0 Service Vlan ID: 100 Customer Vlan ID: 0 MD Level: 3 Remote MEP ID: 2 Timeout(sec): 5 Schedule Life(sec): 20 Schedule Period(sec): 10 Schedule Status: active
Use the show sla result command on iTN C to show SLA scheduling results.
iTNC(config)#show sla 2 result -----------------------------------------------------------------------Operation <1026>: Success Info of Latest Test: TWO-WAY ONE-WAY(SD) ONE-WAY(DS) -----------------------------------------------------------------------Delay(usec): < 1 -----
8.7.4 Examples for configuring ETH-Test throughput test

As shown in Figure 8-11, iTN A and iTN B access the Ethernet through Line interfaces respectively. Use a bidirectional test method to test Ethernet throughput between iTN A and iTN B. iTN A is the local device for performing the ETH-Test throughput test operation and iTN B is the remote device. Configure parameters as below:

MEP ID of iTN A: 1 MEP ID of iTN B: 2 MD level: 2 SVLAN ID: 100 CVLAN ID: 200 CoS priority: 3 Destination test bandwidth: 100 Mbit/s Duration time: 60s Other parameters: default values
245
8 OAM
Figure 8-11 Configuring ETH-Test throughput test
Configuration steps
Step 1 Configure iTN A and iTN B respectively. Set iTN A and iTN B to different MEPs in a service instance. In addition, iTN A and iTN B can discover each other. For detailed configurations, see section 8.7.2 Examples for configuring CFM. Step 2 Enable iTN A ETH-Test test operation and configure basic information.
iTNA(config)#sla y1731-throughput enable iTNA(config)#sla y1731-throughput 1 local-mep 1 remote-mep 2 level 2 svlan 100 cvlan 200 cos 3 iTNA(config)#sla y1731-throughput 1 two-way object 100 packet-size 1024 pattern null duration 60
Step 3 Enable iTN B ETH-Test test operation.
iTNB(config)#sla y1731-throughput enable
Step 4 Schedule iTN A ETH-Test test operation.
iTNA(config)#sla schedule y1731-throughput 1
iTNA#write
246
8 OAM
iTNB#write
Checking results
Use the show sla y1731-throughput oper-id configuration command on iTN A to show configurations on the ETH-Test test operation.
iTNA(config)#show sla y1731-throughput 1 configuration Operation <1>: Remote mac-address: 0000.0000.0000 Local MEP ID: 1 Remote MEP ID: 2 MD Level: 2 CoS: 3 Service Vlan ID: 100 Customer Vlan ID: 200 Bothway Config: 1 Object Band-width: 100 Packet Length: 1024 Packet Pattern: 0 Test Duration: 60 Schedule Status: completed
Use the show sla y1731-throughput oper-id result command to show throughput test results.
iTNA(config)#show sla y1731-throughput 1 result -----------------------------------------------------------------------Operation <1>: Test Starttime: 0 days, 00:13:11:46 Test Endtime: 0 days, 00:14:11:46 Statistic Starttime: 0 days, 00:13:07:30 Statistic Endtime: 0 days, 00:14:17:30 Operation <1>: Success -----------------------------------------------------------------------Statistic of Test: Local Dev Remote Dev -----------------------------------------------------------------------SendUsrPStatics: 0 0 SendUsrBStatics: 0 0 RecvUsrPStatics: 0 0 RecvUsrBStatics: 0 0 SendTestPStatics: 0 0 SendTestBStatics: 0 0 RecvTestPStatics: 0 0 RecvTestBStatics: 0 0 ReceiveSeqErrStatics: 0 0 ReceiveCrcErrStatic: 0 0
247

ReceivePrbsErrStatics: L2R throughput(bps): R2L throughput(bps): 0 0 0 0
8 OAM
8.7.5 Examples for configuring RFC2544 throughput test

As shown in Figure 8-12, iTN A is the RFC2544 test device. iTN B is the RFC2544 remote device and is enabled with interface loopback. The MAC address of iTN B is set to 000E.5E12.3456. Both SVLAN and CVLAN of iTN A are enabled. Other RFC2544 parameters use default values. Perform configurations on iTN A to test throughput of SUT. Figure 8-12 Configuring RFC2544 throughput test
Configuration steps
Step 1 Configure RFC2544 basic information on iTN A.
Raisecom#config Raisecom(config)#rfc2544 Raisecom(config)#rfc2544 Raisecom(config)#rfc2544 Raisecom(config)#rfc2544 Raisecom(config)#rfc2544
enable trap enable dmac 000e.5e12.3456 svlan enable cvlan enable
Step 2 Configure public parameters of throughput test on iTN A and configure the test operation.
Raisecom(config)#rfc2544 throughput max-rate 1000 min-rate 1 step 10 frame-loss 0 duration 60 resolution 1 trial 20 Raisecom(config)#rfc2544 throughput 1 frame-size 128
Step 3 Schedule the throughput test operation on iTN A.
Before scheduling the throughput test operation, you must ensure that iTN B is enabled with interface loopback. Otherwise, configurations fail.
248

Raisecom(config)#rfc2544 schedule throughput 1
8 OAM
iTNA#write
iTNB#write
Checking results
Use the show rfc2544 global-configure command on iTN A to show RFC2544 basic configurations.
Raisecom(config)#show rfc2544 global-configure RFC2544 function: enable send trap: enable svlan: enable cvlan: enable remote mac: 000e.5e12.3456 payload-pattern-mode: fixed fixed-pattern-value: 0x12345678 OpCode: 7 MEG-level: 7 vlan tpid cos vlan-id -----------------------------------------------SVLAN 8100 0 1 CVLAN 8100 0 1
Use the show rfc2544 throughput-configuration command to show configurations on public parameters of iTN A throughput test.
Raisecom(config)#show rfc2544 throughput-configuration Function: throughput maxSpeed(Mbps): 1000 minSpeed(Mbps): 1 stepSize(Mbps): 10 frameLossRate(0.01%): 5000 resolution(Mbps): 1 duration(s): 60 trial: 20
249
8 OAM
Use the show rfc2544 throughput command to show configurations on the iTN A throughput test operation.
Raisecom(config)#show rfc2544 throughput testID frameSize(Byte) scheduleStatus -----------------------------------------------1 128 running
Use the show rfc2544 throughput-result command to show throughput test results.
Raisecom(config)#show rfc2544 throughput-result testID trialIndex TxCount Throughput(Mbps) resultStatus --------------------------------------------------------------1 1 84459000 1000 success 1 2 84459000 1000 success 1 3 84459000 1000 success 1 4 84459000 1000 success 1 5 84459000 1000 success 1 6 84459000 1000 success 1 7 84459000 1000 success
Configuration steps for the iTN165-CES to perform RFC2544 delay test and RFC2544 packet loss ration test are basically the same as the ones of RFC2544 throughput test with a few differences on CLI parameters. For detailed configuration steps, see 8.5.4 Configuring RFC2544 latency test and 8.5.5 Configuring RFC2544 frame loss rate test.
250
9 Security
Security
This chapter describes principles and configuration procedures of the security feature, as well as related configuration examples, including following sections:

Introduction Configuring ACL Configuring RADIUS Configuring TACACS+ Configuring storm control Maintenance Configuration examples
9.1 Introduction
With continuous development of Internet technology, network is increasingly applied. More and more enterprises make development with network. How to ensure the data and resource security becomes a significant problem. In addition, the device performance is reduced or the device operates improperly in case users access the network in an unconscious but aggressive way. Security technologies, such as Access Control List (ACL) and user authentication, can improve network and device security effectively.
9.1.1 ACL
To control influence of illegal packets on the network, you need to configure a series of rules on network devices to decide which packets can be transmitted. There rules are defined through ACL. ACL is a series of sequential rules composed by permit | deny sentences. These rules describe packets based on based on source MAC addresses, destination MAC addresses, source IP addresses, destination IP addresses, and interface IDs. The device decides packets to be received or refused based on these rules.
251
9 Security
9.1.2 RADIUS
Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for remote users. RADIUS uses the User Datagram Protocol (UDP) as the transport protocol (port 1812/1813) and has good instantaneity. In addition, RADIUS supports re-transmission mechanism and backup server mechanism. Therefore, it provides good reliability. RADIUS works in client/server mode. Network devices are clients of the RADIUS server. RADIUS server is responsible for receiving users' connection requests, authenticating uses, and replying configurations required by all clients to provide services for users. This mode can control users accessing devices and network to improve network security. Clients and the RADIUS server communicate with each other through the shared key. The shared key is not transmitted through the network. In addition, any user password needs to be encapsulated when it is transmitted through clients and RADIUS. This helps prevent getting the user password by sniffing unsecure network. RADIUS accounting is designed for RADIUS authenticated users. When a user logs in to the device, the device sends an accounting packet to the RADIUS accounting server to begin accounting. During login, the device sends accounting update packets to the RADIUS accounting server. When the user exits from the device, no accounting packet is sent to the RADIUS accounting server. These packets contain the login time. With these packets, the RADIUS accounting server can record the access time and operation of each user.
9.1.3 TACACS+
Terminal Access Controller Access Control System (TACACS+) is a network access authentication protocol, similar to RADIUS. Compared with RADIUS, TACACS+ has the following features:

Use TCP port 49, providing the higher transmission reliability. RADIUS uses a UDP port. Encapsulate the whole standard TACACS+ packet but for the TACACS+ header, providing the higher security. RADIUS encapsulates the user password only. Separate TACACS+ authentication from TACACS+ authorization and TACACS+ accounting, providing a more flexible deployment mode.
Therefore, compared with RADIUS, TACACS+ is more secure and reliable. However, as an open protocol, RADIUS is more widely-used.
9.1.4 Storm control

In most Layer 2 network scenarios, the unicast traffic should be much greater than the broadcast traffic. If speed of broadcast traffic is not limited, when a broadcast storm is generated, a number of bandwidth will be occupied. Therefore, network performance is reduced and unicast packets cannot be forwarded. In addition, the communication between devices may be interrupted. Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring when broadcast packets increase sharply in the network. Therefore, this helps ensure that the unicast packets can be properly forwarded. Broadcast traffic may exist in following forms, so you need to limit the bandwidth for them on Layer 2 devices.
Unknown unicast traffic: the unicast traffic whose destination MAC address is not in MAC address table. It is broadcasted by Layer 2 devices.

9 Security
Multicast traffic: the traffic whose destination MAC address is a multicast MAC address. Generally, it is broadcasted by Layer 2 devices. Broadcast traffic: the traffic whose destination MAC address is a broadcast MAC address. It is broadcasted by Layer 2 devices.
9.2 Configuring ACL

Scenario
To filter packets, device needs to be configured with ACL to identify packets to be filtered. Devices cannot allow/disallow related packets to pass based on pre-configured policies unless they identify specified packets. ACLs are grouped in to the following types:
IP ACL: make classification rules based on properties of packets, such as source/destination IP address carried by the IP header of packets or used TCP/UDP port ID. MAC ACL: make classification rules based on Layer 2 information, such as source MAC address, destination MAC address, or Layer 2 protocol type carried by the Layer 2 frame header of packets. MAP ACL: compared with IP ACL and MAC ACL, MAP ACL can define more protocols and more detailed protocol fields. In addition, it can be used to match any byte in first 64 packets of a Layer 2 data frame based on user's definition.
Based on real scenarios, ACL can be applied based on the whole device, interface, flow from the ingress interface to the egress interface, or VLAN.
Prerequisite
N/A
9.2.2 Configuring IP ACL

Step 1 2
Raisecom#config Raisecom(config)#ip-access-list acl-id { deny | permit } { protocol-id | icmp | igmp | ip } { source-ip-address mask | any } { destination-ipaddress mask | any } Raisecom(config)#ip-access-list acl-id { deny | permit } { tcp | udp } { source-ip-address mask | any } [ source-protocol-port ] { destination-ipaddress mask | any } [ destination-protocol-port ]
Command
Description Enter global configuration mode. Create IP ACL and define the matching rule.
253
9 Security
9.2.3 Configuring MAC ACL

Step 1 2
Raisecom#config Raisecom(config)#mac-access-list acl-id { deny | permit } [ protocol | arp | ip | rarp | any ] { source-mac-address mask | any } { destinationmac-address mask | any }
Command
Description Enter global configuration mode. Create MAC ACL and define the matching rule.
9.2.4 Configuring MAP ACL

Step 1 2 3 Command
Raisecom#config Raisecom(config)#access-list-map acl-id { deny | permit } Raisecom(config-aclmap)#match mac { destination | source } mac-address
Description Enter global configuration mode. Create the MACP ACL and enter ACLMAP configuration mode. (Optional) define the matching rule of source or destination MAC address. By default, the MAC address is not matched. (Optional) define the matching rule of CoS value. By default, the CoS value is not matched. (Optional) define the matching rule of Ethernet frame type. By default, the Ethernet frame type is not matched.
mask
Raisecom(config-aclmap)#match cos cos-
value
Raisecom(config-aclmap)#match ethertype ethertype [ ethertype-mask ]
Raisecom(config-aclmap)#match { arp | eapol | flowcontrol | ip | ipv6 | loopback | mpls-unicast | mplsmulticast | pppoe | pppoedisc | slowprotocol | x25 | x75 } Raisecom(config-aclmap)#match arp opcode { reply | request }
(Optional) define the matching rule of upper protocol carried by Layer 2 packet header.
(Optional) define the matching rule of ARP type (replay packet/request packet). By default, the ARP type is not matched.
Raisecom(config-aclmap)#match arp { sender-mac | target-mac } mac-address
(Optional) define the matching rule of ARP MAC address. By default, the ARP MAC address is not matched.
Raisecom(config-aclmap)#match arp { sender-ip | target-ip } ip-address [ mask ] Raisecom(config-aclmap)#match ip { destination-address | sourceaddress } ip-address [ mask ]
(Optional) define the matching rule of ARP IP addresses. By default, the ARP IP address is not matched. (Optional) define the matching rule of source or destination IP address. By default, the IP address is not matched.
254
10
9 Security
Step 11
Command
Raisecom(config-aclmap)#match ip precedence { precedence-value | critical | flash | flash-override | immediate| internet | network | priority | routine } Raisecom(config-aclmap)#match ip tos { tos-value | max-reliability | maxthroughput | min-delay | min-monetarycost | normal } Raisecom(config-aclmap)#match ip dscp { dscp-value | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41| af42 |af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7| default | ef } Raisecom(config-aclmap)#match ip protocol { protocol-id | ahp | esp | gre | icmp | igmp | igrp |ipinip | ospf | pcp | pim | tcp | udp } Raisecom(config-aclmap)#match ip tcp { destination-port | source-port } { port-id | bgp | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | ident | irc | klogin | kshell | login | lpd | nntp | pim-autorp | pop2 | pop3 | smtp | sunrpc | syslog | tacacs | talk | telnet | time | uucp | whois | www } Raisecom(config-aclmap)#match ip tcp { ack | fin | psh | rst | syn | urg } Raisecom(config-aclmap)#match ip udp { destination-port | source-port } { port-id | biff | bootpc | bootps | domain | echo | mobile-ip | netbios-dgm | netbios-ns | netbios-ss | ntp | pimauto-rp | rip | snmp | snmptrap | sunrpc | syslog | tacacs | talk | tftp | time | who } Raisecom(config-aclmap)#match ip icmp icmp-type [ icmp-code ]
Description (Optional) define the matching rule of IP precedence. By default, the IP precedence is not matched. (Optional) define the matching rule of IP ToS value. By default, the IP ToS value is not matched. (Optional) define the matching rule of IP DSCP value. By default, the IP DSCP value is not matched. (Optional) define the matching rule of IP protocol value. By default, the IP protocol value is not matched. (Optional) define the matching rule of TCP port ID. By default, the TCP port ID is not matched.
12
13
14
15
16
(Optional) define the matching rule of TCP flag. By default, the TCP flag is not matched. (Optional) define the matching rule of UDP port ID. By default, the UDP port ID is not matched.
17
18
(Optional) define the matching rule of ICMP packet type. By default, the ICMP packet type is not matched.
19
20
Raisecom(config-aclmap)#match ip igmp { igmp-type | dvmrp | leave-v2| pim-v1 | query | report-v1 | report-v2 | report-v3 } Raisecom(config-aclmap)#match ip nofragments
(Optional) define the matching rule of IGMP packet type. By default, the IGMP packet type is not matched. (Optional) define the IP packet matching nonfragment IP packet. By default the IP packet does not match the nonfragment IP packet.
255
9 Security
Step 21 22 23 24
Command
Raisecom(config-aclmap)#match { cvlan | svlan } vlan-id Raisecom(config-aclmap)#match { tunnel | vc } exp exp Raisecom(config-aclmap)#match { tunnel | vc } label label-id Raisecom(config-aclmap)#match userdefine rule-string rule-mask offset
Description Define the matching rule based on VLAN IDs of packets. (Optional) define the matching rule of Tunnel/VC-based MPLS priority. (Optional) define the matching rule of Tunnel/VC-based MPLS label value. (Optional) define the matching rule of customized fields. Use the rule mask and the offset parameters to extract 2364 bytes from the first 64 bytes of a data frame and then use the customized rule to filter matched data frame for process. For example, to filter all TCP packets, you can set the rule, rule mask, and offset to 06, FF and 27 respectively. In this case, the rule mask cooperates with offset to extract TCP ID from received data frames and then use the rule to filer all TCP packers.
The rule must even number of hexadecimal digits. The offset includes the 802.1q VALN Tag field, even the received packet is an untag one.
9.2.5 Applying ACL to device
ACL cannot take effect on the iTN165-CES unless it is added to the filter. Multiple ACL matching rules can be added to the filter to form multiple filtering rules. When you configure a flow-based filter, the sequence to add ACL rules decides their priorities. The later an ACL rule is added, the higher the priority is. If ACL rules are exclusive, the ACL rule with the highest priority takes effect. Therefore, you must arrange their sequence reasonably to filter packets properly.
Applying ACL based on device

Step 1 2 Command
Raisecom#config Raisecom(config)#filter { ipaccess-list | mac-access-list | access-list-map } { acl-list | all } [ invalid | valid | statistics ]
Description Enter global configuration mode. Configure device-based filtering. If the statistics parameter is configured, the device makes a statistics based on the filtering rule.
256
9 Security
Step 3
Command
Raisecom(config)#filter enable
Description Enable the filter to make filtering valid. After the filter is enabled, not only configured filtering rules take effect but the ones to be configured take effect immediately. By default, the filter is disabled.
Applying ACL based on interface

Step 1 2 Command
Raisecom#config Raisecom(config)#filter { ipaccess-list| mac-access-list | access-list-map } { acl-list | all } { ingress | egress }
Description Enter global configuration mode. Configure interface-based filtering. If the statistics parameter is configured, the device makes a statistics based on the filtering rule.
[ invalid | valid | statistics ] Raisecom(config)#filter enable
Enable the filter to make filtering valid. After the filter is enabled, not only configured filtering rules take effect but the ones to be configured take effect immediately. By default, the filter is disabled.
Applying ACL based on flow from ingress interface to egress interface

Step 1 2 Command
Raisecom#config Raisecom(config)#filter { ipaccess-list | mac-access-list | access-list-map } { acl-list | all } from interface-type interface-number to interface-type interface-number [ invalid | valid | statistics ] Raisecom(config)#filter enable
Description Enter global configuration mode. Configure filtering based on the flow from the ingress interface to the egress interface. If the statistics parameter is configured, the device makes a statistics based on the filtering rule.
Applying ACL based on VLAN

Step 1 Command
Raisecom#config
257
9 Security
Step 2
Command
Raisecom(config)#filter{ ip-accesslist| mac-access-list | accesslist-map } { acl-list | all } vlan vlan-id [ double-tagging inner ][ invalid | valid | statistics ] Raisecom(config)#filter enable
Description Configure VLAN-based filtering. If the statistics parameter is configured, the device makes a statistics based on the filtering rule.

No. 1 2 3 4 Command
Raisecom#show ip-access-list [ acl-list ] Raisecom#show mac-access-list [ acl-list ] Raisecom#show access-list-map [ acl-list ] Raisecom#show filter [ access-list-map | ip-accesslist | mac-access-list ] { all | acl-list }
Description Show IP ACL configurations. Show MAC ACL configurations. Show MAP ACL configurations. Show filter configurations.
9.3 Configuring RADIUS

Scenario
To control users accessing devices and network, you can deploy the RADIUS server at the network to authenticate and account users. The iTN165-CES can be used as a Proxy of the RADIUS server to authenticate users based on results returned by the RADIUS server.
Prerequisite
N/A
9.3.2 Configuring RADIUS authentication

Step 1 Command
Raisecom#radius[ backup ] ip-address [ auth-port port-id ]
Description Specify the IP address and port ID of the RADIUS authentication server. The backup parameter is used to specify a backup RADIUS authentication server.
9 Security
Step 2 3
Command
Raisecom#radius-key string
Description Configure the shared key for RADIUS authentication. Configure the authentication mode for login when RADIUS authentication is applied. Configure the authentication mode for entering privileged EXEC mode when RADIUS authentication is applied.
Raisecom#user login { local-user | radius-user | local-radius | radiuslocal [ server-no-response ] } Raisecom#enable login { local-user | radius-user | local-radius | radiuslocal [ server-no-response ] }
9.3.3 Configuring RADIUS accounting

Step 1 Command
Raisecom#aaa accounting login enable Raisecom#radius [ backup ] accounting-server ipaddress [ account-port ]
Description Enable RADIUS accounting. By default, RADIUS accounting is disabled. Specify the IP address and port ID of the RADIUS accounting server. By default, the UDP port ID is set to 1813. The backup parameter is used to specify a backup RADIUS accounting server. Configure the shared key used for communicating with the RADIUS accounting server. The shared key must be identical to the one configured on the RADIUS accounting server. Otherwise, accounting operation fails. By default, the shared key is empty.
Raisecom#radius accounting-server key
string
Raisecom#aaa accounting fail { online | offline }
Configure the processing policy for accounting failure. By default, the processing policy is set to online. In indicates that users are allowed to log in if accounting operation fails. Configure the interval for sending accounting update packets. If the interval is set to 0, it indicates that no accounting update packet is sent. By default, the interval for sending accounting update packets is set to 0.
Raisecom#aaa accounting update period
With the accounting begin packet, accounting update packet, and accounting end packet, the RADIUS server can record the access time and operations of each user.
259
9 Security

No. 1 Command
Raisecom(config)#show radius-server
Description Show RADIUS server configurations.
9.4 Configuring TACACS+

Scenario
To control users accessing devices and network, you can deploy the RADIUS server at the network to authenticate and account users. Compared with RADIUS, TACACS+ is more secure and reliable. The iTN165-CES can be used as a Proxy of the TACACS+ server to authenticate users based on results returned by the TACACS+ server.
Prerequisite
N/A
9.4.2 Configuring TACACS+ authentication

Step 1
address
Command
Raisecom#tacacs-server [ backup ] ip-
Description Specify the IP address and port ID of the TACACS+ authentication server. The backup parameter is used to specify a backup TACACS+ authentication server.
2 3
Raisecom#tacacs-server key string
Configure the shared key for TACACS+ authentication. Specify the IP address and port ID of the TACACS+ accounting server. The backup parameter is used to specify a backup TACACS+ accounting server.
Raisecom#tacacs [ backup ] accountingserver ip-address
Raisecom#user login { local-user | tacacs-user | local-tacacs | tacacslocal [ server-no-response ] } Raisecom#enable login { local-user | tacacs-user | local-tacacs | tacacslocal [ server-no-response ] }
Configure the authentication mode for login when TACACS+ authentication is applied. Configure the authentication mode for entering privileged EXEC mode when TACACS+ authentication is applied.
260
9 Security

No. 1 Command
Raisecom(config)#show tacacs-server
Description Show TACACS+ server configurations.
9.5 Configuring storm control

Scenario
Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring when broadcast packets increase sharply in the network. Therefore, this helps ensure that the unicast packets can be properly forwarded. Broadcast traffic may exist in following forms, so you need to limit the bandwidth for them on Layer 2 devices.

Unknown unicast traffic: the unicast traffic whose destination MAC address is not in MAC address table. It is broadcasted by Layer 2 devices. Multicast traffic: the traffic whose destination MAC address is a multicast MAC address. Generally, it is broadcasted by Layer 2 devices. Broadcast traffic: the traffic whose destination MAC address is a broadcast MAC address. It is broadcasted by Layer 2 devices.
Prerequisite
Before configuring storm control, you need to connect interfaces and configure physical parameters of interfaces. Make the physical layer Up.
9.5.2 Configuring storm control

Step 1 2 Command
Raisecom#config Raisecom(config)#storm-control { broadcast | dlf | multicast } { enable | disable } interface-
Description Enter global configuration mode. Enable storm control on broadcast traffic, multicast traffic, and unknown unicast traffic. By default, storm control is enabled on broadcast traffic while is disabled on multicast traffic and unknown unicast traffic. Configure the threshold. By default, the storm control threshold is set to 1024 pps.
type interface-list
Raisecom(config)#storm-control pps value
261
9 Security

No. 1 Command
Raisecom(config)#show storm-control
Description Show storm control configurations.
9.6 Maintenance
Command
Raisecom(config)#clear filter statistics
Description Clear filter statistics.

9.7.1 Examples for configuring ACL
As shown in Figure 9-1, to control users accessing the server, you can deploy ACL on iTN A to disallow 192.168.1.1 to access 192.168.1.100. Figure 9-1 Configuring ACL
Configuration steps
Step 1 Configure IP ACL.
Raisecom#config Raisecom(config)#ip-access-list 1 deny ip 192.168.1.1 255.255.255.0 192.168.1.100 255.255.255.0
Step 2 Apply ACL to client 1 interface of iTN A.
262

Raisecom(config)#filter ip-access-list 1-2 ingress client 1 Raisecom(config)#filter enable
9 Security
Raisecom#write
Checking results
Use the show ip-access-list command to show IP ACL configurations.
Raisecom#show ip-access-list Src Ip: Source Ip Address Src Ip Mask: Source Ip Address Mask Dest Ip: Destination Ip Address Dest Ip Mask: Destination Ip Address Mask List Access Protocol Ref. Src Ip Src Ip Mask:Port Dest Ip Dst Ip Mask:Port ------------------------------------------------------------------------------------------------------1 deny IP 1 192.168.1.1 255.255.225.0:0 192.168.1.100 255.255.255.0:0 2 permit IP 1 0.0.0.0 0.0.0.0:0 0.0.0.0 0.0.0.0:0
Use the show filter command to show filter configurations.
Raisecom#show filter Rule filter: Enable Filter list(In accordance with the priority from low to high): ACL-Index IPort EPort VLAN VLANType Hardware Valid StatHw Pkts ------------------------------------------------------------------------IP 1 client1 ---Yes Yes No -IP 2 client1 ---Yes Yes No --
9.7.2 Examples for configuring RADIUS

As shown in Figure 9-2, to control users accessing iTN A, you need to deploy RADIUS authentication and accounting features on iTN A to authenticate users logging in to iTN A and record their operations. Set the interval for sending accounting update packet to 2min. Set the processing policy for accounting failure to offline.
9 Security
Figure 9-2 Configuring RADIUS
Configuration steps
Step 1 Authenticate login users through RADIUS.
Raisecom#radius 192.168.1.1 Raisecom#radius-key raisecom Raisecom#user login radius-user
Step 2 Account login users through RADIUS.
Raisecom#aaa accounting login enable Raisecom#radius accounting-server 192.168.1.1 Raisecom#radius accounting-server key raisecom Raisecom#aaa accounting fail offline Raisecom#aaa accounting update 120
Raisecom#write
Checking results
Use the show radius-server command to show RADIUS configurations.
Raisecom#show radius-server Authentication server IP: 192.168.1.1 port:1812 Backup authentication server IP:0.0.0.0 port:1812 Authentication server key: raisecom Accounting server IP: 192.168.1.1 port:1813 Backup accounting server IP: 0.0.0.0 port:1813 Accounting server key: raisecom Accounting login: enable Update interval: 120 Accounting fail policy: offline
264
9 Security
9.7.3 Examples for configuring TACACS+

As shown in Figure 9-3, to control users accessing iTN A, you need to deploy TACACS+ authentication on iTN A to authenticate users logging in to iTN A. Figure 9-3 Configuring TACACS+
Configuration steps
Step 1 Authenticate login users through TACACS+.
Raisecom#tacacs-server 192.168.1.1 Raisecom#tacacs-server key raisecom Raisecom#user login tacacs-user
Raisecom#write
Checking results
Use the show tacacs-server command to show TACACS+ configurations.
Raisecom#show tacacs-server Server Address: 192.168.1.1 Backup Server Address: -Sever Shared Key: raisecom Accounting server Address: -Backup Accounting server Address: -Total Packet Sent: 0 Total Packet Recv: 0 Num of Error Packets: 0
265
9 Security
9.7.4 Examples for configuring storm control

As shown in Figure 9-4, to control the influence of the broadcast storm on iTN A, you need to deploy storm control on iTN A to control broadcast and unknown unicast packets. The storm control threshold is set to 2000 pps. Figure 9-4 Configuring storm control
Configuration steps
Step 1 Configure storm control on iTN A.
Raisecom#config Raisecom(config)#storm-control broadcast enable line 1-2 Raisecom(config)#storm-control dlf enable line 1-2 Raisecom(config)#storm-control pps 2000
Raisecom#write
Checking results
Use the show storm-control command to show storm control configurations.
Raisecom#show storm-control Threshold: 2000 pps Interface Broadcast Multicast Unicast -----------------------------------------------------------
266

line1 line2 client1 client2 Enable Enable Enable Enable Disable Disable Disable Disable Enable Enable Disable Disable
9 Security
267
10 QoS
10
QoS
This chapter describes principles and configuration procedures of QoS, as well as related configuration examples, including following sections:

Introduction Configuring priority trust and priority mapping Configuring traffic classification and traffic policy Configuring queue scheduling Configuring congestion avoidance and queue shaping Configuring rate limiting based on interface and VLAN Maintenance Configuration examples
10.1 Introduction
Generally, Internet (IPv4), which bases on the storage-and-forward mechanism, only provides "best-effort" service for users. When the network is overloaded or congested, this service mechanism cannot ensure to transmit packets timely and completely. With the ever-growing of network application, users bring different service quality requirements on network application. Then network should distribute and schedule resources for different network applications according to users' demands. Quality of Service (QoS) can ensure real-time and integrated service when network is overloaded or congested and guarantee that the whole network runs high-efficiently. QoS consists of a number of traffic management technologies:

Priority trust Priority mapping Traffic classification Traffic policy Queue scheduling Congestion avoidance Queue shaping Rate limiting based on interface and VLAN
10 QoS
Figure 10-1 shows the application of QoS. Figure 10-1 Application of QoS
10.1.1 Priority trust

Priority trust refers that a packet adopts its own priority as the classification standard to perform follow-up QoS management on the packet. In general, the bigger the value is, the higher the priority is. The iTN165-CES supports interface-based priority trust. Priorities are divided into priorities based on Differentiated Services Code Point (DSCP) of IP packets and priorities based on Class of Service (CoS) of VLAN packets.
10.1.2 Priority mapping

Priority mapping refers to sending packets to different queues with different local priorities according to pre-configured mapping relationship between external priority and local priority. Therefore, packets in different queues can be scheduled on the egress interface.
The local priority refers to an internal priority that is assigned to packets. It is related to the queue number on the egress interface. The bigger the value is, the more quickly the packet is processed. The iTN165-CES supports performing priority mapping based on the DSCP priority of IP packets or the CoS priority of VLAN packets. By default, the mapping relationship between the iTN165-CES local priority and DSCP, CoS priorities is listed in Table 10-1 and Table 10-2.
269
10 QoS
Table 10-1 Mapping relationship between local priority and DSCP priority Local DSCP 0 07 1 815 2 1623 3 2431 4 3239 5 4047 6 4855 7 5663
Table 10-2 Mapping relationship between local priority and CoS priority Local CoS 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7
10.1.3 Traffic classification

Traffic classification is a process that recognizes specified packets according to some certain rule. All resulting packets can be treated differently to differentiate the service implied to users. The iTN165-CES supports classifying traffics based on ToS and DSCP priority of IP packets and CoS priority of VLAN packets. In addition, it supports classifying traffics based on ACL rules and VLAN IDs. Figure 10-2 displays the traffic classification process. Figure 10-2 Traffic classification process
ToS priority and DSCP priority

Figure 10-3 shows the structure of IP packet header. An 8-bit ToS field is contained in this packet. In RFC1349, the first 3 bits of the ToS field represent the ToS priority, ranging from 0 to 7. In RFC2474, the ToS field is re-defined. The first 6 bits (05 bits) represent the priority of IP packets, which is called DSCP priority, ranging from 0 to 63. The last 2 bits (6 and 7 bits) are reserved bits. Figure 10-4 shows the structures of ToS and DSCP priorities.
270
10 QoS
Figure 10-3 Structure of IP packet header
Figure 10-4 Structures of ToS priority and DSCP priority
CoS priority
IEEE802.1Q-based VLAN packets are a modification of Ethernet packets. A 4-byte 802.1Q header is added between the source MAC address and protocol type, as shown in Figure 10-5. The 802.1Q header consists a 2-byte Tag Protocol Identifier (TPID, valuing 0x8100) filed and a 2-byte Tag Control Information (TCI) field. Figure 10-5 Structure of VLAN packet
The first 3 bits of the TCI field represent the CoS priority, which ranges from 0 to 7, as shown in Figure 10-6. CoS priority is used to ensure service quality in Layer 2 network. Figure 10-6 Structure of CoS priority
10.1.4 Traffic policy

After performing traffic classification on packets, you need to perform different operations on packets of different categories. A traffic policy is formed when traffic classifiers are bound to traffic behaviours.
Rate limiting based on traffic policy

Rate limiting refers to limiting network traffics. Rate limiting is used to control the speed of traffic in the network. By dropping the traffic that exceeds the speed, you can control the traffic within a reasonable range. Therefore, network resources and Carrier's benefits are protected. The iTN165-CES supports rate limiting based on traffic policy.
271
10 QoS
Redirection
Redirection refers that a packet is not forwarded according to the mapping relationship between the original destination address and the interface. Instead, the packet is redirected to a specified interface for forwarding, realizing routing based on traffic policy. The iTN165-CES supports redirection based on the flow.
Re-marking
Re-marking refers to re-configuring some priority fields for some packets, so that devices can re-classify packets based on their own standards. In addition, downstream nodes can provide differentiated QoS services depending on re-marking information. The iTN165-CES supports performing re-remarking on the following priority fields of packets:

ToS priority of IP packets DSCP priority of IP packets CoS priority of VLAN packets
10.1.5 Queue scheduling

Devices need to perform queue scheduling when delay-sensitive services need better QoS services than non-delay-sensitive services and when the network is congested once in a while. Queue scheduling adopts different scheduling algorithms to send packets in a queue. Scheduling algorithms supported by the iTN165-CES include Strict-Priority (SP), Weight Round Robin (WRR), Deficit Round Robin (DRR), SP+WRR, and SP+DRR. All scheduling algorithms are designed for addressing specified traffic problems. And they have different effects on bandwidth distribution, delay, and jitter.
SP: the device strictly schedules packets in a descending order of priority. Packets with lower priority cannot be scheduled until packets with higher priority are scheduled, as shown in Figure 10-7.
Figure 10-7 SP scheduling
272
10 QoS
WRR: on the basis of scheduling packets in a polling manner according to the priority, the device schedules packets according to the weight of the queue, as shown in Figure 10-8.
Figure 10-8 WRR scheduling
DRR: on the basis of scheduling packets in a polling manner according to the priority, the device schedules packets according to the weight of the queue. In addition, during the scheduling, if one queue has redundant bandwidth, the device will temporarily assign this bandwidth to another queue. During next scheduling, the assigned schedule will return equal bandwidth to the original queue, as shown in Figure 10-9.
Figure 10-9 DRR scheduling
SP+WRR: a scheduling mode combining the SP scheduling and WRR scheduling. In this mode, queues on an interface are divided into 2 groups. You can specify the queues where SP scheduling/WRR scheduling is performed. SP+DRR: a scheduling mode combining the SP scheduling and DRR scheduling. In this mode, queues on an interface are divided into 2 groups. You can specify the queues where SP scheduling/DRR scheduling is performed.
273
10 QoS
10.1.6 Congestion avoidance

By monitoring utilization of network resources (queues/memory buffer), congestion avoidance can discard packets actively when congestion occurs or when network traffic increases. It is a traffic control mechanism that is used to resolve network overload by adjusting network traffic. The traditional packet loss policy uses the Tail-Drop mode to process all packets equally without differentiating class of services. When congestion occurs, packets at the end of a queue are discarded until congestion is resolved. This Tail-Drop policy may cause TCP global synchronization. In TCP global synchronization, packets of multiple TCP connections are discarded, these TCP connections enter congestion avoidance and slow startup status simultaneously to reduce and adjust traffic. And later these TCP connections co-occur at some time to result in traffic peak. Therefore, network traffic is not stable, which influences the link utilization rate.
RED
The Random Early Detection (RED) technology discards packets randomly and makes multiple TCP connection not reduce transport speed simultaneously to avoid TCP global synchronization. The RED algorithm set a minimum threshold and maximum threshold for length of each queue. In addition:

Packets are not discarded when the queue length is smaller than the minimum threshold. All received packets are discarded when the queue length is greater than the maximum threshold. Packets to be received are discarded randomly when the queue length is between the minimum and maximum thresholds. Add a random number to the packet to be received and compare the random number with the drop ratio of the current queue. If the random number is greater than the drop ration, the packet is discarded. The greater the queue size is, the higher the packet drop probability is.
WRED
The Weighted Random Early Detection (WRED) technology also discards packets randomly to avoid TCP global synchronization. However, the random drop parameter generated by WRED technology is based on the priority. WRED differentiates drop policies through the color of packets. This helps ensure that high-priority packets have a smaller packet drop probability. The iTN165-CES performs congestion avoidance based on WRED.
10.1.7 Queue shaping

When the interface speed of downstream devices is smaller than the one of upstream devices, congestion avoidance may occur on interfaces of downstream devices. At this time, you can configure traffic shaping on the egress interface of upstream devices to shape upstream traffic. This helps resolve congestion problem occurs on downstream devices. Queue shaping is a traffic control technology applied to the interface queues. It can be used to control speed of all packets in a specified interface queue, buffer packets whose speed exceeds the threshold, and then forward them when enough bandwidth is available. If the packet size exceeds the buffer queue size, the packet is discarded.
10 QoS
10.1.8 Rate limiting based on interface and VLAN

Besides rate limiting based on the traffic policy, the iTN165-CES also supports rate limiting based on the interface, VLAN ID, and interface+VLAN ID. Similar to rate limiting based on the traffic policy, the iTN165-CES discards traffic whose speed exceeds the threshold in this 3 modes.
10.2 Configuring priority trust and priority mapping

10.2.1 Preparing for conifgurations
Scenario
For packets from upstream devices, you can select to trust the priorities taken by these packets. For packets whose priorities are not trusted, you can process them with traffic classification and traffic policy. In addition, you can modify DSCP priorities by configure interface-based DSCP priority re-marking. After configuring priority trust, the iTN165-CES can perform different operations on packets with different priorities, providing related services. Before performing queue scheduling, you need to assign a local priority for a packet. For packets from the upstream device, you can map the outer priorities of these packets to various local priorities. In addition, you can directly configure local priorities for these packets based on interfaces. And then device will perform queue scheduling on these packets basing on local priorities. In general, for IP packets, you need to configure the mapping relationship between ToS priority/DSCP priority and local priority. For VLAN packets, you need to configure the mapping relationship between CoS priority and local priority.
Prerequisite
Ensure the related interfaces Up.
10.2.2 Configuring priority trust

Step 1 2 Command
Raisecom#config Raisecom(config)#mls qos enable
Description Enter global configuration mode. Enable global QoS. By default, the global QoS is enabled.
3 4
Raisecom(config-port)#mls qos trust { cos | dscp }
Enter physical layer interface configuration mode. Configure the priority trusted by an interface. By default, the interface trusts the CoS priority.
275
10 QoS
10.2.3 Configuring DSCP priority re-marking

Step 1 2 Command
3 4
Raisecom(config)#mls qos mapping dscp-mutation profile-id Raisecom(dscp-mutation)#dscp dscp-value to new-dscp dscp-value Raisecom(dscp-mutation)#exit Raisecom(config)#interface
Create the DSCP re-marking profile and enter dscpmutation configuration mode. Re-mark the DSCP priority of specified packets and return to global configuration mode. Enter physical layer interface configuration mode. Apply the DSCP re-marking profile to an interface.
5 6
Raisecom(config-port)#mls qos dscp-mutation profile-id
10.2.4 Configuring mapping relationship between DSCP priority and local priority
Step 1 2
Command
Raisecom(config)#mls qos mapping dscpto-local-priority profile-id
Create the DSCP-to-local priority (color) mapping profile and enter dscp-to-pri configuration mode. Configure the DSCP-to-local priority (color) mapping profile and return to global configuration mode. Apply the DSCP-to-local priority (color) mapping profile in global configuration mode. Enter physical layer interface configuration mode. Apply the DSCP-to-local priority (color) mapping profile to an interface.
5 6 7
Raisecom(dscp-to-pri)#dscp dscp-value to local-priority localpri-value [ color { green | red | yellow } ] Raisecom(dscp-to-pri)#exit Raisecom(config)#mls qos dscp-to-localpriority profile-id Raisecom(config)#interface interface-
Raisecom(config-port)#mls qos dscp-tolocal-priority profile-id
276
10 QoS
10.2.5 Configuring mapping relationship between CoS priority and local priority
Step 1 2
Command
Raisecom(config)#mls qos mapping cos-tolocal-priority profile-id
Create the CoS-to-local priority (color) mapping profile and enter cos-to-pri configuration mode. Configure the CoS-to-local priority (color) mapping profile and return to global configuration mode. Enter physical layer interface configuration mode. Apply the CoS-to-local priority (color) mapping profile to an interface.
5 6
Raisecom(cos-to-pri)#cos cos-value to local-priority localpri-value [ color { green | red | yellow } ] Raisecom(dscp-to-pri)#exit Raisecom(config)#interface interface-
Raisecom(config-port)#mls qos cos-tolocal-priority profile-id
10.2.6 Configuring mapping relationship between local priority and CoS priority
Step 1 2 Command
3 4
Raisecom(config)#mls qos mapping cos-remark profile-id Raisecom(cos-remark)#local-priority localpri-value to cos cos-value Raisecom(cos-remark)#exit Raisecom(config)#mls qos cos-remark
Create the local-to-CoS mapping profile and enter cos-remark configuration mode. Configure the mapping relationship between the local priority and CoS priority and return to global configuration mode. Apply the local-to-CoS mapping profile in global configuration mode. Enter physical layer interface configuration mode. Apply the local-to-CoS mapping profile to an interface.
5 6 7
profile-id
Raisecom(config-port)#mls qos cosremark profile-id
277
10 QoS

No. 1 2 Command
Raisecom#show mls qos [ interface-type interface-list ] Raisecom#show mls qos cos-to-local-priority
Description Show global QoS configurations or QoS configurations on an interface. Show information about the CoS-to-local priority (color) mapping profile on an interface. Show information about the DSCP-to-local priority (color) mapping profile on an interface. Show information about the CoS-to-local priority (color) mapping table on an interface. Show information about the CoS-to-local priority (color) mapping profile. Show information about the DSCP-to-local priority (color) mapping table on an interface. Show information about the DSCP-to-local priority (color) mapping profile. Show information about the local-to-queue mapping table. Show information about the DSCP remarking profile on an interface. Show information about all/specified DSCP re-marking profiles. Show information about local-to-CoS mapping profiles. Show information about the local-to-CoS mapping profile on an interface.
Raisecom#show mls qos dscp-to-local-priority
Raisecom#show mls qos mapping cos interface-
type interface-list
Raisecom#show mls qos mapping cos-to-localpriority [ profile-id ] Raisecom#show mls qos mapping dscp
5 6
Raisecom#show mls qos mapping dscp-to-localpriority [ profile-id ] Raisecom#show mls qos mapping local-priority
7 8 9 10 11 12
Raisecom#show mls qos dscp-mutation
Raisecom#show mls qos mapping dscp-mutation [ profile-id ] Raisecom#show mls qos mapping cos-remark [ profile-id ] Raisecom#show mls qos cos-remark interface-
10.3 Configuring traffic classification and traffic policy

Scenario
Traffic classification is the basis of QoS. For packets from upstream devices, you can classify them according to their priorities or ACL rules. After traffic classification, the device can provide related operations for different packets, providing differentiated services.
10 QoS
After configurations, the traffic classification cannot take effect until being bound to traffic policy. The selection of traffic policy depends on the packet status and current network load status. In general, when a packet is sent to the network, you need to limit the speed according to Committed Information Rate (CIR) and re-mark the packet according to the service feature.
Prerequisite
To perform traffic classification based on the priority of packets, you need to configure priority trust.
10.3.2 Creating and configuring traffic classification

Steps 410 are coordinate. You can select one as required. Step 1 2 Command
3 4
Raisecom(config)#class-map classmap-name { match-all | match-any } Raisecom(config-cmap)#match { access-list-map | ip-access-list | mac-access-list } acl-number Raisecom(config-cmap)#match cos cos-
Create traffic classification and enter traffic classification configuration mode. (Optional) configure traffic classification based on ACL rules. For configurations on ACL see section 9.2 Configuring ACL. (Optional) configure traffic classification based on CoS priority of VLAN packets. (Optional) configure traffic classification based on DSCP priority of IP packets. (Optional) configure traffic classification based on ToS priority of IP packets. (Optional) configure traffic classification based on VLAN ID of VLAN packets/inner VLAN ID of QinQ packets. (Optional) configure traffic classification based on the inner/outer VLAN ID of QinQ packets. (Optional) configure traffic classification based on the above traffic classification rules. The class-mapname parameter is the name of other created traffic classification.
5 6 7 8
value
Raisecom(config-cmap)#match ip dscp
dscp-value
Raisecom(config-cmap)#match ip precedence ip-precedence-value Raisecom(config-cmap)#match vlan vlan-id [ double-tagging inner ]
9 10
Raisecom(config-cmap)#match innervlan vlan-id outer-vlan vlan-id Raisecom(config-cmap)#match classmap class-map-name
10.3.3 Creating and configuring traffic policing profile

To perform traffic policing on packets, you need to configure traffic policing profile and then apply this profile to traffic classification bound to traffic policy. Therefore, you can perform related QoS policies on users/services.
279
10 QoS
On the traffic policing profile, you can configure rate limiting rules or perform relate operations on specified packets based on the color. Step 1 2
Raisecom#config Raisecom(config)#mls qos policer-profile policer-name [ aggregate | class | single ] Raisecom(traffic-policer)#cir cir cbs cbs [ [ eir eir ] ebs ebs [ coupling ] | pir pir pbs pbs ]
Command
Description Enter global configuration mode. Create the traffic policing profile and enter traffic policing profile configuration mode. (Optional) configure rate limiting parameters on the traffic policing profile. You can select the working mode of the traffic policing profile as required. If you specify any optional parameter, the iTN165-CES works in single traffic policing profile mode, where only red and green packets are supported. Otherwise, the iTN165-CES works in dual traffic policing profile mode, where red, yellow, and green packets are supported. (Optional) configure the color-mode of the traffic policing profile. By default, the traffic policing profile works in blind mode.
Raisecom(traffic-policer)#color-mode { aware | blind }
6 7
Raisecom(traffic-policer)#recolor { green-recolor { red | yellow } | redrecolor { green | yellow } | yellowrecolor { green | red } } Raisecom(traffic-policer)#drop-color { red [ yellow ] | yellow } Raisecom(traffic-policer)#set-cos { green cos-value [ red cos-value | yellow cosvalue [ red cos-value ] ] | red cos-value | yellow cos-value [ red cos-value ] } Raisecom(traffic-policer)#set-dscp { green dscp-value [ red dscp-value | yellow dscp-value [ red dscp-value ] ] | red dscp-value | yellow dscp-value [ red dscp-value ] } Raisecom(traffic-policer)#set-pri { green local-value [ red local-value | yellow local-value [ red local-value ] ] | red local-value | yellow local-value [ red local-value ] }
(Optional) configure re-coloring.
(Optional) discard packets with specified color. (Optional) configure the mapping relationship between packet color and CoS priority.
(Optional) configure the mapping relationship between packet color and DSCP priority.
(Optional) configure the mapping relationship between packet color and local priority.
10.3.4 Creating and configuring traffic policy

Steps 612 are coordinate. You can select one as required.
280
10 QoS
Step 1 2
Command
Raisecom#config Raisecom(config)#policy enable
Description Enter global configuration mode. Enable traffic policy. By default, traffic policy is disabled.
3 4 5
Raisecom(config)#policy-map policy-
map-name
Raisecom(config-pmap)#description
Create a traffic policy and enter traffic policy configuration mode. (Optional) configure descriptions about the traffic policy. Bind the traffic classification to the traffic policy. Perform traffic policy on packets that match the traffic classification.
description
Raisecom(config-pmap)#class-map
class-map-name
To bind traffic classification to a traffic policy, you should create and configure traffic classification in advance. In addition, the created traffic classification must be based on at least one kind of rules. Otherwise, the binding operation fails. 6
Raisecom(config-pmap-c)#police
policer-name
(Optional) apply the configured traffic policing profile under the traffic classification and limit the rate of traffic based on the rule configured in the traffic policing profile. For details about the traffic policing profile, see section 10.3.3 Creating and configuring traffic policing profile. (Optional) add the outer VLAN under the traffic classification. (Optional) configure redirection rules under traffic classification to forward matched packets from the specified interface. (Optional) configure re-marking rules under traffic classification to modify the CoS priority, local priority, inner VLAN ID, DSCP priority, and ToS priority of matched packets.
7 8
Raisecom(config-pmap-c)add outervlan vlan-id Raisecom(config-pmap-c)#redirect-to
10
Raisecom(config-pmap-c)#set { cos cos-value | local-priority priorityvalue | inner-vlan inner-vlan-id | ip dscp ip-dscp-value | ip precedence ip-precedence-value | vlan vlan-id } Raisecom(config-pmap-c)#statistics enable
(Optional) configure traffic statistics rules under traffic classification to count traffic of matched packets. (Optional) bind hierarchical rate limiting rules under different traffic classification to control the total speed of packets in these traffic classifications. Configure the mirroring feature of traffic to mirror matched packets to the monitor port. Return to traffic policy configuration mode.
281
11
Raisecom(config-pmap-c)#hierarchypolice policer-name
12 13
Raisecom(config-pmap-c)#copy-tomirror Raisecom(config-pmap-c)#exit
10 QoS
Step
Command
Raisecom(config-pmap)#exit Raisecom(config)#service-policy policy-map-name ingress interface-
Description Return to global configuration mode. Apply the configured traffic policy to the ingress interface. Apply the configured traffic policy to the ingress and egress interfaces.
Raisecom(config)#service-policy policy-map-name ingress interfacetype interface-number egress
Raisecom(config)#service-policy policy-map-name egress interface-
Apply the configured traffic policy to the egress interface.

No. 1 2 Command
Raisecom(config)#show class-map [ class-mapname ] Raisecom(config)#show policy-map [ policymap-name | class class-map-name | interfacetype interface-number ] Raisecom#show mls qos { policer | policerprofile } [ policer-name ] Raisecom(config)#show service-policy statistics [ interface-type interface-list ] Raisecom#show mls qos interface-type interface-number policers
Description Show configurations on specified traffic classification rules. Show configurations on specified traffic policy. Show configurations on rate limiting rules or traffic policing profiles in QoS. Show statistics about applied policies. Show configurations on rate limiting rules in QoS.
3 4 5
10.4 Configuring queue scheduling

Scenario
When congestion occurs, you need to balance delay and jitter of packets, making packets of core services, such as video and voice services, processed first while packets of non-core services of the same priority, such as email, processed in a fair manner. Therefore, services of different priorities are processed according to the weights. This can be realized by configuring queue scheduling. The selection of scheduling algorithm depends on service types and users' requirements. After queue scheduling, you can configure the mapping relationship between local priority and CoS priority of packets. Therefore, packets enter downstream devices by carrying the specified CoS priority.
10 QoS
Prerequisite
To configure local priority and queue scheduling, you need to configure priority trust.
10.4.2 Configuring queue scheduling

Step 1 2 3
Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Set the scheduling mode to SP.
interface-number
Raisecom(config-port)#mls qos queue scheduler sp
10.4.3 Configuring WRR/SP+WRR queue scheduling

Description Enter global configuration mode. Enter physical layer interface configuration mode. Set the scheduling mode to WRR. Set the scheduling mode to WRR and configure the weight for all queues. When the priority of some queue is set to 0, perform SP scheduling on the queue.
Raisecom(config-port)#mls qos queue scheduler wrr Raisecom(config-port)#mls qos queue wrr weight1 weight2 weight3 weight4
weight5 weight6 weight7 weight8
10.4.4 Configuring DRR/SP+DRR queue scheduling

Description Enter global configuration mode. Enter physical layer interface configuration mode. Set the scheduling mode to DRR. Set the scheduling mode to DRR and configure priorities for all queues. When the priority of some queue is set to 0, perform SP scheduling on the queue.
Raisecom(config-port)#mls qos queue scheduler drr Raisecom(config-port)#mls qos queue drr weight1 weight2 weight3 weight4
weight5 weight6 weight7 weight8
283
10 QoS

No. 1 Command
Raisecom(config)#show mls qos queue [ shapping | wred | wredprofile ] interface-
Description Show queue scheduling configurations.
type interface-list
Raisecom#show mls qos queue drop-pkts statistics interface-type interface-list
Show statistics about lost packets of a queue on an interface.
10.5 Configuring congestion avoidance and queue shaping

Scenario
To prevent network congestion from occurring and to resolve TCP global synchronization, you can configure congestion avoidance to adjust the network traffic and resolve network overload. The iTN165-CES supports WRED-based congestion avoidance. When the interface speed of downstream devices is smaller than the one of upstream devices, congestion avoidance may occur on interfaces of downstream devices. At this time, you can configure traffic shaping on the egress interface of upstream devices to shape upstream traffic.
Prerequisite
N/A
10.5.2 Configuring queue-based WRED

Raisecom#config Raisecom(config)#mls qos wred enable Raisecom(config)#mls qos wred profile
Description Enter global configuration mode. Enable WRED. By default, WRED is disabled. Create the WRED profile and enter WRED profile configuration mode. Configure the WRED profile and return to global configuration mode.
profile-id
Raisecom(wred)#wred [ color { green | red | yellow } ] start-drop-threshold start-drop end-drop-threshold end-drop max-drop-probability max-drop Raisecom(wred)#exit Raisecom(config)#interface interface-
5 6 7
Raisecom(config-port)#mls qos queue queue-id wredprofile wredprofile-num Raisecom(config-port)#mls qos queue queue-id max-buffer length
Enter physical layer interface configuration mode. Apply the WRED profile to specified queues on an interface. Configure the queue size on an interface.
284
10 QoS
10.5.3 Configuring queue shaping

Description Enter global configuration mode. Enter physical layer interface configuration mode. (Optional) configure queue-based bandwidth guarantee without setting the EBS on an interface. (Optional) configure queue-based bandwidth guarantee with setting the EBS on an interface.
Raisecom(config-port)#mls qos queue queue-id shaping minband maxband Raisecom(config-port)#mls qos queue queue-id shaping cir minband [ cbs minburst ] eir maxband [ ebs maxburst ]

No. 1 2 Command
Raisecom#show mls qos wred profile [ profile-id ] Raisecom#show mls qos queue { wred | wredprofile } interface-type interface-
Description Show WRED profile configurations. Show WRED/WRED profile information on an interface. Show queue shaping configurations on an interface. Show queue size configurations on an interface.
number
3 4
Raisecom(config)#show mls qos queue shaping interface-type interface-number Raisecom#show mls qos queue max-buffer
10.6 Configuring rate limiting based on interface and VLAN

Scenario
To avoid/remit network congestion, you can configure rate limiting based on the interface, VLAN, or interface+VLAN. Rate limiting is used to make packets transmitted at a relative average speed by control the burst traffic on an interface or in a VLAN.
Prerequisite
To configure VLAN-/QinQ-based rate limiting, you need to create related VLANs.
285
10 QoS
10.6.2 Configuring interface-based rate limiting

Step 1 2
Raisecom#config Raisecom(config)#rate-limit interface-type interface-list { both | egress | ingress } rate-value [ burst-value ]
Command
Description Enter global configuration mode. Configure interface-based rate limiting rules.
10.6.3 Configuring VLAN-based/QinQ-based rate limiting

Step 1 2 3
Raisecom#config Raisecom(config)#rate-limit vlan vlan-id rate-value burst-value [ statistics ] Raisecom(config)#rate-limit double-tagging-vlan outer { outer-vlan-id | any } inner { inner-vlan-id | any } rate-value burst-value [ statistics ]
Command
Description Enter global configuration mode. (Optional) configure VLANbased rate limiting rules. (Optional) configure QinQ-based rate limiting rules.
10.6.4 Configuring rate limiting based on interface+VLAN

Step 1 2
Raisecom#config Raisecom(config)#rate-limit vlan vlan-id interfacetype interface-list { both | egress | ingress } cir minband cbs minburst [ eir maxband ebs maxburst ] [ statistics ]
Command
Description Enter global configuration mode. Configure rate limiting rules based on interface+VLAN.

No. 1 Command
Raisecom(config)#show rate-limit { interface-type interface-list | port-list } Raisecom#show rate-limit vlan [ vlanid ] Raisecom#show rate-limit doubletagging-vlan [ inner vlan-id | outer vlan-id inner vlan-id ] Raisecom#show rate-limit vlan-port [ vlan vlan-id interface-type interface-list { both | egress | ingress } ] [ statistics ]
Description Show interface-based rate limiting configurations.
2 3
Show VLAN-based rate limiting configurations. Show QinQ-based rate limiting configurations.
Show rate limiting configurations based on the interface+VLAN.
286
10 QoS
10.7 Maintenance
Command
Raisecom(config)#clear service-policy statistics Raisecom(config)#clear service-policy statistics interface-type interface-list Raisecom(config)#clear service-policy statistics { egress | ingress } interface-type interface-list [ class-map class-map-name ] Raisecom(config)#clear rate-limit statistics vlan [ vlan-id ]
Description Clear QoS packet statistics. Clear QoS packet statistics on an interface. Clear traffic statistics in a specified traffic classification direction. Clear VLAN-based rate limiting packet loss statistics.

10.8.1 Examples for configuring rate limiting based on traffic policy
As shown in Figure 10-10, User A, User B, and User C are respectively within VLAN 1, VLAN 2, and VLAN 3. And they are respectively connected to the iTN165-CES through Switch A, Switch B, and Switch C. User A transmits voice and video services; User B transmits voice, video, and data services; User C transmits video and data services. According to users' requirements, make following rules:

For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic. For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic. For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic.
287
10 QoS
Figure 10-10 Configuring rate limiting based on traffic policy
Configuration steps
Step 1 Create and configure traffic classifications. Classify packets from different users based on the VLAN IDs.
Raisecom#config Raisecom(config)#mls qos enable Raisecom(config)#class-map usera Raisecom(config-cmap)#match vlan Raisecom(config-cmap)#exit Raisecom(config)#class-map userb Raisecom(config-cmap)#match vlan Raisecom(config-cmap)#exit Raisecom(config)#class-map userc Raisecom(config-cmap)#match vlan Raisecom(config-cmap)#exit
match-any 1 match-any 2 match-any 3
Step 2 Create traffic policing profiles and configure rate limiting rules.
Raisecom(config)#mls qos policer-profile usera single Raisecom(traffic-policer)#cir 25000 cbs 100 Raisecom(traffic-policer)#drop-color red Raisecom(traffic-policer)#exit Raisecom(config)#mls qos policer-profile userb single Raisecom(traffic-policer)#cir 35000 cbs 100 Raisecom(traffic-policer)#drop-color red Raisecom(traffic-policer)#exit Raisecom(config)#mls qos policer-profile userc single Raisecom(traffic-policer)#cir 30000 cbs 100 Raisecom(traffic-policer)#drop-color red
288

Raisecom(traffic-policer)#exit
10 QoS
Step 3 Create and configure traffic policies.
Raisecom(config)#policy-map usera Raisecom(config-pmap)#class-map usera Raisecom(config-pmap-c)#hierarchy-police usera Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#service-policy usera ingress client 1 Raisecom(config)#policy-map userb Raisecom(config-pmap)#class-map userb Raisecom(config-pmap-c)#hierarchy-police userb Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#service-policy userb ingress client 2 Raisecom(config)#policy-map userc Raisecom(config-pmap)#class-map userc Raisecom(config-pmap-c)#hierarchy-police userc Raisecom(config-pmap-c)#exit Raisecom(config-pmap)#exit Raisecom(config)#service-policy userc ingress client 3
Checking results
Use the show class-map command to show traffic classification configurations.
Raisecom#show class-map usera Class Map match-any usera (id 0) Match vlan 1 Raisecom#show class-map userb Class Map match-any userb (id 1) Match vlan 2 Raisecom#show class-map userc Class Map match-any userb (id 2) Match vlan 3
Use the show mls qos policer command to show rate limiting rule configurations.
Raisecom#show mls qos client 1 policers
289

port: client1 policymap name: usera policer type: Single, cir: 25000 kbps, cbs: Raisecom(config)#show port: client2 policymap name: usera policer type: Single, cir: 35000 kbps, cbs: Raisecom(config)#show port: client3 policymap name: usera policer type: Single, cir: 30000 kbps, cbs:
10 QoS
name: usera 100 kB, mls qos client 2 policers
name: userb 100 kB, mls qos client 3 policers
name: userc 100 kB,
Use the show policy-map command to show traffic policy configurations.
Raisecom(config)#show policy-map usera Policy Map usera Class-map usera police usera Raisecom(config)#show policy-map userb Policy Map userb Class-map userb police userb Raisecom(config)#show policy-map userc Policy Map userc Class-map userc police userc
10.8.2 Examples for configuring queue scheduling and congestion avoidance

As shown in Figure 10-11, User A transmits voice and video services; User B transmits voice, video, and data services; User C transmits video and data services. CoS priorities for voice, video and data services are configured with 5, 4, and 2 respectively. And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively. Make following rules based on service types.

Perform SP scheduling on voice service to ensure that the traffic is first transmitted. Perform WRR scheduling on video service and set the weight to 50. Perform WRR scheduling on data service and set the weight to 20. In addition, you need to set the drop threshold to 50 to avoid network congestion caused by too large burst traffic.
290
10 QoS
Figure 10-11 Configuring queue scheduling
Configuration steps
Step 1 Create the WRED profile.
Raisecom#config Raisecom(config)#mls qos wred enable Raisecom(config)#mls qos wred profile 1 Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 maxdrop-probability 60 Raisecom(wred)#exit
Step 2 Configure the priority trust and congestion avoidance on interfaces.
Raisecom#config Raisecom(config)#mls qos enable Raisecom(config)#interface client 1 Raisecom(config-port)#mls qos trust Raisecom(config-port)#mls qos queue Raisecom(config-port)#mls qos queue Raisecom(config-port)#mls qos queue Raisecom(config-port)#exit Raisecom(config)#interface client 2 Raisecom(config-port)#mls qos trust Raisecom(config-port)#mls qos queue Raisecom(config-port)#mls qos queue Raisecom(config-port)#mls qos queue Raisecom(config-port)#exit Raisecom(config)#interface client 3 Raisecom(config-port)#mls qos trust Raisecom(config-port)#mls qos queue
cos 6 wredprofile 1 5 wredprofile 1 2 wredprofile 1
cos 6 wredprofile 1 5 wredprofile 1 2 wredprofile 1
cos 6 wredprofile 1
291

Raisecom(config-port)#mls qos queue 5 wredprofile 1 Raisecom(config-port)#mls qos queue 2 wredprofile 1 Raisecom(config-port)#exit
10 QoS
Step 3 Configure the mapping relationship between the CoS priority and local priority.
Raisecom(config)#mls qos mapping cos-to-local-priority 1 Raisecom(cos-to-pri)#cos 5 to local-priority 6 Raisecom(cos-to-pri)#cos 4 to local-priority 5 Raisecom(cos-to-pri)#cos 2 to local-priority 2 Raisecom(cos-to-pri)#exit Raisecom(config)#interface client 1 Raisecom(config-port)#mls qos cos-to-local-priority 1 Raisecom(config-port)#interface client 2 Raisecom(config-port)#mls qos cos-to-local-priority 1 Raisecom(config-port)#interface client 3 Raisecom(config-port)#mls qos cos-to-local-priority 1 Raisecom(config-port)#exit
Step 4 Configure SP+WRR queue scheduling.
Raisecom(config)#mls qos queue scheduler wrr Raisecom(config)#mls qos queue wrr 1 1 20 11 50 0 0
Checking results
Use the show mls qos mapping cos-to-local-priority command to show mapping relationship configurations on specified priorities.
Raisecom(config)#show mls qos mapping cos-to-local-priority G:GREEN Y:Yellow R:RED cos-to-localpriority(color) Index Description CoS: 0 1 2 3 4 5 6 ------------------------------------------------------------------1 localpri(color) :0(G) 1(G) 2(G) 3(G) 5(G) 6(G) 6(G)
7 7(G)
Use the show mls qos queue command to show queue scheduling configurations.

Raisecom#show mls qos queue client 1 client1 Queue Weight(WRR) ------------------------1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 Queue Weight(DRR) ------------------------1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1
10 QoS
Use the show mls qos wred profile command to show WRED profile configurations.
Raisecom#show mls qos wred profile GSDTGreen Start Drop Threshold GEDTGreen End Drop Threshold GDP Green Drop Probability YSDTYellow Start Drop Threshold YEDTYellow End Drop Threshold YDP Yellow Drop Probability RSDTRed Start Drop Threshold REDTRed End Drop Threshold RDP Red Drop Probability Index Description GSDT GEDT GDP YSDT YEDT YDP RSDT REDT RDP ----------------------------------------------------------------------------------------------------------1 50 90 60 50 90 60 50 90 60
10.8.3 Examples for configuring interface-based rate limiting

As shown in Figure 10-12, User A, User B, and User C are connected to the iTN165-CES through Switch A, Switch B, and Switch C. User A transmits voice and video services; User B transmits voice, video, and data services; User C transmits video and data services.
293
10 QoS
According to users' requirements, make following rules:

For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic. For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic. For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 Kbit/s and discard the redundant traffic.
Figure 10-12 Configuring interface-based rate limiting
Configuration steps
Step 1 Configure interface-based rate limiting.
Raisecom#config Raisecom(config)#rate-limit client 1 ingress 25000 100 Raisecom(config)#rate-limit client 2 ingress 35000 100 Raisecom(config)#rate-limit client 3 ingress 30000 100
Checking results
Use the show rate-limit port-list command to show interface-based rate limiting configurations.
294

Raisecom#show rate-limit port-list I-Rate: Ingress Rate I-Burst: Ingress Burst E-Rate: Egress Rate E-Burst: Egress Burst Port I-Rate(kbps) I-Burst(kB) E-Rate(kbps) E-Burst(kB) ---------------------------------------------------------------L1 1000000 512 1000000 512 L2 1000000 512 1000000 512 C1 25000 100 1000000 512 C2 35000 100 1000000 512 C3 30000 100 1000000 512 C4 1000000 512 1000000 512
10 QoS
295
11 System management and maintenance
11
System management and maintenance

This chapter describes principles and configuration procedures of system management and maintenance, as well as related configuration examples, including following sections:

Introduction Managing files Load and upgrade Configuring system log Configuring alarm management Configuring CPU protection Configuring CPU monitoring Configuring RMON Configuring optical module DDM Configuring Loopback Configuring extended OAM Configuring LLDP Configuring fault detection Maintenance Configuration examples
11.1 Introduction
11.1.1 Management files
System files
System files are the software/files required for running, including the system Bootrom file, system configuration file, system startup file, and FPGA file. In general, these files are saved to the memory of the device. File management refers to backing up, upgrading, loading, and deleting system files.
System Bootrom file

The system Bootrom file (BootROM software) is used to initialize the device. After the device is powered on, the BootROM software is running to initialize the device. You can upgrade the BootROM software if a new version is available.
System startup file

The system startup file (with the .z suffix) is used to start and operate the device, support normal operating, and realize functions of the device. You can upgrade the system startup file if a new version is available. In addition, to prevent a system fault, you can back up the system startup file. The iTN165-CES supports 2 sets of system startup software simultaneously, providing primary and secondary switching of dual systems.
System configuration file

The system configuration file (with the .cfg suffix) is configuration items to be loaded when the device is booted at this time or next time. After being powered on, the device reads the configuration file from the memory for initialization. If there is no configuration file in the memory, the device will use the default configuration file. Configuration parameters in the configuration file are divided into the following 2 types:

Configuration parameters used for initialization are initial configurations. Configuration parameters used when a device is running properly are current configurations.
You can modify current configurations through CLI. To make these modified current configurations as initial configurations when the device is powered on next time, you should save current configurations to the memory (by using the write command) to form a configuration file.
11.1.2 Load and upgrade

Load
Traditionally, the configuration file is loaded through the serial port. This mode has some disadvantages:

Be slow. Consume time. Do not support remote load.
To resolve these problems, FTP load and TFTP load modes are introduced. The iTN165-CES supports the TFTP auto-loading mode. The TFTP auto-loading refers to downloading the configuration file from the server to the device through Trivial File Transfer Protocol (TFTP) for configuring the device.
297
The iTN165-CES supports saving commands related to load to the configuration file saved in the server. Therefore, the iTN165-CES can load configurations for multiple times. This helps load files in a complex network environment. The iTN165-CES provides multiple methods to acknowledge the name of the configuration file saved in the TFTP server:

Entering the name manually Getting the name through DHCP Client Using the default configuration file name
Upgrade
To resolve the following problems, you can upgrade the device:

Adding new features to the device Optimizing original functions Fixing Bugs of the current software version
The iTN165-CES supports being upgraded through the following 2 modes:

BootROM FTP/TFTP
11.1.3 System log

The system log refers that the device records the system information and debugging information in a log and sends the log to the specified destination. When the device fails to work, you can check and locate the fault easily. The system information and some scheduling output will be sent to the system log to deal with. According to the configuration, the system will send the log to various destinations. The destinations that receive the system log are divided into:

Console: send the log message to the local console through Console interface. Host: send the log message to the host. Monitor: send the log message to the monitor. Flash: send the log file to the Flash of the device.
In general, the system log is in a format of timestamp module-level- Message content An instance of the system log content is shows as below:
FEB-22-2005 14:27:33 CONFIG-7-CONFIG:USER "raisecom" Run "logging on" FEB-22-2005 06:46:20 CONFIG-6-LINK_D:port 2 Link Down FEB-22-2005 06:45:56 CONFIG-6-LINK_U:port 2 Link UP
11.1.4 Alarm management

An alarm refers to information generated by the system based on module failures when a fault is generated on the iTN165-CES or some working condition changes.
298
The alarm is used to report some urgent and important events and notify them to the network administrator promptly, which provides strong support for monitoring device operation and diagnosing faults. The alarm is stored in the alarm buffer. Meanwhile, the alarm is generated to log information. If the NView NNM system is configured, the alarm will be sent to it through SNMP. The information sent to the NView NNM system is called Trap.
Classification of alarms
There are 3 kinds of alarms according to properties of an alarm:

Fault alarm: alarms generated because of hardware failure or anomaly of important functions, such as port Down alarm Recovery alarm: alarms generated when device failure or abnormal function returns to normal, such as port Up alarm; Event alarm: prompted alarms or alarms that are generated because the fault alarm and recovery alarm cannot be related, such as alarms generated because of failing to Ping.
Alarms are divided into 5 types according to functions:
Communication alarm: alarms related to the processing of information transmission, including alarms generated because of communication failure between Network Elements (NEs), NEs and NMS, or NMS and NMS Service quality alarm: alarms caused by service quality degradation, including congestion, performance decline, high resource utilization rate, and the bandwidth reducing Processing error alarm: alarms caused by software or processing errors, including software errors, memory overflow, version mismatching, and abnormal program aborts Environmental alarm: alarms caused by equipment location-related problems, including the temperature, humidity, ventilation. and other abnormal working conditions Device alarm: alarms caused by failure of physical resources, including the power supply, fan, processor, clock, input/output interface, and other hardware.
Alarm output
There are 3 alarm output modes:
Alarm buffer: alarms are recorded in tabular form, including the current alarm table and history alarm table.

Current alarm table: records alarms which are not cleared, acknowledged or restored. History alarm table: consists of acknowledged and restored alarms, recording the cleared, auto-restored, or manually acknowledged alarms.
Log: alarms are generated to system log when recorded in the alarm buffer, and stored in the alarm log buffer. Trap: alarms sent to the NView NNM system when the NView NNM system is configured
Alarms will be broadcasted according to various terminals configured on the iTN165-CES, including CLI terminal and NView NNM system. Log output of alarms starts with the symbol "#", and the output format is:
299
#Index TimeStamp HostName ModuleName/Severity/nameArise From Description
Table 11-1 describes alarm fields. Table 11-1 Alarm fields Field Index TimeStamp ModuleName Severity Name Arise From Description Alarm index Time when an alarm is generated Name of a module that generates an alarm Alarm level Alarm name Descriptions about an alarm Description
Alarm levels
The alarm level is used to identify the severity degree of an alarm. The level is defined in Table 11-2. Table 11-2 Alarm levels Level Critical (3) Description This alarm has affected system services and requires immediate troubleshooting. Restore the device or source immediately if they are completely unavailable, even it is not during working time. This alarm has affected the service quality and requires immediate troubleshooting. Restore the device or source service quality if they decline; or take measures immediately during working hours to restore all performances. This alarm has not influenced the existing service yet, which needs further observation and take measures at appropriate time so as to avoid more serious fault. This alarm will not affect the current service, but maybe the potential error will affect the service, so it can be considered as needing to take measures. Uncertain alarm level, usually the event alarm. This alarm shows to clear one or more reported alarms. Syslog 1 (Alert)
Major (4)
2 (Critical)
Minor (5)
3 (Error)
Warning (6)
4 (Warning)
Indeterminate (2) Cleared (1)
5 (Notice) 5 (Notice)
300
Related concepts
Related concepts about alarm management are displayed as follows:
Alarm inhibition
The iTN165-CES only records root-cause alarms but incidental alarms when enabling alarm inhibition. For example, the generation of alarm A will inevitably produce alarm B, then alarm B is inhibited and does not appear in the alarm buffer or record the log information when enabling alarm inhibition. By enabling alarm inhibition, the iTN165-CES can effectively reduce the number of alarms. The root-cause alarm and all other incidental alarms will be recorded on the iTN165-CES when alarm inhibition is disabled.
Alarm auto-report
Auto-report refers that an alarm will be reported to the NView NNM system automatically with its generation and the NView NNM system does not need to query or synchronize alarms actively. You can set auto-report to some alarm, some alarm source, or the specified alarm from specified alarm source.
The alarm source refers to an entity that generates related alarms, such as interfaces, devices, or cards.
Alarm monitoring
Alarm monitoring is used to process alarms generated by modules:
When alarm monitoring is enabled, the alarm module will receive alarms generated by modules, and process them according to configurations of the alarm module, such as recording alarm in the alarm buffer, or recording system logs, etc.; When alarm monitoring is disabled, the alarm module will discard alarms generated by modules without follow-up treatment. In addition, alarms will not be recorded on the iTN165-CES.
You can perform alarm monitoring on some alarm, alarm source, or specified alarm from specified alarm source.
Alarm reverse mode
Alarm reverse refers to the device will report the information opposite to actual status when recording alarm information, or report the alarm when there is no alarm information. Not report if there is alarm information. Currently, the device is only in support of reverse mode configuration of the interface. There are three reverse modes to be set; the specific definitions are as follows:
Non-reverse mode
Device alarm is reported normally.
Manual reverse mode
Set the alarm reverse mode of an interface as manual reverse mode, then no matter what the current alarm state is, the reported alarm state of the interface will be changed opposite to the actual alarm state immediately, that is to say, not report when there are alarms, report when
there are not alarms actually. The interface will maintain the opposite alarm state regardless of the alarm state changes before the alarm reverse state being restored to non-reverse mode.
Auto-reverse mode
Set the alarm reverse mode as auto-reverse mode. If the interface has not actual reverse alarm currently, the setting will return fail; if the interface has actual reverse alarm, the setting is success and enter reverse mode, i.e. the interface reported alarm status is changed opposite to the actual alarm status immediately. After the alarm is finished, the enabling state of interface alarm reverse will ends automatically and changes to non-reverse alarm mode so that the alarm state can be reported normally in next alarm.
Alarm delay
Alarm delay refers that the iTN165-CES will record alarms and report them to the NView NNM system after a delay but not immediately when alarms generate. Delay for recording and reporting alarms are identical. By default, an alarm is reported after 0 seconds it is generated and an alarm is cleared after 0 seconds it is finished.
Alarm storage mode
Alarm storage mode refers to how to record new generated alarms when the alarm buffer is full. There are two ways:

stop: stop mode, when the alarm buffer is full, new generated alarms will be discarded without recording. loop: loop mode, when the alarm buffer is full, the new generated alarms will replace old alarm information and take rolling records.
The current alarm list can record up to 1000 alarms and the historical alarm table can record up to 500 alarms. Use the configured storage mode to deal with newly-generated alarms when the alarm table is full.
Clearing alarms
Clear the current alarm, which means deleting current alarms from the current alarm table. The cleared alarms will be saved to the historical alarm table. In addition, a new all-alarm cleared record is generated.
Viewing alarms
The administrator can view alarms and monitor alarms directly on the iTN165-CES. If the iTN165-CES is configured with the NView NNM system, the administrator can monitor alarms on the NView NNM system.
Hardware monitoring alarms

Hardware monitoring is used to monitor the operating environment of the iTN165-CES. The alarms to be monitored include:
Power supply dying-gasp alarm
The iTN165-CES supports dual power supplies. The power supply dying-gasp alarm is divided into single power supply dying-gasp alarm and dual power supply dying-gasp alarm.
Single power supply dying-gasp alarm: inform users that power supply 1/power supply 2 is powered off. saving to the temperature beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log.

Device dying-gasp: 2 power supplies are powered off. Support outputting to system log only.
Temperature beyond threshold alarm
The device is in support of temperature beyond threshold alarm event, when the current temperature is lower than low temperature threshold, the low temperature alarm event will generate. The iTN165-CES supports saving to the temperature beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. When the device current temperature is higher than high temperature threshold, the high temperature alarm event will generate. The iTN165-CES supports saving to the device hardware environment monitoring alarm table, sending Trap to the NView NNM system, and outputting to the system log.
Voltage beyond threshold alarm
The device is in support of voltage beyond threshold alarm event, when the current voltage is lower than low voltage threshold, the low voltage alarm event will generate. The iTN165-CES supports saving to the voltage beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log. When current voltage value of the monitored voltage is greater than the threshold, a high voltage alarm is generated. The iTN165-CES supports saving to the voltage beyond threshold alarm table, sending Trap to the NView NNM system, and outputting to the system log.
The iTN165-CES monitors 3.3 V master chip voltage only.
Interface status anomaly alarm
Each interface has 2 alarm events:

Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The alarm event only aims at optical interface, but not electrical interface. Interface link-down alarm: interface status Down alarm.
The iTN165-CES supports saving these 2 alarm events to the device hardware environment monitoring alarm table, sending Trap to the NView NNM system, and outputting to the system log.
11.1.5 CPU protection

Because the network environment of the iTN165-CES is complex, the iTN165-CES may be attacked by multiple packets, such as ARP packets, BPDU packets, and ICMP packets. If the iTN165-CES receives a great number of attack packets in a short period, the CPU may work with full load. Therefore, the iTN165-CES cannot process normal services in time, degrading device performance. To effectively use resources and prevent packet attacks, the iTN165-CES needs to protect the CPU. In a certain interval, when the number of some packet received by an interface exceeds the upper threshold, the iTN165-CES will discard the packet without reporting it to the CPU. This helps protect the CPU. In a certain interval, when the number of some packet received by an interface is smaller than the lower threshold, the iTN165-CES will not discard the packet. The iTN165-CES counts the number of some packet in a sampling mode.
303
The iTN165-CES supports CPU protection. The packet sampling interval ranges from 0 to 65535s and the threshold ranges from 2 to 65535. The upper threshold is always greater than the lower threshold.
11.1.6 CPU monitoring

The iTN165-CES supports CPU monitoring, which is used to monitor task status, CPU utilization rate, and stack usage in real time, helping the administrator locate the fault quickly. CPU monitoring can provide the following functions:
Viewing CPU utilization
View CPU hold time and utilization rate of all tasks in each period (5 seconds, 1 minute, 10 minutes, or 2 hours). The total CPU utilization rate within each period can be displayed statically or dynamically. View the operating status of all tasks and the detailed operating status information of specified tasks. View historical CPU utilization rate within each period. View the dying gasp task information.
CPU utilization rate threshold alarm
Within a specified sampling period, the system will generate an alarm and send Trap if CPU utilization rate is over the configured rising threshold or below the declining threshold. The Trap provides 5 task IDs and their CPU utilization rates of tasks which have the highest CPU utilization rate in the latest period (5 seconds, 1 minute, or 10 minutes).
11.1.7 RMON
Remote Network Monitoring (RMON) is a standard developed by the Internet Engineering Task Force (IETF). RMON is used to monitor network data through different Agents and NMS. RMON is an extension of SNMP. However, compared with SNMP, ROMN is more active and efficient for monitoring remote devices. The administrator can quickly trace faults generated on the network, network segments or devices. With RMON, the data traffic between the NMS and Agent is reduced greatly. In addition, RMON helps to effectively manage large-scale network, which eliminating SNMP restrictions across the increasing distributed network. At present, RMON realizes 4 function groups:

Statistics group: collect statistic information on each interface, including number of received packets and packet size distribution statistics. History group: similar with the statistics group, but it only collect statistic information in an assigned detection period. Alarm group: monitor an assigned MIB object, set the upper and lower thresholds in an assigned time interval, and trigger an event if the monitored object exceeds the threshold. Event group: cooperating with the alarm group, when alarm triggers an event, it records the event, such as sending Trap or writing it into the log, etc.
11.1.8 Optical module DDM

Small Form-factor Pluggables (SFP) is an optical module in optical module transceivers. The SFP Digital Diagnostic Monitoring (DDM) provides a method for monitoring performance. By analyzing monitored data provided by the SFP module, the administrator can predict the
lifetime of the SFP module, isolate system faults, as well as verify the compatibility of the SFP module. The SFP module offers 5 performance parameters:

Temperature for the transceiver Internal Power Feeding Voltage (PFV) Launched bias current Launched optical power Received optical power
11.1.9 Loopback
As shown in Figure 11-1, interface loopback test (Loopback) is a common method for checking interface and network problems. Return the packets, which meet rules and related parameters defined by users, to the iTN B through Client 1 of iTN A. By counting packets transmitted and received by an interface, iTN B can detect the network connectivity. Figure 11-1 Interface loopback
Ingress packets and egress packets

As shown in Figure 11-1, ingress packets and egress packets are defined as below:

Ingress packets: test packets received by Client 1 Egress packets: test packets returned to the peer device through Client 1
Loopback parameters
Loopback parameters include the source MAC address, destination MAC address, source IP address, destination IP address, SVLAN ID, and CVLAN ID. When you set a loopback parameter and enable loopback of the related rule, packets, which meet the parameter, will be used for loopback.
Enabling loopback rules

You can enable loopback of a rule by using some command. The iTN165-CES supports 9 loopback rules:

Loopback based on interface: packets entering this interface will be used for loopback. Loopback based on destination MAC address: packets, which enter the interface and whose destination MAC address is the loopback parameter, will be used for loopback.
305

Loopback based on source MAC address: packets, which enter the interface and whose source MAC address is the loopback parameter, will be used for loopback. Loopback based on destination IP address: packets, which enter the interface and whose destination IP address is the loopback parameter, will be used for loopback. Loopback based on source IP address: packets, which enter the interface and whose source IP address is the loopback parameter, will be used for loopback. Loopback based on CVLAN: packets, which enter the interface and whose CVLAN is the specified VLAN ID, will be used for loopback. Loopback based on SVLAN: packets, which enter the interface and whose SVLAN is the specified VLAN ID, will be used for loopback. Loopback based on Double-VLAN (DVLAN): packets, which enter the interface and whose CVLAN and SVLAN are specified VLAN IDs, will be used for loopback. Loopback based on source IP address and destination IP address: packets, which enter the interface and whose source IP address and destination IP address are specified IP addresses, will be used for loopback.
Loopback hold time

The loopback hold time ranges from 0 to 30 minutes. When the hold time expires, loopback of some rule will be automatically disabled on the interface. When the hold time is set to 0 minute, loopback will be performed continuously until being disabled manually.
Unicast source MAC address translation

Source MAC address translation refers to changing the source MAC address of egress packets to the local MAC addresses of iTN A or destination MAC address of ingress packets. Only unicast packets support source MAC address translation. For multicast and broadcast packets, their MAC addresses are the local MAC address of the iTN A.
Multicast/Broadcast destination MAC address translation

Destination MAC address translation refers to changing destination MAC addresses of egress packets to the MAC address of iTN B. Namely, after loopback, multicast and broadcast packets are changed to unicast packets. If destination MAC address translation is disabled, destination MAC address of egress packets are the multicast and broadcast MAC addresses of original packets.
Multicast/Broadcast destination IP address translation
For multicast IP packets, when destination IP address translation is enabled, the destination IP address of egress packets are changed from the original multicast IP address to the source IP address of ingress packets. Namely. The multicast packets are changed to unicast packets to return to the peer. When destination IP address translation is disabled, the destination IP address of egress packets are the original multicast IP address. For broadcast IP packets, the destination IP address is changed to the source IP address of the ingress packets regardless of whether destination IP address translation is enabled or not.
The source IP address of all egress packets is always changed to the configured local IP address. By default, the local IP address of the iTN165-CES is set to 127.0.0.1.
306
11.1.10 Extended OAM

Extended OAM is based on the IEEE 802.3ah OAM link. It uses expandability of standard OAM and enhances OAM management functions. It is mainly used to configure and monitor remote devices, including the following items:

Obtaining properties of remote devices: the local device can obtain properties, configurations, and statistics of remote devices. Configuring basic functions for remote devices: the local device can configure some functions for remote devices, including the host name, interface status, speed, duplex mode, bandwidth, and failover. Configuring network management parameters: the local device can configure network management parameters for remote devices that support SNMP, such as the IP address, gateway, management IP address, and read-write community. Therefore, the NView NNM system can manage remote devices. Sending remote Trap: when a Link Up/Down alarm is generated on a remote device, the remote device sends an extended OAM notification frame to the local device. The local device sends remote Trap to the NView NNM system. Rebooting remote devices: the local device can send commands to reboot remote devices. Managing other remote functions: the local device can manage more remote devices as they are developed, such as SFP and QinQ.
When the iTN165-CES is a managed remote device, the local device (such as the iTN2100) can configure and manage it through extended OAM, as shown in Figure 11-2. Figure 11-2 The iTN165-CES working as a managed remote device
The iTN165-CES supports the following remote functions:

Rebooting the device Viewing basic information about the device (name. model, version, and capability) Configuring the IP address and default gateway of the device Uploading and downloading files Configuring the SNMP community
11.1.11 LLDP
With the enlargement of network scale and increase of network devices, the network topology becomes more and more complex and network management becomes very important. A lot of
network management software adopts "auto-detection" function to trace changes of network topology, but most of the software can only analyze the Layer 3 network and cannot make sure the interfaces connect to other devices. Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network management system can fast grip the Layer 2 network topology and changes. LLDP organizes the local device information in different Type Length Value (TLV) and encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straightconnected neighbour. It also saves the information from neighbour as standard Management Information Base (MIB) for network management system querying and judging link communication.
LLDP packet
LLDP packet is to encapsulate LLDPDU Ethernet packet in data unit and transmitted by multicast. LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in Ethernet data for transmission. As shown in Figure 11-3, LLDPDU is made by several TLV, including 4 mandatory TLV and several optional TLV. Figure 11-3 Structure of LLDPDU packet
As shown in Figure 11-4, each TLV denotes a piece of information at local, such as device ID, interface ID, etc. related Chassis ID TLV, Port ID TLV, and fixed TLV. Figure 11-4 Structure of TLV packet
TLV type value relationship is listed in Table 11-3, at present only types 08 are used. Table 11-3 TLV types TLV type 0 1 2 3 4 Description End Of LLDPDU Chassis ID Port ID Time To Live Port Description
Optional or required Required Required Required Required Optional

308
TLV type 5 6 7 8
Description System Name System Description System Capabilities Management Address
Optional or required Optional Optional Optional Optional
Working principles of LLDP

LLDP is a kind of point-to-point one-way issuance protocol, which notifies local device link status to peer end by sending LLDPDU (or sending LLDPDU when link status changes) periodically from local to peer end. The procedure of packet exchange:
When local device transmits packet, it gets system information required by TLV from NView NNM (Network Node Management) and gets configuration information from LLDP MIB to generate TLV and form LLDPDU to transmit to peer. The peer receives LLDPDU and analyzes TLV information. If there is any change, the information will be updated in neighbor MIB table of LLDP and notifies NView NNM system.
When the device status is changed, the iTN165-CES sends a LLDP packet to the peer. To avoid sending LLDP packet continuously because of device status changes frequently, you can set a delay timer for sending the LLDP packet. The aging time of Time To Live (TTL) of local device information in the neighbour node can be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535, (interval hold-multiplier)}:

Interval indicates the time period to send LLDP packets from neighbor node. Hold-multiplier refers to the aging coefficient of device information in neighbor node.
11.1.12 Fault detection

PING
Ping derives from the sonar location operation, which is used to detect whether the network is normally connected. Ping is achieved with ICMP echo packets. If an Echo Reply packet is sent back to the source address during a valid period after the Echo Request packet is sent to the destination address, it indicates that the route between source and destination address is reachable. If no Echo Reply packet is received during a valid period and timeout information is displayed on the sender, it indicates that the route between source and destination addresses is unreachable. Figure 11-5 shows the principle of Ping.
309
Figure 11-5 Principle of PING
Traceroute
Just as Ping, Traceroute is a commonly-used maintenance method in network management. Traceroute is often used to test the network nodes of packets from sender to destination, detect whether the network connection is reachable, and analyze network fault The following shows how Traceroute works:

First, send a piece of TTL1 sniffer packet (where the UDP port number of the packet is unavailable to any application programs in destination side). TTL deducts 1 when reaching the first hop. Because the TTL value is 0, in the first hop the device returns an ICMP timeout packet, indicating that this packet cannot be sent. The sending host adds 1 to TTL and resends this packet. Because the TTL value is reduced to 0 in the second hop, the device will return an ICMP timeout packet, indicating that this packet cannot be sent.
The above steps continue until the packet reaches the destination host, which will not return ICMP timeout packets. Because the port number of destination host is not be used, the destination host will send the port unreachable packet and finish the test. Thus, the sending host can record the source address of each ICMP TTL timeout packet and analyze the path to the destination according to the response packet. Figure 11-6 shows the principle of Traceroute. Figure 11-6 Principle of Traceroute
310
11.2 Managing files

11.2.1 Managing BootROM file
The BootROM file is used to boot the iTN165-CES and finish device initialization. You can upgrade BootROM file through FTP or Trivial File Transfer Protocol (TFTP). By default, BootROM file is named as bootrom or bootromfull. After powering on the iTN165-CES, run the BootROM files at first, press Space to enter BootROM menu when the prompt "Press space into Bootrom menu" appears:
Raisecom Boot Loader Bootrom version 1.1.0 Raisecom Technology CO..LTD. .Compiled Mar 18 2013 17:33:50 Base ethernet Mac address: 00:0e:5e:02:03:04 Press Space to Enter Bootrom menu...... 1 [Raisecom]:
You can perform the following operations in the menu below. Operation ? h b i m r S u ub List all executable operations. List all executable operations. Quick execution for system bootstrap software. Modify the IP address of the iTN165-CES in BootROM mode. Upgrade the firmware version (such as CPLD mirroring) of the iTN165CES. Reboot the iTN165-CES. List all system startup software name and related information and specify system startup software name loaded at the time of startup. Upgrade the system software through the serial port or network interface. Upgrade the BootROM software. Description
11.2.2 Managing system files

System files are the files needed for system operation (like system startup software and configuration file). These files are usually saved in the memory, the iTN165-CES manages them by a file system to facilitate user managing the memory. The file system can create, delete, and modifies the file and directory. In addition, the iTN165-CES supports 2 sets of system startup software. When one set of software fails, you can manually switch to the other to reduce influences caused by service crashes.
311
Step 1 2
Command
Raisecom#multi-system overwrite versionindex
Description Specify the ID of the system boot software downloaded by the device. Download the system bootstrap software via FTP or TFTP. Download the system boot software through FTP or TFTP. Specify the ID of the system boot software uploaded by the device. Upload the system boot software via FTP or TFTP.
4 5
Raisecom#download bootstrap { ftp ip-address user-name password file-name | tftp ip-address file-name } Raisecom#download system-boot { ftp ip-address user-name password file-name | tftp ip-address file-name } Raisecom#multi-system upload version index
Raisecom#upload system-boot { ftp [ ip-address user-name password file-name ] | tftp [ ipaddress file-name ] } [ schedule-list listnumber ] Raisecom#erase [ file-name ]
Delete the files from the memory.
11.2.3 Managing configuration files

The configuration file is the configuration items to be loaded when the iTN165-CES is booted this time or next time. Configuration file has an affix ".cfg", and these files can be open by text book program in Windows system. The contents in the following format:

Saved as Mode+Command format; Just reserve the non-defaulted parameters to save space (see command reference for default values of configuration parameters); Take the command mode for basic frame to organize commands, put commands of one mode together to form a section, the sections are separated by "!".
The iTN165-CES starts initialization by reading configuration files from memory after powering on. Thus, the configuration in configuration files are called as initialization configuration, if there is no configuration files in memory, the device take the default parameters for initialization. The device running configuration is called current configuration. You can modify device current configuration through CLI. The current configuration can be used as initial configuration when next time power on, you must use the write command to save current configuration into memory and form configuration file. Step 1 Command
Raisecom#download startup-config { ftp ip-address user-name password file-name [ reservedevcfg ] | tftp ip-address file-name [ reservedevcfg ] } Raisecom#erase [ file-name ]
Description Download system startup configuration files through FTP or TFTP. Delete the files from memory.
312
Step 3
Command
Raisecom#upload startup-config { ftp [ ip-address user-name password file-name ] | tftp [ ip-address file-name ] } [ schedule-list list-number ] Raisecom#write
Description Upload system startup configuration files through FTP or TFTP. Write the configured files into memory.

No. 1 2 3 Command
Raisecom#show multi-system
Description Show the system boot software information of the iTN165CES. Show configuration information loaded when the iTN165CES is being booted. Show the current configurations of the iTN165-CES.
Raisecom#show startup-config
Raisecom#show running-config
11.3 Load and upgrade

11.3.1 Configuring TFTP auto-loading mode
Before configuring the TFTP auto-loading mode, you need to build a TFTP environment and have the iTN165-CES interconnect with the TFTP server.
When performing auto-loading, the IP address configured through CLI has a higher priority than the one obtained through DHCP Client. When performing auto-loading, the priorities of configuration file names obtained from server are arranged in a descending order as below: the file name confirmed by the naming rule > file name configured through CLI > file name obtained through DHCP Client. Command Description Enter global configuration mode. Configure the IP address of the TFTP server. Set the naming rule for file name. By default, there is no denomination rule, system uses default file name as startup_config.conf. Specify the configuration file name to be uploaded.
Step 1 2 3
Raisecom#config Raisecom(config)#service config tftp-server ip-address Raisecom(config)#service config filename rule [ rule-number ]
Raisecom(config)#service config filename filename
313
Step 5
Command
Raisecom(config)#service config overwrite enable
Description Enable local configuration file overwriting. Use the service config overwrite disable command to disable local configuration file overwriting. (Optional) enable the Trap module used for update configuration files automatically. (Optional) configure the version ID of the system Bootrom file, system startup configuration file, and system startup file. Enable auto-loading.
6 7
Raisecom(config)#service config trap enable Raisecom(config)#service config version { bootstrap | startupconfig | system-boot } version Raisecom(config)#service config
11.3.2 Upgrading system software through BootROM

In the below cases, you need to upgrade system software through BootROM:

The iTN165-CES is booted for the first time. The system files are damaged. The card cannot be booted properly.
Before upgrading the system software through BootROM, you should build a TFTP environment, taking a PC as the TFTP server and the iTN165-CES as the client. Basic requirements are as below.

The iTN165-CES is connected to the TFTP server through SNMP interface. Configure the TFTP server and ensure the TFTP server is available. Configure the IP address of TFTP server and make the IP address in the same network segment with IP addresses configured by the T command. Operation
Step 1
Log in to the iTN165-CES through serial port as the administrator and enter privileged EXEC mode and then use the reboot command to reboot the iTN165-CES.
Raisecom#reboot Please input 'yes' to confirm:yes Rebooting ... booting... Raisecom Boot Loader Bootrom version 1.1.0 Raisecom Technology CO..LTD. .Compiled Mar 18 2013 17:33:50 Base ethernet Mac address: 00:0e:5e:02:03:04 Press Space to Enter Bootrom menu...... 2
314
Step 2
Operation Press Space to enter the raisecom interface when "Press space into Bootstrap menu..." appears on the screen, then input "?" to display the command list:
[Raisecom]:? ? print this list h print this list b boot system i modify network manage port ip address m update microcode r reboot system S select system to boot u update system ub update bootrom
The input letters are case sensitive. 3 Input "u" to download the system boot file through FTP and replace the original one, the display information is shown as below:
[Raisecom]: u Index Name Size ---------------------------------------------------------1* system_1.1.1.20130411 10420581 2 system_1.1.1.20130411 10420581 Current selected version is 1 Please select a version to overwrite: 2 choose mode for updating core file. ----------------------------------1. | serial ----------------------------------2. | network ----------------------------------please input mode choose... 2 config network infor ... host ip address:192.168.4.100 usr: wrs passwd: wrs filename: iTN165-4GE4E1enms-b.z starting connect host,please waiting... Do you want to update image file?<Y/N>y start update core , please wait some minutes... success.
Ensure the input file name here is correct. In addition, the file name should not be longer than 80 characters.
Step 4
Operation Enter "S" and correctly select the system boot file to be loaded when the iTN165-CES is booted next time. The "*" character indicates the default system startup file loaded currently. [Raisecom]: S
Index Name Size ---------------------------------------------------------1* system_1.1.1.20130411 10420581 2 system_1.1.1.20130411 10420581 Current selected version is 1 Please select a version to start: 2 saving... done
Enter "b" to execute the bootstrap file quickly. The iTN165-CES will be rebooted and upload the downloaded system boot file.
11.3.3 Upgrading system software through FTP/TFTP

Before upgrading the system software through FTP/TFTP, you should build a FTP/TFTP environment, taking a PC as the TFTP server and the iTN165-CES as the client. Basic requirements are as below.

The iTN165-CES is connected to the TFTP server through the client/line interface. Configure the FTP/TFTP server and ensure the FTP/TFTP server is available. Configure the IP address of TFTP server. Command Description Specify the ID of the system boot software downloaded by the device. By default, the downloaded system boot software ID is set to 1. Download the system boot software via FTP or TFTP.
Step 1
Raisecom#multi-system overwrite version version
Raisecom#download system-boot { ftp [ ip-address username
password filename localfilename ] | tftp [ ip-address filename local-filename ] }
[ reservedevcfg ] Raisecom#multi-system boot version version
Specify the ID of the system boot software uploaded by the device. By default, the uploaded system boot software ID is set to 1. Write the configured files into the memory. Reboot the iTN165-CES and the device will automatically upload the downloaded system boot software.
4 5
Raisecom#write Raisecom#reboot [ now ]
316

No. 1 2 3 4 Command
Raisecom#show multi-system
Description Show the system boot software information of the current device. Show automatically-configured loading information. Show the naming rule of the configuration file. Show the system version.
Raisecom#show service config
Raisecom#show service config filename rule [ rule-number ] Raisecom#show version
11.4 Configuring system log

Scenario
The iTN165-CES generates critical information, debugging information, or error information of the system to system logs and outputs the system logs to log files or transmits them to the host, Console interface, or monitor for viewing and locating faults.
Prerequisite
N/A
11.4.2 Configuring basic information about system log

Step 1 2 Command
Raisecom#config Raisecom(config)#logging on
Description Enter global configuration mode. (Optional) Enable system log. By default, system log is enabled.
Raisecom(config)#logging timestamp { debug | log } { datetime | none | uptime }
(Optional) configure the timestamp of system log. The optional parameter debug is used to assign debug-level (7) system log timestamp. By default, this system log does not have timestamp The optional parameter log is used to assign levels 06 system log timestamp. By default, these system logs adopt date-time as timestamp.
Raisecom(config)#logging ratelimit rate
(Optional) configure the transport rate of system log. By default, no transport rate is configured.
317
Step 5 6
Command
Raisecom(config)#logging buginf [ high | low | none | normal ] Raisecom(config)#logging buffered size size Raisecom(config)#logging alarm Raisecom(config)#logging discriminator discriminatornumber { facility | mnemonics | msg-body } { drops key | includes key | none } Raisecom(config)#logging facility { alert | audit | auth | clock | cron | daemon | ftp | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | security | syslog | user | uucp } Raisecom(config)#logging sequence-number
Description (Optional) send Level 7 (debugging) debugging log. (Optional) configure the log buffer size. By default, the log buffer size is set to 4KB. (Optional) enable system log alarm. (Optional) configure the log discriminator.
7 8
(Optional) configure the facility field in the log to be sent to the log host. By default, the facility field value is set to local7.
10
(Optional) enable the sequence number field of the log.
11.4.3 Configuring system log output destination

Step 1 2
Raisecom#config Raisecom(config)#logging console [ log-level | alerts | critical | debugging | discriminator | emergencies | errors | informational | notifications | warnings] Raisecom(config)#logging host ip-address [ log-level | alerts | critical | debugging | discriminator | emergencies | errors | informational | notifications | warnings ] Raisecom(config)#logging monitor[ log-level | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings] Raisecom(config)#logging file [ discriminator discriminateor-number] Raisecom(config)#logging buffered [ loglevel | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings ] Raisecom(config)#logging history
Command
Description Enter global configuration mode. (Optional) output system logs to the Console interface.
(Optional) output system logs to the log host.
(Optional) output system logs to the monitor.
5 6
(Optional) output system logs to the Flash of the iTN165-CES. (Optional) output system logs to the log buffer.
(Optional) output system logs to the log history table.
318
Step 8
Command
Raisecom(config)#logging history size size
Description Configure the log history table size. By default, the log history table size is set to 1.
Raisecom(config)#logging trap [ log-level | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings ]
(Optional) translate logs output to the log history table to Traps. By default, warning Logs output to the log history table is translated to Traps.

Raisecom#show logging Raisecom#show logging file Raisecom#show logging buffer Raisecom#show logging discriminator Raisecom#show logging history
Description Show system log configurations. Show contents of the system log file. Show contents of the log buffer. Show information about the log discriminator. Show contents of the log history table.
11.5 Configuring alarm management

Scenario
When the iTN165-CES fails, the alarm management module will collect the fault information and output the alarm in a log. The alarm information includes the time when the alarm is generated, the name and descriptions of the alarm. It helps you quickly locate the fault. If Trap is configured on the iTN165-CES, when the operating environment of the device is abnormal, the iTN165-CES supports saving to the hardware monitoring alarm table, sending Trap to the NView NNM system, and outputting to the system log. It notifies users to process the fault and prevent the fault from occurring. With alarm management, you can directly perform following operations on the iTN165-CES: alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm storage mode, alarm clearing, and alarm viewing.
Prerequisite
After hardware monitoring is configured on the iTN165-CES,
319
When alarms are output in Syslog form, alarms are generated to the system log. When needing to send alarms to the log host, you need to configure the IP address of the log host on the iTN165-CES. When needing to send alarms to the NView NNM system in a Trap form, you need to configure the IP address of the NView NNM system on the iTN165-CES.
11.5.2 Configuring basic functions of alarm management

Step 1 2
Raisecom#config Raisecom(config)#alarm inhibit enable
Command
Description Enter global configuration mode. (Optional) enable alarm inhibition. By default, alarm inhibition is enabled.
Raisecom(config)#alarm auto-report { module_name [ group_name ] | interface
(Optional) enable alarm auto-report. By default, alarm auto-report is enabled. (Optional) enable alarm monitoring. By default, alarm monitoring is enabled. (Optional) configure the alarm inverse mode. By default, the alarm inverse mode is set to none (non-inverse). (Optional) configure the time for delaying an alarm to be generated. By default, alarm delay is set to 0s.
interface-type interface-number [ module_name [ group_name ] ] } enable
Raisecom(config)#alarm monitor{ module_name [ group_name ] |
interface-type interface-number [ module_name [ group_name ] ] } enable Raisecom(config)#alarm inverse interfacetype interface-number { none | auto | manual }
Raisecom(config)#alarm active delay
second
Raisecom(config)#alarm active storage-mode { loop | stop }
(Optional) configure the alarm storage mode. By default, the alarm storage mode is set to stop. (Optional) clear specified current alarms. (Optional) clear specified current alarms on the specified alarm module. (Optional) clear specified current alarms of the specified alarm source (interface). (Optional) enable alarm Syslog. By default, alarm Syslog is enabled.
Raisecom(config)#alarm clear index index Raisecom(config)#alarm clear module_name [ group_name ] Raisecom(config)#alarm clear interfacetype interface-number [ module_name [ group_name ] ] Raisecom(config)#alarm syslog enable
10
Raisecom(config)#exit Raisecom#show alarm active [ module_name | severity severity ] Raisecom#show alarm cleared [ module_name | severity severity ]
(Optional) show current alarms.
(Optional) show historical alarms.
320
11.5.3 Configuring hardware monitoring alarm output

Step 1 2 Command
Raisecom#config Raisecom(config)#hw_monitor syslog enable
Description Enter global configuration mode. (Optional) enable global hardware monitoring alarm Syslog output. By default, global hardware monitoring alarm Syslog output is disabled.
Raisecom(config)#snmp-server trap hw_monitor enable
(Optional) enable global hardware monitoring alarm Trap. By default, global hardware monitoring alarm Trap is enabled.
Raisecom(config)#hw_monitor powersupply { notifies | syslog }
(Optional) enable power supply dying-gasp alarm output and configure the power supply dying-gasp alarm output mode. By default, power supply dying-gasp alarm Syslog output and power supply dying-gasp alarm Trap output are enabled.
Raisecom(config)#hw_monitor temperature { high high-value | low low-value | notifies | syslog }
(Optional) enable temperature alarm output and configure the temperature alarm output mode/temperature alarm threshold. The high-temperature threshold (high-value) must be greater than the low-temperature threshold (lowvalue). By default, temperature alarm Syslog output and temperature alarm Trap output are enabled. The high-temperature threshold is set to 75 C and the low-temperature threshold is set to -10 C.
Raisecom(config)#hw_monitor voltage { notifies | syslog }
(Optional) enable voltage alarm output and configure the voltage alarm output mode/voltage alarm threshold. By default, voltage alarm Syslog output and voltage alarm Trap output are enabled.
The iTN165-CES monitors 3.3 V master chip voltage only. 7

Raisecom(config)#hw_monitor port { link-down | link-fault } { notifies | syslog } interface-type
(Optional) enable interface status alarm output and configure the voltage alarm output mode. By default, only interface link-down alarm Syslog output and interface link-down alarm Trap output are enabled.
interface-list
321
Step 8
Command
Raisecom(config)#clear hw_monitor
Description (Optional) clear alarms manually.
This command can be used to clear all alarms from the current alarm table. In addition an alarm, whose type is all-alarm, is generated in the historical alarm table. If global Trap is enabled, this all-alarm alarm will be output in a Trap form. If global Syslog is enabled, this all-alarm alarm will be output in a Syslog form.
Alarms cannot be generated into Syslog unless global hardware monitoring alarm Syslog output is enabled and Syslog output of monitored alarm events is enabled. Trap cannot be sent unless global hardware monitoring alarm Trap output is enabled and Trap output of monitored alarm events is enabled.
11.5.4 Configuring Layer 3 dying-gasp and link-fault alarms

Step 1 2 Command
Raisecom#config Raisecom(config)#power-down trap enable Raisecom(config)#interface
Description Enter global configuration mode. Enable Layer 3 dying-gasp alarm. By default, Layer 3 dying-gasp alarm is enabled. Enter physical layer interface configuration mode.
interface-type interfacenumber
Raisecom(config-port)#snmp trap link-fault enable
Enable Layer 3 link-fault alarm on the uplink Line interface. By default, Layer 3 link-fault alarm is enabled.

No. 1 Command
Raisecom#show alarm management [ module_name ]
Description Show current alarm parameters. Alarm parameters displayed by this command include alarm inhibition, alarm inverse mode, alarm delay, alarm storage mode, alarm buffer size, and alarm log size. Show alarm management module configurations. Show alarm management module statistics.
2 3
Raisecom#show alarm log Raisecom#show alarm management statistics
322
No. 4
Command
Raisecom#show hw_monitor
Description Show global hardware monitoring alarm configurations. Hardware monitoring information displayed by this command includes global alarm Syslog output, global Trap, power supply dying-gasp alarms, temperature alarms, and voltage alarms.
5 6 7 8
Raisecom#show hw_monitor interface-
type interface-list
Raisecom#show hw_monitor currrent Raisecom#show hw_monitor history Raisecom#show hw_monitor environment [ power | temperature | voltage ] Raisecom#show power-down Raisecom#show alarm active Raisecom#show alarm cleared [ module_name | severity severity ]
Show interface status alarms. Show current hardware monitoring alarms. Show historical hardware monitoring alarms. Show current power supply, temperature, and voltage alarms and current environment information. Show Layer 3 dying-gasp alarm status. Show the current alarm table. Show cleared alarms.
9 10 11
11.6 Configuring CPU protection

Scenario
Because the network environment of the iTN165-CES is complex, the iTN165-CES may be attacked by rogue packets. It consumes a great number of CPU resources to process these packets. This will reduce device performance. What worse, it may cause system crash. To prevent the iTN165-CES from attack, you can limit the number of received packets on an interface to protect the CPU.
Prerequisite
N/A
11.6.2 Configuring CPU protection

Step 1 Command
Raisecom#config
323
Step 2
Command
Raisecom(config)#flood-protect { all | arp | bpdu | icmp } interval interval-
Description Configure the sampling interval for packet. By default, the sampling interval for ARP and ICMP packets is set to 5s and the sampling interval for BPDU packets is set to 1s. Configure the high threshold for packets. In the sampling interval, packets will be dropped when the number of received packets exceeds the threshold. By default, the drop threshold of ARP and BPDU packets is set to 200 and the drop threshold of ICMP packets is set to 300. Configure the low threshold for packets. In the sampling interval, packets will not be dropped when the number of received packets is smaller than the threshold. By default, the low thresholds is set to 40.
second
Raisecom(config)#flood-protect { all | arp | bpdu | icmp } high threshold-
value
Raisecom(config)#flood-protect { all | arp | bpdu | icmp } low threshold-value
Raisecom(config)#flood-protect { all | arp | bpdu | icmp } enable interface-
type interface-list
Enable CPU protection of related packets on an interface. By default, CPU protection of related packets is disabled on the interface.

No. 1 2 Command
Raisecom(config)#show flood-protect Raisecom#show flood-protect interface-type
Description Show CPU protection configurations. Show CPU protection status on an interface.
interface-list
11.7 Configuring CPU monitoring

Scenario
CPU monitoring is used to monitor task status, CPU utilization rate, and stack usage in real time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating a hidden danger, helping the administrator locate the fault quickly.
324
Prerequisite
To output CPU monitoring alarms in a Trap form. You need to configure the IP address of Trap target host on the iTN165-CES, that is, the IP address of the NView NNM system.
11.7.2 Viewing CPU monitoring information

Step 1 Command
Raisecom#show cpu-utilization [ dynamic | history { 10min | 1min | 2hour | 5sec } ] Raisecom#show process [ dead | sorted { normal-priority | process-name } | taskname ] Raisecom#show process cpu [ sorted [ 10min | 1min | 5sec | invoked ] ]
Description Show CPU utilization rate.
Show task status.
Show CPU utilization rate of all tasks.
11.7.3 Configuring CPU monitoring alarm

Step 1 2 Command
Raisecom#config Raisecom(config)#snmp-server traps enable cpu-threshold Raisecom(config)#cpu rising-threshold rising-threshold-value [ fallingthreshold falling-threshold-value ] [ interval interval-value ]
Description Enter global configuration mode. Enable CPU threshold Trap. By default, CPU threshold Trap is disabled. (Optional) configure the upper CPU threshold and lower CPU threshold. The upper CPU threshold must be greater than the lower CPU threshold. By default, the upper CPU threshold is set to 100% and the lower CPU threshold is set to 1%. The sampling interval is set to 60s. After CPU threshold Trap is enabled, in the sampling interval, when the CPU utilization rate is higher than the upper CPU threshold or is smaller than the lower CPU threshold, a Trap is sent automatically.
11.7.4 Checking configruations

No. 1 Command
Raisecom#show cpu-utilization dynamic
Description Show CPU utilization rate and related configurations.
325
11.8 Configuring RMON

Scenario
RMON helps monitor and count network traffics. Compared with SNMP, RMON is a more high-efficient monitoring method. After you specifying the alarm threshold, the iTN165-CES actively sends alarms when the threshold is exceeded without gaining the variable information. This helps reduce the traffic of management and managed devices and facilitates managing the network.
Prerequisite
The route between the iTN165-CES and the Nview NNM system is reachable.
11.8.2 Configuring RMON statistics

Step 1 2 Command
Raisecom#config Raisecom(config)#rmon statistics
Description Enter global configuration mode. Enable RMON statistics on an interface and configure related parameters. By default, RMON statistics is enabled on all interfaces.
interface-type interface-number [ owner owner-name ]
11.8.3 Configuring RMON historical statistics

Step 1 2 Command
Raisecom#config Raisecom(config)#rmon history
Description Enter global configuration mode. Enable RMON historical statistics on an interface and configure related parameters. By default, RMON historical statistics is disabled on all interfaces.
interface-type interface-number [ shortinterval period ] [ longinterval period ] [ buckets buckets-number ] [ owner string ]
11.8.4 Configuring RMON alarm group

Step 1 2
Raisecom#config Raisecom(config)#rmon alarm alarm-id mibvar [ interval second ] { delta | absolute } risingthreshold rising-num [ rising-event ] fallingthreshold falling-num [ falling-event ] [ owner owner-name ]
Command
Description Enter global configuration mode. Configure parameters related to the RMON alarm group.
326
11.8.5 Configuring RMON event group

Step 1 2
Raisecom#config Raisecom(config)#rmon event event-id [ log ] [ trap ] [ description string ] [ ownerowner-name ]
Command
Description Enter global configuration mode. Configure parameters related to the RMON event group.

Raisecom#show rmon Raisecom#show rmon alarms Raisecom#show rmon events Raisecom#show rmon statisttics Raisecom#show rmon history interface-type
Description Show RMON configurations. Show RMON alarm group information. Show RMON event group information. Show RMON statistics group information. Show RMON history group information.
interface-list
11.9 Configuring optical module DDM

Scenario
Optical module DDM provides a method for monitoring SFP performance parameters. By analyzing monitored data provided by the optical module, the administrator can predict the SFP module lifetime, isolate system faults, as well as verify the compatibility of the optical module.
Prerequisite
N/A
11.9.2 Enabling optical module DDM

Step 1 2 Command
Raisecom#config Raisecom(config)#transceiver ddm enable
Description Enter global configuration mode. Enable optical module DDM. By default, optical module DDM is disabled.
327
Step 3 4
Command
Raisecom#interface interface-type
Description Enter physical layer interface configuration mode. Enable optical module password-check on an interface. By default, optical module password-check is enabled.
interface-number
Raisecom(config-port)#transceiver check-password enable
11.9.3 Enabling optical module parameter anomaly Trap

Step 1 2 Command
Raisecom#config Raisecom(config)#snmp-server trap transceiver enable
Description Enter global configuration mode. Enable optical module parameter anomaly Trap. By default, optical module parameter anomaly Trap is disabled. Enter physical layer interface configuration mode.
interface-type interfacenumber
Raisecom(configport)#transceiver trap enable
Enable optical module DDM Trap on an interface. By default, optical module DDM Trap is enabled.

No. 1 2 3 4 Command
Raisecom#show transceiver [interface-type interface-number history { 15m | 24h } ] Raisecom#show transceiver ddm interfacetype interface-list [ detail ] Raisecom#show transceiver information
Description Show historical information about optical module DDM. Show optical module DDM information. Show the optical module information. Show the voltage threshold.
Raisecom#show transceiver thresholdviolations interface-type interface-list
11.10 Configuring Loopback

Scenario
The network maintenance engineers can detect and analyze interface and network faults through interface loopback.
Ingress packets and egress packets are defined as below:

Ingress packets: test packets received by an interface Egress packets: test packets return to the peer device through an interface
Prerequisite
When the current interface is in Forwarding status, packets entering the interface can be properly forwarded or transmitted to the CPU.
11.10.2 Configuring parameters of interface loopback rules

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure the parameter for enabling the loopback rule based on the destination/source MAC address. The parameter is set to the destination/source MAC address. Configure the parameter for enabling the loopback rule based on the CVLAN ID/SVLAN ID. The parameter is set to the CVLAN ID/SVLAN ID. Configure the parameter for enabling the loopback rule based on the DIP/SIP. The parameter is set to the DIP/SIP.
Raisecom(config-port)#loopback { dmac | smac } mac-address
Raisecom(config-port)#loopback { cvlan | svlan } vlan-id
Raisecom(config-port)#loopback { dip | sip } ip-address
The first 3 bytes of the destination MAC address cannot be set to 0x0180C2. The source MAC address cannot be a multicast/broadcast MAC address.
11.10.3 Configuring source/destination MAC address translation

Step 1 2 Command
Raisecom#config Raisecom(config)#loopback localmac mac-
Description Enter global configuration mode. (Optional) configure the local MAC address. By default, the local MAC address is the one of the current device. (Optional) configure the source MAC address translation rule of unicast loopback packets. By default, the source MAC address of the unicast loopback packets is changed to the local MAC address.
address
Raisecom(config)#loopback unicast-smac { localmac | swap }
Step 4
Command
Raisecom(config)#loopback dmac-swap enable
Description Enable destination MAC address translation of multicast and broadcast packet.
Unicast source MAC address translation: for unicast packets, which enter the interface and meet loopback rules and parameters, you can perform source MAC address translation. Their source MAC address is changed to the local MAC address of the current device or other destination MAC addresses. Multicast/Broadcast destination MAC address translation: for multicast and broadcast packets, which enter the interface and meet loopback rules and parameters, you can perform destination MAC address translation as required. You can configure changing their destination MAC address to the local MAC address of the current device.
11.10.4 Configuring destination IP address translation

Step 1 2 Command
Raisecom#config Raisecom(config)#loopback localip ip-
Description Enter global configuration mode. (Optional) configure the local IP address. By default, the local IP address is set to 127.0.0.1.
address
The source IP address of all loopback egress packets is changed to the local IP address. 3
Raisecom(config)#loopback dip-swap enable
Enable destination IP address translation of multicast IP packets. By default, destination IP address translation is enabled.
Multicast destination IP address translation: for multicast IP packets, which enter the interface and meet loopback rules, you can perform destination IP address translation as required. After multicast destination IP address translation is enabled, the destination IP address is changed to the source IP address of the ingress packets. The source IP address of loopback egress packets is changed to the source IP address (local IP address) of the current device. Broadcast destination IP address translation: the destination IP address of loopback egress packets is always changed to the source IP address of ingress packets.
330
11.10.5 Enabling loopback by selecting loopback rule
Loopback may influence normal services. Be careful to perform it. After loopback detection, disable loopback immediately. Otherwise, normal services fail. Command Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure the rule for enabling interface loopback. By default, loopback is performed on all packets. The timeout is set to 0, which indicates that the interface is always in loopback status. Enable interface loopback. By default, interface loopback is disabled.
Step 1 2 3
Raisecom(config-port)#loopback mode { cvlan | dip | dmac | dvlan | sip | sip-dip | smac | svlan } [ timeout time-out-second ]
Raisecom(config-port)#loopback [ timeout timeout-minute ]

No. 1 Command
Raisecom#show interface interface-type interface-list loopback
Description Show interface loopback configurations.
11.11 Configuring extended OAM

Scenario
Extended OAM is mainly used to establish connection between local and remote devices to manage remote devices.
Prerequisite
N/A
331
11.11.2 Establishing OAM links

Raisecom#config Raisecom(config)#oam { active | passive } Raisecom(config)#interface interface-
Description Enter global configuration mode. Configure the OAM working mode. By default, the OAM working mode is set to passive. Enter physical layer interface configuration mode. Enable OAM on an interface.
Raisecom(config-port)#oam enable

No. 1 2 Command
Raisecom#show extended-oam status [ interfacetype interface-list ] Raisecom#show extended-oam statistics interface-
Description Show extended OAM link status. Show extended OAM frame statistics.
11.12 Configuring LLDP

Scenario
When you obtain connection information between devices through the NView NNM system for topology discovery, you need to enable LLDP on the iTN165-CES. Therefore, the iTN165-CES can notify its information to the neighbours mutually, and store neighbour information to facilitate the NView NNM system querying information.
Prerequisite
N/A
11.12.2 Enabling global LLDP
After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP cannot be enabled unless the restart timer times out. Step 1 Command
Raisecom#config
332
Step 2
Command
Raisecom(config)#lldp enable
Description Enable global LLDP. By default, global LLDP is disabled.
11.12.3 Enabling interface LLDP

Step 1 2 3 Command
Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable interface LLDP. By default, interface LLDP is enabled. You can use the lldp disable command to disable interface LLDP.
Raisecom(config-port)#lldp enable
Raisecom(config-port)#lldp destaddress mac-address
Specify the destination MAC address of packets sent by the interface.
11.12.4 Configuring basic functions of LLDP
We recommend configuring the LLDP delivery period in advance. The delivery period and delivery delay are interact on each other. The delivery delay must be smaller than or equal to 0.25 delivery period. Otherwise, configuration fails. The LLDP delivery delay should be smaller than the aging time. The aging time = aging coefficient delivery period. Command Description Enter global configuration mode. (Optional) configure the period timer of the LLDP packet. By default, the period timer of the LLDP packet is set to 30s. (Optional) configure the delay timer of the LLDP packet. By default, the delay timer of the LLDP packet is set to 2s. (Optional) configure the aging coefficient of the LLDP packet. By default, the aging coefficient of the LLDP packet is set to 4. (Optional) configure the restart timer. After global LLDP is disabled, it cannot be enabled unless the restart timer times out. By default, the restart timer is set to 2s.
Step 1 2
Raisecom#config Raisecom(config)#lldp messagetransmission interval period Raisecom(config)#lldp messagetransmission delay period Raisecom(config)#lldp messagetransmission hold-multiplier
coefficient
Raisecom(config)#lldp restartdelay period
333
11.12.5 Configuring LLDP alarm

When the network changes, you need to enable LLDP Trap to send topology update Trap to the NView NNM system immediately. Step 1 2 3 Command
Raisecom#config Raisecom(config)#snmp-server lldptrap enable Raisecom(config)#lldp trap-interval
Description Enter global configuration mode. Enable LLDP Trap. (Optional) configure the LLDP Trap period timer . By default, the LLDP Trap period timer is set to 5s.
second
After enabled with LLDP Trap, the iTN165-CES will send Traps after detecting aged neighbours, newly-added neighbours, and changed neighbour information.

No. 1 2 3 4 Command
Raisecom#show lldp local config Raisecom#show lldp local system-data [ interface-type interface-number ] Raisecom#show lldp remote [ interface-type interface-number ] [ detail ] Raisecom#show lldp statistic [interface-type interface-number ]
Description Show LLDP local configurations. Show LLDP local system information. Show LLDP neighbor information. Show LLDP packet statistics.
11.13 Configuring fault detection

11.13.1 Viewing device status
When the iTN165-CES fails, you can locate the fault by viewing the device status. The iTN165-CES supports viewing the current power supply, temperature, and voltage information. Step 1 Command
Raisecom#show environment [ power | temperature | voltage ]
Description Show current power supply, temperature, and voltage alarms and current environment information.
334
11.13.2 Configuring task scheduling

When you need to use some commands to perform periodical maintenance on the iTN165CES, you can configure task scheduling. The iTN165-CES supports achieving task scheduling through the schedule list and CLI. You can use commands to perform periodical operation just by specifying the begin time, period, and end time of a specified task in the schedule list and bind the schedule list to the CLI. Step 1 2
Raisecom#config Raisecom(config)#schedule-list list-number start { date-time month-day-year hour:minute:second [ every { day | week | period hour:minute:second } ] stop month-day-year hour:minute:second | up-time period hour:minute:second [ every period hour:minute:second ] [ stop periodhour:minute:second ] } Raisecom(config)#command-string schedule-list
Command
Description Enter global configuration mode. Create and configure the schedule list.
list-number
Bind the CLIs, which need to be performed periodically and support the schedule list, to the schedule list. Show schedule list configurations.
Raisecom#show schedule-list
11.13.3 PING and Traceroute

PING
Step 1 Command
Raisecom#ping ip-address [ count count ] [ size size ] [ waittime period ]
Description (Optional) use the ping command to test IPv4 network connectivity.
The iTN165-CES cannot perform other operations in the process of Ping. It can perform other operations only when Ping is finished or Ping is broken off by pressing Ctrl + C.
Traceroute
Before using Traceroute, you should configure the IP address and default gateway of the iTN165-CES. Step 1
Raisecom#config
Command
335
Step 2 3 4 5 6
Command
Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ip-address [ ip-mask ] vlan-id Raisecom(config-ip)#exit
Description Enter layer 3 interface configuration mode. Configure the IP address of the interface. Exit from Layer 3 interface configuration mode and enter global configuration mode. Configure the default gateway. Exit from global configuration mode and enter privileged EXEC configuration mode. (Optional) use the traceroute command to test the IPv4 network connectivity and view nodes passed by the packet.
Raisecom(config)#ip default-gateway ip-
address
Raisecom(config)#exit
Raisecom#traceroute ip-address [ firstttl first-ttl ] [ maxttl max-ttl ] [ port portnumber ] [ waittime period ] [ count times ]
11.14 Maintenance
Command
Raisecom(config)#clear lldp statistic { interface-type interface-number | port-channel port-channel-number} Raisecom(config)#clear lldp remote-table [ interface-type interface-number ] Raisecom(config)#clear rmon
Description Clear LLDP statistics. Clear LLDP neighbour information. Clear all RMON configurations.

11.15.1 Examples for configuring RMON alarm group
As shown in Figure 11-7, the iTN165-CES is the Agent, which is connected to the terminal through the Console interface and is connected to the NView NNM system through the Internet. Enable RMON statistics on the iTN165-CES to execute performance statistics on client 1. During a period, when the number of packets received by the interface exceeds the configured threshold, the iTN165-CES records a log and sends a Trap to the NView NNM system.
336
Figure 11-7 Configuring RMON alarm group
Configuration steps
Step 1 Create event group 1. Event group 1 is used to record and send the log which contains the string High-ifOutErrors. The owner of the log is set to system.
Raisecom#config Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system
Step 2 Create alarm group 10. Alarm group 10 is used to monitor the MIB variable (1.3.6.1.2.1.2.2.1.20.1) every 20 seconds. If the value of the variable is added by 15 or greater, a Trap is triggered. The owner of the Trap is also set to system.
Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta rising-threshold 15 1 falling-threshold 0 owner system
Raisecom#write
Checking results
Use the show rmon alarms command to show RMON alarm group information.
Raisecom#show rmon alarms Alarm 10 is active, owned by system Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds Taking delta samples, last value was 0 Rising threshold is 15, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising and falling alarm
337
Use the show rmon events command to show RMON event group information.
Raisecom#show rmon events Event 1 is active, owned by system Event generated at 0:0:0 Send TRAP when event is fired.
When an alarm event is triggered, you can view related records at the alarm management dialog box of the NView NNM system.
11.15.2 Examples for configuring LLDP basic functions

As shown in Figure 11-8, iTN A and iTN B are connected to the NView NNM system. Enable LLDP on links between iTN A and iTN B. And then you can query the Layer 2 link changes through the NView NNM system. If the neighbour is aged, added, or changed, iTN A and iTN B send LLDP alarm to the NView NNM system. Figure 11-8 Configuring LLDP basic functions
Configuration steps
Step 1 Enable global LLDP and enable LLDP alarm.
Configure iTN A.
Raisecom#hostname iTNA iTNA#config iTNA(config)#lldp enable iTNA(config)#snmp-server lldp-trap enable
338
Configure iTN B.
Raisecom#hostname iTNB iTNB#config iTNB(config)#lldp enable iTNB(config)#snmp-server lldp-trap enable
Step 2 Configure management IP addresses.
Configure iTN A.
iTNA(config)#create vlan 1024 active iTNA(config)#interface client 1 iTNA(config-port)#switchport access vlan 1024 iTNA(config-port)#exit iTNA(config)#interface ip 1 iTNA(config-ip)#ip address 10.10.10.1 1024
Configure iTN B.
iTNB(config)#create vlan 1024 active iTNB(config)#interface client 1 iTNB(config-port)#switchport access vlan 1024 iTNB(config)#interface ip 1 iTNB(config-ip)#ip address 10.10.10.2 1024
Step 3 Configure LLDP properties.
Configure iTN A.
iTNA(config)#lldp message-transmission interval 60 iTNA(config)#lldp message-transmission delay 9 iTNA(config)#lldp trap-interval 10
Configure iTN B.
iTNA(config)#lldp message-transmission interval 60 iTNA(config)#lldp message-transmission delay 9 iTNA(config)#lldp trap-interval 10


iTNA#write
iTNB#write
Checking results
Use the show lldp local config command to show local configurations.
iTNA#show lldp local config System configuration: ------------------------------------------------------------------------LLDP enable status: enable (default is disabled) LLDP enable ports: 1-6 LldpMsgTxInterval: 60 (default is 30s) LldpMsgTxHoldMultiplier:4 (default is 4) LldpReinitDelay: 2 (default is 2s) LldpTxDelay: 2 (default is 2s) LldpNotificationInterval: 5 (default is 5s) LldpNotificationEnable: enable (default is 0180.c200.000e) ------------------------------------------------------------line1 : destination-mac:0180.C200.000E line2 : destination-mac:0180.C200.000E client1 : destination-mac:0180.C200.000E client2 : destination-mac:0180.C200.000E client3 : destination-mac:0180.C200.000E client4 : destination-mac:0180.C200.000E client5 : destination-mac:0180.C200.000E client6 : destination-mac:0180.C200.000E iTNB#show lldp local config System configuration: ------------------------------------------------------------------------LLDP enable status: enable (default is disabled) LLDP enable ports: 1 LldpMsgTxInterval: 60 (default is 30s) LldpMsgTxHoldMultiplier:4 (default is 4) LldpReinitDelay: 2 (default is 2s) LldpTxDelay: 9 (default is 2s) LldpNotificationInterval: 10 (default is 5s) LldpNotificationEnable: enable (default is 0180.C200.000E) ------------------------------------------------------------line1 : destination-mac:0180.C200.000E line2 : destination-mac:0180.C200.000E client1 : destination-mac:0180.C200.000E client2 : destination-mac:0180.C200.000E client3 : destination-mac:0180.C200.000E client4 : destination-mac:0180.C200.000E
340
Use the show lldp remote command to show neighbour information.
iTNA#show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime ------------------------------------------------------------------------client 1000E.5E02.B010 client1 iTNB 10.10.10.2 106 iTNB#show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime ------------------------------------------------------------------------client 1000E.5E12.F120 client1 iTNA 10.10.10.1 106
11.15.3 Examples for outputting system logs to log host

As shown in Figure 11-9, configure system log to output system logs of the iTN165-CES to the log host, facilitating view them at any time. Figure 11-9 Outputting system logs to log host
Configuration steps
Step 1 Configure the IP address of the iTN165-CES.
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address 20.0.0.6 255.0.0.0 1 Raisecom(config-ip)#exit
Step 2 Output system logs to the log host.
Raisecom(config)#logging Raisecom(config)#logging Raisecom(config)#logging Raisecom(config)#logging
on time-stamp log datetime rate-limit 2 host 20.0.0.168 warnings
341

Raisecom#write
Checking results
Use the show logging command to show system log configurations.
Raisecom#show logging Syslog logging: enable Dropped Log messages: 0 Dropped debug messages: 0 Rate-limited: 2 messages per second Logging config: disable Logging config level: informational(6) Squence number display: disable Log time stamp: datetime Debug time stamp: none Log buffer size: 4kB Debug level: low Syslog history logging: disable Syslog history table size:1 Dest Status Level LoggedMsgs DroppedMsgs Discriminator ------------------------------------------------------------------------buffer disable informational(6) 0 0 0 console enable informational(6) 2 0 0 trap disable warnings(4) 0 0 0 file disable warnings(4) 0 0 0 monitor disable informational(6) 0 0 0 Log host information: Max number of log server: 10 Current log server number: 1
View whether the log information is displayed on the terminal emulation Graphical User Interface (GUI) of the PC.
07-01-2008 11:31:28Local0.Debug 20.0.0.6JAN 01 10:22:15 iTN165: CONFIG-7CONFIG:USER " raisecom " Run " logging on " 07-01-2008 11:27:41Local0.Debug 20.0.0.6JAN 01 10:18:30 iTN165: CONFIG-7CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 " 07-01-2008 11:27:35Local0.Debug 20.0.0.10 JAN 01 10:18:24 iTN165: CONFIG-7CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.1 1 " 07-01-2008 11:12:43Local0.Debug 20.0.0.10 JAN 01 10:03:41 iTN165: CONFIG-7CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 " 07-01-2008 11:12:37Local0.Debug 20.0.0.10 JAN 01 10:03:35 iTN165: CONFIG-7CONFIG:USER " raisecom " Run " logging on"
342
11.15.4 Examples for configuring hardware monitoring alarm output

As shown in Figure 11-10, configure hardware monitoring to monitor the temperature of the iTN165-CES. When the temperature value exceeds the threshold, an alarm is generated and is reported to the NView NNM system in a Trap form, notifying users to take related actions to prevent the fault. Figure 11-10 Configuring hardware monitoring alarm output
Configuration steps
Step 1 Configure the IP address of the iTN165-CES.
Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address 20.0.0.6 255.255.255.0 1 Raisecom(config-ip)#exit
Step 2 Enable Trap.
Raisecom(config)#snmp-server enable traps Raisecom(config)#snmp-server host 20.0.0.1 version 2c public
Step 3 Enable global hardware monitoring alarm Trap.
Raisecom(config)#snmp-server trap hw_monitor enable
Step 4 Configure temperature monitoring.
Raisecom(config)#hw_monitor temperature notifies Raisecom(config)#hw_monitor temperature high 50 Raisecom(config)#hw_monitor temperature low 20
343
Raisecom#write
Checking results
Use the show snmp config command to show Trap configurations.
Raisecom#show snmp config Contact information: support@Raisecom.com Device location : World China Raisecom SNMP trap status: enable SNMP engine ID: 800022B603000E5E156789
Use the show snmp host command to show Trap target host configurations.
Raisecom(config)#show snmp host Index: 0 IP family: IPv4 IP address: 20.0.0.1 Port: 162 User Name: public SNMP Version: v2c Security Level: noauthnopriv TagList: bridge config interface rmon snmp ospf
Use the show hw_monitor command to show hardware monitoring alarm configurations.
Raisecom#show hw_monitor Traps alarm: Syslog alarm:
Enabled Disabled
Power Supply Notifies: Enabled Syslog: Enabled Temperature High threshold(Celsius): 50 Low threshold(Celsius): 20 Notifies: Enabled Syslog: Enabled Voltage High threshold: 3460mV Low threshold: 3150mV Notifies: Enabled Syslog: Enabled
344
12 Appendix
12
12.1 Terms
Appendix
This chapter describe terms and abbreviations involved in this guide, including the following sections:

Terms Abbreviations
C Connectivity Fault Management (CFM) Control Word A standard defined by IEEE. It defines protocols and practices for OAM (Operations, Administration, and Maintenance) for paths through 802.1 bridges and local area networks (LANs). Used to diagnose fault for EVC (Ethernet Virtual Connection). Cost-effective by fault management function and improve Ethernet maintenance. The control word is a 4-byte TDM service data encapsulation packet header, used for circuit emulation services. The control word is mainly used to indicate a packet sequence number, link faults, shorter encapsulation packet, and encapsulation packet type.
E Encapsulation A technology used by the layered protocol. When the lower protocol receives packets from the upper layer, it will map packets to the data of the lower protocol. The outer layer of the data is encapsulated with the lower layer overhead to form a lower protocol packet structure. For example, an IP packet from the IP protocol is mapped to the data of 802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame header to form a VLAN frame structure. A protocol based on ITU-T G.8031 APS (Automatic Protection Switching) to protect an Ethernet connection. It is a kind of end-to-end protection technology. Including two linear protection modes: linear 1:1 protection switching and linear 1+1 protection switching.
Ethernet Linear Protection Switching (ELPS)
345
12 Appendix
Ethernet Ring Protection Switching (ERPS)
An APS (Automatic Protection Switching) protocol based on ITU-T G.8032 Recommendation to provide backup link protection and recovery switching for Ethernet traffic in a ring topology and at the same time ensuring that there are no loops formed at the Ethernet layer.
F Failover Provide a port association solution, extending link backup range. Transport fault of upper layer device quickly to downstream device by monitoring upstream link and synchronize downstream link, then trigger switching between master and standby device and avoid traffic loss.
J Jitter Buffer When packets are transmitted in the PSN, delay will be generated, which influence the performance of emulation services. The Jitter Buffer can be used to reduce the influence caused by delay. Jitter Buffer is used to contain earlier or later-received packets. Requirements are introduced to the distribution of Jitter Buffer capacity. If the capacity is too larger, the buffer overflow can be prevented. However, longer delay will be generated. If the capacity is too small, it will cause buffer overflow. Therefore, you should set an appropriate value for the Jitter Buffer capacity.
L Link Aggregation A computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.
M Mobile Backhaul Solve communication problem from BTS to BSC for 2G, NodeB to RNC for 3G. Mobile backhaul for 2G focuses on voice service, not request high bandwidth, implemented by TDM microwave or SDH/PDH device. In 3G times, lots of data service as HSPA, HSPA+, etc concerning to IP service, voice is changing to IP as well, namely IP RAN, to solve problem of IP RAN mobile backhaul is solving whole network backhaul, satisfying both data backhaul and voice transportation over IP (clock synchronization).
346
12 Appendix
QinQ
QinQ is (also called Stacked VLAN or Double VLAN) extended from 802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag for client private packets at carrier access end; the packets take double VLAN Tag passing through trunk network (public network). In public network, packets only transmit according to outer VLAN Tag, the private VLAN Tag are transmitted as data in packets.
S SyncE A technology adopts Ethernet link codes recover clock, similar to SDH clock synchronization quality, SyncE provides frequency synchronization of high precision. Unlike traditional Ethernet just synchronize data packets at receiving node, SyncE implements real-time synchronization system for inner clock.
12.2 Abbreviations
A AC ACL APS ASIC ATM Attachment Circuit Access Control List Automatic Protection Switching Application Specific Integrated Circuit Asynchronous Transfer Mode
B BC Boundary Clock
C CAS CCS CDMA2000 CE CES CESoPSN CFM CoS Channel Associated Signaling Common Channel Signaling Code Division Multiple Access 2000 Customer Edge Circuit Emulation Service Circuit Emulation Services over Packet Switch Network Connectivity Fault Management Class of Service
347
12 Appendix
CR-LDP
Constraint-Routing Label Distribution Protocol
D DoS DRR DSCP DUT Deny of Service Deficit Round Robin Differentiated Services Code Point Device Under Test
E EFM ELPS ERPS EVC Ethernet in the First Mile Ethernet Linear Protection Switching Ethernet Ring Protection Switching Ethernet Virtual Connection
F FEC FIB FTP FR Forwarding Equivalence Class Forwarding Information Base File Transfer Protocol Frame Relay
G GACH GARP GPS GSM GVRP Generic Associated Channel Generic Attribute Registration Protocol Global Positioning System Global System for Mobile Communications GARP VLAN Registration Protocol
I IANA IEEE IETF IGMP IGMP Snooping Internet Assigned Numbers Authority Institute of Electrical and Electronics Engineers Internet Engineering Task Force Internet Group Management Protocol Internet Group Management Protocol Snooping
348
12 Appendix
IP ITU-T
Internet Protocol International Telecommunications Union - Telecommunication Standardization Sector
L LACP LBM LBR LDP LER LLDP LLDPDU LOS LTM LSR LSA LTR Link Aggregation Control Protocol LoopBack Message LoopBack Reply Label Distribution Protocol Label Edge Router Link Layer Discovery Protocol Link Layer Discovery Protocol Data Unit Loss of Signal LinkTrace Message Label Switching Router Link Status Advertisement LinkTrace Reply
M MA MAC MAN MD MEF MEG MEP MIB MIP MP-BGP MPLS MSTI MSTP MTU Maintenance Association Medium Access Control Metro Area Network Maintenance Domain Metro Ethernet Forum Maintenance Entity Group Maintenance associations End Point Management Information Base Maintenance association Intermediate Point Multiprotocol Extensions for Border Gateway Protocol Multiprotocol Label Switching Multiple Spanning Tree Instance Multiple Spanning Tree Protocol Maximum Transfered Unit
349
12 Appendix
MVR
Multicast VLAN Registration
N NNM Network Node Management
O OAM OC OOS Operation, Administrationand Management Ordinary Clock Out of Service
P PC PE PPP PSN PTP PW PWE3 Personal Computer Provider Edge Point to Point Protocol Packet Switched Network Precision Time Protocol Pseudo Wire Pseudo Wire Emulation Edge-to-Edge
Q QoS Quality ofService
R RADIUS RMON RMEP RNC RSTP RSVP-TE RTP S SAToP SES Structure-Agnostic TDM over Packet Severely Errored Second Remote Authentication Dial In User Service Remote Network Monitoring Remote Maintenance association End Point Radio Network Controller Rapid Spanning Tree Protocol Resource Reservation Protocol Traffic Engineering Real-time Transport Protocol
350
12 Appendix
SFP SLA SNMP SNTP SP SSHv2 STP
Small Form-factor Pluggables Service Level Agreement Simple Network Management Protocol Simple Network Time Protocol Strict-Priority Secure Shell v2 Spanning Tree Protocol
T TACACS+ TC TCP TD-SCDMA TDM TDMoP TFTP TLV ToS Terminal Access Controller Access Control System Transparent Clock Transmission Control Protocol Time Division-Synchronous Code Division Multiple Access Time Division Multiplex Time Division Multiplex over Packet Trivial File Transfer Protocol TypeLengthValue Type of Service
V VLAN VPN Virtual Local Area Network Virtual Private Network
W WAN WCDMA WRR Wide Area Network Wideband Code Division Multiple Access Weight Round Robin
351
Address: Building 2, No. 28, Shangdi 6th Street, Haidian District, Beijing, P.R.China. Postal code: 100085 Tel: +86-10-82883305 Fax: 8610-82883056 http://www.raisecom.com Email: export@raisecom.com

iTN165-CES (A) Configuration Guide (Rel - 01)

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

iTN165-CES (A) Configuration Guide (Rel - 01)

Загружено:

Авторское право:

Доступные форматы

www.raisecom.

iTN165-CES (A) Configuration Guide (Rel_01)

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom iTN165-CES (A) Configuration Guide

2.13.9 Examples for configuring port mirroring ............................................................................................ 75

3 Clock synchronization ............................................................................................................... 77

Raisecom iTN165-CES (A) Configuration Guide

5 TDMoP ........................................................................................................................................ 130

6 Network reliability ................................................................................................................... 154

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

7 DHCP Client .............................................................................................................................. 201

8 OAM ............................................................................................................................................ 209

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom iTN165-CES (A) Configuration Guide

10 QoS ............................................................................................................................................. 268

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

11 System management and maintenance............................................................................... 296

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom iTN165-CES (A) Configuration Guide

12 Appendix .................................................................................................................................. 345

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom>enable Password: Raisecom#

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Access Control List (ACL) configuration

Aggregation group configuration Clock configuration

Raisecom Technology Co., Ltd.

Raisecom iTN165-CES (A) Configuration Guide

Keystroke Press the Tab key.

1.1.5 Flitering commands

Raisecom iTN165-CES (A) Configuration Guide

1.1.6 Viewing command history