2.5. IES Services Command Reference

This section describes the IES services command reference.

2.5.1. Command Hierarchies

2.5.1.1. Global Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id] [name name]
— no ies service-id
description description-string
expiry-time expiry-time
[no] shutdown
[no] shutdown

2.5.1.2. IES Service Interface Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id] [name name]
interface ip-int-name [create]
interface ip-int-name [create] tunnel
— no interface ip-int-name
address {ip-address/mask | ip-address netmask} [broadcast [all-ones | host-ones] [track-srrp srrp-instance]
— no address [ip-address/mask | ip-address netmask]
arp-limit limit [log-only] [threshold percent]
— no arp-limit
[no] arp-populate
arp-retry-timer timer-multiple
arp-timeout seconds
— no arp-timeout [seconds]
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}]
— no sampling {unicast | multicast}
cpu-protection policy-id
description long-description-string
dhcp
description description-string
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate [nbr-of-leases]
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
— no circuit-id
remote-id [mac | string string]
— no remote-id
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
emulated-server ip-address
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [override]
— no lease-time
[no] shutdown
python-policy policy-name
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
server server1 [server2]
— no server
[no] shutdown
[no] trusted
[no] flowspec
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm} [timeout retry-timeout] [retry-count count]]
icmp
[no] mask-reply
param-problem number seconds
— no param-problem [number seconds]
redirects [number seconds]
— no redirects
ttl-expired [number seconds]
unreachables [number seconds]
[no] admin-group group-name [group-name]
— no admin-group
[no] srlg-group group-name [group-name ]
— no srlg-group
ip-helper-address gateway-address
ip-mtu octets
— no ip-mtu
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
— no dns [ip-address] [secondary ip-address]
peer-ip-address ip-address
[no] ipv6
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
— no address ipv6-address/prefix-length
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
[no] dad-disable
[no] dhcp6-relay
description description-string
lease-populate [nbr-of-leases] route-populate [pd] na [ta]
lease-populate [nbr-of-leases] route-populate pd [na] [ta] [exclude]
lease-populate [nbr-of-leases] route-populate [pd] [na] ta
link-address ipv6-address
[no] option
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
[no] remote-id
python-policy policy-name
server ipv6-address [ipv6-address ...(up to 8 max)]
— no server [ipv6-address ...(up to 8 max)]
[no] shutdown
source-address ipv6-address
[no] dhcp6-server
max-nbr-of-leases max-nbr-of-leases
[no] prefix ipv6-address/prefix-length
duid duid [iaid iaid]
— no duid
preferred-lifetime seconds
preferred-lifetime infinite
valid-lifetime seconds
valid-lifetime infinite
[no] shutdown
icmp6
packet-too-big [number seconds]
param-problem [number seconds]
redirects [number seconds]
— no redirects
time-exceeded [number seconds]
unreachables [number seconds]
link-local-address ipv6-address [dad-disable]
nd-learn-unsolicited {global | link-local | both}
nd-proactive-refresh {global | link-local | both}
nd-route-tag tag
neighbor ipv6-address mac-address
— no neighbor ipv6-address
— no neighbor-limit limit [log-only] [threshold percent]
proxy-nd-policy policy-name [policy-name]
[no] qos-route-lookup [source | destination]
[no] secure-nd
link-local-modifier modifier
[no] shutdown
stale-time seconds
— no stale-time
tcp-mss mss-value
— no tcp-mss
[no] urpf-check
mode {strict | loose | strict-no-ecmp}
— no mode
[no] urpf-check
egr-ip-load-balancing {source | destination | inner-ip}
[no] loopback
[no] mac ieee-address
multicast-network-domain multicast-network-domain
[no] proxy-arp-policy policy-name [policy-name]
[no] ptp-hw-assist
qos-route-lookup [source | destination]
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary ip-address
shcv-policy-ipv4 policy-name
shcv-policy-ipv6 policy-name
[no] shutdown
static-arp ieee-mac-addr unnumbered
— no static-arp unnumbered
tcp-mss mss-value
— no tcp-mss
tos-marking-state {trusted | untrusted}
unnumbered [ip-int-name | ip-address]
— no unnumbered
[no] urpf-check
mode {strict | loose | strict-no-ecmp}
— no mode
vas-if-type {to-from-access | to-from-network | to-from-both}

2.5.1.3. Routed VPLS Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
interface ip-interface-name [create]
— no interface-interface-name
vpls service-name
— no vpls
egress
reclassify-using-qos policy-id
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id
v4-routed-override-filter ipv4-filter-id
v6-routed-override-filter ipv6-filter-id

2.5.1.4. Redundant Interface Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] redundant-interface ip-int-name
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
— no address
description long-description-string
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
[no] shutdown
— no spoke-sdp sdp-id:vc-id
egress
filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
vc-label egress-vc-label
— no vc-label [egress-vc-label]
filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]

2.5.1.5. Interface SAP Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] interface ip-int-name
[no] sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | ip-mac}
— no anti-spoof
app-profile app-profile-name
atm
egress
traffic-desc traffic-desc-profile-id
encapsulation atm-encap-type
traffic-desc traffic-desc-profile-id
oam
[no] alarm-cells
bandwidth bandwidth
— no bandwidth
calling-station-id calling-station-id
[no] collect-stats
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
description long-description-string
dist-cpu-protection policy-name
egress
[no] agg-rate
rate {max | rate}
— no rate
filter [ip ip-filter-id]
filter [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
packet-byte-offset {add add-bytes | subtract sub-bytes}
queue queue-id
— no queue queue-id
mbs size {[bytes | kilobytes] | default}
— no mbs
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name allowable
wrr-weight weight
— no wrr-weight
secondary-shaper secondary-shaper-name
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
policer policer-id [create]
— no policer policer-id
source ip-address
remote-ip ip-address
backup-remote-ip ip-address
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
hs-secondary-shaper policy-name
hs-wrr-group group-id [create]
— no hs-wrr-group group-id
class-weight weight
percent-rate percent
rate rate
— no rate
[no] queue queue-id
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
avg-frame-overhead percentage
burst-limit {default | size [bytes | kilobytes]}
cbs size-in-kbytes
— no cbs
hs-class-weight weight
hs-wred-queue policy slope-policy-name
hs-wrr-weight weight
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
[no] ccm-padding-size ccm-padding
[no] description
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
[no] shutdown
[no] squelch-ingress-levels [md-level [md-level…]]
tunnel-fault [accept | ignore]
pppoe service-id
— no pppoe
[no] frf-12
ete-fragment-threshold fragment-threshold
[no] interleave
[no] scheduling-class class-id
host-lockout-policy policy-name
[no] host-shutdown
filter [ip ip-filter-id]
filter [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
match-qinq-dot1p {top | bottom}
policer policer-id [create]
— no policer policer-id
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
[no] queue queue-id
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
avg-frame-overhead percentage
cbs size-in-kbytes
— no cbs
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
ip-tunnel [create]
— no ip-tunnel name
backup-remote-ip ip-address
[no] clear-df-bit
delivery-service service-id
description description-string
[no] dest-ip ip-address
dscp dscp-name
— no dscp
[no] gre-header
ip-mtu octets
— no ip-mtu
reassembly [wait-msecs]
— no reassembly
remote-ip ip-address
— no remote-ip
[no] shutdown
source ip-address
— no source
[no] ipsec-gw
cert
cert-profile name
default-result {revoked | good}
primary primary secondary secondary
trust-anchor-profile file-name
default-secure-service service-id interface ip-int-name
default-secure-service name service-name interface ip-int-name
default-tunnel-template ipsec template identifier
local-gateway-address ip-address
local-id type {ipv4 v4address | fqdn fqdn-value}
[no] shutdown
lag-link-map-profile lag-link-map-profile-id
lag-per-link-hash class {1 | 2 | 3} weight weight
multi-service-site customer-site-name
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name
inter-dest-id intermediate-destination-id
[no] shutdown
sla-profile sla-profile-name
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
[no] shutdown

2.5.1.6. Interface SAP Tunnel Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] interface ip-int-name tunnel
[no] sap tunnel-id.{private | public}:tag
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | ip-mac}
— no anti-spoof
app-profile app-profile-name
[no] collect-stats
description long-description-string
egress
[no] agg-rate
rate {max | rate}
— no rate
filter [ip ip-filter-id]
filter [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
queue queue-id
— no queue queue-id
mbs size {[bytes | kilobytes] | default}
— no mbs
rate pir-rate
— no rate
secondary-shaper secondary-shaper-name
slope-policy hsmda-slope-policy-name allowable
wrr-weight weight
— no wrr-weight
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
hs-secondary-shaper policy-name
hs-wrr-group group-id [create]
class-weight weight
percent-rate percent
rate rate
— no rate
[no] queue queue-id
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
avg-frame-overhead percentage
cbs size-in-kbytes
— no cbs
hs-class-weight weight
hs-wred-queue policy slope-policy-name
hs-wrr-weight weight
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
host ip ip-address [mac ieee-address] [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
— no host {[ip ip-address] [mac ieee-address]}
— no host all
filter [ip ip-filter-id]
filter [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
queue queue-id
— no queue queue-id
mbs size {[bytes | kilobytes] | default}
— no mbs
rate pir-rate
— no rate
secondary-shaper secondary-shaper-name
slope-policy hsmda-slope-policy-name allowable
wrr-weight weight
— no wrr-weight
match-qinq-dot1p {top | bottom}
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos policy-id
[no] queue queue-id
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
avg-frame-overhead percentage
cbs size-in-kbytes
— no cbs
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
ip-tunnel [create]
— no ip-tunnel name
backup-remote-ip ip-address
[no] clear-df-bit
delivery-service service-id
description description-string
[no] dest-ip ip-address
dscp dscp-name
— no dscp
[no] gre-header
ip-mtu octets
— no ip-mtu
reassembly [wait-msecs]
— no reassembly
remote-ip ip-address
— no remote-ip
[no] shutdown
source ip-address
— no source
[no] ipsec-gw
cert
cert-profile name
trust-anchor-profile file-name
default-secure-service service-id interface ip-int-name
default-tunnel-template ipsec template identifier
local-gateway-address ip-address
local-id type {ipv4 <v4address> | fqdn <fqdn-value>}
[no] shutdown
multi-service-site customer-site-name
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name
inter-dest-id intermediate-destination-id
[no] shutdown
sla-profile sla-profile-name
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber

2.5.1.7. VRRP Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] interface ip-int-name
[no] ipv6
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
[no] backup ip-address
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac mac-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority base-priority
— no priority
[no] shutdown
[no] telnet-reply
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
authentication-key {authentication-key | hash-key} [hash | hash2]
[no] backup ip-address
[no] bfd-enable [service-id] interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac ieee-address
— no mac
message-interval {[seconds] [milliseconds milliseconds]}
oper-group group-name
— no oper-group
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] telnet-reply

2.5.1.8. Spoke SDP Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] interface ip-int-name
[no] spoke-sdp sdp-id:vc-id [vc-type {ether | ipipe}] [create]
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
app-profile app-profile-name
[no] bfd-enable
bfd-template name
[no] collect-stats
refresh-timer value
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
[no] control-word
[no] entropy-label
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
[no] description
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
[no] shutdown
[no] squelch-ingress-levels [md-level [md-level…]]
egress
filter [ip ip-filter-id]
filter [ipv6 ipv6-filter-id]
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
— no qos
vc-label egress-vc-label
— no vc-label [egress-vc-label]
[no] hash-label
filter {ip ip-filter-id}
filter [ipv6 ipv6-filter-id]
— no filter
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-idb-policy-id}
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no taii-type2

2.5.1.9. Subscriber Interface Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] subscriber-interface ip-int-name
[no] address {ip-address/mask | ip-address netmask} [gw-ip-address ip-address] [populate-host-routes]
description long-description-string
dhcp
gi-address ip-address [src-ip-addr]
— no gi-address
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
group-interface ip-int-name [create]
group-interface ip-int-name [create] lns
group-interface ip-int-name [create] wlangw
— no group-interface ip-int-name
host-limit max-num-hosts
— no host-limit
min-auth-interval min-auth-interval
sap-host-limit max-num-hosts-sap
[no] shutdown
[no] arp-populate
arp-timeout seconds
description long-description-string
dhcp
client-applications {[dhcp] [ppp]}
description description-string
— no description
filter filter-id
— no filter
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate nbr-of-leases
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
— no circuit-id
remote-id [mac | string string]
— no remote-id
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
emulated-server ip-address
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] lease-time
[no] shutdown
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
server server1 [server2]
— no server
[no] shutdown
[no] trusted
user-db local-user-db-name
— no user-db
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
host-connectivity-verify [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count] [family family]]
icmp
[no] mask-reply
redirects [number seconds]
— no redirects
ttl-expired [number seconds]
unreachables [number seconds]
ip-mtu octets
— no ip-mtu
[no] ipv6
current-hop-limit hop-count
max-advertisement seconds
min-advertisement seconds
mtu bytes
— no mtu
[no] autonomous
preferred-lifetime [seconds | infinite]
valid-lifetime [seconds | infinite]
reachable-time milliseconds
retransmit-time milliseconds
router-lifetime seconds
router-lifetime no-default-router
[no] urpf-check
mode {strict | loose | strict-no-ecmp}
— no mode
[no] dhcp6
[no] proxy-server
client-applications [dhcp] [ppp]
preferred-lifetime infinite
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
rebind-timer [days days] [hrs hours] [min minutes] [sec seconds]
renew-timer [days days] [hrs hours] [min minutes] [sec seconds]
[no] shutdown
valid-lifetime infinite
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
lag-per-link-hash class {1 | 2 | 3} weight weight
[no] mac ieee-address
[no] pppoe
description description-string
pap-chap-user-db local-user-db-name
policy pppoe-policy-name
— no policy
sap-session-limit sap-session-limit
session-limit session-limit
user-db local-user-db-name
— no user-db
[no] shutdown
redundant-interface red-ip-int-name
shcv-policy-ipv4 policy-name
[no] ipv6
[no] delegated-prefix-length prefix-length
prefix ipv6-address/prefix-length [pd | wan-host]
— no prefix ipv6-address/prefix-length
[no] unnumbered {ip-address | inf-name}
[no] wpp
initial-app-profile profile-name
initial-sla-profile profile-name
initial-sub-profile profile-name
portal router router-instance name wpp-portal-name
— no portal
[no] shutdown

2.5.1.9.1. Group Interface SAP Commands

config
— service
ies service-id [customer customer-id] [vpn vpn-id]
[no] subscriber-interface ip-int-name
group-interface ip-int-name [create]
— no group-interface ip-int-name
[no] sap sap-id
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | ip-mac | nh-mac}}
— no anti-spoof
app-profile app-profile-name
atm
egress
traffic-desc traffic-desc-profile-id
encapsulation atm-encap-type
traffic-desc traffic-desc-profile-id
oam
[no] alarm-cells
calling-station-id calling-station-id
[no] collect-stats
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
default-host ip-address/mask next-hop next-hop-ip
— no default-host ip-address/mask
description long-description-string
dist-cpu-protection policy-name
egress
[no] agg-rate
rate {max | rate}
— no rate
filter ip ip-filter-id
— no filter
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
policer-control-policy policy-name
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
[no] fwd-wholesale
pppoe service-id
— no pppoe
host ip ip-address [mac ieee-address] [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name] [ancp-string ancp-string]
— no host {[ip ip-address] [mac ieee-address]}
— no host all
expiry-time expiry-time
import policy-name
— no import
max-num-group max-num-groups
max-num-sources max-num-sources
max-num-grp-sources [1..32000]
[no] shutdown
filter ip ip-filter-id
— no filter
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
match-qinq-dot1p {top | bottom}
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
lag-link-map-profile lag-link-map-profile-id
multi-service-site customer-site-name
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
app-profile app-profile-name
inter-dest-id intermediate-destination-id
route {ip-prefix/length | ip-prefix netmask} [create]
— no route {ip-prefix/length | ip-prefix netmask}
[no] shutdown
sla-profile sla-profile-name
sub-profile sub-profile-name
subscriber sub-ident
— no subscriber
[no] shutdown
[no] sub-sla-mgmt
def-sla-profile default-sla-profile-name
def-sub-profile default-subscriber-profile-name
multi-sub-sap subscriber-limit
[no] shutdown
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
sub-ident-policy sub-ident-policy-name
[no] shutdown
[no] srrp srrp-id
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name name
[no] bfd-enable interface interface-name dst-ip ip-address
description description-string
gw-mac mac-address
— no gw-mac
keep-alive-interval interval
message-path sap-id
[no] policy vrrp-policy-id
priority priority
— no priority
[no] shutdown

2.5.1.9.1.1. Group Interface SAP ETH-CFM Commands

config>service>ies>sub-if>grp-if>sap
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
[no] description
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
grace
eth-ed
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
[no] shutdown
[no] squelch-ingress-levels [md-level [md-level…]]
tunnel-fault [accept | ignore]

2.5.1.10. AARP Interface Commands

config
— service
ies service-id [customer customer-id] [create] [vpn vpn-id] [name name]
— no ies service-id
aarp-interface arp-int-name [create]
— no aarp-interface arp-int-name
description long-description-string
— no description
ip-mtu octets
— no ip-mtu
[no] shutdown
spoke-sdp sdp-id:vc-id [create]
— no spoke-sdp sdp-id:vc-id
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
— no aarp
description description-string
— no description
egress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]
ingress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]

2.5.2. Command Descriptions

2.5.2.1. Generic Commands

shutdown

Syntax 
[no] shutdown
Context 
config>service>ies
config>service>ies>aarp-interface
config>service>ies>aarp-interface>spoke-sdp
config>service>ies>if>sap>eth-cfm
config>service>ies>sub-if
config>service>ies>sub-if>grp-if
config>service>ies>sub-if>grp-if>dhcp
config>service>ies>sub-if>grp-if>sap
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
config>service>ies>sub-if>grp-if>srrp
config>service>ies>if
config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
config>service>ies>if>vrrp
config>service>ies>if>dhcp
config>service>ies>if>dhcp>proxy-server
config>service>ies>if>sap>static-host
config>service>ies>redundant-interface
config>service>ies>sub-if>grp-if>pppoe
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Special Cases 
IES—
The default administrative status of an IES service is down. While the service is down, all its associated virtual router interfaces will be operationally down. The administrative state of the service is not reflected in the administrative state of the virtual router interface.

For example if:

1) An IES service is operational and an associated interface is shut down. 2) The IES service is administratively shutdown and brought back up. 3) The interface shutdown will remain in administrative shutdown state.

A service is regarded as operational provided that one IP Interface is operational.

Shutting down a subscriber interface will operationally shut down all child group interfaces and SAPs. Shutting down a group interface will operationally shut down all SAPs that are part of that group-interface.

IES IP Interfaces—
When the IP interface is shutdown, it enters the administratively and operationally down states. For a SAP bound to the IP interface, no packets are transmitted out the SAP and all packets received on the SAP will be dropped while incrementing the packet discard counter.

description

Syntax 
description description-string
no description
Context 
config>service>ies
config>service>ies>aarp-interface>spoke-sdp
config>service>ies>if>dhcp
config>service>ies>if>sap>ip-tunnel
config>service>ies>sub-if>grp-if>dhcp
config>service>ies>sub-if>grp-if>srrp
config>service>ies>sub-if>grp-if>pppoe
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

description

Syntax 
description long-description-string
no description
Context 
config>service>ies>aarp-interface
config>service>ies>interface
config>service>ies>interface>sap
config>service>ies>redundant-interface
config>service>ies>sub-if
config>service>ies>sub-if>grp-if
config>service>ies>sub-if>grp-if>sap
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
long-description-string—
The description character string. Allowed values are any string up to 160 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

2.5.2.2. IES Global Commands

ies

Syntax 
ies service-id [customer customer-id] [create] [vpn vpn-id] [name name]
no ies service-id
Context 
config>service
Description 

This command creates or edits an IES service instance.

The ies command is used to create or maintain an Internet Enhanced Service (IES). If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IES services allow the creation of customer facing IP interfaces in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

While IES is part of the routing domain, the usable IP address space may be limited. This allows a portion of the service provider address space to be set aside for service IP provisioning, becoming administered by a separate but subordinate address authority. This feature is defined using the config router service-prefix command.

IP interfaces defined within the context of an IES service ID must have a SAP created as the access point to the subscriber network. This allows a combination of bridging and IP routing for redundancy purposes.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

Multiple IES services are created to separate customer owned IP interfaces. More than one IES service may be created for a single customer ID. More than one IP interface may be created within a single IES service ID. All IP interfaces created within an IES service ID belongs to the same customer.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shutdown and deleted.

Parameters 
service-id—
The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every SR OS on which this service is defined.
Values—
service-id: 1 to 2147483648
svc-name: 64 characters maximum

 

customer customer-id
Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Values—
1 to 2147483647

 

vpn vpn-id—
Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN identification number.
Values—
1 to 2147483647

 

Default—
null (0)
name name—
Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values—
name: 64 characters maximum

 

igmp-host-tracking

Syntax 
igmp-host-tracking
Context 
config>service>ies
config>service>ies>sub-if>grp-if>sap
Description 

This command enters the context to configure IGMP host tracking parameters.

disable-router-alert-check

Syntax 
[no] disable-router-alert-check
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command disables the IGMP router alert check option.

The no form of the command enables the router alert check.

expiry-time

Syntax 
expiry-time expiry-time
no expiry-time
Context 
config>service>ies>igmp-host-tracking
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command configures the time that the system continues to track inactive hosts.

The no form of the command removes the values from the configuration.

Default 

no expiry-time

Parameters 
expiry-time—
Specifies the time, in seconds, that this system continues to track an inactive host.
Values—
1 to 65535

 

max-num-group

Syntax 
max-num-groups max-num-groups
no max-num-groups
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command configures the maximum number of multicast groups allowed to be tracked.

The no form of the command disables the check.

Default 

no max-num-groups

Parameters 
max-num-groups—
Specifies the maximum number of multicast groups allowed to be tracked.
Values—
1 to 196607

 

max-num-sources

Syntax 
max-num-sources max-num-sources
no max-num-sources
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command configures the maximum number of multicast sources allowed to be tracked per group.

The no form of the command removes the value from the configuration.

Parameters 
max-num-sources—
Specifies the maximum number of multicast sources allowed to be tracked per group.
Values—
1 to 1000

 

max-num-grp-sources

Syntax 
max-num-grp-sources max-num-sources
no max-num-grp-sources
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command configures the max number of multicast (S,G)s allowed to be tracked.

The no form of this command disables the check.

Default 

no max-num-grp-sources

Parameters 
max-num-sources—
Specifies the maximum number of multicast sources allowed to be tracked per group.
Values—
1 to 32000

 

import

Syntax 
import policy-name
no import
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP. Only a single policy can be imported on a single SAP at any time.

The no form of the command removes the policy association from the SAP.

Default 

no import — No import policy is specified.

Parameters 
policy-name —
The import policy name. Values can be string up to 32 characters long of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. These policies are configured in the config>router> policy-options context The router policy must be defined before it can be imported.

2.5.2.3. IES Interface Commands

interface

Syntax 
interface ip-int-name [create]
interface ip-int-name [create] tunnel
no interface ip-int-name
Context 
config>service>ies
Description 

This command creates a logical IP routing interface for an Internet Enhanced Service (IES). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within IES service IDs. The interface command can be executed in the context of an IES service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber Internet access. An IP address cannot be assigned to an IES interface. Multiple SAPs can be assigned to a single group interface.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service ies interface (that is, the network core router instance). Interface names must not be in the dotted decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

The available IP address space for local subnets and routes is controlled with the config router service-prefix command. The service-prefix command administers the allowed subnets that can be defined on IES IP interfaces. It also controls the prefixes that may be learned or statically defined with the IES IP interface as the egress interface. This allows segmenting the IP address space into config router and config service domains.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All IES IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the no interface command.

For IES services, the IP interface must be shutdown before the SAP on that interface may be removed. IES services do not have the shutdown command in the SAP CLI context. IES service SAPs rely on the interface status to enable and disable them.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

tunnel—
Specifies that this is an IPsec interface used for IPsec tunneling.
create—
Keyword used to create the interface. The create keyword requirement can be enabled/disabled in the environment>create context.

address

Syntax 
address {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [track-srrp srrp-instance]
no address[ip-address/mask | ip-address netmask]
Context 
config>service>ies>if
config>service>ies>subscriber-interface
Description 

This command assigns an IP address, IP subnet, and broadcast address format to an IES IP router interface. Only one IP address can be associated with an IP interface. An IP address must be assigned to each IES IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the router.

For the 7750 SR only, in the IES subscriber interface context, this command is used to assign one or more host IP addresses and subnets. This differs from a normal IES interfaces where the secondary command creates an additional subnet after the primary address is assigned. A user can then add or remove addresses without having to keep a primary address.

The local subnet that the address command defines must be part of the services address space within the routing context using the config router service-prefix command. The default is to disallow the complete address space to services. Once a portion of the address space is allocated as a service prefix, that portion can be made unavailable for IP interfaces defined within the config router interface CLI context for network core connectivity with the exclude option in the config router service-prefix command.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

Use the no form of this command to remove the IP address assignment from the IP interface.

The no form of this command will cause ptp-hw-assist to be disabled.

Table 7:  Address Field Descriptions 

Address

Admin state

Oper state

no address

up

down

no address

down

down

1.1.1.1

up

up

1.1.1.1

down

down

The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
/—
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
mask-length—
The subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 0 – 30. A mask length of 32 is reserved for system IP addresses.
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

track-srrp—
Specifies the SRRP instance ID that this interface route needs to track.

address

Syntax 
[no] address {ip-address/mask | ip-address netmask} [gw-ip-address ip-address] [populate-host-routes]
Context 
config>service>ies>subscriber-interface
config>service>vprn>subscriber-interface
Description 

This command configures the local subscriber subnets available on a subscriber IP interface. The configured ip-address and mask define the address space associated with the subscriber subnet. Each subnet supports a locally owned IP host address within the subnet that is not expected to appear on other routers that may be servicing the same subscriber subnet. For redundancy purposes, the keyword gw-address defines a separate IP address within the subnet for Subscriber Routed Redundancy Protocol (SRRP) routing. This IP address must be the same on the local and remote routers participating in a common SRRP instance.

In SRRP, a single SRRP instance is tied to a group IP interface. The group IP interface is contained directly within a subscriber IP interface context and thus directly associated with the subscriber subnets on the subscriber IP interface. The SRRP instance is also indirectly associated with any subscriber subnets tied to the subscriber interface through wholesale/retail VPRN configurations. With the directly-associated and the indirectly-associated subscriber interface subnets, a single SRRP instance can manage hundreds of SRRP gateway IP addresses. This automatic subnet association to the SRRP instance is different from VRRP where the redundant IP address is defined within the VRRP context.

Defining an SRRP gateway IP address on a subscriber subnet is not optional when the subnet is associated with a group IP interface with SRRP enabled. Enabling SRRP (no shutdown) fails if one or more subscriber subnets do not have an SRRP gateway IP address defined. Creating a new subscriber subnet without an SRRP gateway IP address defined fails when the subscriber subnet is associated with a group IP interface with an active SRRP instance. Once SRRP is enabled on a group interface, the SRRP instance will manage the ARP response and routing behavior for all subscriber hosts reachable through the group IP interface.

The no form of the command removes the address from a subscriber subnet. The address command for the specific subscriber subnet must be executed without the gw-address parameter. To succeed, all SRRP instances associated with the subscriber subnet must be removed or shutdown.

Parameters 
ip-address/mask | ip-address netmask—
Specifies the address space associated with the subscriber subnet.
gw-ip-address ip-address
Specifies a separate IP address within the subnet for SRRP routing purposes. This parameter must be followed by a valid IP interface that exists within the subscriber subnet created by the address command. The defined gateway IP address cannot currently exist as a subscriber host (static or dynamic). If the defined ip-address already exists as a subscriber host address, the address command fails. The specified ip-address must be unique within the system.

The gw-address parameter may be specified at anytime. If the subscriber subnet was created previously, executing the address command with a gw-address parameter will simply add the SRRP gateway IP address to the existing subnet.

If the address command is executed without the gw-address parameter when the subscriber subnet is associated with an active SRRP instance, the address fails. If the SRRP instance is inactive or removed, executing the address command without the gw-address parameter will remove the SRRP gateway IP address from the specified subscriber subnet.

If the address command is executed with a new gw-address, all SRRP instances currently associated with the specified subscriber subnet will be updated with the new SRRP gateway IP address.

populate-host-routes—
Indicates that all subscriber-hosts created on the interface with the ip-address falling in this subnet will have their route populated in FIB. This flag will not be set per default.

allow-directed-broadcasts

Syntax 
[no] allow-directed-broadcasts
Context 
config>service>ies>if
Description 

This command enables the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.

When enabled, a frame destined to the local subnet on this IP interface will be sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.

When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the normal discard counters for the egress SAP.

By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.

The no form of this command disables the forwarding of directed broadcasts out of the IP interface.

Default 

no allow-directed-broadcasts — Directed broadcasts are dropped.

arp-learn-unsolicited

Syntax 
[no] arp-learn-unsolicited
Context 
config>service>ies>if
Description 

This command allows the ARP application to learn new entries based on any received ARP message (GARP, ARP-Request, or ARP-Reply, such as any frame with ethertype 0x0806).

The no form of this command disables the above behavior and causes ARP entries to only be learned when needed, that is, when the router receives an ARP-reply after an ARP-request triggered by received traffic.

arp-limit

Syntax 
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context 
config>service>ies>interface
Description 

This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.

When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of the command removes the arp-limit.

Default 

no arp-limit

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

limit—
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
Values—
0 to 524288

 

arp-populate

Syntax 
[no] arp-populate
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command, when enabled, disables dynamic learning of ARP entries. Instead, the ARP table is populated with dynamic entries from the DHCP Lease State Table (enabled with lease-populate), and optionally with static entries entered with the host command.

Enabling the arp-populate command will remove any dynamic ARP entries learned on this interface from the ARP cache.

The arp-populate command fails if an existing static ARP entry exists for this interface. The arp-populate command fails if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.

Once arp-populate is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address fails.

When arp-populate is enabled, the system will not send out ARP requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled. The arp-populate command can only be enabled on IES and VPRN interfaces supporting Ethernet encapsulation.

Use the no form of the command to disable ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information for this interface will be removed from the system’s ARP cache.

Default 

not enabled

arp-populate-host-route

Syntax 
[no] arp-populate-host-route
Context 
config>service>ies>if
Description 

This command enables the addition or deletion of host routes in the route table derived from ARP entries in the ARP cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the ARP table. ARP entries installed by subscriber management, local interfaces, and others, do not create host routes.

The no form of this command disables the creation of host routes from the ARP cache.

arp-proactive-refresh

Syntax 
[no] arp-proactive-refresh
Context 
config>service>ies>if
Description 

This command enables the router to always send out a single refresh message with no entries 30 seconds prior to the timeout of the entry.

The no form of this command sets the default behavior, in which an entry is marked as stale 30 seconds prior to age-out, and the router only sends an ARP request to refresh the entry if the IOM receives traffic that uses it. If so, the IOM asks the ARP application to send a refresh message. With arp-proactive-refresh enabled, the ARP module sends a refresh message regardless of whether the IOM receives traffic.

arp-retry-timer

Syntax 
arp-retry-timer timer-multiple
no arp-retry-timer
Context 
config>service>ies>if
Description 

This command allows the arp retry timer to be configured to a specific value.

The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.

The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 seconds.

Default 

arp-retry-timer 50

Parameters 
timer-multiple
Specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Values—
1 to 300 (equally a timer range of 100 ms to 30,000 ms)

 

arp-route-tag

Syntax 
arp-route-tag tag
arp-route-tag
Context 
config>service>ies>if
Description 

This command adds a route tag to the ARP-ND host routes generated from the ARP entries in the interface which can be used to match ARP-ND routes in BGP export policies.

The no form of this command removes the route tag for the ARP-ND host routes.

Parameters 
tag—
Specifies the route tag value.
Values—
1 to 255

 

arp-timeout

Syntax 
arp-timeout seconds
no arp-timeout
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.

When the arp-populate and lease-populate commands are enabled on an IES interface, the ARP table entries will no longer be dynamically learned, but instead by snooping DHCP ACK message from a DHCP server. In this case the configured arp-timeout value has no effect.

The no form of this command restores arp-timeout to the default value.

Default 

arp-timeout 14400

Parameters 
seconds—
The minimum number of seconds a learned ARP entry is stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries are not aged.
Values—
0 to 65535

 

bfd

Syntax 
bfd transmit-interval [receive receive-interval] [multiplier multiplier [echo-receive echo-interval] [type cpm-np]
no bfd
Context 
config>service>ies>if
config>service>ies>if>ipv6
Description 

This command specifies the BFD parameters for the associated IP interface. If no parameters are defined the default value are used.

The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault.

The no form of the command removes BFD from the interface.

Note:

On the 7750 SR, the transmit-interval, receive receive-interval, and echo-receive echo-interval values can only be modified to a value less than 100 when:

  1. The type cpm-np option is explicitly configured.
  2. The service is shut down (shutdown)
  3. The interval is specified 10 to 100000.
  4. The service is re-enabled (no shutdown)

To remove the type cpm-np option, re-issue the bfd command without specifying the type parameter.

Default 

no bfd

Parameters 
transmit-interval—
Sets the transmit interval for the BFD session.
Values—
100 to 100000
10 to 100000 (for the 7750 SR only; see the Note above)

 

Default—
100
receive receive-interval
Sets the receive interval for the BFD session.
Values—
100 to 100000
10 to 100000 (for the 7750 SR only; see the Note above)

 

Default—
100
multiplier multiplier
Sets the multiplier for the BFD session.
Values—
3 to 20

 

Default—
3
echo-receive echo-interval
Sets the minimum echo receive interval, in milliseconds, for the BFD session.
Values—
100 to 100000
10 to 100000 (for the 7750 SR only; see the Note above)

 

Default—
100
type cpm-np—
For the 7750 SR only, specifies that BFD sessions associated with this interface will be created on the CPM network processor to allow for fast timers down to 10 ms granularity.

cflowd-parameters

Syntax 
cflowd-parameters
no cflowd-parameters
Context 
config>service>ies>if
Description 

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default 

no cflowd-parameters

sampling

Syntax 
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}]
no sampling {unicast | multicast}
Context 
config>service>ies>if>cflowd-parameters
config>service>ies>sub-if>grp-if>cflowd-parameters
Description 

This command enables and configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately. If sampling is not configured for either unicast or multicast traffic, then that type of traffic will not be sampled.

Egress sampled flows are only sent to v9 or v10(IPFIX) collectors.

The no form of the command disables the associated type of traffic sampling on the associated interface.

Default 

no sampling

Parameters 
unicast—
Specifies that the sampling command will control the sampling of unicast traffic on the associated interface/SAP.
multicast—
Specifies that the sampling command will control the sampling of multicast traffic on the associated interface/SAP.
type—
Specifies the cflowd sampling type on the specified virtual router interfaces.
Values—
acl — Specifies that the sampled traffic is controlled via an IP traffic filter entry with the action “filter-sample” configured.
interface — Specifies that all traffic entering or exiting the interface is subject to sampling.

 

direction—
Specifies the direction in which to collect traffic flow samples.
Values—
ingress-only — Enables ingress sampling only on the associated interface.
egress-only — Enables egress sampling only on the associated interface.
both — Enables both ingress and egress cflowd sampling.

 

cpu-protection

Syntax 
cpu-protection policy-id
no cpu-protection
Context 
config>service>ies>if
Description 

This command assigns an existing CPU protection policy to the associated service interface. For these interface types, the per-source rate limit is not applicable. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no cpu-protection policy is assigned to a service interface, then the default policy is used to limit the overall-rate. The default policy is policy number 254 for access interfaces and 255 for network interfaces.

The no form of the command removes the association of the CPU protection policy from the associated interface and reverts to the default policy values.

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

none (for video-interfaces, shown as no cpu-protection in CLI)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
Specifies an existing CPU protection policy.
Values—
1 to 255

 

cpu-protection

Syntax 
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]] | [ip-src-monitoring]
no cpu-protection
Context 
config>service>ies>sub-if>grp-if>sap
Description 

This command assigns an existing CPU protection policy to the associated group interface. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU-Protection policy is assigned to a group interface SAP, then the default policy is used to limit the overall-rate. The default policy is policy number 254 for access interfaces and 255 for network interfaces.

The no form of the command removes the association of the CPU protection policy from the associated interface and reverts to the default policy values.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
Specifies an existing CPU protection policy.
Values—
1 to 255

 

mac-monitoring—
Enables per SAP + source MAC address rate limiting using the per-source-rate from the associated cpu-protection policy.
eth-cfm-monitoring —
Enables Ethernet Connectivity Fault Management monitoring.
aggregate—
Applies the rate limit to the sum of the per peer packet rates.
car—
(Committed Access Rate) causes Eth-CFM packets to be ignored when enforcing the overall-rate.
ip-src-monitoring—
Enables per SAP + IP source address rate limiting for DHCP packets using the per-source-rate from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router will arrive with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.

ipcp

Syntax 
ipcp
Context 
config>service>ies>if
Description 

This command creates allows access to the IPCP context within the interface configuration. Within this context, IPCP extensions can be configured to define such things as the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface. This command is only applicable if the associated SAP/port is a PPP/MLPPP interface.

Default 

n/a

dns

Syntax 
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context 
config>service>ies>if>ipcp
Description 

This command defines the dns address(es) to be assigned to the far-end of the associated PPP/MLPPP link through IPCP extensions. This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes either the specified primary DNS address, secondary DNS address or both addresses from the IPCP extension peer-ip-address configuration.

Default 

no dns

Parameters 
ip-address—
Specifies a unicast IPv4 address for the primary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions.
secondary ip-address
Specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions.

peer-ip-address

Syntax 
peer-ip-address ip-address
no peer-ip-address
Context 
config>service>ies>if>ipcp
Description 

This command defines the remote IP address to be assigned to the far-end of the associated PPP/MLPPP link via IPCP extensions. This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the IPCP extension peer-ip-address configuration.

Default 

no peer-ip-address (0.0.0.0)

Parameters 
ip-address—
Specifies a unicast IPv4 address to be signaled to the far-end of the associated PPP/MLPPP link by IPCP extensions.

ipv6

Syntax 
[no] ipv6
Context 
config>service>ies>sub-if>grp-if
Description 

This command enables IPv6 forwarding on the specified group-interface.

router-advertisements

Syntax 
[no] router-advertisements
Context 
config>service>ies>sub-if>grp-if>ipv6
Description 

This command enables router advertisement transmission on this group interface.

Default 

router-advertisements

current-hop-limit

Syntax 
current-hop-limit hop-count
no current-hop-limit
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command specifies the hop-limit advertised to hosts in router advertisements.

Default 

current-hop-limit 64

Parameters 
hop-count—
Specifies the current hop limit (decimal) inserted into router advertisements.
Values—
0 to 255

 

managed-configuration

Syntax 
[no] managed-configuration
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address auto-configured using stateless address auto-configuration. See RFC 3315 for additional details.

Default 

no managed-configuration

max-advertisement

Syntax 
max-advertisement seconds
no max-advertisement
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
config>service>ies>sub-if>ipv6>rtr-adv
Description 

This command configures the maximum interval between sending router advertisement messages.

Default 

max-advertisement 900

Parameters 
seconds—
Specifies the maximum interval in seconds between sending router advertisement messages.
Values—
900 to 1800

 

min-advertisement

Syntax 
min-advertisement seconds
no min-advertisement
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
config>service>ies>sub-if>ipv6>rtr-adv
Description 

This command configures the minimum interval between sending router advertisement messages.

Default 

min-advertisement 900

Parameters 
seconds—
Specifies the minimum interval in seconds between sending router advertisement messages.
Values—
900 to1350

 

mtu

Syntax 
mtu bytes
no mtu
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command configures the MTU for the nodes to use to send packets on the link.

Default 

no mtu

Parameters 
bytes—
Specifies the MTU for the nodes to use to send packets on the link.
Values—
1280 to 9212

 

other-stateful-configuration

Syntax 
[no] other-stateful-configuration
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command sets the "other configuration" flag. This flag indicates that DHCPv6 is available for autoconfiguration of other (non-address) information such as DNS-related information or information on other servers in the network. See RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no other-stateful-configuration

prefix-options

Syntax 
[no] prefix-options
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command configures Router Advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix. All prefixes will inherit these configuration parameters.

Default 

no prefix-options

autonomous

Syntax 
[no] autonomous
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt
Description 

This command specifies whether the prefix can be used for stateless address configuration.

Default 

no autonomous

preferred-lifetime

Syntax 
preferred-lifetime [seconds | infinite]
no preferred-lifetime
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt
Description 

This command configures the remaining length of time in seconds that this prefix will continue to be preferred, for example, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.

Default 

preferred-lifetime 3600

Parameters 
seconds—
Specifies a decimal time interval in seconds.
Values—
0 to 4294967295

 

infinite—
Specifies a 0xffffffff value, Dec = 4294967295.

valid-lifetime

Syntax 
valid-lifetime [seconds | infinite]
no valid-lifetime
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt
Description 

This command specifies the length of time in seconds that the prefix is valid for the purpose of on- link determination. A value of all one bits (0xffffffff) represents infinity. The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default 

valid-lifetime 86400

Parameters 
seconds—
Specifies a decimal time interval in seconds.
Values—
0 to 424967295

 

infinite—
Specifies a 0xffffffff value, Dec = 4294967295.

reachable-time

Syntax 
reachable-time milliseconds
no reachable-time
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default 

no reachable-time

Parameters 
milliseconds—
The length of time the router should be considered reachable for default router selection.
Values—
0 to 3600000

 

retransmit-time

Syntax 
retransmit-time milliseconds
no retransmit-time
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command configures the retransmission frequency of neighbor solicitation messages.

Default 

no retransmit-time

Parameters 
milliseconds—
Specifies how often retransmissions occur.
Values—
0 to 1800000

 

router-lifetime

Syntax 
router-lifetime seconds
router-lifetime no-default-router
no router-lifetime
Context 
config>service>ies>sub-if>grp-if>ipv6>rtr-adv
Description 

This command sets the router lifetime. A value of zero indicates this router should not be used by hosts as a default router.

Default 

router-lifetime 4500

Parameters 
seconds—
Specifies how long the router is valid for default router selection.
Values—
2700 to 9000

 

no-default-router—
Indicates that the router is not to be used as a default router.

dhcp6

Syntax 
[no] dhcp6
Context 
config>service>ies>sub-if>grp-if>ipv6
Description 

This command allows access to the DHCP6 context within the group interface configuration. Within this context, DHCP6 parameters can be configured.

Default 

no dhcp6

proxy-server

Syntax 
[no] proxy-server
Context 
config>service>ies>sub-if>grp-if>ipv6>dhcp6
Description 

This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured

Default 

no proxy-server

client-applications

Syntax 
client-applications [dhcp] [ppp]
no client-applications
Context 
config>services>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the client host types to which the DHCP6 proxy server is allowed to assign addresses.

Parameters 
dhcp—
Specifies IP over Ethernet hosts.
ppp—
Specifies PPP over Ethernet hosts.

preferred-lifetime

Syntax 
preferred-lifetime infinite
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no preferred-lifetime
Context 
config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

The preferred lifetime for the IPv6 prefix or address in the option, expressed in units of seconds. When the preferred lifetime expires, any derived addresses are deprecated.

Default 

preferred-lifetime hrs 1

Parameters 
infinite—
Specifies that the preferred lifetime is infinite.
days days—
Specifies the number of days of a preferred lifetime.
Values—
0 to 49710

 

hrs hours—
Specifies the number of hours of a preferred lifetime.
Values—
0 to 23

 

min minutes—
Specifies the number of minutes of a preferred lifetime.
Values—
0 to 59

 

sec seconds—
Specifies the number of seconds of a preferred lifetime.
Values—
0 to 59

 

rebind-timer

Syntax 
rebind-timer [days days] [hrs hours] [min minutes] [sec seconds]
no rebind-timer
Context 
config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the rebind-timer (T2), the time at which the client contacts any available server to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

rebind-timer min 48

Parameters 
days days—
Specifies the number of days of a rebind timer.
Values—
0 to 14

 

hrs hours—
Specifies the number of hours of a rebind timer.
Values—
0 to 23

 

min minutes—
Specifies the number of minutes of a rebind timer.
Values—
0 to 59

 

sec seconds—
Specifies the number of seconds of a rebind timer.
Values—
0 to 59

 

renew-timer

Syntax 
renew-timer [days days] [hrs hours] [min minutes] [sec seconds]
no renew-timer
Context 
config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the renew-timer (T1), the time at which the client contacts the server from which the addresses in the IA_NA or IA_PD were obtained to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

renew-timer min 30

Parameters 
days days—
Specifies the number of days of a renew timer.
Values—
0 to 7

 

hrs hours—
Specifies the number of hours of a renew timer.
Values—
0 to 23

 

min minutes—
Specifies the number of minutes of a renew timer.
Values—
0 to 59

 

sec seconds—
Specifies the number of seconds of a renew timer.
Values—
0 to 59

 

valid-lifetime

Syntax 
valid-lifetime infinite
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
no valid-lifetime
Context 
config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

The valid lifetime for the IPv6 prefix or address in the option, expressed in units of seconds.

Default 

valid-lifetime days 1

Parameters 
infinite—
Specifies that the valid lifetime is infinite.
days days—
Specifies the number of days of a valid lifetime.
Values—
0 to 49710

 

hrs hours—
Specifies the number of hours of a valid lifetime.
Values—
0 to 23

 

min minutes—
Specifies the number of minutes of a valid lifetime.
Values—
0 to 59

 

sec seconds—
Specifies the number of seconds of a valid lifetime.
Values—
0 to 59

 

load-balancing

Syntax 
load-balancing
Context 
config>service>ies>if
Description 

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Default 

n/a

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>ies>if>load-balancing
Description 

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
Specifies using the source address and, if l4-load balancing is enabled, the source port in the hash, ignore destination address/port.
destination—
Specifies using the destination address and, if l4-load balancing is enabled, the destination port in the hash, ignore source address/port.
inner-ip—
Specifies using the inner IP header parameters instead of the outer IP header parameters in the LAG/ECMP hash for IPv4 encapsulated traffic.

spi-load-balancing

Syntax 
[no] spi-load-balancing
Context 
config>service>ies>if>load-balancing
Description 

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default 

no spi-load-balancing

teid-load-balancing

Syntax 
[no] teid-load-balancing
Context 
config>service>ies>if>load-balancing
Description 

This command enables inclusion of TEID in hashing for GTP-U/C encapsulates traffic for GTPv1/GTPv2. The no form of this command ignores TEID in hashing.

Default 

no teid-load-balancing

local-dhcp-server

Syntax 
local-dhcp-server local-server-name
no local-dhcp-server
Context 
config>service>ies>if
Description 

This command assigns a DHCP server to the interface.

Parameters 
local-server-name—
Specifies an existing local server name.

local-proxy-arp

Syntax 
[no] local-proxy-arp
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command enables local proxy ARP. When local proxy ARP is enabled on an IP interface, the system responds to all ARP requests for IP addresses belonging to the subnet with its own MAC address, and thus will become the forwarding point for all traffic between hosts in that subnet. When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default 

ies>if: no local-proxy-arp

ies>sub-if>grp-if: local-proxy-arp (7750 SR)

loopback

Syntax 
[no] loopback
Context 
config>service>ies>if
Description 

This command specifies that the associated interface is a loopback interface that has no associated physical interface. As a result, the associated IES interface cannot be bound to a SAP.

You can configure an IES interface as a loopback interface by issuing the loopback command instead of the sap command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

Default 

n/a

ip-helper-address

Syntax 
ip-helper-address gateway-address
no ip-helper-address
Context 
config>service>ies>if
Description 

This command enables broadcast UDP packets received on the associated interface to be redirected to the specified gateway address and then forwarded on to the gateway.

The no form of this command removes the gateway address from the interface configuration and stops the UDP broadcast redirect function.

Parameters 
gateway-address—
Specifies the IPv4 address of the target UDP broadcast gateway.

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>ies>if
config>service>ies>if>sap>ip-tunnel
config>service>ies>subscriber-interface
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

Because this connects a Layer 2 to a Layer 3 service, this parameter can be adjusted under the IES interface.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

The no form of the command returns the default value.

Default 

no ip-mtu

reassembly

Syntax 
reassembly [wait-msecs]
no reassembly
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the maximum number of seconds to wait to receive all fragments of a particular IPSec or GRE packet for reassembly.

Default 

no reassembly

Parameters 
wait-msecs—
Specifies the reassembly wait time.
Values—
1 to 5000 ms in 100 increments

 

lag-per-link-hash

Syntax 
lag-per-link-hash class {1 | 2 | 3} weight weight
no lag-per-link-hash
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores default configuration.

Default 

no lag-per-link-hash (equivalent to weight 1 class 1)

Parameters 
weight—
Specifies the weight.
Values—
1 to 1024

 

mac

Syntax 
mac ieee-address
no mac
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command assigns a specific MAC address to an IES IP interface.

For Routed Central Office (CO), a group interface has no IP address explicitly configured but inherits an address from the parent subscriber interface when needed. For example, a MAC will respond to an ARP request when an ARP is requested for one of the IPs associated with the subscriber interface through the group interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default 

the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)

Parameters 
ieee-address —
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

monitor-oper-group

Syntax 
monitor-oper-group name
no monitor-oper-group
Context 
config>service>ies>if
Description 

This command specifies the operational group to be monitored by the object under which it is configured. The oper-group name must be already configured under the config>service context before its name is referenced in this command.

The no form of the command removes the association from the configuration.

Default 

no monitor-oper-group

Parameters 
name—
Specifies a character string of maximum 32 ASCII characters identifying the group instance.

multicast-network-domain

Syntax 
multicast-network-domain multicast-network-domain
no multicast-network-domain
Context 
config>service>ies>if
Description 

This command is used to enable efficient multicast replication over a spoke SDP. Multicast traffic is copied to only a subset of network interfaces that may be used as egress for a spoke SDP. A network domain is defined by associating multiple interfaces to a logical group that may participate in multicast replication for a spoke SDP.

The no form of command disables efficient multicast replication to a network domain for a spoke SDP and traffic is replicated to all forwarding complexes.

Default 

no multicast-network-domain

secondary

Syntax 
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no secondary ip-address
Context 
config>service>ies>if
Description 

This command assigns a secondary IP address/IP subnet/broadcast address format to the interface.

Default 

n/a

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit—
The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.

shcv-policy-ipv4

Syntax 
shcv-policy-ipv4 policy-name
no shcv-policy-ipv4
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command specifies the Subscriber Host Connectivity Verification (SHCV) policy for IPv4 only.

The no form of the command removes the policy name from the SAP configuration.

shcv-policy-ipv6

Syntax 
shcv-policy-ipv6 policy-name
no shcv-policy-ipv6
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command specifies the Subscriber Host Connectivity Verification (SHCV) policy for IPv6 only.

The no form of the command removes the policy name from the SAP configuration.

static-arp

Syntax 
static-arp ieee-mac-address unnumbered
no static-arp unnumbered
Context 
config>service>ies>if
Description 

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP appears in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface.

If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of the command removes a static ARP entry.

Default 

n/a

Parameters 
ip-address—
Specifies the IP address for the static ARP in IP address dotted decimal notation.
ieee-mac-address —
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
unnumbered—
Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

static-tunnel-redundant-next-hop

Syntax 
static-tunnel-redundant-next-hop ip-address
no static-tunnel-redundant-next-hop
Context 
config>service>ies>if
Description 

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for static IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

The no form of the command removes the address from the interface configuration.

Default 

n/a

Parameters 
ip-address—
Specifies the static ISA tunnel redundant next-hop address.

tos-marking-state

Syntax 
tos-marking-state {trusted | untrusted}
no tos-marking-state
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command is used to change the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all IES and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions.

Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no form of the command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default 

tos-marking-state untrusted

Parameters 
trusted—
The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.
untrusted—
Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

unnumbered

Syntax 
unnumbered [ip-int-name | ip-address]
no unnumbered
Context 
config>service>ies>if
config>service>ies>subscriber-interface
Description 

This command configures the interface as an unnumbered interface. Unnumbered IP interfaces are supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters 
ip-int-name—
Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
ip-address—
Specifies an IP address.

wpp

Syntax 
[no] wpp
Context 
config>service>ies
Description 

This command enters the configuration context of web portal protocol (WPP) under router or vprn.

The no form of this command removes configuration under WPP.

Default 

no wpp

initial-app-profile

Syntax 
initial-app-profile profile-name
no initial-app-profile
Context 
config>service>ies>sub-if>grp-if>wpp
Description 

This command specifies the initial app-profile for the hosts created on the group-interface. This initial app-profile is replaced after hosts pass the web portal authentication.

Default 

no initial-app-profile

Parameters 
profile-name—
Specifies the name of app-profile.

initial-sla-profile

Syntax 
initial-sla-profile profile-name
no initial-sla-profile
Context 
config>router>wpp
Description 

This command specifies the initial sla-profile for the hosts created on the group-interface. This initial sla-profile is replaced after hosts pass the web portal authentication.

Default 

no initial-sla-profile

Parameters 
profile-name—
Specifies the name of sla-profile.

initial-sub-profile

Syntax 
initial-sub-profile profile-name
no initial-sub-profile
Context 
config>service>ies>sub-if>grp-if>wpp
Description 

This command specifies the initial sub-profile for the hosts created on the group-interface. This initial sub-profile will be replaced after hosts pass web portal authentication.

Default 

no initial-sub-profile

Parameters 
profile-name—
Specifies the name of sub-profile.

portal

Syntax 
portal router router-instance name wpp-portal-name
no portal
Context 
config>service>ies>sub-if>grp-if>wpp
Description 

This command specifies the web portal server that system talks to for the hosts on the group-interface.

Default 

no portal

Parameters 
router-instance—
Specifies the routing-instance that web portal server is defined.
profile-name—
Specifies the name of the web portal server.

restore-disconnected

Syntax 
[no] restore-disconnected
Context 
config>service>ies>sub-if>grp-if>wpp
Description 

This command enable the behavior that system will restore the initial-sla-profile, initial-sub-profile, or initial-app-profile when hosts disconnects instead of removing them.

The no form of the command specifies that the initial profiles will not be restored after a DHCP host has disconnected.

Default 

restore-disconnected

urpf-check

Syntax 
[no] urpf-check
Context 
config>service>ies>if
config>service>ies>if>ipv6
config>service>ies>sub-if>grp-if>ipv6
Description 

This command enables the unicast RPF (uRPF) Check on this interface.

The no form of the command disables the uRPF Check on this interface.

Default 

no urpf-check

vas-if-type

Syntax 
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context 
config>service>ies>if
Description 

This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.

The no form of the command removes the VAS interface type configuration.

Default 

no vas-if-type

Parameters 
to-from-access—
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
to-from-network—
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
to-from-both—
Used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access interfaces and from network interfaces is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.

mode

Syntax 
mode {strict | loose | strict-no-ecmp}
no mode
Context 
config>service>ies>if>urpf-check
config>service>ies>sub-if>grp-if>ipv6>urpf-check
Description 

This command specifies the mode of unicast RPF check.

The no form of the command reverts to the default (strict) mode.

Default 

mode strict

Parameters 
strict—
When specified, uRPF checks whether incoming packet has a source address that matches a prefix in the routing table, and whether the interface expects to receive a packet with this source address prefix.
loose—
In loose mode, uRPF checks whether incoming packet has source address with a corresponding prefix in the routing table. However, the loose mode does not check whether the interface expects to receive a packet with a specific source address prefix. This object is valid only when urpf-check is enabled.
strict-no-ecmp—
When a packet is received on an interface in this mode and the SA matches an ECMP route the packet is dropped by uRPF.

vpls

Syntax 
vpls service-name
Context 
config>service
config>service>ies>if
Description 

The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name (VPLS or I-VPLS).

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-bind flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.

If a VPLS service is found associated with the name and with the allow-ip-int-bind flag set, the IP interface will be attached to the VPLS service allowing routing to and from the service virtual ports once the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-bind flag set or a non-VPLS service associated with the name will be ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-bind flag is set at the time the name is applied, the VPLS service will be automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-bind flag set, the system will not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-bind flag set will be attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

Once an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-bind flag cannot be removed until the attached IP interface is unbound from the service name.

Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.

VPRN Hardware Dependency

When a service name is bound to a VPRN IP interface, all SAPs associated with the VPRN service must be on hardware based on the FlexPath2 forwarding plane. Currently, these include the IOM3-XP, the various IMM modules and the SR7710c12. If any SAPs are associated with the wrong hardware type, the service name binding to the VPRN IP interface fails. Once an IP interface within the VPRN service is bound to a service name, attempting to create a SAP on excluded hardware fails.

IP Interface MTU and Fragmentation

A VPLS service is affected by two MTU values; port MTUs and the VPLS service MTU. The MTU on each physical port defines the largest Layer 2 packet (including all DLC headers and CRC) that may be transmitted out a port. The VPLS itself has a service level MTU that defines the largest packet supported by the service. This MTU does not include the local encapsulation overhead for each port (QinQ, Dot1Q, TopQ or SDP service delineation fields and headers) but does include the remainder of the packet. As virtual ports are created in the system, the virtual port cannot become operational unless the configured port MTU minus the virtual port service delineation overhead is greater than or equal to the configured VPLS service MTU. Thus, an operational virtual port is ensured to support the largest packet traversing the VPLS service. The service delineation overhead on each Layer 2 packet is removed before forwarding into a VPLS service. VPLS services do not support fragmentation and must discard any Layer 2 packet larger than the service MTU after the service delineation overhead is removed.

IP interfaces have a configurable up MTU that defines the largest packet that may egress the IP interface without being fragmented. This MTU encompasses the IP portion of the packet and does not include any of the egress DLC header or CRC. This MTU does not affect the size of the largest ingress packet on the IP interface. If the egress IP portion of the packet is larger than the IP interface MTU and the IP header do not fragment flag is not set, the packet is fragmented into smaller packets that will not exceed the configured MTU size. If the do not fragment bit is set, the packet is silently discarded at egress when it exceeds the IP MTU.

When the IP interface is bound to a VPLS service, the IP MTU must be at least 18 bytes less than the VPLS service MTU. This allows for the addition of the minimal Ethernet encapsulation overhead; 6 bytes for the DA, 6 bytes for the SA, 2 bytes for the Etype and 4 bytes for the trailing CRC. Any remaining egress virtual port overhead (Dot1P, Dot1Q, QinQ, TopQ or SDP) required above the minimum is known to be less than the egress ports MTU since the virtual port would not be operational otherwise.

If the IP interface IP MTU value is too large based on the VPLS service MTU, the IP interface will enter the operationally down state until either the IP MTU is adequately lowered or the VPLS service MTU is sufficiently increased.

The no form of the command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.

Default 

n/a

Parameters 
service-name—
The service-name parameter is required when using the IP interface vpls command and specifies the service name that the system will attempt to resolve to an allow-ip-int-bind enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

ingress

Syntax 
ingress
Context 
config>service>ies>if>vpls
Description 

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context 
config>service>ies>if>vpls>egress
Description 

This command configures an IPv4 filter ID that are applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of the command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to the VPLS endpoint, if configured.

Parameters 
ip-filter-id—
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context 
config>service>ies>if>vpls>ingress
Description 

This command configures an IPv4 filter ID that is applied to all ingress packets entering the VPLS or I-VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed. The IPv4 routed packets use any existing ingress IPv4 filter on the VPLS virtual port.

The no form of the command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface use the IPv4 ingress filter applied to the packets virtual port, when defined.

Parameters 
ip-filter-id—
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>ies>if>vpls>egress
Description 

This command configures an IPv6 filter ID that is applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of the command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv6 routed packets uses the IPv6 egress filter applied to VPLS endpoint, if configured

Parameters 
ipv6-filter-id—
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>ies>if>vpls>ingress
Description 

This command configures an IPv6 filter ID that is applied to all ingress packets entering the VPLS or I-VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use any existing ingress IPv6 filter on the VPLS virtual port.

The no v6-routed-override-filter command is used to remove the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface will use the IPv6 ingress filter applied to the packet’s virtual port, when defined.

Parameters 
ipv6-filter-id—
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

egress

Syntax 
egress
Context 
config>service>ies>if>vpls
Description 

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS or I-VPLS service context.

reclassify-using-qos

Syntax 
reclassify-using-qos policy-id
no reclassify-using-qos
Context 
config>service>ies>if>vpls>egress
Description 

The reclassify-using-qos command is used to specify a sap-egress QoS policy that will be used to reclassify the forwarding class and profile of egress routed packets on the VPLS or I-VPLS service. When routed packets associated with the IP interface egress a VPLS SAP, the reclassification rules within the sap-egress QoS policy applied to the SAP are always ignored (even when reclassify-using-qos is not defined).

Any queues or policers defined within the specified QoS policy are ignored and are not created on the VPLS egress SAPs. Instead, the routed packets continue to use the forwarding class mappings, queues and policers from the sap-egress QoS policy applied to the egress VPLS SAP.

While the specified sap-egress policy ID is applied to an IP interface it cannot be deleted from the system.

The no form of the command removes the sap-egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets will not be reclassified on the egress SAPs of the VPLS service attached to the IP interface.

Parameters 
policy-id—
Specifies the SAP egress QoS policy ID. This parameter is required when executing the reclassify-using-qos command. The specified SAP egress QoS ID must exist within the system or the command fails.

proxy-arp-policy

Syntax 
[no] proxy-arp policy-name [policy-name...(up to 5 max)]
Context 
config>service>ies>if
Description 

This command configures a proxy ARP policy for the interface.

The no form of this command disables the proxy ARP capability.

Default 

no proxy-arp

Parameters 
policy-name—
The export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified name(s) must already be defined. Up to 5 route policies can be specified in a single statement.

ptp-hw-assist

Syntax 
[no] ptp-hw-assist
Context 
config>service>ies>if
Description 

This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.

Only one interface per physical port can have ptp-hw-assist enabled.

no ptp-hw-assist

qos-route-lookup

Syntax 
qos-route-lookup [source | destination]
no qos-route-lookup
Context 
config>service>ies>if
config>service>ies>if>ipv6
config>service>ies>sub-if>grp-if
config>service>ies>sub-if>grp-if>ipv6
Description 

This command enables QoS classification of the ingress IP packets on an interface based on the QoS information associated with routes in the forwarding table.

If the optional destination parameter is specified and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the destination address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network qos policy.

If the optional source parameter is specified and the source address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the source address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network qos policy.

If neither the optional source or destination parameter is present, then the default is destination address matching.

The functionality enabled by the qos-route-lookup command can be applied to IPv4 packets or IPv6 packets on an interface, depending on whether it is present at the interface context (applies to IPv4) or the interface>ipv6 context (applies to IPv6). Subscriber management group interfaces also do not support the source QPPB option.

The no form of the command reverts to the default.

Default 

destination

Parameters 
source—
Enables QoS classification of incoming IP packets based on the source address matching a route with QoS information.
destination—
Enables QoS classification of incoming IP packets based on the destination address matching a route with QoS information.

secure-nd

Syntax 
[no] secure-nd
Context 
config>service>ies>if>ipv6
Description 

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of the command reverts to the default and disabled SeND.

allow-unsecured-msgs

Syntax 
[no] allow-unsecured-msgs
Context 
config>service>ies>if>ipv6>secure-nd
Description 

This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.

The no form of the command disables accepting unsecured messages.

link-local-modifier

Syntax 
link-local-modifier modifier
[no] link-local-modifier
Context 
config>service>ies>if>ipv6>secure-nd
Description 

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters 
modifier
Specifies the modifier in 32 hexadecimal nibbles.
Values—
0x0–0xFFFFFFFF

 

public-key-min-bits

Syntax 
public-key-min-bits bits
[no] public-key-min-bits
Context 
config>service>ies>if>ipv6>secure-nd
Description 

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
bits—
Specifies the number of bits.
Values—
512 to 1024

 

security-parameter

Syntax 
security-parameter sec
[no] security-parameter
Context 
config>service>ies>if>ipv6>secure-nd
Description 

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
sec—
Specifies the security parameter.
Values—
0 to 1

 

shutdown

Syntax 
[no] shutdown
Context 
config>service>ies>if>ipv6>secure-nd
Description 

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

stale-time

Syntax 
stale-time seconds
no stale-time
Context 
config>service>ies>ipv6
config>service>ies>if>ipv6
Description 

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of the command removes the stale-time value.

Default 

no stale-time

Parameters 
seconds—
The allowed stale time (in seconds) before a neighbor discovery cache entry is removed.
Values—
60 to 65535

 

tcp-mss

Syntax 
tcp-mss mss-value
no tcp-mss
Context 
config>service>ies>if
config>service>ies>if>ipv6
Description 

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP interface to the specified value.

The no form of the command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default 

no tcp-mss

Parameters 
mss-value—
The TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection.

Note: 9158 = max-IP_MTU (9198)-40

Values—
536 to 9158 (IPv4) 1220 to 9138 (IPv6)

 

remote-proxy-arp

Syntax 
[no] remote-proxy-arp
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command enables remote proxy ARP on the interface.

Remote proxy ARP is similar to proxy ARP. It allows the router to answer an ARP request on an interface for a subnet that is not provisioned on that interface. This allows the router to forward to the other subnet on behalf of the requester. To distinguish remote proxy ARP from local proxy ARP, local proxy ARP performs a similar function but only when the requested IP is on the receiving interface.

Default 

no remote-proxy-arp

ipv6

Syntax 
[no] ipv6
Context 
config>services>ies>sub-if
Description 

This command enables IPv6 forwarding on the specified subscriber-interface.

Default 

no ipv6

subscriber-prefixes

Syntax 
[no] subscriber-prefixes
Context 
config>services>ies>sub-if>ipv6
Description 

This command specifies aggregate off-link subscriber prefixes associated with this subscriber interface. Individual prefixes are specified under the prefix context list aggregate routes in which the next-hop is indirect via the subscriber interface.

prefix

Syntax 
prefix ipv6-address/prefix-length [pd] [wan-host]
no prefix ipv6-address/prefix-length
Context 
config>services>ies>sub-if>ipv6>sub-prefixes
Description 

This command allows a list of prefixes (using the prefix command multiple times) to be routed to hosts associated with this subscriber interface. Each prefix will be represented in the associated FIB with a reference to the subscriber interface. Prefixes are defined as being for prefix delegation (pd) or use on a WAN interface or host (wan-host).

Parameters 
ipv6-address—
Specifies the 128-bit IPv6 address.
Values—
128-bit hexadecimal IPv6 address in compressed form.

 

prefix-length—
Specifies the length of any associated aggregate prefix.
Values—
32-63

 

pd—
Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.
wan-host—
Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.

allow-unmatching-prefixes

Syntax 
[no] allow-unmatching-prefixes
Context 
config>service>ies>sub-if
Description 

This command allows address assignment to PPPoX hosts in cases where the assigned address falls outside the range of the configured subnets below the subscriber interface. Alternatively, if the interface is configured as unnumbered, this command cannot be enabled.

Default 

no allow-unmatching-prefixes

delegated-prefix-length

Syntax 
[no] delegated-prefix-length prefix-length
Context 
config>services>ies>sub-if>ipv6
Description 

This command defines the prefix-length used for all DHCPv6 prefix delegations on this subscriber interface.

Default 

delegated-prefix-length 64

Parameters 
prefix-length—
Specifies the prefix length in use on this subscriber interface for DHCPv6 IA_PD.
Values—
48 to 64

 

redundant-interface

Syntax 
redundant-interface red-ip-int-name
no redundant-interface
Context 
config>service>ies
config>service>ies>sub-if>grp-if
Description 

This command configures a redundant interface used for dual homing.

Parameters 
red-ip-int-name—
Specifies the redundant IP interface name.

arp-host

Syntax 
arp-host
Context 
config>service>ies>sub-if>grp-if
Description 

This command enters the context to configure ARP host parameters.

host-limit

Syntax 
host-limit max-num-hosts
no host-limit
Context 
config>service>ies>sub-if>grp-if
Description 

This command configures the maximum number of ARP hosts.

Parameters 
max-num-hosts—
Specifies the maximum number of ARP hosts.
Values—
1 to 32767

 

min-auth-interval

Syntax 
min-auth-interval min-auth-interval
no min-auth-interval
Context 
config>service>ies>sub-if>grp-if
Description 

This command configures the minimum authentication interval.

Parameters 
min-auth-interval—
Specifies the minimum authentication interval.
Values—
1 to 6000

 

sap-host-limit

Syntax 
sap-host-limit max-num-hosts-sap
no sap-host-limit
Context 
config>service>ies>sub-if>grp-if
Description 

This command configures the maximum number of ARP hosts per SAP.

Parameters 
max-num-hosts-sap—
Specifies the maximum number of ARP hosts per SAP allowed on this IES interface.
Values—
1 to 32767

 

fwd-wholesale

Syntax 
fwd-wholesale
Context 
config>service>ies>sub-if>grp-if>sap
Description 

This command enables the context to select specific protocols ingressing on the SAP to be redirected to another service. The command is applicable to static SAPs as well as PW-SAPs.

fwd-wholesale

Syntax 
[no] fwd-wholesale
Context 
config>service>ies>sub-if>grp-if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to select specific protocols ingressing on the SAP to be redirected to another service. The command is applicable to static SAPs as well as PW-SAPs.

The no form of this command removes the redirection.

pppoe

Syntax 
pppoe service-id
no pppoe
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap>fwd-wholesale
config>service>vprn>sub-if>grp-if>sap>fwd-wholesale
Description 

This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 will be redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.

The no form of the command removes the redirect.

Parameters 
service-id—
Specifies the service ID of the Epipe to which packets are redirected.
Values—
1 to 2147483647 | svc-name up to 64 characters

 

frame-relay

Syntax 
frame-relay
Context 
config>service>ies>if>sap
Description 

This command allows access to the context to configure the Frame Relay Local Management Interface (LMI) operational parameters for a SONET/SDH PoS link, a DS-0 channel group, or a DS-3/E-3 port or channel.

The port’s mode must be set to access in config>port>sonet-sdh>path>mode access context.

The port’s encapsulation type must be set to frame-relay in the config>port>sonet-sdh>path>encap-type frame-relay context.

The no form of this command removes the Frame Relay LMI operational parameters.

delivery-service

Syntax 
delivery-service service-id
no delivery-service
Context 
config>service>if>ies>sap
config>service>if>vprn>sap>ip-tunnel
Description 

This command sets the delivery service for encapsulated packets associated with a particular tunnel. This is the IES or VPRN service where the encapsulated packets are injected and terminated. The delivery service may be the same service that owns the private tunnel SAP associated with the tunnel. The tunnel does not come up until a valid delivery service is configured.

The no form of the command deletes the delivery-service from the tunnel configuration.

Parameters 
service-id—
Identifies the service used to originate and terminate the encapsulated packets belonging to the tunnel.
Values—
1 to 2147483648

 

svc-name—
Identifies the service used to originate and terminate the encapsulated packets belonging to the GRE tunnel.
Values—
1 to 64 characters

 

dest-ip

Syntax 
[no] dest-ip ip-address
Context 
config>service>ies>if>sap>ip-tunnel
config>service>vprn>if>sap>ip-tunnel
Description 

This command configures a private IPv4 or IPv6 address of the remote tunnel endpoint. A tunnel can have up to 16 dest-ip commands. At least one dest-ip address is required in the configuration of a tunnel. A tunnel does not come up operationally unless all dest-ip addresses are reachable (part of a local subnet).

Unnumbered interfaces are not supported.

The no form of the command deletes the destination IP of the tunnel.

Default 

n/a

Parameters 
ip-address—
Specifies the destination IPv4 or IPv6 address.
Values—

<ip-address>

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

 

dscp

Syntax 
dscp dscp-name
no dscp
Context 
config>service>if>ies>sap
config>service>if>vprn>sap>ip-tunnel
Description 

This command sets the DSCP code-point in the outer IP header of encapsulated packets associated with a particular tunnel. The default, set using the no form of the command, is to copy the DSCP value from the inner IP header (after remarking by the private tunnel SAP egress qos policy) to the outer IP header.

Default 

no dscp

Parameters 
dscp—
Specifies the DSCP code-point to be used.
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

gre-header

Syntax 
[no] gre-header
Context 
config>service>if>ies>sap>ip-tunnel
config>service>if>vprn>sap>ip-tunnel
Description 

This command configures the type of the IP tunnel. If the gre-header command is configured then the tunnel is a GRE tunnel with a header inserted between the outer and inner IP headers.

If the no form of the command is configured then the tunnel is a simple IP-IP tunnel.

Default 

no gre-header

source

Syntax 
source ip-address
no source
Context 
config>service>if>ies>sap
config>service>if>vprn>sap>ip-tunnel
Description 

This command sets the source IPv4 address of encapsulated packets associated with a particular tunnel. It must be an address in the subnet of the associated public tunnel SAP interface. The GRE does not come up until a valid source address is configured.

The no form of the command deletes the source address from the tunnel configuration. The tunnel must be administratively shutdown before issuing the no source command.

Parameters 
ip-address—
Specifies the source IPv4 address of the tunnel.
Values—
1.0.0.0 to 223.255.255.255

 

remote-ip

Syntax 
remote-ip ip-address
no remote-ip
Context 
config>service>if>ies>sap
config>service>if>vprn>sap>ip-tunnel
Description 

This command sets the primary destination IPv4 address of encapsulated packets associated with a particular tunnel. If this address is reachable in the delivery service (there is a route) then this is the destination IPv4 address of encapsulated packets sent by the delivery service.

The no form of the command deletes the destination address from the tunnel configuration.

Parameters 
ip-address—
Specifies the destination IPv4 address of the tunnel.
Values—
1.0.0.0 to 223.255.255.255

 

frf-12

Syntax 
[no] frf-12
Context 
config>service>ies>if>sap>frame-relay
config>service>vprn>if>sap>frame-relay
Description 

This command defines the context to configure the parameters of FRF.12 Frame Relay fragmentation.

ete-fragment-threshold

Syntax 
ete-fragment-threshold fragment-threshold
no ete-fragment-threshold
Context 
config>service>ies>if>sap>frame-relay>frf.12
config>service>vprn>if>sap>frame-relay>frf.12
Description 

This command sets the maximum length, in bytes, of a fragment transmitted across a Frame Relay SAP with the FRF.12 end-to-end fragmentation enabled.

The no form of this command resets the fragment threshold back to the default value.

Default 

ete-fragment-threshold 128

Parameters 
fragment-threshold—
Specifies the maximum fragment length, in bytes, to be transmitted across the FR SAP.
Values—
128 to 512 bytes

 

interleave

Syntax 
interleave no interleave
Context 
config>service>ies>if>sap>frame-relay>frf.12
Description 

This command enables interleaving of high priority frames and low-priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.

When this option is enabled, only frames of the FR SAP non expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header, among the fragmented frames. In effect, this provides a behavior like in MLPPP Link Fragment Interleaving (LFI).

When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is however not included when the frame size is smaller than the user configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.

The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.

The no form of this command restores the default mode of operation.

Default 

no interleave

scheduling-class

Syntax 
[no] scheduling-class class-id
Context 
config>service>ies>if>sap>frame-relay
config>service>vprn>if>sap>frame-relay
Description 

This command assigns a Frame Relay scheduling class for a Frame Relay SAP. The scheduling class dictates which queue the frame or frame fragments are stored in FRF.12 end-to-end fragmentation, FRF.12 UNI/NNI link fragmentation and MLFR applications.

Default 

scheduling-class 3

Parameters 
class-id—
Specifies the Frame Relay scheduling class number.
Values—
0 to 3

 

host-lockout-policy

Syntax 
host-lockout-policy policy-name
no host-lockout-policy
Context 
config>service>ies>if>sap
Description 

This command configures a host lockout policy.

The no form of the command removes the policy name from the configuration.

host-shutdown

Syntax 
[no] host-shutdown
Context 
config>service>ies>if>sap
Description 

This command administratively enables host creation on this SAP.

ip-tunnel

Syntax 
ip-tunnel name [create]
no ip-tunnel name
Context 
config>service>ies>if>sap
Description 

This command is used to configure an IP-GRE or IP-IP tunnel and associate it with a private tunnel SAP within an IES or VPRN service.

The no form of the command deletes the specified IP/GRE or IP-IP tunnel from the configuration. The tunnel must be administratively shutdown before issuing the no ip-tunnel command.

Default 

No IP tunnels are defined.

Parameters 
ip-tunnel-name—
Specifies the name of the IP tunnel. Tunnel names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

host

Syntax 
[no] host ip ip-address [mac ieee-address]] [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name] [ancp-string ancp-string]
no host {[ip ip-address] [mac ieee-address]}
no host all
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command creates a static subscriber host for the SAP. Static subscriber hosts may be used by the system for various purposes. Applications within the system that make use of static host entries include anti-spoof filters and ARP cache population.

Multiple static hosts may be defined on the SAP. Each host is identified by either a source IP address, a source MAC address or both a source IP and source MAC address. Every static host definition must have at least one address defined, IP or MAC.

Static hosts can exist on the SAP even with anti-spoof and ARP populate features disabled. When enabled, each feature has different requirements for static hosts.

anti-spoof – When enabled, this feature uses static and dynamic host information to populate entries into an anti-spoof filter table. The anti-spoof filter entries generated will be of the same type as specified in the anti-spoof type parameter. If the SAP anti-spoof filter is defined as ip, each static host definition must specify an IP address. If the SAP anti-spoof filter is defined as ip-mac, each static host definition must specify both an IP address and MAC address. If definition of a static host is attempted without the appropriate addresses specified for the enabled anti-spoof filter, the static host definition fails.

arp-populate – When enabled, this feature uses static and dynamic host information to populate entries in the system ARP cache.

Attempting to define a static subscriber host that conflicts with an existing DHCP Lease State Table entry fails.

Use the no form of the command to remove a static entry from the system. The specified ip-address and mac-address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the corresponding anti-spoof entry and/or ARP cache entry is also removed.

Default 

none

Parameters 
ip ip-address —
Specify this optional parameter when defining a static host. The IP address must be specified for anti-spoof ip, anti-spoof ip-mac and arp-populate. Only one static host may be configured on the SAP with a given IP address.
mac mac-address —
Specify this optional parameter when defining a static host. The MAC address must be specified for anti-spoof ip-mac and arp-populate. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address.
subscriber sub-ident-string —
Specify this optional parameter to specify an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured in the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the SAP arp-reply-agent to determine the proper handling of received ARP requests from subscribers.

For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.

If the static subscriber host’s sub-ident string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.

If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.

If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.

ARP requests are never forwarded back to the same SAP or within the receiving SAP’s split horizon group.

sub-profile sub-profile-name
Specify this optional parameter to specify an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
sla-profile sla-profile-name
Specify this optional parameter to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.
ancp-string ancp-string
Specifies the ASCII string of the DSLAM circuit ID name.

2.5.2.4. Redundant Interface Commands

redundant-interface

Syntax 
[no] redundant-interface ip-int-name
Context 
config>service>ies
Description 

This command configures a redundant interface.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

address

Syntax 
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context 
config>service>ies>redundant-interface
Description 

This command assigns an IP address mask or netmask and a remote IP address to the interface.

Parameters 
ip-address/mask—
Assigns an IP address/IP subnet format to the interface.
ip-address netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

Assigns an IP address netmask to the interface.

remote-ip ip-address
Assigns a remote IP to the interface.

2.5.2.5. IES Subscriber Interface Commands

subscriber-interface

Syntax 
[no] subscriber-interface ip-int-name
Context 
config>service>ies
Description 

This command allows the operator to create special subscriber-based interfaces. It is used to contain multiple group interfaces. Multiple subnets associated with the subscriber interface can be applied to any of the contained group interfaces in any combination. The subscriber interface allows subnet sharing between group interfaces.

Use the no form of the command to remove the subscriber interface.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

group-interface

Syntax 
group-interface ip-int-name [create]
group-interface ip-int-name [create] lns
group-interface ip-int-name [create] wlangw
no group-interface ip-int-name [create]
Context 
config>service>ies>subscriber-interface
Description 

This command creates a group interface. This interface is designed for triple-play services where multiple SAPs are part of the same subnet. A group interface may contain one or more SAPs.

Use the no form of the command to remove the group interface from the subscriber interface.

Default 

no group interface

Parameters 
ip-int-name—
Specifies the interface name of a group interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
lns —
Specifies that LNS will be used.
wlangw—
Specifies that WLAN gateway interface will be used.

authentication-policy

Syntax 
authentication-policy name
no authentication-policy
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command assigns an authentication policy to the interface.

The no form of this command removes the policy name from the group interface configuration.

Default 

no authentication-policy

Parameters 
name —
Specifies the authentication policy name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

oper-up-while-empty

Syntax 
[no] oper-up-while-empty
Context 
config>service>ies>sub-if>grp-if
Description 

This command allows the subscriber interface to treat this group interface to be operationally enabled without any active SAPs.

This command is typically used with MSAPs where advertising the subnet prior to having a MSAP dynamically created is needed.

srrp

Syntax 
[no] srrp srrp-id
Context 
config>service>ies>sub-if>grp-if
Description 

This command creates a Subscriber Router Redundancy Protocol (SRRP) instance on a group IP interface. An SRRP instance manages all subscriber subnets within the group interfaces subscriber IP interface or other subscriber IP interfaces that are associated through a wholesale/retail relationship. Only one unique SRRP instance can be configured per group interface.

The no form of the command removes an SRRP instance from a group IP interface. Once removed, the group interface ignores ARP requests for the SRRP gateway IP addresses that may exist on subscriber subnets associated with the group IP interface. Then the group interface stops routing using the redundant IP interface associated with the group IP interface and will stop routing with the SRRP gateway MAC address. Ingress packets destined to the SRRP gateway MAC will also be silently discarded. This is the same behavior as a group IP interface that is disabled (shutdown).

Default 

no srrp

Parameters 
srrp-id—
Specifies a 32 bit instance ID that must be unique to the system. The instance ID must also match the instance ID used by the remote router that is participating in the same SRRP context. SRRP is intended to perform a function similar to VRRP where adjacent IP hosts within local subnets use a default gateway to access IP hosts on other subnets.
Values—
1 to 4294967295

 

bfd-enable

Syntax 
[no] bfd-enable svc-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name name
[no] bfd-enable interface interface-name dst-ip ip-address
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This commands assigns a bi-directional forwarding (BFD) session providing heart-beat mechanism for the given VRRP/SRRP instance. There can be only one BFD session assigned to any given VRRP/SRRP instance, but there can be multiple SRRP/VRRP sessions using the same BFD session. If the interface configured with BFD is using a LAG or a spoke-SDP, the BFD transmit and receive intervals need to be set to a minimum of 300 ms.

BFD control the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface. The specified interface may not be configured with BFD; when it is, the virtual router will then initiate the BFD session.

The no form of this command removes BFD from the configuration.

Default 

n/a

Parameters 
svc-id—
Specifies the service ID of the interface running BFD. If no svc-id is specified then it indicates that the interface is a network interface in the Base router instance.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The bfd-enable interface interface-name dst-ip ip-address name name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

Specifies an existing service name up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration)

 

interface interface-name
Specifies the name of the interface running BFD, up to 32 characters.
dst-ip ip-address
Specifies the destination address for the BFD session.
name name
Specifies a service name, up to 64 characters.

gw-mac

Syntax 
gw-mac mac-address
no gw-mac
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.

One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.

The no form of the command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.

Parameters 
mac-address—
Specifies a MAC address that is used to override the default SRRP base MAC address.
Values—
Any MAC address except all zeros, broadcast or multicast addresses. The offset is expressed in normal Ethernet MAC address notation. The defined gw-mac cannot be 00:00:00:00:00:00, ff:ff:ff:ff:ff:ff or any multicast address.
If not specified, the system uses the default SRRP gateway MAC address with the last octet set to the 8 least significant bits of the SRRP instance ID.

 

keep-alive-interval

Syntax 
keep-alive-interval interval
no keep-alive-interval
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This command defines the interval between SRRP advertisement messages sent when operating in the master state. The interval is also the basis for setting the master-down timer used to determine when the master is no longer sending. The system uses three times the keep-alive interval to set the timer. Every time an SRRP advertisement is seen that is better than the local priority, the timer is reset. If the timer expires, the SRRP instance assumes that a master does not exist and initiates the attempt to become master.

When in backup state, the SRRP instance takes the keep-alive interval of the master as represented in the masters SRRP advertisement message. Once in master state, the SRRP instance uses its own configured keep-alive interval.

The keep-alive-interval may be changed at anytime, but will have no effect until the SRRP instance is in the master state.

The no form of the command restores the default interval.

Parameters 
interval—
Specifies the interval, in milliseconds, between SRRP advertisement messages sent when operating in the master state.
Values—
1 to 100

 

Default—
10 milliseconds

message-path

Syntax 
message-path sap-id
no message-path
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This command defines a specific SAP for SRRP in-band messaging. A message-path SAP must be defined prior to activating the SRRP instance. The defined SAP must exist on the SRRP instances group IP interface for the command to succeed and cannot currently be associated with any dynamic or static subscriber hosts. Once a group IP interface SAP has been defined as the transmission path for SRRP Advertisement messages, it cannot be administratively shutdown, will not support static or dynamic subscriber hosts and cannot be removed from the group IP interface.

The SRRP instance message-path command may be executed at anytime on the SRRP instance. Changing the message SAP fails if a dynamic or static subscriber host is associated with the new SAP. Once successfully changed, the SRRP instance will immediately disable anti-spoof on the SAP and start sending SRRP Advertisement messages if the SRRP instance is activated.

Changing the current SRRP message SAP on an active pair of routers should be done in the following manner:

1. Shutdown the backup SRRP instance.

2. Change the message SAP on the shutdown node.

3. Change the message SAP on the active master node.

4. Re-activate the shutdown SRRP instance.

Shutting down the backup SRRP instance prevents the SRRP instances from becoming master due to temporarily using differing message path SAPs.

If an MCS peering is operational between the redundant nodes and the SRRP instance has been associated with the peering, the designated message path SAP will be sent from each member.

The no form of the command can only be executed when the SRRP instance is shutdown. Executing no message-path allows the existing SAP to be used for subscriber management functions. A new message-path SAP must be defined prior to activating the SRRP instance.

Parameters 
sap-id—
Specifies the physical port identifier portion of the SAP definition.

policy

Syntax 
[no] policy vrrp-policy-id
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This command associates one or more VRRP policies with the SRRP instance. A VRRP policy is a collection of connectivity and verification tests used to manipulate the in-use priorities of VRRP and SRRP instances. A VRRP policy can test the link state of ports, ping IP hosts, discover the existence of routes in the routing table or the ability to reach Layer 2 hosts. When one or more of these tests fail, the VRRP policy has the option of decrementing or setting an explicit value for the in-use priority of an SRRP instance.

More than one VRRP policy may be associated with an SRRP instance. When more than one VRRP policy is associated with an SRRP instance the delta decrement of the in-use priority is cumulative unless one or more test fail that have explicit priority values. When one or more explicit tests fail, the lowest priority value event takes effect for the SRRP instance. When the highest delta-in-use-limit is used to manage the lowest delta derived in-use priority for the SRRP instance.

VRRP policy associations may be added and removed at anytime. A maximum of two VRRP policies can be associated with a single SRRP instance.

The no form of the command removes the association with vrrp-policy-id from the SRRP instance.

Parameters 
vrrp-policy-id—
Specifies one or more VRRP policies with the SRRP instance.
Values—
1 to 9999

 

priority

Syntax 
priority priority
no priority
Context 
config>service>ies>sub-if>grp-if>srrp
Description 

This command overrides the default base priority for the SRRP instance. The SRRP instance priority is advertised by the SRRP instance to its neighbor router and is compared to the priority received from the neighbor router. The router with the best (highest) priority enters the master state while the other router enters the backup state. If the priority of each router is the same, the router with the lowest source IP address in the SRRP advertisement message assumes the master state.

The base priority of an SRRP instance can be managed by VRRP policies. A VRRP policy defines a set of connectivity or verification tests which, when they fail, may lower an SRRP instances base priority (creating an in-use priority for the instance). Every time an SRRP instances in-use priority changes when in master state, it sends an SRRP advertisement message with the new priority. If the dynamic priority drops to zero or receives an SRRP Advertisement message with a better priority, the SRRP instance transitions to the becoming backup state. When the priority command is not specified, or the no priority command is executed, the system uses a default base priority of 100. The priority command may be executed at anytime.

The no form of the command restores the default base priority to the SRRP instance. If a VRRP policy is associated with the SRRP instance, it will use the default base priority as the basis for any modifications to the SRRP instances in-use priority.

Parameters 
priority—
Specifies a base priority for the SRRP instance to override the default.
Values—
1 to 254

 

2.5.2.6. IES Interface DHCP Commands

dhcp

Syntax 
dhcp
Context 
config>service>ies>if
config>service>ies>sub-if
config>service>ies>sub-if>grp-if
Description 

This command enters the context to configure DHCP parameters.

client-applications

Syntax 
client-applications {[dhcp] [ppp]}
no client-applications
Context 
config>service>ies>sub-if>grp-if>dhcp
Description 

This command enables the clients that will try to contact the DHCP server(s).

The no form of the command removes the server client type from the configuration.

Parameters 
dhcp—
Specifies that the DHCP relay will forward requests to the DHCP server(s).‘
ppp—
Specifies that PPPoE will attempt to request an IP address for a PPPoE client from the DHCP server(s).

action

Syntax 
action {replace | drop | keep}
no action
Context 
config>service>ies>if>dhcp>option
config>service>ies>sub-if>grp-if>dhcp>option
Description 

This command configures the Relay Agent Information Option (Option 82) processing.

The no form of this command returns the system to the default value.

Default 

no action

Parameters 
replace—
In the upstream direction (from the user), the Option 82 field from the router is inserted in the packet (overwriting any existing Option 82 field). In the downstream direction (towards the user) the Option 82 field is stripped (in accordance with RFC 3046).
drop—
The DHCP packet is dropped if an Option 82 field is present, and a counter is incremented.
keep—
The existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is forwarded towards the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert his own VSO into the Option 82 field. This will only be done when the incoming message has already an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO will be added to the message.

circuit-id

Syntax 
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
no circuit-id
Context 
config>service>ies>if>dhcp>option
config>service>ies>sub-if>grp-if>dhcp>option
Description 

When enabled, the router sends either an ASCII tuple, or the interface index (If Index), on the specified SAP ID in the circuit-id sub-option of the DHCP packet.

If disabled, the circuit-id sub-option of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default 

circuit-id ascii-tuple

Parameters 
ascii-tuple—
Specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by “|”.
ifindex—
Specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>if>detail.
sap-id—
Specifies that the SAP ID will be used.
vlan-ascii-tuple—
Specifies that the format will include VLAN ID, dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Thus, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

match-circuit-id

Syntax 
[no] match-circuit-id
Context 
config>service>ies>sub-if>grp-if>dhcp
Description 

This command enables Option 82 circuit ID on relayed DHCP packet matching.

For Routed CO, the group interface DHCP relay process is stateful. When packets are relayed to the server the virtual router ID, transaction ID, SAP ID, and client hardware MAC address of the relayed packet are tracked. When a response is received from the server the virtual router ID, transaction ID, and client HW MAC address must be matched to determine the SAP on which to send the packet out. In some cases, the virtual router ID, transaction ID, and client hardware MAC address are not guaranteed to be unique.

When the match-circuit-id command is enabled, it is used as part of the key to guarantee correctness in our lookup. This is really only needed when we are dealing with an IP aware DSLAM that proxies the client HW mac address.

Default 

no match-circuit-id

option

Syntax 
[no] option
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>grp-if>dhcp
Description 

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 sub-options.

The no form of this command returns the system to the default.

Default 

no option

remote-id

Syntax 
remote-id [mac | string string]
no remote-id
Context 
config>service>ies>if>dhcp>option
config>service>ies>sub-if>grp-if>dhcp>option
Description 

When enabled, the router sends the MAC address of the remote end (typically the DHCP client) in the remote-id sub-option of the DHCP packet. This command identifies the host at the other end of the circuit.

If disabled, the remote-id sub-option of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default 

remote-id

Parameters 
mac—
Specifies the MAC address of the remote end is encoded in the sub-option.
string string
Specifies the remote-id.

vendor-specific-option

Syntax 
[no] vendor-specific-option
Context 
config>service>ies>if>dhcp>option
config>service>ies>sub-if>grp-if>dhcp>option
Description 

This command configures the vendor specific sub-option of the DHCP relay packet.

client-mac-address

Syntax 
[no] client-mac-address
Context 
config>service>ies>if>dhcp>option>vendor
config>service>ies>sub-if>grp-if>dhcp>option>vendor
Description 

This command enables the sending of the MAC address in the vendor specific sub-option of the DHCP relay packet.

The no form of the command disables the sending of the MAC address in the vendor specific sub-option of the DHCP relay packet.

sap-id

Syntax 
[no] sap-id
Context 
config>service>ies>if>dhcp>option>vendor
config>service>ies>sub-if>grp-if>dhcp>option>vendor
Description 

This command enables the sending of the SAP ID in the vendor specific sub-option of the DHCP relay packet.

The no form of the command disables the sending of the SAP ID in the vendor specific sub-option of the DHCP relay packet.

service-id

Syntax 
[no] service-id
Context 
config>service>ies>if>dhcp>option>vendor
Description 

This command enables the sending of the service ID in the vendor specific sub-option of the DHCP relay packet.

The no form of the command disables the sending of the service ID in the vendor specific sub-option of the DHCP relay packet.

string

Syntax 
[no] string text
Context 
config>service>ies>if>dhcp>option>vendor
config>service>ies>sub-if>grp-if>dhcp>option>vendor
Description 

This command specifies the string in the vendor specific sub-option of the DHCP relay packet.

The no form of the command returns the default value.

Parameters 
text—
The string can be any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

system-id

Syntax 
[no] system-id
Context 
config>service>ies>if>dhcp>option>vendor
config>service>ies>sub-if>grp-if>dhcp>option>vendor
Description 

This command specifies whether the system-id is encoded in the vendor specific sub-option of Option 82.

proxy-server

Syntax 
proxy-server
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>grp-if>dhcp
Description 

This command configures the DHCP proxy server.

emulated-server

Syntax 
emulated-server ip-address
no emulated-server
Context 
config>service>ies>if>dhcp>proxy-server
config>service>ies>sub-if>grp-if>dhcp>proxy-server
Description 

This command configures the IP address which will be used as the DHCP server address in the context of this SAP. Typically, the configured address should be in the context of the subnet represented by service.

The no form of this command reverts to the default setting. The local proxy server will not become operational without the emulated-server address being specified.

Parameters 
ip-address—
Specifies the emulated server address.

lease-time

Syntax 
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [override]
no lease-time
Context 
config>service>ies>if>dhcp>proxy-server
config>service>ies>sub-if>grp-if>dhcp>proxy-server
Description 

This command defines the length of lease-time that will be provided to DHCP clients. By default the local-proxy-server will always make use of the lease-time information provide by either a RADIUS or DHCP server.

The no form of this command disables the use of the lease-time command. The local-proxy-server will use the lease-time offered by either a RADIUS or DHCP server.

Default 

7 days 0 hours 0 seconds

Parameters 
override—
Specifies that the local-proxy-server will use the configured lease-time information to provide DHCP clients.
days—
Specifies the number of days that the given IP address is valid.
Values—
0 to 3650

 

hours—
Specifies the number of hours that the given IP address is valid.
Values—
0 to 23

 

minutes—
Specifies the number of minutes that the given IP address is valid.
Values—
0 to 59

 

seconds—
Specifies the number of seconds that the given IP address is valid.
Values—
0 to 59

 

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>ies>if>dhcp
Description 

This command specifies a python policy to be used for DHCPv4. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
Specifies the name of an existing python script up to 32 characters in length.

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>ies>if>dhcp6-relay
Description 

This command specifies a python policy to be used for DHCPv6 relay. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
Specifies the name of an existing python script up to 32 characters in length.

relay-proxy

Syntax 
relay-proxy [release-update-src-ip] [siaddr-override ip-address]
no relay-proxy
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>dhcp
config>service>ies>sub-if>grp-if>dhcp
config>service>vprn>if>dhcp
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command enables the DHCPv4 relay proxy function on the interface. The command has no effect when no dhcp servers are configured (DHCPv4 relay not configured). By default, unicast DHCPv4 release messages are forwarded transparently.

A relay proxy enhances the relay such that it also relays unicast client DHCPv4 REQUEST messages (lease renewals).

  1. In the upstream direction, update the source IP address and add the gateway IP address (gi-address) field before sending the message to the intended DHCP server (the message is not broadcast to all configured DHCP servers.
  2. In the downstream direction, remove the gi-address and update the destination IP address to the address of the yiaddr (your IP address) field.

The optional release-update-src-ip parameter updates the source IP address of a DHCP RELEASE message with the address used for relayed DHCPv4 messages.

The optional siaddr-override ip-address parameter enables DHCP server IP address hiding towards the client. This parameter requires that lease-populate is enabled on the interface. The DHCP server ip address is required for the address hiding function and is stored in the lease state record. The client interacts with the relay proxy as if it is the DHCP server. In all DHCP messages to the client, the value of following header fields and DHCP options containing the DHCP server IP address is replaced with the configured <ip-address>:

  1. the “source IP address” field in the IP DHCPv4 packet header
  2. the “siaddr” field in the DHCPv4 header if not equal to zero in the message received from the server
  3. the Server Identification option (DHCPv4 option 54) if present in the original server message
  4. the source IP address field in the IP packet header

DHCP OFFER selection during initial binding is done in the relay-proxy. Only the first DHCP OFFER message is forwarded to the client. Subsequent DHCP OFFER messages from different servers are silently dropped.

Default 

no relay-proxy

Parameters 
release-update-src-ip—
Updates the source IP address of a DHCP RELEASE message with the address used for relayed DHCPv4 messages
ip-address
Enables DHCPv4 server address hiding towards the DHCPv4 client and activates DHCPv4 OFFER selection in case multiple DHCP servers are configured. The ip-address can be any local address in the same routing instance. If DHCP relay lease-split is enabled, siaddr-override ip-address has priority over the emulated-server ip-address configured in the proxy-server and will be used as the source IP address.

server

Syntax 
server server1 [server2]
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>grp-if>dhcp
Description 

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list.

Default 

no server

Parameters 
server—
Specifies up to eight DHCP server IP address. There can be a maximum of 8 DHCP servers configured.

trusted

Syntax 
[no] trusted
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>grp-if>dhcp
Description 

According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the gi-addr is 0.0.0.0 and which contains an Option 82 field in the packet, should be discarded, unless it arrives on a trusted circuit. If trusted mode is enabled on an IP interface, the Relay Agent (the router) will modify the request's gi-addr to be equal to the ingress interface and forward the request.

This behavior only applies when the action in the Relay Agent Information Option is "keep". In the case where the Option 82 field is being replaced by the Relay Agent (action = replace), the original Option 82 information is lost anyway, and there is thus no reason for enabling the trusted option.

The no form of this command returns the system to the default.

Default 

not enabled

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>ies>sub-if>grp-if>dhcp
Description 

This command configures the local user database to use for authentication.

The no form of the command removes the value from the configuration.

Default 

no user-db

Parameters 
local-user-db-name—
Specifies the local user database to use for authentication.

enable-ingress-stats

Syntax 
[no] enable-ingress-stats
Context 
config>router>interface
config>service>ies >interface
config>service>vprn>interface
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, then the following statistics are collected:

  1. IPv4 offered packets
  2. IPv4 offered octets
  3. IPv6 offered packets
  4. IPv6 offered octets
  5. Octet statistics for IPv4 and IPv6 bytes at IP interfaces include the layer 2 frame overhead.
Default 

no enable-ingress-stats

filter

Syntax 
filter filter-id
no filter
Context 
config>service>ies>sub-if>grp-if>dhcp
Description 

This command configures the DHCP filter for this interface.

Parameters 
filter-id—
Specifies the filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535

 

gi-address

Syntax 
gi-address ip-address [src-ip-addr]
no gi-address
Context 
config>service>ies>if>dhcp
config>service>ies>sub-if>grp-if>dhcp
Description 

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed, when the router functions as a DHCP relay, to distinguish between different interfaces.

By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address. For group interfaces a GI address must be specified under the group interface DHCP context or subscriber-interface DHCP context in order for DHCP to function.

Default 

no gi-address

Parameters 
ip-address—
Specifies the host IP address to be used for DHCP relay packets.
src-ip-address—
Specifies that this GI address is to be the source IP address for DHCP relay packets.

2.5.2.7. PPPoE Commands

pppoe

Syntax 
[no] pppoe
Context 
config>service>ies>sub-if>grp-if
Description 

This command enters the context to configure PPPoE parameters.

dhcp-client

Syntax 
dhcp-client
Context 
config>service>ies>sub-if>grp-if>pppoe
Description 

This command enters the context to configure the PPPoE-to-DHCP options.

ccag-use-origin-sap

Syntax 
[no] ccag-use-origin-sap
Context 
config>service>ies>sub-if>grp-if>pppoe>dhcp-client
Description 

This command enables the original VPLS SAP to be included in the circuit-id option to send to the DHCP server (in case this interface is connected to a VPLS by a CCA MDA).

The no form of the command disables the feature.

Default 

no ccag-use-origin-sap

pap-chap-user-db

Syntax 
pap-chap-user-db local-user-db-name
no pap-chap-user-db
Context 
config>service>ies>sub-if>grp-if>pppoe
Description 

This command configures the local user database to use for PPP Challenge-Handshake Authentication Protocol/Password Authentication Protocol (PAP/CHAP) authentication.

If an authentication policy is also configured, pppoe-access-method must be set to none in this authentication policy to use the local user database (in that case RADIUS authentication will not be used for PPPoE hosts).

Parameters 
local-user-db-name—
Specifies the local user database to use for authentication.

policy

Syntax 
policy pppoe-policy-name
no policy
Context 
config>service>ies>sub-if>grp-if>pppoe
Description 

This command associates a PPPoE policy on this interface.

Default 

policy

Parameters 
pppoe-policy-name—
Specifies a PPPoE policy up to 32 characters in length on this interface.

sap-session-limit

Syntax 
sap-session-limit sap-session-limit
no sap-session-limit
Context 
config>service>ies>sub-if>grp-if>pppoe
Description 

This command specifies the number of PPPoE hosts per SAP allowed for this group-interface.

Default 

sap-session-limit 1

Parameters 
sap-session-limit—
Specifies the number of PPPoE hosts per SAP allowed.
Values—
1 to 20000

 

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>ies>sub-if>grp-if>pppoe
Description 

This command specifies the number of PPPoE hosts allowed for this group interface.

Default 

session-limit 1

Parameters 
session-limit—
Specifies the number of PPPoE hosts allowed.
Values—
1 to 20000

 

2.5.2.8. IES Interface ICMP Commands

hold-time

Syntax 
hold-time
Context 
config>service>ies>interface
config>service>ies>subscriber-interface
config>service>ies>redundant-interface
config>service>vprn>interface
config>service>vprn>network-interface
config>service>vprn>subscriber-interface
config>service>vprn>redundant-interface
Description 

This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface.

The up timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the deactivation of the associated interface for the specified amount of time.

The down timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the activation of the associated interface for the specified amount of time

up

Syntax 
up ip seconds
no up ip
up ipv6 seconds
no up ipv6
Context 
config>service>ies>if>hold-time
config>service>ies>sub-if>hold-time
config>service>ies>red-if>hold-time
config>service>vprn>if>hold-time
config>service>vprn>nw-if>hold-time
config>service>vprn>sub-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of the command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Parameters 
seconds—
The time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

down

Syntax 
down ip seconds [init-only]
no up ip
up ipv6 seconds [init-only]
no up ipv6
Context 
config>service>ies>if>hold-time
config>service>ies>sub-if>hold-time
config>service>ies>red-if>hold-time
config>service>vprn>if>hold-time
config>service>vprn>nw-if>hold-time
config>service>vprn>sub-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of the command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it completes.

Parameters 
seconds—
The time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

init-only
Specifies that the down delay is only applied when the interface is configured or after a reboot.
Values—
1 to 1200

 

icmp

Syntax 
icmp
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command enters the context to configure Internet Control Message Protocol (ICMP) parameters on an IES service

mask-reply

Syntax 
[no] mask-reply
Context 
config>service>ies>if>icmp
config>service>ies>sub-if>grp-if>icmp
Description 

This command enables responses to Internet Control Message Protocol (ICMP) mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance will reply to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default 

mask-reply — Reply to ICMP mask requests.

param-problem

Syntax 
param-problem number seconds
no param-problem
Context 
config>service>ies>if>icmp
config>service>ies>if>icmp6
Description 

This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface. The no form of the command disables the sending of parameter-problem ICMP messages.

Default 

param-problem 100 10

Parameters 
number—
Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.
Values—
10 to 1000

 

Default—
100
seconds—
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.
Values—
1 to 60

 

Default—
10

redirects

Syntax 
redirects [number seconds]
no redirects
Context 
config>service>ies>if>icmp
config>service>ies>sub-if>grp-if>icmp
Description 

This command configures the rate for Internet Control Message Protocol (ICMP) redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

The no form of this command disables the generation of icmp redirects on the router interface.

Default 

redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.

Parameters 
number—
The maximum number of ICMP redirect messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 1000

 

seconds—
The time frame in seconds used to limit the number of ICMP redirect messages that can be issued.
Values—
1 to 60

 

ttl-expired

Syntax 
ttl-expired number seconds
no ttl-expired
Context 
config>service>ies>if>icmp
config>service>ies>sub-if>grp-if>icmp
Description 

This command configures the rate Internet Control Message Protocol (ICMP) TTL expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the limiting the rate of TTL expired messages on the router interface.

Default 

ttl-expired 100 10

Parameters 
number—
The maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.
Values—
10 to 2000

 

seconds—
The time frame in seconds used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer.
Values—
1 to 60

 

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>ies>if>icmp
config>service>ies>sub-if>grp-if>icmp
Description 

This command configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and time parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 10 per 60 second time interval.

The no form of this command disables the generation of icmp destination unreachable messages on the router interface.

Default 

unreachables 100 10

Parameters 
number—
The maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 2000

 

seconds—
The time frame in seconds used to limit the number of ICMP unreachable messages that can be issued.
Values—
1 to 60

 

if-attribute

Syntax 
if-attribute
Context 
config>router
config>router>interface
config>service>ies>interface
config>service>vprn>interface
Description 

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

admin-group

Syntax 
admin-group group-name [group-name]
no admin-group group-name [group-name]
no admin-group
Context 
config>router>if>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>interface
Description 

This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured admin-group membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the admin groups bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies up to five groups, each up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. Each single operation of the admin-group command allows a maximum of 5 groups to be specified. However, a maximum of 32 groups can be added to a given interface through multiple operations.

srlg-group

Syntax 
srlg-group group-name [group-name...(up to 5 max)]
no srlg-group group-name [group-name...(up to 5 max)]
no srlg-group
Context 
config>router>if>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>interface
Description 

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

An interface can belong to up to 64 SRLG groups. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. Each single operation of the srlg-group command allows a maximum of 5 groups to be specified at a time.

2.5.2.9. IES Interface IPv6 Commands

ipv6

Syntax 
[no] ipv6
Context 
config>service>ies>if
Description 

This command enters the context to configure IPv6 for an IES interface.

address

Syntax 
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
Context 
config>service>ies>if>ipv6
Description 

This command assigns an IPv6 address to the IES interface.

Parameters 
ipv6-address/prefix-length—
Specifies the IPv6 address on the interface.
Values—

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

 

eui-64—
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
track-srrp srrp-instance
Specifies the SRRP instance ID that this interface route needs to track.
Values—
1 to 4294967295

 

modifier cga-modifier
Specifies the modifier in 32 hexadecimal nibbles.
Values—
0x0–0xFFFFFFFF

 

dad-disable—
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
primary-preference primary-preference
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.

When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.

The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.

Values—
1 to 4294967295

 

dad-disable

Syntax 
[no] dad-disable
Context 
config>service>ies>if>ipv6
Description 

This command disables duplicate address detection (DAD) on a per-interface basis. This prevents the router from performing a DAD check on the interface. All IPv6 addresses of an interface with DAD disabled, immediately enter a preferred state, without checking for uniqueness on the interface. This is useful for interfaces which enter a looped state during troubleshooting and operationally disable themselves when the loop is detected, requiring manual intervention to clear the DAD violation.

The no form of the command turns off dad-disable on the interface.

Default 

no dad-disable

dhcp6-relay

Syntax 
[no] dhcp6-relay
Context 
config>service>ies>if>ipv6
Description 

This command enters the context to configure DHCPv6 relay parameters for the IES interface.

The no form of the command disables DHCPv6 relay.

lease-populate

Syntax 
lease-populate [nbr-of-leases]
lease-populate [nbr-of-leases] route-populate [pd] na [ta]
lease-populate [nbr-of-leases] route-populate pd [na] [ta] [exclude]
lease-populate [nbr-of-leases] route-populate [pd] [na] ta
no lease-populate
Context 
config>service>ies>if>ipv6>dhcp-relay
Description 

This command specifies the maximum number of DHCPv6 lease states allocated by the DHCPv6 relay function, allowed on this interface.

Optionally, by specifying “route-populate” parameter, system could:

  1. Create routes based on the IA_PD/IA_NA/IA_TA prefix option in relay-reply message.
  2. Create black hole routes based on OPTION_PD_EXCLUDE in IA_PD in relay-reply message.

These routes could be redistributed into IGP/BGP by using route-policy, following protocol types that could be used in “from protocol”:

  1. dhcpv6-pd
  2. dhcpv6-na
  3. dhcpv6-ta
  4. dhcpv6-pd-excl
Parameters 
nbr-of-entries—
Defines the number lease state table entries allowed for this interface. If this parameter is omitted, only a single entry is allowed. Once the maximum number of entries has been reached, subsequent lease state entries are not allowed and subsequent DHCPv6 ACK messages are discarded.
Values—
1 to 8000

 

route-populate—
Specifies the route populate parameter.
Values—
pd/na/ta — Create route based on specified option.

 

                    exclude — Create blackhole route based on OPTION_PD_EXCLUDE.

link-address

Syntax 
link-address ipv6-address
no link-address
Context 
config>service>ies>if>ipv6>dhcp6-relay
Description 

This command configures the link address used for prefix selection at the DHCP server.

The link-address is a field in DHCP6 Relay-Forward message that is used in DHCP6 server to select the IPv6 address (IA-NA) or IPv6 prefix (IA-PD) from a pool with configured prefix range covering the link-address. The selection scope is the pool or a prefix range within the pool.

The no form of the command reverts to the default.

Default 

no link-address

Parameters 
ipv6-address—
Specifies the link-address.
Values—

<ipv6-address>

ipv6-address - x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

 

neighbor-resolution

Syntax 
[no] neighbor-resolution
Context 
config>service>ies>if>ipv6>dhcp6-relay
Description 

This command enables neighbor resolution with DHCPv6 relay.

The no form of the command disables neighbor resolution.

option

Syntax 
[no] option
Context 
config>service>ies>if>ipv6>dhcp6-relay
Description 

This command enters the context to configure DHCPv6 relay information options.

The no form of the command disables DHCPv6 relay information options.

interface-id

Syntax 
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
no interface-id
Context 
config>service>ies>if>ipv6>dhcp6>option
Description 

This command enables the sending of interface ID options in the DHCPv6 relay packet.

The no form of the command disables the sending of interface ID options in the DHCPv6 relay packet

Parameters 
ascii-tuple—
Specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by “|”.
ifindex—
Specifies that the interface index will be used (the If Index of a router interface can be displayed using the command show>router>if>detail).
sap-id—
Specifies that the SAP identifier will be used.
string—
Specifies a string of up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

remote-id

Syntax 
[no] remote-id
Context 
config>service>ies>if>ipv6>dhcp6>option
Description 

This command enables the sending of remote ID option in the DHCPv6 relay packet.

The client DHCP Unique Identifier (DUID) is used as the remote ID.

The no form of the command disables the sending of remote ID option in the DHCPv6 relay packet.

server

Syntax 
server ipv6-address [ipv6-address]
Context 
config>service>ies>if>ipv6>dhcp6
Description 

This command specifies a list of servers where DHCPv6 requests will be forwarded. The list of servers can entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCPv6 relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list.

Default 

no server

Parameters 
ipv6-address—
Specifies the IPv6 addresses of the DHCP servers where the DHCPv6 requests will be forwarded. Up to 8 addresses can be specified.
Values—

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

 

source-address

Syntax 
source-address ipv6-address
no source-address
Context 
config>service>ies>if>ipv6>dhcp6
Description 

This command configures the source IPv6 address of the DHCPv6 relay messages.

Parameters 
ipv6-address—
Specifies the source IPv6 address of the DHCPv6 relay messages.
Values—

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

 

dhcp6-server

Syntax 
[no] dhcp6-server
Context 
config>service>ies>if>ipv6
Description 

This command enters the context to configure DHCPv6 server parameters for the IES interface.

The no form of the command disables the DHCPv6 server.

max-nbr-of-leases

Syntax 
max-nbr-of-leases max-nbr-of-leases
no max-nbr-of-leases
Context 
config>service>ies>if>ipv6>dhcp6-server
Description 

This command configures the maximum number of lease states installed by the DHCPv6 server function allowed on this interface.

The no form of the command returns the value to the default.

Default 

max-nbr-of-leases 8000

Parameters 
max-nbr-of-leases—
Specifies the maximum number of lease states installed by the DHCPv6 server function allowed on this interface.
Values—
0 to 8000

 

prefix-delegation

Syntax 
[no] prefix-delegation
Context 
config>service>ies>if>ipv6>dhcp6-server
Description 

This command configures prefix delegation options for delegating a long-lived prefix from a delegating router to a requesting router, where the delegating router does not require knowledge about the topology of the links in the network to which the prefixes will be assigned.

The no form of the command disables prefix-delegation.

prefix

Syntax 
[no] prefix ipv6-address/prefix-length
Context 
config>service>ies>if>ipv6>dhcp6-server>pfx-delegate
Description 

This command specifies the IPv6 prefix that will be delegated by this system.

Parameters 
ipv6-address/prefix-length—
Specifies the IPv6 address on the interface.
Values—

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

 

duid

Syntax 
duid duid [iaid iaid]
no duid
Context 
config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix
Description 

This command configures the DHCP Unique Identifier (DUID) of the DHCP client.

Parameters 
duid—
Specifies the ID of the requesting router. If set to a non-zero value the prefix defined will only be delegated to this router. If set to zero, the prefix will be delegated to any requesting router.
iaid iaid
Specifies the identity association identification (IAID) from the requesting router that needs to match in order to delegate the prefix defined in this row. If set to 0 no match on the received IAID is done.

preferred-lifetime

Syntax 
preferred-lifetime seconds
preferred-lifetime infinite
no preferred-lifetime
Context 
config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix
Description 

This command configures the IPv6 prefix/mask preferred life time. The preferred-lifetime value cannot be bigger than the valid-lifetime value.

The no form of the command reverts to the default value.

Default 

604800 seconds (7 days)

Parameters 
seconds—
Specifies the time, in seconds, that this prefix remains preferred.
Values—
1 to 4294967294

 

infinite—
Specifies that this prefix remains preferred infinitely.

valid-lifetime

Syntax 
valid-lifetime seconds
valid-lifetime infinite
no valid-lifetime
Context 
config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix
Description 

This command configures the time, in seconds, that the prefix is valid. 4,294,967,295 represents infinity.

The no form of the command reverts to the default value.

Default 

2592000 seconds (30 days)

Parameters 
seconds—
Specifies the time, in seconds, that this prefix remains valid.
Values—
1 to 4294967295

 

infinite—
Specifies that this prefix remains valid infinitely.

icmp6

Syntax 
icmp6
Context 
config>service>ies>if>ipv6
Description 

This command configures ICMPv6 parameters for the IES interface.

packet-too-big

Syntax 
packet-too-big [number seconds]
no packet-too-big
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command specifies whether “packet-too-big” ICMPv6 messages should be sent. When enabled, ICMPv6 “packet-too-big” messages are generated by this interface.

The no form of the command disables the sending of ICMPv6 “packet-too-big” messages.

Default 

packet-too-big 100 10

Parameters 
number —
Specifies the number of “packet-too-big” ICMPv6 messages to send in the time frame specified by the seconds parameter.
Values—
10 to 1000

 

Default—
100
seconds—
Specifies the time frame in seconds that is used to limit the number of “packet-too-big” ICMPv6 messages issued.
Values—
1 to 60

 

Default—
10

redirects

Syntax 
redirects [number seconds]
no redirects
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command configures ICMPv6 redirect messages. When enabled, ICMPv6 redirects are generated when routes are not optimal on this router and another router on the same subnetwork has a better route in order to alert that node that a better route is available.

When disabled, ICMPv6 redirects are not generated.

Default 

redirects 100 10

Parameters 
number —
Specifies the number of version 6 redirects are to be issued in the time frame specified by the seconds parameter.
Values—
10 to 1000

 

Default—
100
seconds—
Specifies the time frame in seconds that is used to limit the number of version 6 redirects issued.
Values—
1 to 60

 

Default—
10

time-exceeded

Syntax 
time-exceeded [number seconds]
no time-exceeded
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command specifies whether “time-exceeded” ICMPv6 messages should be sent. When enabled, ICMPv6 “time-exceeded” messages are generated by this interface.

When disabled, ICMPv6 “time-exceeded” messages are not sent.

Default 

time-exceeded 100 10

Parameters 
number —
Specifies the number of “time-exceeded” ICMPv6 messages are to be issued in the time frame specified by the seconds parameter.
Values—
10 to 2000

 

Default—
100
seconds—
Specifies the time frame in seconds that is used to limit the number of “time-exceeded” ICMPv6 message to be issued.
Values—
1 to 60

 

Default—
10

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>ies>if>ipv6>icmp6
Description 

This command specifies that ICMPv6 host and network unreachable messages are generated by this interface.

When disabled, ICMPv6 host and network unreachable messages are not sent.

Default 

unreachables 100 10

Parameters 
number —
Specifies the number of destination unreachable ICMPv6 messages are issued in the time frame specified by the seconds parameter.
Values—
10 to 2000

 

Default—
100
seconds—
Specifies the time frame in seconds that is used to limit the number of destination unreachable ICMPv6 messages to be issued.
Values—
1 to 60

 

Default—
10

link-local-address

Syntax 
link-local-address ipv6-address [dad-disable]
no link-local-address
Context 
config>router>if>ipv6
config>service>ies>if>ipv6
config>service>vprn>if>ipv6
Description 

This command configures the IPv6 link local address.

The no form of the command removes the configured link local address, and the router automatically generates a default link local address.

Caution:

Removing a manually configured link local address may impact routing protocols or static routes that have a dependency on that address. It is not recommended to remove a link local address when there are active IPv6 subscriber hosts on an IES or VPRN interface.

Parameters 
dad-disable—
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.

local-proxy-nd

Syntax 
[no] local-proxy-nd
Context 
config>service>ies>if>ipv6
Description 

This command enables local proxy neighbor discovery on the interface.

The no form of the command disables local proxy neighbor discovery.

nd-learn-unsolicited

Syntax 
nd-learn-unsolicited {global | link-local | both}
no nd-learn-unsolicited
Context 
config>service>ies>if>ipv6
Description 

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of the command makes the router use standard RFC 4861 behavior, as described below, for learning of neighbor entries.

  1. If an unsolicited NA, regardless of the S flag, is received from a neighbor that is not yet in the ND cache, the NA is ignored.
  2. If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the stale state.
Parameters 
global—
Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.
link-local—
Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
both—
Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

nd-populate-host-route

Syntax 
[no] nd-populate-host-route
Context 
config>service>ies>interface>ipv6
Description 

This command enables the addition or deletion of host routes in the route-table derived from neighbor entries in the neighbor cache. To enable this command, the interface must be shut down. The command triggers the population of host routes in the route table out of their corresponding static, dynamic, or EVPN types in the neighbor table. Neighbor entries installed by subscriber management, local interfaces, and others, do not create host-routes.

Only reachable entries are added to the route table (entries are created from solicited NA messages). Entries created as stale — from Neighbor Solicitation (NS), unsolicited Neighbor Advertisements (NA), Router Solicitation (RS), Router Advertisement (RA), and Redirect messages — are not added to the route table because the neighbor is not confirmed as two-way.

  1. RA, RS, NS, and Redirect messages with a link layer address are added as STALE cache entries. Unsolicited NAs are added as STALE if nd-learn-unsolicited is configured.
  2. To speed up the addition of host routes to the route table for neighbors created as STALE, the following procedure is used:
    1. If nd-populate-host-route is configured, the router sends an NS (unicast Neighbor Unreachability Detection (NUD) message) to the neighbor created as STALE. Only one NUD message is sent.
    2. If nd-populate-host-route is not configured, no confirmation message is sent and regular procedures apply.
  3. When the solicited NA for the neighbor is received, the entry becomes reachable and is then added to the route-table.

The no form of this command disables the creation of host routes from the neighbor cache.

nd-proactive-refresh

Syntax 
nd-proactive-refresh {global | link-local | both}
no nd-proactive-refresh
Context 
config>service>ies>if>ipv6
Description 

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends a NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of the command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters 
global—
Refreshes global neighbor entries.
link-local—
Refreshes link local neighbor entries.
both—
Refreshes both global and link local neighbor entries.

nd-route-tag

Syntax 
nd-route-tag tag
no nd-route-tag
Context 
config>service>ies>if>ipv6
Description 

This command adds a route tag to the ARP-ND host routes generated out of the neighbor entries in the interface. As any other route tag, it can be used to match ARP-ND routes in BGP export policies.

The no form of this command removes the route tag for the ARP-ND host routes.

Parameters 
tag—
Specifies the route tag to be added when the proxy ND entries are advertised to EVPN.
Values—
1 to 255

 

proxy-nd-policy

Syntax 
proxy-nd-policy policy-name [policy-name]
no proxy-nd-policy
Context 
config>service>ies>if>ipv6
Description 

This command applies a proxy neighbor discovery policy for the interface.

Parameters 
policy-name—
Specifies an existing neighbor discovery policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified policy name(s) must already be defined. Up to 5 policy-names can be specified in a single statement.

neighbor

Syntax 
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context 
config>service>ies>if>ipv6
Description 

This command configures IPv6-to-MAC address mapping on the IES interface.

Default 

n/a

Parameters 
ipv6-address—
The IPv6 address of the interface for which to display information.
Values—

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

 

mac-address—
Specifies the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

neighbor-limit

Syntax 
neighbor-limit limit [log-only] [threshold percent]
no neighbor-limit
Context 
config>service>ies>if>ipv6
Description 

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of the command removes the neighbor-limit.

Default 

no neighbor-limit

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent —
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

limit —
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
Values—
0 to 102400

 

backup

Syntax 
[no] backup ip-address
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command configures virtual router IP addresses for the interface.

init-delay

Syntax 
init-delay seconds
no init-delay
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command configures a VRRP initialization delay timer.

Default 

no init-delay

Parameters 
seconds—
Specifies the initialization delay timer for VRRP, in seconds.
Values—
1 to 65535

 

mac

Syntax 
mac mac-address
no mac
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system).

Parameters 
mac-address —
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax 
[no] master-int-inherit
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command allows the master instance to dictate the master down timer (non-owner context only).

Default 

no master-int-inherit

message-interval

Syntax 
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different than the virtual router instance configured message-interval value will be silently discarded.

The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second will be used.

The no form of this command restores the default message interval value of 1 second to the virtual router instance.

Parameters 
seconds—
The number of seconds that will transpire before the advertisement timer expires.
Values—
1 to 255

 

Default—
1
milliseconds milliseconds
Specifies the time interval, in milliseconds, between sending advertisement messages.
Values—
100 to 900

 

ping-reply

Syntax 
[no] ping-reply
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental Ip interface or based on the ping source host address). when ping-reply is not enabled, icmp Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.

Default 

no ping-reply

policy

Syntax 
policy vrrp-policy-id
no policy
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.

The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.

The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.

The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.

Default 

n/a

Parameters 
vrrp-policy-id—
The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.
Values—
1 to 9999

 

preempt

Syntax 
[no] preempt
Context 
config>service>ies>if>ipv6>vrrp
Description 

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an “in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The default value for preempt mode is enabled.

Default 

preempt

priority

Syntax 
priority base-priority
no priority
Context 
config>service>ies>if>ipv6>vrrp
Description 

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters 
base-priority—
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Values—
1 to 254

 

Default—
100

standby-forwarding

Syntax 
[no] standby-forwarding
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command allows the forwarding of packets by a standby router.

The no form of the command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default 

no standby-forwarding

telnet-reply

Syntax 
[no] telnet-reply
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instances IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default 

no telnet-reply

traceroute-reply

Syntax 
[no] traceroute-reply
Context 
config>service>ies>if>ipv6>vrrp
Description 

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default 

no traceroute-reply

2.5.2.10. IES Spoke SDP Commands

spoke-sdp

Syntax 
[no] spoke-sdp sdp-id[:vc-id] [vc-type {ether | ipipe}] [create]
Context 
config>service>ies>if
config>service>ies>redundant-interface
Description 

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an IES service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default 

No sdp-id is bound to a service.

Special Cases 
IES—
At most, only one sdp-id can be bound to an IES service.
Parameters 
sdp-id—
The SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.
vc-id—
The virtual circuit identifier.
Values—
1 to 4294967295

 

vc-type—
The encapsulation and pseudowire type for the spoke-sdp.
Values—
ether: specifies Ethernet pseudowire as the type of virtual circuit (VC) associated with the SDP binding
ipipe: specifies Ipipe pseudowire as the type of virtual circuit (VC) associated with the SDP binding

 

Default—
ether

egress

Syntax 
egress
Context 
config>service>ies>if>spoke-sdp
config>service>ies>red-if>spoke-sdp
Description 

This command configures the egress SDP context.

qos

Syntax 
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
no qos [network-policy-id]
Context 
config>service>pw-template>egress
config>service>vprn>if>spoke-sdp>egress
config>service>ies>if>spoke-sdp>egress
Description 

This command is used to redirect pseudowire packets to an egress port queue-group for the purpose of shaping.

The egress pseudowire shaping provisioning model allows the mapping of one or more pseudowires to the same instance of queues, or policers and queues, which are defined in the queue-group template.

Operationally, the provisioning model consists of the following steps:

  1. Create an egress queue-group template and configure queues only or policers and queues for each FC that needs to be redirected.
  2. Apply the queue-group template to the network egress context of all ports where there exists a network IP interface on which the pseudowire packets can be forwarded. This creates one instance of the template on the egress of the port. One or more instances of the same template can be created.
  3. Configure FC-to-policer or FC-to-queue mappings together with the redirect to a queue-group in the egress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the egress context of a spoke-SDP inside a service or to the egress context of a pseudowire template and specify the redirect queue-group name.

One or more spoke-SDPs can have their FCs redirected to use queues only or queues and policers in the same queue-group instance.

The following are the constraints and rules of this provisioning model:

  1. When a pseudowire FC is redirected to use a queue or a policer and a queue in a queue-group and the queue-group name does not exist, the association is failed at the time the user associates the egress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface on which the pseudowire packet is forwarded. This queue can be a queue-group queue, or the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port. This is the existing implementation and default behavior for a pseudowire packet.
  2. When a pseudowire FC is redirected to use a queue or a policer, and a queue in a queue-group and the queue-group name exists, but the policer-id and/or the queue-id is not defined in the queue-group template, the association is failed at the time the user associates the egress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface the pseudowire packet is forwarded on.
  3. When a pseudowire FC is redirected to use a queue, or a policer and a queue in a queue-group, and the queue-group name exists and the policer-id or policer-id plus queue-id exist, it is not required to check that an instance of that queue-group exists in all egress network ports which have network IP interfaces. The handling of this is dealt with in the data path as follows:

When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name exists on that egress port, the packet is processed by the queue-group policer and will then be fed to the queue-group queue.

When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name does not exist on that egress port, the pseudowire packet will be fed directly to the corresponding egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.

  1. If a network QoS policy is applied to the egress context of a pseudowire, any pseudowire FC, which is not explicitly redirected in the network QoS policy, will have the corresponding packets feed directly the corresponding the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.

When the queue-group name the pseudowire is redirected to exists and the redirection succeeds, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP is performed; according to the relevant mappings of the (FC, profile) in the egress context of the network QoS policy applied to the pseudowire. This is true regardless, whether an instance of the queue-group exists or not on the egress port to which the pseudowire packet is forwarded. If the packet profile value changed due to egress child policer CIR profiling, the new profile value is used to mark the packet DEI/dot1p and the tunnel DEI/dot1p/EXP, and the DSCP/prec will be remarked if enable-dscp-prec-marking is enabled under the policer.

When the queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP fields is performed according to the relevant commands in the egress context of the network QoS policy applied to the network IP interface to which the pseudowire packet is forwarded.

The no version of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535

 

queue-group-name—
This optional parameter specifies that the queue-group-name will be used for all egress forwarding class redirections within the network QoS policy ID. The specified queue-group-name must exist as a port egress queue group on the port associated with the IP interface.
instance-id—
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 16384

 

vc-label

Syntax 
[no] vc-label egress-vc-label
Context 
config>service>ies>if>spoke-sdp>egress
config>service>ies>red-if>spoke-sdp>egress
Description 

This command configures the static MPLS VC label used by this device to send packets to the far-end device in this service via this SDP.

Parameters 
egress-vc-label—
A VC egress value that indicates a specific connection.
Values—
16 to 1048575

 

entropy-label

Syntax 
[no] entropy-label
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables or disables the use of entropy labels on a spoke-SDP bound to an IES interface.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and hash label features are mutually exclusive. The entropy label cannot be configured on a spoke-sdp or service where the hash label feature has already been configured.

Default 

no entropy-label

hash-label

Syntax 
hash-label [signal-capability]
no hash-label
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables the use of the hash label on a VLL, VPLS, or VPRN service bound to any MPLS-type encapsulated SDP, as well as to a VPRN service using auto-bind-tunnel with the resolution-filter configures as any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to 1 to indicate that.

In order to allow for applications whereby the egress LER infers the presence of the hash label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the hash label. This means that the value of the hash label will always be in the range [524,288 to 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. For VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets that are generated in CPM and forwarded labeled within the context of a service (for example, OAM packets) must also include a hash label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The user enables the signaling of the hash-label capability under a VLL spoke-sdp, a VPLS spoke-sdp or mesh-sdp, or an IES/VPRN spoke interface by adding the signal-capability option. In this case, the decision whether to insert the hash label on the user and control plane packets by the local PE is solely determined by the outcome of the signaling process and can override the local PE configuration. The following are the procedures:

  1. The local PE will insert the flow label interface parameters sub-TLV with F=1 in the PW ID FEC element in the label mapping message for that spoke-sdp or mesh-sdp.
  2. If the remote PE includes this sub-TLV with F=1 or F=0, then local PE must insert the hash label in the user and control plane packets.
  3. If remote PE does not include this sub-TLV (for example, it does not support it, or it is supported but the user did not enable the hash-label option or the signal-capability option), then the local PE establishes the PW but must not insert the hash label in the user and control packets over that spoke-sdp or mesh-sdp. If the remote PE does not support the signal-capability option, then there are a couple of possible outcomes:
    1. If the hash-label option was enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the PW packets received by the local PE will have the hash label included. These packets must be dropped. The only way to solve this is to disable the signaling capability option on the local node which will result in the insertion of the hash label by both PE nodes.
    2. If the hash-label option is not supported or was not enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the PW received by the local PE will not have the hash label included.
  4. The user can enable or disable the signal-capability option in CLI as needed. When doing so, the router must withdraw the label it sent to its peer and send a new label mapping message with the new value of the F bit in the flow label interface parameters sub-TLV of the PW ID FEC element.

The no form of this command disables the use of the hash label.

Default 

no hash-label

Parameters 
signal-capability—
Enables the signaling and negotiation of the use of the hash label between the local and remote PE nodes. The signal-capability option is not supported on a VPRN spoke-sdp.

ingress

Syntax 
ingress
Context 
config>service>ies>if>spoke-sdp
config>service>ies>red-if>spoke-sdp>egress
Description 

This command configures the ingress SDP context.

qos

Syntax 
qos network-policy-id fp-redirect-group queue-group-name instance instance-id]
no qos
Context 
config>service>pw-template>ingress
config>service>vprn>if>spoke-sdp>ingress
config>service>ies>if>spoke-sdp>ingress
Description 

This command is used to redirect pseudowire packets to an ingress forwarding plane queue-group for the purpose of rate-limiting.

The ingress pseudowire rate-limiting feature uses a policer in queue-group provisioning model. This model allows the mapping of one or more pseudowires to the same instance of policers, which are defined in a queue-group template.

Operationally, the provisioning model in the case of the ingress pseudowire shaping feature consists of the following steps:

  1. Create an ingress queue-group template and configure policers for each FC that needs to be redirected and optionally, for each traffic type (unicast, broadcast, unknown, or multicast).
  2. Apply the queue-group template to the network ingress forwarding plane where there exists a network IP interface to which the pseudowire packets can be received. This creates one instance of the template on the ingress of the FP. One or more instances of the same template can be created.
  3. Configure FC-to-policer mappings together with the policer redirect to a queue-group in the ingress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the ingress context of a spoke-SDP inside a service, or to the ingress context of a pseudowire template, and specify the redirect queue-group name.
  5. One or more spoke-SDPs can have their FCs redirected to use policers in the same policer queue-group instance.

The following are the constraints and rules of this provisioning model when used in the ingress pseudowire rate-limiting feature:

  1. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name does not exist, the association is failed at the time the user associates the ingress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  2. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists but the policer-id is not defined in the queue-group template, the association is failed at the time the user associates the ingress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  3. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists and the policer-id is defined in the queue-group template, it is not required to check that an instance of that queue-group exists in all ingress FPs which have network IP interfaces. The handling of this is dealt with in the data path as follows:

When a pseudowire packet for that FC is received and an instance of the referenced queue-group name exists on that FP, the packet is processed by the policer and will then feed the per-FP ingress shared queues referred to as policer-output-queues.

When a pseudowire packet for that FC is received and an instance of the referenced queue-group name does not exist on that FP, the pseudowire packets will be fed directly into the corresponding ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.

  1. If a network QoS policy is applied to the ingress context of a pseudowire, any pseudowire FC which is not explicitly redirected in the network QoS policy will have the corresponding packets feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  2. If no network QoS policy is applied to the ingress context of the pseudowire, then all packets of the pseudowire will feed:

the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the MDA/FP. This is the default behavior.

a queue-group policer followed by the per-FP ingress shared queues referred to as policer-output-queues if the ingress context of the network IP interface from which the packet is received is redirected to a queue-group (csc-policing). The only exceptions to this behavior are for packets received from a IES/VPRN spoke interface and from an R-VPLS spoke-SDP, which is forwarded to the R-VPLS IP interface. In these two cases, the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the MDA/FP is used.

When a pseudowire is redirected to use a policer queue-group, the classification of the packet for the purpose of FC and profile determination is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the pseudowire. This is true regardless of whether an instance of the named policer queue-group exists on the ingress FP on which the pseudowire packet is received. The user can apply a QoS filter matching the dot1.p in the VLAN tag corresponding to the Ethernet port encapsulation, the EXP in the outer label when the tunnel is an LSP, the DSCP in the IP header if the tunnel encapsulation is GRE, and the DSCP in the payload IP header if the user enabled the ler-use-dscp option and the pseudowire terminates in IES or VPRN service (spoke-interface).

When the policer queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the packet classification is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the network IP interface on which the pseudowire packet is received.

The no version of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535

 

fp- redirect-group queue-group-name
Specifies the name of the queue group template up to 32 characters in length.
ingress-instance instance-id
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 16384

 

vc-label

Syntax 
[no] vc-label ingress-vc-label
Context 
config>service>ies>if>spoke-sdp>ingress
config>service>ies>red-if>spoke-sdp>ingress
Description 

This command configures the static MPLS VC label used by the far-end device to send packets to this device in this service via this SDP.

Parameters 
ingress-vc-label—
A VC ingress value that indicates a specific connection.
Values—
2048 to 18431

 

accounting-policy

Syntax 
accounting-policy acct-policy-id
no accounting-policy
Context 
config>service>ies>if>spoke-sdp
Description 

This command configures an accounting-policy.

Parameters 
acct-policy-id—
Specifies an accounting policy ID.
Values—
1 to 99

 

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>ies>if>spoke-sdp
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
Specifies the application profile name.

bfd-enable

Syntax 
bdf-enable
no bfd-enable
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables VCCV BFD on the PW associated with the VLL, BGP VPWS, or VPLS service. The parameters for the BFD session are derived from the named BFD template, which must have been first configured using the bfd-template command.

bfd-template

Syntax 
bdf-template name
no bfd-template
Context 
config>service>ies>if>spoke-sdp
Description 

This command configures a named BFD template to be used by VCCV BFD on PWs belonging to the VLL, BGP VPWS, or VPLS service. The template specifies parameters, such as the minimum transmit and receive control packet timer intervals, to be used by the BFD session. Template parameters are configured under the config>router>bfd context.

Default 

no bfd-template

Parameters 
name—
A text string name for the template of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.

collect-stats

Syntax 
[no] collect-stats
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables or disables statistics collection.

control-channel-status

Syntax 
[no] control-channel-status
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables the configuration of static pseudowire status signaling on a spoke-SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  1. SDP signaling is off.
  2. The control-word is enabled (the control-word is disabled by default)
  3. The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
  4. Mate SDP signaling is off (in vc-switched services)
  5. The pw-path-id is configured for this spoke-SDP.

The no form of this command removes control channel status signaling from a spoke-SDP. It can only be removed if control channel status is shut down.

Default 

no control-channel-status

acknowledgment

Syntax 
[no] acknowledgment
Context 
config>service>ies>if>spoke-sdp>control-channel-status
Description 

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

refresh-timer

Syntax 
refresh-timer value
no refresh-timer
Context 
config>service>ies>if>spoke-sdp>control-channel-status
Description 

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default 

no refresh-timer

Parameters 
value—
Specifies the refresh timer value.
Values—
10 to 65535 seconds

 

Default—
0 (off)

request-timer

Syntax 
request-timer timer1 retry-timer timer2 timeout-multiplier multiplier
no request-timer
Context 
config>service>ies>if>spoke-sdp>control-channel-status
Description 

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command is mutually exclusive with a non-zero refresh-timer value.

Parameters 
timer1—
Specifies the interval at which pseudowire status messages, including a reliable delivery TLV, with the “request” bit set, are sent.
Values—
10 to 65535 seconds

 

retry-timer timer2
Specifies the timeout interval if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.
Values—
0, 3 to 60 seconds

 

timeout-multiplier multiplier
If a requesting node does not receive a valid response to a pseudowire status request within this multiplier times the retry timer, then it will assume the pseudowire is down. This parameter is optional.
Values—
3 to 20 seconds

 

control-word

Syntax 
[no] control-word
Context 
config>service>ies>if>spoke-sdp
Description 

This command enables/disables the PW control word on spoke-sdps terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke-sdp

It is only valid for MPLS-TP spoke-sdps when used with IES and VPRN services.

Default 

no control-word

2.5.2.11. IES SAP Commands

sap

Syntax 
sap sap-id [create]
no sap sap-id
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command. For the 7750 SR, channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

You can configure an IES interface as a loopback interface by issuing the loopback command instead of the sap sap-id command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed. The no form of this command causes the ptp-hw-assist to be disabled.

Default 

No SAPs are defined.

Special Cases 
IES—
For the 7750 SR, an IES SAP can be defined with Ethernet ports, SONET/SDH or TDM channels. For the 7450 ESS, IES SAP can be defined with Ethernet or SONET/SDH ports. A SAP is defined within the context of an IP routed interface. Each IP interface is limited to a single SAP definition. For the 7750 SR, group interfaces allow more than one SAP. Attempts to create a second SAP on an IP interface fails and generate an error; the original SAP will not be affected.

Command syntax for the 7750 SR: sap ipsec-id.private | public:tag associates an IPSec group SAP with this interface. This is the public side for an IPSec tunnel. Tunnels referencing this IPSec group in the private side may be created if their local IP is in the subnet of the interface subnet and the routing context specified matches with the one of the interface.

This context will provide a SAP to the tunnel. The operator may associate an ingress and egress QoS policies as well as filters and virtual scheduling contexts. Internally this creates an Ethernet SAP that will be used to send and receive encrypted traffic to and from the MDA. Multiple tunnels can be associated with this SAP. The “tag” will be a dot1q value. The operator may see it as an identifier. The range is limited to 1 to 4095.

Parameters 
sap-id—
Specifies the physical port identifier portion of the SAP definition.
port-id—
Specifies the physical port ID.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example, 1/1/1 specifies port 1 on MDA 1 in slot 1.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels (7750 SR), the port ID must include the channel ID. A period “.” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

create—
Keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

aarp

Syntax 
aarp aarpId type type
no aarp
Context 
config>service>ies>if>sap
config>service>ies>if>spoke-sdp
Description 

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of the command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default 

no aarp

Parameters 
aarpId—
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
Values—
1 to 65535

 

type—
Specifies the role of the SAP referenced by the AARP instance.
Values—
dual-homed — The primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.
dual-homed-secondary — One of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

 

anti-spoof

Syntax 
anti-spoof {ip | mac | ip-mac}
no anti-spoof
Context 
config>service>ies>if>sap
Description 

This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the SAP.

The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, ip-mac, nh-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.

The no form of the command disables anti-spoof filtering on the SAP.

Default 

no anti-spoof

Parameters 
ip—
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
mac—
Configures SAP anti-spoof filtering to use only the source MAC address in its lookup. Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a static host exists on the SAP without a specified MAC address, the anti-spoof type mac command fails. The anti-spoof type mac command will also fail if the SAP does not support Ethernet encapsulation.
ip-mac—
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command fails. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command will also fail if the SAP does not support Ethernet encapsulation.

anti-spoof

Syntax 
anti-spoof {ip | ip-mac | nh-mac}
no anti-spoof
Context 
config>service>ies>sub-if>grp-if>sap
Description 

This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the SAP.

The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, ip-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.

The no form of the command reverts to the default.

Default 

anti-spoof ip-mac

Parameters 
ip—
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
ip-mac—
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command fails. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
nh-mac—
Indicates that the ingress anti-spoof is based on the source MAC address and the egress anti-spoof is based on the nh-ip-address.

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
Specifies an existing application profile name configured in the config>app-assure>group>policy context.

ip-tunnel

Syntax 
ip-tunnel name [create]
no ip-tunnel name
Context 
config>service>ies>if>sap
Description 

This command is used to configure an IP-GRE or IP-IP tunnel and associate it with a private tunnel SAP within an IES or VPRN service.

The no form of the command deletes the specified IP/GRE or IP-IP tunnel from the configuration. The tunnel must be administratively shutdown before issuing the no ip-tunnel command.

Default 

no-ip tunnel name

Parameters 
ip-tunnel name
Specifies the name of the IP tunnel. Tunnel names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

lag-link-map-profile

Syntax 
lag-link-map-profile lag-link-map-profile-id
no lag-link-map-profile
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default 

no lag-link-map-profile

Parameters 
lag-link-map-profile-id—
An integer from 1 to 64 that defines a unique lag link map profile on which the LAG the SAP/network interface exist.

lag-per-link-hash

Syntax 
lag-per-link-hash class {1 | 2 | 3} weight weight
no per-link-hash
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores default configuration.

Default 

no lag-per-link-hash (equivalent to weight 1 class 1)

Parameters 
weight—
Specifies the weight.
Values—
1 to 1024

 

multi-service-site

Syntax 
multi-service-site customer-site-name
no multi-service-site customer-site-name
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command creates a new customer site or edits an existing customer site with the customer-site-name parameter. A customer site is an anchor point to create an ingress and egress virtual scheduler hierarchy. On the 7750 SR, when a site is created, it must be assigned to a chassis slot or port. When a site is created, it must be assigned to a chassis slot or port with the exception of the 7450 ESS-1 in which the slot is set to 1. When scheduler policies are defined for ingress and egress, the scheduler names contained in each policy are created according to the parameters defined in the policy. Multi-service customer sites exist for the sole purpose of creating a virtual scheduler hierarchy and making it available to queues on multiple Service Access Points (SAPs).

The scheduler policy association with the customer site normally prevents the scheduler policy from being deleted until after the scheduler policy is removed from the customer site. The multi-service-site object will generate a log message indicating that the association was deleted due to scheduler policy removal.

When the multi-service customer site is created, an ingress and egress scheduler policy association does not exist. This does not prevent the site from being assigned to a chassis slot or prevent service SAP assignment. After the site has been created, the ingress and egress scheduler policy associations can be assigned or removed at any time.

Default 

n/a — Each customer site must be explicitly created.

Parameters 
customer-site-name—
Each customer site must have a unique name within the context of the customer. If customer-site-name already exists for the customer ID, the CLI context changes to that site name for the purpose of editing the site scheduler policies or assignment. Any modifications made to an existing site will affect all SAPs associated with the site. Changing a scheduler policy association may cause new schedulers to be created and existing policers and queues on the SAPs to no longer be orphaned. Existing schedulers on the site may cease to exist, causing policers and queues relying on that scheduler to be orphaned.

If the customer-site-name does not exist, it is assumed that an attempt is being made to create a site of that name in the customer ID context. The success of the command execution depends on the following:

The maximum number of customer sites defined for the chassis has not been met.

The customer-site-name is valid.

The create keyword is included in the command line syntax (if the system requires it).

When the maximum number of customer sites has been exceeded a configuration error occurs; the command will not execute and the CLI context will not change.

If the customer-site-name is invalid, a syntax error occurs; the command will not execute and the CLI context will not change.

Values—
Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

 

static-host

Syntax 
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
no static-host [ip ip-address>] mac ieee-address>
no static-host all [force]
no static-host ip ip-address
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command configures a static host on this SAP.

Parameters 
ip ip-address
Specifies the IPv4 unicast address.
mac ieee-address —
Specify this optional parameter when defining a static host. Every static host definition must have at least one address defined, IP or MAC.
force—
Specifies the forced removal of the static host addresses.
sla-profile sla-profile-name
This optional parameter is used to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

ancp-string

Syntax 
ancp-string ancp-string
no ancp-string
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command specifies the ANCP string associated to this SAP host.

Parameters 
ancp-string—
Specifies the ANCP string up to 63 characters in length.

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command specifies an application profile name.

Parameters 
app-profile-name—
Specifies the application profile name up to 32 characters in length.

inter-dest-id

Syntax 
inter-dest-id intermediate-destination-id
no inter-dest-id
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

Specifies to which intermediate destination (for example, a DSLAM) this host belongs.

Parameters 
intermediate-destination-id—
Specifies the intermediate destination identifier, up to 32 characters in length.

managed-routes

Syntax 
managed-routes
Context 
config>service>ies>sub-if>grp-if>sap>static-host>managed-routes
Description 

This command configures managed routes.

route

Syntax 
route {ip-prefix/length | ip-prefix netmask} [create]
no route {ip-prefix/length | ip-prefix netmask}
Context 
config>service>ies>sub-if>grp-if>sap>static-host>managed-routes
Description 

This command assigns managed-route to a given subscriber-host. As a consequence, a static route pointing subscriber-host ip address as a next hop will be installed in FIB. Up to 16 managed routes per subscriber-host can be configured.

The no form of the command removes the respective route. Per default, there are no managed-routes configured.

sla-profile

Syntax 
sla-profile sla-profile-name
no sla-profile
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

Parameters 
sla-profile-name—
Specifies the SLA profile name.

sub-profile

Syntax 
sub-profile sub-profile-name
no sub-profile
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing subscriber profile name to be associated with the static subscriber host.

Parameters 
sub-profile-name—
Specifies the sub-profile name.

subscriber

Syntax 
subscriber sub-ident
no subscriber
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing subscriber identification profile to be associated with the static subscriber host.

Parameters 
sub-ident—
Specifies the subscriber identification.

subscriber-sap-id

Syntax 
[no] subscriber-sap-id
Context 
config>service>ies>if>sap>static-host
config>service>ies>sub-if>grp-if>sap>static-host
Description 

This command enables using the SAP ID as subscriber id.

Parameters 
subscriber-sap-id—
Specifies to use the sap-id as the subscriber-id.

transit-policy

Syntax 
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
no transit-policy
Context 
config>service>ies>if>sap>
config>service>ies>if>spoke-sdp>
Description 

This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application assurance>group>policy>transit-ip-policy context.

Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.

The no form of the command removes the association of the policy to the service.

Default 

no transit-policy

Parameters 
ip-aasub-policy-id—
Specifies an integer identifying an IP transit IP profile entry.
Values—
1 to 65535

 

prefix-aasub-policy-id—
Specifies an integer identifying a prefix transit profile entry.
Values—
1 to 65535

 

pw-path-id

Syntax 
[no] pw-path-id
Context 
config>service>ies>if>spoke-sdp
config>service>vprn>if>spoke-sdp
Description 

This command enters the context to configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.

For an IES or VPRN spoke-sdp, the pw-path-id is only valid for Ethernet spoke-sdps.

The pw-path-id is only configurable if all of the following is true:

  1. SDP signaling is off
  2. control-word is enabled (control-word is disabled by default)
  3. the service type is epipe, vpls, cpipe, apipe, or IES/VPRN interface
  4. mate SDP signaling is off for vc-switched services

The no form of the command deletes the PW path ID.

Default 

no pw-path-id

agi

Syntax 
agi agi
no agi
Context 
config>service>ies>if>spoke-sdp>pw-path-id
config>service>vprn>if>spoke-sdp>pw-path-id
Description 

This command configures the attachment group identifier for an MPLS-TP PW.

Parameters 
agi—
Specifies the attachment group identifier.
Values—
0 to 4294967295

 

saii-type2

Syntax 
saii-type2 global-id:node-id:ac-id
no saii-type2
Context 
config>service>ies>if>spoke-sdp>pw-path-id
config>service>vprn>if>spoke-sdp>pw-path-id
Description 

This command configures the source individual attachment identifier (SAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke-sdp.

Parameters 
global-id—
Specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP.
Values—
0 to 4294967295

 

node-id—
Specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP.
Values—
a.b.c.d or 0 to 4294967295

 

ac-id—
Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.
Values—
1 to 4294967295

 

taii-type2

Syntax 
taii-type2 global-id:node-id:ac-id
no taii-type2
Context 
config>service>ies>if>spoke-sdp>pw-path-id
config>service>vprn>if>spoke-sdp>pw-path-id
Description 

This command configures the target individual attachment identifier (TAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the saii-type2 of the mate spoke-sdp.

Parameters 
global-id—
Specifies the global ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP.
Values—
0 to 4294967295

 

node-id—
Specifies the node ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP.
Values—
a.b.c.d or 0 to 4294967295

 

ac-id—
Specifies the attachment circuit ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.
Values—
1 to 4294967295

 

dynamic-tunnel-redundant-next-hop

Syntax 
dynamic-tunnel-redundant-next-hop ip-address
no dynamic-tunnel-redundant-next-hop
Context 
config>service>ies>if
Description 

This command specifies redundant next-hop address on public or private IPSec interface (with public or private tunnel-sap) for dynamic IPSec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

Default 

none

Parameters 
ip-address—
Specifies the dynamic ISA tunnel redundant next-hop address.

enable-ingress-stats

Syntax 
[no] enable-ingress-stats
Context 
config>service>ies >interface
config>service>ies>sub-if>grp-if
Description 

This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, then the following statistics are collected:

  1. IPv4 offered packets
  2. IPv4 offered octets
  3. IPv6 offered packets
  4. IPv6 offered octets
  5. Octet statistics for IPv4 and IPv6 bytes at IP interfaces include the layer 2 frame overhead.
Default 

no enable-ingress-stats

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>ies>if>load-balancing
Description 

This command specifies whether to include source address or destination address or both in LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
Specifies using source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port.
destination—
Specifies using destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.
inner-ip—
Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

enable-mac-accounting

Syntax 
[no] enable-mac-accounting
Context 
config>service>ies>if
Description 

This command enables MAC accounting functionality on this interface.

The no form of the command disables MAC accounting functionality on this interface.

flowspec

Syntax 
[no] flowspec
Context 
config>service>vprn>if>sap>ingress
config>service>vprn>if>spoke-sdp>ingress
config>service>ies>if>sap>ingress
config>service>ies>if>spoke-sdp>ingress
Description 

This command enables IPv4 flowspec filtering on an access IP interface associated with a VPRN or IES service. Filtering is based on all of the IPv4 flowspec routes that have been received and accepted by the corresponding BGP instance. Ingress IPv4 traffic on an interface can be filtered by both a user-defined IPv4 filter and flowspec. Evaluation proceeds in this order:

  1. user-defined IPv4 filter entries
  1. flowspec-derived filter entries
  1. user-defined IPv4 filter default-action

The no form of the command removes IPv4 flowspec filtering from an IP interface.

Default 

no flowspec. No access interfaces have IPv4 flowspec enabled.

host-connectivity-verify

Syntax 
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count]
host-connectivity-verify [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count] [family family]
Context 
config>service>ies>if
config>service>ies>sub-if>grp-if
Description 

This command enables subscriber host connectivity verification for all hosts on this interface. This tool will periodically scan all known hosts (from dhcp-state) and perform a UC ARP request. The subscriber host connectivity verification will maintain state (connected vs. not-connected) for all hosts.

Default 

no host-connectivity-verify

Parameters 
source {interface}—
Specifies the source to be used for generation of subscriber host connectivity verification packets. The interface keyword forces the use of the interface mac and ip addresses. There are up to 16 possible subnets on a given interface, therefore subscriber host connectivity verification tool will use always an address of the subnet to which the given host is pertaining. In case of group-interfaces. one of the parent subscriber-interface subnets (depending on host's address) will be used.
interval interval
The interval, in minutes, which specifies the time interval which all known sources should be verified. The actual rate is then dependent on number of known hosts and interval.
Values—
1 to 6000
A zero value can be used by the SNMP agent to disable host-connectivity-verify.

 

action {remove | alarm}—
Defines the action taken on a subscriber host connectivity verification failure for a given host. The remove keyword raises an alarm and removes DHCP state and releases all allocated resources (queues, table entries and so on). DHCP release will be signaled to corresponding DHCP server. Static host will never be removed. The alarm keyword raises an alarm indicating that the host is disconnected.
timeout retry-timeout
Specifies the timeout in seconds between consecutive retries of subscriber host connectivity verification checks, in case the host does not respond.
Values—
10 to 60 seconds

 

retry-count count
Specifies the number of retries that will be carried out before a subscriber host is considered to have failed the SHCV check.
Values—
2 to 29

 

family family
Indicates the IP address family for which subscriber host connectivity verification checks will be enabled. It can be set to ipv4 or ipv6, or both.

source

Syntax 
source ip-address
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the source IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The IPv4 or IPv6 address must belong to the one of the IP subnets associated with the public SAP interface of the tunnel-group. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the source address contains an IPv6 address it must be a global unicast address.

Default 

no source

Parameters 
ip-address—
An IPv4 address or an IPv6 address.

remote-ip

Syntax 
remote-ip ip-address
no remote-ip
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the primary destination IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the remote-ip address contains an IPv6 address it must be a global unicast address.

Default 

no remote-ip

Parameters 
ip-address—
An IPv4 address or an IPv6 address.

backup-remote-ip

Syntax 
backup-remote-ip ip-address
no backup-remote-ip
Context 
config>service>ies>if>sap>ip-tunnel
config>service>ies>if>sap
config>service>vprn>if>sap>ip-tunnel
Description 

This command configures the alternate destination IPv4 or IPv6 address to use for an IP tunnel. This destination address is used only if the primary destination configured with the remote-ip command is unreachable in the delivery service. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the backup-remote-ip address contains an IPv6 address it must be a global unicast address.

Default 

no backup-remote-ip

Parameters 
ip-address—
An IPv4 address or an IPv6 address.

clear-df-bit

Syntax 
[no] clear-df-bit
Context 
config>service>if>ies>sap
config>service>ies>if>sap>ip-tunnel
Description 

This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.

2.5.2.12. SAP Subscriber Management Commands

sub-sla-mgmt

Syntax 
[no] sub-sla-mgmt
Context 
config>service>ies>sub-if>grp-if>sap
Description 

This command enters the context to configure subscriber management parameters for this SAP.

Default 

no sub-sla-mgmt

def-sla-profile

Syntax 
def-sla-profile default-sla-profile-name
no def-sla-profile
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command specifies a default SLA profile for this SAP. The SLA profile must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sla-profile context.

An SLA profile is a named group of QoS parameters used to define per service QoS for all subscriber hosts common to the same subscriber within a provider service offering. A single SLA profile may define the QoS parameters for multiple subscriber hosts. SLA profiles are maintained in two locations, the subscriber identification policy and the subscriber profile templates. After a subscriber host is associated with an SLA profile name, either the subscriber identification policy used to identify the subscriber or the subscriber profile associated with the subscriber host must contain an SLA profile with that name. If both the subscriber identification policy and the subscriber profile contain the SLA profile name, the SLA profile in the subscriber profile is used.

The no form of the command removes the default SLA profile from the SAP configuration.

Default 

no def-sla-profile

Parameters 
default-sla-profile-name—
Specifies a default SLA profile for this SAP. The SLA profile must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sla-profile context.

def-sub-profile

Syntax 
def-sub-profile default-subscriber-profile-name
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command specifies a default subscriber profile for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-profile context.

A subscriber profile defines the aggregate QoS for all hosts within a subscriber context. This is done through the definition of the egress and ingress scheduler policies that govern the aggregate SLA for subscriber using the subscriber profile. Subscriber profiles also allow for specific SLA profile definitions when the default definitions from the subscriber identification policy must be overridden.

The no form of the command removes the default SLA profile from the SAP configuration.

Parameters 
default-sub-profile—
Specifies a default subscriber profile for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-profile context.

sub-ident-policy

Syntax 
sub-ident-policy sub-ident-policy-name
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings. A subscriber identification string uniquely identifies a subscriber. For static hosts, the subscriber identification string is explicitly defined with each static subscriber host.

For dynamic hosts, the subscriber identification string must be derived from the DHCP ACK message sent to the subscriber host. The default value for the string is the content of Option 82 CIRCUIT-ID and REMOTE-ID fields interpreted as an octet string. As an option, the DHCP ACK message may be processed by a subscriber identification policy which has the capability to parse the message into an alternative ASCII or octet string value.

When multiple hosts on the same port are associated with the same subscriber identification string they are considered to be host members of the same subscriber.

The no form of the command removes the default subscriber identification policy from the SAP configuration.

Default 

no sub-ident-policy

Parameters 
sub-ident-policy-name—
Specifies a subscriber identification policy for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscr-mgmt>sub-ident-policy context.

multi-sub-sap

Syntax 
multi-sub-sap [subscriber-limit]
no multi-sub-sap
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command configures the maximum number of subscribers for this SAP.

The no form of this command returns the default value.

Default 

multi-sub-sap 1

Parameters 
subscriber-limit—
Specifies the maximum number of subscribers for this SAP.
Values—
2 to 8000

 

single-sub-parameters

Syntax 
single-sub-parameters
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command enters the context to configure single subscriber parameters for this SAP.

non-sub-traffic

Syntax 
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
no non-sub-traffic
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt>single-sub
Description 

This command configures non-subscriber traffic profiles. It is used in conjunction with the profiled-traffic-only command on single subscriber SAPs and creates a subscriber host which is used to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.

The no form of the command removes the profiles and disables the feature.

Parameters 
sub-profile sub-profile-name
Specifies an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
sla-profile sla-profile-name
Specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.
subscriber sub-ident-string —
Specifies an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured in the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the VPRN SAP arp-reply-agent to determine the proper handling of received ARP requests from subscribers.

For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.

If the static subscriber host’s sub-ident string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.

If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.

If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.

ARP requests are never forwarded back to the same SAP or within the receiving SAP’s split horizon group.

profiled-traffic-only

Syntax 
[no] profiled-traffic-only
Context 
config>service>ies>sub-if>grp-if>sap>sub-sla-mgmt>single-sub
Description 

This command enables profiled traffic only for this SAP. The profiled traffic refers to single subscriber traffic on a dedicated SAP (in the VLAN-per-subscriber model). When enabled, subscriber queues are instantiated through the QOS policy defined in the sla-profile and the associated SAP queues are deleted. This can increase subscriber scaling by reducing the number of queues instantiated per subscriber (in the VLAN-per-subscriber model). In order for this to be achieved, any configured multi-sub-sap limit must be removed (leaving the default of 1).

The no form of the command disables the command.

accounting-policy

Syntax 
accounting-policy acct-policy-id
no accounting-policy
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command creates the accounting policy context that can be applied to a SAP.

An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default 

Default accounting policy.

Parameters 
acct-policy-id—
The accounting policy-id as configured in the config>log>accounting-policy context.
Values—
1 to 99

 

collect-stats

Syntax 
[no] collect-stats
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command enables accounting and statistical data collection for either the SAP, network port, or IP interface. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOMCFM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default 

no collect-stats

bandwidth

Syntax 
bandwidth bandwidth
no bandwidth
Context 
config>service>ies>if>sap
Description 

This command specifies the admin bandwidth assigned to SAPs, ports and LAGs which is used by SAP bandwidth CAC.

SAP: Attempts to increase the SAP admin bandwidth will fail if there is insufficient available admin bandwidth on its port or LAG, otherwise the port or LAG available admin bandwidth will be reduced by the incremental SAP admin bandwidth. Reducing the SAP admin bandwidth will increase the available admin bandwidth on its port or LAG. This is not supported for PW-SAPs, Ethernet tunnels or subscriber group interface SAPs.

The no version of the command reverts to the default value.

Default 

no bandwidth

Parameters 
bandwidth—
Specifies the admin bandwidth assigned to the SAP, port or LAG, in kb/s.
Values—
1 to 3200000000

 

calling-station-id

Syntax 
calling-station-id calling-station-id
no calling-station-id
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages. The value inserted is set at the SAP level. If no value is set at the SAP level, an empty string is included.

Default 

This attribute is not sent by default.

cpu-protection

Syntax 
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
no cpu-protection
Context 
config>service>ies>if>sap
Description 

This command assigns an existing CPU protection policy to the associated service group interface SAP, interface or MSAP policy. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a service group interface SAP, then a the default policy is used to limit the overall-rate.

The no version of this command returns the interface/SAP to the default policies.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

no cpu-protection (for video-interfaces)

Parameters 
policy-id—
Specifies an existing CPU protection policy
Values—
1 to 255

 

mac-monitoring—
When specified, the per MAC rate limiting should be performed, using the per-source-rate from the associated cpu-protection policy

default-host

Syntax 
default-host ip-address/mask next-hop next-hop-ip
no default-host ip-address/mask
Context 
config>service>ies>sub-if>grp-if>sap
Description 

This command configures the default-host to be used. More than one default-host can be configured per SAP.

The no form of the command removes the values from the configuration.

Parameters 
ip-address/mask—
Assigns an IP address/IP subnet format to the interface
next-hop next-hop-ip
Assigns the next hop IP address

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>ies>sub-if>grp-if>sap
config>service>ies>if>sap
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid DCP policy can be assigned to a SAP or a network interface. This rule does not apply to templates such as an msap-policy.

Default 

If no dist-cpu-protection policy is assigned to an SAP, then the default access DCP policy (default-access-policy) is used. If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP policy.

Parameters 
policy-name—
Specifies the name of the DCP policy up to 32 characters in length

2.5.2.13. ETH-CFM Service Commands

eth-cfm

Syntax 
eth-cfm
Context 
config>service>ies>
config>service>ies>sub-if>grp-if>sap
config>service>ies>if>sap
config>service>ies>if>spoke-sdp
Description 

This command enters the context to configure ETH-CFM parameters.

collect-lmm-stats

Syntax 
collect-lmm-stats
no collect-lmm-stats
Context 
config>service>ies>if>sap>eth-cfm
config>service>ies>if>spoke-sdp>eth-cfm
config>service>ies>sub-if>grp-if>sap>eth-cfm
Description 

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display which entities are collecting stats.

The no form of the command disables and deletes the counters for this SAP or MPLS SDP binding.

Default 

no collect-lmm-stats

collect-lmm-fc-stats

Syntax 
collect-lmm-fc-stats
Context 
config>service>ies>if>sap>eth-cfm
config>service>ies>if>spoke-sdp>eth-cfm
config>service>ies>sub-if>grp-if>sap>eth-cfm
Description 

This command enters the context to configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

fc

Syntax 
fc fc-name [fc-name]
no fc
Context 
config>service>ies>if>sap>eth-cfm>collect-lmm-fc-stats
config>service>ies>if>spoke-sdp>eth-cfm>collect-lmm-fc-stats
config>service>ies>sub-if>grp-if>sap>eth-cfm>collect-lmm-fc-stats
Description 

This command creates individual counters for the specified FCs without regard for profile. All countable packets that match a configured FC, regardless of profile, will be included in this counter.

A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.

An FC that is specified as part of this command for this specific context cannot be specified as a profile-aware FC using the fc-in-profile command under the same context.

The no form of the command removes all previously defined FCs and stops counting for those FCs.

Default 

no fc

Parameters 
fc-name—
Specifies the name of the FC for which to create an individual profile-unaware counter. Up to eight FCs may be specified. In order for the counter to be used, the config>oam-pm>session>ethernet>priority command must be configured with a numerical value representing the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE), and the config>oam-pm>session>ethernet>lmm>enable-fc-collection command must be enabled.
Values—
nc, h1, ef, h2, l1, af, l2, be

 

fc-in-profile

Syntax 
fc-in-profile fc-name [fc-name]
no fc-in-profile
Context 
config>service>ies>if>sap>eth-cfm>collect-lmm-fc-stats
config>service>ies>if>spoke-sdp>eth-cfm>collect-lmm-fc-stats
config>service>ies>sub-if>grp-if>sap>eth-cfm>collect-lmm-fc-stats
Description 

This command creates individual counters for the specified FCs with regard for profile. All countable packets that match a configured FC and are deemed to be in profile will be included in this counter.

A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.

An FC that is specified as part of this command for this specific context cannot be specified as a profile-unaware FC using the fc command under the same context.

The no form of the command removes all previously defined FCs and stops counting for those FCs.

Default 

no fc-in-profile

Parameters 
fc-name—
Specifies the name of the FC for which to create an individual profile-aware counter. Up to eight FCs may be specified. In order for the counter to be used, the config>oam-pm>session>ethernet>priority command must be configured with a numerical value representing the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE), and the config>oam-pm>session>ethernet>lmm>enable-fc-collection command must be enabled.
Values—
nc, h1, ef, h2, l1, af, l2, be

 

mep

Syntax 
mep mep-id domain md-index association ma-index [direction {up | down}]
no mep mep-id domain md-index association ma-index
Context 
config>service>ies>if>sap>eth-cfm
config>service>ies>if>spoke-sdp>eth-cfm
config>service>ies>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the ETH-CFM maintenance endpoint (MEP).

Parameters 
mep-id—
Specifies the maintenance association end point identifier.
Values—
1 to 8191

 

md-index—
Specifies the maintenance domain (MD) index value.
Values—
1 to 4294967295

 

ma-index—
Specifies the MA index value.
Values—
1 to 4294967295

 

direction up | down—
The direction in which the maintenance association (MEP) faces on the bridge port. Direction UP is not applicable to IES MEPs.

down — Sends ETH-CFM messages away from the MAC relay entity.

up — Sends ETH-CFM messages towards the MAC relay entity.

ais-enable

Syntax 
[no] ais-enable
Context 
config>service>ies>if>spoke-sdp>eth-cfm
Description 

This command configures the reception of Alarm Indication Signal (AIS) message.

interface-support-enable

Syntax 
[no] interface-support-enable
Context 
config>service>ies>sap>eth-cfm>mep>ais-enable
config>service>ies>spoke-sdp>eth-cfm>mep>ais-enable
Description 

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non-operational state of the entity or on any CCM defect condition. AIS generation will cease if BOTH operational state is UP and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.

Default 

no interface-support-enable (AIS will not be generated or stopped based on the state of the entity on which the DOWN MEP is configured).

ccm-enable

Syntax 
[no] ccm-enable
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

ccm-ltm-priority

Syntax 
ccm-ltm-priority priority
no ccm-ltm-priority
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

Default 

The highest priority on the bridge-port.

Parameters 
priority—
Specifies the priority of CCM and LTM messages.
Values—
0 to 7

 

ccm-padding-size

Syntax 
[no] ccm-padding-size ccm-padding
Context 
config>service>ies>if>spoke-sdp>eth-cfm>mep
Description 

Set the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default 

ccm-padding-size

Parameters 
ccm-padding—
Specifies the byte size of the Optional Data TLV.
Values—
3 to 1500

 

eth-test-enable

Syntax 
[no] eth-test-enable
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

For ETH-test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test then can be done using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

test-pattern

Syntax 
test-pattern {all-zeros | all-ones} [crc-enable]
no test-pattern
Context 
config>service>ies>if>sap>eth-cfm>mep>eth-test-enable
config>service>ies>if>spoke-sdp>eth-cfm>mep>eth-test-enable
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>eth-test-enable
Description 

This command configures the test pattern for eth-test frames.

The no form of the command removes the values from the configuration.

Parameters 
all-zeros —
Specifies to use all zeros in the test pattern.
all-ones—
Specifies to use all ones in the test pattern.
crc-enable—
Generates a CRC checksum.
Default—
all-zeros

fault-propagation-enable

Syntax 
fault-propagation-enable {use-if-tlv | suspend-ccm}
no fault-propagation-enable
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command configures the fault propagation for the MEP.

Parameters 
use-if-tlv—
Specifies to use the interface TLV.
suspend-ccm—
Specifies to suspend the continuity check messages.

grace

Syntax 
grace
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command enters the context to configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

eth-ed

Syntax 
eth-ed
Context 
config>service>ies>if>sap>eth-cfm>mep>grace
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace
Description 

This command enters the context to configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

max-rx-defect-window

Syntax 
max-rx-defect-window seconds
no max-rx-defect-window
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command limits the duration of the received ETH-ED expected defect window to the lower value of either the received value from the peer or this parameter.

The no form of the command removes the limitation, and any valid defect window value received from a peer MEP in the ETH-ED PDU will be used.

Default 

no max-rx-defect-window

Parameters 
seconds—
Specifies the duration, in seconds, of the maximum expected defect window
Values—
1 to 86400

 

priority

Syntax 
priority priority
no priority
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of the command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default 

no priority

Parameters 
priority—
Specifies the priority bit.
Values—
0 to 7

 

rx-eth-ed

Syntax 
[no] rx-eth-ed
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command enables the reception and processing of the ITU-T Y.1731 ETH-ED PDU on the MEP.

The no form of the command disables the reception of the ITU-T Y.1731 ETH-ED PDU on the MEP.

Default 

rx-eth-ed

tx-eth-ed

Syntax 
[no] tx-eth-ed
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command enables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP when a system soft reset notification is received for one or more cards.

The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.

The no form of the command disables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP.

Default 

no tx-eth-ed

eth-vsm-grace

Syntax 
eth-vsm-grace
Context 
config>service>ies>if>sap>eth-cfm>mep>grace
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace
Description 

This command enters the context to configure Nokia ETH-CFM Grace functional parameters.

rx-eth-vsm-grace

Syntax 
[no] rx-eth-vsm-grace
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-vsm-grace
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-vsm-grace
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-vsm-grace
Description 

This command enables the reception and processing of the Nokia ETH-CFM Grace PDU on the MEP.

The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.

The no form of the command disables the reception of the Nokia ETH-CFM Grace PDU on the MEP.

Default 

rx-eth-vsm-grace

tx-eth-vsm-grace

Syntax 
[no] tx-eth-vsm-grace
Context 
config>service>ies>if>sap>eth-cfm>mep>grace>eth-vsm-grace
config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-vsm-grace
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-vsm-grace
Description 

This command enables the transmission of the Nokia ETH-CFM Grace PDU from the MEP when a system soft reset notification is received for one or more cards.

The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.

The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.

The no form of the command disables the transmission of the Nokia ETH-CFM Grace PDU from the MEP.

Default 

tx-eth-vsm-grace

low-priority-defect

Syntax 
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
Context 
config>service>ies>if>sap>eth-cfm>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
config>service>ies>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command specifies the lowest priority defect that is allowed to generate a fault alarm.

Default 

low-priority-defect macRemErrXcon

Parameters 
low-priority-defect—
The following values are used to specify the lowest priority defect that is allowed to generate a fault alarm.
Values—

allDef

DefRDICCM, DefMACstatus, DefRemoteCCM, efErrorCCM, and DefXconCCM

macRemErrXcon

only DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM

remErrXcon

only DefRemoteCCM, DefErrorCCM, and DefXconCCM

errXcon

only DefErrorCCM and DefXconCCM

xcon

only DefXconCCM; or

noXcon

no defects DefXcon or lower are to be reported

 

squelch-ingress-levels

Syntax 
squelch-ingress-levels [md-level [md-level…]]
no squelch-ingress-levels
Context 
config>service>ies>if>sap>eth-cfm
config>service>ies>if>spoke-sdp>eth-cfm
config>service>ies>sub-if>grp-if>sap>eth-cfm
Description 

This command defines the levels of the ETH-CFM PDUs that will silently be discarded on ingress into the SAP or SDP Binding from the wire. All ETH-CFM PDUs inbound to the SAP or SDP binding will be dropped that match the configured levels without regard for any other ETH-CFM criteria. No statistical information or drop count will be available for any ETH-PDU that is silently discarded by this option. The operator must configure a complete contiguous list of md-levels up to the highest level that will be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first.

The no form of the command removes the silent discarding of previously matching ETH-CFM PDUs.

Default 

no squelch-ingress-levels

Parameters 
md-level—
Identifies the level.
Values—
0 to 7

 

tunnel-fault

Syntax 
tunnel-fault {accept | ignore}
Context 
config>service>ies>eth-cfm
config>service>ies>if>sap>eth-cfm
config>service>ies>sub-if>grp-if>sap>eth-cfm
Description 

Allows the individual service SAPs to react to changes in the tunnel MEP state. When tunnel-fault accept is configured at the service level, the SAP will react according to the service type, Epipe will set the operational flag and VPLS, IES and VPRN SAP operational state will become down on failure or up on clear. This command triggers the OAM mapping functions to mate SAPs and bindings in an Epipe service as well as setting the operational flag. If AIS generation is the requirement for the Epipe services this command is not required. See the ais-enable command in the epipe>sap>eth-cfm context for more information. This works in conjunction with the tunnel-fault accept on the individual SAPs. Both must be set to accept to react to the tunnel MEP state. By default the service level command is ignore and the sap level command is accept. This means simply changing the service level command to accept enables the feature for all SAPs. This is not required for Epipe services that only wish to generate AIS on failure.

Default 

tunnel-fault ignore (Service Level)

tunnel-fault accept (SAP Level for Epipe and VPLS)

Parameters 
accept—
Share fate with the facility tunnel MEP.
ignore—
Do not share fate with the facility tunnel MEP.

one-way-delay-threshold

Syntax 
one-way-delay-threshold time
Context 
config>service>ies>if>sap>mep
config>service>ies>if>spoke-sdp>eth-cfm>mep
Description 

This command enables one way delay threshold time limit.

Default 

3 seconds

Parameters 
priority—
Specifies the value for the threshold.
Values—
0 to 600

 

2.5.2.14. IES Filter and QoS Policy Commands

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
no filter [ip ip-filter-id]
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
config>service>ies>red-if>egress
config>service>ies>red-if>ingress
config>service>ies>red-if>egress
config>service>ies>red-if>ingress
config>service>ies>sub-if>grp-if>sap>egress
config>service>ies>sub-if>grp-if>sap>ingress
Description 

This command associates a filter policy with an ingress or egress Service Access Point (SAP). Filter policies control the forwarding and dropping of packets based on the matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id or ipv6-filter-id (7750 SR) with an ingress or egress SAP. The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to the match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Special Cases 
IES—
Only IP filters are supported on an IES IP interface, and the filters only apply to routed traffic.
Parameters 
ip—
indicates the filter policy is an IP filter.
ip-filter-id—
Specifies the ID for the IP filter policy. Allowed values are an integer in the range of 1 and 65535 that corresponds to a previously created IP filter policy in the config>filter>ip-filter context.

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter
Context 
config>service>ies>if>spoke-sdp>egress
config>service>ies>if>spoke-sdp>ingress
Description 

This command associates an IP filter policy filter policy with an ingress or egress spoke SDP.

Filter policies control the forwarding and dropping of packets based on matching criteria.

MAC filters are only allowed on Epipe and Virtual Private LAN Service (VPLS) SAPs.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress spoke SDP. The ip-filter-id must already be defined in the config>filter context before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs or spoke SDPs (ingress or egress) apply to all packets on the SAP or spoke SDPs. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Special Cases 
IES—
Only IP filters are supported on IES IP interfaces, and the filters only apply to routed traffic.
Parameters 
ip—
Keyword indicating the filter policy is an IP filter.
ip-filter-id—
The filter name acts as the ID for the IP filter policy. Allowed values are an integer in the range of 1 and 65535 that corresponds to a previously created IP filter policy. The filter ID must already exist within the created IP filters.

egress

Syntax 
egress
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command enters the context to apply egress policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

ingress

Syntax 
ingress
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command enters the context to apply ingress policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

hsmda-queue-override

Syntax 
[no] hsmda-queue-override
Context 
config>service>ies>if>sap>egress
config>service>vprn>if>sap>egress
Description 

This command configures HSMDA egress and ingress queue overrides.

packet-byte-offset

Syntax 
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context 
config>service>ies>if>sap>egress>hsmda-queue-over
Description 

This command adds or subtracts the specified number of bytes to the accounting function for each packet handled by the HSMDA queue. Normally, the accounting and leaky bucket functions are based on the Ethernet DLC header, payload and the 4-byte CRC (everything except the preamble and inter-frame gap). For example, this command can be used to add the frame encapsulation overhead (20 bytes) to the queues accounting functions.

The accounting functions affected include:

  1. Offered High Priority / In-Profile Octet Counter
  2. Offered Low Priority / Out-of-Profile Octet Counter
  3. Discarded High Priority / In-Profile Octet Counter
  4. Discarded Low Priority / Out-of-Profile Octet Counter
  5. Forwarded In-Profile Octet Counter
  6. Forwarded Out-of-Profile Octet Counter
  7. Peak Information Rate (PIR) Leaky Bucket Updates
  8. Committed Information Rate (CIR) Leaky Bucket Updates
  9. Queue Group Aggregate Rate Limit Leaky Bucket Updates

The secondary shaper leaky bucket, scheduler priority level leaky bucket and the port maximum rate updates are not affected by the configured packet-byte-offset. Each of these accounting functions are frame based and always include the preamble, DLC header, payload and the CRC regardless of the configured byte offset.

The packet-byte-offset command accepts either add or subtract as valid keywords which define whether bytes are being added or removed from each packet traversing the queue. Up to 20 bytes may be added to the packet and up to 43 bytes may be removed from the packet. An example use case for subtracting bytes from each packet is an IP based accounting function. Given a Dot1Q encapsulation, the command packet-byte-offset subtract 14 would remove the DLC header and the Dot1Q header from the size of each packet for accounting functions only. The 14 bytes are not actually removed from the packet, only the accounting size of the packet is affected.

As mentioned above, the variable accounting size offered by the packet-byte-offset command is targeted at the queue and queue group level. When the queue group represents the last-mile bandwidth constraints for a subscriber, the offset allows the HSMDA queue group to provide an accurate accounting to prevent overrun and underrun conditions for the subscriber. The accounting size of the packet is ignored by the secondary shapers, the scheduling priority level shapers and the scheduler maximum rate. The actual on-the-wire frame size is used for these functions to allow an accurate representation of the behavior of the subscriber’s packets on an Ethernet aggregation network.

The packet-byte-offset value can be overridden for the HSMDA queue at the SAP or subscriber profile level.

The no form of the command removes any accounting size changes to packets handled by the queue. The command does not affect overrides that may exist on SAPs or subscriber profiles associated with the queue.

Parameters 
add add-bytes
The add keyword is mutually exclusive with the subtract keyword. Either the add or subtract keyword must be specified. The add keyword is used to indicate that the following byte value should be added to the packet for queue and queue group level accounting functions. The corresponding byte value must be specified when executing the packet-byte-offset command.
Values—
0 to 31

 

subtract sub-bytes
The subtract keyword is mutually exclusive with the add keyword. Either the add or subtract keyword must be specified. The subtract keyword is used to indicate that the following byte value should be subtracted from the packet for queue and queue group level accounting functions. The corresponding byte value must be specified when executing the packet-byte-offset command.
Values—
1 to 64

 

queue

Syntax 
queue queue-id [create]
no queue queue-id
Context 
config>service>ies>if>sap>egress>hsmda-queue-over
Description 

This command, within the QoS policy hsmda-queue context, is a container for the configuration parameters controlling the behavior of an HSMDA queue. Unlike the standard QoS policy queue command, this command is not used to actually create or dynamically assign the queue to the object which the policy is applied. The queue identified by queue-id always exists on the SAP or subscriber context whether the command is executed or not. In the case of HSMDA SAPs and subscribers, all eight queues exist at the moment the system allocates an HSMDA queue group to the object (both ingress and egress).

Best-Effort, Expedited and Auto-Expedite Queue Behavior Based on Queue-ID

With standard service queues, the scheduling behavior relative to other queues is based on two items, the queues Best-Effort or Expedited nature and the dynamic rate of the queue relative to the defined CIR. HSMDA queues are handled differently. The create time auto-expedite and explicit expedite and best-effort qualifiers have been eliminated and instead the scheduling behavior is based solely on the queues identifier. Queues with a queue-id equal to 1 are placed in scheduling class 1. Queues with queue-id 2 are placed in scheduling class 2. And so on up to scheduling class 8. Each scheduling class is either mapped directly to a strict scheduling priority level based on the class ID, or the class may be placed into a weighted scheduling class group providing byte fair weighted round robin scheduling between the members of the group. Two weighted groups are supported and each may contain up to three consecutive scheduling classes. The weighed group assumes its highest member classes inherent strict scheduling level for scheduling purposes. Strict priority level 8 has the highest priority; strict level 1 has the lowest priority. When grouping of scheduling classes is defined, some of the strict levels will not be in use.

Single Type of HSMDA Queues

Another difference between HSMDA queues and standard service queues is the lack of Multipoint queues. At ingress, an HSMDA SAP or subscriber does not require Multipoint queues since all forwarding types (broadcast, multicast, unicast and unknown) forward to a single destination ñ the ingress forwarding plane on the IOM. Instead of a possible eight queues per forwarding type (for a total of up to 32) within the SAP ingress QoS policy, the hsmda-queues node supports a maximum of eight queues.

Every HSMDA Queue Supports Profile Mode Implicitly

Unlike standard service queues, the HSMDA queues do not need to be placed into the special mode profile at create time in order to support ingress color aware policing. Each queue may handle in-profile, out-of-profile and profile undefined packets simultaneously. As with standard queues, the explicit profile of a packet is dependent on the ingress sub-forwarding class to which the packet is mapped.

The no form of the command restores the defined queue-id to its default parameters. All HSMDA queues having the queue-id and associated with the QoS policy are re-initialized to default parameters.

Parameters 
queue-id—
Specifies the HSMDA queue to use for packets in this forwarding class. This mapping is used when the SAP is on a HSMDA MDA.
Values—
1 to 8

 

rate

Syntax 
rate pir-rate
no rate
Context 
config>service>ies>if>sap>egress>hsmda-queue-over>queue
Description 

This command specifies the administrative PIR by the user.

Parameters 
pir-rate —
Configures the administrative PIR specified by the user.
Values—
1 to 40000000, max

 

slope-policy

Syntax 
slope-policy hsmda-slope-policy-name
no slope-policy
Context 
config>service>ies>if>sap>egress>hsmda-queue-over
Description 

This command assigns an HSMDA slope policy to the SAP. The policy may be assigned to an ingress or egress HSMDA queue. The policy contains the Maximum Buffer Size (MBS) that will be applied to the queue and the high and low priority RED slope definitions. The function of the MBS and RED slopes is to provide congestion control for an HSMDA queue. The MBS parameter defines the maximum depth a queue may reach when accepting packets. The low and high priority RED slopes provides for random early detection of congestion and slope based discards based on queue depth.

An HSMDA slope policy can be applied to queues defined in the SAP ingress and SAP egress QoS policy HSMDA queues context. Once an HSMDA slope policy is applied to a SAP QoS policy queue, it cannot be deleted. Any edits to the policy are updated to all HSMDA queues indirectly associated with the policy.

Default HSMDA Slope Policy

An HSMDA slope policy named default always exists on the system and does not need to be created. The default policy is automatically applied to all HSMDA queues unless another HSMDA slope policy is specified for the queue. The default policy cannot be modified or deleted. Attempting to execute the no hsmda-slope-policy default command results in an error.

The no form of the command removes the specified HSMDA slope policy from the configuration. If the HSMDA slope policy is currently associated with an HSMDA queue, the command fails.

Parameters 
hsmda-slope-policy-name—
Specifies a HSMDA slope policy up to 32 characters in length. The HSMDA slope policy must be exist prior to applying the policy name to an HSMDA queue.

wrr-weight

Syntax 
wrr-weight value
no wrr-weight
Context 
config>service>ies>if>sap>egress>hsmda-queue-override>queue
Description 

This command assigns the weight value to the HSMDA queue.

The no form of the command returns the weight value for the queue to the default value.

Parameters 
percentage
Specifies the weight for the HSMDA queue.
Values—
1 to 32

 

wrr-policy

Syntax 
wrr-policy hsmda-wrr-policy-name
no wrr-policy
Context 
config>service>ies>if>sap>egress>hsmda-queue-override
Description 

This command associates an existing HSMDA weighted-round-robin (WRR) scheduling loop policy to the HSMDA queue.

Parameters 
hsmda-wrr-policy-name
Specifies the existing HSMDA WRR policy name to associate to the queue.

secondary-shaper

Syntax 
secondary-shaper secondary-shaper-name
no secondary-shaper
Context 
config>service>ies>if>sap>egress>hsmda-queue-override
Description 

This command configures an HSMDA egress secondary shaper.

Parameters 
secondary-shaper-name—
Specifies a secondary shaper name up to 32 characters in length.

policer-override

Syntax 
[no] policer-override
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of the command is used to remove any existing policer overrides.

Default 

no policer-override

policer

Syntax 
policer policer-id [create]
no policer policer-id
Context 
config>service>ies>if>sap>egress>policer-override
config>service>ies>if>sap>ingress>policer-override
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of the command is used to remove any existing overrides for the specified policer-id.

Parameters 
policer-id—
This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
create—
The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.

match-qinq-dot1p

Syntax 
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context 
config>service>ies>if>sap>ingress
config>service>ies>sub-if>grp-if>sap>ingress
Description 

This command specifies which Dot1Q tag position Dot1P bits in a QinQ encapsulated packet should be used to evaluate Dot1P QoS classification.

The match-qinq-dot1p command allows the top or bottom PBits to be used when evaluating the applied sap-ingress QoS policy’s Dot1P entries. The top and bottom keywords specify which position should be evaluated for QinQ encapsulated packets.

The no form of the command restores the default dot1p evaluation behavior for the SAP.

By default, the bottom most service delineating Dot1Q tags Dot1P bits are used. Table 8 defines the default behavior for Dot1P evaluation when the match-qinq-dot1p command is not executed.

Table 8:  Default QinQ and TopQ SAP Dot1P Evaluation  

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Default 

no match-qinq-dot1p — no filtering based on p-bits

top or bottom must be specified to override the default QinQ dot1p behavior.

Parameters 
top—
The top parameter is mutually exclusive to the bottom parameter. When the top parameter is specified, the top most PBits are used (if existing) to match any dot1p dot1p-value entries. Table 9 defines the dot1p evaluation behavior when the top parameter is specified.
Table 9:  Top Position QinQ and TopQ SAP Dot1P Evaluation  

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / QinQ

TopQ BottomQ

TopQ PBits

bottom—
The bottom parameter is mutually exclusive to the top parameter. When the bottom parameter is specified, the bottom most PBits are used (if existing) to match any dot1p dot1p-value entries. Table 10 defines the dot1p evaluation behavior when the bottom parameter is specified.
Table 10:  Bottom Position QinQ and TopQ SAP Dot1P Evaluation  

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

BottomQ PBits

null

TopQ (no BottomQ)

TopQ PBits

Dot1Q

none (default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

BottomQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Table 11:  Default Dot1P Explicit Marking Actions  

Egress SAP Type

Ingress Packet Preserved Dot1P State

Marked (or Remarked) PBits

null

no preserved Dot1P bits

none

null

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

Dot1Q

no preserved Dot1P bits

new PBits marked using dot1p-value

Dot1Q

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

TopQ

no preserved Dot1P bits

TopQ PBits marked using dot1p-value

TopQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits marked using dot1p-value, BottomQ PBits preserved

QinQ

no preserved Dot1P bits

TopQ PBits and BottomQ PBits marked using dot1p-value

QinQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits and BottomQ PBits marked using dot1p-value

Table 12:  QinQ Mark Top Only Explicit Marking Actions 

Egress SAP Type

Ingress Packet Preserved Dot1P State

Marked (or Remarked) PBits

null

no preserved Dot1P bits

none

null

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

Dot1Q

no preserved Dot1P bits

new PBits marked using dot1p-value

Dot1Q

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

TopQ

no preserved Dot1P bits

TopQ PBits marked using dot1p-value

TopQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits marked using dot1p-value, BottomQ PBits preserved

QinQ

no preserved Dot1P bits

TopQ PBits marked using dot1p-value, BottomQ PBits marked with zero

QinQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits marked using dot1p-value, BottomQ PBits marked using preserved value

The QinQ and TopQ SAP PBit/DEI bit marking follows the default behavior defined in Table 11 and Table 12 when qinq-mark-top-only is not specified.

The dot1p dot1p-value command must be configured without the qinq-mark-top-only parameter to remove the TopQ PBits only marking restriction.

agg-rate

Syntax 
[no] agg-rate
Context 
config>service>ies>if>sap>egress
config>service>ies>sub-if>grp-if>sap>egress
Description 

This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.

rate

Syntax 
rate {max | rate}
no rate
Context 
config>service>ies>if>sap>egress>agg-rate
config>service>ies>sub-if>grp-if>sap>egress>agg-rate
Description 

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, Vport and so on).

limit-unused-bandwidth

Syntax 
[no] limit-unused-bandwidth
Context 
config>service>ies>if>sap>egress>agg-rate
config>service>ies>sub-if>grp-if>sap>egress>agg-rate
Description 

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

queue-frame-based-accounting

Syntax 
[no] queue-frame-based-accounting
Context 
config>service>ies>if>sap>egress>agg-rate
config>service>ies>sub-if>grp-if>sap>egress>agg-rate
Description 

This command is used to enabled (or disable) frame based accounting on all policers and queues associated with the agg-rate context. Only supported on Ethernet ports. Not supported on HSMDA Ethernet ports. Packet byte offset settings are not included in the applied rate when queue frame-based accounting is configured, but the offsets are applied to the statistics.

policer-control-policy

Syntax 
policer-control-policy policy-name
no policer-control-policy
Context 
config>service>ies>sub-if>grp-if>sap>egress
Description 

This command is used to specify a policer control policy to apply to SAP egress.

Default 

N/A

Parameters 
policy-name—
Specifies the name of a policer control policy. 32 characters maximum.

qinq-mark-top-only

Syntax 
[no] qinq-mark-top-only
Context 
config>service>ies>if>sap>egress
Description 

When enabled (the encapsulation type of the access port where this SAP is defined as qinq), the qinq-mark-top-only command specifies which P-bits/DEI bit to mark during packet egress. When disabled, both set of P-bits/DEI bit are marked. When the enabled, only the P-bits/DEI bit in the top Q-tag are marked.

Default 

no qinq-mark-top-only

qos

Syntax 
qos policy-id [port-redirect-group queue-group-name instance instance-id]
no qos
Context 
config>service>ies>if>sap>egress
config>service>ies>sub-if>grp-if>sap>egress
Description 

This command associates a Quality of Service (QoS) policy with an egress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a given type will return an error.

When an ingress QoS policy is defined on IES ingress IP interface that is bound to a VPLS, the policy becomes associated with every SAP on the VPLS and augments the QoS policy that is defined on each SAP. Packets that are bridged will be processed using the policy defined on the VPLS SAP; packets that are routed will be processed using the policy defined in the IES IP interface-binding context.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Default 

n/a

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.

1 to 65535

port-redirect-group—
This keyword associates a SAP egress with an instance of a named queue group template on the egress port of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command.
queue-group-name
Specifies the name of the egress port queue group of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid egress queue group, created under config>port>ethernet>access>egress.
instance instance-id
Specifies the instance of the named egress port queue group on the IOM/IMM/XMA.
Values—
1 to 40960

 

Default—
1

qos

Syntax 
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name] [instance instance-id]
no qos
Context 
config>service>ies>if>sap>ingress
config>service>ies>sub-if>grp-if>sap>ingress
Description 

This command associates a Quality of Service (QoS) policy with an ingress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy- id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP or IP interface at one time. Attempts to associate a second QoS policy of a given type will return an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

The no form of this command removes the QoS policy association from the SAP or IP interface, and the QoS policy reverts to the default.

Default 

n/a

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.

1 to 65535

shared-queuing—
Specifies the ingress shared queue policy used by this SAP. When the value of this object is null it means that the SAP will use individual ingress QoS queues instead of the shared ones.
multipoint-shared—
This keyword specifies that this queue-id is for multipoint forwarded traffic only. This queue-id can only be explicitly mapped to the forwarding class multicast, broadcast, or unknown unicast ingress traffic. Attempting to map forwarding class unicast traffic to a multipoint queue generates an error; no changes are made to the current unicast traffic queue mapping.

A queue must be created as multipoint. The multipoint designator cannot be defined after the queue is created. If an attempt is made to modify the command to include the multipoint keyword, an error is generated and the command will not execute.

The multipoint keyword can be entered in the command line on a preexisting multipoint queue to edit queue-id parameters.

Default—
Present (the queue is created as non-multipoint).
Values—
Multipoint or not present.

 

fp-redirect-group—
Creates an instance of a named queue group template on the ingress forwarding plane of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command. The named queue group template can contain only policers. If it contains queues, then the command fails.
queue-group-name
Specifies the name of the queue group template to be instantiated on the forwarding plane of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid ingress queue group template name, configured under config>qos>queue-group-templates.
instance-id
specifies the instance of the named queue group to be created on the IOM/IMM/XMA ingress forwarding plane.

queue-group-redirect-list

Syntax 
queue-group-redirect-list redirect-list-name
no queue-group-redirect-list
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command applies a queue group redirect list to the ingress or egress of an interface SAP within an IES or VPRN service. The redirect list is used to redirect traffic to different instances of the default queue group.This command requires the prior configuration of a default queue group instance, this being the queue group instance specified with the QoS policy under the SAP ingress or egress.

The no version of this command removes the queue group redirect list from the SAP.

Parameters 
redirect-list-name —
Specifies the name of the queue group redirect list up to 32 characters in length.

queue-override

Syntax 
[no] queue-override
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
config>service>ies>sub-if>grp-if>sap>egress
Description 

This command enters the context to configure override values for the specified SAP egress QoS queue. These values override the corresponding ones specified in the associated SAP egress or ingress QoS policy.

hs-secondary-shaper

Syntax 
hs-secondary-shaper policy-name
no hs-secondary-shaper
Context 
config>service>ies>if>sap>egress>queue-override
Description 

This command configures the HS secondary shaper to be used to apply an aggregate rate and per-scheduling class rates to the SAP egress HSQ queue group.

The no form of the command removes the HS secondary shaper override from the configuration returning the SAP egress HSQ queue group to the default HS secondary shaper on that port.

Parameters 
policy-name—
Specifies the secondary shaper name, up to 32 characters.

hs-wrr-group

Syntax 
hs-wrr-group group-id [create]
hs-wrr-group group-id
Context 
config>service>ies>if>sap>egress>queue-override
Description 

This command configures the egress HS WRR group override parameters.

The no form of the command removes the group ID from the configuration.

Parameters 
group-id—
Specifies the HS WRR group ID to override.
Values—
1, 2

 

class-weight

Syntax 
class-weight weight
no class-weight
Context 
config>service>ies>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the class weight of this WRR group at its parent primary shaper relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters 
weight—
Specifies the class weight of the HS WRR group.
Values—
1, 2, 4, 8

 

percent-rate

Syntax 
percent-rate percent
no percent-rate
Context 
config>service>ies>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters 
percent—
Specifies the percent rate of the HS WRR group.
Values—
0.01 to 100.00

 

rate

Syntax 
rate rate
no rate
Context 
config>service>ies>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the scheduling rate applied to the HS WRR group in Kb/s. Alternatively, the keyword max can be specified which removes the bandwidth limitation on the HS WRR group. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the rate override value from the configuration.

Parameters 
rate—
Specifies the scheduling rate of the HS WRR group in Kb/s.
Values—
1 to 2000000000, max

 

queue

Syntax 
[no] queue queue-id
Context 
config>service>ies>if>sap>egress>queue-override
config>service>ies>if>sap>ingress>queue-override
config>service>ies>sub-if>grp-if>sap>egress>queue-override
Description 

This command specifies the ID of the queue whose parameters are to be overridden.

Parameters 
queue-id—
The queue ID whose parameters are to be overridden.
Values—
1 to 32

 

adaptation-rule

Syntax 
adaptation-rule [pir {max | min | closest}] [cir {max | min | closest}]
no adaptation-rule
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of the command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default 

no adaptation-rule

Parameters 
pir—
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
max—
The max (maximum) option is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.
min—
The min (minimum) option is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.
closest—
The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.
cir—
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.

avg-frame-overhead

Syntax 
avg-frame-overhead percent
no avg-frame-overhead
Context 
config>service>ies>if>sap>egress>queue-override
config>service>ies>if>sap>ingress>queue-override>queue
config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue
Description 

This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for inter-frame gap).

When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:

  1. Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
  2. Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.

For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.

  1. Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
  2. Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
  3. Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
  4. Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).

As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.

  1. Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
  2. Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.

Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to determine the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.

SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.

The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.

Default 

0

Parameters 
percent—
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Values—
0 to 100

 

burst-limit

Syntax 
burst-limit {default | size [bytes | kilobytes]}
no burst-limit
Context 
config>service>ies>sub-if>grp-if>sap>egress>queue-override>queue
Description 

The queue burst-limit command defines an explicit shaping burst size for a queue. The configured size defines the shaping leaky bucket threshold level that indicates the maximum burst over the queue's shaping rate.

The no form of this command restores the default burst limit to the specified queue. This is equivalent to specifying burst-limit default within the QoS policies. When specified within a queue-override queue context, any current burst limit override for the queue is removed and the queue's burst limit is controlled by its defining policy.

Default 

no burst-limit

Parameters 
default—
Reverts the queue's burst limit to the system default value.
size—
When a numeric value is specified (size), the system interprets the value as an explicit burst limit size. The value is expressed as an integer and, by default, is interpreted as the burst limit in kilobytes. If the value is intended to be interpreted in bytes, the bytes qualifier must be added following size.
Values—
0 to 13671 kilobytes
0 to or 14000000 bytes

 

Default—
No default for size; use the default keyword to specify default burst limit.
bytes—
Specifies that the value given for size must be interpreted as the burst limit in bytes.
kilobytes—
Specifies that the value given for size must be interpreted as the burst limit in kilobytes. If neither bytes nor kilobytes is specified, the default qualifier is kilobytes.

cbs

Syntax 
cbs size-in-kbytes
no cbs
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s CBS parameters. It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS to the default value.

Default 

no cbs

Parameters 
size-in-kbytes—
The size parameter is an integer number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).
Values—
0 to 131072, default

 

drop-tail

Syntax 
drop-tail
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
Description 

This command enters the context to configure queue drop tail parameters.

low

Syntax 
low
Context 
config>service>ies>if>sap>egress>queue-override>queue>drop-tail
config>service>ies>if>sap>ingress>queue-override>queue>drop-tail
Description 

This command enters the context to configure the queue low drop tail parameters. The low drop tail defines the queue depth beyond which out-of-profile packets are not accepted into the queue and will be discarded.

percent-reduction-from-mbs

Syntax 
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context 
config>service>ies>if>sap>egress>queue-override>queue>drop-tail>low
config>service>ies>if>sap>ingress>queue-override>queue>drop-tail>low
Description 

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets are not accepted into the queue if its depth is greater than this value, and so will be discarded.

Parameters 
percent—
Specifies the percentage reduction from the MBS for a queue drop tail.
Values—
0 to 100, default

 

hs-class-weight

Syntax 
hs-class-weight weight
no hs-class-weight
Context 
config>service>ies>if>sap>egress>queue-override>queue
Description 

This command overrides the class weight of this queue at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters 
weight—
Specifies the weight of the queue.
Values—
1, 2, 4, 8

 

hs-wred-queue

Syntax 
hs-wred-queue policy slope-policy-name
no hs-wred-queue
Context 
config>service>ies>if>sap>egress>queue-override>queue
Description 

This command overrides the slope policy applied to the HSQ queue group queue.

The no form of this command removes the WRED queue policy override value from the configuration.

Parameters 
slope-policy-name—
Specifies an existing slope policy name to apply to this HSQ queue group queue.

hs-wrr-weight

Syntax 
hs-wrr-weight weight
no hs-wrr-weight
Context 
config>service>ies>if>sap>egress>queue-override>queue
Description 

This command overrides the Weighted Round Robin (WRR) relative weight with which this queue should parent into an HSQ WRR group defined within the associated HS attachment policy.

The no form of this command removes the WRR weight override value from the configuration.

Parameters 
weight—
Specifies the HS WRR group queue weight.
Values—
1 to 127

 

mbs

Syntax 
mbs size {[bytes | kilobytes] | default}
no mbs
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
Description 

This command overrides specific attributes of the specified queue’s MBS parameters. The MBS is a mechanism to override the default maximum size for the queue.

The sum of the MBS for all queues on an egress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The no form of this command returns the MBS assigned to the queue.

Default 

mbs default

Parameters 
size—
The size parameter is required when specifying mbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether the size represents bytes or kilobytes.
Values—
0 to 1073741824
default

 

bytes—
When byte is defined, the value given for size is interpreted as the queue'sMBS value given in bytes.
kilobytes—
When kilobytes is defined, the value is interpreted as the queue's MBSvalue given in kilobytes.
default—
Specifying the keyword default sets the MBS to its default value.

mbs

Syntax 
mbs {size [bytes | kilobytes] | default}
no mbs
Context 
config>service>ies>if>sap>egress>hsmda-queue-override>queue
Description 

This command overrides specific attributes of the specified queue’s MBS parameters. The MBS is a mechanism to override the default maximum size for the queue.

The sum of the MBS for all queues on an egress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The no form of this command returns the MBS assigned to the queue.

Default 

mbs default

Parameters 
size—
Specifies the maximum number of kilobytes of buffering allowed for the queue. For a value of 100 kb/s, enter the value 100. A value of 0 causes the queue to discard all packets.
Values—
0 to 2625 kilobytes
0 to 2688000 bytes
default

 

monitor-depth

Syntax 
[no] monitor-depth
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command enables queue depth monitoring for the specified queue.

The no form of the command removes queue depth monitoring for the specified queue.

parent

Syntax 
parent [weight weight] [cir-weight cir-weight]
no parent
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
config>service>ies>if>sap>egress>sched-override>scheduler
config>service>ies>if>sap>ingress>sched-override>scheduler
Description 

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of the command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default 

no parent

Parameters 
weight weight
Weight defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values—
0 to 100

 

cir-weight cir-weight
The cir-weight keyword defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values—
0 to 100

 

percent-rate

Syntax 
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context 
config>service>ies>if>sap>egress>queue-override>queue
Description 

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters 
pir-percent
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.01 to 100.00

 

Default—
100.00
cir-percent—
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.00 to 100.00

 

Default—
100.00

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>ies>if>sap>egress>queue-override>queue
config>service>ies>if>sap>ingress>queue-override>queue
config>service>ies>if>sap>egress>sched-override>scheduler
config>service>ies>if>sap>ingress>sched-override>scheduler
Description 

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters.

The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile and then out-of-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of the command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default 

rate max cir 0

Parameters 
pir-rate—
Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

For egress>queue-override>queue and ingress>queue-override>queue:

Values—
1 to 2000000000, max in kb/s

 

Default—
max
For egress>sched-override>scheduler and ingress>sched-override>scheduler:
Values—
1 to 3200000000, max in kb/s

 

cir cir-rate—
The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers or queues.

For egress>queue-override>queue and ingress>queue-override>queue:

Values—
0 to 2000000000, sum, max in kb/s

 

Default—
0
For egress>sched-override>scheduler and ingress>sched-override>scheduler:
Values—
0 to 3200000000, sum, max in kb/s

 

scheduler-override

Syntax 
[no] scheduler-override
Context 
config>service>ies>if>sap>egress
config>service>ies>if>sap>ingress
Description 

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

scheduler

Syntax 
[no] scheduler scheduler-name
Context 
config>service>ies>if>sap>egress>sched-override
config>service>ies>if>sap>ingress>sched-override
Description 

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.
  2. The provided scheduler-name is valid.
  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters 
scheduler-name—
The name of the scheduler.
Values—
Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

 

Default—
None. Each scheduler must be explicitly created.
create—
This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>ies>if>sap>egress>sched-override>scheduler
config>service>ies>if>sap>ingress>sched-override>scheduler
config>service>ies>if>sap>egress>hsmda-queue-override>queue
config>service>ies>if>sap>ingress>hsmda-queue-override>queue
Description 

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s ‘within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters 
pir-rate—
The pir parameter accepts a value of 1 to 3200000000, or the keyword max. Any other value will result in an error without modifying the current PIR rate.
Values—
1 to 3200000000, max

 

cir cir-rate—
This parameter accepts a step-multiplier value that specifies the multiplier used to determine the CIR rate at which the queue will operate. A value of 1 to 3200000000 or the keywords max or sum is accepted. Any other value will result in an error without modifying the current CIR rate.

If the cir is set to max, then the CIR rate is set to infinity but is restricted by the PIR rate.

The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers, or queues.

For egress>sched-override>scheduler and ingress>sched-override>scheduler:

Values—
0 to 3200000000, max, sum

 

scheduler-policy

Syntax 
scheduler-policy scheduler-policy-name
no scheduler-policy
Context 
config>service>ies>sap>ingress
config>service>ies>sap>egress
config>service>ies>sub-if>grp-if>sap>egress
config>service>ies>sub-if>grp-if>sap>ingress
config>service>ies>sub-if>grp-if>sap>egress
config>service>ies>sub-if>grp-if>sap>ingress
Description 

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues associated with the customer site. Queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have ingress queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters 
scheduler-policy-name:—
The scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.
Values—
Any existing valid scheduler policy name.

 

2.5.2.15. ATM Commands

atm

Syntax 
atm
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description 

This command enables access to the context to configure ATM-related attributes. This command can only be used when a given context (for example, a channel or SAP) supports ATM functionality such as:

  1. Configuring ATM port or ATM port-related functionality on MDAs supporting ATM functionality
  2. Configuring ATM-related configuration for ATM-based SAPs that exist on MDAs supporting ATM functionality.

If ATM functionality is not supported for a given context, the command returns an error.

egress

Syntax 
egress
Context 
config>service>ies>if>sap>atm
Description 

This command enters the context to configure egress ATM attributes for the SAP.

encapsulation

Syntax 
encapsulation atm-encap-type
Context 
config>service>ies>if>sap>atm
Description 

This command configures RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5, encapsulation for an ATM PVCC delimited SAP.

This command specifies the data encapsulation for an ATM PVCC delimited SAP. The definition references RFC 2684 and to the ATM Forum LAN Emulation specification. The encapsulation is driven by the services for which the SAP is configured.

Ingress traffic that does not match the configured encapsulation will be dropped.

Default 

encapsulation aal5snap-routed (for IES service SAPs)

Parameters 
atm-encap-type—
Specifies the encapsulation type.
Values—
aal5snap-routed — Routed encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-ip — Routed IP encapsulation for VC multiplexed circuit as defined in RFC 2684.
aal5snap-bridged — Bridged encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-bridged-eth-nofcs — Bridged IP encapsulation for VC multiplexed circuit as defined in RFC 2684.

 

ingress

Syntax 
ingress
Context 
config>service>ies>if>sap>atm
Description 

This command configures ingress ATM attributes for the SAP.

traffic-desc

Syntax 
traffic-desc traffic-desc-profile-id
no traffic-desc
Context 
config>service>ies>if>sap>atm>egress
config>service>ies>if>sap>atm>ingress
Description 

This command assigns an ATM traffic descriptor profile to a given context (for example, a SAP).

When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction.

When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.

The no form of the command reverts the traffic descriptor to the default traffic descriptor profile.

Default 

The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created PVCC-delimited SAPs.

Parameters 
traffic-desc-profile-id—
Specify a defined traffic descriptor profile (see the QoS atm-td-profile command).

oam

Syntax 
oam
Context 
config>service>ies>if >sap>atm
Description 

This command enters the context to configure OAM functionality for a PVCC delimiting a SAP.

The ATM-capable MDAs support F5 end-to-end OAM functionality (AIS, RDI, Loopback):

  1. ITU-T Recommendation I.610 - B-ISDN Operation and Maintenance Principles and Functions version 11/95
  2. GR-1248-CORE - Generic Requirements for Operations of ATM Network Elements (NEs). Issue 3 June 1996
  3. GR-1113-CORE - Bellcore, Asynchronous Transfer Mode (ATM) and ATM Adaptation Layer (AAL) Protocols Generic Requirements, Issue 1, July 1994

alarm-cells

Syntax 
[no] alarm-cells
Context 
config>service>ies>if >sap>atm>oam
Description 

This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC termination to monitor and report the status of their connection by propagating fault information through the network and by driving PVCC’s operational status.

When alarm-cells functionality is enabled, a PVCC’s operational status is affected when a PVCC goes into an AIS or RDI state because of an AIS/RDI processing (assuming nothing else affects PVCC’s operational status, for example, if the PVCC goes DOWN, or enters a fault state and comes back UP, or exits that fault state). RDI cells are generated when PVCC is operationally DOWN. No OAM-specific SNMP trap is raised whenever an endpoint enters/exits an AIS or RDI state, however, if as result of an OAM state change, the PVCC changes operational status, then a trap is expected from an entity the PVCC is associated with (for example a SAP).

The no command disables alarm-cells functionality for a PVCC. When alarm-cells functionality is disabled, a PVCC’s operational status is no longer affected by a PVCC’s OAM state changes due to AIS/RDI processing (when alarm-cells is disabled, a PVCC will change operational status to UP due to alarm-cell processing) and RDI cells are not generated as result of the PVCC going into AIS or RDI state. The PVCC’s OAM status, however, will record OAM faults as described above.

Default 

Enabled for PVCCs delimiting IES SAPs

periodic-loopback

Syntax 
[no] periodic-loopback
Context 
config>service>ies>if >sap>atm>oam
Description 

This command enables periodic OAM loopbacks on this SAP. This command is only configurable on IES and VPRN SAPs. When enabled, an ATM OAM loopback cell is transmitted every period as configured in the config>system>atm>oam>loopback-period period context.

If a response is not received and consecutive retry-down retries also result in failure, the endpoint will transition to an alarm indication signal/loss of clock state. Then, an ATM OAM loopback cell will be transmitted every period as configured in the loopback-period period. If a response is received for the periodic loopback and consecutive retry-up retries also each receive a response, the endpoint will transition back to the up state.

The no form of the command sets the value back to the default.

Default 

no periodic-loopback

2.5.2.16. IES Interface VRRP Commands

vrrp

Syntax 
vrrp virtual-router-id [owner] [passive]
no vrrp virtual-router-id
Context 
config>service>ies>if
config>service>ies>if>ipv6
Description 

This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as the owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown in order to remove the virtual router instance.

Default 

n/a

Special Cases 
Virtual Router Instance Owner IP Address Conditions—
The virtual router instance owner can be created prior to assigning the parent IP interface primary or secondary IP addresses. In this case, the virtual router instance is not associated with an IP address. The operational state of the virtual router instance is down.
VRRP Owner Command Exclusions—
By specifying the VRRP vrid as owner, the following commands are no longer available:
  1. vrrp priority — The virtual router instance owner is hard-coded with a priority value of 255 and cannot be changed.
  2. vrrp master-int-inherit — Owner virtual router instances do not accept VRRP advertisement messages; the advertisement interval field is not evaluated and cannot be inherited.
  3. ping-reply, telnet-reply and ssh-reply — The owner virtual router instance always allows Ping, Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface.
  4. vrrp shutdownThe owner virtual router instance cannot be shut down on the vrrp node. If this was allowed, VRRP messages would not be sent, but the parent IP interface address would continue to respond to ARPs and forward IP packets. Another virtual router instance may detect the missing master due to the termination of VRRP advertisement messages and become master. This would result in two routers responding to ARP requests for the same IP addresses. To shut down the owner virtual router instance, use the shutdown command in the parent IP interface context. This will prevent VRRP participation, IP ARP reply and IP forwarding. To continue parent IP interface ARP reply and forwarding without VRRP participation, remove the vrrp vrid instance.
  5. traceroute-reply
VRRP Passive Command Exclusions—
By specifying the VRRP vrid as passive, the following commands related to the master election and processing of VRRP advertisement messages are no longer available:
  1. vrrp priority
  2. policy
  3. preempt
  4. master-int-inherit
  5. standby-forwarding
  6. int-delay
  7. message-interval
  8. authentication-key
  9. bfd-enable
Parameters 
virtual-router-id—
The virtual-router-id parameter specifies a new virtual router ID or one that can be modified on the IP interface.
Values—
1 to 255

 

owner—
Identifies this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
passive—
Identifies this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operational-up), or the init state (if the interface is operational-down). The passive keyword is not required when entering the vrid for editing purposes. Once a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>ies>if>vrrp
Description 

The authentication-key command, within the vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validating received VRRP advertisement messages.

The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, the authentication-key command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  1. Identify the current master
  2. Shutdown the virtual router instance on all backups
  3. Execute the authentication-key command on the master to change the password key
  4. Execute the authentication-key command and no shutdown command on each backup key

The no form of this command restores the default null string to the value of key.

Default 

No default. The authentication data field contains the value 0 in all 16 octets.

Parameters 
authentication-key—
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The key parameter is expressed as a string consisting up to eight alpha-numeric characters. Spaces must be contained in quotation marks (“ ”). The quotation marks are not considered part of the string.

The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values—
Any 7-bit printable ASCII character.

 

Exceptions:

Double quote (")

ASCII 34

Carriage Return

ASCII 13

Line Feed

ASCII 10

Tab

ASCII 9

Backspace

ASCII 8

hash-key—
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

backup

Syntax 
[no] backup ip-address
Context 
config>service>ies>if>vrrp
Description 

This command configures virtual router IP addresses for the interface.

bfd-enable

Syntax 
[no] bfd-enable [service-id] interface interface-name dst-ip ip-address
Context 
config>service>ies>if>vrrp
config>service>ies>if>ipv6>vrrp
Description 

This commands assigns a bi-directional forwarding (BFD) session providing heart-beat mechanism for the given VRRP/SRRP instance. There can be only one BFD session assigned to any given VRRP/SRRP instance, but there can be multiple SRRP/VRRP sessions using the same BFD session.

BFD control the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface. The specified interface may not be configured with BFD; however, when it is, the virtual router will then initiate the BFD session.

The no form of this command removes BFD from the configuration.

Default 

none

Parameters 
service-id—
Specifies the service ID of the interface running BFD.
Values—
service-id: 1 to 2147483648
No service ID indicates a network interface.

 

interface interface-name
Specifies the name of the interface running BFD.
dst-ip ip-address
Specifies the destination address to be used for the BFD session.

init-delay

Syntax 
init-delay seconds
no init-delay
Context 
config>service>ies>if>vrrp
Description 

This command configures a VRRP initialization delay timer.

Default 

no init-delay

Parameters 
seconds—
Specifies the initialization delay timer for VRRP, in seconds.
Values—
1 to 65535

 

mac

Syntax 
mac mac-address
no mac
Context 
config>service>ies>if>vrrp
Description 

This command assigns a specific MAC address to an IES IP interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system).

Parameters 
mac-address —
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax 
[no] master-int-inherit
Context 
config>service>ies>if>vrrp
Description 

This command allows the master instance to dictate the master down timer (non-owner context only).

Default 

no master-int-inherit

message-interval

Syntax 
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context 
config>service>ies>if>vrrp
Description 

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different than the virtual router instance configured message-interval value will be silently discarded.

The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second will be used.

The no form of this command restores the default message interval value of 1 second to the virtual router instance.

Parameters 
seconds—
The number of seconds that will transpire before the advertisement timer expires.
Values—
1 to 255

 

Default—
1
milliseconds milliseconds
Specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.
Values—
100 to 900

 

oper-group

Syntax 
oper-group group-name
no oper-group
Context 
config>service>ies>if>vrrp
Description 

This command configures VRRP to associate with an operational group. When associated, VRRP notifies the operational group of its state changes so that other protocols can monitor it to provide a redundancy mechanism. When VRRP is the master router (MR), the operational group is up and is down for all other VRRP states.

The no form of the command removes the association.

Default 

no oper-group

Parameters 
group-name—
Specifies the operational group identifier up to 32 characters in length.

ping-reply

Syntax 
ping-reply
no ping-reply
Context 
config>service>ies>if>vrrp
Description 

This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.

Default 

no ping-reply

policy

Syntax 
policy vrrp-policy-id
no policy
Context 
config>service>ies>if>vrrp
Description 

This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.

The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.

The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.

The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.

Default 

n/a

Parameters 
vrrp-policy-id—
The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.
Values—
1 to 9999

 

preempt

Syntax 
preempt
no preempt
Context 
config>service>ies>if>vrrp
Description 

The preempt command provides the ability of overriding an existing non-owner master to the virtual router instance. Enabling preempt mode is almost required for proper operation of the base-priority and vrrp-policy-id definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is only available in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted due to the fact that the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.

Non-owner virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the virtual router instances in-use priority.

A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP Advertisement message Priority field value is one of the following:

  1. Greater than the virtual router in-use priority value
  2. Equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to restore the default mode.

Default 

preempt

priority

Syntax 
priority base-priority
no priority
Context 
config>service>ies>if>vrrp
Description 

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters 
base-priority—
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Values—
1 to 254

 

Default—
100

standby-forwarding

Syntax 
[no] standby-forwarding
Context 
config>service>ies>if>vrrp
Description 

This command allows the forwarding of packets by a standby router.

The no form of the command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default 

no standby-forwarding

ssh-reply

Syntax 
[no] ssh-reply
Context 
config>service>ies>if>vrrp
Description 

This command enables the non-owner master to reply to SSH Requests directed at the virtual router instances IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.

The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default 

no ssh-reply

telnet-reply

Syntax 
[no] telnet-reply
Context 
config>service>ies>if>vrrp
Description 

The telnet-reply command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instances IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default 

no telnet-reply

traceroute-reply

Syntax 
[no] traceroute-reply
Context 
config>service>ies>if>vrrp
Description 

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default 

no traceroute-reply

2.5.2.17. IPSec Gateway Commands

ipsec-gw

Syntax 
[no] ipsec-gw
Context 
config>service>ies>if>sap
Description 

This command configures an IPSec gateway.

default-secure-service

Syntax 
default-secure-service service-id interface ip-int-name
default-secure-service name service-name interface ip-int-name
no default-secure-service
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command specifies a service ID or service name of the default security service used by this SAP IPSec gateway.

Parameters 
service-id—
Specifies a default secure service.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The default-secure-service name service-name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

 

service-name—
Identifies the service, up to 64 characters.

default-tunnel-template

Syntax 
default-tunnel-template ipsec template identifier
no default-tunnel-template
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command configures a default tunnel policy template for the gateway.

local-gateway-address

Syntax 
local-gateway-address ip-address
no local-gateway-address
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command configures an ipsec-gateway local address.

pre-shared-key

Syntax 
pre-shared-key key
no pre-shared-key
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command specifies the shared secret between the two peers forming the tunnel.

Parameters 
key—
Specifies a pre-shared-key for dynamic-keying.

cert

Syntax 
cert
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command configures cert parameters used by this IPSec gateway.

cert-profile

Syntax 
cert-profile profile-name
no cert-profile
Context 
config>service>ies>if>sap>ipsec-gw>cert
Description 

This command specifies the cert-profile for the ipsec-tunnel or ipsec-gw. This command will override “cert” and “key” configuration under the ipsec-tunnel or ipsec-gw.

Default 

n/a

Parameters 
profile-name—
Specifies the name of cert-profile.

trust-anchor-profile

Syntax 
trust-anchor trust-anchor-profile-name
no trust-anchor-profile
Context 
config>service>vprn>if>sap>ipsec-gw>cert
Description 

This command configures the trust anchor profile name associated with this SAP IPSec tunnel certificate. This command will override “trust-anchor” configuration under the ipsec-tunnel or ipsec-gw.

Default 

n/a

Parameters 
trust-anchor-profile-name—
Specifies the name of trust-anchor-profile.

status-verify

Syntax 
status-verify
Context 
config>service>ies>if>sap>ipsec-gw>cert
Description 

This command enters the context to configure certificate status verification parameters.

default-result

Syntax 
default-result {revoked | good}
no default-result
Context 
config>service>ies>if>sap>ipsec-gw>cert>status-verify
Description 

This command specifies the default result of Certificate Status Verification (CSV) when both primary and secondary method failed to provide an answer.

The no form of the command reverts to the default.

Default 

default-result revoked

Parameters 
revoked—
Specifies that the certificate is considered as revoked.
good—
Specifies that the certificate is considered as acceptable.

primary

Syntax 
primary primary secondary secondary
Context 
config>service>ies>if>sap>ipsec-gw>cert>status-verify
Description 

This command specifies the primary and secondary methods that are used to verify the revocation status of the peer’s certificate; either CRL or OCSP. OCSP or CRL uses the corresponding configuration in the CA profile of the issuer of the certificate in question.

Default 

primary crl

Parameters 
primary—
Specifies the primary method of Certificate Status Verification (CSV) that is used to verify the revocation status of the certificate of the peer.
Values—
ocsp —  Specifies that the OCSP protocol should be used. The OCSP server is configured in the corresponding CA profile.
crl — Specifies that the local CRL file should be used. The CRL file is configured in the corresponding CA profile.

 

Default—
crl
secondary—
Specifies the secondary method of CSV that is used to verify revocation status of the certificate of the peer.
Values—
ocsp —  Specifies that the OCSP protocol should be used. The OCSP server is configured in the corresponding CA profile.
crl — Specifies that the local CRL file should be used. The CRL file is configured in the corresponding CA profile.

 

local-id

Syntax 
local-id type {ipv4 | fqdn} [value [value]]
no local-id
Context 
config>service>ies>if>sap>ipsec-gateway
Description 

This command specifies the local ID of the 7750 SR used for IDi or IDr for IKEv2 tunnels. The local-id can only be changed or removed when tunnel or gateway is shutdown.

Default 

Depends on local-auth-method such as:

  1. Psk:local tunnel ip address
  2. Cert-auth: subject of the local certificate
Parameters 
type —
Specifies the type of local ID payload, it could be ipv4 address/FQDN domain name.
Values—
ipv4 — Use ipv4 as the local ID type, the default value is the local tunnel end-point address.
fqdn — Use FQDN as the local ID type, the value must be configured.
dn — Use the subject of the certificate configured for the tunnel or gateway.

 

2.5.2.18. AARP Interface Commands

aarp-interface

Syntax 
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
Context 
config>service>ies
Description 

This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.

The no form of the command deletes the interface.

Default 

no aarp-interface

Parameters 
aarp-interface-name—
A string of up to 32 characters identifying the interface.
create—
Keyword used to create the AARP interface.

ip-mtu

Syntax 
ip-mtu octets
no up-mtu
Context 
config>service>ies>aarp-interface
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of the command returns the default value. By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

Default 

no ip-mtu

Parameters 
octets—
Specifies the maximum number of octets that can be transmitted.
Values—
512 to 9000

 

spoke-sdp

Syntax 
spoke-sdp sdp-id:vc-id [create]
no spoke-sdp sdp-id:vc-id
Context 
config>service>ies>aarp-interface
Description 

This command binds a service to an existing SDP. A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default 

no spoke-sdp

Parameters 
sdp-id—
— Specifies the SDP identifier.
Values—
1 to 17407

 

vc-id—
The virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs, however it must be configured.
Values—
1 to 4294967295

 

create—
Keyword used to create the spoke SDP.

aarp

Syntax 
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
Context 
config>service>ies>aarp-interface>spoke-sdp
Description 

This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.

The no form of the command removes the association.

Default 

no aarp

Parameters 
aarp-id —
An integer that identifies an AARP instance.
Values—
1 to 65535

 

subscriber-side-shunt—
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
network-side-shunt—
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.

egress

Syntax 
egress
Context 
config>service>ies>aarp-interface>spoke-sdp
Description 

This command enters the egress context for a spoke SDP.

filter

Syntax 
filter ip ip-filter-id
no filter
Context 
config>service>ies>aarp-interface>spoke-sdp>egress
config>service>ies>aarp-interface>spoke-sdp>ingress
Description 

This command associates an IP filter policy with an ingress or egress IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.

The no form of this command removes any configured filter ID association with the IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local.

Parameters 
ip-filter-id—
Specifies the filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535 or a string up to 64 characters

 

vc-label

Syntax 
vc-label vc-label
no vc-label [vc-label]
Context 
config>service>ies>aarp-interface>spoke-sdp>egress
config>service>ies>aarp-interface>spoke-sdp>ingress
Description 

This command configures the egress and ingress VC label.

The no version of this command removes the VC label.

Parameters 
vc-label—
A VC egress value that indicates a specific connection.
Values—
egress: 16 to 1048575
ingress: 32 to 18431

 

ingress

Syntax 
ingress
Context 
config>service>ies>aarp-interface>spoke-sdp
Description 

This command enters the ingress context for a spoke SDP.