2. 2
CONTENT OVERVIEW
DAY
1
Session 1
• INTRODUCTION
• PRODUCT OVERVIEW
o RAX701
o RAX711-L
• CARRIER ETHERNET SERVICES REVIEW
o ETHERNET LINE (E-LINE)
Ethernet Private Line (EPL)
Ethernet Virtual Private Line (EVPL)
o ETHERNET LAN (E-LAN)
Ethernet Private LAN (EP-LAN)
Ethernet Virtual Private LAN (E-LAN)
• BASIC DEVICE MANAGEMENT
o USER MANAGEMENT
o IN-BAND/ OUT-BAND MANAGEMENT
o SW UPGRADE
o CONFIGURATION UPLOAD/DOWNLOAD
o DISASTER RECOVERY
o PORT MIRROR
3. 3
CONTENT OVERVIEW
DAY
2
Session 1
BASIC DEVICE SECURITY
o ACCESS CONTROL LISTS
o RESTRICTING DEVICE ACCESS
o PORT SECURITY
SWITCHPORT CONFIGURATIONS
o ACCESS PORT
o TRUNK PORT
o QinQ PORT
Basic QinQ
Flexible QinQ
QoS
o CLASS MAPS
o POLICY MAPS
o BANDWIDTH PROFILES
o COS REMARK
o DSCP REMARK
4. 4
CONTENT OVERVIEW
DAY
3
Session 1
ETHERNET CFM
o THEORY REVIEW
Maintenance Domain
Maintenance Association SA
MEPs and MIPs
Y.1731 SLA
o CFM CONFIGURATIONS
SERVICE ACTIVATION TESTS
o RF2544
o Y.1564
5. 5
CONTENT OVERVIEW
DAY
4
Session 1
SCENARIO 1: DEDICATED ACCESS (POINT TO POINT)
SCENARIO 2: INTERNET ACCESS
SNMP MONITORING
o BASIC SNMP CONFIGURATION
o SNMP MONITORING
RFC1213 MIB
Performances OIDs
Y.1731
RFC2544
Y.1564
NVIEW REVIEW
9. 9
PRODUCT OVERVIEW
• MEF2.0 Compliance
• Switching Capacity 6 Gbps
• 2 GE x NNI Ports (SFP), 1 GE x UNI Combo
• Internal wide range Power-Supply
• Extend Temp: -20c to 60c, Power Consumption <15w
43.6mm
Power Supply
Console
2x NNI
GbE SFP
1x UNI
Combo
1x RJ45
Outband Mgmt
COMPACT NID - RAX701
10. 10
PRODUCT OVERVIEW
• MEF2.0 Compliance
• Switching Capacity 6 Gbps
• 2 GE x NNI Ports (SFP), 4 GE x UNI Combo
• Up to 4xE1’s ( CESoPSN/SAToP) , ordering option
• Redundant hot swappable power supply
• Extend Temp: -10c to 60c, Power Consumption <25w
Hot
Swappable
Dual PSU
CE & MPLS-TP NID RAX711-L
11. 11
PRODUCT OVERVIEW
6xGE port
• 2x NNI SFP
• 4x UNI UTP
PSU- AC or DC
Redundant: AC/AC, DC/DC, AC/DC
6xGE port
• 2x NNI SFP
• 4x UNI Combo (UTP/SFP)
PSU- AC or DC
Redundant: AC/AC, DC/DC, AC/DC
6xGE port
• 2x NNI SFP
• 4x UNI Combo (UTP/SFP)
• 4x E1 (CES)
PSU- AC or DC
Redundant: AC/AC, DC/DC, AC/DC
RAX711-L CONFIGURATION OPTIONS
12. 12
PRODUCT OVERVIEW
RAX-701 AND 711L ( SAME SW FEATURES)
• E-line/ELAN Carrier Ethernet Services
• Zero-Touch Configuration
• ELPS(ITU G.8031)
• ERPS (ITU G.8032) Protection
• MPLS-TP
• 8K MAC Address Table, 13k MTU
• Static Routing capabilities
• Y.1564 Generator and Reflector
• ETH OAM ( EFM/CFM/Y.1731)- Up to 64 monitored EVC’s
• E1 CES ( RAX-711L Only)
• SYNC-E ( RAX-711L Only)
• 1588-TC
• TWAMP Light (Generator and Reflector)
14. 14
CARRIER ETHERNET SERVICES REVIEW
E-LINE
Point-to-Point EVC
CE
UNI
UNI
CE
CE
UNI CE
UNI
Multipoint EVC
CARRIER ETHERNET SERVICE TYPES
E-LAN
Rooted-Multipoint
EVC
Root
UNI
UNI
UNI
UNI
CE
CE
CE
CE
E-TREE
Service Provider 1
CE
UNI
UNI
CE
Service Provider 2
ENNI
E-ACCESS
16. 16
CARRIER ETHERNET SERVICES REVIEW
• Point-to-point connection that connects exactly two UNIs.
• Only two UNI connected can communicate with each other.
• Port-based service with single service (EVC) across dedicated UNIs providing site-to-site
connectivity.
• Most popular Ethernet service due to its simplicity.
• E-Line can replace TDM Private lines.
Point-to-Point EVCs
Carrier Ethernet Network
Storage
Service
Provider
UNI
CE
CE
UNI
ETHERNET PRIVATE LINE - EPL
17. 17
CARRIER ETHERNET SERVICES REVIEW
• Enables multiple services (EVCs) delivered over single physical connection (UNI) to customer
premises
• Optimizes use of bandwidth and ports with Classes of Services (CoS)
• Support connectivity via Service Multiplexed UNI at hub site
• Replaces Frame Relay or ATM Layer 2 VPN services
Point-to-Point EVCs
Carrier Ethernet Network
CE
UNI
CE
UNI
CE
UNI
Hub Site
ETHERNET VIRTUAL PRIVATE LINE - EVPL
18. 18
CARRIER ETHERNET SERVICES REVIEW
• Port-Based
• Each UNI is dedicated to the EP-LAN
service
• Example use: Transparent LAN
Multipoint-to-Multipoint
EVC
CE
UNI
UNI
UNI
CE
CE
EP-LAN
ETHERNET PRIVATE LAN EP-LAN
19. 19
CARRIER ETHERNET SERVICES REVIEW
• VLAN-Aware
• Service Multiplexing allowed at UNI
• Example use : Internet access and
corporate VPN via one UNI
Multipoint-to-Multipoint EVC
Point-to-Point EVC
(EVPL)
ISP POP Internet
UNI
UNI
CE
CE
UNI
UNI
CE
CE
EVP-LAN
ETHERNET VIRTUAL PRIVATE LAN EVP-LAN
20. 20
CARRIER ETHERNET SERVICES REVIEW
E-LAN:
• E-LAN services are appropriate when all UNIs need to generate traffic towards any other UNI, and all
UNIs belong to the same administrative domain.
• Traffic separation between different organizations sharing the service is not required
• All UNIs are designated as a root UNI.
E-Tree:
• E-Trees provide the separation between UNIs required to deliver a single service instance in which
different customers (each having a leaf UNI) connect to an ISP which has one or more root UNIs.
Multiple root UNIs are permitted in E-Trees in order to support mirror sites (resiliency) and load
sharing configurations.
MULTIPOINT EVC (ELAN) vs ROOTED-MULTIPOINT EVC (E-TREE)
22. 22
DEVICE MANAGEMENT
HOW TO ACCESS THE DEVICE
• Console Interface
RJ45 to RS-232 Serial cable
USB to RS-232 Serial Cable
• Telnet
Raisecom#telnet 10.0.0.1 port 1
IPv4 or Ipv6 Supported
Port is an optional
• SSH
Security Authentication over TCP
Standard Port 22
Console Access
Telnet / SSH Session
Switch
23. 23
DEVICE MANAGEMENT
IN-BAND / OUT-BAND MANAGEMENT
NETWORK
SITE A SITE B
IN-BAND MANAGEMENT
DCN
NETWORK
SITE A SITE B
OUT-BAND MANAGEMENT
24. 24
DEVICE MANAGEMENT
IN-BAND MANAGEMENT
• Up to 15 IP Interfaces
• Only one VLAN per interface
Raisecom#conf t
Raisecom(config)#interface ip
<0-14> IP interface number
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 192.168.2.5 255.255.255.0
Raisecom(config-ip)#ip vlan 10
Raisecom(config-ip)exit
Raisecom(config)#
Raisecom(config)#show ip interface brief
IF Address NetMask Source Category
----------------------------------------------------------
0 192.168.2.5 128.0.0.0 assigned primary
10 10.0.0.1 255.255.255.0 assigned primary
Raisecom(config)#
• CoS can be assigned directly to Management traffic
• Management Traffic can be “double tagged”
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip management-traffic
cos Set COS for outer tag
mode Mode
tpid Set TPID for outer tag
Raisecom(config-ip)#ip management-traffic cos
<0-7> Cos value
Raisecom(config-ip)#$nt-traffic mode double-tagging inner-vlan
<1-4094> VLAN ID
25. 25
DEVICE MANAGEMENT
OUT-BAND MANAGEMENT
• Management traffic sent to DCN Network without using any service port.
• No VLAN can be assigned to the traffic (must be done on DNC switch).
Raisecom#conf t
Raisecom(config)# management-port ip address 192.168.2.5 255.255.255.0
Raisecom(config)#
Raisecom(config)# show management-port ip-address
IF Address NetMask Source Catagory
----------------------------------------------------------
0 192.168.2.5 255.255.255.0 assigned primary
Raisecom(config)#
26. 26
DEVICE MANAGEMENT
USER MANAGEMENT
Function Default Setting
Local User Information Username: Raisecom
Password: Raisecom
Privilege: 15
New User Privilege 15
New User Activation Status Activate
Enable Password raisecom
User Login Authentication Local-user password
Enable Login Authentication Mode Local-user password
• Raisecom# user name user-name password [cipher | simple] password
• Raisecom# user user-name privilege privilege-number-value (0-15)
27. 27
DEVICE MANAGEMENT
USER MANAGEMENT
• Visitor
• Can execute ping, clear, & history
commands.
Level: 0 - 4
• Monitor User
• Can Execute show commands.
Level 5 -10
• Operator User
• Can Execute commands for service.
Level 11- 14
• Administer
• Can execute all commands.
Level 15
USER PRIVILEGE LEVELS
28. 28
DEVICE MANAGEMENT
USER MANAGEMENT
• How to authorize user to use a command?
Step 1 Configure user login authentication mode
Step 2 Create a local user user1
Step 3 Configure user privilege
Step 4 Configure user service type
Step 5 Configure user command management (allow/disallow)
• User Profile
Raisecom#user login local-user
Raisecom#user name user1 password simple aaAA123@
Raisecom#user name user1 privilege 10
Raisecom#user user1 allow-exec mirror
• To disallow user to use a command
Raisecom#user user1 disallow-exec mirror
29. 29
DEVICE MANAGEMENT
USER MANAGEMENT
Administer
Operator
Monitor
Visitor
Raisecom#show user table
Username Priority Server
-------------------------------------------------------
raisecom 15 Local
Raisecom# show user active
Username : raisecom
Priority : 15
Server IP : --
Terminal IP : 192.168.22.1
Login Type : telnet-1
Login Time : 2018-06-22,13:42:43
Current Login : Y
Raisecom# show terminal
Terminal State Time-out User IP
-------------------------------------------------------------------------------
console active 600sec LOCAL
*telnet-1 active 600sec raisecom 192.168.22.1 -
-
30. 30
DEVICE MANAGEMENT
SOFTWARE UPGRADE
• The device supports Dual Software Image
• Software Image can be downloaded using FTP, SFTP and TFTP
• The download can be scheduled (Nview)
Raisecom#show version
Product Version: RAX711-L-4GC4E1-BL-S-AC/D-02 P200R002C32
Software Version: 5.4.66_20170406
RITP Version: 5.4
Bootstrap Version: BOOTROM_1.0.7
FPGA Version: fpga:1.4 fpga-ces:2.6
Hardware Version: A.00
System MacAddress: 000E.5E48.192F
Serial number: 123002021800S15817S0010G
RAX711-L-4GC4E1-BL-S with
128 M bytes DRAM
32 M bytes Flash Memory
2.366 M bytes Free Flash Memory
System uptime is 13 days, 0 hours, 49 minutes
VERIFY THE ACTUAL SW VERSION
31. 31
DEVICE MANAGEMENT
SOFTWARE UPGRADE
Raisecom#show multi-system
Priority Name Version Size
----------------------------------------------------------
1* system1 5.4.66_20170406 10637066
2 system2 5.3.32_20150324 8309863
CHECK THE AVAILABLE SW VERSIONS
Raisecom#download system-boot ftp 10.10.10.10 ftp-user ftp-password system.z system1
ftp: Protocol to be used to download the new SW File
10.10.10.10: FTP/SFTP/TFTP Server
ftp-user and ftp-password: FTP Server User account and password
system.z : SW File name
System1: SW version to be replaced with the new SW File
DOWNLOAD A NEW SW VERSION
Raisecom#boot sequence
Please select the system file which boot priority is 1:
* system1 5.4.87_20170926
system2 5.4.87_20170804
Please input <1-2>:1
Boot order: system1 system2
Set successfully
CHOSE THE SW VERSION TO BE USED THE NEX BOOT
32. 32
DEVICE MANAGEMENT
CONFIGURATION UPLOAD / DOWNLOAD
• Startup Config can be uploaded (backup) or downloaded (Restore)
• Running Configuration can be uploaded (backup)
• Config files can be downloaded using FTP, SFTP and TFTP
• The download can be scheduled (Nview)
Raisecom#download startup-config ftp 10.10.10.10 ftp-user ftp-password FILENAME
ftp: Protocol to be used to download the new SW File
10.10.10.10: FTP/SFTP/TFTP Server
ftp-user and ftp-password: FTP Server User account and password
FILENAME : New configuration File name to be downloaded
DOWNLOAD A NEW CONFIG FILE TO STARTUP CONFIGURATION
Raisecom#upload running-config ftp 10.10.10.10 ftp-user ftp-password FILENAME
ftp: Protocol to be used to download the new SW File
10.10.10.10: FTP/SFTP/TFTP Server
ftp-user and ftp-password: FTP Server User account and password
FILENAME : Name of the file where the running configuration will be copied.
UPLOAD RUNNING CONFIGURATION FILE
33. 33
DEVICE MANAGEMENT
DISASTER RECOVERY – STOP CONFIGURATION LOADING
• When the device is starting, there is a way to prevent the actual config file (startup
config) is loaded to the running config and instead a blank config file is loaded.
• To do this, please press “S” (shift + c ) when prompted
• MANDATORY: Console access to the device is needed.
active static --
RAX711-TEST(config)#
RAX711-TEST(config-port)#switchport access vlan 100
Set successfully
RAX711-TEST(config-port)#
RAX711-TEST(config-port)#exit
RAX711-TEST(config)#
RAX711-TEST(config)#show running-config interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport access vlan 100
!
RAX711-TEST(config)#
RAX711-TEST#wr
Saving current configuration..
Save current configuration successfully.
RAX711-TEST#
raisecom#
raisecom#hostname RAX711-TEST
Set successfully
RAX711-TEST#
RAX711-TEST#conf t
Configuration mode, one command input per times. End with CTRL-Z.
CONFIG-I:Configured from console ...
RAX711-TEST(config)#
RAX711-TEST(config)#crea vl 100,200 active
Set successfully
RAX711-TEST(config)#
RAX711-TEST(config)#show vlan
Switch Mode: --
VLAN Name State Status Priority Member-Ports
------------------------------------------------------------------------------
-----
100 VLAN0100 active static --
200 VLAN0200 active static --
RAX711-TEST(config)#
TEST CONFIGURATIONS
34. 34
DEVICE MANAGEMENT
DISASTER RECOVERY – STOP CONFIGURATION LOADING
STOP STARTUP CONFIGURATION LOADING
RAX711-TEST#reboot now
Rebooting ...1970-06-25,13:35:49 System-4-SYSTEM_REBOOT_INFO:[22]Reboot!
booting...
boot loader bootrom version 1.0.8
Compiled Jul 27 2016 15:33:30
Base Ethernet MAC address: 00:0e:5e:df:62:a7
Press SPACE to enter bootrom menu......
1. core/system.z
Uncompress start...
Loading image... 44960912
Uncompress success, device initialize,please wait...
Adding 51793 symbols for standalone.
Init system...
Updating FPGA......success.
DONE!
Init SNMP Factory Users....DONE!
Press <S> to stop Load Config... 2
############################################################
# #
# Welcome to Raisecom #
# #
# Press 'RETURN' to connect and config this system #
# #
############################################################
Raisecom Version RITP. on RAX711-L-4GC
1970-06-25,13:37:17 System-4-SYSTEM_BOOTING_INFO:[23]Booting!
Login:raisecom
Password:
raisecom#1970-06-25,13:37:39 User-5-LOGIN_SUCCESS:[23]The user 'raisecom' from
console login successful
raisecom#
raisecom#
raisecom#show vlan
Switch Mode: --
VLAN Name State Status Priority Member-Ports
------------------------------------------------------------------------------
-----
raisecom#
raisecom#
raisecom#show running-config interface uni 1
System current configuration in port mode:
!command in port_mode
!
raisecom#
35. 35
DEVICE MANAGEMENT
DISASTER RECOVERY – PASSWORD RECOVERY
• Sometimes the User or Enable Password is changed and the new password is lost.
• When this occurs, there is a way to erase the user table without losing the device configuration.
• To erase the user table, please go to the Bootrom mode (press space bar when prompted).
• On Bootroom mode: enter the hidden command CTRL + p and enter the password “20031211raisecomgao”
• The password can change depending on the product line.
• MANDATORY: Console access to the device is needed.
raisecom#show user table
Username Priority Server
--------------------------------------------
raisecom 15 Local
raisecom#
raisecom#user name admin password 12345678
Set successfully.
raisecom#
raisecom#show user table
Username Priority Server
--------------------------------------------
admin 15 Local
raisecom 15 Local
raisecom#
raisecom#user name raisecom password 12345678
Set successfully.
raisecom#
Factory user table
Creating a new user (user admin)
Changing the default raisecom user password
New user table
36. 36
DEVICE MANAGEMENT
DISASTER RECOVERY – PASSWORD RECOVERY
raisecom#reboot now
booting...
boot loader bootrom version 1.0.8
Compiled Jul 27 2016 15:33:30
Base Ethernet MAC address: 00:0e:5e:df:62:a7
Press SPACE to enter bootrom menu......
[Boot]: ?
? print this list
h print this list
b boot system
i modify network manage port ip address
m update microcode
r reboot system
ss switch system
u update system
ub update bootrom
ul update license
[Boot]: ^P
Do you want to delete current password file?<Y/N>y
Please input the password :20031211raisecomgao
delete the password file success.
[Boot]:
[Boot]: r
booting...
raisecom#show user table
Username Priority Server
--------------------------------------------
raisecom 15 Local
raisecom#
Reboot the device
Press Space Bar
when Prompted
Bootrom Mode
Enter CTRL + P
Enter the password
Reboot the device
(enter command “r” )
User Table erased and taken t factory default
37. 37
DEVICE MANAGEMENT
PORT MIRROR
Raisecom(config)#mirror { monitor-cpu | monitor-port interface-type interface-number }
Raisecom(config)#mirror source-port-list { both | egress | ingress } interface-type
interface-list
Raisecom(config)#mirror enable
Switch
UNI 4
NNI 1
Internet
UNI
1
Monitoring Port
Mirrored Traffic
Business Traffic
Source Port
39. 39
BASIC DEVICE SECURITY
GENERAL SECURITY OVERVIEW
– RESTRICTING TRAFFIC
• Access Lists based on MAC Address
• Access Lists based on IP Address
Can be placed at:
– Physical Interface – Ingress
– Physical Interface – Egress
– VLAN
– RESTRICTING ACCESS
• Disable Telnet Access (Device or Port)
• SSH v2
• Authentication Mechanisms
– RADIUS
– TACACS
– PORT SECURITY
• Secure MAC-Address
– Limit number of MAC Address learned on a port
– Define an action in case of violation (Protect, Restrict, Shutdown)
1 2
Security doesn't
allow traffic on port 1
40. 40
BASIC DEVICE SECURITY
ACCESS CONTROL LISTs
Several option available:
Based on Mac Address: mac-access-list
Based on IP Address: ip-access-list
Access List Maps: More options to match traffic (CoS, Cvlan, Svlan, ethertype, etc)
ACLs can be placed at a physical interface or vlan
41. 41
BASIC DEVICE SECURITY
ACCESS CONTROL LISTs
Raisecom(config)#mac-access-list acl-id { deny|permit } [ protocol | arp | ip | rarp | any ]
{ source-mac-address mask | any } { destination mac-address mask | any }
Raisecom#config
Raisecom(config)#mac-access-list 1 permit any any 0180.C200.0000 FFFF.FFFF.FFFF
Raisecom(config)# mac-access-list 2 permit any any 0180.C200.000B FFFF.FFFF.FFFF
Raisecom(config)# filter mac-access-list all ingress uni 1
Raisecom(config)# filter enable
MAC ADDRESS ACCESS CONTROL LIST
Up to 32 MAC Access List lines
Each MAC ACL line has an ID
Each line includes:
ID
Action (deny or permit)
Protocol
Source and Destination MAC addresses
42. 42
BASIC DEVICE SECURITY
ACCESS CONTROL LISTs
Raisecom(config)#ip-access-list acl-id { deny |permit } { protocol-id | icmp | igmp | ip }
{ source-ip-address mask | any } { destination-ipaddress mask | any }
Raisecom#config
Raisecom(config)#ip-access-list 1 deny ip 192.168.1.1 255.255.255.0 192.168.1.100 255.255.255.0
Raisecom(config)# filter ip-access-list all ingress uni 1
Raisecom(config)# filter enable
IP ADDRESS ACCESS CONTROL LIST
Up to 32 IP Access List lines
Each IP ACL line has an ID
Each line includes:
ID
Action (deny or permit)
Protocol
Source and Destination IP addresses
43. 43
BASIC DEVICE SECURITY
ACCESS CONTROL LISTs
raisecom(config)#access-list-map 0 permit
raisecom(config-aclmap)#match
arp Address resolution protocol
cos CoS value
cvlan inner vlan
eapol EAPOL PAE/802.1x
ethertype An arbitrary EtherType
exp Label exp
flowcontrol 802.3x flow control packet
ip IP protocol
label Label
loopback Loopback
mac Mac address
pppoe PPP Over Ethernet Session Stage
pppoedisc PPP Over Ethernet Discovery Stage
second-label second Label
slowprotocol slow control packet
svlan outer vlan
user-define Match only packets on a user define ruler
x25 X.25 Level 3
x75 X.75 Internet
raisecom(config-aclmap)#
ACCESS LIST MAPS
Up to 32 IP Access List maps
Each Access list Map line has an ID
There are more criteria to match traffic
44. 44
BASIC DEVICE SECURITY
RESTRICITING DEVICE ACCESS
The device access can be controlled or restricted:
Telnet sessions can be restricted to an specific port
Maximum number of telnet sessions customizable (0-10)
Telnet can be disabled (and use only SSH)
Raisecom(config)#telnet-server
accept Request accept port configuration
close close
max-session Max sessions permit
Raisecom(config)#telnet-server accept
uni Uni port
nni Nni port
RAX711-L-4GC(135)(config)#
raisecom(config)# no telnet-server accept nni 1-2 uni 1-4
raisecom(config)# telnet-server accept nni 1
Raisecom(config)#telnet-server max-session
<0-10> Max session num
Raisecom(config)#telnet-server max-session 5
Raisecom(config)#ssh2 server
authentication Authentication
configuration
authentication-retries Authentication retry count
authentication-timeout Authentication timeout
configuration
port Listen port configuration
session Sessions configuration
Raisecom(config)#ssh2 server authentication
password Use local user-password authentication
public-key Configuration the public-key
rsa-key Use rsa-key authentication
Raisecom(config)#ssh2 server session 1
disable Disable session
enable Enable the session
Raisecom(config)#generate ssh-key
<512-2048> Ssh key length(bits), default is 512
bits
<cr>
45. 45
BASIC DEVICE SECURITY
PORT SECURITY
Raisecom(config)#interface uni 1
Raisecom(config-port)#switchport port-security violation
protect Protect mode
restrict Restrict mode
shutdown Shutdown mode
Raisecom(config-port)# mac-address-table threshold
<1-8191> Maximum number of mac addresses that can be learned for this port
Raisecom(config-port)#switchport port-security
To recover a failed port
Raisecom(config-port)#no port-security shutdown
Raisecom(config-port)#shutdown
Raisecom(config-port)#no shutdown
Maximum number of Mac Addresses learned on an interface can de defined.
If the MAC Threshold is reached, there are three possible actions:
Protect: Discard the illegal traffic
Restrict: Discard the illegal traffic and sends an alarm (SNMP trap) to the
Network Management System
Shutdown: The port is shut down
47. 47
SWITCHPORT CONFIGURATION
UNTAGGED TRAFFIC
Preamble SFD Dest.
MAC
Source
MAC
Ether-
Type
Payload/
Data
FCS
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
7 bytes
ACCESS
PORT
ADD TAG
PORT
REMOVE TAG
Preamble SFD Dest.
MAC
Source
MAC
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
7 bytes
VLAN
TAG
Ether-
Type
Payload/
Data
FCS
4 bytes
TAGGED TRAFFIC
SWITCH
TAGGED TRAFFIC
TRUNK
PORT
PORT
ALLOWS/
REJECT
Preamble SFD Dest.
MAC
Source
MAC
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
7 bytes
VLAN
TAG
Ether-
Type
Payload/
Data
FCS
4 bytes
TAGGED TRAFFIC
SWITCH
4 bytes
Preamble SFD Dest.
MAC
Source
MAC
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes
7 bytes
VLAN
TAG
Ether-
Type
Payload
/Data
FCS
4 bytes
ALLOWS/
REJECT
ALLOWS/
REJECT
TAGGED TRAFFIC
QinQ
PORT
PORT
ALLOWS/
REJECT
4 bytes
DOUBE-TAGGED TRAFFIC
SWITCH
4 bytes
Preamble SFD Dest.
MAC
Source
MAC
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes
7 bytes
VLAN
TAG
Ether-
Type
Payload
/Data
FCS
4 bytes
ADD
SVLAN
REMOVE
SVLAN
Preamble SFD Dest.
MAC
Source
MAC
6 bytes
1 bytes 6 bytes 2 bytes 46-1500 bytes
7 bytes 4 bytes
SVLAN
TAG
CVLAN
TAG
Ether-
Type
Payload/
Data
FCS
PORT OPERATION MODES
48. 48
SWITCHPORT CONFIGURATION
ACCESS & TRUNK PORT
raisecom#conf t
raisecom(config)#interface uni 1
raisecom(config-port)#switchport access vlan 100
raisecom(config-port)#
raisecom(config-port)#sho run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport access vlan 100
!
raisecom(config-port)#
CONFIGURING AN ACCESS PORT
49. 49
SWITCHPORT CONFIGURATION
ACCESS & TRUNK PORT
raisecom(config)#
raisecom(config)#interface nni 1
raisecom(config-port)#switchport mode trunk
raisecom(config-port)#switchport trunk allowed vlan 100
raisecom(config-port)#
raisecom(config-port)#sho run interface nni 1
System current configuration in port mode:
!command in port_mode
!
interface nni 1
switchport trunk allowed vlan 100
switchport mode trunk
!
raisecom(config-port)#
raisecom(config-port)#switchport trunk allowed vlan
add Add
all Allow forwarding all VLANs
remove Remove
{1-4094} VLAN list
raisecom(config-port)#
raisecom(config-port)#show run interface nni 1
System current configuration in port mode:
!command in port_mode
!
interface nni 1
switchport trunk allowed vlan 100,200
switchport mode trunk
!
raisecom(config-port)#
raisecom(config-port)#switchport trunk allowed vlan remove 200
raisecom(config-port)#sho run interface nni 1
System current configuration in port mode:
!command in port_mode
!
interface nni 1
switchport trunk allowed vlan 100
switchport mode trunk
!
raisecom(config-port)#
CONFIGURING A TRUNK PORT
ADDING/REMOVING VLANS TO A TRUNK PORT
50. 50
SWITCHPORT CONFIGURATION
QinQ PORT
CONFIGURING A QinQ PORT – METHOD 1
raisecom(config)#
raisecom(config)#interface uni 1
raisecom(config-port)#switchport qinq dot1q-tunnel
raisecom(config-port)#switchport access vlan 100
raisecom(config-port)#sho run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport access vlan 100
switchport qinq dot1q-tunnel
!
raisecom(config-port)#
CONFIGURING A QinQ PORT – METHOD 2
raisecom(config)#
raisecom(config)#interface uni 1
raisecom(config-port)#switchport qinq dot1q-tunnel
raisecom(config-port)# switchport mode trunk
raisecom(config-port)# switchport trunk native vlan 100
raisecom(config-port)#sho run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport trunk native vlan 100
switchport mode trunk
switchport qinq dot1q-tunnel
!
raisecom(config-port)#
CVLAN 1-4094 CVLAN 1-4094
NNI
UNI UNI
NNI NNI
NNI
SVLAN 100 CVLAN 1-4094 SVLAN 100 CVLAN 1-4094
51. 51
SWITCHPORT CONFIGURATION
SELECTIVE QinQ
CONFIGURING SWITCHPORT VLAN MAPPING FOR SELECTIVE QinQ
raisecom(config)#
raisecom(config-port)#switchport vlan-mapping
both Both directions
cvlan Based inner VLAN QinQ
egress Egress
ingress Ingress
raisecom(config)#
raisecom(config)#interface uni 1
raisecom(config-port)#switchport qinq dot1q-tunnel
raisecom(config-port)# switchport mode trunk
raisecom(config-port)#switchport vlan-mapping cvlan 100-200 add-outer 1000
raisecom(config-port)#switchport vlan-mapping cvlan 201-300 add-outer 2000
raisecom(config-port)#raisecom(config-port)#sho run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport mode trunk
switchport qinq dot1q-tunnel
switchport vlan-mapping cvlan 100-200 add-outer 1000
switchport vlan-mapping cvlan 201-300 add-outer 2000
!
raisecom(config-port)#
SVLAN 1000 CVLAN 100-200
SVLAN 2000 CVLAN 201-300
SVLAN 1000 CVLAN 100-200
SVLAN 2000 CVLAN 201-300
CVLAN 100 - 200
201 - 300
CVLAN 100 - 200
201 - 300
NNI
UNI
UNI
NNI
NNI
NNI
QinQ
QinQ
53. 53
QUALITY OF SERVICE QoS
• QoS TRADITIONAL
• TRAFFIC CLASIFICATION
• Class Maps based on
• Scheduling
• SP
• WRR
• WRR+SP
• 8 queues per port
• Traffic Shaping
• Policy placed on port Ingress or Egress
• QoS ENHACEMENTS (MEF)
• Color Marking (3 color policing: color bind / color aware)
• Bandwidth Profiles
• Hierarchical Bandwidth Profiles (HCAR)
• IP / MAC (ACL)
• IPv6
• VLAN Id
• CVLAN (Inner)
• SVLAN (Outer)
• CVLAN + SVLAN
• COS / DSCP
54. 54
QUALITY OF SERVICE QoS
CLASS MAPS
raisecom #conf t
raisecom(config)#class-map 10 match-all
raisecom(config-cmap)#match vlan 10
raisecom(config-cmap)#match cos 2
raisecom(config-cmap)#exit
raisecom(config)#
raisecom(config)#show class-map 10
Class Map match-all 10 (id 0)
Match cos 2
Match vlan 10
Class Maps are used to classify traffic.
Traffic can be classified based on:
Mac Address
IP Address
Vlan
CoS / DSCP
raisecom #conf t
raisecom(config)#class-map 20 match-all
raisecom(config-cmap)#match ip dscp 26
raisecom(config-cmap)#exit
raisecom(config)#
raisecom(config)#show class-map 20
Class Map match-all 20 (id 1)
Match ip dscp 26
raisecom #conf t
raisecom(config)mac-access-list 0 permit any any 0180.C200.0000 FFFF.FFFF.FFFF
raisecom(config)#class-map 40 match-all
raisecom(config-cmap)#match mac-access-list 0
raisecom(config-cmap)#exit
raisecom(config)#
raisecom(config)#show class-map 40
Class Map match-all 40 (id 3)
Match mac-access-list 0
CLASS MAP BASED ON VLAN / CoS
CLASS MAP BASED ON DSCP
CLASS MAP BASED ON MAC ADDRESS
55. 55
QUALITY OF SERVICE QoS
POLICY MAPS
Policy Maps are used to take an action on a previously classified traffic.
Actions can be applied on a classified traffic:
Limit Traffic rate (traffic policer must be defined previously)
Change traffic attributes:
o Vlan (Inner / Outer Vlan)
o CoS / DSCP
Policy Maps must be applied on a port (Ingress or Egress)
raisecom #conf t
raisecom(config)#policy-map 10
raisecom(config-pmap)#class-map 10
raisecom(config-pmap-c)#set cos 3
raisecom(config-pmap-c)#set vlan 100
raisecom(config-pmap-c)#exit
raisecom(config-pmap)#exit
raisecom(config)#show policy-map 10
Policy Map 10
Class-map 10
set cos 3
set vlan 100
raisecom(config)#service-policy 10 ingress uni 2
POLICY MAP USED TO CHANGE VLAN / CoS
raisecom #conf t
raisecom(config)#mls qos policer-profile 10M single
raisecom(traffic-policer)#cir 10000 cbs 12
raisecom(traffic-policer)#exit
raisecom(config)#
raisecom(config)#policy-map 20
raisecom(config-pmap)#class-map 10
raisecom(config-pmap-c)#police 10M
raisecom(config-pmap-c)#exit
raisecom(config-pmap)#exit
raisecom(config)#show policy-map 20
Policy Map 20
Class-map 10
police 10M
POLICY MAP USED TO LIMIT TAFFIC RATE
56. 56
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
UNI
EVC1
EVC2
EVC3
Bandwidth Profile EVC1
Bandwidth Profile EVC2
Bandwidth Profile EVC3
Bandwidth for each EVC: CIR + EIR
• CIR: Bandwidth that must be delivered
• EIR: Usable Excess Bandwidth. Not assured.
Parameters for Each Bandwidth Profile:
• CIR (Committed Information Rate)
• CBS (Committed Burst Size)
• EIR (Excess Information Rate)
• EBS: (Excess Burst Size)
57. 57
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
MEF 10.2 has defined three ways in which bandwidth profiles can be applied:
– Ingress Bandwidth Profile Per UNI
– Ingress Bandwidth Profile Per EVC
– Ingress Bandwidth Profile Per CoS ID
UNI
EVC1
EVC2
EVC3
Bandwidth Profile EVC1
Bandwidth Profile EVC2
Bandwidth Profile EVC3
UNI
EVC1
EVC2
EVC3
Bandwidth Profile
Per UNI
UNI
EVC1
EVC2
Bandwidth Profile per COS ID 6
CE-VLAN COS 6
CE-VLAN COS 4
CE-VLAN COS 2
Bandwidth Profile per COS ID 4
Bandwidth Profile per COS ID 2
UNI BANDWIDTH PROFILE
EVC BANDWIDTH PROFILE
CE-VLAN CoS BANDWIDTH PROFILE
58. 58
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
HCAR (HIERARCHYCAL COMMITTED ACCESS RATE):
Ingress Bandwidth Profile Per UNI
Ingress Bandwidth Profile Per EVC
Ingress Bandwidth Profile Per CoS ID
UNI
EVC1
EVC2
EVC3
Bandwidth Profile EVC1
Bandwidth Profile EVC2
Bandwidth Profile EVC3
UNI
EVC1
EVC2
Bandwidth Profile per COS ID 6
CE-VLAN COS 6
CE-VLAN COS 4
CE-VLAN COS 2
Bandwidth Profile per COS ID 4
Bandwidth Profile per COS ID 2
EVC BANDWIDTH
PROFILE
CE-VLAN CoS
BANDWIDTH
PROFILE
HIERARCHYCAL
BANDWIDTH PROFILE
HIERARCHYCAL
BANDWIDTH
PROFILE
59. 59
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
COLOR MARKING
CONFORMANCE COLOR SERVICE FRAME
DELIVERY
CIR
CONFORMANT
Service Frames are
Green and delivered
per the performance
objectives specified in
the SLAs
EIR
CONFORMANT
Service Frames are
Yellow and may be
delivered but with no
performance
assurances.
NONE Service Frames are
Red and dropped
60. 60
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
Similar to rate limit command but includes latest MEF definitions regarding Traffic Color Marking (Green, Yellow, Red).
Used on a port and can be combined with VLAN/CoS
Used for HCAR (HIERARCHYCAL COMMITTED ACCESS RATE)
raisecom#conf t
raisecom(config)# bandwidth-profile 1 cir 10000 cbs 64
raisecom(config)# bandwidth-profile 2 cir 20000 cbs 64
raisecom(config)# bandwidth ingress uni 1 vlan 10 1
raisecom(config)# bandwidth ingress uni 1 vlan 20 2
raisecom#conf t
raisecom(config)# bandwidth-profile 1 cir 10000 cbs 64
raisecom(config)# bandwidth-profile 2 cir 20000 cbs 64
raisecom(config)# bandwidth ingress uni 1 vlan 10 coslist 1 1
raisecom(config)# bandwidth ingress uni 1 vlan 10 coslist 2 2
BANDWIDTH PROFILE PER PORT + VLAN + CoS
BANDWIDTH PROFILE PER PORT + VLAN
raisecom#conf t
raisecom(config)# bandwidth-profile 1 cir 50000 cbs 64
raisecom(config)# bandwidth-profile 2 cir 20000 cbs 64 eir 10000 ebs 64
raisecom(config)# bandwidth-profile 2 cir 30000 cbs 64
hierarchy-cos bandwidth-profile 1
bandwidth coslist 5 1
bandwidth coslist 3 2
bandwidth coslist 1 3
raisecom(config)# bandwidth ingress uni 1 vlan 10 1
raisecom(config)# bandwidth ingress uni 1 vlan 20 2
HIERARCHYCAL BANDWIDTH PROFILE PER PORT + VLAN + CoS
61. 61
QUALITY OF SERVICE QoS
BANDWIDTH PROFILES
raisecom#conf t
raisecom(config)# bandwidth-profile 1 cir 50000 cbs 64
raisecom(config)# bandwidth-profile 2 cir 20000 cbs 64 eir 10000 ebs 64
raisecom(config)# bandwidth-profile 3 cir 30000 cbs 64
raisecom(config)# bandwidth-profile 4 cir 0 cbs 0 eir 10000 ebs 64
raisecom(config)#hierarchy-cos bandwidth-profile 1
raisecom(config-hcos)#bandwidth coslist 5 2
raisecom(config-hcos)#bandwidth coslist 3 3
raisecom(config-hcos)#bandwidth coslist 1 4
raisecom(config-hcos)#exit
raisecom(config)# bandwidth ingress uni 1 vlan 10 1 hierarchy-cos 1
HIERARCHYCAL BANDWIDTH
PROFILE PER PORT + VLAN + CoS
raisecom#conf t
raisecom(config)# bandwidth-profile 1 cir 50000 cbs 64
raisecom(config)# bandwidth-profile 2 cir 20000 cbs 64 eir 10000 ebs 64
raisecom(config)# bandwidth-profile 3 cir 30000 cbs 64
raisecom(config)# bandwidth-profile 4 cir 0 cbs 0 eir 10000 ebs 64
raisecom(config)# hierarchy-vlan bandwidth-profile 1
raisecom(config-hvlan)# bandwidth vlanlist 10 2
raisecom(config-hvlan)# bandwidth vlanlist 20 3
raisecom(config-hvlan)# bandwidth vlanlist 30 4
raisecom(config-hvlan)#exit
raisecom(config)#
raisecom(config)# bandwidth ingress uni 1 1 hierarchy-vlan 1
HIERARCHYCAL BANDWIDTH
PROFILE PER PORT + VLAN
62. 62
QUALITY OF SERVICE QoS
CoS REMARK
By default the CoS value is trusted on the ingress port.
CoS can be remarked:
All traffic marked with one single CoS value
All traffic can remarked selectively based on the incoming CoS value
raisecom#conf t
raisecom(config)#mls qos mapping cos-to-local-priority 1
raisecom(cos-to-pri)#cos 0 to local-priority 5
raisecom(cos-to-pri)#cos 1 to local-priority 6
raisecom(cos-to-pri)#exit
raisecom(config)# mls qos mapping cos-remark 1
raisecom(cos-remark)#exit
raisecom(config)# interface nni 1
raisecom(config-port)# switchport trunk allowed vlan 300 confirm
raisecom(config-port)# switchport mode trunk
raisecom(config-port)# mls qos cos-remark 1
raisecom(config-port)#exit
raisecom(config)# interface uni 1
raisecom(config-port)# switchport trunk allowed vlan 300 confirm
raisecom(config-port)# switchport mode trunk
raisecom(config-port)# mls qos cos-to-local-priority 1
raisecom(config-port)# exit
raisecom(config)#
SELECTIVE CoS REMARKING PORT CoS REMARKING
raisecom#conf t
raisecom(config)# interface nni 1
raisecom(config-port)# switchport trunk allowed vlan 300 confirm
raisecom(config-port)# switchport mode trunk
raisecom(config-port)# mls qos port-priority 3
raisecom(config-port)#exit
raisecom(config)#
63. 63
QUALITY OF SERVICE QoS
DSCP REMARK
By default the DSCP value is not trusted on the ingress port.
DSPC can be remarked:
All traffic marked with one single DSCP value
All traffic can remarked selectively based on the incoming DSCP value
raisecom#sho mls qos uni 1-4
Port Priority Trust-Mode Scheduler-Mode
-------------------------------------------------------------
uni 1 0 Cos SP
uni 2 0 Cos SP
uni 3 0 Cos SP
uni 4 0 Cos SP
raisecom#conf t
raisecom(config)#int uni 1
raisecom(config-port)#mls qos trust
cos Cos
dscp Dscp
inner-cos inner cos
ipp IP Precedence
port-priority Port-priority
64. 64
QUALITY OF SERVICE QoS
DSCP REMARK
PORT DSCP REMARKING
raisecom #conf t
raisecom(config)#access-list-map 10 permit
raisecom(config-aclmap)#match ip dscp default
raisecom(config-aclmap)#exit
raisecom(config)#class-map 10 match-ny
raisecom(config-cmap)#match access-list-map 1
raisecom(config-cmap)#exit
raisecom(config)#policy-map 10
raisecom(config-pmap)#class-map 10
raisecom(config-pmap-c)#set ip dscp 33
raisecom(config-pmap-c)#exit
raisecom(config-pmap)#exit
raisecom(config)#service-policy 10 ingress uni 2
raisecom(config)#show access-list-map 10
access-list-map 10 permit
match ip dscp default
raisecom(config)#show class-map 10
Class Map match-any 10 (id 3)
Match access-list-map 10
raisecom(config)#show policy-map 10
Policy Map 10
Class-map 10
set ip dscp 33
SELECTIVE DSCP REMARKING
raisecom #conf t
raisecom(config)#mls qos mapping dscp-mutation 1
raisecom(dscp-mutation)#dscp 10 to new-dscp 20
raisecom(dscp-mutation)#exit
raisecom(config)#
raisecom(config)# interface uni 1
raisecom(config-port)# mls qos trust dscp
raisecom(config-port)# mls qos dscp-mutation 1
raisecom(config-port)#exit
raisecom(config)#
66. 66
ETHERNET CONNECTIVITY FAULT MANAGEMENT
ETHERNET OAM
Ethernet OAM is a set of functions designed to monitor network operation in order to detect network faults and measure its
performance:
– Link OAM
• Allows customer and service provider to monitor and diagnose the UNI connectivity via Link OAM (link level)
– Service OAM
• Allows customer and service provider to monitor and diagnose the UNI connectivity via Service OAM (end-to-end)
Metro IP/MPLS
or Transport
Network
PE Router
Metro Access Metro Edge/Core Metro Access
OS900
Service OAM
Link OAM Link OAM
Metro IP/MPLS
or Transport
Network
PE Router
EDD/NID
EDD/NID
ISCOM
2924GF-4C
ISCOM
2924GF-4C
67. 67
ETHERNET CONNECTIVITY FAULT MANAGEMENT
IEEE 802.1ag
• Provides end-to-end Ethernet connectivity management – mechanisms to detect, verify, isolate and
report faults.
Continuity Check Message (CCM)
Loopback (LBM Loopback Message/LBR Loopback Response)
Linktrace (LTM Link Trace Message/LTR Link Trace Response)
RDI (Remote Default Indicator)
ETH-AIS (Alarm Indication Signal)
Lock
Test
• Scalable to provide connectivity checking and fault detection across multiple networks and multiple
domains.
Partitions the network into Domains to define responsibilities
of different stakeholders.
Supports up to 8 Maintenance Domain levels.
68. 68
ETHERNET CONNECTIVITY FAULT MANAGEMENT
MAINTENANCE DOMAIN
Maintenance Domains (MDs) are Ethernet networks or Sub-Networks, that is of interest to, or the
responsibility of, an administrative entity, such as the subscriber, the service provider, or an operator.
MDs are configured with Names and Levels, where the eight levels range from 0 to 7. A hierarchal
relationship exists between domains based on levels. The larger the domain, the higher the level
value. Recommended values of levels are as follows:
Customer Domain: Largest (e.g., 7)
Provider Domain: In between (e.g., 3)
Operator Domain: Smallest (e.g., 1)
Domains Cannot Overlap
69. 69
ETHERNET CONNECTIVITY FAULT MANAGEMENT
MAINTENANCE ASSOCIATION / MAINTENANCE ENTITY GROUP
Defined as a "set of MEPs, all of which are configured with the same MAID (Maintenance Association
Identifier) and MD Level, each of which is configured with a MEPID unique within that MAID and MD
Level, and all of which are configured with the complete list of MEPIDs.”
• MEPs – MEG End points are provisioned components that can initiate and terminate SOAM frames/processes and
can also react to SOAM frames. MEPs exist at the edge of a domain, which define the boundary for the domain.
• Up MEP - If an OAM flow is being sent out of a specific port (UNI or ENNI) - such as with the UNI ME or the
ENNI ME - the MEP is referred to as a Down MEP. OAM flows from a Down MEP are always initiated through
the same port.
• Down MEP - If an OAM is being sent to a destination in the network - such as with the EVC ME - the MEP is
referred to as an Up MEP. The path taken by OAM flows from an Up MEP can change if the network topology
changes, e.g., due to the addition, removal, or failure of a path.
• MIPs – MEG Intermediary Points are provisioned components that can only react to SOAM frames (for example, to
support loopback or link trace). A MIP cannot initiate an SOAM process, but it can generate an SOAM frame in
response to a received SOAM frame. These points are internal to a domain, not at the boundary. SOAM frames
received from MEPs and other MIPs are cataloged and forwarded, all SOAM frames at a lower level are stopped
and dropped. MIPs are Passive points, respond only when triggered by SOAM trace route and loop-back
messages.
71. 71
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM PROTOCOLS
• The Continuity Check Message (CCM) provides a means to detect connectivity failures in an MA. CCMs are multicast
messages. CCMs are confined to a domain (MD). These messages are unidirectional and do not solicit a response. Each
MEP transmits a periodic multicast Continuity Check Message inward towards the other MEPs.
• Sent Every 1s = Fault Management
• Sent Every 10s = Performance Monitoring
• Sent Every 3ms = Protection Switching
• Link Trace (LT) Link Trace messages otherwise known as Mac Trace Route are Multicast frames that a MEP transmits to
track the path (hop-by-hop) to a destination MEP which is similar in concept to User Datagram Protocol (UDP) Trace Route.
Each receiving MEP sends a Trace Route Reply directly to the Originating MEP, and regenerates the Trace Route Message.
• Loop-back (LB) Loop-back messages otherwise known as MAC ping are Unicast frames that a MEP transmits, they are
similar in concept to an Internet Control Message Protocol (ICMP) Echo (Ping) messages, sending Loopback to successive
MIPs can determine the location of a fault. Sending a high volume of Loopback Messages can test bandwidth, reliability, or
jitter of a service, which is similar to flood ping. A MEP can send a Loopback to any MEP or MIP in the service. Unlike
CCMs, Loop back messages are administratively initiated and stopped.
72. 72
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
• ITU-T Y.1731 augments IEEE 802.1ag in defining capabilities to perform Performance Monitoring (PM) for
Ethernet services.
• It also provides additional Fault Management (FM) capabilities.
• Y.1731 defines the frame format and multicast addresses to be used for both PM and FM.
The following procedures and packet formats are defined in Y.1731:
• AIS (Alarm Indication Signal): Generated when an end-point detects loss of connectivity.
• Lock: Used to verify connectivity problems in out-of-service mode.
• Test: Used to test the connectivity out-of-service. It can be used as part of RFC 2544 or ITU-T
Y.1564 testing.
• Delay Measurements: Using DMM/DMR procedure.
• Loss Measurement: Using LMM/LMR procedure.
• Raisecom SLA tests look at the Delay and Loss characteristics of the service.
73. 73
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
MEP use unicast LB messages to measure – proactively/periodically – P2P service performance.
Performance messages enable
– Latency, loss measurement (Two-Way)
– Jitter (Two-Way and One-Way)
Separate PM Tests can be operated in parallel
Loopback and PM messages used for performance measurement
Configuration defined for remote MEP or MIP (MAC or remote ID MEP)
Metro Network
Site 2
Site 1
MEP
MEP
MIP
MEP
Delay, Jitter & loss
LBM
LBR
74. 74
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
• End to end SLAs are critical for carrier grade Ethernet services
• Service availability, frame delay, frame delay variation and frame loss
• Both round trip and 1 way basis
• Standards provide tools for SLA measurement – 802.1ag, ITU Y.1731, ITU Y.1564
• Emerging technology – Ethernet demarcation devices required to measure end to end SLAs
75. 75
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
• Based on Continuity Check Messages (CCM) in 802.1ag (CFM) and Y.1731
• Sent 1/Second – Fault Management
• Sent 10/Second – Performance Monitoring
• Sent 300/Second – Protection Switching
10/100BT
Demarcation
Device
Cust.
Eqpmnt.
Customer
Premise
Carrier Network
Carrier Edge
Switch
Carrier Edge
Switch
10/100BT
Demarcation
Device
Cust.
Eqpmnt.
Customer
Premise
CCM
76. 76
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
The following PM parameters are measured:
– Frame Loss Ratio (FLR)
• Percentage of undelivered service frames, divided by the total number of service frames during a
time interval. The number of service frames not delivered is the difference between the number of
service frames sent to an ingress UNI and the number of service frames received at an egress UNI.
– Frame Delay (FD)
• Time taken by a frame to make the round-trip from the source node, through the destination node,
and back to the same source node. This time is measured from the start of transmission of the first
bit of the frame by a source node until the reception of the last bit of the frame by the same source
node.
– Frame Delay Variation (FDV) or Jitter
• Measure of the variations in the FD between a pair of service frames belonging to the same CoS
instance on a point-to-point Ethernet connection.
– Inter-arrival Jitter
• Estimate of the statistical variance of the PM data packet inter-arrival time, measured in timestamp
units and expressed as an unsigned integer, as defined in RFC1889.
77. 77
ETHERNET CONNECTIVITY FAULT MANAGEMENT
Y.1731 SLA
– Complements SLA measurement by demarcation devices
– Centralized tool for collecting performance monitoring data and storing in a database
– Centrally stored data can be used for real-time reporting or monthly reports
– Service-oriented Key Performance Indicators (KPIs)
10/100BT
Demarcation
Device
Cust.
Eqpmnt.
Customer
Premise
Carrier Network
Carrier Edge
Switch
Carrier Edge
Switch
10/100BT
Demarcation
Device
Cust.
Eqpmnt.
Customer
Premise
78. 78
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS
CUSTOMER
SITE-A
CUSTOMER
SITE-B
NNI
NNI
Metro Ethernet Network
Provider MA = Domain Level 4
Customer MA = Domain Level 6
UNI UNI
PRACTICE TOPOLOGY
79. 79
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS – SITE A
raisecom(config)#
raisecom(config)#interface nni 1
raisecom(config-port)#switchport mode trunk
raisecom(config-port)#switchport trunk allowed vlan 100,200
raisecom(config-port)#ethernet cfm enable
raisecom(config-port)#show run interface nni 1
System current configuration in port mode:
!command in port_mode
!
interface nni 1
switchport trunk allowed vlan 100,200
switchport mode trunk
ethernet cfm enable
!
raisecom(config-port)#
raisecom(config)#
raisecom(config)#interface uni 1
raisecom(config-port)#switchport qinq dot1q-tunnel
raisecom(config-port)#switchport access vlan 100
raisecom(config-port)#ethernet cfm enable
raisecom(config-port)#show run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport access vlan 100
ethernet cfm enable
switchport qinq dot1q-tunnel
!
raisecom(config-port)#
NNI PORT CONFIGURATION UNI PORT CONFIGURATION
80. 80
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS – SITE A
raisecom#conf t
raisecom(config)#ethernet cfm domain md-name Lvl4 level 4
raisecom(config)#ethernet cfm domain md-name Lvl6 level 6
raisecom(config)#ethernet cfm enable
CFM DOMAINS CONFIGURATION
raisecom(config)#
raisecom(config)#service Operator level 4
raisecom(config-service)#service vlan-list 200 primary-vlan 200
raisecom(config-service)# service remote-mep 22 nni 1
raisecom(config-service)# service mep down mpid 11 nni 1
raisecom(config-service)# service pm enable mep 11
raisecom(config-service)# service cc enable mep 11
raisecom(config-service)#exit
raisecom(config)#
PROVIDER MA CONFIGURATION
raisecom(config)#
raisecom(config)#service EVC100 level 6
raisecom(config-service)#service sdp nni 1
raisecom(config-service)#service vlan-list 100 primary-vlan 100
raisecom(config-service)#service remote-mep 2 uni 1
raisecom(config-service)#service mep up mpid 1 uni 1
raisecom(config-service)#service pm enable mep 1
raisecom(config-service)#service cc enable mep 1
raisecom(config-service)#exit
raisecom(config)#
CUSTOMER MA CONFIGURATION
81. 81
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS – SITE B
raisecom(config)#
raisecom(config)#interface nni 1
raisecom(config-port)#switchport mode trunk
raisecom(config-port)#switchport trunk allowed vlan 100,200
raisecom(config-port)#
raisecom(config-port)#sho run interface nni 1
System current configuration in port mode:
!command in port_mode
!
interface nni 1
switchport trunk allowed vlan 100,200
switchport mode trunk
ethernet cfm enable
!
raisecom(config-port)#
raisecom(config)#
raisecom(config)#interface uni 1
raisecom(config-port)#switchport qinq dot1q-tunnel
raisecom(config-port)#switchport access vlan 100
raisecom(config-port)#sho run interface uni 1
System current configuration in port mode:
!command in port_mode
!
interface uni 1
switchport access vlan 100
ethernet cfm enable
switchport qinq dot1q-tunnel
!
raisecom(config-port)#
NNI PORT CONFIGURATION UNI PORT CONFIGURATION
82. 82
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS – SITE B
raisecom#conf t
raisecom(config)#ethernet cfm domain md-name Lvl4 level 4
raisecom(config)#ethernet cfm domain md-name Lvl6 level 6
raisecom(config)#ethernet cfm enable
CFM DOMAINS CONFIGURATION
raisecom(config)#
raisecom(config)#service Operator level 4
raisecom(config-service)#service vlan-list 200 primary-vlan 200
raisecom(config-service)# service remote-mep 11 nni 1
raisecom(config-service)# service mep down mpid 22 nni 1
raisecom(config-service)# service pm enable mep 22
raisecom(config-service)# service cc enable mep 22
raisecom(config-service)#exit
raisecom(config)#
PROVIDER MA CONFIGURATION
raisecom(config)#
raisecom(config)#service EVC100 level 6
raisecom(config-service)#service sdp nni 1
raisecom(config-service)#service vlan-list 100 primary-vlan 100
raisecom(config-service)#service remote-mep 1 uni 1
raisecom(config-service)#service mep up mpid 2 uni 1
raisecom(config-service)#service pm enable mep 2
raisecom(config-service)#service cc enable mep 2
raisecom(config-service)#exit
raisecom(config)#
CUSTOMER MA CONFIGURATION
83. 83
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS
VERIFYING CFM LOCAL MEPs
VERIFYING CFM REMOTE MEPs
SITE-A(config)#show ethernet cfm local-mp
Local mep configuration information:
Mpid Level Direction Port Cc-Status SendCCMs Trap-status Type Service
priority sdp
-----------------------------------------------------------------------------------------------
-------------------------------------
11 4 DOWN nni 1 Enable ------ macRemErr vlan 200
7 ---
1 6 UP uni 1 Enable ------ macRemErr vlan 100
SITE-A(config)#show ethernet cfm remote-mep
Maintenance Domain(MD) level:4
Maintenance Domain(MD) name: Lvl4
Mpid Service Primary Vlan IfState PortState Mac Address Source Age
-------------------------------------------------------------------------------------
22 Operator 200 Up Up 000E.5EDF.62A7 11 265(ms)
Maintenance Domain(MD) level:6
Maintenance Domain(MD) name: Lvl6
Mpid Service Primary Vlan IfState PortState Mac Address Source Age
-------------------------------------------------------------------------------------
2 EVC100 100 Down Up 000E.5EDF.62A7 1 644(ms)
SITE-A(config)#
84. 84
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS
CFM PING (LBM) REMOTE MEPs
SITE-A(config)#service Operator level 4
SITE-A(config-service)#ping mep 22
Type CTRL+C to abort
Sending 3 Ethernet CFM loopback messages to 000E.5EDF.62A7, timeout is 5 s:
Reply from MEP 22: time=17ms
Reply from MEP 22: time<1ms
Reply from MEP 22: time<1ms
------ PING Statistics ------
Success rate is 100 percent (3/3).
Ping statistics from 000E.5EDF.62A7:
Received loopback replys£º<3 /0 /0 > (In order/Out of order/Error)
SITE-A(config-service)#exit
SITE-A(config)#
SITE-A(config)#service EVC100 level 6
SITE-A(config-service)#ping mep 2
Type CTRL+C to abort
Sending 3 Ethernet CFM loopback messages to 000E.5EDF.62A7, timeout is 5 s:
Reply from MEP 2: time<1ms
Reply from MEP 2: time<1ms
Reply from MEP 2: time<1ms
------ PING Statistics ------
Success rate is 100 percent (3/3).
Ping statistics from 000E.5EDF.62A7:
Received loopback replys£º<3 /0 /0 > (In order/Out of order/Error)
SITE-A(config-service)#
85. 85
ETHERNET CONNECTIVITY FAULT MANAGEMENT
CFM CONFIGURATIONS
CFM TRACE (LTM) REMOTE MEPs
SITE-A(config)#
SITE-A(config)#service Operator level 4
SITE-A(config-service)#traceroute mep 22
TTL: <64>
Tracing the route to 000E.5EDF.62A7 on level 4, service Operator.
Traceroute send via nni1.
----------------------------------------------------------------------------------------------
Hops HostMac IngressPort EgressPort IsForwarded RelayAction NextHop
----------------------------------------------------------------------------------------------
!1 000E.5EDF.6291 nni1 - No rlyHit 000E.5EDF.62A7
SITE-A(config-service)#exit
SITE-A(config)#
SITE-A(config)#service EVC100 level 6
SITE-A(config-service)#traceroute mep 2
TTL: <64>
Tracing the route to 000E.5EDF.62A7 on level 6, service EVC100.
Traceroute send via uni1.
----------------------------------------------------------------------------------------------
Hops HostMac IngressPort EgressPort IsForwarded RelayAction NextHop
----------------------------------------------------------------------------------------------
0 000E.5EDF.6291 uni1 nni1 Yes rlyMpdb 000E.5EDF.6291
!1 000E.5EDF.6291 nni1 - No rlyHit 000E.5EDF.62A7
SITE-A(config-service)#
89. 89
SERVICE ACTIVATION TESTS
ACTIVE AND PASSIVE SERVICE TESTING
Testing
Framework
Out-of-Service In-Service
Active testing RFC 2544/Y.1564 SOAM
Passive testing n/a Network
Management
Element Info
Generally there are two types of Testing (active & passive)
Passive Testing = Monitoring
No impact to Services
Active Testing = Intrusive to Service
Can be done In-Service with low frame rate
Can be done Out-of-Service replacing Customer Traffic with Test Traffic
90. 90
SERVICE ACTIVATION TESTS
RFC2544 vs Y.1564
RFC2544 Y.156sam
Testing Method Sequential testing, tests can
not be run simultaneously
Tests run for all flows
simultaneously
Throughput The maximum rate at which
none of the offered frames are
dropped by the device
Maximum throughput must
respect CIR/EIR
Frame delay Latency measured on 1 frame
every 2 minutes
All flows simultaneously
Inter frame delay variation Not defined All flows simultaneously
Frame loss ratio FL measurement on lack of
resources only
FL measurement on lack of
resources and services quality
CoS support Not support Support
Bandwidth profile Extendable to CIR/EIR Confirms CIR/EIR/CBS/EBS
91. 91
SERVICE ACTIVATION TESTS
Y.1564 TEST
This test will eventually supersede RFC2544 tests as the standard test for service turn-up and activation.
The Y.156sam focuses on the following KPIs for service quality:
Bandwidth or Information rate (IR): This is a bit rate measure of available or consumed data communication
resources expressed in bits/second or multiples of it (kilobits/s, megabits/s, etc.).
Frame transfer delay (FTD): Also known as latency, this is a measurement of the time delay between the
transmission and the reception of a frame
Frame delay variations (FDV): Also known as packet jitter, this is a measurement of the variations in the time
delay between packet deliveries
Frame loss ratio (FLR): Typically expressed as a ratio, this is a measurement of the number of packets lost
over the total number of packets sent.
Availability (AVAIL): Typically expressed as a % of up time for link under test for example does the network
pass the 5 "9's" 99.999% up time.
92. 92
SERVICE ACTIVATION TESTS
Y.1564 TEST
• Traffic is generated for each service sequentially, first up to CIR, then up to CIR + EIR (if applicable)
and then over CIR + EIR
• Verifies that CIR and EIR are properly configured
• Verifies all parameters (pass/fail SAC thresholds for each Service Attribute)
CIR
CIR + EIR
CIR + EIR
+ 25%
1 to 60 sec
Performance
Unguaranteed
Verify
SAC
here
time
Throughput as
seen at output
of test function
Verify
Traffic Policing
97. 97
SERVICE ACTIVATION TESTS
Y.1564 CONFIGURATIONS
rcsam service 3 l2-eth
name 75M
uni uni 1
dmac 000E.5EDF.62A7
frame-size fix 1518
svlan 100 cos 3
cir 75000 cbs 32
traffic-policing rate 75000
latency-threshold 25
jitter-threshold 25
frame-loss-threshold 1000
performace-test cir 100
service enable
rcsam service 1 l2-eth
name 25M
uni uni 1
dmac 000E.5EDF.62A7
frame-size fix 1518
svlan 100 cos 1
cir 25000 cbs 32
traffic-policing rate 25000
latency-threshold 60
jitter-threshold 15
frame-loss-threshold 1000
performace-test cir 100
service enable
rcsam service 2 l2-eth
name 50M
uni uni 1
dmac 000E.5EDF.62A7
frame-size fix 1518
svlan 100 cos 2
cir 50000 cbs 32
traffic-policing rate 50000
latency-threshold 25
jitter-threshold 25
frame-loss-threshold 1000
performace-test cir 100
service enable
Y.1564 CONFIGURATION SITE A (SENDER)
SITE-B#show version
Product Version: RAX711-L-4GC-AC/D-02 P200R002C40
Software Version: 5.4.87_20170926
RITP Version: 5.4
Bootstrap Version: BOOTROM_1.0.8
FPGA Version: fpga:2.3
Hardware Version: A.00
System MacAddress: 000E.5EDF.62A7
Serial number: 123002020800B17925B0002G
DMAC ON SENDER CONFIG = SITE B (REFLECTOR) MAC ADDRESS
(config)#rate-limit vlan 100 cos 1 uni 1 ingress cir 25000 cbs 32
(config)#rate-limit vlan 100 cos 2 uni 1 ingress cir 50000 cbs 32
(config)#rate-limit vlan 100 cos 3 uni 1 ingress cir 75000 cbs 32
RATE LIMIT ON UNI INTERFACE
98. 98
SERVICE ACTIVATION TESTS
Y.1564 CONFIGURATIONS
SITE-B#conf t
SITE-B(config)#interface nni 1
SITE-B(config-port)#loopback smac 000E.5EDF.6292
SITE-B(config-port)#loopback
SITE-B(config-port)#
Y.1564 CONFIGURATION SITE B (REFLECTOR)
SITE-B(config-port)#show interface nni 1 loopback
Loopback configuration information:
-----------------------------------------
Port : nni 1
Loopback mode : Manual
Loopback status : Loopup
Loopback rule : Port
Loopback layer : no layer
Local MAC address : 000e.5edf.62a7
Local IP: 127.0.0.1
Local IPv6: ::1
DMAC swap : Enable
SMAC swap : Localmac
DIP swap : Enable
UDP port swap : Enable
DMAC : 0000.0000.0000
SMAC : 000e.5edf.6292
CVLAN : 0 CCOS:--
SVLAN : 0 SCOS:--
Source IP address:0.0.0.0
Destination IP address:0.0.0.0
Source IPv6 address:::
Destination IPv6 address:::
UDP-SPORT : -- UDP-DPORT:--
TCP-SPORT : -- TCP-DPORT:--
LSP LABEL : 0 PW LABEL:0
ETHERNET TYPE:0x0000
Loopback lasting time : forever
SITE-B(config-port)#
VERIFYING LOOPBACK STATUS
SITE-A(config)#show manufacture info
The product manufacture information:
Main board:
Vendor: RAISECOM
Product Name: RAX711-L-4GC-AC/D-02
Product Ver: A.00
Serial No.: 123002020800B17925B0001G
MAC Address: 00:0E:5E:DF:62:91
MAC2 Address: 00:0E:5E:DF:62:92
CES Address: 00:00:00:00:00:00
LOOPBACK SMAC ON REFLECTOR = SITE A (SENDER) MAC2 ADDRESS
99. 99
SERVICE ACTIVATION TESTS
RUNNING Y.1564 TEST
SITE-A(config)#rcsam step-time 10
SITE-A(config)#rcsam performance-test duration 1
SITE-A(config)#rcsam service-identify type
vlan vlan
SITE-A(config)#rcsam service-identify type vlan
cos vlan cos
dscp vlan dscp
traffic-class vlan traffic-class
<cr>
SITE-A(config)#rcsam service-identify type vlan cos
SITE-A(config)#rcsam performance-test enable
SITE-A(config)#rcsam configuration-test enable
SITE-A(config)#rcsam test start
Set successfully.
SITE-A(config)#
RcSam: Starting rcSam test...
RcSam: Running Configuration Test...
RcSam: Running Performance Test...
RcSam: Test Completed!
SITE-A(config)
100. 100
SERVICE ACTIVATION TESTS
VERIFYING Y.1564 RESULTS
SITE-A(config)#show rcsam result detail
SITE-A(config)#sho rcsam result detail
Cofiguration Test Status : completed
Configuration Test Result : Pass
Duration(sec.) : 50
Service 1 : 25M
Test Result Avg.IR FLR(0.001%) FD(us) FDV(us) Avail FDR BER
(kbps) min mean max min mean max (%) (us)
--------------------------------------------------------------------------------------------------
CIR
STEP1 Pass 6208 0 28 28 28 0 0 0 100% 0 0
STEP2 Pass 12480 0 28 28 28 0 0 0 100% 0 0
STEP3 Pass 18688 0 28 28 28 0 0 0 100% 0 0
STEP4 Pass 24960 0 28 28 28 0 0 0 100% 0 0
EIR N/A --- --- --- --- --- --- --- --- --- --- ---
Tra-po Pass 24960 0 28 28 28 0 0 0 100% 0 0
Service 2 : 50M
Test Result Avg.IR FLR(0.001%) FD(us) FDV(us) Avail FDR BER
(kbps) min mean max min mean max (%) (us)
--------------------------------------------------------------------------------------------------
CIR
STEP1 Pass 12480 0 28 28 28 0 0 0 100% 0 0
STEP2 Pass 24960 0 28 28 28 0 0 0 100% 0 0
STEP3 Pass 37440 0 28 28 28 0 0 0 100% 0 0
STEP4 Pass 49984 0 28 28 28 0 0 0 100% 0 0
EIR N/A --- --- --- --- --- --- --- --- --- --- ---
Tra-po Pass 49984 0 28 28 29 0 0 1 100% 1 0
101. 101
SERVICE ACTIVATION TESTS
VERIFYING Y.1564 RESULTS
Service 3 : 75M
Test Result Avg.IR FLR(0.001%) FD(us) FDV(us) Avail FDR BER
(kbps) min mean max min mean max (%) (us)
--------------------------------------------------------------------------------------------------
CIR
STEP1 Pass 18688 0 28 28 28 0 0 0 100% 0 0
STEP2 Pass 37440 0 28 28 28 0 0 0 100% 0 0
STEP3 Pass 56192 0 28 28 28 0 0 0 100% 0 0
STEP4 Pass 74944 0 28 28 28 0 0 0 100% 0 0
EIR N/A --- --- --- --- --- --- --- --- --- --- ---
Tra-po Pass 74944 0 28 28 28 0 0 0 100% 0 0
Performance Test Status : completed
Performance Test Result : Pass
Duration(min.) : 3
Test Result Avg.IR(kbps) FLR(0.001%) FD(us) FDV(us) Avail FDR BER
min mean max min mean max min mean max min mean max (%) (us)
---------------------------------------------------------------------------------------------------------------------------------
service 1 Pass 24960 24960 24960 0 0 0 28 28 30 0 0 1 100% 2 0
service 2 Pass 49984 49984 49984 0 0 0 28 28 29 0 0 1 100% 1 0
service 3 Pass 74944 74944 74944 0 0 0 28 28 30 0 0 1 100% 2 0
SITE-A(config)#