Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | joseph2707 |
View: | 208 times |
Download: | 0 times |
SmartEdge OS Release 11.1.2.3
NETWORK IMPACT REPORT
9/109 48-CRA 119 1170/1 Uen A2
Copyright
© Ericsson AB 2011. All rights reserved. No part of this document may bereproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due tocontinued progress in methodology, design and manufacturing. Ericsson shallhave no liability for any error or damage of any kind resulting from the useof this document.
Trademark List
SmartEdge is a registered trademark of Telefonaktiebolaget LMEricsson.
9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Contents
Contents
1 Introduction 1
1.1 Purpose 1
1.2 Related Information 1
1.3 Revision Information 1
2 General Impact 2
2.1 Hardware 22.1.1 New Cards 22.1.2 Modified Cards 42.1.3 New Transceivers 5
2.2 Implementation 52.2.1 Upgrade Paths 52.2.2 Required System Components 62.2.3 Licenses 72.2.4 Upgrade Alerts 7
2.3 Interface 112.3.1 Inter-Node Interface 112.3.2 Man-Machine Interface 11
2.4 Memory 13
2.5 Operation 132.5.1 BRAS and Metro Ethernet Operation 132.5.2 Border Gateway Function Operation 522.5.3 DPI Operation 622.5.4 Platform Operation 64
2.6 Obsolete Features 732.6.1 Support for Route Map Resequencing Removed 732.6.2 Support for SSHv1 Client Removed 73
2.7 Other Network Elements 73
3 Summary of Impacts Per Feature 74
3.1 Broadband Remote Access Server and Metro Ethernet 74
3.2 Border Gateway Function 78
3.3 Deep Packet Inspection 79
3.4 Platform 79
4 Additional Information 80
4.1 New Documentation 80
4.2 Obsolete Documentation 81
9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Glossary 83
Reference List 89
9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Introduction
1 Introduction
The Network Impact Report (NIR) describes how the current release of theSmartEdge
®OS, with new and changed features, differs from the previous
release of the SmartEdge OS and how this affects the operator's overallnetwork, including all affected products and functions.
1.1 Purpose
This document provides sufficient information at an early stage to Ericssonsystem operators to help them plan the introduction of new products andupgrades to their networks. This document is intended for personnelresponsible for planning, implementation, and product handling of theSmartEdge router, the SmartEdge Border Gateway Function (BGF), and theSM router.
This is a living document and subject to change during the development ofthe new release.
This document applies to both the Ericsson SmartEdge® and SM family routers.However, the software that applies to the SM family of systems is a subset ofthe SmartEdge OS; some of the functionality described in this document maynot apply to SM family routers.
For information specific to the SM family chassis, including line cards, refer tothe SM family chassis documentation.
For specific information about the differences between the SmartEdge and SMfamily routers, refer to the Technical Product Description SM Family of Systems(part number 5/221 02-CRA 119 1170/1) in the Product Overview folder ofthis Customer Product Information library.
1.2 Related Information
Trademark information, typographic conventions, and definition and explanationof acronyms and terminology can be found in Reference [26] and Reference[39].
1.3 Revision Information
Other than editorial changes, this document has been revised as follows:
19/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 1 Revision Information
Rev Date Description
A December15, 2011
First edition. This revision includes information thatpreviously could be found in Reference [22].
2 General Impact
This section describes the general impact due to the introduction of this releaseof the SmartEdge OS.
New hardware is required for several of the new features; see individualfeatures for specific information.
2.1 Hardware
The following hardware is new or changed in this release.
2.1.1 New Cards
2.1.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card
In this release, support for the Channelized OC-3/STM-1 or OC-12/STM-4line card is introduced. The Channelized 8-port OC-3/STM-1 or 2–portOC-12/STM-4 line card (ROA1283421/1) is equipped with a license(FAL1241080/1) that must be loaded against a slot in the SM family chassis toenable all ports. The license is granted through the ELIS licensing system byyour local Ericsson market unit contact.
The Channelized 4-port OC-3/STM-1 or 1-port OC-12/STM-4 line card(ROA1283421/2) can be upgraded in the future to enable the remaining fourOC-3OC-3/STM-1 or OC-12/STM-4 ports by purchasing a separate license(FAL1240784/1).
All ports on a Channelized OC-3/STM-1 or OC-12/STM-4 line card mustbe configured for either SONET framing (OC-3/OC-12) or SDH framing(STM-1/STM-4). That is, all ports on a card must be SONET or SDH; acombination of SONET and SDH is not supported. The first port configuredon the card limits the configuration of the remaining ports on that card to thesame framing type.
2 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Ports 1 and 5 on the Channelized cards are multirate ports, configurable asChannelized OC-3/STM-1 or OC-12/STM-4. The adjacent three ChannelizedOC-3/STM-1 ports in a port group cannot be used when ports 1 and 5are operating as Channelized OC-12/STM-4 ports. For example: On theChannelized 8-port OC-3/STM-1 or 2–port OC-12/STM-4 line card, if port 1 isused as a Channelized OC-12/STM-4 port, ports 2 to 4 are not available andports 5 through 8 can be used as Channelized OC-3/STM-1 ports.
The Channelized OC-3/STM-1 card supports eight or four SONET SMF ports;each operates at 155.52 Mbps. The Channelized OC-12/STM-4 card supportstwo or one SONET SMF ports; each operates at 622.08 Mbps. Both OC-3/12and STM-1/4 ports can be channelized to DS0.
This card does not support concatenated STN-n/STM-n signals, such asSTS-3c and OC-3c.
For more information on how to configure channelized ports, seeConfiguringChannelized Ports.
There are two 4-port groups on this channelized card:
• Group 1 contains ports 1 through 4, where port 1 has the OC-3/12 orSTM-1/4 dual-rate capability.
• Group 2 contains ports 5 through 8, where port 5 has the OC-3/12 orSTM-1/4 dual-rate capability.
• When ports 1 and 5 are in use as OC-12/SMT-4, the other six ports arenot available.
• A total of 1000 unchannelized channels of Packet Over SONET (POS)are supported on each 4-port group.
2.1.1.2 Advanced Services Engine 2 Card
Table 2 lists the new order number of the Advanced Services Engine 2 (ASE2)card and its impacting software release version:
Table 2 ASE2 Card Order Number
Order Number Description Front Panel Label Earliest Release
ROA1283753/1 Advanced Services Engine 2 Advanced Services Engine 2 SmartEdge 600/1200/1200H— 11.1.2
Similar to the Advanced Services Engine (ASE) card, the ASE2 card providesadvanced services beyond the terminating and forwarding capabilities providedby line cards. ASE 2 services available in this release include Security Services,which provide support for IP Security (IPsec), Virtual Private Networks (VPNs),Application Traffic Management, and Distributed Control Plane (DCP).
Security features on the ASE2 card protect the network at its edge, ensureminimal network disruption, and provide secure tunnels for end-user
39/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
applications. Using Deep Packet Inspection (DPI), the ASE2 cards can identifyand process point-to-point (P2P) applications, and provide a more efficient andsecured network operation. You perform IP Security (IPsec) configuration,management, and reporting with NetOp Element Manager System (EMS).
The Distributed Control Plane solution on the ASE2 card extends thefunctionality of the XCRP4 Controller card across the backplane mesh tosupport high signaling loads in CPG deployments. The ASE2 card utilizes ahigher-performance processor and more memory to support multiple EvolvedPacket Systems (EPS-C) process instances.
2.1.2 Modified Cards
2.1.2.1 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c Line Cards
Table 3 lists the new order numbers of the 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c line cards and their impacting software releaseversions:
Table 3 Line Card Order Numbers
Order Numbers DescriptionFront PanelLabel Earliest Release
ATM
ROA1283243/2 8-port OC-3c/STM-1c ATM, SFP transceivers ATM
OC3/
STM-1
SmartEdge 400/600/800/1200/1200H— 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2
ROA1283281/2 2-port OC-12c/STM-4c ATM Enhanced, SFPtransceivers
ATM
OC12
STM-4
SmartEdge 400/600/800/1200/1200H— 6.5.1.5 and 11.1.2
The hardware revision of the 8-port ATM OC-3c/STM-1c line card is "5."The hardware revision of the 2-port ATM OC-12c/STM-4c line card is "4."The Field-Programmable Gate Array (FPGA) revision of the 8-port ATMOC-3c/STM-1c line card is "6." (The 2-port ATM OC-12c/STM-4c has not beenpreviously released.)
For the old version 8-port ATM OC-3c/STM-1c card (ROA1283243/1) to workproperly with 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2 software releases, a manualupgrade of the Field-Programmable Gate Array (FPGA) image is required. Formore information, see Section 2.2.4.1 Upgrade the FPGA Version for the 8-portATM OC-3c/STM-1c Line Cards on page 7.
Note: Release 11.1.2 supports both versions of the ATM 8-port ATMOC-3c/STM-1c and 2-port ATM OC-12c/STM-4c cards.
The 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c line cardsnow support new log messages for memory errors. For more information, see
4 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Section 2.5.4.12 ECC Log Messages on the 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c Line Cards on page 71.
2.1.3 New Transceivers
2.1.3.1 OTN XFP Optical Transceivers - ITU Channels 20 and 33
In this release, in addition to the existing ITU channels 35, 36, 37, 53, and 55,10GE-DWDM XFPs also support ITU channels 20 and 33.
Table 4 Transceiver Order Numbers
Part Number ABC Part Number INE Part Number CLEI Code Transceiver Description
XFP-10GE-DWDMITU20 RDH90141/20 N/A IPUIBKM2AA XFP optical transceiver, 10GEDWDM, ITU Channel 35, SMF usingLC connector
XFP-10GE-DWDMITU33 RDH90141/33 N/A IPUIBKT2AA XFP optical transceiver, 10GEDWDM, ITU Channel 35, SMF usingLC connector
2.2 Implementation
This section describes the minimum software requirements for implementinga new revision of the SmartEdge OS and provides release-specific upgradeinformation.
For detailed software installation and upgrade instructions, see Reference [19].
2.2.1 Upgrade Paths
The system can up be upgraded to the SmartEdge OS Release 11.1.2.3 fromRelease 6.2, Release 6.4, Release 6.5, Release11.1.1.1, and Release 11.1.2.1.
However, keep the following in mind:
• Release 11.1 does not support PPA1-based line cards. PPA-1 based linecards can still be installed and detected in SmartEdge chassis, but theSmartEdge OS does not recognize and initialize them to a usable state.
• Release 11.1 does not support the XCRP3 Controller card.
If your system does not include this deprecated hardware, you can upgradedirectly to this release. For systems running the deprecated hardware, upgradeto this release:
• If your current software release supports the newer PPA and XCRP cards,upgrade your hardware. Then, upgrade your software to Release 11.1.
59/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• If your current software release does not support the newer PPA and XCRPcards, move to an intermediate release that does (for example, Release6.2.1.7). Using that release, upgrade your hardware. Then, upgrade yoursoftware to Release 11.1.
2.2.2 Required System Components
The following system components are required in this release.
2.2.2.1 Required Boot ROM Versions
This release requires the boot ROM versions listed in in the following table.
Table 5 Required Boot ROM Versions
Card Type Version Filename
XCRP4
SMRP2
2.0.2.66 OFW-XC4-2.0.2.66.fallback.md5
SmartEdge 100 Controller 2.0.1.4 OFW-se100-2.0.1.4.primary.bin
ASE 2.0.2.66 OFW-ASE-2.0.2.66.fallback.md5
ASE2 2.0.2.66 OFW-ASE-2.0.2.66.fallback.md5
SSE 2.0.2.65 OFW-FSSB-2.0.2.65.ofwbin.md5
2.2.2.2 Required Minikernel Versions
This release requires the minikernel versions listed in the following table.
Table 6 Required Minikernel Versions
Card Type Version Filename
XCRP4
SMRP2
11.7 MINIKERN_RBN64-xc4.p11.v7
SmartEdge 100 controller 2.7 se100-minikernel.p2.v7.bin
ASE 13.10 MINIKERN_ASE64-ase.p13.v10
ASE2 13.10 MINIKERN_ASE64-ase.p13.v10
SSE N/A N/A
2.2.2.3 Required FPGA Versions
This information is not available at this time. Please contact your technicalsupport representative for this information.
6 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.2.3 Licenses
Two new licenses are added in this release for Secure RTP and MSRP B2BUAfeatures. These licenses are shown in Table 7.
Table 7 Licenses
Name Identity Version
Description
media-gateway srtplicense-key
N/A N/A License forSecure RTPfeature.
media-gateway msrplicense-key
N/A N/A License forMSRP B2BUAfeature.
2.2.4 Upgrade Alerts
This section identifies situations that require additional steps or may affect yoursystem before you upgrade to this release.
In addition, before you upgrade, check for any relevant security notifications onthe Ericsson E-business portal at https://ebusiness.ericsson.net.
Stop!
The Advanced Services Engine (ASE) card and the SmartEdge OS must bothbe running the correct version of the boot ROM. To avoid a serious equipmentoutage in the field, if you are running SmartEdge OS Release 6.2.1.5 or lateron either the ASE or the SmartEdge OS system, DO NOT DOWNGRADE to6.2.1.4 or earlier. If you must downgrade, contact your support representativefor an equipment-safe procedure. Downgrading from these releases can causepermanent damage to the ASE.
2.2.4.1 Upgrade the FPGA Version for the 8-port ATM OC-3c/STM-1c Line Cards
For the old version of the 8-port ATM OC-3c/STM-1c card (ROA1283243/1)to work properly with 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2 software releases,a manual upgrade of the Field-Programmable Gate Array (FPGA) image isrequired.
When the card boots, if the FPGA version needs to be upgraded, you will seethe "FPGA mismatch" error message.
• To determine the current FPGA version, use the show hardware cardslot detail command. The SpiFpga rev and SpiFpga file rev
79/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
values are listed. The SpiFpga rev value is the revision of the file thatcurrently exists. The SpiFpga file rev value is the revision of the filethat exists in the new software package.
• To upgrade the FPGA version, use the reload fpga slot command.
After performing the upgrade, run the show hardware card slot
detail command again, and confirm that the SpiFpga rev and theSpiFpga file rev values match and are equal to "6".
For more information, see ‘‘Upgrade the Line Card FPGAs’’ in Installing theSmartEdge OS for your platform.
2.2.4.2 Upgrade the FPGA Version for the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR Line Cards
Stop!
In Release 6.5.1 or later, a QHUB4 FPGA upgrade to the most currentQHUB4 version is required for the 20-port Gigabit Ethernet DDR (ge4-20-portor ge4-20-port-sm) and 4-port 10 Gigabit Ethernet DDR (10ge-4-port or10ge-4-port-sm) cards. A card with an older FPGA image version will notoperate with a card with the most recent FPGA image version. An "FPGAmismatch" error indicates that an upgrade is required.
To upgrade from Release 6.4.1.3 or earlier to Release 6.5.1 or later:
1 Before the upgrade, shut down all cards.
2 Save the configuration.
3 Run the release upgrade command.
4 Run the reload fpga command on the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR cards.
5 Run the no shutdown command on all cards.
6 Save the configuration.
After the update, verify that the card is restored and that the FPGA version iscorrect by issuing the show hardware card slot detail command. Seethe expected output in ‘‘Upgrade the Line Card FPGAs’’ in Reference [19]
To downgrade a special manual FPGA upgrade for 20-port Gigabit EthernetDDR and 4-port 10 Gigabit Ethernet DDR cards, see Section 2.2.4.3 on page 9.
8 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.2.4.3 Downgrade an FPGA Version for the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR Line Cards
If a downgrade from Release 6.5.1 or later to Release 6.4.1.3 or earlier isneeded after performing the procedure in the previous section, and the 20-portGigabit Ethernet DDR (ge4-20-port or ge4-20-port-sm) and 4-port 10 GigabitEthernet DDR (10ge-4-port or 10ge-4-port-sm) cards exist in the chassis, adowngrade procedure is required:
1 Before the downgrade, shut down all cards.
2 Save the configuration.
3 Run the release upgrade command.
4 Run the reload fpga command on the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR cards.
5 Run the no shutdown command on all cards.
6 Save the configuration.
2.2.4.4 Recover a Standby Controller Card
In rare occurrences, during a release upgrade, the standby Controller cardmay not come up. This issue does not impact service. To recover the standbyController card, manually reseat the card in its slot.
Use the show chassis and show redundancy commands to verify thestate of the primary and standby Controller cards. For the expected output, see‘‘Verify System Chassis State’’ and ‘‘Check System Status’’, respectively, inInstalling the SmartEdge OS for your platform
Alternatively, use a console connection to the Controller cards to monitor thestate.
2.2.4.5 Preserve Link Group and Bridge Profile Behavior
In Release 6.1.4.1 and later, a port or circuit can be associated with either abridge profile or a link group, but not both. If you are upgrading from an earlierrelease in which you have one or more ports or circuits associated with botha bridge profile and a link group and you want to preserve existing behaviorafter the upgrade:
1. If you have bridge profiles configured directly under any of the physicalports belonging to a link group, remove them. Change bridge profileconfiguration so that the bridge profile is configured for the link group—notthe port or circuit.
2. Use the show configuration command to display the link-groupconfiguration.
99/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
3. Copy the link-group configuration to a text file.
4. Upgrade the SmartEdge router to this release.
5. Use the text file you created with link group configuration information toreconfigure the bridge profiles in the dot1q pvc mode under the link group.This must be done manually.
6. Verify that the link group configuration and bridge profile configuration iscorrect.
2.2.4.6 Remove IS-IS Graceful Restart
If you are upgrading from a release earlier than Release 6.1.4.3, you mustperform extra steps to accommodate changes to IS-IS graceful restart.
The implementation of IS-IS graceful restart in Release 6.1.4.3 and subsequentreleases does not interoperate with the previous implementations of the feature.All SmartEdge IS-IS systems in your network must be running the same versionof graceful restart; different versions do not interoperate.
In addition, in Release 6.1.4.3, the command [no] graceful-restartreplaced the [no] restart graceful-time command.
To upgrade from a release earlier than Release 6.1.4.3:
1. Disable IS-IS graceful restart by using the no restart graceful-timecommand (pre-Release 6.1.4.3 version of the command).
2. Upgrade all adjacent IS-IS routers.
3. Re-enable IS-IS graceful restart by using the graceful-restartcommand (Release 6.1.4.3 and later version of the command).
If you need to downgrade to a release earlier than 6.1.4.3:
1. Disable IS-IS graceful restart by using the no graceful-restartcommand (Release 6.1.4.3 and later version of the command) on alladjacent routers.
2. For each adjacent IS-IS router:
a Downgrade the SmartEdge OS.
b Use the no restart graceful-time command (pre-Release6.1.4.3 version of the command) to disable IS-IS graceful on that routeruntil all other IS-IS routers have been downgraded.
3. Re-enable IS-IS graceful restart by using the restart graceful-timecommand (pre-Release 6.1.4.3 version of the command) on all adjacentrouters.
10 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.2.4.7 Ensure that the MGC Group Name Is Valid
If you are upgrading from a release earlier than Release 6.5.1, then prior toupgrading to this release, ensure that the MGC group name in the configurationhas a valid value. Use the mgc-group command (in global MG configurationmode) to specify an MGC group name.
In releases earlier than Release 6.5.1, the character set of the MGC groupname was unrestricted. In Release 6.5.1 and later, the valid value for theMGC group name is an alphanumeric string of up to 30 characters, and thefirst character must be a letter. If the configured MGC group name does notconform to the new syntax, the upgrade to the new release will fail. Beforeupgrading to Release 6.5.1 or later, change the MGC group name to conform tothe new syntax.
2.2.4.8 Ensure that the Realm Name Is Valid
If you are upgrading from a release earlier than Release 6.5.1, ensure that therealm name in the configuration has a valid value. Use the realm command (inMG context configuration mode) to specify a realm name.
In releases earlier than Release 6.5.1, the character set of the realm name didnot fully conform to fully qualified domain name (FQDN) format. Starting withRelease 6.5.1, it conforms. The valid value of a realm name is a string of upto 63 characters and is case-insensitive. The string must start and end withan alphanumeric character; can contain only letters, digits, hyphens (-), andperiods (.); and must consist of at least two characters. If the configured realmname does not conform to the new syntax, the upgrade to the new release willfail. Before upgrading to Release 6.5.1 or subsequent releases, change therealm name to conform to the new syntax.
2.3 Interface
This section describes interface changes between the existing and newrevisions of the SmartEdge OS that may require changes to the operators'systems, technical plans, training of network operator personnel, and so on.
2.3.1 Inter-Node Interface
No changes to inter-node interfaces occurred in this release.
2.3.2 Man-Machine Interface
2.3.2.1 New H.248.77 "srtp" Package Support
This release adds support for a new H.248 package on the SmartEdge BGF.Support for the H.248.77 (srtp) package has been added to implement thesecure RTP; see Table 8. In this table:
119/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• "No Impact" means that the new version can be installed without affectingother nodes.
• "Minor Impact" means that there are changes, but with additionalconfiguration the previous behavior can be retained.
• "Major Impact" means that the change has made an interfacebackward-incompatible.
• "New Interface" means that the interface did not exist in the previousrevision.
• "Obsolete" means that the interface no longer exists.
Table 8 Inter-Node Interface
Interface Protocol
Impact Change Relative to PreviousRelease
Ia H.248 No Impact Addition of H.248.77 (srtp)
2.3.2.2 New RBN-CES-MIB for Circuit Emulation Services
To support Circuit Emulation Service (CES) and pseudowire emulation (PWE), anew private SNMP MIB has been added. The RBN-CES-MIB describes objectsused to manage CES protocols, including RFC 5086, Structure-AwareTime Division Multiplexed Circuit Emulation over PackageSwitched Network (CESoPSN) and RFC 4553, Structure AgnosticCircuit Emulation Service over Packet Switch Network(SAToP). For a full description of the new MIB, see Reference [18].
2.3.2.3 Changes to SNMP Walk Operation Results on RBN-QOS-MIB Tables
In previous releases, an SNMP walk operation on these RBN-QOS-MIBinterface tables returned MIB objects only when statistics counters weredetected:
• rbnQosInterfaceTable
• rbnQosInterfaceQueueStatsTable
• rbnQosIntfRLClassStatsTable
• rbnQosHierarchicalPolicyStatsTable
• rbnQosHierarchicalPClassStatsTable
In this release, an SNMP walk operation returns these MIB objects only ifQuality of Service (QoS) is configured, even if no statistics counter is supported.If no statistics counter is detected, a zero (0) value is returned in the results.
Note: The interface MIB tables include MIB objects only if the correspondingQoS configurations exist.
12 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Table 9 describes the parallelism between MIB tables and objects fornon-subscriber (bind interface) and subscriber (bind subscriber or authsubscriber) circuits.
Table 9 RBN-QOS-MIB Circuits
Non-subscriber circuits Subscriber circuits
IF-MIB::
ifTable / ifXTable
RBN-SUBSCRIBER-ACTIVE-MIB::
rbnSubsActiveTable/rbnSubsStatsTable
RBN-QOS-MIB::
rbnQosInterfaceTable
N/A
RBN-QOS-MIB::
rbnQosInterfaceQueueStatsTable
RBN-QOS-MIB::
rbnQosSubscriberQueueStatsTable
RBN-QOS-MIB::
rbnQosIntfRLClassStatsTable
RBN-QOS-MIB::
rbnQosSubscriberRLClassStatsTable
RBN-QOS-MIB::
rbnQosHierarchicalPolicyStatsTable
N/A
RBN-QOSMIB::
rbnQosHierarchicalPClassStatsTable
N/A
For information on using the RBN-QoS-MIB tables, see Reference [18].
2.4 Memory
In general, memory usage in the base system, increases slightly from releaseto release due to changes for new software and hardware features.
From image to image, higher memory usage may occur across applicationssuch as BRAS, Layer 2 to Layer 3 operation, DPI, and IPsec. This is typicallydue to support for new features or infrastructural changes in the release.Memory increase may also vary based on configuration and which featuresare enabled.
2.5 Operation
This section describes major changes between the existing SmartEdge OS andnew revisions that affect the daily operations of the network operator.
2.5.1 BRAS and Metro Ethernet Operation
This section describes impacts to the Broadband Remote Access Server(BRAS) Market Application on the SmartEdge router and Metro Ethernetfeatures for the SM family of routers.
139/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card Configuration
The SM family of routers now supports the Channelized OC-3/STM-1 orOC-12/STM-4 line card. This line card is an 8-port dual-services card forSM family systems, with channelization capabilities down to fractional E1/T1.Both SONET (Synchronous Optical Networking) and SDH (SynchronousDigital Hierarchy) mappings are supported. Circuit Emulation, PPP (Point toPoint Protocol), and MLPPP (Multilink Point to Point Protocol) services areall supported on the same card, with service types configured independentlydown to the physical port level. The card hardware supports DS3, DS1, DS0group (nx64K), and channelization for all Packet over SONET (POS) services.It also supports channelization for Circuit Emulation Services (CES). CESuses CESoPSN (Circuit Emulation Services over Packet Switched Networks)supporting up to 16 timing domains with adaptive clock recovery.
2.5.1.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card Ports
The Channelized OC-3/STM-1 or OC-12/STM-4 line card has eight portsdivided into two 4-port groups:
• Group 1 contains ports 1 through 4, where port 1 has the OC-3/12 orSTM-1/4 dual-rate capability.
• Group 2 contains ports 5 through 8, where port 5 has the OC-3/12 orSTM-1/4 dual-rate capability.
Restrictions and Limitations
• To enable the Channelized OC-3/STM-1 or OC-12/STM-4 line card, youmust purchase a license and apply the all-ports license command.
• A maximum of 1000 channels are supported on each 4-port group.
• The Channelized OC-3/STM-1 or OC-12/STM-4 line card does not supportconcatenated STS-n/ STM-n signals, such as STS-3c and OC-3c.
• The port type restrictions are described in the port <port-type> (globalconfiguration mode) command reference entry.
2.5.1.1.2 APS Port Protection
Automatic Protection Switching (APS) is described in detail in the ConfiguringAPS MSP document.
You can configure POS and CES ports as part of a 1+1 APS group. APScommands and functionality include:
• Creation and configuration of an APS group (aps group command fromglobal command mode)
• Unidirectional and bidirectional 1+1 configuration (architecture 1+1[bidirectional | unidirectional])
14 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
• APS description (description text)
• Revertive or nonrevertive (revert [wtr-interval] command in apsconfiguration mode)
APS is not configurable on a per-channel basis.
The ports in an APS group can be on the same card, or on different cards,with the following restrictions:
• Both cards must be Channelized OC-3/STM-1 or OC-12/STM-4 line cards.
• Both ports must be the same type and speed; both OC-12, both OC-3,both STM-4, or both STM-1.
• Both ports must have been created with the same CES or POS service.
• Only the description, shutdown, c2byte, path-trace, and au3/au4 submodecan be configured under the APS working or protect port before or afterthey bind to an APS group.
• Channels are not allowed before port bind to an APS group.
• The protect port automatically has the same channel structure as theworking port.
When unbinding the port from an APS group, the following occurs:
• If you remove the APS working port, the protect port is also unbound if itexists, all the child channels are removed on both working and protectports, and on the protect port, all the attributes are reset to default values.
• If you remove the APS protect port and it is active, the CLI prompts you tomanually switch the active channel back to the working port if any activetraffic is on the protect port. If you do not switch the traffic to the workingport, the system halts the traffic.
2.5.1.1.3 Port and Channel Loopback
Loopback can be applied to ports, channels, and subchannels on a ChannelizedOC-3/STM-1 or OC-12/STM-4 line card. Loopback support is identical for CESports and POS ports. Refer to the following table for the port and channelloopback types supported.
Table 10 Port and Channel Loopback Support
LoopbackPort/ChannelType
Line Local/Internal Remote
Comments
OC-n/STM-n Port Yes Yes No Requires C-Bit Framing
DS3 Channel Yes Yes Yes
159/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 10 Port and Channel Loopback Support
DS1 Channel Yes Yes Yes • local
• network -> line
• network -> payload
• remote -> line -> fdl -> ansi
• remote -> line -> fdl -> bellcore
• remote -> line -> inband
• remote -> payload
E1 Channel Yes Yes No No protocol for E1 remote loopback
DS0 Group Yes No No Devices are not capable of internalloopbacks
2.5.1.1.4 Traffic Management
Policing
Policing policies are supported per channel and per Multilink Point to PointProtocol (MLPPP) bundle.
Metering
Metering policies are supported per channel and per MLPPP bundle.
Queuing
A Priority Weighted Fair Queuing (PWFQ) policy can be applied to PPPchannels and MLPPP bundles. Up to eight priority groups are supported.PWFQ operates as it does for other PPA2 cards. PWFQ is the only queuingpolicy supported.
The Channelized OC-3/STM-1 or OC-12/STM-4 line card supports flow controlbetween the EPPA and a Winpath device. As a result, all congestion dropsoccur in the EPPA, and not the Winpath device.
2.5.1.1.5 Showing Software Licenses
Use the show licenses command with the detail keyword to display per-slotsoftware license information.
2.5.1.1.6 Install All Ports Software License
Before you can use ports 5 through 8 of the Channelized OC-3/STM-1 orOC-12/STM-4 line card, you must obtain an all-ports software license, onefor each line card using these ports.
After obtaining the license, install it in the slot housing the ChannelizedOC-3/STM-1 or OC-12/STM-4 line card. See the all-ports command for details.
16 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Note: If this software license is not in place, the system rejects attempts toconfigure ports 5 through 8 (for CES or POS service) and displaysan error message.
2.5.1.1.7 Configure the Channelized Line Card
The card ch-oc3oc12-8or2-port-sm command provisions a specified slotfor the Channelized OC-3/STM-1 or OC-12/STM-4 line card.
See the card command reference for details.
2.5.1.1.8 Configure the Card Clock Source
You can configure the clock source for the Channelized OC-3/STM-1 orOC-12/STM-4 line card to be either the system clock on an XCRP (the globalreference) or the 20 ppm SONET Minimum Clock oscillator on the ChannelizedOC-3/STM-1 or OC-12/STM-4 line card.
See the clock-source (card configuration mode) for details.
2.5.1.1.9 Configure the Ports for Channelized SONET/SDH
Use the port <port-type> command to configure any port as a SONETChannelized OC-3 or SDH Channelized STM-1 port. In addition, you canconfigure ports 1 and 5 as SONET Channelized OC-12 or SDH ChannelizedSTM-4.
2.5.1.1.10 Configure SONET Mapping
Port SONET mapping specifies the mapping used by all facilities on an OC-3and OC-12 port. The mapping selected must match that of the far-end SONETinterface, and must support the types of channels required to carry the POSor CES service.
See the channel-mapping command for details.
2.5.1.1.11 Configure SDH AUG Mapping
The port SDH mapping specifies the AUG mapping used by all facilities on aSTM-1 or STM-4 port. The AUG mapping selected must match that of thefar-end SDH interface, and must support the types of channels required tocarry the POS or CES service.
See the aug-mapping command for details.
2.5.1.1.12 Configure Ports for DS3, DS1, or E1 Channels
In the context of the Channelized OC-3/STM-1 or OC-12/STM-4 line card, achannel refers to the Plesiochronous Digital Hierarchy (PDH) structure that is
179/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
mapped into the SONET or SDH frame. This contrasts to a subchannel, whichis a PDH structure that is multiplexed into the DS3 channel.
The CLI commands that create channels directly from the SONET or SDHport map the channels to the SONET or SDH frame. These channels can beDS3, DS1, and E1. The CLI commands that create channels from PDH DS3,DS1, and E1 channels create subchannels, which are time slots multiplexedinto the DS3, DS1, and E1. The term subchannel is used because in these CLIcommands, you specify both the parent channel ID and the child subchannel ID.
1 The port {ds3 | channelized-ds3} command configures PDH DS3 channelsin the OC-3, OC-12, STM-1, and STM-4 ports.
You can bind services only to DS0 channels and unchannelized DS1, E1,and DS3 channels . You can multiplex subchannels only in channelizedDS1, E1, and DS3 channels.
2 The port {ds1 | channelized-ds1} and port {e1 | channelized-e1) commandsenter the configuration mode for the PDH DS1 and E1 channels; eithermultiplexed in channelized OC-3, OC-12, STM-1, or STM-4 port ormultiplexed in DS3 channels.
You can bind services only to DS0 channels and unchannelized DS1, E1,and DS3 channels . You can multiplex subchannels only in channelizedDS1, E1, and DS3 channels.
2.5.1.1.13 Configure Ports for NxDS0 Subchannels
The port ds0s command configures DS0 subchannels or sub-subchannels.
NxDS0 channels can be multiplexed as subchannels in a channelized DS1or channelized E1 channel or as a sub-subchannel in a channelized DS1 orchannelized E1 subchannel within a DS3 channel. For details, see the portds0s command.
2.5.1.1.14 Configure NxDS0 Channel Timeslots
The timeslot command defines one or more groups of NxDS0 subchannelsadded to the first NxDS0 subchannel (also known as a timeslot) within theparent DS1 or E1 (fractional T1/E1).
Note: The first NxDS0 timeslot is the subchannel set by the port ds0scommand in its nxds0-channel-id argument.
2.5.1.1.15 Configure Port Transmit Timing Clock Source
Use the clock-source (port) command to select whether the port and channeltransmit timing is loop-timed or timed by the card-reference clock. (See theclock-source (card configuration mode) command for the card-reference clockoptions.)
18 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.1.16 DS3, POS DS1/E1 Channel and Subchannel Clock Sources
Use the clock-source (port) command to select whether the transmit timingfor DS3 and POS DS1/E1 channels and subchannels is loop-timed or timedby the card-reference clock.
2.5.1.1.17 Configure Layer 2 Encapsulation
Use the encapsulation (channel) command to specify the type of encapsulationfor the channels you configure, Currently, only PPP is supported on theChannelized OC-3/STM-1 or OC-12/STM-4 line card.
2.5.1.2 MLPPP Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card
You can configure an MLPPP (MP bundle) on a Channelized OC-3/STM-1 orOC-12/STM-4 line card with all the links of the bundle within a card. The linkscan span ports on a card but cannot span cards. Each link can be an E1, DS1,DS3, or DS0 group.
Note: The difference in speed between the slowest and fastest links in anMLPPP bundle cannot exceed the speed of a single DS0 channel.
All packets going out on an MLPPP bundle from a PPA2 POS card thatsupports MLPPP are always encapsulated with MLPPP.
2.5.1.3 PWFQ Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card
The PWFQ policy is applied at the MLPPP bundle level. A separate instanceof PWFQ is instantiated for the APS working and protect ports when both theports are on the same slot or different slots.
Only packets inbound for the MLPPP bundle alone are subjected to PWFQ.Packets at the working and standby APS ports have the same PWFQ policyapplied to them.
The results of applying PWFQ for each packet can vary based on the linkstatus of the respective ports; for example, the fate of PWFQ on packets boundtowards the working port depend on the links of the MP bundle associated withthe active port. The fate of PWFQ on the packets bound towards the protectport depend on the links of the MP bundle associated with the standby port.
Packets are shaped and scheduled independently of each other.
2.5.1.4 APS Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card
You can mark the port where MLPPP is configured for APS support. Theworking and protect ports can be on the same or different cards. The protectport automatically inherits the channel structure of the working port.
APS ports can have channels that are not part of an MLPPP bundle.
199/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Multiple MLPPP bundles can exist on the same APS port.
2.5.1.5 Control Packet Rate Limiting Support for 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c Line Cards
In previous releases, control packet rate limiting configuration was notsupported for the 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4cline cards. In this release, the control packet rate limiting configuration optionsare supported for these line cards to improve the subscriber bringup rate duringPoint-to-Point Protocol (PPP) over Asynchronous Transfer Mode (PPPoA)and PPP over Ethernet over Asynchronous Transfer Mode (PPPoEoA) packetprocessing at the SmartEdge router during circuit creation on demand (CCOD)of Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).Additionally, this feature prevents loss of Cross-Connect Route Processor(XCRP) card resources, such as the pppd process, when many subscribersattempt to connect simultaneously.
For information on using the rate-limit ccod and rate-limitppp-lcp-confreq commands, see Reference [3].
2.5.1.6 CESoPSN Pseudowires
Circuit Emulation Service (CES) and Pseudowire Emulation (PWE)transparently carry time-division-multiplexing (TDM) circuits over apacket-switched network (PSN). At the source endpoint, TDM frames areconverted to packets, which are then transported across the PSN core. At thedestination endpoint, the packets are converted back to TDM frames.
Structure-aware TDM CES over PSN (CESoPSN, as defined in RFC5086,Reference [38]) encapsulates structured (NxDS0) TDM signals aspseudowires over a PSN, preserving the standard TDM framing structure.
CESoPSN is supported on Channelized 8-port OC-3/STM-1 or 2-portOC-12/STM-4 line cards and XCRP4 cards on all chassis. PPA1 cards arenot supported.
2.5.1.6.1 CESoPSN Model
The fundamental components of a CESoPSN connection are:
• "Framed" T1/E1 trunk.
• Attachment circuit (AC): DS0 Channel Group (a set of DS0 channels onthe T1/E1 trunk).
• Interworking function (IWF):
(Ingress direction) Packetizes the framed attachment circuit data ontoa pseudowire.
20 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
(Egress direction) Places out the payload from the pseudowire onto theattachment circuit.
• Cross-connect (XC): Joins the attachment circuit to the PSN (IP/UDP orMPLS).
• Pseudowire (PW): Carries the framed attachment circuit data betweenCESoPSN IWFs.
This feature requires an "all-ports" license to be used. For more detailsabout the CESoPSN feature, see Configuring CESoPSN Pseudowires,95/1543-CRA 119 1170/1.
2.5.1.6.2 New Commands
• [no] ces excessive-packet-loss
• ces
• cesopsn
• clear ces excessive-packet-loss
• clear ces outage
• clear port counters (ces)
• clock-source
• end-to-end-delay
• idle-pattern
• [no] pseudowire router-id
• show ces
• show ces domain
• show ces excessive-packet-loss-rate
• show circuit counters (ces)
• show port counters (ces)
• timeslot (ces)
• [no] trap cesmib
• [no] trunk-control
• [no] Xc ds0
219/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.1.6.3 Enhanced Commands
• show port detail
• show pseudowire
2.5.1.7 SAToP Pseudowires
Circuit Emulation Service (CES) and Pseudowire Emulation (PWE)transparently carry time-division-multiplexing (TDM) circuits over apacket-switched network (PSN). At the source endpoint, TDM frames areconverted to packets, which are then transported across the PSN core. At thedestination endpoint, the packets are converted back to TDM frames.
Structure-agnostic TDM over Packet (SAToP, as defined in RFC 4553Reference[37]) encapsulates TDM bitstreams (T1/E1) as pseudowires over a PSN,disregarding any TDM framing structure.
SAToP is supported on Channelized 8-port OC-3/STM-1 or 2-port OC-12/STM-4line cards and XCRP4/SMRP2 cards on all chassis. PPA1 cards are notsupported.
2.5.1.7.1 SAToP Model
The fundamental components of a SAToP connection are:
• Attachment circuit (AC): An "unframed" T1/E1 trunk.
• Interworking function (IWF):
(Ingress direction) Packetizes the framed attachment circuit data ontoa pseudowire.
(Egress direction) Places out the payload from the pseudowire onto theattachment circuit.
• Cross-connect (XC): Joins the attachment circuit to the PSN (IP/UDP orMPLS)
• Pseudowire (PW): Carries the unframed packetized T1/E1 data betweenSAToP IWFs.
This feature requires an "all-ports" license to be used. For more details about theSAToP feature, see Configuring SAToP Pseudowires, 96/1543-CRA 119 1170/1
2.5.1.7.2 New Commands
• ces
• [no] ces excessive-packet-loss
• clear ces excessive-packet-loss
22 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
• clear ces outage
• clear circuit counters (ces)
• clear port counters (ces)
• clock-source
• end-to-end-delay
• [no] pseudowire router-id
• satop
• show ces
• show ces domain
• show ces excessive-packet-loss-rate
• show circuit counters (ces)
• show port counters (ces)
• [no] trap cesmib
• [no] xc ds1|e1
2.5.1.7.3 Enhanced Commands
• show port detail
• show pseudowire
2.5.1.8 Multicast Support on Port Pseudowire Circuits
Multicast traffic forwarding is now supported over port pseudowire (PW)connections in regular and L3VPN routing contexts Use this feature to supportcustomers that have dedicated links to a PE router that terminates in anL3VPN context as shown in the topology example in Figure 1. IGMP is usedon the CE-to-PE connections to join groups connected to CE routers that donot support PIM. PIM works over the port PW to enable the CE routers thatdo support it to join the multicast tree. Multicast traffic between PE routers isforwarded over the multicast distribution tree (MDT).
239/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Figure 1 Multicast Traffic Forwarding on IPoE Over a Port PW Circuit
The commands to configure multicast have not changed. To enable multicaston IP-over-Ethernet-over-port PW connections, configure PIM or IGMP on aport PW-bound interface as you would for other interface types. For moreinformation and a configuration example, see Configuring Port PseudowireConnections.
The following commands were enhanced to verify multicast over port PWs:
• show igmp group
• show igmp circuit
• show ip mfib
• show ip mroute
• show pim circuit
Multicast over port PW supports 2000 Source, Groups with maximum of tenport PW outgoing interfaces per Source, Group.
2.5.1.9 Increased Port Pseudowire Capacity
Up to 1000 port pseudowires (PW) per line card are now supported with amaximum of 2000 port PW per node.
2.5.1.10 DVSR, OSPF, and IS-IS Support on Port Pseudowire Circuits
In addition to static routing, RIP, and BGP routing protocols, DVSR, OSPF, andIS-IS are now supported for port PW circuits.
There are no new or changed commands to support this feature, and nochanges to default system behavior were introduced.
2.5.1.11 Control Word, VCCV, and QoS Propagation Enabled for Port PW
Control words, virtual circuit connectivity verification (VCCV), and QoSpropogation are now supported for port pseudowire connections.
24 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
A control word can be embedded in the Ethernet frame between the PW labeland the inner L2 header. The control word is used to detect packet reorderingand packet loss, and to perform equal cost multi-path (ECMP) path avoidance,and various OAM tasks. When the control word is present, all traffic follows asingle path because further lookups for the packet do not occur. The controlword also permits the VCCV packet to follow the same path through the dataplane that is taken by the PW data packets.
Note: This feature does not support sequencing, so no packet reordering isperformed.
To enable a control word, use the control-word command in L2VPN profilepeer configuration mode.
VCCV provides a control channel on the pseudowire that can be used forfault detection and diagnosis. VCCV verifies the connectivity of the PW usingthe LSP/MPLS ping tool. The SmartEdge OS advertises VCCV RA + ACH(Associated Channel Header) support in every PW establishment.
• Both Type 1 and Type 2 VCCV is supported for both operationally activeand standby PW redundant pairs as follows:
In-Band VCCV: Type 1—Pseudowire Emulation Edge to Edge (PWE3)control word with 0001b as first nibble. Type 1 is only supported whena control word is enabled.
Out-of-Band VCCV: Type 2 —MPLS Router Alert Label. Type 2 issupported whether or not a control word is enabled.
No new commands were created to support the control word and VCCVfeatures, and no changes to default system behavior were introduced.
QoS propagation is also enabled. Typically, on L3 circuits, when a packetarrives on a non-MPLS interface (or without labels on an MPLS interface), theIP DSCP bits are used by default to set up the packet descriptor (PD) QoSpriority bits. If the packet arrives on an MPLS interface, the EXP bits from thefirst label in the packet are used to set up the PD. Once the PD is set up onthe ingress Packet Processing ASIC (iPPA), none of the remaining QoS bits inthe packet are used to overwrite the PD value. The same default behavior isretained for traffic onto the port PW. However, for inbound traffic from the portPW, the default PD propagation is from IP DSCP to PD, not EXP to PD as inregular MPLS and VLL/VPLS traffic.
QoS propagation can be configured either with or without custom class maps.Three customized class maps at different levels can be configured on bothinbound and outbound directions of the port PW:
• Global MPLS class map for the tunnel label.
• L2VPN class map for the PW label; there are two options:
Global L2VPN class map.
259/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
L2VPN class map per PW.
• IP class map at the port PW interface level.
The SmartEdge OS supports one global MPLS class map and one globalL2VPN class map under MPLS configuration mode for inbound and outboundpackets. Port PWs can use the global L2VPN class map transparently. An IPclass map configured at the interface level can also be used transparentlyby the port PW.
The per-PW class map is associated to the port PW using the L2VPN profile.Class map grid values are programmed to the PPA on the port PW L0 circuit.All PWs that use to same L2VPN profile are associated with the same classmap grid. The global L2VPN and per-PW class maps can coexist on the samesystem. When both are present, the per-PW class map takes precedence overthe global class map in both the inbound and outbound directions. When noclass maps are present for port PW label traffic, the IP DSCP value is usedinstead of EXP bits to populate the PD.
For a full description of all these features, see Configuring Port PseudowireConnections.
2.5.1.12 Enhancements to the local-as BGP Command
The local-as command (in BGP neighbor configuration mode) is enhanced tosupport the no-prepend option to disable prepending the local AS to inboundroute updates received from the eBGP neighbor and the replace-as optionto replace the global ASN with the local AS in the outbound message.
For information about these command options, see the local-as command.
2.5.1.13 Inter-Context Routing in iBGP
This feature enables the creation of routing sessions between peers that belongto different contexts that are not connected by a physical port, eliminating therequirement of an actual physical link between the contexts. Enable serviceinter-context routing using the ip route command with the context option inthe context configuration mode.
2.5.1.14 Site of Origin Available in BGP External Community Attribute
This release adds the ability to specify the Site of Origin (SoO) as part of theBGP extended community attribute in BGP at a per-neighbor level. This featureprovides more-granular filtering of routes in a route map. In addition, you cannow specify the ASNs in the extended community attribute as a two-byte orfour-byte value. Previously, you could specify only two-byte ASN values.
2.5.1.14.1 Restrictions and Limitations
• In previous releases, you could configure the SoO only at the globaladdress family (AF) level in VPN context. Because you can now also
26 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
configure the SoO at a per neighbor level, make sure that you do notconfigure both levels at the same time.
• If routes are aggregated, extended community information associated withindividual routes is lost. To add extended community information to theaggregated route, use the set ext-community command in a route map.
2.5.1.15 IPv6 Single-Hop Bidirectional Forwarding for Static Routes and eBGP
This feature introduces single-hop BFD support for static routes and eBGP forIPv6 addresses. BFD is not supported for link-local addresses.
To begin a BFD session with a single-hop peer:
• BFD must be enabled in the context by using the router bfd commandin the configuration context mode.
• The remote address, or the interface on which the remote address isreachable, must be enabled for BFD by using the neighbor or interfacecommands.
• A client, such as BGP or the static routing process, must request BFDmonitoring of the remote address.
In order to enable BFD for an IPv6 static route, append the keyword bfd to theipv6 route command.
To configure BFD for an IPv6 eBGP neighbor, configure BFD in the BGPneighbor configuration.
The show bfd session and show static route commands are modified to enablethe ipv6 keyword. The default setting with no keyword displays IPv4 data.
The show bgp neighbor command is enhanced to show whether BFD isenabled and the BFD neighbor status.
The debug bfd client, debug bfd config, and debug bfd session commands nowsupport the ipv4 and ipv6 keywords. The default setting with no keyworddisplays both IPv4 and IPv6 debugs. The all keyword is now available to turnon all BFD-related debugs.
2.5.1.16 Single-Session Bidirectional Forwarding over LAGs
BFD over trunk LAGs (Ethernet LAG or 802.1Q LAG) has been a supportedSmartEdge OS feature, where BFD runs at Layer 3 to monitor the liveness of adirectly-connected Layer 3 neighbor with a separate BFD session over eachLAG constituent, with the sessions all using the same next-hop IP address butover different designated links. This feature adds support for standard one-hopBFD, where the Layer 3 BFD session runs one session per neighbor.
Single-session BFD is preferable to multi-session BFD in several cases:
279/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• The next-hop node is not a SmartEdge router, and therefore does notsupport multi-session BFD.
• The next-hop node is connected to a Layer 2 network that terminates theLAG and forwards BFD keepalives on the LAG link it chooses.
• Many BFD sessions exist between two nodes, so to reduce resource usageand support better scaling, a single-session BFD is used for some or allof the neighbors.
With single-session BFD over LAGs, BFD detects whether a Layer 3 neighboris active regardless of the Layer 2 interface that connects the neighbors. BFDdesignates a home slot (a line card within the LAG) on which a BFD sessionoperates. BFD packets are transmitted and received on the card in the homeslot; if the card in the home slot fails, a backup home slot card takes over.Backup home slot card selection is automatic; you do not need to configurebackup selection.
The router bfd configuration is modified to include the link-group commandto specify a single session or multiple sessions. The show bfd sessioncommand displays home card and backup card settings for single-session BFD.
To enable single-session behavior, single-session mode must be explicitlyenabled using the link-group command with the single-session keyword(in router BFD interface or router BFD neighbor configuration mode).
2.5.1.17 Fast Convergence for OSPFv3 Using SPF Timers
For OSPFv3, the default delay-time and hold-time values are used to enableand disable fast convergence. By default, both timers are set to 0 seconds toenable fast convergence. Also, changing the OSPFv3 timer values to non-zerovalues disables fast convergence.
For more information about setting the timer values, see the router ospf3command.
2.5.1.18 Non-Stop Routing for OSPF
In OSPF router configuration mode, the new [no] nonstop-routingcommand can be used to activate non-stop routing to maintain OSPF neighborrelationships and operations in steady state if the active XCRP Controller cardfails and switches over to the standby XCRP. The OSPF routing domain willcontinue to operate in steady state. The show osfp command is modifiedto support the nsr keyword.
For information about the new nonstop routing command, see thenonstop-routing command.
For information about nonstop routing, see Configuring OSPF.
28 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.19 Change in Processing for "redistribute" (IS-IS) Command
Previously, when no metric was configured in the redistribute (IS-IS)command, and the route-map command option either specified ametric or not, the original route metric was not used in the IntermediateSystem-to-Intermediate System (IS-IS) domain. As a result, no (0) prefix metricwas used in the IS-IS domain. In this release, the metric that is configured bythe route-map command option is used as the internal prefix in the IS-ISdomain, when no metric is configured by the redistribute (IS-IS)command. In addition, if no metric is configured in the route-map commandoption, the original route metric is used as the internal prefix in the IS-IS domain.
PPA2 and PPA3
2.5.1.20 Multihop Route Advertisement For Inter-AS L3VPNs
You can now configure Layer 3 Virtual Private Networks (L3VPNs) that spandifferent autonomous systems (ASs) using LDP to redistribute routes from oneAS to the other. Previously, you could only configure the SmartEdge OS toredistribute routes between ASs using eBGP for this topology.
For more information, see the Multi-AS Backbones-option C from RFC 4364,BGP/MPLS IP Virtual Private Networks (VPNs).
With the new configuration, Label Distribution Protocol (LDP) redistributes theinternal Border Gateway Protocol (iBGP) routes from one AS to the other, usingonly two MPLS labels instead of three. Use this method to interoperate withCisco routers in this topology.
When it is not enabled, external Border Gateway Protocol (eBGP) redistributesthe routes between ASs, requiring three labels (the default method of usingOption C).
Use the new [no] redistribute bgp [route-map map-name] commandin router ldp configuration mode to enable LDP to redistribute the route.
The set ip next-hop command, required for this feature, has beenenhanced with the new prefix-address keyword.
For a full description, configuration tasks and examples, see ConfiguringBGP/MPLS VPN.
With this feature enabled, you can use the ping command between a provideredge (PE) router in one AS and a PE router in another AS to verify connectivity.However, the ping command is not supported from one autonomous systemborder router (ASBR) to another.
Use the following commands to verify route redistribution and labels:
• show mpls label-mapping
• show circuit counters
299/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• show bgp route {ipv4 | ipv6} vpn
• show ldp binding
• show ip route
This feature is supported with IPv4, IPv6, and dual-stack addressing on PPA2and PPA3 line cards.
2.5.1.21 Policy Based Routing for IPv6 Redirect
Policy Based Routing (PBR) functionality has been enhanced to supportredirection of IPv6 traffic to the IPv6 next hop. The keywords ip and ipv6have been added to the redirect destination next-hop command to enableredirection to the specified IPv6 address or to the default destination IPv6address according to the routing table. The show configuration forward, showforward policy, and show card qos commands have been modified to displayIPv6 forwarding data.
For IPv6, the redirect destination next-hop command accepts one or two IPv6addresses and a single default argument.
The command is rejected if:
• The IPv4 next-hop list contains 0.0.0.0 or 255.255.255.
• The IPv6 next-hop list contains the " ::" address, the "fe80::/10" prefix, orduplicate addresses.
For more information about the IPv6 redirect feature, see the redirectdestination next-hop command.
2.5.1.22 IPv6 LAG - QoS and ACL Support
This release supports quality of service (QoS) and access control list (ACL)functionality on IPv6 traffic on an access link aggregation group (LAG).
2.5.1.22.1 Restrictions and Limitations
• IPv6 ACL is only supported on L3 circuits on access LAGs.
• RADIUS Service Engine (RSE) profile is not supported on access LAGs.
2.5.1.23 Continue Logic in Route Maps
This release adds the continue clause to route maps, which gives greatercontrol over route map logic and execution flow. After a route successfullysatisfies all match conditions in a route map entry and set operations havebeen executed, the continue clause passes control to another entry in the sameroute map to continue execution. You use the continue [seq-num] clause inroute map configuration mode.
30 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.24 New Match Criteria for IPv6 ACLs
IPv6 ACLs now includes match criteria to classify a packet based on:
• Fragments
• Invalid TCP flags
• Setup
The new match criteria are supported for IPv6 filter and policy ACLs and forIPv4 policy ACLs.
Table 11 describes the new keywords for the permit and deny commands.
Table 11 New IPv6 ACL Match Criteria
fragments Allows packet to be permitted or denied based onwhether the packet is fragmented.
setup Specifies that TCP packets with SYN set and ACK notset in the Flags field are a match.
invalid-tcp-flags Specifies that TCP packets with particular flagcombinations are a match.
The new keywords of invalid-tcp-flags, setup, and fragments arenow also reflected in the following show commands:
• show configuration
• show ipv6 access-list
• show access group
2.5.1.25 BGP MDT PIM SSM-Source Auto-Discovery
Previously, the SmartEdge OS supported PIM-SM default MDT. In this release,the SmartEdge OS also supports default MDT auto-discovery for PIM-SSMthrough BGP SAFI-MDT.
Each multicast-enabled VPN (mVPN) corresponding to a multicast domain hasa default MDT through the backbone connecting all of the PE routers belongingto the MD. The MDT is constructed when the PE routers are brought up. Themechanism for auto-discovery varies with the version of PIM being used:
• With PIM-SM default MDT auto-discovery, a rendezvous point (RP)provides rendezvous and auto-discovery services to the PE routersbelonging to the multicast domain, establishing the PIM adjacenciesbetween the routers. The source and receiver PE routers auto-discoverone another through the RP.
319/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• In a PIM-SSM environment, no RP is required. Instead, the PEs usea mechanism called MDT subaddress family identifier (SAFI-MDT) toauto-discover one another directly. Using PIM-SSM auto-discovery allowsthe PE to directly join to a source tree rooted at another PE for MDT,without an RP. Eliminating the RP reduces management overhead andeliminates a potential point of failure. Also, forwarding delay is reduced.
MDT routes can be exported and imported using the export route-target andimport route-target commands, respectively. For a full description of thisfeature, see Configuring IP Multicast.
2.5.1.25.1 New Commands
The following new configuration command is added to support this feature:
• The address-family ipv4 mdt command in router BGP configuration mode,BGP VPN configuration mode, or BGP neighbor configuration modeenables the MDT address family for a BGP router instance or a BGPneighbor. This command is not supported for eBGP peers.
The following new operational command is added to support this feature:
• The clear bgp ipv4 mdt command in EXEC mode resets addressconnections and forces BGP updates for connections using MDT routes.
• The show bgp route ipv4 mdt command in EXEC mode displays detailedinformation about IPv4 MDT routes.
2.5.1.25.2 Modified Commands
The following configuration commands are modified to support this feature:
• The mdt default-group command is enhanced to support PIM-SSMconfigurations. This command now accepts an address taken from therange reserved for SSM (as specified by the pim ssm command in contextconfiguration mode).
• The mdt encapsulation command can now be used in PIM-SSMconfigurations to set the encapsulation for MDT.
The following operational commands are modified to support this feature:
• The show pim mdt command is enhanced with the new bgp keyword.When used with the bgp keyword, this command displays MDT BGPadvertisements.
• The show bgp neighbor and show bgp peer-group commands now includean ipv4 mdt option for filtering output.
• The show ip mroute command now includes information about PIM-SSMroutes in its display.
32 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
• The debug bgp rib command now includes PIM information in its display.
• In general, PIM information is now included in the output of show bgpcommands.
2.5.1.25.3 Restrictions and Limitations
This feature has the following restrictions and limitations:
• At least one mPVN must be configured for the PIM/BGP router to sendMDT default group and source address information to remote PE routersusing BGP SAFI-MDT.
• MDT address family configuration is not supported for eBGP peers.
• When a peer that is participating in the IPv4 MDT address family isconfigured with update-source command, the next hop for the MDTroutes does not use the update-source interface.
• The SmartEdge OS does not prevent next-hop manipulation using theroute-map out feature.
2.5.1.26 IGMP CAC at S-VLAN Level
In previous releases, the SmartEdge OS supported IGMP CAC at the port level.In this release, support for IGMP CAC is extended to the S-VLAN level for IGMPtraffic replicating Point to Point Protocol over Ethernet (PPPoE) subscribers.When this option is enabled, the system monitors an 802.1Q PVC (includingits child circuits or subscriber circuits) to ensure that the sum of IGMP Joinrequests on the PVC does not exceed the specified limit. If a Join that wouldcause the configured limit to be exceeded is received and a child circuit withlower priority exists on the PVC, the lower priority group is dropped to reclaimthe bandwidth. Otherwise, the request to join the new group is rejected. In thiscase, the system logs the rejection and increments statistics.
S-VLAN CAC can be used together with per-port CAC. When used together,bandwidth limits are applied hierarchically: S-VLAN bandwidth limits areapplied first, followed by port bandwidth limits if the call has not been rejected.
IGMP has been enhanced to generate a number of statistics relevant to IGMPsubscriber activity, in addition to statistics about IGMP Joins, Leaves, and hostreports. You can collect these statistics using the router's bulkstats facility. Todo this, configure a bulkstats schema profile, attach it to a bulkstats policy,apply the bulkstats policy to the configuration context, and enable IGMPbulkstats in the IGMP service profile.
The following commands are added to support this feature:
• The multicast maximum-bandwidth command in dot1q PVC configurationmode specifies the bandwidth limit, either as an absolute value or asa percentage of a QoS maximum rate limit set for the PVC. You can
339/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
specify up to 125% of the QoS maximum. Remove the bandwidth limit byspecifying the no version of this command.
• The bulkstats command in IGMP service profile configuration mode enablesstatistics generation for IGMP.
The following commands are enhanced to support this feature:
• The bulkstats schema profile command in context configuration mode nowincludes the igmp keyword to allow you to collect IGMP-related statisticswithin the context. This schema is attached to a bulkstats policy usingthe bulkstats policy command.
• The show igmp profile command in exec mode now includes generatedIGMP statistics.
• The show igmp traffic command in exec mode now includes informationrelated to QoS queuing and statistics buffers for IGMP traffic.
• The show igmp circuit command in exec mode now includes QoS andbulkstats status.
2.5.1.27 LNS Support for IPv6 Subscribers
In previous releases, the SmartEdge router provided L2TP access concentrator(LAC) support for dual-stack (IPv4, IPv6, or both) subscriber services. Withthis release, the SmartEdge router also provides L2TP network server (LNS)support for dual-stack subscriber services. Dual-stack Point-to-Point Protocol(PPP) sessions can be terminated on a SmartEdge LNS. The L2TP tunnelendpoint is over an IPv4(/MPLS) cloud; however the L2TP tunnel carries PPPframes that encapsulate both IPv4 and IPv6 subscriber traffic. IPv6 packetsare not fragmented on the LNS. The IPV6 packet is encapsulated in the IPv4tunnel, and the IPv4 tunnel packets are fragmented. No new CLI commandssupport this feature.
2.5.1.28 Three-VLAN-Tag Support for VPLS and L2VPN
In previous releases, a system with VPLS and Layer 2 VPNs (also known asVLLs) configured supported incoming packets tagged with, at most, two VLANtags (S-VLAN and C-VLAN). In this release, the system accepts packets withup to three VLAN tags (Q-in-Q-in-Q traffic) into a VPLS, and any number ofVLAN tags on a Layer 2 VPN. In a typical scenario involving this feature,customer equipment sends frames that already have two VLAN tags (S-TAGand C-TAG), and an intermediate Ethernet switch connecting customerequipment to the SmartEdge system prepends a third VLAN tag.
2.5.1.29 LDP over RSVP
With this release, the system supports the Label Distribution Protocol (LDP)over Resource Reservation Protocol (RSVP) for single-hop and multihopRSVP label-switched paths (LSPs). LDP over RSVP enables RSVP LSPs
34 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
to carry LDP control and data traffic when Open Shortest Path First (OSPF)is configured as the Interior Gateway Protocol (IGP). LDP over RSVP is notsupported when Intermediate System-to-Intermediate System (IS-IS) is theIGP. To enable LDP over RSVP, you must configure a tunnel shortcut forthe RSVP LSP, the OSPF routing instance, and the LDP neighbor. If theRSVP LSP is configured with next-hop fast reroute (NFRR) for link and nodeprotection, LDP traffic can also be carried over a bypass RSVP LSP andprotected against link and node failures between label-switched routers (LSRs).In addition, you can configure backup RSVP LSPs.
2.5.1.29.1 New Commands
The following new commands must be configured to enable LDP over RSVP:
• The tunnel-shortcut command in either RSVP router configuration modeor RSVP LSP configuration mode
• The mpls tunnel-shortcut command in OSPF router configuration mode
• The tunnel-shortcut command in LDP router configuration mode for allconfigured targeted neighbors or for a specific neighbor (neighboraddress targeted tunnel-shortcut)
You can enable both IGP shortcuts and LDP over RSVP on the sameRSVP LSP.
2.5.1.29.2 Limitations
LDP over RSVP is not supported when IS-IS is the IGP.
2.5.1.30 Enhanced Carrier Grade NAT
In this release, Carrier Grade NAT (CGN) has been enhanced to support:
• Point-to-Multipoint Transmission Control Protocol (TCP)
• Inbound refresh settings for User Datagram Protocol (UDP)
• Port block configuration for an IP range
• Network Address Translation (NAT) logging profiles
Assignment time is logged when a NAT IP address or port block is assignedto a subscriber or circuit.
Unassignment time is logged in the following cases:
The port block is unassigned by the age due to idle timeout.
The subscriber goes down (circuit unbind).
The pool or policy is deleted.
359/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
The pool action is changed for a class under a policy.
• Excluded port ranges from a pool
• Paired mode
• Internet Control Message Protocol (ICMP) notification when rejectingoutbound flows
For more information about configuring enhanced CGNAT, see ConfiguringNAT Policies.
2.5.1.30.1 New Commands
• nat enhanced password
Enables licensing of new and enhanced CGN CLI commands. Forinformation about enabling NAT licensed features, see Enabling LicensedFeatures.
• exclude well-known
Excludes port range 0 to 1023 from a specific address or an address rangeof a pool.
• exclude port_start to port_end
Excludes the port range from a specific address or an address range ofa pool.
• icmp-notification
Sends ICMP administratively prohibited messages to the sender when NATtranslation cannot be created due to resource or administrative constraints.
• inbound-refresh udp
Enables inbound refresh behavior for inbound UDP traffic.
Note: Inbound refresh mode is the default behavior, for backwardcompatibility. The no inbound-refresh udp command disablesrefreshing.
• nat logging-profile
Creates an NAT logging profile.
The following new options are available in NAT logging profile configurationmode.
dscp
36 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Configures the Differentiated Services Code Point (DSCP) value ofthe IP packet .
export-version v9
Configures the external collector to use version 9 formatting whenexporting flow records.
maximum ip-packet-size
Configures the maximum size of the IP packet in bytes.
source
Configures the source IP address and port number for the NetFlowpacket for a NAT logging profile.
transport-protocol udp (NAT)
Configures the transport protocol used to export the flow records.
• paired-mode
Controls the number of users connected to the same IP address and limitsthe number of available ports for a subscriber to keep fair usage.
• show nat logging-profile
Displays NAT profiles.
2.5.1.30.2 Enhanced Commands
• address start_ip to end_ip port-block start_block to end_block
Previously, you could specify which port-blocks to include for a given rangeof IP addresses in a NAT pool. The keyword port-block now allows youto specify a port-block configuration. A port block is a block of 4096 ports.For example, in port-block 1 through 15, ports 4096 to 65535 are included.
• debug nat
Displays new debug NAT messages.
• ip nat pool name napt paired
Use the new pairedkeyword to ensure that a given subscriber with thepolicy referring to the pool always gets the same external IP address.
• ip nat pool name napt multibind logging
The new keyword logging enables logging at the NAT pool level.
• endpoint-independent filtering tcp
379/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
The new keyword tcp enables point-to-multipoint mode for all TCP trafficin the current class.
• nat policy name enhanced [radius-guided]
Use the keyword enhanced to identify a NAT policy for CGN features.
• show nat policy name detail—Enhanced to display the following:
Inbound refresh
Endpoint independent filtering for TCP
Abandoned timeout settings
• show nat pool name detail—Enhanced to display the following:
Logging profile grids (grid is 0 if there is no profile)
Oversubscription ratio
Port limit
• timeout abandoned seconds
Enhanced to include a new keyword, abandoned, which configures thetimeout value for P2MP TCP sessions that have no active parent session.The default value is 2 hours 4 minutes.
38 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.30.3 Restrictions and Limitations
Licensing
To configure enhanced carrier grade NAT features on the SmartEdge router,you must have enabled the NAT enhanced license with the nat enhancedpassword nat_password command. For information about enabling NATlicensed features, see Enabling Licensed Features.
Pools and Policies Limitations
With enhanced NAT, the SmartEdge router does not support configurationchanges to pools and policies that are already bound. In some cases, the CLIrestricts you from making these changes. As a result, you must completelyunbound policies and then bind them for the changes to take full effect.
Circuit Limitations
CGN is supported on the following subscriber circuits:
• CLIPS
• DHCP
• MLPPP
• PPPoE
The following are not supported:
• Pseudocircuits, except MLPPP
• Subscriber circuits on LAG and LNS
• Static circuits
Paired Mode Limitations
• Paired mode and logging are only available for subscriber interfaces.
• You cannot mix paired and nonpaired pools in a policy.
• If paired mode is used, adding more IP addresses to the pool anddecreasing the oversubscription rate results in more memory usage andless-efficient use of available port ranges across subscribers.
Logging Limitations
• A single micro block is always assigned to a single subscriber, no matterhow many ports are used. When logging is enabled, the sharing of portsacross multiple subscribers is limited because even if only one port is usedby a subscriber, multiple ports (a whole microblock) are reserved fromthe pool.
399/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• Using multiple profiles downloaded to a card can result in performancedegradation because packet streams are maintained and assembled foreach NAT logging profile.
• Configuring static entries with logging causes less-efficient use of ports.Even if only one static entry is configured, multiple ports (the wholemicroblock) are reserved from the pool.
• You can only configure two logging profiles for each pool.
Exclude Limitations
• Granularity of excluded ports (configured by using the exclude command)is based on the microport block size (the port range assigned to asubscriber in case of logging). For example, when the microport block sizeis 32, excluding port 0 removes all ports from 0 to 31.
• You cannot configure more than 4 excludes per IP or address range whenyou use the exclude command.
Specifying a fifth exclude option displays an error message.
2.5.1.30.4 Change in Behavior for Endpoint-Independent Filtering
Previously, when endpoint-independent filtering was not applied, packets inthe class were filtered only in the inbound direction; all packets sent fromthe local endpoint reached their destinations, but incoming packets weredropped. Now, when no endpoint-independent filtering is configured, UDPand TCP packets in both the outbound and inbound directions are filtered.Previously, endpoint-independent filtering configuration was only available forUDP transport, but with enhanced Network Address Translation (NAT), TCPconfiguration is also allowed.
Note: When endpoint-independent filtering is applied, NAT is not filtering. Forexample, allowing P2MP traffic.
2.5.1.30.5 Change in Behavior for Port Assignment
By default, when an assignment of a port is denied by NAT due to any reason,ICMP messages are now generated to the private endpoint. To revert to theprevious default behavior, enable the no icmp-notification commandat the class level.
2.5.1.31 Enhanced Carrier Grade NAT Support for Hitless Access LAG
In previous releases, the system’s support for Carrier Grade NAT did not extendto subscribers using access link aggregation groups (LAGs). In this release,Carrier Grade NAT support is extended to hitless access LAG subscribersessions.
40 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.31.1 Restrictions and Limitations
• For hitless access LAG, the “active/active” case is not supported
• This feature is not available on XCRP3-based systems
• NAT does not support fragmented packets
• This feature is only supported for subscriber circuits with NAT enhancedpolicy applied. Configuration of a NAT enhanced policy requires a NATenhanced license.
For information about configuring Carrier Grade NAT and a full description offeature limitations, see Configuring NAT Policies.
2.5.1.32 Enhanced Carrier Grade NAT Support for Economical Access LAG andLNS
In previous releases, the system’s support for Carrier Grade NAT did not extendto subscribers using economical access link aggregation groups (economicalaccess LAGs) or Layer 2 Tunneling Protocol Network Server (LNS). Onlyhitless access LAG subscriber sessions were supported. In this release, CarrierGrade NAT support is extended to economical access LAG subscriber sessionsand L2TP tunneled IPv4 subscriber sessions on LNS.
2.5.1.32.1 Restrictions and Limitations
• This feature is not available on XCRP3-based systems
• NAT does not support fragmented packets
• This feature is only supported for subscriber circuits with NAT enhancedpolicy applied. Configuration of a NAT enhanced policy requires a NATenhanced license.
For information about configuring Carrier Grade NAT and a full description offeature limitations, see Configuring NAT Policies.
2.5.1.33 DHCP Split Lease Enhancement
This release adds support for the Router option (3) and Domain Name Serveroption (6) in DHCP lease renewal responses generated by the SmartEdgerouter. The split lease feature is enhanced to work with DHCP clients thatexpect router addresses and domain name server addresses to be refreshedon every lease renewal. A maximum of two entries can be included for eachoption, to limit the amount of memory used when this option is enabled. ForDHCP clients using a last resort interface, only one entry for the Router optionis included.
419/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.1.34 Dynamic CLIPS on 802.1Q On-Demand PVCs
This release supports dynamic CLIPS on 802.1Q on-demand PVCs. For moreinformation about configuring this feature, see Configuring CLIPS and serviceclips dhcp.
2.5.1.34.1 Enhanced Commands
• service clips dhcp
Now supported in link configuration and dot1q pvc configuration mode foron-demand circuits.
• show clips summary
Now includes statistics for dynamic CLIPS over 802.1Q on-demand PVCs.
• show clips counters detail
Now Includes statistics for dynamic CLIPS over 802.1Q on-demand PVCs.
2.5.1.34.2 Restrictions and Limitations
Regular and on-demand PVCs with the same 802.1Q PVC ID are supported.However, regular 802.1Q PVC configuration takes precedence over on-demandPVC configuration. For example:
[local]Ericsson(config-port)#dot1q pvc on-demand 1[local]Ericsson(config-port)#dot1q pvc 1
[local]Ericsson#show configuration port 2/1!port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1dot1q pvc 1 <= Overrides the on-demand configuration
!
The following are not supported:
• CLIPS over ATM on-demand PVCs
• CCOD for both CLIPS SVLAN and CVLAN at the same time.
• NetOp for configuring CLIPS over on-demand 802.1Q PVCs.
• Bind interface configuration for 802.1Q on-demand PVCs
• The range over on-demand 802.1Q PVCs is not displayed in the showconfiguration port command.
• CLIPS support on CCOD is not provided when the aaa contextctx-name and its attributes are enabled on the 802.1Q on-demand PVC.The aaa context ctx-name is used as an alternative mechanism of
42 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
retrieving the encapsulation type, username, context, and other bindingattributes from RADIUS.
The following CLI commands, which are supported on static PVCs, are notsupported on CCOD circuits:
• qos priority
• rate-circuit
• circuit-group-member
• forward policy
• forward output
• service clips-exclude
• service clips-group
439/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
The following table illustrates the change of CLIPS behavior when theconfiguration is changed from the initial configuration to the final configurationwhen both regular and on-demand configuration exists on the same PVC.
Table 12 Behavior of CLIPS when both Regular and On-Demand Configuration Exists onthe Same PVC
Case Result of Initial Configuration Result of Final Configuration Expected Behavior
1 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
dot1q pvc 1service clips …
CLIPS subscriber sessions (if any)on on-demand pvc 1 session are torndown. Recovery over pvc 1, depends onconfiguration and lease times.
Packets are dropped during the transitionfrom on-demand configuration of thesession to static configuration.
2 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc 1
service clips …
port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
dot1q pvc 1service clips …
No impact on CLIPS subscribers.
3 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
dot1q pvc 1service clips
port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
CLIPS subscribers (if any) on pvc 1session are torn down. Recovery dependson the configuration, lease times, andwhen on-demand pvc 1 is created basedon packet activity.
Packets are dropped during thetransition from static PVC configurationof the session to on-demand circuitconfiguration.
4 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1
service clips …
dot1q pvc 1service clips …
port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc 1
service clips …
No impact on CLIPS subscribers.
44 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.34.3 QoS Guidelines for dot1q On-Demand Circuits
The QoS policy on the parent CCOD circuit is inherited by the subscriber, oryou apply the QoS policy directly under the subscriber record by using theCLI or RADIUS.
The following guidelines apply to QoS support for 802.1Q on-demand circuits:
• You can configure QoS policing and metering policies at the parent CCODcircuit by using the inherit or hierarchical keyword, which resultsin a QoS policy for the subscriber.
• The inherit keyword results in a subscriber circuit provision with theparent QoS policy if the subscriber circuit does not have a policy.
• The hierarchical keyword results in the CLIPS subscriber circuit beingprovisioned with the parent QoS policing and metering policy, in addition toits own policy if it has any.
• A QoS queuing policy configured on the parent CCOD circuit is inherited bythe CLIPS subscriber circuit if it does not have its own queuing policy.
• A QoS queuing policy configured under the subscriber record results in allthe subscriber traffic using the queues configured in the direct queuingpolicy.
• The qos priority and rate-circuit commands, which are supportedon static PVCs, are not supported on CCOD circuits.
Note: When a new QoS policy binding configuration under the on-demand802.1Q PVC or range is applied, the configuration is applied only tonew CCOD circuits and subscribers. . Existing CCOD circuits andsubscribers are not impacted.
When you remove the QoS configuration from the 802.1Q on-demandPVC configuration, existing CCOD circuits and CLIPS subscribercircuits are not impacted. New CCOD circuits or CLIPS subscribercircuits use the existing QoS bindings on the parent CCOD circuit.
The following access control list (ACL) features are supported:
• IPv4 ACL IP filtering - Applied to subscribers
• IPv4 ACL policy filtering - Used by QoS
• IPv4 ACL policy Filtering - Used by forwarding policy on subscribers
• IPv4 ACL policy filtering - Used by NAT policy on subscribers
2.5.1.35 Service Activation and Deactivation in a Single CoA Request
The RADIUS Service Engine (RSE) provides a framework for applying servicesto a subscriber during session setup as well as during CoA. This feature
459/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
supports deactivation and activation of multiple services through a CoA request,and also allows deactivation and activation of the same service in a CoA. Onlyone metering and one policing policy can be applied to a subscriber regardlessof the number of services enabled. Activation of two services that have differentmetering or policing policies is not allowed. Reauthorization is allowed onlyfor limited service parameters or attributes. Service reauthorization is notallowed for RADIUS-based Policy, version 3 (Rabapol-III) services, althoughthese services can be activated or deactivated. Same service deactivationand activation for HTTP redirect service is not supported. However, HTTPredirect service can be one of the different services in a CoA containingdifferent services for deactivation or activation. RSE is not supported for LAGsubscribers. RSE does not maintain the history of the sequence of changesto a parameter. When multiple services are applied to a subscriber, if thesedifferent services change a common parameter, the changes completed bythe last service applied take effect.
2.5.1.36 RSE Service Activation During Change of Authorization in Case of StackMismatch
This feature allows configuration of global change-of-authorization (CoA)options, using the new aaa global coa ignore rse-attr-stack-mismatchcommand. When configured, this command permits service activation duringCoA in case of stack mismatch. It ignores any service that is not relevant andany stack information or part that is not present in the session. It also sendsthe regular Service-Start, Iinterim, and Stop-Accounting messages, even if theservice cannot be activated.
2.5.1.37 IPCP Subnet Mask Negotiation Option
This feature reserves IP addresses or subnet ranges and installs subnet routesfor subscribers using RADIUS. To enable IPCP netmask negotiation, use thenew ppp ipcp negotiate netmask command in context configuration mode toapply the absolute-timeout value.
2.5.1.38 New Command for Setting the Duration of Subscriber Sessions
The new no subscriber dhcp-server-lease absolute-timeout command (incontext configuration mode) applies the absolute-timeout (session-timeout)value as the duration of the subscriber session. With the no subscriberdhcp-server-lease absolute-timeout command configured, theabsolute-timeout value is used as the session timeout to terminate the sessionafter expiration of the timer. This feature applies to the internal DHCP server.
2.5.1.39 IPv4 Address Conservation in Dual-Stack Subscriber Environments
In this release you can conserve IPv4 addresses in PPP dual-stack subscriberenvironments that use RADIUS authentication. A subscriber can release anIPv4 address to RADIUS if it is not being used. Then, at a later time, if anIPv4 address is needed, the subscriber can request one from RADIUS. Byissuing IPv4 addresses from a provider’s public shared IPv4 address pool only
46 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
when subscribers need them, IPv4 addresses in dual-stack environments areexhausted more slowly. As a result, the provider’s public shared IPv4 addresspool size can be decreased; alternatively, the provider can multiplex a greaternumber of subscribers on a public shared IPv4 address pool.
The following command is added to support this feature:
• The aaa session rate-limit command in context configuration mode hasbeen added. It provides the ability to limit the number of Access Requestpackets sent to RADIUS and causing denial of service due to receiving toomany Access Accepts or Access Rejects from RADIUS.
The following commands are enhanced to support this feature:
• The radius attribute vendor-specific command in context configurationmode has been enhanced with the ipv4-address-release-controlkeyword to allow you to enable IPv4 address save mode. Whenthis keyword is specified, a new vendor-specific attribute (VSA 213 -IPV4-Address-Release-Control) is used to enable this feature.
• The aaa password command in context configuration mode has beenenhanced with the ipv4-address-release-control keyword to allowyou to specify the password used in IPv4 address save mode for addressre-requests
2.5.1.40 Event Accounting for PD Prefix Events for Dual- and Single-Stack IPv6Subscribers
This release supports inclusion of Prefix Delegation (PD) prefix transitionevents in event accounting messages sent for single- and dual-stack subscribersessions in cases where dynamic assignment or release of IPv6 host addressesoccurs through DHCPv6.
2.5.1.40.1 Enhanced Commands
The following commands have been enhanced to include the new keyworddhcpv6, which enables event accounting for PD prefix events:
• aaa accounting event
• aaa global accounting event
2.5.1.40.2 New Reason Codes
Vendor-Specific Attribute (VSA) 144 (Acct_Reason) describes the reason forsending subscriber accounting packets to the RADIUS server. This VSA hasbeen enhanced to include two new reason codes, one each for the assignmentand release of a delegated PD prefix.
479/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.1.41 Event Accounting for IPv4/v6 Stack Transition Events
RADIUS accounting messages can now be generated whenever a single-stacksubscriber session becomes dual-stack or when a dual-stack subscribersession becomes single-stack. The aaa global accounting event command andthe aaa accounting event command have been updated with the dual-stackkeyword, which enables the new event accounting. Four new reason codes forthe Vendor-Specific Attribute (VSA) 144 Acct_Reason have been added:
• The AAA-LOAD-ACCT-V4-UP reason code has been added for IPv4 stackup events.
• The AAA-LOAD-ACCT-V4-DOWN reason code has been added for IPv4stack down events.
• The AAA-LOAD-ACCT-V6-UP reason code has been added for IPv6 stackup events.
• The AAA-LOAD-ACCT-V6-DOWN reason code has been added for IPv6stack down events.
2.5.1.42 Authentication Suppression after Session Limit Is Reached
The session limit maximum value can be checked during the preauthenticationphase, when the aaa global suppress-authentication slid-session-limitcommand is configured. This prevents an authentication request from beingsent to the RADIUS server once the maximum number of sessions is reached.Use the aaa accounting suppress-acct-on-fail except for slid-session-limitcommand to allow accounting messages to be sent when this event occurs,even when accounting messages are suppressed for other session failureevents. Use the show subscribers active command to display information aboutthe session limits for the active circuit ID or active remote ID (ACI/ARI).
2.5.1.43 Increase in the Number of Maximum Sessions
The maximum number of concurrent sessions allowed on a circuit or port isincreased from 8,000 to 32,000. Scaling issues are not addressed, and theactual number of sessions that can be established is not guaranteed.
2.5.1.44 PPPoE CCOD Startup Timer
The startup-timer command (in dot1q PVC configuration mode) specifies theinterval the 802.1Q process allows for the completing initial circuit bring-up. Forexample, if the startup-timer is set to 25 seconds and PPPoE subscribers arebrought up, PPPoE negotiation must complete within 25 seconds from the timethe system receives the PADI packet and creates the CCOD circuit; otherwise,the CCOD circuit is torn down.
Once configured, this value can be changed but cannot be deleted. However,the default value of 90 seconds is equivalent to not configuring a startup timer.
48 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.1.45 PPA Feature Support
Note: For information about which traffic cards support each PPA version,see the device hardware guides.
Table 13 describes PPA support for features described in this section.
Table 13 PPA Feature Support
Feature PPA2 PPA3 Notes
Channelized OC-3/STM-1or OC-12/STM-4 Line CardConfiguration
Yes No
MLPPP Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card
Yes No
PWFQ Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card
Yes No
APS Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card
Yes No
Control Packet Rate LimitingSupport for 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards
Yes No
CESoPSN Pseudowires Yes No PPA2 Channelized SONET cards and XCRP4cards only
SAToP Pseudowires Yes No PPA2 Channelized SONET cards andXCRP4/SMRP2 cards only
Multicast Support on PortPseudowire Circuits
Yes Yes
Increased Port PseudowireCapacity
Yes Yes
DVSR, OSPF, and IS-ISSupport on Port PseudowireCircuits
Yes Yes
Control Word, VCCV, andQoS Propagation Enabledfor Port PW
Yes Yes
Enhancements to the"local-as" BGP Command
Yes Yes
Inter-Context Routing iniBGP
Yes Yes
499/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 13 PPA Feature Support
Feature PPA2 PPA3 Notes
Site of Origin Available inBGP External CommunityAttribute
Yes Yes
IPv6 Single-HopBidirectional Forwardingfor Static Routes and eBGP
Yes Yes
Single-Session BidirectionalForwarding over LAG
Yes Yes
Fast Convergence ofOSPFv3 Using SPF Timers
Yes Yes
Non-Stop OSPF Routing Yes Yes
Change in Processingfor "redistribute" (IS-IS)Command
Yes Yes
Multihop RouteAdvertisement For Inter-ASL3VPNs
Yes Yes
Policy Based Routing forIPv6 redirect
Yes Yes
IPv6 LAG - QoS and ACLSupport
Yes Yes
Continue Logic in RouteMaps
Yes Yes
New Match Criteria for IPv6ACLs
Yes Yes
BGP MDT PIM SSM-SourceAuto-Discovery
Yes Yes
IGMP CAC at S-VLAN Level Yes Yes
LNS Support for IPv6Subscribers
Yes Yes
Three-VLAN-Tag Supportfor VPLS and L2VPN
Yes Yes
LDP over RSVP Yes Yes
Enhanced Carrier GradeNAT
Yes Yes PPA2 ATM cards; PPA2 and PPA3 Ethernetcards
Enhanced Carrier GradeNAT Support for HitlessAccess LAG
Yes Yes Supported on PPA2 ATM and Ethernet cards,PPA3 Ethernet cards, and the SmartEdge100.
50 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Table 13 PPA Feature Support
Feature PPA2 PPA3 Notes
Enhanced Carrier GradeNAT Support for EconomicalAccess LAG and LNS
Yes Yes Supported on PPA2 ATM and Ethernet cards,PPA3 Ethernet cards, and the SmartEdge100.
DHCP Split LeaseEnhancement
Yes Yes
Dynamic CLIPS on 802.1QOn-Demand PVCs
Yes Yes PPA2 and PPA3 Ethernet cards
Service Activation andDeactivation in a Single CoARequest
Yes Yes
RSE Service ActivationDuring Change ofAuthorization in Case ofStack Mismatch
Yes Yes
IPCP Subnet MaskNegotiation Option
Yes Yes
New Command for Settingthe Duration of SubscriberSessions
Yes Yes
IPv4 Address Conservationin Dual-Stack SubscriberEnvironments
Yes Yes
Event Accounting forPrefix Delegation (PD)Prefix Events for Dual-and Single-Stack IPv6Subscribers
Yes Yes
Event Accounting for IPv4/v6Stack Transition Events
Yes Yes
Authentication Suppressionafter Session Limit isReached
Yes Yes
Increase in the Number ofMaximum Sessions
Yes Yes
PPPoE CCOD Startup Timer Yes Yes
519/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.2 Border Gateway Function Operation
This section describes impacts to the SmartEdge Border Gateway Function(BGF). It includes information about new features and describes changes toattributes, alarms, events and notifications, triggers, and counters.
To use the new features in this release, you need to be familiar with MessageSession Relay Protocol (MSRP), Secure Real Time Protocol (Secure RTP),and the srtp package in the H.248 control protocol.
2.5.2.1 Secure RTP: E2E and E2AE
Secure RTP is used to encrypt media streams originating from a voice over IP(VoIP) or multimedia endpoint. Both end to end (E2E) and end to access edge(E2AE) scenarios are supported. This feature is optional and is licensed.
Note: This feature has not yet completed full quality assurance; support forthis feature is experimental.
2.5.2.1.1 Impact
This feature has no or minimal impact on the network; it is activated on aper-stream basis by the SGC.
2.5.2.1.2 Capacity and Performance
There is no or minimal impact on overall performance when this feature isactivated.
2.5.2.1.3 Other Network Elements
The SGC must activate this feature on per-call basis.
2.5.2.2 MSRP Back-to-Back User Agent
The SmartEdge BGF can act as an MSRP back-to-back user agent (B2BUA).As a B2BUA, the SmartEdge BGF can allow MSRP endpoints behind NATdevices and firewalls to communicate with one another, by anchoring the TCPsession and modifying MSRP From-path and To-Path headers.
Note: This feature has not yet completed full quality assurance; support forthis feature is experimental.
2.5.2.2.1 Impact
This feature has no or minimal impact on the network; it is activated on aper-stream basis by the SGC.
52 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.2.2.2 Capacity and Performance
There is no or minimal impact on overall performance when this feature isactivated.
2.5.2.2.3 Other Network Elements
This feature is dependent on the SGC.
2.5.2.3 ICMP Error Handling
The SmartEdge BGF now supports ICMP error generation and propagation forIPv4 and IPv6 BGF media plane traffic.
Note: This feature has not yet completed full quality assurance; support forthis feature is experimental.
2.5.2.3.1 Impact
This feature has no impact on the network.
2.5.2.3.2 Capacity and Performance
There is no or minimal impact on overall performance.
2.5.2.3.3 Other Network Elements
This feature has no dependency on other network elements.
2.5.2.4 Secure MSRP
Message Session Relay Protocol (MSRP) is a media plane protocol used tosend chat messages and transfer files (photos and video clips) in an establishedmultimedia session. Access networks are generally considered insecure. Tosecure MSRP messages on the access side, Secure MSRP protocol is used.sMSRP uses TLS to secure the connection and requires PKI support to createand manage the self-signed certificates. Only end to access edge (E2AE)scenarios are supported. SIP over TLS is used as the signaling protocol tosetup secure MSRP sessions. sMSRP can also be established as an additionalstream in a voice or video call. This feature is optional and is licensed.
Note: This feature has not yet completed full quality assurance; support forthis feature is experimental.
2.5.2.4.1 Impact
This feature has no impact on the network.
539/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.2.4.2 Capacity and Performance
There is no or minimal impact on overall performance when this feature isactivated.
2.5.2.4.3 Other Network Elements
This feature is dependent on the SGC.
2.5.2.5 Provisioning
2.5.2.5.1 Changed Attributes
None.
2.5.2.5.2 Deleted Attributes
None.
2.5.2.5.3 New Attributes
Table 14 shows the new provisioning attributes.
Table 14 New Provisioning Attributes
Attribute Name Description
(srtp/set) Supported Encryption Transforms
(srtp/sat) Supported Authentication Transforms
(srtp/km) Key Management Scheme
(srtp/kleb) Key Lifetime Expiry Behavior
2.5.2.6 Configuration
2.5.2.6.1 Changed Attributes
Realm name and site ID validation are modified to conform to the exact syntaxin RFC 1035. In previous releases, the SmartEdge BGF did not adherestrictly to the specification, allowing the first character of the name or ID to bealphanumeric; the specification requires an alphanumeric first character.
2.5.2.6.2 Deleted Attributes
None.
2.5.2.6.3 Deprecated Attributes
None.
54 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.2.6.4 Obsolete Attributes
None.
2.5.2.6.5 New Attributes
Table 15 shows the new configuration attributes.
Table 15 New Configuration Attributes
Attribute Name Description
asp pool service-name
service media-gatewayA new service type to the ASP pool forall media-gateway media plane servicesthat use ASE2 cards. To use SRTPand MSRP B2BUA features, you mustconfigure this new attribute.
[no] msrp validate{session-id | path-uri}
Supports MSRP B2BUA. This command,available in media-gateway configurationmode, sets MSRP session validationto use either the PATH URI or MSRPsession ID.
[no] maximum [msrp-header-len value ]
Supports MSRP B2BUA. This command,available in media-gateway configurationmode, sets the maximum length of allMSRP headers. Set this option to preventany buffer overflow attacks targeted atMSRP endpoints.
[no] maximum streams-per-call value
Increases the maximum numberof streams allowed per call. Thiscommand is available in media-gatewayconfiguration mode.
2.5.2.7 Fault Management
2.5.2.7.1 Changed Alarms
None.
2.5.2.7.2 Deleted Alarms
None.
2.5.2.7.3 New Alarms
None.
559/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.2.8 Events and Notifications
2.5.2.8.1 Changed Events and Notifications
None.
2.5.2.8.2 Deleted Events and Notifications
None.
2.5.2.8.3 New Events and Notifications
None.
2.5.2.9 Triggers
2.5.2.9.1 Changed Triggers
None.
2.5.2.9.2 Deleted Triggers
None.
2.5.2.9.3 New Triggers
None.
2.5.2.10 Counters
2.5.2.10.1 Changed Counters
None.
2.5.2.10.2 Deleted Counters
None.
2.5.2.10.3 Deprecated Counters
None.
2.5.2.10.4 Obsolete Counters
None.
56 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.2.10.5 New Counters
Table 16 shows the new counters.
Table 16 New Counters
Counter Name Description
Active MSRPsessions
The MSRP sessions currently active in the system.The same counter is displayed at the system level,per-process instance level, and at the realm level.
Received MSRPdata chunks
The total number of MSRP data chunks received bythe system. The same counter is displayed at thesystem level, per-process instance level, and at therealm level. Received statistics do not include datafrom active MSRP sessions.
Discarded MSRPdata chunks
The total number of MSRP data chunks that havebeen discarded by the system. The same counter isdisplayed at the system level, per-process instancelevel, and at the realm level. Discarded statistics donot include data from active MSRP sessions.
SRTP e2ae The total number of SRTP end to access edgesessions active in the system. The same counter isdisplayed at the system level, per-process instancelevel, and at the realm level.
SRTP e2e The total number of SRTP end to end sessions activein the system. The same counter is displayed at thesystem level, per-process instance level, and at therealm level.
2.5.2.11 Enhanced Media Inactivity Detection
Media inactivity detection feature is enhanced in this release to report theinactivity timestamp as part of stream statistics. This ensures that the SGC isnotified of the media inactivity and the time at which it occurred, which improvesbilling accuracy.
As part of this feature enhancement, the show media-gateway media-flowdetail command now includes a "Media Stop Time" field that provides atimestamp at which the most recent media stop event occurred on the stream.
2.5.2.12 Zero UDP Checksum Packet Support for IPv4-to-IPv6 Conversion
In this release, IPv4-to-IPv6 conversion supports Zero UDP checksum packets.
579/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.2.13 Bulkstats Support for Statistics Counters
Statistics counters are now supported through bulkstats. To support thisfeature, the following configuration commands have been added in globalconfiguration mode.
bulkstats schema profile profile-type profile-name formatquoted-format-string [attribute1] [attribute2] [...]
bulkstats schema profile media-gateway {global | mgc-group}profile-name
The following configuration commands have been added in contextconfiguration mode.
bulkstats policy policy-name
The following configuration commands have been added in media gatewayconfiguration mode.
bulkstats schema profile-name policy policy-name [context-name]
2.5.2.14 IPv6 Infrastructure Enhancements for SmartEdge BGF
The SmartEdge BGF supports the IPv6 infrastructure enhancements describedin this document.
Note: No new or modified commands are associated with theseenhancements.
2.5.2.14.1 Trunk LAG for IPv6
LAG (Link Aggregation Group) provides media plane redundancy in aSmartEdge BGF when a PPA card or a port goes down. You can configure twoor more physical ports in a LAG. When one or more ports that are part of a LAGgo down, other ports in that LAG act as the backup and share the load so thatmedia packet forwarding is maintained without interruption.
The SmartEdge BGF supports single-session Bidirectional ForwardingDetection (BFD) on trunk LAGs for IPv4 and IPv6 traffic.
2.5.2.14.2 Next Hop Redundancy Using BFD with VRRP
BFD detects failures on the next hop router in a media path. When a failureis detected, media traffic is forwarded on an alternative route (if an alternativeroute is configured and available).
VRRP uses a master-slave configuration to provide IP redundancy on thephysical interfaces that are connected to the next-hop router. When a physicallink fails because the local media or data card fails, the slave (standby)
58 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
interface takes the role of the master (active) interface so that media packetsare received and forwarded without interruption.
2.5.2.14.3 IPv6 Extension Headers
The SmartEdge BGF can process the following extension headers for IPv6packets destined for the SmartEdge router:
• Hop-by-Hop Options
Note: Because this header is the only extension header examined byall intermediate devices in a path, this header can impact routerperformance.
• Routing (Type 0)
• Destination Options
Note: The SmartEdge does not process extension headers for IPv6 packetsdestined for other nodes in configurations where the SmartEdge isa transit router.
Note: With the exception of the Destination Options header, each extensionheader can appear only once in an IPv6 datagram and in a fixed order.The Destination Options header may appear twice:
• Destination options that must be processed by all devices on thepath to the destination appear near the beginning of the datagram.
• Destination options processed only by the final destination deviceappear at the end of the extension headers.
The SmartEdge BGF examines each incoming IPv6 packet and determineswhether to forward, process, or drop the packet. During this process, therouter ignores the extension headers while determining where to forward thepacket. If an incoming IPv6 packet contains extension headers, that packet isprocessed only if the extension headers are valid. IPv6 packets that have anyunsupported extension headers are dropped. For example, a packet is droppedif it has an Authentication header.
IPv6 packet headers are examined in the following order:
1 Hop-by-Hop Options
2 Destination Options
3 Routing (Type 0)
4 Fragmentation
5 Authentication Header
6 Encapsulating Security Payload
599/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
7 Destination Options (for options processed only by the final destination)
Fragmentation and reassembly is supported for BGF IPv6 traffic. IPV6 packetreassembly is performed before other IPV6 extension header processingoccurs.
Note: Because BGF processes only fully reassembled packets, reassembledpackets do not contain the Fragment header extension.
The following rules apply to IPv6 extension headers:
• Incoming IPv6 packets are dropped if any of the following occur:
The total length of all the extension headers exceeds 46 bytes(the maximum size supported by the PPA). When this occurs, theunhandeled IP options counter increments.
The segments left field in the Routing header is nonzero. Whenthis occurs, an ICMP parameter problem message is sent.
The supported extension headers do not conform to the rules specifiedin RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. AnICMP error message is generated and the segments left field is setto nonzero.
The packet includes an unsupported extension header. When thisoccurs, the extension header is sent to the media local interface, therealm counter increments with an Invalid IPv6 Extension Header error,and an ICMP error message is not sent.
• If an incoming IPv6 packet contains allowed extension headers, thoseheaders are removed and do not appear in the translated packet.
• You can apply ACLs to a circuit to filter packets that have extensionheaders before Forwarding Information Base (FIB) lookup occurs.
See Reference [31] for more details on IPv6 extension headers.
2.5.2.14.4 IPv4 and IPv6 Packet Translation on BGF
In this release, packet translation is modified as follows:
• IPv6-to-IPv4 packet translation
The SmartEdge BGF uses the following equation to translate the incomingpacket payload length:
translated packet payload length = 20 + Payload Length - Total Length of Extension Headers
• IPv6-to-IPv6 packet translation
The SmartEdge BGF uses the following equation to translate the incomingpacket payload length:
60 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
translated packet payload length = Payload Length - Total Length of Extension Headers
• IPv4-to-IPv4 packet translation
If the incoming IPv4 packet has any options, those options do not appearin the translated packet; therefore, the incoming packet Header Length isalways 5 (indicating no options). The SmartEdge BGF uses the followingalgorithm to translate the IP Header Length and Total Length fields of theincoming packet :
Translated packet Total Length = Total Length + 20 - (Header Length x 4)
Translated packet Header Length = 20
• IPv4-to-IPv6 packet translation
If the SmartEdge BGF receives an IPv4 UDP packet with a zero UDPchecksum, and that packet must be translated to IPv6, the routerrecalculates the checksum, translates the packet to IPv6, and forwards thepacket. (In previous releases, such packets were dropped.)
2.5.2.15 PPA Feature Support
Note: For information about which traffic cards support each PPA version,see the device hardware guides.
Table 17 describes PPA support for features described in this section.
Table 17 PPA Feature Support
Feature PPA2 PPA3 Notes
Secure RTP: E2E and E2AE Yes Yes Additional ASE2 cards are required.
MSRP Back-to-Back UserAgent
Yes Yes Additional ASE2 cards are required.
ICMP Error Handling Yes Yes
Enhanced Media InactivityDetection
Yes Yes
Zero UDP Checksum PacketSupport for IPv4-to-IPv6Conversion
Yes Yes
Bulkstats Support forStatistics Counters
Yes Yes
Secure MSRP: E2AE Yes Yes Additional ASE2 cards are required.
IPv6 InfrastructureEnhancements forSmartEdge BGF
Yes Yes
Enhanced Match Criteria forIPv6 ACLs
Yes Yes
619/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.3 DPI Operation
This section describes impacts to the Deep Packet Inspection (DPI) Application.
2.5.3.1 Enhanced Subscriber-Based Balancing
Subscribers can now be allocated dynamically to Deep Packet Inspection (DPI)instances with the lightest load. Previously, only round-robin distribution wassupported, and subscribers were automatically assigned to the instance withthe lowest subscriber count, regardless of load. The new adaptive distributionof subscribers optimizes performance and helps avoid overloading a single DPIinstance. When no traffic flow is detected for the subscriber, the subscriber isconsidered idle and deallocated from the DPI instance.
Use the following new command to enable adaptive subscriber allocation:
(config)#dpi traffic-management subscriber load-balancingintra-asp adaptive
You can display load metrics and subscriber counts for a single DPI instance,or all DPI instances across the ASP using the following commands:
• show dpi card slot/asp-id traffic-management statisticspacket
• show dpi card slot/asp-id traffic-management statisticssubscriber instance
For more information, see the Configuring Subscriber Allocation section inApplication Traffic Management Configuration and Operation.
2.5.3.2 DPI Support for ASE2 Card
Porting DPI to a ASE2 card provides the following advantages:
• Faster network processor for better performance
• For security applications, memory is divided between control plane anddata plane applications. DPI requires more memory for the data plane.
2.5.3.3 URL Detection Support for ASE Card
This feature provides URL detection support for both HTTP and HTTPS traffic.A new DPI filter is defined to configure protocol-specific match conditions usingattributes. The filter can be a combination of URLs and HTTP header fields.
The following are the supported capabilities for DPI URL detection:
• HTTP pipelining
• HTTP header reassembly
62 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
• URL port normalization
• Escape character conversion
To create an HTTP attribute condition statement for an access control list(ACL), use the following command:
seq sequence-number header label operator-tag condition value
[case-sensitive]
To create a URL condition statement for an ACL, use the following command:
[seq sequence-number] header urlcondition url-value
[case-sensitive]
To display information about one or all HTTP filters configured on the ASE cardin the specified slot and port, use the following command:
show dpi card slot/asp-id filter http filter-name
The following new commands are added under global configuration mode:
• dpi filter http filter-name
Creates an HTTP filter that can be included in an ACL sequence.
• dpi traffic-management protocol http escape-conversion
Performs conversion of escaped characters.
• dpi traffic-management protocol http header header-name
label operator-tag text | numeric
Defines extended headers.
• dpi traffic-management protocol http pipelining
Detects URLs of multiple HTTP requests sent by the same TCP packet ordifferent TCP packets.
For more information, refer to Application Traffic Management Configurationand Operation, Reference [1].
2.5.3.4 PPA Feature Support
Note: For information about which traffic cards support each PPA version,see the device hardware guides.
Table 18 describes PPA support for features described in this section.
639/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 18 PPA Feature Support
Feature PPA2 PPA3 Notes
Enhanced Subscriber-BasedBalancing
Yes Yes
DPI Support for ASE2 Card Yes Yes
URL Detection Support forASE Card
Yes Yes
2.5.4 Platform Operation
This section describes impacts to Layer 2/Layer 3 and Infrastructurefunctionality.
2.5.4.1 IPv6 Support for PPA2- and PPA3-Based ATM Line Cards and MIC
IPv6 functionality is now enabled on PPA2 and PPA3-based ATM line cardsand MIC.
2.5.4.2 IPsec Tunnel State Change and RSA Certificate Alarms
Alarm functionality is extended to IPsec. This functionality tracks or logs alarmsgenerated by the IPsec application. An alarm Management Information Base(MIB) is used to define alarm models for particular types of events generatedby the application. Generation of the alarms is configured using the CLI. Useconfiguration commands to enable or disable the generation of each alarm.
New alarms are generated for IPsec tunnel failures and RSA certificateincidents. IPsec tunnel failures include loss of a route to a peer, an ASP, or aline card. Alarms are generated for both static and dynamic tunnels.
Use the following command to enable alarms for tunnels:
(config-tunnel)#[no] alarms
RSA certificate alarms are generated when an RSA certificate is missing orinvalid. An RSA certification warning alarm can also alert you when a certificateis due to expire.
[local]Redback(config)#[no] pki alarms certificateself|trusted missing
You can configure the interval between the alarm generation and the certificateexpiration dates.
[local]Redback(config)#pki alarms certificate self|trustedexpiry interval
64 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
For more information, see the Alarms section in Advanced Services FaultManagement Guide.
2.5.4.3 Route Distribution for IPsec Routes
Dynamic IPsec routing entries can now be redistributed into other routingprotocols. This feature is supported under the IPv4 unicast address family.
Configuration modes of the following routing protocols are enhanced for thisfeature:
• IS-IS
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
• Border Gateway Protocol (BGP)
The following commands have been enhanced to include the new keyword,ipsec, to export IPsec routes into other routing protocols:
• redistribute { [ connected | ipsec | isis instance [level-1| level-2] | nat | ospf instance [internal | [external][nssa-external] | rip instance | static [dvsr] | subscriber[address | static]} [route-map map-name]
• redistribute {bgp asn | connected | ipsec | isis instance-name
| nat | ospf instance-id [match {external-type-1 | external-type-2 | inter-area | intra-area | nssa-external-type-1|nssa-external-type-2}] | rip instance-name | static [dvsr] |subscriber [address | static]} [level-1 | level-2] [metricmetric] [metric-type {internal | external}] [route-map map-name]
• redistribute {bgp asn | connected | ipsec | isis instance
[level-1 | level-2] | nat | ospf instance [external [type-1 |type-2]] [inter-area] [intra-area] [nssa [type-1 | type-2]] | ripinstance | static [dvsr] | subscriber [address | static]} [metricmetric] [metric-type type] [route-map map-name] [tag tag]
• redistribute {bgp asn | connected | ipsec |isis instance
[level-1 | level-2 | level-1-2 ] |nat | ospf instance [match{external-type-1 | external-type-2 | inter-area | intra-area |nssa-external-type-1| nssa-external-type-2}] | rip instance |static [dvsr] | subscriber [address | static]} [metric metric][route-map map-name]
For more information on commands, refer to Commands: r, Reference [5].
659/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
2.5.4.4 AAA Downloads for IPv6 Routes
The AAA Route Download feature allows configuration and advertising ofaccess framed routes before they are assigned to subscribers, which helpseliminate delays that can be caused by protocol convergence during a largenumber of simultaneous activations. This AAA Route Download feature hasbeen enhanced to support framed IPv6 routes. The number of routes that canbe downloaded from the route download server is as follows: • XC4—50KIPv6 + 100K IPv4 routes, or 100K IPv6-only routes over a 4-minute period •SE100—8K IPv6 + 12K IPv4 routes, or 16K IPv6-only routes over a 4-minuteperiod
2.5.4.5 Bulkstats Support for IPsec
Bulkstats functionality is now extended to IPsec. Bulkstats writes IPsecstatistics to a file at regular intervals, and the file is uploaded to a syslog(FTP/SFTP/SCP) server based on the configured transfer interval. Protocolsused include: File Transfer Protocol (FTP), Secure File Transfer Protocol(SFTP) and Secure Copy Protocol (SCP).
New bulkstats schema profiles are added for global-level, tunnel-level, andASP-level statistics. To implement this feature, the following bulkstats schemaprofiles are added in the bulkstats schema profile command:
• ipsec
IPsec schema profile.
• ipsec tunnel
IPsec statistics at the tunnel-level.
• ipsec global
IPsec statistics at the global-level.
• ipsec asp
IPsec statistics at the ASP-level.
For more information, refer to Commands: am through b, Reference [4].
To enable bulkstats for IPsec, the bulkstats ipsec schema command isadded at the tunnel, global, and ASP command modes. For more information,refer to IPsec VPN Command Reference, Reference [20] and Security ServiceCommand Reference, Reference [21].
Output of the show tunnel ipsec name tunnel-name statisticsike command is modified to display bulkstats parameters.
66 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
2.5.4.6 IPsec Support for ASE2 Card
Porting IPsec to a ASE2 card provides the following advantages:
• Faster network processor for better performance
• For security applications, memory is divided between control plane anddata plane applications. IPsec needs more memory for control plane (forIKE scaling).
2.5.4.7 APS Support for POS Line Cards
This feature adds automatic protection switching (APS) support for the followingPacket over SONET/SDH (POS) line cards:
• 8-port POS OC3c/STM-1c
• 4-port POS OC12c/STM-4c
• 4-port POS OC48c/STM-16c
Note: MLPPP is not supported for the OC3c/STM-1c, OC12c/STM-4c, OROC48c/STM16c cards. MLPPP applies only to the Channelized8/4-port OC-3/STM-1 or 2/1-OC-12/STM-4 line cards.
2.5.4.8 Phase 1 Implementation of ITU-T Y.1731
In this release, a subset of ITU-T Recommendation Y.1731, "OAM functionsand mechanisms for Ethernet based networks" is implemented in theSmartEdge OS. Y.1731 defines the ability to measure service performanceparameters such as frame loss ratio, frame delay, and frame delay variation inpoint-to-point Ethernet connections.
Previously, the system supported only IEEE 802.1ag, which shares a commonset of functions with Y.1731. For complete information about the implementationof Y.1731, see Configuring Ethernet CFM.
The following restrictions and limitations apply to this feature:
• The hardware restrictions of the 802.1ag implementation in SmartEdge OSalso apply to the Y.1731 implementation.
• The scaling and performance limitations of the 802.1ag implementation inSmartEdge OS also apply to the Y.1731 implementation.
• Circuits not supported under CFM are not supported for Y.1731.
• 100 microsecond accuracy is supported for two-way Ethernet delaymeasurements (ETH-DM).
• Only a single maintenance association endpoint (MEP) per incoming oroutgoing circuit is supported at a MEG level. (A MEG is the same as anMA in 802.1ag.)
679/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• In Phase I, Y.1731 is not supported on transport-enabled circuits and somelink-groups.
Table 19 shows the Y.1731 features that are supported in Phase I.
Table 19 Supported Y.1731 Features
L2 Service XCL2VPN VLL
(Access Circuit)VPLS (Access
Circuit) Bridge (Bind Int) Bind Int (L3)
Port (*eth) X X X X X
VLAN X X X X X
QinQ X X X X X
Raw encap VLAN X X X X X
Access LAGEconomical (Port)max links = 1 X X X X X
Access LAGEconomical (.1Q)max links = 1 X X X X X
Access LAGEconomical (QinQ)max links = 1 X X X X X
The following CLI commands are new or enhanced:
• ethernet-cfm measure-delay
This new command initiates monitoring of Ethernet frame delay andframe delay variation. The frame delay measurements are derived fromSmartEdge OS software timestamps.
• show ethernet-cfm database
This enhanced command has no new CLI keywords or arguments. Thecommand output has been extended to show ETH-DM counters under theMEP detailed output.
• show ethernet-cfm circuit
This enhanced command has no new CLI keywords or arguments. Thecommand output has been extended to show MEP counter values forY.1731 frames.
2.5.4.9 Phase 2 Implementation of ITU-T Y.1731
In this release, a further subset of ITU-T Recommendation Y.1731, "OAMfunctions and mechanisms for Ethernet based networks" is implemented in theSmartEdge OS. 802.1p priority can now be set for CCM messages. The priorityset for these messages is used in the ETH-LB and ETH-LT frames of 802.1ag.Additionally, the maintenance association ID (MAID) can now be entered eitherin 802.1ag style or in ICC based Y.1731 style.
68 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
For complete information about the implementation of Y.1731, see ConfiguringEthernet CFM.
The following restrictions and limitations apply to this feature:
• The hardware restrictions of the 802.1ag implementation in SmartEdge OSalso apply to the Y.1731 implementation.
• The scaling and performance limitations of the 802.1ag implementation inSmartEdge OS also apply to the Y.1731 implementation.
• Circuits not supported under CFM are not supported for Y.1731.
• Only a single maintenance association endpoint (MEP) per incoming oroutgoing circuit is supported at a MEG level. (A MEG is the same as anMA in 802.1ag.)
• Y.1731 measurement cannot be initiated from or sent to a maintenancedomain intermediate point (MIP).
The following CLI commands are new or enhanced:
priority (maintenance association)
This new command sets the 802.1p priority level for CFM message CCM,ETH-LB, and ETH-LT frames. CCMs, ETH-LB, and ETH-LT frames are priorityagnostic; no errors are flagged on priority mismatch. Upon a mismatch betweenthe frames received and the priority configured, the priority of the incomingLB/LT/LM frames is used. The configured 802.1p priority is used for the OAMtraffic initiated from the MEP. The incoming priority of the LB/LT/LM frames isused to respond back to those OAM frames.
maintenance-association
This enhanced command has the new CLI keyword icc. By default, theMAID is entered in IEEE 802.1ag format. Enabling icc allows the MAID tobe specified in ICC (Y.1731) format instead. When ICC is enabled, both thedomain name and MA name must be specified in ICC format; the ICC MEgroup (MEG) ID/MAID is 13 characters, where the first bit is 0 followed by a6-character ICC code and a 6-character unique MEG ID code (UMC). Mismatchof MAIDs are reported as configuration errors.
show ethernet-cfm database (ma)
The output of this command is enhanced to show the MEG-ID type (802.1ag orICC) and the 802.1p priority setting.
2.5.4.10 OpenSSH Upgrade
The SmartEdge OS uses OpenSSH to authenticate users and provide secureshell access to the router. In this release, OpenSSH is upgraded to version5.8p1.
699/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
With this upgrade, the SmartEdge OS SSH client supports only SSH version2 protocol. Previously, the SSH client supported both versions 1 and 2. Ifthe SSH server running on the remote end only has SSH version 1 protocolenabled, the connection will not be established. To resolve this, enable version2 at the remote end.
This feature causes no changes to existing configurations and makes nochanges to existing CLI commands.
2.5.4.11 Additional Data Collection Commands
Additional CLI commands are provided to collect data from the SmartEdge OSwhen a problem or outage occurs at the customer node. These commandspreviously existed but were restricted to internal Ericsson use only. They noware available for the customer to use to quickly and efficiently capture the dataneeded by Ericsson support engineers for root cause analysis. This featurecauses no changes to default system behavior.
Note: The output of the command is intended for use by support engineers,so the output format may appear different than typical show commandoutput formats and may not be readable.
Warning!
Some show card commands may impact card performance.
The following new commands are provided:
• show card
• show card acl log
• show card adjacency
• show card atm table
• show card circuit
• show card clips
• show card dot1q table
• show card fib
• show card ism
• show card link group
• show card mpls
70 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
• show card nat
• show card packet local statistics
• show card port
• show card ppp
• show card pppoe
• show card qos
• show card traffic
• show ism circuit
• show ism global
• show ism interface
• show ism linkgroups
• show log events
2.5.4.12 ECC Log Messages on the 8-port ATM OC-3c/STM-1c and 2-port ATMOC-12c/STM-4c Line Cards
The 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c line cardsnow support new log messages for ECC errors. These errors are recorded tothe syslog on the Controller card and can be seen in the output of the showsystem redundancy command.
Following are examples of ECC log messages:
• Thu Jun 16 13:55:43 2011 : atmscSarcECC[linecard slot 12][1]:UNcorrectable SRAM ECC ERROR (1) @0x3166db00Thu Jun 16 13:55:43 2011 : errIntf=2 eccWord=3
• Thu Jun 16 14:21:43 2011 : atmscSarcECC[linecard slot 12][0]:UNcorrectable SDRAM ECC error (1) @0x40000000Thu Jun 16 14:21:43 2011 : eccSyndrome 0x0F4
• Thu Jun 16 14:25:43 2011 : atmscSarcECC[linecard slot 12][0]:correctable SDRAM ECC error (1) @0x40000000Thu Jun 16 14:25:43 2011 : eccSyndrome 0x029
• Thu Jun 16 18:47:34 2011 : atmscSarcECC[linecard slot 12][0]:correctable SRAM ECC ERROR (1) eccBitPos 0x0Thu Jun 16 18:47:34 2011 : @0x30001400 eccIntf=2 eccWord=1
Information in these messages includes the following:
719/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
• The number mentioned in parentheses () in the second line of eachmessage is the lowest 16 bits of the count of the number of occurrencesof that type of error.
• @0x is the address at which the ECC error occurred.
• eccSyndrome is calculated by the hardware.
• eccBitPos, indicated in the correctable SRAM ECC error, is the errorbit position number.
• eccIntf indicates which system performed the SRAM access that causedthe error.
• eccWord indicates whether the error occurred in the lower or upper word(or both).
If these errors occur in the log, save the logs and contact your local technicalrepresentative or the Ericsson Technical Assistance Center (TAC).
2.5.4.13 PPA Feature Support
Note: For information about which traffic cards support each PPA version,see the device hardware guides.
Table 20 describes PPA support for features described in this section.
Table 20 PPA Feature Support
Feature PPA2 PPA3 Notes
IPv6 Support for PPA2 andPPA3-Based ATM LineCards and MIC
Yes Yes
IPsec Tunnel State Changeand RSA Certificate Alarms
Yes Yes
Route Distribution for IPsecRoutes
Yes Yes
AAA Downloads for IPv6Routes
Yes Yes
Bulkstats Support for IPsec Yes Yes
IPsec Support for ASE2Card
Yes Yes
Alarm Support for IPsec Yes Yes
APS Support for POS LineCards
Yes Yes
Phase 1 Implementation ofITU-T Y.1731
Yes Yes
72 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
General Impact
Table 20 PPA Feature Support
Feature PPA2 PPA3 Notes
Phase 2 Implementation ofITU-T Y.1731
Yes Yes
OpenSSH Upgrade Yes Yes This feature is supported only on systemswith either XCRP4 or SMRP2 Controllercards and on systems running NetBSD OS.
Additional Data CollectionCommands
Yes Yes
ECC Log Messageson the 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards
Yes No This feature is only supported on the8-port ATM OC-3c/STM-1c and 2-port ATMOC-12c/STM-4c line cards.
2.6 Obsolete Features
The following features were removed, replaced by others, or were renamed inthis release:
2.6.1 Support for Route Map Resequencing Removed
With the continue command for route maps added in this release, supportfor route map resequencing on the SmartEdge router has been removed.The resequence route-map command (in context configuration mode) isno longer available).
2.6.2 Support for SSHv1 Client Removed
The SmartEdge OS uses OpenSSH to authenticate users and provide secureshell access to the router. In this release, OpenSSH is upgraded to version5.8p1. With this upgrade, the SmartEdge OS SSH client supports only SSHversion 2; SSH version 1 is not supported.
2.7 Other Network Elements
The Secure RTP feature has a dependency on the Session Gateway Controller(SGC) node: the SGC must also support Secure RTP.
739/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
3 Summary of Impacts Per Feature
This section summarizes the impact of each feature on the system. (For specificinformation about the impact of individual features, see the description of thefeature in Section 2.5 on page 13.) It is organized by the Market Applicationssupported by the SEOS. The description of impacts is as follows:
• "Major Impact" means one or more of the following:
The feature includes an incompatible change, such that another noderequires an update.
New hardware is required to use the feature.
• "Minor Impact" means that the feature includes changes that affect othernodes but with additional configuration, the previous behavior can beretained.
• "No Impact" means that the feature has no impact on the system.
• "Basic" means that the feature is enabled by default.
• "Optional" means that the feature requires an additional license orconfiguration.
• "New" means that the feature is new.
• "Enhanced" means that the feature is enhanced.
3.1 Broadband Remote Access Server and Metro Ethernet
Table 21 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard Configuration
Major Impact(new hardware)
Basic/New(hardware)
MLPPP Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard
Major Impact(new hardware)
Optional/New (onthis hardware)
74 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Summary of Impacts Per Feature
Table 21 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
PWFQ Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard
Major Impact(new hardware)
Optional/New (onthis hardware)
APS Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard
Major Impact(new hardware)
Optional/New (onthis hardware)
Control Packet RateLimiting Supportfor 8-port ATMOC-3c/STM-1cand 2-port ATMOC-12c/STM-4c LineCards
Major Impact(new hardware)
Optional/New (onthis hardware)
CESoPSN Pseudowires
Major Impact(new hardware)
Optional/New
SAToP Pseudowires Major Impact(new hardware)
Optional/New
Multicast Supporton Port PseudowireCircuits
No Impact Optional/Enhanced
Increased PortPseudowire Capacity
No Impact Basic/Enhanced
DVSR, OSPF, andIS-IS Support on PortPseudowire Circuits
No Impact Optional/Enhanced
Control Word, VCCV,and QoS PropagationEnabled for Port PW
No Impact Optional/Enhanced
Enhancements tothe "local-as" BGPCommand
No Impact Optional/Enhanced
Inter-Context Routing iniBGP
No Impact Optional/New
759/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 21 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
Site of Origin Availablein BGP ExternalCommunity Attribute
No Impact Optional/Enhanced
IPv6 Single-HopBidirectionalForwarding for StaticRoutes and eBGP
No Impact Optional/New
Single-SessionBidirectionalForwarding over LAG
No Impact Optional/Enhanced
Fast Convergence ofOSPFv3 Using SPFTimers
No Impact Optional/Enhanced
Non-Stop OSPFRouting
No Impact Optional/New
Change in Processingfor "redistribute" (IS-IS)Command
Minor Impact(see Section2.5 on page13)
Optional/Enhanced
Multihop RouteAdvertisement ForInter-AS L3VPNs
No Impact Optional/Enhanced
Policy Based Routingfor IPv6 redirect
No Impact Optional/Enhanced
IPv6 LAG - QoS andACL Support
No Impact Optional/Enhanced
Continue Logic in RouteMaps
No Impact Optional/Enhanced
New Match Criteria forIPv6 ACLs
No Impact Optional/Enhanced
BGP MDT PIMSSM-SourceAuto-Discovery
No Impact Optional/New
IGMP CAC at S-VLANLevel
No Impact Optional/Enhanced
LNS Support for IPv6Subscribers
No Impact Optional/Enhanced
76 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Summary of Impacts Per Feature
Table 21 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
Three-VLAN-TagSupport for VPLS andL2VPN
No Impact Optional/New
LDP over RSVP No Impact Optional/New
Enhanced CarrierGrade NAT
No Impact Optional/Enhanced
Can be configured to work withupdated NetFlow collector forNAT logs.
Enhanced CarrierGrade NAT Support forHitless Access LAG
No Impact Optional/New Can be configured to work withupdated NetFlow collector forNAT logs.
Enhanced CarrierGrade NAT Supportfor Economical AccessLAG and LNS
No Impact Optional/New Can be configured to work withupdated NetFlow collector forNAT logs.
DHCP Split LeaseEnhancement
No Impact Optional/Enhanced
Dynamic CLIPS on802.1Q On-DemandPVCs
No Impact Optional/Enhanced
Service Activation andDeactivation in a SingleCoA Request
No Impact Optional/Enhanced
RSE Service ActivationDuring Change ofAuthorization in Case ofStack Mismatch
No Impact Optional/Enhanced
IPCP Subnet MaskNegotiation Option
No Impact Optional/Enhanced
New Command forSetting the Duration ofSubscriber Sessions
No Impact Optional/Enhanced
IPv4 AddressConservation inDual-Stack SubscriberEnvironments
No Impact Optional/New Requires support on the RADIUSserver.
Event Accountingfor IPv4/v6 StackTransition Events
No Impact Optional/Enhanced
779/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 21 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
AuthenticationSuppression afterSession Limit isReached
No Impact Optional/Enhanced
Increase in the Numberof Maximum Sessions
No Impact Optional/Enhanced
PPPoE CCOD StartupTimer
No Impact Optional/Enhanced
3.2 Border Gateway Function
Table 22 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
Secure RTP: E2E andE2AE
No Impact Optional/New Requires support on the SGC.
MSRP Back-to-Back UserAgent
No Impact Optional/New
ICMP Error Handling No Impact Basic/New
Enhanced Media InactivityDetection
No Impact Basic/Enhanced Requires support on the SGC.
Zero UDP ChecksumPacket Support forIPv4-to-IPv6 Conversion
No Impact Basic/Enhanced
Bulkstats Support forStatistics Counters
No Impact Basic/New
Secure MSRP No Impact Optional
IPv6 InfrastructureEnhancements forSmartEdge BGF
No Impact Enhanced
78 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Summary of Impacts Per Feature
3.3 Deep Packet Inspection
Table 23 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
Enhanced Subscriber-Based Balancing
No Impact Optional/Enhanced
DPI Support for ASE2 Card MajorImpact(newhardware)
Optional/New
URL Detection Support forASE Card
No Impact Optional/New
3.4 Platform
Table 24 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
IPv6 Support for PPA2 andPPA3-Based ATM LineCards and MIC
No Impact Basic/Enhanced.
IPsec Tunnel State Changeand RSA Certificate Alarms
No Impact Optional/New
Route Distribution for IPsecRoutes
No Impact Optional/New
AAA Downloads for IPv6Routes
No Impact Optional/Enhanced
Bulkstats Support for IPsec No Impact Optional/New
IPsec Support for ASE2Card
MajorImpact(newhardware)
Optional/New
Alarm Support for IPsec No Impact Optional/Enhanced
APS Support for POS LineCards
No Impact Basic/New
799/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
Table 24 Summary of Impacts
Feature Impact Basic orOptional
New orEnhanced
Relation to Other Features orNodes
Phase 1 Implementation ofITU-T Y.1731
No Impact Basic/New
Phase 2 Implementation ofITU-T Y.1731
No Impact Basic/Enhanced
OpenSSH Upgrade No Impact Basic/Enhanced.
Additional Data CollectionCommands
No Impact Basic/Enhanced.
ECC Log Messageson the 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards
No Impact Basic/New
4 Additional Information
This section describes additional information, including new or changeddocumentation.
4.1 New Documentation
With this release, the following documents have been added to the SmartEdgerouter documentation library:
• BGF Troubleshooting Guide
To view the new document, open the Troubleshooting folder in the FaultManagement folder.
• SmartEdge System Description
To view the new document, open the Product Overview folder.
80 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Additional Information
With this release, the following documents have been added to the SmartEdgerouter and SM family router documentation libraries:
• Configuring CESoPSN Pseudowires
To view the new document, open the MPLS Routing folder in theConfiguration Management folder.
• Configuring SAToP Pseudowires
To view the new document, open the MPLS Routing folder in theConfiguration Management folder.
4.2 Obsolete Documentation
With this release, the following documents are obsolete in the SmartEdgerouter documentation library.
SmartEdge OS Product Overview
This document has been replaced by the SmartEdge System Description.
819/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
82 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Glossary
Glossary
6PEIPv6 address on the provider edge
ACattachment circuit
ACLaccess control list
AFaddress family
APSAutomatic Protection Switching
ASEAdvanced Services Engine
ASNautonomous system number
ASPAdvanced Services Processor
ATMAsynchronous Transfer Mode
B2BUABack-to-Back User Agent
BFDBidirectional Forwarding
BGFBorder Gateway Function
BGPBorder Gateway Protocol
BRASBroadband Remote Access Server
C-VLANcustomer VLAN
CACCall Admission Control
CFMconnectivity fault management
CCMcontinuity check message
CCODcircuit creation on demand
CESCircuit Emulation Service
CESCircuit Emulation Services
CESoPSNCircuit Emulation Services over PacketSwitched Network
CESoPSNCircuit Emulation Services Over PacketSwitched Network
CGNCarrier Grade NAT
CLIcommand-line interface
CLIPSClientless IP Service Selection
CoAChange of Authentication
CoSClass of Service
CSRCustomer Service Request
DHCPDynamic Host Control Protocol
DHCPv6Dynamic Host Configuration Protocol Version6
839/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
DHCPv6-PDDynamic Host Configuration Protocol forIPv6-Prefix Delegation
DoSDenial of Service
DPIDeep Packet Inspection
DS0
DSCPDifferentiated Services Code Point
E2AEEnd to Access Edge
E2EEnd to End
eBGPexternal Border Gateway Protocol
ETH-DMEthernet delay measurements
ETSIEuropean Telecommunication StandardsInstitute
FPGAField-Programmable Gate Array
FQDNfully qualified domain name
FSSBFile System Server Blade
FTPFile Transfer Protocol
GAGeneral Availability
GREGeneric Routing Encapsulation
HTTPHypertext Transfer Protocol
iBGPinternal Border Gateway Protocol
ICCITU carrier code
IETFInternet Engineering Task Force
IGMPInternet Group Management Protocol
IGPInterior Gateway Protocol
IKEv1Internet Key Exchange Version 1
IKEv2Internet Key Exchange Version 2
IPInternet Protocol
IPoEIP over Ethernet
IPsecInternet Protocol Security
iPPAProcessing ASIC
IPv4Internet Protocol Version 4
IPv6Internet Protocol Version 6
IS-ISIntermediate System-to-Intermediate System
IWFinterworking function.
L2Layer 2
L2TPLayer 2 Tunneling Protocol
L2TPv3Layer 2 Tunneling Protocol version 3
84 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Glossary
L2VPNLayer 2 Virtual Private Network
L3Layer 3
L3VPNLayer3 Virtual Private Network
LACL2TP access concentrator
LAGLink Aggregation
LANlocal area network
LDPLabel Distribution Protocol
LNSL2TP network server
LSPlabel-switched path
LSPs(LDP) over Resource Reservation Protocol(RSVP) for single-hop and multi-hop RSVPlabel-switched paths
LSRlabel-switched router
LSRsLSP and protected against link and nodefailures between label-switched routers
MAIDmaintenance association ID
MDTmulticast distribution tree
MDTMulticast traffic between PE routers isforwarded over the multicast distribution tree
MEPmaintenance association endpoint
MGMedia Gateway
MGCMedia Gateway Controller
MIBManagement Information Base
MICMedia Interface Card
MIDMessage ID
MLPPPMultilink Point to Point Protocol
MPLSMultiprotocol Label Switching
MSRPMessage Session Relay Protocol
mVPNmulticast VPN
NATNetwork Address Translation
NDNeighbor Discovery
NFRRnext-hop fast reroute
NIRNetwork Impact Report
OAMoperations, administration, and maintenance
ORFOutbound Route Filter
OSPFOpen Shortest Path First
OSPFv3Open Shortest Path First version 3
P2PPoint-to-Point
859/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
P2MPpoint-to-multipoint
PADIPPPoE Active Discovery Packet
PBRPolicy Based Routing
PDPrefix Delegation
PDHPlesiochronous Digital Hierarchy
PEprovider edge
PFEPacket Forwarding Engine
PIM-SMProtocol Independent Multicast - Sparse Mode
PIMProtocol Independent Multicast
PIM-SSMPIM Source Specific Multicast
PIM-SSMProtocol Independent Multicast -source-specific multicast
PKIPublic Key Infrastructure
POSPacket over SONET/SDH
PPAPacket Processing ASIC
PPPPoint to Point Protocol
PPPoAPoint-to-Point Protocol over AsynchronousTransfer Mode
PPPoEPoint to Point Protocol over Ethernet
PPPoEPoint-to-Point Protocol over Ethernet
PSN(PWE) transparently carry time-division-multiplexing (TDM) circuits over a packet-switchednetwork
PVCPermanent Virtual Circuit
PWpseudowire
PWEPseudowire Emulation
PWE31—"Pseudowire Emulation Edge to Edge
PWE31—Pseudowire Emulation Edge to Edge
PWFQPriority Weighted Fair Queuing
QDQoS descriptor
QoSquality of service
RADIUSRemote Authentication Dial-In User Service
RFCRequest for Comments
RIPRouting Information Protocol
RIPngRouting Information Protocol next generation
RMRRemote Multicast Replication
RPRendezvous Point
RPFReverse Path Forwarding
86 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Glossary
RSARivest-Shamir-Adelman
RSERADIUS Service Engine
RSVPReservation Protocol
RSVPResource Reservation Protocol
S-VLANservice VLAN
SAFISubsequent Address Family Identifiers
SAToPStructure-Agnostic TDM over Packet
SAToPStructure-Agnostic TDM over Packet
SCPSecure Copy Protocol
SDHSynchronous Digital Hierarchy
SFTPSecure File Transfer Protocol
SGCSession Gateway Controller
SNMPSimple Network Management Protocol
SMRPSM Route Processor
SONETSynchronous Optical Networking
SoOSite of Origin
SPTshortest-path tree
T1/E1TDM bitstreams
TCPTransmission Control Protocol
TLSTransport Layer Security
TMTraffic Management
ToSType of Service
TR-101Technical Report 101
UDPUser Datagram Protocol
UTCCoordinated Universal Time
VCCVVirtual Circuit Connectivity Verification
VLANvirtual LAN
VLLvirtual leased line
VMGVirtual Media Gateway
VPLSVirtual Private LAN Services
VPNVirtual Private Network
VSAVendor-Specific Attribute
XCcross connect
XCRPCross-Connect Route Processor
879/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
88 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
Reference List
Reference List
SmartEdge OS Software (EN/LZN 783 0011/1)
[1] Application Traffic Management Configuration and Operation, 1543-CRA119 1170/1 Uen
[2] BGF Troubleshooting GuideFAULT TRACING DIRECT, 16/154 51-CRA 119 1170/1
[3] CLI Commands Command List, 1/190 77-CRA 119 1170/1
[4] Commands: am through b, 2/190 82-CRA 119 1170/1 Uen
[5] Commands: r, 15/190 82-CRA 119 1170/1 Uen
[6] Configuring ATM, Ethernet, and POS Ports, 9/1543-CRA 119 1170/1
[7] Configuring Bridging, 7/1543-CRA 119 1170/1
[8] Configuring CESoPSN Pseudowires, 95/1543-CRA 119 1170/1
[9] Configuring Channelized Ports, 93/1543-CRA 119 1170/1
[10] Configuring CLIPS, 63/1543-CRA 119 1170/1
[11] Configuring Ethernet CFM, 52/1543-CRA 119 1170/1
[12] Configuring IPv6 Subscriber Services, 85/1543-CRA 119 1170/1
[13] Configuring NAT Policies, 28/1543-CRA 119 1170/1
[14] Configuring NTP, 34/1543-CRA 119 1170/1
[15] Configuring Port Pseudowire Connections, 90/1543-CRA 119 1170/1
[16] Configuring Rate-Limiting and Class-Limiting, 55/1543-CRA 119 1170/1
[17] Configuring SAToP Pseudowires, 96/1543-CRA 119 1170/1
[18] Enterprise MIBs, 2/198 18-CRA 119 1170/1
[19] Installing the SmartEdge OS, 1/190 47-CRA 119 1170/1
[20] IPsec VPN Command Reference, 2/190 80-CRA 119 1170/1 Uen
[21] Security Service Command Reference, 1/190 80-CRA 119 1170/1 Uen
[22] SmartEdge Border Gateway Function Network Impact Report, 1/10921-CRA 119 1170/1
899/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09
SmartEdge OS Release 11.1.2.3
[23] SmartEdge OS Release 11.1.2.1 Network Impact Report, 8/109 48-CRA119 1170/1
Other CPI
[24] SM 480 Hardware Guide , 3/153 30-CRA 119 1023/1
[25] SM 240 Hardware Guide , 1/153 30-CRA 119 1022/1
[26] SmartEdge Border Gateway Function Survey, 155 13-CRA 119 1170/1
Standards and Recommendations
[27] The control of jitter and wander within the optical transport network, ITU-TRecommendation G.8251
[28] ETHER-WIS-MIB, RFC 3637
[29] ETHERLIKE-MIB, RFC 2665
[30] IF-INVERTED-STACK-MIB, RFC 2864
[31] Internet Protocol, Version 6 (IPv6) Specification, RFC 2460
[32] Link Aggregation, IEEE 802.3ad
[33] The Message Session Relay Protocol (MSRP), RFC 4975
[34] Network node interface for the optical transport network (OTN) ITU-TRecommendation G.709
[35] OAM functions and mechanisms for Ethernet based networks, ITU-TRecommendation Y.1731
[36] The Secure Real Time Protocol (SRTP), RFC 3711
[37] Structure-Agnostic Time Division Multiplexing (TDM) over Packet(SAToP), RFC 4553
[38] Structure-Aware Time Division Multiplexed (TDM) Curcuit EmulationService over Packet Switched Network (CESoPSN), RFC 5086
[39] Technical Specification Group Services and System Aspects; Vocabularyfor 3GPP Specifications, 3GPP TR 21.905
[40] Telecommunications and Internet converged Services and Protocols forAdvanced Networking (TISPAN); Resource and Admission Control: H.248Profile for controlling Border Gateway Functions (BGF) in the Resourceand Admission Control Subsystem (RACS); Protocol specification, ETSITISPAN ES 283 018 v2.5.0 (2008-11)
[41] WAN Interface Sublayer, IEEE 802.3ae
90 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09