Cisco 12000 Series Internet Router Architecture-Packet Switching
- 格式:pdf
- 大小:144.89 KB
- 文档页数:8
IR12000系列智能路由器配置指南浪潮思科网络科技有限公司(以下简称“浪潮思科”)为客户提供全方位的技术支持和服务。
直接向浪潮思科购买产品的用户,如果在使用过程中有任何问题,可与浪潮思科各地办事处或用户服务中心联系,也可直接与公司总部联系。
读者如有任何关于浪潮思科产品的问题,或者有意进一步了解公司其他相关产品,可通过下列方式与我们联系:公司网址:/技术支持热线:400-691-1766技术支持邮箱:*************************技术文档邮箱:*************************客户投诉热线:400-691-1766公司总部地址:山东省济南市历下区浪潮路1036号邮政编码:250000―――――――――――――――――――――――――――――――――――――声明Copyright ©2018浪潮思科网络科技有限公司版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本书内容的部分或全部,并不得以任何形式传播。
是浪潮思科网络科技有限公司的注册商标。
对于本手册中出现的其它商标,由各自的所有人拥有。
由于产品版本升级或其它原因,本手册内容会不定期进行更新。
除非另有约定,本手册仅作为使用指导,本手册中的所有陈述、信息和建议不构成任何明示或暗示的担保。
前言手册说明本书介绍IR12000系列产品支持的路由、组播、MPLS、VPN、可靠性等功能的配置过程和配置实例。
读者对象本书适用于下列人员阅读:•规划工程师•调测工程师•维护工程师内容介绍本书的章节名及其概要如下。
本书约定1.安全符号约定在本书中可能出现下列安全符号,所代表的含义如下。
2.命令格式约定在本书中可能出现下列命令符号,所代表的含义如下。
目录前言 (iii)目录 (1)1系统管理 (18)1.1设备连接管理 (18)1.1.1配置Console口连接 (18)1.1.2配置Telnet连接 (19)1.1.3配置SSH连接 (22)1.1.4配置设备作为FTP服务器 (26)1.1.5配置设备作为FTP客户端 (28)1.1.6配置TFTP连接 (30)1.1.7配置设备作为SFTP服务器 (32)1.1.8配置设备作为SFTP客户端 (33)1.2缺省配置 (34)1.2.1缺省用户名和密码配置 (34)1.2.2管理口缺省IP配置 (37)1.2.3设备恢复出厂配置 (38)1.3文件系统管理 (38)1.3.1配置文件系统管理 (38)1.3.2文件系统基本配置实例 (40)1.3.3将配置文件备份到USB的配置实例 (40)1.4MIM (41)1.4.1配置MIM (41)1.4.2MIM配置实例 (42)1.5用户管理 (43)1.5.1配置用户管理 (43)1.5.2本地认证授权用户配置实例 (47)1.5.3RADIUS-LOCAL认证授权用户配置实例 (48)1.5.4TACACS+认证授权用户配置实例 (49)1.5.5密码恢复配置实例 (50)1.5.6OAM安全管理配置实例 (52)1.5.7密码有效期配置实例 (53)1.5.8首次登录修改密码配置实例 (55)1.5.9用户权限配置实例 (56)1.6命令权限分级 (58)1.6.1配置命令权限 (58)1.6.2命令权限分级配置实例 (59)1.7SNMP (63)1.7.1配置SNMP (63)1.7.2配置SNMP防暴力攻击 (67)1.7.3SNMP配置实例 (68)1.7.4SNMP防暴力攻击配置实例 (71)1.8告警 (72)1.8.1配置告警 (72)1.8.2告警配置实例 (76)1.9SYSLOG (78)1.9.1配置SYSLOG (79)1.9.2SYSLOG配置实例 (80)1.10时钟与时钟同步 (81)1.10.1配置NTP (81)1.10.2IR12000作为NTP客户端配置实例 (83)1.10.3IR12000作为NTP服务器端配置实例 (84)1.11性能统计 (85)1.11.1配置性能统计 (85)1.11.2性能统计配置实例 (86)1.12NetFlow (87)1.12.1配置NetFlow (87)1.12.2NetFlow V5版本采集配置实例 (92)1.12.3NetFlow V8版本采集配置实例 (94)1.12.4NetFlow V9版本采集配置实例 (95)1.12.5NetFlow IPFIX版本采集配置实例 (97)1.12.6NetFlow采样信息支持IPv6配置实例 (99)1.13SQA (100)1.13.1配置SQA (100)1.13.2ICMP类型的SQA配置实例 (102)1.13.3FTP类型的SQA配置实例 (104)1.13.4TCP类型的SQA配置实例 (105)1.13.5UDP类型的SQA配置实例 (106)1.13.6DNS类型的SQA配置实例 (107)1.14网络层检测 (108)1.14.1配置ICMP快速响应 (108)1.14.2配置IP源路由选项处理 (110)1.14.3配置ICMP不可达报文有效 (112)1.14.4配置接口发送报文不可达有效 (113)1.14.5配置IP Ping (114)1.14.6配置IP Trace (116)1.14.7配置LSP Ping (118)1.14.8配置LSP Trace (123)1.14.9配置组播Ping (126)1.14.10配置组播Trace (128)1.14.11配置IP调试命令 (129)1.15LLDP (129)1.15.1配置LLDP (129)1.15.2LLDP邻居配置实例 (131)1.15.3LLDP常用属性配置实例 (132)2接口配置 (134)2.1接口基础 (134)2.1.1配置IP地址 (134)2.1.2配置IP MTU (135)2.1.3配置接口MTU (135)2.1.4启动或关闭接口 (136)2.1.5配置接口别名和描述信息 (137)2.1.6配置接口VRF绑定 (137)2.1.7接口信息查看命令 (138)2.1.8IP主地址配置实例 (139)2.1.9IP辅地址配置实例 (140)2.1.10IP MTU配置实例 (142)2.1.11接口MTU配置实例 (143)2.2以太网接口 (144)2.2.1配置以太网接口 (144)2.2.2以太网接口配置实例 (145)2.3VLAN (146)2.3.1配置VLAN子接口 (147)2.3.2配置VLAN Range子接口 (147)2.3.3配置VLAN TPID (148)2.3.4VLAN子接口配置实例 (148)2.3.5VLAN Range子接口配置实例 (150)2.3.6VLAN TPID配置实例 (152)2.4QinQ (153)2.4.1配置QinQ子接口 (153)2.4.2配置QinQ Range子接口 (154)2.4.3QinQ子接口配置实例 (155)2.4.4QinQ Range子接口配置实例 (156)2.5SuperVLAN (158)2.5.1配置SuperVLAN (158)2.5.2SuperVLAN综合配置实例 (159)2.5.3VLAN绑定IP配置实例 (161)2.5.4MAC绑定IP配置实例 (162)2.6SmartGroup (163)2.6.1配置SmartGroup (164)2.6.2SmartGroup 802.3ad模式配置实例 (166)2.6.3SmartGroup On模式配置实例 (169)2.7POS接口 (170)2.7.1配置POS接口 (171)2.7.2POS接口基本配置实例 (173)2.7.3POS口延时Down配置实例 (174)2.8CPOS接口 (175)2.8.1配置CPOS接口属性 (175)2.8.2配置CPOS接口段属性 (176)2.8.3配置CPOS低阶通道 (177)2.8.4配置CPOS高阶通道 (178)2.8.5验证CPOS配置 (179)2.9E1接口 (181)2.9.1配置E1接口 (182)2.9.2通道化E1接口配置实例 (183)2.9.3非通道化E1接口配置实例 (184)2.10PPP (185)2.10.1配置PPP (185)2.10.2PPP配置实例 (187)2.11FR (189)2.11.1配置FR (189)2.11.2FR物理接口配置实例 (191)2.11.3FR子链路配置实例 (192)2.12HDLC (194)2.12.1配置HDLC (194)2.12.2HDLC基本配置实例 (195)2.12.3POSGROUP配置实例 (196)2.13Multilink (198)2.13.1配置Multilink (198)2.13.2Multilink配置实例 (200)2.14端口切换 (202)2.14.1配置端口切换 (202)2.14.2端口模式切换配置实例 (203)2.15端口抑制 (203)2.15.1配置端口抑制 (204)2.15.2端口抑制配置实例 (205)2.16接口关联检测 (206)2.16.1配置接口关联检测 (206)2.17其它逻辑接口 (207)2.17.1配置Loopback接口 (207)2.17.2配置NULL接口 (208)2.17.3配置ULEI接口 (208)2.17.4配置Tunnel (209)2.17.5用Loopback接口构造黑洞路由配置实例 (210)2.17.6将Loopback接口作为Router-ID配置实例 (211)2.17.7NULL接口配置实例 (211)2.17.8Tunnel配置实例 (212)3IPv4业务 (214)3.1ARP (214)3.1.1配置ARP (214)3.1.2永久ARP配置实例 (218)3.1.3ARP常规属性配置实例 (219)3.1.4ARP代理配置实例 (220)3.1.5ARP源过滤配置实例 (222)3.1.6ARP抑制配置实例 (223)3.2DHCP (223)3.2.1配置DHCP Server (224)3.2.3配置DHCP Proxy (228)3.2.4配置DHCP Client (231)3.2.5配置限制Relay发包 (232)3.2.6配置Option82改写功能 (232)3.2.7DHCP Server配置实例 (233)3.2.8DHCP Relay配置实例 (235)3.2.9DHCP Proxy配置实例 (237)3.2.10DHCP Client配置实例 (239)3.3TCPv4与UDPv4 (241)3.3.1配置TCPv4 (241)3.3.2维护UDPv4 (243)3.4DNS (243)3.4.1配置DNS (244)3.4.2DNS配置实例 (245)3.5反向TELNET/TCP和串口终端接入 (246)3.5.1配置反向TELNET/TCP和串口终端接入 (247)3.5.2反向TELNET配置实例 (250)3.5.3反向TCP配置实例 (251)3.5.4串口终端接入配置实例 (253)3.6DDNS Client (254)3.6.1配置DDNS Client (254)3.6.2DDNS Server为Oray的DDNS Client配置实例 (256)3.6.3DDNS Server为3322的DDNS Client配置实例 (257)3.7UDP Helper (258)3.7.1配置UDP Helper (258)3.7.2UDP Helper配置实例 (260)4IPv4路由 (262)4.1路由简介 (262)4.2静态路由 (262)4.2.1配置静态路由 (262)4.2.2下一跳直连的静态路由配置实例 (264)4.2.3下一跳非直连的静态路由配置实例 (266)4.2.4静态路由汇总配置实例 (267)4.2.5默认路由配置实例 (268)4.2.6静态路由负荷分担配置实例 (270)4.2.7公网静态路由FRR配置实例 (271)4.2.8VRF的静态路由FRR配置实例 (273)4.2.9静态路由BFD配置实例 (274)4.2.10Loopback提供静态多跳BFD的local地址配置实例 (276)4.3RIP (277)4.3.1配置RIP基本功能 (277)4.3.2配置RIP增强功能 (279)4.3.3配置RIP版本 (281)4.3.4配置RIP路由负荷分担 (282)4.3.5验证及维护RIP (283)4.3.7RIP路由汇总配置实例 (286)4.3.8RIP路由负荷分担配置实例 (287)4.3.9RIP BFD配置实例 (289)4.4OSPF (291)4.4.1配置OSPF基本功能 (292)4.4.2配置OSPF接口属性 (295)4.4.3配置OSPF认证 (297)4.4.4配置OSPF STUB区域 (300)4.4.5配置NSSA区域 (302)4.4.6配置区域间路由聚合 (304)4.4.7配置路由重分布时的路由聚合 (308)4.4.8配置重分布其他路由协议 (310)4.4.9配置OSPF缺省路由 (312)4.4.10配置OSPF虚链路 (313)4.4.11配置Sham-link (315)4.4.12配置max-metric (316)4.4.13配置OSPF路由负荷分担 (317)4.4.14配置OSPF FRR (319)4.4.15配置OSPF Graceful Restart (320)4.4.16配置OSPF路由过滤 (321)4.4.17验证及维护OSPF (322)4.4.18OSPF建链功能配置实例 (324)4.4.19OSPF NSSA区域配置实例 (326)4.4.20OSPF多实例配置实例 (328)4.4.21OSPF FRR配置实例 (331)4.4.22OSPF区域间路由聚合配置实例 (332)4.4.23OSPF路由负荷分担配置实例 (334)4.4.24OSPF Graceful Restart配置实例 (335)4.4.25OSPF BFD配置实例 (337)4.5IS-IS (338)4.5.1配置IS-IS基本信息 (339)4.5.2配置IS-IS全局参数 (340)4.5.3配置IS-IS接口参数 (341)4.5.4配置IS-IS认证 (343)4.5.5配置IS-IS Hostname (344)4.5.6配置IS-IS mesh-group (344)4.5.7配置IS-IS重分发 (345)4.5.8配置IS-IS负荷分担 (346)4.5.9配置IS-IS流量工程 (347)4.5.10配置IS-IS FRR (347)4.5.11配置IS-IS Graceful Restart (348)4.5.12配置IS-IS LSP报文Buffer大小 (349)4.5.13验证及维护IS-IS (350)4.5.14单区域IS-IS配置实例 (351)4.5.15多区域IS-IS配置实例 (354)4.5.16IS-IS多实例配置实例 (359)4.5.17IS-IS FRR配置实例 (360)4.5.18IS-IS重分发配置实例 (362)4.5.19IS-IS认证配置实例 (363)4.5.20IS-IS路由负荷分担配置实例 (364)4.5.21IS-IS Graceful Restart配置实例 (366)4.5.22IS-IS BFD配置实例 (367)4.6BGP (369)4.6.1建立BGP邻居 (369)4.6.2配置BGP路由通告 (378)4.6.3配置BGP可靠性 (385)4.6.4配置BGP属性和路由过滤 (388)4.6.5配置大型网络中BGP的应用功能 (405)4.6.6配置BGP动态组 (417)4.6.7验证及维护BGP (419)4.6.8BGP综合配置实例一(Loopback接口创建BGP) (420)4.6.9BGP综合配置实例二(物理接口创建BGP) (427)4.6.10BGP FRR配置实例 (430)4.6.11BGP路由反射器配置实例 (431)4.6.12BGP与VRRP联动配置实例 (432)4.6.13BGP路由负荷分担配置实例 (434)4.6.14BGP Graceful Restart配置实例 (436)4.6.15BGP单跳BFD配置实例 (437)4.6.16BGP多跳BFD配置实例 (438)4.6.17BGP动态组配置实例 (440)5IPv4组播 (444)5.1组播 (444)5.1.1配置组播 (444)5.1.2配置静态组播 (448)5.1.3静态组播配置实例 (449)5.2IGMP (450)5.2.1配置IGMP (450)5.2.2IGMP查询路由器选举配置实例 (454)5.2.3IGMP动态组、静态组加入配置实例 (455)5.2.4IGMP对所有组的快速离开配置实例 (457)5.2.5IGMP对指定组的快速离开配置实例 (459)5.2.6组播接口限制配置实例 (461)5.2.7IP-Source-Check功能配置实例 (462)5.3PIM-DM (463)5.3.1配置PIM-DM (463)5.3.2PIM-DM邻居建立配置实例 (464)5.3.3PIM-DM组播负荷分担配置实例 (465)5.4PIM-SM (468)5.4.1配置PIM-SM (468)5.4.2PIM-SM转发组播流(使用动态RP)配置实例 (470)5.4.3PIM-SM转发组播流(使用静态RP)配置实例 (472)5.4.4非法组播源控制配置实例 (475)5.4.5anycast-rp配置实例 (478)5.4.6RPT-SPT切换配置实例 (480)5.4.7PIM-SM与PIM-DM混合运行配置实例 (482)5.4.8PIM-SM组播负荷分担配置实例 (485)5.4.9PIM-SM BFD配置实例 (487)5.5PIM-SSM (490)5.5.1配置PIM-SSM (491)5.5.2PIM-SSM配置实例 (491)5.5.3SSM-Mapping配置实例 (493)5.6组播负荷分担 (494)5.6.1配置组播负荷分担 (494)5.6.2组播负荷分担配置实例 (495)5.7MSDP (495)5.7.1配置MSDP (495)5.7.2MSDP基本配置实例 (497)5.7.3MSDP实现anycast-rp配置实例 (500)6MPLS (503)6.1MPLS简介 (503)6.2MPLS基础配置 (503)6.2.1配置MPLS (503)6.2.2基本的LDP邻居会话配置实例 (511)6.2.3LDP远端会话配置实例 (513)6.2.4分配标签策略配置实例 (515)6.2.5LDP多实例配置实例 (517)6.2.6LDP FRR配置实例 (520)6.2.7LDP Graceful Restart配置实例 (525)6.2.8LDP标签负荷分担配置实例 (530)6.2.9LDP BFD配置实例 (533)6.2.10PEER BFD配置实例 (536)6.2.11GTSM配置实例 (538)6.2.12IGP同步配置实例(OSPF) (541)6.2.13IGP同步配置实例(IS-IS) (543)6.2.14报文过滤配置实例 (547)6.2.15Label-distribution配置实例 (549)6.2.16Label-retention配置实例 (551)6.2.17Label-advertise配置实例 (553)6.2.18Label-request配置实例 (556)6.2.19Lsp-control配置实例 (558)6.2.20Longest-match配置实例 (561)6.3MPLS TE配置 (564)6.3.1RSVP (564)6.3.2TE-FRR (578)6.3.3MPLS TE端到端路径保护 (591)6.3.4MPLS TE跨AS域 (596)6.3.5TE认证 (608)6.3.7TE摘要刷新 (615)6.3.8RESV CONFIRM (618)6.3.9GR (621)6.3.10FRR HELLO (625)6.3.11FRR提升 (630)6.3.12TE的共路径双向隧道 (637)6.3.13 2.3.13TE隧道FA (641)6.3.14TE隧道AR (644)6.3.15TE Metric (648)6.3.16TE SRLG (651)6.3.17TE隧道重优化 (655)7VPN (659)7.1VPN简介 (659)7.2MPLS L2VPN (660)7.2.1VPLS (660)7.2.2配置VPLS (660)7.2.3VPWS (673)7.2.4MSPW (681)7.2.5VLSS (688)7.2.6MC-ELAM (690)7.2.7L2VPN与L3VPN桥接 (696)7.2.8L2VPN FRR (702)7.2.9VPLS跨域Option C (709)7.3MPLS L3VPN (714)7.3.1MPLS L3VPN基本功能 (714)7.3.2MPLS L3VPN路由聚合 (739)7.3.3L3VPN路由限制和告警 (744)7.3.4Global静态路由 (749)7.3.5L3VPN FRR (753)7.3.6MPLS L3VPN负荷分担 (762)7.3.7MPLS L3VPN跨域 (773)7.3.8MPLS L3VPN每VPN每标签 (792)7.3.9MPLS L3VPN GR (795)7.3.10MPLS L3VPN HoPE (801)7.3.11L3VPN隧道策略选择 (817)7.4VPN组播 (823)7.4.1配置VPN组播 (823)7.4.2VPN组播配置实例 (826)7.4.3标签方式MVPN配置实例 (832)7.4.4MD方式MVPN配置实例(GRE方案) (841)7.4.5MVPN跨域配置实例 (846)7.5GRE隧道 (854)7.5.1配置GRE over IPv4隧道 (854)7.5.2配置GRE over IPv6隧道 (855)7.5.3IPv4 GRE配置实例 (857)7.5.4GRE 6over4配置实例 (859)7.6IPSec VPN (864)7.6.1配置感兴趣流 (864)7.6.2配置IKE阶段1 (864)7.6.3配置IKE阶段2 (867)7.6.4配置隧道和传输模式 (869)7.6.5验证和维护IPSec (870)7.6.6IPSec基本组网配置实例 (872)7.6.7IPSec手工SPI站点到站点VPN配置实例 (874)7.6.8IPSec IKE协商站点到站点VPN配置实例 (876)7.6.9GRE OVER IPSec VPN配置实例 (879)7.6.10IPSec动态NAT穿越配置实例 (882)7.6.11IPSec数字证书认证协商配置实例 (886)7.6.12IKEv2配置实例 (889)7.7IPSec VPN远程接入 (893)7.7.1配置IPSec Pool (893)7.7.2配置远程用户组 (894)7.7.3配置远程接入隧道 (895)7.7.4验证和维护远程接入 (895)7.7.5IPSec VPN远程接入配置实例 (896)7.8DVMPN (898)7.8.1配置MGRE (899)7.8.2配置NHRP (899)7.8.3配置IPSec (900)7.8.4验证和维护DMVPN (900)7.8.5DMVPN配置实例 (901)7.9VPDN (908)7.9.1配置VPDN (908)7.9.2LAC配置实例 (912)7.9.3LNS配置实例 (916)7.10GET VPN (920)7.10.1配置GDOI组 (921)7.10.2GET VPN配置实例 (922)8QoS (926)8.1QoS简介 (926)8.2CAR (926)8.2.1配置CAR (927)8.2.2CAR配置实例 (928)8.3流分类 (929)8.3.1配置流分类 (929)8.3.2空规则的流分类配置实例 (931)8.3.3基于EXP的流分类配置实例 (932)8.3.4基于MAC地址的流分类配置实例 (933)8.3.5基于IPv4 ACL的流分类配置实例 (934)8.3.6匹配方式为match-any的流分类配置实例 (935)8.4流行为 (936)8.4.2报文标记配置实例 (938)8.4.3流量监管配置实例 (940)8.4.4PQ队列调度配置实例 (941)8.4.5WFQ调度配置实例 (942)8.4.6CBWFQ调度配置实例 (944)8.4.7WRED配置实例 (946)8.4.8流量整形配置实例 (947)8.5H-QoS (948)8.5.1配置H-QoS (948)8.5.2H-QoS配置实例 (949)8.6优先级继承 (950)8.6.1配置优先级继承 (951)8.6.2802.1P字段继承配置实例 (952)8.6.3Pipe模式配置实例 (953)8.7QPPB (957)8.7.1配置QPPB (958)8.7.2QPPB配置实例 (958)9安全 (962)9.1控制平面安全 (962)9.1.1配置接口上送限速 (962)9.1.2配置路由安全 (971)9.1.3配置ARP防攻击 (973)9.1.4配置IGMP防攻击 (975)9.1.5控制平面安全基本功能配置实例 (976)9.1.6基于流的控制平面安全功能配置实例 (978)9.1.7黑白名单功能配置实例 (979)9.2URPF (981)9.2.1配置URPF (981)9.2.2严格URPF配置实例 (982)9.2.3松散URPF配置实例 (983)9.3RADIUS (985)9.3.1配置RADIUS (985)9.3.2RADIUS配置实例 (992)9.4TACACS+ (994)9.4.1配置TACACS+ (994)9.4.2TACACS+认证授权配置实例 (996)9.4.3TACACS+记账配置实例 (997)9.5镜像 (998)9.5.1配置镜像 (999)9.5.2本地端口镜像配置实例 (999)9.5.3本地流镜像配置实例 (1000)9.6防火墙 (1001)9.6.1配置IP源防攻击功能 (1002)9.6.2配置防火墙区域内策略 (1002)9.6.3配置防火墙区域间策略 (1006)9.6.5基于协议和端口号设置老化时间 (1010)9.6.6IP源防攻击配置实例 (1011)9.6.7黑名单配置实例 (1012)9.6.8白名单配置实例 (1013)9.6.9防攻击配置实例 (1014)9.6.100虚拟分片重组功能配置实例 (1015)9.6.11区域间策略配置实例 (1016)9.6.12过滤列表配置实例 (1017)9.6.13TCP拦截功能配置实例 (1019)9.6.14基于协议和端口号的会话老化时间配置实例 (1020)9.7DPI (1021)9.7.1配置DPI (1021)9.7.2DPI配置实例 (1023)9.8SSL和PKI (1025)9.8.1配置SSL和PKI (1025)9.8.2SSL和PKI配置实例 (1027)10可靠性 (1029)10.1可靠性简介 (1029)10.2业务可靠性管理 (1029)10.2.1配置业务可靠性管理 (1029)10.2.2EFM联动VRRP配置实例 (1031)10.2.3CFM联动VRRP配置实例 (1033)10.3VRRP (1036)10.3.1配置VRRP (1036)10.3.2基本VRRP配置实例 (1039)10.3.3对称VRRP配置实例 (1040)10.3.4VRRP心跳线配置实例 (1042)10.3.5VRRP Track配置实例 (1044)10.4Ping Detect (1046)10.4.1配置Ping Detect (1047)10.4.2Ping Detect基本配置实例 (1048)10.4.3直连路由与Track Ping联动配置实例 (1049)10.5EFM (1052)10.5.1配置EFM (1052)10.5.2EFM连接建立配置实例 (1055)10.5.3EFM远端环回配置实例 (1058)10.6CFM (1060)10.6.1配置CFM (1060)10.6.2CFM快速连续性检测配置实例 (1063)10.6.3跨越L2VPN连通性检测配置实例 (1067)10.7BFD (1069)10.7.1配置BFD (1069)10.7.2PIM BFD配置实例 (1074)10.7.3静态单跳BFD配置实例 (1077)10.7.4静态多跳BFD配置实例 (1079)10.8主备倒换 (1083)10.8.1配置主备倒换 (1084)10.8.2主备倒换配置实例 (1085)11策略模板 (1088)11.1.1策略模板简介 (1088)11.2AAA (1088)11.2.1配置AAA (1089)11.2.2AAA配置实例 (1091)11.3Time-range (1093)11.3.1配置Time-range (1093)11.3.2Time-range列表配置实例 (1094)11.3.3ACL调用time-range配置实例 (1097)11.3.4SQA调用time-range配置实例 (1099)11.4ACL (1100)11.4.1配置ACL (1101)11.4.2配置Link ACL (1104)11.4.3ACL配置实例 (1105)11.4.4Link ACL配置实例 (1107)11.5Prefix-list (1109)11.5.1配置prefix-list (1109)11.5.2Prefix-list基本配置实例 (1111)11.5.3组播调用prefix-list配置实例 (1111)11.5.4OSPF调用prefix-list配置实例 (1113)11.5.5BGP调用prefix-list配置实例 (1115)11.5.6Route-map调用prefix-list配置实例 (1119)11.6Route-Map (1120)11.6.1配置路由策略 (1120)11.6.2配置策略路由 (1126)11.6.3RIP重分配路由策略配置实例 (1127)11.6.4IS-IS路由策略配置实例 (1129)11.6.5OSPF路由策略配置实例 (1132)11.6.6BGP路由策略配置实例 (1134)11.6.7VRF路由策略配置实例 (1137)11.6.8本地不同接口接入的策略路由配置实例 (1142)11.6.9本地同一个接口接入的策略路由配置实例 (1143)11.6.10远端VRF策略路由配置实例 (1145)11.7EEM (1149)11.7.1配置EEM (1149)11.7.2NONE类型EEM配置实例 (1150)12IPv6 (1153)12.1IPv6基础 (1153)12.1.1配置IPv6 (1153)12.1.2配置IPv6地址 (1156)12.1.3IPv6地址配置实例 (1157)12.2NDP (1158)12.2.2NDP配置实例 (1161)12.3IPv6静态路由 (1162)12.3.1配置IPv6静态路由 (1162)12.3.2下一跳直连的IPv6静态路由配置实例 (1163)12.3.3下一跳非直连的IPv6静态路由配置实例 (1165)12.3.4IPv6默认路由配置实例 (1166)12.3.5IPv6静态路由公网FRR配置实例 (1167)12.3.6IPv6静态路由私网FRR配置实例 (1169)12.3.7IPv6静态路由负荷分担配置实例 (1170)12.3.8IPv6静态路由BFD源端下一跳配置实例 (1172)12.4RIPng (1174)12.4.1配置RIPng (1174)12.4.2RIPng基本配置实例 (1176)12.4.3RIPng路由汇总配置实例 (1180)12.5OSPFv3 (1181)12.5.1配置OSPFv3 (1181)12.5.2OSPFv3基本配置实例 (1186)12.5.3OSPFv3重分发配置实例 (1188)12.5.4OSPFv3路由负荷分担配置实例 (1192)12.6IS-ISv6 (1194)12.6.1配置IS-ISv6 (1194)12.6.2单区域IS-ISv6配置实例 (1199)12.6.3多区域IS-ISv6配置实例 (1203)12.7BGP4+ (1209)12.7.1配置BGP4+ (1209)12.7.2BGP4+路由反射器配置实例 (1211)12.7.3BGP4+路由负荷分担配置实例 (1212)12.7.4BGP4+综合配置实例 (1214)12.8IPv6 Route-Map策略配置 (1216)12.8.1配置IPv6路由策略 (1217)12.8.2配置IPv6策略路由 (1221)12.8.3RIPng重分配路由策略配置实例 (1222)12.8.4IS-ISv6路由策略配置实例 (1224)12.8.5OSPFv3路由策略配置实例 (1226)12.8.6BGP4+路由策略配置实例 (1229)12.8.76VPE路由策略配置实例 (1232)12.8.8IPv6策略路由配置实例 (1240)12.9IPv6组播 (1243)12.9.1配置公共组播 (1243)12.9.2配置IPv6静态组播 (1244)12.9.3IPv6静态组播配置实例 (1245)12.10MLD (1246)12.10.1配置MLD (1247)12.10.2MLD查询路由器选举配置实例 (1250)12.10.3MLD动态组、静态组加入配置实例 (1251)12.11.1配置IPv6 PIM-DM (1253)12.11.2IPv6 PIM-DM配置实例 (1254)12.12PIM-SM (1256)12.12.1配置IPv6组播PIM-SM (1256)12.12.2IPv6 PIM-SM配置实例 (1259)12.13PIM-SSM (1262)12.13.1配置PIM-SSM (1262)12.13.2IPv6 PIM-SSM配置实例 (1262)12.14IPv6隧道 (1264)12.14.1配置IPv6隧道 (1264)12.14.26in4隧道配置实例 (1265)12.14.34in6隧道配置实例 (1267)12.14.46to4隧道配置实例 (1269)12.15ISATAP隧道 (1271)12.15.1配置ISATAP隧道 (1271)12.15.2ISATAP配置实例 (1272)12.16DS-Lite B4 (1274)12.16.1配置DS-Lite隧道 (1274)12.16.2手工配置AFTR地址配置实例 (1275)12.16.3DNS获取AFTR地址配置实例 (1277)12.16.4DHCPv6获取AFTR地址配置实例 (1280)12.176RD (1282)12.17.1配置6RD (1283)12.17.26RD配置实例 (1284)12.186PE (1285)12.18.1配置6PE (1285)12.18.26PE配置实例 (1286)12.196VPE (1291)12.19.1配置6VPE (1291)12.19.26VPE配置实例 (1299)12.20IPv6 ACL (1304)12.20.1配置IPv6 ACL (1304)12.20.2IPv6 ACL配置实例 (1306)12.21URPF (1308)12.21.1配置IPv6 URPF (1308)12.21.2严格IPv6 URPF配置实例 (1309)12.21.3松散IPv6 URPF配置实例 (1310)12.22IPv6 QoS (1312)12.22.1配置IPv6 QoS (1312)12.22.2IPv6优先级调度配置实例 (1312)12.22.3IPv6 WRED配置实例 (1314)12.22.4IPv6 CAR配置实例 (1315)12.22.5IPv6优先级继承配置实例 (1317)12.23IPv6 VRRP (1318)12.23.1配置IPv6 VRRP (1318)12.23.2基本VRRP配置实例 (1320)12.23.3对称VRRP配置实例 (1322)12.23.4VRRP心跳线配置实例 (1324)12.24DHCPv6 (1326)12.24.1配置DHCPv6 Server (1326)12.24.2配置DHCPv6 Relay (1329)12.24.3配置DHCPv6 Client (1331)12.24.4DHCPv6 Server配置实例 (1332)12.24.5DHCPv6 Relay配置实例 (1334)12.24.6DHCPv6 Client配置实例 (1337)13NAT (1339)13.1基本NAT (1339)13.1.1配置启用NAT (1339)13.1.2配置地址池 (1339)13.1.3配置域 (1341)13.1.4配置策略 (1342)13.1.5配置高级业务 (1346)13.1.6配置日志 (1346)13.1.7配置告警 (1348)13.1.8配置NAT控制面安全 (1348)13.2SR NAT44 (1349)13.2.1配置SR NAT44 (1349)13.2.2静态NAT转换NAT44配置实例 (1350)13.2.3动态PAT转换NAT44配置实例 (1352)13.2.4复用出接口NAT44配置实例 (1353)13.2.5动态多出口NAT44配置实例 (1354)13.2.6VPN(私网-公网)NAT44配置实例 (1356)13.2.7VPN(私网-相同私网)NAT44配置实例 (1357)13.2.8VPN(私网-不同私网)NAT44配置实例 (1359)13.2.9VPN(公网-私网)NAT44配置实例 (1360)13.3NAT64 (1362)13.3.1配置NAT64 (1362)13.3.2有状态NAT64静态NAT转换配置实例 (1364)13.3.3有状态NAT64静态PAT转换配置实例 (1366)13.3.4有状态NAT64动态NAT转换配置实例 (1368)13.3.5有状态NAT64动态PAT转换配置实例 (1369)13.3.6无状态NAT64转换配置实例 (1371)13.4DS-Lite (1372)13.4.1配置DS-Lite (1373)13.4.2静态NAT转换配置实例 (1375)13.4.3静态PAT转换配置实例 (1377)13.4.4动态NAT转换配置实例 (1380)13.4.5动态PAT转换配置实例 (1382)14二层交换 (1385)14.1二层交换功能 (1385)14.1.1配置二层端口 (1385)14.1.2切换二层口配置实例 (1386)14.2VLAN (1386)14.2.1配置VLAN (1387)14.2.2VLAN基本应用配置实例 (1388)14.2.3二层交换汇聚和三层网络接入配置实例 (1390)14.3MAC (1392)14.3.1配置MAC地址表 (1392)14.3.2MAC地址表配置实例 (1394)14.4STP (1394)14.4.1配置STP (1395)14.4.2MSTP配置实例一 (1398)14.4.3MSTP配置实例二 (1399)1 系统管理1.1 设备连接管理IR12000提供了多种连接配置设备方式,如图1-1所示。
Cisco系列路由器NAT配置详解-电脑资料INTERNET共享资源的方式越来越多,就大多数而言,DDN专线以其性能稳定、扩充性好的优势成为普遍采用的方式,DDN方式的连接在硬件的需求上是简单的,仅需要一台路由器(router)、代理服务器(proxyserver)即可,但在系统的配置上对许多的网络管理人员来讲是一个比较棘手的问题,。
下面以CISCO路由器为例,笔者就几种比较成功的配置方法作以介绍,以供同行借鉴:一、直接通过路由器访问INTERNET资源的配置1.总体思路和设备连接方法一般情况下,单位内部的局域网都使用INTERNET上的保留地址:10.0.0.0/8:10.0.0.0~10.255.255.255172.16.0.0/12:172.16.0.0~172.31.255.255192.168.0.0/16:192.168.0.0~192.168.255.255在常规情况下,单位内部的工作站在直接利用路由对外访问时,会因工作站使用的是互联网上的保留地址,而被路由器过滤掉,从而导致无法访问互联网资源。
解决这一问题的办法是利用路由操作系统提供的NAT (Network AddressTranslation)地址转换功能,将内部网的私有地址转换成互联网上的合法地址,使得不具有合法IP地址的用户可以通过NAT访问到外部Internet。
这样做的好处是无需配备代理服务器,减少投资,还可以节约合法IP地址,并提高了内部网络的安全性。
NAT有两种类型:Single模式和global模式。
使用NAT的single模式,就像它的名字一样,可以将众多的本地局域网主机映射为一个Internet地址,电脑资料《Cisco系列路由器NAT配置详解》(https://www.)。
局域网内的所有主机对外部Internet网络而言,都被看做一个Internet用户。
本地局域网内的主机继续使用本地地址。
使用NAT的global模式,路由器的接口将众多的本地局域网主机映射为一定的Internet地址范围(IP地址池)。
思科公司路由器命令大全详细解释switch> 用户模式1:进入特权模式enableswitch> enableswitch#2:进入全局配置模式configure terminalswitch> enableswitch#c onfigure terminalswitch(conf)#3:交换机命名hostname aptech2950 以aptech2950为例switch> enableswitch#c onfigure terminalswitch(conf)#hostname aptch-2950aptech2950(conf)#4:配置使能口令enable password cisco 以cisco为例switch> enableswitch#c onfigure terminalswitch(conf)#hostname aptch2950aptech2950(conf)# enable password cisco5:配置使能密码enable secret ciscolab 以cicsolab为例switch> enableswitch#c onfigure terminalswitch(conf)#hostname aptch2950aptech2950(conf)# enable secret ciscolab6:设置虚拟局域网vlan 1 interface vlan 1switch> enableswitch#c onfigure terminalswitch(conf)#hostname aptch2950aptech2950(conf)# interface vlan 1aptech2950(conf-if)#ip address 192.168.1.1 255.255.255.0 配置交换机端口ip和子网掩码aptech2950(conf-if)#no shut 是配置处于运行中aptech2950(conf-if)#exitaptech2950(conf)#ip default-gateway 192.168.254 设置网关地址7:进入交换机某一端口interface fastehernet 0/17 以17端口为例switch> enableswitch#c onfigure terminalswitch(conf)#hostname aptch2950aptech2950(conf)# interface fastehernet 0/17aptech2950(conf-if)#8:查看命令showswitch> enableswitch# show version 察看系统中的所有版本信息show interface vlan 1 查看交换机有关ip 协议的配置信息show running-configure 查看交换机当前起作用的配置信息show interface fastethernet 0/1 察看交换机1接口具体配置和统计信息show mac-address-table 查看mac地址表show mac-address-table aging-time 查看mac地址表自动老化时间9:交换机恢复出厂默认恢复命令switch> enableswitch# erase startup-configureswitch# reload10:双工模式设置switch> enableswitch#c onfigure terminalswitch2950(conf)#hostname aptch-2950aptech2950(conf)# interface fastehernet 0/17 以17端口为例aptech2950(conf-if)#duplex full/half/auto 有full , half, auto 三个可选项11:cdp相关命令switch> enableswitch# show cdp 查看设备的cdp全局配置信息show cdp interface fastethernet 0/17 查看17端口的cdp配置信息show cdp traffic 查看有关cdp包的统计信息show cdp nerghbors 列出与设备相连的cisco设备12:csico2950的密码恢复拔下交换机电源线。
核心路由器∙Cisco 1000系列路由器ROMMON恢复程序∙Cisco 1000系列路由器密码恢复程序∙Cisco 1020路由器密码恢复程序∙RP软件安装和升级过程和RSP7000,7100,7200,7300,7400,7500,7600,10000 (ESR),12000,uBR71XX、uBR72XX和uBR10000∙口令恢复过程中的标准停止键序列组合∙Cisco 12000系列互联网路由器的硬件故障检修∙Cisco 12000系列路由器密码恢复程序∙12000系列互联网路由器:常见问题∙在GSR线路卡上配置核心转储(Core Dump)∙Cisco 12000系列互联网路由器上线路卡崩溃的故障检修∙Cisco 1400系列路由器密码恢复程序∙ROMmon恢复为Cisco 1600系列路由器∙如何从ROMmon升级使用引导镜象∙Cisco 1600系列路由器密码恢复步骤∙Cisco 1700系列路由器的硬件故障检修∙Cisco 1700系列路由器密码恢复程序∙Cisco 2500系列路由器的硬件故障检修∙获取文本输出从超级终端∙Cisco 2000∙Cisco 2500系列路由器结构∙Cisco 2600系列路由器的硬件故障检修∙ROMmon恢复为Cisco 2600系列路由器和VG200∙Cisco 2600系列路由器体系结构∙Cisco 3600系列路由器的硬件故障检修∙ROMmon恢复为Cisco 3600系列路由器∙ROMmon恢复为Cisco 4500及4700系列路由器∙Cisco 4700系列路由器密码恢复程序∙ROMmon恢复为Cisco 4000系列路由器∙Cisco 4000系列路由器的硬件故障检修∙Cisco 6000系列接入集中器密码恢复程序∙Cisco 7000口令恢复程序∙7000(RP)系列ROMmon恢复流程∙Cisco 7200系列路由器体系结构∙Cisco 7200奇偶校验错误故障树∙处理器内存奇偶校验错误(PMPE)∙是什么导致了 %PLATFORM-3-PACONFIG 以及 %C7200-3-PACONFIG 报错消息?∙Cisco 7300系列路由器的硬件故障检修∙Cisco 7400系列路由器硬件故障排除∙Cisco 7500系列常见问题解答∙缓冲器调节∙什么导致"%RSP-3-RESTART:CBUS 复合体"?∙什么造成路由器由Abort和Trace Trap命令重新启动∙排除软件强制的崩溃故障∙排除Cisco Express转发相关错误信息故障∙7500系列路由器的硬件故障排除∙SegV异常情况∙Cisco 801、802、803、804和805路由器的口令恢复程序∙ROMmon恢复为Cisco 800系列路由器∙Cisco 801、802、803、804和805 系列路由器Cisco IOS软件升级程序∙升级Cisco 806∙AS5200系列的ROMmon恢复∙1600,2000,2500,3000,AS5100 和AS5200软件安装和升级过程∙AS5200及AS5300系列路由器的硬件故障检修∙AS5300、AS5350和AS5400 ROMMON恢复程序∙Cisco-排除AS5350和AS5400系列路由器的硬件故障∙AS5350/AS5400软件安装和升级过程∙AS5800系列路由器的硬件故障检修∙Cisco密码Cisco cs500 communication服务器恢复过程∙应用正确的终端仿真器设置,建立控制台连接∙思科-确定IP地址:常见问题解答∙The show processes命令∙不常见的系统崩溃类型∙排除总线崩溃故障∙如何选择Cisco IOS软件版本∙软件安装与升级步骤针对1000、1400、1600-R、1700、2600、3600、3700、4000、4500、4700、AS5300以及MC3810∙思科-%SYS-3-CPUHOG信息的成因是什么?∙如何处理mallocfail和“红色代码”蠕虫引起的CPU利用率过高问题∙使用CAR在DOS攻击期间∙Cisco-排除路由器崩溃故障∙缓冲漏出故障检修∙Cisco Catalyst 8540多业务交换机路由器密码恢复程序∙Cisco Lightstream 1010 ATM交换机密码恢复程序∙Cisco MC3810接入集中器密码恢复程序∙Cisco路由处理器模块密码恢复程序∙Cisco 7100系列路由器密码恢复程序∙增加路由器稳定性通过使用系统内存128 MB与ISM或ISA∙升级线路卡固件在Cisco 12000 系列互联网路由器∙产生 "Bad CPU ID" 报错消息的原因∙了解以99%的利用率运行的VIP CPU及接收端(Rx-side)缓冲。
第1章技术要点及产品介绍1.1技术1.1.1M e t r o D W D M密集波分复用(D W D M)概览本节提供DWDM技术、组件及应用的一个总体概览。
它还介绍了Cisco ONS 15454如何实施DWDM解决方案。
DWDM是一种增加现有光纤基础设施承运容量的技术,消除了安装新光纤电缆的高额成本。
服务供应商目前使用的大多数高速主干网都包括以每秒2.5 GB或10 Gbps运行的光纤链路。
DWDM为利用现有安装光纤获得增加带宽提供一个可伸缩的解决方案。
DWDM以不同波长同时传输多个信号,允许用户就象使用多个光纤一样使用一个光纤。
这种传输方式创造了被称为虚拟光纤的东西。
传送的每一个信号可以采用不同的速率,但是能够使用相同的物理光纤电缆。
D W D M组件基本DWDM系统包括下列组件:精确波长光纤发射器(激光)、光纤复用器和反复用器以及宽带光纤接收器。
DWDM系统的可选组件包括光纤分插复用器(OADM)和光纤放大器。
1.光纤发射器和转发器DWDM系统的光纤发射器为高分辨率精确窄带激光。
这类激光器允许紧密的信道间隔,增加了可以用在1500 nm频带中的波长数量,同时最大限度地减少了信号减损(例如耗散)的影响。
光纤发射器最大限度地减少了功率损耗,允许远程发射,并提供高度的信号完整性。
这些激光器允许使用光纤放大器,提高了延长距离的信号强度,与采用电子放大器相反,消除了重新生成各个光纤信号的需求。
大多数激光器系统的设计带有遵循ITU-T的波长频率,能够实现简化的互操作性和更加简单的组件选择。
发射器的一个主要组件是转发器,它通过光-电-光(OEO)转换将宽带光纤信号转换成特定的波长。
转发器或波长转换器是DWDM系统的可选设备,提供光纤波长向精确窄带波长的转换。
这种转换能使路由器、ATM交换机或其他没有配备精确窄带激光器的设备复用到单一光纤上。
2.光纤放大器光纤放大器用于增强光纤信号,以便最大限度地减少源自通过光纤发送光脉冲的功率损耗和衰减的影响。
Cisco 12000 Series Internet Router Architecture: Packet SwitchingDocument ID: 47320IntroductionPrerequisitesRequirementsComponents UsedConventionsBackground InformationPacket Switching: OverviewPacket Switching: Engine 0 and Engine 1 Line CardsPacket Switching: Engine 2 Line CardsPacket Switching: Switching Cells across FabricPacket Switching: Transmitting PacketsPacket Flow SummaryRelated InformationIntroductionThis document examines the most important architectural elements of the Cisco 12000 Series Internet Router −− switching packets. Switching packets are radically different from any of the shared memory or bus−based Cisco architectures. By using a crossbar fabric, the Cisco 12000 provides very large amounts of bandwidth and scalability. Furthermore, the 12000 uses virtual output queues to eliminate the Head of Line Blocking within the switch fabric.PrerequisitesRequirementsThere are no specific requirements for this document.Components UsedThe information in this document is based on the following hardware:•Cisco 12000 Series Internet RouterThe information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.ConventionsFor more information on document conventions, see the Cisco Technical Tips Conventions.Background Information(The switching decision on a Cisco 12000 is done by the line cards (LCs). For some LCs, a dedicated Application−Specific Integrated Circuit (ASIC) actually switches the packets. Distributed Cisco Express Forwarding (dCEF) is the only switching method available.Remark: Engines 0, 1, and 2 are not the latest engines developed by Cisco. There are also Engine 3, 4, and4+ line cards, with more to follow. Engine 3 line cards are capable of performing Edge features at line rate. The higher the Layer 3 engine, the more packets get switched in hardware. You can find some useful information about the different line cards available for the Cisco 12000 Series Router and the engine on which they are based at Cisco 12000 Series Internet Router: Frequently Asked Questions.Packet Switching: OverviewPackets are always forwarded by the ingress line card (LC). The egress LC only performs outbound Quality of Service (QoS) that is queue−dependent (for example, Weighted Random Early Detection (WRED) or Committed Access Rate (CAR)). Most of the packets are switched by the LC using distributed Cisco Express Forwarding (dCEF). Only the control packets (such as routing updates) are sent to the Gigabit Route Processor (GRP) for processing. The packet switching path depends on the type of switching engines used on the LC.This is what happens when a packet comes in:1.A packet comes into the physical layer interface module (PLIM). Various things happen here:♦A transceiver turns optical signals into electrical ones (most CSR line cards have fiberconnectors)♦L2 framing is removed (SANE, Asynchronous Transfer Mode (ATM), Ethernet, High−LevelData Link Control (HDLC)/Point−to−Point Protocol − PPP)ATM cells are reassembled♦Packets that fail the cyclic redundancy check (CRC) are discarded♦As the packet is received and processed, it is Direct Memory Accessed into a small (approximately 22.x maximum transmission unit (MTU) buffer) memory called the "First In, First Out (FIFO) burstmemory". The amount of this memory depends on the type of LC (from 128 KB to 1 MB).3.Once the packet is completely in FIFO memory, an application−specific integrated circuit (ASIC) on the PLIM contacts the Buffer Management ASIC (BMA) and asks for a buffer to put the packet in.The BMA is told what size the packet is, and allocates a buffer accordingly. If the BMA cannot get a buffer of the right size, the packet is dropped and the "ignore" counter is incremented on the incoming interface. There is no fallback mechanism as with some other platforms. While this is going on, thePLIM could be receiving another packet in the FIFO burst memory, which is why it is 2xMTU in size.4.If there is a free buffer available in the right queue, the packet is stored by the BMA in the free queue list of the appropriate size. This buffer is placed on the Raw Queue, which is examined by the Salsa ASIC or the R5K CPU. The R5K CPU determines the destination of the packet by consulting its local dCEF table in Dynamic RAM (DRAM), and then moves the buffer from the Raw Queue to aToFabric queue corresponding to the destination slot.If the destination is not in the CEF table, the packet is dropped. If the packet is a control packet (forexample, routing updates), it is enqueued to the queue of the GRP and will be processed by the GRP.There are 17 ToFab queues (16 unicast, plus 1 Multicast). There is one toFab queue per line card (this includes the RP). These queues are known as "virtual output queues", and are important so thathead−of−line blocking doesn't occur.5.The ToFab BMA cuts the packet up into 44−byte pieces, which are the payload for what willeventually be known as "Cisco Cells". These cells are given an 8−byte header and 4−byte bufferheader by the frFab BMA (total data size so far = 56 bytes), and then enqueued into the proper ToFab queue (at which point, the #Qelem counter in the pool the buffer came from goes down by one, and the ToFab queue counter goes up by one).The "decision maker" depends on the type of switching engines:On Engine 2+ cards, a special ASIC is used to improve the way the packets are switched. Normal packets (IP/Tag, no options, checksum) are processed directly by the Packet Switching ASIC (PSA), then bypass the raw queue/CPU/Salsa combination and are enqueued directly onto the toFab queue. Only the first 64 bytes of the packet are passed through the Packet Switching ASIC. If the packet cannot be switched by the PSA, the packet is enqueued to the RawQ to be handled by the CPU of the LC as explained previously.At this point, the switching decision has been made and the packet has been enqueued onto the proper ToFab output queue.6.The toFab BMA DMAs (Direct Memory Access) the cells of the packet into small FIFO buffers in the fabric interface ASIC (FIA). There are 17 FIFO buffers (one per ToFab queue). When the FIA gets a cell from the toFab BMA, it adds an 8−byte CRC (total cell size − 64 bytes; 44 bytes payload, 8 bytes cell header, 4 bytes buffer header). The FIA has serial line interface (SLI) ASICs that then perform8B/10B encoding on the cell (like the Fiber Distributed Data Interface (FDDI) 4B/5B), and prepares to transmit it over the fabric. This may seem like a lot of overhead (44 bytes of data gets turned into 80 bytes across the fabric!), but it is not an issue since fabric capacity has been provisioned accordingly.Now that an FIA is ready to transmit, the FIA requests access to the fabric from the currently active 7.card scheduler and clock (CSC). The CSC works on a rather complex fairness algorithm. The idea is that no LC is allowed to monopolize the outgoing bandwidth of any other card. Note that even if an LC wants to transmit data out of one of its own ports, it still has to go through the fabric. This is important because if this didn't happen, one port on an LC could monopolize all bandwidth for a given port on that same LC. It'd also make the switching design more complicated. The FIA sends cells across the switch fabric to their outgoing LC (specified by data in the Cisco Cell header put there by the switching engine).The fairness algorithm is also designed for optimal matching; if card 1 wants to transmit to card 2, and card 3 wants to transmit to card 4 at the same time, this happens in parallel. That's the big difference between a switch fabric and a bus architecture. Think of it as analogous to an Ethernet switch versus a hub; on a switch, if port A wants to send to port B, and port C wants to talk to port D, those two flows happen independently of each other. On a hub, there are half−duplex issues such as collisions and backoff and retry algorithms.8.The Cisco Cells that come out of the fabric go through SLI processing to remove the 8B/10B encoding. If there any errors here, they'd appear in the show controller fia command output as "cell parity". See How To Read the Output of the show controller fia Command for additional information.9.These Cisco Cells are DMA'd into FIFOs on the frFab FIAs, and then into a buffer on the frFab BMA. The frFab BMA is the one that actually does the reassembly of cells into a packet.How does the frFab BMA know what buffer to put the cells in before it reassembles them? This is another decision made by the incoming line card switching engine; since all queues on the entire box are the same size and in the same order, the switching engine just has the Tx LC put the packet in the same number queue from which it entered the router.The frFab BMA SDRAM queues can be viewed with the show controller frfab queue command on the LC. See How To Read the Output of the show controller frfab | tofab queue Commands on a Cisco 12000 Series Internet Router for details.This is basically the same idea as the toFab BMA output. Packets come in and are placed in packets that are dequeued from their respective free queues. These packets are placed into the from−fabricqueue, enqueued on either the interface queue (there is one queue per physical port) or the rawQ for output processing. Not much happens in the rawQ: per−port multicast replication, Modified DeficitRound Robin (MDRR) − same idea as Distributed Weighted Fair Queuing (DWFQ), and output CAR.If the transmit queue is full, the packet is dropped and the output drop counter is incremented.10.The frFab BMA waits until the TX portion of the PLIM is ready to send a packet. The frFab BMAdoes the actual MAC rewrite (based, remember, on information contained in the Cisco Cell header), and DMAs the packet over to a small (again, 2xMTU) buffer in the PLIM circuitry. The PLIM does the ATM SAR and SONET encapsulates, where appropriate, and transmits the packet.11.ATM traffic is reassembled (by the SAR), segmented (by the tofab BMA), reassembled (by thefromfab BMA) and segmented again (by the fromfab SAR). This happens very quickly.That is the lifecycle of a packet, from beginning to end. If you want to know what a GSR feels like at the end of the day, read this entire paper 500,000 times!The packet switching path on the GSR depends on the type of forwarding engine on the LC. Now we'll go through all the steps for Engine 0, Engine 1, and the two LCs.Packet Switching: Engine 0 and Engine 1 Line CardsThe sections below are based on the book Inside Cisco IOS Software Architecture, Cisco Press.Figure 1 below illustrates the different steps during packet switching for an Engine 0 or Engine 1 LC.Figure 1: Engine 0 and Engine 1 Switching PathThe switching path for the Engine 0 and Engine 1 LC is essentially the same, although the Engine 1 LC has an enhanced switching engine and buffer manager for increased performance. The switching path is as follows:Step 1 − The interface processor (PLIM) detects a packet on the network media and begins copying it into a FIFO memory called burst memory on the LC. The amount of burst memory each interface has depends on the type of LC; typical LCs have 128 KB to 1 MB of burst memory.• Step 2 − The interface processor requests a packet buffer from the receive BMA; the pool from which the buffer is requested depends on the length of the packet. If there aren't any free buffers, theinterface is dropped and the interface's "ignore" counter is incremented. For example, if a 64−byte packet arrives into an interface, the BMA tries to allocate an 80−byte packet buffer. If no free buffers exist in the 80−byte pool, buffers are not allocated from the next available pool.• Step 3 − When a free buffer is allocated by the BMA, the packet is copied into the buffer and isenqueued on the raw queue (RawQ) for processing by the CPU. An interrupt is sent to the LC CPU.• Step 4 − The LC's CPU processes each packet in the RawQ as it is received (the RawQ is a FIFO),consulting the local distributed Cisco Express Forwarding table in DRAM to make a switchingdecision.4.1 If this is a unicast IP packet with a valid destination address in the CEF table, the packetheader is rewritten with the new encapsulation information obtained from the CEF adjacencytable. The switched packet is enqueued on the virtual output queue corresponding to thedestination slot.♦ 4.2 If the destination address is not in the CEF table, the packet is dropped.♦ 4.3 If the packet is a control packet (a routing update, for example), the packet is enqueued onthe virtual output queue of the GRP and processed by the GRP.♦ • Step 5 − The receive BMA fragments the packet into 64−bytes cells, and hands these off to the FIA for transmission to the outbound LC.• At the end of Step 5, the packet that arrived into an Engine 0/1 LC has been switched and is ready to be transported across the switch fabric as cells. Go to Step 6 in the section Packet Switching: Switching Cells across Fabric.Packet Switching: Engine 2 Line CardsFigure 2 below illustrates the packet switching path when the packets arrive into an Engine 2 LC, as described in the following list of steps.Figure 2: Engine 2 Switching PathStep 1 − The interface processor (PLIM) detects a packet on the network media and begins copying it into a FIFO memory called burst memory on the LC. The amount of burst memory each interface has depends on the type of LC; typical LCs have 128 KB to 1 MB of burst memory.• Step 2 − The first 64 bytes of the packet, called the header, are passed through the Packet Switching ASIC (PSA).2.1 The PSA switches the packet by consulting the local CEF table in the PSA memory. If the packet cannot be switched by the PSA, go to Step 4; otherwise, continue to Step3.♦ • Step 3 − The Receive Buffer Manager (RBM) accepts the header from the PSA and copies it into a free buffer header. If the packet is larger than 64 bytes, the tail of the packet is also copied into the same free buffer in packet memory and is queued on the outgoing LC virtual output queue. Go to Step 5.• Step 4 − The packet arrives at this step if it cannot be switched by the PSA. These packets are placed on the raw queue (RawQ) and the switching path is essentially the same as for the Engine 1 and Engine 0 LC from this point (Step 4 in the case of Engine 0). Note that the packets that are switched by the PSA are never placed in the RawQ and no interrupt is sent to the CPU.• Step 5 − The Fabric Interface Module (FIM) is responsible for segmenting the packets into Cisco Cells and sending the cells to the Fabric Interface ASIC (FIA) for transmission to the outbound LC.• Packet Switching: Switching Cells across FabricYou arrive at this stage after the packet switching engine switches the packets. At this stage, the packets are segmented into Cisco Cells and are waiting to be transmitted across the switching fabric. The steps for this stage are as follows:Step 6 − The FIA sends a grant request to the CSC, which schedules each cell's transfer across the switch fabric.• Step 7 − When the scheduler grants access to the switch fabric, the cells are transferred to the destination slot. Note that the cells might not be transmitted all at once; other cells within other packets might be interleaved.• Packet Switching: Transmitting PacketsFigure 3 below shows the last stage of packet switching. The cells are reassembled and the packet is transmitted onto the media. This takes place on the outbound line card.Figure 3: Cisco 12000 Packet Switching: Transmit StageStep 8 − The cells switched across the fabric arrive into the destination line card through the FIA.• Step 9 − The transmit Buffer Manager allocates a buffer from the transmit packet memory and reassembles the packet in this buffer.• Step 10 − When the packet is rebuilt, the transmit BMA enqueues the packet onto the destination interface's transmit queue on the LC. If the interface transmit queue is full (the packet cannot be enqueued), the packet is dropped and the output queue drop counter is incremented.Note: In the transmit direction, the only time packets are placed in the RawQ is when the LC CPU needs to do any processing before transmission. Examples include IP fragmentation, multicast, and output CAR.• Step 11 − The interface processor detects a packet waiting to be transmitted, dequeues the buffer from the transmit memory, copies it into internal FIFO memory, and transmits the packet on the media.•Packet Flow SummaryIP packets that traverse the 12000 are processed in three phases:Ingress Line Card in three sections:Ingress PLIM (Physical Line Interface Module) − Optical to Electrical conversion,Synchronous Optical Network (SONET)/Synchronous Digital Hierarchy (SDH) un−framing,HDLC, and PPP processing.♦ IP Forwarding − Forwarding decision based on FIB lookup and queuing into one of the ingress unicast queues or multicast queues.♦ Ingress Queue management and Fabric Interface − Random Early Detection (RED)/Weighted Random Early Detection (WRED) processing on the ingress queues and de−queuing towards the fabric in order to maximize fabric utilization.♦ • Switching IP packets through the 12000 fabric from ingress card to egress card or egress cards (in case of multicast).• Egress Line Card in three sections:Egress Fabric Interface − Reassembling the IP packets to be sent and queuing into egress queues; processing multicast packets.♦ Egress queue management − RED/WRED processing on the ingress queues and de−queuing towards the egress PLIM to maximize the egress line utilization.♦ Egress PLIM − HDLC and PPP processing, SONET/SDH framing, Electrical to Optical conversion.♦ • Related InformationCisco 12000 Series Internet Router Architecture − Chassis• Cisco 12000 Series Internet Router Architecture − Switch Fabric• Cisco 12000 Series Internet Router Architecture − Route Processor• Cisco 12000 Series Internet Router Architecture − Line Card Design• Cisco 12000 Series Internet Router Architecture − Memory Details• Cisco 12000 Series Internet Router Architecture − Maintenance Bus, Power Supplies and Blowers, and Alarm Cards• Cisco 12000 Series Internet Router Architecture − Software Overview• Understanding Cisco Express Forwarding• Technical Support − Cisco Systems• Contacts & Feedback | Help | Site Map© 2008 − 2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems, Inc.Updated: Jul 07, 2005Document ID: 47320。