release notes 11.1.2.3

SmartEdge OS Release 11.1.2.3

NETWORK IMPACT REPORT

9/109 48-CRA 119 1170/1 Uen A2

Copyright

© Ericsson AB 2011. All rights reserved. No part of this document may bereproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due tocontinued progress in methodology, design and manufacturing. Ericsson shallhave no liability for any error or damage of any kind resulting from the useof this document.

Trademark List

SmartEdge is a registered trademark of Telefonaktiebolaget LMEricsson.

9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Contents

Contents

1 Introduction 1

1.1 Purpose 1

1.2 Related Information 1

1.3 Revision Information 1

2 General Impact 2

2.1 Hardware 22.1.1 New Cards 22.1.2 Modified Cards 42.1.3 New Transceivers 5

2.2 Implementation 52.2.1 Upgrade Paths 52.2.2 Required System Components 62.2.3 Licenses 72.2.4 Upgrade Alerts 7

2.3 Interface 112.3.1 Inter-Node Interface 112.3.2 Man-Machine Interface 11

2.4 Memory 13

2.5 Operation 132.5.1 BRAS and Metro Ethernet Operation 132.5.2 Border Gateway Function Operation 522.5.3 DPI Operation 622.5.4 Platform Operation 64

2.6 Obsolete Features 732.6.1 Support for Route Map Resequencing Removed 732.6.2 Support for SSHv1 Client Removed 73

2.7 Other Network Elements 73

3 Summary of Impacts Per Feature 74

3.1 Broadband Remote Access Server and Metro Ethernet 74

3.2 Border Gateway Function 78

3.3 Deep Packet Inspection 79

3.4 Platform 79

4 Additional Information 80

4.1 New Documentation 80

4.2 Obsolete Documentation 81

9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


Glossary 83

Reference List 89

9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Introduction

1 Introduction

The Network Impact Report (NIR) describes how the current release of theSmartEdge

®OS, with new and changed features, differs from the previous

release of the SmartEdge OS and how this affects the operator's overallnetwork, including all affected products and functions.

1.1 Purpose

This document provides sufficient information at an early stage to Ericssonsystem operators to help them plan the introduction of new products andupgrades to their networks. This document is intended for personnelresponsible for planning, implementation, and product handling of theSmartEdge router, the SmartEdge Border Gateway Function (BGF), and theSM router.

This is a living document and subject to change during the development ofthe new release.

This document applies to both the Ericsson SmartEdge® and SM family routers.However, the software that applies to the SM family of systems is a subset ofthe SmartEdge OS; some of the functionality described in this document maynot apply to SM family routers.

For information specific to the SM family chassis, including line cards, refer tothe SM family chassis documentation.

For specific information about the differences between the SmartEdge and SMfamily routers, refer to the Technical Product Description SM Family of Systems(part number 5/221 02-CRA 119 1170/1) in the Product Overview folder ofthis Customer Product Information library.

1.2 Related Information

Trademark information, typographic conventions, and definition and explanationof acronyms and terminology can be found in Reference [26] and Reference[39].

1.3 Revision Information

Other than editorial changes, this document has been revised as follows:

19/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


Table 1 Revision Information

Rev Date Description

A December15, 2011

First edition. This revision includes information thatpreviously could be found in Reference [22].

2 General Impact

This section describes the general impact due to the introduction of this releaseof the SmartEdge OS.

New hardware is required for several of the new features; see individualfeatures for specific information.

2.1 Hardware

The following hardware is new or changed in this release.

2.1.1 New Cards

2.1.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card

In this release, support for the Channelized OC-3/STM-1 or OC-12/STM-4line card is introduced. The Channelized 8-port OC-3/STM-1 or 2–portOC-12/STM-4 line card (ROA1283421/1) is equipped with a license(FAL1241080/1) that must be loaded against a slot in the SM family chassis toenable all ports. The license is granted through the ELIS licensing system byyour local Ericsson market unit contact.

The Channelized 4-port OC-3/STM-1 or 1-port OC-12/STM-4 line card(ROA1283421/2) can be upgraded in the future to enable the remaining fourOC-3OC-3/STM-1 or OC-12/STM-4 ports by purchasing a separate license(FAL1240784/1).

All ports on a Channelized OC-3/STM-1 or OC-12/STM-4 line card mustbe configured for either SONET framing (OC-3/OC-12) or SDH framing(STM-1/STM-4). That is, all ports on a card must be SONET or SDH; acombination of SONET and SDH is not supported. The first port configuredon the card limits the configuration of the remaining ports on that card to thesame framing type.

2 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

Ports 1 and 5 on the Channelized cards are multirate ports, configurable asChannelized OC-3/STM-1 or OC-12/STM-4. The adjacent three ChannelizedOC-3/STM-1 ports in a port group cannot be used when ports 1 and 5are operating as Channelized OC-12/STM-4 ports. For example: On theChannelized 8-port OC-3/STM-1 or 2–port OC-12/STM-4 line card, if port 1 isused as a Channelized OC-12/STM-4 port, ports 2 to 4 are not available andports 5 through 8 can be used as Channelized OC-3/STM-1 ports.

The Channelized OC-3/STM-1 card supports eight or four SONET SMF ports;each operates at 155.52 Mbps. The Channelized OC-12/STM-4 card supportstwo or one SONET SMF ports; each operates at 622.08 Mbps. Both OC-3/12and STM-1/4 ports can be channelized to DS0.

This card does not support concatenated STN-n/STM-n signals, such asSTS-3c and OC-3c.

For more information on how to configure channelized ports, seeConfiguringChannelized Ports.

There are two 4-port groups on this channelized card:

• Group 1 contains ports 1 through 4, where port 1 has the OC-3/12 orSTM-1/4 dual-rate capability.


• When ports 1 and 5 are in use as OC-12/SMT-4, the other six ports arenot available.

• A total of 1000 unchannelized channels of Packet Over SONET (POS)are supported on each 4-port group.

2.1.1.2 Advanced Services Engine 2 Card

Table 2 lists the new order number of the Advanced Services Engine 2 (ASE2)card and its impacting software release version:

Table 2 ASE2 Card Order Number

Order Number Description Front Panel Label Earliest Release

ROA1283753/1 Advanced Services Engine 2 Advanced Services Engine 2 SmartEdge 600/1200/1200H— 11.1.2

Similar to the Advanced Services Engine (ASE) card, the ASE2 card providesadvanced services beyond the terminating and forwarding capabilities providedby line cards. ASE 2 services available in this release include Security Services,which provide support for IP Security (IPsec), Virtual Private Networks (VPNs),Application Traffic Management, and Distributed Control Plane (DCP).

Security features on the ASE2 card protect the network at its edge, ensureminimal network disruption, and provide secure tunnels for end-user

39/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


applications. Using Deep Packet Inspection (DPI), the ASE2 cards can identifyand process point-to-point (P2P) applications, and provide a more efficient andsecured network operation. You perform IP Security (IPsec) configuration,management, and reporting with NetOp Element Manager System (EMS).

The Distributed Control Plane solution on the ASE2 card extends thefunctionality of the XCRP4 Controller card across the backplane mesh tosupport high signaling loads in CPG deployments. The ASE2 card utilizes ahigher-performance processor and more memory to support multiple EvolvedPacket Systems (EPS-C) process instances.

2.1.2 Modified Cards

2.1.2.1 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c Line Cards

Table 3 lists the new order numbers of the 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c line cards and their impacting software releaseversions:

Table 3 Line Card Order Numbers

Order Numbers DescriptionFront PanelLabel Earliest Release

ATM

ROA1283243/2 8-port OC-3c/STM-1c ATM, SFP transceivers ATM

OC3/

STM-1

SmartEdge 400/600/800/1200/1200H— 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2

ROA1283281/2 2-port OC-12c/STM-4c ATM Enhanced, SFPtransceivers

ATM

OC12

STM-4

SmartEdge 400/600/800/1200/1200H— 6.5.1.5 and 11.1.2

The hardware revision of the 8-port ATM OC-3c/STM-1c line card is "5."The hardware revision of the 2-port ATM OC-12c/STM-4c line card is "4."The Field-Programmable Gate Array (FPGA) revision of the 8-port ATMOC-3c/STM-1c line card is "6." (The 2-port ATM OC-12c/STM-4c has not beenpreviously released.)

For the old version 8-port ATM OC-3c/STM-1c card (ROA1283243/1) to workproperly with 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2 software releases, a manualupgrade of the Field-Programmable Gate Array (FPGA) image is required. Formore information, see Section 2.2.4.1 Upgrade the FPGA Version for the 8-portATM OC-3c/STM-1c Line Cards on page 7.

Note: Release 11.1.2 supports both versions of the ATM 8-port ATMOC-3c/STM-1c and 2-port ATM OC-12c/STM-4c cards.

The 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c line cardsnow support new log messages for memory errors. For more information, see

4 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

Section 2.5.4.12 ECC Log Messages on the 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c Line Cards on page 71.

2.1.3 New Transceivers

2.1.3.1 OTN XFP Optical Transceivers - ITU Channels 20 and 33

In this release, in addition to the existing ITU channels 35, 36, 37, 53, and 55,10GE-DWDM XFPs also support ITU channels 20 and 33.

Table 4 Transceiver Order Numbers

Part Number ABC Part Number INE Part Number CLEI Code Transceiver Description

XFP-10GE-DWDMITU20 RDH90141/20 N/A IPUIBKM2AA XFP optical transceiver, 10GEDWDM, ITU Channel 35, SMF usingLC connector

XFP-10GE-DWDMITU33 RDH90141/33 N/A IPUIBKT2AA XFP optical transceiver, 10GEDWDM, ITU Channel 35, SMF usingLC connector

2.2 Implementation

This section describes the minimum software requirements for implementinga new revision of the SmartEdge OS and provides release-specific upgradeinformation.

For detailed software installation and upgrade instructions, see Reference [19].

2.2.1 Upgrade Paths

The system can up be upgraded to the SmartEdge OS Release 11.1.2.3 fromRelease 6.2, Release 6.4, Release 6.5, Release11.1.1.1, and Release 11.1.2.1.

However, keep the following in mind:

• Release 11.1 does not support PPA1-based line cards. PPA-1 based linecards can still be installed and detected in SmartEdge chassis, but theSmartEdge OS does not recognize and initialize them to a usable state.

• Release 11.1 does not support the XCRP3 Controller card.

If your system does not include this deprecated hardware, you can upgradedirectly to this release. For systems running the deprecated hardware, upgradeto this release:

• If your current software release supports the newer PPA and XCRP cards,upgrade your hardware. Then, upgrade your software to Release 11.1.

59/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• If your current software release does not support the newer PPA and XCRPcards, move to an intermediate release that does (for example, Release6.2.1.7). Using that release, upgrade your hardware. Then, upgrade yoursoftware to Release 11.1.

2.2.2 Required System Components

The following system components are required in this release.

2.2.2.1 Required Boot ROM Versions

This release requires the boot ROM versions listed in in the following table.

Table 5 Required Boot ROM Versions

Card Type Version Filename

XCRP4

SMRP2

2.0.2.66 OFW-XC4-2.0.2.66.fallback.md5

SmartEdge 100 Controller 2.0.1.4 OFW-se100-2.0.1.4.primary.bin

ASE 2.0.2.66 OFW-ASE-2.0.2.66.fallback.md5

ASE2 2.0.2.66 OFW-ASE-2.0.2.66.fallback.md5

SSE 2.0.2.65 OFW-FSSB-2.0.2.65.ofwbin.md5

2.2.2.2 Required Minikernel Versions

This release requires the minikernel versions listed in the following table.

Table 6 Required Minikernel Versions

Card Type Version Filename

XCRP4

SMRP2

11.7 MINIKERN_RBN64-xc4.p11.v7

SmartEdge 100 controller 2.7 se100-minikernel.p2.v7.bin

ASE 13.10 MINIKERN_ASE64-ase.p13.v10

ASE2 13.10 MINIKERN_ASE64-ase.p13.v10

SSE N/A N/A

2.2.2.3 Required FPGA Versions

This information is not available at this time. Please contact your technicalsupport representative for this information.

6 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.2.3 Licenses

Two new licenses are added in this release for Secure RTP and MSRP B2BUAfeatures. These licenses are shown in Table 7.

Table 7 Licenses

Name Identity Version

Description

media-gateway srtplicense-key

N/A N/A License forSecure RTPfeature.

media-gateway msrplicense-key

N/A N/A License forMSRP B2BUAfeature.

2.2.4 Upgrade Alerts

This section identifies situations that require additional steps or may affect yoursystem before you upgrade to this release.

In addition, before you upgrade, check for any relevant security notifications onthe Ericsson E-business portal at https://ebusiness.ericsson.net.

Stop!

The Advanced Services Engine (ASE) card and the SmartEdge OS must bothbe running the correct version of the boot ROM. To avoid a serious equipmentoutage in the field, if you are running SmartEdge OS Release 6.2.1.5 or lateron either the ASE or the SmartEdge OS system, DO NOT DOWNGRADE to6.2.1.4 or earlier. If you must downgrade, contact your support representativefor an equipment-safe procedure. Downgrading from these releases can causepermanent damage to the ASE.

2.2.4.1 Upgrade the FPGA Version for the 8-port ATM OC-3c/STM-1c Line Cards

For the old version of the 8-port ATM OC-3c/STM-1c card (ROA1283243/1)to work properly with 6.2.1.9, 6.4.1.4, 6.5.1.5, and 11.1.2 software releases,a manual upgrade of the Field-Programmable Gate Array (FPGA) image isrequired.

When the card boots, if the FPGA version needs to be upgraded, you will seethe "FPGA mismatch" error message.

• To determine the current FPGA version, use the show hardware cardslot detail command. The SpiFpga rev and SpiFpga file rev

79/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


values are listed. The SpiFpga rev value is the revision of the file thatcurrently exists. The SpiFpga file rev value is the revision of the filethat exists in the new software package.

• To upgrade the FPGA version, use the reload fpga slot command.

After performing the upgrade, run the show hardware card slot

detail command again, and confirm that the SpiFpga rev and theSpiFpga file rev values match and are equal to "6".

For more information, see ‘‘Upgrade the Line Card FPGAs’’ in Installing theSmartEdge OS for your platform.

2.2.4.2 Upgrade the FPGA Version for the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR Line Cards

Stop!

In Release 6.5.1 or later, a QHUB4 FPGA upgrade to the most currentQHUB4 version is required for the 20-port Gigabit Ethernet DDR (ge4-20-portor ge4-20-port-sm) and 4-port 10 Gigabit Ethernet DDR (10ge-4-port or10ge-4-port-sm) cards. A card with an older FPGA image version will notoperate with a card with the most recent FPGA image version. An "FPGAmismatch" error indicates that an upgrade is required.

To upgrade from Release 6.4.1.3 or earlier to Release 6.5.1 or later:

1 Before the upgrade, shut down all cards.

2 Save the configuration.

3 Run the release upgrade command.

4 Run the reload fpga command on the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR cards.

5 Run the no shutdown command on all cards.


After the update, verify that the card is restored and that the FPGA version iscorrect by issuing the show hardware card slot detail command. Seethe expected output in ‘‘Upgrade the Line Card FPGAs’’ in Reference [19]

To downgrade a special manual FPGA upgrade for 20-port Gigabit EthernetDDR and 4-port 10 Gigabit Ethernet DDR cards, see Section 2.2.4.3 on page 9.

8 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.2.4.3 Downgrade an FPGA Version for the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR Line Cards

If a downgrade from Release 6.5.1 or later to Release 6.4.1.3 or earlier isneeded after performing the procedure in the previous section, and the 20-portGigabit Ethernet DDR (ge4-20-port or ge4-20-port-sm) and 4-port 10 GigabitEthernet DDR (10ge-4-port or 10ge-4-port-sm) cards exist in the chassis, adowngrade procedure is required:

1 Before the downgrade, shut down all cards.


3 Run the release upgrade command.

4 Run the reload fpga command on the 20-port Gigabit Ethernet DDR and4-port 10 Gigabit Ethernet DDR cards.

5 Run the no shutdown command on all cards.


2.2.4.4 Recover a Standby Controller Card

In rare occurrences, during a release upgrade, the standby Controller cardmay not come up. This issue does not impact service. To recover the standbyController card, manually reseat the card in its slot.

Use the show chassis and show redundancy commands to verify thestate of the primary and standby Controller cards. For the expected output, see‘‘Verify System Chassis State’’ and ‘‘Check System Status’’, respectively, inInstalling the SmartEdge OS for your platform

Alternatively, use a console connection to the Controller cards to monitor thestate.

2.2.4.5 Preserve Link Group and Bridge Profile Behavior

In Release 6.1.4.1 and later, a port or circuit can be associated with either abridge profile or a link group, but not both. If you are upgrading from an earlierrelease in which you have one or more ports or circuits associated with botha bridge profile and a link group and you want to preserve existing behaviorafter the upgrade:

1. If you have bridge profiles configured directly under any of the physicalports belonging to a link group, remove them. Change bridge profileconfiguration so that the bridge profile is configured for the link group—notthe port or circuit.

2. Use the show configuration command to display the link-groupconfiguration.

99/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


3. Copy the link-group configuration to a text file.

4. Upgrade the SmartEdge router to this release.

5. Use the text file you created with link group configuration information toreconfigure the bridge profiles in the dot1q pvc mode under the link group.This must be done manually.

6. Verify that the link group configuration and bridge profile configuration iscorrect.

2.2.4.6 Remove IS-IS Graceful Restart

If you are upgrading from a release earlier than Release 6.1.4.3, you mustperform extra steps to accommodate changes to IS-IS graceful restart.

The implementation of IS-IS graceful restart in Release 6.1.4.3 and subsequentreleases does not interoperate with the previous implementations of the feature.All SmartEdge IS-IS systems in your network must be running the same versionof graceful restart; different versions do not interoperate.

In addition, in Release 6.1.4.3, the command [no] graceful-restartreplaced the [no] restart graceful-time command.

To upgrade from a release earlier than Release 6.1.4.3:

1. Disable IS-IS graceful restart by using the no restart graceful-timecommand (pre-Release 6.1.4.3 version of the command).

2. Upgrade all adjacent IS-IS routers.

3. Re-enable IS-IS graceful restart by using the graceful-restartcommand (Release 6.1.4.3 and later version of the command).

If you need to downgrade to a release earlier than 6.1.4.3:

1. Disable IS-IS graceful restart by using the no graceful-restartcommand (Release 6.1.4.3 and later version of the command) on alladjacent routers.

2. For each adjacent IS-IS router:

a Downgrade the SmartEdge OS.

b Use the no restart graceful-time command (pre-Release6.1.4.3 version of the command) to disable IS-IS graceful on that routeruntil all other IS-IS routers have been downgraded.

3. Re-enable IS-IS graceful restart by using the restart graceful-timecommand (pre-Release 6.1.4.3 version of the command) on all adjacentrouters.

10 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.2.4.7 Ensure that the MGC Group Name Is Valid

If you are upgrading from a release earlier than Release 6.5.1, then prior toupgrading to this release, ensure that the MGC group name in the configurationhas a valid value. Use the mgc-group command (in global MG configurationmode) to specify an MGC group name.

In releases earlier than Release 6.5.1, the character set of the MGC groupname was unrestricted. In Release 6.5.1 and later, the valid value for theMGC group name is an alphanumeric string of up to 30 characters, and thefirst character must be a letter. If the configured MGC group name does notconform to the new syntax, the upgrade to the new release will fail. Beforeupgrading to Release 6.5.1 or later, change the MGC group name to conform tothe new syntax.

2.2.4.8 Ensure that the Realm Name Is Valid

If you are upgrading from a release earlier than Release 6.5.1, ensure that therealm name in the configuration has a valid value. Use the realm command (inMG context configuration mode) to specify a realm name.

In releases earlier than Release 6.5.1, the character set of the realm name didnot fully conform to fully qualified domain name (FQDN) format. Starting withRelease 6.5.1, it conforms. The valid value of a realm name is a string of upto 63 characters and is case-insensitive. The string must start and end withan alphanumeric character; can contain only letters, digits, hyphens (-), andperiods (.); and must consist of at least two characters. If the configured realmname does not conform to the new syntax, the upgrade to the new release willfail. Before upgrading to Release 6.5.1 or subsequent releases, change therealm name to conform to the new syntax.

2.3 Interface

This section describes interface changes between the existing and newrevisions of the SmartEdge OS that may require changes to the operators'systems, technical plans, training of network operator personnel, and so on.

2.3.1 Inter-Node Interface

No changes to inter-node interfaces occurred in this release.

2.3.2 Man-Machine Interface

2.3.2.1 New H.248.77 "srtp" Package Support

This release adds support for a new H.248 package on the SmartEdge BGF.Support for the H.248.77 (srtp) package has been added to implement thesecure RTP; see Table 8. In this table:

119/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• "No Impact" means that the new version can be installed without affectingother nodes.

• "Minor Impact" means that there are changes, but with additionalconfiguration the previous behavior can be retained.

• "Major Impact" means that the change has made an interfacebackward-incompatible.

• "New Interface" means that the interface did not exist in the previousrevision.

• "Obsolete" means that the interface no longer exists.

Table 8 Inter-Node Interface

Interface Protocol

Impact Change Relative to PreviousRelease

Ia H.248 No Impact Addition of H.248.77 (srtp)

2.3.2.2 New RBN-CES-MIB for Circuit Emulation Services

To support Circuit Emulation Service (CES) and pseudowire emulation (PWE), anew private SNMP MIB has been added. The RBN-CES-MIB describes objectsused to manage CES protocols, including RFC 5086, Structure-AwareTime Division Multiplexed Circuit Emulation over PackageSwitched Network (CESoPSN) and RFC 4553, Structure AgnosticCircuit Emulation Service over Packet Switch Network(SAToP). For a full description of the new MIB, see Reference [18].

2.3.2.3 Changes to SNMP Walk Operation Results on RBN-QOS-MIB Tables

In previous releases, an SNMP walk operation on these RBN-QOS-MIBinterface tables returned MIB objects only when statistics counters weredetected:

• rbnQosInterfaceTable

• rbnQosInterfaceQueueStatsTable

• rbnQosIntfRLClassStatsTable

• rbnQosHierarchicalPolicyStatsTable

• rbnQosHierarchicalPClassStatsTable

In this release, an SNMP walk operation returns these MIB objects only ifQuality of Service (QoS) is configured, even if no statistics counter is supported.If no statistics counter is detected, a zero (0) value is returned in the results.

Note: The interface MIB tables include MIB objects only if the correspondingQoS configurations exist.

12 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

Table 9 describes the parallelism between MIB tables and objects fornon-subscriber (bind interface) and subscriber (bind subscriber or authsubscriber) circuits.

Table 9 RBN-QOS-MIB Circuits

Non-subscriber circuits Subscriber circuits

IF-MIB::

ifTable / ifXTable

RBN-SUBSCRIBER-ACTIVE-MIB::

rbnSubsActiveTable/rbnSubsStatsTable

RBN-QOS-MIB::

rbnQosInterfaceTable

N/A

RBN-QOS-MIB::

rbnQosInterfaceQueueStatsTable

RBN-QOS-MIB::

rbnQosSubscriberQueueStatsTable

RBN-QOS-MIB::

rbnQosIntfRLClassStatsTable

RBN-QOS-MIB::

rbnQosSubscriberRLClassStatsTable

RBN-QOS-MIB::

rbnQosHierarchicalPolicyStatsTable

N/A

RBN-QOSMIB::

rbnQosHierarchicalPClassStatsTable

N/A

For information on using the RBN-QoS-MIB tables, see Reference [18].

2.4 Memory

In general, memory usage in the base system, increases slightly from releaseto release due to changes for new software and hardware features.

From image to image, higher memory usage may occur across applicationssuch as BRAS, Layer 2 to Layer 3 operation, DPI, and IPsec. This is typicallydue to support for new features or infrastructural changes in the release.Memory increase may also vary based on configuration and which featuresare enabled.

2.5 Operation

This section describes major changes between the existing SmartEdge OS andnew revisions that affect the daily operations of the network operator.

2.5.1 BRAS and Metro Ethernet Operation

This section describes impacts to the Broadband Remote Access Server(BRAS) Market Application on the SmartEdge router and Metro Ethernetfeatures for the SM family of routers.

139/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card Configuration

The SM family of routers now supports the Channelized OC-3/STM-1 orOC-12/STM-4 line card. This line card is an 8-port dual-services card forSM family systems, with channelization capabilities down to fractional E1/T1.Both SONET (Synchronous Optical Networking) and SDH (SynchronousDigital Hierarchy) mappings are supported. Circuit Emulation, PPP (Point toPoint Protocol), and MLPPP (Multilink Point to Point Protocol) services areall supported on the same card, with service types configured independentlydown to the physical port level. The card hardware supports DS3, DS1, DS0group (nx64K), and channelization for all Packet over SONET (POS) services.It also supports channelization for Circuit Emulation Services (CES). CESuses CESoPSN (Circuit Emulation Services over Packet Switched Networks)supporting up to 16 timing domains with adaptive clock recovery.

2.5.1.1.1 Channelized OC-3/STM-1 or OC-12/STM-4 Line Card Ports

The Channelized OC-3/STM-1 or OC-12/STM-4 line card has eight portsdivided into two 4-port groups:



Restrictions and Limitations

• To enable the Channelized OC-3/STM-1 or OC-12/STM-4 line card, youmust purchase a license and apply the all-ports license command.

• A maximum of 1000 channels are supported on each 4-port group.

• The Channelized OC-3/STM-1 or OC-12/STM-4 line card does not supportconcatenated STS-n/ STM-n signals, such as STS-3c and OC-3c.

• The port type restrictions are described in the port <port-type> (globalconfiguration mode) command reference entry.

2.5.1.1.2 APS Port Protection

Automatic Protection Switching (APS) is described in detail in the ConfiguringAPS MSP document.

You can configure POS and CES ports as part of a 1+1 APS group. APScommands and functionality include:

• Creation and configuration of an APS group (aps group command fromglobal command mode)

• Unidirectional and bidirectional 1+1 configuration (architecture 1+1[bidirectional | unidirectional])

14 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

• APS description (description text)

• Revertive or nonrevertive (revert [wtr-interval] command in apsconfiguration mode)

APS is not configurable on a per-channel basis.

The ports in an APS group can be on the same card, or on different cards,with the following restrictions:

• Both cards must be Channelized OC-3/STM-1 or OC-12/STM-4 line cards.

• Both ports must be the same type and speed; both OC-12, both OC-3,both STM-4, or both STM-1.

• Both ports must have been created with the same CES or POS service.

• Only the description, shutdown, c2byte, path-trace, and au3/au4 submodecan be configured under the APS working or protect port before or afterthey bind to an APS group.

• Channels are not allowed before port bind to an APS group.

• The protect port automatically has the same channel structure as theworking port.

When unbinding the port from an APS group, the following occurs:

• If you remove the APS working port, the protect port is also unbound if itexists, all the child channels are removed on both working and protectports, and on the protect port, all the attributes are reset to default values.

• If you remove the APS protect port and it is active, the CLI prompts you tomanually switch the active channel back to the working port if any activetraffic is on the protect port. If you do not switch the traffic to the workingport, the system halts the traffic.

2.5.1.1.3 Port and Channel Loopback

Loopback can be applied to ports, channels, and subchannels on a ChannelizedOC-3/STM-1 or OC-12/STM-4 line card. Loopback support is identical for CESports and POS ports. Refer to the following table for the port and channelloopback types supported.

Table 10 Port and Channel Loopback Support

LoopbackPort/ChannelType

Line Local/Internal Remote

Comments

OC-n/STM-n Port Yes Yes No Requires C-Bit Framing

DS3 Channel Yes Yes Yes

159/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


Table 10 Port and Channel Loopback Support

DS1 Channel Yes Yes Yes • local

• network -> line

• network -> payload

• remote -> line -> fdl -> ansi

• remote -> line -> fdl -> bellcore

• remote -> line -> inband

• remote -> payload

E1 Channel Yes Yes No No protocol for E1 remote loopback

DS0 Group Yes No No Devices are not capable of internalloopbacks

2.5.1.1.4 Traffic Management

Policing

Policing policies are supported per channel and per Multilink Point to PointProtocol (MLPPP) bundle.

Metering

Metering policies are supported per channel and per MLPPP bundle.

Queuing

A Priority Weighted Fair Queuing (PWFQ) policy can be applied to PPPchannels and MLPPP bundles. Up to eight priority groups are supported.PWFQ operates as it does for other PPA2 cards. PWFQ is the only queuingpolicy supported.

The Channelized OC-3/STM-1 or OC-12/STM-4 line card supports flow controlbetween the EPPA and a Winpath device. As a result, all congestion dropsoccur in the EPPA, and not the Winpath device.

2.5.1.1.5 Showing Software Licenses

Use the show licenses command with the detail keyword to display per-slotsoftware license information.

2.5.1.1.6 Install All Ports Software License

Before you can use ports 5 through 8 of the Channelized OC-3/STM-1 orOC-12/STM-4 line card, you must obtain an all-ports software license, onefor each line card using these ports.

After obtaining the license, install it in the slot housing the ChannelizedOC-3/STM-1 or OC-12/STM-4 line card. See the all-ports command for details.

16 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

Note: If this software license is not in place, the system rejects attempts toconfigure ports 5 through 8 (for CES or POS service) and displaysan error message.

2.5.1.1.7 Configure the Channelized Line Card

The card ch-oc3oc12-8or2-port-sm command provisions a specified slotfor the Channelized OC-3/STM-1 or OC-12/STM-4 line card.

See the card command reference for details.

2.5.1.1.8 Configure the Card Clock Source

You can configure the clock source for the Channelized OC-3/STM-1 orOC-12/STM-4 line card to be either the system clock on an XCRP (the globalreference) or the 20 ppm SONET Minimum Clock oscillator on the ChannelizedOC-3/STM-1 or OC-12/STM-4 line card.

See the clock-source (card configuration mode) for details.

2.5.1.1.9 Configure the Ports for Channelized SONET/SDH

Use the port <port-type> command to configure any port as a SONETChannelized OC-3 or SDH Channelized STM-1 port. In addition, you canconfigure ports 1 and 5 as SONET Channelized OC-12 or SDH ChannelizedSTM-4.

2.5.1.1.10 Configure SONET Mapping

Port SONET mapping specifies the mapping used by all facilities on an OC-3and OC-12 port. The mapping selected must match that of the far-end SONETinterface, and must support the types of channels required to carry the POSor CES service.

See the channel-mapping command for details.

2.5.1.1.11 Configure SDH AUG Mapping

The port SDH mapping specifies the AUG mapping used by all facilities on aSTM-1 or STM-4 port. The AUG mapping selected must match that of thefar-end SDH interface, and must support the types of channels required tocarry the POS or CES service.

See the aug-mapping command for details.

2.5.1.1.12 Configure Ports for DS3, DS1, or E1 Channels

In the context of the Channelized OC-3/STM-1 or OC-12/STM-4 line card, achannel refers to the Plesiochronous Digital Hierarchy (PDH) structure that is

179/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


mapped into the SONET or SDH frame. This contrasts to a subchannel, whichis a PDH structure that is multiplexed into the DS3 channel.

The CLI commands that create channels directly from the SONET or SDHport map the channels to the SONET or SDH frame. These channels can beDS3, DS1, and E1. The CLI commands that create channels from PDH DS3,DS1, and E1 channels create subchannels, which are time slots multiplexedinto the DS3, DS1, and E1. The term subchannel is used because in these CLIcommands, you specify both the parent channel ID and the child subchannel ID.

1 The port {ds3 | channelized-ds3} command configures PDH DS3 channelsin the OC-3, OC-12, STM-1, and STM-4 ports.

You can bind services only to DS0 channels and unchannelized DS1, E1,and DS3 channels . You can multiplex subchannels only in channelizedDS1, E1, and DS3 channels.

2 The port {ds1 | channelized-ds1} and port {e1 | channelized-e1) commandsenter the configuration mode for the PDH DS1 and E1 channels; eithermultiplexed in channelized OC-3, OC-12, STM-1, or STM-4 port ormultiplexed in DS3 channels.

You can bind services only to DS0 channels and unchannelized DS1, E1,and DS3 channels . You can multiplex subchannels only in channelizedDS1, E1, and DS3 channels.

2.5.1.1.13 Configure Ports for NxDS0 Subchannels

The port ds0s command configures DS0 subchannels or sub-subchannels.

NxDS0 channels can be multiplexed as subchannels in a channelized DS1or channelized E1 channel or as a sub-subchannel in a channelized DS1 orchannelized E1 subchannel within a DS3 channel. For details, see the portds0s command.

2.5.1.1.14 Configure NxDS0 Channel Timeslots

The timeslot command defines one or more groups of NxDS0 subchannelsadded to the first NxDS0 subchannel (also known as a timeslot) within theparent DS1 or E1 (fractional T1/E1).

Note: The first NxDS0 timeslot is the subchannel set by the port ds0scommand in its nxds0-channel-id argument.

2.5.1.1.15 Configure Port Transmit Timing Clock Source

Use the clock-source (port) command to select whether the port and channeltransmit timing is loop-timed or timed by the card-reference clock. (See theclock-source (card configuration mode) command for the card-reference clockoptions.)

18 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.1.1.16 DS3, POS DS1/E1 Channel and Subchannel Clock Sources

Use the clock-source (port) command to select whether the transmit timingfor DS3 and POS DS1/E1 channels and subchannels is loop-timed or timedby the card-reference clock.

2.5.1.1.17 Configure Layer 2 Encapsulation

Use the encapsulation (channel) command to specify the type of encapsulationfor the channels you configure, Currently, only PPP is supported on theChannelized OC-3/STM-1 or OC-12/STM-4 line card.

2.5.1.2 MLPPP Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card

You can configure an MLPPP (MP bundle) on a Channelized OC-3/STM-1 orOC-12/STM-4 line card with all the links of the bundle within a card. The linkscan span ports on a card but cannot span cards. Each link can be an E1, DS1,DS3, or DS0 group.

Note: The difference in speed between the slowest and fastest links in anMLPPP bundle cannot exceed the speed of a single DS0 channel.

All packets going out on an MLPPP bundle from a PPA2 POS card thatsupports MLPPP are always encapsulated with MLPPP.

2.5.1.3 PWFQ Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card

The PWFQ policy is applied at the MLPPP bundle level. A separate instanceof PWFQ is instantiated for the APS working and protect ports when both theports are on the same slot or different slots.

Only packets inbound for the MLPPP bundle alone are subjected to PWFQ.Packets at the working and standby APS ports have the same PWFQ policyapplied to them.

The results of applying PWFQ for each packet can vary based on the linkstatus of the respective ports; for example, the fate of PWFQ on packets boundtowards the working port depend on the links of the MP bundle associated withthe active port. The fate of PWFQ on the packets bound towards the protectport depend on the links of the MP bundle associated with the standby port.

Packets are shaped and scheduled independently of each other.

2.5.1.4 APS Support on Channelized OC-3/STM-1 or OC-12/STM-4 Line Card

You can mark the port where MLPPP is configured for APS support. Theworking and protect ports can be on the same or different cards. The protectport automatically inherits the channel structure of the working port.

APS ports can have channels that are not part of an MLPPP bundle.

199/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


Multiple MLPPP bundles can exist on the same APS port.

2.5.1.5 Control Packet Rate Limiting Support for 8-port ATM OC-3c/STM-1c and2-port ATM OC-12c/STM-4c Line Cards

In previous releases, control packet rate limiting configuration was notsupported for the 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4cline cards. In this release, the control packet rate limiting configuration optionsare supported for these line cards to improve the subscriber bringup rate duringPoint-to-Point Protocol (PPP) over Asynchronous Transfer Mode (PPPoA)and PPP over Ethernet over Asynchronous Transfer Mode (PPPoEoA) packetprocessing at the SmartEdge router during circuit creation on demand (CCOD)of Asynchronous Transfer Mode (ATM) permanent virtual circuits (PVCs).Additionally, this feature prevents loss of Cross-Connect Route Processor(XCRP) card resources, such as the pppd process, when many subscribersattempt to connect simultaneously.

For information on using the rate-limit ccod and rate-limitppp-lcp-confreq commands, see Reference [3].

2.5.1.6 CESoPSN Pseudowires

Circuit Emulation Service (CES) and Pseudowire Emulation (PWE)transparently carry time-division-multiplexing (TDM) circuits over apacket-switched network (PSN). At the source endpoint, TDM frames areconverted to packets, which are then transported across the PSN core. At thedestination endpoint, the packets are converted back to TDM frames.

Structure-aware TDM CES over PSN (CESoPSN, as defined in RFC5086,Reference [38]) encapsulates structured (NxDS0) TDM signals aspseudowires over a PSN, preserving the standard TDM framing structure.

CESoPSN is supported on Channelized 8-port OC-3/STM-1 or 2-portOC-12/STM-4 line cards and XCRP4 cards on all chassis. PPA1 cards arenot supported.

2.5.1.6.1 CESoPSN Model

The fundamental components of a CESoPSN connection are:

• "Framed" T1/E1 trunk.

• Attachment circuit (AC): DS0 Channel Group (a set of DS0 channels onthe T1/E1 trunk).

• Interworking function (IWF):

(Ingress direction) Packetizes the framed attachment circuit data ontoa pseudowire.

20 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

(Egress direction) Places out the payload from the pseudowire onto theattachment circuit.

• Cross-connect (XC): Joins the attachment circuit to the PSN (IP/UDP orMPLS).

• Pseudowire (PW): Carries the framed attachment circuit data betweenCESoPSN IWFs.

This feature requires an "all-ports" license to be used. For more detailsabout the CESoPSN feature, see Configuring CESoPSN Pseudowires,95/1543-CRA 119 1170/1.

2.5.1.6.2 New Commands

• [no] ces excessive-packet-loss

• ces

• cesopsn

• clear ces excessive-packet-loss

• clear ces outage

• clear port counters (ces)

• clock-source

• end-to-end-delay

• idle-pattern

• [no] pseudowire router-id

• show ces

• show ces domain

• show ces excessive-packet-loss-rate

• show circuit counters (ces)

• show port counters (ces)

• timeslot (ces)

• [no] trap cesmib

• [no] trunk-control

• [no] Xc ds0

219/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.1.6.3 Enhanced Commands

• show port detail

• show pseudowire

2.5.1.7 SAToP Pseudowires

Circuit Emulation Service (CES) and Pseudowire Emulation (PWE)transparently carry time-division-multiplexing (TDM) circuits over apacket-switched network (PSN). At the source endpoint, TDM frames areconverted to packets, which are then transported across the PSN core. At thedestination endpoint, the packets are converted back to TDM frames.

Structure-agnostic TDM over Packet (SAToP, as defined in RFC 4553Reference[37]) encapsulates TDM bitstreams (T1/E1) as pseudowires over a PSN,disregarding any TDM framing structure.

SAToP is supported on Channelized 8-port OC-3/STM-1 or 2-port OC-12/STM-4line cards and XCRP4/SMRP2 cards on all chassis. PPA1 cards are notsupported.

2.5.1.7.1 SAToP Model

The fundamental components of a SAToP connection are:

• Attachment circuit (AC): An "unframed" T1/E1 trunk.

• Interworking function (IWF):

(Ingress direction) Packetizes the framed attachment circuit data ontoa pseudowire.

(Egress direction) Places out the payload from the pseudowire onto theattachment circuit.

• Cross-connect (XC): Joins the attachment circuit to the PSN (IP/UDP orMPLS)

• Pseudowire (PW): Carries the unframed packetized T1/E1 data betweenSAToP IWFs.

This feature requires an "all-ports" license to be used. For more details about theSAToP feature, see Configuring SAToP Pseudowires, 96/1543-CRA 119 1170/1


• ces

• [no] ces excessive-packet-loss

• clear ces excessive-packet-loss

22 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

• clear ces outage

• clear circuit counters (ces)

• clear port counters (ces)

• clock-source

• end-to-end-delay

• [no] pseudowire router-id

• satop

• show ces

• show ces domain

• show ces excessive-packet-loss-rate

• show circuit counters (ces)

• show port counters (ces)

• [no] trap cesmib

• [no] xc ds1|e1


• show port detail

• show pseudowire

2.5.1.8 Multicast Support on Port Pseudowire Circuits

Multicast traffic forwarding is now supported over port pseudowire (PW)connections in regular and L3VPN routing contexts Use this feature to supportcustomers that have dedicated links to a PE router that terminates in anL3VPN context as shown in the topology example in Figure 1. IGMP is usedon the CE-to-PE connections to join groups connected to CE routers that donot support PIM. PIM works over the port PW to enable the CE routers thatdo support it to join the multicast tree. Multicast traffic between PE routers isforwarded over the multicast distribution tree (MDT).

239/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


Figure 1 Multicast Traffic Forwarding on IPoE Over a Port PW Circuit

The commands to configure multicast have not changed. To enable multicaston IP-over-Ethernet-over-port PW connections, configure PIM or IGMP on aport PW-bound interface as you would for other interface types. For moreinformation and a configuration example, see Configuring Port PseudowireConnections.

The following commands were enhanced to verify multicast over port PWs:

• show igmp group

• show igmp circuit

• show ip mfib

• show ip mroute

• show pim circuit

Multicast over port PW supports 2000 Source, Groups with maximum of tenport PW outgoing interfaces per Source, Group.

2.5.1.9 Increased Port Pseudowire Capacity

Up to 1000 port pseudowires (PW) per line card are now supported with amaximum of 2000 port PW per node.

2.5.1.10 DVSR, OSPF, and IS-IS Support on Port Pseudowire Circuits

In addition to static routing, RIP, and BGP routing protocols, DVSR, OSPF, andIS-IS are now supported for port PW circuits.

There are no new or changed commands to support this feature, and nochanges to default system behavior were introduced.

2.5.1.11 Control Word, VCCV, and QoS Propagation Enabled for Port PW

Control words, virtual circuit connectivity verification (VCCV), and QoSpropogation are now supported for port pseudowire connections.

24 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

A control word can be embedded in the Ethernet frame between the PW labeland the inner L2 header. The control word is used to detect packet reorderingand packet loss, and to perform equal cost multi-path (ECMP) path avoidance,and various OAM tasks. When the control word is present, all traffic follows asingle path because further lookups for the packet do not occur. The controlword also permits the VCCV packet to follow the same path through the dataplane that is taken by the PW data packets.

Note: This feature does not support sequencing, so no packet reordering isperformed.

To enable a control word, use the control-word command in L2VPN profilepeer configuration mode.

VCCV provides a control channel on the pseudowire that can be used forfault detection and diagnosis. VCCV verifies the connectivity of the PW usingthe LSP/MPLS ping tool. The SmartEdge OS advertises VCCV RA + ACH(Associated Channel Header) support in every PW establishment.

• Both Type 1 and Type 2 VCCV is supported for both operationally activeand standby PW redundant pairs as follows:

In-Band VCCV: Type 1—Pseudowire Emulation Edge to Edge (PWE3)control word with 0001b as first nibble. Type 1 is only supported whena control word is enabled.

Out-of-Band VCCV: Type 2 —MPLS Router Alert Label. Type 2 issupported whether or not a control word is enabled.

No new commands were created to support the control word and VCCVfeatures, and no changes to default system behavior were introduced.

QoS propagation is also enabled. Typically, on L3 circuits, when a packetarrives on a non-MPLS interface (or without labels on an MPLS interface), theIP DSCP bits are used by default to set up the packet descriptor (PD) QoSpriority bits. If the packet arrives on an MPLS interface, the EXP bits from thefirst label in the packet are used to set up the PD. Once the PD is set up onthe ingress Packet Processing ASIC (iPPA), none of the remaining QoS bits inthe packet are used to overwrite the PD value. The same default behavior isretained for traffic onto the port PW. However, for inbound traffic from the portPW, the default PD propagation is from IP DSCP to PD, not EXP to PD as inregular MPLS and VLL/VPLS traffic.

QoS propagation can be configured either with or without custom class maps.Three customized class maps at different levels can be configured on bothinbound and outbound directions of the port PW:

• Global MPLS class map for the tunnel label.

• L2VPN class map for the PW label; there are two options:

Global L2VPN class map.

259/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


L2VPN class map per PW.

• IP class map at the port PW interface level.

The SmartEdge OS supports one global MPLS class map and one globalL2VPN class map under MPLS configuration mode for inbound and outboundpackets. Port PWs can use the global L2VPN class map transparently. An IPclass map configured at the interface level can also be used transparentlyby the port PW.

The per-PW class map is associated to the port PW using the L2VPN profile.Class map grid values are programmed to the PPA on the port PW L0 circuit.All PWs that use to same L2VPN profile are associated with the same classmap grid. The global L2VPN and per-PW class maps can coexist on the samesystem. When both are present, the per-PW class map takes precedence overthe global class map in both the inbound and outbound directions. When noclass maps are present for port PW label traffic, the IP DSCP value is usedinstead of EXP bits to populate the PD.

For a full description of all these features, see Configuring Port PseudowireConnections.

2.5.1.12 Enhancements to the local-as BGP Command

The local-as command (in BGP neighbor configuration mode) is enhanced tosupport the no-prepend option to disable prepending the local AS to inboundroute updates received from the eBGP neighbor and the replace-as optionto replace the global ASN with the local AS in the outbound message.

For information about these command options, see the local-as command.

2.5.1.13 Inter-Context Routing in iBGP

This feature enables the creation of routing sessions between peers that belongto different contexts that are not connected by a physical port, eliminating therequirement of an actual physical link between the contexts. Enable serviceinter-context routing using the ip route command with the context option inthe context configuration mode.

2.5.1.14 Site of Origin Available in BGP External Community Attribute

This release adds the ability to specify the Site of Origin (SoO) as part of theBGP extended community attribute in BGP at a per-neighbor level. This featureprovides more-granular filtering of routes in a route map. In addition, you cannow specify the ASNs in the extended community attribute as a two-byte orfour-byte value. Previously, you could specify only two-byte ASN values.

2.5.1.14.1 Restrictions and Limitations

• In previous releases, you could configure the SoO only at the globaladdress family (AF) level in VPN context. Because you can now also

26 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

configure the SoO at a per neighbor level, make sure that you do notconfigure both levels at the same time.

• If routes are aggregated, extended community information associated withindividual routes is lost. To add extended community information to theaggregated route, use the set ext-community command in a route map.

2.5.1.15 IPv6 Single-Hop Bidirectional Forwarding for Static Routes and eBGP

This feature introduces single-hop BFD support for static routes and eBGP forIPv6 addresses. BFD is not supported for link-local addresses.

To begin a BFD session with a single-hop peer:

• BFD must be enabled in the context by using the router bfd commandin the configuration context mode.

• The remote address, or the interface on which the remote address isreachable, must be enabled for BFD by using the neighbor or interfacecommands.

• A client, such as BGP or the static routing process, must request BFDmonitoring of the remote address.

In order to enable BFD for an IPv6 static route, append the keyword bfd to theipv6 route command.

To configure BFD for an IPv6 eBGP neighbor, configure BFD in the BGPneighbor configuration.

The show bfd session and show static route commands are modified to enablethe ipv6 keyword. The default setting with no keyword displays IPv4 data.

The show bgp neighbor command is enhanced to show whether BFD isenabled and the BFD neighbor status.

The debug bfd client, debug bfd config, and debug bfd session commands nowsupport the ipv4 and ipv6 keywords. The default setting with no keyworddisplays both IPv4 and IPv6 debugs. The all keyword is now available to turnon all BFD-related debugs.

2.5.1.16 Single-Session Bidirectional Forwarding over LAGs

BFD over trunk LAGs (Ethernet LAG or 802.1Q LAG) has been a supportedSmartEdge OS feature, where BFD runs at Layer 3 to monitor the liveness of adirectly-connected Layer 3 neighbor with a separate BFD session over eachLAG constituent, with the sessions all using the same next-hop IP address butover different designated links. This feature adds support for standard one-hopBFD, where the Layer 3 BFD session runs one session per neighbor.

Single-session BFD is preferable to multi-session BFD in several cases:

279/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• The next-hop node is not a SmartEdge router, and therefore does notsupport multi-session BFD.

• The next-hop node is connected to a Layer 2 network that terminates theLAG and forwards BFD keepalives on the LAG link it chooses.

• Many BFD sessions exist between two nodes, so to reduce resource usageand support better scaling, a single-session BFD is used for some or allof the neighbors.

With single-session BFD over LAGs, BFD detects whether a Layer 3 neighboris active regardless of the Layer 2 interface that connects the neighbors. BFDdesignates a home slot (a line card within the LAG) on which a BFD sessionoperates. BFD packets are transmitted and received on the card in the homeslot; if the card in the home slot fails, a backup home slot card takes over.Backup home slot card selection is automatic; you do not need to configurebackup selection.

The router bfd configuration is modified to include the link-group commandto specify a single session or multiple sessions. The show bfd sessioncommand displays home card and backup card settings for single-session BFD.

To enable single-session behavior, single-session mode must be explicitlyenabled using the link-group command with the single-session keyword(in router BFD interface or router BFD neighbor configuration mode).

2.5.1.17 Fast Convergence for OSPFv3 Using SPF Timers

For OSPFv3, the default delay-time and hold-time values are used to enableand disable fast convergence. By default, both timers are set to 0 seconds toenable fast convergence. Also, changing the OSPFv3 timer values to non-zerovalues disables fast convergence.

For more information about setting the timer values, see the router ospf3command.

2.5.1.18 Non-Stop Routing for OSPF

In OSPF router configuration mode, the new [no] nonstop-routingcommand can be used to activate non-stop routing to maintain OSPF neighborrelationships and operations in steady state if the active XCRP Controller cardfails and switches over to the standby XCRP. The OSPF routing domain willcontinue to operate in steady state. The show osfp command is modifiedto support the nsr keyword.

For information about the new nonstop routing command, see thenonstop-routing command.

For information about nonstop routing, see Configuring OSPF.

28 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.1.19 Change in Processing for "redistribute" (IS-IS) Command

Previously, when no metric was configured in the redistribute (IS-IS)command, and the route-map command option either specified ametric or not, the original route metric was not used in the IntermediateSystem-to-Intermediate System (IS-IS) domain. As a result, no (0) prefix metricwas used in the IS-IS domain. In this release, the metric that is configured bythe route-map command option is used as the internal prefix in the IS-ISdomain, when no metric is configured by the redistribute (IS-IS)command. In addition, if no metric is configured in the route-map commandoption, the original route metric is used as the internal prefix in the IS-IS domain.

PPA2 and PPA3

2.5.1.20 Multihop Route Advertisement For Inter-AS L3VPNs

You can now configure Layer 3 Virtual Private Networks (L3VPNs) that spandifferent autonomous systems (ASs) using LDP to redistribute routes from oneAS to the other. Previously, you could only configure the SmartEdge OS toredistribute routes between ASs using eBGP for this topology.

For more information, see the Multi-AS Backbones-option C from RFC 4364,BGP/MPLS IP Virtual Private Networks (VPNs).

With the new configuration, Label Distribution Protocol (LDP) redistributes theinternal Border Gateway Protocol (iBGP) routes from one AS to the other, usingonly two MPLS labels instead of three. Use this method to interoperate withCisco routers in this topology.

When it is not enabled, external Border Gateway Protocol (eBGP) redistributesthe routes between ASs, requiring three labels (the default method of usingOption C).

Use the new [no] redistribute bgp [route-map map-name] commandin router ldp configuration mode to enable LDP to redistribute the route.

The set ip next-hop command, required for this feature, has beenenhanced with the new prefix-address keyword.

For a full description, configuration tasks and examples, see ConfiguringBGP/MPLS VPN.

With this feature enabled, you can use the ping command between a provideredge (PE) router in one AS and a PE router in another AS to verify connectivity.However, the ping command is not supported from one autonomous systemborder router (ASBR) to another.

Use the following commands to verify route redistribution and labels:

• show mpls label-mapping

• show circuit counters

299/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• show bgp route {ipv4 | ipv6} vpn

• show ldp binding

• show ip route

This feature is supported with IPv4, IPv6, and dual-stack addressing on PPA2and PPA3 line cards.

2.5.1.21 Policy Based Routing for IPv6 Redirect

Policy Based Routing (PBR) functionality has been enhanced to supportredirection of IPv6 traffic to the IPv6 next hop. The keywords ip and ipv6have been added to the redirect destination next-hop command to enableredirection to the specified IPv6 address or to the default destination IPv6address according to the routing table. The show configuration forward, showforward policy, and show card qos commands have been modified to displayIPv6 forwarding data.

For IPv6, the redirect destination next-hop command accepts one or two IPv6addresses and a single default argument.

The command is rejected if:

• The IPv4 next-hop list contains 0.0.0.0 or 255.255.255.

• The IPv6 next-hop list contains the " ::" address, the "fe80::/10" prefix, orduplicate addresses.

For more information about the IPv6 redirect feature, see the redirectdestination next-hop command.

2.5.1.22 IPv6 LAG - QoS and ACL Support

This release supports quality of service (QoS) and access control list (ACL)functionality on IPv6 traffic on an access link aggregation group (LAG).


• IPv6 ACL is only supported on L3 circuits on access LAGs.

• RADIUS Service Engine (RSE) profile is not supported on access LAGs.

2.5.1.23 Continue Logic in Route Maps

This release adds the continue clause to route maps, which gives greatercontrol over route map logic and execution flow. After a route successfullysatisfies all match conditions in a route map entry and set operations havebeen executed, the continue clause passes control to another entry in the sameroute map to continue execution. You use the continue [seq-num] clause inroute map configuration mode.

30 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.1.24 New Match Criteria for IPv6 ACLs

IPv6 ACLs now includes match criteria to classify a packet based on:

• Fragments

• Invalid TCP flags

• Setup

The new match criteria are supported for IPv6 filter and policy ACLs and forIPv4 policy ACLs.

Table 11 describes the new keywords for the permit and deny commands.

Table 11 New IPv6 ACL Match Criteria

fragments Allows packet to be permitted or denied based onwhether the packet is fragmented.

setup Specifies that TCP packets with SYN set and ACK notset in the Flags field are a match.

invalid-tcp-flags Specifies that TCP packets with particular flagcombinations are a match.

The new keywords of invalid-tcp-flags, setup, and fragments arenow also reflected in the following show commands:

• show configuration

• show ipv6 access-list

• show access group

2.5.1.25 BGP MDT PIM SSM-Source Auto-Discovery

Previously, the SmartEdge OS supported PIM-SM default MDT. In this release,the SmartEdge OS also supports default MDT auto-discovery for PIM-SSMthrough BGP SAFI-MDT.

Each multicast-enabled VPN (mVPN) corresponding to a multicast domain hasa default MDT through the backbone connecting all of the PE routers belongingto the MD. The MDT is constructed when the PE routers are brought up. Themechanism for auto-discovery varies with the version of PIM being used:

• With PIM-SM default MDT auto-discovery, a rendezvous point (RP)provides rendezvous and auto-discovery services to the PE routersbelonging to the multicast domain, establishing the PIM adjacenciesbetween the routers. The source and receiver PE routers auto-discoverone another through the RP.

319/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• In a PIM-SSM environment, no RP is required. Instead, the PEs usea mechanism called MDT subaddress family identifier (SAFI-MDT) toauto-discover one another directly. Using PIM-SSM auto-discovery allowsthe PE to directly join to a source tree rooted at another PE for MDT,without an RP. Eliminating the RP reduces management overhead andeliminates a potential point of failure. Also, forwarding delay is reduced.

MDT routes can be exported and imported using the export route-target andimport route-target commands, respectively. For a full description of thisfeature, see Configuring IP Multicast.


The following new configuration command is added to support this feature:

• The address-family ipv4 mdt command in router BGP configuration mode,BGP VPN configuration mode, or BGP neighbor configuration modeenables the MDT address family for a BGP router instance or a BGPneighbor. This command is not supported for eBGP peers.

The following new operational command is added to support this feature:

• The clear bgp ipv4 mdt command in EXEC mode resets addressconnections and forces BGP updates for connections using MDT routes.

• The show bgp route ipv4 mdt command in EXEC mode displays detailedinformation about IPv4 MDT routes.

2.5.1.25.2 Modified Commands

The following configuration commands are modified to support this feature:

• The mdt default-group command is enhanced to support PIM-SSMconfigurations. This command now accepts an address taken from therange reserved for SSM (as specified by the pim ssm command in contextconfiguration mode).

• The mdt encapsulation command can now be used in PIM-SSMconfigurations to set the encapsulation for MDT.

The following operational commands are modified to support this feature:

• The show pim mdt command is enhanced with the new bgp keyword.When used with the bgp keyword, this command displays MDT BGPadvertisements.

• The show bgp neighbor and show bgp peer-group commands now includean ipv4 mdt option for filtering output.

• The show ip mroute command now includes information about PIM-SSMroutes in its display.

32 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

• The debug bgp rib command now includes PIM information in its display.

• In general, PIM information is now included in the output of show bgpcommands.


This feature has the following restrictions and limitations:

• At least one mPVN must be configured for the PIM/BGP router to sendMDT default group and source address information to remote PE routersusing BGP SAFI-MDT.

• MDT address family configuration is not supported for eBGP peers.

• When a peer that is participating in the IPv4 MDT address family isconfigured with update-source command, the next hop for the MDTroutes does not use the update-source interface.

• The SmartEdge OS does not prevent next-hop manipulation using theroute-map out feature.

2.5.1.26 IGMP CAC at S-VLAN Level

In previous releases, the SmartEdge OS supported IGMP CAC at the port level.In this release, support for IGMP CAC is extended to the S-VLAN level for IGMPtraffic replicating Point to Point Protocol over Ethernet (PPPoE) subscribers.When this option is enabled, the system monitors an 802.1Q PVC (includingits child circuits or subscriber circuits) to ensure that the sum of IGMP Joinrequests on the PVC does not exceed the specified limit. If a Join that wouldcause the configured limit to be exceeded is received and a child circuit withlower priority exists on the PVC, the lower priority group is dropped to reclaimthe bandwidth. Otherwise, the request to join the new group is rejected. In thiscase, the system logs the rejection and increments statistics.

S-VLAN CAC can be used together with per-port CAC. When used together,bandwidth limits are applied hierarchically: S-VLAN bandwidth limits areapplied first, followed by port bandwidth limits if the call has not been rejected.

IGMP has been enhanced to generate a number of statistics relevant to IGMPsubscriber activity, in addition to statistics about IGMP Joins, Leaves, and hostreports. You can collect these statistics using the router's bulkstats facility. Todo this, configure a bulkstats schema profile, attach it to a bulkstats policy,apply the bulkstats policy to the configuration context, and enable IGMPbulkstats in the IGMP service profile.

The following commands are added to support this feature:

• The multicast maximum-bandwidth command in dot1q PVC configurationmode specifies the bandwidth limit, either as an absolute value or asa percentage of a QoS maximum rate limit set for the PVC. You can

339/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


specify up to 125% of the QoS maximum. Remove the bandwidth limit byspecifying the no version of this command.

• The bulkstats command in IGMP service profile configuration mode enablesstatistics generation for IGMP.

The following commands are enhanced to support this feature:

• The bulkstats schema profile command in context configuration mode nowincludes the igmp keyword to allow you to collect IGMP-related statisticswithin the context. This schema is attached to a bulkstats policy usingthe bulkstats policy command.

• The show igmp profile command in exec mode now includes generatedIGMP statistics.

• The show igmp traffic command in exec mode now includes informationrelated to QoS queuing and statistics buffers for IGMP traffic.

• The show igmp circuit command in exec mode now includes QoS andbulkstats status.

2.5.1.27 LNS Support for IPv6 Subscribers

In previous releases, the SmartEdge router provided L2TP access concentrator(LAC) support for dual-stack (IPv4, IPv6, or both) subscriber services. Withthis release, the SmartEdge router also provides L2TP network server (LNS)support for dual-stack subscriber services. Dual-stack Point-to-Point Protocol(PPP) sessions can be terminated on a SmartEdge LNS. The L2TP tunnelendpoint is over an IPv4(/MPLS) cloud; however the L2TP tunnel carries PPPframes that encapsulate both IPv4 and IPv6 subscriber traffic. IPv6 packetsare not fragmented on the LNS. The IPV6 packet is encapsulated in the IPv4tunnel, and the IPv4 tunnel packets are fragmented. No new CLI commandssupport this feature.

2.5.1.28 Three-VLAN-Tag Support for VPLS and L2VPN

In previous releases, a system with VPLS and Layer 2 VPNs (also known asVLLs) configured supported incoming packets tagged with, at most, two VLANtags (S-VLAN and C-VLAN). In this release, the system accepts packets withup to three VLAN tags (Q-in-Q-in-Q traffic) into a VPLS, and any number ofVLAN tags on a Layer 2 VPN. In a typical scenario involving this feature,customer equipment sends frames that already have two VLAN tags (S-TAGand C-TAG), and an intermediate Ethernet switch connecting customerequipment to the SmartEdge system prepends a third VLAN tag.

2.5.1.29 LDP over RSVP

With this release, the system supports the Label Distribution Protocol (LDP)over Resource Reservation Protocol (RSVP) for single-hop and multihopRSVP label-switched paths (LSPs). LDP over RSVP enables RSVP LSPs

34 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

to carry LDP control and data traffic when Open Shortest Path First (OSPF)is configured as the Interior Gateway Protocol (IGP). LDP over RSVP is notsupported when Intermediate System-to-Intermediate System (IS-IS) is theIGP. To enable LDP over RSVP, you must configure a tunnel shortcut forthe RSVP LSP, the OSPF routing instance, and the LDP neighbor. If theRSVP LSP is configured with next-hop fast reroute (NFRR) for link and nodeprotection, LDP traffic can also be carried over a bypass RSVP LSP andprotected against link and node failures between label-switched routers (LSRs).In addition, you can configure backup RSVP LSPs.


The following new commands must be configured to enable LDP over RSVP:

• The tunnel-shortcut command in either RSVP router configuration modeor RSVP LSP configuration mode

• The mpls tunnel-shortcut command in OSPF router configuration mode

• The tunnel-shortcut command in LDP router configuration mode for allconfigured targeted neighbors or for a specific neighbor (neighboraddress targeted tunnel-shortcut)

You can enable both IGP shortcuts and LDP over RSVP on the sameRSVP LSP.

2.5.1.29.2 Limitations

LDP over RSVP is not supported when IS-IS is the IGP.

2.5.1.30 Enhanced Carrier Grade NAT

In this release, Carrier Grade NAT (CGN) has been enhanced to support:

• Point-to-Multipoint Transmission Control Protocol (TCP)

• Inbound refresh settings for User Datagram Protocol (UDP)

• Port block configuration for an IP range

• Network Address Translation (NAT) logging profiles

Assignment time is logged when a NAT IP address or port block is assignedto a subscriber or circuit.

Unassignment time is logged in the following cases:

The port block is unassigned by the age due to idle timeout.

The subscriber goes down (circuit unbind).

The pool or policy is deleted.

359/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


The pool action is changed for a class under a policy.

• Excluded port ranges from a pool

• Paired mode

• Internet Control Message Protocol (ICMP) notification when rejectingoutbound flows

For more information about configuring enhanced CGNAT, see ConfiguringNAT Policies.


• nat enhanced password

Enables licensing of new and enhanced CGN CLI commands. Forinformation about enabling NAT licensed features, see Enabling LicensedFeatures.

• exclude well-known

Excludes port range 0 to 1023 from a specific address or an address rangeof a pool.

• exclude port_start to port_end

Excludes the port range from a specific address or an address range ofa pool.

• icmp-notification

Sends ICMP administratively prohibited messages to the sender when NATtranslation cannot be created due to resource or administrative constraints.

• inbound-refresh udp

Enables inbound refresh behavior for inbound UDP traffic.

Note: Inbound refresh mode is the default behavior, for backwardcompatibility. The no inbound-refresh udp command disablesrefreshing.

• nat logging-profile

Creates an NAT logging profile.

The following new options are available in NAT logging profile configurationmode.

dscp

36 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

Configures the Differentiated Services Code Point (DSCP) value ofthe IP packet .

export-version v9

Configures the external collector to use version 9 formatting whenexporting flow records.

maximum ip-packet-size

Configures the maximum size of the IP packet in bytes.

source

Configures the source IP address and port number for the NetFlowpacket for a NAT logging profile.

transport-protocol udp (NAT)

Configures the transport protocol used to export the flow records.

• paired-mode

Controls the number of users connected to the same IP address and limitsthe number of available ports for a subscriber to keep fair usage.

• show nat logging-profile

Displays NAT profiles.


• address start_ip to end_ip port-block start_block to end_block

Previously, you could specify which port-blocks to include for a given rangeof IP addresses in a NAT pool. The keyword port-block now allows youto specify a port-block configuration. A port block is a block of 4096 ports.For example, in port-block 1 through 15, ports 4096 to 65535 are included.

• debug nat

Displays new debug NAT messages.

• ip nat pool name napt paired

Use the new pairedkeyword to ensure that a given subscriber with thepolicy referring to the pool always gets the same external IP address.

• ip nat pool name napt multibind logging

The new keyword logging enables logging at the NAT pool level.

• endpoint-independent filtering tcp

379/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


The new keyword tcp enables point-to-multipoint mode for all TCP trafficin the current class.

• nat policy name enhanced [radius-guided]

Use the keyword enhanced to identify a NAT policy for CGN features.

• show nat policy name detail—Enhanced to display the following:

Inbound refresh

Endpoint independent filtering for TCP

Abandoned timeout settings

• show nat pool name detail—Enhanced to display the following:

Logging profile grids (grid is 0 if there is no profile)

Oversubscription ratio

Port limit

• timeout abandoned seconds

Enhanced to include a new keyword, abandoned, which configures thetimeout value for P2MP TCP sessions that have no active parent session.The default value is 2 hours 4 minutes.

38 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact


Licensing

To configure enhanced carrier grade NAT features on the SmartEdge router,you must have enabled the NAT enhanced license with the nat enhancedpassword nat_password command. For information about enabling NATlicensed features, see Enabling Licensed Features.

Pools and Policies Limitations

With enhanced NAT, the SmartEdge router does not support configurationchanges to pools and policies that are already bound. In some cases, the CLIrestricts you from making these changes. As a result, you must completelyunbound policies and then bind them for the changes to take full effect.

Circuit Limitations

CGN is supported on the following subscriber circuits:

• CLIPS

• DHCP

• MLPPP

• PPPoE

The following are not supported:

• Pseudocircuits, except MLPPP

• Subscriber circuits on LAG and LNS

• Static circuits

Paired Mode Limitations

• Paired mode and logging are only available for subscriber interfaces.

• You cannot mix paired and nonpaired pools in a policy.

• If paired mode is used, adding more IP addresses to the pool anddecreasing the oversubscription rate results in more memory usage andless-efficient use of available port ranges across subscribers.

Logging Limitations

• A single micro block is always assigned to a single subscriber, no matterhow many ports are used. When logging is enabled, the sharing of portsacross multiple subscribers is limited because even if only one port is usedby a subscriber, multiple ports (a whole microblock) are reserved fromthe pool.

399/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• Using multiple profiles downloaded to a card can result in performancedegradation because packet streams are maintained and assembled foreach NAT logging profile.

• Configuring static entries with logging causes less-efficient use of ports.Even if only one static entry is configured, multiple ports (the wholemicroblock) are reserved from the pool.

• You can only configure two logging profiles for each pool.

Exclude Limitations

• Granularity of excluded ports (configured by using the exclude command)is based on the microport block size (the port range assigned to asubscriber in case of logging). For example, when the microport block sizeis 32, excluding port 0 removes all ports from 0 to 31.

• You cannot configure more than 4 excludes per IP or address range whenyou use the exclude command.

Specifying a fifth exclude option displays an error message.

2.5.1.30.4 Change in Behavior for Endpoint-Independent Filtering

Previously, when endpoint-independent filtering was not applied, packets inthe class were filtered only in the inbound direction; all packets sent fromthe local endpoint reached their destinations, but incoming packets weredropped. Now, when no endpoint-independent filtering is configured, UDPand TCP packets in both the outbound and inbound directions are filtered.Previously, endpoint-independent filtering configuration was only available forUDP transport, but with enhanced Network Address Translation (NAT), TCPconfiguration is also allowed.

Note: When endpoint-independent filtering is applied, NAT is not filtering. Forexample, allowing P2MP traffic.

2.5.1.30.5 Change in Behavior for Port Assignment

By default, when an assignment of a port is denied by NAT due to any reason,ICMP messages are now generated to the private endpoint. To revert to theprevious default behavior, enable the no icmp-notification commandat the class level.

2.5.1.31 Enhanced Carrier Grade NAT Support for Hitless Access LAG

In previous releases, the system’s support for Carrier Grade NAT did not extendto subscribers using access link aggregation groups (LAGs). In this release,Carrier Grade NAT support is extended to hitless access LAG subscribersessions.

40 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact


• For hitless access LAG, the “active/active” case is not supported

• This feature is not available on XCRP3-based systems

• NAT does not support fragmented packets

• This feature is only supported for subscriber circuits with NAT enhancedpolicy applied. Configuration of a NAT enhanced policy requires a NATenhanced license.

For information about configuring Carrier Grade NAT and a full description offeature limitations, see Configuring NAT Policies.

2.5.1.32 Enhanced Carrier Grade NAT Support for Economical Access LAG andLNS

In previous releases, the system’s support for Carrier Grade NAT did not extendto subscribers using economical access link aggregation groups (economicalaccess LAGs) or Layer 2 Tunneling Protocol Network Server (LNS). Onlyhitless access LAG subscriber sessions were supported. In this release, CarrierGrade NAT support is extended to economical access LAG subscriber sessionsand L2TP tunneled IPv4 subscriber sessions on LNS.


• This feature is not available on XCRP3-based systems

• NAT does not support fragmented packets

• This feature is only supported for subscriber circuits with NAT enhancedpolicy applied. Configuration of a NAT enhanced policy requires a NATenhanced license.

For information about configuring Carrier Grade NAT and a full description offeature limitations, see Configuring NAT Policies.

2.5.1.33 DHCP Split Lease Enhancement

This release adds support for the Router option (3) and Domain Name Serveroption (6) in DHCP lease renewal responses generated by the SmartEdgerouter. The split lease feature is enhanced to work with DHCP clients thatexpect router addresses and domain name server addresses to be refreshedon every lease renewal. A maximum of two entries can be included for eachoption, to limit the amount of memory used when this option is enabled. ForDHCP clients using a last resort interface, only one entry for the Router optionis included.

419/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.1.34 Dynamic CLIPS on 802.1Q On-Demand PVCs

This release supports dynamic CLIPS on 802.1Q on-demand PVCs. For moreinformation about configuring this feature, see Configuring CLIPS and serviceclips dhcp.


• service clips dhcp

Now supported in link configuration and dot1q pvc configuration mode foron-demand circuits.

• show clips summary

Now includes statistics for dynamic CLIPS over 802.1Q on-demand PVCs.

• show clips counters detail

Now Includes statistics for dynamic CLIPS over 802.1Q on-demand PVCs.


Regular and on-demand PVCs with the same 802.1Q PVC ID are supported.However, regular 802.1Q PVC configuration takes precedence over on-demandPVC configuration. For example:

[local]Ericsson(config-port)#dot1q pvc on-demand 1[local]Ericsson(config-port)#dot1q pvc 1

[local]Ericsson#show configuration port 2/1!port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1dot1q pvc 1 <= Overrides the on-demand configuration

!

The following are not supported:

• CLIPS over ATM on-demand PVCs

• CCOD for both CLIPS SVLAN and CVLAN at the same time.

• NetOp for configuring CLIPS over on-demand 802.1Q PVCs.

• Bind interface configuration for 802.1Q on-demand PVCs

• The range over on-demand 802.1Q PVCs is not displayed in the showconfiguration port command.

• CLIPS support on CCOD is not provided when the aaa contextctx-name and its attributes are enabled on the 802.1Q on-demand PVC.The aaa context ctx-name is used as an alternative mechanism of

42 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

retrieving the encapsulation type, username, context, and other bindingattributes from RADIUS.

The following CLI commands, which are supported on static PVCs, are notsupported on CCOD circuits:

• qos priority

• rate-circuit

• circuit-group-member

• forward policy

• forward output

• service clips-exclude

• service clips-group

439/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


The following table illustrates the change of CLIPS behavior when theconfiguration is changed from the initial configuration to the final configurationwhen both regular and on-demand configuration exists on the same PVC.

Table 12 Behavior of CLIPS when both Regular and On-Demand Configuration Exists onthe Same PVC

Case Result of Initial Configuration Result of Final Configuration Expected Behavior

1 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1

service clips …

port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc on-demand 1

service clips …

dot1q pvc 1service clips …

CLIPS subscriber sessions (if any)on on-demand pvc 1 session are torndown. Recovery over pvc 1, depends onconfiguration and lease times.

Packets are dropped during the transitionfrom on-demand configuration of thesession to static configuration.

2 port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc 1

service clips …


service clips …


No impact on CLIPS subscribers.


service clips …

dot1q pvc 1service clips


service clips …

CLIPS subscribers (if any) on pvc 1session are torn down. Recovery dependson the configuration, lease times, andwhen on-demand pvc 1 is created basedon packet activity.

Packets are dropped during thetransition from static PVC configurationof the session to on-demand circuitconfiguration.


service clips …


port ethernet 2/1no shutdownencapsulation dot1qdot1q pvc 1

service clips …

No impact on CLIPS subscribers.

44 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.1.34.3 QoS Guidelines for dot1q On-Demand Circuits

The QoS policy on the parent CCOD circuit is inherited by the subscriber, oryou apply the QoS policy directly under the subscriber record by using theCLI or RADIUS.

The following guidelines apply to QoS support for 802.1Q on-demand circuits:

• You can configure QoS policing and metering policies at the parent CCODcircuit by using the inherit or hierarchical keyword, which resultsin a QoS policy for the subscriber.

• The inherit keyword results in a subscriber circuit provision with theparent QoS policy if the subscriber circuit does not have a policy.

• The hierarchical keyword results in the CLIPS subscriber circuit beingprovisioned with the parent QoS policing and metering policy, in addition toits own policy if it has any.

• A QoS queuing policy configured on the parent CCOD circuit is inherited bythe CLIPS subscriber circuit if it does not have its own queuing policy.

• A QoS queuing policy configured under the subscriber record results in allthe subscriber traffic using the queues configured in the direct queuingpolicy.

• The qos priority and rate-circuit commands, which are supportedon static PVCs, are not supported on CCOD circuits.

Note: When a new QoS policy binding configuration under the on-demand802.1Q PVC or range is applied, the configuration is applied only tonew CCOD circuits and subscribers. . Existing CCOD circuits andsubscribers are not impacted.

When you remove the QoS configuration from the 802.1Q on-demandPVC configuration, existing CCOD circuits and CLIPS subscribercircuits are not impacted. New CCOD circuits or CLIPS subscribercircuits use the existing QoS bindings on the parent CCOD circuit.

The following access control list (ACL) features are supported:

• IPv4 ACL IP filtering - Applied to subscribers

• IPv4 ACL policy filtering - Used by QoS

• IPv4 ACL policy Filtering - Used by forwarding policy on subscribers

• IPv4 ACL policy filtering - Used by NAT policy on subscribers

2.5.1.35 Service Activation and Deactivation in a Single CoA Request

The RADIUS Service Engine (RSE) provides a framework for applying servicesto a subscriber during session setup as well as during CoA. This feature

459/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


supports deactivation and activation of multiple services through a CoA request,and also allows deactivation and activation of the same service in a CoA. Onlyone metering and one policing policy can be applied to a subscriber regardlessof the number of services enabled. Activation of two services that have differentmetering or policing policies is not allowed. Reauthorization is allowed onlyfor limited service parameters or attributes. Service reauthorization is notallowed for RADIUS-based Policy, version 3 (Rabapol-III) services, althoughthese services can be activated or deactivated. Same service deactivationand activation for HTTP redirect service is not supported. However, HTTPredirect service can be one of the different services in a CoA containingdifferent services for deactivation or activation. RSE is not supported for LAGsubscribers. RSE does not maintain the history of the sequence of changesto a parameter. When multiple services are applied to a subscriber, if thesedifferent services change a common parameter, the changes completed bythe last service applied take effect.

2.5.1.36 RSE Service Activation During Change of Authorization in Case of StackMismatch

This feature allows configuration of global change-of-authorization (CoA)options, using the new aaa global coa ignore rse-attr-stack-mismatchcommand. When configured, this command permits service activation duringCoA in case of stack mismatch. It ignores any service that is not relevant andany stack information or part that is not present in the session. It also sendsthe regular Service-Start, Iinterim, and Stop-Accounting messages, even if theservice cannot be activated.

2.5.1.37 IPCP Subnet Mask Negotiation Option

This feature reserves IP addresses or subnet ranges and installs subnet routesfor subscribers using RADIUS. To enable IPCP netmask negotiation, use thenew ppp ipcp negotiate netmask command in context configuration mode toapply the absolute-timeout value.

2.5.1.38 New Command for Setting the Duration of Subscriber Sessions

The new no subscriber dhcp-server-lease absolute-timeout command (incontext configuration mode) applies the absolute-timeout (session-timeout)value as the duration of the subscriber session. With the no subscriberdhcp-server-lease absolute-timeout command configured, theabsolute-timeout value is used as the session timeout to terminate the sessionafter expiration of the timer. This feature applies to the internal DHCP server.

2.5.1.39 IPv4 Address Conservation in Dual-Stack Subscriber Environments

In this release you can conserve IPv4 addresses in PPP dual-stack subscriberenvironments that use RADIUS authentication. A subscriber can release anIPv4 address to RADIUS if it is not being used. Then, at a later time, if anIPv4 address is needed, the subscriber can request one from RADIUS. Byissuing IPv4 addresses from a provider’s public shared IPv4 address pool only

46 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

when subscribers need them, IPv4 addresses in dual-stack environments areexhausted more slowly. As a result, the provider’s public shared IPv4 addresspool size can be decreased; alternatively, the provider can multiplex a greaternumber of subscribers on a public shared IPv4 address pool.

The following command is added to support this feature:

• The aaa session rate-limit command in context configuration mode hasbeen added. It provides the ability to limit the number of Access Requestpackets sent to RADIUS and causing denial of service due to receiving toomany Access Accepts or Access Rejects from RADIUS.

The following commands are enhanced to support this feature:

• The radius attribute vendor-specific command in context configurationmode has been enhanced with the ipv4-address-release-controlkeyword to allow you to enable IPv4 address save mode. Whenthis keyword is specified, a new vendor-specific attribute (VSA 213 -IPV4-Address-Release-Control) is used to enable this feature.

• The aaa password command in context configuration mode has beenenhanced with the ipv4-address-release-control keyword to allowyou to specify the password used in IPv4 address save mode for addressre-requests

2.5.1.40 Event Accounting for PD Prefix Events for Dual- and Single-Stack IPv6Subscribers

This release supports inclusion of Prefix Delegation (PD) prefix transitionevents in event accounting messages sent for single- and dual-stack subscribersessions in cases where dynamic assignment or release of IPv6 host addressesoccurs through DHCPv6.


The following commands have been enhanced to include the new keyworddhcpv6, which enables event accounting for PD prefix events:

• aaa accounting event

• aaa global accounting event

2.5.1.40.2 New Reason Codes

Vendor-Specific Attribute (VSA) 144 (Acct_Reason) describes the reason forsending subscriber accounting packets to the RADIUS server. This VSA hasbeen enhanced to include two new reason codes, one each for the assignmentand release of a delegated PD prefix.

479/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.1.41 Event Accounting for IPv4/v6 Stack Transition Events

RADIUS accounting messages can now be generated whenever a single-stacksubscriber session becomes dual-stack or when a dual-stack subscribersession becomes single-stack. The aaa global accounting event command andthe aaa accounting event command have been updated with the dual-stackkeyword, which enables the new event accounting. Four new reason codes forthe Vendor-Specific Attribute (VSA) 144 Acct_Reason have been added:

• The AAA-LOAD-ACCT-V4-UP reason code has been added for IPv4 stackup events.

• The AAA-LOAD-ACCT-V4-DOWN reason code has been added for IPv4stack down events.

• The AAA-LOAD-ACCT-V6-UP reason code has been added for IPv6 stackup events.

• The AAA-LOAD-ACCT-V6-DOWN reason code has been added for IPv6stack down events.

2.5.1.42 Authentication Suppression after Session Limit Is Reached

The session limit maximum value can be checked during the preauthenticationphase, when the aaa global suppress-authentication slid-session-limitcommand is configured. This prevents an authentication request from beingsent to the RADIUS server once the maximum number of sessions is reached.Use the aaa accounting suppress-acct-on-fail except for slid-session-limitcommand to allow accounting messages to be sent when this event occurs,even when accounting messages are suppressed for other session failureevents. Use the show subscribers active command to display information aboutthe session limits for the active circuit ID or active remote ID (ACI/ARI).

2.5.1.43 Increase in the Number of Maximum Sessions

The maximum number of concurrent sessions allowed on a circuit or port isincreased from 8,000 to 32,000. Scaling issues are not addressed, and theactual number of sessions that can be established is not guaranteed.

2.5.1.44 PPPoE CCOD Startup Timer

The startup-timer command (in dot1q PVC configuration mode) specifies theinterval the 802.1Q process allows for the completing initial circuit bring-up. Forexample, if the startup-timer is set to 25 seconds and PPPoE subscribers arebrought up, PPPoE negotiation must complete within 25 seconds from the timethe system receives the PADI packet and creates the CCOD circuit; otherwise,the CCOD circuit is torn down.

Once configured, this value can be changed but cannot be deleted. However,the default value of 90 seconds is equivalent to not configuring a startup timer.

48 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.1.45 PPA Feature Support

Note: For information about which traffic cards support each PPA version,see the device hardware guides.

Table 13 describes PPA support for features described in this section.

Table 13 PPA Feature Support

Feature PPA2 PPA3 Notes

Channelized OC-3/STM-1or OC-12/STM-4 Line CardConfiguration

Yes No

MLPPP Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card

Yes No

PWFQ Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card

Yes No

APS Support onChannelized OC-3/STM-1 orOC-12/STM-4 Line Card

Yes No

Control Packet Rate LimitingSupport for 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards

Yes No

CESoPSN Pseudowires Yes No PPA2 Channelized SONET cards and XCRP4cards only

SAToP Pseudowires Yes No PPA2 Channelized SONET cards andXCRP4/SMRP2 cards only

Multicast Support on PortPseudowire Circuits

Yes Yes

Increased Port PseudowireCapacity

Yes Yes

DVSR, OSPF, and IS-ISSupport on Port PseudowireCircuits

Yes Yes

Control Word, VCCV, andQoS Propagation Enabledfor Port PW

Yes Yes

Enhancements to the"local-as" BGP Command

Yes Yes

Inter-Context Routing iniBGP

Yes Yes

499/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




Site of Origin Available inBGP External CommunityAttribute

Yes Yes

IPv6 Single-HopBidirectional Forwardingfor Static Routes and eBGP

Yes Yes

Single-Session BidirectionalForwarding over LAG

Yes Yes

Fast Convergence ofOSPFv3 Using SPF Timers

Yes Yes

Non-Stop OSPF Routing Yes Yes

Change in Processingfor "redistribute" (IS-IS)Command

Yes Yes

Multihop RouteAdvertisement For Inter-ASL3VPNs

Yes Yes

Policy Based Routing forIPv6 redirect

Yes Yes

IPv6 LAG - QoS and ACLSupport

Yes Yes

Continue Logic in RouteMaps

Yes Yes

New Match Criteria for IPv6ACLs

Yes Yes

BGP MDT PIM SSM-SourceAuto-Discovery

Yes Yes

IGMP CAC at S-VLAN Level Yes Yes

LNS Support for IPv6Subscribers

Yes Yes

Three-VLAN-Tag Supportfor VPLS and L2VPN

Yes Yes

LDP over RSVP Yes Yes

Enhanced Carrier GradeNAT

Yes Yes PPA2 ATM cards; PPA2 and PPA3 Ethernetcards

Enhanced Carrier GradeNAT Support for HitlessAccess LAG

Yes Yes Supported on PPA2 ATM and Ethernet cards,PPA3 Ethernet cards, and the SmartEdge100.

50 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact



Enhanced Carrier GradeNAT Support for EconomicalAccess LAG and LNS

Yes Yes Supported on PPA2 ATM and Ethernet cards,PPA3 Ethernet cards, and the SmartEdge100.

DHCP Split LeaseEnhancement

Yes Yes

Dynamic CLIPS on 802.1QOn-Demand PVCs

Yes Yes PPA2 and PPA3 Ethernet cards

Service Activation andDeactivation in a Single CoARequest

Yes Yes

RSE Service ActivationDuring Change ofAuthorization in Case ofStack Mismatch

Yes Yes

IPCP Subnet MaskNegotiation Option

Yes Yes

New Command for Settingthe Duration of SubscriberSessions

Yes Yes

IPv4 Address Conservationin Dual-Stack SubscriberEnvironments

Yes Yes

Event Accounting forPrefix Delegation (PD)Prefix Events for Dual-and Single-Stack IPv6Subscribers

Yes Yes

Event Accounting for IPv4/v6Stack Transition Events

Yes Yes

Authentication Suppressionafter Session Limit isReached

Yes Yes

Increase in the Number ofMaximum Sessions

Yes Yes

PPPoE CCOD Startup Timer Yes Yes

519/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.2 Border Gateway Function Operation

This section describes impacts to the SmartEdge Border Gateway Function(BGF). It includes information about new features and describes changes toattributes, alarms, events and notifications, triggers, and counters.

To use the new features in this release, you need to be familiar with MessageSession Relay Protocol (MSRP), Secure Real Time Protocol (Secure RTP),and the srtp package in the H.248 control protocol.

2.5.2.1 Secure RTP: E2E and E2AE

Secure RTP is used to encrypt media streams originating from a voice over IP(VoIP) or multimedia endpoint. Both end to end (E2E) and end to access edge(E2AE) scenarios are supported. This feature is optional and is licensed.

Note: This feature has not yet completed full quality assurance; support forthis feature is experimental.

2.5.2.1.1 Impact

This feature has no or minimal impact on the network; it is activated on aper-stream basis by the SGC.

2.5.2.1.2 Capacity and Performance

There is no or minimal impact on overall performance when this feature isactivated.

2.5.2.1.3 Other Network Elements

The SGC must activate this feature on per-call basis.

2.5.2.2 MSRP Back-to-Back User Agent

The SmartEdge BGF can act as an MSRP back-to-back user agent (B2BUA).As a B2BUA, the SmartEdge BGF can allow MSRP endpoints behind NATdevices and firewalls to communicate with one another, by anchoring the TCPsession and modifying MSRP From-path and To-Path headers.


2.5.2.2.1 Impact

This feature has no or minimal impact on the network; it is activated on aper-stream basis by the SGC.

52 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact




This feature is dependent on the SGC.

2.5.2.3 ICMP Error Handling

The SmartEdge BGF now supports ICMP error generation and propagation forIPv4 and IPv6 BGF media plane traffic.


2.5.2.3.1 Impact

This feature has no impact on the network.


There is no or minimal impact on overall performance.


This feature has no dependency on other network elements.

2.5.2.4 Secure MSRP

Message Session Relay Protocol (MSRP) is a media plane protocol used tosend chat messages and transfer files (photos and video clips) in an establishedmultimedia session. Access networks are generally considered insecure. Tosecure MSRP messages on the access side, Secure MSRP protocol is used.sMSRP uses TLS to secure the connection and requires PKI support to createand manage the self-signed certificates. Only end to access edge (E2AE)scenarios are supported. SIP over TLS is used as the signaling protocol tosetup secure MSRP sessions. sMSRP can also be established as an additionalstream in a voice or video call. This feature is optional and is licensed.


2.5.2.4.1 Impact

This feature has no impact on the network.

539/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09





This feature is dependent on the SGC.

2.5.2.5 Provisioning

2.5.2.5.1 Changed Attributes

None.

2.5.2.5.2 Deleted Attributes

None.

2.5.2.5.3 New Attributes

Table 14 shows the new provisioning attributes.

Table 14 New Provisioning Attributes

Attribute Name Description

(srtp/set) Supported Encryption Transforms

(srtp/sat) Supported Authentication Transforms

(srtp/km) Key Management Scheme

(srtp/kleb) Key Lifetime Expiry Behavior

2.5.2.6 Configuration

2.5.2.6.1 Changed Attributes

Realm name and site ID validation are modified to conform to the exact syntaxin RFC 1035. In previous releases, the SmartEdge BGF did not adherestrictly to the specification, allowing the first character of the name or ID to bealphanumeric; the specification requires an alphanumeric first character.

2.5.2.6.2 Deleted Attributes

None.

2.5.2.6.3 Deprecated Attributes

None.

54 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.2.6.4 Obsolete Attributes

None.

2.5.2.6.5 New Attributes

Table 15 shows the new configuration attributes.

Table 15 New Configuration Attributes

Attribute Name Description

asp pool service-name

service media-gatewayA new service type to the ASP pool forall media-gateway media plane servicesthat use ASE2 cards. To use SRTPand MSRP B2BUA features, you mustconfigure this new attribute.

[no] msrp validate{session-id | path-uri}

Supports MSRP B2BUA. This command,available in media-gateway configurationmode, sets MSRP session validationto use either the PATH URI or MSRPsession ID.

[no] maximum [msrp-header-len value ]

Supports MSRP B2BUA. This command,available in media-gateway configurationmode, sets the maximum length of allMSRP headers. Set this option to preventany buffer overflow attacks targeted atMSRP endpoints.

[no] maximum streams-per-call value

Increases the maximum numberof streams allowed per call. Thiscommand is available in media-gatewayconfiguration mode.

2.5.2.7 Fault Management

2.5.2.7.1 Changed Alarms

None.

2.5.2.7.2 Deleted Alarms

None.

2.5.2.7.3 New Alarms

None.

559/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.2.8 Events and Notifications

2.5.2.8.1 Changed Events and Notifications

None.

2.5.2.8.2 Deleted Events and Notifications

None.

2.5.2.8.3 New Events and Notifications

None.

2.5.2.9 Triggers

2.5.2.9.1 Changed Triggers

None.

2.5.2.9.2 Deleted Triggers

None.

2.5.2.9.3 New Triggers

None.

2.5.2.10 Counters

2.5.2.10.1 Changed Counters

None.

2.5.2.10.2 Deleted Counters

None.

2.5.2.10.3 Deprecated Counters

None.

2.5.2.10.4 Obsolete Counters

None.

56 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.2.10.5 New Counters

Table 16 shows the new counters.

Table 16 New Counters

Counter Name Description

Active MSRPsessions

The MSRP sessions currently active in the system.The same counter is displayed at the system level,per-process instance level, and at the realm level.

Received MSRPdata chunks

The total number of MSRP data chunks received bythe system. The same counter is displayed at thesystem level, per-process instance level, and at therealm level. Received statistics do not include datafrom active MSRP sessions.

Discarded MSRPdata chunks

The total number of MSRP data chunks that havebeen discarded by the system. The same counter isdisplayed at the system level, per-process instancelevel, and at the realm level. Discarded statistics donot include data from active MSRP sessions.

SRTP e2ae The total number of SRTP end to access edgesessions active in the system. The same counter isdisplayed at the system level, per-process instancelevel, and at the realm level.

SRTP e2e The total number of SRTP end to end sessions activein the system. The same counter is displayed at thesystem level, per-process instance level, and at therealm level.

2.5.2.11 Enhanced Media Inactivity Detection

Media inactivity detection feature is enhanced in this release to report theinactivity timestamp as part of stream statistics. This ensures that the SGC isnotified of the media inactivity and the time at which it occurred, which improvesbilling accuracy.

As part of this feature enhancement, the show media-gateway media-flowdetail command now includes a "Media Stop Time" field that provides atimestamp at which the most recent media stop event occurred on the stream.

2.5.2.12 Zero UDP Checksum Packet Support for IPv4-to-IPv6 Conversion

In this release, IPv4-to-IPv6 conversion supports Zero UDP checksum packets.

579/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.2.13 Bulkstats Support for Statistics Counters

Statistics counters are now supported through bulkstats. To support thisfeature, the following configuration commands have been added in globalconfiguration mode.

bulkstats schema profile profile-type profile-name formatquoted-format-string [attribute1] [attribute2] [...]

bulkstats schema profile media-gateway {global | mgc-group}profile-name

The following configuration commands have been added in contextconfiguration mode.

bulkstats policy policy-name

The following configuration commands have been added in media gatewayconfiguration mode.

bulkstats schema profile-name policy policy-name [context-name]

2.5.2.14 IPv6 Infrastructure Enhancements for SmartEdge BGF

The SmartEdge BGF supports the IPv6 infrastructure enhancements describedin this document.

Note: No new or modified commands are associated with theseenhancements.

2.5.2.14.1 Trunk LAG for IPv6

LAG (Link Aggregation Group) provides media plane redundancy in aSmartEdge BGF when a PPA card or a port goes down. You can configure twoor more physical ports in a LAG. When one or more ports that are part of a LAGgo down, other ports in that LAG act as the backup and share the load so thatmedia packet forwarding is maintained without interruption.

The SmartEdge BGF supports single-session Bidirectional ForwardingDetection (BFD) on trunk LAGs for IPv4 and IPv6 traffic.

2.5.2.14.2 Next Hop Redundancy Using BFD with VRRP

BFD detects failures on the next hop router in a media path. When a failureis detected, media traffic is forwarded on an alternative route (if an alternativeroute is configured and available).

VRRP uses a master-slave configuration to provide IP redundancy on thephysical interfaces that are connected to the next-hop router. When a physicallink fails because the local media or data card fails, the slave (standby)

58 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

interface takes the role of the master (active) interface so that media packetsare received and forwarded without interruption.

2.5.2.14.3 IPv6 Extension Headers

The SmartEdge BGF can process the following extension headers for IPv6packets destined for the SmartEdge router:

• Hop-by-Hop Options

Note: Because this header is the only extension header examined byall intermediate devices in a path, this header can impact routerperformance.

• Routing (Type 0)

• Destination Options

Note: The SmartEdge does not process extension headers for IPv6 packetsdestined for other nodes in configurations where the SmartEdge isa transit router.

Note: With the exception of the Destination Options header, each extensionheader can appear only once in an IPv6 datagram and in a fixed order.The Destination Options header may appear twice:

• Destination options that must be processed by all devices on thepath to the destination appear near the beginning of the datagram.

• Destination options processed only by the final destination deviceappear at the end of the extension headers.

The SmartEdge BGF examines each incoming IPv6 packet and determineswhether to forward, process, or drop the packet. During this process, therouter ignores the extension headers while determining where to forward thepacket. If an incoming IPv6 packet contains extension headers, that packet isprocessed only if the extension headers are valid. IPv6 packets that have anyunsupported extension headers are dropped. For example, a packet is droppedif it has an Authentication header.

IPv6 packet headers are examined in the following order:

1 Hop-by-Hop Options

2 Destination Options

3 Routing (Type 0)

4 Fragmentation

5 Authentication Header

6 Encapsulating Security Payload

599/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


7 Destination Options (for options processed only by the final destination)

Fragmentation and reassembly is supported for BGF IPv6 traffic. IPV6 packetreassembly is performed before other IPV6 extension header processingoccurs.

Note: Because BGF processes only fully reassembled packets, reassembledpackets do not contain the Fragment header extension.

The following rules apply to IPv6 extension headers:

• Incoming IPv6 packets are dropped if any of the following occur:

The total length of all the extension headers exceeds 46 bytes(the maximum size supported by the PPA). When this occurs, theunhandeled IP options counter increments.

The segments left field in the Routing header is nonzero. Whenthis occurs, an ICMP parameter problem message is sent.

The supported extension headers do not conform to the rules specifiedin RFC 2460, Internet Protocol, Version 6 (IPv6) Specification. AnICMP error message is generated and the segments left field is setto nonzero.

The packet includes an unsupported extension header. When thisoccurs, the extension header is sent to the media local interface, therealm counter increments with an Invalid IPv6 Extension Header error,and an ICMP error message is not sent.

• If an incoming IPv6 packet contains allowed extension headers, thoseheaders are removed and do not appear in the translated packet.

• You can apply ACLs to a circuit to filter packets that have extensionheaders before Forwarding Information Base (FIB) lookup occurs.

See Reference [31] for more details on IPv6 extension headers.

2.5.2.14.4 IPv4 and IPv6 Packet Translation on BGF

In this release, packet translation is modified as follows:

• IPv6-to-IPv4 packet translation

The SmartEdge BGF uses the following equation to translate the incomingpacket payload length:

translated packet payload length = 20 + Payload Length - Total Length of Extension Headers


The SmartEdge BGF uses the following equation to translate the incomingpacket payload length:

60 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

translated packet payload length = Payload Length - Total Length of Extension Headers


If the incoming IPv4 packet has any options, those options do not appearin the translated packet; therefore, the incoming packet Header Length isalways 5 (indicating no options). The SmartEdge BGF uses the followingalgorithm to translate the IP Header Length and Total Length fields of theincoming packet :

Translated packet Total Length = Total Length + 20 - (Header Length x 4)

Translated packet Header Length = 20


If the SmartEdge BGF receives an IPv4 UDP packet with a zero UDPchecksum, and that packet must be translated to IPv6, the routerrecalculates the checksum, translates the packet to IPv6, and forwards thepacket. (In previous releases, such packets were dropped.)






Secure RTP: E2E and E2AE Yes Yes Additional ASE2 cards are required.

MSRP Back-to-Back UserAgent

Yes Yes Additional ASE2 cards are required.

ICMP Error Handling Yes Yes

Enhanced Media InactivityDetection

Yes Yes

Zero UDP Checksum PacketSupport for IPv4-to-IPv6Conversion

Yes Yes

Bulkstats Support forStatistics Counters

Yes Yes

Secure MSRP: E2AE Yes Yes Additional ASE2 cards are required.

IPv6 InfrastructureEnhancements forSmartEdge BGF

Yes Yes

Enhanced Match Criteria forIPv6 ACLs

Yes Yes

619/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.3 DPI Operation

This section describes impacts to the Deep Packet Inspection (DPI) Application.

2.5.3.1 Enhanced Subscriber-Based Balancing

Subscribers can now be allocated dynamically to Deep Packet Inspection (DPI)instances with the lightest load. Previously, only round-robin distribution wassupported, and subscribers were automatically assigned to the instance withthe lowest subscriber count, regardless of load. The new adaptive distributionof subscribers optimizes performance and helps avoid overloading a single DPIinstance. When no traffic flow is detected for the subscriber, the subscriber isconsidered idle and deallocated from the DPI instance.

Use the following new command to enable adaptive subscriber allocation:

(config)#dpi traffic-management subscriber load-balancingintra-asp adaptive

You can display load metrics and subscriber counts for a single DPI instance,or all DPI instances across the ASP using the following commands:

• show dpi card slot/asp-id traffic-management statisticspacket

• show dpi card slot/asp-id traffic-management statisticssubscriber instance

For more information, see the Configuring Subscriber Allocation section inApplication Traffic Management Configuration and Operation.

2.5.3.2 DPI Support for ASE2 Card

Porting DPI to a ASE2 card provides the following advantages:

• Faster network processor for better performance

• For security applications, memory is divided between control plane anddata plane applications. DPI requires more memory for the data plane.

2.5.3.3 URL Detection Support for ASE Card

This feature provides URL detection support for both HTTP and HTTPS traffic.A new DPI filter is defined to configure protocol-specific match conditions usingattributes. The filter can be a combination of URLs and HTTP header fields.

The following are the supported capabilities for DPI URL detection:

• HTTP pipelining

• HTTP header reassembly

62 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

• URL port normalization

• Escape character conversion

To create an HTTP attribute condition statement for an access control list(ACL), use the following command:

seq sequence-number header label operator-tag condition value

[case-sensitive]

To create a URL condition statement for an ACL, use the following command:

[seq sequence-number] header urlcondition url-value

[case-sensitive]

To display information about one or all HTTP filters configured on the ASE cardin the specified slot and port, use the following command:

show dpi card slot/asp-id filter http filter-name

The following new commands are added under global configuration mode:

• dpi filter http filter-name

Creates an HTTP filter that can be included in an ACL sequence.

• dpi traffic-management protocol http escape-conversion

Performs conversion of escaped characters.

• dpi traffic-management protocol http header header-name

label operator-tag text | numeric

Defines extended headers.

• dpi traffic-management protocol http pipelining

Detects URLs of multiple HTTP requests sent by the same TCP packet ordifferent TCP packets.

For more information, refer to Application Traffic Management Configurationand Operation, Reference [1].




639/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




Enhanced Subscriber-BasedBalancing

Yes Yes

DPI Support for ASE2 Card Yes Yes

URL Detection Support forASE Card

Yes Yes

2.5.4 Platform Operation

This section describes impacts to Layer 2/Layer 3 and Infrastructurefunctionality.

2.5.4.1 IPv6 Support for PPA2- and PPA3-Based ATM Line Cards and MIC

IPv6 functionality is now enabled on PPA2 and PPA3-based ATM line cardsand MIC.

2.5.4.2 IPsec Tunnel State Change and RSA Certificate Alarms

Alarm functionality is extended to IPsec. This functionality tracks or logs alarmsgenerated by the IPsec application. An alarm Management Information Base(MIB) is used to define alarm models for particular types of events generatedby the application. Generation of the alarms is configured using the CLI. Useconfiguration commands to enable or disable the generation of each alarm.

New alarms are generated for IPsec tunnel failures and RSA certificateincidents. IPsec tunnel failures include loss of a route to a peer, an ASP, or aline card. Alarms are generated for both static and dynamic tunnels.

Use the following command to enable alarms for tunnels:

(config-tunnel)#[no] alarms

RSA certificate alarms are generated when an RSA certificate is missing orinvalid. An RSA certification warning alarm can also alert you when a certificateis due to expire.

[local]Redback(config)#[no] pki alarms certificateself|trusted missing

You can configure the interval between the alarm generation and the certificateexpiration dates.

[local]Redback(config)#pki alarms certificate self|trustedexpiry interval

64 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

For more information, see the Alarms section in Advanced Services FaultManagement Guide.

2.5.4.3 Route Distribution for IPsec Routes

Dynamic IPsec routing entries can now be redistributed into other routingprotocols. This feature is supported under the IPv4 unicast address family.

Configuration modes of the following routing protocols are enhanced for thisfeature:

• IS-IS

• Routing Information Protocol (RIP)

• Open Shortest Path First (OSPF)

• Border Gateway Protocol (BGP)

The following commands have been enhanced to include the new keyword,ipsec, to export IPsec routes into other routing protocols:

• redistribute { [ connected | ipsec | isis instance [level-1| level-2] | nat | ospf instance [internal | [external][nssa-external] | rip instance | static [dvsr] | subscriber[address | static]} [route-map map-name]

• redistribute {bgp asn | connected | ipsec | isis instance-name

| nat | ospf instance-id [match {external-type-1 | external-type-2 | inter-area | intra-area | nssa-external-type-1|nssa-external-type-2}] | rip instance-name | static [dvsr] |subscriber [address | static]} [level-1 | level-2] [metricmetric] [metric-type {internal | external}] [route-map map-name]

• redistribute {bgp asn | connected | ipsec | isis instance

[level-1 | level-2] | nat | ospf instance [external [type-1 |type-2]] [inter-area] [intra-area] [nssa [type-1 | type-2]] | ripinstance | static [dvsr] | subscriber [address | static]} [metricmetric] [metric-type type] [route-map map-name] [tag tag]

• redistribute {bgp asn | connected | ipsec |isis instance

[level-1 | level-2 | level-1-2 ] |nat | ospf instance [match{external-type-1 | external-type-2 | inter-area | intra-area |nssa-external-type-1| nssa-external-type-2}] | rip instance |static [dvsr] | subscriber [address | static]} [metric metric][route-map map-name]

For more information on commands, refer to Commands: r, Reference [5].

659/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


2.5.4.4 AAA Downloads for IPv6 Routes

The AAA Route Download feature allows configuration and advertising ofaccess framed routes before they are assigned to subscribers, which helpseliminate delays that can be caused by protocol convergence during a largenumber of simultaneous activations. This AAA Route Download feature hasbeen enhanced to support framed IPv6 routes. The number of routes that canbe downloaded from the route download server is as follows: • XC4—50KIPv6 + 100K IPv4 routes, or 100K IPv6-only routes over a 4-minute period •SE100—8K IPv6 + 12K IPv4 routes, or 16K IPv6-only routes over a 4-minuteperiod

2.5.4.5 Bulkstats Support for IPsec

Bulkstats functionality is now extended to IPsec. Bulkstats writes IPsecstatistics to a file at regular intervals, and the file is uploaded to a syslog(FTP/SFTP/SCP) server based on the configured transfer interval. Protocolsused include: File Transfer Protocol (FTP), Secure File Transfer Protocol(SFTP) and Secure Copy Protocol (SCP).

New bulkstats schema profiles are added for global-level, tunnel-level, andASP-level statistics. To implement this feature, the following bulkstats schemaprofiles are added in the bulkstats schema profile command:

• ipsec

IPsec schema profile.

• ipsec tunnel

IPsec statistics at the tunnel-level.

• ipsec global

IPsec statistics at the global-level.

• ipsec asp

IPsec statistics at the ASP-level.

For more information, refer to Commands: am through b, Reference [4].

To enable bulkstats for IPsec, the bulkstats ipsec schema command isadded at the tunnel, global, and ASP command modes. For more information,refer to IPsec VPN Command Reference, Reference [20] and Security ServiceCommand Reference, Reference [21].

Output of the show tunnel ipsec name tunnel-name statisticsike command is modified to display bulkstats parameters.

66 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

2.5.4.6 IPsec Support for ASE2 Card

Porting IPsec to a ASE2 card provides the following advantages:

• Faster network processor for better performance

• For security applications, memory is divided between control plane anddata plane applications. IPsec needs more memory for control plane (forIKE scaling).

2.5.4.7 APS Support for POS Line Cards

This feature adds automatic protection switching (APS) support for the followingPacket over SONET/SDH (POS) line cards:

• 8-port POS OC3c/STM-1c



Note: MLPPP is not supported for the OC3c/STM-1c, OC12c/STM-4c, OROC48c/STM16c cards. MLPPP applies only to the Channelized8/4-port OC-3/STM-1 or 2/1-OC-12/STM-4 line cards.

2.5.4.8 Phase 1 Implementation of ITU-T Y.1731

In this release, a subset of ITU-T Recommendation Y.1731, "OAM functionsand mechanisms for Ethernet based networks" is implemented in theSmartEdge OS. Y.1731 defines the ability to measure service performanceparameters such as frame loss ratio, frame delay, and frame delay variation inpoint-to-point Ethernet connections.

Previously, the system supported only IEEE 802.1ag, which shares a commonset of functions with Y.1731. For complete information about the implementationof Y.1731, see Configuring Ethernet CFM.

The following restrictions and limitations apply to this feature:

• The hardware restrictions of the 802.1ag implementation in SmartEdge OSalso apply to the Y.1731 implementation.

• The scaling and performance limitations of the 802.1ag implementation inSmartEdge OS also apply to the Y.1731 implementation.

• Circuits not supported under CFM are not supported for Y.1731.

• 100 microsecond accuracy is supported for two-way Ethernet delaymeasurements (ETH-DM).

• Only a single maintenance association endpoint (MEP) per incoming oroutgoing circuit is supported at a MEG level. (A MEG is the same as anMA in 802.1ag.)

679/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• In Phase I, Y.1731 is not supported on transport-enabled circuits and somelink-groups.

Table 19 shows the Y.1731 features that are supported in Phase I.

Table 19 Supported Y.1731 Features

L2 Service XCL2VPN VLL

(Access Circuit)VPLS (Access

Circuit) Bridge (Bind Int) Bind Int (L3)

Port (*eth) X X X X X

VLAN X X X X X

QinQ X X X X X

Raw encap VLAN X X X X X

Access LAGEconomical (Port)max links = 1 X X X X X

Access LAGEconomical (.1Q)max links = 1 X X X X X

Access LAGEconomical (QinQ)max links = 1 X X X X X

The following CLI commands are new or enhanced:

• ethernet-cfm measure-delay

This new command initiates monitoring of Ethernet frame delay andframe delay variation. The frame delay measurements are derived fromSmartEdge OS software timestamps.

• show ethernet-cfm database

This enhanced command has no new CLI keywords or arguments. Thecommand output has been extended to show ETH-DM counters under theMEP detailed output.

• show ethernet-cfm circuit

This enhanced command has no new CLI keywords or arguments. Thecommand output has been extended to show MEP counter values forY.1731 frames.

2.5.4.9 Phase 2 Implementation of ITU-T Y.1731

In this release, a further subset of ITU-T Recommendation Y.1731, "OAMfunctions and mechanisms for Ethernet based networks" is implemented in theSmartEdge OS. 802.1p priority can now be set for CCM messages. The priorityset for these messages is used in the ETH-LB and ETH-LT frames of 802.1ag.Additionally, the maintenance association ID (MAID) can now be entered eitherin 802.1ag style or in ICC based Y.1731 style.

68 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

For complete information about the implementation of Y.1731, see ConfiguringEthernet CFM.

The following restrictions and limitations apply to this feature:

• The hardware restrictions of the 802.1ag implementation in SmartEdge OSalso apply to the Y.1731 implementation.

• The scaling and performance limitations of the 802.1ag implementation inSmartEdge OS also apply to the Y.1731 implementation.

• Circuits not supported under CFM are not supported for Y.1731.

• Only a single maintenance association endpoint (MEP) per incoming oroutgoing circuit is supported at a MEG level. (A MEG is the same as anMA in 802.1ag.)

• Y.1731 measurement cannot be initiated from or sent to a maintenancedomain intermediate point (MIP).

The following CLI commands are new or enhanced:

priority (maintenance association)

This new command sets the 802.1p priority level for CFM message CCM,ETH-LB, and ETH-LT frames. CCMs, ETH-LB, and ETH-LT frames are priorityagnostic; no errors are flagged on priority mismatch. Upon a mismatch betweenthe frames received and the priority configured, the priority of the incomingLB/LT/LM frames is used. The configured 802.1p priority is used for the OAMtraffic initiated from the MEP. The incoming priority of the LB/LT/LM frames isused to respond back to those OAM frames.

maintenance-association

This enhanced command has the new CLI keyword icc. By default, theMAID is entered in IEEE 802.1ag format. Enabling icc allows the MAID tobe specified in ICC (Y.1731) format instead. When ICC is enabled, both thedomain name and MA name must be specified in ICC format; the ICC MEgroup (MEG) ID/MAID is 13 characters, where the first bit is 0 followed by a6-character ICC code and a 6-character unique MEG ID code (UMC). Mismatchof MAIDs are reported as configuration errors.

show ethernet-cfm database (ma)

The output of this command is enhanced to show the MEG-ID type (802.1ag orICC) and the 802.1p priority setting.

2.5.4.10 OpenSSH Upgrade

The SmartEdge OS uses OpenSSH to authenticate users and provide secureshell access to the router. In this release, OpenSSH is upgraded to version5.8p1.

699/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


With this upgrade, the SmartEdge OS SSH client supports only SSH version2 protocol. Previously, the SSH client supported both versions 1 and 2. Ifthe SSH server running on the remote end only has SSH version 1 protocolenabled, the connection will not be established. To resolve this, enable version2 at the remote end.

This feature causes no changes to existing configurations and makes nochanges to existing CLI commands.

2.5.4.11 Additional Data Collection Commands

Additional CLI commands are provided to collect data from the SmartEdge OSwhen a problem or outage occurs at the customer node. These commandspreviously existed but were restricted to internal Ericsson use only. They noware available for the customer to use to quickly and efficiently capture the dataneeded by Ericsson support engineers for root cause analysis. This featurecauses no changes to default system behavior.

Note: The output of the command is intended for use by support engineers,so the output format may appear different than typical show commandoutput formats and may not be readable.

Warning!

Some show card commands may impact card performance.

The following new commands are provided:

• show card

• show card acl log

• show card adjacency

• show card atm table

• show card circuit

• show card clips

• show card dot1q table

• show card fib

• show card ism

• show card link group

• show card mpls

70 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact

• show card nat

• show card packet local statistics

• show card port

• show card ppp

• show card pppoe

• show card qos

• show card traffic

• show ism circuit

• show ism global

• show ism interface

• show ism linkgroups

• show log events

2.5.4.12 ECC Log Messages on the 8-port ATM OC-3c/STM-1c and 2-port ATMOC-12c/STM-4c Line Cards

The 8-port ATM OC-3c/STM-1c and 2-port ATM OC-12c/STM-4c line cardsnow support new log messages for ECC errors. These errors are recorded tothe syslog on the Controller card and can be seen in the output of the showsystem redundancy command.

Following are examples of ECC log messages:

• Thu Jun 16 13:55:43 2011 : atmscSarcECC[linecard slot 12][1]:UNcorrectable SRAM ECC ERROR (1) @0x3166db00Thu Jun 16 13:55:43 2011 : errIntf=2 eccWord=3

• Thu Jun 16 14:21:43 2011 : atmscSarcECC[linecard slot 12][0]:UNcorrectable SDRAM ECC error (1) @0x40000000Thu Jun 16 14:21:43 2011 : eccSyndrome 0x0F4

• Thu Jun 16 14:25:43 2011 : atmscSarcECC[linecard slot 12][0]:correctable SDRAM ECC error (1) @0x40000000Thu Jun 16 14:25:43 2011 : eccSyndrome 0x029

• Thu Jun 16 18:47:34 2011 : atmscSarcECC[linecard slot 12][0]:correctable SRAM ECC ERROR (1) eccBitPos 0x0Thu Jun 16 18:47:34 2011 : @0x30001400 eccIntf=2 eccWord=1

Information in these messages includes the following:

719/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


• The number mentioned in parentheses () in the second line of eachmessage is the lowest 16 bits of the count of the number of occurrencesof that type of error.

• @0x is the address at which the ECC error occurred.

• eccSyndrome is calculated by the hardware.

• eccBitPos, indicated in the correctable SRAM ECC error, is the errorbit position number.

• eccIntf indicates which system performed the SRAM access that causedthe error.

• eccWord indicates whether the error occurred in the lower or upper word(or both).

If these errors occur in the log, save the logs and contact your local technicalrepresentative or the Ericsson Technical Assistance Center (TAC).






IPv6 Support for PPA2 andPPA3-Based ATM LineCards and MIC

Yes Yes

IPsec Tunnel State Changeand RSA Certificate Alarms

Yes Yes

Route Distribution for IPsecRoutes

Yes Yes

AAA Downloads for IPv6Routes

Yes Yes

Bulkstats Support for IPsec Yes Yes

IPsec Support for ASE2Card

Yes Yes

Alarm Support for IPsec Yes Yes

APS Support for POS LineCards

Yes Yes

Phase 1 Implementation ofITU-T Y.1731

Yes Yes

72 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

General Impact




Yes Yes

OpenSSH Upgrade Yes Yes This feature is supported only on systemswith either XCRP4 or SMRP2 Controllercards and on systems running NetBSD OS.

Additional Data CollectionCommands

Yes Yes

ECC Log Messageson the 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards

Yes No This feature is only supported on the8-port ATM OC-3c/STM-1c and 2-port ATMOC-12c/STM-4c line cards.

2.6 Obsolete Features

The following features were removed, replaced by others, or were renamed inthis release:

2.6.1 Support for Route Map Resequencing Removed

With the continue command for route maps added in this release, supportfor route map resequencing on the SmartEdge router has been removed.The resequence route-map command (in context configuration mode) isno longer available).

2.6.2 Support for SSHv1 Client Removed

The SmartEdge OS uses OpenSSH to authenticate users and provide secureshell access to the router. In this release, OpenSSH is upgraded to version5.8p1. With this upgrade, the SmartEdge OS SSH client supports only SSHversion 2; SSH version 1 is not supported.

2.7 Other Network Elements

The Secure RTP feature has a dependency on the Session Gateway Controller(SGC) node: the SGC must also support Secure RTP.

739/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


3 Summary of Impacts Per Feature

This section summarizes the impact of each feature on the system. (For specificinformation about the impact of individual features, see the description of thefeature in Section 2.5 on page 13.) It is organized by the Market Applicationssupported by the SEOS. The description of impacts is as follows:

• "Major Impact" means one or more of the following:

The feature includes an incompatible change, such that another noderequires an update.

New hardware is required to use the feature.

• "Minor Impact" means that the feature includes changes that affect othernodes but with additional configuration, the previous behavior can beretained.

• "No Impact" means that the feature has no impact on the system.

• "Basic" means that the feature is enabled by default.

• "Optional" means that the feature requires an additional license orconfiguration.

• "New" means that the feature is new.

• "Enhanced" means that the feature is enhanced.

3.1 Broadband Remote Access Server and Metro Ethernet

Table 21 Summary of Impacts

Feature Impact Basic orOptional

New orEnhanced

Relation to Other Features orNodes

ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard Configuration

Major Impact(new hardware)

Basic/New(hardware)

MLPPP Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard


Optional/New (onthis hardware)

74 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Summary of Impacts Per Feature



New orEnhanced


PWFQ Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard



APS Supporton ChannelizedOC-3/STM-1 orOC-12/STM-4 LineCard



Control Packet RateLimiting Supportfor 8-port ATMOC-3c/STM-1cand 2-port ATMOC-12c/STM-4c LineCards



CESoPSN Pseudowires


Optional/New

SAToP Pseudowires Major Impact(new hardware)

Optional/New

Multicast Supporton Port PseudowireCircuits

No Impact Optional/Enhanced

Increased PortPseudowire Capacity

No Impact Basic/Enhanced

DVSR, OSPF, andIS-IS Support on PortPseudowire Circuits


Control Word, VCCV,and QoS PropagationEnabled for Port PW


Enhancements tothe "local-as" BGPCommand


Inter-Context Routing iniBGP

No Impact Optional/New

759/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




New orEnhanced


Site of Origin Availablein BGP ExternalCommunity Attribute


IPv6 Single-HopBidirectionalForwarding for StaticRoutes and eBGP


Single-SessionBidirectionalForwarding over LAG


Fast Convergence ofOSPFv3 Using SPFTimers


Non-Stop OSPFRouting


Change in Processingfor "redistribute" (IS-IS)Command

Minor Impact(see Section2.5 on page13)

Optional/Enhanced

Multihop RouteAdvertisement ForInter-AS L3VPNs


Policy Based Routingfor IPv6 redirect


IPv6 LAG - QoS andACL Support


Continue Logic in RouteMaps


New Match Criteria forIPv6 ACLs


BGP MDT PIMSSM-SourceAuto-Discovery


IGMP CAC at S-VLANLevel


LNS Support for IPv6Subscribers


76 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




New orEnhanced


Three-VLAN-TagSupport for VPLS andL2VPN


LDP over RSVP No Impact Optional/New

Enhanced CarrierGrade NAT


Can be configured to work withupdated NetFlow collector forNAT logs.

Enhanced CarrierGrade NAT Support forHitless Access LAG

No Impact Optional/New Can be configured to work withupdated NetFlow collector forNAT logs.

Enhanced CarrierGrade NAT Supportfor Economical AccessLAG and LNS

No Impact Optional/New Can be configured to work withupdated NetFlow collector forNAT logs.

DHCP Split LeaseEnhancement


Dynamic CLIPS on802.1Q On-DemandPVCs


Service Activation andDeactivation in a SingleCoA Request


RSE Service ActivationDuring Change ofAuthorization in Case ofStack Mismatch


IPCP Subnet MaskNegotiation Option


New Command forSetting the Duration ofSubscriber Sessions


IPv4 AddressConservation inDual-Stack SubscriberEnvironments

No Impact Optional/New Requires support on the RADIUSserver.

Event Accountingfor IPv4/v6 StackTransition Events


779/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




New orEnhanced


AuthenticationSuppression afterSession Limit isReached


Increase in the Numberof Maximum Sessions


PPPoE CCOD StartupTimer


3.2 Border Gateway Function



New orEnhanced


Secure RTP: E2E andE2AE

No Impact Optional/New Requires support on the SGC.

MSRP Back-to-Back UserAgent


ICMP Error Handling No Impact Basic/New

Enhanced Media InactivityDetection

No Impact Basic/Enhanced Requires support on the SGC.

Zero UDP ChecksumPacket Support forIPv4-to-IPv6 Conversion


Bulkstats Support forStatistics Counters

No Impact Basic/New

Secure MSRP No Impact Optional

IPv6 InfrastructureEnhancements forSmartEdge BGF

No Impact Enhanced

78 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


3.3 Deep Packet Inspection



New orEnhanced


Enhanced Subscriber-Based Balancing


DPI Support for ASE2 Card MajorImpact(newhardware)

Optional/New

URL Detection Support forASE Card


3.4 Platform



New orEnhanced


IPv6 Support for PPA2 andPPA3-Based ATM LineCards and MIC

No Impact Basic/Enhanced.

IPsec Tunnel State Changeand RSA Certificate Alarms


Route Distribution for IPsecRoutes


AAA Downloads for IPv6Routes


Bulkstats Support for IPsec No Impact Optional/New

IPsec Support for ASE2Card

MajorImpact(newhardware)

Optional/New

Alarm Support for IPsec No Impact Optional/Enhanced

APS Support for POS LineCards

No Impact Basic/New

799/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09




New orEnhanced



No Impact Basic/New



OpenSSH Upgrade No Impact Basic/Enhanced.

Additional Data CollectionCommands

No Impact Basic/Enhanced.

ECC Log Messageson the 8-port ATMOC-3c/STM-1c and 2-portATM OC-12c/STM-4c LineCards

No Impact Basic/New

4 Additional Information

This section describes additional information, including new or changeddocumentation.

4.1 New Documentation

With this release, the following documents have been added to the SmartEdgerouter documentation library:

• BGF Troubleshooting Guide

To view the new document, open the Troubleshooting folder in the FaultManagement folder.

• SmartEdge System Description

To view the new document, open the Product Overview folder.

80 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Additional Information

With this release, the following documents have been added to the SmartEdgerouter and SM family router documentation libraries:

• Configuring CESoPSN Pseudowires

To view the new document, open the MPLS Routing folder in theConfiguration Management folder.

• Configuring SAToP Pseudowires

To view the new document, open the MPLS Routing folder in theConfiguration Management folder.

4.2 Obsolete Documentation

With this release, the following documents are obsolete in the SmartEdgerouter documentation library.

SmartEdge OS Product Overview

This document has been replaced by the SmartEdge System Description.

819/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


82 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Glossary

Glossary

6PEIPv6 address on the provider edge

ACattachment circuit

ACLaccess control list

AFaddress family

APSAutomatic Protection Switching

ASEAdvanced Services Engine

ASNautonomous system number

ASPAdvanced Services Processor

ATMAsynchronous Transfer Mode

B2BUABack-to-Back User Agent

BFDBidirectional Forwarding

BGFBorder Gateway Function

BGPBorder Gateway Protocol

BRASBroadband Remote Access Server

C-VLANcustomer VLAN

CACCall Admission Control

CFMconnectivity fault management

CCMcontinuity check message

CCODcircuit creation on demand

CESCircuit Emulation Service

CESCircuit Emulation Services

CESoPSNCircuit Emulation Services over PacketSwitched Network

CESoPSNCircuit Emulation Services Over PacketSwitched Network

CGNCarrier Grade NAT

CLIcommand-line interface

CLIPSClientless IP Service Selection

CoAChange of Authentication

CoSClass of Service

CSRCustomer Service Request

DHCPDynamic Host Control Protocol

DHCPv6Dynamic Host Configuration Protocol Version6

839/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


DHCPv6-PDDynamic Host Configuration Protocol forIPv6-Prefix Delegation

DoSDenial of Service

DPIDeep Packet Inspection

DS0

DSCPDifferentiated Services Code Point

E2AEEnd to Access Edge

E2EEnd to End

eBGPexternal Border Gateway Protocol

ETH-DMEthernet delay measurements

ETSIEuropean Telecommunication StandardsInstitute

FPGAField-Programmable Gate Array

FQDNfully qualified domain name

FSSBFile System Server Blade

FTPFile Transfer Protocol

GAGeneral Availability

GREGeneric Routing Encapsulation

HTTPHypertext Transfer Protocol

iBGPinternal Border Gateway Protocol

ICCITU carrier code

IETFInternet Engineering Task Force

IGMPInternet Group Management Protocol

IGPInterior Gateway Protocol

IKEv1Internet Key Exchange Version 1

IKEv2Internet Key Exchange Version 2

IPInternet Protocol

IPoEIP over Ethernet

IPsecInternet Protocol Security

iPPAProcessing ASIC

IPv4Internet Protocol Version 4

IPv6Internet Protocol Version 6

IS-ISIntermediate System-to-Intermediate System

IWFinterworking function.

L2Layer 2

L2TPLayer 2 Tunneling Protocol

L2TPv3Layer 2 Tunneling Protocol version 3

84 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Glossary

L2VPNLayer 2 Virtual Private Network

L3Layer 3

L3VPNLayer3 Virtual Private Network

LACL2TP access concentrator

LAGLink Aggregation

LANlocal area network

LDPLabel Distribution Protocol

LNSL2TP network server

LSPlabel-switched path

LSPs(LDP) over Resource Reservation Protocol(RSVP) for single-hop and multi-hop RSVPlabel-switched paths

LSRlabel-switched router

LSRsLSP and protected against link and nodefailures between label-switched routers

MAIDmaintenance association ID

MDTmulticast distribution tree

MDTMulticast traffic between PE routers isforwarded over the multicast distribution tree

MEPmaintenance association endpoint

MGMedia Gateway

MGCMedia Gateway Controller

MIBManagement Information Base

MICMedia Interface Card

MIDMessage ID

MLPPPMultilink Point to Point Protocol

MPLSMultiprotocol Label Switching

MSRPMessage Session Relay Protocol

mVPNmulticast VPN

NATNetwork Address Translation

NDNeighbor Discovery

NFRRnext-hop fast reroute

NIRNetwork Impact Report

OAMoperations, administration, and maintenance

ORFOutbound Route Filter

OSPFOpen Shortest Path First

OSPFv3Open Shortest Path First version 3

P2PPoint-to-Point

859/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


P2MPpoint-to-multipoint

PADIPPPoE Active Discovery Packet

PBRPolicy Based Routing

PDPrefix Delegation

PDHPlesiochronous Digital Hierarchy

PEprovider edge

PFEPacket Forwarding Engine

PIM-SMProtocol Independent Multicast - Sparse Mode

PIMProtocol Independent Multicast

PIM-SSMPIM Source Specific Multicast

PIM-SSMProtocol Independent Multicast -source-specific multicast

PKIPublic Key Infrastructure

POSPacket over SONET/SDH

PPAPacket Processing ASIC

PPPPoint to Point Protocol

PPPoAPoint-to-Point Protocol over AsynchronousTransfer Mode

PPPoEPoint to Point Protocol over Ethernet

PPPoEPoint-to-Point Protocol over Ethernet

PSN(PWE) transparently carry time-division-multiplexing (TDM) circuits over a packet-switchednetwork

PVCPermanent Virtual Circuit

PWpseudowire

PWEPseudowire Emulation

PWE31—"Pseudowire Emulation Edge to Edge

PWE31—Pseudowire Emulation Edge to Edge

PWFQPriority Weighted Fair Queuing

QDQoS descriptor

QoSquality of service

RADIUSRemote Authentication Dial-In User Service

RFCRequest for Comments

RIPRouting Information Protocol

RIPngRouting Information Protocol next generation

RMRRemote Multicast Replication

RPRendezvous Point

RPFReverse Path Forwarding

86 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Glossary

RSARivest-Shamir-Adelman

RSERADIUS Service Engine

RSVPReservation Protocol

RSVPResource Reservation Protocol

S-VLANservice VLAN

SAFISubsequent Address Family Identifiers

SAToPStructure-Agnostic TDM over Packet

SAToPStructure-Agnostic TDM over Packet

SCPSecure Copy Protocol

SDHSynchronous Digital Hierarchy

SFTPSecure File Transfer Protocol

SGCSession Gateway Controller

SNMPSimple Network Management Protocol

SMRPSM Route Processor

SONETSynchronous Optical Networking

SoOSite of Origin

SPTshortest-path tree

T1/E1TDM bitstreams

TCPTransmission Control Protocol

TLSTransport Layer Security

TMTraffic Management

ToSType of Service

TR-101Technical Report 101

UDPUser Datagram Protocol

UTCCoordinated Universal Time

VCCVVirtual Circuit Connectivity Verification

VLANvirtual LAN

VLLvirtual leased line

VMGVirtual Media Gateway

VPLSVirtual Private LAN Services

VPNVirtual Private Network

VSAVendor-Specific Attribute

XCcross connect

XCRPCross-Connect Route Processor

879/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


88 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

Reference List

Reference List

SmartEdge OS Software (EN/LZN 783 0011/1)

[1] Application Traffic Management Configuration and Operation, 1543-CRA119 1170/1 Uen

[2] BGF Troubleshooting GuideFAULT TRACING DIRECT, 16/154 51-CRA 119 1170/1

[3] CLI Commands Command List, 1/190 77-CRA 119 1170/1

[4] Commands: am through b, 2/190 82-CRA 119 1170/1 Uen

[5] Commands: r, 15/190 82-CRA 119 1170/1 Uen

[6] Configuring ATM, Ethernet, and POS Ports, 9/1543-CRA 119 1170/1

[7] Configuring Bridging, 7/1543-CRA 119 1170/1

[8] Configuring CESoPSN Pseudowires, 95/1543-CRA 119 1170/1

[9] Configuring Channelized Ports, 93/1543-CRA 119 1170/1

[10] Configuring CLIPS, 63/1543-CRA 119 1170/1

[11] Configuring Ethernet CFM, 52/1543-CRA 119 1170/1

[12] Configuring IPv6 Subscriber Services, 85/1543-CRA 119 1170/1

[13] Configuring NAT Policies, 28/1543-CRA 119 1170/1

[14] Configuring NTP, 34/1543-CRA 119 1170/1

[15] Configuring Port Pseudowire Connections, 90/1543-CRA 119 1170/1

[16] Configuring Rate-Limiting and Class-Limiting, 55/1543-CRA 119 1170/1

[17] Configuring SAToP Pseudowires, 96/1543-CRA 119 1170/1

[18] Enterprise MIBs, 2/198 18-CRA 119 1170/1

[19] Installing the SmartEdge OS, 1/190 47-CRA 119 1170/1

[20] IPsec VPN Command Reference, 2/190 80-CRA 119 1170/1 Uen

[21] Security Service Command Reference, 1/190 80-CRA 119 1170/1 Uen

[22] SmartEdge Border Gateway Function Network Impact Report, 1/10921-CRA 119 1170/1

899/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09


[23] SmartEdge OS Release 11.1.2.1 Network Impact Report, 8/109 48-CRA119 1170/1

Other CPI

[24] SM 480 Hardware Guide , 3/153 30-CRA 119 1023/1

[25] SM 240 Hardware Guide , 1/153 30-CRA 119 1022/1

[26] SmartEdge Border Gateway Function Survey, 155 13-CRA 119 1170/1

Standards and Recommendations

[27] The control of jitter and wander within the optical transport network, ITU-TRecommendation G.8251

[28] ETHER-WIS-MIB, RFC 3637

[29] ETHERLIKE-MIB, RFC 2665

[30] IF-INVERTED-STACK-MIB, RFC 2864

[31] Internet Protocol, Version 6 (IPv6) Specification, RFC 2460

[32] Link Aggregation, IEEE 802.3ad

[33] The Message Session Relay Protocol (MSRP), RFC 4975

[34] Network node interface for the optical transport network (OTN) ITU-TRecommendation G.709

[35] OAM functions and mechanisms for Ethernet based networks, ITU-TRecommendation Y.1731

[36] The Secure Real Time Protocol (SRTP), RFC 3711

[37] Structure-Agnostic Time Division Multiplexing (TDM) over Packet(SAToP), RFC 4553

[38] Structure-Aware Time Division Multiplexed (TDM) Curcuit EmulationService over Packet Switched Network (CESoPSN), RFC 5086

[39] Technical Specification Group Services and System Aspects; Vocabularyfor 3GPP Specifications, 3GPP TR 21.905

[40] Telecommunications and Internet converged Services and Protocols forAdvanced Networking (TISPAN); Resource and Admission Control: H.248Profile for controlling Border Gateway Functions (BGF) in the Resourceand Admission Control Subsystem (RACS); Protocol specification, ETSITISPAN ES 283 018 v2.5.0 (2008-11)

[41] WAN Interface Sublayer, IEEE 802.3ae

90 9/109 48-CRA 119 1170/1 Uen A2 | 2011-12-09

release notes 11.1.2.3

Documents

smartedge os release

information specific

specific information

revision information

sm family routers

ericsson smartedge

additional information

sufficient information