Escolar Documentos
Profissional Documentos
Cultura Documentos
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0612R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Next Generation Enterprise MPLS-Based WAN Cisco Validated Design II 2007 Cisco Systems, Inc. All rights reserved.
Preface
Revised: October 11, 2007
The aim of this document is to accelerate customer deployments of the Next Generation Enterprise MPLS-based WAN solution. It presents results and recommendations for all the deployment architectures outlined in the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide.
Table 1 Modification History
Definitions
This section defines words, acronyms, and actions which may not be readily understood.
Table 2 Definitions
Definition Network Systems Integration and Test Engineering Cisco Validated Design Cisco Unified Communications Manager Virtual Private Network: A secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone. Dynamic Multipoint VPN Inter-AS Label Switching VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router. Wide Area Network
WAN
Preface
Table 2
Definitions
Definition Metropolitan Area Network Provider Edge router: A router that is part of a service provider's network connected to a customer edge (CE) router. All VPN processing occurs in the PE router Customer Edge router: A router that is part of a customer network and that interfaces to a Provider Edge (PE) router. CE routers are not aware of associated VPNs. Autonomous System Border Gateway Protocol: Interdomain routing protocol that exchanges reachability information with other BGP systems. It is defined in RFC 1163. Shared Port Adapters SPA Interface Processor Next Hop Resolution Protocol Label Distribution Protocol
CONTENTS
1
CHAPTER
Cisco Validated Design Program 1.1 Cisco Validated Design I 1.2 Cisco Validated Design II
1-1
1-1
1-1
CHAPTER
Executive Summary
2-1
CHAPTER
3-1
3.1 MPLSoL2 Test Coverage 3-1 3.1.1 MPLSoL2 Feature Coverage 3-2 3.1.2 CVD II Additional Coverage 3-3 3.2 MPLSoL2 Test Strategy 3-3 3.2.1 MPLSoL2 Test Topology 3-3 3.2.2 Test Types 3-4 3.2.2.1 System Integration Test 3.2.2.2 Scalability Test 3-5 3.2.2.3 Negative Test 3-5 3.2.2.4 Reliability Test 3-5 3.2.3 Sustaining Coverage 3-5
3-5
3.3 MPLSoL2 Hardware and Software Information 3.4 MPLSoL2 Test Results and Recommendations 3.4.1 MPLSoL2 Test Results 3-7 3.4.2 MPLSoL2 Recommendations 3-8
4
3-6 3-7
CHAPTER
4-1
4.1 DMVPN per VRF Test Coverage 4-1 4.1.1 DMVPN per VRF Feature Coverage 4.1.2 CVD II Additional Coverage 4-3 4.2 DMVPN per VRF Test Strategy 4-3 4.2.1 DMVPN per VRF Test Topology 4-3 4.2.2 Test Types 4-4 4.2.2.1 System Integration Test 4-5 4.2.2.2 Scalability Test 4-5
4-2
Contents
4.2.2.3 Negative Test 4-5 4.2.2.4 Reliability Test 4-6 4.2.3 Sustaining Coverage 4-6 4.3 DMVPN per VRF Hardware and Software Information 4.4 DMVPN per VRF Test Results and Recommendations 4.4.1 DMVPN per VRF Test Results 4-7 4.4.2 DMVPN per VRF Recommendations 4-8
5
4-6 4-7
CHAPTER
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only) 5.1 2547oDMVPN Test Coverage 5-1 5.1.1 2547oDMVPN Feature Coverage 5-2 5.1.2 CVD II Additional Coverage 5-3 5.2 2547oDMVPN Test Strategy 5-3 5.2.1 2547oDMVPN Test Topology 5-3 5.2.2 Test Types 5-4 5.2.2.1 System Integration Test 5-5 5.2.2.2 Scalability Test 5-5 5.2.2.3 Negative Test 5-5 5.2.2.4 Reliability Test 5-6 5.2.3 Sustaining Coverage 5-6 5.3 2547oDMVPN Hardware and Software Information 5.4 2547oDMVPN Test Results and Recommendations 5.4.1 2547oDMVPN Test Results 5-7 5.4.2 2547oDMVPN Recommendations 5-8
5-6 5-7
5-1
CHAPTER
WAN Core: Inter-AS, ASBR-to-ASBR with MPeBGP 6.1 Inter-AS Test Coverage 6-1 6.1.1 Inter-AS Feature Coverage 6-2 6.1.2 CVD II Additional Coverage 6-2 6.2 Inter-AS Test Strategy 6-3 6.2.1 Inter-AS Test Topology 6-3 6.2.2 Test Types 6-5 6.2.2.1 System Integration Test 6.2.2.2 Negative Test 6-5 6.2.3 Sustaining Coverage 6-5
6-1
6-5
6.3 Inter-AS Hardware and Software Information 6.4 Inter-AS Test Results and Recommendations 6.4.1 Inter-AS Test Results 6-7
6-6 6-7
Contents
6-7
CHAPTER
References
A.1 NG WAN Test Coverages Matrix Test Case Descriptions and Results B.1 MPLSoL2 Deployment Model
B.3 2547oDMVPN (Hub as PE Role) Deployment Model B.4 2547oDMVPN (Hub as P Role) Deployment Model B.5 Inter-AS Deployment Model Defects
C-1 C-1 C-1 C-2 C-2 C-2 C-3 D-1 B-14
C.1 CSCsi44003 C.2 CSCsj78913 C.3 CSCek74416 C.4 CSCsi50615 C.5 CSCsi49487 C.6 CSCsi79767
Contents
F I G U R E S
Figure 3-1 Figure 3-2 Figure 4-1 Figure 4-2 Figure 5-1 Figure 5-2 Figure 6-1 Figure 6-2
6-2 6-4
Figures
T A B L E S
Table 1 Table 2 Table 2-1 Table 2-2 Table 3-1 Table 3-2 Table 4-1 Table 4-2 Table 5-1 Table 5-2 Table 6-1 Table 6-2 Table A-1 Table A-2 Table A-3 Table A-4 Table A-5 Table A-6 Table A-7 Table A-8 Table A-9 Table A-10 Table A-11 Table A-12 Table A-13 Table B-1 Table B-2 Table B-3 Table B-4 Table B-5
1-3
WAN Edge Certification and Validation Summary WAN Core Certification and Validation Summary MPLSoL2 Hardware and Software Information MPLSoL2 Test Results Summary
3-7 3-6
2-1 2-2
DMVPN per VRF Hardware and Software Information TDMVPN per VRF Test Results Summary 25470DMVPN Test Results Summary Inter-AS Test Results Summary MPLSoL2 Features
A-1 A-1 A-2 6-7 5-7 6-6 4-8 5-6
4-6
2547oDMVPN Hardware Platforms and Data Inter-AS Hardware and Software Information
MPLSoL2 CVDI Platforms and Software MPLSoL2 CVDII Platforms and Software DMVPNperVRF Features
A-2
DMVPNperVRF CVDI Platforms and Software DMVPNperVRF CVDII Platforms and Software 2547oDMVPN (Hub as PE Role) Features
A-3
A-2 A-3
2547oDMVPN (Hub as PE Role) CVDI Platforms and Software 2547oDMVPN (Hub as PE Role) CVDII Platforms and Software 2547oDMVPN (Hub as P Role) Features Inter-AS (MAN CORE connection)Features MPLSoL2 Deployment Model
B-1 B-4 B-7 B-10 A-4
A-3 A-4
A-4
Inter-AS (MAN CORE Connection) CVDII Platforms and Software DMVPNperVRF Deployment Model
A-5
2547oDMVPN (Hub as PE Role) Deployment Model 2547oDMVPN (Hub as P Role) Deployment Model Inter-AS Deployment Model
B-14
Tables
CH A P T E R
Reviewed and updated for general deployment Achieves the highest levels of consistency and coverage within the Cisco Validated Design program Solution requirements successfully tested and documented with evidence to function as detailed within a specific design in a scaled, customer representative environment Zero observable operation impacting defects within the given test parameters , that is, no defects that have not been resolved either outright or through software change, redesign, or workaround
1-1
A detailed record of the testing conducted is generally available to customers and field teams, which provides:
Design baseline that provides a foundational list of test coverage to accelerate a customer
deployment
Software baseline recommendations that are supported by successful testing completion and
memory and CPU profiling, and expected results as compared to actual testing results For more information about the Cisco CVD program, refer to: http://www.cisco.com/go/cvd CVD II testing for this program was conducted by Cisco's Network System Integration and Test Engineering NSITE team. NSITEs mission is to system test complex solutions spanning multiple technologies and products to accelerate successful customer deployments and new technology adoption.
1-2
CH A P T E R
Executive Summary
Revised: October 23, 2007
This document describes the CVD II validation of the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide. The aim of this project is to accelerate customer deployments of the Next Generation Enterprise MPLS-based WAN solution. Extensive manual and automated testing was conducted in a large scale, comprehensive customer representative network. The deployment architectures were validated with a wide range of system test types, including system integration, negative (fault and error handling), redundancy (availability), scalability and reliability to ensure successful customer deployment of the NG Enterprise MPLS-based WAN design. An important part of the testing is end-to-end verification of enterprise voice, and video services using components of the Cisco Unified Communications solution. Critical service parameters such as packet loss, end-to-end delay and jitter for voice and video were verified under load conditions. As an integral part of the CVDII program, an automated sustaining validation model was created for on-going validation of deployment architectures for future Internetworking Operating System (IOS) releases. With this automated sustaining validation capability, the sustaining team can validate the design in any upcoming software releases on the targeted platforms. Sustaining validation greatly extends the useful life of the design guide, and significantly increases customer confidence and reduces deployment time. During testing, there were a number of software defects encountered. The symptoms, conditions and workarounds of each defect are described Appendix C. Table 2-1, outlines the summary of certification and validation status of each of the WAN Edge deployment architectures. Table 2-2, outlines the summary of certification and validation status of each of the WAN Core deployment architectures.
Table 2-1 WAN Edge Certification and Validation Summary
MPLS-Based WAN Edge Deployment Architecture Status Status MPLSoL2 Self-Deployed Multi-VRF with mGRE/DMVPN (DMVPN per VRF) Passed with Exception1 Passed with Exception1
2-1
Chapter 2
Executive Summary
Table 2-1
MPLS-Based WAN Edge Deployment Architecture Status Status MPLS VPN over DMVPN - 2547oDMVPN (Hub Not Recommended and Spoke only, Hub as PE) (Use Hub as P role instead) MPLS VPN over DMVPN - 2547oDMVPN (Hub Passed with Exception as P Role)
Table 2-2
Status Passed
1 Exceptions to the CVD certification criteria were observed, however these are such that the design is still deployable for the majority of cases within the caveats defined for the exceptions which may only impact minor elements of the design or certain deployment scenarios.
This document is intended to supplement to the CVD I, Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide. A brief overview of each deployment model is presented from the CVD I document to provide background information. The CVD II test coverage, strategy, results and recommendations for each deployment model is presented independently within each chapter.
2-2
CH A P T E R
The MPLSoL2 deployment model is one of the possible solutions for branch virtualizations described in the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide (CVD I). A brief overview of the solution, test coverage, test strategy and a summary of the test results with recommendations are presented in this section.
3-1
Figure 3-1
MPLSoL2 Service
RR
MPLS MAN
RR
EP
E-PE
SP L2 Service
E-PE
E-PE
PE
Remote Branches
MPLS VPN MPLS Label Distribution Protocol (LDP) MPBGP (Multiprotocol BGP) Multicast VPN (mVPN) OSPF QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA Redundancy
QoS
The existing WAN QoS recommendation that were made in the Enterprise QoS Solutions Reference Network Design (SRND) still apply to MPLS WAN setup. An OC3 POS link was used at the headend so link efficiency policies such as LFI and cRTP were not needed. An 8-class QoS model was used at the WAN Edge with bandwidth allocation per the recommendations from the Enterprise QoS SRND.
3-2
185835
Chapter 3
The branch routers had T1 links or higher so they used the same 8-class model with LLQ for voice and video, CBWFQ and WRED for all other classes. QoS testing involved generating enough traffic to congest the branch links as well as the headend link. A traffic generator was used to send various traffic types that match each QoS class.
System validation of advanced MPLS/L3VPN features, such as QoS, mVPN Interoperability among multiple Cisco platforms, interfaces, and IOS releases Validation of successful deployment of real applications (Cisco IP Telephony and IPTV multicast video streams) in the network. End-to-End system validation of all the solutions together in a single integrated customer representative network
3-3
Figure 3-2
Campus Site
IP
IPTV
CCM
PE2 RR2
3-4
Chapter 3
Reliability
For general descriptions of these test types refer to Appendix D. The following sections describe the specific areas that are covered in each test type for the MPLSoL2 deployment model.
Redundancy/HA: primary hub router/link failover.(Reload/shut/no shut the primary router and links) Hardware:
LC/SIP/SPA/PA and cable OIR (Online Insertion and Remover) Router reload
3-5
The automated test scripts for each automation test cases The common library for managing the test-bed, collecting and reporting the test results The automated procedures to capture the manual execution results
All the real applications used in the manual validation phase, including IPTV server/client, Cisco Unified Communications Manager server and IP phones, were not automated. Instead, traffic tools were used to generate simulated traffic such as voice and video on the network.
MAN Cisco 6500 (P) Cisco 7600 (P) Cisco 7600 (PE) Provider's core router (P1) Provider's core router (P2) 12.2(18)SXF7 12.2(33)SRA2 SUP720-3BXL, SIP-600, SPA-GE, WS-6724-SFP SUP720-3BXL, SIP-600, SPA-GE, SPA-10GE, 6704-10GE, OSM-OC48 SUP720-3BXL, SIP-600, SIP-400, SPA-GE, SPA-OC3, SPA-OC12 NPE-G2/GE
Provider's Edge 12.2(33)SRA2 router (PE1) Core router reflector (RR1 and RR2) 12.2(31)SB2
WAN Hubs Cisco 7200 (P) WAN hub router (HUB1) Cisco 7600 (P) WAN hub router (HUB2) Branch Routers Cisco 7200 (PE) Branch router (E-PE1) 12.4(11)T1 NPE-G2, POS-OC3 12.2(33)SRA2 SUP720-3BXL, SIP-600, SIP-400, SPA-GE, SPA-OC3 12.4(11)T1 NPE-G2, PA-OC3
3-6
Chapter 3
WAN Edge: MPLSoL2 Service 3.4 MPLSoL2 Test Results and Recommendations
Table 3-1
LIne Cards/Interfaces T1 T1
The two system integration failures were due to software defect CSCsj78913. This failure affects Multicast VPN traffic on a Cisco 2851 ISR router running Cisco IOS version 12.4(11)T. CSCsj78913 was not observed on later IOS version, 12.4(15)T1, and is now marked as "not reproducible". For more details about this defect see CSCsj78913. One of the negative test cases was considered pass with exception due to software defect CSCsi44003. This particular negative test simulates a spoke router failure by reloading one of the C3845 Branch routers. During this test, the CLI (command line interface) "mtu 1508" under a subinterface disappears after the router reloads. As a result, OSPF neighbor adjacency is not re-established due to MTU mismatch. This defect is only observed in spoke routers with a particular interface card (VWIC-2MFT-T1-DI). For more details on the defect please see CSCsi44003.
3-7
3-8
CH A P T E R
The DMVPNperVRF deployment model is another option for branch virtualization described in the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide (CVD I). A brief overview of the solution, test coverage, test strategy and a summary of the results with recommendations are presented in this section.
4-1
Figure 4-1
MPLS MAN
VRF per
SP Network
Dynamic Multipoint VPN (DMVPN) Next Hop Resolution Protocol (NHRP) Multi-VRF Support (VRF lite) OSPF PE-CE routing protocol MPBGP (Multiprotocol BGP) BGP MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Network OSPF Support for Multi-VRF Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA
4-2
185838
Multi-VRF CE Remote
Multi-VRF CE
Chapter 4
Redundancy
System validation of advanced MPLS/L3VPN features, such as QoS, mVPN Interoperability among multiple Cisco platforms, interfaces, and IOS releases Validation of successful deployment of real applications (Cisco IP Telephony and IPTV Multicast video streams) in the network. End-to-End system validation of all the solutions together in a single integrated customer representative network
4-3
Figure 4-2
Campus Site
IP
IPTV
PE2 RH2
IP Branch Sites
185837
4-4
Chapter 4
Reliability
For general descriptions of these test types refer to Appendix D. The following sections describe the specific areas that are covered in each test type for the DMVPN per VRF deployment model.
500 OSPF neighbors 500 LDP neighbors 500 NHRP entries 500 IKE/IPSec sessions
Redundancy/HA: primary hub router/link failover.(Reload/shut/no shut the primary router and links) Hardware:
LC/SIP/SPA/PA and cable OIR (Online Insertion and Remover) Router reload
4-5
All the real applications used in the manual validation phase, including IPTV server/client, Cisco Unified Communications Manager server and IP phones, were not automated. Instead, traffic tools were used to generate simulated traffic such as voice and video on the network.
MAN Cisco 6500 (P) Provider's core router (P1) Provider's core router (P2) Provider's Edge router (PE1) Cisco 7200 (RR) Core router reflector (RR1 and RR2) 12.2(31)SB2 NPE-G2/GE 12.2(18)SXF7 SIP-600, SPA-GE, WS-6724-SFP
12.2(33)SRA2
SIP-600, SPA-GE, SPA-10GE, 6704-10GE, OSM-OC48 SIP-600, SIP-400, SPA-GE, SPA-OC3, SPA-OC12
12.2(33)SRA2
4-6
Chapter 4
WAN Edge: DMVPN per VRF 4.4 DMVPN per VRF Test Results and Recommendations
Table 4-1
WAN HUBS Cisco 7200 (PE) WAN hub routers acting as PE (HUB1) Cisco 6500 (PE) WAN hub routers acting as PE (HUB2) Branch Routers Cisco 7200 (PE) Branch router (E-PE1) Cisco C2851 Branch router (E-PE2) Cisco C3845 Branch router (E-PE3) 12.4(11)T1 T1 12.4(11)T1 T1 12.4(11)T1 POS-OC3, NPE-G2/GE 12.2(33)SRA2 SIP-600, SIP-400, SPA-GE, SPA-OC3 12.4(11)T1 PA-OC3, NPE-G2/GE
4-7
Table 4-2
There is one test case that passed with exception because Multicast over DMVPN is not supported on C6500 platform. The same test case passed on the Cisco C7200 hub router. The second failure found in scalability testing is considered operationally impacting, CSCek74416. During large scale DMVPN per VRF testing, one of the DMVPN spoke experienced a software crash. This defect is resolved but not in a released IOS images.
4-8
CH A P T E R
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only)
Revised: October 23, 2007
There are two possible modes in this deployment model that were outlined in the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide (CVD I);
The 2547oDMVPN (Hub as a P router) was identified as the preferred mode in CVD I over the 2547oDMVPN (Hub as PE router) but was not validated in CVD I because of the lack of LDP support for mGRE. Support for the 2547oDMVPN (hub as P router) deployment model is now available in the Cisco IOS release 12.4(11) T and test coverage was added as part of the CVD II testing. Validation was focused more on the Hub as a P router mode rather than the 2547oDMVPN (Hub as a PE router).
5-1
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only)
Figure 5-1
GRE SP Network
E-PE
E-PE
Remote
Dynamic Multipoint VPN (DMVPN) Next Hop Resolution Protocol (NHRP) IPSec/IKE 2547oDMVPN MPBGP (Multiprotocol BGP) BGP BGP Route Reflector MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Network OSPF Support for Multi-VRF Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM)
5-2
185839
E-PE
E-PE
Chapter 5
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only) 5.1.2 CVD II Additional Coverage
System validation of advanced MPLS/L3VPN features, such as QoS, mVPN Interoperability among multiple Cisco platforms, interfaces, and IOS releases Validation of successful deployment of real applications (Cisco IP Telephony and IPTV Multicast video streams) in the network. End-to-End system validation of all the solutions together in a single integrated customer representative network
5-3
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only)
Figure 5-2
2547oDMVPN Testbed
Campus Site
IP
IPTV
PE1
PE2
MAN
P RR RR
P HUB1
P HUB2
E-PE1
E-PE2
E-PE3
IP Branch Sites
240978
5-4
Chapter 5
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only) 5.2.2 Test Types
Reliability
For general descriptions of these test types refer to Appendix D. The following sections describe the specific areas that are covered in each test type for the 2547oDMVPN deployment model.
500 OSPF neighbors 500 LDP neighbors 500 NHRP entries 500 IKE/IPSec sessions 500 MP-iBGP sessions with RR (Router Reflector)
Redundancy/HA: primary hub router/link failover.(Reload/shut/no shut the primary router and links) Hardware:
LC/SIP/SPA/PA and cable OIR (Online Insertion and Remover) Router reload
5-5
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only)
The automated test scripts for each automation test cases The common library for managing the test-bed, collecting and reporting the test results The automated procedures to capture the manual execution results
All the real applications used in the manual validation phase, including IPTV server/client, Cisco Unified Communications Manager server and IP phones, were not automated. Instead, traffic tools were used to generate simulated traffic such as voice and video on the network.
MAN 12400 (P) Provider's core router Provider's core router (P2) Provider's Edge router (PE1) Cisco 7200 (RR) Core router reflector (RR1 and RR2) 12.0(32)S3 NPE-G2/GE 12.0(32)S2 SIP-600, SIP-601, SPA-POS-OC48, SPA-10GE, SPA-GE, ISE 4GE, ISE POS-4OC12 SIP-600, SPA-GE, SPA-10GE, 6704-10GE, OSM-OC48 SIP-600, SIP-400, SPA-GE, SPA-OC3, SPA-OC12
12.2(33)SRA2
12.2(33)SRA2
5-6
Chapter 5
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only) 5.4 2547oDMVPN Test Results and Recommendations
Table 5-1
Branch Routers Cisco 7200 (PE) Branch router (E-PE1) Cisco C2851 Branch router (E-PE2) Cisco C3845 Branch router (E-PE3) Hardware PlatformRoleSoftware VersionLine Cards/Interfaces 12.4(11)T1 T1 12.4(11)T1 T1 12.4(11)T1 POS-OC3, NPE-G2/GE
Note
5-7
WAN Edge: MPLS over DMVPN - 2547oDMVPN (Hub and Spoke Only)
Table 5-2
All the system integration, scalability and reliability test cases in this model passed. There was one failure in the negative testing. The failure was observed when simulating a redundant hub router reload. This particular defect fails to restore mVPN (Multicast VPN) feature and consequently Multicast streams between campus and branch fail. For more details, see CSCsi49487. This defect turned out to be not a problem with the Hub router but with the specific IOS release used for the Route Reflector(RR) , 12.0(32)S3. Once the route reflector IOS release is upgraded to 12.2(31)SB2, the test case passed.
5-8
CH A P T E R
In the Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide (CVD I), there are a number of possible solutions mentioned for interconnecting MPLS MAN networks:
The Inter-AS (ASBR-to-ASBR with MPeBGP) was selected to be the method of interconnecting the two MPLS networks because it was considered more scalable and widely deployed. There are no specific implementation recommendations in the design guide with regards to configuring and deploying inter-AS, so the CVD II validation efforts provided additional coverage for this deployment model.
6-1
Figure 6-1
MAN2
E-PE
RR E-P SP
RR E-P
E-PE
M1=ASBR
M2=ASBR
E-PE
Inter-AS Multicast Inter-AS Unicast Redundancy OSPF BGP MPLS Multiprotocol Label Switching Inter-AS BGP - MPLS VPN BGP interAS MVPN support MPLS VPN Load balancing support for InterAS & CSC InterAS support for MVPN MPLS VPN - Multi-Path support for Inter-AS VPNs MPLS VPN Inter-AS - IPv4 BGP Label Distribution
6-2
185840
Chapter 6
WAN Core: Inter-AS, ASBR-to-ASBR with MPeBGP 6.2 Inter-AS Test Strategy
System validation of advanced MPLS/L3VPN features, such as QoS, mVPN Interoperability among multiple Cisco platforms, interfaces, and IOS releases Validation of successful deployment of real applications (Cisco IP Telephony and IPTV Multicast video streams) in the network. End-to-End system validation of all the solutions together in a single integrated customer representative network
6-3
Figure 6-2
Campus 1
M
IP
MAN1
PE
PE
P P
P RR RR P
ASBR
ASBR
Inter AS MAN2
ASBR
ASBR
P PE Campus 2 PE
6-4
185841
IP
Chapter 6
For general descriptions of these test types refer to Appendix D. The following sections describe the specific areas that are covered in each test type for the Inter-AS deployment model.
Redundancy/HA: primary ASBR router/link failover.(Reload/shut/no shut the primary router and links) Hardware: Router reload Control-plane: clear routing tables
The automated test scripts for each automation test cases The common library for managing the test-bed, collecting and reporting the test results The automated procedures to capture the manual execution results
All the real applications used in the manual validation phase, including IPTV server/client, Cisco Unified Communications Manager server and IP phones, were not automated. Instead, traffic tools were used to generate simulated traffic such as voice and video on the network.
6-5
Role Customer's Edge router (CE1 and CE2) Autonomous System Border Router
SIP-601, SPA-POS-OC48, SPA-5XGE SIP-600, SIP-400, SPA-5XGE, SPA-POS-OC48 SIP-600, SPA-GE, WS-6724-SFP SIP-600, SPA-GE, SPA-10GE, 6704-10GE, OSM-OC48 SIP-600, SIP-400, SPA-GE, SPA-OC3, SPA-OC12 NPE-G2/GE
Cisco 7600 (ASBR) Autonomous System Border Router Cisco 6500 (P) Cisco 7600 (P) Provider's core router (P1) Provider's core router (P2)
12.2(18)SXF7 12.2(33)SRA2
12.2(33)SRA2
Core router reflector (RR1 and 12.2(31)SB2 RR2) Autonomous System Border Router 12.0(32)S2, 12.0(32)SY 12.2(33)SRA2
SIP-601, SPA-POS-OC48, SPA-5XGE SIP-600, SIP-400, SPA-5XGE, SPA-POS-OC48 SIP-600, SPA-GE, WS-6724-SFP SIP-600, SPA-GE, SPA-10GE, 6704-10GE, OSM-OC48 SIP-600, SIP-400, SPA-GE, SPA-OC3, SPA-OC12 NPE-G2/GE
Cisco 7600 (ASBR) Autonomous System Border Router Cisco 6500 (P) Cisco 7600 (P) Provider's core router (P1) Provider's core router (P2)
12.2(18)SXF7 12.2(33)SRA2
12.2(33)SRA2
6-6
Chapter 6
WAN Core: Inter-AS, ASBR-to-ASBR with MPeBGP 6.4 Inter-AS Test Results and Recommendations
6-7
6-8
CH A P T E R
References
Revised: October 23, 2007
Next Generation Enterprise MPLS-Based WAN Design and Implementation Guide (EDCS-536219) http://www.cisco.com/application/pdf/en/us/guest/products/ps6892/c1244/ccmigration_09186a00808c e6ad.pdf Next Generation Enterprise MPLS VPN-Based MAN Design and Implementation Guide(EDCS-468156) http://www.cisco.com/application/pdf/en/us/guest/netsol/ns241/c649/ccmigration_09186a008055edcf. pdf NSITE Next Generation Enterprise MPLS-based WAN Test Results Report (EDCS-625000) Available upon request from your Cisco System Engineer.)
7-1
Chapter 7
References
7-2
A P P E N D I X
MPLSoL2 Deployment Architecture Features MPLS VPN MPLS Label Distribution Protocol (LDP) MPBGP (Multiprotocol BGP) Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA Redundancy
CVDI X X X X X X X X X
CVDII X X X X X X X X X
Table A-2
A-1
Table A-3
Table A-4
DMVPNperVRF Features
DMVPNperVRF Deployment Architecture Features Dynamic Multipoint VPN (DMVPN) Next Hop Resolution Protocol (NHRP) Multi-VRF Support (VRF lite) OSPF PE-CE routing protocol MPBGP (Multiprotocol BGP) BGP MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Network OSPF Support for Multi-VRF Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA Redundancy
CVDI X X X X X X X X X X X X X X X
CVDII X X X X X X X X X X X X X X X
Table A-5
A-2
Appendix A
Table A-6
Table A-7
2547oDMVPN (Hub as PE Role) Deployment Architecture Features Dynamic Multipoint VPN (DMVPN) Next Hop Resolution Protocol (NHRP) IPSec/IKE 2547oDMVPN MPBGP (Multiprotocol BGP) BGP BGP Route Reflector MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Network OSPF Support for Multi-VRF Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA Redundancy HSRP EIGRP Routing OSPF Routing
CVDI X X X X X X X X X X X X X X X X NO X
CVDII X X X X X X X X X X X X X X X X NO X
Table A-8
A-3
Table A-9
Table A-10
2547oDMVPN (Hub as P Role) Deployment Architecture Features Dynamic Multipoint VPN (DMVPN) Next Hop Resolution Protocol (NHRP) IPSec/IKE 2547oDMVPN MPBGP (Multiprotocol BGP) BGP BGP Route Reflector MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Network OSPF Support for Multi-VRF Multicast VPN (mVPN) QoS: LLQ, CBWFQ, MPLS QoS, WRED Source Specific Multicast (SSM) Multicast over NBMA Redundancy HSRP EIGRP Routing OSPF Routing
CVDI
CVDII X X X X X X X X X X X X X X X X
NO
X X
Table A-11
A-4
Appendix A
Table A-12
Inter-AS (MAN CORE connection) Deployment Architecture Inter-AS Multicast Inter-AS Unicast Redundancy OSPF BGP MPLS Multiprotocol Label Switching Multi-protocol BGP - MPLS VPN BGP interAS MVPN support MPLS VPN Load balancing support for InterAS & CSC InterAS support for MVPN MPLS VPN - Multi-Path support for Inter-AS VPNs MPLS VPN Inter-AS - IPv4 BGP Label Distribution
CVDI
CVDII X X X X X X X X X X X X
Table A-13
A-5
A-6
A P P E N D I X
Test
System Integration Test Suites
Defects
MPLSoL2: IP Baseline Test This test case covers IP infrastructure build up and test under MPLSoL2 solution model. The following will be covered: The 7200 hub router config 7200 Branch router config 3845 branch router config 2851 branch router config QoS config on all test platform Multicast config on all test platform Once MPLSoL2 baseline is up, data/voice/video traffic will be verified among branch and campus.
B-1
MPLSoL2: Branch to Campus Data Communication This test case covers data communications between branch and campus under MPLSoL2 solution model. Once MPLSoL2 baseline is up, data traffic will be verified between branch and campus. Test will focus on verifying: 1. Manually verify Data traffic between a Branch PC client to a campus server. 2. Verify QoS 3. Using test tool verify that data traffic between branch and campus meets the Service Level Requirements MPLSoL2: Branch to Branch Data Communication
Pass
Pass
Pass
Pass
This test case covers data communications between branch and branch under MPLSoL2 solution model. After the MPLSoL2 baseline is up, data traffic will be verified between branch and branch. Manually verify data traffic between a branch PC client to a PC server in another branch. MPLSoL2: Branch to Campus Voice Pass Communication This test case covers voice traffic verification between branch and campus. It includes both manual voice verification using Cisco IP phones and simulated IP phones using CallGen for automated testing. Test coverage includes verification of critical voice parameters like one-way latency, average one-way jitter, and packet loss using either IxChariot or IxLoad. The same tool will be used to send Voice call signaling traffic. MPLSoL2: Branch to Branch Voice Communication Pass This test case covers voice traffic verification between branch and branch. It includes both manual voice verification using Cisco IP phones and simulated IP phones using CallGen for automated testing. Test coverage includes verification of critical voice parameters like one-way latency, average one-way jitter, and packet loss using either IxChariot or IxLoad. The same tool will be used to send voice call signaling traffic.
Pass
Pass
B-2
Appendix B
MPLSoL2: Campus to Branch Video Communication The purpose of this test case is to verify video traffic in a VRF traversing between branch and campus that are connected to a single Multicast VPN (mVPN) enabled MPLS MAN cloud under MPLSoL2 solution. mVPN control plane verification on PE routers. Branch to campus multicast control plane verification over the mVPN MPLS MAN network. Manually verifying video reception using an IP TV viewer in branch receiving a multicast, unicast stream from IP TV server in campus network across mVPN MPLS MAN network.
Pass
Fail
CSCsj78913
Using test tool to verify that interactive video and streaming video meets the Service Level requirements. MPLSoL2: Branch-to-campus mixed traffic Pass This test case will set up and verify the MPLSoL2 solution with mixed traffic can successfully be sent from branch-to-campus. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the MPLSoL2 solution. Both real application (Cisco CCM/IP phone, IPTV server/clients) and simulated voice and video traffic from Ixia will be used. Essentially this test case is a combination of the data, voice, and video test cases to verify them can work together. MPLSoL2: Branch-to-Branch Mixed Traffic Pass This test case will set up and verify the MPLSoL2 solution with mixed traffic can successfully be sent from branch-to-branch. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the MPLSoL2 solution. Both real application (Cisco CCM/IP phone, IPTV server/clients) and simulated voice and video traffic from Ixia will be used. Essentially this test case is a combination of the data, voice, and video test cases to verify them can work together.
Fail
CSCsj78913
Pass
B-3
MPLSoL2: LDP Session Scale Between the Hub Pass Router and Branch PE This case tests the scalability on hub router. The hub router scalability decides the overall number of branch MPLSoL2 solution can support. The number of LDP sessions that it can support will affect the system performance and stability. MPLSoL2:BGP Peering Scale from Branch PE Pass This case covers scale test for BGP peering between branch PE and RR. Typically, there are large number of branches (up to the thousands) and with each one peering directly to the core RR. The number of BGP peering between branch PE and core RR will affect the number of branch MPLSoL2 solution can support. Negative Test Suite MPLSoL2: Link Failure Between the Hub and Pass Branch PE This case covers the branch PE router failure negative test. The branch PE router failure will bring down the branch connection to the hub. After coming back, the branch connection should be restored and traffic will be back to normal.. Pass MPLSoL2: The Hub Failure and Recover This case the hub router failure negative test. The hub failure will bring down all branch connection. After coming back, all branch connections should be restored and traffic will be back to normal. Passed with MPLSoL2:the branch PE router Failure and Exception recover This case link failure negative test. The link failures occur between the hub and each branch PE.
N/A
N/A
N/A
N/A
N/A N/A
N/A N/A
N/A
N/A
CSCsi44003
N/A
N/A
Defects
B-4
Appendix B
DMVPN per VRF Baseline This system integration test case is to set up and test the infrastructure for DMVPN per VRF enterprise solution. Control Plane verification. DMVPN Tunnel setup on VRF tunnel interfaces with and without encryption. VRF aware OSPF for IGP over dmvpn tunnel interfaces. Spoke to Spoke dynamic DMVPN tunnel creation.
Pass
Pass
C7200 and C7600 as the WAN hub, and c7200 and c2800/c3800 as the branch routers. DMVPN per VRF: Branch to Campus Data Pass Traffic Verification The purpose of this test case is to verify data traffic in a VRF traversing between DMVPN in a VRF Branch and Campus, which are connected to MPLS MAN cloud. The test will focus on verifying: 1. Manually verify Data traffic between a Branch PC client to a Campus Data center server. 2. Verify QoS 3. Using test tool verify that data traffic meets the Service Level Requirements DMVPN per VRF: Branch to Campus Video Pass with Traffic Verification Exception The purpose of this test case is to verify video traffic C7600 and c6500 in a VRF traversing between Branch and Campus does not support which are connected to a single Multicast VPN Multicast over (mVPN) enabled MPLS MAN cloud. DMVPN The test will focus on verifying: 1. mVPN control plane verification on PE routers 2. Branch to Campus Multicast control plane verification over the mVPN MPLS MAN network. 3. Manually verify Video reception using an IP TV viewer in Branch receiving a multicast, unicast stream from IP TV DMVPN per VRF: Branch-to-Campus Voice Pass Traffic Verification This test case covers voice traffic verification between DMVPN per VRF branch to campus over a MPLS MAN cloud. Manual voice verification using Cisco IP phones. Simulated IP_Phones using CallGen for automated testing.
Pass
Pass
Pass
B-5
DMVPN per VRF: Branch to Campus converged Pass with exception IP traffic verification C7600 and c6500 does not support The purpose of this test case is to verify simultaneous data, voice & Video traffic (converged Multicast over IP traffic) in a VRF traversing between DMVPN in DMVPN a VRF Branch and Campus, which are connected to MPLS MAN cloud. The test will focus on verifying: 1. Using test tool verify that data, voice, Video traffic meets the Service Level Requirements. 2. While the Traffic tools are sending traffic, Verify the data, voice & Video quality manually. DMVPN per VRF: Branch to Branch Data Pass Traffic Verification The purpose of this test case is to verify data traffic in a VRF traversing on a dynamic tunnel between DMVPN in a VRF Branch to another branch. The test will focus on verifying: 1. Manually verify Data traffic between a Branch PC client to another Branch PC client. 2. Verify QoS Branch to Branch Data path 3. Using test tool verify that data traffic meets the Service Level Requirements. DMVPN per VRF: Branch-to-Branch Voice Pass Traffic Verification This test case covers voice traffic verification between DMVPN per VRF branch to campus over a MPLS MAN cloud. Manual voice verification using Cisco IP Phones. Simulated IP_Phones using CallGen for automated testing. DMVPN per VRF: Branch to Branch converged Pass IP (data & Voice) traffic verification The purpose of this test case is to verify simultaneous data, and voice traffic (converged IP traffic) in a VRF traversing between DMVPN in a VRF branch and campus, which are connected to MPLS MAN cloud. Using test tool to verify that data, voice, video traffic meets the Service Level requirements. Scalability Test Suite DMVPN per VRF: Multiple Branches to Campus Fail Traffic verification. This test case is to Scale the DMVPN per vrf enterprise solution. Negative Test Suite
Pass
Pass
Pass
Pass
CSCek74416
N/A
N/A
N/A
N/A
B-6
Appendix B
Test Case Descriptions and Results B.3 2547oDMVPN (Hub as PE Role) Deployment Model
DMVPN per VRF: Hub Redundancy failover Pass This test case focuses on DMVPN Hub redundancy on the dual hub scenario. Will measure the impact of failover of the primary / active router in different roles. Measure the convergence time during a DMVPN tunnel switchover due to the primary hub failure. DMVPN per VRF: Hub Links Failures This test case is to measure the convergence time during link failure. DMVPN per VRF: Provisioning and un-provisioning This negative test case focuses on to measure the network impact during provisioning and un-provisioning.
Pass
N/A
N/A
Pass
N/A
N/A
Pass
N/A
N/A
Test System Integration Test Suites 2547oDMVPN (Hub in PE Role): Branch-to-Campus Baseline and Data Traffic This test case will set up and verify that the 2547oDMVPN (Hub used as a PE router) data traffic can be sent successfully between branch-to-campus. Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, and c7200 and c2800/c3800 will be tested as the branch routers.
Defects
B-7
Pass
Pass
This test case will setup and verify the 2547oDMVPN (Hub used as a PE router) voice traffic can be successfully sent between branch-to-campus. Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. Both real phone (CCM and Cisco IP Phone) and simulated voice traffic are used. 2547oDMVPN(PE) branch to campus video Pass traffic This test case will setup and verify the 2547oDMVPN (Hub used as a PE router) video traffic can be successfully sent between branch-to-campus. Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. Multicast and mVPN is the technology to transport the IPTV multicast streams. IPTV is used as a real application to verify the solution.
Pass
B-8
Appendix B
Test Case Descriptions and Results B.3 2547oDMVPN (Hub as PE Role) Deployment Model
Pass
Pass
This test case will setup and verify the 2547oDMVPN (Hub used as a PE router) mixed traffic can be successfully sent between branch-to-campus. Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. Both real application (Cisco CCM/IP phone, IPTV server/clients) and simulated voice/video traffic from Ixia will be used. Essentially this test case is a combination of the data/voice/video test cases to verify them can work together. 2547oDMVPN(PE) branch to branch data traffic Pass This test case will setup and verify the 2547oDMVPN (Hub used as a PE router) data traffic can be successfully sent between branch-to-branch. The branch-to-branch communication is done via hub as recommended in the design guide (EDCS-536219). Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers.
Pass
B-9
Pass
Pass
This test case will setup and verify the 2547oDMVPN (Hub used as a PE router) voice traffic can be successfully sent between branch-to-branch. Both the hub and the remote branch routers will be configured as PE routers in a PE-PE topology. The hub PE will also connect to the MPLS core in a PE-PE configure. Thus, the VPN defined in the large MPLS campus can be delivered to the branch via this solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. Both real phone (CCM and Cisco IP Phone) and simulated voice traffic are used. 2547oDMVPN (Hub in P role): branch-to-branch Pass mixed traffic This test case will setup and verify the 2547oDMVPN (Hub used as a P router) mixed traffic can successfully be sent between branch-to-branch. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. Both real application (Cisco CCM and IP phone) and simulated voice traffic from Ixia will be used. Essentially this test case is a combination of the data/voice test cases to verify them can work together.
Pass
Defects
B-10
Appendix B
Test Case Descriptions and Results B.4 2547oDMVPN (Hub as P Role) Deployment Model
Pass
Pass
This test case will setup and verify the 2547oDMVPN (Hub used as a P router) data traffic can successfully be sent between branch-to-campus. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. Hub 11 is the primary hub for all the branches. 2547oDMVPN (Hub in P role) branch-to-campus Pass Voice Traffic This test case will setup and verify the 2547oDMVPN (Hub used as a P router) voice traffic can successfully be sent between branch-to-campus. Both real phone (CCM and Cisco IP Phone) and simulated voice traffic are used. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. 2547oDMVPN(P) branch-to-campus video Pass traffic This test case will setup and verify the 2547oDMVPN (Hub used as a P router) video traffic can successfully be sent between branch-to-campus. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. Multicast and mVPN is the technology to transport the IPTV multicast streams. IPTV is used as a real application to verify the solution.
Pass
Pass
B-11
Pass
Pass
This test case will setup and verify the 2547oDMVPN (Hub used as a P router) mixed traffic can successfully be sent between branch-to-campus. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. Both real application (Cisco CCM/IP phone, IPTV server/clients) and simulated voice/video traffic from Ixia will be used. Essentially this test case is a combination of the data/voice/video test cases to verify them can work together. 2547oDMVPN(P) branch to branch data traffic Pass This test case covers data communications between branch and branch under MPLSoL2 solution model. Once MPLSoL2 baseline is up, data traffic will be verified between branch and branch. The test will focus on verifying: 1. Manually verify Data traffic between a Branch PC client to a PC server in another branch. 2.Verify QoS 3.Using test tool verify that data traffic between branch and branch meets the Service Level Requirements 2547oDMVPN (Hub in P role): branch-to-branch Pass Voice Traffic This test case will setup and verify the 2547oDMVPN (Hub used as a P router) voice traffic can successfully be sent between branch-to-branch. Both real phone (CCM and Cisco IP Phone) and simulated voice traffic are used. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration.
Pass
Pass
B-12
Appendix B
Test Case Descriptions and Results B.4 2547oDMVPN (Hub as P Role) Deployment Model
2547oDMVPN(P) branch to branch mixed traffic Pass This test case will setup and verify the 2547oDMVPN (Hub used as a P router) mixed traffic can successfully be sent between branch-to-branch. The remote branch routers will be configured as PE router so the VPN defined in the large MPLS campus can be delivered to the branch via the 2547oDMVPN solution. The DMVPN provided the flexible overlay model, plus the security the WAN solution needed. C7200 will be tested as the WAN hub, c7200 and c2800/c3800 will be tested as the branch routers. HA is also provided by the redundant WAN hubs (hub11 and hub12) configuration. Both real application (Cisco CCM and IP phone) and simulated voice traffic from Ixia will be used. Essentially this test case is a combination of the data/voice test cases to verify them can work together. Scalability Test Suite 2547oDMVPN (Hub in P role) Hub Scalability Pass This test case will setup and verify the scalability of the 2547oDMVPN (Hub used as a P router) network. The network topology remains the same as described in the test case WM2-2547oDMVPN-SI-001-0001. Negative Test Suite 2547oDMVPN (Hub in P role): Failover Test Fail This test case will verify the network resiliency of a dual hub 2547oDMVPN (Hub used as a P router) topology when the primary hub or link goes down. The interruption of the traffic should be within the expected range. The same network topology and setup described in test case WM2-2547oDMVPN-NE-007-0001 will be used here. 2547oDMVPN(hub in P role): Hardware and Fail Control Plane Failure ) This test case will verify the network resiliency of a dual hub 2547oDMVPN (Hub used as a P router) topology when the primary hub or link goes down. The interruption of the traffic should be within the expected range. The same network topology and setup described in test case WM2-2547oDMVPN-NE-007-0001 will be used here.
Pass
CSCsi79767
N/A
N/A
N/A N/A
N/A N/A
CSCsi49487
N/A
N/A
B-13
Test System Integration Test Suites Inter-AS : ASBR to ASBR with MP-eBGP: Baseline Test
Defects
This test case will include all the configuration steps for the Inter-AS multihop eBGP option. A basic verification of all the features once they are configured is also part of the test case. Finally, an End-to-End connectivity test (from CE to CE) to verify the basic ip connection within a single VRF traversing across two MAN clouds. Inter-AS: ASBR to ASBR with MP-eBGP: Data Pass Traffic Verification This test case will verify communication between two PC clients across the two MAN clouds. The second part of the test case uses a traffic generator to send various data types to check QoS functionality across the MAN clouds. The following areas will be covered in this test case: Section A: PC/Linux Client Data traffic verification from MAN1 to MAN2 cloud Section B: QoS Data Traffic verification using State-full traffic generator Inter-AS: ASBR to ASBR with MP-eBGP: Voice Pass Verification This test case covers voice traffic verification across two MAN clouds. It includes manual voice verification using Cisco IP Phones. Test coverage includes verification of critical voice parameters like one-way latency, average one-way jitter and packet loss using either IxChariot or IxLoad. The same tool will be used to send Voice call signaling traffic.
Pass
Pass
B-14
Appendix B
Inter-AS : ASBR to ASBR with MP-eBGP: Video Pass Traffic Verification The purpose of this test case is to verify video traffic in a VRF traversing between two MAN clouds Test will focus on verifying: mVPN control plane verification over the Inter-AS links MAN1 to MAN2 Multicast control plane verification Manually verify Video reception using an IP TV viewer in MAN1 Campus receiving a multicast Verify unicast stream from IPTV server in Campus network across mVPN MPLS MAN Network. Using test tool verify that interactive Video and streaming video meets the Service Level Requirements. Inter-AS: ASBR to ASBR with MP-eBGP, Mixed Pass Traffic Test (Data, Voice and Video) This test case covers a mixture of all the data types running at the same type - Voice, video and Data traffic. The goal is to make sure that this specific data path can handle all 3 traffic types at the same time. Negative Test Suite Inter-AS: ASBR to ASBR with MP-eBGP, ASBR Pass Interface Failure The test case will test how the system reacts when one of the ASBR links to the SP core fails. There is a certain amount of "background" traffic that will load the system. The data traffic will be a mixture of simulated data streams that will load the ASBR's at approximate 50-60 % CPU and/or a link utilization of 50% of OC48 link. Inter-AS: ASBR to ASBR with MP-eBGP, ASBR Pass Reboot The test case will test how the system reacts when one of the ASBR reboots. There is a certain amount of "background" traffic that will load the system. The data traffic will be a mixture of simulated data streams that will load the ASBR's at approximate 50-60 % CPU and a link utilization of 50% of OC48 link.
Pass
Pass
N/A N/A
N/A N/A
N/A
N/A
B-15
Inter-AS: ASBR to ASBR with MP-eBGP, Clear BGP Routing Table The test case will test how the system reacts when BGP routing tables are cleared from one of the ASBRs. There is a certain amount of "background" traffic that will load the system. The data traffic will be a mixture of simulated data streams that will load the ASBRs at approximate 50-60 % CPU and a link utilization of 50% of OC48 link.
Pass
N/A
N/A
B-16
A P P E N D I X
Defects
Revised: October 23, 2007
C.1 CSCsi44003
MTU command disappear after reload Symptom: CLI (command line interface) "mtu 1508" under a subinterface disappears after a router reload. As a result, OSPF neighbor adjacency is not re-established due to MTU mismatch. Severity: Moderate Conditions: Cisco C3845 with VWIC-2MFT-T1-DI acting as a PE router in an MPLSoL2 deployment scenario. This failure does not occur on the same router with VWIC2-2MFT-T1/E1 Workaround: Use other T1 interface cards other than VWIC-2MFT-T1-DI Status: Active, ETA 9/7/07
C.2 CSCsj78913
Multicast VPN route flapping under traffic load Symptom: Multicast VPN route flap on a C2851 router Severity: Severe Conditions: Cisco 2851 router under a continuous multicast traffic. C2851 is acting as a PE router (Branch) in an MPLSoL2 WAN deployment scenario and with multicast VPN enabled. The problem is not observed in a C7200 that is also configured as a Branch PE router. Workaround: None
C-1
Defects
Status: Unreproducible
C.3 CSCek74416
DMVPN spoke crashed at crypto_ipsec_profile_map_val Symptom: One of the DMVPN spokes (C3845) experienced a software crash causing a router reload Severity: Severe Conditions: C3845 using 12.4(11)T1, although found originally using C3845, this defect is considered to affect any of the DMVPN spokes (ISR's and C7200). Large Scale DMVPN scalability testing with C7200 WAN hubs and 3 spokes (C3845, C2851 and c7200). Additonal DMVPN spokes are simulated making a total of 500 spokes. Workaround: None Status: Duplicate of CSCd73250, fix integrated in 12.4(16.13)T
C.4 CSCsi50615
In 2547oDMVPN, OSPF does not run on DMVPN IPSec Tunnel after reload hub Symptom: Failure to restore OSPF neighbor adjacency after a redundant hub reload Severity: Severe Conditions: In a 2547oDMVPN deployment scenario where there are two redundant hubs. OSPF and LDP configured to run over DMVPN Workaround: In each spoke, enable and disable Ipsec in all the tunnels Status: Junk This is due to misconfiguration, the second tunnel does not come up because the mGRE spokes needs to have unique tunnel keys.
C.5 CSCsi49487
2547oDMVPN: MDT BGP Peers can not be restored back after reload Hub
C-2
Appendix C
Symptom: When reloading DMVPN hub router, mVPN (multicast VPN) can not be restored back. Multicast streams can not flow from campus to branches. Severity: Severe Conditions: In 2547oDMVPN, Hub is configured as P role. LDP is running over DMVPN tunnel. mVPN is enabled in MPLS core. Workaround: "clear ip bgp vrf <vrf_name>" on campus PE's Status: Active
C.6 CSCsi79767
NHRP network-ids can be different Symptom: Misleading use of network-id for NHRP configuration. This is only a documentation problem. Severity: Moderate Conditions: 2547oDMVPN with Hub acting as a P router. Workaround: None Status: New
C-3
Defects
C-4
A P P E N D I X
System Integration has two major components, feature combination and feature interaction. Feature combination focuses on testing a feature when various combinations of other features are enabled. Feature interaction test were conducted to verify dependencies between features.
Scalability Scalability testing measures the limit of a particular variable when all others are constant in a system level environment. For example, the number of routing entries that the system can support or number of OSPF neighbors.
Negative Negative testing concerns error handling and robustness. Erroneous inputs can be applied at the system level to verify behavior agains error handling specifications. Unspecified inputs or conditions, including fault injection, can be applied to asses the system level robustness. Redundancy Testing is placed under the negative test suite and it primarily pertains to testing network availability, e.g. validation of redundant WAN links.
Reliability System reliability is the probability that the system will work without failure for a specified period of time.
D-1
Appendix D
D-2