IOS-XR TRAINING

Handoko Baguswasito
5 September 2016
ABOUT THE SPEAKERS

Handoko Baguswasito
<handoko.baguswasito@sisindokom.com>
Current Position: Network Engineer
CCIE#43221 (SP), RHCSA on RHEL 7, VCP-NV on VMware
vSphere 6.0
ABOUT THE SPEAKERS

Ary Rahmadian <ary.thala@sisindokom.com>

Current Position: Network Engineer
CCIE#38344 (RS & SP), VCP-NV on VMware vSphere 6.0
LEARNER INTRODUCTIONS
Your name
Your company
Job responsibilities
Skills and knowledge
Brief history
Expectation
BACKGROUND

Most of the HW platform already reach EOL

Platform

Logical MPLS AS# violate RFC 7300

ASN
 Day 1: IOS XR Introduction

Day 2: Routing Protocol OSPF

AGENDA Day 3: Routing Protocol BGP

Day 4: MPLS Introduction

Day 5: MPLS Services

IOS XR OVERVIEW
IOS XR ROUTERS
ASR 9000 CHASSIS OVERVIEW
ASR 9001 CHASSIS
INSIDE A ROUTER
PROCESSING PERFORMANCE VS. FLEXIBILITY
CPU (Central Processing Unit)
multi-purpose (CISC, RISC)
high s/w flexibility [weeks]
low performance [under 1 Mpps]

ASIC (Application Specific Integrated Circuit)

single-purpose hard-wired functionality
low engineering flexibility [2 years]
high performance [over 100 Mpps today]
usage example : switches (Catalysts), core routers

NP (Network Processor)
performance + proframmability, scalability, paralelism
moderate s/w flexibility [months]
moderate performance [4 Mpps - 40 Mpps+]
can be expensive, can be power-hungry
level of proframmability - u-code space, C-code
usage: fast feature-rich edge and aggregation
MEMORY TYPES

Two basic memory technologies are in use today :

Static RAM (SRAM, SSRAM)
Dynamic RAM (DRAM, EDO DRAM, SDRAM, DDR)

SRAM DRAM
High Power Low Power
High Speed Low Speed
[10 20 ns] [40 60 ns]
Low Density High Density
[eg. 16M per chip] [eg. 1G per chip]
INTERCONNECT
Bus
Half-duplex, shared medium
For example PCI [800 Mbps to 25 Gbps+ today]
Simple and cheap
Serial Lane
Dedicated, unidirectional or full-duplex line
For example SPI 4.2 [11.2 Gbps+ today]
Switching Fabric
Non-blocking, full-duplex, any-to-any
For example GSR, CSR [40 Gbps to 10.24 Tbps+ today]
WHAT IS A SWITCHING FABRIC?
Like a telephony exchange
BASIC TERMINOLOGY
Data Plane vs Control Plane

CPU DRAM Control Plane

- Control (OSPF, BGP, LDP, NTP,
FLASH, NVRAM Proccess Level Process Region Keepalives,...)
- Management (Telnet, SSH,
CON, AUX Control Packet SNMP,...)

Interrupt Level I/O Region Data Plane

Data Packet

Interface Interface

Data Plane (Fast Path) Packets forwarded by the router

Control Plane Packets for the router brain punted from the fast path
BASIC TERMINOLOGY
Software vs. Hardware Router

CPU DRAM
Control Packet
Control Plane
- Control (OSPF, BGP, LDP, NTP,
Keepalives,...)
FLASH, NVRAM - Management (Telnet, SSH,
Data Packet
CON, AUX IOS SNMP,...)

ASIC Packet DRAM Data Plane

Data Packet

Interface Interface

Data Plane (Fast Path) Packets forwarded by the router

Control Plane Packets for the router brain punted from the fast path
CISCO ASR 9000 SYSTEM ARCHITECTURE
ASR9000 SWITCH FABRIC OVERVIEW
1ST/2ND GEN FABRIC & LINECARD COMPATIBILITY
1ST/2ND GEN FABRIC & LINECARD COMPATIBILITY
CONTROL PROCESSORS (RP AND RSP)
ASR 9000 ETHERNET LINE CARD OVERVIEW
GENERIC LINECARD ARCHITECTURE - COMPONENTS
NETWORK PROCESSOR ARCHITECTURE DETAILS
ASR9001 ARCHITECTURE
Carrier Class, Scalable System Architecture

CISCO IOS-XR OVERVIEW

 EVOLUTION OF ROUTER OS
IOS
Monolithic Kernel
Run to Completion Scheduler
Centralized Infrastructure
Centralized application
Everything has hardware access
IOS XR
Micro Kernel
Preemptive Multitasking
Distributed Infrastructure
Distributed applications
Limited access to hardware
CARRIER CLASS OS IOS XR
PROTECTED MEMORY SPACE FOR PROCESSES
PROCESS RESTARTABILITY
PROCESS RESTARTABILITY(CONT.)
IOS XR - SECURITY
IOS XR PROTECT AGAINST DOS ATTACK
LOCAL PACKET TRANSPORT SERVICES (LPTS)

LPTS is transparent and automatic

LPTS acts as an dynamic internal firewall to protects router resources
Rules are dynamically built based upon control plane flows
Packet forwarding executed in HW
No impact on line card CPU
Traffic can be rate limited by hardware
IOS XR COMMAND LINE
CLI MODES
CONFIGURATION KEY CONCEPTS

Two Stage Commit

Config History Database
Rollback
Atomic vs. Best Effort
Multiple Config Sessions
TWO STAGE COMMIT Hostname Router
!
Active Router static
address-family ipv4 unicast
Configuration 0.0.0.0/0 1.2.3.4
before commit 8.8.8.8/32 11.22.33.44

Hostname Router
Enter Proposed Active !
Interface gig 0/1/0/1
Changes Configuration ipv4 address 9.9.9.9/24
After commit !
Router ospf 100
interface gig 0/1/0/1 area 0
ipv4 address 9.9.9.9/24 interface gig 0/1/0/1
router ospf 100 area 1
area 0
Commit interface gig 0/4/0/0
interface gig 0/1/0/1 Changes Take Effect !
Router static
area 1
interface pos 0/4/0/0 address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
8.8.8.8/32 11.22.33.44
Target Configuration
TWO STAGE COMMIT Hostname Router
!
Active Router static
address-family ipv4 unicast
Configuration 0.0.0.0/0 1.2.3.4
before commit 8.8.8.8/32 11.22.33.44

Hostname Router
Syntax Check after Active !
Interface gig 0/1/0/1
each line Configuration ipv4 address 9.9.9.9/24
After commit !
Router ospf 100
interface gig 0/1/0/1 area 0
ipv4 address 9.9.9.9/24 interface gig 0/1/0/1
area 1
router ospf 100
area 0
Semantic Check interface gig 0/4/0/0
interface gig 0/1/0/1 during commit !
Router static
area 1
interface pos 0/4/0/0 address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
8.8.8.8/32 11.22.33.44
Target Configuration
COMMIT ATOMIC DEFAULT COMMIT
Hostname Router
!
Active Router static
Configuration address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
before commit 8.8.8.8/32 11.22.33.44

Hostname Router
Syntax Check Active !
after each line Configuration Router static
address-family ipv4 unicast
PASSES After commit 0.0.0.0/0 1.2.3.4
No Change 8.8.8.8/32 11.22.33.44

interface gig 0/1/0/1

ipv4 address 9.9.9.9/24 Semantic Check
Taskgroup bgp during commit
task read bgp FAILS STOP
task write bgp
BGP cannot be
taskgroup name
Target Configuration
SEMANTIC ERRORS (EXAMPLE)
COMMIT BEST EFFORT
Hostname Router
!
Active Router static
Configuration address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
before commit 8.8.8.8/32 11.22.33.44

Syntax Check Active

after each line Configuration
PASSES After commit Hostname Router
!
Partial Commit Interface gig 0/1/0/1
ipv4 address 9.9.9.9/24
interface gig 0/1/0/1 !
ipv4 address 9.9.9.9/24 Semantic Check Router static
Taskgroup bgp during commit address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
task read bgp FAILS 8.8.8.8/32 11.22.33.44
task write bgp
BGP cannot be
taskgroup name
Target Configuration
COMMIT HISTORY AND LABELS
Hostname Router
Commit History !
Router static
Hostname Router #1 address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
Router static 8.8.8.8/32 11.22.33.44
address-family ipv4 unicast
0.0.0.0/0 1.2.3.4 #2
8.8.8.8/32 11.22.33.44
interface gig 0/1/0/1 Hostname Router
Enter Proposed ipv4 address 9.9.9.9/24 !
router ospf 100 Interface gig 0/1/0/1
Changes area 0 #3 ipv4 address 9.9.9.9/24
interface gig 0/1/0/1 !
area 1 Router ospf 100
interface gig 0/1/0/1 interface pos 0/4/0/0 area 0
ipv4 address 9.9.9.9/24 interface gig 0/1/0/1
router ospf 100 area 1
area 0 interface gig 0/4/0/0
interface gig 0/1/0/1 !
area 1 Router static
interface pos 0/4/0/0 Commit address-family ipv4 unicast
0.0.0.0/0 1.2.3.4
8.8.8.8/32 11.22.33.44
Target Configuration
OTHER COMMIT / CONFIG OPTIONS
Commit confirmed
Automatic rollback if not confirm
Commit replace
Replaces active config with target (WARNING)
Commit label
Adds label which can be used to reference commit
Commit comment
Adds a comment (cannot be referenced)
Clear
Clear target config, go to top level, stay in config mode
Abort
Clear target config mode, exit config mode
ROLLBACK COMMAND

Rollback a specific commit

Load rollback changes BGP_Change
Rollback to previous commit
Load rollback changes to BGP_Change
Rollback last x commit
Load rollback changes last 2
Load changes from last 2 commit
Load commit changes last 2
ROLLBACK COMMAND (EXAMPLE)
AUTHORIZATION COMMAND
COMMAND AUTHORIZATION KEY CONCEPTS

Task
Task Groups
User Groups
Inheritance
On-Box vs. TACACS/RADIUS
TASKS

Building blocks for on-box authorization scheme

4 types of permissions per task
Read
Write
Execute
Debug
TASK AND USER GROUPS EXAMPLE
taskgroup basic-admin
task read acl
task read bfd
task read bgp
task write acl
task write bfd
task write bgp
task debug bgp
usergroup noc-staff
taskgroup operator
taskgroup basic-admin
inherit usergroup all-users
!
usergroup allusers
taskgroup basic-stuff
ON-BOX VS OFF-BOX AUTHORIZATION

On-box authorization must use task model

Off-box authorization with radius/tacacs
Can configure per-command authorization
SOFTWARE INSTALATION
SOFTWARE INSTALL TERMINOLOGY

MINI ?

Package ?
PIE ?

SMU ?
PACKAGES BUNDLES OF SOFTWARE

Optional

Mandatory
MINI BUNDLE OF MANDATORY PACKAGES

Composite image with mandatory packages

Two types - .vm and .pie (both approx 80MB)
Multiple uses
Quickly run an image without installing it (.vm)
Initial install of IOS XR on 12000 series (.vm)
Recovery if system is corrupted (.vm)
Major/Maintenance upgrade (.pie)
PIE PACKAGE INSTALLATION ENVELOPE
PIEs are a delivery mechanism for packages
Used to deliver
Major releas New functionality (3.3, 3.4, 3.5)
Maintenance release SW fixes (3.3.1, 3.3.2)
SMU Fix for a specific bug
Includes authentication info
Installed from admin or SDR exec mode
Self study students check speaker notes
.vm files are the other delivery mechanism
.vm files are bootable images
Used as the initial install for GSR migration
RELEASE DELIVERABLES

From CCO CRS-1-iosxr-3.5.0.tar

Which includes
Unicast Routing composite PIE (aka mini)
Routing, LC, Forwarding, Admin, Base, MBI (mini boot
image)
Optional PIEs
Manageability
MPLS
Multicast
Security
RELEASE DELIVERABLES
EFT & BETA RELWASE NUMBERING

IOS XR numbers releases differently than IOS

Internal & Beta builds are Higher than released build
Last part is reset to 0 for the major release (FCS)
EFT BETA FCS Maintenance
Releases Releases Version Releases
3.0.9x 3.0.0 3.0.1
3.1.9x 3.1.0 3.1.1
3.2.8x 3.2.9x 3.2.0 3.2.1, 3.2.2
3.3.8x 3.3.9x 3.3.0 3.3.1, 3.3.2
SMU DELIVERY

SMU is named by release and bugid

Usually 50-200kb PIE file
Examples
hfr-rout-3.2.2.CSCei63263.pie
hfr-base-3.2.2.CSCeh52427.pie
PIE INSTALLATION CONCEPTS

PIE install used once system is operational

Packages can be added or upgraded
System performs sanity checks
Install from SDR Exec or Admin mode
Install from SDR impacts just than SDR
3 phase install
Add copy package and unpack
Active Restart processes/nodes with new code
Commit lock activated packages through reload
INSTALL ADD COMMAND
INSTALL ACTIVATE COMMAND
INSTALL COMMIT COMMAND
DEACTIVATING PACKAGES
ANY QUESTION
THANK YOU