OG For Multi-Service Control Gateway NE Management - (V100R002C01 - 03)

iManager U2000 Unified Network Management System V100R002C01
Operation Guide for Multi-service Control Gateway NE Management

Issue Date 03 2010-11-19
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Issue 03 (2010-11-19)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
iManager U2000 Unified Network Management System Operation Guide for Multi-service Control Gateway NE Management
About This Document
About This Document

Related Versions
The following table lists the product versions related to this document. Product Name iManager U2000 Version V100R002C01
Intended Audience
This document describes the functions of and the operation procedures, steps, and precautions for the iManager U2000 Multi-service Control Gateway NE Explorer. This document helps you to understand how to use the iManager U2000 Multi-service Control Gateway NE Explorer to manage multi-service control gateways. This document is intended for: l l l l l Installation and Commissioning Engineer Network Monitoring Engineer Data Configuration Engineer NM Administrator System Maintenance Engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury.
Issue 03 (2010-11-19)
iii
About This Document
Symbol
Description Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
WARNING
CAUTION
TIP
NOTE
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.
[ x | y | ... ]*
GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention Boldface Description Buttons, menus, parameters, tabs, window, and dialog titles are in boldface. For example, click OK.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-11-19)
iv
About This Document
Convention >
Description Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.
Changes in Issue 03 (2010-11-19) Based on Product Version V100R002C01

The third release has the following changes: Chapter 1 Setting Telnet/STelnet Parameters Some descriptions are modified.

The second release has the following changes: Chapter 9 LLDP Management Some descriptions are modified.

Initial release.

Initial release.

The third commercial release has the following updates: Chapter 1 Setting Telnet/STelnet Parameters The GUI and shortcut menus are changed.

The second release has the following changes: Chapter 16 Diagnosis Management The graphs are changed.
Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
About This Document

Initial release.
vi
Issue 03 (2010-11-19)
Contents
Contents
About This Document...................................................................................................................iii 1 Setting Telnet/STelnet Parameters.........................................................................................1-1
1.1 Configuring a Telnet/STelnet Parameter Template.........................................................................................1-2 1.2 Setting Telnet/STelnet Parameters with a Template.......................................................................................1-2 1.3 Manually Modifying Equipment Telnet/STelnet Parameters.........................................................................1-3
2 Managing Devices......................................................................................................................2-1
2.1 Viewing System Information..........................................................................................................................2-2 2.2 Setting the IP Address of an NE......................................................................................................................2-2 2.3 NE Panel Management....................................................................................................................................2-3 2.3.1 Viewing the NE Panel............................................................................................................................2-3 2.3.2 Resetting a Card.....................................................................................................................................2-4 2.4 Refreshing Board Information........................................................................................................................2-5 2.5 Managing Abnormal Resources......................................................................................................................2-6 2.5.1 Viewing Abnormal Resources...............................................................................................................2-6 2.5.2 Viewing Dependency Between Abnormal Resources............................................................................2-6 2.5.3 Exporting Abnormal Resources.............................................................................................................2-7
3 Interface Management...............................................................................................................3-1
3.1 Interface Management Overview....................................................................................................................3-4 3.1.1 Interface Management Functions...........................................................................................................3-4 3.1.2 Basic Concepts.......................................................................................................................................3-4 3.2 General Interface Configuration......................................................................................................................3-8 3.2.1 Configuring Interface Information.........................................................................................................3-8 3.2.2 Enabling and Disabling an Interface....................................................................................................3-10 3.2.3 Enabling and Disabling IPv6 on an Interface.......................................................................................3-10 3.2.4 Monitoring the Real-Time Performance of Interfaces.........................................................................3-11 3.3 Configuring an Ethernet Interface.................................................................................................................3-12 3.4 Creating an Ethernet Subinterface.................................................................................................................3-13 3.5 Configuring a POS Interface.........................................................................................................................3-14 3.6 Creating an Eth-Trunk Interface....................................................................................................................3-15 3.7 Creating an Eth-Trunk Subinterface..............................................................................................................3-17 3.8 Creating an IP-Trunk Interface......................................................................................................................3-18 3.9 Configuring an ATM Interface.....................................................................................................................3-19 Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii
Contents
3.10 Creating an ATM Subinterface...................................................................................................................3-20 3.11 Creating a Tunnel Interface.........................................................................................................................3-21 3.12 Creating a VE Interface...............................................................................................................................3-21 3.13 Creating a VE Subinterface.........................................................................................................................3-22 3.14 Creating a Loopback Interface....................................................................................................................3-23 3.15 Creating a VT Interface...............................................................................................................................3-24
4 NE Channel Management........................................................................................................4-1
4.1 Overview of NE Channel Management..........................................................................................................4-2 4.1.1 Functions of NE Channel Management.................................................................................................4-2 4.1.2 Concepts.................................................................................................................................................4-2 4.2 Configuring the VTY Service.........................................................................................................................4-3 4.3 Configuring the Status of the FTP Server.......................................................................................................4-4 4.4 Configuring the Syslog Service.......................................................................................................................4-4 4.4.1 Configuring the Syslog Source Interface...............................................................................................4-5 4.4.2 Creating the Log Host............................................................................................................................4-5 4.4.3 Configuring the Advanced Attributes of the Syslog Service.................................................................4-6 4.5 Configuring the Trap Service..........................................................................................................................4-6 4.5.1 Configuring the Alarm Source Interface................................................................................................4-6 4.5.2 Creating a Trap Receiving Host.............................................................................................................4-7 4.5.3 Configuring the Module for Sending Traps...........................................................................................4-8 4.5.4 Configuring the Advanced Attributes of the Trap Service.....................................................................4-9
5 ACL Management......................................................................................................................5-1
5.1 ACL Management Overview..........................................................................................................................5-2 5.1.1 ACL Management Functions.................................................................................................................5-2 5.1.2 Basic Concepts.......................................................................................................................................5-2 5.2 Process of Configuring an ACL Service.........................................................................................................5-4 5.3 Configuring a Time Range..............................................................................................................................5-5 5.3.1 Creating a Time Range...........................................................................................................................5-5 5.3.2 Creating an Absolute Time Range.........................................................................................................5-6 5.3.3 Creating a Periodic Time Range............................................................................................................5-7 5.4 Creating an ACL Group..................................................................................................................................5-7 5.5 Configuring ACL Rules..................................................................................................................................5-8 5.5.1 Creating a Basic Rule.............................................................................................................................5-9 5.5.2 Creating an Interface Rule....................................................................................................................5-10 5.5.3 Creating an Advanced Rule..................................................................................................................5-10 5.5.4 Creating a User Group Rule.................................................................................................................5-11 5.5.5 Creating a Simple Rule........................................................................................................................5-12 5.5.6 Creating an Ethernet Frame Rule.........................................................................................................5-13 5.6 Example for Configuring an ACL Service....................................................................................................5-14
6 Ethernet OAM Management....................................................................................................6-1

6.1 Ethernet OAM Management Overview..........................................................................................................6-2 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-11-19)
Contents
6.1.1 Ethernet OAM Management Functions.................................................................................................6-2 6.1.2 802.1ag OAM Concepts.........................................................................................................................6-3 6.1.3 Test Diagnosis Concepts........................................................................................................................6-6 6.2 Processes of Configuring the Ethernet OAM..................................................................................................6-7 6.3 Configuring Ethernet OAM Globally............................................................................................................. 6-9 6.4 Configuring 802.1ag OAM...........................................................................................................................6-10 6.4.1 Creating an MD....................................................................................................................................6-10 6.4.2 Creating an MA....................................................................................................................................6-11 6.4.3 Creating a Local MEP..........................................................................................................................6-11 6.4.4 Creating a Remote MEP.......................................................................................................................6-12 6.4.5 Configuring the MIP Creation Policy on a Specified Interface...........................................................6-13 6.5 Configuring 802.3ah OAM...........................................................................................................................6-14 6.5.1 Setting Port Parameters........................................................................................................................6-14 6.5.2 Synchronizing the OAM Session.........................................................................................................6-15 6.5.3 Performing a Loopback Test................................................................................................................6-16 6.6 Configuring Test Diagnosis..........................................................................................................................6-17 6.6.1 Creating or Running a Diagnosis Task Based on 802.1ag...................................................................6-17 6.6.2 Creating a General Test Diagnosis Task..............................................................................................6-18
7 Route Management....................................................................................................................7-1
7.1 Route Management Overview.........................................................................................................................7-2 7.1.1 Functions of Route Management........................................................................................................... 7-2 7.1.2 Basic Concepts.......................................................................................................................................7-2 7.2 Viewing Routing Information.........................................................................................................................7-5 7.3 Creating a Static Route....................................................................................................................................7-6 7.4 Creating a BGP Route.....................................................................................................................................7-7 7.4.1 Configuring Basic Information About BGP...........................................................................................7-8 7.4.2 Creating a BGP Peer Group...................................................................................................................7-8 7.4.3 Creating a BGP Peer............................................................................................................................7-10 7.4.4 Importing an External Route................................................................................................................7-12 7.4.5 Distributing a Route.............................................................................................................................7-12 7.4.6 Creating a VPN Instance Address Family............................................................................................7-13 7.4.7 Setting a VPN IPv4 Address Family....................................................................................................7-13 7.4.8 Creating a VPLS Address Family........................................................................................................7-14 7.5 Creating an OSPF Route...............................................................................................................................7-15 7.5.1 Creating an OSPF Process....................................................................................................................7-15 7.5.2 Creating an OSPF Interface..................................................................................................................7-16 7.6 Creating an IS-IS Route................................................................................................................................7-17 7.6.1 Creating an IS-IS Process.....................................................................................................................7-17 7.6.2 Creating an IS-IS Interface...................................................................................................................7-18 7.7 Creating a Routing Policy.............................................................................................................................7-19 7.8 Viewing Running Information......................................................................................................................7-19 7.8.1 Viewing the Running Information About a BGP Peer Group.............................................................7-20 Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix
Contents
iManager U2000 Unified Network Management System Operation Guide for Multi-service Control Gateway NE Management 7.8.2 Viewing the Running Information About a BGP Peer.........................................................................7-20 7.8.3 Viewing OSPF Running Information...................................................................................................7-21 7.8.4 Viewing IS-IS Running Information....................................................................................................7-23
8 MPLS Management...................................................................................................................8-1
8.1 MPLS Management Overview........................................................................................................................8-2 8.1.1 MPLS Management Functions...............................................................................................................8-2 8.1.2 Basic Concepts.......................................................................................................................................8-2 8.2 Configuring MPLS and MPLS TE..................................................................................................................8-4 8.2.1 Configuring MPLS on the NE................................................................................................................8-4 8.2.2 Configuring MPLS TE on the NE..........................................................................................................8-5 8.2.3 Configuring MPLS and MPLS TE on an Interface................................................................................8-7 8.3 Creating a Static LSP Segment.....................................................................................................................8-11 8.4 Configuring a Tunnel....................................................................................................................................8-12 8.4.1 Adding a Tunnel...................................................................................................................................8-12 8.4.2 Creating an Explicit Path......................................................................................................................8-14 8.5 Configuring MPLS OAM Detection.............................................................................................................8-16 8.5.1 Configuring MPLS OAM Ingress Detection.......................................................................................8-16 8.5.2 Configuring MPLS OAM Egress Detection........................................................................................8-17 8.5.3 Starting and Stopping MPLS OAM Detection.....................................................................................8-18 8.6 Creating a Protection Group..........................................................................................................................8-19 8.7 Counting LSPs...............................................................................................................................................8-20 8.8 Viewing a Label FIB.....................................................................................................................................8-20 8.9 Maintaining an MPLS Service......................................................................................................................8-21 8.9.1 Auditing the Tunnel Status...................................................................................................................8-21 8.9.2 Auditing Tunnel Connectivity..............................................................................................................8-22 8.9.3 Resetting a Tunnel Service...................................................................................................................8-22 8.9.4 Switching a Protection Group..............................................................................................................8-23
9 LLDP Management....................................................................................................................9-1
9.1 LLDP Management Overview........................................................................................................................9-2 9.1.1 LLDP Management Functions...............................................................................................................9-2 9.1.2 Basic Concepts.......................................................................................................................................9-2 9.2 Configuring an LLDP Service.........................................................................................................................9-2 9.2.1 Setting Parameters on the Equipment....................................................................................................9-3 9.2.2 Configuring LLDP Globally..................................................................................................................9-4 9.2.3 Configuring LLDP on Interfaces............................................................................................................9-5 9.3 Synchronizing LLDP Neighbor Information..................................................................................................9-5
10 VRRP Management...............................................................................................................10-1
10.1 VRRP Management Overview....................................................................................................................10-2 10.1.1 VRRP Management Functions...........................................................................................................10-2 10.1.2 Basic Concepts...................................................................................................................................10-2 10.2 Configuring Global VRRP Attributes.........................................................................................................10-3 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-11-19)
Contents
10.3 Configuring VRRP......................................................................................................................................10-4 10.3.1 Creating a VR.....................................................................................................................................10-5 10.3.2 Configuring the Global Attributes of an Interface.............................................................................10-5 10.3.3 Creating VRRP Tracking for a BFD Session.....................................................................................10-6 10.3.4 Creating VRRP Tracking for an Interface..........................................................................................10-7 10.3.5 Creating VRRP Tracking for an Ethernet OAM Interface.................................................................10-8 10.3.6 Binding a Service VR.........................................................................................................................10-9 10.3.7 Creating Interface Tracking Performed by the Management VR......................................................10-9 10.4 Configuring VGMP...................................................................................................................................10-10 10.4.1 Enabling and Disabling VGMP........................................................................................................10-10 10.4.2 Creating VGMP Configuration........................................................................................................10-11 10.4.3 Creating a VGMP Member..............................................................................................................10-12 10.4.4 Creating VGMP Tracking for a BFD Session..................................................................................10-13 10.4.5 Enabling and Disabling the Average VRRP Running Priority........................................................10-13
11 BFD Management...................................................................................................................11-1
11.1 BFD Management Overview......................................................................................................................11-2 11.1.1 BFD Management Functions.............................................................................................................11-2 11.1.2 Basic Concepts...................................................................................................................................11-2 11.2 Configuring Global BFD Attributes............................................................................................................11-3 11.3 Configuring Service Detection....................................................................................................................11-4 11.3.1 Enabling and Disabling the Administrative Status............................................................................11-5 11.3.2 Configuring Link Detection...............................................................................................................11-5 11.3.3 Configuring MPLS TE Detection......................................................................................................11-6 11.3.4 Configuring VRF Detection...............................................................................................................11-7 11.3.5 Configuring PW Detection.................................................................................................................11-8
12 QoS Management...................................................................................................................12-1
12.1 QoS Management Overview.......................................................................................................................12-2 12.1.1 Functions of QoS Management..........................................................................................................12-2 12.1.2 CBQoS...............................................................................................................................................12-2 12.1.3 HQoS..................................................................................................................................................12-4 12.1.4 Interface QoS......................................................................................................................................12-5 12.1.5 Other QoS Functions..........................................................................................................................12-7 12.2 Configuring CBQoS....................................................................................................................................12-8 12.2.1 Creating a Traffic Classification........................................................................................................12-8 12.2.2 Creating a Traffic Behavior..............................................................................................................12-10 12.2.3 Creating and Deploying a Traffic Policy.........................................................................................12-11 12.2.4 Linking to Query Performance Data................................................................................................12-12 12.2.5 Linking to Configure Performance Monitoring...............................................................................12-13 12.3 Configuring HQoS....................................................................................................................................12-13 12.3.1 Creating a Queue Profile..................................................................................................................12-14 12.3.2 Creating a QoS Profile.....................................................................................................................12-15 12.3.3 Creating a Scheduling Profile..........................................................................................................12-16 Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi
Contents
iManager U2000 Unified Network Management System Operation Guide for Multi-service Control Gateway NE Management 12.3.4 Creating a User Group Queue..........................................................................................................12-17 12.3.5 Creating a Drop Profile....................................................................................................................12-18 12.3.6 Creating a Discard Policy.................................................................................................................12-20
12.4 Creating and Deploying a DS Domain Policy..........................................................................................12-21 12.5 Configuring Domain QoS.........................................................................................................................12-22 12.5.1 Configuring the VC Scheduling for Domain QoS...........................................................................12-23 12.5.2 Configuring the Time Range for Domain QoS................................................................................12-23 12.5.3 Configuring the User Priority for Domain QoS...............................................................................12-24 12.5.4 Configuring L2TP QoS for Domain QoS........................................................................................12-24 12.6 Configuring L2TP Group QoS..................................................................................................................12-25 12.6.1 Configuring L2TP Group QoS.........................................................................................................12-25 12.6.2 Configuring the Scheduling Mode for L2TP Group QoS................................................................12-26 12.7 Configuring Interface QoS........................................................................................................................12-27 12.7.1 Configuring the Bandwidth for Interface QoS.................................................................................12-27 12.7.2 Configuring a Queue for Interface QoS...........................................................................................12-28 12.7.3 Configuring the GTS for Interface QoS...........................................................................................12-29 12.7.4 Deploying Applying Policies for Interface QoS..............................................................................12-29 12.7.5 Configuring a VC Group for Interface QoS.....................................................................................12-30 12.7.6 Configuring a VP Group for Interface QoS.....................................................................................12-30 12.7.7 Configuring the VC Scheduling for Interface QoS..........................................................................12-31 12.7.8 Configuring the VP Group Scheduling for Interface QoS...............................................................12-31 12.7.9 Configuring the Port Scheduling for Interface QoS.........................................................................12-31 12.7.10 Configuring the VC Group Scheduling for Interface QoS.............................................................12-32 12.7.11 Configuring Other Parameters for Interface QoS...........................................................................12-33 12.7.12 Querying the Performance Data.....................................................................................................12-34 12.7.13 Configuring the Performance Instance...........................................................................................12-34 12.8 Configuring the Mirroring.........................................................................................................................12-35 12.8.1 Creating an Observing Port..............................................................................................................12-35 12.8.2 Adding Port Mirroring.....................................................................................................................12-35 12.9 Configure System QoS..............................................................................................................................12-36 12.9.1 Creating a soft CAR.........................................................................................................................12-36
13 BRAS Management................................................................................................................13-1
13.1 BRAS Management Overview....................................................................................................................13-2 13.1.1 Functions of BRAS Management......................................................................................................13-2 13.1.2 Features of BRAS Services................................................................................................................13-2 13.2 Setting Global BRAS Parameters...............................................................................................................13-2 13.3 Configuring AAA........................................................................................................................................13-5 13.3.1 Adding a RADIUS Server Group.......................................................................................................13-6 13.3.2 Adding a TACACS Template............................................................................................................13-7 13.3.3 Adding an Authentication Scheme.....................................................................................................13-7 13.3.4 Adding an Accounting Scheme..........................................................................................................13-8 13.3.5 Adding an Authorization Scheme......................................................................................................13-9 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-11-19)
Contents
13.3.6 Adding a Record Scheme.................................................................................................................13-10 13.3.7 Adding a User Group.......................................................................................................................13-10 13.3.8 Adding a Web Authentication Server..............................................................................................13-11 13.3.9 Adding a COPS Server Group.........................................................................................................13-11 13.4 Configuring IP Address Management.......................................................................................................13-13 13.4.1 Adding a DHCP Server Group.........................................................................................................13-13 13.4.2 Adding an Address Pool...................................................................................................................13-14 13.4.3 Adding an Address Segment............................................................................................................13-15 13.5 Configuring User Management.................................................................................................................13-16 13.5.1 Adding a User Domain.....................................................................................................................13-16 13.5.2 Adding an Equipment Domain.........................................................................................................13-17 13.6 Configuring a Access Service...................................................................................................................13-18 13.6.1 Adding an Interface Service.............................................................................................................13-19 13.6.2 Setting PPP Parameters....................................................................................................................13-20 13.6.3 Adding C-VLANs in Batches..........................................................................................................13-21 13.6.4 Adding User PVCs in Batches.........................................................................................................13-22 13.6.5 Adding Static Users in Batches........................................................................................................13-23 13.6.6 Adding Equipment Users in Batches...............................................................................................13-24 13.7 Querying Real-Time Performance............................................................................................................13-25
14 VPDN Management...............................................................................................................14-1
14.1 VPDN Management Overview...................................................................................................................14-2 14.1.1 VPDN Management Functions..........................................................................................................14-2 14.1.2 Basic Concepts...................................................................................................................................14-2 14.2 Configuring L2TP Globally........................................................................................................................14-3 14.3 Configuring a LAC Service.........................................................................................................................14-4 14.3.1 LAC Configuration Flowchart...........................................................................................................14-4 14.3.2 Enabling L2TP...................................................................................................................................14-5 14.3.3 Adding an L2TP Group......................................................................................................................14-5 14.3.4 Binding an L2TP Group to a Domain................................................................................................14-6 14.4 Configuring an LNS Service.......................................................................................................................14-7 14.4.1 LNS Configuration Flowchart............................................................................................................14-7 14.4.2 Enabling L2TP...................................................................................................................................14-8 14.4.3 Adding an L2TP Group......................................................................................................................14-8 14.4.4 Adding an LNS Backup Group..........................................................................................................14-8 14.5 Displaying the L2TP Status.........................................................................................................................14-9 14.6 Querying Real-time Performance................................................................................................................14-9 14.7 Deleting an L2TP Tunnel..........................................................................................................................14-10
15 VPN Management..................................................................................................................15-1
15.1 VPN Management Overview......................................................................................................................15-2 15.2 Creating a Tunnel Policy.............................................................................................................................15-2 15.3 Creating a PW Template.............................................................................................................................15-3 15.4 Creating a PW.............................................................................................................................................15-3 Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii
Contents
15.5 Creating a VSI.............................................................................................................................................15-5 15.5.1 Creating a Martini Service VSI..........................................................................................................15-6 15.5.2 Creating a Management VSI..............................................................................................................15-7 15.5.3 Enabling and Disabling a Service VSI...............................................................................................15-9 15.6 Creating a VRF............................................................................................................................................15-9
16 Accessing NEs Through a Tool............................................................................................16-1

16.1 Ping..............................................................................................................................................................16-2 16.2 Tracert......................................................................................................................................................... 16-2 16.3 Telnet...........................................................................................................................................................16-3 16.4 SSH..............................................................................................................................................................16-3 16.5 ICMP Ping...................................................................................................................................................16-4 16.6 ICMP Trace.................................................................................................................................................16-4
17 Diagnosis Management........................................................................................................17-1
17.1 Overview of the Test Diagnosis Tool......................................................................................................... 17-2 17.1.1 Function Overview.............................................................................................................................17-2 17.1.2 Basic Concepts...................................................................................................................................17-3 17.1.3 Test Diagnosis Type...........................................................................................................................17-5 17.2 Process of Using the Test Diagnosis Tool.................................................................................................. 17-8 17.2.1 Flowchart of Detecting Network Connectivity..................................................................................17-8 17.2.2 Flowchart of Locating Faults............................................................................................................. 17-9 17.3 Common Operations.................................................................................................................................17-10 17.3.1 Defining a Test Suite........................................................................................................................17-10 17.3.1.1 Creating a Test Suite.....................................................................................................................17-10 17.3.1.2 Creating a Test Case......................................................................................................................17-11 17.3.2 Performing Test Diagnosis...............................................................................................................17-11 17.3.2.1 Manually Performing Test Diagnosis...........................................................................................17-12 17.3.2.2 Running a Temporary Test Case...................................................................................................17-13 17.3.2.3 Periodically Performing Test Diagnosis with Diagnosis Policies.................................................17-13 17.3.3 Creating a Result Analysis Template...............................................................................................17-15 17.3.4 Managing History Data....................................................................................................................17-15 17.3.4.1 Viewing History Data....................................................................................................................17-15 17.3.4.2 Exporting History Data.................................................................................................................17-16 17.3.5 Using the Trace Route Tool to Locate Faults..................................................................................17-17 17.4 Performing Network Scanning..................................................................................................................17-18 17.5 Typical Examples for Performing Test Diagnosis Tasks..........................................................................17-19 17.5.1 Example for Detecting Connectivity of the L3VPN........................................................................17-19
xiv
Issue 03 (2010-11-19)
Figures
Figures
Figure 5-1 Flowchart of configuring an ACL service..........................................................................................5-4 Figure 5-2 Networking diagram of ACL configuration.....................................................................................5-15 Figure 6-1 Typical application model..................................................................................................................6-2 Figure 6-2 MDs of different levels.......................................................................................................................6-3 Figure 6-3 MEP and MIP.....................................................................................................................................6-4 Figure 6-4 MEP types...........................................................................................................................................6-5 Figure 6-5 Application scenario of CFM-BFD binding.......................................................................................6-6 Figure 6-6 Flowchart of configuring the 802.1ag................................................................................................6-8 Figure 6-7 Flowchart of configuring the 802.3ah................................................................................................6-9 Figure 8-1 Encapsulation structure of a label.......................................................................................................8-3 Figure 8-2 Constraint relations among MPLS-related parameters.......................................................................8-8 Figure 14-1 L2TP-based VPDN networking......................................................................................................14-2 Figure 14-2 LAC configuration flowchart.........................................................................................................14-5 Figure 14-3 LNS configuration flowchart..........................................................................................................14-7 Figure 17-1 Flowchart of detecting network connectivity.................................................................................17-8 Figure 17-2 Flowchart of locating faults............................................................................................................17-9 Figure 17-3 Flowchart of periodically performing test diagnosis....................................................................17-14 Figure 17-4 L3VPN networking example........................................................................................................17-19 Figure 17-5 Process of diagnosing L3VPN faults............................................................................................17-20
Issue 03 (2010-11-19)
xv
Tables
Tables
Table 5-1 ACL types............................................................................................................................................5-2 Table 5-2 Time range structure............................................................................................................................5-4
Issue 03 (2010-11-19)
xvii
1 Setting Telnet/STelnet Parameters
Setting Telnet/STelnet Parameters
About This Chapter

Security authentication modes are not adopted for the Telnet mode. Packets are transmitted through TCP in plain text, which brings security risks. The U2000 adopts STelnet to reduce security risks, using SSH features to ensure security and effective authentication. Setting Telnet/ STelnet parameters is the prerequisite for NE management. 1.1 Configuring a Telnet/STelnet Parameter Template This topic describes how to configure a Telnet/STelnet parameter template. With the Telnet/ STelnet parameter template, you can set the Telnet/STelnet parameters for multiple sets of equipment in a unified manner. 1.2 Setting Telnet/STelnet Parameters with a Template This topic describes how to use a template to set the Telnet/STelnet parameters of the U2000 for the communication with equipment. 1.3 Manually Modifying Equipment Telnet/STelnet Parameters This topic describes how to manually modify equipment Telnet/STelnet parameters.
Issue 03 (2010-11-19)
1-1
1.1 Configuring a Telnet/STelnet Parameter Template

This topic describes how to configure a Telnet/STelnet parameter template. With the Telnet/ STelnet parameter template, you can set the Telnet/STelnet parameters for multiple sets of equipment in a unified manner.
Procedure
1 Choose Administration > NE Communicate Parameter > NE Telnet/STelnet Template Management from the main menu. 2 In the dialog box that is displayed, click Create. 3 Click OK after setting Protocol Name and Template Name in the New Template dialog box. l To configure a Telnet parameter template, set Protocol Name to Telnet. l To configure an STelnet parameter template, set Protocol Name to STelnet. 4 In the Details group box of the Telnet/STelnet Template Management dialog box, configure the Telnet/STelnet parameter template. 5 Click Apply or OK. The Telnet/STelnet parameter template is configured. ----End
1.2 Setting Telnet/STelnet Parameters with a Template

This topic describes how to use a template to set the Telnet/STelnet parameters of the U2000 for the communication with equipment.
Prerequisite
l The related parameters, such as the user name and password, must be set on equipment.
NOTE
The device login header cannot contain special characters # ] >. Otherwise, the U2000 fails to verify Telnet/STelnet parameters.
The Telnet/STelnet template must be configured on the U2000, and the parameters in the template must be consistent with those on NEs.
Procedure
1 In the Main Topology, select the equipment whose Telnet or STelnet parameters need to be set. 2 Choose Administration > NE Communicate Parameter > Set NE Telnet/STelnet Parameter from the main menu.
NOTE
You can also right-click the selected equipment and then choose Set NE Telnet/STelnet Parameter from the shortcut menu.
3 In the Device Telnet/STelnet Parameter Management dialog box, click Import.

1-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-11-19)
4 In the Select Telnet/STelnet Template dialog box, select the template to be used, and then click OK. 5 Click Test. l If the message indicating successful test is displayed, click OK. l If the message indicating test failure is displayed, modify the settings of the Telnet/STelnet parameters according to the prompt. 6 Click OK. ----End
1.3 Manually Modifying Equipment Telnet/STelnet Parameters

This topic describes how to manually modify equipment Telnet/STelnet parameters.
Context
In the U2000, you can configure one Telnet parameter template and one STelnet parameter template. If required, you can manually modify the configured templates to set the Telnet/ STelnet parameters for equipment.
NOTE
The device login header cannot contain special characters # ] >. Otherwise, the U2000 fails to verify Telnet/ STelnet parameters.
Procedure
1 In the Main Topology, select the equipment whose Telnet/STelnet parameters need to be modified. 2 Choose Administration > NE Communicate Parameter > Set NE Telnet/STelnet Parameter from the main menu.
Issue 03 (2010-11-19) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-3

NOTE
You can also right-click the selected equipment and then choose Set NE Telnet/STelnet Parameter from the shortcut menu.
3 In the Details group box of the Device Telnet/STelnet Parameter Management dialog box, modify Telnet/STelnet parameters manually. l l To modify Telnet parameters: Set Protocol Name to Telnet. To modify STelnet parameters: Set Protocol Name to STelnet. 4 Click Apply. 5 Click Test. l If the message indicating successful test is displayed, click OK. l If the message indicating test failure is displayed, modify the settings of the Telnet/STelnet parameters according to the prompt. 6 Click OK. ----End
1-4
Issue 03 (2010-11-19)
2 Managing Devices
2
About This Chapter
Managing Devices
This describes how to maintain devices, such as viewing device information, resetting devices, and refreshing the device status. 2.1 Viewing System Information This describes how to view system information of the device, such as the system name, object ID, and device version. 2.2 Setting the IP Address of an NE This topic describes how to set the IP address of an NE. If you change the IP address of an NE by using the associated command, the communication between the NMS and the NE is interrupted. You can change the IP address of the NE through the NMS to restore the communication. 2.3 NE Panel Management An NE panel is an illustration of the front panel of a device. An NE panel displays the running status and alarm status of boards and ports through alarm indicators and legends of different colors. 2.4 Refreshing Board Information This describes how to refresh board information. When you need to synchronize the latest board information from the database to the NMS, you need to use the function of refreshing board information. 2.5 Managing Abnormal Resources This topic describes how to manage abnormal resources through the U2000.
Issue 03 (2010-11-19)
2-1
2 Managing Devices
2.1 Viewing System Information

This describes how to view system information of the device, such as the system name, object ID, and device version.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, choose Device Management > System Information. 3 On the System Information tab, view the following information: System Name, Object ID, Device Version, Duration, Location, Contact, IP Address, MAC Address, and Description.
NOTE
You can modify the values of System Name, Location, and Contact.
4 Optional: Click Synchronize to refresh system information displayed on the U2000. ----End
2.2 Setting the IP Address of an NE

This topic describes how to set the IP address of an NE. If you change the IP address of an NE by using the associated command, the communication between the NMS and the NE is interrupted. You can change the IP address of the NE through the NMS to restore the communication.
Context
Ensure that the NE IP address set on the NMS is the same as the actual IP address of the NE. Otherwise, the communication fails.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Device Management > NE IP Management from the service tree. 3 On the NE IP Management tab page, the original IP address of the NE is displayed. You can change the NE IP address stored on the NMS through New IP Address to restore the communication. 4 Click Apply. In the Confirm dialog box, click OK. The IP address that you set is displayed in Present IP Address. ----End
2-2
Issue 03 (2010-11-19)
2 Managing Devices
2.3 NE Panel Management

An NE panel is an illustration of the front panel of a device. An NE panel displays the running status and alarm status of boards and ports through alarm indicators and legends of different colors. 2.3.1 Viewing the NE Panel This topic describes how to view the NE panel. You can view the information shown on the NE panel such as the shelf, card, subcard, port, power supply, and fan. 2.3.2 Resetting a Card This topic describes how to reset a card. When the software of a card needs to be updated or a fault occurs on a card, you can reset the card.
2.3.1 Viewing the NE Panel

This topic describes how to view the NE panel. You can view the information shown on the NE panel such as the shelf, card, subcard, port, power supply, and fan.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. The NE Panel tab page is displayed by default. 2 Optional: If you are currently visiting other tab pages on the NE Explorer tab page, you can choose Device Management > NE Panel from the service tree to access the NE Panel tab page. The display styles of different NE panels are different. The following figure takes an NE as an example.
Port color representing Port status Alarmindicator color Card color Standby representing severity level representing card card status of an alarm
Slot ID
Idle slot
Power
Fan
Issue 03 (2010-11-19)
2-3
2 Managing Devices
NOTE
l The colors of the card, power supply, and fan indicate the running status of the card, power supply, and fan. l The alarm status of the card does not include the port alarm. l The color of a port indicates the status of the port. For the colors of specific ports, see the legend on the right of the panel. l When the administrative status of a port is Down, the following situations occur: l If no alarm is generated on the port, the color of the port is gray. l If there is an alarm on the port, the color of the port depends on the severity level of the alarm. l When the administrative status of a port is Up, the following situations occur: l If no alarm is generated on the port, the color of the port is green. l If there is an alarm on the port, the color of the port depends on the severity level of the alarm. l When the administrative status of a port is Up, the running status of the port is Down, and no alarm is generated on the port, the color of the port is red, which is the same as that of the critical alarm. l When a card is inserted into a slot, the slot blinks in blue. After being successfully registered, the card is displayed on the NE panel. l The standby card is marked with the letter (S) to differentiate from the active card.
3 When you select components on the panel, you can view the detailed information about the components through the related tabs on the lower part of the panel. l When you select the card, power supply, and fan, the Board Information tab page displays the detailed information about the card, power supply, and fan. If the card has subcards or ports, you can view the detailed information about the subcards or ports through the Buckledcard Info tab or the Port Information tab. If you double-click the card, the Port Information tab page is displayed. l When you select a port, the port record is displayed on the Port Information tab page. Rightclick the port record. ----End
2.3.2 Resetting a Card

This topic describes how to reset a card. When the software of a card needs to be updated or a fault occurs on a card, you can reset the card.
Prerequisite
Telnet or STelnet parameters must be set on the equipment and the equipment information must be synchronized to the NMS.
2-4
Issue 03 (2010-11-19)
2 Managing Devices
Context
CAUTION
l In most cases, do not reset a card, because the network related to the device will be Down for a while. l Back up the key data before resetting the card. l When you reset a card, do not perform hot swap for the card. l When the active control card is reset, the equipment restarts without powering off the CPU of the card. If the equipment has the standby control card, the equipment performs the active/ standby switchover after the card is reset.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. The NE Panel tab page is displayed by default. 2 Optional: If you are currently visiting other tab pages on the NE Explorer tab page, you can choose Device Management > NE Panel from the service tree to access the NE Panel tab page. 3 Select the card to be reset on the NE panel, right-click it, and then select Reset Board. 4 Click OK in the Confirm dialog box. ----End
Follow-up Procedure
If the status of the card is still offline after the card is reset for 10 minutes, click Synchronize in the lower part of the NE panel to manually synchronize the status of the NE panel. The status of the card cannot be refreshed when the configurations of other modules are being synchronized.
2.4 Refreshing Board Information

This describes how to refresh board information. When you need to synchronize the latest board information from the database to the NMS, you need to use the function of refreshing board information.
Context
If you want to obtain the latest board information from a device, it is recommended that you synchronize the NE panel information before refreshing board information. To synchronize the NE panel information, do as follows: 1. 2.
Issue 03 (2010-11-19)
Choose Device Management > NE panel from the service tree. The NE panel tab page is displayed. Click Synchronize.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-5
2 Managing Devices
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Device Management, and then click Board Information. 3 Click Refresh. The query result area displays the latest board information. 4 Select a board record in the query result area. The details about this board are displayed in the detailed information area. ----End
2.5 Managing Abnormal Resources

This topic describes how to manage abnormal resources through the U2000. 2.5.1 Viewing Abnormal Resources This topic describes how to view abnormal resources. 2.5.2 Viewing Dependency Between Abnormal Resources This topic describes how to view dependency between abnormal resources. Resource dependency refers to the dependency relations between single equipment entities, such as cards and subcards. 2.5.3 Exporting Abnormal Resources This topic describes how to export abnormal resources.
2.5.1 Viewing Abnormal Resources

This topic describes how to view abnormal resources.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Device Management > Abnormal Resource from the service tree. 3 On the Abnormal Resources tab page, set Resource Type and Abnormal Time. 4 Click Query. ----End
2.5.2 Viewing Dependency Between Abnormal Resources

This topic describes how to view dependency between abnormal resources. Resource dependency refers to the dependency relations between single equipment entities, such as cards and subcards.
Context
Resource relations can be registered only after services are created on equipment entities.
2 Managing Devices
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Device Management > Abnormal Resource from the service tree. 3 On the Abnormal Resource tab page, set the filter criteria and click Query. 4 In the query result list, right-click a record and choose Show Resource Relationships from the shortcut menu. 5 In the Resource Relationship dialog box, you can view the resource relations between the tree view and table view. There are two types of dependency relations, that is, depending and depended. l The l The button shows the depending relation. button shows the depended relation.
6 Click OK. The Resource Relationship dialog box is displayed. ----End
2.5.3 Exporting Abnormal Resources

This topic describes how to export abnormal resources.
Context
The data in the database is not deleted when abnormal resources are exported. Thus, you can still query the data through the client.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Device Management > Abnormal Resource from the service tree. 3 On the Abnormal Resource tab page, set the filter criteria and click Query. 4 Click Export. 5 In the Save dialog box, set the path, name, and format of the file to be saved. 6 Click Save. ----End
Issue 03 (2010-11-19)
2-7
3 Interface Management
3
About This Chapter
Interface Management
Interface management is applicable to the Ethernet interface, POS interface, trunk interface, ATM interface, tunnel interface, VE interface, loopback interface, VLAN interface, and VT interface. 3.1 Interface Management Overview This topic describes the functions and basic concepts of interface management. 3.2 General Interface Configuration This topic describes the general configuration of an interface, which includes enabling and disabling an interface, viewing the real-time performance of an interface, configuring interface information, and enabling or disabling IPv6 on an interface. 3.3 Configuring an Ethernet Interface This topic describes how to configure an Ethernet interface, which includes configuring the general information and physical features Ethernet features and IP address. You need to configure the Ethernet interface when transmitting packets through the Ethernet. 3.4 Creating an Ethernet Subinterface This topic describes how to create an Ethernet subinterface, which includes configuring the general information, features, and advanced information, and setting the IP address. Configuring an Ethernet subinterface is similar to creating an Ethernet subinterface. The following takes the creation of an Ethernet subinterface as an example to describe the operation procedure. 3.5 Configuring a POS Interface This topic describes how to configure a POS interface, which includes configuring the general information, physical features, and PPP authentication protocol, and setting the IP address. The PPP authentication protocol can be configured only when the link layer protocol is set to PPP. If you use the SONET/SDH optical interface to transmit packets, you need to configure the POS interface. 3.6 Creating an Eth-Trunk Interface This topic describes how to create an Eth-Trunk interface, which includes configuring the general information, physical features, and member interfaces, and setting IP addresses. Configuring an Eth-Trunk interface is similar to creating an Eth-Trunk interface. The following takes the creation of an Eth-Trunk interface as an example to describe the operation procedure.
3.7 Creating an Eth-Trunk Subinterface This topic describes how to create an Eth-Trunk subinterface, which includes configuring the general information, features, and advanced information, and setting IP addresses. Configuring an Eth-Trunk subinterface is similar to creating an Eth-Trunk subinterface. The following takes the creation of an Eth-Trunk subinterface as an example to describe the operation procedure. 3.8 Creating an IP-Trunk Interface This topic describes how to create an IP-Trunk interface, which includes configuring the general information, physical features, and member interfaces, and setting the IP address. To improve the communication capability of links, you can bind multiple POS interfaces together as an IPTrunk interface. With the IP-Trunk interface, you can implement load balancing and improve the reliability of links. Configuring an IP-Trunk interface is similar to creating an IP-Trunk interface. The following takes the creation of an IP-Trunk interface as an example to describe the operation procedure. 3.9 Configuring an ATM Interface This topic describes how to configure an ATM interface, which includes configuring the general information, physical features, ATM features, and PVC, and setting the IP address. You can set these parameters according to the actual conditions of the ATM network so that these parameters can perfectly match the physical network. 3.10 Creating an ATM Subinterface This topic describes how to create an ATM subinterface, which includes configuring the general information, ATM features, and PVC/PVP, and setting the IP address. If you use the ATM subinterface to communicate with the peer equipment, you need to configure the ATM subinterface. The parameters of the ATM subinterface do not include certain parameters, such as the clock mode, frame format, and scramble function. You can set these parameters on the main ATM interface. Then, the ATM subinterface can automatically inherit these parameters from the main interface. Configuring an ATM subinterface is similar to creating an ATM subinterface. The following takes the creation of an ATM subinterface as an example to describe the operation procedure. 3.11 Creating a Tunnel Interface This topic describes how to create a tunnel interface, which includes configuring the general information and setting IP addresses. The GRE and MPLS TE tunnels use a type of virtual logical interface, namely, the tunnel interface, for forwarding. Before using these types of tunnels, you need to create a tunnel interface. Configuring a tunnel interface is similar to creating a tunnel interface. The following takes the creation of a tunnel interface as an example to describe the operation procedure. 3.12 Creating a VE Interface This topic describes how to create a VE interface, which includes configuring the general information and Ethernet features, and setting the IP address. The VE interface supports the common attributes of the Ethernet interface. Although the VE interface is mainly applied to IPoEoA, it can also be used to access the L2VPN, VPLS, and L3VPN, or to perform Layer 3 forwarding. Configuring a VE interface is similar to creating a VE interface. The following takes the creation of a VE interface as an example to describe the operation procedure. 3.13 Creating a VE Subinterface This topic describes how to create a VE subinterface, which includes configuring the general information, features, and advanced information, and setting the IP address. Configuring a VE subinterface is similar to creating a VE subinterface. The following takes the creation of a VE subinterface as an example to describe the operation procedure. 3.14 Creating a Loopback Interface This topic describes how to create a loopback interface, which includes configuring the general information and setting the IP address. If you need the IP address of an interface whose state is
always Up, you can select the IP address of a loopback interface. Configuring a loopback interface is similar to creating a loopback interface. The following takes the creation of a loopback interface as an example to describe the operation procedure. 3.15 Creating a VT Interface This topic describes how to create a VT interface, which includes configuring the general information and setting the IP address. Layer 2 protocols, such as the PPP protocol, Ethernet protocol, and ATM protocol, cannot bear each other directly. They can communicate with each other through VA interfaces. A VA interface is automatically created by the system when the Layer 2 protocols need to communicate with each other. A VT is the template that the system uses to configure a VA interface. You can configure a VA interface only by setting the attributes of a VT. Configuring a VT interface is similar to creating a VT interface. The following takes the creation of a VT interface as an example to describe the operation procedure.
Issue 03 (2010-11-19)
3-3
3.1 Interface Management Overview

This topic describes the functions and basic concepts of interface management. 3.1.1 Interface Management Functions This topic describes the functions of interface management. The U2000 provides the diversified functions of configuring interfaces including physical interfaces and logical interfaces. 3.1.2 Basic Concepts This topic describes the concepts of the Ethernet interface, POS interface, trunk interface, ATM interface, tunnel interface, VE interface, loopback interface, VLAN interface, and VT interface.
3.1.1 Interface Management Functions

This topic describes the functions of interface management. The U2000 provides the diversified functions of configuring interfaces including physical interfaces and logical interfaces. l Physical interfaces are on the corresponding physical components and exist actually. The U2000 provides configuration for the following physical interfaces: Ethernet interface, POS interface, and ATM interface l Logical interfaces can perform data exchange; however, they do not exist physically and must be created through configuration. The U2000 provides configuration for the following logical interfaces: Subinterface, trunk interface, tunnel interface, VE interface, loopback interface, VT interface, and VLAN interface
NOTE
The U2000 interface management supports the following functions for equipment: l The functions not supported by the related equipment are grayed out or hidden in interface management GUIs. l When you place a cursor in a text box for a while, the related value range tip is displayed to help you with parameter setting.
3.1.2 Basic Concepts

This topic describes the concepts of the Ethernet interface, POS interface, trunk interface, ATM interface, tunnel interface, VE interface, loopback interface, VLAN interface, and VT interface.
Interface Overview
Through the interface, a set of equipment can exchange data and interact with other sets of equipment on the network. The interfaces can be divided into two types: physical interfaces and logical interfaces. Physical interfaces are on the corresponding physical components and exist actually. Physical interfaces can be classified into two types: l l LAN interfaces: LAN interfaces are mainly Ethernet interfaces through which routers exchange data with equipment on a LAN. WAN interfaces: WAN interfaces include serial interfaces, POS interfaces, and ATM interfaces through which routers exchange data with equipment of external networks.
3-4
Logical interfaces realize data exchange but do not actually exist and need to be configured. Logical interfaces include sub-interfaces, loopback interfaces, and VLAN interfaces. The NE interface management provides the diversified function of configuring physical interfaces including the Ethernet interface and POS interface, and various virtual interfaces such as the sub-interface, Trunk interface, loopback interface, and Virtual Template (VT) interface.
Subinterface Overview
Generally, one physical interface can be configured with only one IP address. In a point-to-point connection, one IP address can meet the requirements of applications. If the link layer of an interface supports the multiplexing of multiple connections, one IP address can meet the requirements. For example, when the FR supports multiple virtual connections; if the peer network and local IP addresses of these virtual connections are in the same network segment, one IP address can meet the requirements. If the peers of virtual connections are in different network segments, however, the requirements of applications cannot be met with only one IP address on the interface. In this case, a sub-interface must be used. The subinterface supports multiple logical interfaces on one physical interface. That is, set up connections of multiple interfaces with one physical interface. These logical interfaces share the configuration parameters with physical interfaces, though they have their own configuration parameters at the link layer and the network layer.
Ethernet Interface Overview

l Ethernet Interface The LAN includes the Ethernet and token ring network. With features of flexible, simple, and easy implementation, the Ethernet becomes the most important LAN networking technology. The traditional Ethernet interfaces comply with 10Base-T standard at the physical layer and operate at a rate of 10 Mbit/s. The FE interfaces comply with the 100Base-TX standard at the physical layer and are compatible with the 10Base-T standard at the physical layer. The Gigabit Ethernet interfaces comply with the 1000Base-TX standard at the physical layer and are compatible with the 10Base-T and 100Base-TX standards at the physical layer. l MTU The MTU refers to the length of the load in a frame, expressed in bytes. The value range of the Ethernet interface MTU varies with the specific equipment. On an Ethernet, the MTU has both receiving and sending directions. The Ethernet frame length is controlled to be the set value in the receiving direction. When the frame length exceeds the value, it is discarded. l Working Mode The available working modes of an Ethernet interface are as follows: Half-duplex mode Each station can receive and send packets, but the station cannot receive or send packets at the same time. When one station is sending packets, the other station is only receiving packets. In half-duplex mode, no matter which station starts transmission, the whole link bandwidth is occupied. Full-duplex mode
Two stations can receive and send at the same time. In full-duplex mode, two stations share the link bandwidth. Auto-negotiation mode In auto-negotiation mode, a station can negotiate with other network equipment to select the most appropriate working mode and rate. Thus, the configuration and management of the system are greatly simplified. l Rate The Ethernet electrical interface supports multiple rates. The FE electrical interface supports the rate of 10 Mbit/s and 100 Mbit/s. The FE optical interface supports only the rate at 100 Mbit/s. The GE optical interface supports only the rate at 1000 Mbit/s and the rate cannot be configured. Thus, only the Ethernet electrical interface needs to be configured. The default rate of the FE electrical interface is 100 Mbit/s. You can select the auto-negotiation mode to configure the rate.
POS Interface Overview

The POS technology is applied to the MAN and WAN. It supports packet data, for example, the IP packet. The POS can map packets of variable length directly to the payload of SONET/SDH. The POS uses the physical layer transmission standard of SONET, which provides a high-speed, reliable, and P2P data connection. The POS uses the SONET as physical layer protocol and PPP as link control at the data link layer. The POS encapsulates IP packets service in the HDLC frame, and runs IP packet services at the network layer. Common POS interfaces are classified into three types according to the rate. The signal levels are STM-1 (155 Mbit/s), STM-4 (622 Mbit/s), and STM-16 (2.5 Gbit/s).
ATM Interface Overview

In ATM switching, a cell has a fixed length of 53 bytes. As defined by the ITU-T, ATM implements the transmission, multiplexing, and switching of data based on cells. Data of services, such as the voice service, video service, and data service, is transmitted in fixed-length cells, which facilitates fast data transmission. The cell-based switching technology provides the networks in a unified architecture with a common transferring mode that is connection-oriented and applicable to different services. As the ATM technology is connection-oriented, VCs must be set up before data transmission. Each VC is identified by the VPI and VCI. A VPI/VCI value is meaningful between two directly-connected ATM nodes. When a connection is released, the related VPI/VCI value is released to the resource list and available for other connections. ATM VCs can transmit both constant bit rate (CBR) services and VBR services, which is an advantage of the ATM. The ATM physical layer lies at the bottom of the ATM protocol reference model. It does not rely on transmission mechanism and transmission rate. It transmits valid cells and corresponding timing signals between the upper layers and the transmission media. The VRP supports several types of ATM interface, which includes the following:
l l
The ATM OC-3/STM-1 interface and ATM OC-12/STM-4 interface that carries ATM service over SONET/SDH. The ATM E1/T1 interface that carries ATM service over E1/T1 line, which realizes IMA feature. For T1 connection, the uplink port operates at the rate of 1.544 Mbit/s to 12.288 Mbit/s (8T1). For the E1 connection, the uplink port operates at the rate of 2.048 Mbit/s to 16.384 Mbit/s (8E1). Single ATM E3/T3 interface that carries ATM service over E3/T3 line. ATM Sub-interface.
l l
Trunk Interface Overview

A trunk interface is an aggregation group formed by aggregating multiple ports to balance the load among the member ports and to improve the connection reliability. There are two types of trunk interfaces: Eth-Trunk and IP-Trunk. The Eth-Trunk interface is formed only by Ethernet link and the IP-Trunk is formed only by POS link.
VT Interface Overview
The VT interface, also called the virtual interface template, is the template used by the system to configure the VA interface. It is mainly used to application environments such as VPN, MP, and PPPoX (PPPoE, PPPoA, and PPPoEoA). After the VPN session is connected, create a VA that is used to exchange data with the peer. Select a VT according to user configuration, and dynamically create a VA based on the configuration parameters of the VT. After you bind multiple PPP links to MP, you need to create a VA that is used to exchange data with the peer. You can also select a VT to dynamically create a VA. When an interface applies the PPPoX, create a VA for a sub-interface or PVC to exchange data with the peer. You can also select a VT to dynamically create a VA. When the link is disconnected, the VT is automatically deleted.
Loopback Interface Overview

A loopback interface is a virtual interface with the characteristic of software. According to the TCP/IP protocol, the IP addresses in the network segment 127.0.0.0 are loopback addresses. Interfaces that are configured with these addresses are loopback interfaces. l The loopback interface uses the loopback IP address 127.0.0.1 The system automatically creates the loopback interface at startup. The loopback interface is used to receive all packets that are sent to the local computer. The IP addresses of the loopback interface cannot be configured or advertised through routing protocols. l Loopback Interface Overview When the configuration of a physical interface is not affected, some applications need to be configured with a local interface of specified IP address. In addition, configuring the IP address with a 32-bit mask can save IP addresses. Advertise the IP addresses of this interface through routing protocols.
VE Interface Overview
The VE interface is a logical interface, which is realized on an SIC. It has the characteristics of the Ethernet. The VE interface is mainly applied to PPPoEoA and IPoEoA.
Tunnel Interface Overview

The tunnels such as GRE, MPLS TE, and IPv6 over IPv4, use the tunnel interface to forward packets. Before using these types of tunnels, you need to create a tunnel interface. Configure different encapsulation modes for a tunnel interface based on its usage. For a tunnel, use the same encapsulation mode for the tunnel interfaces on both ends.
NOTE
When creating tunnel interfaces on distributed equipment, the slot number of the tunnel interface and source interface should be identical. That is, to improve the efficiency of transmitting packets, use the actual slot number through which the interfaces send packets.
VLAN Interface Overview

VLAN interfaces are a type of virtual interfaces with Layer 3 attributes. VLAN interfaces are used to implement the communication between VLANs. To implement the communication between VLANs on a switch, you need to set an IP address for each VLAN interface to set up routes between VLANs.
3.2 General Interface Configuration

This topic describes the general configuration of an interface, which includes enabling and disabling an interface, viewing the real-time performance of an interface, configuring interface information, and enabling or disabling IPv6 on an interface. 3.2.1 Configuring Interface Information This topic describes how to configure the general information about an interface or how to set the IP address of an interface. 3.2.2 Enabling and Disabling an Interface This topic describes how to enable and disable an interface. When the information of an interface is configured, you can set the administrative status of the interface to Up to ensure that the configured information is loaded to the interface. 3.2.3 Enabling and Disabling IPv6 on an Interface This topic describes how to enable and disable IPv6 on an interface. Before enabling IPv6 on an interface, you need to complete related IPv6 configurations on the interface. 3.2.4 Monitoring the Real-Time Performance of Interfaces This topic describes how to monitor the real-time performance of Ethernet interfaces or tunnel interfaces.
3.2.1 Configuring Interface Information

This topic describes how to configure the general information about an interface or how to set the IP address of an interface.
Prerequisite
The features of related interface modules must be synchronized to the NMS.
Context
l l IP addresses cannot be set for the NULL interface, RPR interface, Logic-Channel interface, CPOS interface, E1 interface or Layer 2 interface. On the Interface Information tab page, right-click an interface record and choose IPv6 Enable from the shortcut menu to enable IPv6 on this interface. On the current NMS, only the Ethernet interfaces and their subinterfaces, POS interfaces, loopback interfaces, trunk interfaces and their subinterfaces, VLAN interfaces, and tunnel interfaces can be configured with IPv6 addresses. A tunnel interface can borrow the IP addresses of Ethernet interfaces, loopback interfaces, or IP-Trunk interfaces. The Ethernet interface, VE interface, trunk interface, VLAN interface, and loopback interface, however, cannot borrow the IP addresses of other interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Interface Information. 3 Optional: Click Condition. In the Set Filter Condition dialog box, set query conditions, and then click OK.
NOTE
When querying all records, you can click Query without setting any filtering rule.
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface to be configured. 6 Click Configure. 7 In the Config Interface Information dialog box, set the related parameters. l Click the General tab. Then, set Interface Description. l Click the IPv4 Address tab. Then, set IPv4 Address or IPv4 Address Unnumbered.
NOTE
If the peers of virtual connections are in different network segments, only one master IP address on the local interface cannot meet the requirements of communication. In this case, click Add to set a secondary IPv4 address to solve this problem.
l Click the IPv6 Address tab. Then, set IPv6 address of the interface.
NOTE
You can set an IPv6 address for an interface only after IPv6 is enabled on it.
NOTE
If the interface is a Layer 2 interface, the IP address of the interface cannot be set.
8 Click OK.
In the query result area, information about the modified interface is displayed. ----End
3.2.2 Enabling and Disabling an Interface

This topic describes how to enable and disable an interface. When the information of an interface is configured, you can set the administrative status of the interface to Up to ensure that the configured information is loaded to the interface.
Prerequisite
The features of related interface modules must be synchronized to the NMS.
Context
l l l When a physical interface is idle or not connecting to any cable, you need to disable the interface to avoid the interface abnormality caused by interference. The loopback interface or Null interface cannot be enabled or disabled. Enable or disable an interface with caution. In certain special cases, certain interface parameters such as the working mode take effect only after the interface is enabled or disabled.
Procedure
NOTE
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface to be enabled or disabled, and then perform either of the following operations: l Right-click the selected interface and choose Up from the shortcut menu to enable the interface. l Right-click the selected interface and choose Down from the shortcut menu. In the dialog box that is displayed, click OK to disable the interface.
NOTE
Alternatively, you can right-click an interface on all interface tabs (except for the RPR Interface tab page) and then choose Up or Down from the shortcut menu.
----End
3.2.3 Enabling and Disabling IPv6 on an Interface

This topic describes how to enable and disable IPv6 on an interface. Before enabling IPv6 on an interface, you need to complete related IPv6 configurations on the interface.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. IPv6 must be enabled on the equipment. If IPv6 is enabled on the interface only, the status of IPv6 is still Down on the equipment and the equipment cannot forward IPv6 packets. Before enabling IPv6 on the equipment, log in to the equipment through Telnet and do as follows on the equipment: 1. 2. Run the system-view command to access the system view. Run the ipv6 command to enable IPv6.
Context
The following Layer-3 interfaces support IPv6 addresses: l l l l l l Gigabit-Ethernet interfaces and their subinterfaces POS interfaces Tunnel interfaces Loopback interfaces VLAN interfaces Eth-Trunk interfaces and their subinterfaces or IP-Trunk interfaces
Procedure
NOTE
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface on which IPv6 needs to be enabled or disabled, and then perform either of the following operations: l Right-click the interface and then choose IPv6 Enable from the shortcut menu to enable IPv6 on the interface. l Right-click the interface and then choose IPv6 Disable from the shortcut menu to disable IPv6 on the interface.
NOTE
On the Ethernet Interface tab page, you can also right-click the interface and choose IPv6 Enable or IPv6 Disable from the shortcut menu.
----End
3.2.4 Monitoring the Real-Time Performance of Interfaces

This topic describes how to monitor the real-time performance of Ethernet interfaces or tunnel interfaces.
Prerequisite
The features of related interface modules must be synchronized to the NMS. Before monitoring real-time performance or querying performance data, please make sure that the version of SNMP protocol is SNMPv2c or higher when creating NEs. Otherwise, the NMS cannot properly collect the performance data.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 The U2000 provides the monitoring of real-time performance for Ethernet interfaces, Ethernet subinterfaces and tunnel interfaces. To monitor the real-time performance of interfaces, do as follows: l l l Choose Interface Management > Interface Information from the service tree to monitor the real-time performance of all the interfaces that support this function. Choose Interface Management > Ethernet Interface from the service tree to monitor the real-time performance of Ethernet interfaces and subinterfaces. Choose Interface Management > Tunnel Interface from the service tree to monitor the real-time performance of tunnel interfaces.
3 In the query result area, right-click the interface to be monitored and choose Monitor RealTime Performance from the shortcut menu. 4 In the dialog box that is displayed, select the real-time performance indicators, and then click OK. In the Real-time Performance window, view the graph of real-time board performance. ----End
3.3 Configuring an Ethernet Interface

This topic describes how to configure an Ethernet interface, which includes configuring the general information and physical features Ethernet features and IP address. You need to configure the Ethernet interface when transmitting packets through the Ethernet.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment supports Ethernet interfaces and the Ethernet interface to be configured must exist.
Context
l When you configure an Ethernet interface, note that except for the IP address of the interface, all parameters have default values. If you need to modify the default values, make sure that the changed values are consistent with the corresponding values on the peer equipment. After an Ethernet subinterface is added, the main interface cannot be configured.
l
3-12
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Ethernet Interface. 3 Optional: Click Condition. In the Set Filter Condition dialog box, set query conditions, and then click OK.
NOTE
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface to be configured. 6 Click Configure. 7 In the Configure Ethernet Interface dialog box, set the related parameters as required. l l l Click the General tab. Then, set Interface Description. Click the Physical Feature tab. Then, set Working Mode, Rate, Auto-Negotiation, CRC Check, and Medium Mode. Click the Ethernet Feature tab. Then, set User Termination Mode, VLAN Swap, interface layer, and MTU. For the configuration on a PE, set the IPv4 address and MAC address of the Ethernet interface connecting to the CE and set whether to enable broadcast. Click the IPv4 Address tab. Then, set parameters such as the IPv4 address. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
l l
You can configure an IPv6 address for an interface only after IPv6 is enabled on it.
NOTE
If the interface is an Layer 2 interface, the IP address of the interface cannot be set.
8 Click OK. In the query result area, information about the modified interface is displayed. ----End
3.4 Creating an Ethernet Subinterface

This topic describes how to create an Ethernet subinterface, which includes configuring the general information, features, and advanced information, and setting the IP address. Configuring an Ethernet subinterface is similar to creating an Ethernet subinterface. The following takes the creation of an Ethernet subinterface as an example to describe the operation procedure.
Prerequisite
l l
Issue 03 (2010-11-19)
The features of related interface modules must be synchronized to the NMS. The equipment must support Ethernet interfaces and Ethernet subinterfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Ethernet Interface. 3 On the Ethernet Interface tab page, click Create.
NOTE
After creation, you can also select the subinterface to be configured in the query result area and click Configure to configure the created subinterface.
4 In the Create Ethernet Subinterface dialog box, set the related parameters as required. l Click the General tab. Then, set Main Interface Name, Subinterface No., and Subinterface Description.
NOTE
By default, the main interface name is the name of the currently selected main interface. You can click the ... button to re-select the main interface.
Click the Subinterface Feature tab. Then, do as follows to set Access Mode of the subinterface: If User Termination Mode is not set for the main interface, you can set Access Mode to either of the following values for the subinterface: VLAN Encapsulation Flexible Access If User Termination Mode is set for the main interface, you can set Access Mode to either of the following values for the subinterface: VLAN Termination Flexible Access
l l
Click the IPv4 Address tab. Then, set the IPv4 address of the subinterface. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address.
NOTE
Click the Advanced tab. Then, set the MTU value of the subinterface. For the configuration on a PE, set the IPv4 address and MAC address of the interface connecting to the CE and set whether to enable broadcast.
5 Optional: Click Apply. The subinterface is added. You can add more subinterfaces by repeating the preceding steps. Information about the new subinterface is displayed in the query result area. 6 Click OK. Close the dialog box. ----End
3.5 Configuring a POS Interface

This topic describes how to configure a POS interface, which includes configuring the general information, physical features, and PPP authentication protocol, and setting the IP address. The
PPP authentication protocol can be configured only when the link layer protocol is set to PPP. If you use the SONET/SDH optical interface to transmit packets, you need to configure the POS interface.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support POS interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click POS Interface. 3 Optional: Click Condition. In the Set Filter Condition dialog box, set query conditions, and then click OK.
NOTE
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface to be configured. 6 Click Configure. 7 In the Config POS Interface dialog box, set the related parameters as required. l l l Click the General tab. Then, set Interface Description. Click the Physical Feature tab. Then, set the basic information, CRC Check, and Byte Overhead. Click the PPP tab. Then, set the related parameters of the PPP protocol. You can click the Advanced tab to view the information about the PPP link status.
NOTE
You can configure the PPP protocol on the interface only when Link Layer Protocol is set to PPP.
l l
Click the IPv4 Address tab. Then, set parameters such as IPv4 Address and IPv4 Address Unnumbered. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
8 Click OK. In the query result area, information about the modified interface is displayed. ----End
3.6 Creating an Eth-Trunk Interface

This topic describes how to create an Eth-Trunk interface, which includes configuring the general information, physical features, and member interfaces, and setting IP addresses.
Configuring an Eth-Trunk interface is similar to creating an Eth-Trunk interface. The following takes the creation of an Eth-Trunk interface as an example to describe the operation procedure.
Prerequisite
l l l The features of related interface modules must be synchronized to the NMS. The equipment must support Eth-Trunk interfaces. Before creating an Eth-Trunk interface, you must ensure that the link layer parameters of all member interfaces are set and the link status is normal.
Context
To increase bandwidth of the links, you can bind multiple Ethernet interfaces together as an EthTrunk interface. Load balancing can be carried out among member interfaces of a trunk. Member interfaces disperse traffic over member links, and the traffic finally reaches the same destination. Thus, network congestion can be prevented. To improve the reliability of the Eth-Trunk interface, you can configure backup interfaces for member interfaces. When a member interface is invalid, you can enable the backup interface.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Trunk Interface. 3 On the Trunk Interface tab page, click Create, and then choose Eth-Trunk from the related drop-down list.
NOTE
After creation, you can also select the interface to be configured in the query result area and click Configure to configure the created interface.
4 In the Create Eth-Trunk Interface dialog box, set the related parameters as required. l l Click the General tab. Then, set Interface No. and Interface Description. Click the Feature tab. Then, set User Termination Mode, VLAN Swap, interface layer, Working Mode, Load Balancing Mode, Minimum Up Links, Maximum AffectBandwidth Links. Click the Member Interface tab. Then, add member interfaces. Click the IPv4 Address tab. Then, set parameters such as the IPv4 address. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
l l l
5 Optional: Click Apply. The interface is added. You can add more interfaces by repeating the preceding steps. Information about the new interface is displayed in the query result area. 6 Click OK. Close the dialog box. ----End
3.7 Creating an Eth-Trunk Subinterface

This topic describes how to create an Eth-Trunk subinterface, which includes configuring the general information, features, and advanced information, and setting IP addresses. Configuring an Eth-Trunk subinterface is similar to creating an Eth-Trunk subinterface. The following takes the creation of an Eth-Trunk subinterface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support Eth-Trunk interfaces and Eth-Trunk subinterfaces.
Context
An Eth-Trunk subinterface supports multiple logical subinterfaces on an Eth-Trunk interface. These logical subinterfaces share the configuration parameters of the Eth-Trunk interface at the physical layer and link layer, though they have their own configuration parameters at the network layer.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Trunk Interface. 3 On the Trunk Interface tab page, click Create, and then choose Eth-Trunk Subinterface from the related drop-down list.
NOTE
4 In the Create Eth-Trunk Subinterface dialog box, set the related parameters as required. l Click the General tab. Then, set Main Interface Name, Subinterface No. , and Subinterface Description.
NOTE
By default, the main interface name is the name of the currently selected main interface. You can click the ... button to re-select the main interface.
Click the Subinterface Feature tab. Then, do as follows to set Access Mode of the subinterface: If User Termination Mode is not set for the main interface, you can set Access Mode to either of the following values for the subinterface: VLAN Encapsulation Flexible Access If User Termination Mode is set for the main interface, you can set Access Mode to either of the following values for the subinterface: VLAN Termination Flexible Access
l
Issue 03 (2010-11-19)
Click the IPv4 Address tab. Then, set parameters such as the IPv4 address.
Click the IPv6 Address tab. Then, set parameters such as the IPv6 address.
NOTE
Click the Advanced tab. Then, set the MTU value of the sub-interface. For the configuration on a PE, set the IP address and MAC address of the interface connecting to the CE and set whether to enable broadcast.
3.8 Creating an IP-Trunk Interface

This topic describes how to create an IP-Trunk interface, which includes configuring the general information, physical features, and member interfaces, and setting the IP address. To improve the communication capability of links, you can bind multiple POS interfaces together as an IPTrunk interface. With the IP-Trunk interface, you can implement load balancing and improve the reliability of links. Configuring an IP-Trunk interface is similar to creating an IP-Trunk interface. The following takes the creation of an IP-Trunk interface as an example to describe the operation procedure.
Prerequisite
l l l The features of related interface modules must be synchronized to the NMS. The equipment must support IP-Trunk interfaces. Before you create an IP-Trunk interface, configure the link layer protocol for each POS interface as HDLC and ensure that the links are in the normal state.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Trunk Interface. 3 On the Trunk Interface tab page, click Create, and then select IP-Trunk from the related dropdown list.
NOTE
4 In the Create IP-Trunk Interface dialog box, set the related parameters as required. l l l
3-18
Click the General tab. Then, set Interface No. and Interface Description. Click the Feature tab. Then, set the related parameters. Click the Member Interface tab. Then, add member interfaces.
l l
Click the IPv4 Address tab. Then, set parameters such as IPv4 address. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
3.9 Configuring an ATM Interface

This topic describes how to configure an ATM interface, which includes configuring the general information, physical features, ATM features, and PVC, and setting the IP address. You can set these parameters according to the actual conditions of the ATM network so that these parameters can perfectly match the physical network.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support ATM interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click ATM Interface. 3 Optional: Click Condition. In the Set Filter Condition dialog box, set query conditions, and then click OK.
NOTE
4 Click Query. Query results are displayed according to the set filtering rule. 5 In the query result area, select the interface to be configured. 6 Click Configure. 7 In the Configure ATM Interface dialog box, set the related parameters as required. l l l l
Issue 03 (2010-11-19)
Click the General tab. Then, set Interface Description. Click the Physical Feature tab. Then, set Frame Format, Clock Mode, and Scramble. Click the ATM Feature tab. Then, set the MTU value of the ATM interface. Click the PVC. Then, set the related PVC parameters of the ATM interface.
Click the IPv4 Address tab. Then, set parameters such as IPv4 Address and IPv4 Address Unnumbered.
8 Click OK. Close the dialog box. ----End
3.10 Creating an ATM Subinterface

This topic describes how to create an ATM subinterface, which includes configuring the general information, ATM features, and PVC/PVP, and setting the IP address. If you use the ATM subinterface to communicate with the peer equipment, you need to configure the ATM subinterface. The parameters of the ATM subinterface do not include certain parameters, such as the clock mode, frame format, and scramble function. You can set these parameters on the main ATM interface. Then, the ATM subinterface can automatically inherit these parameters from the main interface. Configuring an ATM subinterface is similar to creating an ATM subinterface. The following takes the creation of an ATM subinterface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support ATM interfaces and ATM subinterfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click ATM Interface. 3 On the ATM Interface tab page, click Create.
NOTE
4 In the Create ATM Subinterface dialog box, set the related parameters as required. l l l l Click the General tab. Then, set Subinterface Type, Subinterface No., and Subinterface Description. Click the ATM Feature tab. Then, set the MTU value of the ATM subinterface. Click the PVC/PVP tab. Then, set the related PVC/PVP parameters of the ATM subinterface. Click the IPv4 Address tab. Then, set parameters such as IPv4 Address and IPv4 Address Unnumbered.
5 Optional: Click Apply. The subinterface is added. You can add more subinterfaces by repeating the preceding steps. Information about the new subinterface is displayed in the query result area. 6 Click OK.
Close the dialog box. ----End
3.11 Creating a Tunnel Interface

This topic describes how to create a tunnel interface, which includes configuring the general information and setting IP addresses. The GRE and MPLS TE tunnels use a type of virtual logical interface, namely, the tunnel interface, for forwarding. Before using these types of tunnels, you need to create a tunnel interface. Configuring a tunnel interface is similar to creating a tunnel interface. The following takes the creation of a tunnel interface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support tunnel interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Tunnel Interface. 3 On the Tunnel Interface tab page, click Create.
NOTE
4 In the Create Tunnel Interface dialog box, set the related parameters as required. l l l Click the General tab. Then, set Interface No. and Interface Description. Click the IPv4 Address tab. Then, set parameters such as IPv4 Address and IPv4 Address Unnumbered. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
3.12 Creating a VE Interface

This topic describes how to create a VE interface, which includes configuring the general information and Ethernet features, and setting the IP address. The VE interface supports the
common attributes of the Ethernet interface. Although the VE interface is mainly applied to IPoEoA, it can also be used to access the L2VPN, VPLS, and L3VPN, or to perform Layer 3 forwarding. Configuring a VE interface is similar to creating a VE interface. The following takes the creation of a VE interface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support VE interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click VE Interface. 3 On the VE Interface tab page, click Create, and then select VE from the related drop-down list.
NOTE
4 In the Create VE Interface dialog box, set the related parameters as required. l l l Click the General tab. Then, set Interface No. and Interface Description. Click the Ethernet Feature tab. Then, set parameters such as User Termination Mode and VE-Group. Click the IPv4 Address tab. Then, set parameters such as IPv4 Address.
3.13 Creating a VE Subinterface

This topic describes how to create a VE subinterface, which includes configuring the general information, features, and advanced information, and setting the IP address. Configuring a VE subinterface is similar to creating a VE subinterface. The following takes the creation of a VE subinterface as an example to describe the operation procedure.
Prerequisite
l l l
3-22
The features of related interface modules must be synchronized to the NMS. The equipment must support VE interfaces and VE subinterfaces. The main interface must be configured with User Termination Mode.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click VE Interface. 3 On the VE Interface tab page, click Create, and then select VE Subinterface from the related drop-down list.
NOTE
4 In the Create VE Subinterface dialog box, set the related parameters as required. l l l l Click the General tab. Then, set Subinterface No. and Subinterface Description. Click the Subinterface Feature tab. Then, set the encapsulate mode or termination mode for the subinterface. Click the IPv4 Address tab. Then, set parameters such as the subinterface IPv4 address. Click the Advanced tab. Then, set the MTU value of the sub-interface. For the configuration on a PE, set the IPv4 address and MAC adress of the interface connecting to the CE and set whether to enable broadcast.
3.14 Creating a Loopback Interface

This topic describes how to create a loopback interface, which includes configuring the general information and setting the IP address. If you need the IP address of an interface whose state is always Up, you can select the IP address of a loopback interface. Configuring a loopback interface is similar to creating a loopback interface. The following takes the creation of a loopback interface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support loopback interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click Loopback Interface. 3 On the Loopback Interface tab page, click Create.
NOTE
4 In the Create Loopback Interface dialog box, set the related parameters as required. l l l Click the General tab. Then, set Interface No. and Interface Description. Click the IPv4 Address tab. Then, set parameters such as IPv4 Address. Click the IPv6 Address tab. Then, set parameters such as the IPv6 address of the interface.
NOTE
3.15 Creating a VT Interface

This topic describes how to create a VT interface, which includes configuring the general information and setting the IP address. Layer 2 protocols, such as the PPP protocol, Ethernet protocol, and ATM protocol, cannot bear each other directly. They can communicate with each other through VA interfaces. A VA interface is automatically created by the system when the Layer 2 protocols need to communicate with each other. A VT is the template that the system uses to configure a VA interface. You can configure a VA interface only by setting the attributes of a VT. Configuring a VT interface is similar to creating a VT interface. The following takes the creation of a VT interface as an example to describe the operation procedure.
Prerequisite
l l The features of related interface modules must be synchronized to the NMS. The equipment must support VT interfaces.
Procedure
1 Right-click an NE in the topology view and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Interface Management, and then click VT Interface. 3 On the VT Interface tab page, click Create.
NOTE
4 In the Create VT Interface dialog box, set the related parameters as required. l
3-24
Click the General tab. Then, set Interface No. and Interface Description.
Click the IPv4 Address tab. Then, set parameters such as IPv4 Address and IPv4 Address Unnumbered.
Issue 03 (2010-11-19)
3-25
4 NE Channel Management
4
About This Chapter
NE Channel Management
This topic describes the functions and basic concepts of NE channel management, and instructs you to configure and maintain NE channel management. 4.1 Overview of NE Channel Management This topic describes the functions and concepts of NE channel management that you need to learn before configuring NE channel management on the U2000. 4.2 Configuring the VTY Service This topic describes how to set the maximum number of VTYs accessing the equipment locally or remotely, and how to customize the rule of each VTY. 4.3 Configuring the Status of the FTP Server This topic describes how to configure the status of the FTP server. Through the FTP service management, you can enable or disable the FTP server on the equipment, and change the timeout period of the FTP service. 4.4 Configuring the Syslog Service This topic describes how to configure the Syslog source interface, create the Syslog host, and configure the advanced attributes of the Syslog service. 4.5 Configuring the Trap Service This topic describes how to configure trap information, such as configuring the trap source interface, creating the trap receiving host, configuring the module for sending traps, and setting the advanced attributes of the trap service.
Issue 03 (2010-11-19)
4-1
4.1 Overview of NE Channel Management

This topic describes the functions and concepts of NE channel management that you need to learn before configuring NE channel management on the U2000. 4.1.1 Functions of NE Channel Management This topic describes the functions of NE channel management, such as managing the VTY service, NAP service, FTP service, local user service, trap service, and Syslog service. 4.1.2 Concepts This topic describes the concepts of the VTY service, NAP service, FTP service, local user service, Syslog service, and trap service provided by the U2000.
4.1.1 Functions of NE Channel Management

This topic describes the functions of NE channel management, such as managing the VTY service, NAP service, FTP service, local user service, trap service, and Syslog service. NE channel management on the U2000 provides the following functions: l Managing the VTY service This function allows you to set the maximum number of VTYs performing local or remote access to the equipment, customize the rule of each VTY, and restore default VTY settings. l Managing the NAP service This function allows you to set global attributes for subinterfaces, add the interface, configure the IP address of the interface, and deliver scripts. l Managing the FTP service This function allows you to enable or disable the FTP server on the equipment and change the timeout period of the FTP service. l Managing the local user service This function allows you to create or modify the account of the user that accesses the equipment. l Managing the Syslog service This function allows you to configure the Syslog source interface, create or modify the log host, configure the advanced attributes of the Syslog service, and restore default advanced attributes of the Syslog service. l Managing the trap service This function allows you to configure the trap source interface, create or modify the trap receiving host, configure the module that sends traps, and configure the advanced attributes of the trap service.
4.1.2 Concepts
This topic describes the concepts of the VTY service, NAP service, FTP service, local user service, Syslog service, and trap service provided by the U2000.
4-2
Issue 03 (2010-11-19)
VTY Service
After a Telnet connection or SSH connection is set up between a terminal and the equipment, you set up a VTY. The VTY service allows you to set the virtual link parameters for a terminal to locally or remotely access the equipment.
FTP Service
In the TCP/IP protocol suite, FTP runs on the application layer. FTP is used to transfer files between remote hosts and is implemented on the basis of the related file systems. FTP service management mentioned in this chapter refers to managing the running status of the FTP server and setting the timeout period of the FTP server. Here, the FTP server refers to the equipment managed by the U2000. You can log in to the equipment as the FTP client to access files on the equipment.
Syslog Service
The log service is realized through the information center module. The information center receives log information from all modules and forwards the information to the log host through port 514. By configuring the Syslog service, you can configure the Syslog source interface and its IP address. In this manner, the Syslog host can identify the source of messages through the source IP address and classify the messages.
Trap Service
The managed equipment automatically sends traps to the U2000 to report events. Traps are the unrequested messages that the managed equipment automatically sends to the U2000. Traps are used to report emergent and important events. To enable the equipment to automatically send traps, you must configure the trap function.
4.2 Configuring the VTY Service

This topic describes how to set the maximum number of VTYs accessing the equipment locally or remotely, and how to customize the rule of each VTY.
Prerequisite
Telnet or STelnet parameters must be set on the equipment and the equipment information must be synchronized to the U2000.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > VTY Service from the service tree. 3 On the VTY Service tab page, set Available Max VTY with up and down arrows. Click Apply.
4 Select a VTY record in the VTY service view. Set VTY parameters through the related dropdown lists or text boxes. 5 Click Apply on the right of Synchronize. ----End
4.3 Configuring the Status of the FTP Server

This topic describes how to configure the status of the FTP server. Through the FTP service management, you can enable or disable the FTP server on the equipment, and change the timeout period of the FTP service.
Prerequisite
Telnet or STelnet parameters must be set on the equipment and the equipment information must be synchronized to the U2000.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > FTP Service from the service tree. 3 On the FTP Service tab page, determine whether to enable FTP Server and set FTP Server Timeout (Minute). If FTP Server is disabled, you cannot set FTP Server Timeout (Minute). 4 Click Apply.
NOTE
To synchronize the configurations on the equipment to the U2000, click Synchronize.
----End
4.4 Configuring the Syslog Service

This topic describes how to configure the Syslog source interface, create the Syslog host, and configure the advanced attributes of the Syslog service. 4.4.1 Configuring the Syslog Source Interface This topic describes how to configure the service status of the Syslog source interface. After you configure the IP address of the specified interface for the Syslog service, the log host can classify logs according to the source IP address. 4.4.2 Creating the Log Host This topic describes how to configure the IP Address, channel number, log tool, and log language of the log host. 4.4.3 Configuring the Advanced Attributes of the Syslog Service This topic describes how to configure the advanced attributes of the syslog service. In the Advanced Configuration dialog box, you can set the parameters in the Log Buffer and Log File area.
4.4.1 Configuring the Syslog Source Interface

This topic describes how to configure the service status of the Syslog source interface. After you configure the IP address of the specified interface for the Syslog service, the log host can classify logs according to the source IP address.
Prerequisite
l l l The selected equipment must support the log service function on the U2000. Telnet or STelnet parameters must be set on the equipment and the equipment information must be synchronized to the U2000. The Syslog source interface and its IP address must be known.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Syslog Service from the service tree. 3 On the Syslog Service tab page, click Synchronize. 4 Click Enable or Disable to change the service status of the Syslog source interface.
NOTE
If the Syslog source of the host is in use, you cannot select the Syslog source interface from the drop-down list box. The displayed status button is Disable. Click Disable to disable the log source. Then, you can select the Syslog source interface from the drop-down list box. The status button that is displayed changes to Enable.
5 When the Syslog source is disabled, select the source interface for sending Syslog files from the drop-down list box, and then click Enable. ----End
4.4.2 Creating the Log Host

This topic describes how to configure the IP Address, channel number, log tool, and log language of the log host.
Prerequisite
The IP address of the log host must be known.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Syslog Service from the service tree. 3 Right-click on the Syslog Service tab page and choose Create from the shortcut menu. 4 In the Create Log Host dialog box, set the related parameters. 5 Click OK.
If more than one log host is created, the Create Log Host progress bar is displayed. After all the log hosts are created, click OK. ----End
4.4.3 Configuring the Advanced Attributes of the Syslog Service

This topic describes how to configure the advanced attributes of the syslog service. In the Advanced Configuration dialog box, you can set the parameters in the Log Buffer and Log File area.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Syslog Service from the service tree. 3 On the Syslog Service tab page, click Advanced. 4 In the Advanced Configuration dialog box, set the parameters in the Log buffer and Log File areas. 5 Click OK. ----End
4.5 Configuring the Trap Service

This topic describes how to configure trap information, such as configuring the trap source interface, creating the trap receiving host, configuring the module for sending traps, and setting the advanced attributes of the trap service. 4.5.1 Configuring the Alarm Source Interface This topic describes how to configure the trap source interface. In general, each host has a default trap source interface and the related IP address for sending traps. To change the trap source interface, you can set the related parameters when the trap source is disabled. 4.5.2 Creating a Trap Receiving Host This topic describes how to create a trap receiving host. The trap receiving host receives traps sent from the equipment. By setting the parameters such as the destination address of traps, the port number, and the SNMP authentication mode, you can create a trap receiving host. 4.5.3 Configuring the Module for Sending Traps This topic describes how to configure the module for sending traps to the U2000. 4.5.4 Configuring the Advanced Attributes of the Trap Service This topic describes how to configure the advanced attributes, such as the trap buffer, queue size, and trap life of the trap service.
4.5.1 Configuring the Alarm Source Interface

This topic describes how to configure the trap source interface. In general, each host has a default trap source interface and the related IP address for sending traps. To change the trap source interface, you can set the related parameters when the trap source is disabled.
Prerequisite
The trap source interface and its IP address must be known.
Context
An SNMP trap, no matter which interface it comes from, carries a trap address, also called the address of the trap source interface. When you want to trace a certain event through the trap address, you can configure the trap source interface.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Trap Service from the service tree. 3 On the Trap Service tab page, click Synchronize. 4 Click Enable or Disable to change the service status of the trap source interface.
NOTE
If the trap source of the host is in use, you cannot select the trap source interface from the drop-down list box. The status button that is displayed is Disable. Click Disable to disable the trap source. Then, you can select the trap source interface from the drop-down list box. The status button that is displayed changes to Enable.
5 When the trap source is disabled, select the source interface for sending traps from the dropdown list box, and then click Enable. ----End
4.5.2 Creating a Trap Receiving Host

This topic describes how to create a trap receiving host. The trap receiving host receives traps sent from the equipment. By setting the parameters such as the destination address of traps, the port number, and the SNMP authentication mode, you can create a trap receiving host.
Prerequisite
The IP address of the trap receiving host must be known.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Trap Service from the service tree. 3 Right-click on the Trap Service tab page and choose Create from the shortcut menu. 4 In the Create Receiving Host dialog box, set the related parameters. 5 Click OK.
NOTE
If more than one receiving host is created, the Create Receiving Host progress bar is displayed. After the receiving hosts are created, click OK.
----End
4.5.3 Configuring the Module for Sending Traps

This topic describes how to configure the module for sending traps to the U2000.
Prerequisite
l l The selected equipment must support the configuration of the trap service on the U2000. Telnet or STelnet parameters must be set on the equipment, and configurations on the equipment must be synchronized to the U2000.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Trap Service from the service tree. 3 On the Trap Service tab page, click Send. 4 In the Configure Sending Module dialog box, do as follows: l Select the Global Configuration option button. Then, you can configure alarm control on all modules of the equipment, including Enable Function of All Non-excessive Alarms, Disable Function of All Non-excessive Alarms, Disable Function of All Excessive Alarms, and Disable All Alarms. l Select the Feature Configuration option button. Then, you can configure alarm control on certain feature modules of the equipment. To configure alarm control, you need to select a module node and then select the corresponding option button on the right. If you need to enable a certain excessive alarm, expand the feature module of the alarm and select the check box corresponding to this module.
5 Click OK. ----End

4.5.4 Configuring the Advanced Attributes of the Trap Service

This topic describes how to configure the advanced attributes, such as the trap buffer, queue size, and trap life of the trap service.
Prerequisite
l l The selected equipment must support the configuration of the trap service on the U2000. Telnet or STelnet parameters must be set on the the equipment, and configurations on the equipment must be synchronized to the U2000.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose NE Channel Management > Trap Service from the service tree. 3 On the Trap Service tab page, click Advanced. 4 In the Advanced Configuration dialog box, set the related parameters. 5 Click OK. ----End
Issue 03 (2010-11-19)
4-9
5 ACL Management
5
About This Chapter
ACL Management
This topic describes the functions provided by the ACL management module, the methods of configuring these functions, and the example for configuring an ACL service. 5.1 ACL Management Overview This topic describes the functions and basic concepts of ACL management. 5.2 Process of Configuring an ACL Service This topic describes the process of configuring an ACL service. 5.3 Configuring a Time Range This topic describes how to configure the time range. You need to configure a time range for an ACL rule before enabling the ACL rule to take effect in the set time range. 5.4 Creating an ACL Group This topic describes how to create an ACL group. The ACL group is used to define the types, matching order, and step length of ACL rules. Before configuring an ACL rule, you need to create an ACL group. An ACL group can contain one or multiple ACL rules. 5.5 Configuring ACL Rules This topic describes ACL rules, including basic rules, advanced rules, interface rules, user group rules, and simple rules.. 5.6 Example for Configuring an ACL Service This topic describes how to configure an ACL service with an example.
Issue 03 (2010-11-19)
5-1
5 ACL Management
5.1 ACL Management Overview

This topic describes the functions and basic concepts of ACL management. 5.1.1 ACL Management Functions This topic describes ACL management functions. The ACL defines a set of rules on equipment. With these rules, equipment can determine which packets are permitted to pass or denied. 5.1.2 Basic Concepts This topic describes the basic concepts of ACL management, including the concepts of the ACL type, matching order, rule ID, inverse mask, and time range.
5.1.1 ACL Management Functions

This topic describes ACL management functions. The ACL defines a set of rules on equipment. With these rules, equipment can determine which packets are permitted to pass or denied. ACL management involves the management on time ranges, ACL groups, and ACL rules.

This topic describes the basic concepts of ACL management, including the concepts of the ACL type, matching order, rule ID, inverse mask, and time range.
ACL Type
Based on application purposes, ACLs are classified into seven types, as shown in Table 5-1. Table 5-1 ACL types ACL Type Interface ACL Basic ACL Advanced ACL Ethernet frame ACL User group ACL Simple ACL Group Name Range 1000 to 1999 2000 to 2999 3000 to 3999 4000 to 4099 6000 to 9999 10000 to 42767
NOTE
The ACL type and group number vary according to equipment types and versions.
Matching Order
An ACL group can consist of multiple rules. These rules may be overlapped or contradictory. Thus, the matching order of ACL rules determines the priorities of the ACL rules to be matched with a packet.
5 ACL Management
There are two types of matching orders: l l Configuration order The ACL rules are matched according to their configuration order. Automatic order The automatic order follows the depth-first principle. The depth-first principle means that the statement specifying the smallest range of hosts is placed before the others. For basic ACL rules The source address wildcards are compared. If the source address wildcards are the same or cannot be compared, the ACL rules are matched with packets according to the configuration order. For advanced ACL rules The source address wildcards are compared. If the source address wildcards are the same, the destination address wildcards are then compared. If the destination address wildcards are also the same, the ranges of port numbers are compared. If the ranges of port numbers are still the same, the ACL rules are matched with packets according to the configuration order. For interface ACL rules The rules configured with "any" are compared last. Other rules are matched with packets according to the configuration order. If two ACL rules cannot be compared with each other, the ACL rules are matched with packets according to the configuration order.
Rule ID
When you configure certain rules, the system automatically generates an ID for each rule. A certain space exists between generated rule IDs so that new rules can be added among rules. The size of the space is determined by the ACL step. For instance, if the step is set to 5, IDs are the multiples of 5 (beginning with 5), that is, 5, 10, 15 and so on. The features of ACL rule IDs are as follows: l IDs of the ACL rules that are matched according to the configuration order If a rule ID is specified when the rule is configured with the configuration order, the specified rule ID determines the position where the rule is inserted. For example, the IDs of the rules in the system are 5, 10, and 15. If 7 is specified as the rule ID for a new ACL rule, the matching order of the rules is 5, 7, 10, and 15. l l IDs of the ACL rules that are matched according to the automatic order In the case of automatic order, you cannot specify an ID for a rule. Rules that take effect first The rule with the smallest rule ID takes effect first.
Inverse Mask
The masks of the IP addresses in the ACL are inverse masks, which are distinguished from the masks of interface IP addresses. When an IP address is compared with another one, the IP mask specifies the bits to be ignored in the IP address. The mask is represented by dotted decimal notation. In practice, the masks are compared in binary mode. The number of 1 in the inverse
5 ACL Management
mask indicates the bit to be ignored in an IP address and the number of 0 indicates the bit to be reserved and compared.
Time Range
In practice, certain ACL rules may need to take effect in a specific time period or certain specific time periods. In this case, you can configure ACL rules to take effect according to time ranges. The time range defines the period during which an ACL rule is valid. A time range consists of three parts, as shown in Table 5-2. Table 5-2 Time range structure Part Time range name Absolute time range Periodic time range Description Indicates a time range. When configuring the ACL, you can use a name to describe a time range. Indicates a specific time range, including the start time and end time. Indicates a time range with the one-week interval. You can specify the days when the ACL takes effect in a week.
5.2 Process of Configuring an ACL Service

This topic describes the process of configuring an ACL service. Figure 5-1 shows the process of configuring an ACL service. Figure 5-1 Flowchart of configuring an ACL service
Required Optional
Start
Configure a time range
Configure an ACL group
Configure an ACL rule
End
5-4
Issue 03 (2010-11-19)
5 ACL Management
5.3 Configuring a Time Range

This topic describes how to configure the time range. You need to configure a time range for an ACL rule before enabling the ACL rule to take effect in the set time range. The following are the application examples of the ACL rules configured with specified time ranges: l l A specified website can be accessed only during the working hours (from 8:00 to 18:00) from Monday to Friday. User activities are logged for the users who access a specified website during non-working hours (from 18:00 to 8:00 on the next day).
5.3.1 Creating a Time Range This topic describes how to create a time range. 5.3.2 Creating an Absolute Time Range This topic describes how to create an absolute time range in a specified time range. 5.3.3 Creating a Periodic Time Range This topic describes how to create a periodic time range in a specified time range.
5.3.1 Creating a Time Range

This topic describes how to create a time range.
Prerequisite
Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000.
Context
l l When creating a time range, you must configure at least one periodic or absolute time range. Creating null time ranges is not allowed. You can configure multiple periodic or absolute time ranges for a time range.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > Time Range from the service tree. 3 On the Time Range tab page, click Create.
NOTE
You can also right-click in the query result area and choose Create from the shortcut menu.
4 In the Create Time Range dialog box, set Time Range Name. 5 Right-click in the Absolute Time Range area and choose Create from the shortcut menu. 6 In the Create Absolute Time Range dialog box, set the related parameters and click OK. 7 Right-click in the Periodic Time Range area and choose Create from the shortcut menu.
5 ACL Management
8 In the Create Periodic Time Range dialog box, set the related parameters and click OK.
9 Click OK or Apply. ----End
5.3.2 Creating an Absolute Time Range

This topic describes how to create an absolute time range in a specified time range.
Prerequisite
Context
l l l You can enable a time range to take effect during the specific period by creating an absolute time range in the time range. You can create an absolute time range when creating a time range. For details, see 5.3.1 Creating a Time Range. The absolute time ranges in a time range must be different.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu.
5 ACL Management
2 Choose ACL Management > Time Range from the service tree. 3 On the Time Range tab page, click Query. 4 In the query result area, select a time range record. 5 On the Detail Information tab page, right-click in the Absolute Time Range area and choose Create from the shortcut menu. 6 In the Create Absolute Time Range dialog box, set the related parameters and click OK. 7 Click Apply. ----End
5.3.3 Creating a Periodic Time Range

This topic describes how to create a periodic time range in a specified time range.
Prerequisite
Context
l l l You can enable a time range to take effect at a specific time by creating a periodic time range in the time range. You can create a periodic time range when creating a time range. For details, see 5.3.1 Creating a Time Range. The periodic time ranges in a time range must be different.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > Time Range from the service tree. 3 On the Time Range tab page, click Query. 4 In the query result area, select a time range record. 5 On the Detail Information tab page, right-click in the Periodic Time Range area and choose Create from the shortcut menu. 6 In the Create Periodic Time Range dialog box, set the related parameters and click OK. 7 Click Apply. ----End
5.4 Creating an ACL Group

This topic describes how to create an ACL group. The ACL group is used to define the types, matching order, and step length of ACL rules. Before configuring an ACL rule, you need to create an ACL group. An ACL group can contain one or multiple ACL rules.
5 ACL Management
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Group from the service tree. 3 On the ACL Group tab page, click Create.
NOTE
4 In the Create ACL Group dialog box, set the related parameters.
5.5 Configuring ACL Rules

This topic describes ACL rules, including basic rules, advanced rules, interface rules, user group rules, and simple rules.. An ACL consists of a series of rules. ACL rules have the following features: l l Only source IP addresses can be used as the elements for defining basic ACL rules. Advanced ACL rules can be defined by elements including the source IP address and destination IP address of packets, the protocol type on the IP bearer network, and protocol features. Advanced ACL rules are more accurate, diversified, and flexible than basic ACL rules. Different from other ACL rules, interface ACL rules are defined according to the interfaces that receive packets. User group ACL rules are similar to advanced ACL rules. Their difference is that user group ACL rules can also be defined according to user groups. Simple ACL rules can be defined according to information such as the source IP address, destination IP address, user group, protocol type on the IP bearer network, and protocol feature. With simple ACL rules, you can define authority group rules for a user to access the network or communicate with other users.
l l l
5.5.1 Creating a Basic Rule

5 ACL Management
This topic describes how to create a basic rule. 5.5.2 Creating an Interface Rule This topic describes how to create an interface rule. 5.5.3 Creating an Advanced Rule This topic describes how to create an advanced rule. 5.5.4 Creating a User Group Rule This topic describes how to create a user group rule. 5.5.5 Creating a Simple Rule This topic describes how to create a simple rule. 5.5.6 Creating an Ethernet Frame Rule This topic describes how to create an Ethernet frame rule.
5.5.1 Creating a Basic Rule

This topic describes how to create a basic rule.
Prerequisite
l l l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000. A basic ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000. If a time range is configured, the time range must be synchronized.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > Basic Rule from the service tree. 3 On the Basic Rule tab page, click Create.
NOTE
4 In the Create Basic Rule dialog box, set the related parameters.
Issue 03 (2010-11-19)
5-9
5 ACL Management
5.5.2 Creating an Interface Rule

This topic describes how to create an interface rule.
Prerequisite
l l l l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000. An interface ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000. Interface information on equipment must be synchronized to the U2000. If a time range is configured, the time range must be synchronized.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > Interface Rule from the service tree. 3 On the Interface Rule tab page, click Create.
NOTE
4 In the Create Interface Rule dialog box, set the related parameters.
5.5.3 Creating an Advanced Rule

This topic describes how to create an advanced rule.
5-10
Issue 03 (2010-11-19)
5 ACL Management
Prerequisite
l l l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000. An advanced ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000. If a time range is configured, the time range must be synchronized.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > Advanced Rule from the service tree. 3 On the Advanced Rule tab page, click Create.
NOTE
4 In the Create Advanced Rule dialog box, set the related parameters.
5.5.4 Creating a User Group Rule

This topic describes how to create a user group rule.
Prerequisite
l l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000. A user group ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000.
Issue 03 (2010-11-19)
5 ACL Management
l l
User group configurations on equipment must be synchronized to the U2000. If a time range is configured, the time range must be synchronized.
Context
User group ACL rules are similar to advanced ACL rules. Their difference is that the user group ACL rules can also be defined according to user groups.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > User Group Rule from the service tree. 3 On the User Group Rule tab page, click Create.
NOTE
4 In the Create User Group Rule dialog box, set the related parameters.
5.5.5 Creating a Simple Rule

This topic describes how to create a simple rule.
Prerequisite
l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000.
5-12
5 ACL Management
l l
A simple ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000. If a time range is configured, the time range must be synchronized.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > Simple Rule from the service tree. 3 On the Simple Rule tab page, click Create.
NOTE
4 In the Create Simple Rule dialog box, set the related parameters.
5.5.6 Creating an Ethernet Frame Rule

This topic describes how to create an Ethernet frame rule.
Prerequisite
l l Telnet or STelnet parameters must be set on the U2000 for accessing equipment and equipment configurations must be synchronized to the U2000. An Ethernet frame ACL group must be configured and ACL group configurations on equipment must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose ACL Management > ACL Rules > Ethernet Frame Rule from the service tree. 3 On the Ethernet Frame Rule tab page, click Create.
5 ACL Management
NOTE
4 In the Create Ethernet Rule dialog box, set the related parameters.
5.6 Example for Configuring an ACL Service

This topic describes how to configure an ACL service with an example.
Networking Requirements
As shown in Figure 5-2, a company accesses the Internet through GE1/0/0 of an NE. The NE is connected to the Intranet through GE2/0/0. NEs are connected to each other through valid routes. The company provides WWW, FTP, and Telnet services for the equipment outside the Intranet. The internal subnet of the company is 129.38.1.0. The IP address of the internal FTP server is 129.38.1.1; the IP address of the internal Telnet server is 129.38.1.2; the IP address of the WWW server is 129.38.1.3. The networking requirements are as follows: l l Only the specified users outside the Intranet can access the servers on the Intranet. Only the specified hosts on the Intranet can access the external networks and they can access the external networks on only Saturday and Sunday.
Suppose that the IP address of a specified external user that can access the Intranet is 202.39.2.3.
5-14
Issue 03 (2010-11-19)
5 ACL Management
Figure 5-2 Networking diagram of ACL configuration
FTP server
129.38.1.1/16
Telnet server
129.38.1.2/16
WWW server
129.38.1.3/16
129.38.1.4/16
GE2/0/0 129.38.1.5/16
WAN
GE1/0/0 202.38.160.1/16 202.39.2.3/16
Configuration Roadmap
1. 2. 3. Configure the time range during which the ACL takes effect. Configure an ACL group. Configure the rules for the ACL group.
Data Preparation
To configure the ACL service, you need the following data: l l l l ACL group number Source IP addresses that can access the Intranet Destination IP addresses that the hosts on the Intranet can access Data for configuring the time range
Configuration Procedure
1. 2. 3. Create a time range. For details, see 5.3.1 Creating a Time Range. In this example, the time range includes Saturday and Sunday. Create an ACL group. For details, see 5.4 Creating an ACL Group. In this example, an advanced ACL group is created. Create an advanced ACL rule. For details, see 5.5.3 Creating an Advanced Rule. In this example, do as follows to set the parameters: (1) On the Basic Information tab page, set the action to Permit. (2) On the Source Settings tab page, set the matching type to Specified IP Address, source IP address to 129.38.1.4, and wildcard to 0.0.0.0. (3) On the Destination Settings tab page, set the matching type to Specified IP Address, destination IP address to 202.39.2.3, and wildcard to 0.0.0.0. (4) On the Extend Settings tab page, select the created time range.
5 ACL Management
The ACL rule that allows the host 129.38.1.4 on the Intranet to access the external networks is configured. 4. Repeat step 3. configure the ACL rules that allow the internal servers 129.38.1.1, 129.38.1.2, and 129.38.1.3 to access external networks, and allow user 202.39.2.3 on the external network to access the internal servers.
Verifying Configurations
After the configuration, log in to equipment and run the display acl command to view the ACL configurations and confirm that the ACL rules take effect.
5-16
Issue 03 (2010-11-19)
6 Ethernet OAM Management
6
About This Chapter
Ethernet OAM Management
This describes the related concepts and service configurations of the Ethernet OAM. Operation, Administration, and Maintenance (OAM) is a mechanism used to simplify network operations, test the network performance in real time, and reduce network operation costs. The Ethernet service OAM, based on the Ethernet service traffic, is used to provide the automatic check, fault location and performance check for the connectivity of the Ethernet link. 6.1 Ethernet OAM Management Overview This describes the functions and concepts of Ethernet OAM management. 6.2 Processes of Configuring the Ethernet OAM This describes the processes of configuring the Ethernet OAM. 6.3 Configuring Ethernet OAM Globally This describes how to configure Ethernet OAM on a device globally. Here, the global configurations refers to the Ethernet OAM configurations on a device. The configuration items affect the Ethernet OAM functions of a device. 6.4 Configuring 802.1ag OAM This describes how to configure 802.1ag OAM, such as creating the MD, MA, local MEP, remote MEP, and configuring the creation policy of the interface MIP. 6.5 Configuring 802.3ah OAM This describes how to configure 802.1ah OAM, such as specifying port parameters, synchronizing OAM sessions, and performing loopback tests. 6.6 Configuring Test Diagnosis This describes how to configure different types of test diagnosis tasks, such as the test diagnosis task based on 802.1ag, and general test diagnosis task.
Issue 03 (2010-11-19)
6-1
6.1 Ethernet OAM Management Overview

This describes the functions and concepts of Ethernet OAM management. 6.1.1 Ethernet OAM Management Functions This describes the functions of Ethernet OAM management. Ethernet OAM can improve network management and maintenance and ensures network stability. At present, the U2000 supports Ethernet OAM management on devices through the IEEE 802.1ag draft standard and IEEE 802.3ah standard. 6.1.2 802.1ag OAM Concepts This describes the concepts of 802.1ag OAM. The 802.1ag standard is used to continuously monitor user services, acknowledge, and locate connectivity faults. 6.1.3 Test Diagnosis Concepts This describes the basic concepts of test diagnosis.
6.1.1 Ethernet OAM Management Functions

This describes the functions of Ethernet OAM management. Ethernet OAM can improve network management and maintenance and ensures network stability. At present, the U2000 supports Ethernet OAM management on devices through the IEEE 802.1ag draft standard and IEEE 802.3ah standard. The U2000 Ethernet OAM management provides the following functions: l l Supporting global information management. Supporting the functions related to 802.1ag. These functions include the configuration and management of the MD, MA, local MEP, remote MEP, MIP, and test diagnosis. l Supporting the functions related to 802.3ah. These functions include protocol configuration, port query, and loopback detection. Figure 6-1 shows the typical network application model of 802.1ag OAM and 802.1ah OAM. Figure 6-1 Typical application model
802.3ah 802.1ag 802.3ah
MD 0 MD 1 MD 2 MD 3
CE
MAN
Core
MAN
CE
6-2
Issue 03 (2010-11-19)
6.1.2 802.1ag OAM Concepts

This describes the concepts of 802.1ag OAM. The 802.1ag standard is used to continuously monitor user services, acknowledge, and locate connectivity faults.
MD
An MD is a network or part of the network for which connectivity faults need to be managed. Normally, an MD is a multiple spanning tree (MST) domain composed of multiple connected Ethernet switches. Part of the network inside an MD may be maintained by another administrator, that is, the MD may be nested. The MD level information in the CFM PDU is used to handle the OAM packets spanning different levels. The low-level OAM packets are discarded in high-level MDs whereas high-level OAM packets can be transmitted through low-level MDs. In this manner, the transmission of OAM packets is restricted to certain domains. In the network of Figure 6-2, MD 2 is contained in MD 1. The OAM packets of MD 1 need to be transmitted through MD 2. You can set MD 1 level to 6 and MD 2 level to 3, so that the OAM packets of MD 1 can be transmitted through MD 2 to implement CFM in MD 1 completely. The OAM packets of MD 2 cannot be transmitted to MD 1. Figure 6-2 MDs of different levels
MD1(Level=6) ...... MD2(Level=3) ......
......
You can create a maximum of 64 MDs for a device.
MA
A maintenance association (MA) is a part of the MD. An MD can be divided into one or multiple MAs. On a device, an MA can associate with only one VLAN. Ethernet CFM performs connectivity fault detection on each MA. In the carrier network, one VLAN corresponds to one service instance. By dividing an MD into MAs, you can implement CFM on a network that transmits a certain service instance. You can create a maximum of 4096 MAs in an MD. You can create a maximum of 4096 MAs for a device. The level of an MA is equal to that of the MD where it resides.
MEP
A maintenance association end point (MEP) is an edge node of the MA, as shown in Figure 6-3. Figure 6-3 MEP and MIP
MA
MEP MIP
MEPs, manually created, reside on the interfaces of CXs. The level of an MEP is the level of the MD to which the MEP belongs. For a network device enabled with Ethernet CFM, its MEP is called the local MEP. For the other devices in the same MA, their MEPs are called the remote maintenance association end points (RMEPs). MEPs are divided into two types: l inward: See MEP 1 in Figure 6-4. An inward MEP does not send CCMs through the interface on which it resides. The inward MEP sends CCMs through other interfaces in the VLAN that is associated with the MA to which the inward MEP belongs. The MA to which an inward MEP belongs must associate with a VLAN. outward: See MEP 2 and MEP 3 in Figure 6-4. An outward MEP sends CCMs through the interface on which it resides. The MA to which an outward MEP belongs does not have to associate with a VLAN.
6-4
Issue 03 (2010-11-19)
Figure 6-4 MEP types
VLAN3
Inward type VLAN2 MPE1
Outward type MPE2 MPE3 Data flow send by MEP1 Data flow send by MEP2 Data flow send by MEP3
MIP
An MIP is an internal node of the MA, as shown in Figure 6-3. MIPs, residing on the interfaces of CXs, are automatically created by the CXs according to MIP creation policies. You can configure the global MIP creation policy on a device, or configure the interface MIP creation policy on a specified interface. The MIP creation policy is described as follows: l The type of the MIP creation policy is Default. The device is configured with MDs, but no interface on the device is configured with MEPs. The device is configured with MDs, the interfaces on the device are configured with MEPs, and the highest level of the MEP on the interfaces is smaller than that of the MD on the device. l The type of the MIP creation policy is Explicit. The interface is configured with MEPs, and the highest level of the MEP is smaller than that of the MD on the device. l The type of the MIP creation policy is None. MIPs cannot be automatically created on a device interface.
NOTE
The MIP level equals to the MD level, which is the lowest one of all levels higher than the highest MEP level.
Connectivity Check
Ethernet CFM divides the entire network into one or multiple MDs, and divides each MD into one or multiple MAs. By sending the CCM periodically between MEPs in the same MA, Ethernet CFM checks the Ethernet connectivity in the MA.
An MEP periodically sends multicast CCMs to all the other MEPs inside the MA. If a certain MEP does not receive the CCM from the peer MEP within a certain time, it indicates that a fault occurs in a certain part of the MA.
CFM-BFD Binding
CFM-BFD binding is usually applicable to the following scenario: As shown in Figure 6-5, CEs are dual homed to PEs, which are connected over the MPLS network. To implement end-to-end link fault detection, BFD is configured for the MPLS LSP between PEs, and Ethernet OAM is configured between the CEs and PEs. When the BFD module on the core network side detects a fault, it notifies the Ethernet OAM module of it. Then, the CE is switched to the backup path. Figure 6-5 Application scenario of CFM-BFD binding
Y.1731
Y.1731 is an OAM protocol defined by the ITU-T. It provides test diagnosis and performance management (statistics on the packet loss ratio, frame delay, frame delay jitter, and throughput) besides implementing the E2E detection, loopback detection, and link tracing on the Metro Ethernet. Also, more message types, such as AIS, RDI, LCK (lock signal), TST (test signal), APS, MCC (maintenance channel management), EXP (experiment), VSP, LM, and DM. Compared with IEEE 802.1ag, functions such as performance management are added in Y.1731.
6.1.3 Test Diagnosis Concepts

This describes the basic concepts of test diagnosis.
Connectivity Fault Acknowledgement

l 802.1ag LB The 802.1ag loopback (LB) is similar to ping. You can check whether it is reachable from the local device to the destination device by sending LB packets and receiving response packets. An MEP sends unicast LB packets to other MEPs in the MA. The destination node checks whether the destination MAC address of the LB packets is consistent, and replies loopback reply (LBR) messages to the source node if the MAC address is consistent. The intermediate node performs only Layer 2 forwarding. This mode is called non-intrusive LB, that is, only the LB packet is looped back and the traffic flow is normally processed. It is used for online testing without interrupting the service.
In intrusive mode, that is, the 802.1ag intrusive LB, all frames are looped back. This mode can be used for offline testing. At present, the U2000 supports only the non-intrusive mode. l General LB The general LB is similar to 802.1ag LB in principle, but the general LB does not need to be initiated by the MEP and a destination node does not need to be an MEP. That is, you can perform the general LB test without configuring MD, MA, or MEPs on the source device, intermediate device, and destination device. l Multicast LB Before the configuration of an RMEP, all RMEPs can be discovered through multicast test diagnosis.
Connectivity Fault Locating

l 802.1ag LT Each channel has many nodes (MIPs). The link trace (LT) packet is used to locate which node fails and it is similar to tracert in principle. An MEP multicasts LT packets to other MEPs in the MA, with LT packets containing the MAC address of the destination node. Each node along the channel returns a link trace reply (LTR) message to the source node, and it searches the forwarding database (FDB) through the MAC address of the destination node. If the FDB is found, LT packets with the MAC address of this node replacing the source MAC address are generated and forwarded. Otherwise, LT packets are broadcast or discarded. LT packets can be used to obtain the path of the destination node or locate the fault. l General LT The general LT is similar to 802.1ag LT in principle, but the general LT does not need to be initiated by the MEP, and an intermediate or destination node does not need to be an MEP. That is, you can perform the general LT test without configuring the MD, MA, or MEPs on the source device, intermediate device, or destination device.
6.2 Processes of Configuring the Ethernet OAM

This describes the processes of configuring the Ethernet OAM. Figure 6-6 shows the process of configuring the 802.1ag.
Issue 03 (2010-11-19)
6-7
Figure 6-6 Flowchart of configuring the 802.1ag

Start
Ethernet OAM global configuration
Is CFM enabled? Yes Create an MD
No
Create an MA
Create a local MEP
Create a remote MEP
Is the interface MIP policy modified? Yes Configure the interface MIP creation policy
No
No
Do the local MEP and remote MEP or MIP exist? Yes Create a OAM measure task
Create a test diagnosis task based on the 802.1 ag standard End
Mandatory Optional
Figure 6-7 shows the process of configuring the 802.3ah.
6-8
Issue 03 (2010-11-19)
Figure 6-7 Flowchart of configuring the 802.3ah

Start
Ethernet OAM global configuration
Is EFM enabled? Yes Set port EFM parameters
No
Synchronize the EFP protocol status of the port
Is the status of the OAM session Detected? Yes Set loopback test parameters
No
Run a loopback test
View the loopback test result
End
6.3 Configuring Ethernet OAM Globally

This describes how to configure Ethernet OAM on a device globally. Here, the global configurations refers to the Ethernet OAM configurations on a device. The configuration items affect the Ethernet OAM functions of a device.
Context
OAM functions are unavailable when you perform the following operations: l l l
Issue 03 (2010-11-19)
Disabling CFM Disabling EFM Disabling G-MAC ping

Disabling G-MAC trace
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click Ethernet OAM Global Configuration. 3 Configure Ethernet OAM globally.
NOTE
If data synchronization is not performed on the NE, perform data synchronization first.
4 Click Apply. ----End
6.4 Configuring 802.1ag OAM

This describes how to configure 802.1ag OAM, such as creating the MD, MA, local MEP, remote MEP, and configuring the creation policy of the interface MIP. 6.4.1 Creating an MD This describes how to create an MD. With this function, you can configure MDs for a device. 6.4.2 Creating an MA This describes how to create an MA. With this function, you can configure MAs for a device. 6.4.3 Creating a Local MEP This describes how to create a local MEP. 6.4.4 Creating a Remote MEP This describes how to create a remote MEP. With this function, you can configure MEPs for the MA on a device. 6.4.5 Configuring the MIP Creation Policy on a Specified Interface This describes how to configure the MIP creation policy on a specified interface.
6.4.1 Creating an MD
This describes how to create an MD. With this function, you can configure MDs for a device.
Prerequisite
CFM is enabled in Ethernet OAM Global Configuration.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management > 802.1ag, and then click MD Management. 3 On the MD Management tab, Click Create, or right-click in the query result area and select Create on the shortcut menu.
4 In the Create MD dialog box, set MD parameters. 5 Click OK or Apply. The U2000 sets MD parameters on the device. ----End
6.4.2 Creating an MA
This describes how to create an MA. With this function, you can configure MAs for a device.
Prerequisite
l l CFM is enabled in Ethernet OAM Global Configuration. MDs are created.
Context
A maximum of 4096 MAs can be configured for a device.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management > 802.1ag, and then click MA Management. 3 On the MA Management tab, Click Create, or right-click in the query result area and select Create on the shortcut menu. 4 In the Create MA dialog box, set general MA parameters. You can do as follows to copy the MA information created by another equipment: 1. 2. Click the ... button to the right of the MD Name field and then select an MD. Click Select and select a piece of MA information created by another equipment. You can also modify the MA information copied from another equipment.
NOTE
Due to equipment version differences, certain parameters may be unable to be copied to the destination equipment.
5 Optional: On the Parameter of Alarm tab, set OAM alarm parameters. 6 Click OK or Apply. The U2000 sets MA parameters on the device. ----End
6.4.3 Creating a Local MEP

This describes how to create a local MEP.
Prerequisite
l l CFM is enabled in Ethernet OAM Global Configuration. MAs are created.
Context
l l l l You can create a local MEP on a device interface, either a GE interface, a common FE interface, or a trunk interface. For a CX380, a maximum of 16384 local MEPs can be configured. For devices of other types , a maximum of 32768 local MEPs can be configured. If an MA is not associated with any VLAN, the local MEP direction in the MA cannot be Inward or Outward. The level of the MIP on the interface cannot be lower than the level of any MEP on the interface. Thus, the creation of an MEP affects the MIP level.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management > 802.1ag, and then click Local MEP Management. 3 On the Local MEP Management tab, Click Create, or right-click in the query result area and select Create on the shortcut menu. 4 In the Create Local MEP dialog box, set the general parameters of a local MEP. You can do as follows to copy the local MEP information created by another equipment: 1. 2. Click the ... button to the right of the MD Name field and then select an MD for which an MA is created. Click Select and select a piece of MEP information created by another equipment. You can also modify the MEP information copied from another equipment.
NOTE
Due to equipment version differences, certain parameters may be unable to be copied to the destination equipment.
5 Optional: On the AIS VLAN Configuration tab, set alarm indication signal parameters. 6 Click OK or Apply. The U2000 sets the parameters of local MEPs on the device. ----End
6.4.4 Creating a Remote MEP

This describes how to create a remote MEP. With this function, you can configure MEPs for the MA on a device.
Prerequisite
l
6-12
CFM is enabled in Ethernet OAM Global Configuration.

l l
MDs are created. MAs are created.
Context
l l For a device, a maximum of 16384 remote MEPs can be configured. For an MA, a maximum of 4096 remote MEPs can be configured.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management > 802.1ag, and then click Remote MEP Management. 3 On the Remote MEP Management tab, Click Create, or right-click in the query result area and select Create on the shortcut menu. 4 In the Create Remote MEP dialog box, you can set the related parameters. 5 Click OK or Apply. The U2000 configures the parameters of remote MEPs to the device. ----End
6.4.5 Configuring the MIP Creation Policy on a Specified Interface

This describes how to configure the MIP creation policy on a specified interface.
Prerequisite
l l l l CFM is enabled in Ethernet OAM Global Configuration. MDs are created. MAs are created. Local MEPs are created.
Context
When the type of the MIP creation policy is Default or Explicit on the U2000, the device automatically creates MIPs based on the policy. To generate an MIP, the interface needs to meet one of the following requirements: l The type of the MIP creation policy is Default. The interface does not need to be configured with MEPs. If the interface is configured with MEPs, the highest level of the MEP must be lower than that of the MD on the device. l The type of the MIP creation policy is Explicit. The interface must be configured with MEPs, and the highest level of the MEP must be lower than that of the MD on the device. l
Issue 03 (2010-11-19)
When the type of the MIP creation policy is None, the interface does not generate MIPs.

NOTE
If no MIP creation policy is configured on the specified interface, or the existing MIP creation policy is deleted, the interface inherits the global MIP creation policy.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management > 802.1ag, and then click MIP Policy Management. 3 On the MIP Policy Management tab, click Query. The device automatically generates MIP records according to certain rules and displays them in the query result area. 4 Select an MIP record, and then click the Configure Creation Policy drop-down list. You can also right-click the record and select Configure Creation Policy on the shortcut menu. You can reset the MIP creation policy of the interface. In this case, the configuration mode is changed accordingly. ----End
6.5 Configuring 802.3ah OAM

This describes how to configure 802.1ah OAM, such as specifying port parameters, synchronizing OAM sessions, and performing loopback tests. 6.5.1 Setting Port Parameters This describes how to set port parameters. With this function, you can set the working mode, enable EFM on a port, and configure the errored frame event, errored framing second event, and errored symbol event on a port. 6.5.2 Synchronizing the OAM Session This describes how to synchronize the OAM session. With this function, you can synchronize the status of the OAM session on the device to the U2000. 6.5.3 Performing a Loopback Test This describes how to perform a loopback test. With this function, you can detect the packet loss ratio of a link.
6.5.1 Setting Port Parameters

This describes how to set port parameters. With this function, you can set the working mode, enable EFM on a port, and configure the errored frame event, errored framing second event, and errored symbol event on a port.
Prerequisite
EFM is enabled in Ethernet OAM Global Configuration.
Context
Setting port parameters is the prerequisite for detecting the connectivity of directly connected ports. It is also used to monitor errored frames, errored framing seconds, and errored symbols.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click 802.3ah. 3 On the 802.3ah tab, click Query. Information about the available ports on the device is displayed. 4 Select the port, and then click Set, or right-click it and select Set on the shortcut menu. 5 In the Set Port dialog box, click the General and Advanced tabs to set the related parameters.
NOTE
The U2000 provides default values for parameters on the Advanced tab. It is recommended to adopt the default values rather than modify those parameters.
6 After port parameters are set, click OK or Apply. The U2000 applies all parameter values to the port. ----End
6.5.2 Synchronizing the OAM Session

This describes how to synchronize the OAM session. With this function, you can synchronize the status of the OAM session on the device to the U2000.
Prerequisite
EFM is enabled in Ethernet OAM Global Configuration.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click 802.3ah. 3 On the 802.3ah tab, click Query. Information about the available ports on the device is displayed.
4 Select the port, and then click the OAM Session tab. Click Synchronize. 5 After the synchronization, you can view the status of the OAM session between the ports through EFM Protocol Status of Port. ----End
6.5.3 Performing a Loopback Test

This describes how to perform a loopback test. With this function, you can detect the packet loss ratio of a link.
Prerequisite
The link between two ports is directly connected and packets can be transmitted over the link. The following requirements need to be satisfied: l l l EFM is enabled in Ethernet OAM Global Configuration. The EFM protocol is enabled on both ports. The status of the OAM session is Detection on at least one port.
Context
The current services of the tested port are terminated when a loopback test is performed.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click 802.3ah. 3 On the 802.3ah tab, click Query. Information about the available interfaces is displayed in the query result area. 4 Select the port, click Loopback Test, or right-click it and then select Loopback Test on the shortcut menu. 5 Optional: In the Loopback Test dialog box, click Set. 6 In the dialog box that is displayed, set the related parameters.
NOTE
The parameters in the dialog box varies according to device types. The CX600 is taken as an example here. The U2000 provides default values for test parameters. It is recommended to adopt the default values.
7 After configuring the related parameters, click OK to close the Test Parameter dialog box. 8 In the Loopback Test dialog box, click Run.
9 In the Confirm dialog box, click OK. The U2000 starts the loopback test of the interface. 10 When the loopback test is complete, click Close to close the dialog box. ----End
6.6 Configuring Test Diagnosis

This describes how to configure different types of test diagnosis tasks, such as the test diagnosis task based on 802.1ag, and general test diagnosis task. Test diagnosis can be classified into two types: LB and LT. LB is used to detect the connectivity of the link between two devices, and LT is used to locate the faulty node. According to the types of tested links, test diagnosis tasks are classified into two types: l Test diagnosis task based on 802.1ag For the network where the MD, MA, and MEPs are configured, you can implement 802.1ag MAC trace to locate the connectivity fault between MEPs at the same maintenance level or between MEPs and MIPs at the same maintenance level. l General test diagnosis task For the network where the MD, MA, and MEPs are not configured, you can implement MAC trace to locate the connectivity fault between two devices. 6.6.1 Creating or Running a Diagnosis Task Based on 802.1ag This describes how to create or run a test diagnosis task based on 802.1ag for a device. 6.6.2 Creating a General Test Diagnosis Task This describes how to create a general test diagnosis task for a device. The general test diagnosis does not need to be initiated by the MEP, and a destination node does not need to be an MEP or MIP. That is, you can perform the general LB or LT test without configuring MD, MA, or MEPs on the source device, intermediate device, and destination device.
6.6.1 Creating or Running a Diagnosis Task Based on 802.1ag

This describes how to create or run a test diagnosis task based on 802.1ag for a device.
Prerequisite
l l The current MA is associated with a VLAN. The local MEP is configured on the current MA. To be specified as an outbound interface, an interface needs to meet the following conditions: It is not configured with any inward MEP. It has been added to the VLAN that is associated with the current MA. l l The destination node can be either the remote MEP or the MIP. If the remote MEP serves as the destination node, you need to specify this remote MEP for the current local MEP. The intermediate devices of the tested link do not need to be configured with MD, MA or MEPs.
Issue 03 (2010-11-19)
Context
The U2000 supports the configuration of a maximum of 4096 test diagnosis tasks based on 802.1ag on one device.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click Test Diagnosis. 3 On the Test Diagnosis tab, click the Task Type drop-down list and select Test Diagnosis Task Based on 802.1ag. 4 Click Create, or right-click in the query result area and select Create on the shortcut menu. 5 Set test diagnosis parameters in the Create Test Diagnosis Task Based on 802.1ag dialog box.
6 Optional: Click Set to the right of Diagnosis Parameter, and you can configure the test diagnosis parameters. You can also adopt the default values provided by the U2000.
NOTE
The U2000 provides default values for test diagnosis parameters. It is recommended to adopt the default values rather than modify the parameters.
7 After setting the related parameters, click OK. 8 If the Immediate Run check box is selected, the Confirm dialog box is displayed. Click OK. The U2000 creates a test diagnosis task, and performs the task based on the set parameters. In the Run Test Diagnosis Task dialog box, you can view the operation process. If the test diagnosis fails to be performed, an error prompt is displayed. When the operation is complete, click Close to close the dialog box. ----End
6.6.2 Creating a General Test Diagnosis Task

This describes how to create a general test diagnosis task for a device. The general test diagnosis does not need to be initiated by the MEP, and a destination node does not need to be an MEP or
MIP. That is, you can perform the general LB or LT test without configuring MD, MA, or MEPs on the source device, intermediate device, and destination device.
Prerequisite
l l If LB is adopted, you need to enable G-MAC ping in global configuration. If LT is adopted, you need to enable G-MAC trace in global configuration.
Context
The U2000 supports the configuration of a maximum of 4096 general test diagnosis tasks on a device.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand Ethernet OAM Management, and then click Test Diagnosis. 3 On the Test Diagnosis tab, click the Task Type drop-down list and select General Test Diagnosis Task. 4 Click Create, or right-click in the query result area and select Create on the shortcut menu. 5 Set test diagnosis parameters in the Create General Test Diagnosis Task dialog box.
6 Optional: Click Set to the right of Diagnosis Parameter, and then you can set the test diagnosis parameters. You can also adopt the default values provided by the U2000. 7 After setting the related parameters, click OK. 8 If the Immediate Run check box is selected, the Confirm dialog box is displayed. Click OK. The U2000 creates a test diagnosis task, and performs the task based on the set parameters. In the Run Test Diagnosis Task dialog box, you can view the operation progress. If the test diagnosis fails to be performed, an error prompt is displayed. When the operation is complete, click Close to close the dialog box. ----End
7 Route Management
7
About This Chapter
Route Management
This topic describes the basic concepts of route management and instructs users to configure routes. 7.1 Route Management Overview This topic describes the functions and related concepts of route management. 7.2 Viewing Routing Information This topic describes how to view route information and route configurations. The route information includes information and statistics about the routing table and FIB table. You can locate the route faults according to route information. 7.3 Creating a Static Route This topic describes how to create a static route on an NE. In the case of a simple network, you need to configure only static routes so that the network can work normally. The U2000 supports common static routes and the static routes being associated with VPN instances. 7.4 Creating a BGP Route This topic describes how to create a BGP route on an NE. 7.5 Creating an OSPF Route This topic describes how to create an OSPF route on an NE. 7.6 Creating an IS-IS Route This topic describes how to create an IS-IS route on an NE. 7.7 Creating a Routing Policy This topic describes how to query, create, modify, delete, and synchronize a routing policy. You can query the newly created routing policies when configuring BGP routes, OSPF routes, or ISIS routes. 7.8 Viewing Running Information This topic describes how to view running information on an NE. The information in the query result area can be saved, copied, and searched.
Issue 03 (2010-11-19)
7-1
7 Route Management
7.1 Route Management Overview

This topic describes the functions and related concepts of route management. 7.1.1 Functions of Route Management Route management provides functions such as configuring and maintaining IPv4 routes for equipment. Route management is valid for only the IPv4 routes. 7.1.2 Basic Concepts This topic describes the basic concepts of routes, such as the destination IP address, subnet mask, static route, outbound interface, next hop IP address, and basic knowledge of the BGP, OSPF, and IS-IS routing protocols. Knowing these concepts, you can rapidly and correctly configure and maintain route management.
7.1.1 Functions of Route Management

Route management provides functions such as configuring and maintaining IPv4 routes for equipment. Route management is valid for only the IPv4 routes. Route management of the U2000 provides the following functions: l l l l l l l Displaying the routing information Configuring static routes Configuring BGP routes Configuring OSPF routes Configuring the IS-IS routes Configuring the routing policy Viewing the running information about the BGP peer group, BGP peer, OSPF and IS-IS.

This topic describes the basic concepts of routes, such as the destination IP address, subnet mask, static route, outbound interface, next hop IP address, and basic knowledge of the BGP, OSPF, and IS-IS routing protocols. Knowing these concepts, you can rapidly and correctly configure and maintain route management.
Destination Address and Subnet Mask

Destination address is used to identify the destination IP address or the destination network address of an IP packet. Subnet mask is combined with the destination address to identify the address of the network segment where the destination host or router resides. Subnet mask is expressed in dotted decimal notation or in the format of the mask length.
Static Route
Static routes are manually configured and managed by the network administrator.
7 Route Management
On a simple network, you need to configure only static routes so that the network can run normally. Proper configuration and use of static routes improve the network performance and guarantee the required bandwidth for important applications. When a fault occurs on a static route or when the topology changes, the static route, however, cannot change automatically and must be modified by the network administrator.
Outbound Interface and Next Hop Address

When configuring a static route, you can specify the outbound interface and next hop IP address. You need to determine whether to specify an outbound interface or a next hop IP address as required. All route entries must have specific next hop IP addresses. When sending a packet, the router first searches for the matching route in the routing table according to the destination address. The link layer can find the corresponding link layer address and forward the packet only when the next hop address is specified. When specifying the outbound interface, note the following: l For a point-to-point interface, the next hop address is specified when you specify the outbound interface. That is, the address of the peer interface is the next hop address. For example, the protocol used to encapsulate POS is the PPP protocol. The remote IP address is obtained through PPP negotiation. You need specify only the outbound interface rather than the next hop address. The interface (such as ATM interface) of the NBMA type supports the P2MP network. You need to configure the IP route and the mapping form IP address to the link-layer address. In this case, the next hop IP address needs to be configured. When static routes are configured, it is not recommended to specify the Ethernet interface or the Virtual-Template interface as the outbound interface. This is because the Ethernet interface is a broadcast interface while the VT interface can be associated with multiple virtual access interfaces. If the Ethernet interface or the VT interface is specified as the outbound interface, the next hop cannot be uniquely determined because multiple next hops exist. In certain special applications, if you have to specify a broadcast interface such as an Ethernet interface, a VT interface, or an NBMA interface as the outbound interface, you must specify the corresponding next hop IP address.
Default Route
A default route is another special route. Generally, a default route can be manually configured. A default route can also be generated through dynamic routing protocols, such as OSPF and ISIS. The default route is used only when no matching entry exists in the routing table. In the routing table, the default route is destined for the network 0.0.0.0 with the mask being 0.0.0.0. If the destination address of a packet does not match any entry in the routing table, the router selects a default route to forward this packet. If no default route exists and the destination address of the packet does not match any entry in the routing table, the packet is discarded. In this case, an ICMP packet is sent to notify the originating host that the destination host or network is unreachable.
Preference of a Static Route

Different static routes can be set with different preferences. So, the routing management policies are flexibly adopted. For example, when configuring multiple routes to the same destination
7 Route Management
address, you can set the same preference for these routes to implement load balancing. You can also set different preferences to implement routing redundancy.
BGP Route
There are many ASs on the Internet, and each AS has its own rules. For example, two ISPs run different routing protocols in their individual AS. At the same time, the ISPs need to exchange information, so the Internet traffic flows in and out their ASs. As a dynamic routing protocol used between ASs, BGP is widely applied among ISPs. BGP uses the TCP with the port number being 179 as the transport layer protocol. The reliability of BGP is thus enhanced. BGP runs on a router in either of the following modes: l l IBGP EBGP
IBGP runs in an AS and EBGP runs among ASs.
Roles in Transmitting BGP Messages

l Speaker: The router that sends BGP messages is called BGP speaker. The BGP speaker receives or generates new route messages, and then advertises to other BGP speakers. When the BGP speaker receives a new route from another AS, the BGP speaker advertises all BGP speakers in the AS, if the route has higher priority than current routes or the routing rable does not have the new route. Peer: The BGP speakers that exchange messages are called peers. Multiple peers constitute a peer group.
OSPF Routes
Defined by the IETF, OSPF is a link-state IGP. At present, OSPF version 2 (defined in RFC 2328) is intended for IPv4.
Network Types Supported by OSPF

OSPF classifies networks into following types according to link layer protocols: l Broadcast: If the link layer protocol is Ethernet or FDDI, OSPF defaults the network type to broadcast. On the networks of this type: Hello packets and packets from the DR are sent in multicast mode (224.0.0.5: indicates the reserved IP multicast addresses for OSPF routers). LSU packets are sent to the DR in multicast mode (224.0.0.6: indicates the reserved IP multicast address for the OSPF DR), and the DR forwards the LSU packets to destination 224.0.0.5. DD packets, LSR packets, and all retransmission packets are sent in unicast mode. LSAck packets are usually sent in multicast mode (224.0.0.5). When a router receives repeated LSAs, or the LSAs are deleted due to the timeout of the maximum lifetime, LSAck packets are sent in unicast mode.
7 Route Management
NBMA: If the link layer protocol is FR, ATM, or X.25, OSPF defaults the network type to NBMA. In this type of networks, protocol packets, such as Hello packets, DD packets, LSR packets, LSU packets, and LSAck packets, are transmitted in unicast mode. P2MP: Regardless of the type of the link layer protocol, OSPF does not default the network type to P2MP. A P2MP network must be forcibly changed from other network types. The common practice is to change a non-fully connected NBMA network to a P2MP network. On the networks of this type, protocol packets, such as Hello packets, DD packets, LSR packets, LSU packets, and LSAck packets, are transmitted in multicast mode through multicast address 224.0.0.5. P2P: If the link layer protocol is PPP, HDLC, or LAPB, OSPF defaults the network type to P2P. On the networks of this type, protocol packets, such as Hello packets, DD packets, LSR packets, LSU packets, and LSAck packets, are transmitted in multicast mode through the multicast address 224.0.0.5.
IS-IS Routes
The IS-IS is a dynamic routing protocol initially designed by the ISO for its CLNP. As an IGP, IS-IS is used in ASs. IS-IS is a link state protocol. It uses the SPF algorithm to calculate routes.
Network Types Supported by IS-IS

IS-IS supports only two types of networks. According to physical links, IS-IS networks can be classified into the following types: l l Broadcast links: such as Ethernet and Token-Ring Point-to-point links: such as PPP and HDLC
For an NBMA network such as the ATM, you should configure its sub-interfaces as P2P interfaces. IS-IS cannot run on the P2MP networks.
7.2 Viewing Routing Information

This topic describes how to view route information and route configurations. The route information includes information and statistics about the routing table and FIB table. You can locate the route faults according to route information.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > Routing Information from the service tree. 3 Select the route information to be queried from the View Routing Information drop-down list. 1. If you select Routing Table, set VPN Name in the Condition area. Click Condition to set Protocol and Destination IP Address.
NOTE
In the Condition area, select Details to view details about the routing table.
2. 3.
If you select Route Statistics, in the Condition area, set VPN Name. If you select FIB Table and FIB Statistics, in the Condition area, set VPN Name. Click Condition to set Slot No..
Issue 03 (2010-11-19)
7 Route Management
NOTE
When you select FIB Table, select FIB Details to view details about the FIB table.
4. 5.
If you select BGP Routing Table, in the Condition area, set VPN Name. Click Condition to set IP Address. If you select OSPF Routing Table, in the Condition area, set OSPF Process ID. Click Condition to set Destination IP Address, Outgoing Interface, and Destination Router ID. If you select IS-IS Routing Table, in the Condition area, set IS-IS Process ID. Click Condition to set Router Level, Destination IP Address, and Mask. If you select Configuration Information, in the Condition area, set Protocol Type.
6. 7.
4 Click Display. The route information is displayed in the Result area.

NOTE
You can save, copy, and search the displayed route information. : saves the route information displayed in the query result area to the local disk in a TXT file. : copies the selected route information in the query result area to the clipboard. : searches the required information in the route information displayed in the query result area by keyword.
5 Click More to view more route information. ----End
7.3 Creating a Static Route

This topic describes how to create a static route on an NE. In the case of a simple network, you need to configure only static routes so that the network can work normally. The U2000 supports common static routes and the static routes being associated with VPN instances.
Prerequisite
The data of the route management must be synchronized to the U2000.
Context
If the destination IP address and subnet mask are 0.0.0.0, this route is the default route.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > Static Route from the service tree. 3 Click Create. Set corresponding parameters.
7-6
Issue 03 (2010-11-19)
7 Route Management
4 After the settings, click OK to return to the Static Route tab page. The information about the newly created static route is displayed in the query result area.
NOTE
In the query result area, Deployment Status indicates whether the configurations on the U2000 are deployed on NEs. If so, Deployed is displayed; if not, Undeployed is displayed.
----End
7.4 Creating a BGP Route

This topic describes how to create a BGP route on an NE. 7.4.1 Configuring Basic Information About BGP This topic describes how to configure basic information about BGP. 7.4.2 Creating a BGP Peer Group This topic describes how to create a peer group for BGP routes. On the large-scale network, there are too many peers, which results in complicated configuration and maintenance. In this case, the concept of a peer group is introduced to simplify the management and improve the efficiency of distributing routes. 7.4.3 Creating a BGP Peer This topic describes how to create a peer for BGP routes and configure the general information, routing policy, and password verification for a peer. 7.4.4 Importing an External Route This topic describes how to import external routes to BGP. When BGP imports routes from other protocols, routing policies can be used to filter the routes and change the route attributes. External routes can be imported from the following protocols: OSPF, IS-IS, RIP, Direct, and Static. 7.4.5 Distributing a Route
7 Route Management
This topic describes how to distribute a route, that is, how to statically add a route in the local routing table to the BGP routing table and distribute it to a peer. 7.4.6 Creating a VPN Instance Address Family This topic describes how to create a VPN instance address family on an NE to manage the routes of VPNs with overlapped address spaces. 7.4.7 Setting a VPN IPv4 Address Family This topic describes how to enable the VPN IPv4 address family on an NE. After the VPN IPv4 address family is enabled, flexible VPN access control and diversified VPN networking schemes can be implemented. 7.4.8 Creating a VPLS Address Family This topic describes how to create a VPLS address family. When configuring Kompella VPLS, you can use BGP as signaling. BGP-VPLS and common BGP use the same TCP connection, and VGP-VPLS inherits most features of common BGP. As the VPLS label block information is exchanged, you need to enable the peer to exchange VPLS label blocks.
7.4.1 Configuring Basic Information About BGP

This topic describes how to configure basic information about BGP.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Basic Information from the service tree. 3 On the Basic Information tab page, select Enable BGP Status and set Local AS No., Router ID, Enable GR Status, BGP Session Rebuild Time, and End-of-RIB Waiting Time. 4 Click Apply to complete the configurations. ----End
7.4.2 Creating a BGP Peer Group

This topic describes how to create a peer group for BGP routes. On the large-scale network, there are too many peers, which results in complicated configuration and maintenance. In this case, the concept of a peer group is introduced to simplify the management and improve the efficiency of distributing routes.
Prerequisite
l l l l The selected equipment must support the BGP configuration. The data of the route management must be synchronized to the U2000. The peer group members to be added to the peer group must be available. Before you configure basic BGP functions, the IP addresses of adjacent stations at the network layer must be pinged through.
7-8
7 Route Management
Context
l l l The peer group AS number is specified only when you create the EBGP peer group. The peer group name uniquely identifies the peer group. It is mandatory and is used to ease management. The peer groups are classified into three types: the IBGP peer group, pure EBGP peer group, and hybrid EBGP peer group.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Peer Group from the service tree. 3 Click Create. 1. Click the General tab and set the related parameters.
2.
Click the Routing Policy tab and set the related parameters.
Issue 03 (2010-11-19)
7-9
7 Route Management
3. 4.
Click the Password Verification tab. Then, set Password Type, and then enter the values of New Password and Confirm Password. Click the Member tab, and then click Select. The Select Peer list box is displayed. You can select the peers to be added.
4 After the settings, click OK to return to the Peer Group tab page. The information about the newly created BGP peer group is displayed in the query result area.
NOTE
----End
7.4.3 Creating a BGP Peer

This topic describes how to create a peer for BGP routes and configure the general information, routing policy, and password verification for a peer.
Prerequisite
l l l The selected equipment must support the BGP configuration. The data of the route management must be synchronized to the U2000. Before you add a BGP peer, the IP addresses of adjacent stations at the network layer must be pinged through.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Peer from the service tree. 3 Click Create.
7 Route Management
1.
Click the General tab and set the related parameters.
2.
Click the Routing Policy tab and set the related parameters.
3.
Click the Password Verification tab. Then, set Password Type, and then enter the values of New Password and Confirm Password.
4 After the settings, click OK to return to the Peer tab page. The information about the newly created BGP peer is displayed in the query result area.
Issue 03 (2010-11-19)
7-11
7 Route Management
NOTE
----End
7.4.4 Importing an External Route

This topic describes how to import external routes to BGP. When BGP imports routes from other protocols, routing policies can be used to filter the routes and change the route attributes. External routes can be imported from the following protocols: OSPF, IS-IS, RIP, Direct, and Static.
Prerequisite
l l BGP and IGP must be configured on the selected equipment and run normally. The data of the route management must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Import Route from the service tree. 3 Click Create. Then, set Protocol, Process ID, MED Value, and Routing Policy. 4 After the settings, click OK to return to the Import Route tab page. The information about the newly imported route is displayed in the query result area. ----End
7.4.5 Distributing a Route

This topic describes how to distribute a route, that is, how to statically add a route in the local routing table to the BGP routing table and distribute it to a peer.
Prerequisite
l l l BGP must be configured on the selected equipment and runs normally. The network segment routes to be advertised must exist in the local IP routing table. Using routing policies, you can control the routes to be advertised more flexibly. The data of the route management must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Route Distribution from the service tree. 3 Click Create and set IP Address, Mask and Routing Policy. 4 After the settings, click OK to return to the Route Distribution tab page.
7 Route Management
The information about the newly distributed route is displayed in the query result area. ----End
7.4.6 Creating a VPN Instance Address Family

This topic describes how to create a VPN instance address family on an NE to manage the routes of VPNs with overlapped address spaces.
Prerequisite
l l BGP and VPN instances must be configured on the selected equipment and run normally. The data of the route management must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Private Network Route > VPN Instance Address Family from the service tree. 3 Click Create and set the related parameters. 1. 2. Click the General tab. Then, set VPN Instance Name and Auto FRR. On the Peer Group tab page, click Create. Then, set related parameters.
NOTE
The operations on the Peer Group tab page are similar to those on the Public Network Route tab page. For details, see Creating a BGP Peer Group.
3.
On the Peer tab, click Create. Then, set related parameters.

NOTE
The operations on the Peer tab page are similar to those on the Public Network Route tab page. For details, see Creating a BGP Peer.
4.
On the Import Route tab page, click Create. Then, set related parameters.
NOTE
The operations on the Import Route tab page are similar to those on the Public Network Route tab page. For details, see Importing an External Route.
5.
On the Distribute Route tab page, click Create. Then, set related parameters.
NOTE
The operations on the Distribute Route tab page are similar to those on the Public Network Route tab page. For details, see Distributing a Route.
4 After the settings, click OK to return to the VPN Instance Address Family tab page. The information about the newly created VPN instance address family is displayed in the query result area. ----End
7.4.7 Setting a VPN IPv4 Address Family

This topic describes how to enable the VPN IPv4 address family on an NE. After the VPN IPv4 address family is enabled, flexible VPN access control and diversified VPN networking schemes can be implemented.
7 Route Management
Prerequisite
l l BGP and VPN instances must be configured on the selected equipment and run normally. The data of the route management must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Private Network Route > VPN IPv4 Address Family from the service tree. 3 Select Enable VPN IPv4 Family and set the related parameters. 4 Optional: Select VPN-target filter and determine whether to perform VPN-Target filtering. 5 Set filter number to specify the reflection policy for the route reflector. In this manner, the route reflector can flexibly send and receive specified routes. 6 Click Advanced. In the dialog box that is displayed, click Select, and then select and set peer parameters. 7 After the peer of the VPN IPv4 address family is configured, click OK to return to the VPN IPv4 Address Family tab page. 8 Click Advanced. In the dialog box that is displayed, click Select, and then select and set peer group parameters. 9 After the peer group of the VPN IPv4 address family is configured, click OK to return to the VPN IPv4 Address Family tab page. 10 Click Apply. ----End
7.4.8 Creating a VPLS Address Family

This topic describes how to create a VPLS address family. When configuring Kompella VPLS, you can use BGP as signaling. BGP-VPLS and common BGP use the same TCP connection, and VGP-VPLS inherits most features of common BGP. As the VPLS label block information is exchanged, you need to enable the peer to exchange VPLS label blocks.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Private Network Route > VPLS Address Family from the service tree. 3 Select Enable VPLS Address Family and set the related parameters.
7 Route Management
4 Click Advanced and set the parameters related to the VPLS address family peer. 5 Click Advanced and set the parameters related to the VPLS address family peer group. 6 Click Apply. ----End
7.5 Creating an OSPF Route

This topic describes how to create an OSPF route on an NE. 7.5.1 Creating an OSPF Process This topic describes how to create an OSPF process. Multiple OSPF processes are supported. You can run multiple OSPF processes on one NE with each one independent of the others. 7.5.2 Creating an OSPF Interface This topic describes how to create an OSPF interface on an NE. An interface on an NE belongs to only one OSPF process.
7.5.1 Creating an OSPF Process

This topic describes how to create an OSPF process. Multiple OSPF processes are supported. You can run multiple OSPF processes on one NE with each one independent of the others.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > OSPF Route > OSPF Process from the service tree. 3 Click Create and set the related parameters. 1. 2. Click the General tab and set Process ID, Description, Router ID, and VPN Name. Click the Area tab. Then, click Create, and set Area No., Area Description, Area Type, Area Default Cost, Non-Convergent, Route Distribution, Authentication Mode, and Virtual Link.
Issue 03 (2010-11-19)
7 Route Management
3.
Optional: Click the Import Route tab. l Click Create. Then, set Protocol, Process ID, Cost, and Routing Policy. l Click Advanced. Then, select Enable Default Routing Notification and set Type, Cost, LSA Type, and Routing Policy.
4.
Optional: Click the Advanced tab. l In the Filter Route area, click Set. Then, set the Import policy and Export policy. l In the Optimize Route area, set the interval for calculating OSPF routes. Select Enable Opaque LSA to enable Opaque LSA and select Enable OSPF GR to enable GR. l In the VPN area, click Set. Then, set Route Tag, Disable VPN Route Loop Detection, Main Domain ID, and Secondary Domain ID.
NOTE
After selecting VPN Name and the corresponding VPN on the General tab page, you can perform this step.
l In the Route Aggregation area, click Set. In the displayed dialog box, click Create to set Object, Area, IP Address, Mask, Advertise, and Cost. l In the Other area, click Set. In the dialog box that is displayed, click Select to select related silent interfaces. 4 After the settings, click OK to return to the OSPF Process tab page. The information about the newly created OSPF process is displayed in the query result area.
NOTE
----End
7.5.2 Creating an OSPF Interface

This topic describes how to create an OSPF interface on an NE. An interface on an NE belongs to only one OSPF process.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > OSPF Route > OSPF Interface from the service tree. 3 Click Create and set Interface Name, Network Type, Hello, and Cost.
NOTE
The numbers of available network types vary with the types of interfaces.
4 After the settings, click OK to return to the OSPF Interface tab page. The information about the newly created OSPF interface is displayed in the query result area. ----End
7 Route Management
7.6 Creating an IS-IS Route

This topic describes how to create an IS-IS route on an NE. 7.6.1 Creating an IS-IS Process This topic describes how to create an IS-IS process. IS-IS supports multiple processes and instances. You can specify a VPN instance for each IS-IS process on the routers supporting VPN and associate all the interfaces attached to the process with this VPN. 7.6.2 Creating an IS-IS Interface This topic describes how to create an IS-IS interface on an NE. You can associate a group of interfaces with the specified IS-IS process to ensure all the operations of the process are implemented on only interfaces of this group.
7.6.1 Creating an IS-IS Process

This topic describes how to create an IS-IS process. IS-IS supports multiple processes and instances. You can specify a VPN instance for each IS-IS process on the routers supporting VPN and associate all the interfaces attached to the process with this VPN.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > IS-IS Route > IS-IS Process from the service tree. 3 Click Create and set the related parameters. 1. 2. Click the General tab and set Process ID, Network Entity, Route Level, Cost Type and VPN Name. Optional: Click the Import Route tab. l In the Route Leaking Area, set the Level-1 to Level-2 and Level-2 to Level-1. l In the Import External Route area, click Create to set Protocol Type, Process ID, Route Level, Import Cost Type, Cost, and Routing Policy. l To set default route advertisement, click Set and Set Default Route Advertisement to set Route Advertise Condition, Route Level, Cost, and Avoid Learning of Default Route. 3. Optional: Click the Advanced tab. l In the Filter Route area, click Set. Then, set the Import policy and Export policy. l In the Route Aggregation area, click Set to set IP Address, Mask, Avoid Feedback, Generate Null0 Route, Tag and Route Level. l In the IS-IS Adjustment and Optimization area, click Set. In the dialog box that is displayed, set SPF Timer and LSP Flash Flood. l In the IS-IS Process Authentication area, click Set. In the dialog box that is displayed, set Set IS-IS Process Domain Authentication.
7 Route Management
l Select Enable_Auto FRR and set LFA IS-IS Level. l Select Configure Global Cost and set Level-1 Cost and Level-2 Cost. l Select Enable GR and set Restart Interval. 4 After the settings, click OK to return to the IS-IS Process tab page. The information about the newly created IS-IS process is displayed in the query result area.
NOTE
----End
7.6.2 Creating an IS-IS Interface

This topic describes how to create an IS-IS interface on an NE. You can associate a group of interfaces with the specified IS-IS process to ensure all the operations of the process are implemented on only interfaces of this group.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > IS-IS Route > IS-IS Interface from the service tree. 3 Click Create and set the related parameters.
7-18
Issue 03 (2010-11-19)
7 Route Management
4 After the settings, click OK to return to the IS-IS Interface tab page. The information about the newly created IS-IS interface is displayed in the query result area. ----End
7.7 Creating a Routing Policy

This topic describes how to query, create, modify, delete, and synchronize a routing policy. You can query the newly created routing policies when configuring BGP routes, OSPF routes, or ISIS routes.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > Routing Policy from the service tree. 3 Click Create and set Policy Name, Node Information, and Rule Information. 4 After the settings, click OK to return to the Routing Policy tab page. The information about the newly created routing policy is displayed in the query result area. ----End
7.8 Viewing Running Information

This topic describes how to view running information on an NE. The information in the query result area can be saved, copied, and searched. 7.8.1 Viewing the Running Information About a BGP Peer Group This topic describes how to view the running information about a BGP peer group. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area. 7.8.2 Viewing the Running Information About a BGP Peer This topic describes how to view the information about a running BGP peer. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area. 7.8.3 Viewing OSPF Running Information This topic describes how to view the OSPF running information, including the OSPF summary, OSPF LSDB, virtual link, and error information. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area. 7.8.4 Viewing IS-IS Running Information This topic describes how to view the IS-IS running information, including the IS-IS summary information and the IS-IS LSDB information. You can obtain the running information and locate
7 Route Management
the running faults according to the information in the query result area, and save, copy, and search the information in the query result area.
7.8.1 Viewing the Running Information About a BGP Peer Group

This topic describes how to view the running information about a BGP peer group. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Peer Group or Route Management > BGP Route > Private Network Route > VPN Instance Address Family from the service tree. 3 Click Query. All the peer group records or VPN instance records are displayed in the query result area. 4 Right-click a record and choose View Running Information > BGP Peer Group Information. 5 In the BGP Peer Group Information dialog box that is displayed, set VPN and then click Display. The information about the BGP peer group is displayed in the query result area. ----End
Follow-up Procedure
You can save, copy, and search the information about the queried BGP peer group. : saves the information displayed in the query result area to the local disk in a TXT file. : copies the selected information in the query result area to the clipboard. : searches the required information in the information displayed in the query result area by keyword.
7.8.2 Viewing the Running Information About a BGP Peer

This topic describes how to view the information about a running BGP peer. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area.
Prerequisite
7 Route Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > BGP Route > Public Network Route > Peer or Route Management > BGP Route > Private Network Route > VPN Instance Address Family from the service tree.
NOTE
On the VPN Instance Address Family tab page, the running information that is displayed includes only the BGP peer information. The reason is that each record in the VPN instance address family represents a VPN instance, but the BGP peer log information and BGP peer statistics are based on a single peer.
3 Click Query. All the peer records or VPN instance records are displayed in the query result area. 4 To view the information about a BGP peer, right-click a record in the query result area and choose View Running Information > BGP Peer Information from the shortcut menu. 5 In the BGP Peer Information dialog box that is displayed, set VPN and then click Display. The information about the BGP peer is displayed in the query result area. 6 To view the information about a BGP peer, right-click a record in the query result area and choose View Running Information > BGP Peer Log Information from the shortcut menu. 7 In the BGP Peer Log Information dialog box that is displayed, click Display. The information about the BGP peer log is displayed in the query result area. 8 Optional: To view the information about a BGP peer, right-click a record in the query result area and choose View Running Information > BGP Peer Statistic Information from the shortcut menu. 9 Optional: In the BGP Peer Statistic dialog box that is displayed, the statistics about the BGP peer are displayed.
NOTE
Certain equipment does not support the ability to view statistics about the BGP peer. Therefore, Step 8 and Step 9 are not applicable to these equipments.
----End
Follow-up Procedure
You can save, copy, and search the information about the queried BGP peer. : saves the information displayed in the query result area to the local disk in a TXT file. : copies the selected information in the query result area to the clipboard. : searches the required information in the information displayed in the query result area by keyword. The statistics about the BGP peer cannot be saved, copied, or searched.
7.8.3 Viewing OSPF Running Information

This topic describes how to view the OSPF running information, including the OSPF summary, OSPF LSDB, virtual link, and error information. You can obtain the running information and
7 Route Management
locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > OSPF Route > OSPF Process from the service tree. 3 Click Query. All the OSPF process records are displayed in the query result area. 4 To view an OSPF summary, right-click a record in the query result area and choose View Running Information > OSPF Summary Information from the shortcut menu. 5 In the OSPF Summary Information dialog box that is displayed, click Display. The information about the OSPF summary is displayed in the query result area.
NOTE
To view the OSPF summary information of a specified process, you can manually enter the value of Process ID.
6 To view an OSPF summary, right-click a record in the query result area and choose View Running Information > OSPF LSDB Information from the shortcut menu. 7 In the OSPF LSDB Information dialog box that is displayed, set Link Type and click Display. The information about the OSPF LSDB is displayed in the query result area.
NOTE
To view the OSPF LSDB information of a specified process, you can manually enter the value of Process ID.
8 To view a virtual link, right-click a record in the query result area and choose View Running Information > OSPF Virtual Link Information from the shortcut menu. 9 In the OSPF Virtual Link Information dialog box that is displayed, click Display. The information about the OSPF virtual link is displayed in the query result area.
NOTE
To view the OSPF virtual link information of a specified process, you can manually enter the value of Process ID.
10 To view error information, right-click a record in the query result area and choose View Running Information > OSPF Error Information from the shortcut menu. 11 In the OSPF Error Information dialog box that is displayed, set Error Type and click Display. The OSPF error information is displayed in the query result area.
NOTE
To view the OSPF error information of a specified process, you can manually enter the value of Process ID.
----End
7 Route Management
Follow-up Procedure
You can save, copy, and search the queried OSPF running information. : saves the information displayed in the query result area to the local disk in a TXT file. : copies the selected information in the query result area to the clipboard. : searches the required information in the information displayed in the query result area by keyword.
7.8.4 Viewing IS-IS Running Information

This topic describes how to view the IS-IS running information, including the IS-IS summary information and the IS-IS LSDB information. You can obtain the running information and locate the running faults according to the information in the query result area, and save, copy, and search the information in the query result area.
Prerequisite
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose Route Management > IS-IS Route > IS-IS Process from the service tree. 3 Click Query. All the IS-IS process records are displayed in the query result area. 4 To view IS-IS summary information, right-click a record in the query result area and choose View Running Information > IS-IS Summary Information from the shortcut menu. 5 In the IS-IS Summary Information dialog box that is displayed, click Display. The information about the IS-IS summary is displayed in the query result area.
NOTE
To view the IS-IS summary information of a specified process, you can manually enter the value of Process ID.
6 To view IS-IS summary information, right-click a record in the query result area and choose View Running Information > IS-IS LSDB Information from the shortcut menu. 7 In the IS-IS LSDB Information dialog box that is displayed, click Display. The information about the IS-IS LSDB is displayed in the query result area.
NOTE
To view the IS-IS LSDB information of a specified process, you can manually enter the value of Process ID and select Route Level.
----End
Follow-up Procedure
You can save, copy, and search the queried IS-IS running information. : saves the information displayed in the query result area to the local disk in a TXT file.
7 Route Management
: copies the selected information in the query result area to the clipboard. : searches the required information in the information displayed in the query result area by keyword.
7-24
Issue 03 (2010-11-19)
8 MPLS Management
8
About This Chapter
MPLS Management
This topic describes the basic concepts of MPLS and the MPLS management functions provided by the U2000. It also describes how to configure the related MPLS functions. 8.1 MPLS Management Overview This topic describes the basic concepts of MPLS and the MPLS management functions provided by the U2000. 8.2 Configuring MPLS and MPLS TE This topic describes how to configure MPLS and MPLS TE on the NE and also describes the related precautions. 8.3 Creating a Static LSP Segment This topic describes the procedure for creating a static LSP segment. You can use this procedure to create a static LSP segment or a static CR-LSP segment. 8.4 Configuring a Tunnel This topic describes tunnel-related configuration operations, such as creating a tunnel, setting tunnel parameters, creating an explicit path and so on. 8.5 Configuring MPLS OAM Detection This topic describes how to configure MPLS OAM detection, including MPLS OAM ingress detection and MPLS OAM egress detection. 8.6 Creating a Protection Group This topic describes how to create a protection group for the working tunnel. 8.7 Counting LSPs This topic describes how to count different types of LSPs on the current equipment. 8.8 Viewing a Label FIB This topic describes how to view a label FIB. 8.9 Maintaining an MPLS Service This topic describes how to maintain an MPLS service.
Issue 03 (2010-11-19)
8-1
8 MPLS Management
8.1 MPLS Management Overview

This topic describes the basic concepts of MPLS and the MPLS management functions provided by the U2000. 8.1.1 MPLS Management Functions This topic describes MPLS management functions provided by the U2000, such as configuring and maintaining MPLS and MPLS TE. 8.1.2 Basic Concepts This topic describes the basic concepts of MPLS, including the FEC, Label, LDP, LSP, and MPLS OAM.
8.1.1 MPLS Management Functions

This topic describes MPLS management functions provided by the U2000, such as configuring and maintaining MPLS and MPLS TE. The U2000 provides the following MPLS management functions: l l l l l l l l Configuring MPLS capabilities, including enabling MPLS, MPLS LDP, MPLS L2VPN, and MPLS OAM globally or on an interface Configuring capabilities related to MPLS TE, such as MPLS TE, CSPF, RSVP-TE, OSPFTE, and IS-IS TE Configuring and testing LDP Configuring static LSPs and Label FIB Label FIB LSP Statistic Configuring tunnels, including tunnel basic, tunnel properties, tunnel applications, and tunnel protection Configuring MPLS OAM detection and MPLS OAM protection groups

This topic describes the basic concepts of MPLS, including the FEC, Label, LDP, LSP, and MPLS OAM.
FEC
The FEC is a term used in MPLS, a packet forwarding technology, to describe a group of packets that can be forwarded in the same manner. Packets of the same FEC are processed in exactly the same manner on MPLS networks. FECs are classified according to the source IP address, destination IP address, source port, destination port, protocol type, or VPN, or a random combination of these conditions. For example, in the traditional IP forwarding that adopts the longest match algorithm, the FEC refers to the packets with the same destination IP address.
8-2
Issue 03 (2010-11-19)
8 MPLS Management
Label
A label is a short identifier of fixed length that is only of local significance. A label is used to uniquely identify the FEC to which a packet belongs. In certain cases such as load balancing, an FEC may correspond to multiple labels. A label, however, can represent only one FEC. A label does not contain topology information. It is carried in the header of a packet and is of only local significance. A label contains four bytes. Figure 8-1 shows the encapsulation structure of a label. Figure 8-1 Encapsulation structure of a label
0 Lable 19 Exp 22 S 23 TTL 31
LDP
As an MPLS control protocol, LDP is used for classifying FECs, distributing labels, and setting up and maintaining LSPs. It functions like the signaling protocol on traditional networks. LDP defines the messages in label distribution and the related message handling processes. Through LDP, LSRs can directly map routing information at the network layer to the switched paths at the data link layer. As a result, LSPs are set up at the network layer. An LSP may be set up between two neighboring LSRs or end at a network egress node, enabling labels to be switched on all the transit nodes of the network. MPLS supports multiple label distribution protocols. It supports protocols tailored for label distribution, such as LDP and CR-LDP. It also supports the protocols supporting label distribution after extension, such as BGP and RSVP.
LSP
An LSP is the path that an FEC passes through on an MPLS network. The LSP is a unidirectional path from the ingress to the egress. It functions like the virtual circuit in ATM and FR. LSPs are classified into two types: static LSP and dynamic LSP. Static LSPs are manually configured by the administrator while dynamic LSPs are dynamically generated through the routing protocol and LDP.
MPLS OAM
OAM is a key method of reducing network maintenance costs. The MPLS OAM mechanism is used at the MPLS layer. MPLS supports multiple Layer 2 and Layer 3 protocols, such as IP, FR, ATM, and Ethernet. MPLS provides an OAM mechanism that is independent of the upper and lower layers. The functions of the MPLS OAM mechanism on the user plane are as follows: l
Issue 03 (2010-11-19)
Detecting LSP connectivity

8 MPLS Management
l l
Measuring network utilization and performance Performing protection switching in the case of link failures to provide services according to the SLA signed with customers
With the MPLS OAM mechanism, you can detect, identify, and locate the faults inside the MPLS network, and take effective measures to rectify these faults according to the fault reports of this mechanism. MPLS OAM also provides a mechanism for triggering protection switching. For details about MPLS OAM, see ITU-T Recommendation Y.1710.
8.2 Configuring MPLS and MPLS TE

This topic describes how to configure MPLS and MPLS TE on the NE and also describes the related precautions. 8.2.1 Configuring MPLS on the NE This topic describes how to configure LSR ID, enable MPLS, and configure the policy used to trigger the setup of LSPs with routes on the NE and so on. 8.2.2 Configuring MPLS TE on the NE This topic describes how to configure MPLS TE on the NE. MPLS TE integrates MPLS with TE. It can reserve resources by setting up the LSPs to a specified path to avoid network congestion and balance network traffic. 8.2.3 Configuring MPLS and MPLS TE on an Interface This topic describes how to configure MPLS and MPLS TE on an interface.
8.2.1 Configuring MPLS on the NE

This topic describes how to configure LSR ID, enable MPLS, and configure the policy used to trigger the setup of LSPs with routes on the NE and so on.
Prerequisite
l l l The MPLS data of the NE must be synchronized to the U2000. The IP address of the related interface must be configured. Enabling MPLS is a prerequisite to MPLS L2VPN, and MPLS OAM configuration.
Context
l l If you disable MPLS on a set of NE, all the MPLS configurations on the NE are deleted. Before enabling MPLS, you need to configure the related LSR ID.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > MPLS Configuration > MPLS Base Configuration from the service tree. 3 Click Synchronize. 4 On the MPLS Base Configuration tab page, set MPLS, MPLS L2VPN, and MPLS OAM parameters as required.
8 MPLS Management
NOTE
This picture takes NE40E/NE80E V600R002 as an example.
5 After the settings, click Apply. 6 In the Confirm dialog box, click OK. The configurations are applied to the NE. ----End
8.2.2 Configuring MPLS TE on the NE

This topic describes how to configure MPLS TE on the NE. MPLS TE integrates MPLS with TE. It can reserve resources by setting up the LSPs to a specified path to avoid network congestion and balance network traffic.
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. MPLS must be enabled on the NE.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > MPLS Configuration > MPLS TE Configuration from the service tree. 3 On the MPLS TE Configuration tab page, set MPLS TE parameters as required.
NOTE
l Before enabling MPLS TE, you need to enable MPLS. l Before enabling CSPF and RSVP-TE, you need to enable MPLS TE.
Issue 03 (2010-11-19)
8-5
8 MPLS Management
4 In the OSPF TE and IS-IS TE areas, set the related parameters. 5 Optional: Click Advanced. 1. 2. In the Advanced MPLS TE Property of NE dialog box, click the MPLS TE tab. On the MPLS TE tab page, set MPLS TE parameters.
3. 4.
Click the RSVP-TE tab. On the RSVP-TE tab page, set RSVP-TE parameters.
8-6
Issue 03 (2010-11-19)
8 MPLS Management
5.
After setting parameters in the Advanced MPLS TE Property of NE dialog box, click OK.
6 On the MPLS TE Configuration tab page, click Apply. 7 In the Confirm dialog box, click OK. The configurations are applied to the NE. ----End
8.2.3 Configuring MPLS and MPLS TE on an Interface

This topic describes how to configure MPLS and MPLS TE on an interface.
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. MPLS and MPLS TE are enabled on the NE.
Context
Figure 8-2 shows the constraint relations among the parameters about NE MPLS, NE MPLS TE, NE RSVP-TE, and interface RSVP-TE.
Issue 03 (2010-11-19)
8-7
8 MPLS Management
Figure 8-2 Constraint relations among MPLS-related parameters

Enable equipment MPLS
Enable equipment MPLS TE
Enable interface MPLS
Enable equipment RSVP-TE
Enable interface MPLS TE
Enable interface RSVP-TE
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > MPLS Configuration > MPLS Interface from the service tree. 3 On the MPLS Interface tab page, click Query. 4 Select the interface on which MPLS and MPLS TE are to be configured. 5 In the details area, click the MPLS tab. 6 On the MPLS tab page, set interface MPLS parameters as required.
7 In the details area, click the MPLS TE tab. 8 On the MPLS TE tab page, set interface MPLS TE parameters as required.
8-8
Issue 03 (2010-11-19)
8 MPLS Management
9 In the details area, click the LDP tab. 10 On the LDP tab page, set interface LDP parameters as required.
11 Optional: Click Advanced. 12 Optional: In the Advanced MPLS TE Property of Interface dialog box, click the MPLS TE tab. 13 Optional: On the MPLS TE tab page, set MPLS TE parameters.
NOTE
The Advanced button and the MPLS TE tab are available only when you select the Enable MPLS TE check box in the details area.
Issue 03 (2010-11-19)
8-9
8 MPLS Management
14 In the Advanced MPLS TE Property of Interface dialog box, click the RSVP-TE tab and then set RSVP-TE parameters on this tab page.
NOTE
The RSVP-TE tab is available only when you select the Enable RSVP-TE check box in the details area.
15 Optional: After setting parameters in the Advanced MPLS TE Property of Interface dialog box, click OK. 16 On the MPLS TE tab page, click Apply.
8 MPLS Management
17 In the Confirm dialog box, click OK. The configurations are applied to the NE. ----End
8.3 Creating a Static LSP Segment

This topic describes the procedure for creating a static LSP segment. You can use this procedure to create a static LSP segment or a static CR-LSP segment.
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. MPLS must be enabled on the related NE and interface.
Context
Static LSP segments are classified into two types: static LSP segments and static CR-LSP segments.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Static LSP Segment from the service tree. In the query condition area, click Query to display all static LSP segments. 3 Right-click in the query result area and choose Add from the shortcut menu. 4 In the Add Static LSP Segment dialog box, set the parameters of the static LSP segment.
5 After setting the parameters, click OK. In the subsequent Confirm dialog box, click OK. ----End
Issue 03 (2010-11-19)
8-11
8 MPLS Management
8.4 Configuring a Tunnel

This topic describes tunnel-related configuration operations, such as creating a tunnel, setting tunnel parameters, creating an explicit path and so on. 8.4.1 Adding a Tunnel This topic describes how to add a tunnel on the specified NE and set the related tunnel parameters. 8.4.2 Creating an Explicit Path This topic describes how to create an explicit path on the specified NE.
8.4.1 Adding a Tunnel

This topic describes how to add a tunnel on the specified NE and set the related tunnel parameters.
Prerequisite
l l l The MPLS data of the NE must be synchronized to the U2000. MPLS must be enabled on the related NE and interface. MPLS TE and MPLS RSVP-TE must be enabled on the related NE and interface.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Tunnel Configuration from the service tree. 3 On the Tunnel Configuration tab page, click Query to display all tunnels. 4 Right-click in the query result area and choose Add from the shortcut menu. 5 In the Add Tunnel dialog box, click the Basic tab and then set the basic parameters of the tunnel service.
NOTE
l The parameters on the Basic tab page are mandatory, whereas the parameters on other tab pages are optional. l If the selected NE does not support a certain feature, the parameters about this feature become unavailable.
8-12
Issue 03 (2010-11-19)
8 MPLS Management
6 Optional: Click the Property tab. 7 On the Property tab page, set tunnel parameters.
8 Optional: Click the Application tab. 9 On the Application tab page, set tunnel parameters.
Issue 03 (2010-11-19)
8-13
8 MPLS Management
10 Optional: Click the Protection tab. 11 On the Protection tab page, set tunnel parameters.
12 Click OK. In the subsequent Confirm dialog box, click OK. ----End
8.4.2 Creating an Explicit Path

This topic describes how to create an explicit path on the specified NE.
8-14
Issue 03 (2010-11-19)
8 MPLS Management
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. MPLS TE must be enabled on the related NE and interface.
Context
The explicit path is an optional restriction in the creation of a tunnel service. You can determine whether to create and apply an explicit path as required.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Tunnel Configuration from the service tree. 3 On the Tunnel Configuration tab page, click Query. 4 Right-click in the query result area and choose Add from the shortcut menu. 5 Click the Property tab. 6 Click the ... button to the right of the Explicit Path field. 7 In the Create Explicit Path dialog box, set the basic information about the explicit path.
NOTE
l Click Add or Delete to add or delete nodes along the explicit path. l Multiple nodes can exist on an explicit path in a certain sequence. By selecting a node and then clicking Up or Down, you can change the sequence of nodes. l At least one node needs to be configured on an explicit path.
8 Click OK. The MPLS TE explicit path is created. ----End

8 MPLS Management
8.5 Configuring MPLS OAM Detection

This topic describes how to configure MPLS OAM detection, including MPLS OAM ingress detection and MPLS OAM egress detection. 8.5.1 Configuring MPLS OAM Ingress Detection This topic describes how to configure MPLS OAM ingress detection. After MPLS OAM ingress detection is configured on the specified NE, the source NE can be timely notified when a fault occurs in the detected tunnel. 8.5.2 Configuring MPLS OAM Egress Detection This topic describes how to configure MPLS OAM egress detection. After MPLS OAM egress detection is configured on the specified NE, the source NE can be timely notified when a fault occurs in the detected tunnel. 8.5.3 Starting and Stopping MPLS OAM Detection This topic describes how to start and stop MPLS OAM detection.
8.5.1 Configuring MPLS OAM Ingress Detection

This topic describes how to configure MPLS OAM ingress detection. After MPLS OAM ingress detection is configured on the specified NE, the source NE can be timely notified when a fault occurs in the detected tunnel.
Prerequisite
l l l The MPLS data of the NE must be synchronized to the U2000. MPLS OAM must be enabled. Tunnel must be configured.
Context
Assume that the source NE and destination NE of Tunnel 1/0/0 are A and B respectively. You need to configure MPLS OAM ingress detection on NE A and MPLS OAM egress detection on NE B.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > OAM Detection Configuration > Ingress Detection from the service tree. 3 Right-click in the query result area and choose Create from the shortcut menu. You can also click Create on the Ingress Detection tab page. 4 In the Create Ingress Detection dialog box, set the parameters of OAM ingress detection as required.
8-16
Issue 03 (2010-11-19)
8 MPLS Management
5 Click OK. 6 In the Confirm dialog box, click OK. ----End
8.5.2 Configuring MPLS OAM Egress Detection

This topic describes how to configure MPLS OAM egress detection. After MPLS OAM egress detection is configured on the specified NE, the source NE can be timely notified when a fault occurs in the detected tunnel.
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. MPLS OAM must be enabled.
Context
Assume that the source NE and destination NE of Tunnel 1/0/0 are A and B respectively. You need to configure MPLS OAM ingress detection on NE A and MPLS OAM egress detection on NE B.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > OAM Detection Configuration > Egress Detection from the service tree. 3 Right-click in the query result area and choose Create from the shortcut menu. You can also click Create on the Egress Detection tab page.
8 MPLS Management
4 In the Create Egress Detection dialog box, set the parameters of OAM egress detection as required.
8.5.3 Starting and Stopping MPLS OAM Detection

This topic describes how to start and stop MPLS OAM detection.
Prerequisite
The MPLS data of the NE must be synchronized to the U2000.
Context
Starting MPLS OAM detection is similar to stopping MPLS OAM detection. The following takes the start of MPLS OAM detection as an example. MPLS OAM detection includes ingress detection and egress detection. Starting MPLS OAM ingress detection is similar to starting MPLS OAM egress detection. The following takes the start of the MPLS OAM ingress detection as an example. Before starting MPLS OAM egress detection, you need to start MPLS OAM ingress detection.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu.
8 MPLS Management
2 Choose MPLS Management > OAM Detection Configuration > Ingress Detection from the service tree. 3 On the Ingress Detection tab page, click Query. 4 Right-click an MPLS OAM detection task in the list and choose Start Detection from the shortcut menu. If the task is successfully started, Start is displayed in the Start Detection column.
NOTE
If the Start Detection and Stop Detection buttons are unavailable on the shortcut menu when you start OAM egress detection, it indicates that the Auto-Protocol check box is selected during egress detection configuration. In this case, you do not need to manually start or stop OAM detection.
----End
8.6 Creating a Protection Group

This topic describes how to create a protection group for the working tunnel.
Prerequisite
l l The MPLS data of the NE must be synchronized to the U2000. The working tunnel and protection tunnel must be available.
Context
The protection group is used in the following scenarios: l l When a fault occurs in the working tunnel, the MPLS OAM mechanism or another detection mechanism switches traffic to the tunnel in the protection group after detecting the fault. Manually switch traffic from the working tunnel to the tunnel in the protection group.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Protection Management from the service tree. 3 Right-click in the query result area and choose Create from the shortcut menu. You can also click Create on the Protection Management tab page. 4 In the Create Protection Group dialog box, set the related parameters as required.
Issue 03 (2010-11-19)
8-19
8 MPLS Management
8.7 Counting LSPs

This topic describes how to count different types of LSPs on the current equipment.
Prerequisite
The MPLS data of the equipment must be synchronized to the U2000.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > LSP Statistic from the service tree. 3 Click Collect. 4 Select a collection result. On the General tab page of the details area, the information such as the type and number of currently collected LSPs is displayed. ----End
8.8 Viewing a Label FIB

This topic describes how to view a label FIB.
Prerequisite
8 MPLS Management
Context
l l The label FIB can be viewed only when the protocol type is STATIC, STATIC-CR, LDP, or RSVP-TE. Label FIB stands for the label forwarding information base. The core LSR uses the label FIB to forward labeled packets.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Label FIB from the service tree. 3 Click Query in the query condition area. Query results are displayed according to set filter criteria. 4 Select the label FIB to be viewed. On the General tab page of the details area, the details about this label FIB are displayed. ----End
8.9 Maintaining an MPLS Service

This topic describes how to maintain an MPLS service. 8.9.1 Auditing the Tunnel Status This topic describes how to audit the running status of tunnels. 8.9.2 Auditing Tunnel Connectivity This topic describes how to audit tunnel connectivity. Auditing tunnel connectivity is to perform the LSP Ping operation on an MPLS TE tunnel service and export the related auditing results. 8.9.3 Resetting a Tunnel Service This topic describes how to reset a tunnel service. After the configurations of a tunnel are modified, you need to reset the tunnel to make the modifications take effect. 8.9.4 Switching a Protection Group This topic describes how to switch a protection group. You can switch a protection group in four modes: Clear, Lock, Forcibly Switch, and Manually Switch.
8.9.1 Auditing the Tunnel Status

This topic describes how to audit the running status of tunnels.
Prerequisite
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Tunnel Configuration from the service tree. 3 On the Tunnel Configuration tab page, click Query to display all tunnels.
8 MPLS Management
4 Right-click the tunnel to be audited and choose Audit Status from the shortcut menu. You can select multiple tunnels for batch auditing. 5 On the Audit MPLS TE Tunnel Service Status tab page, select the tunnels to be audited. 6 Click Start. The auditing starts. A progress bar is displayed indicating the auditing progress. The Operation Result column indicates whether the service status is successfully audited. If the auditing fails, the failure cause is displayed in the details area. ----End
8.9.2 Auditing Tunnel Connectivity

This topic describes how to audit tunnel connectivity. Auditing tunnel connectivity is to perform the LSP Ping operation on an MPLS TE tunnel service and export the related auditing results.
Prerequisite
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Tunnel Configuration from the service tree. 3 On the Tunnel Configuration tab page, click Query to display all tunnels. 4 Right-click the tunnel to be audited and choose Audit Connectivity from the shortcut menu. You can select multiple tunnels for batch auditing. 5 On the Audit MPLS TE Tunnel Service Connectivity tab page, select the tunnels to be audited. 6 Click Start. The auditing starts. A progress bar is displayed indicating the auditing progress. The Operation Result column indicates whether the service status is successfully audited. If the auditing fails, the failure cause is displayed in the details area. ----End
8.9.3 Resetting a Tunnel Service

This topic describes how to reset a tunnel service. After the configurations of a tunnel are modified, you need to reset the tunnel to make the modifications take effect.
Prerequisite
Procedure
8 MPLS Management
2 Choose MPLS Management > Tunnel Configuration from the service tree. 3 On the Tunnel Configuration tab page, click Query to display all tunnels. 4 Right-click the tunnel to be reset and choose Reset from the shortcut menu. 5 In the Confirm dialog box, click OK. If the resetting is successful, the status bar prompts that the MPLS TE tunnel is successfully reset. ----End
8.9.4 Switching a Protection Group

This topic describes how to switch a protection group. You can switch a protection group in four modes: Clear, Lock, Forcibly Switch, and Manually Switch.
Prerequisite
Context
You can switch a protection group in either of the following modes: l l l Clear: It is used to cancel the request of manually configuring switchover for the protection group. Lock: It is used to forcibly lock the traffic in the working tunnel for transmission. The traffic is not switched to the protection tunnel even when a fault occurs in the working tunnel. Forcibly Switch: It is used to forcibly switch traffic to the protection tunnel. After forcible switching, the traffic cannot be reverted to the working tunnel even when the reversion conditions are met. Manually Switch: It is used to manually switch traffic from the working tunnel to the protection tunnel, or conversely, from the protection tunnel to the working tunnel.
NOTE
l The preceding modes have different priorities. A new switching request is carried out only when the priority of the new switching mode is higher than the current switching priority of the protection group. l The priority of these switching modes in descending order is as follows: Clear, Lock, Forcibly Switch, and Manually Switch.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose MPLS Management > Protection Management from the service tree. 3 On the Protection Management tab page, click Query. 4 Right-click the protection group to be switched and choose Switch > Manually Switch from the shortcut menu. Select the switching mode as required.
Issue 03 (2010-11-19)
8-23
8 MPLS Management
If the OAM protection group is successfully switched, the current operation is displayed in the Switch Status column of the list, and the switching result is displayed in the Switch Result column. If the switching of the OAM protection group fails, the system prompts failure causes. ----End
8-24
Issue 03 (2010-11-19)
9 LLDP Management
9
About This Chapter
LLDP Management
This topic describes the functions of LLDP management, such as enabling and configuring LLDP on the equipment and interfaces. With these functions, you can discover Layer 2 links in the view. 9.1 LLDP Management Overview This topic describes the concepts of LLDP and the LLDP management functions. You need to learn these information before configuring LLDP services. 9.2 Configuring an LLDP Service This topic describes how to configure an LLDP service. Before enabling LLDP on an interface, you need to configure LLDP globally on the equipment. By synchronizing LLDP neighbor information, you can synchronize the latest LLDP configurations of the neighbor nodes to the U2000. 9.3 Synchronizing LLDP Neighbor Information This topic describes how to synchronize the LLDP neighbor information on the equipment. LLDP neighbor information is one of the information sources for generating Layer 2 links through the link search function. The generated Layer 2 links are displayed in the physical view.
Issue 03 (2010-11-19)
9-1
9 LLDP Management
9.1 LLDP Management Overview

This topic describes the concepts of LLDP and the LLDP management functions. You need to learn these information before configuring LLDP services. 9.1.1 LLDP Management Functions This topic describes LLDP management functions, such as configuring LLDP globally, configuring LLDP on interfaces, and synchronizing LLDP neighbor information. 9.1.2 Basic Concepts This topic describes the concepts and functions of LLDP.
9.1.1 LLDP Management Functions

This topic describes LLDP management functions, such as configuring LLDP globally, configuring LLDP on interfaces, and synchronizing LLDP neighbor information. The LLDP management functions are as follows: l Configuring LLDP globally With this function, you can enable LLDP globally. After selecting the Globally Enable LLDP check box, you can set parameters including Managing IP Address, Interval for Message Transmission, Message Transmission Holding Multiple, Initialization Delay, Message Transmission Delay, Globally Enable Notification, and Notification Delay. l l Configuring LLDP on interfaces With this function, you can enable and disable LLDP on interfaces. Synchronizing LLDP neighbor information With this function, you can synchronize the LLDP neighbor information on the equipment.

This topic describes the concepts and functions of LLDP. LLDP is a Layer 2 link discovery protocol. When LLDP is run on a network, the local network administrator can learn the Layer 2 neighbor information about all the equipment connected to a set of equipment. LLDP helps to expand the network management scope and allows the administrator to obtain more details about the network topology and network changes. LLDP also helps to discover incorrect configurations on the network and reports such configurations to the U2000 for rectification.
9.2 Configuring an LLDP Service

This topic describes how to configure an LLDP service. Before enabling LLDP on an interface, you need to configure LLDP globally on the equipment. By synchronizing LLDP neighbor information, you can synchronize the latest LLDP configurations of the neighbor nodes to the U2000. 9.2.1 Setting Parameters on the Equipment This topic describes how to set parameters on the equipment. Before synchronizing equipment data to the U2000, you need to set the related parameters on the equipment.
9 LLDP Management
9.2.2 Configuring LLDP Globally This topic describes how to configure LLDP globally on a set of equipment through the U2000. With this function, you can enable the LLDP functions of the equipment. 9.2.3 Configuring LLDP on Interfaces This topic describes how to configure LLDP on interfaces. Before using the LLDP functions of an interface, you need to enable LLDP on the interface.
9.2.1 Setting Parameters on the Equipment

This topic describes how to set parameters on the equipment. Before synchronizing equipment data to the U2000, you need to set the related parameters on the equipment.
Configuring the Equipment to Use the SNMPv1/v2c Protocol

1. 2. 3. 4. Run the following command to access the system view: system-view Run the following command to start the SNMP Agent: snmp-agent Run the following command to set the SNMP version: snmp-agent sys-info version { { v1 | v2c }* } Run the following command to set the name of the read community: snmp-agent community read community-name [ [ mib-view view-name ] | [ acl aclnumber ] ]* 5. Run the following command to set the name of the write community: snmp-agent community write community-name [ [ mib-view view-name ] | [ acl aclnumber ] ]* 6. 7. Run the following command to add the ISO subtree to the view: snmp-agent mib-view included view-name iso Run the following command to enable the LLDP alarm function: snmp-agent trap enable lldp
NOTE
After the LLDP alarm function is enabled, any of the following situation will trigger the equipment to send alarm information to the U2000: l The global LLDP function is disabled. l The LLDP management address is changed. l The neighbor information is changed. (No alarm information is generated on the local end if the neighbor management address is changed.)
Configuring the Equipment to Use the SNMPv3 Protocol

1. 2. 3. Run the following command to access the system view: system-view Run the following command to start the SNMP Agent: snmp-agent Run the following command to set the SNMP version: snmp-agent sys-info version v3
9 LLDP Management
4.
Run the following command to set the SNMP version: snmp-agent group v3 group-name [ authentication | privacy] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
5.
Run the following command to set the SNMP user group: snmp-agent usm-user v3 user-name group-name [ [ authentication-mode { md5 | sha } password ] [ privacy-mode des56 password ] ] [ acl acl-number ]
6. 7.
Run the following command to add a user to the SNMPv3 user group: snmp-agent mib-view included view-name iso Run the following command to enable the LLDP alarm function: snmp-agent trap enable lldp
NOTE
After the LLDP alarm function is enabled, any of the following situation will trigger the equipment to send alarm information to the U2000: l The global LLDP function is disabled. l The LLDP management address is changed. l The neighbor information is changed. (No alarm information is generated on the local end if the neighbor management address is changed.)
9.2.2 Configuring LLDP Globally

This topic describes how to configure LLDP globally on a set of equipment through the U2000. With this function, you can enable the LLDP functions of the equipment.
Prerequisite
l l l The related parameters must be set on the equipment. The data of the equipment must be synchronized to the U2000. The equipment must support the ability to configure LLDP globally.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose LLDP Management > LLDP Global Configuration from the service tree. 3 Set parameters such as Managing IP Address, Interval for Message Transmission, and Message Transmission Holding Multiple.
9-4
Issue 03 (2010-11-19)
9 LLDP Management
NOTE
Unless necessary, keep the default parameter settings unchanged because modifying the settings may increase the load of the system.
9.2.3 Configuring LLDP on Interfaces

This topic describes how to configure LLDP on interfaces. Before using the LLDP functions of an interface, you need to enable LLDP on the interface.
Prerequisite
l l l The related parameters must be set on the equipment. The data of the equipment must be synchronized to the U2000. Configuring LLDP globally must be enabled on the equipment.
NOTE
By default, the LLDP function on interfaces is enabled after the global LLDP function is enabled.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose LLDP Management > LLDP Interface Configuration from the service tree. 3 On the LLDP Interface Configuration tab page, click Query. The interfaces supporting LLDP after LLDP is globally enabled are displayed in a list. 4 Right-click one or more interfaces that run LLDP and choose Enable or Disable from the shortcut menu to apply the interface configurations to the equipment. l If the status of the interfaces is Enabled, you can choose only Disable from the shortcut menu. l If the status of the interfaces is Disabled, you can choose only Enable from the shortcut menu. l If both Enabled and Disabled interfaces are selected, you can choose either Enable or Disable from the shortcut menu. Then, the status of all the interfaces becomes the same as the selected status. ----End
9.3 Synchronizing LLDP Neighbor Information

This topic describes how to synchronize the LLDP neighbor information on the equipment. LLDP neighbor information is one of the information sources for generating Layer 2 links through the link search function. The generated Layer 2 links are displayed in the physical view.
Prerequisite
The related parameters must be set on the equipment.
9 LLDP Management
Procedure
1 Right-click the NE in the Main Topology and choose Synchronize NE Data from the shortcut menu. 2 On the Synchronize NE Data tab page, click .... 3 In the dialog box that is displayed, choose LLDP Management > LLDP Neighbor Information, and then click OK. 4 Click Synchronize. ----End
9-6
Issue 03 (2010-11-19)
10 VRRP Management
10
About This Chapter
VRRP Management
This topic describes the VRRP management functions that the U2000 provides for single NEs. It also describes the concepts related to VRRP management and the methods of configuring VRRP, VGMP, and global VRRP attributes. 10.1 VRRP Management Overview This topic describes the concepts of VRRP management and the VRRP management functions provided by the U2000. 10.2 Configuring Global VRRP Attributes This topic describes how to configure global VRRP attributes. Configuring global VRRP attributes is to perform NE-level VRRP configuration. This configuration affects the VRRP function of the entire NE. 10.3 Configuring VRRP This topic describes how to configure VRRP functions, such as creating a VR, configuring the global attributes of an interface, creating VRRP tracking for a BFD session, and creating VRRP tracking for an interface. 10.4 Configuring VGMP This topic describes how to configure VGMP.
Issue 03 (2010-11-19)
10-1
10 VRRP Management
10.1 VRRP Management Overview

This topic describes the concepts of VRRP management and the VRRP management functions provided by the U2000. 10.1.1 VRRP Management Functions This topic describes VRRP management functions. It is important for LAN users to access external networks. As a fault-tolerant protocol, VRRP combines a group of routers on a LAN into a virtual router and switches the service to another router through a certain mechanism when the next hop router fails. This ensures the continuity and reliability of communication. 10.1.2 Basic Concepts This topic describes basic VRRP management concepts, such as the virtual router, master router and backup router, IP address owner, and virtual MAC address.
10.1.1 VRRP Management Functions

This topic describes VRRP management functions. It is important for LAN users to access external networks. As a fault-tolerant protocol, VRRP combines a group of routers on a LAN into a virtual router and switches the service to another router through a certain mechanism when the next hop router fails. This ensures the continuity and reliability of communication. The main VRRP management functions include VRRP global configuration, VR configuration, and VGMP configuration. With these functions, routers on a LAN can securely access external networks.

This topic describes basic VRRP management concepts, such as the virtual router, master router and backup router, IP address owner, and virtual MAC address.
VRRP Router
The VRRP router is the equipment that runs VRRP. A VRRP router may belong to one or more virtual routers.
Virtual Router
VRRP combines a group of routers on a LAN into a backup group that functions as a virtual router. A virtual router, also called VRRP backup group, is an abstract object managed by VRRP. A virtual router acts as a default router for the hosts on a shared LAN. A virtual router consists of a virtual router identifier and a set of virtual IP addresses.
Master Router and Backup Router

l Master router The master router is a VRRP router that forwards packets or responds to the ARP request. The forwarded packets and ARP request packets are sent to the virtual IP address. If the IP address owner is available, the VRRP router is called the master router.
10 VRRP Management
Backup router The backup router is a VRRP router that does not forward packets. When the master router fails, the backup router takes over as the new master router through election.
IP Address Owner
If the actual IP address of a VRRP router is the same as the IP address of the virtual router, the VRRP router is the IP address owner. When the VRRP router works normally, it responds to packets with the destination address as the virtual IP address.
Virtual MAC Address

The virtual MAC address is generated by the virtual router according to the virtual router ID. A virtual router has one virtual MAC address with the format of 00-00-5E-00-01-{VRID}. When responding to an ARP request, the virtual router uses the virtual MAC address rather than the actual MAC address of the interface.
mVRRP
To meet various service requirements, multiple VRRP backup groups can run between routers. If each VRRP backup group needs to maintain its own state machine, a large number of VRRP packets are generated between routers. To simplify the operation and reduce the bandwidth occupied by protocol packets, you can configure a VRRP backup group to be the mVRRP backup group and bind it to other member backup groups. Then, the status of the member backup groups is determined by the status of the bound mVRRP backup group.
VGMP
The VRRP management group that is established based on VGMP manages the status of all the joined VRRP backup groups. Thus, the interfaces on the same router work in active or standby state at the same time. This ensures the consistency of router VRRP status.
10.2 Configuring Global VRRP Attributes

This topic describes how to configure global VRRP attributes. Configuring global VRRP attributes is to perform NE-level VRRP configuration. This configuration affects the VRRP function of the entire NE.
Prerequisite
The data of the VRRP management must be synchronized to the U2000.
Context
l l By periodically sending gratuitous ARP packets, the VRRP router advertises the mapping between the virtual IP address and the virtual MAC address on the network. The VRRP router can ping the virtual IP addresses of the VRRP group. Thus, you can conveniently monitor the running status of the virtual router. In this case, however, the router is vulnerable to ICMP attacks. You need to determine whether to perform the configuration according to requirements.
Issue 03 (2010-11-19)
10 VRRP Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VRRP Global from the service tree. 3 On the VRRP Global tab page, set the related parameters. 4 Click Apply. ----End
10.3 Configuring VRRP

This topic describes how to configure VRRP functions, such as creating a VR, configuring the global attributes of an interface, creating VRRP tracking for a BFD session, and creating VRRP tracking for an interface. 10.3.1 Creating a VR This topic describes how to create a VR that consists of a group of physical routers on a LAN. A host on the LAN needs to know only the IP address of the VR instead of the IP address of any specific physical router. After setting the default gateway address of hosts on the LAN to the IP address of the VR, the host can communicate with external networks through this virtual gateway. 10.3.2 Configuring the Global Attributes of an Interface This topic describes how to configure the global attributes of an interface. This operation can be used to set the same parameters of all VRs on an interface. 10.3.3 Creating VRRP Tracking for a BFD Session This topic describes how to create VRRP tracking for a BFD session. When the backup router works normally, the switchover can be performed through the automatic negotiation of the VR. In this case, however, the switchover speed is slow. In a networking scenario requiring high reliability, you can create VRRP tracking for a BFD session to achieve fast switchover between the master router and the backup router. 10.3.4 Creating VRRP Tracking for an Interface This topic describes how to create VRRP tracking for an interface. VRRP can track the status of all interfaces. When a tracked interface becomes Down or Up, the priority of the related router is automatically decreased or increased by a certain value. As a result, the order of router priorities in the VR changes. The VRRP routers reelects the master router and then the active/ standby switchover is implemented. 10.3.5 Creating VRRP Tracking for an Ethernet OAM Interface This topic describes how to create VRRP tracking for an Ethernet OAM interface. VRRP can track the status of 802.3ah packets on an Ethernet OAM interface. The status of 802.3ah packets affects the VR status. Each VR can track only one 802.3ah packet. 10.3.6 Binding a Service VR This topic describes how to bind a service VR to the management VR. The management VR can be bound to service VRs and determines the status of the related service VRs according to the binding relation. 10.3.7 Creating Interface Tracking Performed by the Management VR This topic describes how to create interface tracking performed by the management VR. To make the status of service interfaces changes with the status of the interfaces configured with
10 VRRP Management
the mVRRP backup group, you can bind the service interfaces to the specified mVRRP backup group.
10.3.1 Creating a VR
This topic describes how to create a VR that consists of a group of physical routers on a LAN. A host on the LAN needs to know only the IP address of the VR instead of the IP address of any specific physical router. After setting the default gateway address of hosts on the LAN to the IP address of the VR, the host can communicate with external networks through this virtual gateway.
Prerequisite
l l The data of the interface information must be synchronized to the U2000. The data of the VRRP management must be synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Create.
NOTE
4 In the Create VR dialog box, set the related parameters.
5 Click OK to return to the VR tab page. ----End
10.3.2 Configuring the Global Attributes of an Interface

This topic describes how to configure the global attributes of an interface. This operation can be used to set the same parameters of all VRs on an interface.
10 VRRP Management
Prerequisite
l l l The data of the interface information must be synchronized to the U2000. The data of the VRRP management must be synchronized to the U2000. The VR must be configured.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a VR configuration record in the query result area. 5 Click the Interface Global Configuration tab and then set the related parameters on the tab page.
NOTE
l If Authentication is set to Yes, you need to set Authenticator. l The system checks the TTL value of received VRRP packets. If the value is not 255, the VRRP packets are discarded. In certain networking environments, especially when the equipment from different manufacturers is used together, the preceding processing mode may cause incorrect discarding of packets. In this case, you can configure the system not to check the TTL value of VRRP packets. l The parameters to be set vary according to interface types.
10.3.3 Creating VRRP Tracking for a BFD Session

This topic describes how to create VRRP tracking for a BFD session. When the backup router works normally, the switchover can be performed through the automatic negotiation of the VR. In this case, however, the switchover speed is slow. In a networking scenario requiring high reliability, you can create VRRP tracking for a BFD session to achieve fast switchover between the master router and the backup router.
Prerequisite
l l l l l The equipment must support BFD; otherwise, the Track BFD Session tab page is not displayed. The data of the interface information must be synchronized to the U2000. The data of the VRRP management must be synchronized to the U2000. The VR must be configured. The BFD session must be configured and be in Up state.
Context
l l
10-6
By tracking the status of BFD sessions, VRRP implements fast switchover between the master router and the backup router. For the BFD configuration, see 11 BFD Management.
NOTE
10 VRRP Management
If a router is the IP address owner, the related BFD sessions cannot be tracked.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a VR configuration record in the query result area. 5 Click the Track BFD Session tab. Then, click Create and set the related parameters.
6 Click OK to return to the Track BFD Session tab page. ----End
10.3.4 Creating VRRP Tracking for an Interface

This topic describes how to create VRRP tracking for an interface. VRRP can track the status of all interfaces. When a tracked interface becomes Down or Up, the priority of the related router is automatically decreased or increased by a certain value. As a result, the order of router priorities in the VR changes. The VRRP routers reelects the master router and then the active/ standby switchover is implemented.
Prerequisite
Context
l VRRP can monitor the status of interfaces. When the interface where the backup group resides is faulty or another interface of the router is faulty, VRRP provides the backup function. A router can monitor a maximum of eight interfaces. When a tracked interface becomes Down, the priority of the router automatically descends or ascends to a certain value. As a result, the order of router priorities in the backup group is changed and the VRRP router reelects the master router.
Issue 03 (2010-11-19)
10 VRRP Management
NOTE
l If a router is the IP address owner, its interfaces cannot be tracked. l The following interfaces cannot be tracked: loopback interfaces, Null interfaces, E1-group interfaces, VT interfaces, BRI interfaces, DIALER interfaces, AUX interfaces, and CPOS interfaces.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a VR configuration record in the query result area. 5 Click the Track Interface tab page. Then, click Create and set the related parameters in the dialog box that is displayed. 6 Click OK to return to the Track Interface tab page. ----End
10.3.5 Creating VRRP Tracking for an Ethernet OAM Interface

This topic describes how to create VRRP tracking for an Ethernet OAM interface. VRRP can track the status of 802.3ah packets on an Ethernet OAM interface. The status of 802.3ah packets affects the VR status. Each VR can track only one 802.3ah packet.
Prerequisite
Context
Only VRP5.6 or later supports this function.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a VR configuration record in the query result area. 5 Click the Track Ethernet OAM Interface tab page. Then, select the Track EFM Session check box and set Ethernet OAM Interface on the tab page. 6 Click Apply. ----End
10 VRRP Management
10.3.6 Binding a Service VR

This topic describes how to bind a service VR to the management VR. The management VR can be bound to service VRs and determines the status of the related service VRs according to the binding relation.
Prerequisite
l l l l The data of the interface information must be synchronized to the U2000. The data of the VRRP management must be synchronized to the U2000. This configuration is applicable to only management VRs. The service VR must be configured.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a management VR configuration record in the query result area. 5 Click the Bind Service VR tab. Then, click Create and select the service VR to be bound to the management VR. 6 Click OK to return to the Bind Service VR tab page. ----End
10.3.7 Creating Interface Tracking Performed by the Management VR

This topic describes how to create interface tracking performed by the management VR. To make the status of service interfaces changes with the status of the interfaces configured with the mVRRP backup group, you can bind the service interfaces to the specified mVRRP backup group.
Prerequisite
l l l l The data of the interface information must be synchronized to the U2000. The data of the VRRP management must be synchronized to the U2000. This configuration is applicable to only management VRs. The service VR must be configured.
Context
l The service interface and the interface that is configured with the mVRRP backup group must be different. Otherwise, the flow Up and flow Down states of services and the Up and Down states of the interface affect each other. The service interface can be bound to only the mVRRP backup group configured on an interface of the same card.
Issue 03 (2010-11-19)
10 VRRP Management
One mVRRP backup group can be bound to a maximum of 512 service interfaces, depending on the PAF and license files.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VR from the service tree. 3 Click Query. 4 Select a management VR configuration record in the query result area. 5 Click the Interface Track Management VR tab. Then, click Create and select the interface to be bound to the management VR. 6 Click OK to return to the Interface Track Management VR tab page. ----End
10.4 Configuring VGMP

This topic describes how to configure VGMP. Only NEs earlier than VRP 5.7 support the VGMP function. 10.4.1 Enabling and Disabling VGMP This topic describes how to enable and disable VGMP. VGMP takes effect after being enabled. 10.4.2 Creating VGMP Configuration This topic describes how to create VGMP configuration. Compared with the VR, VGMP is added with a logical layer. After a VR is added to the VGMP, traditional VRRP packets are no longer sent. In this case, the VGMP manages the status of all member VRs in a centralized manner, thus preventing the problem that the VRRPs on the interfaces related to the same router cannot be all active or standby because the VRs are independent of each other. 10.4.3 Creating a VGMP Member This topic describes how to create a VGMP member in the VGMP. 10.4.4 Creating VGMP Tracking for a BFD Session This topic describes how to create VGMP tracking for a BFD session. In a networking scenario requiring high reliability, you can create VGMP tracking for a BFD session to achieve fast switchover between the master router and the backup router. 10.4.5 Enabling and Disabling the Average VRRP Running Priority This topic describes how to enable and disable the average VRRP running priority. This helps to determine whether the VGMP priority depends on the VR priority.
10.4.1 Enabling and Disabling VGMP

This topic describes how to enable and disable VGMP. VGMP takes effect after being enabled.
Prerequisite
l l
10-10
The data of the VRRP management must be synchronized to the U2000. VGMP must be configured.
10 VRRP Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VGMP from the service tree. 3 Click Query. 4 Select one or more VGMP configuration records in the query result area. 5 Right-click the selected records and choose Enable VGMP or Disable VGMP from the shortcut menu.
NOTE
Batch operation is supported. If you select multiple VGMP configuration records, a progress bar is displayed showing the progress of enabling or disabling VGMP. Finally, the operation result is displayed in the Prompt dialog box.
6 Optional: Click OK to close the Prompt dialog box.

NOTE
You need to perform this operation only when multiple VGMP configuration records are selected for enabling or disabling VGMP.
----End
10.4.2 Creating VGMP Configuration

This topic describes how to create VGMP configuration. Compared with the VR, VGMP is added with a logical layer. After a VR is added to the VGMP, traditional VRRP packets are no longer sent. In this case, the VGMP manages the status of all member VRs in a centralized manner, thus preventing the problem that the VRRPs on the interfaces related to the same router cannot be all active or standby because the VRs are independent of each other.
Prerequisite
l l The data of the VRRP management must be synchronized to the U2000. The VR group must be configured.
Context
Do not configure the MTU on any physical interface. VGMP packets do not support fragmentation. Configuring the MTU may result in the abnormality of sending VGMP packets.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VGMP from the service tree. 3 Click Create.
NOTE
4 In the Create VGMP dialog box, set the related parameters.

10 VRRP Management
5 Click OK. ----End
10.4.3 Creating a VGMP Member

This topic describes how to create a VGMP member in the VGMP.
Prerequisite
l l l The data of the VRRP management must be synchronized to the U2000. VGMP must be configured. The VR must be configured.
Context
The VRRP management group function can be enabled only when the channel type of VGMP members meets at least one of the following conditions: l l There is at least one VGMP member whose Channel Type is Data Channel. There are both VGMP members whose Channel Type is Data Transfer Channel and VGMP members whose Channel Type is No Channel.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VGMP from the service tree. 3 Click Query. 4 Select a VGMP configuration record in the query result area. 5 Click the VGMP Member tab and then click Create. 6 In the Create VGMP Member dialog box, set the related parameters.
10 VRRP Management
7 Click OK. ----End
10.4.4 Creating VGMP Tracking for a BFD Session

This topic describes how to create VGMP tracking for a BFD session. In a networking scenario requiring high reliability, you can create VGMP tracking for a BFD session to achieve fast switchover between the master router and the backup router.
Prerequisite
l l l l The data of the VRRP management must be synchronized to the U2000. The data of the BFD management module must be synchronized to the U2000 VGMP must be configured. The BFD session must be configured and be in Up state.
Context
l l By tracking the status of BFD sessions, VGMP implements fast switchover between the master router and the backup router. For the BFD configuration, see 11 BFD Management.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VRRP Management > VGMP from the service tree. 3 Click Query. 4 Select a VGMP configuration record in the query result area. 5 Click the Track BFD Session tab and then click Create. 6 In the Create Track BFD Session dialog box, set the related parameters. 7 Click OK. ----End
10.4.5 Enabling and Disabling the Average VRRP Running Priority

This topic describes how to enable and disable the average VRRP running priority. This helps to determine whether the VGMP priority depends on the VR priority.
Prerequisite
l l The data of the VRRP management must be synchronized to the U2000. VGMP must be configured.
Procedure
10 VRRP Management
2 Choose VRRP Management > VGMP from the service tree. 3 Click Query.. 4 Select one or more VGMP configuration records in the query result area 5 Right-click the selected records and choose Using VRRP Average Run Priority or Disusing VRRP Average Run Priority from the shortcut menu.
NOTE
Batch operation is supported. If you select multiple VGMP configuration records, a progress bar is displayed showing the progress of enabling or disabling the average VRRP running priority. Finally, the operation result is displayed in the Prompt dialog box.

NOTE
You need to perform this operation only when multiple VGMP configuration records are selected for enabling or disabling the average VRRP running priority.
----End
10-14
Issue 03 (2010-11-19)
11 BFD Management
11
About This Chapter
BFD Management
This topic describes the BFD management functions that the U2000 provides for single NEs. It also describes the concepts related to BFD management and the methods of configuring service detection and global BFD attributes. 11.1 BFD Management Overview This topic describes the BFD management functions provided by the U2000 for single NEs and the concepts of BFD management. 11.2 Configuring Global BFD Attributes This topic describes how to configure global BFD attributes. Configuring global BFD attributes is to perform NE-level BFD configuration. This configuration affects the BFD function of the entire NE. 11.3 Configuring Service Detection This topic describes how to configure service detection. BFD can be used to quickly detect various service forwarding faults because of its simplification. Thus, it provides real-time services of high reliability for customers and enables the U2000 to detect links, MPLS TE, VRF, and PWs.
Issue 03 (2010-11-19)
11-1
11 BFD Management
11.1 BFD Management Overview

This topic describes the BFD management functions provided by the U2000 for single NEs and the concepts of BFD management. 11.1.1 BFD Management Functions This topic describes BFD management functions. As a unified detection mechanism applicable to the entire network, BFD is used to detect the faults during the communication between forwarding engines. The purpose of BFD is to verify the connectivity of a link running a certain data protocol between two systems. The link here can be either a physical link or a logical link, such as a tunnel. 11.1.2 Basic Concepts This topic describes the concepts related to the BFD detection mechanism, such as the detection mechanism, detection mode, single-hop detection, multi-hop detection, and detection time.
11.1.1 BFD Management Functions

This topic describes BFD management functions. As a unified detection mechanism applicable to the entire network, BFD is used to detect the faults during the communication between forwarding engines. The purpose of BFD is to verify the connectivity of a link running a certain data protocol between two systems. The link here can be either a physical link or a logical link, such as a tunnel. BFD management supports the functions of global BFD configuration and service detection configuration.

This topic describes the concepts related to the BFD detection mechanism, such as the detection mechanism, detection mode, single-hop detection, multi-hop detection, and detection time.
BFD Detection Mechanism

After a BFD session is set up between two systems, the BFD detection mechanism periodically sends BFD control packets along the path between the two systems. If one system does not receive any BFD control packet in the specified period, the path is considered to be faulty. BFD control packets are encapsulated in UDP packets for transmission. The destination port number is 3784. The source port number ranges from 49152 to 65535. All the BFD control packets of a session use the same source port number. Pay attention to potential port conflicts.
BFD Detection Mode

BFD provides two detection modes: asynchronous mode and demand mode. l Asynchronous mode BFD control packets are sent between systems based on a negotiated period. If a system does not receive any packet from the peer within the negotiated period, the session becomes Down. l
11-2
Demand mode
11 BFD Management
If a lot of BFD sessions exist in a system, periodically sending the overheads of BFD control packets affects the running of the system. To prevent this problem, you can use the demand mode. In demand mode, after a BFD session is set up, the system does not periodically send BFD control packets. Instead, the system detects the connectivity through another mechanism to reduce the overheads of the BFD session.
Single-Hop Detection
BFD single-hop detection detects the IP connectivity between two directly connected systems. Here, "single-hop" refers to a single IP hop. In the two systems adopting single-hop BFD detection, only one BFD session exists on the specified interface for a specified data protocol. Therefore, the BFD session is bound to the interface that can be either a physical interface or a virtual interface.
Multi-Hop Detection
BFD can detect any path between two systems. These paths can span many hops or overlap.
Detection Time
The BFD detection time depends on the following values: l l l DMTI: indicates the desired minimum interval for sending BFD control packets by the local system. RMRI: indicates the required minimum interval for receiving BFD control packets by the local system. Detect Mult: indicates the detection time multiplier.
When a local system receives a BFD control packet from the peer, the system compares the RMRI carried in this packet with the local DMTI. The local system chooses the longer interval from the RMRI and the DMTI for sending the BFD control packet. That is, the system with a lower rate determines the rate of sending BFD control packets. The detection times in demand mode and in asynchronous mode are calculated by different Detect Mult values. l l Asynchronous mode: Detection time = remote Detect Mult that is received x maximum (local RMRI or received DMTI) Demand mode: Detection time = local Detect Mult x maximum (local RMRI or received DMTI)
11.2 Configuring Global BFD Attributes

This topic describes how to configure global BFD attributes. Configuring global BFD attributes is to perform NE-level BFD configuration. This configuration affects the BFD function of the entire NE.
Prerequisite
The data of the BFD management must be synchronized to the U2000.
11 BFD Management
Context
l l Enabling BFD is a prerequisite to BFD configuration. If BFD is disabled, all the BFD configurations are deleted.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > BFD Global from the service tree. 3 On the BFD Global tab page, set the parameters.
NOTE
l If single-hop BFD detection needs to be performed on the Layer 2 interfaces or the Layer 3 physical interfaces without IP addresses, such as the IP-Trunk member interface and Layer 3 Eth-Trunk member interface, adopt the default multicast IP address. l You can set Default multicast address only when Enable BFD is set to Enable. l If BFD Bind Type is set to Default multicast address, Default multicast address on the BFD Global tab page cannot be modified.
11.3 Configuring Service Detection

This topic describes how to configure service detection. BFD can be used to quickly detect various service forwarding faults because of its simplification. Thus, it provides real-time services of high reliability for customers and enables the U2000 to detect links, MPLS TE, VRF, and PWs. 11.3.1 Enabling and Disabling the Administrative Status This topic describes how to enable and disable the administrative status. Enabling the administrative status can enable BFD sessions. You can detect services only when BFD sessions are enabled. 11.3.2 Configuring Link Detection This topic describes how to configure link detection. The setup of BFD sessions based on IP links helps to detect the link status in both directions, thus realizing millisecond-level link fault detection. 11.3.3 Configuring MPLS TE Detection This topic describes how to configure MPLS TE detection. The setup of BFD sessions based on MPLS TE helps to detect the status of a TE tunnel and the primary or bypass LSP bound to the TE tunnel, thus reducing the impact of link faults on services. 11.3.4 Configuring VRF Detection This topic describes how to configure VRF detection. The setup of BFD sessions based on VPN instances helps to detect the status of tunnels, thus reducing the impact of link faults on services. 11.3.5 Configuring PW Detection This topic describes how to configure PW detection. The setup of BFD sessions based on PWs helps to detect the link status of PWs between the local and remote PEs, thus reducing the impact of link faults on services. You need to configure BFD sessions to detect the primary and secondary PWs respectively.
11 BFD Management
11.3.1 Enabling and Disabling the Administrative Status

This topic describes how to enable and disable the administrative status. Enabling the administrative status can enable BFD sessions. You can detect services only when BFD sessions are enabled.
Prerequisite
l l Service detection must be configured. The data of the BFD management must be synchronized to the U2000.
Context
Service detection supporting this function includes link detection, TE detection, VRF detection, and PW detection. The procedures for enabling and disabling the administrative status are similar for all types of service detection. The following takes link detection as an example to describe the procedure.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > Service Detection Configuration > Link Detection Configuration from the service tree. 3 Click Query. 4 Select one or more BFD configuration records in the query result area. 5 Right-click the selected records and choose Enable Administrative Status or Disable Administrative Status from the shortcut menu.
NOTE
Batch operation is supported. If you select multiple BFD configuration records, a progress bar is displayed showing the progress of enabling or disabling the administrative status. Finally, the operation result is displayed in the Prompt dialog box.

NOTE
You need to perform this operation only when multiple BFD configuration records are selected for enabling or disabling the administrative status of service detection.
----End
11.3.2 Configuring Link Detection

This topic describes how to configure link detection. The setup of BFD sessions based on IP links helps to detect the link status in both directions, thus realizing millisecond-level link fault detection.
Prerequisite
l l
Issue 03 (2010-11-19)
The data of the interface information module must be synchronized to the U2000. BFD must be globally enabled.
11 BFD Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > Service Detection Configuration > Link Detection Configuration from the service tree. 3 Click Create.
NOTE
4 In the Create Link Detection Configuration dialog box, set the related parameters.
5 Click OK to return to the Link Detection Configuration tab page. 6 Click Query. You can query the link detection configurations. ----End
11.3.3 Configuring MPLS TE Detection

This topic describes how to configure MPLS TE detection. The setup of BFD sessions based on MPLS TE helps to detect the status of a TE tunnel and the primary or bypass LSP bound to the TE tunnel, thus reducing the impact of link faults on services.
Prerequisite
l l Before you configure BFD to detect an MPLS TE tunnel, the related tunnel interface must be configured. BFD must be globally enabled.
Context
l
11-6
BFD can detect only the TE tunnel whose signaling type is CR-Static or RSVP-TE.
11 BFD Management
l l
If the TE tunnel detected by BFD is in Down state, a BFD session can be established but cannot be Up. One tunnel may have multiple LSPs. In the case where a tunnel is detected through a BFD session, the BFD session becomes Down only when all the related LSPs are faulty.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > Service Detection Configuration > MPLS TE Detection Configuration from the service tree. 3 Click Create.
NOTE
4 In the Create MPLS TE Detection Configuration dialog box, set the related parameters.
5 Click OK to return to the MPLS TE Detection Configuration tab page. 6 Click Query. You can query the MPLS TE detection configurations. ----End
11.3.4 Configuring VRF Detection

This topic describes how to configure VRF detection. The setup of BFD sessions based on VPN instances helps to detect the status of tunnels, thus reducing the impact of link faults on services.
Prerequisite
l l l The data of the interface management module must be synchronized to the U2000. The data of the VRF management module must be synchronized to the U2000. BFD must be globally enabled and the VRF must exist.
Issue 03 (2010-11-19)
11-7
11 BFD Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > Service Detection Configuration > VRF Detection Configuration from the service tree. 3 Click Create.
NOTE
4 In the Create VRF Detection Configuration dialog box, set the related parameters.
5 Click OK to return to the VRF Detection Configuration tab page. 6 Click Query. You can query the VRF detection configurations. ----End
11.3.5 Configuring PW Detection

This topic describes how to configure PW detection. The setup of BFD sessions based on PWs helps to detect the link status of PWs between the local and remote PEs, thus reducing the impact of link faults on services. You need to configure BFD sessions to detect the primary and secondary PWs respectively.
Prerequisite
l l l
11-8
The data of the interface management module must be synchronized to the U2000. The data of the PW management module must be synchronized to the U2000. BFD must be globally enabled and the PW must exist.
11 BFD Management
Context
l l l The VC of the PW to be detected must be created through the control word method. During PW detection, BFD must work in asynchronous mode. In addition, BFD sessions must be established at the local and peer ends of the PW by binding the PW. When the PW is in Down state, a BFD session can be established but cannot be Up.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose BFD Management > Service Detection Configuration > PW Detection Configuration from the service tree. 3 Click Create. l Select Create Static BFD from the drop-down list. In the Create PW Detection Configuration dialog box, set the related parameters.
Select Create Dynamic BFD from the drop-down list. In the Create PW Detection Configuration dialog box, set the related parameters.
4 Click OK to return to the PW Detection Configuration tab page. 5 Click Query. You can query the PW detection configurations. ----End
12 QoS Management
12
About This Chapter
QoS Management
This describes the basic information about QoS management. 12.1 QoS Management Overview This describes the basic information about Quality of Service (QoS) management. The QoS management includes the management of CBQoS, HQoS,drop profile,discard policy, DS domain policy, L2TP group QoS,interface QoS, mirroring configuration, and system QoS. 12.2 Configuring CBQoS This describes how to configure CBQoS. With this function, you can classify packets from different perspectives and take different actions on different packet flows. 12.3 Configuring HQoS This describes how to configure HQoS. HQoS can differentiate users to limit the bandwidth of different users and schedule the services of the same user. 12.4 Creating and Deploying a DS Domain Policy This describes how to create and deploy a DS domain policy. 12.5 Configuring Domain QoS This describes how to configure domain QoS. 12.6 Configuring L2TP Group QoS This describes how to configure L2TP group QoS. 12.7 Configuring Interface QoS This describes how to configure interface QoS. 12.8 Configuring the Mirroring This describes how to configure the mirroring. 12.9 Configure System QoS This describes how to configure system QoS.
Issue 03 (2010-11-19)
12-1
12 QoS Management
12.1 QoS Management Overview

This describes the basic information about Quality of Service (QoS) management. The QoS management includes the management of CBQoS, HQoS,drop profile,discard policy, DS domain policy, L2TP group QoS,interface QoS, mirroring configuration, and system QoS. 12.1.1 Functions of QoS Management This describes the basic functions of QoS management. 12.1.2 CBQoS This describes the basic concepts of CBQoS. 12.1.3 HQoS This describes the technologies related to Hierarchical Quality of Service (HQoS) and the basic concepts of HQoS. 12.1.4 Interface QoS This describes the technologies related to interface QoS. 12.1.5 Other QoS Functions This describes other QoS functions.
12.1.1 Functions of QoS Management

This describes the basic functions of QoS management. QoS is a term that describes the relations between demands and supplies. It is a measurement reflecting the ability of a supplier to meet customers' demands. The assessment does not result in accurate scores; instead, it focuses on the quality of service under certain conditions so that the quality of the service that is found defective can be properly improved. In the Internet, QoS is used to assess the ability of the network to transmit packets. The network provides a wide variety of services; therefore, QoS should be assessed from different aspects. QoS generally refers to the analysis of the issues related to the process of sending packets, such as bandwidth, latency (or delay), jitter, and packet loss ratio. The NMS performs QoS management on Huawei Datacomm devices through the CBQoS,HQoS, drop profile, discard policy, DS domain policy, domain QoS configuration, L2TP group QoS,interface QoS configuration, mirroring configuration, and system QoS tool.
12.1.2 CBQoS
This describes the basic concepts of CBQoS. The CBQoS means: l l l Classifying traffic according to some rules Associating a type of traffic with a behavior to form a policy Applying the policy
After the policy is applied, the following functions based on class are realized: l l l
12-2
Traffic policing Priority marking Redirection

12 QoS Management
Traffic Classification
Traffic classification is to identify the packets with some features according to a rule, so it is the prerequisite and basis for providing differentiated services. The typical traffic classification is classified into the complex traffic classification and the simple traffic classification. You can use a complex rule for traffic classification. For example, packets can be classified according to the following information at the link layer, network layer, and transport layer: l l l l l l Source MAC address Destination MAC address Source IP address Destination IP address User group number Protocol type or TCP/UDP port number
You can use a simple rule for traffic classification. For example, packets can be classified according to the following information: l l l ToS field in the IP packet User priority EXP field in the MPLS packet
The traffic with different priorities can be distinguished.
DSCP
The Type of Service (ToS) field in the IPv4 header is defined in RFC 791, RFC 134, and RFC 1349. The ToS field consists of 3-bit Precedence, D bit, T bit, R bit, and C bit. The highest bit in the ToS must be 0. D means delay. T means throughput. R means reliability. C means cost. The device checks the priority of packets before implementing QoS. Other bits are reserved for future use. RFC 2474 re-defines the ToS field of the IPv4 packet header as the Differentiated Services (DS) field. The lower order six bits (bits 0 to 5) of the DS field serve as DSCP and the higher order two bits (bits 6 and 7) as reserved bits. The lower order three bits (bits 0 to 2) of the DS field are for Class Selector Code Point (CSCP), representing a kind of DSCP. DS nodes choose appropriate Per-Hop Behaviors (PHBs) according to the DSCP value.
Standard PHBs
Per Hop Behavior (PHB) is used to describe the next forwarding action of the packets with the same DSCP. Commonly, PHB contains traffic features, such as delay and packet loss ratio. At present, the IETF defines three standard PHBs: Expedited Forwarding (EF), Assured Forwarding (AF), and Best-Effort (BE). BE is the default PHB.
Traffic Behavior
The traffic classification is to provide differentiated services. The classification takes effect only after it is associated with a traffic control or resource allocation behavior. The following are the typical traffic behaviors that are based on traffic classification (Multiple behaviors can be used together):
12 QoS Management
l l
Deny/permit is the simplest traffic control behavior. Devices control the network traffic by forwarding or discarding the packets. Marking is used to set the priority fields in the packets. The priority field of the packet depends on the network type. For example: In a VLAN, the priority field depends on the field 802.1p in a packet. In an IP network, the priority field depends on the field ToS in a packet. In an MPLS network, the priority field depends on the field EXP in a packet. Then, the router needs to mark the priorities of the packets according to the network. Generally, the border node marks the priority on an incoming packet, and the internal node provides the QoS based on the marked priority. The internal node can also mark the packet according to its own criteria.
l l
The packet is not forwarded according to the destination address, but redirected to other routes for policy-based routing. This is called redirection. Traffic policing is a traffic control policy that restricts the use of traffic and resources by monitoring the traffic specification. In traffic policing, the NE controls the size of each flow. The oversized flow is discarded, marked with color, marked with priority, or undergoes other QoS measures. Security behaviors refer to operations over packets such as checking the Unicast Reverse Path Forwarding (URPF), performing the port mirroring, or measuring the traffic statistics. A security behavior is not a QoS measure. It can be, however, combined with other QoS behaviors to improve the security of the network and packets. The security behaviors are not QoS measures. When used with other QoS behaviors, they can improve the security of the network and packets.
Traffic Policy
Associating a classifier with a QoS behavior forms a QoS traffic policy. The traffic policy can be applied to an interface, the whole system, or a service for user. After a traffic policy is applied, the traffic classification and behaviors defined in the traffic policy are also applied.
12.1.3 HQoS
This describes the technologies related to Hierarchical Quality of Service (HQoS) and the basic concepts of HQoS. Traditional QoS performs traffic scheduling based on interfaces. An interface can distinguish service priorities but cannot identify users or the services of different users. Packets of the same priority go to the same interface queue and compete for the same queue resource. As a result, the traditional QoS fails to identify a type of packet from a specific user on an interface and cannot provide differentiated services for this type of packet. HQoS performs the hierarchical scheduling based on multi-level queues. The scheduling mode varies according to devices. The following are the typical HQoS technologies:
Queue Template
HQoS enables a router to schedule flows per user. The service packets of a user can be classified into eight flow queues. You can configure priority queuing (PQ) or weighted fair queuing (WFQ) scheduling algorithms for these flow queues. In addition, you can configure weighted random early detection (WRED) and the rate of traffic shaping for each flow queue.
12 QoS Management
Scheduler Template
HQoS enables a router to schedule flows per user. User scheduling can be used to set the CIR and PIR for each user, thus enabling HQoS to restrict the bandwidth of each user.
User Group Queues

The service packets of the same user are considered as one SQ. HQoS categorizes all the service packets of the SQ into a GQ. All the service packets share the bandwidth of one GQ. HQoS can bind multiple SQs to one GQ, enabling a router to control the traffic rate of multiple SQs together.
Discard Policy
Packet discard policies include Tail Drop, random early detection (RED), and WRED.
NOTE
The discard policy configured on the NMS is WRED. If no discard policy is configured on the NMS, queues adopt the Tail Drop policy by default.
l l l
Tail Drop indicates that the packets received after the queue is full are dropped. RED indicates that the packets are dropped randomly when the queue reaches a certain length, which can avoid global synchronization caused by slow TCP startup. Different from RED, WRED considers the queue length and packet priority when dropping packets. The packets with low priority are dropped early with a great probability.
Drop Template
The drop template is used to set the drop thresholds for WRED algorithms. The drop template cannot be used independently. It must be bound to the queue template or QoS template to specify the discard policy for flow queues or user groups.
QoS Template
The QoS template is an aggregation of the QoS scheduling parameters. The QoS template has no parameter. However, after it is bound to the scheduler template, queue template, or drop template, the QoS scheduling parameters can be set.
12.1.4 Interface QoS

This describes the technologies related to interface QoS.
CAR
For the purpose of traffic control, there must be a mechanism that can measure the traffic flowing through a device. This mechanism is called granular control. The token bucket is a popular means to measure traffic. It is used in CAR and traffic shaping to control the traffic rate. A token bucket can be considered as a container of tokens, which has a predefined capacity. The system puts tokens into the bucket at a pre-set rate. When the bucket is full of tokens, the excessive ones overflow and the number of tokens in the bucket stop growing. Typical CAR applications can be classified into three types: single-rate single token bucket, single-rate dual token bucket, and dual-rate dual token bucket. l
Issue 03 (2010-11-19)
Single-rate single token bucket

12 QoS Management
When the network traffic is simple, you can use the single-rate single token bucket to measure the traffic. The single-rate single token bucket involves two parameters: CIR: indicates the rate of putting tokens into the token bucket. It is the average traffic rate of a port in a long period of time. CBS: determines the maximum volume of traffic before the CIR is exceeded. It indicates the capacity or depth of the token bucket. The set burst size must be longer than the maximum length of packets. l Single-rate dual token bucket and dual-rate dual token bucket To measure more complex traffic and implement more flexible control policies, you can configure two token buckets. The two token buckets are called bucket C and bucket P. The single-rate dual token bucket involves three parameters: CIR: indicates the rate of putting tokens into buckets, that is, the average traffic rate permitted by buckets. CBS: determines the maximum volume of traffic before the CIR is exceeded. It indicates the capacity or depth of the buckets. The set burst size must be longer than the maximum length of packets. PBS: indicates the capacity of bucket P, that is, the maximum size of traffic permitted by bucket P for each burst. The dual-rate dual token bucket involves four parameters: CIR: indicates the rate of putting tokens into bucket C, that is, the average traffic rate permitted by bucket C. CBS: indicates the capacity of bucket C, that is, the maximum size of traffic permitted by bucket C for each burst. PIR: indicates the rate of putting tokens into bucket P, that is, the average traffic rate permitted by bucket P. PBS: indicates the capacity of bucket P, that is, the maximum size of traffic permitted by bucket P for each burst.
Bandwidth
The NMS can restrict the bandwidth of Eth-Trunk main interfaces.
GTS
When network congestion occurs, traffic policing with the CAR technology is used to control the traffic features of packets and restrict the traffic by dropping the packets that do not conform to the traffic features. Sometimes, to reduce the number of dropped packets, the packets that do not conform to specifications are cached and then sent at an even rate under the control of the token bucket. This is called traffic shaping. Traffic shaping reduces the number of dropped packets while satisfying the traffic features of packets. A typical application of traffic shaping is to control the flow and burst of the outgoing traffic from a certain network connection, so that the packets can be sent at an even rate. Traffic shaping adopts the GTS technology to shape the traffic that is irregular or does not conform to preset traffic features. This helps to match the bandwidth of the upstream network with that of the downstream network.
Queue
The queue configuration on an interface is used to direct the traffic of different service classes to predefined queues according to certain mapping rules and modify parameters such as the
12 QoS Management
scheduling mode, GTS, and discard policy. In this manner, traffic scheduling on interfaces is realized and network QoS is improved.
Application Policy
The NMS allows you to apply flow policies or DS domain policies to interfaces.
Packet Traffic Suppression

When network congestion occurs, you need to suppress the traffic of certain special packets to mitigate network congestion.
MPLS
The NMS allows you to re-mark the priorities of MPLS packets.
RPR Priority
When the RPR technology is applied, you need to adjust the priorities of RPR packets on a certain interface according to actual network conditions, so that the packets of higher priorities are forwarded ahead of the packets of lower priorities.
Scheduling Levels of Service Gateways

If a service gateway is deployed with HQoS, you can apply existing QoS templates to the scheduling of each level to ensure the normal scheduling of each level.
Other QoS Configurations Related to Interfaces

Besides typical interface QoS configurations, you can also perform the following QoS configurations on an interface: l l l l l l l l Enable DEI Enable 802.1p Whether to trust the outer configuration after 802.1p IP URPF Disable PHB Check PHB Configure Packet Priority Mapping Copy Priority from CVLAN to PVLAN
12.1.5 Other QoS Functions

This describes other QoS functions.
Configuring Domain QoS

For access devices, you can configure the QoS of a user domain in terms of VC scheduling, time range, L2TP, and user priority.
12 QoS Management
Configuring L2TP Group QoS

For ME60 V100R006, you can configure the QoS of L2TP groups.
DS Domain Policy
The network nodes that implement the Diff-Serv (DS) function are called the DS nodes. The DS domain consists of the DS nodes that adopt the same service policies and Per-Hop Behavior (PHB) collection.
Mirroring Configuration
In an actual network, you usually need to observe the traffic of a certain port, but hope that the services running on the port are not interrupted. This can be done by using the mirroring function. The mirroring configuration is to create an observing port on the device, and then mirror the traffic or service flow to be observed to the observing port for viewing, so that the services running on the mirrored port are not interrupted.
System QoS
The system QoS configuration is a type of resource template configuration. With this function, you can create the template of a certain type of resource according to QoS requirements and device types. When required, certain QoS functions can reference or directly use the system QoS template to improve network QoS in an all-round manner.
12.2 Configuring CBQoS

This describes how to configure CBQoS. With this function, you can classify packets from different perspectives and take different actions on different packet flows. 12.2.1 Creating a Traffic Classification This describes how to create a traffic classification.With this function, you can classify packets according to different matching rules. 12.2.2 Creating a Traffic Behavior This describes how to create a traffic behavior. With this function, you can enable the equipment to perform specified operations on a certain type of packet. 12.2.3 Creating and Deploying a Traffic Policy This describes how to create and deploy a traffic policy. With this function, you can bind traffic behaviors to traffic classifications to implement CBQoS. 12.2.4 Linking to Query Performance Data This topic describes how to link to the Query Data window of the performance component from the Traffic Policy tab page. 12.2.5 Linking to Configure Performance Monitoring This topic describes how to link to the Monitor Configuration window of the performance component from the Traffic Policy tab page.
12.2.1 Creating a Traffic Classification

This describes how to create a traffic classification.With this function, you can classify packets according to different matching rules.
12 QoS Management
Prerequisite
l l The related device supports the configuration of traffic classifications. The configurations of QoS management are synchronized to the U2000.
Context
l l The NMS performs traffic classification only according to specific matching rules supported by devices. The traffic classification includes one or more matching rules. Certain devices control the matching conditions through the selection of a value from the Logical Relation drop-down list.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose QoS Management > CBQoS > Traffic Classification from the service tree. 3 Right-click on the Traffic Classification tab and then select Create on the shortcut menu, or click Create on the Traffic Classification tab. 4 Set traffic classification parameters, which includes setting Traffic Classification Name and Logical Relation, and clicking Add to select the required matching rule.
NOTE
The following figure takes ME60 V100R006C03 as an example. The configuration windows may vary according to devices.
Issue 03 (2010-11-19)
12-9
12 QoS Management
12.2.2 Creating a Traffic Behavior

This describes how to create a traffic behavior. With this function, you can enable the equipment to perform specified operations on a certain type of packet.
Prerequisite
l l The related device supports the configuration of traffic behaviors. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > CBQoS, and then click Traffic Behavior. 3 Right-click on the Traffic Behavior tab and select Create on the shortcut menu, or click Create on the Traffic Behavior tab. 4 Set traffic behavior parameters, which includes entering the name of the traffic behavior to be created and setting required traffic behavior parameters.
NOTE

12 QoS Management
12.2.3 Creating and Deploying a Traffic Policy

This describes how to create and deploy a traffic policy. With this function, you can bind traffic behaviors to traffic classifications to implement CBQoS.
Prerequisite
l l l The traffic classification that needs to be associated with is created. The traffic behavior that needs to be associated with is created. The configurations of QoS management are synchronized to the U2000.
Context
l l If Enable Sharing Mode and Disable Sharing Mode do not exist on the shortcut menu, it indicates that the device does not support such configurations. If Enable Policy Statistics and Disable Policy Statistics do not exist on the shortcut menu, it indicates that the device does not support such configurations.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > CBQoS, and then click Traffic Policy. 3 Right-click on the Traffic Policy tab and then select Create on the shortcut menu, or click Create on the Traffic Policy tab. 4 In the Create Traffic Policy dialog box that is displayed, select the related traffic classification and traffic behavior.
5 Optional: Right-click one or multiple traffic policy records, and then select Enable Sharing Mode or Disable Sharing Mode on the shortcut menu.
NOTE
When the traffic policy is deployed on the interface, you cannot modify the sharing mode.
Issue 03 (2010-11-19)
12-11
12 QoS Management
6 Optional: Right-click one or multiple traffic policy records, and then select Enable Policy Statistics or Disable Policy Statistics on the shortcut menu. 7 Select a traffic policy and click the Applying Object tab. Then click Deploy. 8 Set the related parameters.
NOTE
12.2.4 Linking to Query Performance Data

This topic describes how to link to the Query Data window of the performance component from the Traffic Policy tab page.
Prerequisite
l l l The NMS server is installed with the performance component. The configurations of QoS management are synchronized to the U2000. The traffic policy is created and deployed to the application object.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click CBQoS > Traffic Policy. 3 On the Traffic Policy tab page, click Query to display the attributes of all policies. 4 Select a traffic policy and click the Binding Relation Table tab. l Right-click a record and choose Query Performance Data > Traffic Classification Matching Information from the shortcut menu. l Right-click a record and choose Query Performance Data > CAR Statistics of Interface Traffic Classification from the shortcut menu.
12 QoS Management
The Query Data window of the performance component is displayed. For details about the operations related to performance, refer to the Huawei iManager U2000 User Guide (PMS). ----End
12.2.5 Linking to Configure Performance Monitoring

This topic describes how to link to the Monitor Configuration window of the performance component from the Traffic Policy tab page.
Prerequisite
l l l The NMS server is installed with the performance component. The configurations of QoS management are synchronized to the U2000. The traffic policy is created and deployed to the application object.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click CBQoS > Traffic Policy. 3 On the Traffic Policy tab page, click Query to display the attributes of all policies. 4 Select a traffic policy and click the Binding Relation Table tab. l Right-click a record and choose Configure Performance Monitoring > Traffic Classification Matching Information from the shortcut menu. l Right-click a record and choose Configure Performance Monitoring > CAR Statistics of Interface Traffic Classification from the shortcut menu. The Monitor Configuration window of the performance component is displayed. For details about the operations related to performance, refer to the Huawei iManager U2000 User Guide (PMS). ----End
12.3 Configuring HQoS

This describes how to configure HQoS. HQoS can differentiate users to limit the bandwidth of different users and schedule the services of the same user. 12.3.1 Creating a Queue Profile This describes how to create a queue profile. The queue profile is used to schedule different services. 12.3.2 Creating a QoS Profile This describes how to create a QoS profile. 12.3.3 Creating a Scheduling Profile This describes how to create a scheduling profile. 12.3.4 Creating a User Group Queue This describes how to create a user group queue. 12.3.5 Creating a Drop Profile
12 QoS Management
This describes how to create a drop profile. 12.3.6 Creating a Discard Policy This describes how to create a discard policy.
12.3.1 Creating a Queue Profile

This describes how to create a queue profile. The queue profile is used to schedule different services.
Prerequisite
l l Devices support the configurations of a flow queue policy. The configurations of QoS management are synchronized to the U2000.
Context
Each queue can be bound to a queue discard profile. If a queue is not bound to any queue discard profile, packets are discarded in tail drop mode when the queue is full. To bind a queue profile to a discard policy, create the discard policy before creating the queue profile.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > HQoS, and then click Queue Profile. 3 Right-click on the Queue Profile tab and then select Create on the shortcut menu, or click Create on the Queue Profile tab. 4 In the Create Queue Profile dialog box, enter the name of a queue profile to be created.
NOTE
Click Restore Defaults to reset all the parameters of the queue profile to default values.
12-14
Issue 03 (2010-11-19)
12 QoS Management
5 Select a queue parameter record, and then click Modify. 6 Modify the parameters.
7 In the Modify Queue Parameter dialog box, Click OK or Apply. 8 Click OK or Apply. ----End
12.3.2 Creating a QoS Profile

This describes how to create a QoS profile.
Prerequisite
l l Devices support the configurations of a QoS profile. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > HQoS, and then click QoS Profile. 3 Right-click on the QoS Profile tab and then select Create on the shortcut menu, or click Create on the QoS Profile tab. 4 In the Create QoS Profile dialog box, enter the name of a QoS profile to be created.
Issue 03 (2010-11-19)
12-15
12 QoS Management
5 Optional: Click ... to the right of the Queue Profile text box to select the required queue profile. 6 Optional: Click ... to the right of the Scheduler Profile text box to select the required scheduling profile. 7 Optional: Click ... to the right of the Drop Profile text box to select the required drop profile. 8 Optional: Click ... to the right of the Flow Mapping text box to select a required flow queue mapping. 9 Select the required precision from the Adjusted Precision Length drop-down list box. 10 Click OK or Apply. ----End
12.3.3 Creating a Scheduling Profile

This describes how to create a scheduling profile.
Prerequisite
l l Devices support the configurations of a scheduling profile. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > HQoS, and then click Scheduler Profile. 3 Right-click on the Scheduler Profile tab and then select Create on the shortcut menu, or click Create on the Scheduler Profile tab. 4 Enter the name of a scheduling profile to be created.
12-16
Issue 03 (2010-11-19)
12 QoS Management
5 Optional: Enter the required WFQ weight in the WFQ Weight text box. 6 On the Inbound Policy tab, select the GTS check box to set the values of CIR, PIR, and Length. Select the CAR check box to set the values of CIR, PIR, CBS, and PBS. 7 On the Outbound Policy tab, select the GTS check box to set the values of CIR, PIR, and Length. Select the CAR check box to set the values of CIR, PIR, CBS, and PBS.
12.3.4 Creating a User Group Queue

This describes how to create a user group queue.
Prerequisite
l l Devices support the configurations of a user group queue. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > HQoS, and then click User Group Queue. 3 Right-click on the User Group Queue tab and then select Create on the shortcut menu, or click Create on the User Group Queue tab. 4 Enter the name of a user group queue to be created.
12 QoS Management
5 Click ... to the right of the QoS Profile text box to select the required QoS profile. 6 Optional: Click ... to the right of the Slot No. text box to select the required slot number. 7 Click OK or Apply. ----End
12.3.5 Creating a Drop Profile

This describes how to create a drop profile.
Prerequisite
l l Devices support the configurations of a drop profile. The configurations of QoS management are synchronized to the U2000.
Context
If a device does not exist in the service tree, it indicates that the device does not support this configuration.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Drop Profile. 3 Right-click on the Drop Profile tab and then select Create on the shortcut menu, or click Create on the Drop Profile tab. 4 In the Create Drop Profile dialog box, set corresponding parameters. 1. Enter the name of a drop profile to be created.
12-18
Issue 03 (2010-11-19)
12 QoS Management
2. 3.
On the Mapping Parameter Configuration tab, select a record, and then click Modify. In the Modify Mapping Parameter dialog box, modify the drop threshold of the priority of all packets.
NOTE
Click Restore Defaults to reset all the mapping parameters to default values.
4. 5.
On the WRED Discard Threshold Parameter Configuration tab, select a record, and then click Modify. In the Modify WRED Discard Threshold dialog box, modify the upper limit and lower limit of the discard threshold of WRED.
NOTE
Click Restore Defaults to reset all the parameters of the WRED discard threshold to default values.
6. 7.
On the WRED Parameter Configuration tab, select a record, and then click Modify. In the Modify WRED Parameter dialog box, modify the upper limit and lower limit of the WRED discard threshold.
NOTE
Click Restore Defaults to reset all the WRED parameters to default values.
8. 9.
On the WRED Guaranteed Threshold Parameter Configuration tab, select a record, and then click Modify. In the Modify WRED Discard Threshold dialog box, modify the WRED-guranteed threshold.
NOTE
Click Restore Defaults to reset all the parameters of the WRED-guranteed threshold to default values.
10. Click OK or Apply. 5 Click OK or Apply. ----End

12 QoS Management
12.3.6 Creating a Discard Policy

This describes how to create a discard policy.
Prerequisite
l l Devices support the configurations of a discard policy. The configurations of QoS management are synchronized to the U2000.
Context
If a device does not exist in the service tree, it indicates that the device does not support this feature.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Discard Policy. 3 Right-click on the Discard Policy tab and then select Create on the shortcut menu, or click Create on the Discard Policy tab. 4 In the Create Discard Policy dialog box, set the related parameters. 1. Enter the name of a discard policy to be created.
2. 3. 4. 5.
12-20
Click the Type drop-down list box, and then modify the type of the discard policy. Select a discard policy record, and then click Modify. You can modify the lower limit, upper limit, and discard probability of the discard policy. Click OK or Apply.
NOTE
12 QoS Management
For an NE40, you can configure a discard policy by specifying the service class and protocol type of packets. l Select a service class in the service class list and click Modify. Then you can reconfigure the service class, including its upper limit, lower limit, and drop probability. You can click Restore Defaults to restore the default settings of service class parameters. l Select a protocol type in the packet protocol type list and click Modify. Then you can reconfigure the protocol type, including its upper limit, lower limit, and drop probability. You can click Restore Defaults to restore the default settings of protocol type parameters.
----End
12.4 Creating and Deploying a DS Domain Policy

This describes how to create and deploy a DS domain policy.
Prerequisite
l l The related device supports the configurations of DS domain policies. The configurations of QoS management are synchronized to the U2000.
Context
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click DS Domain Policy. 3 Right-click on the DS Domain Policy tab and then select Create on the shortcut menu, or click Create on the DS Domain Policy tab. 4 Enter the name of the DS domain policy to be created.
Issue 03 (2010-11-19)
12-21
12 QoS Management
NOTE
5 Click OK or Apply. 6 Select a DS domain policy, and then click the Applying Object tab. Click Deploy. 7 Click OK or Apply. ----End
12.5 Configuring Domain QoS

This describes how to configure domain QoS. 12.5.1 Configuring the VC Scheduling for Domain QoS This describes how to configure the VC scheduling for domain QoS. 12.5.2 Configuring the Time Range for Domain QoS This describes how to configure the time range for domain QoS. 12.5.3 Configuring the User Priority for Domain QoS This describes how to configure the user priority for domain QoS. 12.5.4 Configuring L2TP QoS for Domain QoS This describes how to configure L2TP QoS for domain QoS.
12 QoS Management
12.5.1 Configuring the VC Scheduling for Domain QoS

This describes how to configure the VC scheduling for domain QoS.
Prerequisite
l l l Devices support the configurations of domain QoS. The configurations of QoS management are synchronized to the U2000. You need to synchronize the configurations to the NMS on the User Domain tab.
NOTE
To synchronize the configurations, you can expand BRAS Management > AAA Management, and then click User Domain.
You need to synchronize the configurations to the NMS on the Time Range tab.
NOTE
To synchronize the configurations, you can expand ACL Management, and then click Time Range.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Domain QoS. 3 Click Query to show the names and definition types of domains on the device. 4 Select a domain record, and then click the Scheduling on VC tab. 5 Click ... to the right of the QoS Profile File text box to select the required QoS profile. 6 Optional: Select the Enable Configuration of Time Range check box to enable the time range QoS. 7 Click Apply. ----End
12.5.2 Configuring the Time Range for Domain QoS

This describes how to configure the time range for domain QoS.
Prerequisite
NOTE
To synchronize the configurations, you can expand BRAS Management > AAA Management, and then click User Domain.
You need to synchronize the configurations to the NMS on the Time Range tab.
NOTE
To synchronize the configurations, you can expand ACL Management, and then click Time Range.
Issue 03 (2010-11-19)
12-23
12 QoS Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Domain QoS. 3 Click Query to show the names and definition types of domains on the device. 4 Select a domain record, and then click the QoS Configuration of Time Range tab. 5 Click Add. 6 In the QoS Configuration of Time Range dialog box, click ... to the right of Time Range Name text box to select the required time range. 7 In the QoS Configuration of Time Range dialog box, click ... to the right of QoS Profile Name text box to select the required QoS profile. 8 Click OK or Apply. ----End
12.5.3 Configuring the User Priority for Domain QoS

This describes how to configure the user priority for domain QoS.
Prerequisite
NOTE
To synchronize the configurations, you can expand BRAS Management > AAA Mamagement, and then click User Domain.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Domain QoS. 3 Click Query to show the names and definition types of domains on the device. 4 Select a domain record, and then click the User Priority tab. 5 Select the required Priority Type from the Priority Type drop-down list box in the Inbound User Priority and Outbound User Priority areas to set details of the user priority. The available options of the priority type are User Priority, Inner 8021.p Value, Outer 8021.p Value, DSCP Value, Inbound MPLS EXP, Outbound MPLS EXP, and Not Change User Priority. 6 Click Apply. ----End
12.5.4 Configuring L2TP QoS for Domain QoS

This describes how to configure L2TP QoS for domain QoS.
12 QoS Management
Prerequisite
NOTE
To synchronize the configurations, you can expand BRAS Management > AAA Mamagement, and then click User Domain.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Domain QoS. 3 Click Query to show the names and definition types of domains on the device. 4 Select a domain record, and then click the L2TP QoS Configuration tab. 5 Select the QoS Profile Configuration check box. 6 Click ... to the right of the QoS Profile Name text box to select the required QoS profile. 7 Select the required scheduling direction from the Scheduling Direction drop-down list box. 8 Click Apply. ----End
12.6 Configuring L2TP Group QoS

This describes how to configure L2TP group QoS. 12.6.1 Configuring L2TP Group QoS This describes how to configure L2TP group QoS. 12.6.2 Configuring the Scheduling Mode for L2TP Group QoS This describes how to configure the scheduling mode for L2TP group QoS.
12.6.1 Configuring L2TP Group QoS

This describes how to configure L2TP group QoS.
Prerequisite
l l l l QoS templates are configured on devices. The configurations of QoS management are synchronized to the U2000. Devices support the configurations of L2TP group QoS. The configurations on the L2TP Group tab are synchronized to the NMS.
Context
12 QoS Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click QoS Configuration of L2TP Group . 3 On the QoS Configuration of L2TP Group tab, click Query to display configuration information about L2TP group QoS on the device. 4 Select a record, and then click the QoS Configuration tab. 5 Click ... to the right of the Inbound QoS Profile Name text box to specify the QoS profile in the inbound direction. 6 Click ... to the right of the Outbound QoS Profile Name text box to specify the QoS profile in the outbound direction. 7 Click Apply. ----End
12.6.2 Configuring the Scheduling Mode for L2TP Group QoS

This describes how to configure the scheduling mode for L2TP group QoS.
Prerequisite
l l l Devices support the configurations of L2TP group QoS. The configurations of QoS management are synchronized to the U2000. The configurations on the L2TP Group tab are synchronized to the NMS.
Context
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click QoS Configuration of L2TP Group. 3 On the QoS Configuration of L2TP Group tab, click Query to display all configuration information. 4 Select a record, and then click the QoS Scheduling Mode tab. 5 Select the required scheduling mode from the Scheduling Mode drop-down list box. The available options are Session and Tunnel. 6 Click Apply. ----End
12 QoS Management
12.7 Configuring Interface QoS

This describes how to configure interface QoS. 12.7.1 Configuring the Bandwidth for Interface QoS This describes how to configure the bandwidth for interface QoS. 12.7.2 Configuring a Queue for Interface QoS This describes how to configure a queue for interface QoS. 12.7.3 Configuring the GTS for Interface QoS This describes how to configure the GTS for interface QoS. 12.7.4 Deploying Applying Policies for Interface QoS This describes how to deploy applying policies for interface QoS. 12.7.5 Configuring a VC Group for Interface QoS This describes how to configure a VC group for interface QoS. 12.7.6 Configuring a VP Group for Interface QoS This describes how to configure a VP group for interface QoS. 12.7.7 Configuring the VC Scheduling for Interface QoS This describes how to configure the VC scheduling for interface QoS. 12.7.8 Configuring the VP Group Scheduling for Interface QoS This describes how to configure the VP group scheduling for interface QoS. 12.7.9 Configuring the Port Scheduling for Interface QoS This describes how to configure the port scheduling for interface QoS. 12.7.10 Configuring the VC Group Scheduling for Interface QoS This describes how to configure the VC group scheduling for interface QoS. 12.7.11 Configuring Other Parameters for Interface QoS This describes how to configure other parameters for interface QoS. 12.7.12 Querying the Performance Data This topic describes how to how to link to the Query Data window of the performance component from the Configure Interface QoS tab page. 12.7.13 Configuring the Performance Instance This topic describes how to how to link to the Monitor Configuration window of the performance component from the Configure Interface QoS tab page.
12.7.1 Configuring the Bandwidth for Interface QoS

This describes how to configure the bandwidth for interface QoS.
Prerequisite
l l Interfaces of devices support the configurations of the bandwidth for interface QoS. The configurations of QoS management are synchronized to the U2000.
Issue 03 (2010-11-19)
12-27
12 QoS Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 On the Configure Interface QoS tab, click Query to display the attributes of all interfaces. 4 Select an interface QoS record, and then click the Configure Bandwidth tab. Enter the required bandwidth of master ETH-Trunk interface in the Bandwidth of Master ETHTrunk Interface text box. 5 Click Apply. ----End
12.7.2 Configuring a Queue for Interface QoS

This describes how to configure a queue for interface QoS.
Prerequisite
l l Interfaces of devices support the configurations of a queue for interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 On the Configure Interface QoS tab, click Query to display the attributes of all interfaces. 4 Select an interface QoS record, and then click the Queue tab. 5 Select a queue record, and then click Modify. Modify parameters.
NOTE
12-28
Issue 03 (2010-11-19)
12 QoS Management
12.7.3 Configuring the GTS for Interface QoS

This describes how to configure the GTS for interface QoS.
Prerequisite
l l Interfaces of devices support the configurations of GTS parameters for the interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the GTS tab. 4 Select the GTS check box, and then set the values of PIR. 5 Click Apply. ----End
12.7.4 Deploying Applying Policies for Interface QoS

This describes how to deploy applying policies for interface QoS.
Prerequisite
l l The related device interface supports the deployment of applying policies for interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the Applying Policy tab. 4 Click Deploy. Set the related parameters.
Issue 03 (2010-11-19)
12-29
12 QoS Management
NOTE
12.7.5 Configuring a VC Group for Interface QoS

This describes how to configure a VC group for interface QoS.
Prerequisite
l l Interfaces of devices support the configurations of a VC group for interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the VC Group tab. 4 Click Add. 5 Click ... to the right of the QoS Profile text box to select the required QoS profile. 6 Click OK or Apply. ----End
12.7.6 Configuring a VP Group for Interface QoS

This describes how to configure a VP group for interface QoS.
Prerequisite
l l Interfaces of devices support this configuration. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the VP Group tab. 4 Click Add. 5 Click ... to the right of the QoS Profile text box to select the required QoS profile. 6 Click OK or Apply. ----End
12 QoS Management
12.7.7 Configuring the VC Scheduling for Interface QoS

This describes how to configure the VC scheduling for interface QoS.
Prerequisite
l l Interfaces of devices support the configurations of the VC scheduling for interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the Scheduling On VC tab. 4 Click ... to the right of the QoS Profile text box to select the required QoS profile. 5 Click Apply. ----End
12.7.8 Configuring the VP Group Scheduling for Interface QoS

This describes how to configure the VP group scheduling for interface QoS.
Prerequisite
l l l Interfaces of devices support the configurations of the VP group scheduling for interface QoS. The configurations of QoS management are synchronized to the U2000. Sub-interfaces support the scheduling on VP Group.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the Scheduling On VP Group tab. 4 Click ... to the right of the VP Group text box to select the required VP group. 5 Click Apply. ----End
12.7.9 Configuring the Port Scheduling for Interface QoS

This describes how to configure the port scheduling for interface QoS.
Prerequisite
l
Issue 03 (2010-11-19)
Interfaces of devices support the configurations of the port scheduling fro interface QoS.
12 QoS Management
The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the Scheduling On Port tab. l Method one: 1. 2. 3. l Click ... to the right of the QoS Profile text box to select the required QoS profile. Click ... to the right of the VC Group text box to select the required VC group. Click ... to the right of the VP Group text box to select the required VP group.
Method two: 1. 2. Click ... to the right of the QoS Profile text box to select the required QoS profile. In Outbound area, click ... to the right of the VC Group text box to select the required VC group.Click ... to the right of the User Group Queue text box to select the required user group queue. Click ... to the right of the VP Group text box to select the required VP group. In Outbound(before-layer2-encapsulation) area, click ... to the right of the VC Group text box to select the required VC group.Click ... to the right of the User Group Queue text box to select the required user group queue. Click ... to the right of the VP Group text box to select the required VP group. Select the Outbound-a check box. Click ... to the right of the VC Group text box to select the required VC group. Click ... to the right of the User Group Queue text box to select the required user group queue.
3. 4.
5. 6.
Method three: 1. 2. Click ... to the right of the QoS Profile text box to select the required QoS profile. In Outbound area, click ... to the right of the VC Group text box to select the required VC group.Click ... to the right of the User Group Queue text box to select the required user group queue. Click ... to the right of the VP Group text box to select the required VP group. In Outbound area, click ... to the right of the VC Group text box to select the required VC group.Click ... to the right of the User Group Queue text box to select the required user group queue. Select the Outbound-a(before-layer2-encapsulation) check box. Click ... to the right of the VC Group text box to select the required VC group. Click ... to the right of the User Group Queue text box to select the required user group queue.
3. 4.
5.
12.7.10 Configuring the VC Group Scheduling for Interface QoS

This describes how to configure the VC group scheduling for interface QoS.
12 QoS Management
Prerequisite
l l Interfaces of devices support the configurations of the VC group scheduling for interface QoS. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record, and then click the Scheduling On VC Group tab. 4 Click Add. 5 In the Add Scheduling on VC Group dialog box, enter the required values in the VLAN Range and QinQ VLAN Range text boxes. Click ... to the right of the VC Group text box to select the required VC group. You can set whether to monitor the traffic of each value from the Traffic Policing on Each VLAN drop-down list box.
NOTE
12.7.11 Configuring Other Parameters for Interface QoS

This describes how to configure other parameters for interface QoS.
Prerequisite
The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 Select an interface QoS record and click the Other tab. Then, set the related parameters.
12 QoS Management
12.7.12 Querying the Performance Data

This topic describes how to how to link to the Query Data window of the performance component from the Configure Interface QoS tab page.
Prerequisite
l l The NMS server is installed with the performance component. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 On the Configure Interface QoS tab page, click Query to display the attributes of all interfaces. 4 Right-click an interface record and choose Monitor Real-time Performance from the shortcut menu. The Query Data window of the performance component is displayed. For details about the operations related to performance, refer to the Huawei iManager U2000 User Guide (PMS).
NOTE
This operation is also available on the CAR tab page.
----End
12.7.13 Configuring the Performance Instance

This topic describes how to how to link to the Monitor Configuration window of the performance component from the Configure Interface QoS tab page.
Prerequisite
l l The NMS server is installed with the performance component. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Interface QoS. 3 On the Configure Interface QoS tab page, click Query to display the attributes of all interfaces. 4 Right-click an interface record and choose Configure Performance Monitoring from the shortcut menu. The Monitor Configuration window of the performance component is displayed. For details about the operations related to performance, refer to the Huawei iManager U2000 User Guide (PMS).
NOTE
12 QoS Management
This operation is also available on the CAR tab page.
----End
12.8 Configuring the Mirroring

This describes how to configure the mirroring. 12.8.1 Creating an Observing Port This describes how to create an observing port. 12.8.2 Adding Port Mirroring This describes how to add port mirroring.
12.8.1 Creating an Observing Port

This describes how to create an observing port.
Prerequisite
l l The related device supports mirroring configurations. The configurations of QoS management are synchronized to the U2000.
Context
l If the bandwidth of the mirrored port is greater than the bandwidth of the observing port, the rate of mirrored packets is greater than the bandwidth of the observing port. In this case, some mirrored packets may get lost. Thus, the bandwidth of the observing port is recommended to be equal to or greater than the bandwidth of the mirrored port.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management, and then click Configure Mirroring. 3 Right-click and then select Create on the shortcut menu, or click Create. 4 Select the index of an observing port from the Index of Observing Port drop-down list box. Then click ... to the right of the Port Name text box to select the port. 5 Click OK or Apply. ----End
12.8.2 Adding Port Mirroring

This describes how to add port mirroring.
Prerequisite
l l
Issue 03 (2010-11-19)
The related device supports mirroring configurations. The configurations of QoS management are synchronized to the U2000.
12 QoS Management
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > Configure Mirroring, and then click Configure Mirroring. 3 On the Configure Mirroring tab, select an observing port. Click the Port Mirroring tab, and then click Add. 4 Click ... to select the port on which mirroring is to be configured. 5 Click the Inbound or Outbound option button to select the direction for observing a mirrored port. 6 Optional: Configure whether to perform the CRC check on packets through the Original CRC check box. 7 Click OK or Apply.
NOTE
You can click the Mirrored Traffic tab to view the flow mirroring of the observing port.
----End
12.9 Configure System QoS

This describes how to configure system QoS. 12.9.1 Creating a soft CAR This describes how to create a soft CAR.
12.9.1 Creating a soft CAR

This describes how to create a soft CAR.
Prerequisite
l l Devices support the configurations of a soft CAR. The configurations of QoS management are synchronized to the U2000.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand QoS Management > Configure System QoS, and then click Soft CAR. 3 Right-click on the Soft CAR tab and then select Create on the shortcut menu, or click Create on the Soft CAR tab. 4 Enter the name of a soft CAR to be created. 5 Enter the corresponding values in the CIR, CBS, PIR, and PBS text boxes.
12 QoS Management
Issue 03 (2010-11-19)
12-37
13 BRAS Management
13
About This Chapter
BRAS Management
This topic describes the functions and configuration methods of BRAS management. 13.1 BRAS Management Overview This topic describes the functions of BRAS management and features of BRAS services. 13.2 Setting Global BRAS Parameters This topic describes how to set global BRAS parameters. The global BRAS parameters are globally effective on the ME60 and MA5200G. You can set the global parameters of AAA, COPS, DHCP, and Web authentication server. 13.3 Configuring AAA This topic describes how to configure AAA. AAA enables you to control user access through protocols such as RADIUS and HWTACACS. 13.4 Configuring IP Address Management This topic describes how to configure IP address management, an important function of the BRAS. The BRAS uses this function to allocate IP addresses to access users. The ME60 and MA5200G manage IP addresses in the form of an IP address pool. The address pools are classified into local address pools, remote address pools, and relay address pools. 13.5 Configuring User Management This topic describes how to configure user management. The ME60 and MA5200G manage users based on domains. Each user belongs to a certain domain. The users in the same domain have the same service attributes. 13.6 Configuring a Access Service This topic describes how to configure access services. Services on the MA5200G and ME60 are classified into access services and value-added services. In access services, the MA5200G or ME60 functions as a BRAS to control and manage access users. 13.7 Querying Real-Time Performance This topic describes how to query the global BRAS configuration and the real-time performance of the user domain. The procedures for querying the real-time performance of different modules are similar.
Issue 03 (2010-11-19)
13-1
13 BRAS Management
13.1 BRAS Management Overview

This topic describes the functions of BRAS management and features of BRAS services. 13.1.1 Functions of BRAS Management This topic describes the functions of BRAS management. The BRAS provides the remote access service for broadband users. When providing the BRAS services, the ME60 or the MA5200G is considered as a BRAS. 13.1.2 Features of BRAS Services This topic describes the key features of BRAS services. The key features of BRAS services are as follows:
13.1.1 Functions of BRAS Management

This topic describes the functions of BRAS management. The BRAS provides the remote access service for broadband users. When providing the BRAS services, the ME60 or the MA5200G is considered as a BRAS. BRAS management involves global BRAS configuration, AAA management, IP address management, user management, access service management, and real-time performance management.
13.1.2 Features of BRAS Services

This topic describes the key features of BRAS services. The key features of BRAS services are as follows: l l l l l Identifying access sessions, that is, sensing the access requests of users Performing AAA for access users Allocating IP addresses to access users Managing users statically or dynamically Controlling user services through policies
CAUTION
Before performing operations on NEs, synchronize the configurations of the related modules on the NMS to NEs.
13.2 Setting Global BRAS Parameters

This topic describes how to set global BRAS parameters. The global BRAS parameters are globally effective on the ME60 and MA5200G. You can set the global parameters of AAA, COPS, DHCP, and Web authentication server.
13-2
Issue 03 (2010-11-19)
13 BRAS Management
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management, and then click BRAS Global. 3 Set the parameters in the dialog box that is displayed.
Issue 03 (2010-11-19)
13-3
13 BRAS Management
13-4
Issue 03 (2010-11-19)
13 BRAS Management
13.3 Configuring AAA

This topic describes how to configure AAA. AAA enables you to control user access through protocols such as RADIUS and HWTACACS. 13.3.1 Adding a RADIUS Server Group This topic describes how to add a RADIUS server group. AAA can be implemented through multiple protocols, among which RADIUS is the most commonly used one. When RADIUS is adopted, you need to configure the RADIUS server. 13.3.2 Adding a TACACS Template This topic describes how to add a TACACS template. When HWTACACS is adopted, you need to configure the TACACS template. 13.3.3 Adding an Authentication Scheme This topic describes how to add an authentication scheme. On the ME60 or MA5200G, users are authenticated according to the authentication scheme. Users in different domains adopt different authentication schemes. 13.3.4 Adding an Accounting Scheme This topic describes how to add an accounting scheme. On the ME60 or MA5200G, the accounting of users is implemented on the basis of accounting schemes. The users in different domains can adopt different accounting schemes. 13.3.5 Adding an Authorization Scheme This topic describes how to add an authorization scheme. On the ME60 or MA5200G, the authorization of users is implemented on the basis of authorization schemes. The users in different domains can adopt different authorization schemes. 13.3.6 Adding a Record Scheme This topic describes how to add a record scheme. On the ME60 or MA5200G, the record of user information is implemented on the basis of record schemes. The users in different domains can adopt different record schemes. 13.3.7 Adding a User Group This topic describes how to add a user group. The user group is used to control user access rights, which is one of the requirements of the implementation of simple ACL. 13.3.8 Adding a Web Authentication Server This topic describes how to add a Web authentication server. Web authentication is an authentication mode in which users need to access the authentication page of the authentication server and enter their user names and passwords to verify their identities. Web authentication servers are managed by the ME60 or MA5200G uniformly. You can configure multiple Web authentication servers and bind the Web authentication servers to different domains. 13.3.9 Adding a COPS Server Group This topic describes how to add a COPS server group. Generally, the COPS server delivers policies for value-added services to the ME60 or MA5200G. If the RADIUS server supports CoA messages, the RADIUS server can deliver the CoA message to modify the value-added service policy.
Issue 03 (2010-11-19)
13-5
13 BRAS Management
13.3.1 Adding a RADIUS Server Group

This topic describes how to add a RADIUS server group. AAA can be implemented through multiple protocols, among which RADIUS is the most commonly used one. When RADIUS is adopted, you need to configure the RADIUS server.
Context
The ME60 and MA5200G manage RADIUS servers through RADIUS server groups. A RADIUS server group is a set of RADIUS servers that have the same attributes (excluding the IP addresses and port numbers) and work in active/standby or load balancing mode. The ME60 or MA5200G supports a maximum of 1024 RADIUS server groups.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click RADIUS Group. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the related parameters.
NOTE
On the Server Information tab page, set the related parameters. Then, click Save. To delete the server information, click Clear.

13 BRAS Management
13.3.2 Adding a TACACS Template

This topic describes how to add a TACACS template. When HWTACACS is adopted, you need to configure the TACACS template.
Context
The HWTACACS protocol is a security protocol developed on the basis of TACACS (RFC 1492). Compared with RADIUS, HWTACACS features more reliable transmission and encryption, and is more suitable for security control.
NOTE
The TACACS template cannot be configured for MA5200G V200R002.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click TACACS Templet. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
NOTE
13.3.3 Adding an Authentication Scheme

This topic describes how to add an authentication scheme. On the ME60 or MA5200G, users are authenticated according to the authentication scheme. Users in different domains adopt different authentication schemes.
13 BRAS Management
Context
l By default, the system provides two authentication schemes, that is, default0 for nonauthentication and default1 for RADIUS authentication. They can be modified but cannot be deleted. You can configure up to 32 authentication schemes in the system.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Authentication Scheme. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13.3.4 Adding an Accounting Scheme

This topic describes how to add an accounting scheme. On the ME60 or MA5200G, the accounting of users is implemented on the basis of accounting schemes. The users in different domains can adopt different accounting schemes.
Context
l l By default, the system provides two accounting schemes, that is, default0 and default1. They can be modified but cannot be deleted. You can configure up to 256 accounting schemes in the system.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Accounting Scheme. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13 BRAS Management
13.3.5 Adding an Authorization Scheme

This topic describes how to add an authorization scheme. On the ME60 or MA5200G, the authorization of users is implemented on the basis of authorization schemes. The users in different domains can adopt different authorization schemes.
Context
l l By default, the system provides an authorization scheme named default. You can modify the default authorization scheme but you cannot delete it. You can configure up to 32 authorization schemes in the system.
NOTE
The authorization scheme cannot be configured for MA5200G V200R002.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Authorization Scheme. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
Issue 03 (2010-11-19)
13-9
13 BRAS Management
13.3.6 Adding a Record Scheme

This topic describes how to add a record scheme. On the ME60 or MA5200G, the record of user information is implemented on the basis of record schemes. The users in different domains can adopt different record schemes.
Context
l l By default, no record scheme is available in the system. You can configure up to 128 record schemes in the system.
NOTE
The record scheme cannot be configured for MA5200G V200R002.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Record Scheme. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13.3.7 Adding a User Group

This topic describes how to add a user group. The user group is used to control user access rights, which is one of the requirements of the implementation of simple ACL.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click User Group. 3 Right-click in the list and select Create on the shortcut menu.
13 BRAS Management
4 Set the parameters in the dialog box that is displayed.
13.3.8 Adding a Web Authentication Server

This topic describes how to add a Web authentication server. Web authentication is an authentication mode in which users need to access the authentication page of the authentication server and enter their user names and passwords to verify their identities. Web authentication servers are managed by the ME60 or MA5200G uniformly. You can configure multiple Web authentication servers and bind the Web authentication servers to different domains.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Web Authentication Server. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13.3.9 Adding a COPS Server Group

This topic describes how to add a COPS server group. Generally, the COPS server delivers policies for value-added services to the ME60 or MA5200G. If the RADIUS server supports CoA messages, the RADIUS server can deliver the CoA message to modify the value-added service policy.
13 BRAS Management
Context
The services on the ME60 and MA5200G are classified into access services and value-added services. l Access services enable users to access the network. In the operation of access services, the ME60 or MA5200G functions as a BRAS and connects users to the ISP network. The RADIUS server delivers the access service policy to the ME60 or MA5200G. Value-added services, such as VoD, Gaming, and Triple play, are selected by users when they log in to the portal server of the carrier. Value-added services enable the carrier to gain sustained profits. In the operation of value-added services, the ME60 or MA5200G functions as a BRAS and SSG to connect users to the service servers and controls service flows.
You can configure up to 1024 COPS server groups in the system. Among the COPS server groups, only one COPS server group can be configured as the IPTN client.
NOTE
COPS server groups cannot be configured for MA5200G V200R002.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click COPS Group. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
NOTE

13 BRAS Management
13.4 Configuring IP Address Management

This topic describes how to configure IP address management, an important function of the BRAS. The BRAS uses this function to allocate IP addresses to access users. The ME60 and MA5200G manage IP addresses in the form of an IP address pool. The address pools are classified into local address pools, remote address pools, and relay address pools. 13.4.1 Adding a DHCP Server Group This topic describes how to add a DHCP server group. DHCP is a protocol used in the client/ server model. DHCP simplifies the configuration and management of client IP addresses. The ME60 and MA5200G manage DHCP servers through DHCP server groups. Before configuring a remote address pool, you need to configure the DHCP server. 13.4.2 Adding an Address Pool This topic describes how to add an address pool. The address pool is used to manage IP addresses. Address pools are classified into local address pools, remote address pools, and relay address pools. You can set the type of an address pool. 13.4.3 Adding an Address Segment This topic describes how to add an address segment. A local address pool consists of address segments. After adding a local address pool, you need to add address segments to the local address pool.
13.4.1 Adding a DHCP Server Group

This topic describes how to add a DHCP server group. DHCP is a protocol used in the client/ server model. DHCP simplifies the configuration and management of client IP addresses. The ME60 and MA5200G manage DHCP servers through DHCP server groups. Before configuring a remote address pool, you need to configure the DHCP server.
Context
l l l You can configure up to 4096 DHCP server groups in the system. If the primary DHCP server is not configured, the secondary server cannot be configured. If the VPN instance is not configured after the DHCP server is configured with an IP address, the DHCP server is bound to VPN instance public vpn-instance by default.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Address Management, and then click DHCP Server. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
Issue 03 (2010-11-19)
13-13
13 BRAS Management
13.4.2 Adding an Address Pool

This topic describes how to add an address pool. The address pool is used to manage IP addresses. Address pools are classified into local address pools, remote address pools, and relay address pools. You can set the type of an address pool.
Context
A local address pool is used by the ME60 or MA5200G to allocate IP addresses. A remote address pool is used by the remote equipment to allocate IP addresses. The remote equipment can be a DHCP server or a RADIUS server. l l l You can configure up to 4096 address pools in the system. If the primary IP address of the DNS server is not configured, the secondary IP address of the DNS server cannot be configured. If the IP address of the primary NBNS server is not configured, the IP address of the secondary NBNS server cannot be configured.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Address Management, and then click IP Pool. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13-14
Issue 03 (2010-11-19)
13 BRAS Management
13.4.3 Adding an Address Segment

This topic describes how to add an address segment. A local address pool consists of address segments. After adding a local address pool, you need to add address segments to the local address pool.
Context
l l l l l You can add up to eight address segments to a local address pool. The IP addresses in the address pool must be in the same subnet with the gateway of the address pool. The address segment cannot contain the IP address of the gateway. The address segments in the same address pool cannot overlap. The address segment cannot contain the broadcast address.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Address Management, and then click IP Section. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
Issue 03 (2010-11-19)
13-15
13 BRAS Management
13.5 Configuring User Management

This topic describes how to configure user management. The ME60 and MA5200G manage users based on domains. Each user belongs to a certain domain. The users in the same domain have the same service attributes. A domain is usually named with the name of the ISP or the name of a certain ISP service. On the ME60 or MA5200G, the user name is in the format of username@domain. The domain to which a user belongs is determined by the string to the right of @. Domains are classified into user domains and equipment domains. User domains are used to manage common users. Equipment domains are used to manage equipment users and are invalid for common users. The MA5200G supports 1024 user domains and 128 equipment domains. The ME60 supports 1024 user domains but does not support equipment domains. 13.5.1 Adding a User Domain This topic describes how to add a user domain. The ME60 and MA5200G manage users based on domains. Each user belongs to a domain. The users in the same domain have the same service attributes. 13.5.2 Adding an Equipment Domain This topic describes how to add an equipment domain. The equipment domain is used to manage equipment users. Certain service attributes of an equipment domain are fixed and cannot be configured. For example, an equipment domain does not require authentication or accounting, and does not support the idle cut or access limit functions.
13.5.1 Adding a User Domain

This topic describes how to add a user domain. The ME60 and MA5200G manage users based on domains. Each user belongs to a domain. The users in the same domain have the same service attributes.
Context
By default, the system provides three domains, that is, default0, default1, and defaultadmin. These domains are used for the users whose management domains cannot be identified. The three default domains can be modified but cannot be deleted.
13 BRAS Management
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click User Domain. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the related parameters.
13.5.2 Adding an Equipment Domain

This topic describes how to add an equipment domain. The equipment domain is used to manage equipment users. Certain service attributes of an equipment domain are fixed and cannot be configured. For example, an equipment domain does not require authentication or accounting, and does not support the idle cut or access limit functions.
Context
An equipment domain is invalid for common users, and a common domain is invalid for equipment users.
NOTE
The ME60 does not support equipment domains.
Issue 03 (2010-11-19)
13-17
13 BRAS Management
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > AAA Management, and then click Device Domain. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13.6 Configuring a Access Service

This topic describes how to configure access services. Services on the MA5200G and ME60 are classified into access services and value-added services. In access services, the MA5200G or ME60 functions as a BRAS to control and manage access users. 13.6.1 Adding an Interface Service This topic describes how to add an interface service. Interfaces on a BRAS provide access services for broadband users. You can set the access type on an interface. 13.6.2 Setting PPP Parameters This topic describes how to set PPP parameters. PPP is a link layer protocol that transmits network layer packets over a point-to-point link. PPP is widely used because it supports user authentication, synchronous and asynchronous transmission and is easy to extend. 13.6.3 Adding C-VLANs in Batches This topic describes how to add C-VLANs in batches. When users access an Ethernet subinterface or a trunk subinterface, you can bind C-VLANs to the subinterface to specify the VLANs in which users can access this subinterface.
13 BRAS Management
13.6.4 Adding User PVCs in Batches This topic describes how to add PVCs in batches. When users access an ATM interface, you can configure PVCs on the ATM interface. The PVCs extend the interface and implement user management in a fine granularity. 13.6.5 Adding Static Users in Batches This topic describes how to add static users in batches. A static user is a user that uses a fixed IP address. The static user is different from the DHCP user and PPP user in terms of obtaining an IP address. A DHCP user obtains an IP address through DHCP and a PPP user obtains an IP address through PPP negotiation. Their features, however, are the same on the BRAS. 13.6.6 Adding Equipment Users in Batches This topic describes how to add equipment users in batches. An equipment user is the network equipment managed by the MA5200G. The equipment user can be identified through attributes such as the IP address, the MAC address, and the interface connected to the MA5200G.
13.6.1 Adding an Interface Service

This topic describes how to add an interface service. Interfaces on a BRAS provide access services for broadband users. You can set the access type on an interface.
Context
l l l l You cannot set the access type on the Ethernet interface that is added to an Eth-Trunk interface. You can set the access type only on the Eth-Trunk interface. If an interface is configured with an IP address, Layer 2 services cannot be created on the interface. If an interface is configured with the VLAN type, Layer 3 services cannot be created on the interface. For different access types, you need to set different parameters.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click Interface Service. 3 Right-click in the list and select Create on the shortcut menu. 4 Set the related parameters.
Issue 03 (2010-11-19)
13-19
13 BRAS Management
13.6.2 Setting PPP Parameters

This topic describes how to set PPP parameters. PPP is a link layer protocol that transmits network layer packets over a point-to-point link. PPP is widely used because it supports user authentication, synchronous and asynchronous transmission and is easy to extend.
Context
The PPP suite consists of the LCP, NCP, and PAP/CHAP protocols. The ME60 and MA5200G support the PAP, CHAP, and MSCHAP protocols.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click PPP. 3 Click Query to check the set PPP parameters. 4 Select a record in the list. The details about this record are displayed in the detailed information area. 5 Set the related parameters. 6 Click Apply. ----End
13 BRAS Management
13.6.3 Adding C-VLANs in Batches

This topic describes how to add C-VLANs in batches. When users access an Ethernet subinterface or a trunk subinterface, you can bind C-VLANs to the subinterface to specify the VLANs in which users can access this subinterface.
Prerequisite
You must add C-VLANs in batches on the Ethernet subinterface or trunk subinterface on which the access type is set to layer-2 authentication, layer-2 leased line, or layer-2 relay leased line.
Context
The C-VLANs can be common VLANs or QinQ VLANs. QinQ is short for 802.1Q in 802.1Q, which means encapsulation of double VLAN tags in a packet. QinQ enables you to bind more than 4096 VLANs on an interface. If the ME60 or MA5200G is connected to two layers of switches, the switch close to the users inserts the inner VLAN tag into a packet and the switch close to the ME60 or MA5200G inserts the outer VLAN tag into the packet.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click User VLAN. 3 Right-click in the list and choose Batch Add... from the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
NOTE
Click Synchronize to synchronize the configurations on the NE to the NMS.

13 BRAS Management
13.6.4 Adding User PVCs in Batches

This topic describes how to add PVCs in batches. When users access an ATM interface, you can configure PVCs on the ATM interface. The PVCs extend the interface and implement user management in a fine granularity.
Prerequisite
You must add PVCs in batches on the ATM interface on which the access type is set to layer-2 authentication, layer-2 leased line, or layer-2 relay leased line.
Context
l l l ME60 V100R002 does not support the query, batch adding, batch configuration, or batch deletion of PVCs. For the Layer 2 authentication users, Layer 2 leased line users, and Layer 2 relay leased line users on an ATM interface, you can add, configure, or delete PVCs in batches. For the Layer 3 leased line users on an ATM interface, you can only query the PVCs. When an ATM interface for the Layer 3 leased line is created on the BRAS, you can add only one PVC to the ATM interface.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click User PVC. 3 Right-click in the list and choose Batch Add... from the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13-22
Issue 03 (2010-11-19)
13 BRAS Management
NOTE
Click Synchronize to synchronize the configurations on the NE to the NMS.
13.6.5 Adding Static Users in Batches

This topic describes how to add static users in batches. A static user is a user that uses a fixed IP address. The static user is different from the DHCP user and PPP user in terms of obtaining an IP address. A DHCP user obtains an IP address through DHCP and a PPP user obtains an IP address through PPP negotiation. Their features, however, are the same on the BRAS.
Context
A static IP address must be reserved for the static user in the address pool of the domain and the IP address must be excluded.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click Static User. 3 Right-click in the list and choose Batch Add... from the shortcut menu. 4 Set the parameters in the dialog box that is displayed.
13 BRAS Management
13.6.6 Adding Equipment Users in Batches

This topic describes how to add equipment users in batches. An equipment user is the network equipment managed by the MA5200G. The equipment user can be identified through attributes such as the IP address, the MAC address, and the interface connected to the MA5200G.
Context
The static IP address must be reserved for the equipment user in the address pool of the equipment domain.
NOTE
The ME60 does not support equipment users.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand BRAS Management > Service Config, and then click Device User. 3 Right-click in the list and choose Batch Add... from the shortcut menu.
13 BRAS Management
4 Set the parameters in the dialog box that is displayed.
13.7 Querying Real-Time Performance

This topic describes how to query the global BRAS configuration and the real-time performance of the user domain. The procedures for querying the real-time performance of different modules are similar.
Context
You can query the real-time performance of the following modules: l l l l l l l l l
Issue 03 (2010-11-19)
TACACS server template Web authentication server Address segment User domain User access Portal user Interface service C-VLAN User PVC
13 BRAS Management
RADIUS server (only applicable to MA5200G V200R002)
Procedure
l To query the real-time performance of global BRAS configurations, do as follows: 1. 2. 3. 4. l 1. 2. 3. 4. 5. 6. ----End Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. Choose BRAS Management > BRAS Global from the service tree. Right-click on the page and choose Performance Statistic from the shortcut menu. Select the performance indicators that you want to query in the dialog box that is displayed. Click OK. Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. In the service tree, expand BRAS Management > AAA Management, and then click User Domain. Set the query conditions and click Query. Right-click a record in the list and choose Performance Statistic from the shortcut menu. Select the performance indicators that you want to query in the dialog box that is displayed. Click OK.
To query the real-time performance of a user domain and other modules, do as follows:
13-26
Issue 03 (2010-11-19)
14 VPDN Management
14
About This Chapter
VPDN Management
This describes the functions, configuration, and maintenance of VPDN management and provides the service configuration procedures. 14.1 VPDN Management Overview This describes the basic concepts of VPDN and the functions of VPDN management. 14.2 Configuring L2TP Globally Before configuring a device as the LAC, LNS, or LTS, you need to enable L2TP on the device. The global L2TP parameters take effect on the ME60 and MA5200G globally. That is, these parameters are applied to all the L2TP groups. 14.3 Configuring a LAC Service When an L2TP user goes online, the LAC sets up a tunnel with the remote LNS and sends user packets to the LNS through the tunnel. 14.4 Configuring an LNS Service This describes how to configure an LNS service. The LNS can respond to the tunnel setup request from an LAC, authenticate users, and assign IP addresses to users. 14.5 Displaying the L2TP Status This describes how to check whether an L2TP group is enabled. 14.6 Querying Real-time Performance This describes how to query real-time performance. Querying the real-time performance of the L2TP tunnel is similar to querying the real-time performance of the L2TP session. The following takes the query of the real-time performance of the L2TP tunnel as an example. 14.7 Deleting an L2TP Tunnel After an L2TP tunnel is deleted, all the sessions on the tunnel are cleared. Currently, only the tunnels on the LAC can be deleted. The tunnels on the LNS cannot be deleted.
Issue 03 (2010-11-19)
14-1
14 VPDN Management
14.1 VPDN Management Overview

This describes the basic concepts of VPDN and the functions of VPDN management. 14.1.1 VPDN Management Functions VPDN management involves the management of global L2TP, L2TP groups, L2TP tunnels, L2TP sessions, and LNS backup groups. 14.1.2 Basic Concepts This describes the basic concepts of VPDN.
14.1.1 VPDN Management Functions

VPDN management involves the management of global L2TP, L2TP groups, L2TP tunnels, L2TP sessions, and LNS backup groups.

This describes the basic concepts of VPDN.
VPDN Management
By using the dial-up function of public networks (such as ISDN and PSTN) and cooperating with access networks, the virtual private dial-up network (VPDN) provides access services for enterprises, small Internet service providers, and mobile business subscribers. Based on special encryption communication protocols, the VPDN can set up a safe virtual private network over the public network. In this manner, the other branches of enterprises and staff traveling on business can access the headquarters over the public network through virtual encrypted tunnels. Other users on the public network cannot access the internal resources of the enterprise network through the virtual tunnel. VPDN tunneling protocols include the Point-to-Point Tunneling Protocol (PPTP), the Layer 2 Forwarding (L2F) protocol, and the Layer 2 Tunneling Protocol (L2TP). The protocol most widely used is L2TP. Figure 14-1 shows the L2TP-based VPDN networking. Figure 14-1 L2TP-based VPDN networking
LAC PSTN/ ISDN NAS Remote branch Internal server LNS
Remote subscriber
L2TP tunnel
14-2
Issue 03 (2010-11-19)
14 VPDN Management
The L2TP-based VPDN contains the L2TP access concentrator (LAC) and the L2TP network server (LNS). l LAC As a device on the switch network, an LAC has the capability to process the packets of PPP systems and L2TP. The LAC lies between the LNS and remote system (remote users and remote branches) to exchange packets. l LNS As a device at the PPP system side, an LNS can process the packets of the L2TP server. The LNS is the peer of the LAC. It is the logical termination point of the PPP session transmitted over the tunnel by LAC.
NOTE
An ME60 or MA5200G can act as either an LAC or an LNS.
L2TP
L2TP (RFC 2661) defines an encapsulation mechanism for PPP packets. L2TP enables PPP packets to be transmitted over tunnels and extends the PPP model. L2TP is connection-oriented. There are two kinds of connections between an LNS and an LAC: l l Tunnel: defines an LNS-LAC couple. Session: indicates a PPP session over the tunnel. It is multiplexed on a tunnel.
More than one L2TP tunnel can be set up for an LNS-LAC couple. A tunnel consists of a control connection and one or more sessions. The sessions can be set up only after the tunnels are set up. Each session matches a PPP data flow between the LAC and LNS. Both the control messages and the PPP data packets are transmitted over the tunnels. The L2TP uses Hello packets to check the connectivity of the session. The LAC and the LNS periodically send Hello packets to each other. If no Hello response packet is received by either of them at a specified interval, the session between them is canceled.
CAUTION
Before performing operations on NEs, synchronize the configurations of the related modules to ensure that the data on the NMS is the same as the data on the device.
14.2 Configuring L2TP Globally

Before configuring a device as the LAC, LNS, or LTS, you need to enable L2TP on the device. The global L2TP parameters take effect on the ME60 and MA5200G globally. That is, these parameters are applied to all the L2TP groups.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click L2TP Global.
14 VPDN Management
3 In the L2TP Global window, set the related parameters.
NOTE
The following figure takes ME60 V100R006 as an example. The configuration windows may vary according to devices.
14.3 Configuring a LAC Service

When an L2TP user goes online, the LAC sets up a tunnel with the remote LNS and sends user packets to the LNS through the tunnel. 14.3.1 LAC Configuration Flowchart This describes the configuration procedure of LAC services. 14.3.2 Enabling L2TP This describes how to enable L2TP globally. L2TP must be enabled before the equipment is configured as the LAC. 14.3.3 Adding an L2TP Group This describes how to add an L2TP group. The LAC and LNS must be configured in the L2TP group. When adding an L2TP group, you can set the L2TP group to LAC or LNS by setting the type of the L2TP group. To configure a device as the LAC, set Local Type to LAC. 14.3.4 Binding an L2TP Group to a Domain This describes how to bind an L2TP group to a domain. After configuring an L2TP group and the tunnel, you need to bind the L2TP group to a configured domain. In this manner, the domain can be associated with the L2TP tunnel.
14.3.1 LAC Configuration Flowchart

This describes the configuration procedure of LAC services. The process of configuring LAC services is shown in Figure 14-2.
14-4
Issue 03 (2010-11-19)
14 VPDN Management
Figure 14-2 LAC configuration flowchart
Start
Enable L2TP
Add an L2TP group
Bind the L2TP group to domain
End
14.3.2 Enabling L2TP

This describes how to enable L2TP globally. L2TP must be enabled before the equipment is configured as the LAC.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click L2TP Global. 3 Set L2TP Enable to Open. 4 Click Apply. ----End
14.3.3 Adding an L2TP Group

This describes how to add an L2TP group. The LAC and LNS must be configured in the L2TP group. When adding an L2TP group, you can set the L2TP group to LAC or LNS by setting the type of the L2TP group. To configure a device as the LAC, set Local Type to LAC.
Context
l l
Issue 03 (2010-11-19)
The system has two default L2TP groups: default-lac and default-lns. They can be modified but cannot be deleted. default-lac is the default LAC group. default-lns is the default LNS group.
14 VPDN Management
The LAC can receive the IP address allocated by the LNS only after the dial-up network is configured on the LAC.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click L2TP Group. 3 Right-click in the list and select Add on the shortcut menu. 4 Set the parameters in the Add L2TP Group dialog box.
NOTE
5 Click OK. ----End
14.3.4 Binding an L2TP Group to a Domain

This describes how to bind an L2TP group to a domain. After configuring an L2TP group and the tunnel, you need to bind the L2TP group to a configured domain. In this manner, the domain can be associated with the L2TP tunnel. By associating a domain with an L2TP tunnel, the device can deliver the services of an ISP in batches to the access server (LNS) of the ISP through the associated L2TP tunnel. In this manner, multi-ISP service wholesale is implemented. The L2TP group is bound under the user domain. For details, see 13.5.1 Adding a User Domain.
14-6
Issue 03 (2010-11-19)
14 VPDN Management
14.4 Configuring an LNS Service

This describes how to configure an LNS service. The LNS can respond to the tunnel setup request from an LAC, authenticate users, and assign IP addresses to users. 14.4.1 LNS Configuration Flowchart This describes the configuration procedure of LNS services. 14.4.2 Enabling L2TP This describes how to enable L2TP globally. L2TP must be enabled before the equipment is configured as the LNS. 14.4.3 Adding an L2TP Group This describes how to add an L2TP group. The LAC and LNS must be configured in the L2TP group. When adding an L2TP group, you can set the L2TP group to LAC or LNS by setting the type of the L2TP group. To configure a device as the LNS, set Local Type to LNS. 14.4.4 Adding an LNS Backup Group This describes how to add an LNS backup group. After configuring the LNS in the L2TP group, you can bind the loopback interface and service processing unit (SPU) to the LNS backup group. The LNS backup group uses the IP address of the loopback interface as the source address to communicate with the LAC. To set up an L2TP tunnel, you need to bind an SPU to the LNS backup group.
14.4.1 LNS Configuration Flowchart

This describes the configuration procedure of LNS services. The configuration procedure of the LNS service is shown in Figure 14-3. Figure 14-3 LNS configuration flowchart
Start
Enable L2TP
Add an L2TP group
Add an LNS backup group
End
Issue 03 (2010-11-19)
14-7
14 VPDN Management
14.4.2 Enabling L2TP

This describes how to enable L2TP globally. L2TP must be enabled before the equipment is configured as the LNS. For details, see 14.3.2 Enabling L2TP.
14.4.3 Adding an L2TP Group

This describes how to add an L2TP group. The LAC and LNS must be configured in the L2TP group. When adding an L2TP group, you can set the L2TP group to LAC or LNS by setting the type of the L2TP group. To configure a device as the LNS, set Local Type to LNS. For details, see 14.3.3 Adding an L2TP Group.
14.4.4 Adding an LNS Backup Group

This describes how to add an LNS backup group. After configuring the LNS in the L2TP group, you can bind the loopback interface and service processing unit (SPU) to the LNS backup group. The LNS backup group uses the IP address of the loopback interface as the source address to communicate with the LAC. To set up an L2TP tunnel, you need to bind an SPU to the LNS backup group.
Context
l l You can add a maximum of 16 LNS backup groups to the ME60, and add a maximum of 8 LNS backup groups to the MA5200G. A loopback interface cannot be bound to multiple LNS backup groups.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click LNS Backup Group. 3 Right-click in the list and select Add on the shortcut menu. 4 Set the parameters in the Add LNS Backup Group dialog box.
14-8
Issue 03 (2010-11-19)
14 VPDN Management
NOTE
5 Click OK. ----End
14.5 Displaying the L2TP Status

This describes how to check whether an L2TP group is enabled.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click L2TP Global. 3 You can check whether the L2TP group is enabled in the L2TP global view. ----End
14.6 Querying Real-time Performance

This describes how to query real-time performance. Querying the real-time performance of the L2TP tunnel is similar to querying the real-time performance of the L2TP session. The following takes the query of the real-time performance of the L2TP tunnel as an example.
Procedure
14 VPDN Management
2 In the service tree, expand VPDN Management, and then click L2TP Tunnel. 3 Set the query conditions and click Query. 4 In the list, select a record and right-click it. Then select Performance Statistic on the shortcut menu. 5 Select L2TP Tunnel Statistics Profile from the Optional Indexes group box.
NOTE
A maximum of eight performance indexes can be selected.
6 Click OK.
NOTE
To synchronize the configurations on the device to the NMS, click Resync.
----End
14.7 Deleting an L2TP Tunnel

After an L2TP tunnel is deleted, all the sessions on the tunnel are cleared. Currently, only the tunnels on the LAC can be deleted. The tunnels on the LNS cannot be deleted.
Procedure
1 Right-click an NE on the Main Topology and choose NE Explorer from the shortcut menu. 2 In the service tree, expand VPDN Management, and then click L2TP Tunnel. 3 Set the query conditions and click Query. 4 In the list, select the record to be deleted and right-click it. Then select Clear Session on the shortcut menu. 5 Click OK.
NOTE
To synchronize the configurations on the device to the NMS, click Resync.
----End
14-10
Issue 03 (2010-11-19)
15 VPN Management
15
About This Chapter
VPN Management
This topic describes NE VPN management. In NE VPN management, VPNs can be configured for each PE device, constituting the VPN services without basic service information such as the service name and associated customer. NE VPN management and IP end-to-end configurations can be shared in the NMS database, that is, the VPN management configurations in the NE Explorer can be used for IP end-to-end configuration. 15.1 VPN Management Overview This topic describes the basic concepts of VPN management. You need to know the related basic concepts before managing VPN services. 15.2 Creating a Tunnel Policy This topic describes how to create a tunnel policy. Tunnel policies are used to select tunnels according to destination IP addresses. 15.3 Creating a PW Template This topic describes how to create a PW template. For easy expansion, certain common attributes of PWs are configured in a PW template. When you create a PW in interface mode, you can use this template. 15.4 Creating a PW This topic describes how to create a PW. The PW is a type of encapsulation bearer channels on PEs. You can create a static or dynamic PW. In addition, you can set the primary/secondary status of the dynamic PW. 15.5 Creating a VSI This topic describes how to create a VSI. In NE management, VSIs can be configured for each PE. The VSIs configured in NE management can also serve as optional service components for the creation of a VPLS. The VSIs can be classified into service VSIs and management VSIs. 15.6 Creating a VRF This topic describes how to create a VRF. In NE management, VRFs can be configured for each PE. VRFs that are configured in the NE Explorer can be used for configuring end-to-end L3VPN services.
Issue 03 (2010-11-19)
15-1
15 VPN Management
15.1 VPN Management Overview

This topic describes the basic concepts of VPN management. You need to know the related basic concepts before managing VPN services.
Static PW
.The Static PW negotiates parameters without the signaling protocol. You must specify the relevant information manually. Data is transmitted among PEs through a tunnel.
Dynamic PW
The dynamic PW is a PW set up through the signaling protocol. The UPE switches VC labels through LDP and is bound to the related CE through the VC ID. After the tunnel that connects two PEs is set up and the switching and binding of labels are complete, a VC is set up if the AC link of these two PEs is Up.
PW Template
The PW template is a set of public attributes of the PWs. A PW template is shared by different PWs. For easy expansion, the PW template command model is added to configure certain common attributes of PWs in a PW template. When you create a PW in interface mode, you can use this template.
VSI
Each VSI provides the independent VPLS. The VSI has the Ethernet bridge function and can terminate a PW.
VRF
L3VPN provides an instance for each VPN to construct a private information forwarding instance of the related VPN, that is, the VPN instance. The VPN instance is also named the VRF. In RFC 2547, a VPN instance is called the per-site forwarding table.
15.2 Creating a Tunnel Policy

This topic describes how to create a tunnel policy. Tunnel policies are used to select tunnels according to destination IP addresses.
Prerequisite
l l The interface configurations must be synchronized. The tunnel interfaces and tunnels must exist on equipment and run normally. The MPLS configurations must be synchronized.
Procedure
15 VPN Management
2 Choose VPN Management > Tunnel Policy Management from the service tree. 3 Click Create, and set the name and tunnel policy type.
NOTE
The types of tunnel policies are Bind Application to Tunnel and Tunnel Selection Sequence. The two are mutually exclusive.
4 After completing the settings, click OK to return to the Tunnel Policy Management tab page. The new tunnel policies will be displayed in the query result area. ----End
15.3 Creating a PW Template

This topic describes how to create a PW template. For easy expansion, certain common attributes of PWs are configured in a PW template. When you create a PW in interface mode, you can use this template.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > PW Template Management from the service tree. 3 Click Create and set the related parameters. 4 Click OK to return to the PW Template Management tab page. The created PW templates are displayed in the query result area. ----End
15.4 Creating a PW
This topic describes how to create a PW. The PW is a type of encapsulation bearer channels on PEs. You can create a static or dynamic PW. In addition, you can set the primary/secondary status of the dynamic PW.
Prerequisite
Before configuring a static PW, you must do as follows: l l l l l Configure an IGP on the PEs and Ps of the MPLS backbone network to realize the IP connectivity of the backbone network. Enable MPLS on PEs. Establish the tunnel of a corresponding type between the PEs according to the applied tunnel policy. When the CE access type is VLAN, configure sub-interfaces; when the CE access type is ATM, configure the virtual circuit; when the CE access type is FR, configure DLCI. Before configuring the MPLS L2VC connection, enable MPLS L2VPN.
Before configuring a dynamic PW, you must do as follows:

15 VPN Management
l l l l l l l l l l l l l
Configure an IGP on the PEs and Ps of the MPLS backbone network to realize the IP connectivity of the backbone network. Enable MPLS on the backbone network. Establish the tunnel of a corresponding type between the PEs according to the applied tunnel policy. Set up a remote LDP session between PEs. When the CE access type is VLAN, configure sub-interfaces; when the CE access type is ATM, configure the virtual circuit; when the CE access type is FR, configure DLCI. Before configuring the MPLS L2VC connection, enable MPLS L2VPN. Configure IGP on the PEs and Ps of the MPLS backbone network to realize the IP connectivity of the backbone network. Enable MPLS on the backbone network. Establish the tunnel of a corresponding type between the PEs according to the applied tunnel policy. Establish tunnels used by the primary and secondary PWs between PEs in the primary and bypass paths, including the CR-LSP, LSP, and GRE tunnel. If the tunnel is the GRE or CR-LSP tunnel, configure a tunnel policy. If the tunnel is the LSP tunnel, configure a tunnel policy. Configure the primary PW on the PEs of the primary path. Configure the IP addresses of the CE access interfaces.
NOTE
Before configuring a secondary PW, you must do as follows:
l One interface cannot be configured as the AC interface of an L2VPN and as the AC interface of an L3VPN at the same time. When an interface is bound to an L2VPN, all the Layer 3 features configured on the interface, such as the IP address and routing protocol, are invalid. l PWE3 does not support P2MP. When you create an MPLS L2VC on an ATM sub-interface, the ATM sub-interface must be the end-to-end type. For the configuration of the transparent transmission of ATM cells, however, the restriction is not applicable. l You cannot configure two static PWs on one interface at the same time; however, you can configure the dynamic primary and secondary PWs. The types of the primary and secondary PWs must be consistent. That is, the encapsulation types of the primary and secondary PWs must be consistent.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > PW Management from the service tree. 3 Click Create. 1. 2. Click the Interface Configuration tab, and then set the values of Interface Name and Signalling Mode. Click the General tab. Then, set corresponding parameters.
15-4
Issue 03 (2010-11-19)
15 VPN Management
NOTE
The parameters to be configured on the General tab page vary according to the interface types and signalling types on the Interface Configuration tab page. The parameters unsupported are hidden. The following takes the Dynamic signalling as an example.
4 After the settings, click OK to return to the PW Management tab page. The created PWs are displayed in the query result area. 5 Optional: For existing dynamic PWs, you can perform the following configurations: 1. 2. Click Configure. The Configure PW dialog box is displayed. Click Advance on the General tab page to set advanced PW parameters.
----End
15.5 Creating a VSI

This topic describes how to create a VSI. In NE management, VSIs can be configured for each PE. The VSIs configured in NE management can also serve as optional service components for the creation of a VPLS. The VSIs can be classified into service VSIs and management VSIs. 15.5.1 Creating a Martini Service VSI This topic describes how to configure the Martini VPLS network if PEs support the usage of LDP as the VPLS signaling. To fully mesh PEs on a VPLS network through PWs, you need to set up LDP sessions between all the PEs.
15 VPN Management
15.5.2 Creating a Management VSI This topic describes how to create a management VSI. The management VSI is used to transmit packets and facilitate link detection and the active/standby switchover. 15.5.3 Enabling and Disabling a Service VSI This topic describes how to enable and disable a service VSI. When a certain VSI needs to be stopped or certain specific maintenance operations need to be performed for a service, you need to disable the service or certain interfaces that are associated with the service. When the working status of the service needs to be recovered, you can enable the service or certain interfaces that are associated with the service.
15.5.1 Creating a Martini Service VSI

This topic describes how to configure the Martini VPLS network if PEs support the usage of LDP as the VPLS signaling. To fully mesh PEs on a VPLS network through PWs, you need to set up LDP sessions between all the PEs.
Prerequisite
Before configuring the Martini service VSI, complete the following tasks: l l l l Configuring LSR IDs and enabling MPLS and MPLS LDP on PE and P equipment Enabling MPLS L2VPN on PEs Establishing tunnels between PEs to transmit user data Setting up remote LDP sessions if PEs are indirectly connected
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > VSI Management from the service tree. 3 Choose Create > Martini Service VSI. The Create Martini Service VSI dialog box is displayed. 1. On the Configure VSI tab page, set the related parameters.
15-6
Issue 03 (2010-11-19)
NOTE
15 VPN Management
The VSI parameters that need to be set vary according to equipment types.
2.
On the Configure VC tab page, click Create and select the VC type as required.
NOTE
The commands delivered by and the function of the mesh VC are different from those of the spoke VC The mesh VC is applicable to the full-mesh scenario, whereas the spoke VC is applicable to the HVPLS. The essential difference between the mesh VC and the spoke VC is whether to forward packets received from the PW to another VSI. The spoke VC forwards the packets, whereas the mesh VC does not.
3.
On the Bind Interface tab page, click Add. In the Select Interface dialog box, select the access interface associated with the VSI, and then click OK.
NOTE
l You cannot select the interfaces that are bound to other services. l If no eligible interfaces are displayed, you can click Create to create an interface or subinterface. l You need to set the VLAN ID for a new subinterface.
4 Click OK. ----End
Result
On the VSI Management tab page, you can find the newly created Martini service VSI. You can select the VSI and view details about the VSI in the detailed information area.
15.5.2 Creating a Management VSI

This topic describes how to create a management VSI. The management VSI is used to transmit packets and facilitate link detection and the active/standby switchover.
Prerequisite
Before configuring a management VSI, you must do as follows: l l l l l Configure IGP on the PEs and Ps of the MPLS backbone network to realize the IP connectivity of the backbone network. Configure the LSR ID and enable MPLS and MPLS LDP on the PEs and Ps. Enable MPLS L2VPN on the PEs. Set up the remote LDP session if the PEs are not directly connected. Establish the tunnel of a corresponding type between the PEs according to the applied tunnel policy.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > VSI Management from the service tree. 3 Choose Create > Management VSI. The Create Management VSI dialog box is displayed. 1.
Issue 03 (2010-11-19)
On the Configure VSI tab page, set the related parameters.

15 VPN Management
l In the MAC Address Configuration area, click Set, and then set the parameters related to the MAC address. l In the VSI QoS Configuration area, click Set, and then set the parameters related to the VSI QoS. l In the Diffserv Configuration area, click Set, and then set the parameters related to the Diffserv.
NOTE
The management VSI can be bound to multiple service VSIs. The service VSI, however, can be bound to only one management VSI.
NOTE
The VSI parameters that need to be set vary according to equipment types.
2.
On the Configure VC tab page, click Create and select the VC type as required.
NOTE
The commands delivered by and the function of the mesh VC are different from those of the spoke VC The mesh VC is applicable to the full-mesh scenario, whereas the spoke VC is applicable to the HVPLS. The essential difference between the mesh VC and the spoke VC is whether to forward packets received from the PW to another VSI. The spoke VC forwards the packets, whereas the mesh VC does not.
3.
On the Bind Interface tab page, click Add. In the Select Interface dialog box, select the access interface associated with the VSI, and then click OK.
NOTE
l You cannot select the interfaces that are bound to other services. l If no eligible interfaces are displayed, you can click Create to create an interface or subinterface. l You need to set the VLAN ID for a new subinterface.
4.
On the MAC Address Entry tab page, click Create. In the dialog box that is displayed, set the related parameters.
4 Click OK. ----End

15 VPN Management
Result
On the VSI Management tab page, you can find the newly created management VSI. You can select the VSI and view details about the VSI in the detailed information area.
15.5.3 Enabling and Disabling a Service VSI

This topic describes how to enable and disable a service VSI. When a certain VSI needs to be stopped or certain specific maintenance operations need to be performed for a service, you need to disable the service or certain interfaces that are associated with the service. When the working status of the service needs to be recovered, you can enable the service or certain interfaces that are associated with the service.
Context
You can enable or disable the selected service VSI to control the management status of the VSI. The types of management statuses are enabled and disabled.
NOTE
The management VSI does not support the enabling or disabling operation.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > VSI Management from the service tree. 3 Click Query to query all records. 4 Click the VSI List tab. Select one or more VSIs to be operated from the service VSI list. Then perform either of the following operations: l Right-click the VSIs and choose Enabled from the shortcut menu. l Right-click the VSIs and choose Disabled from the shortcut menu. ----End
15.6 Creating a VRF

This topic describes how to create a VRF. In NE management, VRFs can be configured for each PE. VRFs that are configured in the NE Explorer can be used for configuring end-to-end L3VPN services.
Prerequisite
Before configuring a VRF, you must do as follows: l l Create routing policies if import or export routing policies need to be applied to the VRF. Create tunnel policies if load balancing is required or MPLS TE tunnels are configured. For configurations about tunnel policies, see "Creating a Tunnel PolicyL".
Context
A VRF is also called a VPN instance. A PE has multiple forwarding tables, including a public routing and forwarding table and one or more VRFs. A VRF can be regarded as a virtual router, which maintains the independent address space and provides access interfaces.
15 VPN Management
To be more specific, every connection between a CE and a PE corresponds to a VPN instance (not a one-to-one mapping). This mapping is realized on the basis of the configuration that the VPN instance is associated with (or bound to) the PE interface that directly connects the CE. The VPN instance realizes the independence of address space through the RD and realizes the VPN member relationship and routing rules control at the directly connected site and remote site through the RT attribute.
Procedure
1 Right-click the NE in the Main Topology and choose NE Explorer from the shortcut menu. 2 Choose VPN Management > VRF Management from the service tree. 3 Click Create. 4 In the Create VRF dialog box, perform the following tasks: 1. 2. 3. 4. On the VRF Configuration tab page, enter the VRF name, RD, and VRF description. Click Create. In the Create RT dialog box, set the RT value and type. Click OK. Optional: Click Advanced. In the Configure Advanced Attribute of VRF dialog box, set the related parameters. Click OK. On the Bind Interface tab page, click Add. In the Select Interface dialog box, set the query conditions and click Query. Select the interface that is bound to the VRF, and then click OK.
NOTE
l The interfaces that are bound to a PW or VSI cannot be selected. l If the selected interface is configured with an IP address, the IP address is cleared after the interface is bound to a VRF. l If no eligible interfaces are displayed, you can click Create to create a corresponding interface or sub-interface.
15-10
Issue 03 (2010-11-19)
15 VPN Management
5 Click OK. ----End
Result
The created VRF is displayed in the query result area in VRF Management. You can select the VRF and view details about the VRF in the detailed information area. The details about the VRF includes the general information and information about the bound interface.
Issue 03 (2010-11-19)
15-11
16 Accessing NEs Through a Tool
16
About This Chapter
Accessing NEs Through a Tool
This topic describes how to access NEs in the topology view of the U2000 through Telnet or SSH, and how to check the NE connectivity trough the ping, tracert, ICMP ping, or ICMP trace test. 16.1 Ping This topic describes how to send ping packets to a remote host to check whether it is reachable. To check the network connectivity or the line quality, you can also perform the ping test. 16.2 Tracert This topic descries how to test the route that a data packet passes from the source host to the destination host. The tracert command is used to check whether a network connection is reachable and to determine the position where a fault occurs. After detecting a fault on the network by using the ping command, you can use the tracert command to determine the fault position. 16.3 Telnet This topic describes how to remotely log in to an NE by performing the Telnet operation on the U2000 to configure and maintain the NE. 16.4 SSH This topic describes how to guarantee the security of network communications through SSH that provides authentication, encryption, and authorization. When a user remotely logs in to a router through an insecure network, SSH offers secure information guarantee and powerful authentication to protect the NE against attacks such as IP address spoofing and interception of plain text passwords. 16.5 ICMP Ping This topic describes how to perform the ICMP ping test on the selected NE through the shortcut menus in the topology view. 16.6 ICMP Trace This topic describes how to perform the ICMP trace test on the selected NE through the shortcut menus in the topology view.
Issue 03 (2010-11-19)
16-1
16.1 Ping
This topic describes how to send ping packets to a remote host to check whether it is reachable. To check the network connectivity or the line quality, you can also perform the ping test.
Context
During the ping process, the source host sends an ICMP ECHO-REQUEST packet to the destination host. If the network connection between the source host and the destination host is normal, after receiving the ICMP ECHO-REQUEST packet, the destination host responds to the source host with an ICMP ECHO-REPLY packet.
Procedure
1 In the Main Topology, select the NE to be operated. 2 Right-click the NE and choose Tool > Ping from the shortcut menu. 3 In the dialog box that is displayed, select Ping or Continual Ping, and then click Start. ----End
Result
l If the operation is successful, it indicates that the destination host is reachable. In the Result area, the information indicating the normal connection is displayed. The information includes the number of sent packets, number of received response packets, percentage of no-response packets, and minimum, maximum, and average response time. If the operation fails, it indicates that the destination host is unreachable and the network connectivity or line failure cannot be detected. The Request time out message is displayed.
16.2 Tracert
This topic descries how to test the route that a data packet passes from the source host to the destination host. The tracert command is used to check whether a network connection is reachable and to determine the position where a fault occurs. After detecting a fault on the network by using the ping command, you can use the tracert command to determine the fault position.
Context
The execution process of the tracert command is as follows: l l l l
16-2
The source host sends a packet whose TTL is 1. The TTL times out. The first hop sends back an ICMP error message to indicate that this packet cannot be sent. The source host sends a packet whose TTL is 2. The TTL times out. The second hop sends back an ICMP error message to indicate that this packet cannot be sent. The source host sends a packet whose TTL is 3. The TTL times out. The third hop sends back an ICMP error message to indicate that this packet cannot be sent. The process continues in this manner until the packet reaches the destination host.
The purpose of performing these operations is to record the source address of each ICMP TTL time-out message, so as to provide the route that an IP packet passes to reach the destination host.
Procedure
1 In the Main Topology, select the NE to be operated. 2 Right-click the NE and choose Tool > Tracert from the shortcut menu.
NOTE
In the Tracert Result dialog box, the gateways that the test packets pass from the source host to the destination host and the response time that the three sent test packets reach the gateways are displayed.
----End
16.3 Telnet
This topic describes how to remotely log in to an NE by performing the Telnet operation on the U2000 to configure and maintain the NE.
Prerequisite
Make sure that port 9811 between the U2000 server and clients is enabled before you telnet a device.
Procedure
1 In the Main Topology, select the NE to be operated. 2 Right-click the NE and choose Tool > Telnet from the shortcut menu. When you telnet to the remote server or NE successfully, you can operate the NE through command lines. ----End
16.4 SSH
This topic describes how to guarantee the security of network communications through SSH that provides authentication, encryption, and authorization. When a user remotely logs in to a router through an insecure network, SSH offers secure information guarantee and powerful authentication to protect the NE against attacks such as IP address spoofing and interception of plain text passwords.
Procedure
1 In the Main Topology, select the NE to be operated. 2 Right-click the NE and choose Tool > SSH from the shortcut menu. After logging in to a remote server or host remotely, you can perform operations on the NE through command lines. ----End
16.5 ICMP Ping

This topic describes how to perform the ICMP ping test on the selected NE through the shortcut menus in the topology view.
Context
l Compared with the common ping test, the ICMP ping test supports the setting of test packet parameters and other advanced parameters, as well as the setting of the source and destination addresses. Thus, the ICMP ping test can provide more specific test results. Certain NEs do not support the ICMP ping test. The ICMP Ping option is not contained in the shortcut menus for these NEs.
Procedure
1 Right-click the source NE to be diagnosed in the Main Topology and choose Tool > ICMP Ping from the shortcut menu. 2 At the moment, the cursor turns into a cross. Click the destination NE. 3 In the Test dialog box, set the related parameters. 4 Click Run. 5 View the execution result in the Run Test dialog box. During the test execution, you can click Terminate to stop the test. ----End
16.6 ICMP Trace

This topic describes how to perform the ICMP trace test on the selected NE through the shortcut menus in the topology view.
Context
l Compared with the common tracert test, the ICMP trace test supports the setting of test packet parameters and other advanced parameters, as well as the setting of the source and destination addresses. Thus, the ICMP trace test can provide more specific test results. Certain NEs do not support the ICMP trace test. The ICMP Trace option is not contained in the shortcut menus for these NEs.
Procedure
1 Right-click the source NE to be diagnosed in the Main Topology and choose Tool > ICMP Trace from the shortcut menu. 2 At the moment, the cursor turns into a cross. Click the destination NE. 3 In the Test dialog box, set the related parameters. 4 Click Run.
5 View the execution result in the Run Test dialog box. During the test execution, you can click Terminate to stop the test. ----End
Issue 03 (2010-11-19)
16-5
17 Diagnosis Management
17
About This Chapter
Diagnosis Management
This topic describes how to use the iManager U2000 for test and diagnosis. 17.1 Overview of the Test Diagnosis Tool This topic describes the functions and concepts of the test diagnosis tool as well as the test diagnosis types provided by the tool. 17.2 Process of Using the Test Diagnosis Tool This topic describes the process of using the test diagnosis tool to perform test diagnosis with a flowchart. 17.3 Common Operations Common operations of test diagnosis include creating a test suite, test case, and result analysis template, running the test diagnosis tool, and displaying and exporting the running results of the test suite. The following describes the methods of performing these common operations. 17.4 Performing Network Scanning This topic describes the application scenario of and the operation of performing network scanning. With this function, you can detect the connectivity of all side-by-side links, RPR links, IP virtual links and LLDP links in the U2000. 17.5 Typical Examples for Performing Test Diagnosis Tasks This topic describes the method of and the procedure for performing test diagnosis tasks with the test diagnosis tool in actual situations by using the related examples.
Issue 03 (2010-11-19)
17-1
17.1 Overview of the Test Diagnosis Tool

This topic describes the functions and concepts of the test diagnosis tool as well as the test diagnosis types provided by the tool. 17.1.1 Function Overview The test diagnosis tool is used to detect network connectivity and perform troubleshooting for the carrier network. 17.1.2 Basic Concepts This topic describes the concepts related to the test diagnosis tool. 17.1.3 Test Diagnosis Type The test diagnosis tool provides a large number of types of test cases. Each test case is designed for a specific service or protocol at a network layer. You can select a proper test case type according to the actual operating environment of the network.
17.1.1 Function Overview

The test diagnosis tool is used to detect network connectivity and perform troubleshooting for the carrier network. The test diagnosis tool can be used to detect the connectivity of multiple services and each network protocol layer, locate faults, and periodically perform tests according to the settings specified in the diagnosis policy. The test diagnosis tool can also detect the connectivity of the entire network. The test diagnosis tool can realize the following functions: l Rich test methods The test diagnosis tool provides a large number of test cases for different network protocol layers and service types. These test cases cover all the applications of various layers at which network faults may occur. In different application scenarios, you can establish test suites combined with different test cases. With test results, you can use the Trace Route tool to locate faults according to the network segment and hierarchy. l Flexible diagnosis policy The diagnosis policy permits users to periodically run one or more test suites. According to the actual scenario of operation and maintenance, you can define the time for periodically running the test suites. For example, you can detect the connectivity of the entire network at 2:00 AM each Sunday. l Convenient network scanning The network scanning function can be used to detect the connectivity of all virtual links and LLDP links on the entire network. You can view the scanning result to find the faulty links, and then use the Trace Route tool to locate the faults. l Intelligent result analysis Based on the levels of services, you can manually customize the result analysis policy and the thresholds of test case indexes, such as delay, jitter, and packet loss ratio in the result analysis template. In this manner, you can quickly determine the health conditions of networks. l
17-2
Detailed history data

The running results of all test suites are recorded as history data, which is convenient for you to view result information about the test suites.

This topic describes the concepts related to the test diagnosis tool.
Test Suite & Test Case

A test case is a test tool entity that is capable of detecting network connectivity. A test suite is a set of related test cases and is used to meet the requirements of combination tests. You can run a single test suite and then run all the test cases in the test suite or selectively run some of the test cases. Then, you can diagnose network QoS problems according to the parameters, such as delay, jitter, and packet loss ratio, in the test results.
NOTE
The test diagnosis tool provides rich test suites and test cases that help diagnose the connectivity in different operation and maintenance scenarios. For details, see 17.1.3 Test Diagnosis Type.
The following concepts are introduced into test cases: l SLA To ensure the quality of network services for users, carriers sign the SLA(Service Level Agreements) with customers. The following contents need to be specified in the SLA to ensure the interests of both parties: Carriers need to provide network services with a good quality for customers according to the promises in the SLA. When the network performance and reliability customized by customers are ensured, the customers need to pay the corresponding fees according to the promises in the SLA. When the quality of network services is deteriorated to a certain extent, carriers need to compensate for customers' losses according to the promises in the SLA. Compared with QoS that is focused on the networks of carriers, the SLA ensures the quality of services that are closely related to customers. QoS is important for realizing and ensuring the SLA. l Delay It refers to the time spent on transmitting packets. Delay is classified into RTD(Round Trip Delay) and OWD(Odd Way Delay). The RTD is classified into the following types: Min RTD Max RTD Average RTD The OWD is classified into the following types: Max SD OWD: maximum OWD from the source equipment to the destination equipment Max DS OWD: maximum OWD from the destination equipment to the source equipment
Delay is an important index to measure the quality of data transmission. Voice services and video services impose a strict requirement on delay. The service quality is sharply decreased on a network with the long delay. l Jitter It indicates the interval for sending two adjacent packets minus the interval for receiving the two packets. This index reflects the delay stability of multiple test operations. l Packet loss ratio It indicates the proportion of the number of packets that are sent but with no returned response packets to the number of all sent packets during data transmission. l TTL(Time to Live) It indicates the maximum number of routers that data packets can pass through. The TTL is set by the equipment that sends packets. The TTL is decreased by one when packets pass through a router. When the TTL of a date packet is 0, the data packet is discarded and ICMP timeout packet is sent to notify the source equipment. In normal cases, the TTL of a packet is set to the number of hops at a site that the packet passes through.
Diagnosis Policy
A diagnosis policy is used to periodically run the test suite bound to the diagnosis policy, which realizes a flexible and periodic test. You can set Period Type to Daily,Weekly or Monthly to define a diagnosis policy.
Network Scanning
The network scanning module can be used to detect the connectivity of all the virtual links and LLDP links on the entire network. You can view the scanning results, find and record the faulty links, and locate the faults with the Trace Route tool. Virtual links are created according to factors such as the importance of links and users' concern.
Result Analysis Template

A result analysis template is a policy used to determine test results. The U2000 compares the actual running results with the thresholds of the indexes such as delay, jitter, and packet loss ratio defined in the result analysis template, and marks them with different colors to help users quickly determine the network heath.
NOTE
l Green: indicates that the actual value is smaller than the lower threshold. l Yellow: indicates that the actual value ranges from the lower threshold to the upper threshold. l Red: indicates that the actual value is greater than the upper threshold.
Note that a test case can be bound to only one result analysis template and a result analysis template can be bound to multiple test cases.
History Data
History data stores the running records of test suites, such as information about parameters of each test and details about the running results.
17.1.3 Test Diagnosis Type

The test diagnosis tool provides a large number of types of test cases. Each test case is designed for a specific service or protocol at a network layer. You can select a proper test case type according to the actual operating environment of the network.
Network Connectivity Test Diagnosis

According to the network protocol layers, the test cases are classified as follows: l l l l l Application Layer Diagnosis: DNS, FTP, DHCP, HTTP, SNMP, VoIP Transport Layer Diagnosis: TCP, UDP Network Layer Diagnosis: ICMP Ping, ICMP Trace, ICMP VRF Ping, ICMP VRF Trace MPLS Diagnosis: LSP Ping, LSP Trace, PWE3 Ping, PWE3 Trace Data Link Layer Diagnosis: 802.1ag MAC Ping, CE ping
Concepts
The following describes the common test diagnosis types: l DNS TCP/IP not only provides IP addresses to specify equipment but also specifically designs a host naming mechanism in the format of a string, that is, the DNS. By applying a hierarchical naming mode, the DNS specifies a meaningful name for equipment on the network and then sets a domain name resolution server. In this manner, the relationship between domain names and the IP addresses is established. The domain names are meaningful and easy to remember, thus freeing users from memorizing complicated IP addresses. l FTP FTP is used to control the bidirectional transmission of files and is applied at the application layer. FTP uses TCP to transmit packets to ensure the reliability of transmission. l DHCP With the expansion of the network scale and the increase of network complexity, network configurations are increasingly complicated, and the locations of computers are changed frequently with the emergence of portable computers and wireless networks. As a result, the number of computers may exceed the number of allocable IP addresses. DHCP is developed to meet these requirements. l HTTP HTTP is developed by the Internet engineering special group for file transmission. HTTP is used to send requests from the browser to the Web server and transmit pages on the server to the browser. l SNMP SNMP is widely used for network management. It is a widely accepted industrial standard. It aims to ensure that management information can be transmitted between any two nodes. By using SNMP, network administrators can search and modify information at any node on the network, locate and troubleshoot faults, plan capacities, and generate reports. SNMP applies the polling mechanism to provide the basic function set. It is most suitable to smallscale and low-cost environments. It requires only UDP that has no acknowledgement mechanism; thus it is popular among a large number of products.
VoIP VoIP is an application technology focused on IP phone through Internet and the corresponding value-added services. It uses PSN as the transport platform, and compresses and encodes simulated voice signals. Then, these voice data is packaged according to the related protocols such as TCP/IP and transmitted to the destination equipment over the IP network. The destination equipment reorganizes the voice data, and then decodes and restores the data to the original voice signals. In this manner, voice data can be transmitted on the IP network and voice communication is realized on the Internet. The VoIP technology realizes the voice transmission between the traditional SCN and the IP network, or the direct voice transmission on the IP network. This technology consists of the signaling technology, voice encoding and decoding technology, real-time transmission technology, QoS assurance technology, and network transmission technology.
TCP TCP is a core protocol of the Internet protocol suite. Using TCP, interconnected hosts can establish connections with each other and exchange data. TCP ensures the reliable and inorder delivery of data from the sender to the receiver. TCP also distinguishes data for multiple concurrent applications running on the same host.
UDP UDP is a core protocol of the Internet protocol suite. Using UDP, the programs on interconnected computers can send short messages (sometimes known as datagrams with addressing information) to each other.
ICMP ICMP is a protocol of the TCP/IP protocol suite and is applied at the network layer. This protocol is used to transmit control information, such as the reported error, exchanging limit control, and status information, between hosts and routers. When IP data cannot reach destinations and IP routers cannot forward data packets at the current transmission rate, the system automatically sends an ICMP message. In this case, you can run the ping command to configure the local equipment to send an ICMP echo request message and record the received ICMP echo reply message. These messages provide reference to fault troubleshooting on the network or equipment.
Jitter It refers to the jitter time of packets. Jitter time is an important index to measure the network performance. It refers to the interval for sending two adjacent packets to the same destination minus the interval for receiving the two packets.
MTU The MTU is the maximum size of packets transmitted on a physical network. The MTU is determined by network equipment.
802.1ag 802.1ag maintains Ethernet services. It is used to automatically detect the connectivity of Ethernet links and locate faults.
LSP For an LSP, after a label is assigned to an FEC on the ingress, the label determines the traffic forwarding. The traffic is transparent to the transit nodes on the LSP. In this sense, an LSP is regarded as an LSP tunnel. Currently, LSPs are mainly used to provide public network tunnels for VPNs.
l
17-6
MPLS TE Tunnel
The MPLS TE technology integrates the MPLS technology with traffic engineering. It can reserve resources by setting up the LSP tunnels to a specified path in an attempt to detour congested nodes and balance network traffic. l PWE3 PWE3 is a type of L2VPN. PWE3 simulates the basic behaviors and characteristics of the services such as ATM, FR, Ethernet, TDM circuit, SONET, and SDH on a PSN. l BGP/MPLS VPN A BGP/MPLS VPN is a L3VPN. BGP/MPLS VPN uses BGP to advertise VPN routes on the backbone network of the service provider and uses MPLS to forward VPN packets on the backbone network of the service provider. l VPLS VPLS is a type of MPLS L2VPN services. VPLS enables geographically isolated user sites to communicate with each other through the MAN/WAN as if they are on the same LAN. Unlike the P2P services of the normal MPLS L2VPN, the VPLS provides MP2MP private network services. Each VPN site can communicate with multiple related VPN sites. The following are the concepts related to VPLS: VSI: It is the instance that maps the physical access links of VPLS to the VCs. PW: It is a bidirectional virtual connection between two VSIs. A VSI consists of a pair of unidirectional MPLS VCs. AC: It is the connection between a CE and a PE. It can be a physical interface or a virtual interface. Generally, all user packets, including Layer 2 and Layer 3 protocol packets, on an AC are forwarded to the peer site without any change. CE: It is the customer edge equipment directly connected with the service provider. PE: It is the provide edge equipment that is connected to a CE over a backbone network. A PE is responsible for accessing VPN services. A PE performs the mapping and forwarding of packets from the private network to the public channel and then from the public channel to the private network. The PEs can be further classified into UPEs and SPEs. QinQ: It is a mechanism that uses the tunnel protocol based on 802.1Q encapsulation and provides multipoint L2VPN services. In QinQ, the VLAN tag of private networks is encapsulated in the VLAN tag of public networks. The packets carry double tags when being transmitted over the backbone network of the service provider. In this manner, the QinQ technique provides a simple Layer 2 VPN tunnel to realize transmission of packets with double tags over public networks. Forwarder: It is a type of PEs. After a forwarder receives a data frame from an AC, the forwarder selects a PW for forwarding the data frame. Actually, the forwarder functions as the forwarding table of VPLS. Tunnel: It is used to bear multiple PWs. Generally, a tunnel is an MPLS tunnel. A tunnel is a direct channel that connects a local PE to a remote PE and transparently transmits data between the PEs. Encapsulation: The packets transmitted on PWs use the standard PW encapsulation mode and technology. The encapsulation of VPLS packets transmitted on PWs has two modes: Tagged and Raw. PW signaling: It is the basis on which VPLS is implemented. It is used for creating and maintaining PWs. The PW signaling protocol can automatically discover the remote PEs of VSIs. LDP is applied here.
17.2 Process of Using the Test Diagnosis Tool

This topic describes the process of using the test diagnosis tool to perform test diagnosis with a flowchart. 17.2.1 Flowchart of Detecting Network Connectivity This topic describes the process of detecting network connectivity with the test diagnosis tool through a flowchart. 17.2.2 Flowchart of Locating Faults This topic describes the process of locating faults during operation and maintenance through a flowchart.
17.2.1 Flowchart of Detecting Network Connectivity

This topic describes the process of detecting network connectivity with the test diagnosis tool through a flowchart. Figure 17-1 shows the process of using the test diagnosis tool to detect network connectivity. Figure 17-1 Flowchart of detecting network connectivity
Start
Define a test suite
Periodically perform test diagnosis with diagnosis policies
View the current test results
View results through history data
Faults exist in results? Yes Judge the fault range based on test results
No
Locate faults with the Trace Route tool
End
17-8
Issue 03 (2010-11-19)
NOTE
A test suite is a collection of test cases. To define a test suite, you need to create a test suite and test cases. You can define different test suites according to the actual situations of operation and maintenance.
17.2.2 Flowchart of Locating Faults

This topic describes the process of locating faults during operation and maintenance through a flowchart. You can use the test diagnosis tool to locate faults during operation and maintenance. Figure 17-2 shows the process of locating faults with the test diagnosis tool. Figure 17-2 Flowchart of locating faults
Start
Find faults
Is the corresponding test suite defined? No Define a test suite
Yes
Manually perform test diagnosis
View and analyze the test results
Locate faults with the Trace Route tool
End
Issue 03 (2010-11-19)
17-9
NOTE
A test suite is a collection of test cases. To define a test suite, you need to create a test suite and test cases. You can define different test suites based on the actual situations of operation and maintenance.
17.3 Common Operations

Common operations of test diagnosis include creating a test suite, test case, and result analysis template, running the test diagnosis tool, and displaying and exporting the running results of the test suite. The following describes the methods of performing these common operations. 17.3.1 Defining a Test Suite A test suite is a collection of test cases. To define a test suite, you need to create a test suite and test cases. You can define different test suites according to the actual situations of operation and maintenance. 17.3.2 Performing Test Diagnosis This topic describes the methods of and the procedures for manually, temporarily, and periodically running a test suite. 17.3.3 Creating a Result Analysis Template This topic describes how to create a result analysis template. A result analysis template is used to analyze the results of running a test case. The analysis results can be used as reference for checking service connectivity. A result analysis template can be used as a policy for determining test results. 17.3.4 Managing History Data This topic describes how to display and export history data with the test diagnosis tool. The running results of all test suites are recorded as history data, which is convenient for you to view result information about the test suites. 17.3.5 Using the Trace Route Tool to Locate Faults This topic describes the application scenario of and the procedure for locating faults with the Trace Route tool. If there are faulty links in the results of test cases, you can use the Trace Route tool to locate faults.
17.3.1 Defining a Test Suite

A test suite is a collection of test cases. To define a test suite, you need to create a test suite and test cases. You can define different test suites according to the actual situations of operation and maintenance. 17.3.1.1 Creating a Test Suite This topic describes how to create a test suite. 17.3.1.2 Creating a Test Case This topic describes how to create a test case.
17.3.1.1 Creating a Test Suite

This topic describes how to create a test suite.
17-10
Issue 03 (2010-11-19)
Procedure
1 Choose Fault > Test Suite from the main menu. 2 On the Test Suite tab, click Create and the Create Test Suite dialog box is displayed. 3 Set the parameters of the test suite. 4 Click OK. ----End
17.3.1.2 Creating a Test Case

This topic describes how to create a test case.
Prerequisite
The test suite for encapsulating the test case must be created.
Context
The procedures for creating various test cases are similar. The following takes the creation of an ICMP ping test case as an example.
Procedure
1 Choose Fault > Test Suite from the main menu. 2 On the Test Suite tab, select the test suite where the test case to be created resides in. 3 On the Test Case tab, select Create > Network Layer Diagnosis > ICMP Ping. The Create ICMP Test Case dialog box is displayed. 4 In the General area, set the general parameters related to the ICMP ping test case. 5 Optional: In the Advanced area, click Advanced. The Advanced Configuration dialog box is displayed. Set the advanced parameters of the test case. Then, Click OK. ----End
Result
The created ICMP ping test case is displayed in the test case list.
17.3.2 Performing Test Diagnosis

This topic describes the methods of and the procedures for manually, temporarily, and periodically running a test suite. 17.3.2.1 Manually Performing Test Diagnosis The manual test diagnosis is usually used to rectify faults or routinely detect connectivity. After the manual test diagnosis, you can use the Trace Route tool to locate the faults or faulty links according to the test results. 17.3.2.2 Running a Temporary Test Case
This topic describes how to run a temporary test case. A temporary test case is used to temporarily test network connectivity. The results of running a temporary test case are not saved in the U2000 database. These results are for temporary viewing only. 17.3.2.3 Periodically Performing Test Diagnosis with Diagnosis Policies This topic describes the application scenario of and the procedure for periodically performing test diagnosis with diagnosis policies.
17.3.2.1 Manually Performing Test Diagnosis

The manual test diagnosis is usually used to rectify faults or routinely detect connectivity. After the manual test diagnosis, you can use the Trace Route tool to locate the faults or faulty links according to the test results.
Prerequisite
A test suite must be defined.
Context
You can manually perform test diagnosis in the following situations: l l Running test suites: Start running all the test suites. The system supports the running of multiple test suites simultaneously. Running test cases: Start one or more test cases in a test suite.
Procedure
1 Choose Fault > Test Suite from the main menu. 2 In the query condition area, set query conditions. Then, click Query. l Running test suites In the query result area of the Test Suite tab page, select one or more test suites, and then click Run. A progress bar is displayed to show the running progress of the test suites. l Running test cases On the Test Case tab page, select one or more test cases, and then click Run. A progress bar is displayed to show the running progress of the test cases. 3 Optional: Select a test case. Then, select Details. You can view the latest configurations of the test case, test results, and details about the result analysis template. ----End
Analyzing Test Results

After the manual performing of test cases, you can determine whether faults exist on the current links according to the test results. If faults still exist, you can locate the faults according to the results of multiple test cases.
17-12
Issue 03 (2010-11-19)
17.3.2.2 Running a Temporary Test Case

This topic describes how to run a temporary test case. A temporary test case is used to temporarily test network connectivity. The results of running a temporary test case are not saved in the U2000 database. These results are for temporary viewing only.
Context
Different from the test case created in a test suite, a temporary test case is usually used to temporarily test the connectivity of network links. The operation of a temporary test case does not require any preparation. You can directly select a temporary test case, set the related parameters, and then run the temporary test case. The operation procedures for different temporary test cases are similar. The following takes a DNS test case as an example.
Procedure
1 Choose Fault > Router/Switch Test from the main menu. 2 In the dialog box that is displayed, choose Application Layer Diagnosis > DNS from the navigation tree. Then, set the parameters related to the DNS. In the Advanced area, click Advanced. In the Advanced Configuration dialog box, set the advanced parameters of the DNS test case. 3 Click Run. 4 The Run Test dialog box is displayed indicating the running results. The progress bar shows the test process. You can click Terminate to stop the test. ----End
17.3.2.3 Periodically Performing Test Diagnosis with Diagnosis Policies

This topic describes the application scenario of and the procedure for periodically performing test diagnosis with diagnosis policies.
Prerequisite
The test suite for periodically performing test diagnosis must be created.
Context
The test diagnosis tool uses a diagnosis policy to run a test suite flexibly on a daily, weekly, or monthly basis. At a specific moment in each specified period, the test diagnosis tool runs test cases in the test suite associated with the diagnosis policy. Figure 17-3 shows the process of periodically performing test diagnosis.
Issue 03 (2010-11-19)
17-13
Figure 17-3 Flowchart of periodically performing test diagnosis

Start
Create diagnosis policy
Associate a test suite
Perform the diagnosis policy
End
Procedure
1 Choose Fault > Test Suite from the main menu. In the dialog box that is displayed, choose Diagnosis Policy from the navigation tree. 2 On the Diagnosis Policy tab page, click Create. The Create Diagnosis Policy dialog box is displayed. 3 In the Create Diagnosis Policy dialog box, set the related parameters. 4 Click Add. Multiple running time points can be added for a diagnosis policy. For example, you can set Period Type to Weekly and Running Time to 08:30 AM from Monday to Friday. 5 Click OK. On the Task Information tab page, details about the test diagnosis tasks are displayed. 6 In the detailed information area, click the Associated Test Suite tab. 7 On the Associated Test Suite tab page, click Bind. 8 In the Select Test Suite dialog box, select the test suite that needs to be associated with. 9 Click OK. 10 On the Diagnosis Policy tab page, select the created diagnosis policy, and then click Run.
NOTE
If you click Run, the diagnosis policy task is started, but the test suite associated with the diagnosis policy is not performed immediately. The test suite associated with the task runs at the specified moment in the set period.
----End
17-14
Issue 03 (2010-11-19)
Analyzing Test Results

The results of running the test suite associated with the diagnosis policy in manual mode and in periodic mode are the same. For details, see 17.3.2.1 Manually Performing Test Diagnosis.
17.3.3 Creating a Result Analysis Template

This topic describes how to create a result analysis template. A result analysis template is used to analyze the results of running a test case. The analysis results can be used as reference for checking service connectivity. A result analysis template can be used as a policy for determining test results.
Procedure
1 Choose Fault > Test Suite from the main menu. In the dialog box that is displayed, choose Template from the navigation tree. 2 Click Create. The Create Template dialog box is displayed. 3 Enter a value in Template Name, select a type as required from the Type drop-down list, and then set the upper threshold and the lower threshold for the specifications. 4 Click OK. ----End
Result
The new result analysis template is displayed in the list.
17.3.4 Managing History Data

This topic describes how to display and export history data with the test diagnosis tool. The running results of all test suites are recorded as history data, which is convenient for you to view result information about the test suites. 17.3.4.1 Viewing History Data The history data is the running record of test suites, which includes information about the manual performance of test suites, periodic performance of test suites with diagnosis policies, and running results of network scanning. 17.3.4.2 Exporting History Data This topic describes how to export history data. The running results of all test suites are recorded as history data. You can export history data to a .csv, .html, .xls, .txt or .pdf file.
17.3.4.1 Viewing History Data

The history data is the running record of test suites, which includes information about the manual performance of test suites, periodic performance of test suites with diagnosis policies, and running results of network scanning.
Issue 03 (2010-11-19)
17-15
Context
When network scanning is performed, the system automatically creates a test suite named defaultNetScan. Thus, the test suite named defaultNetScan in history data is the information about the results of the test suite through network scanning.
Procedure
1 Choose Fault > Test Suite from the main menu. In the dialog box that is displayed, choose History Data from the navigation tree. 2 In the query condition area, click Condition to set the filtering criteria. Then, click Query.
NOTE
You can directly click Query to view all the history data.
In the Test Result column, running the result of the test suite is displayed. The result can be Connected, Disconnected, or Partial Connection. l Connected: indicates that the running results of all the test cases in the test suite are Connected. l Disconnected: indicates that the running results of all the test cases in the test suite are Disconnected. l Partial Connection: indicates that running results of some test cases in the test suite are Connected and some are Disconnected or Operation failed. 3 Optional: In the query result area of the History Data tab, select the required running record of the test suite. On the Test Case tab page, information about the test cases in the test suite and the running results is displayed. In the query result area of the History Data tab page, right-click a test suite and choose View Related Test Suite from the shortcut menu. In the Test Suite dialog box, you can view the recent running records of the test suite related to history records. 4 Optional: Select a test case in the detailed information area. Then, click Details. In the Details dialog box, details about the latest configurations of the test cases, test results, and the result analysis template are displayed. 5 Optional: In the Details dialog box, click Back or Next to view other test cases. Then, click Close. ----End
17.3.4.2 Exporting History Data

This topic describes how to export history data. The running results of all test suites are recorded as history data. You can export history data to a .csv, .html, .xls, .txt or .pdf file.
Procedure
1 Choose Fault > Test Suite from the main menu. In the dialog box that is displayed, choose History Data from the navigation tree. 2 On the History Data tab page, click Query.
3 Click Export Result. 4 In the Export Result dialog box, set Start Row, End Row, and File Name. If the default values are used, all the result information is exported. 5 Click OK. A progress bar is displayed to show the progress of exporting. After data is exported, the system prompts you that the exporting is successful. ----End
17.3.5 Using the Trace Route Tool to Locate Faults

This topic describes the application scenario of and the procedure for locating faults with the Trace Route tool. If there are faulty links in the results of test cases, you can use the Trace Route tool to locate faults.
Context
If there are faulty links in the results of test cases, you can use the Trace Route tool to locate faults. You can use the Trace Route tool to display transit nodes along the channel from the source equipment to the destination equipment. In addition, you can obtain information such as the packet loss ratio and delay from the source equipment to transit nodes. The Trace Route tool is classified into the following types: l l l l l l l ICMP Trace ICMP VRF Trace Multicast Trace Multicast VRF Trace LSP Trace PWE3 Trace VPLS MAC Trace
Each type of the Trace Route tool can be used to trace the corresponding test cases. For example, the ICMP Trace tool can be used to locate network faults of the ICMP ping test cases. The methods of tracing test cases with the three types of the Trace Route tools are similar. The following takes the ICMP Trace tool as an example.
Procedure
1 Choose Fault > Test Suite from the main menu. 2 In the query condition area of the Test Suite tab page, click Query. The eligible test suites are displayed in the query result area. 3 Select the test suite to be traced in the test suite list. 4 On the Test Case tab page, select the test case to be traced. 5 Click Trace Route.
6 Optional: In the Run ICMP Trace dialog box, click Advanced. 7 Optional: In the Advanced dialog box, set the advanced parameters of the ICMP trace test case. Then, click OK. 8 Click Run. In the Run Test Case dialog box, information about the hop-by-hop connectivity of the path from the source equipment to the destination equipment is displayed. ----End
17.4 Performing Network Scanning

This topic describes the application scenario of and the operation of performing network scanning. With this function, you can detect the connectivity of all side-by-side links, RPR links, IP virtual links and LLDP links in the U2000.
Prerequisite
The side-by-side links, RPR links, virtual links or LLDP links must exist on the U2000.
Application Scenario
Network scanning can be used detect the connectivity of all side-by-side links, RPR links, IP virtual links and LLDP links in the U2000 and locate faulty links and faults.
NOTE
The process of network scanning is the running of ICMP Ping test for all side-by-side links, RPR links, IP virtual links and LLDP links.
Procedure
1 Choose Fault > Test Suite from the main menu. In the dialog box that is displayed, choose Network Scan from the navigation tree. 2 Click Synchronization. On the Scan Result tab page, a progress bar is displayed to show the progress of the current operation. After synchronization, all the synchronized side-by-side links, RPR links, IP virtual links and LLDP links are displayed in the network scanning list. 3 Click Start Scan. On the Scan Result tab page, the progress bar shows the progress of the current operation. You can click Stop Scan to stop the current network scanning operation. ----End
Follow-up Procedure
After network scanning, you can view information about the network scanning on the Scan Result tab page. You can also view information about the connectivity of each link in the network scanning list. If faults occur on links, use the Trace Route tool to check the faulty links and locate the faults.
1. 2.
3.
Select the faulty link to be diagnosed. Then, click Trace Route. In the Run ICMP Trace dialog box, click Run. You can click Advanced to set the advanced parameters of an ICMP Trace test case. For the description of parameters, see 17.3.5 Using the Trace Route Tool to Locate Faults. In the Run Test Case dialog box, view running results and the hop-by-hop information about the ICMP Trace test case. During the running of the ICMP Trace test case, you can click Terminate to terminate the test; you can click Cancel to cancel the test and close the dialog box. After the test, you can click Export Result to export result information about network scanning to a specified path and save it.
17.5 Typical Examples for Performing Test Diagnosis Tasks

This topic describes the method of and the procedure for performing test diagnosis tasks with the test diagnosis tool in actual situations by using the related examples. 17.5.1 Example for Detecting Connectivity of the L3VPN This topic describes the method of and the procedure for detecting connectivity of the L3VPN with the test diagnosis tool by using an example.
17.5.1 Example for Detecting Connectivity of the L3VPN

This topic describes the method of and the procedure for detecting connectivity of the L3VPN with the test diagnosis tool by using an example.
Application Scenario
Figure 17-4 shows the networking environment. The remote branches of enterprise A are interconnected through the L3VPN. A VPN is created between PE1 and PE2. CE1 and CE2 are added to the VPN. The network between CE1 and CE2 fails. You need to diagnose faults in the VPN. Figure 17-4 L3VPN networking example
MPLS Core Loopback0 192.2.2.2/32 POS2/0/0 10.1.1.1/24 PE1 GE1/0/0.1 GE1/0/0.1 100.1.1.1/24 POS1/0/0 10.1.1.2/24 P
VPNA
Loopback0 192.4.4.4/32
Loopback0 192.3.3.3/32 POS2/0/0 10.2.2.2/24
POS2/0/0 10.2.2.1/24
GE1/0/0.1 PE2
GE1/0/0.1 100.1.1.2/24
CE1 Site A-1
CE2 Site A-2
Issue 03 (2010-11-19)
17-19
Configuration Roadmap
1. 2. Create a test suite named VPN A. Create a test case according to segmentation and hierarchy. Figure 17-5 shows the process of diagnosing L3VPN faults.
Figure 17-5 Process of diagnosing L3VPN faults

Start
Detect connectivity of the L3VPN service layer Check whether the route forwarding and the configuration of interfaces of AC links from PE to CE1 and from PE2 to CE2 are normal
ACLink Detection Backbone Link Detection
PE1-CE1 /PE2-CE2 ICMP Ping(VRF)? Yes
No
The fault occurs on the AC link in the L3VPN
PE1-PE2 ICMP Ping(VRF)? No
Yes
The L3VPN is normal.The fault may occur at the user side
CE1-CE2 MTU Ping Detect the MTU connectivity based on segmentation
Detect connectivity of the LSP bearing layer The fault occurs in the PE1PE2 segment in the L3VPN Check whether the configuration of L3VPN interfaces and the route forwarding are normal
PE1-PE2 LSP Ping
Yes
No Detect connectivity of public routes PE1-PE2 ICMP Ping Yes
Use the TraceRoute(LSP)tool to decide the network segment where the LSP fault occurs and troubleshoot the fault
No Use the TraceRoute(ICMP)tool to decide the network segment where the L3VPN fault occurs and troubleshoot the fault End
17-20
Issue 03 (2010-11-19)
NOTE
l Yes: indicates that the test result is Connected. l No: indicates that the test result is Disconnected.
(1) Create the test cases of various service layers according to the service bearing relationship of the L3VPN. According to the operation results of the test cases of various service layers, you can determine the layer where the fault occurs. In this example, you need to create ICMP ping (VRF) test cases of the AC between PE1 and CE1 and the AC between PE2 and CE2, to test the connectivity of ACs in the L3VPN. If the AC is abnormal, check the configurations on the interfaces at both ends of the AC to locate the fault. If the AC is normal, create a test case named ICMP ping (VRF) to detect the link between PE1 and PE2. If the link from PE1 to PE2 is abnormal, you need to detect the connectivity of the LSP between PE1 and PE2 through hierarchical diagnosis. Create an LSP ping test case for the LSP between PE1 and PE2. If the LSP is normal, you can determine that the services at the upper layer are abnormal. If the LSP is abnormal, you can continue to check whether public network routes are normal. Using this method, you can determine the exact layer where the fault occurs. (2) Use the Trace Route tool to troubleshoot the fault segment by segment. Use the Trace Route tool (ICMP trace (VRF), LSP trace, and ICMP trace) provided for various service layers to probe the link between PE1 to PE2. If the link can be probed, you can determine the layer where the fault occurs according to the comparison of the detected path and the transmission path with normal services. Then, locate the fault through further detection of the corresponding nodes. If the link path cannot be probed because of reasons such as route convergence, you can locate the fault segment by segment. If the fault still cannot be located, you can seek technical support. 3. Run a test suite, view the test result, and locate the fault.
NOTE
You can create and run test cases step by step as required. You do not need to run test cases after all of them are created.
Data Preparation
l l Name of a test suite Names of test cases
Procedure
1 Create a test suite. 1. 2. 3. 4. Choose Fault > Test Suite from the main menu. The Test Suite tab page is displayed. On the Test Suite tab page, click Create. In the Create Test Suite dialog box, set Name to VPNA and Description to VPNA_Diag. Click OK.
2 Detect the connectivity of the L3VPN service layer.

1. 2. 3.
Create an ICMP VRF ping test case named PE1_CE1_ICMP_VRF with PE1 serving as the source equipment and CE1 serving as the destination equipment. Create an ICMP VRF ping test case named PE2_CE2_ICMP_VRF with PE2 serving as the source equipment and CE2 serving as the destination equipment. Run the test cases PE1_CE1_ICMP_VRF and PE2_CE2_ICMP_VRF. l If the test result is Disconnected, it indicates that the AC is faulty. Check whether the route forwarding and the configurations of interfaces on the ACs between PE1 and CE1 and between PE2 and CE2 are normal. l If the test result is Connected, perform 2.4.
4.
Create an ICMP VRF ping test case named PE1_PE2_ICMP_VR with PE1 serving as the source equipment and PE2 serving as the destination equipment. Run the test case. l If the test result is Disconnected, perform 3 to detect the connectivity of the LSP bearing layer. l If the test result is Connected, it indicates that the L3VPN is normal and the fault may occur at the user side. Create an MTU test case from CE1 to CE2. Then, check whether the fault is caused by the improper MTU at the user side.
3 Detect the connectivity of the LSP bearing layer. 1. 2. Create an LSP ping test case named PE1_PE2_LSP with PE1 serving as the source equipment and PE2 serving as the destination equipment. Run the test case. l If the test result is Disconnected, perform 4. l If the test result is Connected, it indicates that a fault occurs on the network segment between PE1 and PE2 of the L3VPN. You can check whether the configurations of the L3VPN interfaces and the route forwarding are correct. 4 Detect the connectivity of public network routes. 1. 2. Create an ICMP ping test case named PE1_PE2_ICMP with PE1 serving as the source equipment and PE2 serving as the destination equipment. Run the test case. l If the test result is Disconnected, it indicates that the connectivity of the L3VPN is abnormal. You can use the Trace Route (ICMP) tool to locate the fault. l If the test result is Connected, it indicates that the public network LSP is abnormal. You can use the Trace Route (LSP) tool to locate the exact segment of the LSP where the fault occurs. 5 After the fault is located, rectify it. ----End
17-22
Issue 03 (2010-11-19)

OG For Multi-Service Control Gateway NE Management - (V100R002C01 - 03)

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

OG For Multi-Service Control Gateway NE Management - (V100R002C01 - 03)

Enviado por

Direitos autorais:

Formatos disponíveis

iManager U2000 Unified Network Management System V100R002C01

Operation Guide for Multi-service Control Gateway NE Management

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

About This Document

Changes in Issue 03 (2010-11-19) Based on Product Version V100R002C01

Changes in Issue 02 (2010-09-24) Based on Product Version V100R002C01

Changes in Issue 01 (2010-08-16) Based on Product Version V100R002C01

Changes in Issue 01 (2010-04-15) Based on Product Version V100R002C00

Changes in Issue 03 (2010-03-30) Based on Product Version V100R001C00

Changes in Issue 02 (2009-11-26) Based on Product Version V100R001C00

About This Document

Changes in Issue 01 (2009-09-25) Based on Product Version V100R001C00

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6 Ethernet OAM Management....................................................................................................6-1

16 Accessing NEs Through a Tool............................................................................................16-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 Setting Telnet/STelnet Parameters

Setting Telnet/STelnet Parameters

About This Chapter

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1 Setting Telnet/STelnet Parameters

1.1 Configuring a Telnet/STelnet Parameter Template

1.2 Setting Telnet/STelnet Parameters with a Template

3 In the Device Telnet/STelnet Parameter Management dialog box, click Import.

1 Setting Telnet/STelnet Parameters

1.3 Manually Modifying Equipment Telnet/STelnet Parameters

1 Setting Telnet/STelnet Parameters

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2.1 Viewing System Information

2.2 Setting the IP Address of an NE

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2.3 NE Panel Management

2.3.1 Viewing the NE Panel

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2.3.2 Resetting a Card

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2.4 Refreshing Board Information

2.5 Managing Abnormal Resources

2.5.1 Viewing Abnormal Resources

2.5.2 Viewing Dependency Between Abnormal Resources

6 Click OK. The Resource Relationship dialog box is displayed. ----End

2.5.3 Exporting Abnormal Resources

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3.1 Interface Management Overview

3.1.1 Interface Management Functions

3.1.2 Basic Concepts

Ethernet Interface Overview

POS Interface Overview

ATM Interface Overview

Trunk Interface Overview

Loopback Interface Overview