ROUTER CONFIGURATION GUIDE Alcatel-Lucent 7705 SERVICE AGGREGATION ROUTER OS | RELEASE 7.0.R4 ROUTER CONFIGURATION GUIDE Alcatel-Lucent – Proprietary & Confidential Contains proprietary/trade secret information which is the property of Alcatel-Lucent. Not to be made available to, or copied or used by anyone who is not an employee of Alcatel-Lucent except when there is a valid non- disclosure agreement in place which covers such information and contains appropriate non-disclosure and limited use obligations. Copyright © 2015-2016 Alcatel-Lucent. All rights reserved. All specifications, procedures, and information in this document are subject to change and revision at any time without notice. The information contained herein is believed to be accurate as of the date of publication. Alcatel- Lucent provides no warranty, express or implied, regarding its contents. Users are fully responsible for application or use of the documentation. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Copyright 2015-2016 Alcatel-Lucent. All rights reserved. Disclaimers Alcatel-Lucent products are intended for commercial uses. Without the appropriate network design engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life-support machines, or weapons systems, in which the failure of products could lead directly to death, personal injury, or severe physical or environmental damage. The customer hereby agrees that the use, sale, license or other distribution of the products for any such application without the prior written consent of Alcatel-Lucent, shall be at the customer's sole risk. The customer hereby agrees to defend and hold Alcatel-Lucent harmless from any claims for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale, license or other distribution of the products in such applications. This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation. Alcatel-Lucent assumes no responsibility or liability for incorrect or incomplete information provided about non-Alcatel-Lucent products. However, this does not constitute a representation or warranty. The warranties provided for Alcatel-Lucent products, if any, are set forth in contractual documentation entered into by Alcatel-Lucent and its customers. This document was originally written in English. If there is any conflict or inconsistency between the English version and any other version of a document, the English version shall prevail. Table of Contents Preface...................................................................................................................................................15 About This Guide................................................................................................................................................15 Audience.......................................................................................................................................................16 List of Technical Publications........................................................................................................................16 Technical Support.........................................................................................................................................17 Getting Started......................................................................................................................................19 In This Chapter...................................................................................................................................................19 Alcatel-Lucent 7705SAR Router Configuration Process...................................................................................19 IP Router Configuration ......................................................................................................................21 In This Chapter...................................................................................................................................................21 Configuring IP Router Parameters.....................................................................................................................22 Interfaces.......................................................................................................................................................22 Network Interface.....................................................................................................................................23 System Interface......................................................................................................................................27 Unnumbered Interfaces............................................................................................................................28 IP Addresses.................................................................................................................................................29 Internet Protocol Versions.............................................................................................................................30 IPv6 Address Format...............................................................................................................................31 IPv6 Headers...........................................................................................................................................32 Neighbor Discovery..................................................................................................................................34 Router ID.......................................................................................................................................................34 Autonomous Systems...................................................................................................................................35 DHCP and DHCPv6......................................................................................................................................36 DHCP Relay and DHCPv6 Relay.............................................................................................................37 Local DHCP and DHCPv6 Server............................................................................................................38 ICMP and ICMPv6.........................................................................................................................................41 Static Routes, Dynamic Routes, and ECMP.................................................................................................43 Enabling ECMP........................................................................................................................................44 IGP-LDP and Static Route-LDP Synchronization..........................................................................................45 Bidirectional Forwarding Detection (BFD).....................................................................................................46 IP Fast Reroute (FRR)..................................................................................................................................47 ECMP vs FRR..........................................................................................................................................47 IGP Shortcuts (RSVP-TE Tunnels)..........................................................................................................48 IP FRR Configuration...............................................................................................................................48 Configuring Security Parameters........................................................................................................................50 Security Zone Configuration..........................................................................................................................52 Security Session Creation.............................................................................................................................56 Directionally Aware Security Behavior.....................................................................................................58 Application Groups........................................................................................................................................58 Host Groups..................................................................................................................................................58 Security Policy Policing.................................................................................................................................59 Security Profiles............................................................................................................................................59 Profile Timers...........................................................................................................................................59 Application Assurance Parameters..........................................................................................................61 7705 SAR OS Router Configuration Guide 3 Table of Contents Application Level Gateway ......................................................................................................................65 Fragmentation Handling...........................................................................................................................66 Security Policies............................................................................................................................................67 Security Session Resource Alarms...............................................................................................................69 Security Logging............................................................................................................................................70 Firewall Debugging........................................................................................................................................76 NAT Security.................................................................................................................................................77 NAT Zones...............................................................................................................................................77 Dynamic Source NAT ..............................................................................................................................79 Local Traffic and NAT .............................................................................................................................79 Port Forwarding (Static Destination NAT)................................................................................................80 Using the 7705SAR as Residential or Business CPE.......................................................................................82 Router Configuration Process Overview............................................................................................................84 Configuration Notes............................................................................................................................................85 Reference Sources........................................................................................................................................85 Configuring an IP Router with CLI......................................................................................................................87 Router Configuration Overview..........................................................................................................................88 System Interface...........................................................................................................................................88 Network Interface..........................................................................................................................................89 Basic Configuration............................................................................................................................................90 Common Configuration Tasks............................................................................................................................91 Configuring a System Name.........................................................................................................................91 Configuring Router IPv6 Neighbor Discovery Parameters............................................................................92 Configuring Interfaces...................................................................................................................................93 Configuring a System Interface................................................................................................................93 Configuring a Network Interface...............................................................................................................93 Configuring an Unnumbered Interface.....................................................................................................95 Configuring IPv6 Parameters........................................................................................................................95 Configuring Router Advertisement................................................................................................................97 Configuring ECMP.........................................................................................................................................98 Configuring Static Routes..............................................................................................................................99 Configuring or Deriving a Router ID..............................................................................................................99 Configuring an Autonomous System...........................................................................................................100 Configuring ICMP and ICMPv6...................................................................................................................101 Configuring a DHCP Relay Agent...............................................................................................................102 Configuring Proxy ARP...............................................................................................................................103 Configuring a Security Zone........................................................................................................................104 Configuring Security Logging......................................................................................................................106 Rule-Based Security Logging.................................................................................................................106 Zone-Based Security Logging................................................................................................................111 Applying an Application Group and a Host Group to a Security Policy.......................................................116 Service Management Tasks.............................................................................................................................118 Changing the System Name.......................................................................................................................118 Modifying Interface Parameters..................................................................................................................119 Deleting a Logical IP Interface....................................................................................................................120 IP Router Command Reference.......................................................................................................................121 Command Hierarchies.................................................................................................................................121 Configuration Commands......................................................................................................................122 Show Commands...................................................................................................................................130 4 7705 SAR OS Router Configuration Guide Table of Contents Clear Commands...................................................................................................................................131 Debug Commands.................................................................................................................................133 Command Descriptions...............................................................................................................................135 Configuration Commands......................................................................................................................136 Show Commands...................................................................................................................................216 Clear Commands...................................................................................................................................281 Debug Commands.................................................................................................................................288 VRRP ...................................................................................................................................................297 In This Chapter.................................................................................................................................................297 VRRP Overview................................................................................................................................................298 VRRP Components..........................................................................................................................................299 Virtual Router..............................................................................................................................................299 IP Address Owner.......................................................................................................................................299 Primary Address..........................................................................................................................................300 Virtual Router Master..................................................................................................................................300 Owner and Non-owner VRRP.....................................................................................................................301 Configurable Parameters............................................................................................................................301 VRID.......................................................................................................................................................302 Priority....................................................................................................................................................302 IP Addresses..........................................................................................................................................303 Message Interval and Master Inheritance..............................................................................................303 Master Down Interval.............................................................................................................................304 Skew Time.............................................................................................................................................304 Preempt Mode........................................................................................................................................305 VRRP Message Authentication..............................................................................................................305 Virtual MAC Address..............................................................................................................................305 VRRP Advertisement Message IP Address List Verification..................................................................306 Policies...................................................................................................................................................306 VRRP Priority Control Policies.........................................................................................................................307 VRRP Policy Constraints.............................................................................................................................307 VRRP Base Priority.....................................................................................................................................307 VRRP Priority Control Policy In-use Priority................................................................................................308 VRRP Priority Control Policy Priority Events...............................................................................................308 Priority Event Hold-set Timers...............................................................................................................309 Port Down Priority Event........................................................................................................................309 Host Unreachable Priority Event............................................................................................................310 Route Unknown Priority Event...............................................................................................................310 VRRP Non-owner Accessibility........................................................................................................................311 Non-owner Access Ping Reply....................................................................................................................311 Non-owner Access Telnet...........................................................................................................................311 Non-owner Access SSH..............................................................................................................................312 VRRP Configuration Process Overview...........................................................................................................313 Configuration Notes..........................................................................................................................................314 General........................................................................................................................................................314 Configuring VRRP with CLI..............................................................................................................................315 VRRP Configuration Overview.........................................................................................................................316 Preconfiguration Requirements...................................................................................................................316 Basic VRRP Configurations..............................................................................................................................317 7705 SAR OS Router Configuration Guide 5 Table of Contents VRRP Policy................................................................................................................................................317 Deleting a VRRP Policy.........................................................................................................................318 VRRP IES or VPRN Service Parameters....................................................................................................318 Common Configuration Tasks..........................................................................................................................320 Configuring IES/VPRN VRRP Parameters.......................................................................................................321 Configuring VRRP on Subnets....................................................................................................................321 Non-owner VRRP........................................................................................................................................322 Owner VRRP...............................................................................................................................................322 Deleting VRRP on a Service.......................................................................................................................323 VRRP Command Reference............................................................................................................................325 Command Hierarchies.................................................................................................................................325 VRRP Priority Control Event Policy Commands....................................................................................326 VRRP Show Commands........................................................................................................................327 VRRP Monitor Commands.....................................................................................................................327 VRRP Clear Commands........................................................................................................................327 VRRP Debug Commands......................................................................................................................327 Command Descriptions...............................................................................................................................328 Configuration Commands......................................................................................................................329 VRRP Show Commands........................................................................................................................346 VRRP Monitor Commands.....................................................................................................................354 VRRP Clear Commands........................................................................................................................356 VRRP Debug Commands......................................................................................................................357 Filter Policies......................................................................................................................................359 In This Chapter.................................................................................................................................................359 Configuring Filter Policies.................................................................................................................................360 Overview of Filter Policies...........................................................................................................................360 Network and Service (Access) Interface-based Filtering............................................................................363 Policy-Based Routing..................................................................................................................................364 Multi-field Classification (MFC)....................................................................................................................366 VLAN-based Filtering..................................................................................................................................367 Filter Policy Entries......................................................................................................................................368 Applying Filter Policies...........................................................................................................................369 Packet Matching Criteria........................................................................................................................370 Ordering Filter Entries............................................................................................................................373 Filter Log Files.............................................................................................................................................375 Configuration Notes..........................................................................................................................................376 IP Filters......................................................................................................................................................376 IPv6 Filters..................................................................................................................................................377 MAC Filters..................................................................................................................................................377 VLAN Filters................................................................................................................................................378 Filter Logs....................................................................................................................................................378 Reference Sources......................................................................................................................................378 Configuring Filter Policies with CLI...................................................................................................................379 Basic Configuration..........................................................................................................................................380 Common Configuration Tasks..........................................................................................................................381 Creating an IPv4 or IPv6 Filter Policy..........................................................................................................381 IP Filter Policy........................................................................................................................................381 IP Filter Entry.........................................................................................................................................383 6 7705 SAR OS Router Configuration Guide Table of Contents IP Filter Entry Matching Criteria.............................................................................................................384 IP Filter Entry for PBR to a System IP or Loopback Address................................................................386 Creating a MAC Filter Policy.......................................................................................................................388 MAC Filter Policy....................................................................................................................................388 MAC Filter Entry.....................................................................................................................................389 MAC Entry Matching Criteria..................................................................................................................390 Creating a VLAN Filter Policy......................................................................................................................391 VLAN Filter Policy..................................................................................................................................391 VLAN Filter Entry...................................................................................................................................392 VLAN Entry Matching Criteria................................................................................................................393 Configuring Filter Log Policies.....................................................................................................................394 Configuring a NAT Security Profile..............................................................................................................395 Configuring a NAT Security Policy..............................................................................................................396 Applying IP and MAC Filter Policies to a Service........................................................................................398 Applying IP Filter Policies to Network Interfaces ........................................................................................400 Applying VLAN Filter Policies to a Ring Port...............................................................................................401 Filter Management Tasks.................................................................................................................................402 Renumbering Filter Policy Entries...............................................................................................................402 Modifying an IP Filter Policy........................................................................................................................405 Modifying a MAC Filter Policy.....................................................................................................................406 Modifying a VLAN Filter Policy....................................................................................................................407 Removing and Deleting a Filter Policy........................................................................................................408 Removing a Filter from a Service...........................................................................................................408 Removing a Filter from a Network Interface...........................................................................................409 Removing a Filter from a Ring Port........................................................................................................410 Deleting a Filter......................................................................................................................................410 Filter Command Reference..............................................................................................................................411 Command Hierarchies.................................................................................................................................411 Configuration Commands......................................................................................................................412 Show Commands...................................................................................................................................418 Clear Commands...................................................................................................................................419 Monitor Commands................................................................................................................................419 Command Descriptions...............................................................................................................................420 Configuration Commands......................................................................................................................421 Show Commands...................................................................................................................................482 Clear Commands...................................................................................................................................522 Monitor Commands................................................................................................................................525 Route Policies.....................................................................................................................................527 In This Chapter.................................................................................................................................................527 Configuring Route Policies...............................................................................................................................528 Routing Policy and MPLS............................................................................................................................529 Policy Statements........................................................................................................................................529 Default Action Behavior..........................................................................................................................530 Denied IP Prefixes.................................................................................................................................530 Controlling Route Flapping.....................................................................................................................531 Regular Expressions...................................................................................................................................532 Terms.....................................................................................................................................................533 Operators...............................................................................................................................................533 7705 SAR OS Router Configuration Guide 7 Table of Contents Community Expressions..............................................................................................................................537 BGP and OSPF Route Policy Support........................................................................................................538 BGP Route Policies................................................................................................................................539 Readvertised Route Policies..................................................................................................................539 When to Use Route Policies........................................................................................................................539 Route Policy Configuration Process Overview.................................................................................................540 Configuration Notes..........................................................................................................................................541 Reference Sources......................................................................................................................................541 Configuring Route Policies with CLI ................................................................................................................543 Route Policy Configuration Overview...............................................................................................................544 When to Create Routing Policies................................................................................................................544 Default Route Policy Actions.......................................................................................................................545 Policy Evaluation.........................................................................................................................................546 Damping.................................................................................................................................................548 Basic Route Policy Configuration.....................................................................................................................550 Configuring Route Policy Components.............................................................................................................552 Beginning the Policy Statement .................................................................................................................553 Creating a Route Policy...............................................................................................................................553 Configuring a Default Action .......................................................................................................................555 Configuring an Entry....................................................................................................................................556 Configuring an AS Path (policy-option).......................................................................................................558 Configuring a Community List or Expression..............................................................................................558 Configuring Damping...................................................................................................................................559 Configuring a Prefix List..............................................................................................................................560 Configuring PIM Join Policies......................................................................................................................561 Configuring Bootstrap Message Import and Export Policies.......................................................................562 Route Policy Configuration Management Tasks..............................................................................................564 Editing Policy Statements and Parameters.................................................................................................564 Deleting an Entry.........................................................................................................................................565 Deleting a Policy Statement........................................................................................................................566 Route Policy Command Reference..................................................................................................................567 Command Hierarchies.................................................................................................................................567 Route Policy Configuration Commands.................................................................................................568 Show Commands...................................................................................................................................570 Command Descriptions...............................................................................................................................571 Configuration Commands......................................................................................................................572 Show Commands...................................................................................................................................601 Standards and Protocol Support......................................................................................................633 8 7705 SAR OS Router Configuration Guide List of Tables Getting Started......................................................................................................................................19 Table1 Configuration Process ..................................................................................................................19 IP Router Configuration ......................................................................................................................21 Table2 IPv6 Header Field Descriptions ....................................................................................................33 Table3 ICMP Capabilities for IPv4 ...........................................................................................................41 Table4 ICMPv6 Capabilities for IPv6 .......................................................................................................41 Table5 Security Zone Interfaces per Context ..........................................................................................53 Table6 Security Session Type and Session Tuple Signature ...................................................................57 Table7 Security Profile Timers ..................................................................................................................59 Table8 Supported IP Options ...................................................................................................................63 Table9 Security Policy Attributes and Packet Matching Criteria ...............................................................68 Table10 Session Resource Utilization Alarms ............................................................................................70 Table11 Firewall Packet Events .................................................................................................................71 Table12 Firewall Zone Events ...................................................................................................................72 Table13 Firewall Policy Events ..................................................................................................................72 Table14 Firewall Session Events ...............................................................................................................73 Table15 Firewall Application Events .........................................................................................................73 Table16 Firewall ALG Events .....................................................................................................................75 Table17 Route Preference Defaults by Route Type ................................................................................151 Table18 Show ARP Table Output Fields ..................................................................................................217 Table19 Show Authentication Statistics Output Fields .............................................................................218 Table20 Show BFD Interface Output Fields .............................................................................................220 Table21 Show BFD Session Output Fields...............................................................................................220 Table22 Show DHCP Server Associations Output Fields.........................................................................222 Table23 Show DHCP Server Declined Addresses Output Fields .............................................................223 Table24 Show DHCP Server Free Addresses Output Fields ...................................................................224 Table25 Show DHCP Server Lease Output Fields ...................................................................................225 Table26 Show DHCPv6 Server Lease Output Fields ...............................................................................226 Table27 Show DHCP Server Statistics Output Fields ..............................................................................228 Table28 Show DHCPv6 Server Statistics Output Fields...........................................................................230 Table29 Show DHCP Server Subnet Statistics Output Fields ..................................................................232 Table30 Show Extended DHCPv6 Pool Statistics Output Fields ..............................................................233 Table31 Show Extended DHCPv6 Prefix Statistics Output Fields ............................................................235 Table32 Show DHCP Server Summary Output Fields .............................................................................236 Table33 Show DHCPv6 Server Summary Output Fields..........................................................................238 Table34 Show DHCP Server Output Fields ..............................................................................................239 Table35 Show DHCP Statistics Output Fields ..........................................................................................240 Table36 Show DHCPv6 Statistics Output Fields ......................................................................................242 Table37 Show DHCP Summary Output Fields ........................................................................................242 Table38 Show DHCPv6 Summary Output Fields ....................................................................................243 Table39 Show ECMP Settings Output Fields ...........................................................................................244 Table40 Show FIB Output Fields ..............................................................................................................247 Table41 Show ICMPv6 Output Fields .......................................................................................................248 Table42 Show ICMPv6 Interface Output Fields ........................................................................................249 Table43 Show Standard IP Interface Output Fields..................................................................................251 7705 SAR OS Router Configuration Guide 9 List of Tables Table44 Show Summary IP Interfaces Output Fields ...............................................................................252 Table45 Show Detailed IP Interface Output Fields ...................................................................................255 Table46 Show IPv6 Neighbor Output Fields ............................................................................................266 Table47 Show Route-next-hop-policy Template Output Fields ...............................................................267 Table48 Show Standard Route Table Output Fields ...............................................................................269 Table49 Show LFA and Backup Route Table Output Fields ...................................................................270 Table50 Show Router Advertisement Output Fields ................................................................................272 Table51 Show Static ARP Table Output Fields .......................................................................................274 Table52 Show Static Route Table Output Fields .....................................................................................276 Table53 Show Router Status Output Fields..............................................................................................278 Table54 Show Tunnel Table Output Fields ..............................................................................................279 Table55 Show TWAMP Light Output Fields ............................................................................................280 VRRP ...................................................................................................................................................297 Table56 Show VRRP Policy and Policy Event Summary Output Fields ..................................................349 Table57 Show Router VRRP Instance Summary Output Fields ..............................................................352 Filter Policies......................................................................................................................................359 Table58 IP and MAC Filter Support on SAPs ..........................................................................................361 Table59 IP and MAC Filter Support on SDPs ..........................................................................................361 Table60 Routed VPLS Ingress Filter Override Support ...........................................................................361 Table61 IP Filter Policy Criteria ................................................................................................................371 Table62 MAC Filter Policy Criteria ............................................................................................................372 Table63 VLAN Filter Policy Criteria ..........................................................................................................373 Table64 MAC Match Criteria Exclusivity Rules.........................................................................................377 Table65 PBR CSM Extraction Queue Parameters ..................................................................................386 Table66 8-bit mask formats ......................................................................................................................444 Table67 Event Types and Events Supported on 7705SAR Firewalls .....................................................455 Table68 Application Assurance Parameter Default Values .....................................................................459 Table69 Supported IP Options .................................................................................................................461 Table70 Show Filter Output Fields............................................................................................................483 Table71 Show Filter Output Fields (Filter ID Specified) ............................................................................484 Table72 Show Filter Associations Output Fields ......................................................................................487 Table73 Show Filter Counters Output Fields ............................................................................................489 Table74 Show Filter Log Output Fields.....................................................................................................491 Table75 Show Filter Log Bindings ............................................................................................................492 Table76 Show Filter MAC (No Filter- D Specified) ...................................................................................494 Table77 Show Filter MAC (Filter ID Specified) .........................................................................................495 Table78 Show Filter MAC Associations ....................................................................................................497 Table79 Show Filter MAC Counters .........................................................................................................498 Table80 Show Filter VLAN (No Filter Specified) .......................................................................................499 Table81 Show Filter VLAN (Filter ID Specified) ........................................................................................500 Table82 Show Security Log Output Fields ...............................................................................................506 Table83 Show Security Policy Output Fields (Detail) ...............................................................................510 Table84 Show Security Profile Output Fields (Detail) ...............................................................................512 Table85 Show Session Summary Output Fields .....................................................................................515 Route Policies.....................................................................................................................................527 Table86 Regular Expression Operators....................................................................................................533 10 7705 SAR OS Router Configuration Guide