Home » Cisco Manuals » Bridges & Routers » Cisco ASR1006 » Manual Viewer

Cisco ASR1006 Configuration Guide - Page 232

SSO-Aware Protocol and Applications, IPsec Failover, Bidirectional Forwarding Detection - asr bgp show commands

UPC - 882658196423

Add to My Manuals
Save this manual to your list of manuals

Page 232 highlights

IPsec Failover High Availability Overview On the Cisco ASR 1000 Series Router, SSO can also be used to enable a second IOS process on a single RP for a Cisco ASR 1002 or 1004 Router. See the "Second IOS Process on a Cisco ASR 1002 or 1004 Router" section on page 4 for additional information on the second IOS process. It is important to note that in most cases, SSO requires less downtime for switchover and upgrades than RPR. RPR should only be used when there is a compelling reason to not use SSO. For additional information on NSF/SSO, see the Cisco Nonstop Forwarding document. SSO-Aware Protocol and Applications SSO-supported line protocols and applications must be SSO-aware. A feature or protocol is SSO-aware if it maintains, either partially or completely, undisturbed operation through an RP switchover. State information for SSO-aware protocols and applications is synchronized from active to standby to achieve stateful switchover for those protocols and applications. The dynamically created state of SSO-unaware protocols and applications is lost on switchover and must be reinitialized and restarted on switchover. To see which protocols are SSO-aware on your router, use the following commands show redundancy client or show redundancy history. IPsec Failover IPSec failover is a feature that increases the total uptime (or availability) of a customer's IPSec network. Traditionally, this is accomplished by employing a redundant (standby) router in addition to the original (active) router. If the active router becomes unavailable for any reason, the standby router takes over the processing of IKE and IPSec. IPSec failover falls into two categories: stateless failover and stateful failover. The IPsec on the Cisco ASR 1000 Series Router supports only stateless failover. Stateless failover uses protocols such as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and also allows the active and standby VPN gateways to share a common virtual IP address. Bidirectional Forwarding Detection Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators. Because the network administrator can use BFD to detect forwarding path failures at a uniform rate rather than the variable rates for different routing protocol hello mechanisms, network profiling and planning is easier, and reconvergence time is consistent and predictable. On the Cisco ASR 1000 Series Routers, BFD for IPv4 Static Routes and BFD for BGP are supported. For more information on BFD, see the Bidirectional Forwarding Detection document. Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 6

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	15
Objectives	15
Document Revision History	16
Organization	18
Related Documentation	19
Cisco ASR 1000 Series Routers Documentation	19
Conventions	19
Obtaining Documentation and Submitting a Service Request	20
Software Packaging and Architecture	21
Software Packaging on the Cisco ASR 1000 Series Routers	21
ASR 1000 Series Routers Software Overview	21
Consolidated Packages	22
Important Information About Consolidated Packages	22
Individual Software SubPackages Within a Consolidated Package	23
Important Notes About Individual SubPackages	23
Optional Software SubPackages Outside of Consolidated Packages	24
Important Notes About Optional SubPackages	24
Provisioning Files	24
Important Notes About Provisioning Files	25
ROMmon Image	25
File to Upgrade Field Programmable Hardware Devices	25
Processes Overview	26
IOS as a Process	27
Dual IOS Processes	28
File Systems on the Cisco ASR 1000 Series Router	28
Autogenerated File Directories and Files	29
Important Notes About Autogenerated Directories	29
Using Cisco IOS XE Software	31
Accessing the CLI Using a Router Console	31
Accessing the CLI Using a Directly-Connected Console	32
Connecting to the Console Port	32
Using the Console Interface	32
Accessing the CLI from a Remote Console Using Telnet	33
Preparing to Connect to the Router Console Using Telnet	33
Using Telnet to Access a Console Interface	33
Accessing the CLI from a Remote Console Using a Modem	34
Using the Auxiliary Port	34
Using Keyboard Shortcuts	35
Using the History Buffer to Recall Commands	35
Understanding the Command Mode	36
Understanding the Diagnostic Mode	37
Getting Help	38
Finding Command Options	38
Using the no and default Forms of Commands	41
Saving Configuration Changes	42
Managing Configuration Files	42
Filtering the Output of the show and more Commands	43
Powering Off a Router	44
Finding Support Information for Platforms and Cisco Software Images	44
Using the Cisco Feature Navigator	44
Using the Software Advisor	45
Using the Software Release Notes	45
Console Port, Telnet, and SSH Handling	47
Console Port Overview for the Cisco ASR 1000 Series Routers	47
Console Port Handling Overview	47
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	48
Persistent Telnet and Persistent SSH Overview	48
Configuring a Console Port Transport Map	49
Examples	50
Configuring Persistent Telnet	51
Prerequisites	51
Examples	53
Configuring Persistent SSH	54
Examples	56
Viewing Console Port, SSH, and Telnet Handling Configurations	57
Important Notes and Restrictions	62
Consolidated Packages and SubPackages Management	63
Running the Cisco ASR 1000 Series Routers: An Overview	63
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	64
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	64
Running the Cisco ASR 1000 Series Routers: A Summary	65
Software File Management Using Command Sets	66
The request platform Command Set	66
The copy Command	67
The issu Command Set	67
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	68
Quick Start Software Upgrade	68
Managing and Configuring a Router to Run Using a Consolidated Package	69
Managing and Configuring a Consolidated Package Using the copy Command	69
Managing and Configuring a Consolidated Package Using the request platform software package install Command	70
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	72
Extracting a Consolidated Package and Booting Using the Provisioning File	72
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	76
Managing and Configuring a Router to Run Using Optional SubPackages	76
Installing an Optional SubPackage	77
Uninstalling an Optional SubPackage	78
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	80
Upgrading Individual SubPackages	80
Upgrading a SPA SubPackage	81
Software Upgrade Process	83
Contents	84
Prerequisites for Software Upgrade Process	84
ISSU Upgrade for Redundant Platforms	84
Overview of ISSU on the Cisco ASR 1000 Series Routers	84
ISSU Rollback Timer Overview	86
Software Upgrade with Dual IOS Processes on a Single RP Overview	86
Cisco IOS XE Software Package Compatibility for ISSU	86
Restrictions for ISSU	87
ISSU Upgrade Procedures	87
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	88
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	94
In Service One-Shot Software Upgrade Procedure	156
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	156
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	157
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	157
Upgrade Process With Service Impact for Nonredundant Platforms	158
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	159
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	161
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	176
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	201
Additional References	223
Related Documents	224
Standards	224
MIBs	224
RFCs	224
Technical Assistance	224
Feature Information for Software Upgrade Process	225
High Availability Overview	227
Finding Feature Information in This Module	227
Contents	227
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	228
Software Redundancy on the Cisco ASR 1000 Series Routers	229
Software Redundancy Overview	230
Second IOS Process on a Cisco ASR 1002 or 1004 Router	230
Route Processor Redundancy	231
Stateful Switchover	231
SSO-Aware Protocol and Applications	232
IPsec Failover	232
Bidirectional Forwarding Detection	232
Additional References	233
Related Documents	233
Standards	233
MIBs	233
RFCs	233
Technical Assistance	233
Feature Information for High Availability Overview	234
Broadband Scalability and Performance	235
Finding Feature Information in This Module	235
Contents	235
PPP Sessions and L2TP Tunnel Scaling	236
Restrictions for PPP Sessions and L2TP Tunnel Scaling	236
IP Sessions Scaling	237
Layer 4 Redirect Scaling	238
Configuring the Cisco ASR 1000 Series Router for High Scalability	238
Configuring Call Admission Control	239
Control Plane Policing	239
VPDN Group Session Limiting	240
PPPoE Session Limiting	240
Monitoring PPP Sessions Using the SNMP Management Tools	240
Configuring the Access Interface Input and Output Hold Queue	240
Configuring the keepalive Command	240
Scaling the L2TP Tunnel Configurations	241
Using the cisco-avpair=\	241
Enhancing the Scalability of Per-User Configurations	242
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	242
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	242
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	243
Walk-by User Support for PWLAN in ISG	243
Restrictions for Walk-by Session Support for PWLAN in ISG	243
ISG Scaling to Support Lite Sessions	244
Additional References	245
Related Documents	245
Standards	245
MIBs	245
RFCs	245
Technical Assistance	245
Feature Information for Broadband Scalability and Performance	246
Configuring Cisco License Call Home	247
Finding Feature Information in This Module	247
Contents	247
Prerequisites for Cisco License Call Home	248
Restrictions for Cisco License Call Home	248
Informatio n About Cisco License Call Homes	248
Cisco License Call Home Interface	248
How to Configure Cisco License Call Home	249
Installing Licenses or Upgrading Software by Using Cisco License Call Home	249
Rehosting a License by Using Cisco License Call Home	250
Requesting a License Resend by Using Cisco License Call Home	251
Configuration Examples for Cisco License Call Home	252
Example: Installing Licenses or Upgrading Software by Using Cisco License Call Home	252
Example: Rehosting a License by Using Cisco License Call Home	253
Example: Requesting a License Resend by Using Cisco License Call Home	254
Additional References	255
Related Documents	255
Standards	255
MIBs	255
RFCs	255
Technical Assistance	255
Feature Information for Cisco License Call Home	256
Configuring Call Home	257
Contents	257
Information About Call Home	258
Benefits of Using Call Home	258
How to Obtain Smart Call Home Service	259
Prerequisites for Call Home	259
How to Configure Call Home	260
Configuring the Management Interface VRF	260
What To Do Next	261
Configuring a Destination Profile	261
Configuring a Destination Profile to Send Email Messages	262
Configuring a Destination Profile to Send HTTP Messages	266
Working With Destination Profiles	270
Subscribing to Alert Groups	273
Periodic Notification	274
Message Severity Threshold	274
Syslog Pattern Matching	275
Configuring Contact Information	277
Example	278
Configuring the Number of Call Home Messages Sent Per Minute	279
Enabling and Disabling Call Home	279
Sending Call Home Communications Manually	280
Sending a Call Home Test Message Manually	280
Sending Call Home Alert Group Messages Manually	280
Submitting Call Home Analysis and Report Requests	281
Sending the Output of a Command to Cisco or an E-Mail Address	283
How To Configure Call Home to Support the Smart Call Home Service	283
Prerequisites	284
Configure and Enable Call Home	284
Declare and Authenticate a CA Trustpoint	287
Examples	289
Start Smart Call Home Registration	289
What To Do Next	290
Displaying Call Home Configuration Information	290
Examples	291
Default Settings	295
Alert Group Trigger Events and Commands	296
Message Contents	298
Sample Syslog Alert Notification in Long Text Format	302
Sample Syslog Alert Notification in XML Format	306
Additional References	313
Related Documents	314
Standards	314
MIBs	314
RFCs	314
Technical Assistance	315
Feature Information for Call Home	315
Configuring Cisco Right-To-Use License	317
Finding Feature Information	317
Contents	317
Prerequisites for Cisco Right-To-Use License	317
Restrictions for Cisco Right-To-Use License	318
Information About Cisco Right-To-Use License	318
Overview	318
Right-To-Use Supported Software Licenses	318
Evaluation and Right-To-Use Licenses	319
How to Activate an Evaluation License	320
Configuration Examples for Right-To-Use Supported Software Licenses	321
Configuring Throughput	322
Example: Accepting Global EULA	322
Example: Accepting EULA for Software Redundancy License	322
Example: Accepting EULA for Inter-Chassis Redundancy License	323
Example: Accepting EULA for Lawful Intercept License	324
Example: Sample output for Show Commands	325
Sample Output for the show license EULA Command	325
Sample Output for the show license all Command	326
Additional References	327
Related Documents	327
MIBs	327
Technical Assistance	328
Feature Information for Cisco Right-To-Use License	329
Using the Management Ethernet Interface	331
Finding Feature Information in This Module	331
Contents	331
Gigabit Ethernet Management Interface Overview	332
Gigabit Ethernet Port Numbering	332
IP Address Handling in ROMmon and the Management Ethernet Port	332
Gigabit Ethernet Management Interface VRF	333
Common Ethernet Management Tasks	333
Viewing the VRF Configuration	334
Viewing Detailed VRF Information for the Management Ethernet VRF	334
Setting a Default Route in the Management Ethernet Interface VRF	334
Setting the Management Ethernet IP Address	335
Telnetting over the Management Ethernet Interface	335
Pinging over the Management Ethernet Interface	335
Copy Using TFTP or FTP	335
NTP Server	336
SYSLOG Server	336
SNMP-Related Services	336
Domain Name Assignment	336
DNS service	336
RADIUS or TACACS+ Server	336
VTY lines with ACL	337
Additional References	338
Standards	338
MIBs	338
RFCs	338
Technical Assistance	338
Feature Information for Using the Management Ethernet Interface	338
Network Synchronization Support	341
Finding Feature Information in This Module	341
Contents	341
Network Synchronization Overview	342
Synchronization Status Message and Ethernet Synchronization Messaging Channel	345
Synchronization Status Message	345
Ethernet Synchronization Messaging Channel	345
Clock Selection Algorithm	345
Restrictions and Usage Guidelines	346
Configuring Network Synchronization	347
Configuring Clock Recovery from SyncE	347
Configuring Clock Recovery from a BITS Port	348
Configuring Clock Recovery from BITS Port as an Input-Source	348
Configuring Clock Recovery from BITS Port as an Output-Source	349
Configuring SyncE by Using the Line to External Feature	350
Managing Synchronization on the Cisco ASR 1000 Series Router	351
Verifying the Network Synchronization Configuration	352
Troubleshooting the Network Synchronization Configuration	356
Additional References	358
Related Documents	358
Standards	358
MIBs	358
RFCs	358
Technical Assistance	358
Feature Information for Network Synchronization Support	359
Configuring Bridge Domain Interfaces	361
Finding Feature Information	361
Contents	361
Restrictions for Bridge Domain Interfaces	361
Information About Bridge Domain Interfaces	362
Ethernet Virtual Circuit Overview	362
Bridge Domain Interface Encapsulation	363
Assigning a MAC Address	363
Support for IP Protocols	363
Support for IP Forwarding	364
Packet Forwarding	364
Layer 2 to Layer 3	364
Layer 3 to Layer 2	364
Link States of a Bridge Domain and a Bridge Domain Interface	365
BDI Initial State	365
BDI Link State	365
Bridge Domain Interface Statistics	365
Creating or Deleting a Bridge Domain Interface	366
Bridge Domain Interface Scalability	366
How to Configure a Bridge Domain Interface	366
Example	368
Additional References	370
Related Documents	370
Standards	370
MIBs	370
RFCs	370
Technical Assistance	370
Feature Information for Configuring Bridge Domain Interfaces	371
Monitoring and Maintaining Multilink Frame Relay	373
Finding Feature Information in This Module	373
Contents	373
Feature Overview	374
Configuring Multilink Frame Relay	374
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	374
Additional References	375
Related Documents	375
Standards	375
MIBs	375
RFCs	375
Technical Assistance	375
Feature Information for Monitoring and Maintaining Multilink Frame Relay	376
Configuring MPLS Layer 2 VPNs	377
Finding Feature Information	377
Contents	377
Overview of L2VPN Interworking	378
L2VPN Interworking Modes	378
Ethernet or Bridged Interworking	378
IP or Routed Interworking	379
Prerequisites for Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Configuring Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	382
Example: Frame Relay-to-ATM Bridged Interworking on an ATM-PE Router	386
Example: Frame Relay-to-ATM Bridged Interworking on a Frame Relay-PE Router	392
Gigabit EtherChannel for Virtual Private Wire Service	393
Supported Modes	393
GEC Like-to-Like Mode	393
Any-to-GEC Mode	394
Restrictions for Gigabit EtherChannel for Virtual Private Wire Service	394
Configuring Gigabit EtherChannel for Virtual Private Wire Service	395
EtherChannel-to-EtherChannel over MPLS (Bridged) Interworking	395
EtherChannel-to-EtherChannel over MPLS (Routed) Interworking	397
Example: GEC Like-to-Like (Routed) Interworking	399
Any-to-EtherChannel over MPLS (Bridged) Interworking	400
Any-to-EtherChannel over MPLS (Routed) Interworking	402
Additional References	406
Related Documents	406
Standards	406
MIBs	406
RFCs	407
Technical Assistance	407
Feature Information for Configuring MPLS Layer 2 VPNs	407
Glossary	409
Tracing and Trace Management	411
Tracing Overview	411
How Tracing Works	411
Tracing Levels	412
Viewing a Tracing Level	413
Setting a Tracing Level	414
Viewing the Content of the Trace Buffer	415
Configuring and Accessing the Web User Interface	417
Web User Interface Overview	417
Web User Interface General Overview	417
Legacy Web User Interface Overview	418
Graphics-Based Web User Interface Overview	419
Persistent Web User Interface Transport Maps Overview	420
Configuring the Router for Web User Interface Access	421
Authentication and the Web User Interface	423
Domain Name System and the Web User Interface	423
Clocks and the Web User Interface	423
Accessing the Web User Interface	424
Using Auto Refresh	425
Web User Interface Tips and Tricks	426
Unsupported Commands	427
Configuration Examples	431
Configuring the Router to Boot the Consolidated Package on the TFTP Server	431
Copying the Consolidated Package from the TFTP Server to the Router	435
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	436
Extracting the SubPackages from a Consolidated Package into the Same File System	437
Extracting the SubPackages from a Consolidated Package into a Different File System	439
Configuring the Router to Boot Using the SubPackages	440
Backing Up Configuration Files	444
Copying a Startup Configuration File to Bootflash	444
Copying a Startup Configuration File to an USB Flash Disk	444
Copying a Startup Configuration File to a TFTP Server	445
Enabling a Second IOS Process on a Single RP Using SSO	445
ISSU-Consolidated Package Upgrade	449

Match case Limit results 1 per page

High Availability Overview

IPsec Failover

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

On the Cisco ASR 1000 Series Router, SSO can also be used to enable a second IOS process on a single

RP for a Cisco ASR 1002 or 1004 Router. See the

“Second IOS Process on a Cisco ASR 1002 or 1004

Router” section on page 4

for additional information on the second IOS process.

It is important to note that in most cases, SSO requires less downtime for switchover and upgrades than

RPR. RPR should only be used when there is a compelling reason to not use SSO.

For additional information on NSF/SSO, see the

Cisco Nonstop Forwarding

document.

SSO-Aware Protocol and Applications

SSO-supported line protocols and applications must be SSO-aware. A feature or protocol is SSO-aware

if it maintains, either partially or completely, undisturbed operation through an RP switchover. State

information for SSO-aware protocols and applications is synchronized from active to standby to achieve

stateful switchover for those protocols and applications.

The dynamically created state of SSO-unaware protocols and applications is lost on switchover and must

be reinitialized and restarted on switchover.

To see which protocols are SSO-aware on your router, use the

following commands

show redundancy

client

show redundancy history

IPsec Failover

IPSec failover is a feature that increases the total uptime (or availability) of a customer's IPSec network.

Traditionally, this is accomplished by employing a redundant (standby) router in addition to the original

(active) router. If the active router becomes unavailable for any reason, the standby router takes over the

processing of IKE and IPSec. IPSec failover falls into two categories: stateless failover and stateful

failover.

The IPsec on the Cisco ASR 1000 Series Router supports only stateless failover. Stateless failover uses

protocols such as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and

also allows the active and standby VPN gateways to share a common virtual IP address.

Bidirectional Forwarding Detection

Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding

path failure detection times for all media types, encapsulations, topologies, and routing protocols. In

addition to fast forwarding path failure detection, BFD provides a consistent failure detection method

for network administrators. Because the network administrator can use BFD to detect forwarding path

failures at a uniform rate rather than the variable rates for different routing protocol hello mechanisms,

network profiling and planning is easier, and reconvergence time is consistent and predictable.

On the Cisco ASR 1000 Series Routers, BFD for IPv4 Static Routes and BFD for BGP are supported.

For more information on BFD, see the

Bidirectional Forwarding Detection

document.