Deep Packet Inspection
Overview
Deep Packet Inspection (DPI) performs a granular check on the inner headers beyond the MPLS bottom of the label stack (BOS) to load-balance the network traffic. The load balancing key is generated after deep analysis of the MPLS header.
The DPI can be configured in the Qumran1 series platforms, and a system reboot is required after enabling and disabling the feature. In Qumran2 series platforms, it is always enabled by default.
Benefits
The DPI feature optimizes network performance by preventing traffic congestion by distributing traffic across available pathways.
Configuration
This section shows the configuration of the DPI.
Topology
In this topology, the traffic flows from one Provider Edge (PE1) to another Provider Edge router (PE2) through a transit Provider router (P). From P to PE2, there is a Link Aggregation Group (LAG) consisting of xe3, xe5, and xe6 and a physical interface connection through xe15. When DPI is enabled, the traffic is load-balanced through the ECMP next-hops po and (xe15) and also among the LAG member ports (xe3, xe5, and xe6).
T
DPI Configuration
Configuring DPI
Follow the steps to configure the DPI on Qumran1 series platforms.
PE1
1. Configure IP address secondary on loopback.
(config)#interface lo
(config-if)#ip address 3.3.3.3/32 secondary
2. Configure prefix SID on the loopback interface to add the prefix SID global block to forward the packet.
(config)#interface lo
(config-if)#prefix-sid index 3 no-php
3. Configure the ISIS on the node with some paths having the Link Aggregation Group (LAG) member port. This allows the DPI feature to run on the LAG member ports.
(config)#interface po10
(config-if)#load-interval 30
(config-if)#ip address 10.1.1.1/30
(config-if)#mtu 9216
(config-if)#label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 50
(config-if)#exit
(config)#interface xe9
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe10
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe26
(config-if)#channel-group 10 mode active
(config-if)#exit
4. Configure the ISIS on the physical interface.
(config)#interface xe13
(config-if)#load-interval 30
(config-if)#ip address 11.1.1.1/30
(config-if)#mtu 9216
(config-if)#label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 50
5. Configure router ISIS on the loopback interface to advertise it.
(config-if)#interface lo
(config-if)#ip router isis 1
(config-if)#exit
6. Configure the router ISIS sessions to establish the neighborship between the routers.
(config)#router isis 1
(config-router)#is-type level-1-2
(config-router)#metric-style wide
(config-router)#mpls traffic-eng router-id 3.3.3.3
(config-router)#mpls traffic-eng level-1
(config-router)#mpls traffic-eng level-2
(config-router)#capability cspf
(config-router)#bfd all-interfaces
(config-router)#net 49.0001.0000.0001.0003.00
(config-router)#passive-interface lo
7. Enable the Segment Routing (SR), SR entropy, and Topology Independent Loop Free Alternate (TILFA).
(config)#router isis 1
(config-router)#fast-reroute ti-lfa level-1 proto ipv4
(config-router)#fast-reroute ti-lfa level-2 proto ipv4
(config-router)#isis segment-routing global block 20000 23000
(config-router)#segment-routing entropy-label
(config-router)#segment-routing mpls
8. Configure any of the MPLS services. In this configuration, we are configuring L3VPN service.
(config)#ip vrf 1001
(config-vrf)#rd 3.3.3.3:1001
(config-vrf)#route-target both 1001:1001
(config-vrf)#exit
(config)#interface xe6.1001
(config-if)#encapsulation dot1q 1001
(config-if)#load-interval 30
(config-if)#ip vrf forwarding 1001
(config-if)#ip address 201.1.1.1/24
(config-if)#ipv6 address 201::1/64
(config-if)#mtu 9216
(config-if)#exit
(config)#router bgp 65010
(config-router)#bgp router-id 3.3.3.3
(config-router)#neighbor 6.6.6.6 remote-as 65010
(config-router)#neighbor 6.6.6.6 update-source lo
(config-router)#address-family vpnv4 unicast
(config-router-af)#neighbor 6.6.6.6 activate
(config-router-af)#exit-address-family
(config-router)# address-family vpnv6 unicast
(config-router-af)#neighbor 6.6.6.6 activate
(config-router-af)exit-address-family
(config-router)#address-family ipv4 vrf 1001
(config-router-af)redistribute connected
(config-router-af)neighbor 201.1.1.2 remote-as 65011
(config-router-af)neighbor 201.1.1.2 activate
(config-router-af)exit-address-family
(config-router)#address-family ipv6 vrf 1001
(config-router-af)#redistribute connected
(config-router-af)#neighbor 201::2 remote-as 65011
(config-router-af)#neighbor 201::2 activate
(config-router-af)#exit-address-family
9. Enable the SR Equi-Cost-Multiple-Path (ECMP) Forwarding Table Notification (FTN) to load-balance the traffic within the LAG and physical ports.
(config)#mpls ftn-ecmp sr
10. Enable the DPI on Qumran1 series platforms.
(config)#advanced parser enable
Note: DPI is enabled by default on Qumran2 series platforms.
P
1. Configure IP address secondary on the loopback.
P(config)#interface lo
(config-if)#ip address 2.2.2.2/32 secondary
2. Configure prefix SID on the loopback interface to add the prefix SID global block to forward the packet.
(config)#interface lo
(config-if)#prefix-sid index 2 no-php
3. Configure the ISIS on the node with some paths having the Link Aggregation Group (LAG) member port. This allows the DPI feature to run on the LAG member ports.
(config)#interface po10
(config-if)#load-interval 30
(config-if)#ip address 10.1.1.2/30
(config-if)#mtu 9216
(config-if)#label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 50
(config-if)#exit
(config)#interface xe9
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe10
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe26
(config-if)#channel-group 10 mode active
(config-if)#exit
4. Configure the ISIS on the physical interface.
(config)#interface xe13
(config-if)#load-interval 30
(config-if)#ip address 11.1.1.2/30
(config-if)#mtu 9216
(config-if)#label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 50
5. Configure router ISIS on the loopback interface to advertise it.
(config-if)#interface lo
(config-if)#ip router isis 1
(config-if)#exit
6. Configure the router ISIS sessions to establish the neighborship between the routers.
(config)#router isis 1
(config-router)#is-type level-1-2
(config-router)#metric-style wide
(config-router)#mpls traffic-eng router-id 2.2.2.2
(config-router)#mpls traffic-eng level-1
(config-router)#mpls traffic-eng level-2
(config-router)#capability cspf
(config-router)#bfd all-interfaces
(config-router)#net 49.0001.0000.0001.0002.00
(config-router)#passive-interface lo
7. Enable the SR, SR entropy, and TILFA.
(config)#router isis 1
(config-router)#fast-reroute ti-lfa level-1 proto ipv4
(config-router)#fast-reroute ti-lfa level-2 proto ipv4
(config-router)#isis segment-routing global block 20000 23000
(config-router)#segment-routing entropy-label
(config-router)#segment-routing mpls
8. Enable the SR ECMP Incoming Label Map (ILM).
(config)#mpls ilm-ecmp sr
9. Enable the DPI on Qumran1 series platforms.
(config)#advanced parser enable
Note: DPI is enabled by default on Qumran2 series platforms.
PE2
1. Configure IP address secondary on the loopback interface
(config)#interface lo
(config-if)#ip address 6.6.6.6/32 secondary
2. Configure prefix SID on the loopback interface to add the prefix SID global block to forward the packet.
(config)#interface lo
(config-if)#prefix-sid index 6 no-php
3. Configure the ISIS on the node with some paths having the Link Aggregation Group (LAG) member port. This allows the DPI feature to run on the LAG member ports.
(config)#interface po20
(config-if)#load-interval 30
(config-if)#ip address 12.1.1.2/30
(config-if)#mtu 9216
(config-if)#label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 100
(config-if)#exit
(config)#interface xe3
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe5
(config-if)#channel-group 10 mode active
(config-if)#exit
(config)#interface xe6
(config-if)#channel-group 10 mode active
(config-if)#exit
4. Configure the ISIS on the physical interface.
(config)#interface xe15
(config-if)#load-interval 30
(config-if)#ip address 13.1.1.2/30
(config-if)#mtu 9216
(config-if)# label-switching
(config-if)#ip router isis 1
(config-if)#isis wide-metric 100
5. Configure router ISIS on the loopback interface to advertise it.
(config-if)#interface lo
(config-if)#ip router isis 1
(config-if)#exit
6. Configure the router ISIS sessions to establish the neighborship between the routers.
(config)#router isis 1
(config-router)#is-type level-1-2
(config-router)#metric-style wide
(config-router)#mpls traffic-eng router-id 6.6.6.6
(config-router)#mpls traffic-eng level-1
(config-router)#mpls traffic-eng level-2
(config-router)#capability cspf
(config-router)#bfd all-interfaces
(config-router)#net 49.0001.0000.0001.0006.00
(config-router)#passive-interface lo
7. Enable the SR, SR entropy, and TILFA.
(config)#router isis 1
(config-router)#fast-reroute ti-lfa level-1 proto ipv4
(config-router)#fast-reroute ti-lfa level-2 proto ipv4
(config-router)#isis segment-routing global block 20000 23000
(config-router)#segment-routing entropy-label
(config-router)#segment-routing mpls
8. Configure any of the MPLS services. In this configuration, we are configuring L3VPN service.
(config)#ip vrf 1001
(config-vrf)#rd 6.6.6.6:1001
(config-vrf)#route-target both 1001:1001
(config-vrf)#exit
(config)#interface xe2.1001
(config-if)#encapsulation dot1q 1001
(config-if)#load-interval 30
(config-if)#ip vrf forwarding 1001
(config-if)#ip address 101.1.1.1/24
(config-if)#ipv6 address 101::1/64
(config-if)#mtu 9216
(config-if)#exit
(config)#router bgp 65010
(config-router)#bgp router-id 6.6.6.6
(config-router)#neighbor 3.3.3.3 remote-as 65010
(config-router)#neighbor 3.3.3.3 update-source lo
(config-router)#address-family vpnv4 unicast
(config-router-af)#neighbor 3.3.3.3 activate
(config-router-af)#exit-address-family
(config-router)#address-family vpnv6 unicast
(config-router-af)#neighbor 3.3.3.3 activate
(config-router-af)#exit-address-family
(config-router)#address-family ipv4 vrf 1001
(config-router-af)#redistribute connected
(config-router-af)#neighbor 101.1.1.2 remote-as 65011
(config-router-af)#neighbor 101.1.1.2 activate
(config-router-af)#exit-address-family
(config-router)# address-family ipv6 vrf 1001
(config-router-af)#redistribute connected
(config-router-af)#neighbor 101::2 remote-as 65011
(config-router-af)#neighbor 101::2 activate
(config-router-af)#exit-address-family
9. Enable the SR ECMP FTN to load-balance the traffic within the LAG and physical ports.
(config)#mpls ftn-ecmp sr
10. Enable the DPI on Qumran1 series platforms.
(config)#advanced parser enable
Note: DPI is enabled by default on Qumran2 series platforms.
Running configurations
The running configuration for the PE1 is as follows:
#show running-config
!
mpls ftn-ecmp sr
!
ip vrf 1001
rd 3.3.3.3:1001
route-target both 1001:1001
!
interface po10
load-interval 30
ip address 10.1.1.1/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 50
!
interface lo
ip address 127.0.0.1/8
ip address 3.3.3.3/32 secondary
ipv6 address ::1/128
prefix-sid index 3 no-php
!
interface xe6.1001
encapsulation dot1q 1001
load-interval 30
ip vrf forwarding 1001
ip address 201.1.1.1/24
ipv6 address 201::1/64
mtu 9216
!
interface xe9
channel-group 10 mode active
!
interface xe10
channel-group 10 mode active
!
interface xe13
load-interval 30
ip address 11.1.1.1/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 50
!
interface xe26
channel-group 10 mode active
!
router isis 1
is-type level-1-2
metric-style wide
mpls traffic-eng router-id 3.3.3.3
mpls traffic-eng level-1
mpls traffic-eng level-2
capability cspf
fast-reroute ti-lfa level-1 proto ipv4
fast-reroute ti-lfa level-2 proto ipv4
bfd all-interfaces
net 49.0001.0000.0001.0003.00
passive-interface lo
isis segment-routing global block 20000 23000
segment-routing entropy-label
segment-routing mpls
!
router bgp 65010
bgp router-id 3.3.3.3
neighbor 6.6.6.6 remote-as 65010
neighbor 6.6.6.6 update-source lo
!
address-family vpnv4 unicast
neighbor 6.6.6.6 activate
exit-address-family
!
address-family vpnv6 unicast
neighbor 6.6.6.6 activate
exit-address-family
!
address-family ipv4 vrf 1001
redistribute connected
neighbor 201.1.1.2 remote-as 65011
neighbor 201.1.1.2 activate
exit-address-family
!
address-family ipv6 vrf 1001
redistribute connected
neighbor 201::2 remote-as 65011
neighbor 201::2 activate
exit-address-family
The running configuration for the P is as follows:
advanced parser enable
!
mpls ilm-ecmp sr
!
interface po10
load-interval 30
ip address 10.1.1.2/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 50
!
interface po20
load-interval 30
ip address 12.1.1.1/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 100
!
interface lo
ip address 127.0.0.1/8
ip address 2.2.2.2/32 secondary
ipv6 address ::1/128
prefix-sid index 2 no-php
ip router isis 1
!
interface xe3
channel-group 20 mode active
!
interface xe5
channel-group 20 mode active
!
interface xe6
channel-group 20 mode active
!
interface xe9
channel-group 10 mode active
!
interface xe10
channel-group 10 mode active
!
interface xe13
load-interval 30
ip address 11.1.1.2/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 50
!
interface xe15
load-interval 30
ip address 13.1.1.1/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 100
!
interface xe26
channel-group 10 mode active
!
router isis 1
is-type level-1-2
metric-style wide
mpls traffic-eng router-id 2.2.2.2
mpls traffic-eng level-1
mpls traffic-eng level-2
capability cspf
fast-reroute ti-lfa level-1 proto ipv4
fast-reroute ti-lfa level-2 proto ipv4
bfd all-interfaces
net 49.0001.0000.0001.0002.00
passive-interface lo
isis segment-routing global block 20000 23000
segment-routing entropy-label
segment-routing mpls
The running configuration for the PE2 is as follows:
mpls ftn-ecmp sr
!
ip vrf 1001
rd 6.6.6.6:1001
route-target both 1001:1001
!
interface po20
load-interval 30
ip address 12.1.1.2/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 100
!
interface lo
ip address 127.0.0.1/8
ip address 6.6.6.6/32 secondary
ipv6 address ::1/128
prefix-sid index 6 no-php
ip router isis 1
!
interface xe2.1001
encapsulation dot1q 1001
load-interval 30
ip vrf forwarding 1001
ip address 101.1.1.1/24
ipv6 address 101::1/64
mtu 9216
!
interface xe3
channel-group 20 mode active
!
interface xe5
channel-group 20 mode active
!
interface xe6
channel-group 20 mode active
!
interface xe15
load-interval 30
ip address 13.1.1.2/30
mtu 9216
label-switching
ip router isis 1
isis wide-metric 100
!
router isis 1
is-type level-1-2
metric-style wide
mpls traffic-eng router-id 6.6.6.6
mpls traffic-eng level-1
mpls traffic-eng level-2
capability cspf
fast-reroute ti-lfa level-1 proto ipv4
fast-reroute ti-lfa level-2 proto ipv4
bfd all-interfaces
net 49.0001.0000.0001.0006.00
passive-interface lo
isis segment-routing global block 20000 23000
segment-routing entropy-label
segment-routing mpls
!
router bgp 65010
bgp router-id 6.6.6.6
neighbor 3.3.3.3 remote-as 65010
neighbor 3.3.3.3 update-source lo
!
address-family vpnv4 unicast
neighbor 3.3.3.3 activate
exit-address-family
!
address-family vpnv6 unicast
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv4 vrf 1001
redistribute connected
neighbor 101.1.1.2 remote-as 65011
neighbor 101.1.1.2 activate
exit-address-family
!
address-family ipv6 vrf 1001
redistribute connected
neighbor 101::2 remote-as 65011
neighbor 101::2 activate
exit-address-family
!
Validation
Validate the show output after configuration as shown below.
PE1
OcNOS#show clns neighbors
Total number of L1 adjacencies: 2
Total number of L2 adjacencies: 2
Total number of adjacencies: 4
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
0000.0001.0002 xe13 80a2.35ec.d66f Up 26 L1 IS-IS
Up 26 L2 IS-IS
0000.0001.0002 po10 80a2.35ec.d699 Up 20 L1 IS-IS
Up 20 L2 IS-IS
PE1#show mpls ilm-table
Codes: > - installed ILM, * - selected ILM, p - stale ILM, ! - using backup
K - CLI ILM, T - MPLS-TP, s - Stitched ILM
S - SNMP, L - LDP, R - RSVP, C - CRLDP
B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT
O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI
P - SR Policy, U - unknown
ILM-ECMP LDP: Disabled, SR: Disabled
Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf/VRF Nexthop pri UpTime
i> 3.3.3.3/32 5 20003 Nolabel N/A N/A 127.0.0.1 Yes 00:06:41
i> 2.2.2.2/32 2 20002 20002 N/A xe13 11.1.1.2 Yes 00:00:47
20002 3 N/A po10 10.1.1.2 No -
20002 20002 N/A po10 10.1.1.2 Yes -
20002 3 N/A xe13 11.1.1.2 No -
i> 11.1.1.2/32 1 25600 3 N/A xe13 11.1.1.2 Yes 00:00:47
25600 20002 N/A po10 10.1.1.2 No -
i> 6.6.6.6/32 3 20006 20006 N/A xe13 11.1.1.2 Yes 00:00:47
20006 20006 N/A po10 10.1.1.2 No -
20006 20006 N/A po10 10.1.1.2 Yes -
20006 20006 N/A xe13 11.1.1.2 No -
i> 10.1.1.2/32 4 25601 3 N/A po10 10.1.1.2 Yes 00:00:44
25601 20002 N/A xe13 11.1.1.2 No -
PE1#show mpls ftn-table
Primary FTN entry with FEC: 2.2.2.2/32, id: 1, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:47, UpTime: 00:07:47, LastUpdate: 00:07:34
Owner: ISIS-SR, distance: 115, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 2 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 2, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: xe13, out label: 20002
Nexthop addr: 11.1.1.2 cross connect ix: 4, op code: Push
Backup Cross connect ix: 1, in intf: - in label: 0 out-segment ix: 19 bypass ftn-ix: 4
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 19, owner: N/A, Stale: NO, refcount: 4, out intf: po10, out label: 3
Nexthop addr: 10.1.1.2 cross connect ix: 1, op code: Push
Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 3 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 3, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: po10, out label: 20002
Nexthop addr: 10.1.1.2 cross connect ix: 4, op code: Push
Backup Cross connect ix: 2, in intf: - in label: 0 out-segment ix: 17 bypass ftn-ix: 3
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 17, owner: N/A, Stale: NO, refcount: 4, out intf: xe13, out label: 3
Nexthop addr: 11.1.1.2 cross connect ix: 2, op code: Push
Primary FTN entry with FEC: 2.2.2.2/32, id: 3, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:39, UpTime: 00:07:39, LastUpdate: N/A
Owner: ISIS-SR, distance: 115, Action-type: Redirect to Tunnel, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 2201, Protected LSP id: 0, LSP-type: Bypass, QoS Resource id: 0, Description: N/A, , Color: 0
Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 2 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 2, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: xe13, out label: 20002
Nexthop addr: 11.1.1.2 cross connect ix: 4, op code: Push
Primary FTN entry with FEC: 2.2.2.2/32, id: 4, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:39, UpTime: 00:07:39, LastUpdate: N/A
Owner: ISIS-SR, distance: 115, Action-type: Redirect to Tunnel, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 2202, Protected LSP id: 0, LSP-type: Bypass, QoS Resource id: 0, Description: N/A, , Color: 0
Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 3 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 3, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: po10, out label: 20002
Nexthop addr: 10.1.1.2 cross connect ix: 4, op code: Push
Primary FTN entry with FEC: 6.6.6.6/32, id: 2, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:47, UpTime: 00:07:47, LastUpdate: 00:07:34
Owner: ISIS-SR, distance: 115, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 21 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 21, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: xe13, out label: 20006
Nexthop addr: 11.1.1.2 cross connect ix: 3, op code: Push
Backup Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 9 bypass ftn-ix: 4
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 9, owner: ISIS-SR, Stale: NO, refcount: 8, out intf: po10, out label: 20006
Nexthop addr: 10.1.1.2 cross connect ix: 3, op code: Push
Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 9 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 9, owner: ISIS-SR, Stale: NO, refcount: 8, out intf: po10, out label: 20006
Nexthop addr: 10.1.1.2 cross connect ix: 3, op code: Push
Backup Cross connect ix: 6, in intf: - in label: 0 out-segment ix: 21 bypass ftn-ix: 3
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 21, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: xe13, out label: 20006
Nexthop addr: 11.1.1.2 cross connect ix: 3, op code: Push
PE1#
PE1#show mpls vrf-forwarding-table
Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup, B - BGP FTN
(m) - Service mapped over multipath transport
(e) - Service mapped over LDP ECMP or SR ECMP
Code FEC FTN-ID VRF-ID Nhlfe-ID Pri Out-Label Out-Intf Nexthop UpTime
B> 101.1.1.0/24 2 2 4 Yes 25600 - 6.6.6.6 00:02:07
B> 101::/64 1 2 4 Yes 25600 - 6.6.6.6 00:02:07
PE1#show mpls vrf-table
Output for IPv4 VRF table with id: 2 (fib_id: 2)
Primary FTN entry with FEC: 101.1.1.0/24, id: 2, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:02:12, UpTime: 00:02:12, LastUpdate: N/A
Owner: BGP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
VRF id 2, FIB id 2, BGP peer 6.6.6.6 BGP prefix 101.1.1.0
Transport Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 4 refcount: 2
Owner: BGP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 4, owner: BGP, Stale: NO, refcount: 1, BGP out intf: xe13, transport out intf: xe13, out label: 25600
Nexthop addr: 6.6.6.6 cross connect ix: 7, op code: Push and Lookup
Output for IPv6 VRF table with id: 2 (fib_id: 2)
Primary FTN entry with FEC: 101::/64, id: 1, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:02:12, UpTime: 00:02:12, LastUpdate: N/A
Owner: BGP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
VRF id 2, FIB id 2, BGP peer 606:606:: BGP prefix 101::
Transport Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 4 refcount: 2
Owner: BGP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 4, owner: BGP, Stale: NO, refcount: 1, BGP out intf: xe13, transport out intf: xe13, out label: 25600
Nexthop addr: 6.6.6.6 cross connect ix: 7, op code: Push and Lookup
PE1#show etherchannel summary
Aggregator po10 100010
Aggregator Type: Layer3
Admin Key: 0010 - Oper Key 0010
Link: xe9 (10030) sync: 1
Link: xe10 (10031) sync: 1
Link: xe26 (10047) sync: 1
PE1#show int counters rate mbps
+-------------------+--------------+-------------+--------------+--------- ----+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pp s |
+-------------------+--------------+-------------+--------------+--------- ----+
po10 46.72 4146 93.44 8279
xe6 42.79 3820 19.62 1751
xe6.1001 200.52 17892 91.88 8203
xe9 16.12 1430 28.98 2566
xe10 15.13 1343 29.60 2623
xe13 44.09 3906 87.51 7747
xe26 15.47 1372 34.86 3089
P
OcNOS#show clns neighbors
Total number of L1 adjacencies: 4
Total number of L2 adjacencies: 4
Total number of adjacencies: 8
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
0000.0001.0003 xe13 e8c5.7a11.9e64 Up 7 L1 IS-IS
Up 7 L2 IS-IS
0000.0001.0006 xe15 e8c5.7a8b.5146 Up 8 L1 IS-IS
Up 8 L2 IS-IS
0000.0001.0003 po10 e8c5.7a11.9e73 Up 8 L1 IS-IS
Up 8 L2 IS-IS
0000.0001.0006 po20 e8c5.7a8b.5155 Up 7 L1 IS-IS
Up 7 L2 IS-IS
P#
P#show mpls ilm-table
Codes: > - installed ILM, * - selected ILM, p - stale ILM, ! - using backup
K - CLI ILM, T - MPLS-TP, s - Stitched ILM
S - SNMP, L - LDP, R - RSVP, C - CRLDP
B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT
O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI
P - SR Policy, U - unknown
ILM-ECMP LDP: Disabled, SR: Enabled
Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf/VRF Nexthop pri UpTime
i> 11.1.1.1/32 2 25600 3 N/A xe13 11.1.1.1 Yes 00:01:19
25600 20003 N/A po10 10.1.1.1 No -
i> 3.3.3.3/32 6 20003 20003 N/A po10 10.1.1.1 Yes 00:01:04
20003 3 N/A xe13 11.1.1.1 No -
20003 20003 N/A xe13 11.1.1.1 Yes -
20003 3 N/A po10 10.1.1.1 No -
i> 2.2.2.2/32 1 20002 Nolabel N/A N/A 127.0.0.1 Yes 00:01:40
i> 6.6.6.6/32 7 20006 20006 N/A po20 12.1.1.2 Yes 00:01:04
20006 3 N/A xe15 13.1.1.2 No -
20006 20006 N/A xe15 13.1.1.2 Yes -
20006 3 N/A po20 12.1.1.2 No -
i> 12.1.1.2/32 4 25602 3 N/A po20 12.1.1.2 Yes 00:01:17
25602 20006 N/A xe15 13.1.1.2 No -
i> 13.1.1.2/32 3 25601 3 N/A xe15 13.1.1.2 Yes 00:01:18
25601 20006 N/A po20 12.1.1.2 No -
i> 10.1.1.1/32 5 25603 3 N/A po10 10.1.1.1 Yes 00:01:16
25603 20003 N/A xe13 11.1.1.1 No -
P#show etherchannel summary
Aggregator po10 100010
Aggregator Type: Layer3
Admin Key: 0010 - Oper Key 0010
Link: xe9 (10009) sync: 1
Link: xe10 (10010) sync: 1
Link: xe26 (10026) sync: 1
--------------------------------------
Aggregator po20 100020
Aggregator Type: Layer3
Admin Key: 0020 - Oper Key 0020
Link: xe3 (10003) sync: 1
Link: xe5 (10005) sync: 1
Link: xe6 (10006) sync: 1
P#show int counters rate mbps
+-------------------+--------------+-------------+--------------+--------- ----+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pp s |
+-------------------+--------------+-------------+--------------+--------- ----+
po10 95.23 8438 47.61 4225
po20 45.30 4018 89.16 7903
xe3 12.12 1073 31.17 2762
xe5 13.75 1220 29.17 2585
xe6 19.44 1725 28.82 2555
xe9 29.54 2615 16.42 1457
xe10 30.16 2673 15.42 1369
xe13 89.18 7895 44.93 3980
xe15 47.31 4188 95.18 8428
xe26 35.52 3148 15.77 1398
PE2
OcNOS#show mpls forwarding-table
Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup
B - BGP FTN, K - CLI FTN, (t) - tunnel, P - SR Policy FTN, (b) - bypass,
L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
U - unknown FTN, O - SR-OSPF FTN, i - SR-ISIS FTN, k - SR-CLI FTN
(m) - FTN mapped over multipath transport, (e) - FTN is ECMP
FTN-ECMP LDP: Disabled, SR: Enabled
Code FEC FTN-ID Nhlfe-ID Tunnel-ID Pri Out-Label Out-Intf ELC Nexthop UpTime
i> 2.2.2.2/32 1 51 - (e) - - - - 00:01:40
1 0 Yes 20002 xe15 Yes 13.1.1.1 -
4 - No 3 po20 Yes 12.1.1.1 -
2 0 Yes 20002 po20 Yes 12.1.1.1 -
3 - No 3 xe15 Yes 13.1.1.1 -
i(b)> 2.2.2.2/32 3 2 2201 Yes 20002 po20 No 12.1.1.1 00:01:38
i(b)> 2.2.2.2/32 4 1 2202 Yes 20002 xe15 No 13.1.1.1 00:01:38
i> 3.3.3.3/32 2 53 - (e) - - - - 00:01:40
16 0 Yes 20003 xe15 Yes 13.1.1.1 -
17 - No 20003 po20 Yes 12.1.1.1 -
17 0 Yes 20003 po20 Yes 12.1.1.1 -
16 - No 20003 xe15 Yes 13.1.1.1 -
PE2#show mpls ftn-table
Primary FTN entry with FEC: 2.2.2.2/32, id: 1, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:08:00, UpTime: 00:08:00, LastUpdate: 00:07:39
Owner: ISIS-SR, distance: 115, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 1 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 1, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: xe15, out label: 20002
Nexthop addr: 13.1.1.1 cross connect ix: 5, op code: Push
Backup Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 4 bypass ftn-ix: 3
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 4, owner: N/A, Stale: NO, refcount: 4, out intf: po20, out label: 3
Nexthop addr: 12.1.1.1 cross connect ix: 3, op code: Push
Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 2 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 2, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: po20, out label: 20002
Nexthop addr: 12.1.1.1 cross connect ix: 5, op code: Push
Backup Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 3 bypass ftn-ix: 4
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 3, owner: N/A, Stale: NO, refcount: 4, out intf: xe15, out label: 3
Nexthop addr: 13.1.1.1 cross connect ix: 4, op code: Push
Primary FTN entry with FEC: 2.2.2.2/32, id: 3, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:58, UpTime: 00:07:58, LastUpdate: N/A
Owner: ISIS-SR, distance: 115, Action-type: Redirect to Tunnel, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 2201, Protected LSP id: 0, LSP-type: Bypass, QoS Resource id: 0, Description: N/A, , Color: 0
Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 2 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 2, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: po20, out label: 20002
Nexthop addr: 12.1.1.1 cross connect ix: 5, op code: Push
Primary FTN entry with FEC: 2.2.2.2/32, id: 4, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:07:58, UpTime: 00:07:58, LastUpdate: N/A
Owner: ISIS-SR, distance: 115, Action-type: Redirect to Tunnel, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 2202, Protected LSP id: 0, LSP-type: Bypass, QoS Resource id: 0, Description: N/A, , Color: 0
Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 1 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 1, owner: ISIS-SR, Stale: NO, refcount: 7, out intf: xe15, out label: 20002
Nexthop addr: 13.1.1.1 cross connect ix: 5, op code: Push
Primary FTN entry with FEC: 3.3.3.3/32, id: 2, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:08:00, UpTime: 00:08:00, LastUpdate: 00:07:39
Owner: ISIS-SR, distance: 115, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 16 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 16, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: xe15, out label: 20003
Nexthop addr: 13.1.1.1 cross connect ix: 7, op code: Push
Backup Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 17 bypass ftn-ix: 3
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 17, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: po20, out label: 20003
Nexthop addr: 12.1.1.1 cross connect ix: 7, op code: Push
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 17 refcount: 1
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 17, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: po20, out label: 20003
Nexthop addr: 12.1.1.1 cross connect ix: 7, op code: Push
Backup Cross connect ix: 8, in intf: - in label: 0 out-segment ix: 16 bypass ftn-ix: 4
Owner: ISIS-SR, Persistent: No, Admin Status: Up, Oper Status: Up
State: Active
Out-segment with ix: 16, owner: ISIS-SR, Stale: NO, refcount: 6, out intf: xe15, out label: 20003
Nexthop addr: 13.1.1.1 cross connect ix: 7, op code: Push
PE2#show mpls vrf-forwarding-table
Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup, B - BGP FTN
(m) - Service mapped over multipath transport
(e) - Service mapped over LDP ECMP or SR ECMP
Code FEC FTN-ID VRF-ID Nhlfe-ID Pri Out-Label Out-Intf Nexthop UpTime
B> 201.1.1.0/24 2 2 7 Yes 26240 - 3.3.3.3 00:01:07
B> 201::/64 1 2 7 Yes 26240 - 3.3.3.3 00:01:07
PE2#show mpls vrf-table
Output for IPv4 VRF table with id: 2 (fib_id: 2)
Primary FTN entry with FEC: 201.1.1.0/24, id: 2, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:02:23, UpTime: 00:02:23, LastUpdate: N/A
Owner: BGP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
VRF id 2, FIB id 2, BGP peer 3.3.3.3 BGP prefix 201.1.1.0
Transport Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 9, in intf: - in label: 0 out-segment ix: 7 refcount: 2
Owner: BGP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 7, owner: BGP, Stale: NO, refcount: 1, BGP out intf: xe15, transport out intf: xe15, out label: 26240
Nexthop addr: 3.3.3.3 cross connect ix: 9, op code: Push and Lookup
Output for IPv6 VRF table with id: 2 (fib_id: 2)
Primary FTN entry with FEC: 201::/64, id: 1, row status: Active, Tunnel-Policy: N/A, State: Installed
CreateTime: 00:02:23, UpTime: 00:02:23, LastUpdate: N/A
Owner: BGP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
VRF id 2, FIB id 2, BGP peer 303:303:: BGP prefix 201::
Transport Tunnel id: 0, Protected LSP id: 0, LSP-type: Primary, Description: N/A, , Color: 0
Cross connect ix: 9, in intf: - in label: 0 out-segment ix: 7 refcount: 2
Owner: BGP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 7, owner: BGP, Stale: NO, refcount: 1, BGP out intf: xe15, transport out intf: xe15, out label: 26240
Nexthop addr: 3.3.3.3 cross connect ix: 9, op code: Push and Lookup
PE2#show etherchannel summary
Aggregator po20 100020
Aggregator Type: Layer3
Admin Key: 0020 - Oper Key 0020
Link: xe3 (10010) sync: 1
Link: xe5 (10012) sync: 1
Link: xe6 (10013) sync: 1
PE2#show int counters rate mbps
+-------------------+--------------+-------------+--------------+--------- ----+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pp s |
+-------------------+--------------+-------------+--------------+--------- ----+
po20 87.50 7757 44.46 3944
xe2 42.81 3822 39.18 3498
xe2.1001 201.01 17885 183.04 16342
xe3 30.59 2711 11.89 1053
xe5 28.63 2537 13.49 1198
xe6 28.29 2508 19.08 1693
xe15 93.41 8272 46.42 4110
DPI Command
The DPI feature introduces the following configuration command.
advanced parser enable
Use this command to enable the DPI on Qumran1 series platforms.
Command Syntax
advanced parser enable
Parameters
None
Default
None
Command Mode
Configure mode
Applicability
Introduced in OcNOS version 6.5.3 and applicable to Qumran1 series platforms.
Example
This example shows how to enable the DPI on Qumran1 series platforms:
OcNOS#configure terminal
OcNOS#(config)#advanced parser enable
OcNOS#(config)#commit
Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:
Key Terms/Acronym | Description |
ECMP | Equal-Cost-Multiple-Path (ECMP) is a network routing technique that uses multiple paths when the paths have equal cost for packet transfer. |
FTN | FEC to NHLFE Map is a networking concept that maps the incoming packet to the relevant routing path using the forwarding table. |
ILM | Incoming Label Map (ILM) is a networking concept that checks the incoming packet labels and identifies the appropriate outgoing labels for the next hop. |
ISIS | Intermediate System to Intermediate System (IS-IS) is an Interior Gateway Protocol used in computer networks to route data within an autonomous system. |
LAG | Link Aggregation Group (LAG) is a collection of multiple network connections into a single logical link. This networking technique enhances bandwidth, provides redundancy, and improves fault tolerance. |
MPLS | Multi-Protocol Label Switching (MPLS) is a networking protocol that labels the packet to direct traffic through a network. |
MPLS header | MPLS header is a 32-bit header containing 20-bit MPLS label value and other related information. |
SR | Segment routing is a technique where the sender of a packet can partially or entirely specify a route in a network through which a packet is sent. It is a form of source routing where nodes and links are represented as segments. |
SR entropy | Segment Routing Entropy is a mechanism in SR that enables load-balancing across multiple paths. |
TILFA | Topology Independent Loop Free Alternate (TILFA) paths are redundant backup paths that transfer the data packet without looping back to the source. |