Upload
lehanh
View
221
Download
3
Embed Size (px)
Citation preview
PrefaceMaintenance ExperienceEditorial Committee
Maintenance ExperienceNewsroom
Address: ZTE Plaza, Keji Road South, Hi-Tech
Industrial Park, Nanshan District,
Shenzhen, P.R.China
Postal code: 518057
Contact: Song Chunping
Email: [email protected]
Tel: +86-755-26770600, 26771195
Fax: +86-755-26772236
Document support mail box: [email protected]
Technical support website: http://ensupport.zte.
com.cn
Maintenance Experience Editorial CommitteeZTE CorporationAugust, 2008
In this issue of ZTE's "Maintenance Experience", we continue to pass on various field reports and resolutions that are gathered by ZTE engineers and technicians around the world.
The content presented in this issue is as below:● One Special Document● Nine Maintenance Cases of ZTE's Data ProductsHave you examined your service polices and procedures
lately? Are you confident that your people are using all the tools at their disposal? Are they trained to analyze each issue in a logical manner that provides for less downtime and maximum customer service? A close look at the cases reveals how to isolate suspected faulty or mis-configured equipment, and how to solve a problem step by step, etc. As success in commissioning and service is usually a mix of both discovery and analysis, we consider using this type of approach as an example of successful troubleshooting investigations.
While corporate leaders maintain and grow plans for expansion, ZTE employees in all regions carry out with individual efforts towards internationalization of the company. Momentum continues to be built, in all levels, from office interns to veteran engineers, who work together to bring global focus into their daily work.
If you would like to subscribe to this magazine (electronic version) or review additional articles and relevant technical materials concerning ZTE products, please visit the technical support website of ZTE Corporation (http://ensupport.zte.com.cn).
If you have any ideas and suggestions or want to offer your contributions, you can contact us at any time via the following email: [email protected].
Thank you for making ZTE a part of your telecom experience!
Maintenance ExperienceBimonthly for Data ProductsNo.47 Issue 126, August 2008
Director: Qiu Weizhao
Deputy Director: Chen Jianzhou
Editors:Jiang Guobing, Zhang Shoukui, Wu Feng,
Yuan Yufeng, Tang Hongxuan, Chen Huachun,
Li Gangyi, Gu Yu, Song Jianbo, Tian Jinhua,
Du Jianli, Qu Ruizheng, Zhang Zhongdong,
Liu Xianmin, Wang Zhaozheng, Liu Wenjun,
Wang Yapping, Lei Kun, Wang Tiancheng, Cai
Hongming
Technical Senior Editors:Hu Jia, Bai Jianwen
Executive Editor:Zhang Fan
Contents
SNMP Protocol Configuration
T64G Route Loop Processing
1 SNMP Overview ..............................................................................................................................32 SNMP Principle ...............................................................................................................................4 2.1 SNMP Protocol .........................................................................................................................................................4
2.2 Management Information Base ................................................................................................................................4
2.3 SNMP Packet ...........................................................................................................................................................5
2.4 SNMP Message Types .............................................................................................................................................5
2.5 SNMP Working Procedure .......................................................................................................................................5
2.6 SNMPv2 and SNMPv3 .............................................................................................................................................6
3 Configuring SNMP ...........................................................................................................................64 SNMP Application ............................................................................................................................85 SNMP Diagnosis and Maintenance .................................................................................................9
Network Topology ............................................................................................................................. 11Malfunction Situation ........................................................................................................................ 11Malfunction Analysis ......................................................................................................................... 11Solution.............................................................................................................................................12
Link Interrupt Caused by POS Parameter MismatchPOS Overview ..................................................................................................................................13Network Topology .............................................................................................................................14Malfunction Situation ........................................................................................................................14Malfunction Analysis .........................................................................................................................14Solution.............................................................................................................................................16Experience Summary .......................................................................................................................17
Label Distribution Malfunction in MPLSNetwork Topology .............................................................................................................................18Malfunction Situation ........................................................................................................................19Malfunction Analysis .........................................................................................................................19Solution.............................................................................................................................................21Experience Summary .......................................................................................................................24
Contents
STP Malfunction on 2826S Switch
OSPF Equivalent Default Route
Network Topology .............................................................................................................................25Malfunction Situation ........................................................................................................................25Malfunction Analysis .........................................................................................................................25Solution.............................................................................................................................................28
Network Topology .............................................................................................................................30Malfunction Situation ........................................................................................................................30Malfunction Analysis .........................................................................................................................30Solution.............................................................................................................................................33Experience Summary .......................................................................................................................33
Supervlan ConfigurationNetwork Topology .............................................................................................................................34Malfunction Situation ........................................................................................................................34Malfunction Analysis .........................................................................................................................34Solution.............................................................................................................................................35Experience Summary .......................................................................................................................36
Address SuperpositionNetwork Topology .............................................................................................................................37Malfunction Situation ........................................................................................................................37Malfunction Analysis .........................................................................................................................37Solution.............................................................................................................................................38Experience Summary .......................................................................................................................38
Switch CPU Utilization Ratio AbnormityNetwork Topology .............................................................................................................................39Malfunction Situation ........................................................................................................................39Malfunction Analysis .........................................................................................................................39Solution.............................................................................................................................................40Experience Summary .......................................................................................................................41
GGSN Cell Phone Online Service through IP Bearer NetworkNetwork Topology .............................................................................................................................42Cell Phone Online Service through IP Bearer Network ....................................................................43Related Configuration .......................................................................................................................43
www.zte.com.cn
3Data Products
⊙ Yang Zhiwei / ZTE Corporation
SNMP Protocol Configuration
1 SNMP OverviewSimple Network Management Protocol (SNMP)
is a suite of network management protocol defined
by the Internet Engineering Task Force (IETF). It
is based on the Simple Gateway Monitor Protocol
(SGMP). With SNMP, a management station
can manage all network devices that support the
protocol remotely, such as monitoring the network
state, modifying the configurations on the devices
and receiving the alarms of the network events.
SNMP manages devices on the base of servers
and clients. The background network management
servers work as the SNMP servers and the
foreground network devices work as the clients.
The background devices and the foreground
devices share a Management Information Base
(MIB) and communicate with each other through
SNMP. When a routing switch is used to work as
the SNMP agent, it is required to specify a SNMP
server and define the contents and privilege that
are allowed to be sampled.
Key words: SNMP, network management, MIB
The network managed by SNMP
consists of three parts:
The managed devices: A managed
device (also called network equipment)
is a node in the network, including the
SNMP agent. It is in the management
network. A managed device collects and
stores management information. The NMS
can obtain the management information
through SNMP. A managed device can
be a router, an access server, a switch, a
bridge, a hub, a host or a printer.
The agent: An SNMP agent is a module
of the network management software on
the managed device. The SNMP agent
has related local management information
and converts the information to a format
that is compatible with SNMP.
The Network Management System
(NMS): An NMS runs the application
program to monitor and manage devices.
August 2008 Issue 126
Maintenance Experience4
Besides, the NMS also provides rich
processing program and necessary
storage resource. A managed network
should have one or more NMSs.
At p resent , there are SNMPv1,
SNMPv2 and SNMPv3. There is little
d i f f e r e n c e b e t w e e n S N M P v 1 a n d
SNMPv2. SNMPv3 is an enhanced version
which contains the operations of other
protocols. SNMPv3 is more secure and
contains remote configurations, compared
with SNMPv1 and SNMPv2. To solve
the compatibility of different versions,
RFC3584 defines the coexistence policy.
The application of SNMPv1 and SNMPv2
is all-pervading, and the application of
SNMPv3 is increasing.
2 SNMP Principle2.1 SNMP Protocol
SNMP is the communication protocol
between the management process and
the agent process. It is a protocol on
the application layer and the lower layer
protocol is UDP. The management process
port number is 162. The agent process
number is 161. The position of SNMP in
TCP/IP suite is shown below.
SNMP
UDP
IP
Link layer protocol
Hardware physical layer
SNMP uses the agent/management
station mode. The network management
and maintenance are implemented through
the interactions between the agent and
the management station. The subordinate
SNMP agents respond to the queries
about MIB from the management station (principal
SNMP agent).
2.2 Management Information BaseSNMP is a protocol on the application layer.
It requires the protocol entities at both sides to
exchange different types of messages. However,
user data on the lower layer should be BYTE
sequences. This brings about a problem about
decoding: how does a SNMP protocol entity identify
the message from a received BYTE sequence, and
convert a message expressed with internal date
structure to a BYTE sequence and then send it
out?
To solve this problem, it is necessary to define
a data structure that is abstracted from the actual
software data structure, called abstract syntax.
Therefore, the Management Information Base (MIB)
is defined. It includes all parameters that may be
queried and modified in the agent process.
MIB is a set of the standard variable definitions
of the monitored network devices. SNMP uses the
hierarchical-structure naming rule to identify the
management objects. It is like a tree. The node of
the tree stands for the management object. Each
node is identified by a unique path from the root to
the node, as shown in Figure 1.
Figure 1. Tree Structure
Management object B can be identif ied
uniquely by the number string {1.2.1.1}. This
number string is the object identif ier of the
www.zte.com.cn
5Data Products
management object, which identifies a path from
the tree to B.
The object identifier of A is {1.2.1.1.5} or {B 5}. {B
5} means A is the fifth child of B.
O n t h e m a n a g e d d e v i c e , t h e t r e e i s
implemented by a complicated data structure.
Fortunately, the establishment of the tree is finished
by the MIB compiler. The pointers for accessing
the functions are kept in the leaf nodes. The agent
obtains the values of the management variables
from related modules by using the functions.
2.3 SNMP PacketThe SNMP agent and the management
station communicate with each other through the
standard messages of SNMP. Each message is
an independent data packet. SNMP uses UDP as
the layer 4 protocol. A SNMP packet consists of
two parts: SNMP header (consisting of the version
identifier and the community name) and the
Protocol Data Unit (PDU), as shown in Figure 2.
● Version Identifier
A version identifier ensures that all SNMP
agents use the same version of SNMP. Each
SNMP agent discards the data packets of version
that is different from itself.
● Community Name
The subordinate SNMP agent implements
authentication on SNMP management station
with the community name. When authentication
is configured, the subordinate SNMP agent will
authenticate the community name and the IP
addresses of the management stations. If the
authentication fails, the subordinate SNMP agent
will send a Trap message indicating authentication
failure to the management station.
● PDU
The type of a SNMP message and the related
parameters are specified in a PDU.
2.4 SNMP Message TypesSNMP defines five types of messages:
● Get-Request
● Get-Response
● Get-Next-Request
● Set-Request
● Trap
The SNMP management station uses
the Get-Request messages to search
information of the network devices with
the SNMP agent. The SNMP agent replies
with the Get-Response messages. The
Get-Next-Request message is used
together with the Get-Request message to
query the column element of the specified
table object.
The SNMP management station uses
the Set-Request messages to configure
the network devices remotely. The
configuration includes configuring the
device name and attributes, deleting a
device, enabling or disabling an attribute.
When emergent events occur, the
managed devices send Trap messages to
the SNMP management station. When the
SNMP management station receives the
Trap PDU, it displays the contents from
the variable dual table. The common Trap
type includes cold boot, hot boot and link
state change.
2.5 SNMP Working ProcedureThe agent residing in the managed
device receives the request messages
through No. 161 port of UDP. After
d e c o d i n g a n d c o m m u n i t y n a m e
authent icat ion, the agent gets the
corresponding nodes of management
var iables in MIB and the values of
variables. Then the agent generates
response messages, codes them and
sends them back to the management
station. When the management station
Figure 2. SNMP Packet
August 2008 Issue 126
Maintenance Experience6
receives the response messages, it also
takes the same actions.
According to the RFC1157, the detailed
process of the agent when it receives a
message is described below.
(1) The agent decodes the message
according to the ASN.1 coding rule, and
then generates the massage expressed
by internal data structure. When an error
occurs during decoding, the message will
be discarded.
(2) The agent gets the version number
from the message and compares i t
with the version number that the agent
supports. If the numbers are different, the
message will be discarded.
(3) The agent gets the community
name from the message. The community
name is filled in by the management
station which sends the message. If the
community name is different from the
name that the device recognizes, the
message is discarded and the agent
generates a Trap message.
(4 ) When the message passes
authentication, the agent extracts the PDU
and deals with the PDU. Otherwise, the
message is discarded. Then the agent
generates a message and sends it to the
destination. The destination is the source
address of the received message.
2.6 SNMPv2 and SNMPv3SNMP developed rapidly in the early
1990s, but the shortage was also exposed.
For example, it was hard to transmit a lot
of data and it lacked ID authentication and
privacy mechanisms. Therefore, SNMPv2
was released in 1993. It has the following
features:
● Supporting distr ibuted network
management
● Extending data type
● Supporting to transmit a lot of data
● Adding the functions to process malfunctions
● Strengthening the ability of data definition
language
However, SNMPv2 d id no t sa t i s fy the
expected requirements completely, especially
on security, such as authentication (including ID
authentication when users initialize to access,
information integrality analysis and prevention of
repeated operations), encryption, authorization,
access control, remote secure configuration
and management capability, etc. In 1996, the
modified version of SNMPv2, that is, SNMPv2c
was released. These functions were improved in
this version. However, the security performance
was not enhanced. SNMPv2c continued to use the
authentication mode based on the simple text of
SNMPv1.
IETF SNMPv3 working group brought forward
the RFC 2271~2275 to form the SNMPv3 in
January, 1998. The system frame of all functions
in SNMPv1 and SNMPv2 was defined in these
documents. Besides, a new security mechanism
(including the authentication service and encryption
service) and a suite of network security and control
access rules were defined in these documents.
So to speak, the security and management
mechanisms were added based on SNMPv2
in SNMPv3. The system structure of SNMPv3
defined by RFC 2271 embodies the modularization
design idea. Therefore, functions can be added
and modified easily. SNMPv3 series documents
(RFC2570~2575) are the supplements and
refinement of RFC2271~2275.
3 Configuring SNMPZXR10 routers, switches and ZXUAS devices
support SNMPv1, SNMPv2c and SNMPv3. The
configuration commands and parameters are
described below.
(1) To configure a SNMP community, use the
following command.
www.zte.com.cn
7Data Products
snmp-server community <community-name>
[view <view-name>] [ro | rw]
SNMPv1 and SNMPv2c use community
authentication mode. A community can be set to
read-only (ro) or read-write (rw). In ro mode, the
community can only query the information on the
device. In rw mode, the community can query the
information and configure the device.
T h i s c o m m a n d i s u s e d i n t h e g l o b a l
configuration mode. <community-name> is a string
with 1~32 characters. <view-name> is the view
name of an MIB.
The privilege to operate the device (ro or rw) is
restricted by the view. If the parameter of view is
omitted, the default view is used. When the ro | rw
keyword is omitted, the system uses ro by default.
(2) To define an SNMPv2 view, use the
following command.
snmp-server view <view-name> <subtree-id>
{included | excluded}<view-name> is a character string. <subtree-
id> can be an object identifier (OID) in the form
of 1.2.3.4.5, or the node name of the MIB subtree
(such as internet). Use the keywords include or
excluded to include or exclude a subtree.
(3) To configure the system principal contact
mode of an MIB object , use the fo l lowing
command.
snmp-server contact <mib-syscontact-text>
sysContact is a management variable of the
MIB II system group. It contains the principal
identifier and contact method of the managed
device.
Example: This example describes how to set
the contact mode of the system principal.
ZXR10(config)#snmp-server contact this is
ZXR10, tel:(025)52872006
(4) To configure the location of an MIB object,
use the following command.
snmp-server location <mib-syslocation-text>
T h e l o c a t i o n o f a n M I B o b j e c t
(sysLocation) is an administrative variable
in the system of MIB II.
Example: This example describes how
to set the location of the system of the MIB
object.
ZXR10(con f i g )#snmp-se rve r location this is ZXR10 in china
(5) To configure the type of Trap
messages that are allowed to send, use
the following command.
s n m p - s e r v e r e n a b l e t r a p
[<notification-type>]
Trap messages are sent by the
managed devices to the NMS without
requests to report the emergent events. It
can include information about BGP, OSPF,
RMON, SNMP, Stalarm and VPN.
(6) To configure the destination host
of Trap messages, use the following
command.
snmp-server host [mng | vrf <vrf-
name>] <ip-address> [trap | inform] version {1 | 2c | 3 {auth | noauth | priv}} <community-name> [udp-port <udp-port>]
[<trap-type>]
This command configures the VRF
name, IP address, version, authentication
mode, community name, UDP port and
Trap type of a Trap message or an Inform
message.
(7) To configure an ACL to control the
address of the hosts that accesses to the
system through SNMP protocol, use the
following command.
snmp-server access- l is t <ac l -
number>
This command configures the matched
ACL number to control the address of the
hosts that accesses to the system through
August 2008 Issue 126
Maintenance Experience8
SNMP protocol.
(8) To configure the name of an SNMP
context, use the following command.
snmp-server context <context-name>
This command is only applied to
SNMPv3.
(9) To configure an SNMP group, use
the following command.
snmp-server group <groupname> v3 {auth | noauth | priv}[context <context-
name> match-prefix | match-exact ]
[read <readview>] [write <writeview>]
[notify <notifyview>]
This command is used to configures
an SNMPv3 group and specifies the group
name, authentication mode, context name,
read view name, write view name and
notify view name.
(10) To configure an SNMP user, use
the following command.
snmp-server user <username>
<groupname> v3 [encrypted] [auth {md5 | sha} <auth-password> [priv des56 <priv-
password>]]
This command is only applied to
SNMPv3. The keyword encrypted means
that the password is not the original text
but a worked key. It is not recommended
to use this option.
4 SNMP ApplicationThe appl icat ion of SNMPv1 and
SNMPv2c is shown below.
snmp-server community aaaa view
AllView ro
/*configure the community name
and the view name*/
snmp-server enable trap
snmp-server enable inform
snmp-server host 132.109.96.29
inform version 2c aaaa
snmp-server host 132.109.96.29
trap version 2c aaaa
syslog server 132.109.96.29 fport 514 lport
514
unm on
unm server mng 132.109.96.29 aaaa
/*the SNMP network management is MNG
management */
The application of SNMPv1 and SNMPv2c on
the E series devices is shown below.
unm on
logging on
snmp-server enable trap
snmp-server enable inform
snmp-server community public view AllView
ro
snmp-server community private view
AllView rw
/*use two communities, one is “read only”,
the other is “read and write”*/
snmp-server host 10.40.46.188 trap version
2c public
l o g g i n g t r a p i n f o r m a t i o n a l p u b l i c
10.40.46.188
unm server 10.40.46.188 public
The application of SNMPv3 is shown below.
unm on
unm server 168.1.1.1 public
snmp-server context contexta
snmp-server group group1 v3 priv context
contexta read view1 write view1 notify view1
snmp-server host 168.1.1.1 ver 3 auth
www.zte.com.cn
9Data Products
user10 ospf snmp
/*configure the sending host address. The
version is V3. Authentication is configured.
The SNMPv3 user name is user10.*/
snmp-server view view1 1.3.6.1.2.1.1
included
/*define a view*/
snmp-server user10 group1 v3 auth md5
12345678 priv des56 12345678
/*configure the use name and password*/
5 SNMP Diagnosis and MaintenanceThe following commands are used for SNMP
diagnosis and maintenance.
(1) To display the statistics information about
the SNMP messages, use show snmp command,
as shown below.
ZXR10(config)#show snmp
Contact : +86-25-52870000
Location: No.68 Zijinghua Rd. Yuhuatai
District, Nanjing, China
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name
supplied
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size
1400)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUsSNMP
(2) To d isplay a l l o f the current
configurations of SNMP, use show snmp config command, as shown below.
ZXR10(config)#show snmp config
snmp-se rve r l oca t i on No .68
Zijinghua Rd. Yuhuatai District,
Nanjing, China
s n m p - s e r v e r c o n t a c t
+86-25-52870000
snmp-server packetSize 1400
snmp-server engine-id
830900020300010289d64401
snmp-server community aaaa view
AllView ro
snmp-server enable trap
snmp-server enable inform
snmp-server host 132.109.96.29
inform version 2c aaaa
snmp-server host 132.109.96.29
trap version 2c aaaa
syslog server 132.109.96.29 fport
514 lport 514
unm on
unm server mng 132.109.96.29
aaaa
logging on
(3) To display the local engine ID
of SNMP, use show snmp engine_id
command, as shown below. As the core
part in an SNMP entity, an SNMP engine
is used to receive/authenticate SNMP
messages, and abstract PDU assembled
messages to communicate with the SNMP
program.
August 2008 Issue 126
Maintenance Experience10
ZXR10(config)#show snmp engine-id
the engine-
id:830900020300010289d64401
(4) To display the local groups of SNMP, use show snmp group command, as shown below.
ZXR10#show snmp group
groupName :group1
sec_Model :v3
sec_Level :PRIV
readView :view1
writeView :view1
notifyView:view1
rowStatus :ACTIVE
(5) To display the local users of SNMP, use show snmp user command, as shown below.
ZXR10(config)#show snmp user
username :user10
engine-id :830900020300010289d64401
auth_type :MD5
group_name :group1(v3)
encryptType:DES_CBC
storageType:NONVOLATILE
row_status :ACTIVE
www.zte.com.cn
11Data Products
Network TopologyAs shown in Figure 1, the devices in the
network are connected in series. Static routes are
configured on T64G and T160G.Malfunction Situation
Recently, users said that there were many
alarms indicating TTL=1 on the uplink port of T64G.
The alarms appeared once every several minutes.
These alarms did not appear before. The users
were worried about that this would affect CPU and
services.
Malfunction AnalysisTo find out the problem, the engineers took the
following steps.
(1) The engineers logged into the T64G and
they found that there were many alarms indicating
TTL=1 on the uplink port. TTL is the time to live
Figure 1. Network Topology
of a packet. By default, the TTL value is
255. If a packet passes a hop, the TTL
value is decreased by one. When the TTL
value is decreased to 1, the packet will be
discarded. Therefore, there may be a route
loop on the device. The engineers logged
into the T160G and they also found that
there were many alarms indicating TTL=1
and alarms for ICMP packets on the uplink
port.
(2) To find out the source address of
the packet, it was necessary to capture
the packets. It was a gigabit uplink port, so
⊙ Li Kui / ZTE Corporation
T64G Route Loop Processing
Key words: TTL, static route, route loop
August 2008 Issue 126
Maintenance Experience12
it was not suitable to mirror the data on the
port. With the agreement of the users, the
engineers captured the packets on the line
card. The result showed that there was a
source address sending a lot of packets
to a host in the network, and the protocol
type of the packets was null, as shown in
Figure 2. This may be caused by virus or
Figure 2. Result of Packet Capturing
attacks. It was recommended to configure ACL to
filter the source IP address.
(3) After configuring ACL, the engineers found
that there were still alarms indicating TTL=1 on
the T64G. Therefore, the problem was not caused
by virus or attacks. The engineers logged into the
devices again to check the configurations. They
found that there were many static routes on the
T64G and T160G.
(4) The engineers checked the static route
configuration. They found that redundant static
routes were configured on the T64G. These
routes used to head to the 5200G, but they were
not deleted after the address of the 5200G was
changed. Therefore, the packets were forwarded
between the T64G and T160G back and forth,
which caused the route loop. When the TTL of the
packets were decreased to 1, the packets were
discarded.
SolutionThe engineers deleted these static routes. The
alarms disappeared. The problem was solved. ■
www.zte.com.cn
13Data Products
POS OverviewP a c k e t o v e r S O N E T / S D H ( P O S ) i s a
technique that uses SONET/SDH to provide high-
speed transmission paths to transmit IP data. It
encapsulates packets with link layer protocols
such as PPP, HDLC and CHDLC, and then maps
the encapsulated packets to the SONET/SDH
synchronous payload through the service adapter
in the path layer of NET/SDH. After that, the
payload passes by the SONET/SDH transmission
layer and segment layer. Path cost and segment
cost are added to the payload. Then the payload
is encapsulated to a SONET/SDH frame. When
it reaches the optical network, it is transmitted in
fibers. POS keeps the feature of connectionless.
The impor tant parameters o f POS are
described as follows:
C2: It is a signal mark byte, belonging to the
Higher-Order Path Overhead byte. It is used to
identify the multiple connection structure of the
⊙ Zhou Hongwei / ZTE Corporation
Link Interrupt Caused by POS Parameter Mismatch
Key words: POS, C2, S1S0, J1, G1Error
Virtual Container (VC) and the character of
the payload. The default value is 0x16, 22
in decimalization.
J1: It is the path trace byte, belonging
to the Higher-Order Path Overhead byte.
It is used to detect the Higher-Order Path
continuity of the connection between two
interfaces. The default value is null.
S1S0: The range is 0 to 3. In SONET
standard, this value is not defined and
not detected at the receiving side. In
SDH standard, this value is defined and
detected at the receiving side. If this value
is not 2, the two sides can not be jointed.
To ensure a successful joint, the three
parameters of POS should be consistent.
On a ZXR10 T64E router, the default value
of C2 is 22, the default value of J1 is 0, and
the default value of S1S0 is 2.
August 2008 Issue 126
Maintenance Experience14
Network TopologyAs shown in Figure 3, the interface POS3_5/1
on the T64E router connects to the POS interface
on the Cisco router through a SDH transmission
network.
Malfunction SituationUsers found that a lot of packets were lost on POS3_5/1 of the T64E router. The users logged
into the T64E router remotely, and they pinged to the Cisco router with a packet of short length
through POS3_5/1. The result is shown below.
ZZXCT64E# ping 192.168.1.10 op 1000 100 2 limit 0
sending 1000,100-byte ICMP echos to 192.168.1.10,timeout is 2 seconds.
!!!!!!!!!!!!!!!!!.!!!!!!!!.!!!.!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!
(Part of the result is omitted.)
Success rate is 92 percent(926/1000),round-trip min/avg/max= 0/5/100 ms.
The users pinged to the Cisco router with a packet of long length through POS3_5/1. The
result is shown below.
ZZXCT64E# ping 192.168.1.10 op 1000 1500 2 limit 0
sending 1000,1500-byte ICMP echos to 192.168.1.10,timeout is 2 seconds.
.!!.!!!.!!!!!!!!!!!.!!!.......!!.!.!!..!!!!.!..!.!!....!! !..!.!!!.!!.!! !..!.!!!.!!.!!
!!!.!!..!.!!!.!!.!!!!!!!!!!.!.!!!!!!.!!!..
(Part of the result is omitted.)
Success rate is 63 percent(111/174),round-trip min/avg/max= 0/13/40 ms.
Malfunction Analysis
To find out the problem, the engineers took the following steps.
(1) The engineers checked the interface information on POS3_5/1, as shown below.
ZZXCT64E#show interface pos3_5/1
pos3_5/1 is up, line protocol is up
Description is TO-JN-AR1
Keepalive set:10 sec
The port is optical
crc 32
clock source line
scramble payload-enable
Internet address is 222.43.7.253/30
MTU 1500 bytes
Figure 3. Network Topology
www.zte.com.cn
15Data Products
MRU 1500 bytes BW 155520 Kbits
Encapsulation PPP,
LCP OPENED,IPCP OPENED,IPV6CP STARTING
MPLSCP STARTING,OSINLCP STARTING
Last clearing of "show interface" counters 0Day 0Hour 25Min 1Sec
120 seconds input rate: 9713797 Bps, 16831 pps
120 seconds output rate: 4443675 Bps, 20562 pps
Interface peak rate : input 10873508 Bps, output 5197123 Bps
Interface utilization: input 49%, output 22%
Input:
Packets : 26525386 Bytes: 14832473267
Unicasts : 0 Multicasts: 0 Broadcasts: 0
B1Error : 0 B2Error : 0 B3Error : 0
M1Error : 0 G1Error : 9813660 FIFOError : 0
Abort : 0 Oversize : 0 Undersize : 0
FCS : 0
Output:
Packets : 32288555 Bytes: 6951365662
Unicasts : 0 Multicasts: 0 Broadcasts: 0
FIFOErr : 0 UnderFifo : 0 Oversize : 0
Undersize: 0 LinkError : 0
(2) A moment later, the engineers checked the interface information on POS3_5/1 again, as
shown below.
ZZXCT64E#show interface pos3_5/1
pos3_5/1 is up, line protocol is up
Description is TO-JN-AR1
Keepalive set:10 sec
The port is optical
crc 32
clock source line
scramble payload-enable
Internet address is 222.43.7.253/30
MTU 1500 bytes
MRU 1500 bytes BW 155520 Kbits
Encapsulation PPP,
LCP OPENED,IPCP OPENED,IPV6CP STARTING
MPLSCP STARTING,OSINLCP STARTING
Last clearing of "show interface" counters 1Day 22Hour 27Min 25Sec
August 2008 Issue 126
Maintenance Experience16
120 seconds input rate: 9639063 Bps, 18451 pps
120 seconds output rate: 4810680 Bps, 22005 pps
Interface peak rate : input 16274055 Bps, output 14560792 Bps
Interface utilization: input 49%, output 24%
Input:
Packets : 2134398563 Bytes: 1086284953224
Unicasts : 0 Multicasts: 0 Broadcasts: 0
B1Error : 0 B2Error : 0 B3Error : 0
M1Error : 0 G1Error : 21113682 FIFOError : 0
Abort : 0 Oversize : 0 Undersize : 0
FCS : 0
Output:
Packets : 2842508343 Bytes: 1056010143766
Unicasts : 0 Multicasts: 0 Broadcasts: 0
FIFOErr : 0 UnderFifo : 0 Oversize : 0
Undersize: 0 LinkError : 0
The results showed that the number of “G1Error” item increased.
SolutionThe “G1Error” item was related to the SDH transmission, especially the parameters C2, S1S0
and J1 of POS. The engineers set the values of the three parameters to defaults. After that, the
number of “G1Error” item disappeared, as shown below.
ZZXCT64E#show interface pos3_5/1
pos3_5/1 is up, line protocol is up
Description is TO-JN-AR1
Keepalive set:10 sec
The port is optical
crc 32
clock source line
scramble payload-enable
Internet address is 222.43.7.253/30
MTU 1500 bytes
MRU 1500 bytes BW 155520 Kbits
Encapsulation PPP,
LCP OPENED,IPCP OPENED,IPV6CP STARTING
MPLSCP STARTING,OSINLCP STARTING
Last clearing of "show interface" counters 6Day 16Hour 44Min 24Sec
120 seconds input rate: 6430648 Bps, 15351 pps
www.zte.com.cn
17Data Products
120 seconds output rate: 5047286 Bps, 17381 pps
Interface peak rate : input 18434615 Bps, output 15166751 Bps
Interface utilization: input 33%, output 25%
Input:
Packets : 8736607844 Bytes: 4400023154583
Unicasts : 0 Multicasts: 0 Broadcasts: 0
B1Error : 0 B2Error : 0 B3Error : 16
M1Error : 0 G1Error : 0 FIFOError : 0
Abort : 0 Oversize : 0 Undersize : 0
FCS : 0
Output:
Packets : 11766523133 Bytes: 4229378830915
Unicasts : 0 Multicasts: 0 Broadcasts: 0
FIFOErr : 0 UnderFifo : 0 Oversize : 0
Undersize: 0 LinkError : 0
The engineers pinged to the Cisco router with a packet of short length through POS3_5/1. The
result is shown below.
ZZXCT64E#ping 192.168.1.10 op 100 100 2 limit 0
sending 100,100-byte ICMP echos to 192.168.1.10,timeout is 2 seconds.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent(100/100),round-trip min/avg/max= 0/7/100 ms.
The engineers pinged to the Cisco router with a packet of long length through POS3_5/1. The
result is shown below.
ZZXCT64E#ping 192.168.1.10 op 100 1500 2 limit 0
sending 100,1500-byte ICMP echos to 192.168.1.10,timeout is 2 seconds.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent(100/100),round-trip min/avg/max= 0/9/20 ms
The results showed that no packets were lost. The problem was solved.
Experience SummaryFor POS joint, pay attention to the following points:
The POS interface on a ZXR10 T64E router supports link coding scrambling. By default, the
link coding scrambling function is enabled on the POS interface, that is, pos scramble-atm is
the default configuration. However, the link coding scrambling function is not enabled on the POS
interface of the Cisco router by default. The link coding scrambling function on the devices at the
two ends should be consistent; otherwise, the link is not through.
August 2008 Issue 126
Maintenance Experience18
To enable the link coding scrambling function on the POS interface, use the pos scramble-atm
command and the default value of parameter C2 is 0x16. To disable the link coding scrambling
function on the POS interface, use the no pos scramble-atm command and the default value of
parameter C2 is 0XCF.
By default, the CRC value on the ZXR10 T64E router is 32, and the CRC value on the Cisco
router is 16. The CRC values should be consistent; otherwise, the link is not through.
The clock of the ZXR10 T64E router is the internal clock. When two ZXR10 T64E routers are
connected back to back, the clock of one router should be the internal clock, and the clock of the
other router should be line clock. Otherwise, the link is not through. Usually, the clock of a ZXR10
T64E router is set to the internal clock.
The MTU of the POS interface on the Cisco interface is 4096. If the values of MTU on the POS
interfaces at two sides are different, it is normal when users ping to the other side with a packet of
short length at one side. However, packet lost will occur when the users ping to the other side with
a packet of long length at one side. Therefore, when the values of MTU on the POS interfaces at
two sides are different, set the MTU value of the POS interface on the Cisco router to 1500 to keep
the MTU value consistent with the MTU value of the POS interface on the ZXR10 T64E router. ■
Network TopologyAs shown in Figure 1, the GER08 routers at
POKHARA, SUNDHARA, PATAN, HETUDA nodes
and SUNDHARA CISCO 2600 run OSPF. They are
in area 0. The SUNDHARA CISCO 2600 connects
to the user network. The routes of the user network
are redistributed to area 0 through SUNDHARA
CISCO 2600. The PATAN GER08 router connects
to the PATAN CISCO 2600 router and they learn
the routes of internet through EBGP.
⊙ Yang Zhiwei / ZTE Corporation
Label Distribution Malfunction in MPLS
Key words: MPLS, LDP, pop tag, label distribution
Figure 1. Network Topology
www.zte.com.cn
19Data Products
The users planned to configure MPLS on the GER08 routers at POKHARA, SUNDHARA,
PATAN and HETUDA nodes.
Malfunction SituationThe users enabled MPLS on the GER08 routers at POKHARA, SUNDHARA, PATAN and
HETUDA nodes and then enabled MPLS on the corresponding interfaces. After that, they could
not ping to the users that connected to SUNDHARA CISCO 2600 (the network segment was
202.70.65.0 to 202.70.86.0) successfully on the routers except at SUNDHARA GER08.
Malfunction AnalysisTo find out the problem, the engineers took the following steps.
(1) The engineers checked the MPLS labels on the POKHARA GER08 router, as shown below.
Pokhara-GER08-1#show mpls forwarding-table
Mpls Ldp Forwarding-table:
InLabel OutLabe Dest Pfxlen Interface NextHop
25 73 0.0.0.0 0 gei_5/1 202.70.93.122
38 37 172.16.1.11 32 gei_5/1 202.70.93.122
40 40 192.184.4.166 32 gei_5/1 202.70.93.122
28 27 202.70.65.24 30 gei_5/1 202.70.93.122
59 58 202.70.65.32 30 gei_5/1 202.70.93.122
53 52 202.70.65.33 32 gei_5/1 202.70.93.122
55 54 202.70.65.44 30 gei_5/1 202.70.93.122
32 31 202.70.65.45 32 gei_5/1 202.70.93.122
47 46 202.70.65.52 30 gei_5/1 202.70.93.122
45 44 202.70.65.53 32 gei_5/1 202.70.93.122
54 53 202.70.65.84 30 gei_5/1 202.70.93.122
51 50 202.70.65.88 30 gei_5/1 202.70.93.122
65 63 202.70.65.92 30 gei_5/1 202.70.93.122
43 42 202.70.65.93 32 gei_5/1 202.70.93.122
62 60 202.70.65.104 30 gei_5/1 202.70.93.122
64 62 202.70.65.108 30 gei_5/1 202.70.93.122
78 77 202.70.65.188 30 gei_5/1 202.70.93.122
69 68 202.70.65.189 32 gei_5/1 202.70.93.122
68 67 202.70.65.192 30 gei_5/1 202.70.93.122
52 51 202.70.65.193 32 gei_5/1 202.70.93.122
76 74 202.70.65.200 30 gei_5/1 202.70.93.122
67 66 202.70.65.201 32 gei_5/1 202.70.93.122
31 30 202.70.65.232 30 gei_5/1 202.70.93.122
33 33 202.70.66.0 29 gei_5/1 202.70.93.122
56 55 202.70.66.56 29 gei_5/1 202.70.93.122
August 2008 Issue 126
Maintenance Experience20
70 69 202.70.66.96 29 gei_5/1 202.70.93.122
71 70 202.70.66.128 29 gei_5/1 202.70.93.122
72 71 202.70.66.152 29 gei_5/1 202.70.93.122
30 29 202.70.66.208 29 gei_5/1 202.70.93.122
29 28 202.70.68.128 25 gei_5/1 202.70.93.122
……
The result showed that the POKHARA GER08 router had learned the labels from the
SUNDHARA GER08 router through gei_5/1. In the network topology, the POKHARA GER08
router was the penultimate hop and the SUNDHARA GER08 router was the last hop. Therefore,
the labels that the POKHARA GER08 router received from the SUNDHARA GER08 router should
be the POP tags.
(2) The engineers checked the label forwarding table on the SUNDHARA GER08 router, as
shown below.
Sundhara-GER08-1#show mpls forwarding-table
Mpls Ldp Forwarding-table:
InLabel OutLabel Dest Pfxlen Interface NextHop
73 Untagged 0.0.0.0 0 gei_1/1 202.70.93.73
37 Untagged 172.16.1.11 32 fei_3/1 202.70.93.133
40 Untagged 192.184.4.166 32 fei_3/1 202.70.93.133
27 Untagged 202.70.65.24 30 fei_3/1 202.70.93.133
58 Untagged 202.70.65.32 30 fei_3/1 202.70.93.133
52 Untagged 202.70.65.33 32 fei_3/1 202.70.93.133
54 Untagged 202.70.65.44 30 fei_3/1 202.70.93.133
31 Untagged 202.70.65.45 32 fei_3/1 202.70.93.133
46 Untagged 202.70.65.52 30 fei_3/1 202.70.93.133
44 Untagged 202.70.65.53 32 fei_3/1 202.70.93.133
53 Untagged 202.70.65.84 30 fei_3/1 202.70.93.133
50 Untagged 202.70.65.88 30 fei_3/1 202.70.93.133
63 Untagged 202.70.65.92 30 fei_3/1 202.70.93.133
42 Untagged 202.70.65.93 32 fei_3/1 202.70.93.133
60 Untagged 202.70.65.104 30 fei_3/1 202.70.93.133
62 Untagged 202.70.65.108 30 fei_3/1 202.70.93.133
77 Untagged 202.70.65.188 30 fei_3/1 202.70.93.133
68 Untagged 202.70.65.189 32 fei_3/1 202.70.93.133
67 Untagged 202.70.65.192 30 fei_3/1 202.70.93.133
51 Untagged 202.70.65.193 32 fei_3/1 202.70.93.133
74 Untagged 202.70.65.200 30 fei_3/1 202.70.93.133
66 Untagged 202.70.65.201 32 fei_3/1 202.70.93.133
www.zte.com.cn
21Data Products
30 Untagged 202.70.65.232 30 fei_3/1 202.70.93.133
33 Untagged 202.70.66.0 29 fei_3/1 202.70.93.133
55 Untagged 202.70.66.56 29 fei_3/1 202.70.93.133
69 Untagged 202.70.66.96 29 fei_3/1 202.70.93.133
70 Untagged 202.70.66.128 29 fei_3/1 202.70.93.133
71 Untagged 202.70.66.152 29 fei_3/1 202.70.93.133
29 Untagged 202.70.66.208 29 fei_3/1 202.70.93.133
28 Untagged 202.70.68.128 25 fei_3/1 202.70.93.133
38 Untagged 202.70.71.0 24 fei_3/1 202.70.93.133
26 Untagged 202.70.75.132 30 fei_3/1 202.70.93.133
64 Untagged 202.70.75.136 30 fei_3/1 202.70.93.133
45 Untagged 202.70.75.137 32 fei_3/1 202.70.93.133……
The result showed that the out labels of the routes that were advertised by the CISCO 2600
router were untagged. It was correct, because the SUNDHARA GER08 router did not establish
LDP neighbor relationships with the CISCO 2600 router. According to MPLS protocol, the labels of
the routes to other MPLS routers distributed by the SUNDHARA GER08 router should be the POP
tags.
When a local router works as an edge LSR, the next hop router may be a non-MPLS router,
in this situation, the local LSR can not bind the out label. According to the MPLS frame protocol,
when a router does not receive the out label, it will discard the packet with labels.
When the users accessed to the SUNDHARA user network through the routers except the
SUNDHARA GER08 router, the packets were tagged when they reached the SUNDHARA GER08
router. However, in the label forwarding table of SUNDHARA GER08 router, the corresponding out
labels were untagged. Therefore, the packets were not forwarded normally, but discarded.
SolutionThe mpls ldp egress {for <prefix-access-list> | nexthop <nexthop-access-list>} command
is used to control LDP to distribute pop tags for the special destination network segment which is
connected indirectly, that is, the egress control policy. The parameters <prefix-access-list> and
<nexthop-access-list> are used together with ACL to match the route information. When the route
information matches the ACL, pop tags are distributed.
The engineers modified the configuration on the SUNDHARA GER08 router, as shown below.
Sundhara-GER08-1(config)#ip access-list standard 2
Sundhara-GER08-1(config-std-acl)# rule 1 permit 202.70.93.133 0.0.0.0
Sundhara-GER08-1(config-std-acl)#exit
Sundhara-GER08-1(config)#mpls ip
Sundhara-GER08-1(config)#mpls ldp router-id loopback1 force
August 2008 Issue 126
Maintenance Experience22
Sundhara-GER08-1(config)#mpls ldp egress nexthop 2
The engineers checked the label information on the SUDHARA GER08 router, as shown
below.
Sundhara-GER08-1#show mpls forwarding-table
Mpls Ldp Forwarding-table:
InLabel OutLabel Dest Pfxlen Interface NextHop
……
26 Pop tag 0.0.0.0 0 gei_1/1 202.70.93.73
18 Pop tag 202.70.93.1 32 gei_1/1 202.70.93.73
21 Pop tag 202.70.93.4 32 gei_1/1 202.70.93.73
20 21 202.70.93.8 32 gei_1/1 202.70.93.73
16 Pop tag 202.70.93.68 30 gei_1/1 202.70.93.73
17 Pop tag 202.70.93.76 30 gei_1/1 202.70.93.73
19 20 202.70.93.88 30 gei_1/1 202.70.93.73
25 Pop tag 202.70.93.128 30 gei_1/1 202.70.93.73
22 Pop tag 202.70.93.248 29 gei_1/1 202.70.93.73……
The engineers checked the label information on the POKHARA GER08 router, as shown
below.
Pokhara-GER08-1#show mpls forwarding-table
Mpls Ldp Forwarding-table:
InLabel OutLabel Dest Pfxlen Interface NextHop
25 Pop tag 0.0.0.0 0 gei_5/1 202.70.93.122
38 Pop tag 172.16.1.11 32 gei_5/1 202.70.93.122
40 Pop tag 192.184.4.166 32 gei_5/1 202.70.93.122
28 Pop tag 202.70.65.24 30 gei_5/1 202.70.93.122
59 Pop tag 202.70.65.32 30 gei_5/1 202.70.93.122
53 Pop tag 202.70.65.33 32 gei_5/1 202.70.93.122
55 Pop tag 202.70.65.44 30 gei_5/1 202.70.93.122
32 Pop tag 202.70.65.45 32 gei_5/1 202.70.93.122
47 Pop tag 202.70.65.52 30 gei_5/1 202.70.93.122
45 Pop tag 202.70.65.53 32 gei_5/1 202.70.93.122
54 Pop tag 202.70.65.84 30 gei_5/1 202.70.93.122
51 Pop tag 202.70.65.88 30 gei_5/1 202.70.93.122
65 Pop tag 202.70.65.92 30 gei_5/1 202.70.93.122
43 Pop tag 202.70.65.93 32 gei_5/1 202.70.93.122
62 Pop tag 202.70.65.104 30 gei_5/1 202.70.93.122
www.zte.com.cn
23Data Products
64 Pop tag 202.70.65.108 30 gei_5/1 202.70.93.122
78 Pop tag 202.70.65.188 30 gei_5/1 202.70.93.122
69 Pop tag 202.70.65.189 32 gei_5/1 202.70.93.122
68 Pop tag 202.70.65.192 30 gei_5/1 202.70.93.122
52 Pop tag 202.70.65.193 32 gei_5/1 202.70.93.122
76 Pop tag 202.70.65.200 30 gei_5/1 202.70.93.122
67 Pop tag 202.70.65.201 32 gei_5/1 202.70.93.122
31 Pop tag 202.70.65.232 30 gei_5/1 202.70.93.122
33 Pop tag 202.70.66.0 29 gei_5/1 202.70.93.122
56 Pop tag 202.70.66.56 29 gei_5/1 202.70.93.122
70 Pop tag 202.70.66.96 29 gei_5/1 202.70.93.122
71 Pop tag 202.70.66.128 29 gei_5/1 202.70.93.122
72 Pop tag 202.70.66.152 29 gei_5/1 202.70.93.122
30 Pop tag 202.70.66.208 29 gei_5/1 202.70.93.122
29 Pop tag 202.70.68.128 25 gei_5/1 202.70.93.122
39 Pop tag 202.70.71.0 24 gei_5/1 202.70.93.122
27 Pop tag 202.70.75.132 30 gei_5/1 202.70.93.122
75 Pop tag 202.70.75.136 30 gei_5/1 202.70.93.122
60 Pop tag 202.70.75.137 32 gei_5/1 202.70.93.122……
The POKHARA GER08 router received the pop tags distributed by the SUNDHARA GER08
router. Therefore, when the packets reached the SUDHARA GER08 router, the labels were
popped up. Then the packets were forwarded normally according to the routing table.
The problem was solved.
The label distribution configuration for the indirect EBGP routes is described below.
On the PATAN GER08 router, the configuration is shown below.
Patan-GER08(config)#ip access-list standard 2
Patan-GER08(config-std-acl)# rule 2 permit 202.70.93.129 0.0.0.0
Patan-GER08(config-std-acl)#exit
Patan-GER08(config)#mpls ip
Patan-GER08(config)#mpls ldp router-id loopback1 force
Patan-GER08(config)#mpls ldp egress nexthop 2
The information of label forwarding table on the SUNDHARA GER08 router or HETUDA
GER08 router is shown below.
August 2008 Issue 126
Maintenance Experience24
Hetuda- GER08#show mpls forwarding-table
Mpls Ldp Forwarding-table:
……
InLabel OutLabel Dest Pfxlen Interface NextHop
26 Pop tag 0.0.0.0 0 gei_1/1 202.70.93.73
18 Pop tag 202.70.93.1 32 gei_1/1 202.70.93.73
21 Pop tag 202.70.93.4 32 gei_1/1 202.70.93.73
20 21 202.70.93.8 32 gei_1/1 202.70.93.73
16 Pop tag 202.70.93.68 30 gei_1/1 202.70.93.73
17 Pop tag 202.70.93.76 30 gei_1/1 202.70.93.73
19 20 202.70.93.88 30 gei_1/1 202.70.93.73
25 Pop tag 202.70.93.128 30 gei_1/1 202.70.93.73
22 Pop tag 202.70.93.248 29 gei_1/1 202.70.93.73
……
The PATAN GER08 router did not learn routes form the PATAN CISCO2600 router, because
the routes were EBGP routes. MPLS did not distribute labels for these routes.
Experience SummaryAccording to the MPLS protocol, the pop tags are not distributed for indirect routes. If the
mpls ldp egress command is not configured for the indirect routes, the LER will distribute labels
for indirect routes outside the MPLS network. When the upstream device receives the packets
with labels distributed by the LER, the devices will discard the packets because the out labels are
untagged. ■
www.zte.com.cn
25Data Products
Network TopologyAs shown in Figure 1, the three devices form a
loop. Spanning-tree function is enabled on these
three devices. A smartgroup is configured between
switches 3906-1 and 3906-2. Switches 3906-1 and
3906-2 run VRRP, and switch 3901-1 is the master. Malfunction Situation
The users could ping to the management
address of switch 2826S on switch 3901-1
successfully, but they could not ping to the same
address on switch 3906-2.
Malfunction AnalysisTo find out the problem, the engineers took the
following steps.
(1) The engineers checked the information of
spanning-tree instances on the three switches.
The information of spanning-tree instances on
switch 3906-1 is shown below.
⊙ Li Weiting / ZTE Corporation
STP Malfunction on 2826S SwitchKey words: STP, VRRP, Mac address, management address
Figure 1. Network Topology
August 2008 Issue 126
Maintenance Experience26
3906-1#show spanning-tree instance 0
Spanning tree enabled protocol MSTP
Root ID: Priority 4096; Address 00d0.d0c0.03c0
Hello-Time 2 sec; Max-Age 20 sec
Forward-Delay 15 sec;
RegRootID: Priority 4096; Address 00d0.d0c0.03c0
BridgeID: Priority 4096; Address 00d0.d0c0.03c0
Hello-Time 2 sec; Max-Age 20 sec
Forward-Delay 15 sec; Max-Hops 20
Message-Age 0 sec; RemainHops 20
Interface Prio.Nbr
Name Port ID Cost Sts Role Type Bound
-------------------------------------------------------------------------------
fei_1/8 128.48 200000 Forward Designated p2p MSTP
sg1 128.1 100000 Forward Designated p2p MSTP
The information of spanning-tree instances on switch 3906-2 is shown below:
3906-2#show spanning-tree instance 0
Spanning tree enabled protocol MSTP
Root ID: Priority 4096; Address 00d0.d0c0.03c0
Hello-Time 2 sec; Max-Age 20 sec
Forward-Delay 15 sec;
RegRootID: Priority 8192; Address 00d0.d0c0.0280
BridgeID: Priority 8192; Address 00d0.d0c0.0280
Hello-Time 2 sec; Max-Age 20 sec
Forward-Delay 15 sec; Max-Hops 20
Message-Age 1 sec; RemainHops 20
Interface Prio.Nbr
Name Port ID Cost Sts Role Type Bound
------------------------------------------------------------------------------------
fei_1/8 128.48 200000 Forward Designated p2p MSTP
sg1 128.1 100000 Forward Root p2p MSTP
The information of spanning-tree instances on switch 2826S is shown below:
www.zte.com.cn
27Data Products
2826S(cfg)#show stp instance 0
RootID:
Priority : 4096 Address : 00.d0.d0.c0.03.c0
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15
Reg RootID:
Priority : 16384 Address : 00.d0.d0.fc.76.92
RemainHops : 20
BridgeID:
Priority : 16384 Address : 00.d0.d0.fc.76.92
HelloTime(s) : 2 MaxAge(s) : 20
ForwardDelay(s): 15 MaxHops : 20
Interface PortId Cost Status Role Bound GuardStatus
-------------------------------------------------------------------------------
1 128.1 200000 Forward Root MSTP None
2 128.2 200000 Discard Alternate MSTP None
The above results showed that switch 3906-1 had the highest priority, and it worked as the
root switch. The state of port 2 on switch 2826S is Discard, which indicated that the link between
switches 3906-2 and 2826S was blocked.
(2) The management address of switch 2826S was 192.168.69.132. The engineers pinged to
the address on switch 3906-2, as shown below.
3906-2#ping 192.168.69.132
sending 5,100-byte ICMP echos to 192.168.69.132,timeout is 2 seconds.
……
(3)The engineers checked the ARP information on switch 3906-2, as shown below.
3906-2#show arp
Arp protect whole is disabled . The count is 3.
Address Age(min) Hardware Addr Interface
192.168.69.132 2 00d0.d0fc.7692 vlan601192.168.70.2 - 00d0.d0c0.0283 vlan601
192.168.69.130 - 00d0.d0c0.0283 vlan601
(4) The engineers checked the MAC address table on switch 3906-2, as shown below.
August 2008 Issue 126
Maintenance Experience28
3906-2#show mac dynamic
Total MAC address : 4
Flags: vid --VLAN id, stc --static
per --permanent, toS --to-static
srF --source filter, dsF --destination filter
time --day:hour:min:sec
MAC_Address port vid stc per toS srF dsF Time
----------------------------------------------------------------------------------
00d0.d0fc.7692 fei_1/8 601 0 0 0 0 0 0:01:32:560000.5e00.0114 sg1 601 0 0 0 0 0 0:01:33:15
0000.5e00.011e sg1 601 0 0 0 0 0 0:01:33:15
00d0.d0c0.03c0 sg1 601 0 0 0 0 0 0:01:33:18
The above result showed that the MAC address 00d0.d0fc.7692 was learned on fei_1/8
of switch 3906-2. In spanning-tree protocol, switches interact to each other through BPDU
messages. BPDU messages are transmitted in the format of Ethernet frames. The source MAC
address of a BPDU message is the MAC address of the switch which sends the BPDU message.
Although the state of fei_1/2 on switch 2826S was Discard, BPDU messages were not affected.
Therefore, switch 3906-2 learned the MAC address 00d0.d0fc.7692 through the BPDU message
sent by switch 2826S.
SolutionTo solve the problem, the engineers changed the MAC address of network management system
on switch 2826S to an address that was different from that of the switch itself, as shown below.
2826S(cfg)#config router
2826S(cfg-router)#set ipport 0 disable
2826S(cfg-router)#set ipport 0 mac 00.D0.D0.FC.76.76
After the modification, the users could access to the switch 2826S on switch 3906-2. the
problem was solved.
The engineers checked the information of ARP and MAC, as shown below.
3906-2#show arp
Arp protect whole is disabled . The count is 3.
Address Age(min) Hardware Addr Interface
192.168.69.132 0 00d0.d0fc.7676 vlan601
192.168.70.2 - 00d0.d0c0.0283 vlan601
192.168.69.130 - 00d0.d0c0.0283 vlan601
3906-2#show mac dynamic
www.zte.com.cn
29Data Products
Total MAC address : 5
Flags: vid --VLAN id, stc --static
per --permanent, toS --to-static
srF --source filter, dsF --destination filter
time --day:hour:min:sec
MAC_Address port vid stc per toS srF dsF Time
---------------------------------------------------------------------------------
00d0.d0fc.7676 sg1 601 0 0 0 0 0 0:00:41:52
00d0.d0fc.7692 fei_1/8 601 0 0 0 0 0 0:00:45:15
0000.5e00.011e sg1 601 0 0 0 0 0 0:00:43:30
0000.5e00.0114 sg1 601 0 0 0 0 0 0:00:43:30
00d0.d0c0.03c0 sg1 1 0 0 0 0 0 0:00:43:31
The above result showed that the MAC address corresponding to the network management
address 192.168.69.132 on switch 2826S was 00d0.d0fc.7676. Switch 3906-2 learned this MAC
address through sg1. Therefore, messages passed by switch 3906-1 and then reached switch
2826S. ■
August 2008 Issue 126
Maintenance Experience30
Network TopologyAs shown in Figure 1, T128-1, T128-2 and
T32C run OSPF and they are in area 0. The notify
default route always command is configured on the
two T128 routers. The next hop of the default route
on the T128-1 router is ROUTER-1, and the next
hop of the default route on the T128-2 router is
ROUTER-2.
Malfunction Situation
By default, up to 4 equivalent routes are
allowed on a ZXR10 T32C router. According to
the network topology, there should be two default
routes on the T32C router, one to the T128-1 router
and the other to the T128-2 router. However, there
was only one default route to T128-2.
⊙ Gu Weiwei / ZTE Corporation
OSPF Equivalent Default RouteKey words: equivalent route, OSPF, default route, options
Figure 1. Network Topology
Malfunction AnalysisTo find out the problem, the engineers took the following steps.
(1) The engineers checked the routing table on the T32C router, as shown below.
T32c# show ip route
Destination Gateway Owner Netif
-----------------------------------------------------------------------------------
default 222.62.207.149 OSPF_ASE t128-210.0.0.0/24 directly connected - en0
127.0.0.1 127.0.0.1 - lo0
221.122.224.0/24 222.62.207.26 Static 7401
(2) The engineers checked the LSA information on the T32C router, as shown below. The
link-ids of these two LSAs are 0.0.0.0.
T32c# ospf show database external link-id 0.0.0.0
OSPF Router with ID (222.62.207.10)
www.zte.com.cn
31Data Products
AS External Link States
Link ID ADV Router Age Seq# Checksum Cost
-----------------------------------------------------------------------------
0.0.0.0 222.62.207.2 181 80001b9c 50ec 1
0.0.0.0 222.62.207.137 1121 80000ab7 693 1
The result showed that the T32C router received two Type-5 LSAs from the two T128 routers.
(3) The engineers checked the OSPF external data information on the T32C router, as shown
below.
T32c# OSPf Show DAtabase EXternal
OSPF Router with ID (222.62.207.10)
……
Routing Bit Set on this LSA
LS Age: 411
Options:
LS Type: AS External Link
Link State ID: 0.0.0.0
Advertising Router: 222.62.207.2 /*T128-1*/
LS Seq Number: 80001ba7
Checksum: 3af7
Length: 36
Network Mask: /0
Metric Type: 2 TOS: 0
Metric: 1 Forward Address:
External Route Tag: 3
Routing Bit Set on this LSA
LS Age: 1348
Options:
LS Type: AS External Link
Link State ID: 0.0.0.0
Advertising Router: 222.62.207.137 /*T128-2*/
LS Seq Number: 80000ac2
Checksum: ef9e
Length: 36
Network Mask: /0
Metric Type: 2 TOS: 0
August 2008 Issue 126
Maintenance Experience32
Metric: 1 Forward Address:
External Route Tag: 3
The result showed that the metric type, metric value and LSA type of the two default routes
were the same. This indicated that the two routes are equivalent.
(4) The engineers checked the two OSPF neighbors of the T32C router, as shown below.
T32C# ospf show neighbor
Neighbor 222.62.207.137, interface address 222.62.207.149
In the area 0.0.0.0 via interface address 222.62.207.150
Neighbor priority is 1, State is Full
Options 0 Dead timer due in 17:20:34
Hitless Helper: not active
Neighbor 222.62.207.2, interface address 222.62.207.9
In the area 0.0.0.0 via interface address 222.62.207.10
Neighbor priority is 1, State is Full
Options 1 Dead timer due in 17:20:31
Hitless Helper: not active
The result showed that the Options value of T128-2 was 0, while the Options value of T128-1
was 1.
(5) According to RFC documents, the value of Options is related to the state and configuration
of the device. The engineers checked the configurations on the two T128 routers. They found that
the T128-2 router advertised the network segment between itself and the ROUTER-2 to the OSPF
area, but the ROUTER-2 was not the OSPF neighbor of the T128-2 router. However, the T128-1
router did not advertise the network segment between itself and ROUTER-1 to the OSPF area.
OSPF configuration on the T128-2 router was shown below.
router ospf 1
network 222.62.207.136 0.0.0.3 area 0.0.0.0
network 222.62.207.144 0.0.0.3 area 0.0.0.0
network 222.62.207.148 0.0.0.3 area 0.0.0.0network 222.62.207.152 0.0.0.3 area 0.0.0.0
network 222.62.207.156 0.0.0.3 area 0.0.0.0
notify default route always
redistribute static
redistribute connected
www.zte.com.cn
33Data Products
SolutionThe engineers used the no network 222.62.207.148 0.0.0.3 area 0.0.0.0 command to delete
the network segment advertised by the T128-2 router between itself and the ROUTER-2. After
that, the engineers checked the OSPF neighbor state and routing table on the T32C router, as
shown below.
T32C# ospf show neighbor
Neighbor 222.62.207.169, interface address 222.62.207.149
In the area 0.0.0.0 via interface address 222.62.207.150
Neighbor priority is 1, State is Full
Options 1
Dead timer due in 17:08:02
Hitless Helper: not active
Neighbor 222.62.207.168, interface address 222.62.207.9
In the area 0.0.0.0 via interface address 222.62.207.10
Neighbor priority is 1, State is Full
Options 1
Dead timer due in 17:08:03
Hitless Helper: not active
T32C#
T32C# show ip route
Destination Gateway Owner Netif
----------- ------- ----- -----
default 222.62.207.9 OSPF_ASE t128-1
222.62.207.149 OSPF_ASE t128-2
10.0.0.0/24 directly connected - en0
127.0.0.1 127.0.0.1 - lo0
221.122.224.0/24 222.62.207.26 Static 7401
The result showed that the Options values on the two neighbors of the T32C router were 1.
The route information showed that the T32C router learned the two default routes from the T128-1
router and the T128-2 router. The problem was solved.
Experience SummaryIn this case, the ROUTER-2 was not the OSPF neighbor of the T32C router. The default
route to the uplink device ROUTER-2 was configured on the T128-2 (it is the ASBR) router.
Therefore, the network between ROUTER-2 and the T128-2 router was advertised. This is the
cause of the problem. ■
August 2008 Issue 126
Maintenance Experience34
Network TopologyIn a college, the users obtained IP addresses
through DHCP to get on-line. As users in part of
offices required using static IP addresses, new VLAN
IDs were added to the switches based on the primary
network topology. A Supervlan was configured on
T64G. The topology is as shown in Figure 1.
Malfunction Situation
A new VLAN was added for the users with static
IP addresses. The VLAN ID was 200. Supervlan
2 was configured on T64G. The IP address and
network gateway address were configured correctly
on the PCs. The users failed to ping to the gateway 172.16.8.1 successfully on the PCs.
Malfunction AnalysisTo find out the problem, the engineers took the following steps.
(1) The engineers checked the configurations of the PCs and disabled the firewall and wireless
Figure 1. Network Topology
⊙ Wang Huali / ZTE Corporation
Supervlan ConfigurationKey words: Supervlan, subvlan, B10 version
www.zte.com.cn
35Data Products
network cards.
(2) The engineers checked the configuration on the 2826S switch, as shown below.
set port 2 pvid 200 /*port 2 connects to the user pc*/
set vlan 200 enable
set vlan 200 add port 2untag
set vlan 200 add port 25 tag /*up-connects to the gei_2/1 of T64G*/
The engineers did not find any problem.
(3) The engineers checked the configuration on the T64G, as shown below.
vlan 200
supervlan 2
interface supervlan 2
ip address 172.16.8.1 255.255.255.128
inter-subvlan-routing disable
interface gei_2/1
description test1
protocol-protect mode dhcp enable
negotiation auto
hybrid-attribute copper
switchport mode trunk
switchport trunk native vlan 1
switchport trunk vlan 200 /*user vlan*/
switchport trunk vlan 4093
switchport qinq normal
The engineers tried not to set the vlan 200 as the sub interface of the Supervlan and modified
the configuration as below.
interface vlan 200
ip address 172.16.8.1 255.255.255.128
After that, the engineers found that the users could ping to the gateway 172.16.8.1 successfully
on the PCs. Therefore, the problem was caused by the configuration of the Supervlan.
SolutionThe engineers modified the configuration to bind the sub interface to the IP address pool on
T64G, as shown below.
August 2008 Issue 126
Maintenance Experience36
T64G(config)#vlan 200
T64G(config-vlan)# supervlan 2
T64G(config-vlan)# ip supervlan pool 172.16.8.2 172.16.8.20/*the address range of the users that access through vlan200*/
T64G(config-vlan)#exit
The problem was solved.
Experience SummaryThe problem was solved after the sub interface was bound to the IP address pool, because
the default configuration on the switch was ip-pool-filter enable. The switch before version
B10 supports 255 Supervlans. Each Supervlan supports up to 8 subvlans but the subvlan can
not be bound to the address pool. The switch after version B10 supports 255 Supervlans. Each
Supervlan supports up to 4094 subvlans and the subvlan can be bound to the address pool. Two
default configuration commands are added to the Supervlan after version B10, as shown below.
T64G(config)#interface supervlan1
T64G(config-if)#arp-broadcast disable /*default configuration*/
T64G(config-if)#ip-pool-filter enable /* default configuration*/
If the users do not configure the subvlan pool, the configuration can be changed as follows.
T64G(config)#interface supervlan1
T64G(config-if)#arp-broadcast enable
T64G(config-if)#ip-pool-filter disable
When the subvlan pool is configured, it is not recommended to change the configuration of the
Supervlan. ■
www.zte.com.cn
37Data Products
Figure 1. Network Topology
⊙ Shan Changliang / ZTE Corporation
Address SuperpositionKey words: BAS, address superposition, address pool, dial
Network Topology As shown in Figure 10, the users of dial-up
services connect to a UAS 10400. They get on-
line after passing the authentication of the dial-up
services.
Malfunction Situation
During the service rush hour (20:00~21:00)
everyday, some users could dial successfully
but they failed to access to the Internet. The
users could ping to the address of UAS 10400
successfully but failed to ping to other addresses.
If the users hung up and retried to dial for
many times, maybe they could access to the
Internet. After the service rush hour, the problem
disappeared.
Malfunction AnalysisThe engineers had dealt with the similar
August 2008 Issue 126
Maintenance Experience38
problem before. The problem was solved
after the engineers changed the related
cards. Therefore, the engineers tried to
change the ports, slots and cards, but the
problem was not solved.
Therefore, the problem may be caused
by routes. The engineers took the following
steps.
(1) The engineers input the show s u b s c r i b e r s a c t i v e u s e r n a m e
<username> command to f ind an IP
address of a user with the problem
(192.168.1.20).
( 2 ) Th e e n g i n e e r s l o g g e d i n t o
another device and input the trace route 192.168.1.20 command.
( 3 ) Th e e n g i n e e r s l o g g e d i n t o
another device and input the trace route
192.168.1.1 command. The address
192.168.1.1 was the interface address of
the address pool that the user address
(192.168.1.20) was in.
The results of step 2 and 3 showed
that there was a strange address (not the
address of the UAS 10400). It was the
address of the MA5200.
The engineers logged into the MA5200
and checked the configuration. They
found that there was a network segment
of user address 192.168.1.0/24 which was the
same with the network segment configured on
the UAS 10400. Besides, on the S8016 there
was a static route that designated the next hop of
192.168.1.0/24 to the MA5200.
Due to the address superposition and there was
no route to the UAS 10400 from 192.168.1.0/24
on the S8016, when the users connecting to the
UAS 10400 obtained the addresses in network
segment 192.168.1.0/24, they failed to access to
the Internet.
SolutionThe engineers deleted the network segment
192.168.1.0/24 from the address pool on the
MA5200, and then configured the back route of
192.168.1.0/24 to the UAS 10400 on the S8016.
The problem was solved.
Experience SummaryAccording to the address distribution algorithm
on UAS 10400, the addresses in the pool are
distributed from top to bottom. The address pool
192.168.1.0/24 was the last but one, therefore, it
was used only during the service rush hour.
When the users hung up and retried to dial,
if there were addresses in the pool on the top
released at that time, the users could obtain the
addresses to access to the Internet normally. ■
www.zte.com.cn
39Data Products
Network TopologyAs shown in Figure 1, one ZXR10 3252 switch
works as the gateway and other ZXR10 3252
switches work as the access switches. The users
use fixed IP addresses to access the network.
Malfunction Situation
The users said that sometimes there were long
time delays before they succeeded accessing the
network, and sometimes they failed to access the
network.
The engineers logged into the gateway switch
to check the CPU utilization ratio. They found that
the CPU utilization ratio kept at about 50% to 60%.
When the users pinged to the gateway, there were
long time delays.
Malfunction AnalysisTo find out the problem, the engineers took the
following steps.
(1) The engineers logged into the gateway
switch to check the system process information, as
shown below.
3252#show taskinfo
NAME PRI STATUS MTICKS Used(%)
----------------------------------------------------
Protocol 140 PEND 1 41.20
The result showed that the protocol processes
took up about 40% CPU resources.
(2) The engineers input the show logging alarm command on the gateway switch to display
the alarm information, as shown below.
⊙ Zhang Fan / ZTE Corporation
Switch CPU Utilization Ratio AbnormityKey words: 3252, CPU, utilization ratio, ARP, ACL
3252#show logging alarm
An alarm 21768 level 5 occurred
a t 23:36:01 04/01/2007 UTC
sent by MCP %ACL PROTOCOL
PROTECT% Receive too many
packets of 'arprequest' from port
fei_1/1
An alarm 21768 level 5 occurred
a t 23:36:31 04/01/2007 UTC
sent by MCP %ACL PROTOCOL
PROTECT% Receive too many
packets of 'arprequest' from port
fei_1/4
An alarm 21768 level 5 occurred
a t 23:36:31 04/01/2007 UTC
sent by MCP %ACL PROTOCOL
PROTECT% Receive too many
packets of 'arprequest' from port
fei_1/1
……
Figure 1. Network Topology
August 2008 Issue 126
Maintenance Experience40
The result showed that the switch received a lot of ARP REQUEST messages.
(3) The engineers input the debug arp command to check the ARP processes on the switch,
as shown below.
3252#debug arp
ARP debugging is on
18:55:48 IP ARP:req filtered src 192.168.11.175 000D.8769.079E, dst 192.168.222.41
wrong cable vlan308
18:55:48 IP ARP:req filtered src 192.168.11.175 000D.8769.079E, dst 192.168.222.53
wrong cable vlan308
18:55:48 IP ARP:req filtered src 192.168.11.175 000D.8769.079E, dst 192.168.222.116
wrong cable vlan308
……
The result showed that there were some items that could not be filtrated by the ARP source
filtration function.
According to the arp source-filtered rule, when an interface receives an ARP message, the
system searches the route according to the source IP address. If the route belongs to the local
interface, the device accepts the message; otherwise, the device discards the message. By
default, the ARP source filtration function is enabled.
In this case, the gateway switch received a lot of ARP REQUEST messages. The source IP
address of these ARP REQUEST messages was not in the address range of its subnet. That is, an
illegal user sent the messages. Therefore, the messages could not pass the ARP source filtration
and were discarded.
Since these messages were discarded, the gateway switch should not process these
messages. Why did the CPU utilization ratio keep high? It was because that the ARP source
filtration function was implemented by the software and CPU took part in the judgment and
calculation. Therefore, these messages cost a lot of CPU resources.
SolutionThe engineers used ACL to filtrate the illegal messages, as shown below.
acl basic number 1
rule 1 deny 192.168.11.0 0.0.0.255 /*refuse the packets with source IP addresses in
network segment 192.168.11.0/24 */
rule 2 permit any
!
Interface fei_1/1
ip access-group 1 0 in /*apply the ACL to the interface*/
!
Interface fei_1/4
ip access-group 1 0 in
!
www.zte.com.cn
41Data Products
The ACL function is implemented by hardware. When the interface received illegal messages,
the messages were discarded directly and did not cost the CPU resources.
Experience SummaryWith the development of network, there are more and more network viruses. In this case, a
host of the user infected a virus. The virus changed the source IP address of the messages and
sent them to the switch. This affected the switch and other users.
The anti-virus ACL can be applied to interfaces to protect the host effectively. A common anti-
virus ACL configuration is shown as follows.
acl extend number 101
rule 1 deny tcp any any eq 135
rule 2 deny tcp any any eq 139
rule 3 deny tcp any any eq 136
rule 4 deny tcp any any eq 137
rule 5 deny tcp any any eq 445
rule 6 deny tcp any any eq 5554
rule 7 deny tcp any any eq 9996
rule 8 deny tcp any any eq 1433
rule 9 deny tcp any any eq 1434
rule 10 deny udp any any eq 1433
rule 11 deny udp any any eq 1434
rule 12 deny udp any any eq 135
rule 13 deny udp any any eq 139
rule 14 deny udp any any eq 136
rule 15 deny udp any any eq 137
rule 16 deny udp any any eq 445
rule 17 deny udp any any eq 5554
rule 18 deny udp any any eq 9996
rule 19permit ip any any
!
August 2008 Issue 126
Maintenance Experience42
Figure 1. Network Topology
wireless communication.
(2) The user connects to GGSN through
SGSN. Internal interconnection IP addresses
are configured between SGSN and GGSN. And
GTP runs on SGSN and GGSN. The cell data is
encapsulated on SGSN and de-capsulated on
GGSN.
(3) GGSN distributes the IP address, gateway
and DNS for the user through DHCP.
(4) When the cell phone user obtains the IP
address, gateway and DNS, the messages for
online service are sent to SGSN.
(5) The messages for online service are
encapsulated by GTP on SGSN, and then are sent
to GGSN.
(6) When GGSN receives these messages,
it implements GTP de-capsulation for these
messages.
(7) After de-capsulation, these messages
become common IP messages. They are
forwarded through Gi interface on GGSN.
(8) These IP messages (using IP addresses of
the private network) reach the router after Layer 2
transparent transmission on the switch and filtration
on the firewall (Layer 2 transparent transmission).
(9) The router translates the IP addresses of
these messages into public network addresses
through NAT on VLAN sub interfaces. After that,
these messages are sent to the Internet. Therefore,
the cell phone user can get on-line.
Network TopologyFigure 1 shows a topology of the cell
phone online service through IP bearer
network.
The flow of the cell phone online
service is described as follows:
(1) A user connects to SGSN through
⊙ Zhang Jintao / ZTE Corporation
GGSN Cell Phone Online Service through IP Bearer Network
Key words: SGSN, GGSN, GTP, DHCP, NAT, cell phone online service
www.zte.com.cn
43Data Products
Cell Phone Online Service through IP Bearer NetworkAccording to the flow of the cell phone online service, cell phone online service can be realized
through IP bearer network in the following steps:
(1) Configure the IP addresses for the Gi interfaces on GGSN, for example, 192.168.100.4/24 and 192.168.101.4/24.
(2) Configure two VLANs on the access switch to transmit the messages from Gi interfaces
transparently, for example, Vlan 100 and Vlan 101.
(3) Configure Netscreen Redundant Protocol (NSRP) on the firewalls. Meanwhile, configure
Layer 2 VLAN transparent transmission on the firewalls for messages from Gi interfaces.
(4) Enable two VLAN sub interfaces on the two routers to configure VRRP as the redundant
gateway for the Gi interfaces. Add a switch between the two routers to forward Layer 2 multicast
messages of VRRP.
(5) Configure OSPF on the two routers.
(6) Configure the two VLAN sub interfaces as the inside interfaces of NAT, and configure
the interfaces connecting to the Internet as the outside interfaces of NAT. Configure the address
pool of the private network as the private address that the cell phone user obtains (for example,
10.1.0.0/16). Configure the address pool of the public network as the corresponding public
network segment.
(7) On the two routers, configure default routes to the peer router that connects to the Internet.
(8) On the two routers, configure static back routes with 10.1.0.0/16 (the private IP address
of the cell phone) as the destination network segment, and with the IP addresses of Gi interfaces
(192.168.100.4 and 192.168.101.4) on GGSN as the next hops.
Related ConfigurationOn the switches and firewalls, it is only required to configure the corresponding channels for
VLAN transparent transmission.
On the VRRP master, the configuration is as follows:
(1) This step describes how to configure a sub interface as the VRRP gateway of the Gi
interfaces of GGSN.
interface fei_1/1.13
encapsulation dot1Q 13
ip address 192.168.100.254 255.255.255.0
vrrp 3 ip 192.168.100.254
vrrp 3 advertise 3
ip nat inside
!
interface fei_1/1.14
encapsulation dot1Q 14
ip address 192.168.101.254 255.255.255.0
vrrp 4 ip 192.168.101.254
August 2008 Issue 126
Maintenance Experience44
vrrp 4 advertise 3
ip nat inside
!
(2) This step describes how to configure the outside interface of NAT.
interface fei_5/1
ip address 213.55.83.241 255.255.255.248
negotiation auto
ip nat outside
!
(3)This step describes how to configure the address pool of NAT.
ip nat start
ip nat pool mobile 213.55.83.243 213.55.83.244 prefix-length 29
ip nat inside source list 1 pool mobile overload
!
ip access-list standard 1
permit 10.1.0.0 0.0.255.255
!
(4) This step describes how to configure the related routes.
router ospf 100
router-id 192.168.105.254
network 192.168.105.16 0.0.0.3 area 0.0.0.0
network 192.168.105.254 0.0.0.0 area 0.0.0.0
redistribute connected
!
ip route 10.1.0.0 255.255.0.0 192.168.101.4 tag 152
ip route 10.1.0.0 255.255.0.0 192.168.100.4 tag 151
ip route 0.0.0.0 0.0.0.0 213.55.83.242
!
www.zte.com.cn
45Data Products