0% found this document useful (0 votes)

6 views

Cisco-IOS-XR-Introduction-Ver-1

The document provides an overview of Cisco IOS XR, highlighting its differences from Cisco IOS, particularly in terms of architecture, configuration processes, and operational reliability. It explains the modular and memory-protected nature of IOS XR, as well as its two-stage configuration model that requires changes to be committed before taking effect. Additionally, the document covers basic configuration options and the unique prompt structure in IOS XR.

Uploaded by

Min Htet

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

6 views

Cisco-IOS-XR-Introduction-Ver-1

Uploaded by

Min Htet

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 103

CISCO IOS XR

Jeffrey Fry
© October 2012
FryGuy.Net
Table of Contents
1. Cisco IOS XR Introduction and Comparison to IOS
2. Cisco IOS XR Prompt and Hostname Differences
3. Basic Configuration Options
4. Configuring an Interface - Basic IPv4 and IPv6 address
5. Bundled Interfaces
6. Software Installation and PIE packages
7. Licensing
8. Aliases
9. Wildcard Masks
10.Processes
11.Remote Access Services – Telnet and SSH
12.TACACS Configuration ( default and non-default VRF)
13.Access Lists
14.OSPF
15.EIGRP
16.RIP
17.IS-IS
18.BGP - iBGP and eBGP
19.Route Filtering
20.VRF lite and Dot1Q Trunks
21.Basic MPLS - LDP
22.MPLS VPN
23.L2VPN
24.NHRP (HSRP/VRRP)

Cisco IOS XR Training Page 2

© 2012 Jeffrey Fry FryGuy.Net
There are two topologies that have been used. This is because of what I had
access to changed over time. For this lab, here is a topology diagram of
what was used:

ASR9000 and Cisco 2811

CE1 / R3 CE2 / R4
S S
S L S L
L O R L O R

O T O T
2
A= ACT F= FDX Cisco 2811 2
A= ACT F= FDX Cisco 2811
T S= SPEED L= LINK T S= SPEED L= LINK
3 3
FE 0/1 FE 0/0 A FE 0/1 FE 0/0 A
A A
F F F F
S S S S S S
L S L S
L L
O O L L O O L L
T T T T
NME0 1 0 NME0 1 0
PVDM1 PVDM2 AIM1 AIM0 PVDM1 PVDM2 AIM1 AIM0

F0/0 F0/0

Cisco ASR 9000 Series Cisco ASR 9000 Series

1 3 5 7 9 11 13 15 17 19
G0/1/0/11 G0/1/0/11 1 3 5 7 9 11 13 15 17 19
A9K- 2T- 20GE

A9K- 2T- 20GE

A/L A/L L A/L A/L L
0 1 L 0 1 L

0 2 4 6 8 10 12 14 16 18 0 2 4 6 8 10 12 14 16 18

G0/0/0/11
1 3 5 7 9 11 13 15 17 19 1 3 5 7 9 11 13 15 17 19

G0/0/0/11
A9K- 2T- 20GE

A9K- 2T- 20GE

A/L A/L L A/L A/L L
0 1 L 0 1 L

0 2 4 6 8 10 12 14 16 18 0 2 4 6 8 10 12 14 16 18

E SB E SB
FAIL

FAIL
MAJ

CRIT

MAJ

CRIT
MIN

MIN
A9K-RSP-4G

A9K-RSP-4G
TEST
LAMP

TEST
LAMP
ACO

ACO
ALARM OUT SYNC 1 SYNC 0 AUX CONSOLE MGT LAN 1 MGT LAN 0 ALARM OUT SYNC 1 SYNC 0 AUX CONSOLE MGT LAN 1 MGT LAN 0
2

2
ACO

HDD

SYNC

ACO

HDD

SYNC
1

0
PE1 / R1 PE2 / R2

Cisco 12000

R1
R2
Cisco 12000 SERIES
Cisco 12000 SERIES

0 1 2 3 CSCO CSC1 4 5 6 7

LINK
LINK

SLOT 0 SLOT 1 SLOT 0 SLOT 1

RESET RESET SLOT 0 SLOT 1 SLOT 0 SLOT 1

LINK RESET RESET

G0/3/0/2 G0/5/0/2 LINK

3
AUX

AUX

AUX
CONSOLE

CONSOLE

LINK
CONSOLE

CONSOLE

5 LINK

LINK

TX RX
COLL LINK

TX RX
COLL
G0/3/0/3 G0/5/0/3 LINK COLL LINK COLL

TX RX TX RX

MII RJ45 MII RJ45

7
7
ROUTE PROCESSOR

ROUTE PROCESSOR
8 FAST ETHERNET FX

ROUTE PROCESSOR

8 FAST ETHERNET FX

LINK

8888 8888 LINK

8888
8888 8888 8888 8888
8888 8888
8888
8888 8888

Cisco IOS XR Training Page 3

© 2012 Jeffrey Fry FryGuy.Net
1. Cisco IOS XR Introduction and
Comparison to IOS
Let’s start with the basic difference between Cisco IOS and Cisco IOS XR
code, the Operating System.

In Cisco IOS, the kernel is monolithic, meaning everything in installed in a

single image and all processes share the same address space. There is no
memory protection between processes, so if one crashes it can impact all
other processes on the box – thus forcing or causing a reload of the entire
router. The other thing with monolithic code is that it has a run to
completion scheduler, so the kernel will not preempt a process that is
running; the process must make a kernel call before another process has a
chance to execute.

In Cisco IOS XR, the kernel is based on an OS called QNX Neutrino that runs
some very powerful and reliable systems. QNX runs – per their News Release at
http://www.qnx.com/news/pr_1329_3.html - things from EKG machines, to Air
Traffic Control systems, and among other things – automated beer bottle
inspection systems. IOS XR offers modularity and memory protection between
processes, threads and supports preemptive scheduling as well as the ability
to restart a failed process. Protocols like BGP, OSPF, OSPFv3, RIBv4, RIBv6,
etc all run in separate spaces – if one has a fault, it will not impact the
others. Also, an added bonus, if you run multiple routing protocol instances
(like OSPF), each process will run in its own memory space – this is an
important feature of Service Providers – any fault with one customer process
will not impact another.

Another big difference between IOS and IOS XR is the configuration model. IOS
is a single stage model meaning that as soon as you make a change, it is
applied to the active running config. With IOS XR, you have a running
(active) config that you cannot modify directly, all your changes are made in
a staging area first before being committed to the running config. After you
make your changes, you commit them and promote the staging config to the
active config. Before the change is made active, the IOS XR will run a sanity
check on it making sure that the commands are correct to a certain degree, if
there is a problem it will tell you so that you can correct the error

% Failed to commit one or more configuration items. Please use 'show configuration failed' to view the
errors

Cisco IOS XR Training Page 4

IOS XR IOS
Config changes do not Configuration changes take
take place immediately place immediately

Config changes must be No commit, changes

COMMITted before taking immediate
effect

You can check your No verification, immediate.

configuration before
applying it

Two stage configuration Single stage

Configuration Rollback Not easy to do, has to be

manually configured and not
guaranteed

Feature centric Interface centric

Cisco IOS XR Training Page 5

© 2012 Jeffrey Fry FryGuy.Net
2. Cisco IOS XR Prompt and Hostname
Differences
Let’s cover the prompt real quick as that is a bit different than what people
are used to.

Let’s look at the standard IOS prompt vs. the IOS XR prompt.
IOS: Router#
IOS-XR: RP/0/7/CPU0:ios#

As you can see the prompt is a bit different. In standard IOS you have the
hostname, but in IOS XR you get a bit more information. It breaks down as
follows:
Prompt Syntax:
Type – type of interface card (Usually RP for Route Processor)
Rack – What Rack number this is installed in in a multishelf
system, typically 0 if standalone
Slot – Slot the RP is installed in (7 in this example)
Module – What execute the user commands or port interface.
Usually CPU0 or CPU1
Name – Hostname of the router, default here is IOS

Ok, now let’s change the hostname on typical IOS so you can see the
difference. Going forward, BLUE text is prompts and router feedback, RED are
commands entered.
Router#
Router#conf t
*Mar 29 16:32:51.507: %SYS-5-CONFIG_I: Configured from console by console
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#

As you can see, in IOS the hostname changed immediately after hitting Enter.

So, let’s change the hostname to R1 on IOS XR code:

RP/0/7/CPU0:ios#
RP/0/7/CPU0:ios#conf t
Thu Mar 29 16:00:43.844 UTC
RP/0/7/CPU0:ios(config)#hostname R1
RP/0/7/CPU0:ios(config)#

Cisco IOS XR Training Page 6

© 2012 Jeffrey Fry FryGuy.Net
Notice that the hostname did not change? In IOS XR you need to COMMIT your
changes in order for them to take effect. But before we commit them, let’s do
a show config quick
RP/0/7/CPU0:ios(config)#
RP/0/7/CPU0:ios(config)# sh config
Thu Mar 29 16:03:53.060 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
hostname R1
end

RP/0/7/CPU0:ios(config)#

Pretty cool, the router will show you the changes you are about to make, this
is your staging config changes.

Now we can COMMIT the changes

RP/0/7/CPU0:ios(config)#commit
Thu Mar 29 16:03:04.182 UTC
RP/0/7/CPU0:R1(config)#

See, once you entered COMMIT, the hostname change from IOS to R1.

Cisco IOS XR Training Page 7

© 2012 Jeffrey Fry FryGuy.Net
3. Basic Configuration Options
Ok, we have seen the basic COMMIT option – but what other options do we have
for configuration mode? Well, we have a few to choose from.

First, what if I am making changes and decide I don’t want them? You have a
few options. First you could just exit all the way out.

RP/0/7/CPU0:R1(config)#exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: no

And once you exit out, all your changes are lost.

Ok, that is one option. Another is clear. To demonstrate we will create

loopback 666:
RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:18:52.956 UTC
RP/0/7/CPU0:R1(config)#int loop666
RP/0/7/CPU0:R1(config-if)#ip add 6.6.6.6/32

Ok, let’s check the candidate configuration:

RP/0/7/CPU0:R1(config-if)#show config
Sun Apr 1 22:19:03.438 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
interface Loopback666
ipv4 address 6.6.6.6 255.255.255.255
!
end

RP/0/7/CPU0:R1(config-if)#

OK, we have it in the candidate configuration now. We changed our mind about
that – so lets clear it.
RP/0/7/CPU0:R1(config-if)#clear

Now check the candidate configuration again.

RP/0/7/CPU0:R1(config)#show config
Sun Apr 1 22:19:34.733 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
end

RP/0/7/CPU0:R1(config)#

There, all gone!

Cisco IOS XR Training Page 8

© 2012 Jeffrey Fry FryGuy.Net
Now, what if we want to make a change but we want to be sure we don’t lose
connection to the router? Well, we can do a commit confirm, this way if we
do lose connection our change will be rolled back!

RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:23:01.154 UTC
RP/0/7/CPU0:R1(config)#int loop 666
RP/0/7/CPU0:R1(config-if)#ip add 6.6.6.6/32

Now, lets look at our commit confirmed options:

RP/0/7/CPU0:R1(config-if)#commit confirmed ?
<30-65535> Seconds until rollback unless there is a confirming commit
minutes Specify the rollback timer in the minutes
<cr> Commit the configuration changes to running

See, we can have a few seconds or a few minutes. Pretty cool!

RP/0/7/CPU0:R1(config-if)#commit confirmed 30
Sun Apr 1 22:23:19.344 UTC

Now, lets see if we have loop666:

RP/0/7/CPU0:R1(config-if)#do show int loop666
Sun Apr 1 22:23:34.353 UTC
Loopback666 is up, line protocol is up
Interface state transitions: 1
Hardware is Loopback interface(s)
Internet address is 6.6.6.6/32
MTU 1500 bytes, BW 0 Kbit
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation Loopback, loopback not set,
Last input Unknown, output Unknown
Last clearing of "show interface" counters Unknown

RP/0/7/CPU0:R1(config-if)#

Yup, its there. Now we can wait a few seconds (30 or so) and do the show
interface command again.
RP/0/7/CPU0:R1(config-if)#do show int loop666
Sun Apr 1 22:25:09.361 UTC
Interface not found (Loopback666)

RP/0/7/CPU0:R1(config-if)#

All gone!

Cisco IOS XR Training Page 9

© 2012 Jeffrey Fry FryGuy.Net
Ok, now lets commit it this time.
RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:26:20.749 UTC
RP/0/7/CPU0:R1(config)#int loop666
RP/0/7/CPU0:R1(config-if)#ip add 6.6.6.6/32
RP/0/7/CPU0:R1(config-if)#commit confirmed 30
Sun Apr 1 22:26:32.913 UTC
RP/0/7/CPU0:R1(config-if)#

Lets see if the interface is there:

RP/0/7/CPU0:R1(config-if)#do show int loop666
Sun Apr 1 22:26:38.421 UTC
Loopback666 is up, line protocol is up
Interface state transitions: 1
Hardware is Loopback interface(s)
Internet address is 6.6.6.6/32
MTU 1500 bytes, BW 0 Kbit
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation Loopback, loopback not set,
Last input Unknown, output Unknown
Last clearing of "show interface" counters Unknown

Yup, now we can commit it again to make it stay.

RP/0/7/CPU0:R1(config-if)#commit
Sun Apr 1 22:26:40.299 UTC

% Confirming commit for trial session.

RP/0/7/CPU0:R1(config-if)#

And lets make sure it is still there.

RP/0/7/CPU0:R1#sh int loop 666
Sun Apr 1 22:27:09.232 UTC
Loopback666 is up, line protocol is up
Interface state transitions: 1
Hardware is Loopback interface(s)
Internet address is 6.6.6.6/32
MTU 1500 bytes, BW 0 Kbit
reliability Unknown, txload Unknown, rxload Unknown
Encapsulation Loopback, loopback not set,
Last input Unknown, output Unknown
Last clearing of "show interface" counters Unknown

RP/0/7/CPU0:R1#

Look at that, IOS XR has a commit confirmed – just like someone else does as
well.

Cisco IOS XR Training Page 10

You can configure the system in exclusive mode, this way only you can be
making changes and nobody else. To do this, just enter configure exclusive

RP/0/7/CPU0:R1#configure exclusive

You can add comments and notations to your commit that will show up in the
rollback.
RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:32:23.941 UTC
RP/0/7/CPU0:R1(config)#int loop 667
RP/0/7/CPU0:R1(config-if)#ip add 6.6.6.7/32
RP/0/7/CPU0:R1(config-if)#exit
RP/0/7/CPU0:R1(config)#commit comment Created Loopback 667 For Testing
Sun Apr 1 22:33:34.589 UTC
RP/0/7/CPU0:R1(config)#

Now, if a comment has been added, you can see it via the show configuration
history last x detail command
RP/0/7/CPU0:R1#sh configuration history last 1 detail
Sun Apr 1 22:36:04.053 UTC
1) Event: commit Time: Sun Apr 1 22:33:36 2012
Commit ID: 1000000230 Label:
User: user Line: con0_7_CPU0
Client: CLI Comment: Created Loopback 667 For Testing

RP/0/7/CPU0:R1#

Ok, let’s quickly look at loading a configuration from the disk and
overwriting an existing configuration.

I have copied a config to disk0a: called newconfig.txt. What I want to do is

install this configuration as the running config on the router.

1626 -rwx 204 Wed Oct 17 01:21:30 2012 newconfig.txt

So to start, lets delete the existing configuration

RP/0/RSP0/CPU0:R1(config)#commit replace
Wed Oct 17 01:21:43.406 UTC

This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: y
RP/0/RSP0/CPU0:ios(config)#
RP/0/RSP0/CPU0:ios(config)#exit

Cisco IOS XR Training Page 11

© 2012 Jeffrey Fry FryGuy.Net
Ok, so now we are at an unconfigured device. Now we can load the config on
the disk to the running config.

RP/0/RSP0/CPU0:ios(config)#load disk0a:/newconfig.txt
Loading.
204 bytes parsed in 1 sec (203)bytes/sec

The configuration is now loaded into the candidate config. Let us check what
is there and then commit it.
RP/0/RSP0/CPU0:ios(config)#show confi
Wed Oct 17 01:26:17.539 UTC
Building configuration...
!! IOS XR Configuration 4.1.2
hostname R1
domain name lab.cfg
interface Loopback100
ipv4 address 100.100.100.100 255.255.255.255
!
end

RP/0/RSP0/CPU0:ios(config)#commit
Wed Oct 17 01:26:22.174 UTC
RP/0/RSP0/CPU0:R1(config)#

There, we have loaded the config and applied the changes.

I have loaded another file to the router called ReplaceConfig.txt. This is a

new configuration for the router, one that we want to replace the existing
config with.

RP/0/RSP0/CPU0:R1#conf t
Wed Oct 17 01:37:23.638 UTC
RP/0/RSP0/CPU0:R1(config)#load disk0a:/ReplaceConfig.txt
Loading.
283 bytes parsed in 1 sec (282)bytes/sec
RP/0/RSP0/CPU0:R1(config)#show config
Wed Oct 17 01:37:38.571 UTC
Building configuration...
!! IOS XR Configuration 4.1.2
hostname Router1
domain name NewLab.CFG
interface Loopback100
ipv4 address 101.101.101.101 255.255.255.255
!
interface TenGigE0/0/0/0
ipv4 address 200.200.200.202 255.255.255.0
!
end

Cisco IOS XR Training Page 12

This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: y
RP/0/RSP0/CPU0:Router1(config)#

What other options to loaf configuration are there? Well, here is a list:
RP/0/RSP0/CPU0:Router1(config)#load ?
WORD Load from file
bootflash: Load from bootflash: file system
commit Load commit changes
compactflash: Load from compactflash: file system
compactflasha: Load from compactflasha: file system
configuration Contents of configuration
diff Load from diff file
disk0: Load from disk0: file system
disk0a: Load from disk0a: file system
disk1: Load from disk1: file system
disk1a: Load from disk1a: file system
ftp: Load from ftp: file system
harddisk: Load from harddisk: file system
harddiska: Load from harddiska: file system
harddiskb: Load from harddiskb: file system
lcdisk0: Load from lcdisk0: file system
lcdisk0a: Load from lcdisk0a: file system
nvram: Load from nvram: file system
rcp: Load from rcp: file system
rollback Load rollback changes
tftp: Load from tftp: file system
RP/0/RSP0/CPU0:Router1(config)#

You can load from the local disk, RCP, TFTP, FTP, etc if you want.

Cisco IOS XR Training Page 13

© 2012 Jeffrey Fry FryGuy.Net
4. Configuring an interface
Basic IPv4 and IPv6 address
First we will take a look at what interfaces we have and review them quickly.
We can use the same IOS command we are already familiar with – show ip
interface brief

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#sh ip int br
Thu Mar 29 18:12:04.883 UTC

Interface IP-Address Status Protocol

MgmtEth0/7/CPU0/0 unassigned Shutdown Down
MgmtEth0/7/CPU0/1 unassigned Shutdown Down
MgmtEth0/7/CPU0/2 unassigned Shutdown Down
GigabitEthernet0/3/0/0 unassigned Down Down
GigabitEthernet0/3/0/1 unassigned Down Down
GigabitEthernet0/3/0/2 unassigned Up Up
GigabitEthernet0/3/0/3 unassigned Up Up
MgmtEth0/6/CPU0/0 unassigned Shutdown Down
MgmtEth0/6/CPU0/1 unassigned Shutdown Down
MgmtEth0/6/CPU0/2 unassigned Shutdown Down
RP/0/7/CPU0:R1#

Here you can see that we have an RP in Slot 6 and 7 (Mgmt) and a 4-port Gig
card in Slot 3. For this lab, interfaces G0/3/0/2 and G0/3/0/3 are pre-
cabled to another router and are currently UP/UP right now.

Let configure an IP address on G0/3/0/2 of 150.1.12.1 with a mask of

255.255.255.0

First, let’s look at the running config on the interface now:

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#sh run int g0/3/0/2
Thu Mar 29 18:38:29.942 UTC
% No such configuration item(s)

RP/0/7/CPU0:R1#

As you can see, it says No such config, it is telling you that it is

unconfigured.

RP/0/7/CPU0:R1#conf t
Thu Mar 29 18:38:31.891 UTC
RP/0/7/CPU0:R1(config)#int g0/3/0/2
RP/0/7/CPU0:R1(config-if)#ip add 150.1.12.1/24

Cisco IOS XR Training Page 14

© 2012 Jeffrey Fry FryGuy.Net
Notice, on IOS XR you can use / for the subnet, no more entering
255.255.255.0 :
RP/0/7/CPU0:R1(config-if)#show config
Thu Mar 29 18:38:44.248 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
interface GigabitEthernet0/3/0/2
ipv4 address 150.1.12.1 255.255.255.0
!
end
RP/0/7/CPU0:R1(config-if)#

Another cool thing with IOS-XR is you can find out where you are any time you
want just by entering PWD
RP/0/7/CPU0:R1(config-if)#pwd

Thu Mar 29 19:31:24.666 UTC

interface GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1(config-if)#
RP/0/7/CPU0:R1(config-if)#comm
Thu Mar 29 18:38:46.216 UTC
RP/0/7/CPU0:R1(config-if)#

Now, let’s check the running config on that interface again:

RP/0/7/CPU0:R1#sh run int g0/3/0/2
Thu Mar 29 18:42:43.763 UTC
interface GigabitEthernet0/3/0/2
ipv4 address 150.1.12.1 255.255.255.0
!

RP/0/7/CPU0:R1#

Let’s PING our neighbor now – 150.1.12.2

RP/0/7/CPU0:R1#ping 150.1.12.2
Thu Mar 29 18:44:39.570 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/8/12 ms
RP/0/7/CPU0:R1#

Now, lets configure a loopback for R1 of 1.1.1.1/32

RP/0/7/CPU0:R1#conf t
Thu Mar 29 19:25:19.486 UTC
RP/0/7/CPU0:R1(config)#int l0
RP/0/7/CPU0:R1(config-if)#ip add 1.1.1.1/32
RP/0/7/CPU0:R1(config-if)#exit
RP/0/7/CPU0:R1(config)#exit

Cisco IOS XR Training Page 15

© 2012 Jeffrey Fry FryGuy.Net
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:yes
RP/0/7/CPU0:R1#
Notice this time I did not commit the change, but the system knew I was
making changes and asked me if I wanted to commit them. I simply responded
with YES and it saved them for me. If I did not want to save them, I could
have entered NO and all the changes would have been tossed out. If I would
have selected CANCEL, I would go back into edit mode.

Now time to configure some IPv6 addresses – first 2001:1:1:12::1/64

RP/0/7/CPU0:R1#conf t
Thu Mar 29 19:26:21.184 UTC
RP/0/7/CPU0:R1(cconfig)#int g0/3/0/2
RP/0/7/CPU0:R1(config-if)#ipv6 address 2001:1:1:12::1/64
RP/0/7/CPU0:R1(config-if)#exit
RP/0/7/CPU0:R1(config)#commit
Thu Mar 29 19:26:39.769 UTC
RP/0/7/CPU0:R1(config)#exit

And now we can try to PING our neighbor at 2001:1:1:12::2

RP/0/7/CPU0:R1#ping 2001:1:1:12::2
Thu Mar 29 19:29:11.893 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1:1:12::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/16/68 ms
RP/0/7/CPU0:R1#

Let’s add one under our loopback interface as well – well use 2001::1/128
RP/0/7/CPU0:R1#conf t
RP/0/7/CPU0:R1(config)#int l0
RP/0/7/CPU0:R1(config-if)#ipv6 add 2001::1/128
RP/0/7/CPU0:R1(config-if)#commit
Thu Mar 29 19:30:49.920 UTC
RP/0/7/CPU0:R1(config-if)#

Cisco IOS XR Training Page 16

© 2012 Jeffrey Fry FryGuy.Net
5. Interface Bundles
Etherchannels are also different between IOS and IOS XR. In typical IOS,
they would be configured as such:
interface port-channel 1
IP add 10.1.1.1 255.255.255.0
interface FastEthernet0/0
channel-group 1
interface FastEthernet0/1
channel-group 1

IOS XE is a little different then IOS as you can choose LACP:

interface GigabitEthernet0/0/2
channel-group 12 mode active
no shut
interface GigabitEthernet0/0/3
channel-group 12 mode active
no shut
interface Port-channel12
ip address 10.1.1.1 255.255.255.252

And with IOS XR, it is a bit different again. So, for this example we will
configure Ethernet Bundle 200

First on PE2:
RP/0/RSP0/CPU0:PE2#conf t

First up though, let’s reset the interfaces back to factory by using the no
interface command:
RP/0/RSP0/CPU0:PE2(config)#no int g0/0/0/11
RP/0/RSP0/CPU0:PE2(config)#commit

Instead of a port-channel interface, we do a bundle-ether interface

RP/0/RSP0/CPU0:PE2(config)#int bundle-ether 200
RP/0/RSP0/CPU0:PE2(config-if)#ip add 150.1.12.2 255.255.255.0

Now let’s look at our bundle options:

RP/0/RSP0/CPU0:PE2(config-if)#bundle ?
load-balancing Load balancing commands on a bundle
maximum-active Set a limit on the number of links that can be active
minimum-active Set the minimum criteria for the bundle to be active
shutdown Bring all links in the bundle down to Standby state
wait-while Set the wait-while timeout for members of this bundle

Cisco IOS XR Training Page 17

© 2012 Jeffrey Fry FryGuy.Net
Ok, since this is a bundle, we should put restrictions around the max and min
links. Normally this is not a problem, but if you had to guarantee bandwidth
(say 4G, then you might consider having the min links set to 4, and if you
dropped below 4 the interface would go down).
RP/0/RSP0/CPU0:PE2(config-if)#bundle maximum-active links 2
RP/0/RSP0/CPU0:PE2(config-if)#bundle minimum-active links 1

Now let’s take a quick look at our load balancing hash options:
RP/0/RSP0/CPU0:PE2(config-if)#bundle load-balancing hash ?
dst-ip Use the destination IP as the hash function
src-ip Use the source IP as the hash function

So, for this example we will use the src-ip

RP/0/RSP0/CPU0:PE2(config-if)#bundle load-balancing hash src-ip

Now, let’s assign the interfaces to the bundle

RP/0/RSP0/CPU0:PE2(config-if)#int g0/1/0/11

Just like port-channels, the bundle ID should match the interface number you
created. But here we will also look at what bundle options we have:
RP/0/RSP0/CPU0:PE2(config-if)#bundle id 200 mode ?
active Run LACP in active mode over the port.
on Do not run LACP over the port.
passive Run LACP in passive mode over the port.

There are three ways that LACP will link aggregate:

Switch 1 Switch 2 Notes
Active Active This is the recommended configuration.
Active Passive Link will aggregate once negotiation is done
On On Aggregation will happen, but not reccomded

We will use LACP in ACTIVE mode as that is what is recommended by Cisco:

RP/0/RSP0/CPU0:PE2(config-if)#bundle id 200 mode active
RP/0/RSP0/CPU0:PE2(config-if)#no shut

And do the same for G0/0/0/11:

RP/0/RSP0/CPU0:PE2(config-if)#int g0/0/0/11
RP/0/RSP0/CPU0:PE2(config-if)#bundle id 200 mode ac
RP/0/RSP0/CPU0:PE2(config-if)#no shut

Cisco IOS XR Training Page 18

© 2012 Jeffrey Fry FryGuy.Net
Now let’s check our config before we commit:
RP/0/RSP0/CPU0:PE2(config-if)#show config
Fri Apr 27 01:46:28.451 UTC
Building configuration...
!! IOS XR Configuration 4.1.2
interface Bundle-Ether200
ipv4 address 150.1.12.2 255.255.255.0
bundle load-balancing hash src-ip
bundle maximum-active links 2
bundle minimum-active links 1
!
interface GigabitEthernet0/0/0/11
bundle id 200 mode active
no shutdown
!
interface GigabitEthernet0/1/0/11
bundle id 200 mode active
no shutdown
!
end

RP/0/RSP0/CPU0:PE2(config)#commit
Fri Apr 27 01:46:44.692 UTC

Now we can do the other Router, PE1

RP/0/RSP0/CPU0:PE1(config)#no int g0/0/0/11
RP/0/RSP0/CPU0:PE1(config)#commit
Fri Apr 27 01:49:05.892 UTC
RP/0/RSP0/CPU0:PE1(config)#int bundle-ether 200
RP/0/RSP0/CPU0:PE1(config-if)#ip add 150.1.12.1/24
RP/0/RSP0/CPU0:PE1(config-if)#bundle maximum-active links 2
RP/0/RSP0/CPU0:PE1(config-if)#bundle minimum-active links 1
RP/0/RSP0/CPU0:PE1(config-if)#bundle load-balancing hash src-ip
RP/0/RSP0/CPU0:PE1(config-if)#int g0/1/0/11
RP/0/RSP0/CPU0:PE1(config-if)#bundle id 200 mode act
RP/0/RSP0/CPU0:PE1(config-if)#no shut
RP/0/RSP0/CPU0:PE1(config-if)#int g0/0/0/11
RP/0/RSP0/CPU0:PE1(config-if)#bundle id 200 mode act
RP/0/RSP0/CPU0:PE1(config-if)#no shut
RP/0/RSP0/CPU0:PE1(config-if)#exit
RP/0/RSP0/CPU0:PE1(config)#show config
Fri Apr 27 01:50:34.351 UTC
Building configuration...
!! IOS XR Configuration 4.1.2
interface Bundle-Ether200
ipv4 address 150.1.12.1 255.255.255.0
bundle load-balancing hash src-ip
bundle maximum-active links 2
bundle minimum-active links 1
!

Cisco IOS XR Training Page 19

© 2012 Jeffrey Fry FryGuy.Net
interface GigabitEthernet0/0/0/11
bundle id 200 mode active
no shutdown
!
interface GigabitEthernet0/1/0/11
bundle id 200 mode active
no shutdown
!
end

RP/0/RSP0/CPU0:PE1(config)#commit
Fri Apr 27 01:50:37.705 UTC
RP/0/RSP0/CPU0:PE1(config)#

Now, let’s look at our bundle interface:

RP/0/RSP0/CPU0:PE1#sh int bundle-eth 200
Fri Apr 27 01:51:04.668 UTC
Bundle-Ether200 is up, line protocol is up
Interface state transitions: 1
Hardware is Aggregated Ethernet interface(s), address is 6c9c.ed2d.0bab
Internet address is 150.1.12.1/24
MTU 1514 bytes, BW 2000000 Kbit (Max: 2000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 2000Mb/s
loopback not set,
ARP type ARPA, ARP timeout 04:00:00
No. of members in this bundle: 2
GigabitEthernet0/0/0/11 Full-duplex 1000Mb/s Active
GigabitEthernet0/1/0/11 Full-duplex 1000Mb/s Active
Last input 00:00:18, output 00:00:18
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
15 packets input, 1792 bytes, 50 total input drops
0 drops for unrecognized upper-level protocol
Received 2 broadcast packets, 13 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
12 packets output, 1408 bytes, 0 total output drops

As we can see, we are UP and have a full-duplex bandwidth of 2Gs.

Cisco IOS XR Training Page 20

© 2012 Jeffrey Fry FryGuy.Net
So, let’s PING!
RP/0/RSP0/CPU0:PE1#ping 150.1.12.2
Fri Apr 27 01:51:12.692 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms
RP/0/RSP0/CPU0:PE1#

Cool! The bundle is working.

Now we can check out some of the details:

RP/0/RSP0/CPU0:PE1#sh bundle bundle-ether 200
Fri Apr 27 02:13:16.767 UTC

Bundle-Ether200
Status: Up
Local links <active/standby/configured>: 2 / 0 / 2
Local bandwidth <effective/available>: 2000000 (2000000) kbps
MAC address (source): 6c9c.ed2d.0bab (Chassis pool)
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 2
Wait while timer: 2000 ms
Load balancing:
Link order signaling: Not configured
Hash type: Src-IP
LACP: Operational
Flap suppression timer: Off
Cisco extensions: Disabled
mLACP: Not configured
IPv4 BFD: Not configured

Port Device State Port ID B/W, kbps

-------------------- --------------- ----------- -------------- ----------
Gi0/0/0/11 Local Active 0x8000, 0x0002 1000000
Link is Active
Gi0/1/0/11 Local Active 0x8000, 0x0001 1000000
Link is Active
RP/0/RSP0/CPU0:PE1#

Cisco IOS XR Training Page 21

© 2012 Jeffrey Fry FryGuy.Net
Now we can look at LACP:
RP/0/RSP0/CPU0:PE1#show lacp
Fri Apr 27 01:52:35.115 UTC
State: a - Port is marked as Aggregatable.
s - Port is Synchronized with peer.
c - Port is marked as Collecting.
d - Port is marked as Distributing.
A - Device is in Active mode.
F - Device requests PDUs from the peer at fast rate.
D - Port is using default values for partner information.
E - Information about partner has expired.

Bundle-Ether200

Port (rate) State Port ID Key System ID

-------------------- -------- ------------- ------ ------------------------
Local
Gi0/0/0/11 30s ascdA--- 0x8000,0x0002 0x00c8 0x8000,6c-9c-ed-2d-0b-ac
Partner 30s ascdA--- 0x8000,0x0003 0x00c8 0x8000,6c-9c-ed-2d-1f-cc
Gi0/1/0/11 30s ascdA--- 0x8000,0x0001 0x00c8 0x8000,6c-9c-ed-2d-0b-ac
Partner 30s ascdA--- 0x8000,0x0004 0x00c8 0x8000,6c-9c-ed-2d-1f-cc

Port Receive Period Selection Mux A Churn P Churn

-------------------- ---------- ------ ---------- --------- ------- -------
Local
Gi0/0/0/11 Current Slow Selected Distrib None None
Gi0/1/0/11 Current Slow Selected Distrib None None
RP/0/RSP0/CPU0:PE1#

Cisco IOS XR Training Page 22

© 2012 Jeffrey Fry FryGuy.Net
6. Software installation, PIE packages,
and patches
As part of any system, from time to time you need to install updates,
patches, and upgrade code. The joys of IOS XR code is that you can actually
installed patches that fix bugs, you can perform in-service upgrades and not
take down the router (provided you have a dual-supervisor router), as well as
add new services to the code. All the necessary PIE packages can be found in
the main image, they are not available separately.

You can get the main image from CCO Support and Downloads. To navigate to
the download, select:
Products -> Routers -> Service Provider Edge Routers -> ASR 9000 -> ASR 9006

Then select IOS XR Software for the main images or IOS XR Software
Maintenance Upgrades (SMU) for patches for caveats fixes.

Once you select the IOS XR Software, the most recent version of code will be
presented on the screen. Select the version that you need and proceed to
download it. If you get an error that a contract is required, please open a
Cisco TAC case requesting access, they will need the serial number of the
chassis in order to prove support.

Once you have the image on your computer, we will now need to transfer it.
Since the image is over 400 Megs as of 4.1.2, and 4.2.0 is over 700 Megs,
TFTP is probably not going to cut it (most TFTP apps do not support files
over 32 megs). What you might need to do is find an FTP server program to
use - I recommend FileZilla – but that is ultimately up to you. Once you
have your FTP server setup and ready to go, we now need to get the image
copied. For this example, I am using a username of Cisco and a password of
cisco

Cisco IOS XR Training Page 23

© 2012 Jeffrey Fry FryGuy.Net
RP/0/RSP0/CPU0:R1# copy ftp://1.1.1.2/ASR9K-iosxr-k9-4.1.2.tar compactflash:
Tue Apr 10 02:00:23.038 UTC
Source username: [anonymous]?cisco
Source password: cisco
Destination filename [/compactflash:/ASR9K-iosxr-k9-4.1.2.tar]? (just hit
enter)

The file copy will now start and will take some time (you will see
CCCCCCCCCCCCCCCCCCC) – these are large images, so patience is a virtue.

Once the file copy is complete, check the compact flash to make sure the
images transferred successfully.
RP/0/RSP0/CPU0:R2#dir compactflash:
Tue Apr 10 02:01:37.766 UTC

Directory of compactflash:

131104 -rw- 9216 Sun Jan 2 08:01:19 2000 Test

6 drwx 4096 Tue Jan 4 23:33:44 2000 LOST.DIR
131264 -rw- 453611520 Thu Apr 5 22:14:28 2012 ASR9K-iosxr-k9-4.1.2.tar

1022427136 bytes total (568795136 bytes free)

Now that we have the image, we need to extract the tar file. That is done
from ADMIN mode. You enter admin mode by typing admin at the command promt.

RP/0/RSP0/CPU0:R2#admin
Tue Apr 10 02:03:27.052 UTC
RP/0/RSP0/CPU0:R2(admin)#

Once there, we can install the tar image using the install command:
RP/0/RSP0/CPU0:ios(admin)#install add tar compactflash:ASR9K-iosxr-k9-
4.1.2.tar

Once you enter that command, the system will start to process the file and
show output:
Mon Apr 9 21:29:41.420 UTC
Install operation 1 '(admin) install add tar
/compactflash:ASR9K-iosxr-k9-4.1.2.tar' started by user 'admin' via CLI at
21:29:41 UTC Mon Apr 09 2012.
Info: The following files were extracted from the tar file
Info: '/compactflash:ASR9K-iosxr-k9-4.1.2.tar' and will be added to the
Info: entire router:
Info:
Info: asr9k-mcast-p.pie-4.1.2
Info: asr9k-mpls-p.pie-4.1.2
Info: asr9k-mini-p.pie-4.1.2
Info: asr9k-mini-p.vm-4.1.2 (skipped - not a pie)
Info: asr9k-doc-p.pie-4.1.2

Cisco IOS XR Training Page 24

© 2012 Jeffrey Fry FryGuy.Net
Info: asr9k-video-p.pie-4.1.2
Info: asr9k-mgbl-p.pie-4.1.2
Info: asr9k-optic-p.pie-4.1.2
Info: asr9k-upgrade-p.pie-4.1.2
Info: asr9k-k9sec-p.pie-4.1.2
Info: README-ASR9K-k9-4.1.2.txt (skipped - not a pie)
Info:
The install operation will continue asynchronously.

This operation will happen in the background, you will be returned to the
command prompt. Once the process is finished, the similar text will appear
on the prompt:
P/0/RSP0/CPU0:ios(admin)#Info: The following packages are now available
to be activated:
Info:
Info: disk0:asr9k-mcast-p-4.1.2
Info: disk0:asr9k-mpls-p-4.1.2
Info: disk0:asr9k-mini-p-4.1.2
Info: disk0:asr9k-doc-p-4.1.2
Info: disk0:asr9k-video-p-4.1.2
Info: disk0:asr9k-mgbl-p-4.1.2
Info: disk0:asr9k-optic-4.1.2
Info: disk0:asr9k-upgrade-p-4.1.2
Info: disk0:asr9k-k9sec-p-4.1.2
Info:
Info: The packages can be activated across the entire router.
Info:
Install operation 1 completed successfully at 21:38:52 UTC Mon Apr 09 2012.

Now that we have the image there, we need to see what inactive PIEs we have
to install and activate. The command here is show install inactive summary
RP/0/RSP0/CPU0:ios(admin)#sh install inactive summary
Mon Apr 9 21:59:10.354 UTC
Default Profile:
SDRs:
Owner
Inactive Packages:
disk0:asr9k-upgrade-p-4.1.2
disk0:asr9k-optic-4.1.2
disk0:asr9k-doc-p-4.1.2
disk0:asr9k-k9sec-p-4.1.2
disk0:asr9k-video-p-4.1.2
disk0:asr9k-mpls-p-4.1.2
disk0:asr9k-mgbl-p-4.1.2
disk0:asr9k-mcast-p-4.1.2

Cisco IOS XR Training Page 25

© 2012 Jeffrey Fry FryGuy.Net
Now we should be able to activate and install one of the PIE images, here we
will activate the MPLS one.

RP/0/RSP0/CPU0:ios(admin)#install activate disk0:asr9k-mpls-p-4.1.2

Mon Apr 9 21:59:43.108 UTC
Install operation 2 '(admin) install activate disk0:asr9k-mpls-p-4.1.2'
started
by user 'admin' via CLI at 21:59:43 UTC Mon Apr 09 2012.
Error: Cannot proceed with the operation because the upgrade package
Error: disk0:asr9k-upgrade-p-4.1.2 is present on boot disk.
Error: The disk0:asr9k-upgrade-p-4.1.2 package should only be used when
Error: upgrading from software versions prior to 4.0.0. Once the upgrade
is
Error: complbe immediately doved. No
Error: further install operations will be allowed until this is completed.
Error:
Error: Remove the package disk0:asr9k-upgrade-p-4.1.2 from the entire
router
Error: by executing the 'install remove disk0:asr9k-upgrade-p-4.1.2'
command
Error: in admin mode.
Error: No further install operations will be allowed until this is
Error: completed.
Install operation 2 failed at 21:59:44 UTC Mon Apr 09 2012.

Ahh, we got an error! The error output tells us that we need to remove the
upgrade package from the disk via the install remove command:
RP/0/RSP0/CPU0:ios(admin)#install remove disk0:asr9k-upgrade-p-4.1.2
Mon Apr 9 22:00:13.538 UTC
Install operation 3 '(admin) install remove disk0:asr9k-upgrade-p-4.1.2'
started by user 'admin' via CLI at 22:00:13 UTC Mon Apr 09 2012.
Info: This operation will remove the following package:
Info: disk0:asr9k-upgrade-p-4.1.2

Now we need to confirm it by just hitting enter:

Proceed with removing these packages? [confirm] (just hit enter to confirm)
The install operation will continue asynchronoussly.

Now if we do a show install summary, it will tell us that we are in the

process of doing something:
RP/0/RSP0/CPU0:ios(admin)#sh install summary
Mon Apr 9 22:00:22.060 UTC
Default Profile: Currently affected by install operation 3
SDRs:
Owner
Active Packages:
No packages.

Cisco IOS XR Training Page 26

© 2012 Jeffrey Fry FryGuy.Net
Once completed, we will be notified on the cli
RP/0/RSP0/CPU0:ios(admin)#Install operation 3 completed successfully at
22:00:39 UTC Mon Apr 09 2012.

Now, we should be able to install the MPLS PIE

RP/0/RSP0/CPU0:ios(admin)#install activate disk0:asr9k-mpls-p-4.1.2
Mon Apr 9 22:03:38.202 UTC
Install operation 4 '(admin) install activate disk0:asr9k-mpls-p-4.1.2'
started
by user 'admin' via CLI at 22:03:38 UTC Mon Apr 09 2012.
Info: Install Method: Parallel Process Restart
The install operation will continue asynchronously.
RP/0/RSP0/CPU0:ios(admin)#RP/0/RSP0/CPU0:Apr 9 22:04:32.428 :
insthelper[65]: ISSU: Starting sysdb bulk start session
Info: The changes made to software configurations will not be persistent
Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages
RP/0/RSP0/CPU0:Apr 9 22:04:45.933 : instdir[229]: %INSTALL-INSTMGR-4-
ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not
committed. If the system reboots then the committed software will be used.
Use 'install commit' to commit the active software.
Install operation 4 completed successfully at 22:04:45 UTC Mon Apr 09 2012.

If you want to see the status of the install, you can use the show install
request command and it will show you the percentage complete.
RP/0/RSP0/CPU0:c20.newthk01(admin)#sh install request
Sat May 12 00:43:54.386 UTC
Install operation 4 '(admin) install activate disk0:asr9k-mpls-p-4.1.2'
started
by user 'neteng' via CLI at 00:42:50 UTC Sat May 12 2012.
The operation is 85% complete
The operation can still be aborted.
RP/0/RSP0/CPU0:c20.newthk01(admin)#

Once the installation is complete, we need to COMMIT the installation using

the install commit command
RP/0/RSP0/CPU0:ios(admin)#install commit
Mon Apr 9 22:07:17.014 UTC
Install operation 5 '(admin) install commit' started by user 'admin' via CLI
at
22:07:17 UTC Mon Apr 09 2012.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:Apr 9 22:07:20.238 : instdir[229]: %INSTALL-INSTMGR-
4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the
same as the committed software.
Install operation 5 completed successfully at 22:07:20 UTC Mon Apr 09 2012.

Cisco IOS XR Training Page 27

© 2012 Jeffrey Fry FryGuy.Net
Now if we look at our show install active summary command, we now have the
MPLS PIE
RP/0/RSP0/CPU0:R2(admin)#sh install active summary
Tue Apr 10 02:12:38.009 UTC
Default Profile:
SDRs:
Owner
Active Packages:
disk0:asr9k-mini-p-4.1.2
disk0:asr9k-k9sec-p-4.1.2
disk0:asr9k-mpls-p-4.1.2

RP/0/RSP0/CPU0:R2(admin)#

When it comes to patches, they are rather easy as well. They pretty much
follow the same process as packages. Copy the file to flash, install the
tar, then activate the patch.
For this example, we will copy the CSCtu30994 -
rn_preorder_key_successor_int function is constantly looping per the readme
file.

First up, lets copy it from the TFTP server to our CompactFlash card:
RP/0/RSP0/CPU0:ASR01#copy tftp: compactflash:
Tue May 15 06:12:19.645 UTC
Address or name of remote host [192.168.1.1]? (enter)
Source filename [/tftp:]?asr9k-p-4.1.2.CSCtu30994.tar
Destination filename [/compactflash:/asr9k-p-4.1.2.CSCtu30994.tar]?
Accessing tftp://10.100.100.17/asr9k-p-4.1.2.CSCtu30994.tar
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
911360 bytes copied in 6 sec ( 134936)bytes/sec

Once copied, lets switch to ADMIN mode.

RP/0/RSP0/CPU0:ASR01#admin
Tue May 15 06:15:01.739 UTC

Now we can add the TAR files

RP/0/RSP0/CPU0:ASR01(admin)#install add tar compactflash:asr9k-p-
4.1.2.CSCtu30994.tar
Tue May 15 06:15:03.744 UTC
/compactflash:asr9k-p-4.1.2.CSCtu30994.tar' started by user 'admin' via CLI
at
06:15:04 UTC Tue May 15 2012.
Info: The following files were extracted from the tar file
Info: '/compactflash:asr9k-p-4.1.2.CSCtu30994.tar' and will be added to
the
Info: entire router:
Info:
Info: asr9k-p-4.1.2.CSCtu30994.pie

Cisco IOS XR Training Page 28

© 2012 Jeffrey Fry FryGuy.Net
Info: asr9k-p-4.1.2.CSCtu30994.txt (skipped - not a pie)
Info:
The install operation will continue asynchronously.

And once the TAR has been added, the following message will appear:
Info: The following package is now available to be activated:
Info:
Info: disk0:asr9k-p-4.1.2.CSCtu30994-1.0.0
Info:
Info: The package can be activated across the entire router.
Info:
Install operation 27 completed successfully at 06:15:39 UTC Tue May 15 2012.

Now we can activate this patch:

RP/0/RSP0/CPU0:ASR01(admin)#install activate disk0:asr9k-p-4.1.2.CSCtu30994-
1.0.0
Tue May 15 06:15:45.276 UTC
Install operation 28 '(admin) install activate
disk0:asr9k-p-4.1.2.CSCtu30994-1.0.0' started by user 'admin' via CLI at
06:15:45 UTC Tue May 15 2012.
Info: Install Method: Parallel Process Restart
The install operation will continue asynchronously.

Info: The changes made to software configurations will not be persistent

Info: across system reloads. Use the command '(admin) install commit' to
Info: make changes persistent.
Info: Please verify that the system is consistent following the software
Info: change using the following commands:
Info: show system verify
Info: install verify packages

Once the install is done we need to commit it:

RP/0/RSP0/CPU0:ASR01(admin)#install commit
Tue May 15 06:17:06.359 UTC
Install operation 29 '(admin) install commit' started by user 'admin' via CLI
at 06:17:06 UTC Tue May 15 2012.
\ 100% complete: The operation can no longer be aborted (ctrl-c for
options)RP/0/RSP0/CPU0:May 15 06:17:09.967 : instdir[233]: %INSTALL-INSTMGR-
4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the
same as the committed software.
Install operation 29 completed successfully at 06:17:09 UTC Tue May 15 2012.
And like that we are patched.

Cisco IOS XR Training Page 29

© 2012 Jeffrey Fry FryGuy.Net
Now, that was not one that required a reload, if you have one of them like
CSCtw84381, here you will be prompted that you need to reload.
RP/0/RSP0/CPU0:ASR01(admin)#install activate disk0:asr9k-p-4.1.2.CSCtw84381-
1.0.0
Tue May 15 06:30:37.867 UTC
Install operation 35 '(admin) install activate
disk0:asr9k-p-4.1.2.CSCtw84381-1.0.0' started by user 'admin' via CLI at
06:30:38 UTC Tue May 15 2012.
Info: This operation will reload the following nodes in parallel:
Info: 0/RSP0/CPU0 (RP) (SDR: Owner)
Info: 0/0/CPU0 (LC) (SDR: Owner)
Info: 0/1/CPU0 (LC) (SDR: Owner)

See, it is asking you to proceed - hit enter for Y

Proceed with this install operation (y/n)? [y] (enter)
Info: Install Method: Parallel Reload
The install operation will continue asynchronously.

Once the install is complete, the router will reload and you will need to
relogin. Do not forget to do INSTALL COMMIT!!!

Note from the Cisco website

(http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r3.9/system_m
anagement/command/reference/yr39asr9k_chapter14.html)
Install operations are activated according to the method encoded in the
package being activated. Generally, this method has the least impact for
routing and forwarding purposes, but it may not be the fastest method from
start to finish and can require user interaction by default. To perform the
installation procedure as quickly as possible, you can specify the parallel-
reload keyword. This action forces the installation to perform a parallel
reload, so that all cards on the router reload simultaneously and then come
up with the new software. This impacts routing and forwarding, but it ensures
that the installation is performed without other issues.

Cisco IOS XR Training Page 30

© 2012 Jeffrey Fry FryGuy.Net
7. Licensing
The ever loving Cisco licensing – well, not just Cisco but all vendors have
some type of licensing. With the IOS XR in this case, we need a license to
run VRF interfaces on our line cards. In order to request a license, you
need to have a PAK key that you purchase, once you have that you will need to
gather some information to request the license key.

From the command promt, enter the admin mode

RP/0/RSP0/CPU0:R2#admin
Tue Apr 17 01:34:35.939 UTC

From there, enter the command show license udi

RP/0/RSP0/CPU0:R2(admin)#show license udi
Tue Apr 17 01:34:38.950 UTC

Local Chassis UDI Information:

PID : ASR-9010-AC
S/N : FOXXXXXAAAA
Operation ID: 1

RP/0/RSP0/CPU0:R2(admin)#

This information will be used on the Cisco License site –

www.cisco.com/go/license (CCO Account required). Once you have submitted the
PAK request, [email protected] will send you the license file as an
attachment within a few hours.

Once you have the file, you will need to copy it to the router via TFTP or
some other method. The license file will also include the instructions to
add it, I have included them here as well.

RP/0/RSP0/CPU0:R1#copy tftp: compactflash

Wed Apr 11 05:23:23.259 UTC
Address or name of remote host []?1.1.1.2
Source filename [/tftp:]?foo.lic
Destination filename [/disk0a:/usr/compactflash]? (enter)
Accessing tftp://1.1.1.2/foo.lic
C
1199 bytes copied in 0 sec
RP/0/RSP0/CPU0:R1#admin

Cisco IOS XR Training Page 31

© 2012 Jeffrey Fry FryGuy.Net
Next we can use the license add command from Admin mode
RP/0/1/CPU0:CRS#
RP/0/1/CPU0:CRS(admin)#license add compactflash:/foo.lic
RP/0/1/CPU0:Mar 16 16:01:37.077 : licmgr[252]: %LICENSE-LICMGR-6-
LOAD_LICENSE_FILE_OK : All licenses from license file compactflash:/foo.lic
added successfully

License command "license add compactflash:/foo.lic sdr Owner" completed

successfully.
RP/0/1/CPU0:CRS(admin)#

Now we need to see if is has been added via the show license command
RP/0/1/CPU0:CRS(admin)#show license

FeatureID: foo (Slot based, Permanent)

Available for use 1
Allocated to location 0
Active 0
Pool: Owner
Status: Available 1 Operational: 0
Pool: sdr1
Status: Available 0 Operational: 0

Once the license has been successfully added, we now need to assign it to a
line card slot. Again, this is done from Admin config mode
RP/0/RSP0/CPU0:R1(admin)#config

To assign the license, the command is license (License) location

(LocationID). In our case, we are going to apply A9K-iVRF-LIC. The question
mark will show you what location are available for this license.
RP/0/RSP0/CPU0:R1(admin-config)#license A9K-iVRF-LIC location ?
0/0/CPU0 Fully qualified location specification
0/1/CPU0 Fully qualified location specification
0/RSP0/CPU0 Fully qualified location specification
WORD Fully qualified location specification
all all locations

Now we can apply the licenses that we have to 0/0 and 0/1:
RP/0/RSP0/CPU0:R1(admin-config)#license A9K-iVRF-LIC location 0/0/CPU0
RP/0/RSP0/CPU0:R1(admin-config)#license A9K-iVRF-LIC location 0/1/CPU0
RP/0/RSP0/CPU0:R1(admin-config)#commit
Thu Apr 19 03:13:44.883 UTC
RP/0/RSP0/CPU0:R1(admin-config)#exit
RP/0/RSP0/CPU0:R1(admin)#exit

Cisco IOS XR Training Page 32

© 2012 Jeffrey Fry FryGuy.Net
Once installed, we can check using the show license command.
RP/0/RSP0/CPU0:R1#sh license
Thu Apr 19 03:13:51.432 UTC
FeatureID: A9K-iVRF-LIC (Slot based, Permanent)
Total licenses 2
Available for use 0
Allocated to location 0
Active 2
Store name Permanent
Store index 1
Pool: Owner
Total licenses in pool: 2
Status: Available 0 Operational: 2
Locations with licenses: (Active/Allocated) [SDR]
0/1/CPU0 (1/0) [Owner]
0/0/CPU0 (1/0) [Owner]

RP/0/RSP0/CPU0:R1#
There they are, assigned to 0/1 and 0/0 as requested.

Cisco IOS XR Training Page 33

© 2012 Jeffrey Fry FryGuy.Net
8. Aliases
From IOS, Aliases can sometimes make life easier on you and your support
staff. In IOS XR, aliases get ramped up a bit, but first lest cover the
basics.

For this example, we can create an alias to show all the IPV4 interfaces in a
brief using a single command, SHV4BR

RP/0/7/CPU0:R1#conf t
Mon Apr 16 15:05:26.064 UTC
RP/0/7/CPU0:R1(config)#alias SHV4BR show ipv4 int brief
RP/0/7/CPU0:R1(config)#commit
Mon Apr 16 15:05:44.043 UTC

Now, lets test the command:

RP/0/7/CPU0:R1#shv4br

As you can seem the system will re-enter the command from the alias
RP/0/7/CPU0:R1#show ipv4 int brief
Mon Apr 16 15:05:49.094 UTC

Interface IP-Address Status Protocol

Loopback0 1.1.1.1 Up Up
Loopback100 100.100.100.100 Up Up
Loopback666 6.6.6.6 Up Up
Loopback667 6.6.6.7 Up Up
MgmtEth0/7/CPU0/0 unassigned Shutdown Down
MgmtEth0/7/CPU0/1 unassigned Shutdown Down
MgmtEth0/7/CPU0/2 unassigned Shutdown Down
GigabitEthernet0/3/0/0 unassigned Down Down
GigabitEthernet0/3/0/1 unassigned Down Down
GigabitEthernet0/3/0/2 150.1.12.1 Up Up
GigabitEthernet0/3/0/3 unassigned Up Up
MgmtEth0/6/CPU0/0 unassigned Shutdown Down
MgmtEth0/6/CPU0/1 unassigned Shutdown Down
MgmtEth0/6/CPU0/2 unassigned Shutdown Down
RP/0/7/CPU0:R1#

Now, onto a cool feature, interface alias!

We will create an alias for interface GigabitEthernet0/3/0/2, our connection
to R2 on this router.
RP/0/7/CPU0:R1#conf t
Mon Apr 16 15:23:26.451 UTC
RP/0/7/CPU0:R1(config)#alias R2Connection gig0/3/0/2
RP/0/7/CPU0:R1(config)#commit

Cisco IOS XR Training Page 34

© 2012 Jeffrey Fry FryGuy.Net
Now, let’s see what happens when we do a show int for that alias
RP/0/7/CPU0:R1#sh int r2connection
RP/0/7/CPU0:R1#sh int gig0/3/0/2
Mon Apr 16 15:24:00.745 UTC
GigabitEthernet0/3/0/2 is up, line protocol is up
<--- SNIP -
0 output buffer failures, 0 output buffers swapped out
5 carrier transitions

Pretty neat, but it gets better – we can actually configure that alias as
well!
RP/0/7/CPU0:R1#conf t
Mon Apr 16 15:24:06.626 UTC
RP/0/7/CPU0:R1(config)#int r2connection
RP/0/7/CPU0:R1(config)#int gig0/3/0/2
RP/0/7/CPU0:R1(config-if)#exit
RP/0/7/CPU0:R1(config)#exit
RP/0/7/CPU0:R1#

Now, there is another trick with IOS XR, and that is variables!

So, what can we do with Variables and Aliases? Well, if there is a command
that you use quite often – say show interface, why not change it to an alias
with a variable.

For this example, we will create sint (show interface) and use variable
(var1).

But first, let us look at what happens when you add a question mark (?) to
the end of the command in configuration mode:

RP/0/RSP0/CPU0:c21.lab(config)#alias sint ?
LINE Alias body with optional parameters e.g,(name) show $name
As you can see, it even tells you that you can use variables, might not be
obvious, that that is what (name) is.

So, let us create our alias:

RP/0/RSP0/CPU0:c21.lab(config)#alias sint (var1) show interface $var1
RP/0/RSP0/CPU0:c21.lab(config)#commit
RP/0/RSP0/CPU0:c21.lab(config)#

Now we can test it on Interface Bundle-Eth 100:

RP/0/RSP0/CPU0:c21.lab#sint(Bundle-Eth100)
RP/0/RSP0/CPU0:c21.lab#show interface Bundle-Eth100
Bundle-Ether100 is up, line protocol is up
Interface state transitions: 3
Hardware is Aggregated Ethernet interface(s), address is 6c9c.ed2d.0bab
Internet address is 157.238.206.3/31
MTU 1514 bytes, BW 20000000 Kbit (Max: 20000000 Kbit)

Cisco IOS XR Training Page 35

© 2012 Jeffrey Fry FryGuy.Net
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 20000Mb/s
loopback not set,
ARP type ARPA, ARP timeout 04:00:00
No. of members in this bundle: 2
TenGigE0/0/0/0 Full-duplex 10000Mb/s Active
TenGigE0/1/0/0 Full-duplex 10000Mb/s Active
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters never
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
1509709 packets input, 641971670 bytes, 411 total input drops
0 drops for unrecognized upper-level protocol
Received 5 broadcast packets, 1298355 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1518092 packets output, 642666596 bytes, 0 total output drops
Output 6 broadcast packets, 1300886 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

RP/0/RSP0/CPU0:c21.lab#

Now, another trick we can do is nested aliases!

Lets modify the alias sint to show the interface as well as the
configuration.

RP/0/RSP0/CPU0:c21.lab(config)#alias sint (var1) show interface $var1; show

run int $var1
RP/0/RSP0/CPU0:c21.lab(config)#commit
RP/0/RSP0/CPU0:c21.lab(config)#

Now we can run that same command [sint(bundle-eth100)]again.

RP/0/RSP0/CPU0:c21.lab#sint(bundle-eth100)
RP/0/RSP0/CPU0:c21.lab#show interface bundle-eth100
Bundle-Ether100 is up, line protocol is up
Interface state transitions: 3
Hardware is Aggregated Ethernet interface(s), address is 6c9c.ed2d.0bab
Internet address is 157.238.206.3/31
MTU 1514 bytes, BW 20000000 Kbit (Max: 20000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation ARPA,
Full-duplex, 20000Mb/s
loopback not set,
ARP type ARPA, ARP timeout 04:00:00

Cisco IOS XR Training Page 36

© 2012 Jeffrey Fry FryGuy.Net
No. of members in this bundle: 2
TenGigE0/0/0/0 Full-duplex 10000Mb/s Active
TenGigE0/1/0/0 Full-duplex 10000Mb/s Active
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters never
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
1509849 packets input, 642030906 bytes, 411 total input drops
0 drops for unrecognized upper-level protocol
Received 5 broadcast packets, 1298474 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1518235 packets output, 642727790 bytes, 0 total output drops
Output 6 broadcast packets, 1301008 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

RP/0/RSP0/CPU0:c21.lab#show run int bundle-eth100

interface Bundle-Ether100
ipv4 address 157.238.206.3 255.255.255.254
bundle load-balancing hash src-ip
bundle maximum-active links 2
bundle minimum-active links 1
!

RP/0/RSP0/CPU0:c21.lab#

As you can see, it did the show interface bundle-eth100 and show run
interface bundle-eth100

Cisco IOS XR Training Page 37

If you want to only see the Loopback interfaces, all of them. Normally you
would do something like Show int br | in Loop, but with XR you can use a
wildcard (*)

RP/0/7/CPU0:R1#sh int l* br
Mon Apr 16 17:21:08.088 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
----------------------------------------------------------------------
Lo0 up up Loopback 1500 0
Lo100 up up Loopback 1500 0
Lo666 up up Loopback 1500 0
Lo667 up up Loopback 1500 0
Lo1000 up up Loopback 1500 0

RP/0/7/CPU0:R1#

This works the same if you want to see this in the running config:
RP/0/7/CPU0:R1#sh run in l*
Mon Apr 16 17:21:53.360 UTC
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
ipv6 address 2001::1/128
!
interface Loopback100
ipv4 address 100.100.100.100 255.255.255.255
!
interface Loopback666
ipv4 address 6.6.6.6 255.255.255.255
!
interface Loopback667
ipv4 address 6.6.6.7 255.255.255.255
!
interface Loopback1000
vrf LAB
ipv4 address 111.111.111.111 255.255.255.255
!

RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 38

© 2012 Jeffrey Fry FryGuy.Net
10. Processes
So, since IOS XR is based on QNX, the SHOW PROCESSES command is a bit
different then you would see in IOS. In IOS XR, you can actually query
processes and see what is going on.

Here is a way to see what BGP is doing :

RP/0/RSP0/CPU0:R2#sh processes bgp
Tue Apr 24 01:23:06.343 UTC
Job Id: 1039
PID: 2941214
Executable path: /disk0/iosxr-routing-4.1.2/bin/bgp
Instance #: 1
Version ID: 00.00.0000
Respawn: ON
Respawn count: 4
Max. spawns per minute: 12
Last started: Tue Apr 10 05:31:26 2012
Process state: Run
Package state: Normal
Started on config: ipc/gl/ip-bgp/meta/speaker/default
core: MAINMEM
Max. core: 0
Placement: Placeable
startup_path: /pkg/startup/bgp.startup
Ready: 0.338s
Available: 25.582s
Process cpu time: 63.719 user, 1.074 kernel, 64.793 total
JID TID CPU Stack pri state TimeInState HR:MM:SS:MSEC NAME
1039 1 1 312K 10 Receive 0:01:01:0795 0:00:00:0249 bgp
1039 2 1 312K 10 Receive 331:51:39:0224 0:00:00:0000 bgp
1039 3 0 312K 10 Receive 331:51:39:0223 0:00:00:0001 bgp
1039 4 1 312K 10 Sigwaitinfo 331:51:39:0129 0:00:00:0000 bgp
1039 5 0 312K 10 Receive 0:00:01:0764 0:00:00:0005 bgp
1039 6 1 312K 10 Receive 0:00:01:0760 0:00:00:0016 bgp
1039 7 0 312K 10 Receive 0:00:23:0239 0:00:02:0242 bgp
1039 8 0 312K 10 Receive 0:00:03:0321 0:00:02:0280 bgp
1039 9 1 312K 10 Receive 0:01:01:0796 0:00:00:0005 bgp
1039 10 1 312K 10 Receive 0:00:01:0786 0:00:00:0008 bgp
1039 11 0 312K 10 Receive 0:00:01:0786 0:00:00:0004 bgp
1039 12 0 312K 10 Receive 0:00:01:0786 0:00:00:0001 bgp
1039 13 1 312K 10 Receive 0:00:02:0861 0:00:00:0006 bgp
1039 14 1 312K 10 Receive 0:00:03:0189 0:00:59:0750 bgp
1039 15 0 312K 10 Receive 0:00:01:0816 0:00:00:0223 bgp
1039 16 1 312K 10 Receive 331:51:39:0047 0:00:00:0000 bgp
1039 17 1 312K 10 Receive 0:00:27:0039 0:00:00:0000 bgp
1039 18 1 312K 10 Receive 75:14:02:0621 0:00:00:0002 bgp

Cisco IOS XR Training Page 39

© 2012 Jeffrey Fry FryGuy.Net
Now, since IOS XR is based on a flavor of Unix, we have a command similar to
TOP called monitor processes.

RP/0/RSP0/CPU0:R2#monitor processes
Tue Apr 24 01:27:41.959 UTC
Computing times...

(Screen Clears and the following data is refreshed)

287 processes; 1320 threads; 1086 timers, 6265 channels, 8489 fds
CPU states: 99.6% idle, 0.2% user, 0.1% kernel
Memory: 4096M total, 2762M avail, page size 4K

JID TIDS Chans FDs Tmrs MEM HH:MM:SS CPU NAME

1 13 291 204 1 0 998:56:18 0.12% procnto-600-smp-instr
65744 1 1 11 0 1M 0:00:00 0.09% ptop
340 2 16 20 4 340K 0:41:16 0.05% sc
60 15 44 20 7 4M 0:18:05 0.04% eth_server
95 22 276 35 4 924K 0:02:03 0.00% sysmgr
152 4 16 24 6 700K 0:00:08 0.00% canb-server
71 2 7 11 1 236K 0:00:04 0.00% mdio_sup
202 9 39 62 14 1M 0:00:03 0.00% ether_ctrl_mgmt
89 1 6 3 1 104K 0:00:55 0.00% serdrvr
355 4 9 15 2 260K 0:00:00 0.00% ssm_process

Cisco IOS XR Training Page 40

© 2012 Jeffrey Fry FryGuy.Net
11. Remote Access Services – Telnet and
SSH
We need to have a way to remote access this device, and by default SSH and
TELNET are not enabled.

First up, the easy one – telnet.

RP/0/RSP0/CPU0:R1(config)#telnet ipv4 server max-servers 10

And like that, we can telnet.

Ok, onto SSH – but before setting up SSH, we need to generate an RSA key.
This is a bit different as you do not do this from config mode.
First up, add your domain-name if you do not have one:
RP/0/RSP0/CPU0:R1(config)#domain name fryguy.net
RP/0/RSP0/CPU0:R1(config)#commit
RP/0/RSP0/CPU0:R1#crypto key generate rsa
Sat Apr 21 00:36:07.790 UTC
The name for the keys will be: the_default
Choose the size of the key modulus in the range of 512 to 2048 for your
General Purpose Keypair. Choosing a key modulus greater than 512 may take a
few minutes.

How many bits in the modulus [1024]: 2048

Generating RSA keys ...
Done w/ crypto generate keypair
[OK]

RP/0/RSP0/CPU0:R1#

Once we have generated the RSA key, we can now enable the SSH service:
RP/0/RSP0/CPU0:R1#conf t
Sat Apr 21 00:40:33.845 UTC
RP/0/RSP0/CPU0:R1(config)#ssh server v2
RP/0/RSP0/CPU0:R1(config)#commit
Sat Apr 21 00:40:39.939 UTC

And like that, SSH services are now enabled.

Ok, but what if we wanted to limit who has access to the box by IP address,
that is where control-plane security comes in. For this example, I will
allow 10/8 to access the device.
RP/0/RSP0/CPU0:R1(config)#control-plane
RP/0/RSP0/CPU0:R1(config-ctrl)#management-plane
RP/0/RSP0/CPU0:R1(config-mpp-inband)#int g0/1/0/18
RP/0/RSP0/CPU0:R1(config-mpp-inband-if)#allow SSH peer
RP/0/RSP0/CPU0:R1(config-ssh-peer)# address ipv4 10.0.0.0/8

Cisco IOS XR Training Page 41

© 2012 Jeffrey Fry FryGuy.Net
RP/0/RSP0/CPU0:R1(config-ssh-peer)# allow Telnet peer
RP/0/RSP0/CPU0:R1(config-telnet-peer)#address ipv4 10.0.0.0/8
RP/0/RSP0/CPU0:R1(config-telnet-peer)#exit
RP/0/RSP0/CPU0:R1(config-mpp-inband)#comm
Sat Apr 21 01:09:45.163 UTC

And now to test, from a device on the 10/8 network:

user@host [~]> ssh [email protected]
[email protected]’s password:
RP/0/RSP0/CPU0:R1#

There you go, SSH access from only the 10.0.0.0/8 subnet.

And, when it comes close the expiry timer, you will get a message:
RP/0/RSP0/CPU0:R1#
*
* The idle timeout is soon to expire on this line
*

Received disconnect from 10.2.2.2: 11:

user@host [~]>

Cisco IOS XR Training Page 42

© 2012 Jeffrey Fry FryGuy.Net
12. TACACS Configuration
(default and non-default VRF)
Ok, so you want to secure your IOS-XR device using TACACS.
The first example I will use will be using the default VRF for TACACS
authorization and the second will be using a different VRF. For these
examples, the tacacs server is at IP 192.168.100.100 and the password is
TacacsPassword

First up, we need to configure our source interface for TACACS, here we will
use loopback0 and the default VRF.
RP/0/RSP0/CPU0:PE2(config)#tacacs source-interface Loopback0 vrf default

Now we can configure our TACACS server and Password

RP/0/RSP0/CPU0:PE2(config)#tacacs-server host 192.168.100.100
RP/0/RSP0/CPU0:PE2(config-tacacs-host)#key 0 TacacsPassword
RP/0/RSP0/CPU0:PE2(config-tacacs-host)#exit
RP/0/RSP0/CPU0:PE2(config)#

Time to create a local console authenticaion method, this way console does
not rely on TACACS.
You may or may not want to do this, but I am showing it for these examples.
RP/0/RSP0/CPU0:PE2(config)#aaa authentication login console local
RP/0/RSP0/CPU0:PE2(config)#aaa authorization commands console none

Apply the console loging to the line console

RP/0/RSP0/CPU0:PE2(config)#line console
RP/0/RSP0/CPU0:PE2(config-line)#login authentication console
RP/0/RSP0/CPU0:PE2(config-line)#authorization commands console
RP/0/RSP0/CPU0:PE2(config-line)#exit
RP/0/RSP0/CPU0:PE2(config)#

Now we can start to configure our AAA for login, here I am using default
RP/0/RSP0/CPU0:PE2(config)#aaa authentication login default group tacacs+ local

Now for some command authorization, if you want it

RP/0/RSP0/CPU0:PE2(config)#aaa authorization commands default group tacacs+

And accounting as well.

RP/0/RSP0/CPU0:PE2(config)#aaa accounting exec default start-stop group tacacs+
RP/0/RSP0/CPU0:PE2(config)#aaa accounting system default start-stop group tacacs+
RP/0/RSP0/CPU0:PE2(config)#aaa accounting commands default start-stop group tacacs+

Since this is IOS XR, I strongly suggest using a commit confirmed here!
RP/0/RSP0/CPU0:PE2(config)#commit confirmed minutes 2
Thu Oct 18 03:22:57.487 UTC
RP/0/RSP0/CPU0:PE2(config)#

Cisco IOS XR Training Page 43

© 2012 Jeffrey Fry FryGuy.Net
From another terminal, SSH into the box using a TACACs account, and if
successful, commit again.
RP/0/RSP0/CPU0:PE2(config)#commit
Thu Oct 18 03:23:22.951 UTC

% Confirming commit for trial session.

RP/0/RSP0/CPU0:PE2(config)#

That is normal TACACS, now time to add in the challenges of a VRF.

First up, we need to set our source interface, for this one I will use a
different Loopback, Lo100 and use VRF CustA
RP/0/RSP0/CPU0:PE2(config)#tacacs source-interface Loopback100 vrf CustA

Now we can configure our TACACS server

RP/0/RSP0/CPU0:PE2(config)#tacacs-server host 192.168.100.100
RP/0/RSP0/CPU0:PE2(config-tacacs-host)#key 0 TacacsPassword
RP/0/RSP0/CPU0:PE2(config-tacacs-host)#exit
RP/0/RSP0/CPU0:PE2(config)#

Now we need to create a server group for the ACS box. This tells it what VRF
the server is in.
RP/0/RSP0/CPU0:PE2(config)#aaa group server tacacs+ ACS
RP/0/RSP0/CPU0:PE2(config-sg-tacacs)# server 192.168.100.100
RP/0/RSP0/CPU0:PE2(config-sg-tacacs)# vrf CustA

Now we can configure our local logins for the console:

RP/0/RSP0/CPU0:PE2(config)#aaa authentication login console local
RP/0/RSP0/CPU0:PE2(config)#aaa authorization commands console none
RP/0/RSP0/CPU0:PE2(config)#line console
RP/0/RSP0/CPU0:PE2(config-line)# login authentication console
RP/0/RSP0/CPU0:PE2(config-line)# authorization commands console

Here I would commit the configs that we have done.

RP/0/RSP0/CPU0:PE2(config)#commit

And finally configure our AAA for login

RP/0/RSP0/CPU0:PE2(config)#aaa authentication login default group ACS local
RP/0/RSP0/CPU0:PE2(config)#aaa authorization commands default group ACS none
RP/0/RSP0/CPU0:PE2(config)#aaa accounting exec default start-stop group ACS
RP/0/RSP0/CPU0:PE2(config)#aaa accounting system default start-stop group ACS
RP/0/RSP0/CPU0:PE2(config)#aaa accounting commands default start-stop group
ACS
RP/0/RSP0/CPU0:PE2(config)#

Cisco IOS XR Training Page 44

© 2012 Jeffrey Fry FryGuy.Net
And finally do the commit confirmed here again
RP/0/RSP0/CPU0:PE2(config)#commit confirmed minutes 2

Test remote access via SSH, and if all works - commit it to save
RP/0/RSP0/CPU0:PE2(config)#commit

% Confirming commit for trial session.

And we are done!

Cisco IOS XR Training Page 45

Sorry, not much to say here but you should already be familiar with these.

RP/0/RSP0/CPU0:R1(config)#ipv4 access-list RemoteAccess

RP/0/RSP0/CPU0:R1(config-ipv4-acl)#permit tcp 216.167.0.0/24 any eq ssh
RP/0/RSP0/CPU0:R1(config-ipv4-acl)#commit

Cisco IOS XR Training Page 46

© 2012 Jeffrey Fry FryGuy.Net
14. OSPF
Time for some OSPF configs, these will build off the previous configs we just
did. For this lab, the other router, R2, was preconfigured to support the
connections.

We will place our loopback and out g0/3/0/2 interface into OSPF process LAB
and area 0.0.0.0

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#conf t
Thu Mar 29 19:37:52.671 UTC

Define our OSPF process name

RP/0/7/CPU0:R1(config)#router ospf LAB

Now to define our area first

RP/0/7/CPU0:R1(config-ospf)#area 0.0.0.0

Now we can place the interfaces into the area, no need to entering subnets
RP/0/7/CPU0:R1(config-ospf-ar)#inter loo0
RP/0/7/CPU0:R1(config-ospf-ar-if)#inter g0/3/0/2
RP/0/7/CPU0:R1(config-ospf-ar-if)#exit
RP/0/7/CPU0:R1(config-ospf-ar)#exit
RP/0/7/CPU0:R1(config-ospf)#exit
RP/0/7/CPU0:R1(config)#commit
Thu Mar 29 19:38:15.182 UTC
RP/0/7/CPU0:R1(config)#

Now to look at our IP Protocols running:

RP/0/7/CPU0:R1#sh ip proto
Thu Mar 29 19:38:24.113 UTC

Routing Protocol OSPF LAB

Router Id: 1.1.1.1
Distance: 110
Non-Stop Forwarding: Disabled
Redistribution:
None
Area 0.0.0.0
Loopback0
GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1#

We can see what we have OSPF LAB running with a RouterID of 1.1.1.1 (our
loopback). It tells us what interfaces are in Area 0.0.0.0 as well.

Cisco IOS XR Training Page 47

© 2012 Jeffrey Fry FryGuy.Net
Now to see if we neighbored up with R2:
RP/0/7/CPU0:R1#sh ip ospf nei
Thu Mar 29 19:38:33.557 UTC

* Indicates MADJ interface

Neighbors for OSPF LAB

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 FULL/DR 00:00:37 150.1.12.2 GigabitEthernet0/3/0/2
Neighbor is up for 00:00:12

Total neighbor count: 1

RP/0/7/CPU0:R1#

Yup, we have a neighbor of R2 (2.2.2.2) up and in FULL/DR.

Time to look at the routing table:
RP/0/7/CPU0:R1#sh ip route
Thu Mar 29 19:41:06.047 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup pathc

Gateway of last resort is not set

L 1.1.1.1/32 is directly connected, 00:15:37, Loopback0
O 2.2.2.2/32 [110/2] via 150.1.12.2, 00:02:43, GigabitEthernet0/3/0/2
C 150.1.12.0/24 is directly connected, 01:02:19, GigabitEthernet0/3/0/2
L 150.1.12.1/32 is directly connected, 01:02:19, GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1#

We can see we have a route to R2 loopback interface (2.2.2.2/32), now we

should be able to PING it from our Loopback0 interface.

RP/0/7/CPU0:R1#ping 2.2.2.2 source lo0

Thu Mar 29 19:41:21.828 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 48

© 2012 Jeffrey Fry FryGuy.Net
For reference, here is a similar IOS config for the same thing:
R1(config)#router ospf 1
R1(config-router)#net 1.1.1.1 0.0.0.0 a 0.0.0.0
R1(config-router)#net 150.1.12.0 0.0.0.255 a 0.0.0.0
R1(config-router)#^Z
R1#
*Mar 29 20:18:29.698: %SYS-5-CONFIG_I: Configured from console by console
R1#
R1#
R1#p 2.2.2.2 so l0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#

OSPF Advanced Features

I just wanted to take a minute and discuss some of the other features
available for OSPF.

Network Point-to-Point, Point-to-Multipoint, broadcast, non-broadcast

RP/0/7/CPU0:R1(config)#router ospf LAB
RP/0/7/CPU0:R1(config-ospf)#area 0.0.0.0
RP/0/7/CPU0:R1(config-ospf-ar)#int g0/3/0/2
RP/0/7/CPU0:R1(config-ospf-ar-if)#network ?
broadcast Specify OSPF broadcast multi-access network
non-broadcast Specify OSPF NBMA network
point-to-multipoint Specify OSPF point-to-multipoint network
point-to-point Specify OSPF point-to-point network

As you can see, all the normal OSPF network interface types are there. You
just need to configure them under the OSPF process instead of the interface
like in normal IOS.

Authentication

IOS XR also supports OSPF authentication, both area and interface. In this
example we will create an MD5 interface authentication.
RP/0/7/CPU0:R1(config)#router ospf LAB
RP/0/7/CPU0:R1(config-ospf)#area 0.0.0.0
RP/0/7/CPU0:R1(config-ospf-ar)#int g0/3/0/2

Need to enable MD5 authentication

RP/0/7/CPU0:R1(config-ospf-ar-if)#authentication message-digest

Cisco IOS XR Training Page 49

© 2012 Jeffrey Fry FryGuy.Net
Then set our MD5 key #1 to Cisco
RP/0/7/CPU0:R1(config-ospf-ar-if)#message-digest-key 1 md5 Cisco
RP/0/7/CPU0:R1(config-ospf-ar-if)#exit
RP/0/7/CPU0:R1(config-ospf-ar)#commit

Now, lets look at the interface and make sure we have MD5 authentication
enabled.
RP/0/7/CPU0:R1#sh ospf LAB int g0/3/0/2
Sun Apr 1 18:31:01.235 UTC

GigabitEthernet0/3/0/2 is up, line protocol is up

Internet Address 150.1.12.1/24, Area 0.0.0.0
Process ID LAB, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1, MTU 1500, MaxPktSz 1500
Designated Router (ID) 2.2.2.2, Interface address 150.1.12.2
Backup Designated router (ID) 1.1.1.1, Interface address 150.1.12.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Index 1/1, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 3
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Multi-area interface Count is 0
RP/0/7/CPU0:R1#
As you can see above, we do. This is all very similar to IOS, so as you can
see, the jump to XR is more knowing where to configure something then how to
configure something.

Now, lets check our neighbor state

RP/0/7/CPU0:R1#sh ospf LAB neighbor
Sat Mar 31 18:37:07.753 UTC

* Indicates MADJ interface

Neighbors for OSPF LAB

Neighbor ID Pri State Dead Time Address Interface

2.2.2.2 1 EXSTART/DR 00:00:36 150.1.12.2
GigabitEthernet0/3/0/2
Neighbor is up for 00:00:31

Total neighbor count: 1

RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 50

© 2012 Jeffrey Fry FryGuy.Net
Then make sure we are getting a route
RP/0/7/CPU0:R1#sh route ipv4 ospf
Sat Mar 31 18:37:15.279 UTC

O 2.2.2.2/32 [110/2] via 150.1.12.2, 00:00:06, GigabitEthernet0/3/0/2

RP/0/7/CPU0:R1#

And finallying PINGing R2 loopback from ours

RP/0/7/CPU0:R1#ping 2.2.2.2 so l0
Sat Mar 31 18:37:19.151 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms
RP/0/7/CPU0:R1#

Cost
Just like normal IOS, we can change the OSPF cost on an interface – but same
thing here; it is done under the OSPF process

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#conf t
Sun Apr 1 18:35:17.061 UTC
RP/0/7/CPU0:R1(config)#router ospf LAB
RP/0/7/CPU0:R1(config-ospf)#area 0.0.0.0
RP/0/7/CPU0:R1(config-ospf-ar)#int loop0
RP/0/7/CPU0:R1(config-ospf-ar-if)#cost ?
<1-65535> Cost

Cisco IOS XR Training Page 51

© 2012 Jeffrey Fry FryGuy.Net
15. EIGRP
First thing we need to do is delete the OSPF process,that is if you still
have it.

RP/0/7/CPU0:R1#conf t
Thu Mar 29 20:07:53.797 UTC
RP/0/7/CPU0:R1(config)#no router ospf LAB
RP/0/7/CPU0:R1(config)#commit

Once that is deleted, we can now continue with EIGRP configuration.

Just like IOS, we need to give it a process ID

RP/0/7/CPU0:R1(config)#router eigrp 1

Here is where the difference starts, we need to select the Address family
first
RP/0/7/CPU0:R1(config-eigrp)#address-family ipv4

Enter no auto-summary ( this is habitual to be honest )

RP/0/7/CPU0:R1(config-eigrp-af)#no auto-summary

Then assign the interfaces you want in EIGRP

RP/0/7/CPU0:R1(config-eigrp-af)#int l0
RP/0/7/CPU0:R1(config-eigrp-af-if)#int g0/3/0/2
RP/0/7/CPU0:R1(config-eigrp-af-if)#exit
RP/0/7/CPU0:R1(config-eigrp-af)#exit
RP/0/7/CPU0:R1(config-eigrp)#exit
RP/0/7/CPU0:R1(config)#commit
Thu Mar 29 20:08:59.108 UTC
RP/0/7/CPU0:R1(config)#exit

Now lets look at our IP Protocols:

RP/0/7/CPU0:R1#sh ip protocols
Thu Mar 29 20:09:25.058 UTC

Routing Protocol: EIGRP, instance 1

Default context AS: 1, Router ID: 1.1.1.1
Address Family: IPv4
Default networks not flagged in outgoing updates
Default networks not accepted from incoming updates
Distance: internal 90, external 170
Maximum paths: 4
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
EIGRP NSF: enabled

Cisco IOS XR Training Page 52

© 2012 Jeffrey Fry FryGuy.Net
NSF-aware route hold timer is 480s
NSF signal timer is 20s
NSF converge timer is 300s
Time since last restart is 00:00:25
SIA Active timer is 180s
Interfaces:
Loopback0
GigabitEthernet0/3/0/2

When you issue the same command under IOS, you have Routing for Networks
instead of Interfaces:
R1#sh ip protocols
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
1.1.1.1/32
150.1.12.0/24
Routing Information Sources:
Gateway Distance Last Update
(this router) 90 00:00:22
150.1.12.2 90 00:00:04
Distance: internal 90 external 170
R1#

Now, let’s look at our routing table on IOS XR.

RP/0/7/CPU0:R1#sh ip route
Thu Mar 29 20:09:31.763 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

Gateway of last resort is not set

L 1.1.1.1/32 is directly connected, 00:44:02, Loopback0

Cisco IOS XR Training Page 53

© 2012 Jeffrey Fry FryGuy.Net
D 2.2.2.2/32 [90/130816] via 150.1.12.2, 00:00:11, GigabitEthernet0/3/0/2
C 150.1.12.0/24 is directly connected, 01:30:45, GigabitEthernet0/3/0/2
L 150.1.12.1/32 is directly connected, 01:30:45, GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1#

There, we have a route to R2’s loopback. Lets PING it from our loopback to
test connectivity.
RP/0/7/CPU0:R1#ping 2.2.2.2 so l0
Thu Mar 29 20:09:36.232 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/5 ms
RP/0/7/CPU0:R1#

And like that basic EIGRP is done.

Now, lets add IPv6 to the EIGRP process.

RP/0/7/CPU0:R1#conf t
Thu Mar 29 20:27:16.966 UTC
RP/0/7/CPU0:R1(config)#router eigrp 1
RP/0/7/CPU0:R1(config-eigrp)#address-family ipv6
RP/0/7/CPU0:R1(config-eigrp-af)#int l0
RP/0/7/CPU0:R1(config-eigrp-af-if)#int g0/3/0/2
RP/0/7/CPU0:R1(config-eigrp-af-if)#commit
Thu Mar 29 20:27:28.352 UTC
RP/0/7/CPU0:R1(config-eigrp-af-if)#

I will be honest here; the correct command to show routes is show route
Protocol. Once you add IPv6, you really should to start to use the correct
commands. 

RP/0/7/CPU0:R1#sh route ipv6

Thu Mar 29 20:29:31.952 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

Gateway of last resort is not set

L 2001::1/128 is directly connected,

00:58:42, Loopback0
D 2001::2/128

Cisco IOS XR Training Page 54

© 2012 Jeffrey Fry FryGuy.Net
Version: 2
Default metric: Not set
Maximum paths: 4
Auto summarize: No
Broadcast for V2: No
Packet source validation: Yes
NSF: Disabled
Timers: Update: 30 seconds (0 seconds until next update)
Invalid: 180 seconds
Holddown: 180 seconds
Flush: 240 seconds
RP/0/7/CPU0:R1#

Now here is something interesting, the RIP version is 2, yet I did not
specify it in the config. This is because IOS XR code only supports v2.
RP/0/7/CPU0:R1(config)#router rip
RP/0/7/CPU0:R1(config-rip)#ver?
^
% Invalid input detected at '^' marker.

Now, let’s look at the routing table using the proper command:
RP/0/7/CPU0:R1#sh route ipv4
Thu Mar 29 20:40:08.877 UTC
Codes: C - connected, S - static, R - RIP, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path
Gateway of last resort is not set
L 1.1.1.1/32 is directly connected, 01:14:39, Loopback0
R 2.2.2.2/32 [120/1] via 150.1.12.2, 00:01:25, GigabitEthernet0/3/0/2
C 150.1.12.0/24 is directly connected, 02:01:22, GigabitEthernet0/3/0/2
L 150.1.12.1/32 is directly connected, 02:01:22, GigabitEthernet0/3/0/2

RP/0/7/CPU0:R1#

As you can see, we have a RIP route to R2 L0 2.2.2.2/32 interface. Time for
a PING!
RP/0/7/CPU0:R1#ping 2.2.2.2 so l0
Thu Mar 29 20:40:15.606 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
RP/0/7/CPU0:R1#

And like that RIP is configured.

Cisco IOS XR Training Page 57

© 2012 Jeffrey Fry FryGuy.Net
17. IS-IS
Time for some IS-IS routing! Between IS-IS and OSPF, those are the two most
coming SP core routing protocols.

RP/0/7/CPU0:R1#conf t
Thu Mar 29 22:09:12.786 UTC

First we need to name our process

RP/0/7/CPU0:R1(config)#router isis LAB

Then configure our Network Entity ( Area )

RP/0/7/CPU0:R1(config-isis)#net 49.0000.0000.0001.00

Then we assign the interfaces to the process, as well as the address family.
RP/0/7/CPU0:R1(config-isis)#int l0
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4
RP/0/7/CPU0:R1(config-isis-if-af)#exit
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv6
RP/0/7/CPU0:R1(config-isis-if-af)# exit
RP/0/7/CPU0:R1(config-isis-if)#int g0/3/0/2
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4
RP/0/7/CPU0:R1(config-isis-if-af)# exit
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv6
RP/0/7/CPU0:R1(config-isis-if-af)# exit
RP/0/7/CPU0:R1(config-isis-if)#exit

Notice I did not specify an IS-IS Level when I started, but we can set this
to Level-2
RP/0/7/CPU0:R1(config-isis)#is-type level-2-only

Now, when we show the config, you will notice Level-2 is set to the top of
the config when applied, not in the order I entered it. This is the beauty
of a staging config, you can enter some things in the wrong order but they
will be applied in the correct order.
RP/0/7/CPU0:R1(config-isis)#sh config
Thu Mar 29 22:10:22.326 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
router isis LAB
is-type level-2-only
net 49.0000.0000.0001.00
interface Loopback0
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!

Cisco IOS XR Training Page 58

© 2012 Jeffrey Fry FryGuy.Net
interface GigabitEthernet0/3/0/2
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
!
end

Now, let us commit our changes.

RP/0/7/CPU0:R1(config-isis)#commit
RP/0/7/CPU0:R1(config-isis)#exit
RP/0/7/CPU0:R1(config)#exit
RP/0/7/CPU0:R1#

Time to check our IS-IS adjancies.

RP/0/7/CPU0:R1#sh isis adjacency
Thu Mar 29 22:16:21.989 UTC

IS-IS LAB Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4 IPv6
BFD BFD
GSR-R2 Gi0/3/0/2 00d0.7901.3a78 Up 9 00:05:52 Yes None None

Total adjacency count: 1

RP/0/7/CPU0:R1#

We can see we are adjacent with R2 via IPv4 and IPv6. Lets look at the IPv4
IS-IS routing table and then PING the loopback of R2:
RP/0/7/CPU0:R1#sh route ipv4 isis
Thu Mar 29 22:17:15.545 UTC

i L2 2.2.2.2/32 [115/20] via 150.1.12.2, 00:06:36, GigabitEthernet0/3/0/2

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#ping 2.2.2.2 so l0
Thu Mar 29 22:17:37.226 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 59

© 2012 Jeffrey Fry FryGuy.Net
Ok, that worked – now we can do the same for IPv6. First we should look at
the IPv6 IS-IS routes and then ping the loopback of R2.

RP/0/7/CPU0:R1#sh route ipv6 isis

Thu Mar 29 22:17:43.918 UTC

i L2 2001::2/128
[115/20] via fe80::2d0:79ff:fe01:3a78, 00:07:05, GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1#ping 2001::2 so 2001::1
Thu Mar 29 22:17:49.763 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/9/34 ms
RP/0/7/CPU0:R1#

Compare that to IOS ISIS config:

Configure the process and set the level and NET
R1(config)#router isis
R1(config-router)#net 49.0000.0000.0001.00
R1(config-router)#is-type level-2

Then change context to the G0/1 interface and enable ISIS for IPv4 and IPv6
R1(config-router)#int g0/1
R1(config-if)#ip router isis
R1(config-if)#ipv6 router isis

Then change context to the Loop0 interface and enable ISIS for IPv4 and IPv6
R1(config-if)#int l0
R1(config-if)#ip router isis
R1(config-if)#ipv6 router isis
R1(config-if)#^Z

Few more steps, and configuring things under the process make much more sense
than under an interface.

Cisco IOS XR Training Page 60

© 2012 Jeffrey Fry FryGuy.Net
18. BGP iBGP and eBGP
BGP, this is where it starts to get different with IOS XR.
First up, configuring an iBGP peering with R2’s 150.1.12.2 in AS1 and
advertise our loopback interface.

RP/0/7/CPU0:R1(config)#
RP/0/7/CPU0:R1(config)#router bgp 1

Let’s define the network we want to advertise, under the address family:
RP/0/7/CPU0:R1(config-bgp)#address-family ipv4 unicast
RP/0/7/CPU0:R1(config-bgp-af)#net 1.1.1.1/32
RP/0/7/CPU0:R1(config-bgp-af)#exit

Now, we can configure the neighbor. Notice all the commands for the neighbor
are under the neighbor now – not next to the neighbor.
RP/0/7/CPU0:R1(config-bgp)#nei 150.1.12.2
RP/0/7/CPU0:R1(config-bgp-nbr)#remote-as 1
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 unicast
RP/0/7/CPU0:R1(config-bgp-nbr-af)#exit
RP/0/7/CPU0:R1(config-bgp-nbr)#comm
Thu Mar 29 22:47:05.147 UTC

RP/0/7/CPU0:R1(config-bgp)#exit
RP/0/7/CPU0:R1(config)#exit

Now, time to see if we have a neighbor established:

RP/0/7/CPU0:R1#sh bgp nei 150.1.12.2
Thu Mar 29 22:48:13.338 UTC

BGP neighbor is 150.1.12.2

Remote AS 1, local AS 1, internal link
Remote router ID 2.2.2.2
BGP state = Established, up for 00:00:24
Last read 00:00:24, Last read before reset 00:00:00
Hold time is 180, keepalive interval is 60 seconds
Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
Last write 00:00:24, attempted 19, written 19
Second last write 00:00:24, attempted 53, written 53
Last write before reset 00:00:00, attempted 0, written 0
Second last write before reset 00:00:00, attempted 0, written 0
Last write pulse rcvd Mar 29 22:47:49.296 last full not set pulse count 4
Last write pulse rcvd before reset 00:00:00
Socket not armed for io, armed for read, armed for write
Last write thread event before reset 00:00:00, second last 00:00:00
Last KA expiry before reset 00:00:00, second last 00:00:00
Last KA error before reset 00:00:00, KA not sent 00:00:00
Last KA start before reset 00:00:00, second last 00:00:00

Cisco IOS XR Training Page 61

© 2012 Jeffrey Fry FryGuy.Net
Precedence: internet
Neighbor capabilities:
Route refresh: advertised and received
4-byte AS: advertised and received
Address family IPv4 Unicast: advertised and received
Received 2 messages, 0 notifications, 0 in queue
Sent 2 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 0 secs

For Address Family: IPv4 Unicast

BGP neighbor version 0
Update group: 0.2 Filter-group: 0.1 No Refresh request being processed
Route refresh request: received 0, sent 0
0 accepted prefixes, 0 are bestpaths
Cumulative no. of prefixes denied: 0.
Prefix advertised 0, suppressed 0, withdrawn 0
Maximum prefixes allowed 524288
Threshold for warning message 75%, restart interval 0 min
AIGP is enabled
An EoR was not received during read-only mode
Last ack version 1, Last synced ack version 0
Outstanding version objects: current 0, max 0
Additional-paths operation: None

Connections established 1; dropped 0

Local host: 150.1.12.1, Local port: 33432
Foreign host: 150.1.12.2, Foreign port: 179
Last reset 00:00:00

Cool, neighbor is up and active.

Now, time to check our BGP summary to see what routes we have.
RP/0/7/CPU0:R1#sh ip bgp
Thu Mar 29 22:48:51.876 UTC
BGP router identifier 1.1.1.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 150.1.12.2 0 100 0 i

Processed 2 prefixes, 2 paths

RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 62

© 2012 Jeffrey Fry FryGuy.Net
Cool, we have a route to R2 Loopback interface. Lets PING it!
RP/0/7/CPU0:R1#ping 2.2.2.2 so l0
Thu Mar 29 22:52:17.899 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
RP/0/7/CPU0:R1#

We have connectivity!

Here is the IOS XR Config:

RP/0/7/CPU0:R1#sh run | begin bgp
Thu Mar 29 22:56:17.937 UTC
Building configuration...
router bgp 1
address-family ipv4 unicast
network 1.1.1.1/32
!
neighbor 150.1.12.2
remote-as 1
address-family ipv4 unicast
!
!
!
end

RP/0/7/CPU0:R1#

Here is the same IOS config. With a single neighbor it is pretty simple.
router bgp 1
network 1.1.1.1 mask 255.255.255.255
neighbor 150.1.12.2 remote-as 1

Now for eBGP – here is where it starts gets interesting!

First we need to configure an IGP so that we can establish Loopback

connectivity – for this we will use ISIS:
RP/0/7/CPU0:R1(config)#router ISIS LAB
RP/0/7/CPU0:R1(config-isis)#net 49.0000.0000.0001.00
RP/0/7/CPU0:R1(config-isis)#interface l0
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4
RP/0/7/CPU0:R1(config-isis-if)#exit
RP/0/7/CPU0:R1(config-isis)#interface g0/3/0/2
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4
RP/0/7/CPU0:R1(config-isis-if)#exit
RP/0/7/CPU0:R1(config-isis)#is-type level-2
RP/0/7/CPU0:R1(config-isis)#commit
RP/0/7/CPU0:R1(config-isis-if-af)#exit
RP/0/7/CPU0:R1(config-isis-if)#exit

Cisco IOS XR Training Page 63

Now we need to configure an interface to advertise via BGP – here we will

create Loop100 with an IP of 100.100.100.100/32
RP/0/7/CPU0:R1(config)#int loop100
RP/0/7/CPU0:R1(config-if)#ip add 100.100.100.100/32
RP/0/7/CPU0:R1(config-if)#comm
Thu Mar 29 23:12:31.681 UTC
RP/0/7/CPU0:R1(config-if)#exit

Now to configured eBGP.

We will peer with R2 loopback’s (2.2.2.2) and their remote AS of 2.
First we define our BGP processed (ID 1)
RP/0/7/CPU0:R1(config)#
RP/0/7/CPU0:R1(config-if)#router bgp 1

Define the networks we want to advertise

RP/0/7/CPU0:R1(config-bgp)#address-family ipv4 unicast
RP/0/7/CPU0:R1(config-bgp-af)#net 100.100.100.100/32
RP/0/7/CPU0:R1(config-bgp-af)#exit

Now we can configure our neighbor

RP/0/7/CPU0:R1(config-bgp)#nei 2.2.2.2
RP/0/7/CPU0:R1(config-bgp-nbr)#remote-as 2
RP/0/7/CPU0:R1(config-bgp-nbr)#ebgp-multihop
RP/0/7/CPU0:R1(config-bgp-nbr)#up loopback 0
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 un

And finally commit our changes.

RP/0/7/CPU0:R1(config-bgp-nbr-af)#comm
Thu Mar 29 23:18:06.455 UTC
RP/0/7/CPU0:R1(config-bgp-nbr-af)#exit
RP/0/7/CPU0:R1(config-bgp-nbr)#exit
RP/0/7/CPU0:R1(config-bgp)#exit
RP/0/7/CPU0:R1(config)#exit
RP/0/7/CPU0:R1#

Ok, now that we have that configured – time to look at our routing table, we
should see a route to 200.200.200.200/32.
RP/0/7/CPU0:R1#sh ip route
Thu Mar 29 23:24:25.533 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

Cisco IOS XR Training Page 64

L 1.1.1.1/32 is directly connected, 02:26:47, Loopback0

i L2 2.2.2.2/32 [115/20] via 150.1.12.2, 00:13:05, GigabitEthernet0/3/0/2
L 100.100.100.100/32 is directly connected, 00:11:53, Loopback100
C 150.1.12.0/24 is directly connected, 02:27:12, GigabitEthernet0/3/0/2
L 150.1.12.1/32 is directly connected, 02:26:47, GigabitEthernet0/3/0/2
RP/0/7/CPU0:R1#

Hmm, no route – why is that? Is the neighbor up?

Lets check:
RP/0/7/CPU0:R1#sh ip bgp summ
Thu Mar 29 23:25:12.041 UTC
BGP router identifier 1.1.1.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 7
BGP main routing table version 7
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Speaker 7 7 7 7 7 7

Some configured eBGP neighbors (under default or non-default vrfs)

do not have both inbound and outbound policies configured for IPv4 Unicast
address family. These neighbors will default to sending and/or
receiving no routes and are marked with '!' in the output below.
Use the 'show bgp neighbor <nbr_address>' command for details.

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

2.2.2.2 0 2 7 6 7 0 0 00:03:09 0!

RP/0/7/CPU0:R1#

Yup, we are up for over 3 minutes now – but wait, we have an ! mark there –
no routes received.
It says to use the show bgp neighbors address for details. Let’s see what
that says.

RP/0/7/CPU0:R1#sh bgp neighbors 2.2.2.2

Thu Mar 29 23:26:12.572 UTC

BGP neighbor is 2.2.2.2

Remote AS 2, local AS 1, external link
Remote router ID 2.2.2.2
BGP state = Established, up for 00:04:10
Last read 00:00:05, Last read before reset 00:00:00

Cisco IOS XR Training Page 65

© 2012 Jeffrey Fry FryGuy.Net
Hold time is 180, keepalive interval is 60 seconds
Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
Last write 00:00:05, attempted 19, written 19
Second last write 00:01:05, attempted 19, written 19
Last write before reset 00:00:00, attempted 0, written 0
Second last write before reset 00:00:00, attempted 0, written 0
Last write pulse rcvd Mar 29 23:26:07.793 last full not set pulse count 14
Last write pulse rcvd before reset 00:00:00
Socket not armed for io, armed for read, armed for write
Last write thread event before reset 00:00:00, second last 00:00:00
Last KA expiry before reset 00:00:00, second last 00:00:00
Last KA error before reset 00:00:00, KA not sent 00:00:00
Last KA start before reset 00:00:00, second last 00:00:00
Precedence: internet
Enforcing first AS is enabled
Neighbor capabilities:
Route refresh: advertised and received
4-byte AS: advertised and received
Address family IPv4 Unicast: advertised and received
Received 8 messages, 0 notifications, 0 in queue
Sent 7 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 30 secs

For Address Family: IPv4 Unicast

BGP neighbor version 7
Update group: 0.2 Filter-group: 0.1 No Refresh request being processed
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes, 0 are bestpaths
Cumulative no. of prefixes denied: 1.
No policy: 1, Failed RT match: 0
By ORF policy: 0, By policy: 0
Prefix advertised 0, suppressed 0, withdrawn 0
Maximum prefixes allowed 524288
Threshold for warning message 75%, restart interval 0 min
An EoR was not received during read-only mode
Last ack version 7, Last synced ack version 0
Outstanding version objects: current 0, max 0
Additional-paths operation: None

Connections established 1; dropped 0

Local host: 1.1.1.1, Local port: 58277
Foreign host: 2.2.2.2, Foreign port: 179
Last reset 00:00:00
External BGP neighbor may be up to 255 hops away.
RP/0/7/CPU0:R1#

Ahh, the neighbor is up but there is a line that says:

eBGP neighbor with no inbound or outbound policy; defaults to 'drop'

Cisco IOS XR Training Page 66

© 2012 Jeffrey Fry FryGuy.Net
Here is the first difference with IOS XR – eBGP peers must have a Route-
Policy (route-map) configured to permit routes in and out of them.

Instead of a route-map like IOS, IOS XR uses a Route Policy Language (RPL) –
that is more powerful and easier than IOS. Let’s configure a very simple one
to pass everything:
RP/0/7/CPU0:R1(config)#route-policy PASS
RP/0/7/CPU0:R1(config-rpl)#pass
RP/0/7/CPU0:R1(config-rpl)#exit
RP/0/7/CPU0:R1(config)#commit
Thu Mar 29 23:28:08.400 UTC

Cool – that was easy. Now lets apply that to the eBGP neighbor:
RP/0/7/CPU0:R1(config)#router bgp 1
RP/0/7/CPU0:R1(config-bgp)#nei 2.2.2.2
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 unicast
RP/0/7/CPU0:R1(config-bgp-nbr-af)#route-policy PASS out
RP/0/7/CPU0:R1(config-bgp-nbr-af)#route-policy PASS in
RP/0/7/CPU0:R1(config-bgp-nbr-af)#commit
Thu Mar 29 23:28:32.865 UTC

Now, lets look at the routing table for BGP

RP/0/7/CPU0:R1#sh route ipv4 bgp
Thu Mar 29 23:29:43.865 UTC

B 200.200.200.200/32 [20/0] via 2.2.2.2, 00:01:06

RP/0/7/CPU0:R1#

Cool, we have a route to R2’s Loopback100 interface. PING time!

RP/0/7/CPU0:R1#ping 200.200.200.200 sou loop100
Thu Mar 29 23:30:10.013 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
RP/0/7/CPU0:R1#

Look at that, we have connectivity!

A similar IOS config would look like this:

router bgp 1
no synchronization
bgp log-neighbor-changes
network 100.100.100.100 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 route-map PASS in
neighbor 2.2.2.2 route-map PASS out

Cisco IOS XR Training Page 67

route-map PASS permit 10

match ip address prefix-list PASS

Cisco IOS XR Training Page 68

© 2012 Jeffrey Fry FryGuy.Net
19. Route Filtering
Ok, now that BGP has been covered, lets talk about filtering routes received
from our neighbor. Here I have created some additional Loopbacks on R2 that
are being advertised to R1:
RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:13:36.797 UTC

B 200.100.200.100/32 [20/0] via 2.2.2.2, 00:00:42

B 200.200.200.200/32 [20/0] via 2.2.2.2, 13:45:00
B 200.200.200.203/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.204/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.205/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.206/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.207/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.208/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.209/32 [20/0] via 2.2.2.2, 00:00:42
B 200.200.200.210/32 [20/0] via 2.2.2.2, 00:00:42
RP/0/7/CPU0:R1#

As you can see, we are getting a bunch of 200.200.200.x/32 routes now as well
as a 200.100.200.100/32 route. For this exercise, lets filter our all the
200.200.200.x routes we are receiving from our neighbor.

Ok, lets create a prefix-set for the loopback we want to permit:

RP/0/7/CPU0:R1(config)#conf t
RP/0/7/CPU0:R1(config)#prefix-set R2Loopbacks

In IOS XR you can add comments via the #

RP/0/7/CPU0:R1(config-pfx)## These are the R2 Loopbacks that we will allow
RP/0/7/CPU0:R1(config-pfx)#200.100.200.100/32
RP/0/7/CPU0:R1(config-pfx)#end-set

Now that we have the prefix-set done we can create the route-policy
RP/0/7/CPU0:R1(config)#route-policy R2Loopbacks

Notice that IOS XR can use IF statements, you can just imagine how powerful
IF and ELSE statements can be when route filtering.
RP/0/7/CPU0:R1(config-rpl)#if destination in R2Loopbacks then
RP/0/7/CPU0:R1(config-rpl-if)#pass
RP/0/7/CPU0:R1(config-rpl-if)#endif
RP/0/7/CPU0:R1(config-rpl)#end-policy

After we end the policy, we need to commit it

RP/0/7/CPU0:R1(config)#commit

Cisco IOS XR Training Page 69

© 2012 Jeffrey Fry FryGuy.Net
Now that we have the policy committed with no errors, we can apply it to the
neighbor. We could have waited to commit, but I chose to commit there to
make sure all was OK.
RP/0/7/CPU0:R1(config)#router bgp 1
RP/0/7/CPU0:R1(config-bgp)#neighbor 2.2.2.2
RP/0/7/CPU0:R1(config-bgp-nbr)#address-family ipv4 un
RP/0/7/CPU0:R1(config-bgp-nbr-af)#route-policy R2Loopbacks in
RP/0/7/CPU0:R1(config-bgp-nbr-af)#exit
RP/0/7/CPU0:R1(config-bgp-nbr)#exit
RP/0/7/CPU0:R1(config-bgp)#exi
RP/0/7/CPU0:R1(config)#commit
Fri Mar 30 13:27:01.945 UTC
RP/0/7/CPU0:R1(config)#

Now, lets look at our BGP routing table:

RP/0/7/CPU0:R1#sh ip route bgp
Fri Mar 30 13:27:22.601 UTC

B 200.100.200.100/32 [20/0] via 2.2.2.2, 00:14:28

RP/0/7/CPU0:R1#

There we go, only getting the 200.100.200.100/32 from R2 now.

In IOS this would have looked like:

R1(config)#ip prefix-list R2Loopbacks permit 200.100.200.100/32
R1(config)#route-map R2Loopbacks
R1(config-route-map)#match ip add prefix-list R2Loopbacks
R1(config-route-map)#exit
R1(config)#router bgp 1
R1(config-router)#nei 2.2.2.2 route-map R2Loopbacks in
R1(config-router)#^Z
R1#sh ip route b
*Mar 30 14:08:53.048: %SYS-5-CONFIG_I: Configured from console by console
(After a few minutes waiting for BGP)
R1#sh ip route bgp
200.100.200.0/32 is subnetted, 1 subnets
B 200.100.200.100 [20/0] via 2.2.2.2, 00:00:20
R1#

While that might not be so bad, the power of RPL grows. This is just a quick
intro; future posts will have more and more about RPL. Some other things that
we might see are:

route-policy check ASPath

if as-path passes-through ‘65500’ then
drop
else
pass
endif
end-policy

Cisco IOS XR Training Page 70

© 2012 Jeffrey Fry FryGuy.Net
20. VRF lite and Dot1Q Trunks
Ok, time for some VRF lite basics and we can throw in some Dot1Q trunks to go
with it.

First, let’s create our VRF called LAB

RP/0/7/CPU0:R1(config)#vrf LAB

Now we need to enable the address family for this VRF, there IPv4 Unicast
RP/0/7/CPU0:R1(config-vrf)#address-family ipv4 un
RP/0/7/CPU0:R1(config-vrf-af)#exit

Now we need to enable the IPv6 address family for this VRF
RP/0/7/CPU0:R1(config-vrf)#address-family ipv6 unicast

Now we can create our Dot1Q trunk to the other router:

RP/0/7/CPU0:R1(config-vrf-af)#int g0/3/0/3.100

Little different then IOS, but this actually makes more sense
RP/0/7/CPU0:R1(config-subif)#dot1q vlan 100
RP/0/7/CPU0:R1(config-subif)#ip add 150.1.21.1/24
RP/0/7/CPU0:R1(config-subif)#ipv6 add 2001:1:1:21::1/64
RP/0/7/CPU0:R1(config-subif)#vrf LAB

Notice that I applied the VRF LAB command after configuring the IP addresses.
If this was IOS, I would have lost all that work – but since its IOS XR,
nothing takes effect until after you COMMIT the changes. 

Lets look at what will be applied and then commit it.

RP/0/7/CPU0:R1(config-subif)#show config
Fri Mar 30 14:12:06.649 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
vrf LAB
address-family ipv4 unicast
!
address-family ipv6 unicast
!
!
interface GigabitEthernet0/3/0/3.100
vrf LAB
ipv4 address 150.1.21.1 255.255.255.0
ipv6 address 2001:1:1:21::1/64
dot1q vlan 100
!
end

Cisco IOS XR Training Page 71

© 2012 Jeffrey Fry FryGuy.Net
RP/0/7/CPU0:R1(config-subif)#comm
Fri Mar 30 14:12:12.700 UTC
RP/0/7/CPU0:R1(config-subif)#
RP/0/7/CPU0:R1#

Now we should try to PING over the VRF. Remember, when PINGing over a VRF you
need to specify the VRF in the PING command.
RP/0/7/CPU0:R1#ping vrf LAB 2001:1:1:21::2
Fri Mar 30 14:17:37.291 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1:1:21::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/13/49 ms

RP/0/7/CPU0:R1#ping vrf LAB 150.1.21.2

Fri Mar 30 14:17:40.858 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.21.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
RP/0/7/CPU0:R1#

Full connectivity, there we go!

Ok, now we can toss a routing protocol over the link – say OSPF PID 100
First though, create a loopback we can advertise over that VRF,

RP/0/7/CPU0:R1#conf t
Fri Mar 30 14:39:31.441 UTC
RP/0/7/CPU0:R1(config)#int loop1000
RP/0/7/CPU0:R1(config-if)#ip add 111.111.111.111/32
RP/0/7/CPU0:R1(config-if)#vrf LAB

Now we can configure OSPF

First, define the process identifier, here 100
RP/0/7/CPU0:R1(config-if)#router ospf 100

Now to change context to VRF LAB

RP/0/7/CPU0:R1(config-ospf)#vrf LAB

Configure our Router-ID

RP/0/7/CPU0:R1(config-ospf-vrf)#router-id 111.111.111.111
RP/0/7/CPU0:R1(config-ospf-vrf)#area 0.0.0.0

And then assign the interfaces to the area

RP/0/7/CPU0:R1(config-ospf-vrf-ar)#int loop1000
RP/0/7/CPU0:R1(config-ospf-vrf-ar)#int g0/3/0/3.100
RP/0/7/CPU0:R1(config-ospf-vrf-ar-if)#exit
RP/0/7/CPU0:R1(config-ospf-vrf-ar)#exit

Cisco IOS XR Training Page 72

© 2012 Jeffrey Fry FryGuy.Net
Now we can check our config:
RP/0/7/CPU0:R1(config-ospf-vrf)#show configuration
Fri Mar 30 14:40:49.074 UTC
Building configuration...
!! IOS XR Configuration 4.1.1
interface Loopback1000
vrf LAB
ipv4 address 111.111.111.111 255.255.255.255
!
router ospf 100
vrf LAB
router-id 111.111.111.111
area 0.0.0.0
interface Loopback1000
!
interface GigabitEthernet0/3/0/3.100
!
!
!
!
end

And finally commit the changes:

RP/0/7/CPU0:R1(config-ospf-vrf)#commit
Fri Mar 30 14:40:57.984 UTC

Now, lets check our routes:

RP/0/7/CPU0:R1#sh route vrf LAB ipv4
Fri Mar 30 14:41:40.746 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

Gateway of last resort is not set

L 111.111.111.111/32 is directly connected, 00:00:40, Loopback1000

C 150.1.21.0/24 is directly connected, 00:29:26,
GigabitEthernet0/3/0/3.100
L 150.1.21.1/32 is directly connected, 00:29:26,
GigabitEthernet0/3/0/3.100
O 222.222.222.222/32 [110/2] via 150.1.21.2, 00:00:37,
GigabitEthernet0/3/0/3.100

RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 73

RP/0/7/CPU0:R1#ping vrf LAB 222.222.222.222 so loop1000

Fri Mar 30 14:41:50.331 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 222.222.222.222, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms
RP/0/7/CPU0:R1#

There you go, we have connectivity!

Cisco IOS XR Training Page 74

© 2012 Jeffrey Fry FryGuy.Net
21. Basic MPLS - LDP
Ok, time for some MPLS! For this lab I will be using the OSPF routing
protocol first, then we can move to IS-IS next. All we will be doing here is
configuring LDP

First up, lets enabled LDP on all OSPF interfaces. Normally you would do
this under each interface, but here we will use the MPLS LDP AUTOCONFIG
command. This is a good command to use as it ensures that you do not miss
configuring LDP on an interface.

RP/0/7/CPU0:R1#
RP/0/7/CPU0:R1#conf t
Sun Apr 1 18:58:04.084 UTC
RP/0/7/CPU0:R1(config)#router ospf LAB

Under the OSPF LAB process, we need to configure mpls ldp autoconfig and then
commit it.
RP/0/7/CPU0:R1(config-ospf)#mpls ldp auto
RP/0/7/CPU0:R1(config-ospf)#commit
Sun Apr 1 18:58:12.277 UTC
RP/0/7/CPU0:R1(config-ospf)#exit
RP/0/7/CPU0:R1(config)#exit

Ok, now lets see what interfaces have LDP on them

RP/0/7/CPU0:R1#sh mpls ldp int
Sun Apr 1 18:58:18.902 UTC
MPLS LDP application must be enabled to use this command

Ahh, we configured the command but never enabled MPLS LDP. Remember, if a
process is not needed – it does not run. So, lets enable the process
RP/0/7/CPU0:R1#conf t
Sun Apr 1 18:58:22.811 UTC
RP/0/7/CPU0:R1(config)#mpls ldp

Now, one thing to note on IOS XR, LDP is the only label protocol supported,
TDP is not available.
RP/0/7/CPU0:R1(config-ldp)#label ?
accept Configure inbound label acceptance control
advertise Configure outbound label advertisement control
allocate Configure label allocation control
<cr>
RP/0/7/CPU0:R1(config-ldp-lbl)#tag?
^
% Invalid input detected at '^' marker.
RP/0/7/CPU0:R1(config-ldp)#comm

Cisco IOS XR Training Page 75

© 2012 Jeffrey Fry FryGuy.Net
Now, lets check our interfaces and check for a neighbor.
RP/0/7/CPU0:R1#sh mpls ldp int
Sun Apr 1 19:04:23.402 UTC
Interface GigabitEthernet0/3/0/2 (0x4000500)
Enabled via config: IGP Auto-config
Interface GigabitEthernet0/3/0/3.100 (0x4000700)
Disabled

Yup, we see it’s enabled on g0/3/0/2 via IGP Auto-config. Nice!

Now, let’s check for a neighbor
RP/0/7/CPU0:R1#sh mpls ldp neighbor
Sun Apr 1 19:04:27.582 UTC

Peer LDP Identifier: 2.2.2.2:0

TCP connection: 2.2.2.2:35051 - 1.1.1.1:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 13/24; Downstream-Unsolicited
Up time: 00:05:57
LDP Discovery Sources:
GigabitEthernet0/3/0/2
Addresses bound to this peer:
2.2.2.2 150.1.12.2 200.100.200.100 200.200.200.200
200.200.200.201 200.200.200.202 200.200.200.203 200.200.200.204
200.200.200.205 200.200.200.206 200.200.200.207 200.200.200.208
200.200.200.209 200.200.200.210

RP/0/7/CPU0:R1#

There you can see we have LDP neighbor with router-id 2.2.2.2 (R2) on
G0/3/0/2. You can also see the ports we are using for this communication.
Our local port is 646 and the remote port is 35051.

LDP Authentication
Ok, now onto neighbor password for LDP (both directed and all)

Lets configure a password for our neighbor, 2.2.2.2, of cisco

RP/0/7/CPU0:R1#conf t
Sun Apr 1 19:39:35.480 UTC

This is done under the LDP section

RP/0/7/CPU0:R1(config)#mpls ldp
RP/0/7/CPU0:R1(config-ldp)#nei 2.2.2.2 password cisco
RP/0/7/CPU0:R1(config-ldp)#comm
Sun Apr 1 19:40:04.498 UTC

Cisco IOS XR Training Page 76

© 2012 Jeffrey Fry FryGuy.Net
Now here is something different than normal IOS, as soon as you enable
authentication – the LDP session resets and enables the password. With IOS,
you would need to clear the LDP session and allow it to re-establish.
RP/0/7/CPU0:Apr 1 19:40:06.205 : tcp[400]: %IP-TCP-3-BADAUTH : Invalid MD5
digest from 2.2.2.2:57032 to 1.1.1.1:646

Ok, I made the change to R2 so the passwords match, now we can look at our
neighbor
RP/0/7/CPU0:R1#sh mpls ldp neighbor
Sun Apr 1 19:40:33.961 UTC

Peer LDP Identifier: 2.2.2.2:0

TCP connection: 2.2.2.2:57491 - 1.1.1.1:646; MD5 on
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 7/18; Downstream-Unsolicited
Up time: 00:00:10
LDP Discovery Sources:
GigabitEthernet0/3/0/2
Addresses bound to this peer:
2.2.2.2 150.1.12.2 200.100.200.100 200.200.200.200
200.200.200.201 200.200.200.202 200.200.200.203 200.200.200.204
200.200.200.205 200.200.200.206 200.200.200.207 200.200.200.208
200.200.200.209 200.200.200.210

RP/0/7/CPU0:R1#

As you can see, next to the TCP connection, it now says MD5 on. Previously
nothing was after the port number.

You can also configure a password for any LDP session, that is done like
follows:
RP/0/7/CPU0:R1#conf t
Sun Apr 1 19:40:45.561 UTC
RP/0/7/CPU0:R1(config)#mpls ldp
RP/0/7/CPU0:R1(config-ldp)#neighbor ?
A.B.C.D IP address of neighbor
password Configure password for MD5 authentication for all neighbors
RP/0/7/CPU0:R1(config-ldp)#neighbor password cisco
RP/0/7/CPU0:R1(config-ldp)#comm
Sun Apr 1 19:40:57.167 UTC

Now any LDP session must have a password. Now remember this in case you need
to do directed LDP session some time down the road.

Cisco IOS XR Training Page 77

Changing Metrics on an interface.

To change a metric on an interface in IS-IS, it is pretty simple. Just like
before, all configuration are done under the routing protocol section of the
config, interface subsection, and address family.
RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:40:33.251 UTC
RP/0/7/CPU0:R1(config)#router ISIS LAB
RP/0/7/CPU0:R1(config-isis)#int g0/3/0/2
RP/0/7/CPU0:R1(config-isis-if)#address-family ipv4 un
RP/0/7/CPU0:R1(config-isis-if-af)#metric 20
RP/0/7/CPU0:R1(config-isis-if-af)#

And to check:
RP/0/7/CPU0:R1#sh isis interface g0/3/0/2
Sun Apr 1 22:42:11.124 UTC

GigabitEthernet0/3/0/2 Enabled
Adjacency Formation: Enabled
Prefix Advertisement: Enabled
<--SNIP – Information removed for brevity -->

IPv4 Unicast Topology: Enabled

Adjacency Formation: Running
Prefix Advertisement: Running
Metric (L1/L2): 20/20
MPLS LDP Sync (L1/L2): Disabled/Disabled
IPv6 Unicast Topology: Enabled
Adjacency Formation: Running
Prefix Advertisement: Running
Metric (L1/L2): 10/10
MPLS LDP Sync (L1/L2): Disabled/Disabled

IPv4 Address Family: Enabled

Protocol State: Up
Forwarding Address(es): 150.1.12.1
Global Prefix(es): 150.1.12.0/24
IPv6 Address Family: Enabled
Protocol State: Up
Forwarding Address(es): fe80::201:c9ff:fee8:dd7c
Global Prefix(es): 2001:1:1:12::/64

LSP transmit timer expires in 0 ms

LSP transmission is idle
Can send up to 9 back-to-back LSPs in the next 0 ms
RP/0/7/CPU0:R1#

As you can see, IPv4 now has a metric of 20 whereas IPv6 has the default
metric of 10.

Cisco IOS XR Training Page 78

To make an interface passive, is very simple.

RP/0/7/CPU0:R1#conf t
Sun Apr 1 22:45:10.308 UTC
RP/0/7/CPU0:R1(config)#router isis LAB

Change to the interface uder the protocol

RP/0/7/CPU0:R1(config-isis)#int loop0

And set it as passive.

RP/0/7/CPU0:R1(config-isis-if)#passive
RP/0/7/CPU0:R1(config-isis-if)#commit

Authentication
Time to configure IS-IS authentication. Again, all this is done under the
routing process – makes keeping all relevant changes very close together.

RP/0/7/CPU0:R1(config)#router ISIS LAB

RP/0/7/CPU0:R1(config-isis)#inter g0/3/0/2

Now, to configure authentication we need to set the hello-password. As you

can see we have some options listed – but for this lab we will use hmac-md5.
RP/0/7/CPU0:R1(config-isis-if)#hello-password ?
WORD The unencrypted (clear text) hello password
accept Use password for incoming authentication only
clear Specifies an unencrypted password will follow
encrypted Specifies an encrypted password will follow
hmac-md5 Use HMAC-MD5 authentication
keychain Specifies a Key Chain name will follow
text Use cleartext password authentication
RP/0/7/CPU0:R1(config-isis-if)#hello-password hmac-md5 cisco

Now before we commit, let’s look at our neighbors

RP/0/7/CPU0:R1(config-isis-if)#do show isis neighbors
Sun Apr 1 22:49:07.800 UTC

IS-IS LAB neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
GSR-R2 Gi0/3/0/2 00d0.7901.3a78 Up 7 L2 Capable

Total neighbor count: 1

RP/0/7/CPU0:R1(config-isis-if)#commit
Sun Apr 1 22:49:10.443 UTC
RP/0/7/CPU0:R1(config-isis-if)#
RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 79

© 2012 Jeffrey Fry FryGuy.Net
You may or may not have to clear the process; I did not and was able to catch
this in the log with regards to ISIS neighbor authentication failure.
RP/0/7/CPU0:Apr 1 22:52:58.265 : isis[1003]: %ROUTING-ISIS-5-
AUTH_FAILURE_DROP : Dropped L2 LAN IIH from GigabitEthernet0/3/0/2 SNPA
00d0.7901.3a78 due to authentication TLV not found

Once I configured the password on the other router, we have neighbors again!
RP/0/7/CPU0:R1#sh isis neighbors
Sun Apr 1 22:55:55.066 UTC

IS-IS LAB neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
GSR-R2 Gi0/3/0/2 00d0.7901.3a78 Up 7 L2 Capable

Total neighbor count: 1

RP/0/7/CPU0:R1#

Cisco IOS XR Training Page 80

© 2012 Jeffrey Fry FryGuy.Net
22. MPLS VPN
Next up is MPLS VPN; actually VPNv4 routes are what these actually are since
we are only passing IPv4 traffic in this example.

So we have this diagram below – CE1 and CE2 are the customer routers and both
are running OSPF in Area 0. Then need to talk to each other but do not have
a direct connection available, so they have contracted us to provide
connectivity via MPLS between them. What we will now do is build a pseudo
MPLS network between PE1 and PE2, establish an iBGP peering, create the
associated customer VRF and then peer with the customer via OSPF Area 0.
CE1 CE2

Router Router

OSPF OSPF
Area 0 Area 0

ISIS Level 2

MPLS

Router Router

PE1 PE2

So, first up lets configure CE1 using an IP of 10.3.3.3/32 for the loopback
and 10.1.13.3/24 for the link facing PE1.

CE1#conf t
Enter configuration commands, one per line. End with CNTL/Z.

First up, Loopback 0. Since this is IOS, you will need to use the full dotted
decimal subnet mask
CE1(config)#int loop0
CE1(config-if)#ip add 10.3.3.3 255.255.255.255

Cisco IOS XR Training Page 81

© 2012 Jeffrey Fry FryGuy.Net
Now for the interface facing the PE (here f0/0)
CE1(config-if)#int f0/0
CE1(config-if)#ip add 10.1.13.3 255.255.255.0
CE1(config-if)#no shut
CE1(config-if)#^Z
CE1#

Ok, now lets get CE2 done since it basically the same – but here we will use
10.4.4.4/32 and 10.4.24.4/24
CE2#conf t
Enter configuration commands, one per line. End with CNTL/Z.

First up, Loopback 0. Since this is IOS, you will need to use the full dotted
decimal subnet mask
CE2(config)#int loop0
CE2(config-if)#ip add 10.3.4.4 255.255.255.255

Now for the interface facing the PE (here f0/0)

CE2(config-if)#int f0/0
CE2(config-if)#ip add 10.1.24.4 255.255.255.0
CE2(config-if)#no shut
CE2(config-if)#^Z
CE2#

Now we can do the OSPF configs for these routers. Since this is a lab, I am
just going to put the 10/8 network in Area 0. So, first up - CE1
CE1(config)#router ospf 1
CE1(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE1(config-router)#

And now CE2:

CE2(config)# router ospf 1
CE2(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE2(config-router)#

Easy part done, now to build the PE nework.

For the PE network we are going to use ISIS for our internal routing protocol
and then use BGP on top of that to connect the routers together to pass the
VPNv4 routes. Why ISIS you ask? It is because you can use one process for
IPv4 and IPv6 traffic. With OSPF you need to run two processes, OSPF for
IPv4 and OSPFv3 for IPv6. A single process makes it easier to support as
well as if new protocols come around, ISIS won’t really care since it is not
IP based (CLNS based).

Cisco IOS XR Training Page 82

© 2012 Jeffrey Fry FryGuy.Net
Now it is time to get some IP addresses on PE1. We will use G0/1/0/11 for
connection to PE2 and also create Loopback0. The IPs for the connection to
PE2 will be 150.1.12.0/24 and the Loopback will be 150.1.1.1/32.

RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 00:34:18.971 UTC
RP/0/RSP0/CPU0:R1(config)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-if)#ip add 150.1.12.1/24
RP/0/RSP0/CPU0:R1(config-if)#no shut
RP/0/RSP0/CPU0:R1(config-if)#commit
Fri Apr 20 00:34:25.555 UTC
RP/0/RSP0/CPU0:R1(config-if)#
RP/0/RSP0/CPU0:R1(config-if)#int loop0
RP/0/RSP0/CPU0:R1(config-if)#ip add 150.1.1.1/32
RP/0/RSP0/CPU0:R1(config-if)#commit
Fri Apr 20 00:34:39.839 UTC
RP/0/RSP0/CPU0:R1(config-if)#

Ok, lets get PE2 done now and test the interface connectivity. After we
confirm that, we can do ISIS.
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 00:35:39.031 UTC
RP/0/RSP0/CPU0:R2(config)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-if)#ip add 150.1.12.2/24
RP/0/RSP0/CPU0:R2(config-if)#no shut
RP/0/RSP0/CPU0:R2(config-if)#int loop0
RP/0/RSP0/CPU0:R2(config-if)#ip add 150.2.2.2/32
RP/0/RSP0/CPU0:R2(config-if)#comm
Fri Apr 20 00:35:54.565 UTC
RP/0/RSP0/CPU0:R2(config-if)#

Ok, now lets do a PING test to see if we have connectivity:

RP/0/RSP0/CPU0:R2#ping 150.1.12.1
Fri Apr 20 00:36:09.946 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#

Good, now onto ISIS.

For this we will use ISIS area 49.0000.0000.000X.00 where X = Router number
and Level-2 only area.

PE1:
Lets define the routing process - Core
RP/0/RSP0/CPU0:R1(config)#router isis Core

Set are Network ID

RP/0/RSP0/CPU0:R1(config-isis)#net 49.0000.0000.0001.00

Cisco IOS XR Training Page 83

Set the loopback interface into ISIS and place it in PASSIVE mode
RP/0/RSP0/CPU0:R1(config-isis)#int loop0
RP/0/RSP0/CPU0:R1(config-isis-if)#passive
RP/0/RSP0/CPU0:R1(config-isis-if)#address-family ipv4 un
RP/0/RSP0/CPU0:R1(config-isis-if-af)#exit

Now for g0/1/0/11

RP/0/RSP0/CPU0:R1(config-isis-if)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-isis-if)#address-family ipv4 unicast
RP/0/RSP0/CPU0:R1(config-isis-if-af)#exit

And finally, commit our changes.

RP/0/RSP0/CPU0:R1(config-isis-if)#commit
Fri Apr 20 01:02:31.714 UTC

Now, lets get PE2 setup the same way:

RP/0/RSP0/CPU0:R2(config)#router isis Core
RP/0/RSP0/CPU0:R2(config-isis)#net 49.0000.0000.0002.00
RP/0/RSP0/CPU0:R2(config-isis)#is-type level-2
RP/0/RSP0/CPU0:R2(config-isis)#int loop0
RP/0/RSP0/CPU0:R2(config-isis-if)#passive
RP/0/RSP0/CPU0:R2(config-isis-if)#address-family ipv4 u
RP/0/RSP0/CPU0:R2(config-isis-if-af)#exit
RP/0/RSP0/CPU0:R2(config-isis-if)#exit
RP/0/RSP0/CPU0:R2(config-isis)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-isis-if)#address-family ipv4 un
RP/0/RSP0/CPU0:R2(config-isis-if-af)#exit
RP/0/RSP0/CPU0:R2(config-isis-if)#commit

Ok, lets check our ISIS neighbors

RP/0/RSP0/CPU0:R2#sh isis neighbors
Fri Apr 20 01:10:31.813 UTC

IS-IS Core neighbors:

System Id Interface SNPA State Holdtime Type IETF-NSF
R1 Gi0/1/0/11 6c9c.ed26.ab91 Up 22 L2 Capable

Total neighbor count: 1

RP/0/RSP0/CPU0:R2#

Yup, all neighbored up. Time to check the routes:

RP/0/RSP0/CPU0:R2#sh ip route isis
Fri Apr 20 01:10:54.269 UTC

i L2 150.1.1.1/32 [115/10] via 150.1.12.1, 00:07:06, GigabitEthernet0/1/0/11

RP/0/RSP0/CPU0:R2#

Cisco IOS XR Training Page 84

© 2012 Jeffrey Fry FryGuy.Net
Cool, we have a Level2 route to 150.1.1.1 via R1. Now, lets PING to make
sure.
RP/0/RSP0/CPU0:R2#ping 150.1.1.1 so l0
Fri Apr 20 01:11:26.132 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#

Connectivity is working, cool!

Next up, LDP.

First up PE1:
RP/0/RSP0/CPU0:R1(config)#mpls ldp

Like all other IOS XR commands, you assign the interfaces under the protocol.
RP/0/RSP0/CPU0:R1(config-ldp)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-ldp-if)#comm
Fri Apr 20 01:18:00.216 UTC
RP/0/RSP0/CPU0:R1(config-ldp-if)#

Ok, PE2
RP/0/RSP0/CPU0:R2(config)#mpls ldp
RP/0/RSP0/CPU0:R2(config-ldp)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-ldp-if)#comm
Fri Apr 20 01:18:08.116 UTC

Now lets check our LDP neighbors:

RP/0/RSP0/CPU0:R2#sh mpls ldp neighbor
Fri Apr 20 01:21:21.957 UTC

Peer LDP Identifier: 150.1.1.1:0

TCP connection: 150.1.1.1:646 - 150.2.2.2:43857
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 12/10; Downstream-Unsolicited
Up time: 00:00:26
LDP Discovery Sources:
GigabitEthernet0/1/0/11
Addresses bound to this peer:
150.1.1.1 150.1.12.1

RP/0/RSP0/CPU0:R2#

Cool, we have a LDP session with PE1 and we can see the IPs bound to the
peer.

We are getting there, we still have BGP, VRF, and the OSPF configuration to
do yet. We will save the BGP part until last – so for now, VRF time.

Cisco IOS XR Training Page 85

© 2012 Jeffrey Fry FryGuy.Net
For this example, we will call our VRF R3R4 since we are connecting R3 (CE1)
and R4 (CE2).
PE1 up first:
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 01:38:35.869 UTC

Lets define the name of our VRF

RP/0/RSP0/CPU0:R1(config)#vrf R3R4

Now we need to configure the appropriate address family, ipv4 unicast.

RP/0/RSP0/CPU0:R1(config-vrf)# address-family ipv4 unicast

Now we need to define our route-targets that we are going to import, and
export. What is a route-target? Quickly it is a 64-bit BGP community that is
used for tagging prefixes, making every prefix unique and also allows the
remote PE routers to know what routes belong to what VRF (import).
For this example, we will use 100:100 for both.

RP/0/RSP0/CPU0:R1(config-vrf-af)# import route-target

RP/0/RSP0/CPU0:R1(config-vrf-import-rt)# 100:100
RP/0/RSP0/CPU0:R1(config-vrf-import-rt)# export route-target
RP/0/RSP0/CPU0:R1(config-vrf-export-rt)# 100:100

And commit the changes.

RP/0/RSP0/CPU0:R1(config-vrf-export-rt)#commit
Fri Apr 20 01:38:39.866 UTC

Now we can create the same VRF with the same route-targets:
RP/0/RSP0/CPU0:R2(config)#vrf R3R4
RP/0/RSP0/CPU0:R2(config-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-vrf-af)# import route-target
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)# 100:100
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)# export route-target
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)# 100:100
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)#comm
Fri Apr 20 01:45:18.380 UTC

Ok, time to check to see if the VRF is there:

RP/0/RSP0/CPU0:R2#sh vrf R3R4
Fri Apr 20 01:45:52.204 UTC
VRF RD RT AFI SAFI
R3R4 100:100 import 100:100 IPV4 Unicast
export 100:100 IPV4 Unicast
RP/0/RSP0/CPU0:R2#

Yup, we have a VRF. Now we can assign the interfaces facing the CE routers
to the appropriate VRF, configure the IP addresses, and then do a PING test
across the interface.

Cisco IOS XR Training Page 86

Lets get to our interface, G0/1/0/19

RP/0/RSP0/CPU0:R1(config)#interface GigabitEthernet0/1/0/19

Now we can assign the VRF of R3R4

RP/0/RSP0/CPU0:R1(config-if)# vrf R3R4

Configure our IP
RP/0/RSP0/CPU0:R1(config-if)# ipv4 address 10.1.13.1 255.255.255.0

Since this is a 100M link, we will need to hard code it for the GBICs sake.
RP/0/RSP0/CPU0:R1(config-if)# speed 100

And Commit our changes

RP/0/RSP0/CPU0:R1(config-if)#comm
Fri Apr 20 01:48:51.120 UTC
RP/0/RSP0/CPU0:R1(config-if)#

Once that is done, let do PE2 the same way.

PE2:
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 01:48:45.677 UTC
RP/0/RSP0/CPU0:R2(config)#interface GigabitEthernet0/1/0/19
RP/0/RSP0/CPU0:R2(config-if)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-if)# ipv4 address 10.1.24.2 255.255.255.0
RP/0/RSP0/CPU0:R2(config-if)# speed 100
RP/0/RSP0/CPU0:R2(config-if)#commit
Fri Apr 20 01:48:51.059 UTC
RP/0/RSP0/CPU0:R2(config-if)#

Now we can test a ping from PE1 to CE1 and PE2 to CE2.
RP/0/RSP0/CPU0:R1#ping 10.1.13.3
Fri Apr 20 01:57:01.969 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.13.3, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
RP/0/RSP0/CPU0:R1#

Hmm, that failed – why? Well, when an interface lives in a VRF, you need to
PING from that VRF. Lets try that again using VRF R3R4
RP/0/RSP0/CPU0:R1#ping vrf R3R4 10.1.13.3
Fri Apr 20 01:57:11.522 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Cisco IOS XR Training Page 87

© 2012 Jeffrey Fry FryGuy.Net
There, that worked. Lets check R2
RP/0/RSP0/CPU0:R2#ping vrf R3R4 10.1.24.4
Fri Apr 20 01:56:49.742 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#

Ok, we have connectivity. Now we can get OSPF working between the PE and the
CEs.

First up, PE1

We need to specify what we want to call our OSPF process, here I just used
R3R4
RP/0/RSP0/CPU0:R1(config)#router ospf R3R4

Now we need to configure OSPF for the VRF

RP/0/RSP0/CPU0:R1(config-ospf)# vrf R3R4

Now for the area

RP/0/RSP0/CPU0:R1(config-ospf-vrf)# area 0

And then place the interfaces that we want in area 0

RP/0/RSP0/CPU0:R1(config-ospf-vrf-ar)# interface GigabitEthernet0/1/0/19

And commit our changes ( I just hit CTRL-Z)

Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:yes
RP/0/RSP0/CPU0:R1#

Ok, that is PE1 – now for PE2

RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 02:13:03.521 UTC
RP/0/RSP0/CPU0:R2(config)#router ospf R3R4
RP/0/RSP0/CPU0:R2(config-ospf)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# area 0
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar)# interface GigabitEthernet0/1/0/19
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar-if)#exit
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar)# exit
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# exit
RP/0/RSP0/CPU0:R2(config-ospf)#com
Fri Apr 20 02:13:14.843 UTC
RP/0/RSP0/CPU0:R2(config-ospf)#

Cisco IOS XR Training Page 88

© 2012 Jeffrey Fry FryGuy.Net
Ok, PE2 done. Now we can check for OSPF neighbor in that VRF.
To do that, we need to use the following command: show ospf (OSPF Process)
vrf (VRF Name) neighbor
RP/0/RSP0/CPU0:R1#sh ospf R3R4 vrf R3R4 neighbor
Fri Apr 20 02:18:16.826 UTC

* Indicates MADJ interface

Neighbors for OSPF R3R4, VRF R3R4

Neighbor ID Pri State Dead Time Address Interface

10.3.3.3 1 FULL/DR 00:00:39 10.1.13.3
GigabitEthernet0/1/0/19
Neighbor is up for 00:00:05

Total neighbor count: 1

RP/0/RSP0/CPU0:R1#

Ok, lets check PE2:

RP/0/RSP0/CPU0:R2#sh ospf R3R4 vrf R3R4 neighbor
Fri Apr 20 02:19:19.588 UTC

* Indicates MADJ interface

Neighbors for OSPF R3R4, VRF R3R4

Neighbor ID Pri State Dead Time Address Interface

10.4.4.4 1 FULL/DR 00:00:39 10.1.24.4
GigabitEthernet0/1/0/19
Neighbor is up for 00:00:03

Total neighbor count: 1

RP/0/RSP0/CPU0:R2#

Ok, both PE routers are neighbored up with the CE routers.

Now, if we look at CE1’s routing table – what will we see?

CE1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

Cisco IOS XR Training Page 89

© 2012 Jeffrey Fry FryGuy.Net
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
CE1#

We only see our local routes, nothing from CE2 yet. This is because we have
not built the VPNv4 session between PE1 and PE2 yet. We need to configure
BGP VPNv4 in order to get the two PE routers to pass the tagged routes to
each other. So, onto BGP we go!

For this we will peer with PE2 loopback (150.2.2.2) using AS 1.

PE1 first:
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 02:21:32.174 UTC

First we define our BGP process and AS number

RP/0/RSP0/CPU0:R1(config)#router bgp 1

Enable vpv4 address family

RP/0/RSP0/CPU0:R1(config)#address-family vpnv4 unicast

Now we can configure our neighbor and all the info.

RP/0/RSP0/CPU0:R1(config-bgp-af)# neighbor 150.2.2.2
RP/0/RSP0/CPU0:R1(config-bgp-nbr)# remote-as 1

Remember to specify the loopback as the update-source

RP/0/RSP0/CPU0:R1(config-bgp-nbr)# update-source Loopback0

Now we can enable VPNv4 address family with that neighbor

RP/0/RSP0/CPU0:R1(config-bgp-nbr)# address-family vpnv4 unicast

Now we can configure the VRF parameters that BGP needs to know
First define our VRF
RP/0/RSP0/CPU0:R1(config-bgp-nbr-af)# vrf R3R4

Assign our Route Distinguisher (RD)

RP/0/RSP0/CPU0:R1(config-bgp-vrf)# rd 100:100

Enable IPv4 Unicse for this VRF

RP/0/RSP0/CPU0:R1(config-bgp-vrf)# address-family ipv4 unicast

And finally redistribute our OSPF learned routes into BGP VRF R3R4
RP/0/RSP0/CPU0:R1(config-bgp-vrf-af)# redistribute ospf R3R4 match internal
external
RP/0/RSP0/CPU0:R1(config-bgp-vrf-af)# ^Z

Uncommitted changes found, commit them before exiting(yes/no/cancel)?

[cancel]:yes
RP/0/RSP0/CPU0:R1#

Cisco IOS XR Training Page 90

© 2012 Jeffrey Fry FryGuy.Net
Ok, now that that is done – we need to do the same thing on PE2
RP/0/RSP0/CPU0:R2(config)#router bgp 1
RP/0/RSP0/CPU0:R2(config-bgp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-af)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-af)# neighbor 150.1.1.1
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# update-source Loopback0
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-nbr-af)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-bgp-vrf)# rd 100:100
RP/0/RSP0/CPU0:R2(config-bgp-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-vrf-af)# redistribute ospf R3R4 match internal
external
RP/0/RSP0/CPU0:R2(config-bgp-vrf-af)#exit
RP/0/RSP0/CPU0:R2(config-bgp-vrf)#exit
RP/0/RSP0/CPU0:R2(config-bgp-vrf)#comm
Fri Apr 20 02:27:10.491 UTC

Ok, since this is a VPNv4 neighbor we need to check to see if we are

neighbored up:
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast summary
Fri Apr 20 02:28:05.467 UTC
BGP router identifier 150.2.2.2, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3889240856
BGP main routing table version 25
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.

Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer

StandbyVer
Speaker 25 25 25 25 25
25

Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

St/PfxRcd
150.1.1.1 0 1 14168 14173 25 0 0 00:00:48
2

RP/0/RSP0/CPU0:R2#

Yup, we are up and we can see what we are receiving 2 prefixes as well!
Wonder what they are? To find out, use the show bgp vpnv4 unicast command
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast
Fri Apr 20 02:29:01.202 UTC
BGP router identifier 150.2.2.2, local AS number 1
BGP generic scan interval 60 secs

Cisco IOS XR Training Page 91

© 2012 Jeffrey Fry FryGuy.Net
BGP table state: Active
Table ID: 0x0 RD version: 3889240856
BGP main routing table version 25
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf R3R4)
*>i10.1.13.0/24 150.1.1.1 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*>i10.3.3.3/32 150.1.1.1 2 100 0 ?
*> 10.4.4.4/32 10.1.24.4 2 32768 ?

Processed 4 prefixes, 4 paths

RP/0/RSP0/CPU0:R2#

Nice, we can see we have routes from CE1 and CE2.

Now, lets see if CE1 has routes to CE2

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
CE1#

Nope, hmm. What did we forget? I know, we redistributed OSPF into BGP, but
we did not redistribute BGP into OSPF. Lets get that fixed.

PE1:
RP/0/RSP0/CPU0:R1(config)#router ospf R3R4
RP/0/RSP0/CPU0:R1(config-ospf)#vrf R3R4
RP/0/RSP0/CPU0:R1(config-ospf-vrf)# redistribute bgp 1
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#comm
Fri Apr 20 02:31:44.637 UTC
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#

Cisco IOS XR Training Page 92

© 2012 Jeffrey Fry FryGuy.Net
And on PE2:
RP/0/RSP0/CPU0:R2(config)#router ospf R3R4
RP/0/RSP0/CPU0:R2(config-ospf)#vrf R3R4
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# redistribute bgp 1
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# ^Z
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:yes
RP/0/RSP0/CPU0:R2#

Ok, lets check CE1 for routes to CE2 now

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O IA 10.4.4.4/32 [110/12] via 10.1.13.1, 00:00:51, FastEthernet0/0
O IA 10.1.24.0/24 [110/11] via 10.1.13.1, 00:00:51, FastEthernet0/0
CE1#

There they are, lets do a PING

CE1#ping 10.4.4.4 so l0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CE1#

Nice, we can PING!

Now, one other thing that you should notice with the CE1 routing table,
routes to CE2 are seen as O IA, OSPF InterArea routes. This is what is
expected when you run the same CE OSPF process ID over a MPLS network – the
BGP will carry the extra attributes creating what is called a Super Backbone.
When we decode the BGP route information using the show bgp vpnv4 unicast vrf
R3R4 10.1.13.0/24 command, we get the following output - notice the extended
community information, this is where the extra information is carried. We
will actually pull up both 10.1.13.0 and 10.1.14.0 so you can see.

Cisco IOS XR Training Page 93

© 2012 Jeffrey Fry FryGuy.Net
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast vrf R3R4 10.1.13.0
Fri Apr 20 02:45:47.177 UTC
BGP routing table entry for 10.1.13.0/24, Route Distinguisher: 100:100
Versions:
Process bRIB/RIB SendTblVer
Speaker 24 24
Last Modified: Apr 20 02:27:22.347 for 00:18:24
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
150.1.1.1 (metric 10) from 150.1.1.1 (150.1.1.1)
Received Label 16001
Origin incomplete, metric 0, localpref 100, valid, internal, best,
group-best, import-candidate, imported
Received Path ID 0, Local Path ID 1, version 24
Extended community: RT:100:100 OSPF route-type:0:2:0x0 OSPF router-
id:150.1.1.1
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast vrf R3R4 10.1.24.0
Fri Apr 20 03:23:37.990 UTC
BGP routing table entry for 10.1.24.0/24, Route Distinguisher: 100:100
Versions:
Process bRIB/RIB SendTblVer
Speaker 20 20
Local Label: 16001
Last Modified: Apr 20 02:19:16.347 for 01:04:21
Paths: (1 available, best #1)
Advertised to peers (in unique update groups):
150.1.1.1
Path #1: Received by speaker 0
Advertised to peers (in unique update groups):
150.1.1.1
Local
0.0.0.0 from 0.0.0.0 (150.2.2.2)
Origin incomplete, metric 0, localpref 100, weight 32768, valid,
redistributed, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 20
Extended community: RT:100:100 OSPF route-type:0:2:0x0 OSPF router-
id:150.2.2.2
RP/0/RSP0/CPU0:R2#

There is a way to prevent this from happening and that is to create a Domain-
ID for the OSPF process on one of the PE routers.
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 03:30:11.463 UTC

Navigate to the OSPF VRF process

Cisco IOS XR Training Page 94

Now, lets see what Domain-id types we have – See RFC 4577 for more info on
these.
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type ?
0005 Type 0x0005
0105 Type 0x0105
0205 Type 0x0205
8005 Type 0x8005
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type 0005 value ?
WORD OSPF domain ID ext. community value in Hex (6 octets)

Now lets set it to a value

RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type 0105 value AABBCCDDEEFF

When you do this, the routes on CE are now E2 routes:

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O E2 10.4.4.4/32 [110/2] via 10.1.13.1, 01:04:24, FastEthernet0/0
O E2 10.1.24.0/24 [110/1] via 10.1.13.1, 01:04:24, FastEthernet0/0
CE1#

This can also work in reverse, if you want to create a SuperBackbone but the
OSPF processes are different, you can set the domain-id to be the same.
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#domain-id type 0105 value AABBCCDDEEFF

CE1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
ia - IS-IS inter area, * - candidate default, U - per-user
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Cisco IOS XR Training Page 95

© 2012 Jeffrey Fry FryGuy.Net
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O IA 10.4.4.4/32 [110/12] via 10.1.13.1, 00:00:04, FastEthernet0/0
O IA 10.1.24.0/24 [110/11] via 10.1.13.1, 00:00:04, FastEthernet0/0
CE1#
There, back to IA routes again.
There is much more to domain-id, but I will save that for another day.

Cisco IOS XR Training Page 96

© 2012 Jeffrey Fry FryGuy.Net
23. L2VPN
Ok, now it is time for some L2VPN. Here we will use the same diagram as
before, but instead of providing MPLS VPN between CE1 and CE2, we are going
to create a L2VPN so that CE1 and CE2 think that they are directly connected
to each other.

First up, CE1

CE1(config-if)#int f0/0
CE1(config-if)#ip add 10.1.34.3 255.255.255.0
CE1(config-if)#int l0
CE1(config-if)#ip add 10.1.3.3 255.255.255.255
CE1(config-if)#router ospf 1
CE1(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE1(config-router)#

Now CE2

Cisco IOS XR Training Page 97

© 2012 Jeffrey Fry FryGuy.Net
CE2(config-if)#ip add 10.1.34.4 255.255.255.0
CE2(config-if)#int l0
CE2(config-if)#ip add 10.4.4.4 255.255.255.255
CE2(config-if)#router ospf 1
CE2(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE2(config-router)#

Ok, now time for the PE routers.

PE1:
First, lets reset the interface to all its defaults:
RP/0/RSP0/CPU0:PE1(config)#default interface g0/1/0/19
RP/0/RSP0/CPU0:PE1(config)#commit
Now PE2:
RP/0/RSP0/CPU0:PE2(config)#default interface g0/1/0/19
RP/0/RSP0/CPU0:PE2(config)#commit

Now, lets kill our OSPF sessions. On both routers:

PE1:
RP/0/RSP0/CPU0:PE1(config)#no router ospf 100
RP/0/RSP0/CPU0:PE1(config)#commit
PE2:
RP/0/RSP0/CPU0:PE2(config)#no router ospf 100
RP/0/RSP0/CPU0:PE2(config)#commit

OK, now we can build out L2VPN cross-connects.

Fist up, we need to get to the L2VPN configuration
RP/0/RSP0/CPU0:PE1(config)#l2vpn

Now to configure our X-Connect group

RP/0/RSP0/CPU0:PE1(config-l2vpn)#xconnect group R3R4

And our Point-to-Point settings

RP/0/RSP0/CPU0:PE1(config-l2vpn-xc)#p2p R3_to_R4

Place the interface in the P2P group R3_to_R4

RP/0/RSP0/CPU0:PE1(config-l2vpn-xc-p2p)#interface g0/1/0/19

Specify our Neighbor for this with a pseudowire ID (think of it as a circuit

ID) and then commit our changes
RP/0/RSP0/CPU0:PE1(config-l2vpn-xc-p2p)#neighbor 150.2.2.2 pw-id 304
RP/0/RSP0/CPU0:PE1(config-l2vpn-xc-p2p-pw)#comm

Now, this is unique to our CE devices, we need to specify the speed in order
to get the interfaces up as the CE routers here do not support Gigabit
Ethernet
RP/0/RSP0/CPU0:PE2(config-if)#int g0/1/0/19
RP/0/RSP0/CPU0:PE2(config-if)#spee 100
RP/0/RSP0/CPU0:PE2(config-if)#comm

Now for PE2:

Cisco IOS XR Training Page 98

© 2012 Jeffrey Fry FryGuy.Net
RP/0/RSP0/CPU0:PE2(config)#l2vpn
RP/0/RSP0/CPU0:PE2(config-l2vpn)#xconnect group R3R4
RP/0/RSP0/CPU0:PE2(config-l2vpn-xc)#p2p R3_to_R4
RP/0/RSP0/CPU0:PE2(config-l2vpn-xc-p2p)#interface g0/1/0/19

The Pseudo-wire ID must match.

RP/0/RSP0/CPU0:PE2(config-l2vpn-xc-p2p)#neighbor 150.1.1.1 pw-id 304
RP/0/RSP0/CPU0:PE2(config-l2vpn-xc-p2p-pw)#comm
RP/0/RSP0/CPU0:PE2(config-if)#int g0/1/0/19
RP/0/RSP0/CPU0:PE2(config-if)#spee 100
RP/0/RSP0/CPU0:PE2(config-if)#comm

Now we can look at our L2VPN Cross-connects

RP/0/RSP0/CPU0:PE1#sh l2vpn xconnect

Tue Apr 24 03:40:36.619 UTC

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready

XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
--------------------- ------------------ -------------------------
R3R4 R3_to_R4 UP Gi0/1/0/19 UP 150.2.2.2 304 UP
----------------------------------------------------------------------
RP/0/RSP0/CPU0:PE1#

There you go, that looks good. Now, can we PING between CE1 and CE2?
CE1#p 10.1.34.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.34.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Yup, PING works. Hmm, wonder what CDP looks like?

CE1#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

CE2 Fas 0/0 160 R S I 2811 Fas 0/0
CE1#

Now if we look at OSPF:

CE1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

Cisco IOS XR Training Page 99

All neighbored up! That means we should be able to PING between loopback
interfaces:
CE1#p 10.4.4.4 so l0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.1.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CE1#

Cisco IOS XR Training Page 100

© 2012 Jeffrey Fry FryGuy.Net
24. NHRP ( HSRP & VRRP)
Next Hop Resolution Protocol comes in two fashions on the IOS XR. The first
is Cisco proprietary and called Hot-Standby Router Protocol or HSRP and the
other is the industry standard called Virtual Router Redundancy protocol or
VRRP.

This is something that many customers use in order to maintain the

availability of a default gateway on the network. If your customer uses a
static route to a next hop, you might be using this as well.

Like everything else with IOS XR, NHRP is handled a little differently. With
IOS, you configure your standby commands under the interfaces; in IOS XR you
use ROUTER HSRP or Router VRRP.

For this lab we will use interface Te0/1/0/0 and a subnet of 150.1.12.0/24.

First up R1:
RP/0/RSP0/CPU0:R1(config)#int tenGigE 0/1/0/0
RP/0/RSP0/CPU0:R1(config-if)#ip add 150.1.12.1/24
RP/0/RSP0/CPU0:R1(config-if)#no shut
RP/0/RSP0/CPU0:R1(config-if)#commit
RP/0/RSP0/CPU0:R1(config-if)#

Now R2:
RP/0/RSP0/CPU0:R2(config)#int tenGigE 0/1/0/0
RP/0/RSP0/CPU0:R2(config-if)#ip add 150.1.12.2/24
RP/0/RSP0/CPU0:R2(config-if)#no shut
RP/0/RSP0/CPU0:R2(config-if)#commit

Now we should test PING from R1 to R2:

RP/0/RSP0/CPU0:R1#ping 150.1.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RSP0/CPU0:R1#

Good, we have connectivity.

Cisco IOS XR Training Page 101

First thing, from config mode, enter router hsrp

RP/0/RSP0/CPU0:R1(config)#router hsrp

Now we tell it what interface we are configuring HSRP under

RP/0/RSP0/CPU0:R1(config-hsrp)#interface tenGigE 0/1/0/0

And then we configure our HSRP ID and associated information. Instead of

using the standby command, we are using the HSRP command.
RP/0/RSP0/CPU0:R1(config-hsrp-if)#hsrp 100 ipv4 150.1.12.100
RP/0/RSP0/CPU0:R1(config-hsrp-if)#hsrp 100 priority 150
RP/0/RSP0/CPU0:R1(config-hsrp-if)#hsrp 100 preempt
RP/0/RSP0/CPU0:R1(config-hsrp-if)#hsrp 100 authentication cisco
RP/0/RSP0/CPU0:R1(config-hsrp-if)#exit
RP/0/RSP0/CPU0:R1(config-hsrp)#exit
RP/0/RSP0/CPU0:R1(config)#exit

And save your changes!

Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:yes

Ok, now to configure R2

RP/0/RSP0/CPU0:R2(config)#router hsrp
RP/0/RSP0/CPU0:R2(config-hsrp)#interface tenGigE 0/1/0/0
RP/0/RSP0/CPU0:R2(config-hsrp-if)#hsrp 100 ipv4 150.1.12.100
RP/0/RSP0/CPU0:R2(config-hsrp-if)#hsrp preempt
RP/0/RSP0/CPU0:R2(config-hsrp-if)#hsrp authentication cisco
RP/0/RSP0/CPU0:R2(config-hsrp-if)#comm

Back to R1 to validate HSRP

RP/0/RSP0/CPU0:R1#sh hsrp
P indicates configured to preempt.
|
Interface Grp Pri P State Active addr Standby addr Group addr
Te0/1/0/0 100 150 P Active local 150.1.12.2 150.1.12.100
RP/0/RSP0/CPU0:R1#

There we go, we now have HSRP on R1 active with R2 as standby.

Cisco IOS XR Training Page 102

One thing cool about VRRP, you don’t have to burn an IP address just for the
virtual. You can use an actual physical IP address of a router. If that
router goes off-line, then the other router will just assume the IP address.

R1 up first, and we will use the R1 Te0/1/0/0 IP address for the virtual.
First though, we need to remove HSRP and save the changes.
RP/0/RSP0/CPU0:R1(config)#no router hsrp
RP/0/RSP0/CPU0:R1(config)#commit

Ok, to configure VRRP the command is router vrrp

RP/0/RSP0/CPU0:R1(config)#router vrrp

Again, then you tell it what interface

RP/0/RSP0/CPU0:R1(config-vrrp)#interface tenGigE 0/1/0/0

Since VRRP likes IPV6, we need to use the address-family command

RP/0/RSP0/CPU0:R1(config-vrrp-if)#address-family ipv4

Then configure our VRRP ID

RP/0/RSP0/CPU0:R1(config-vrrp-address-family)#vrrp 1

Assign the IP, here I am using the same IP as our physical interface
RP/0/RSP0/CPU0:R1(config-vrrp-virtual-router)#address 150.1.12.1
RP/0/RSP0/CPU0:R1(config-vrrp-virtual-router)#text-authentication cisco
RP/0/RSP0/CPU0:R1(config-vrrp-virtual-router)#commit
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#

Now for R2, but this time we will decrease the priority so that R1 is the
active router
RP/0/RSP0/CPU0:R2(config)#no router hsrp
RP/0/RSP0/CPU0:R2(config)#commit
RP/0/RSP0/CPU0:R2(config)#router vrrp
RP/0/RSP0/CPU0:R2(config-vrrp)#interface tenGigE 0/1/0/0
RP/0/RSP0/CPU0:R2(config-vrrp-if)#address-family ipv4
RP/0/RSP0/CPU0:R2(config-vrrp-address-family)#vrrp 1
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#address 150.1.12.1
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#text-authentication cisco
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#priority 50
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#commit
RP/0/RSP0/CPU0:R2(config-vrrp-virtual-router)#
RP/0/RSP0/CPU0:R2#

Cisco IOS XR Training Page 103

© 2012 Jeffrey Fry FryGuy.Net
Now back to R1 to see the VRRP status:
RP/0/RSP0/CPU0:R1#show vrrp
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
Te0/1/0/0 1 255 A P Master local 150.1.12.1
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
RP/0/RSP0/CPU0:R1#

Nice, R1 is the MASTER. Wonder what R2 says?

RP/0/RSP0/CPU0:R2#sh vrrp
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
Te0/1/0/0 1 50 P Backup 150.1.12.1 150.1.12.1
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
RP/0/RSP0/CPU0:R2#

It says it’s the backup! Nice.

Cisco IOS XR Training Page 104

Cisco IOS XR Training Page 105

Lk-Op416001a Psu
No ratings yet
Lk-Op416001a Psu
1 page
KT Document For PeopleSoft
No ratings yet
KT Document For PeopleSoft
18 pages
Auto Sketch Users Guide
No ratings yet
Auto Sketch Users Guide
400 pages
ExamBuilder Programming-1
No ratings yet
ExamBuilder Programming-1
134 pages
Docebo E-Learning Platform - Branding Manual
No ratings yet
Docebo E-Learning Platform - Branding Manual
7 pages
RegistrationForm Southeast Bank
67% (3)
RegistrationForm Southeast Bank
2 pages
Test Stand APIReference Poster
No ratings yet
Test Stand APIReference Poster
1 page
Pavement and Striping
No ratings yet
Pavement and Striping
10 pages
FORM-586 v5.a Sample Collection Walk Through K-EME-10
No ratings yet
FORM-586 v5.a Sample Collection Walk Through K-EME-10
2 pages
This Area: Vicinity Map Site Development Plan
No ratings yet
This Area: Vicinity Map Site Development Plan
12 pages
Optional
No ratings yet
Optional
3 pages
FLANGED GEAR FOR BLISTER LAUNDER HOIST 2-Default-000
No ratings yet
FLANGED GEAR FOR BLISTER LAUNDER HOIST 2-Default-000
1 page
Ermita Highland Devt. Plan
100% (1)
Ermita Highland Devt. Plan
19 pages
doc (2)
No ratings yet
doc (2)
1 page
Total Tuition & Fees
No ratings yet
Total Tuition & Fees
1 page
Inbound 937976497504278173
No ratings yet
Inbound 937976497504278173
1 page
Total Tuition & Fees
No ratings yet
Total Tuition & Fees
1 page
doc (2)
No ratings yet
doc (2)
1 page
STRUC Merged
No ratings yet
STRUC Merged
11 pages
Fuente Jsi-320405-A
No ratings yet
Fuente Jsi-320405-A
2 pages
1600A, (Al), 415V AC +/-6%, 3Ph, 4wire, 50 HZ +/-3%, 65KA For 1sec
No ratings yet
1600A, (Al), 415V AC +/-6%, 3Ph, 4wire, 50 HZ +/-3%, 65KA For 1sec
44 pages
GIS0077 Routes A All RevA PDF
No ratings yet
GIS0077 Routes A All RevA PDF
3 pages
2024.07.07 As-Built-Guinobatan
No ratings yet
2024.07.07 As-Built-Guinobatan
5 pages
Drawing1 Model
No ratings yet
Drawing1 Model
1 page
Caypombo Mdp 1
No ratings yet
Caypombo Mdp 1
1 page
Total Tuition & Fees
No ratings yet
Total Tuition & Fees
1 page
Total Tuition & Fees
No ratings yet
Total Tuition & Fees
1 page
Women Casual Short Green
No ratings yet
Women Casual Short Green
5 pages
Elevador Rotary Lift Operacion
No ratings yet
Elevador Rotary Lift Operacion
12 pages
RUBEN Antes Useche Compra 38 HAS
No ratings yet
RUBEN Antes Useche Compra 38 HAS
1 page
Storm Drainage Isometric Layout: Not To Scale
No ratings yet
Storm Drainage Isometric Layout: Not To Scale
1 page
Athens Citywalk Map
No ratings yet
Athens Citywalk Map
1 page
CRSMBora Drain-D-1 1
No ratings yet
CRSMBora Drain-D-1 1
1 page
Periodic Table
No ratings yet
Periodic Table
1 page
LZDZ Low Res PDF
No ratings yet
LZDZ Low Res PDF
32 pages
800A, (Al), 415V AC +/-6%, 3Ph, 4wire, 50 HZ +/-3%, 50ka For 1sec
No ratings yet
800A, (Al), 415V AC +/-6%, 3Ph, 4wire, 50 HZ +/-3%, 50ka For 1sec
17 pages
Doc
No ratings yet
Doc
1 page
Documents BSTM
No ratings yet
Documents BSTM
1 page
doc (4)
No ratings yet
doc (4)
1 page
Fluke 1630 PDF
No ratings yet
Fluke 1630 PDF
1 page
5 TH Project
No ratings yet
5 TH Project
6 pages
CR_LTO_20250116_171132_0000
No ratings yet
CR_LTO_20250116_171132_0000
1 page
Strip Chart of Work Front Available & LA Pending
No ratings yet
Strip Chart of Work Front Available & LA Pending
2 pages
Tests Ability To React: Cjoax
No ratings yet
Tests Ability To React: Cjoax
23 pages
Lighting Layout Part 01
No ratings yet
Lighting Layout Part 01
1 page
AM-01-Mountings Details-002
No ratings yet
AM-01-Mountings Details-002
1 page
E-3 Lighting Layout
No ratings yet
E-3 Lighting Layout
1 page
NATO's Air War For Kosovo - A Strategic and Operational Assessment-Rand Publishing (2001)
No ratings yet
NATO's Air War For Kosovo - A Strategic and Operational Assessment-Rand Publishing (2001)
315 pages
UNILUX-HIGH-PRESSURE-STEAM-BOILERS-8-9-17
No ratings yet
UNILUX-HIGH-PRESSURE-STEAM-BOILERS-8-9-17
2 pages
Vicinity Map: LOT 2252-A-5
No ratings yet
Vicinity Map: LOT 2252-A-5
1 page
al_ntc-installation-instructions
No ratings yet
al_ntc-installation-instructions
2 pages
MTSC Mec-Dwg-Cpc-Dfd-D&e-M - 00-2
No ratings yet
MTSC Mec-Dwg-Cpc-Dfd-D&e-M - 00-2
1 page
PLUMBING ISOMETRIC
No ratings yet
PLUMBING ISOMETRIC
1 page
119+068 Interchange
No ratings yet
119+068 Interchange
1 page
In Ma
No ratings yet
In Ma
1 page
Channel Islands NP
No ratings yet
Channel Islands NP
1 page
ALLAN_CR
No ratings yet
ALLAN_CR
1 page
Wiac - Info PDF Fatura PR
No ratings yet
Wiac - Info PDF Fatura PR
4 pages
Nap 10
No ratings yet
Nap 10
1 page
v2avn5pbewadnszr2ribldb1vll7
No ratings yet
v2avn5pbewadnszr2ribldb1vll7
2 pages
Riverside Brochure V4
No ratings yet
Riverside Brochure V4
41 pages
Card
No ratings yet
Card
1 page
Quiz 2 Eapp
No ratings yet
Quiz 2 Eapp
3 pages
RR-AL - Proforma Pres SENDERA V3 Ago 23
No ratings yet
RR-AL - Proforma Pres SENDERA V3 Ago 23
6 pages
Slope Protection 3
No ratings yet
Slope Protection 3
1 page
The Rough Guide to Beijing (Travel Guide eBook)
From Everand
The Rough Guide to Beijing (Travel Guide eBook)
Rough Guides
2/5 (1)
Function Module To Upload and Download Files From and To Application Server
No ratings yet
Function Module To Upload and Download Files From and To Application Server
14 pages
Headwaters College - Elizabeth Campus: Date Started: - Date Finished
No ratings yet
Headwaters College - Elizabeth Campus: Date Started: - Date Finished
1 page
SEL-487B-2 Data Sheet: Bus Differential and Breaker Failure Relay With Sampled Values
No ratings yet
SEL-487B-2 Data Sheet: Bus Differential and Breaker Failure Relay With Sampled Values
24 pages
Fortigate Level 1
No ratings yet
Fortigate Level 1
6 pages
Dokumen - Tips - Auditing Problems by Cabrera Solution Key For Auditing 2009 Ed by Cabrera Audit PDF
No ratings yet
Dokumen - Tips - Auditing Problems by Cabrera Solution Key For Auditing 2009 Ed by Cabrera Audit PDF
3 pages
Enterprise Java Unit 3
No ratings yet
Enterprise Java Unit 3
35 pages
Epicor10 ReleaseUpgradeGuide 10xto101600x
No ratings yet
Epicor10 ReleaseUpgradeGuide 10xto101600x
40 pages
Vsphere Esxi Vcenter Server 671 Availability Guide
No ratings yet
Vsphere Esxi Vcenter Server 671 Availability Guide
105 pages
My It Report Eniola Copy
No ratings yet
My It Report Eniola Copy
45 pages
The Information System: An Accountant's Perspective: Mustakim Muchlis
No ratings yet
The Information System: An Accountant's Perspective: Mustakim Muchlis
19 pages
Apcd Available Stock - Monitors
No ratings yet
Apcd Available Stock - Monitors
10 pages
GBX20_english
No ratings yet
GBX20_english
1 page
Jurnal Rancang Bangun Aplikasi Sistem Informasi Penjualan Dan Stok Barang Di Toko Galea Store Banjarnegara
No ratings yet
Jurnal Rancang Bangun Aplikasi Sistem Informasi Penjualan Dan Stok Barang Di Toko Galea Store Banjarnegara
10 pages
SDM 120 C
No ratings yet
SDM 120 C
10 pages
Excel Quiz
No ratings yet
Excel Quiz
6 pages
TANG Instructions
No ratings yet
TANG Instructions
6 pages
Esg Lab Validation Report Emc Data Domain Avamar
No ratings yet
Esg Lab Validation Report Emc Data Domain Avamar
20 pages
A Multimedia Mobile Result Checker for Secondary Students in Nigeria
No ratings yet
A Multimedia Mobile Result Checker for Secondary Students in Nigeria
45 pages
OpenWISP Dev
No ratings yet
OpenWISP Dev
572 pages
Humane Assessment
No ratings yet
Humane Assessment
19 pages
Siddaganga Institute of Technology, Tumkur - 572 103: Usn 1 S I CSPE17
No ratings yet
Siddaganga Institute of Technology, Tumkur - 572 103: Usn 1 S I CSPE17
2 pages
Complier Design (CSE306) : Dr. Murali Krishna Enduri Department of CSE
No ratings yet
Complier Design (CSE306) : Dr. Murali Krishna Enduri Department of CSE
79 pages
TensorRT Installation Guide
No ratings yet
TensorRT Installation Guide
38 pages
4G Architecture
No ratings yet
4G Architecture
15 pages