COMMAND DESCRIPTION     8/190 82-CRA 119 1170/1-V1 Uen D

Commands: e through f

Copyright

© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

Contents

1   Command Descriptions

Commands starting with “e” through commands starting with “f” are included.

1.1   ebgp-multihop

1.1.1   Purpose

Configures the maximum number of hops used to reach the external Border Gateway Protocol (eBGP) neighbor when the neighbor or peer group is not directly connected.

1.1.2   Command Mode

• BGP neighbor configuration
• BGP peer group configuration

1.1.3   Syntax Description

1.1.4   Default

The maximum number of hops is set to 1.

1.1.5   Usage Guidelines

Use the ebgp-multihop command to configure the maximum number of hops used to reach the eBGP neighbor when the neighbor or peer group is not directly connected.

Note:  

You must enable this command for BGP connections to be established with neighbors that are not directly connected.

Note:  

You cannot enable this command on a BGP neighbor that is part of a peer group, because this feature cannot be customized for individual members inside of a peer group.

Use the no form of this command to restore the maximum number of hops to the default value of 1.

1.1.6   Examples

The following example sets the maximum number of hops to the neighbor at IP address, 12.10.10.1 to 3:

[local]Redback(config-ctx)#router bgp 100

[local]Redback(config-bgp)#neighbor 12.10.10.1 external

[local]Redback(config-bgp-neighbor)#egbp-multihop 3

1.2   ecmp-transit

1.2.1   Purpose

Enables equal-cost multipath (ECMP) on label-switched path (LSP) transit nodes.

1.2.2   Command Mode

LDP router configuration

1.2.3   Syntax Description

This command has no keywords or arguments.

1.2.4   Default

ECMP is disabled on transit nodes and enabled on ingress nodes.

1.2.5   Usage Guidelines

Use the ecmp-transit command to enable ECMP on LSP transit nodes.

A constituent of an ECMP LSP can be protected against link failure at the label edge router (LER) using next-hop fast reroute (NFRR) for link protection when the LDP traffic is carried over a bypass RSVP LSP.

Note:  

Currently, ECMP over multiple bypass LSPs is not supported.

Use the no form of this command to disable ECMP on LSP transit nodes.

1.2.6   Examples

The following example shows how to enable ECMP on an LSP transit node:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#router ldp

[local]Redback(config-ldp)#ecmp-transit

1.3   edit

1.3.1   Purpose

Using the vi editor, creates or opens an existing file on the local file system for editing.

1.3.2   Command Mode

exec (10)

1.3.3   Syntax Description

1.3.4   Default

None

1.3.5   Usage Guidelines

Use the edit command to create or open an existing file on the local file system for editing.

Use the :q! command to discard any edits and exit the editor; use the :wq! command to save any edits and exit the editor.

1.3.6   Examples

The following example opens the redback.cfg file using the vi editor:

[local]Redback#edit redback.cfg

!

!  Configuration last changed by user 'pm' at Mon Jan  2 08:04:25 2006

!

service multiple-contexts

!

context local

!

  ip domain-lookup

!

 interface mgmt

  ip address 10.1.1.3/21

!

 enable encrypted 1 $1$........$kvQfdsjs0ACFMeDHQ7n/o.

!

 user test encrypted 1 $1$........$kvQfdsjs0ACFMeDHQ7n/o.

!

 ip route 10.1.0.0/16 10.12.208.1 cost 1 permanent

 ip route 155.53.0.0/16 10.12.208.1 cost 1 permanent

!

port ethernet 7/1

! XCRP management ports on slot 7 and 8 are configured through 7/1

 no shutdown

 bind interface mgmt local

!

system hostname supercomm7

!

service console-break

!

end

1.4   edge-port

1.4.1   Purpose

Configures the associated port as a Rapid Spanning Tree Protocol (RSTP) edge port.

1.4.2   Command Mode

spanning-tree profile configuration

1.4.3   Syntax Description

This command has no keywords or arguments.

1.4.4   Default

The associated port is not an edge port.

1.4.5   Usage Guidelines

Use the edge-port command to configure the associated port as an RSTP edge port.

1.4.6   Examples

The following example illustrates how the spanning-tree profile command creates the spanning-tree profile womp and configures it as an RSTP edge-port profile. In the second part of the example, an Ethernet port is assigned the spanning-tree profile womp and, therefore, is configured as an RSTP edge port:

[local]Redback(config)#spanning-tree profile womp

[local]Redback(config-stp-prof)#edge-port

[local]Redback(config-stp-prof)#exit

[local]Redback(config)#port ethernet 1/1

[local]Redback(config-port)#spanning-tree profile womp

1.5   egress

1.5.1   Purpose

Specifies the IP address of the egress label-switched router (LSR) in a label-switched path (LSP).

1.5.2   Command Mode

• RSVP LSP configuration
• MPLS static LSP configuration

1.5.3   Syntax Description

1.5.4   Default

None

1.5.5   Usage Guidelines

Use the egress command to specify the IP address of the egress LSR in an LSP.

An egress LSR is the last LSR in the chain of LSRs that constitute an LSP. It forwards packets out of a network. The IP address of the egress LSR must be specified in both signaled and static LSPs.

1.5.6   Examples

The following example configures the egress IP address to 192.168.1.2 for the static LSP, lsp01:

[local]Redback(config-ctx)#router mpls-static

[local]Redback(config-mpls-static)#lsp lsp01

[local]Redback(config-mpls-static-lsp)#egress 192.168.1.2

1.6   egress prefer dscp-qos

1.6.1   Purpose

Enables the use of only Differentiated Services Code Point (DSCP) bits for queuing at the Multiprotocol Label Switching (MPLS) egress router.

1.6.2   Command Mode

MPLS router configuration

1.6.3   Syntax Description

This command has no keywords or arguments.

1.6.4   Default

If penultimate hop popping is enabled, the tunnel label is removed at the penultimate hop, and the egress router uses the Virtual Private Network (VPN) label experimental (EXP) bits for queuing; however, if there is no VPN label, the egress router uses the DSCP bits for queuing. For more information, see Configuring MPLS.

1.6.5   Usage Guidelines

Use the egress prefer dscp-qos command to enable the use of only DSCP bits for queuing at the MPLS egress router.

Use the no form of this command to return the system to its default behavior.

1.6.6   Examples

The following example enables the use of only DSCP bits for queuing at the egress router:

[local]Redback(config-ctx)#router mpls

[local]Redback(config-mpls)#egress prefer dscp-qos

1.7   enable

1.7.1   Purpose

Modifies the privilege level for the current exec session.

1.7.2   Command Mode

exec

1.7.3   Syntax Description

1.7.4   Default

When you enter this command without the level argument, the current exec session is held at level 15. For whatever value is set, the administrator’s privilege level must be the same or higher.

1.7.5   Usage Guidelines

Use the enable command to modify the privilege level for the current exec session. Use the level argument to select the desired privilege level, up to the maximum privilege level configured for this administrator account. If this argument is omitted, the maximum privilege level (15) is enabled. This command is available for any privilege level.

If no passwords have been configured and if local authentication is enabled, you can enter the enable command (in exec mode) only on the console port; the system does not prompt for a password. By default, local authentication is enabled; see the enable authentication command (in context configuration mode). If at least one password has been configured, you can enter the enable command from the console or a remote session; see the enable password and enabled encrypted commands (in context configuration mode).

You can use the enable command to enter a privilege level password only if a password for the privilege level has been set. If you attempt to use this command for a privilege level that has no password, the system displays an error message and does not change the privilege level for the exec session. For information on the privilege level passwords, see Configuring Contexts and Interfaces. Use the show privilege command to display the enabled privilege level.

Use the no form of this command to return to the initial privilege level configured for the administrator account. The disable command (in exec mode) performs the same function.

1.7.6   Examples

The following example shows the results of an attempt by an administrator to set the privilege level for the exec session to a privilege level for which no password is configured:

[local]Redback>enable 10



%No enable password configured for this level

The following example shows how to set the current exec session privilege level to 15. The system prompts for the password, which the system does not display on the screen. After the administrator enters the correct password, the system enters privileged mode as indicated by the pound sign (#) in the prompt:

[local]Redback>enable 15



Password:

[local]Redback#

1.8   enable authentication

1.8.1   Purpose

Specifies how the system performs privilege level authentication.

1.8.2   Command Mode

context configuration

1.8.3   Syntax Description

1.8.4   Default

The system authenticates privilege level passwords using the local configuration database.

1.8.5   Usage Guidelines

Use the enable authentication command to specify how the system performs privilege level authentication. If you select the none keyword, administrators are not prompted for a password when changing privilege levels.

If you enter the radius or tacacs+ keyword, you must configure the enable passwords on the RADIUS or TACACS+ system, respectively. The format of the enable password is enable [level]@ctx-name, where the level argument represents the privilege level of the password (and is not specified for level 15), and the ctx-name argument is the name of the context for which the password is configured.

Note:  

The separator character between the admin-name and the ctx-name argument is configurable and can be any of %, -, @, _, \\, #, and /. For information about configuring the separator character, see Configuring Authentication, Authorization, and Accounting. The default value is @, which is used throughout this document.

Use the default form of this command to configure the system to use the default authentication (local).

1.8.6   Examples

The following example configures the system to authenticate privilege level passwords using RADIUS:

[local]Redback(config-ctx)#enable authentication radius

The following example shows how the administrator names would be configured on the RADIUS server for privilege level 10 and privilege level 15 in the local context:

username = enable10@local

username = enable@local

1.9   enable encrypted

1.9.1   Purpose

Creates a password, in encrypted form, for the specified privilege level.

1.9.2   Command Mode

context configuration

1.9.3   Syntax Description

1.9.4   Default

No passwords are assigned for any privilege level.

1.9.5   Usage Guidelines

Use the enable encrypted command to create a password, in encrypted form, for the specified privilege level.

The SmartEdge® router supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts the administrator for a password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

This command is similar to the enable password command (in context configuration mode), except that this command requires you to enter the password in encrypted form. Typically, you use the enable password command to configure a password in unencrypted form. However, to protect your passwords, the system always displays the enable encrypted command when displaying the configuration.

Use the no form of this command to delete the password for a specific privilege level.

1.9.6   Examples

The following example creates an encrypted password for privilege level 15:

[local]Redback#(config-ctx)enable encrypted level 15 1 $1$...... $CMfiiltCkWPquxFsg8WPy0

The following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password (unencrypted, and not echoed):

[local]Redback>enable 15



password:



[local]Redback#

1.10   enable password

1.10.1   Purpose

Configures a password for the specified privilege level that the system will encrypt.

1.10.2   Command Mode

context configuration

1.10.3   Syntax Description

1.10.4   Default

No passwords are assigned for any privilege level.

1.10.5   Usage Guidelines

Use the enable password command to configure a password for the specified privilege level that the system will encrypt.

The SmartEdge router supports up to 16 different privilege levels (0 through 15) for both administrators and commands. Privilege levels are enabled on a per-context basis.

If password authentication is enabled, the system prompts an administrator for the password when the administrator attempts to enter the privilege level using the enable command (in exec mode). By default, local password authentication is enabled; see the enable authentication command (in context configuration mode).

To protect your passwords, the system does not store or display this command. Instead, the system stores and displays the password in an encrypted form. When displaying the configuration, the system uses the enable encrypted command (in context configuration mode).

Use the no form of this command to delete the password for a specific privilege level.

1.10.6   Examples

The following example shows an administrator attempting to enter privilege level 15. The administrator is prompted for the password to enter privilege level 15 (the password is not echoed):

[local]Redback>enable 15

password:

[local]Redback#

The following example creates the s00persecret password for privilege level 15:

[local]Redback(config-ctx)#enable password level 15 s00persecret

The following example shows how the previous command is stored and displayed by the system, in its encrypted form:

[local]Redback#show configuration

.

.

.

enable encrypted 1 $1$........$AGSXlr2Tk5AsG92NBXzqi0

.

.

.

1.11   enable vxworks-password

1.11.1   Command Mode

context configuration

1.11.2   Syntax Description

1.11.3   Default

There is no password for the VxWorks shell.

1.11.4   Usage Guidelines

Use the enable vxworks-password command in the local context to assign a password to the VxWorks shell. You can assign a plain text password or an encrypted password.Use the no form of the command to disable the password (including the entire line that was previously configured after the no).

1.11.5   Example

The following example enables an encrypted password for the VxWorks shell:

[local]Redback(config-ctx)#enable vxworks-password encrypted 1 $xttt7Hxlf.tty

1.12   encaps-access-line

1.12.1   Purpose

Specifies the default encapsulation of an access line.

1.12.2   Command Mode

• overhead profile configuration
• overhead type configuration

1.12.3   Syntax Description

1.12.4   Default

The size of the overhead is 0 bytes; the data-link type is ATM must be set.

1.12.5   Usage Guidelines

Use the encaps-access-line command to specify the encapsulation size, in bytes, for a specific access-line type. This command determines the Layer 2 overhead value of the access-line type.

The Layer 2 overhead value is the number of bytes per packet of overhead for the access-line encapsulation types. Table 1 lists supported access-line encapsulation types and the number of bytes per packet of overhead for each. If the encapsulation type is not listed in Table 1, you can specify number of bytes of overhead, along with the data-link type (Ethernet or ATM).

Note:  

RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5, defines the encapsulation types in more detail.

Use the no form of this command to specify the default access-line encapsulation type.

1.12.6   Examples

The following example configures an overhead profile for example1, and sets the default rate factor to 15, a reserve value to 8, and the encapsulation type to pppoa-llc. After you set the overhead profile with default values, you configure adsl1 and vdsl1 with custom encapsulation and reserve values:

[local]Redback(config)#qos profile example1 overhead

[local]Redback(config-profile-overhead)#rate-factor 15

[local]Redback(config-profile-overhead)#encaps-access-line pppoa-llc

[local]Redback(config-profile-overhead)#reserved 8

[local]Redback(config-profile-overhead)#type adsl1

[local]Redback(config-type-overhead)#encaps-access-line pppoa-null

1.13   encapsulation

1.13.1   Purpose

Specifies the encapsulation type of the port pseudowire connection.

1.13.2   Command Mode

port pseudowire configuration

1.13.3   Syntax Description

1.13.4   Default

None

1.13.5   Usage Guidelines

Use the encapsulation command to set the encapsulation type of the port pseudowire connection to a specified protocol.

Use the no form of this command to remove the encapsulation type of the port pseudowire connection from the currently specified protocol.

1.13.6   Examples

The following example shows how to set the encapsulation type to pppoe:

[local]Redback(config-port)#encapsulation pppoe

1.14   encapsulation (channels)

1.14.1   Purpose

Specifies the encapsulation type for a clear-channel DS-3 channel or port, E3 port, DS-1 channel on a channelized DS-3 channel or port, E1 channel or port, or DS-0 channel group on a channelized E1 channel or port.

1.14.2   Command Mode

• DS-0 group configuration
• DS-1 configuration
• DS-3 configuration
• E1 configuration
• E3 configuration

1.14.3   Syntax Description

1.14.4   Default

The default encapsulation type is Cisco HDLC.

1.14.5   Usage Guidelines

Use the encapsulation (channels) command to specify the encapsulation type for a clear-channel DS-3 channel or port, E3 port, DS-1 channel on a channelized DS-3 channel or port, E1 channel or port, or DS-0 channel group on a channelized E1 channel or port.

The commands that are available depend on the encapsulation type specified by this command. For example, if you specify Cisco HDLC, none of the Frame Relay commands are available.

Use the no form of this command to specify the default encapsulation type.

Note:  

This command is also described in Configuring ATM, Ethernet, and POS Ports for Packet over SONET/SDH (POS) ports.

1.14.6   Examples

The following example shows how to specify Frame Relay encapsulation on a clear-channel DS-3 channel:

[local]Redback(config)#port ds3 3/1:1

[local]Redback(config-ds3)#encapsulation frame-relay

1.15   encapsulation (Ethernet Port)

1.15.1   Purpose

Specifies the encapsulation for an Ethernet port to create 802.1Q permanent virtual circuits (PVCs).

1.15.2   Command Mode

port configuration

1.15.3   Syntax Description

1.15.4   Default

The encapsulation is IP over Ethernet (IPoE).

1.15.5   Usage Guidelines

Use the encapsulation (802.1Q) command to specify the encapsulation for an Ethernet port to create 802.1Q PVCs.

Note:  

This command is also described for Ethernet ports without 802.1Q PVCs in Configuring ATM, Ethernet, and POS Ports.

Use the no form of this command to specify IP over Ethernet encapsulation.

1.15.6   Examples

The following example shows how to specify 802.1Q encapsulation for port 1 in slot 4:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#encapsulation dot1q

1.16   encapsulation (link group mode)

1.16.1   Purpose

Specifies the encapsulation type for the access link group.

1.16.2   Command Mode

link-group configuration

1.16.3   Syntax Description

1.16.4   Default

An access link group is created with IPoE encapsulation.

1.16.5   Usage Guidelines

Use the encapsulation (access lg) command to specify the encapsulation for the access link group.

If you specify the dot1q keyword, you can use the bind authentication or the bind auto-subscriber command (in link-group configuration mode) to bind the link group to its interface. For 802.1Q encapsulation, the value for the max-ses argument in the bind authentication command is 1.

If you specify the pppoe keyword, you can use the bind authentication or bind subscriber command to bind the link group to its interface. For PPPoE encapsulation, the value of max-ses in the bind authentication command must be greater than 1.

Use the no or default form of this command to specify the default encapsulation.

Note:  

For a description of the application of this command to ports that are not to be added to an access link group, see Configuring ATM, Ethernet, and POS Ports.

1.16.6   Examples

The following example shows how to create an 802.1Q-encapsulated access link group:

[local]Redback(config)#link-group foo access 
[local]Redback(config-link-group)#encapsulation dot1q 
[local]Redback(config-link-group)#bind authentication pap chap maximum 3

The following example shows how to create a PPPoE-encapsulated access link group:

[local]Redback(config)#link-group foo access 
[local]Redback(config-link-group)#encapsulation pppoe 
[local]Redback(config-link-group)#bind authentication pap chap maximum 3

1.17   encapsulation (POS)

1.17.1   Purpose

Specifies the encapsulation type for a Packet over SONET/SDH (POS) port.

1.17.2   Command Mode

port configuration

1.17.3   Syntax Description

1.17.4   Default

The encapsulation type for POS ports is Cisco HDLC.

1.17.5   Usage Guidelines

Use the encapsulation (POS) command to specify the encapsulation type for a POS or Ethernet port.

Note:  

If this POS port is to be a working or protect port in an APS group, you must specify Cisco HDLC encapsulation.

The commands that are available depend on the encapsulation type specified by this command. For example, if you specify Cisco HDLC, none of the Frame Relay commands are available.

Use the no form of this command to specify the default encapsulation type.

Note:  

This command is also described in Configuring Channels and Clear-Channel and Channelized Ports for a clear-channel DS-3 channel or port, E3 port, E1 channel or port, DS-1 channel, or DS-0 channel group; and in Configuring Circuits for Ethernet ports with 802.1Q permanent virtual circuits (PVCs).

1.17.6   Examples

The following example shows how to specify Frame Relay encapsulation for a POS port:

[local]Redback(config)#port pos 4/1

[local]Redback(config-port)#encapsulation frame-relay

1.18   encapsulation (PPPoE)

1.18.1   Purpose

Specifies the encapsulation type for an Ethernet port without 802.1Q permanent virtual circuits (PVCs).

1.18.2   Command Mode

port configuration

1.18.3   Syntax Description

1.18.4   Default

The default encapsulation type for Ethernet ports is IP over Ethernet (IPoE).

1.18.5   Usage Guidelines

Use the encapsulation (PPPoE) command to specify the encapsulation type for an Ethernet port without 802.1Q PVCs.

Use the no form of this command to specify the default encapsulation type.

Note:  

This command is also described in Configuring Channels and Clear-Channel and Channelized Ports for a clear-channel DS-3 channel or port, E3 port, E1 channel or port, DS-1 channel, or DS-0 channel group; and in Configuring Circuits for Ethernet ports with 802.1Q permanent virtual circuits (PVCs).

1.18.6   Examples

The following example shows how to specify PPPoE encapsulation for an Ethernet port:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#encapsulation pppoe

1.19   encrypt

1.19.1   Purpose

Encrypts the identity attributes associated with the redirected subscriber HTTP session.

1.19.2   Command Mode

HTTP redirect profile configuration

1.19.3   Syntax Description

1.19.4   Default

The identity attributes associated with the redirected subscriber HTTP session are redirected in plain text.

1.19.5   Usage Guidelines

Use the encrypt command to encrypt the identity attributes associated with the redirected subscriber HTTP session. The encryption ensures the confidentiality of the identity attributes.

Use the no form of this command to remove the encrypt command from the HTTP redirect profile.

To encrypt the identity attributes associated with a redirected subscriber HTTP session, the SmartEdge router performs an Exclusive Or (XOR) operation. The router takes the variable representing each identity attribute and then applies the XOR operator to each character using a shared key. The identity attributes and sharedkey are all in ASCII text. The XOR operation on the ASCII text produces binary text. Because it is required that the URL be transmitted in ASCII text, the binary text is encoded to a two-character hexadecimal value. To decrypt the string of hexadecimal values, map each two-character hexadecimal value to its ASCII value and apply the XOR operation to it using the same shared key.

If the shared key is shorter than the combined string of identity attributes, the shared key is repeated within the XOR equation so that each ASCII value that represents a value for the identity attribute is paired with a value from the shared key. For instance, here are sample identity attributes and a shared key to encrypt:

• Username portion of the subscriber name. For example, joe.
• Domain portion of the subscriber name. For example, example.com.
• IP address of the subscriber session. For example, 10.1.11.22.
• Shared key. For example, abcd.

Here is what the XOR equation looks like using this data:

joe@example.com10.1.11.22

abcdabcdabcdabcdabcdabcda

Here is an example of a redirected HTTP session that is encrypted:

http://example.com/061413144a57515658514a50514f504f/index.html

where 061413144a57515658514a50514f504f is the encrypted data.

1.19.6   Examples

See the Configuring HTTP Redirect document.

1.20   end

1.20.1   Purpose

Exits the current configuration mode and returns to exec mode.

1.20.2   Command Mode

all configuration modes

1.20.3   Syntax Description

This command has no keywords or arguments.

1.20.4   Default

None

1.20.5   Usage Guidelines

Use the end command to exit the current configuration mode and return to exec mode. When you enter this command, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in configuration mode), are committed to the database.

1.20.6   Examples

The following example displays an administrator exiting interface configuration mode and returning to exec mode:

[local]Redback(config-if)#end

[local]Redback#

1.21   endpoint-independent filtering udp

1.21.1   Purpose

Enables Endpoint-Independent Filtering, allowing point-to-multipoint (P2MP) traffic for all UDP traffic in the current class.

1.21.2   Command Mode

• NAT policy configuration
• NAT policy class configuration

1.21.3   Syntax Description

This command has no keywords or arguments.

1.21.4   Default

NAT operates in point-to-point (P2P) mode using Address-Dependent Filtering with firewall enabled for all UDP traffic in the current class.

1.21.5   Usage Guidelines

Use the endpoint-independent filtering udp command to enable Endpoint-Independent Filtering as described by RFC 4787, Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, REQ 8. Enabling Endpoint-Independent Filtering allows P2MP UDP traffic: an internal host can initiate multiple simultaneous sessions from a single endpoint (as defined by a private IP address, private port, and UDP port) to multiple distinct points on the external network.

The SmartEdge router allows Endpoint-Independent Filtering to be applied at the class level within a NAT policy, so that P2MP traffic can be enabled for selected UDP traffic streams. Alternatively, Endpoint-Independent Filtering can be applied to the default class, at the policy level. Endpoint-Independent Filtering is not supported for TCP traffic.

You must specify either an existing address pool (using the pool command) or the "ignore" action (using the ignore command).

You cannot enable Endpoint-Independent Filtering with an action of "drop"; if you configure an action of "drop" for the class, the system returns a warning. If you do configure an action of "drop" for the class, the system disables Endpoint-Independent Filtering.

Similarly, you cannot use Endpoint-Independent Filtering together with destination NAT (DNAT). If you try to configure DNAT when Endpoint-Independent Filtering is enabled, or vice versa, the system issues a warning.

When P2MP mode is enabled, it is applied to all UDP traffic in the class. This can make the private host initiating UDP traffic from a given port susceptible to UDP traffic from any host through that port; care should be taken to protect the initiating host from a Denial of Service (DoS) attack.

When you enable Endpoint-Independent Filtering , the change applies only to new NAPT sessions; P2MP functionality is not added for existing sessions. Similarly, when you disable Endpoint-Independent Filtering, the change applies only to new NAPT sessions; P2MP functionality is not removed for existing sessions.

When Endpoint-Independent Filtering is used together with a DMZ, it limits the DMZ functionality. If the P2MP NAT IP addresses configured for the class overlap with those in the DMZ rules, then return traffic to the private host (from which the UDP traffic initiated) is treated differently. In cases where return NAPT traffic would be dropped because the return source destination does not match the original outgoing destination IP address ( "destination address mismatch"), traffic is not dropped as expected, but is translated and sent to the private host from which the UDP traffic originated. (If the return traffic is dropped for other reasons than destination address mismatch, it is dropped as expected and redirected to the DMZ server.)

Use the no form of this command to disable P2MP mode for the current class, restoring P2P mode.

1.21.6   Examples

The following example enables P2MP mode for all UDP traffic in the class yes_p2mp:

[local]Redback(config)#context nat_context

[local]Redback(config-ctx)#nat policy basic_nat

[local]Redback(config-policy-nat)#drop

[local]Redback(config-policy-nat)#access group basic_nat_rules

[local]Redback(config-policy-group)#class yes_p2mp

[local]Redback(config-policy-group-class)#pool NAPT_POOL local

[local]Redback(config-policy-group-class)#endpoint-independent filtering udp

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class firewall

[local]Redback(config-policy-group-class)#pool NAPT_POOL local

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class no_NAT

[local]Redback(config-policy-group-class)#ignore

1.22   enforce first-as

1.22.1   Purpose

Enables verification of the first AS number in a received AS path from an eBGP peer.

1.22.2   Command Mode

BGP neighbor configuration

1.22.3   Syntax Description

This command has no keywords or arguments.

1.22.4   Default

This command is enabled.

1.22.5   Usage Guidelines

Use the enforce first-as command to enable verification of the first AS number in a received AS path from an eBGP peer.

By default, a BGP router compares the remote AS number of an eBGP peer with the AS number of the first segment in the paths received from that peer. If those AS numbers do not match, the BGP router:

• Sends a NOTIFICATION message to eBGP peer that contains error code 3 (UPDATE Message Error) and error subcode 11 (Malformed AS_PATH). For more information on these error codes, see RFC 4271, A Border Gateway Protocol 4 (BGP-4).
• Drops the session with the eBGP peer.

Note:  

When an eBGP neighbor is first added to a peer group, first-AS-path verification is enforced for that neighbor regardless of whether first-AS-path verification is enabled or disabled.

Note:  

This command is not supported for BGP peer groups.

Use the show configuration bgp command to see whether first-AS-path verification is enabled or disabled for a BGP neighbor.

Use the no form for this command to disable first-AS-path verification for a BGP neighbor.

1.22.6   Examples

The following example disables the verification of the first AS number in a received AS path from eBGP peer10.10.10.20:

[local]Redback(config-bgp)#neighbor 10.10.10.20 external

[local]Redback(config-bgp-neighbor)#no enforce first-as

The following example enables the verification of the first AS number in a received AS path from the eBGP peer10.10.10.20::

[local]Redback(config-bgp)#neighbor 10.10.10.20 external

[local]Redback(config-bgp-neighbor)#enforce first-as

1.23   enforce ttl

1.23.1   Purpose

Enables Border Gateway Protocol (BGP) time-to-live (TTL) security check in the kernel for the specified BGP neighbor or BGP peer group.

1.23.2   Command Mode

• BGP neighbor configuration
• BGP peer group configuration

1.23.3   Syntax Description

This command has no keywords or arguments.

1.23.4   Default

BGP TTL security check is not enabled in kernel.

1.23.5   Usage Guidelines

Use the enforce ttl command to enable BGP TTL security check in the kernel for the specified BGP neighbor or BGP peer group.

The BGP TTL security check feature can be used instead of, or in conjunction with, the BGP Session Protection via TCP Message Digest 5 (MD5) signature option for external BGP (eBGP); however, the TTL-based security check mechanism is more simple to operate because it does not require the coordination for managing the MD5 keys.

The BGP TTL security check is designed to protect the BGP infrastructure from CPU-utilization based attacks caused by sending control traffic that appears to be valid control traffic to a BGP session. It protects the BGP infrastructure by setting the value of the TTL field to 255 in outgoing BGP packets, and dropping incoming BGP packets that have TTL values less than the maximum TTL value (255) minus the maximum number of eBGP hops allowed.

For example, if you use the ebgp-multihop command to set the maximum number of hops used to reach an eBGP neighbor to two, then you should receive eBGP packets with TTL values of no less than 253 (255 - 2). When the BGP TTL security check is enabled using the enforce ttl command, all incoming BGP packets that have a TTL value less than 253 are dropped.

If the ebgp-multihop command is not used to set the maximum number of hops, then the default maximum hop value of 1 is used, and the BGP TTL security check drops all incoming BGP packets with TTL values less than 254.

1.23.6   Examples

The following example enables the BGP TTL security check to drop all BGP packets with a TTL value lower than 254 received from BGP neighbor, 10.10.10.20:

[local]Redback(config-bgp)#neighbor 10.10.10.20 external

[local]Redback(config-bgp-neighbor)#enforce ttl

1.24   equipment-loopback (ATM DS-3)

1.24.1   Purpose

Enables an Asynchronous Transfer Mode (ATM) DS-3 port to respond to or ignore remote loopback requests.

1.24.2   Command Mode

ATM DS-3 configuration

1.24.3   Syntax Description

1.24.4   Default

The ATM DS-3 port responds to remote loopback requests.

1.24.5   Usage Guidelines

Use the equipment-loopback command to configure an ATM DS-3 port to respond to or ignore remote loopback requests.

Use the default form of this command to return to the port to its default behavior of responding to remote loopback requests.

Note:  

This command is also documented in Configuring Channels and Clear-Channel and Channelized Ports for a DS-3 channel or port or for a DS-1 channel.

1.24.6   Examples

The following example shows how to configure port 1 on the ATM DS-3 traffic card in slot 3 to ignore remote loopback requests:

[local]Redback(config)#port atm 3/1

[local]Redback(config-atm-ds3)#equipment-loopback network

1.25   equipment-loopback (DS-1 and DS-3)

1.25.1   Purpose

Configures a DS-3 channel or port, either clear-channel or channelized, or a DS-1 channel, to respond to or ignore remote loopback requests.

1.25.2   Command Mode

• DS-1 configuration
• DS-3 configuration

1.25.3   Syntax Description

1.25.4   Default

The channel or port responds to remote loopback requests.

1.25.5   Usage Guidelines

Use the equipment-loopback command to configure a DS-3 channel or port, either clear-channel or channelized, or a DS-1 channel, to respond to or ignore remote loopback requests.

Note:  

This command is not available for a fractional DS-1 channel, using the timeslot command (in DS-1 configuration mode) with any assignment of DS-0 time slots other than the default range (1 to 24).

Use the default form of this command to configure the channel or port to respond to remote loopback requests.

Note:  

This command is also documented in Configuring ATM, Ethernet, and POS Ports for Asynchronous Transfer Mode (ATM) DS-3 ports.

1.25.6   Examples

The following example shows how to configure DS-3 channel 1 on port 1 on the channelized OC-12 traffic card in slot 3 to ignore remote loopback requests:

[local]Redback(config)#port ds3 3/1:1

[local]Redback(config-ds3)#equipment-loopback network

1.26   ethernet-cfm

1.26.1   Purpose

Creates a CFM instance and enters CFM configuration mode where the parameters of the maintenance points in the instance can be specified.

1.26.2   Command Mode

global configuration

1.26.3   Syntax Description

1.26.4   Default

No CFM service instances exist.

1.26.5   Usage Guidelines

Use the cfm command to create a CFM instance and enter the CFM configuration mode where the parameters of the maintenance points in the instance can be specified. You can create multiple CFM instances.

The default MD name is the same as the CFM instance name set by the ethernet-cfm command.

1.26.6   Examples

The following example shows how to use this command to create the maintenance instance instance-1 at MD level 4:

[local]Redback(config)#ethernet-cfm instance-1

[local]Redback(config-ether-cfm)#level 4

1.27   ethernet-cfm linktrace

ethernet-cfm linktrace from {local-mep | {circuit | link-group} [transport | vlan]} to {dest-mac | rmep} level

1.27.1   Purpose and Usage Guidelines

Initiates a CFM link-trace from a specified circuit, transport circuit, Ethernet link group, port, or local maintenance association endpoint (MEP) to a specified remote MEP (RMEP) or MAC address.

The link-trace transaction ID is displayed in the output when you run the ethernet-cfm linktrace command.

1.27.2   Command Mode

exec (10)

1.27.3   Syntax Description

...transport any vlan-id 33:68...

1.27.4   Default

There is no default behavior.

1.27.5   Examples

The following example illustrates the ethernet-cfm linktrace command:

[local]Redback#ethernet-cfm linktrace from 5/1 to 00:01:02:03:ab:12 level 3

1.28   ethernet-cfm loopback

ethernet-cfm loopback from {local-mep | {circuit | link-group} [[transport] vlan]} to {dest-mac | rmep} level [data] [size]

1.28.1   Purpose and Usage Guidelines

Initiates a CFM loopback message (LBM) from a specified circuit, transport circuit, Ethernet link group, port, or local maintenance association endpoint (MEP) to a specified remote MEP (RMEP) or MAC address.

1.28.2   Command Mode

exec (10)

1.28.3   Syntax Description

...transport any vlan-id 33:68...

1.28.4   Default

There is no default behavior.

1.28.5   Examples

The following example illustrates the ethernet-cfm loopback command in which the LBM carries the data string, 324cuai:

[local]Redback#ethernet-cfm loopback from 5/1 to 00:01:02:03:ab:12 level 5 data 324cuai

1.29   ethernet to qos

1.29.1   Purpose

Translates Ethernet 802.1p values to packet descriptor (PD) quality of service (QoS) values on ingress.

1.29.2   Command Mode

class map configuration

1.29.3   Syntax Description

1.29.4   Default

None

1.29.5   Usage Guidelines

Use the ethernet to qos command to define ingress mappings from Ethernet 802.1p values to PD QoS values.

If you specify the all keyword, all valid 802.1p values are mapped to the specified PD value. Any existing configuration for the classification map is overridden. You can use the all keyword to specify a single default value for all the mapping entries, then override that value for a subset of entries by entering subsequent mapping commands without this keyword.

Use the default form of this command to revert one or all map entries to either the default 8P0D or mapping schema values, if a mapping schema has been specified.

1.29.6   Examples

The following example defines the classification map 8021p-to-pd for PD bits on ingress, then maps the Ethernet 802.1p values 1 and 7 to PD user priority values af33 and af21, respectively:

[local]Redback(config)#qos class-map 8021p-to-pd ethernet in

[local]Redback(config-class-map)#ethernet 1 to qos af33

[local]Redback(config-class-map)#ethernet 7 to qos af21

1.30   ethernet use-ip

1.30.1   Purpose

For IP packets, determines packet descriptor (PD) values by mapping IP Differentiated Services Code Point (DSCP) values instead of Ethernet 802.1p values on ingress. For IPv4 packets, the DSCP marking is the upper six bits of the IPv4 header Type of Service (ToS) field. For IPv6 packets, the DSCP marking is the upper six bits of the IPv6 header Traffic Class field.

1.30.2   Command Mode

class map configuration

1.30.3   Syntax Description

1.30.4   Default

None

1.30.5   Usage Guidelines

Use the ethernet use-ip command to set initial PD values based on IP header DSCP bits instead of Ethernet 802.1p values on ingress.

If you specify the all keyword, all valid 802.1p values are configured to use DSCP-to-PD mapping. Any existing configuration for the classification map is overridden. You can use the all keyword to specify a single default value for all the mapping entries, then override that value for a subset of entries by entering subsequent mapping commands without this keyword.

If you specify the optional class-map-name argument, the resulting DSCP-to-PD mapping uses the specified DSCP-to-PD classification map. The secondary classification map must have a value of ip for the marking-type argument, and a value of in for the mapping direction. If no secondary classification map is specified, the default DSCP-to-target mapping is used.

Use the default form of this command to revert one or all map entries to either the default 8P0D or mapping schema values, if a mapping schema has been specified.

1.30.6   Examples

The following example defines the classification map 8021p-to-pd to determine initial QoS PD values on ingress, and specifies 7P1D encoding as a default mapping schema. It then overrides the default 7P1D values for Ethernet 802.1p value 1 with PD value 0x24, and specifies that the IP header DSCP value determines the initial QoS PD value for packets received with Ethernet 802.1p value 3:

[local]Redback(config)#qos class-map 8021p-to-pd ethernet in

[local]Redback(config-class-map)#mapping-schema 7P1D

[local]Redback(config-class-map)#ethernet 1 to qos 0x24

[local]Redback(config-class-map)#ethernet 3 use-ip

1.31   eventtype

1.31.1   Purpose

Describes the alarm communication event type.

1.31.2   Command Mode

SNMP alarm model configuration

1.31.3   Syntax Description

1.31.4   Default

None

1.31.5   Usage Guidelines

Use the eventtype command to describe the notification event that the alarm model identifies. These values are a subset to those defined by IANAItuEventType. Running this command results in an entry in the ituAlarmTable.

Use the no form of this command to remove the alarm description.

1.31.6   Examples

The following example configures the alarm description as qualityofservice.

[local]jazz#config
[local]jazz(config)#snmp alarm model 1 state clear
[local]jazz(config-snmp-alarmmodel)#eventtype qualityofservice
[local]jazz(config-snmp-alarmmodel)#exit

1.32   exceed drop

1.32.1   Purpose

Specifies how packets are dropped when the traffic rate exceeds the quality of service (QoS) rate and burst tolerance.

1.32.2   Command Mode

• policy class rate configuration
• policy rate configuration

1.32.3   Syntax Description

1.32.4   Default

If the excess burst tolerance is not configured, all packets exceeding the QoS burst tolerance are dropped. If the excess burst tolerance is configured, packets exceeding the QoS burst tolerance are dropped randomly.

1.32.5   Usage Guidelines

Use the exceed drop command to specify how packets are dropped when the traffic rate exceeds the QoS rate and burst tolerance. Use this command as part of a policing policy for incoming packets and as part of a metering policy for outgoing packets.

You can configure the traffic rate, burst tolerance, and excess burst tolerance with the rate command (in policy ACL class, metering policy, or policing policy configuration mode). The following conditions determine how packets are dropped:

• If the excess burst tolerance is not configured, all packets exceeding the configured burst tolerance are dropped.

• If the excess burst tolerance is configured, and the traffic rate does not exceed the excess burst tolerance, packets are dropped according to one of the following conditions:

  • If the qos-priority group-num construct is not configured, packets are dropped randomly.
  • If the qos-priority group-num construct is configured, only packets with a QoS priority less than the specified group-num argument are dropped. All other packets are not dropped.

    Note:  

    Use the violate drop commands (in policy class rate and policy rate configuration modes) to specify how packets are dropped when the traffic rate exceeds the configured excess burst tolerance.

    
    

    	Caution!
    Risk of overriding configurations. The SmartEdge router checks for and applies marking in a specific order. To reduce the risk, remember the following guidelines: Circuit-based marking overrides class-based marking and Border Gateway Protocol (BGP) destination-based marking, through route maps, overrides both circuit-based and class-based marking.

Use the no or default form of this command to specify the default condition.

1.32.6   Examples

The following example drops packets that exceed the traffic rate and burst tolerance:

[local]Redback(config)#qos policy protection1 policing

[local]Redback(config-policy-policing)#rate 10000 burst 100000

[local]Redback(config-policy-rate)#exceed drop

1.33   exceed mark dscp

1.33.1   Purpose

Assigns a quality of service (QoS) Differentiated Services Code Point (DSCP) priority to IP packets that exceed the configured QoS rate and burst tolerance. For IPv4 packets, the DSCP marking is the upper six bits of the IPv4 header Type of Service (ToS) field. For IPv6 packets, the DSCP marking is the upper six bits of the IPv6 header Traffic Class field.

1.33.2   Command Mode

• policy class rate configuration
• policy rate configuration

1.33.3   Syntax Description

1.33.4   Default

Packets exceeding the policing rate are dropped.

1.33.5   Usage Guidelines

Use the exceed mark dscp command to mark packets that exceed the configured rate with a DSCP value.

To configure the rate, enter the rate command (in policy ACL class, metering policy, or policing policy configuration mode). Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark dscp command, specifying a new value for the dscp-class argument. This supersedes the one previously configured.

Table 3 lists the keywords for the dscp-class argument.

Note:  

RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, defines the Class Selector code points.

Use the no or default form of this command to return to the default behavior of dropping packets that exceed the rate.

1.33.6   Examples

The following example configures the policy to mark all packets that conform to the configured rate with a DSCP value representing a high priority and drops all packets that exceed the rate:

[local]Redback(config)#qos policy protection1 policing

[local]Redback(config-policy-policing)#rate 10000 burst 100000

[local]Redback(config-policy-rate)#conform mark dscp ef

1.34   exceed mark precedence

1.34.1   Purpose

Assigns a quality of service (QoS) Differentiated Services Code Point (DSCP) drop-precedence value to IP packets that exceed the configured QoS rate. For IPv4 packets, the DSCP marking is applied to the IPv4 header Type of Service (ToS) field. For IPv6 packets, the DSCP marking is applied to the IPv6 header Traffic Class field. In either case, the specific bits affected are those denoted by dd in the octet field with the format pppddxxx.

1.34.2   Command Mode

• policy class rate configuration
• policy rate configuration

1.34.3   Syntax Description

1.34.4   Default

Packets exceeding the policy rate are dropped.

1.34.5   Usage Guidelines

Use the exceed mark precedence command to mark packets that exceed the configured rate with a drop precedence value corresponding to the AF class of the packet.

To configure the rate, enter the rate command (in policy ACL class, metering policy, or policing policy configuration mode).

In general, the level of forwarding assurance of an IP packet is based on: (1) the resources allocated to the AF class to which the packet belongs, (2) the current load of the AF class, and, in case of congestion within the class, (3) the drop precedence of the packet. In case of congestion, the drop precedence of a packet determines the relative importance of the packet within the AF class. Packets with a lower drop precedence value are preferred and protected from being lost, while packets with a higher drop precedence value are discarded.

With AF classes AF1 (AF11, AF12, AF13), AF2 (AF21, AF22, AF23), AF3 (AF31, AF32, AF33), and AF4 (AF41, AF42, AF43), the second integer represents a drop precedence value. Table 4 shows how the AF drop precedence value of an incoming packet is changed when it exits the SmartEdge router after being tagged with a new drop precedence. (See also RFC 2597, Assured Forwarding PHB Group.)

Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark precedence command, specifying a new value for the prec-value argument, which supersedes the one previously configured.

Use the no or default form of this command to return to the default behavior of dropping packets that exceed the rate.

1.34.6   Examples

The following example configures the policy to mark all packets that conform to the configured rate with an IP precedence value of 3 and uses the conform mark command, which by default, drops all packets that exceed the rate:

[local]Redback(config)#qos policy protection1 policing

[local]Redback(config-policy-policing)#rate 10000 burst 100000

[local]Redback(config-policy-rate)#conform mark precedence 3

1.35   exceed mark priority

1.35.1   Purpose

Marks packets that exceed the quality of service (QoS) rate and burst tolerance with a priority group number, a drop-precedence value, or both, while leaving the packet’s IP header Differentiated Services Code Point (DSCP) value unmodified.

1.35.2   Command Mode

• policy class rate configuration
• policy rate configuration

1.35.3   Syntax Description

1.35.4   Default

Packets exceeding the rate are dropped.

1.35.5   Usage Guidelines

Use the exceed mark priority command to mark packets that exceed the QoS rate and burst tolerance with a priority group number, a drop-precedence value, or both, while preserving the packet's IP header. To configure the rate, enter the rate command (in policy ACL class, metering policy, or policing policy configuration mode).

A priority group is an internal value used by the SmartEdge router to determine into which egress queue the inbound packet should be placed. The type of service (ToS) value, Differentiated Services Code Point (DSCP) value, and Multiprotocol Label Switching (MPLS) experimental (EXP) bits are unchanged by this command. The actual queue number depends on the number of queues configured on the circuit. For more information, see the num-queues command in Configuring Queuing and Scheduling.

The SmartEdge router uses the factory preset, or default, mapping of a priority group to queue, according to the number of queues configured on a circuit; see Table 5.

Only one mark instruction can be in effect at a time. To change the mark instruction, enter the exceed mark priority command, specifying a new value for the group-num argument. This supersedes the value previously configured.

Note:  

By default, the SmartEdge router assigns a priority group to each egress queue, according to the number of queues configured on a circuit. You can override the default mapping of packets into egress queues by creating a customized queue priority map using the qos queue-map command (in global configuration mode).

Use the no or default form of this command to return to the default behavior.

1.35.6   Examples

The following example configures the policy to mark all packets that exceed the configured rate with a priority group of 3 and uses the exceed mark command, which by default, drops all packets that exceed the rate:

[local]Redback(config)#qos policy protection1 policing

[local]Redback(config-policy-policing)#rate 10000 burst 100000

[local]Redback(config-policy-rate)#exceed mark priority 3

1.36   exceed no-action

1.36.1   Purpose

Specifies that no action is taken on packets that exceed the configured quality of service (QoS) rate and burst tolerance.

1.36.2   Command Mode

• policy class rate configuration
• policy rate configuration

1.36.3   Syntax Description

This command has no keywords or arguments.

1.36.4   Default

Packets exceeding the rate are dropped.

1.36.5   Usage Guidelines

Use the exceed no-action command to specify that no action is taken on packets that exceed the rate.

To configure the rate, enter the rate command (in policy ACL class, metering policy, or policing policy configuration mode).

Use the no or default form of this command to return to the default behavior of dropping packets that exceed the rate.

1.36.6   Examples

The following example configures the policy to take no action on packets that exceed the rate:

[local]Redback(config)#qos policy protection1 policing

[local]Redback(config-policy-policing)#rate 10000 burst 100000

[local]Redback(config-policy-rate)#exceed no-action 

1.37   exclude

1.37.1   Purpose

Specifies nodes or links to exclude from the Constrained Shortest Path First (CSPF) calculation.

1.37.2   Command Mode

RSVP constraint configuration

1.37.3   Syntax Description

1.37.4   Default

No nodes or links are excluded from the CSPF calculation.

1.37.5   Usage Guidelines

Use the exclude command to exclude nodes or links from the CSPF path calculation.

Use the no form of this command to remove nodes or links excluded from the CSPF calculation.

1.37.6   Examples

The following example shows how to exclude node 10.2.3.4 from an LSP that traverses the network:

[local]Redback#configure

[local]Redback(config)#context local

[local]Redback(config-ctx)#router rsvp

[local]Redback(config-rsvp)#constraint constraint1

[local]Redback(config-rsvp-constr)#exclude node 10.2.3.4

1.38   exclusive

1.38.1   Purpose

Configures a primary LSP to support pseudowire (PW) traffic only.

1.38.2   Command Mode

RSVP LSP configuration

1.38.3   Syntax Description

This command has no keywords or arguments.

1.38.4   Default

None

1.38.5   Usage Guidelines

Use the exclusive command to configure a primary LSP to support PW traffic only.

Note:  

Only primary LSPs can be configured to be exclusive. Mapped bypass and backup LSPs inherit exclusivity from the primary LSP.

For more information about mapped RSVP LSPs, see one of the following sections, as appropriate:

Use the no version of this command to return the LSP to non-exclusive configuration.

1.38.6   Examples

The following example configures the LSP called RBAK1_RC1_BLACK to support PW traffic only.

[local]Redback(config-rsvp)#lsp RBAK1_RC1_BLACK 

[local]Redback(config-rsvp-lsp)#exclusive

1.39   exit

1.39.1   Purpose

Exits the current configuration mode and returns to the next highest-level configuration mode. At the exec prompt, closes an active terminal or console session, and terminates the session.

1.39.2   Command Mode

all modes

1.39.3   Syntax Description

This command has no keywords or arguments.

1.39.4   Default

None

1.39.5   Usage Guidelines

Use the exit command to exit the current configuration mode, return to exec mode, or close an active terminal or console session.

Entering this command in any configuration mode exits the current configuration mode and returns to the next highest level configuration mode. When you enter this command in global configuration mode and return to exec mode, all commands that you have entered since the beginning of the configuration session, or since the last abort or commit command (in any configuration mode), are committed to the database.

1.39.6   Examples

The following example displays an administrator exiting global configuration mode and returning to exec mode:

[local]Redback(config)#exit

[local]Redback#

The following example displays how to exit an active Telnet session:

[local]Redback>exit

1.40   exp-bits

1.40.1   Purpose

Specifies the EXP bits configuration in an L2VPN profile.

1.40.2   Command Mode

L2VPN profile peer configuration

1.40.3   Syntax Description

1.40.4   Default

None.

1.40.5   Usage Guidelines

Use the exp-bits command to specify the EXP bits to be used for transport on an XC in an L2VPN profile. Any XCs that have the profile attached inherit this configuration for the EXP bits.

Use the no form of this command to remove the EXP bits configuration from an L2VPN profile.

1.40.6   Examples

The following example shows how to configure an L2VPN profile to specify that 5 EXP bits are used for transport over an XC:

[local]Redback(config)#exp-bits 5

1.41   explicit-null (LDP)

1.41.1   Purpose

Enables an egress router to advertise an explicit null label (value 0), in place of an implicit null label (value 3), to the penultimate hop router.

1.41.2   Command Mode

LDP router configuration

1.41.3   Syntax Description

1.41.4   Default

The implicit null label (value 3) is advertised.

1.41.5   Usage Guidelines

Use the explicit-null command to enable an egress router to advertise an explicit null label (value 0), in place of an implicit null label (value 3), to the penultimate hop router.

By default, Label Distribution Protocol (LDP) advertises an implicit null label for directly connected prefixes. An implicit null label causes the upstream router to perform penultimate hop popping (PHP), and the implicit null label is not transmitted on the egress router. In some cases, such as quality of service (QoS) enforcement, PHP may not be desirable. In those cases, using the explicit-null command causes the egress router to advertise an explicit null label in place of an implicit null label for directly connected prefixes, which forces the upstream router to transmit packets with an explicit null label on the last hop.

If a neighbor IP address is specified, then the explicit-null command is neighbor-specific, and applies only to the LDP neighbor whose transport address matches the IP address specified in the command. If a neighbor address is not specified, then the explicit-null command is non neighbor-specific, and applies to all LDP neighbors in the context.

When both a neighbor-specific explicit-null command and a non neighbor-specific explicit-null command exist, only the neighbor-specific command applies to the neighbor whose transport address matches the IP address given in the neighbor-specific explicit-null command.

Use the no form of this command to disable explicit null label advertisement.

1.41.6   Examples

The following example enables advertising explicit-null label to neighbor 10.1.1.1 for directly connected prefixes that match the prefix-list, net01:

[local]Redback(config-ctx)#ip prefix-list net01 permit 155.0.0.0/8 ge 8

[local]Redback(config-ctx)#router ldp

[local]Redback(config-ldp)#neighbor 10.1.1.1 explicit-null prefix-list net01

1.42   explicit-null (RSVP)

1.42.1   Purpose

Enables an egress router to advertise an explicit null label (value 0), in place of an implicit null label (value 3), to the penultimate hop router.

1.42.2   Command Mode

RSVP router configuration

1.42.3   Syntax Description

This command has no keywords or arguments.

1.42.4   Default

The implicit null label (value 3) is advertised.

1.42.5   Usage Guidelines

Use the explicit-null command to enable an egress router to advertise an explicit null label (value 0), in place of an implicit null label (value 3), to the penultimate hop router.

By default, Resource Reservation Protocol (RSVP) advertises an implicit null label for directly connected prefixes. An implicit null label causes the upstream router to perform penultimate hop popping (PHP), and the implicit null label is not transmitted on the egress router. In some cases, such as quality of service (QoS) enforcement, PHP may not be desirable. In those cases, using the explicit-null command causes the egress router to advertise an explicit null label in place of an implicit null label for directly connected prefixes, which forces the upstream router to transmit packets with an explicit null label on the last hop.

Use the no form of this command to use the implicit null label.

1.42.6   Examples

The following example enables the explicit null value:

[local]Redback(config-ctx)#router rsvp

[local]Redback(config-rsvp)#explicit-null

1.43   explicit-route

1.43.1   Purpose

Creates an explicit route (ERO) and enters RSVP explicit route configuration mode.

1.43.2   Command Mode

RSVP router configuration

1.43.3   Syntax Description

1.43.4   Default

None

1.43.5   Usage Guidelines

Use the explicit-route command to create an explicit route and to enter RSVP explicit route configuration mode.

When an label-switched path (LSP) is configured to use an explicit route, it uses the path determined by the specified explicit route. If the path defined by the explicit route is not topologically possible, either because the network is partitioned, or because of insufficient resources, the LSP fails. No alternate paths can be used. If the LSP does not fail, it continues to use the explicit route.

When you reference a source path (in RSVP LSP configuration mode) with an ERO, the router does not use Constrained Shortest Path First (CSPF). If you specify the strict option in the next-hop command (in RSVP explicit route configuration mode), the router uses the strict way to traverse the path. If you specify the loose option (in RSVP explicit route configuration mode), the router uses the Gateway Protocol (IGP) to traverse the path.

When you reference an explicit route using the dynamic-path command (in RSVP LSP configuration mode), the ingress router uses CSPF to traverse the path. The ERO becomes one of the constraints used in CSPF computation. The path traverses the next hops that are in the ERO in a strict or loose way.

Use the no form of this command to delete an explicit route.

1.43.6   Examples

The following example shows how to create a Resource Reservation Protocol (RSVP) explicit route, ex-route02,using a constraint, constaint1, which consists of two next hops:

[local]Redback#config
[local]Redback(config)#context local
[local]Redback(config-ctx)#router rsvp
[local]Redback(config-rsvp)#explicit-route ex-route02 
[local]Redback(config-rsvp-explicit-route)#next-hop 13.1.1.2
[local]Redback(config-rsvp-explicit-route)#next-hop 14.1.1.2

1.44   export route-target

1.44.1   Purpose

Creates a list of export route targets for a specified Virtual Private Network (VPN) context.

1.44.2   Command Mode

BGP address family configuration

1.44.3   Syntax Description

1.44.4   Default

None. A VPN context has no export route targets unless this command is used.

1.44.5   Usage Guidelines

Use the export route-target command to create a list of export route targets for a specified VPN context.

Use the ext-com argument to configure a single route target extended community, or use the route-map route-map construct to configure an export route map for finer control over exported Border Gateway Protocol (BGP) routes. You can configure a single route target extended community, an export route map, or both. You can add multiple export route targets on the same line, or you can issue the command multiple times with individual route targets. Export route targets are sent as extended community attributes to other provider edge (PE) routers.

A route map allows you to filter routes or change attributes such as the export route target based on policy requirements. A route map may only be used when a target community value has not yet been configured. Use the optional ctx-name argument to reference a route-map in another context. If the optional ctx-name argument is not specified, then the route maps in the current context are referenced.

Note:  

The export route-target command can only be used in VPN contexts.

Use the no form of this command to remove a list of export route targets for a specified VPN context.

1.44.6   Examples

The following example configures the export route targets, 701:3 and 192.168.1.2:5:

[local]Redback(config)#context vpncontext vpn-rd 701:3

[local]Redback(config-ctx)#router bgp vpn

[local]Redback(config-bgp)#address-family ipv4 unicast 

[local]Redback(config-bgp-af)#export route-target 701:3 192.168.1.2:5

The following example configures an export route map, customer-export-map:

[local]Redback(config)#context vpncontext vpn-rd 701:3

[local]Redback(config-ctx)#route map customer-export-map permit 10

[local]Redback(config-route-map)#match as-path foo

[local]Redback(config-route-map)#set ext-community RT:701:3

[local]Redback(config-route-map)#exit

[local]Redback(config-ctx)#route map customer-export-map permit 20

[local]Redback(config-route-map)#set ext-community RT:701:3

[local]Redback(config-route-map)#exit

[local]Redback(config-ctx)#router bgp vpn

[local]Redback(config-bgp)#address-family ipv4 unicast 

[local]Redback(config-bgp-af)#export route-target route-map customer-export-map

1.45   export-version

1.45.1   Purpose

Specifies the export format used to send flow records to the external collector.

1.45.2   Command Mode

flow collector configuration

1.45.3   Syntax Description

1.45.4   Default

None.

1.45.5   Usage Guidelines

Use the export-version command to specify the export format used to send flow records to the external collector.

Note:  

In this release, only v5 formatting is supported.

1.45.6   Examples

The following example shows how to configure an external collector to use v5 formatting for exporting flow records:

[local]Redback#configure

[local]Redback(config)#context local

[local]Redback(config-ctx)#flow collector c1

[local]Redback(config-flow-collector)#export-version v5

1.46   ext-community-list

1.46.1   Purpose

Creates a Border Gateway Protocol (BGP) extended community list and enters community list configuration mode.

1.46.2   Command Mode

context configuration

1.46.3   Syntax Description

1.46.4   Default

There are no pre-configured extended community lists.

1.46.5   Usage Guidelines

Use the ext-community-list command to create a BGP extended community list and enter community list configuration mode where you can define conditions using the permit and deny commands.

The extended communities attribute consists of a set of extended communities. Each extended community is coded as an eight octet extended community number. An extended communities attribute is specified by configuring an extended communities list. You can specify multiple extended communities in a single extended community list entry. Like access control lists, extended community lists can have multiple entries that are examined in order of ascending sequence number.

All routes with the extended communities attribute belong to the communities listed in the attribute.

To set the extended communities attribute and match clauses based on extended communities, use the set ext-community and match ext-community-list commands in route map configuration mode.

Note:  

A reference to an extended community list that does not exist, or does not contain any configured entries, implicitly matches and permits all extended community lists.

Use the no form of this command to remove an extended community list.

1.46.6   Examples

The following example configures the extended community list, permit_local, and enters community list configuration mode:

[local]Redback(config-ctx)#ext-community-list permit_local

[local]Redback(config-community-list)#

1.47   fast-convergence (IS-IS)

1.47.1   Purpose

Enables fast convergence for an Intermediate System-to-Intermediate System (IS-IS) instance.

1.47.2   Command Mode

IS-IS router configuration

1.47.3   Syntax Description

1.47.4   Default

Fast convergence is enabled for all instances of IS-IS routers.

1.47.5   Usage Guidelines

Use the fast-convergence command to enable fast convergence for an IS-IS instance.

IS-IS fast convergence enables network operators to offer high availability IP services by:

• Responding to important network events, such as topology changes.
• Quickly propagating the information to the entire domain, minimizing the possibility of packet loss in the network.

This fast response affects not only the local router that has the link status change, but also the entire IS-IS routing domain.

IS-IS fast convergence response is adaptive to the frequency of network events. It reacts quickly when there is a sudden network change, but it slows down when there are persistent topology changes, to offer IS-IS routing stability.

Note:  

We recommend that you not configure the SPF to run continuously. For example, in large networks where a single SPF calculation can take 200 milliseconds or more, do not set the SPF delay value to 50 milliseconds, the max-spf-count to 3 calculations, and the SPF holddown (using the spf holddown command) to 1 second. This configuration can result in excessive CPU utilization when other applications try to run between SPF calculations.

Using the fast-convergence command to configure a maximum SPF count greater than zero enables additional SPF calculations in the SPF holddown interval. Configuring the maximum SPF count to zero prevents additional SPF calculations, which imposes a delay (holddown) interval between a second event and it's SPF calculation. In other words, a maximum SPF count of zero enforces delay between an event that triggers an SPF calculation and the calculation itself.

Note:  

The SPF delay interval configured with the fast convergence command overrides the SPF delay interval set with the spf interval command.

Use the debug isis spf-events command to turn on error messages related to IS-IS fast convergence.

Use the no form of this command to disable fast convergence for an IS-IS instance. This command reverts the system to normal operation, in which the holddown time is in seconds (instead of milliseconds), and there is always a delay between successive SPF calculations.

Use the default form of this command to enable fast-convergence with the default settings, or to return the current fast-convergence SPF configuration to the default settings.

1.47.6   Examples

The following example enables fast convergence on the IS-IS instance, ip-backbone, using the default configuration.

[local]Redback(config-ctx)#router isis ip-backbone

[local]Redback(config-isis)#fast-convergence

The following example shows how to:

• Enable fast convergence on an IS-IS instance

• Set the delay between the receipt of a topology change and the start of the SPF calculation to 10 milliseconds.

• Allow a maximum of 5 additional SPF calculations to be performed during the SPF hold time.

[local]Redback(config-ctx)#router isis ip1

[local]Redback(config-isis)#fast-convergence 10 5

1.48   fast-convergence (OSPF)

1.48.1   Purpose

Enables fast convergence for an Open Shortest Path First (OSPF) instance.

1.48.2   Command Mode

OSPF router configuration

1.48.3   Syntax Description

1.48.4   Default

Fast convergence is disabled for all OSPF instances.

1.48.5   Usage Guidelines

Use the fast-convergence command to enable fast convergence for an OSPF instance.

OSPF fast convergence enables networks to offer high-availability IP services to their customers by:

• Responding to important network events, such as a backbone link down.
• Quickly propagating the information to the entire domain.
• Quickly calculating new routing information based on a network topology change, which minimizes the possibility of data packet loss in the network.

This fast response not only affects the local router that has the status change but also the entire OSPF routing domain.

OSPF fast convergence response is adaptive to the frequency of network events. It reacts quickly when a sudden network change occurs, but it slows when persistent topology changes exist to offer OSPF routing stability.

Use the spf-delay-interval argument to set an SPF delay that is less than one second. When fast convergence is enabled, the spf-delay-interval argument provides an SPF delay with sub-second (millisecond) granularity, and the value for the delay argument of the spf-timers command (in OSPF router configuration mode) is ignored, regardless of whether it has been configured. Otherwise, under normal convergence, the delay argument value (in seconds) is used.

Use the max-spf-count argument to allow additional SPF calculations within the SPF hold time specified by the spf-timers command. Specifying a value greater than zero effectively squeezes additional SPF calculations into the SPF time interval; specifying a value of zero does not allow for squeezing additional SPF calculations into the SPF hold time and returns OSPF to the standard SPF hold time behavior.

Use the no or default form of this command to disable fast convergence for an OSPF instance.

1.48.6   Examples

The following example enables fast convergence on the OSPF instance, with an SPF delay interval of 250 milliseconds and up to 5 additional SPF calculations allowed during the SPF hold time:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#router ospf 1

[local]Redback(config-ospf)#fast-convergence 250 5

[local]Redback(config-ospf)#

1.49   fast-hello

1.49.1   Purpose

Enables the sending of more than one Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) Hello packet per second on the interface.

1.49.2   Command Mode

• OSPF interface configuration
• OSPF3 interface configuration

1.49.3   Syntax Description

1.49.4   Default

Four OSPF Hello packets are sent each second.

1.49.5   Usage Guidelines

Use the fast-hello command to enable the sending of more than one OSPF or OSPFv3 Hello packet per second on the interface.

Note:  

Using the fast-hello command results in faster OSPF convergence.

The following restrictions apply to the fast-hello command:

• After the fast-hello command is configured, you cannot use the hello-interval or router-dead interval command until the fast-hello command has been disabled.
• After the hello-interval or router-dead interval command has been configured, you cannot use the fast-hello command until the hello-interval or router-dead interval command has been disabled.

Use the no form of this command to disable the sending of more than one OSPF or OSPFv3 Hello packet per second on the interface.

Use the default form of this command to send four OSPF or OSPFv3 Hello packets each second.

1.49.6   Examples

The following example configures Hello packets to be sent 2 times per second, indicating that the interval between Hello packets to 500 ms:

[local]Redback(config-ospf-if)#fast-hello 2

1.50   fast-lsa-origination

1.50.1   Purpose

Enables fast link-state advertisement (LSA) origination for an Open Shortest Path First (OSPF) instance.

1.50.2   Command Mode

OSPF router configuration

1.50.3   Syntax Description

This command has no keywords or arguments.

1.50.4   Default

Fast LSA origination is disabled.

1.50.5   Usage Guidelines

Use the fast-lsa-origination command to enable fast LSA origination for an OSPF instance.

Normally, OSPF originates an LSA every five seconds. Because there can be multiple changes to router or network LSAs during that five-second interval, the five-second LSA origination limit can slow network convergence. When fast LSA origination is enabled, up to four instances of the same LSA can be originated in the same five-second interval.

Likewise, LSA reception is normally rate limited to one new LSA instance per second. LSA instances received in less than one second after the previous LSA instance are dropped. When fast LSA origination is enabled, LSA reception is not restricted to one new instance per second.

Use the no or default form of this command to disable fast LSA origination.

1.50.6   Examples

The following example enables fast LSA origination:

[local]Redback(config-ctx)#router ospf 1

[local]Redback(config-ospf)#fast-lsa origination

1.51   fast-reroute

1.51.1   Purpose

Configures a bypass Resource Reservation Protocol (RSVP) label-switched path (LSP) for node protection when the SmartEdge OSinteroperates with other vendor equipment.

1.51.2   Command Mode

RSVP LSP configuration

1.51.3   Syntax Description

1.51.4   Default

None

1.51.5   Usage Guidelines

Use the fast-reroute command to configure a bypass RSVP LSP for node protection when the SmartEdge OS interoperates with other vendor equipment.

The fast-reroute command is useful when the merge-point does not send its loopback address in its RRO. The nnhop-intf-address ip-addr construct specifies the address that the MP includes in the incoming-label RRO that is sent to the protected LSP. Use the show rsvp lsp command to obtain the
next-next-hop node interface IP address. The fast-reroute command is also useful for node protection in an interarea MPLS fast reroute configuration.

Note:  

The fast-reroute command is available only if the bypass RSVP LSP is configured for node protection.

Use the no version of this command to remove node protection configuration from bypass RSVP LSP.

1.51.6   Examples

The following example configures the RSVP LSP, to-r1-edge, to match the next-next-hop interface IP address, 10.2.2.2:

[local]Redback(config-ctx)#router rsvp

[local]Redback(config-rsvp)#lsp to-r1-edge bypass 10.1.1.1 node-protect-lsp-egress 192.168.1.1

[local]Redback(config-rsvp-lsp)#fast-reroute nnhop-intf-address 10.2.2.2

1.52   fast-reset (BGP neighbor configuration mode)

1.52.1   Purpose

For iBGP or multihop eBGP sessions:

• Accesses Border Gateway Protocol (BGP) neighbor fast-reset configuration mode, where you create a BGP fast-reset interface list of up to ten links to a neighbor; BGP fast reset is triggered when all links in the list go down.
• Configures the interval that must pass before the BGP routing process triggers fast reset after all of the links in the BGP fast-reset interface list go down.

1.52.2   Command Mode

BGP neighbor configuration

1.52.3   Syntax Description

1.52.4   Default

Fast-reset is disabled, and BGP sessions are dropped after the BGP hold-time value (set with the timers command in BGP router configuration mode) is exceeded.

1.52.5   Usage Guidelines

For iBGP or multihop eBGP sessions (where the neighbor is configured with the ebgp-multihop command) , use the fast-reset command to:

• Access BGP neighbor fast-reset configuration mode, where you create a BGP fast-reset interface list of up to ten links to a neighbor; BGP fast reset is triggered when all links in the list go down.
• Configure the interval that must pass before the BGP routing process triggers fast reset after all of the links in the BGP fast-reset interface list go down.

Use the interface command in BGP neighbor configuration mode to add an interface to the list of interfaces that must go down before BGP fast reset takes effect. You can add up to ten interfaces to the list. The BGP session does not come up if you configure the fast-reset command in BGP neighbor configuration mode without adding any interfaces to the interface list (using the interface command).

Consider the following rules and restrictions when configuring BGP fast reset on a multihop BGP session:

• A BGP session remains active as long as at least one of the interfaces in the BGP fast-reset interface list is up. When all of the interfaces in the list are down, BGP ignores the configured hold time (specified by the timers command ) and, instead, waits for the specified fast-reset interval before removing its sessions with the affected neighbor.
• If none of the specified interfaces are up in the configured BGP fast-reset interface list, BGP does not establish a session with a neighbor (regardless of whether the neighbor is reachable).
• If all of the interfaces configured in a fast-reset interface list go down, the BGP session goes down and does not become active again until at least one of the down interfaces comes up.
• When configuring BGP fast reset for a neighbor that is part of a BGP peer group:
  • The BGP fast-reset configuration for a particular neighbor takes precedence over the BGP fast-reset configuration for a peer group. For example, if a BGP neighbor is configured with a fast-reset interval of 50 milliseconds, and that neighbor belongs to a peer group configured with a fast-reset interval of 20 seconds, the BGP neighbor ignores the peer group configuration and uses the BGP fast-reset interval of 50 milliseconds.
  • If a neighbor does not already have BGP fast reset configured, that neighbor inherits the fast-reset configuration from the peer group.
  • If a neighbor has its own BGP fast-reset configuration, to return that neighbor to the default (where the neighbor inherits the BGP fast-reset configuration from the peer group), remove the neighbor from the peer group and then add it back.

Use the no form of this command to disable BGP fast reset for an iBGP or multihop eBGP session.

1.52.6   Examples

The following example shows how to perform the following tasks on an eBGP neighbor with IP address 1.1.1.1:

• Access BGP neighbor fast-reset configuration mode
• Add three interfaces (to_red5, to_red10, and to_red15) to the BGP fast-reset interface list
• Configure the BGP routing process to wait 250 milliseconds after all of the links in the BGP fast-reset interface list go down before triggering fast reset

[local]Redback(config)#router bgp 1

[local]Redback(config-bgp)#neighbor 1.1.1.1 external

[local]Redback(config-bgp-neighbor)#fast-reset 250

[local]Redback(config-nbr-fast-reset)#interface to_red5

[local]Redback(config-nbr-fast-reset)#interface to_red10

[local]Redback(config-nbr-fast-reset)#interface to_red15

1.52.7   fast-reset (BGP peer group configuration mode)

1.52.7.1   Purpose

For iBGP or multihop eBGP sessions:

• Accesses Border Gateway Protocol (BGP) neighbor fast-reset configuration mode, where you create a BGP fast-reset interface list of up to ten links to a neighbor; BGP fast reset is triggered when all links in the list go down.
• Configures the interval that must pass before the BGP routing process triggers fast reset after all of the links in the BGP fast-reset interface list go down.

1.52.7.2   Command Mode

BGP peer group configuration

1.52.7.3   Syntax Description

1.52.7.4   Default

Fast-reset is disabled, and BGP sessions are dropped after the BGP hold-time value (set with the timers command in BGP router configuration mode) is exceeded.

1.52.7.5   Usage Guidelines

For iBGP or multihop eBGP sessions (where the neighbor is configured with the ebgp-multihop command) , use the fast-reset command to:

• Access BGP neighbor fast-reset configuration mode, where you create a BGP fast-reset interface list of up to ten links to a neighbor; BGP fast-reset is triggered when all links in the list go down.
• Configure the interval that must pass before the BGP routing process triggers fast reset after all of the links in the BGP fast-reset interface list go down.

Use the interface command in BGP neighbor configuration mode to add an interface to the list of interfaces that must go down before BGP fast reset takes effect. You can add up to ten interfaces to the list. The BGP session does not come up if you configure the fast-reset command in BGP neighbor configuration mode without adding any interfaces to the interface list (using the interface command).

Consider the following rules and restrictions when configuring BGP fast reset on a multihop BGP session:

• A BGP session remains active as long as at least one of the interfaces in the BGP fast-reset interface list is up. When all of the interfaces in the list are down, BGP ignores the configured hold time (specified by the timers command ) and, instead, waits for the specified fast-reset interval before removing its sessions with the affected neighbor.
• If none of the specified interfaces are up in the configured BGP fast-reset interface list, BGP does not establish a session with a neighbor (regardless of whether the neighbor is reachable).
• If all of the interfaces configured in a fast-reset interface list go down, the BGP session goes down and does not become active again until at least one of the down interfaces comes up.
• When configuring BGP fast reset for BGP peer groups, note that:
  • The BGP fast-reset configuration for a particular neighbor takes precedence over the BGP fast-reset configuration for a peer group. For example, if a BGP neighbor is configured with a fast-reset Interval of 50 milliseconds, and that neighbor belongs to a peer group that is configured with a fast-reset interval of 20 seconds, the BGP neighbor ignores the peer group configuration and uses the BGP fast-reset interval of 50 milliseconds.
  • If a neighbor does not already have BGP fast reset configured, that neighbor inherits the fast-reset configuration from the peer group.
  • If a neighbor has its own BGP fast-reset configuration, the only way to return that neighbor to the default (where the neighbor inherits the BGP fast-reset configuration from the peer group) is to remove the neighbor from and the peer group and then add that neighbor back to the peer group.

Use the no form of this command to disable BGP fast reset for an iBGP or multihop eBGP session.

1.52.7.6   Examples

The following example shows how to perform the following tasks on an iBGP peer group called mpg1:

• Access BGP neighbor fast-reset configuration mode
• Add three interfaces (to_blue1, to_blue2, and to_blue3) to the BGP fast-reset interface list
• Configure the BGP routing process to wait 200 milliseconds after all of the links in the BGP fast-reset interface list go down before triggering fast reset

[local]Redback(config)#router bgp 1

[local]Redback(config-bgp)#peer-group mpg1 internal

[local]Redback(config-bgp-peer-group)#fast-reset 200

[local]Redback(config-nbr-fast-reset)#interface to_blue1

[local]Redback(config-nbr-fast-reset)#interface to_blue2

[local]Redback(config-nbr-fast-reset)#interface to_blue3

1.53   fast-reset (BGP router configuration mode)

1.53.1   Purpose

Configures the Border Gateway Protocol (BGP) routing process to wait a specified period of time before dropping sessions with directly connected peers if the links used to reach those peers go down.

1.53.2   Command Mode

BGP router configuration

1.53.3   Syntax Description

1.53.4   Default

Fast-reset is disabled, and BGP sessions are dropped after the BGP hold-time value (set with the timers command in BGP router configuration mode) is exceeded.

1.53.5   Usage Guidelines

Use the fast-reset command to configure the BGP routing process to wait a specified period of time before dropping sessions with directly connected peers if the links use to reach those peers go down. In this case, the fast-reset configuration applies to all eBGP neighbors that are directly connected to the local system.

Normally, a BGP session is dropped only after the hold time specified by the timers command expires. BGP fast reset allows faster route convergence by bringing down the session immediately and triggering a BGP best path calculation before the hold time expires. This fast reset minimizes routing convergence times, and therefore packet loss, during network failures.

Use the no form of this command to disable BGP fast reset for an instance.

To disable the application of fast reset on BGP confederation peers only, use the fast-reset command without the confed keyword.

To see the reason for a fast reset, use the show bgp neighbor command. To see the fast-reset configuration for a BGP neighbor or peer group, use the show bgp neighbor or show bgp peer-group command.

1.53.6   Examples

The following example shows how to configure the BGP routing process to wait 50 seconds before dropping sessions with directly connected peers if the links used to reach those peers go down:

[local]Redback(config)#router bgp 100

[local]Redback(config-bgp)#fast-reset 50

The following example shows how to configure the BGP routing process to wait 40 seconds before dropping sessions with directly connected eBGP peers or directly connected BGP confederation peers if the links used to reach those peers go down:

[local]Redback(config)#router bgp 1

[local]Redback(config-bgp)#fast-reset confed 40

1.54   flap-statistics

1.54.1   Purpose

Enables route-flap statistics accounting for the address family for both internal Border Gateway Protocol (iBGP) and external BGP (eBGP) routing processes.

1.54.2   Command Mode

BGP address family configuration

1.54.3   Syntax Description

This command has no keywords or arguments.

1.54.4   Default

Route-flap statistics accounting is disabled.

1.54.5   Usage Guidelines

Use the flap-statistics command to enable route-flap statistics accounting for both iBGP and eBGP routing processes.

This command is useful for determining routing stability and for diagnosing problems. In particular, this command is useful for troubleshooting persistent iBGP routing loops. Use this command if the network is experiencing a high degree of route flapping.

Use the no form of this command to disable route-flap statistics accounting.

1.54.6   Examples

The following example enables route-flap statistics accounting:

[local]Redback(config-ctx)#router bgp 64001

[local]Redback(config-bgp)#address-family ipv4 multicast

[local]Redback(config-bgp-af)#flap-statistics 

1.55   flash-update-threshold

1.55.1   Purpose

Modifies the minimum interval between consecutive Routing Information Protocol (RIP) or RIP next generation (RIPng) flash updates.

1.55.2   Command Mode

• RIPng router configuration
• RIP router configuration

1.55.3   Syntax Description

1.55.4   Default

The flash update threshold is five seconds.

1.55.5   Usage Guidelines

Use the flash-update-threshold command to modify the minimum interval between consecutive RIP or RIPng flash updates. Each flash update contains only those routes that have been changed since the most recent update.

Use the no or default form of this command to return the threshold limit to five seconds.

1.55.6   Examples

The following example sets a RIP flash update threshold of 10 seconds:

[local]Redback(config-ctx)#router rip rip001

[local]Redback(config-rip)#flash-update-threshold 10

1.56   flood-reduction

1.56.1   Purpose

Suppresses periodic link-state advertisement (LSA) refresh in stable topologies.

1.56.2   Command Mode

• OSPF interface configuration
• OSPF3 interface configuration

1.56.3   Syntax Description

This command has no keywords or arguments.

1.56.4   Default

Flood reduction is disabled on the interface.

1.56.5   Usage Guidelines

Use the flood-reduction command to suppress periodic LSA refresh in stable topologies.

Note:  

If demand circuit operation is implicitly or explicitly enabled, LSAs are flooded as DoNotAge LSAs on the Open Shortest Path First (OSPF) or OSPF Version 3 (OSPFv3) interface, and will not be re-flooded until the network topology changes.

Use the no form of this command to disable flood reduction.

1.56.6   Examples

The following example suppresses periodic LSA refresh for the OSPF interface, ETH3/4, in area 0:

[local]Redback(config-ospf)#area 0

[local]Redback(config-ospf-area)#interface ETH3/4

[local]Redback(config-ospf-if)#flood-reduction

1.57   flow admission-control profile

1.57.1   Purpose

Creates a flow admission control (FAC) profile and enters flow configuration mode.

1.57.2   Command Mode

global configuration

1.57.3   Syntax Description

1.57.4   Default

No flow admission control profiles are configured.

1.57.5   Usage Guidelines

Use the flow admission-control profile command to create a FAC profile and enter flow configuration mode. You use this profile to apply flow attributes to a circuit.

Use the no form of this command to remove a FAC profile.

1.57.6   Examples

The following example creates a FAC profile called profile1:

[local]Redback(config)#flow admission-control profile profile1

1.58   flow apply admission-control profile

1.58.1   Purpose

Applies a flow admission control (FAC) profile to a circuit for a specified traffic direction.

1.58.2   Command Mode

circuit configuration

1.58.3   Syntax Description

1.58.4   Default

None

1.58.5   Usage Guidelines

Use the flow apply admission-control profile command to apply a FAC profile to a circuit for a specified traffic direction.

Use the no form of this command to remove a FAC profile from a circuit.

1.58.6   Examples

The following example applies FAC profile profile1 to bidirectional traffic on circuit dot1q pvc 1:

[local]Redback(config)#port ethernet 1/1

[local]Redback(config-port)#dot1q pvc 1

[local]Redback(config-dot1q-pvc)#flow apply admission-control profile profile1 bidirectional

1.59   flow apply ip profile

1.59.1   Purpose

Attaches a specified RFlow profile to a circuit.

1.59.2   Command Mode

• port configuration
• dot1q PVC configuration

1.59.3   Syntax Description

1.59.4   Default

None.

1.59.5   Usage Guidelines

Use the flow apply ip profile command to attach a specified RFlow profile to a circuit.

Note:  

The physical circuit must be bound to an IP interface for flow accounting to work.

Use the no form of this command to remove an RFlow profile from a circuit.

Note:  

If no RFlow profiles are attached to the circuit, then RFlow is disabled on the circuit.

1.59.6   Examples

The following example shows how to attach an RFlow profile called p1 to the dot1q circuit on port 4/1:

[local]Redback(config)#port ethernet 4/1 

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#encapsulation dot1q 

[local]Redback(config-port)#bind interface if1_1 local 

[local]Redback(config-port)#flow apply ip profile p1 in

1.60   flow collector

1.60.1   Purpose

Enters flow collector configuration mode, where you configure access to an external collector.

1.60.2   Command Mode

context configuration

1.60.3   Syntax Description

1.60.4   Default

None.

1.60.5   Usage Guidelines

Use the flow collector command to enter flow collector configuration mode, where you configure access to an external collector.

1.60.6   Examples

The following example shows how to enter flow collector configuration mode for an external collector called c1:

[local]Redback#configure

[local]Redback(config)#context local

[local]Redback(config-ctx)#flow collector c1

[local]Redback(config-flow-collector)#

1.61   flow-control

1.61.1   Purpose

For a Gigabit Ethernet (GE) port, sets the flow control mode on a port to be applied when auto-negotiation is disabled or fails with force mode enabled. For a 10GE port, sets the flow control mode on a port to be applied unconditionally for both transmitted and received traffic because these ports do not support auto-negotiation.

1.61.2   Command Mode

port configuration

1.61.3   Syntax Description

1.61.4   Default

Flow control is applied to received traffic on a GE port. For 10GE ports, flow-control is enabled by default for both transmitted and received traffic. However, for the oversubscribe-capable 4-port 10GE card, receive flow control (in this case, transmission of Ethernet PAUSE frames) is always disabled whenever more than two of the four ports of the card are placed in service by using the no shutdown command.

1.61.5   Usage Guidelines

For a GE port, use the flow-control command to set the flow control mode on a GE port to be applied when auto-negotiation is disabled or fails with force mode enabled. The flow control mode set using this command is applied when:

• Auto-negotiation is disabled on the port.
• Auto-negotiation is enabled and force mode is also enabled and the negotiation fails.

Otherwise, the value set using this command is ignored and flow control is negotiated using the parameters specified in the auto-negotiate command (in port configuration mode).

For a 10GE port, use the flow-control command to set the flow control mode on a port to be applied unconditionally for both transmitted and received traffic because these ports do not support auto-negotiation.

Use the default form of this command to set flow control to its default value.

Note:  

This command does not apply to ports on Fast Ethernet (FE) traffic cards.

Use the no form of this command to disable all flow control on the port.

1.61.6   Examples

The following example shows how to disable receive and transmit flow control on a 10GE port:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#no flow-control

The following example shows how to apply flow control to traffic both transmitted from and received on GE port 1 in slot 4:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#flow-control tx&rx

1.62   flow enable

1.62.1   Purpose

Enables flows on a circuit.

1.62.2   Command Mode

exec

1.62.3   Syntax Description