|
Table Of Contents
Network Access to the ONS 15216 EDFA3 Using the ONS 15454
13.1 Using the ONS 15454 with the ONS 15216 EDFA3
13.3.1 Creating a Static Route
13.3.2 Static Route for Multiple CTCs
13.5 Using Routing Information Protocol
13.6 Using the Proxy Server Features
13.7 Viewing the ONS 15454 Routing Table
Network Access to the ONS 15216 EDFA3 Using the ONS 15454
The Cisco ONS 15454 is Cisco's metro optical transport system. The ONS 15454 combines supercharged SONET/SDH transport and integrated optical networking (including ITU grid wavelengths and dense wavelength division multiplexing [DWDM]) with multiservice interfaces on demand (including Ethernet) and time division multiplexing (TDM) services to deliver economic benefits to service providers. The ONS 15454 provides the functions of multiple network elements in a single platform.
This chapter contains the following sections:
• Using the ONS 15454 with the ONS 15216 EDFA3
• OSPF
• Using Routing Information Protocol
• Using the Proxy Server Features
• Viewing the ONS 15454 Routing Table
A video tutorial for the ONS 15454 is located at:
http://www.cisco.com/warp/public/cc/pd/olpl/metro/on15454
Note All references to ONS 15454 pertain to the SONET product. The ONS 15216 EDFA3 is not compatible with ONS 15454 SDH.
13.1 Using the ONS 15454 with the ONS 15216 EDFA3
This chapter explains how to set up Cisco ONS 15454 nodes in IP networks. The chapter does not provide a comprehensive explanation of IP networking concepts and procedures.
Note To set up ONS 15454 nodes within an IP network, you must work with a LAN administrator or other individual at your site who has IP network training and experience. To learn more about IP networking, many outside resources are available. IP Routing Fundamentals, by Mark Sportack (Cisco Press, 1999), provides a comprehensive introduction to routing concepts and protocols in IP networks.
In order to use the ONS 15216 EDFA3 with the ONS 15454, the following setup is required:
•The ONS 15216 EDFA3 must be on the same subnetwork as the ONS 15454.
•The firewall on the ONS 15454 must be disabled on the gateway network element (GNE) and on the node where the ONS 15216 EDFA3 is connected.
•On the node where the GNE is connected to the ONS 15454, you must install a static route as follows:
•Destination: ONS 15216 EDFA3 address
•Mask: 255.255.255.255
•Next Hop: IP address of the node where the ONS 15216 EDFA3 is connected
You will also need to install a default route (0.0.0.0) on the GNE. The connection from the ONS 15216 EDFA3 to the Timing, Communications, and Control (TCC) card uses a cross-over cable.
This manual contains the following IP networking procedures for the ONS 15454 SONET:
• Using Routing Information Protocol
• Using the Proxy Server Features
• Viewing the ONS 15454 Routing Table
13.2 Before You Begin
Determine how your network will be connected. There are many different ONS 15454 connection options within an IP environment:
•ONS 15454 nodes can be connected to LANs directly or through a router.
•IP subnetting can create ONS 15454 node groups, allowing you to provision nodes in a network that are not connected to a data communications channel (DCC).
•Different IP functions and protocols can be used to achieve specific network goals. For example, Proxy Address Resolution Protocol (ARP) enables one LAN-connected ONS 15454 to serve as a gateway for ONS 15454 nodes that are not connected to the LAN.
•You can create static routes to enable connections among multiple Cisco Transport Controller (CTC) sessions with ONS 15454 nodes that reside on the same subnet but have different destination IP addresses.
•If ONS 15454 nodes are connected to Open Shortest Path First (OSPF) networks. ONS 15454 network information is automatically communicated across multiple LANs and WANs.
Table 13-1 provides a general list of items to check when setting up ONS 15454 nodes in IP networks. Additional procedures for troubleshooting Ethernet connections and IP networks are contained in the ONS 15454 documentation.
13.3 Static Routes
Static routes are used for two purposes:
•To connect ONS 15454 nodes to CTC sessions on one subnet connected by a router to ONS 15454 nodes residing on another subnet.
•To enable multiple CTC sessions among ONS 15454 nodes residing on the same subnet.
13.3.1 Creating a Static Route
Use this procedure to create a static route. Static routes are used for two purposes:
Step 1 Start CTC for an ONS 15454 node and choose the Provisioning > Network tabs ( Figure 13-1).
Step 2 Click the Static Routing tab. Click Create.
Figure 13-1 Create Static Route Dialog Box
Step 3 In the Create Static Route dialog box, enter the following:
•Destination—Enter the IP address of the computer running CTC. To limit access to one computer, enter the full IP address (in the example, 192.168.1.100). To allow access to all computers on the 192.168.1.0 subnet, enter 192.168.1.0 and a subnet mask of 255.255.255.0. You can enter a destination of 0.0.0.0 to allow access to all CTC computers that connect to the router.
•Mask—Enter a subnet mask. If the destination is a host route (that is, one CTC computer), enter a 32-bit subnet mask (255.255.255.255). If the destination is a subnet, adjust the subnet mask accordingly, for example, 255.255.255.0. If the destination is 0.0.0.0, enter a subnet mask of 0.0.0.0 to provide access to all CTC computers.
•Next Hop—Enter the IP address of the router port (in this example, 192.168.90.1) or the node IP address if the CTC computer is connected to the node directly.
•Cost—Enter the number of hops between the ONS 15454 and the computer. In this example, the cost is two: one hop from the ONS 15454 to the router and a second hop from the router to the CTC workstation.
Step 4 Click OK. Verify that the static route displays in the Static Route window, or ping the node.
13.3.2 Static Route for Multiple CTCs
Figure 13-2 shows a static route used when multiple CTC computers need to access ONS 15454 nodes residing on the same subnet. In this scenario, CTC Workstations #1 and #2 and all ONS 15454 nodes are on the same IP subnet; ONS 15454 #1 and CTC Workstation #1 are attached to LAN A. ONS 15454 #2 and CTC Workstation #2 are attached to LAN B. Static routes are added to ONS 15454 #1 pointing to CTC Workstation #1, and to ONS 15454 #2 pointing to CTC Workstation #2. The static route is entered from the node's perspective.
Figure 13-2 Static Route for Multiple CTCs
13.4 OSPF
Open Shortest Path First (OSPF) is a link state Internet routing protocol. Link state protocols use a "hello protocol" to monitor their links with adjacent routers and to test the status of their links to their neighbors. Link state protocols advertise their directly connected networks and their active links. Each link state router captures the link state "advertisements" and puts them together to create a topology of the entire network or area. From this database, the router calculates a routing table by constructing a shortest path tree. Routes are continuously recalculated to capture ongoing topology changes.
13.4.1 Using OSPF
ONS 15454 nodes use the OSPF protocol in internal ONS 15454 networks for node discovery, circuit routing, and node management. You can enable OSPF on the ONS 15454 nodes so that the ONS 15454 topology is sent to OSPF routers on a LAN. Advertising the ONS 15454 network topology to LAN routers eliminates the need to manually enter static routes for ONS 15454 subnetworks. Figure 13-3 shows a network enabled for OSPF. Figure 13-4 shows the same network without OSPF. Static routes must be manually added to the router in order for CTC computers on LAN A to communicate with ONS 15454 #2 and #3 because these nodes reside on different subnets.
OSPF divides networks into smaller regions, called areas. An area is a collection of networked end systems, routers, and transmission facilities organized by traffic patterns. Each OSPF area has a unique ID number, known as the area ID, that can range from 0 to 4,294,967,295. Every OSPF network has one backbone area called area 0. All other OSPF areas must connect to area 0.
When you enable ONS 15454 OSPF topology for advertising to an OSPF network, you must assign an OSPF area ID to the ONS 15454 network. Coordinate the area ID number assignment with your LAN administrator. In general, all DCC-connected ONS 15454 nodes are assigned the same OSPF area ID.
Figure 13-3 OSPF Enabled
Figure 13-4 OSPF Not Enabled
13.4.2 Setting Up OSPF
Use the following procedure to enable OSPF on each ONS 15454 node that you want included in the OSPF network topology.
ONS 15454 OSPF settings must match the router OSPF settings, so you must get the OSPF area ID, Hello and Dead intervals, and authentication key (if OSPF authentication is enabled) from the router to which the ONS 15454 network is connected before enabling OSPF.
Step 1 Start CTC for an ONS 15454 node.
Step 2 In node view, choose the Provisioning > Network > OSPF tabs. The OSPF pane has several options ( Figure 13-5).
Figure 13-5 Enabling OSPF on the ONS 15454 SONET
Step 3 Complete the following:
•DCC OSPF Area ID—Click the area ID next to the slot and port field. Enter the number that identifies the ONS 15454 nodes as a unique OSPF area. The OSPF area number can be an integer between 0 and 4294967295, and it can take a form similar to an IP address. The number must be unique to the LAN OSPF area.
•DCC Metric—This value is normally unchanged. It sets a cost for sending packets across the DCC, which is used by OSPF routers to calculate the shortest path. This value should always be higher than the LAN metric. The default DCC metric is 100.
Step 4 In the OSPF on LAN area, complete the following:
•OSPF active on LAN—When checked, enables ONS 15454 OSPF topology to be advertised to OSPF routers on the LAN. Enable this field on ONS 15454 nodes that directly connect to OSPF routers.
•LAN Port Area ID—Enter the OSPF area ID for the router port where the ONS 15454 is connected. (This number is different from the DCC area ID.)
Step 5 In the Authentication Type area, click the button that says No Authentication or Simple Password and complete the following:
•Authentication Type—Use the menu to select Simple Password or No Authentication. (The button name depends on the options selected.) If the router where the ONS 15454 is connected uses authentication, choose Simple Password. Otherwise, choose No Authentication.
•Enter Authentication Key—If authentication is enabled, enter the OSPF key (password).
•Confirm Authentication Key—Enter the OSPF key again for confirmation purposes.
Step 6 Complete the following ( Figure 13-6):
Note The OSPF priority and intervals default to values most commonly used by OSPF routers. In the Priority and Intervals area, verify that these values match those used by the OSPF router where the ONS 15454 is connected.
•Router Priority—Select the designated router for a subnet.
•Hello Interval (sec)—Set the number of seconds between OSPF hello packet advertisements sent by OSPF routers. Ten seconds is the default.
•Dead Interval—Set the number of seconds that will pass while an OSPF router's packets are not visible before its neighbors declare the router down. Forty seconds is the default.
•Transit Delay (sec)—Indicate the service speed. One second is the default.
•Retransmit Interval (sec)—Set the time that will elapse before a packet is resent. Five seconds is the default.
•LAN Metric—Set a cost for sending packets across the LAN. This value should always be lower than the DCC metric. Ten is the default.
Figure 13-6 OSPF Area Range Table and Virtual Link Table
Step 7 In the OSPF Area Range Table area, complete the following:
Note Area range tables consolidate the information that is propagated outside an OSPF Area border. One ONS 15454 in the ONS 15454 OSPF area is connected to the OSPF router. An area range table on this node points the router to the other nodes that reside within the ONS 15454 OSPF area.
a. Under OSPF Area Range Table, click Create.
b. In the Create Area Range dialog box, enter the following:
–Range Address—Enter the area IP address for the ONS 15454 nodes that reside within the OSPF area. For example, if the ONS 15454 OSPF area includes nodes with IP addresses 10.10.20.100, 10.10.30.150, 10.10.40.200, and 10.10.50.250, the range address would be 10.10.0.0.
–Range Area ID—Enter the OSPF area ID for the ONS 15454 nodes. This is either the ID in the DCC OSPF area ID field or the ID in the area ID for LAN Port field.
–Mask Length—Enter the subnet mask length. In the Range Address example, this is 16.
–Mask—Displays the subnet mask used to reach the destination host or network.
–Advertise—Check if you want to advertise the OSPF range table.
c. Click OK.
Step 8 All OSPF areas must be connected to area 0. If the ONS 15454 OSPF area is not physically connected to area 0, use the following steps to create a virtual link table that will provide the disconnected area with a logical path to area 0:
a. Under OSPF Virtual Link Table, click Create.
b. In the Create Virtual Link dialog box, complete the following fields. (The OSPF settings must match OSPF settings for the ONS 15454 OSPF area.)
–Neighbor—Enter the router ID of the area 0 router.
–Transit Delay (sec)—The service speed. One second is the default.
–Retransmit Int (sec)—Sets the time that will elapse before a packet is resent. Five seconds is the default.
–Hello Int (sec)—The number of seconds between OSPF hello packet advertisements sent by OSPF routers. Ten seconds is the default.
–Dead Int (sec)—Sets the number of seconds that will pass while an OSPF router's packets are not visible before its neighbors declare the router down. Forty seconds is the default.
–Auth Type—If the router where the ONS 15454 is connected uses authentication, choose Simple Password. Otherwise, set it to No Authentication.
c. Click OK.
Step 9 After entering ONS 15454 OSPF area data, click Apply.
If you changed the area ID, the TCC cards will reset, one at a time.
13.5 Using Routing Information Protocol
The Routing Information Protocol (RIP) is widely used for routing traffic in the global Internet. RIP is an interior gateway protocol, which means that it performs routing within a single autonomous system. Exterior gateway protocols, such as the Border Gateway Protocol (BGP), perform routing between different autonomous systems.
RIP sends routing-update messages at regular intervals and when the network topology changes. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by one, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send. Use the following procedure to configure the ONS 15454 for RIP:
Step 1 Log into CTC.
Note You must create a static route to the router adjacent to the ONS 15454 in order for the ONS 15454 to send its routing information out to the network.
Step 2 Display the node view.
Step 3 Click the Provisioning > Network > RIP tabs.
Step 4 Check the RIP Active check box if you are activating RIP.
Step 5 Choose either RIP Version 1 or RIP Version 2 from the drop-down menu, depending on which version is supported in your network.
Step 6 Set the RIP metric. The RIP metric can be set to a number between 1 and 15 and represents the number of hops.
Step 7 Under Authentication, select the authentication type. If the router where the ONS 15454 is connected requires authentication, choose Simple Password. Otherwise, choose No Authentication. (default). You must click the No Authentication button to choose the Simple Password option.
13.6 Using the Proxy Server Features
The ONS 15454 proxy server is a set of functions that allows you to network ONS 15454 nodes in environments where visibility and accessibility between ONS 15454s and CTC computers must be restricted. For example, you can set up a network so that field technicians and network operation center (NOC) personnel can both access the same ONS 15454 nodes while preventing the field technicians from accessing the NOC LAN. To do this, one ONS 15454 is provisioned as a gateway NE (GNE) and the other ONS 15454 nodes are provisioned as element NEs (ENEs). The GNE ONS 15454 tunnels connections between CTC computers and ENE ONS 15454 nodes, providing management capability while preventing access for non-ONS 15454 management purposes.
The ONS 15454 proxy server performs the following tasks:
•Isolates DCC IP traffic from Ethernet (craft port) traffic and accepts packets based on filtering rules. The filtering rules (see Table 13-3 and Table 13-4) depend on whether the packet arrives at the ONS 15454 DCC interface or the TCC Ethernet interface.
•Monitors ARP request packets on its Ethernet port. If the ARP request is from an address that is not on the current subnet, the ONS 15454 creates an entry in its ARP table. The ARP entry allows the ONS 15454 to reply to an address over the local Ethernet so craft technicians can connect to ONS 15454 nodes without changing the IP addresses of their computers.
•Processes Simple Network Time Protocol/Network Time Protocol (SNTP/NTP) requests. Element ONS 15454 NEs can derive time of day from an SNTP/NTP LAN server through the GNE ONS 15454 SONET.
•Process SNMPv1 traps. The GNE ONS 15454 receives SNMPv1 traps from the ENE ONS 15454 nodes and forwards them to all provisioned SNMPv1 trap destinations.
The ONS 15454 proxy server is provisioned using the following three check boxes in the Provisioning > Network > General tab (see Figure 13-7):
•Craft Access Only—When this option is enabled, the ONS 15454 neither installs nor advertises default or static routes. CTC computers can communicate with the ONS 15454 SONET, but they cannot communicate directly with any other DCC-connected ONS 15454 SONET.
•Enable Proxy—When this option is enabled, the ONS 15454 serves as a proxy for connections between CTC clients and ONS 15454 nodes that are DCC-connected to the proxy ONS 15454 SONET. The CTC client establishes connections to DCC-connected nodes through the proxy node. The CTC client can connect to nodes that it cannot directly reach from the host on which it runs. If Enable Proxy is off, the node does not establish proxy connections for any CTC clients, although any established proxy connections will continue until the CTC client exits.
•Enable Firewall—If this option is selected, the node prevents IP traffic from being routed between the DCC and the LAN port. The ONS 15454 can communicate with machines connected to the LAN port or connected through the DCC. However, the DCC-connected machines cannot communicate with the LAN-connected machines, and the LAN-connected machines cannot communicate with the DCC-connected machines. A CTC client using the LAN to connect to the firewall-enabled node can use the proxy capability to manage the DCC-connected nodes that would otherwise be unreachable. A CTC client connected to a DCC-connected node can only manage other DCC-connected nodes and the firewall itself.
Figure 13-7 Proxy Server Gateway Settings
Figure 13-8 shows an ONS 15454 proxy server implementation. A GNE ONS 15454 is connected to a central office LAN and to ENE ONS 15454 nodes. The central office LAN is connected to a NOC LAN, which has CTC computers. The NOC CTC computer and craft technicians must both be able to access the ONS 15454 ENEs. However, the craft technicians must be prevented from accessing or seeing the NOC or central office LANs.
In the example, the ONS 15454 GNE is assigned an IP address within the central office LAN and is physically connected to the LAN through its LAN port. ONS 15454 ENEs are assigned IP addresses that are outside the central office LAN and given private network IP addresses. If the ONS 15454 ENEs are colocated, the craft LAN ports could be connected to a hub. However, the hub should have no other network connections.
Figure 13-8 ONS 15454 Proxy Server with GNE and ENEs on the Same Subnet
Table 13-2 shows recommended settings for ONS 15454 GNEs and ENEs in the configuration shown in Figure 13-8.
Figure 13-9 shows the implementation with ONS 15454 ENEs in multiple rings. In each example, ONS 15454 GNEs and ENEs are provisioned with the settings shown in Table 13-2.
Figure 13-9 ONS 15454 Proxy Server with ENEs on Multiple Rings
Table 13-3 shows the rules the ONS 15454 follows to filter packets when Enable Firewall is enabled. If the packet is addressed to the ONS 15454 SONET, additional rules, shown in Table 13-4, are applied. Rejected packets are silently discarded.
If you implement the proxy server, keep the following rules in mind:
1. All DCC-connected ONS 15454 nodes on the same Ethernet segment must have the same Craft Access Only setting. Mixed values produce unpredictable results, and might leave some nodes unreachable through the shared Ethernet segment.
2. All DCC-connected ONS 15454 nodes on the same Ethernet segment must have the same Enable Firewall setting. Mixed values produce unpredictable results. Some nodes might become unreachable.
3. All DCC-connected ONS 15454 nodes in the same SDCC area must have the same Enable Firewall setting. Mixed values produce unpredictable results. Some nodes might become unreachable.
4. If you check Enable Firewall, always check Enable Proxy. If Enable Proxy is not checked, CTC is not able to see nodes on the DCC side of the ONS 15454 SONET.
5. If Craft Access Only is checked, check Enable Proxy. If Enable Proxy is not checked, CTC is not able to see nodes on the DCC side of the ONS 15454 SONET.
If nodes become unreachable in cases 1 and 2, you can correct the setting by performing one of the following:
•Disconnect the craft computer from the unreachable ONS 15454 SONET. Connect to the ONS 15454 through another ONS 15454 in the network that has a DCC connection to the unreachable ONS 15454 SONET.
•Disconnect the Ethernet cable from the unreachable ONS 15454 SONET. Connect a CTC computer directly to the ONS 15454 SONET.
13.7 Viewing the ONS 15454 Routing Table
ONS 15454 routing information is displayed on the Maintenance > Routing Table tabs ( Figure 13-10). The routing table provides the following information:
•Destination—Displays the IP address of the destination network or host.
•Mask—Displays the subnet mask used to reach the destination host or network.
•Gateway—Displays the IP address of the gateway used to reach the destination network or host.
•Usage—Shows the number of times this route has been used.
•Interface—Shows the ONS 15454 interface used to access the destination. Values are:
–cpm0—The ONS 15454 Ethernet interface, that is, the RJ-45 jack on the TCC and the LAN connectors on the MIC-C/T/P FMEC
–pdcc0—An SDCC interface, that is, an STM-N trunk card identified as the SDCC termination
–lo0—A loopback interface
Figure 13-10 Viewing the ONS 15454 Routing Table
Table 13-5 shows sample routing entries for an ONS 15454 SONET.
Entry 1 shows the following:
•Destination (0.0.0.0) is the default route entry. All undefined destination network or host entries on this routing table will be mapped to the default route entry.
•Mask (0.0.0.0) is always 0 for the default route.
•Gateway (172.20.214.1) is the default gateway address. All outbound traffic that cannot be found in this routing table or is not on the node's local subnet will be sent to this gateway.
•Interface (cpm0) indicates that the ONS 15454 Ethernet interface is used to reach the gateway.
Entry 2 shows the following:
•Destination (172.20.214.0) is the destination network IP address.
•Mask (255.255.255.0) is a 24-bit mask, meaning that all addresses within the 172.20.214.0 subnet can be a destination.
•Gateway (172.20.214.92) is the gateway address. All outbound traffic belonging to this network is sent to this gateway.
•Interface (cpm0) indicates that the ONS 15454 Ethernet interface is used to reach the gateway.
Entry 3 shows the following:
•Destination (172.20.214.92) is the destination host IP address.
•Mask (255.255.255.255) is a 32-bit mask, meaning that only the 172.20.214.92 address is a destination.
•Gateway (127.0.0.1) is a loopback address. The host directs network traffic to itself using this address.
•Interface (lo0) indicates that the local loopback interface is used to reach the gateway.
Entry 4 shows the following:
•Destination (172.20.214.93) is the destination host IP address.
•Mask (255.255.255.255) is a 32-bit mask, meaning that only the 172.20.214.93 address is a destination.
•Gateway (0.0.0.0) means the destination host is directly attached to the node.
•Interface (pdcc0) indicates that an SDCC interface is used to reach the destination host.
Entry 5 shows a DCC-connected node that is accessible through a node that is not directly connected:
•Destination (172.20.214.94) is the destination host IP address.
•Mask (255.255.255.255) is a 32-bit mask, meaning only the 172.20.214.94 address is a destination.
•Gateway (172.20.214.93) indicates that the destination host is accessed through a node with IP address 172.20.214.93.
•Interface (pdcc0) indicates that an SDCC interface is used to reach the gateway.
Posted: Sat Sep 16 09:50:39 PDT 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.