Downloads |
Table Of Contents
Prerequisites for SSG Interface Redundancy
Restrictions for SSG Interface Redundancy
Information About SSG Interface Redundancy
SSG Interface Redundancy Overview
SSG Uplink Interface Redundancy Topologies
Multiple Next Hops per Service
Multiple Uplink Interfaces with a Single Next Hop
Multiple Uplink Interfaces with No Next Hop
Combination of Directly Connected Uplink Interfaces and Interfaces with Next Hops
How to Configure SSG Interface Redundancy
Grouping Redundant Uplink Interfaces
Binding Services to Interfaces and Next-Hop IP Addresses
Binding Services by Using the Router's CLI
Binding Services Using the Next-Hop Gateway Profile on the AAA Server
Disabling Overlapping IP Address Support
Configuration Examples for SSG Interface Redundancy
Service Bound to Multiple Uplink Interfaces: Example
Service Bound to Next Hop with Multiple Uplink Interfaces: Example
SSG Interface Redundancy
The SSG Interface Redundancy feature enables providers to configure the Cisco Service Selection Gateway (SSG) with redundant uplink interfaces to services and to the default network. This feature also supports the configuration of redundant downlink interfaces for nonoverlapping users configured with the port-bundle host key functionality. Interface redundancy benefits service providers as well as subscribers by helping prevent subscriber downtime due to interface failure.
12.2(16)BX3
This feature was introduced on the Cisco 10000 series router.
12.3(8)T
This feature was integrated into Cisco IOS Release 12.3(8)T.
Feature History for the SSG Interface Redundancy Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for SSG Interface Redundancy
•
•
•
•
Prerequisites for SSG Interface Redundancy
Before you can perform the tasks in this document, SSG must be enabled by use of the ssg enable command.
Restrictions for SSG Interface Redundancy
The distance metric does not have any effect on services bound directly to broadcast interfaces by using the ssg bind service command. Upstream traffic is routed by the global routing table.
The weights for service bindings are used only for routing upstream traffic. SSG allows downstream traffic from services on the secondary uplink interfaces even when the primary is active.
Information About SSG Interface Redundancy
Before you configure SSG interface redundancy, you should understand the following concepts:
•
•
SSG Interface Redundancy Overview
In SSG, each service is associated with an outbound interface. When a subscriber chooses to use a service, SSG connects the subscriber to the service through the associated outbound interface. SSG interface redundancy allows services to be associated with more than one interface to protect against link failures.
When redundant interfaces are configured for a service, the order in which SSG selects the interface to be used to reach a service depends on the distance metric that is assigned to the service binding. The interface for the service binding with the lowest metric is the primary interface. The interface for the service binding with the second-lowest weight is the secondary interface, and so on.
If a failure occurs on an active interface, SSG recognizes the failure and switches the service connection to the interface associated with the next-lowest metric. When the primary uplink interface or next hop becomes available again, SSG switches back to using the primary interface.
If a service is configured for multiple uplink interfaces, downstream traffic is allowed on all of the interfaces for any service bound to even one of those interfaces.
If a host has a connection that uses NAT to one of the services on a set of redundant uplink interfaces, all traffic from a user to any of the uplink interfaces uses NAT.
SSG interface redundancy can be configured for services, including open garden and walled garden services, and the default network. This feature is supported on all interfaces that support SSG, including subinterfaces and VLAN interfaces. Downlink interface redundancy is also supported for nonoverlapping users in port-bundle host key mode.
SSG Uplink Interface Redundancy Topologies
The SSG Interface Redundancy feature supports uplink interface redundancy in the following network topologies:
Multiple Next Hops per Service
Multiple Uplink Interfaces with a Single Next Hop
Multiple Uplink Interfaces with No Next Hop
Combination of Directly Connected Uplink Interfaces and Interfaces with Next Hops
Multiple Next Hops per Service
Figure 1 shows an example of SSG interface redundancy configured to support multiple next-hop IP addresses per service. In this type of topology, each next hop is routable on a different uplink interface. SSG forwards traffic to the appropriate next hop on the basis of the distance metric assigned to it.
Figure 1 Multiple Next Hops per Service: Sample Topology
Multiple Uplink Interfaces with a Single Next Hop
Figure 2 shows an example of SSG interface redundancy configured to support multiple uplink interfaces that share a single next hop. In this type of topology, routing to the service is governed by the active route to the next-hop IP address.
Figure 2 Multiple Uplink Interfaces with a Single Next Hop: Sample Topology
Multiple Uplink Interfaces with No Next Hop
Figure 3 shows an example of SSG interface redundancy configured to support multiple uplink interfaces that are directly connected to the service.
Figure 3 Multiple Uplink Interfaces with No Next Hop: Sample Topology
Combination of Directly Connected Uplink Interfaces and Interfaces with Next Hops
Figure 4 shows an example of SSG interface redundancy configured to support an uplink interface that is directly connected to the service and an uplink interfaces with a next hop.
Figure 4 Combination of Directly Connected Uplink Interfaces and Interfaces with Next Hops: Sample Topology
How to Configure SSG Interface Redundancy
This section contains the following procedures:
•
•
•
Grouping Redundant Uplink Interfaces
When SSG interface redundancy is configured to support multiple uplink interfaces to a service, the interfaces must be grouped together so that they are treated similarly. Perform this task to group uplink interfaces.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
Binding Services to Interfaces and Next-Hop IP Addresses
You can bind a service to an interface or next hop by using the command-line interface (CLI) . You can bind a service to a next hop by defining the next hop in the Next-Hop Gateway profile on the authentication, authorization, and accounting (AAA) server. Perform one of the following tasks to bind a service:
•
•
Binding Services by Using the Router's CLI
Perform this task to use the router's CLI to bind a service to an interface or next-hop IP address. You can bind a service to more than one interface or next hop to configure interface redundancy.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Binding Services Using the Next-Hop Gateway Profile on the AAA Server
SSG allows the next-hop IP addresses for services to be specified in Next-Hop Gateway profiles on the AAA server. A service profile contains a next-hop key. The next-hop key is associated with the next-hop IP address in the Next-Hop Gateway profile that is downloaded separately by SSG.
To associate a next-hop key with an IP address, use the Next-Hop Gateway Table Entry vendor-specific attribute (VSA) in the Next-Hop Gateway profile:
Control-Info = "Gkey;ip_address[;distance-metric]"
This attribute can be used more than once in a Next-Hop Gateway profile to associate a next-hop key with more than one IP address for redundancy.
Disabling Overlapping IP Address Support
The SSG Port-Bundle Host Key feature enables subscribers to assign overlapping IP addresses and binds users to their respective downlink interfaces. Traffic from a user is not accepted if it arrives on any other interface. To enable subscriber-side interface redundancy when SSG port-bundle host key functionality is configured and there are no overlapping IP host addresses, you must disable the interface binding for hosts by disabling overlapping IP address support. Perform this task to disable overlapping IP address support.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Configuration Examples for SSG Interface Redundancy
This section contains the following examples:
•
•
Service Bound to Multiple Uplink Interfaces: Example
In the following example, a service called "sample-service" is bound to two uplink interfaces: ATM interface 1/0.1 is the primary interface, and ATM interface 1/0.2 is the secondary interface. Both interfaces are configured as members of "groupA".
ssg bind service sample-service atm 1/0.1ssg bind service sample-service atm 1/0.2 100!interface ATM 1/0.1 point-to-pointip address 10.1.0.1 255.255.0.0ssg direction uplink member groupA!interface ATM 1/0.2 point-to-pointip address 10.2.0.1 255.255.0.0ssg direction uplink member groupA!Service Bound to Next Hop with Multiple Uplink Interfaces: Example
In the following example, a service called "sample-serviceA" is bound to next-hop gateway 10.1.1.1. Next-hop gateway 10.1.1.1 is reachable through two uplink interfaces: ethernet interface 1/0 and Ethernet interface 2/0. The group name "service-groupA" indicates that both interfaces share the same service ("sample-serviceA").
For any services bound to either of the two interfaces, downstream traffic from the service is accepted on either interface.
!ssg bind service sample-serviceA 10.1.1.1!interface ethernet 1/0ip address 10.0.1.1 255.255.255.0ssg direction uplink member service-groupA!interface ethernet 2/0ip address 10.0.2.1 255.255.255.0ssg direction uplink member service-groupA!ip route 10.1.1.1 255.255.255.255 eth 1/0 10ip route 10.1.1.1 255.255.255.255 eth 2/0 20!Additional References
The following sections provide references related to the SSG Interface Redundancy feature.
Related Documents
SSG commands
Cisco IOS Wide-Area Networking Command Reference, Release 12.3 T
SSG configuration tasks
"Broadband Access" section in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.3.
SSG Features in Cisco IOS Release 12.3(4)T
SESM
Cisco Subscriber Edge Services Manager
RADIUS commands
Cisco IOS Security Command Reference, Release 12.3 T
RADIUS configuration tasks
Standards
No new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature.
—
MIBs
RFCs
No new or modified RFCs are supported by this feature. Support for existing RFCs has not been modified by this feature.
—
Technical Assistance
Command Reference
This section documents new and modified commands only.
host overlap
To enable SSG to support overlapping host IP addresses, use the host overlap command in SSG port-map configuration mode. To disable support for overlapping host IP addresses, use the no form of this command.
host overlap
no host overlap
Syntax Description
This command has no arguments or keywords.
Defaults
Overlapping host IP addresses are supported by default when SSG port-bundle host key functionality is configured.
Command Modes
SSG port-map configuration
Command History
Usage Guidelines
The SSG Port-Bundle Host Key feature enables subscribers to have overlapping IP addresses. To enable subscriber-side interface redundancy when SSG port-bundle host key functionality is configured, overlapping IP address support must be disabled so that interface binding is not needed. Use the no host overlap command to disable overlapping IP address support.
Examples
The following example shows how to disable support for overlapping hosts when the SSG Port-Bundle Host Key feature is configured:
Router(config)# ssg enableRouter(config)# ssg port-mapRouter(ssg-port-map)# no host overlapRelated Commands
ssg port-map
Enables the SSG Port-Bundle Host Key feature and enters SSG port-map configuration mode.
ssg bind service
To specify the interface for a service, use the ssg bind service command in global configuration mode. To unbind the service and the interface, use the no form of this command.
ssg bind service service-name {ip-address | interface-type interface-number} [distance-metric]
no ssg bind service service-name {ip-address | interface-type interface-number} [distance-metric]
Syntax Description
Defaults
A service is not bound to an interface.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to bind a service to an interface. You can enter this command more than once in order to bind a service to more than one interface for interface redundancy.
Use the distance-metric argument to control the routing of upstream traffic. If more than one entry of the ssg bind service command for a service have the same metric, the upstream traffic will be load-balanced.
If a service is configured for multiple uplink interfaces, downstream traffic will be allowed on all the interfaces for any service bound to even one of those interfaces.
Examples
The following example shows the interface for the service defined as "MyService":
ssg bind service MyService ATM 0/0/0.10The following example shows uplink interface redundancy configured for the service "sample-service". ATM interface 1/0.1 is configured as the primary interface and ATM interface 1/0.2 as the secondary interface.
ssg bind service sample-service atm 1/0.1ssg bind service sample-service atm 1/0.2 100Related Commands
ssg direction
To configure an interface or range of subinterfaces as downlink or uplink, use the ssg direction command in interface configuration mode or subinterface configuration mode. To clear the directional specification, use the no form of this command.
ssg direction {downlink | uplink [member group-name]}
no ssg direction
Syntax Description
Defaults
An interface is neither uplink nor downlink.
Command Modes
Interface configuration
Subinterface configurationCommand History
12.2(16)B
This command was introduced.
12.2(15)T
This command was integrated into Cisco IOS Release 12.2(15)T.
12.3(8)T
The member keyword and group-name argument were added.
Usage Guidelines
Service Selection Gateway (SSG) applies the concept of an interface direction, either uplink or downlink. It uses this direction when determining the forwarding path of an incoming packet. The ssg direction command allows you to specify a direction for an interface or a range of subinterfaces.
The ssg direction command allows you to configure the direction for a range of permanent virtual circuits (PVCs). All members of a range must have the same direction.
Before you can change a direction from uplink to downlink or vice versa, you must use the no ssg direction command to clear the direction.
The ssg direction command replaces the ssg bind direction command. If you reboot a router that uses an old configuration, the ssg bind direction commands will be converted to ssg direction commands until the ssg bind direction command is made obsolete. In a later release, the ssg bind direction command may no longer be supported.
Note
In cases where a service has a single next-hop IP address, the ssg direction uplink command can be used with the member keyword and group-name argument to group together uplink interfaces that share a common service and enable the interfaces to be treated similarly.
The group setting for an uplink interface cannot be changed when there are active services bound to that interface.
The no form of the ssg direction command can be used only when there are no active services bound to the uplink interface.
The command operates on a variety of interfaces, including async, group async, ATM, extended tag ATM (XTagATM), bridge group virtual (BVI), CTunnel, tunnel, dialer, IEEE 802.3 Ethernet, IEEE 802.3 Fast Ethernet, IEEE 802.3z GigabitEthernet, loopback, multilink Frame Relay (MFR) bundle, multilink group, Pragmatic General Multicast (PGM) Host (Vif), virtual access, virtual template, and virtual Token Ring.
Examples
The following example sets the direction of a Fast Ethernet interface to downlink while in interface configuration mode:
ssg enableinterface FastEthernet 1/0ssg direction downlinkThe next example creates a range called "MyRange" and sets the direction of all subinterfaces in the range to downlink while in subinterface configuration mode:
ssg enableinterface ATM 1/0.1 point-to-pointrange MyRange pvc 1/32 1/42ssg direction downlinkRelated Commands
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
