Table Of Contents
Cisco 10008 Router PRE4 Installation and Configuration Guide
Replacement Installation Guidelines
Installing or Replacing a PRE4
Connecting the BITS Filter Module and Clock Contacts (Optional)
Troubleshooting the Installation
Selecting Participating Subslots
Reverting to a Higher Priority Clock
Verifying the Network Timing Configuration
Forcing Failover in a Redundant Pair
Managing System Boot Parameters
Changing the Software Configuration Register Settings
Upgrading a PRE3 to a PRE4 Using ISU
Procedure to Upgrade a PRE3 to a PRE4 Using ISU
Upgrading a PRE3 to a PRE4 Without Using ISU
Procedure to Upgrade a PRE3 to a PRE4 Without Using ISU
Upgrading Software on a Single PRE4
Upgrading Software on Redundant PRE4s
Managing the Router Using the Network Management Ethernet Port
Configuring the NME Port on the PRE4
Manually Setting the Duplex Mode for the NME Port for the PRE4
Manually Setting the Speed for the NME Port for the PRE4
Analyzing and Troubleshooting Packets
Packet Statistics and PXF Counters
Displaying Packet Statistics for ACLs
Displaying IP Forwarding Statistics
Displaying Queueing Statistics
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco 10008 Router PRE4 Installation and Configuration Guide
Product Number: ESR-PRE4
This publication contains instructions for installing and upgrading the Performance Routing Engine 4 (PRE4) in a Cisco 10008 router.
Feature Information for the PRE4
Table 1 describes the release history for this feature. The table lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
The following sections are included in this installation document:
•
Prerequisites and Preparation
•
•
•
•
•
•
Product Overview
The Performance Routing Engine 4 (PRE4) is the fifth generation parallel express forwarding (PXF) packet processing and scheduling engine for the Cisco 10008 router. Figure 1 shows the front of the Cisco 10008 router.
Figure 1 Cisco 10008 Router Chassis—Front View
Blower module
PRE4—slot 0A
Primary Power Entry Module (PEM)
PRE4—slot 0B
Redundant PEM
Line card slots 5 to 8
Line card slots 1 to 4
The PRE4 performs all Layer 2 and Layer 3 packet manipulation related to routing and forwarding through the Cisco 10008 router. Its advanced application-specific integrated circuit (ASIC) technology supports very high performance throughput with IP services enabled on each port.
The PRE4 consists of two main logical and physical cards:
•
•
The PRE4 runs Cisco IOS Release 12.2(33)SB and later releases. Benefits of the PRE4 include:
•
•
•
•
•
•
•
•
•
•
•
•
By centralizing packet processing in the PRE4, the Cisco 10008 router architecture frees up space on line cards, enabling high interface density, yet retaining the compact Network Equipment Business Systems (NEBS) transmission equipment form factor.
Redundant PRE4s
You can configure two PRE4s in a single chassis for redundancy. If the active PRE4 fails, the standby PRE4 automatically takes over operation of the router. Because all the line cards are physically connected to both the active and standby PRE4s, the failure of a single PRE4 does not require user intervention.
If a failure occurs, all line cards automatically reset to the redundant PRE4. Startup and running configurations of the standby PRE4 are synchronized with the active PRE4, ensuring the fastest possible cut-over time if the active PRE4 fails.
PRE4 Front Panel
This section describes the PRE4 front panel shown in Figure 2.
Figure 2 PRE4 Front Panel
PRE4 Connectors
The front panel on the PRE4 contains three ports with RJ-45 connectors.
•
•
•
CompactFlash Card Slot
The external CompactFlash slot can store the Cisco IOS image or a system configuration file on a flash memory card. The system can also boot from the software stored on the flash memory card.
LED Indicators and Buttons
The LEDs on the PRE4 front panel provide a visual indication showing the status of PRE4 operation. Table 2 describes the PRE4 LEDs and buttons.
Note
http://cisco.com/en/US/products/hw/routers/ps133/prod_installation_guides_list.html
Alphanumeric Display
The alphanumeric display on the front panel provides information on the state of the PRE4. The display consists of two 4-character LED panels. Table 3 describes the most common messages. If you report a problem to Cisco, it is helpful to include the message on the PRE4 alphanumeric display in your problem report.
Prerequisites and Preparation
Before you perform any of the procedures in this guide, we recommend that you:
•
guide/8-hig.html•
•
•
The following publications can be used as reference material while performing procedures in this document:
–
prod_installation_guide09186a0080525aba.html–
http://cisco.com/en/US/products/hw/routers/ps133/
prod_troubleshooting_guide_book09186a00807a1043.htmlSafety Guidelines
Before you begin the PRE4 installation procedure, review the safety guidelines in this section to avoid injuring yourself or damaging the equipment. Before you install, configure, or perform maintenance on the router, you should also review the safety warnings listed in the Regulatory Compliance and Safety Information for the Cisco 10000 Series Routers document.
Safety Warnings
Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement. The following warning is an example of a safety warning. It identifies the warning symbol and associates it with a bodily injury hazard.
Warning
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
SAVE THESE INSTRUCTIONS
Note
Software Compatibility
The PRE4 has specific Cisco IOS software requirements. Table 4 shows the minimum required Cisco IOS software for the PRE4.
Table 4 PRE4 Software Compatibility
ESR-PRE4
12.2(33)SB
12.2(33)SB
Use the show version command to display the system software version that is currently loaded and running.
If the output of the show version command indicates that the Cisco IOS software is a version earlier than the version identified as the minimum Cisco IOS software release in Table 4, check the contents of the CompactFlash memory to determine if the required images are available on your system.
The output of the show flash command provides a list of all files stored in the CompactFlash memory. If the correct software version is not installed, contact Cisco Customer Service (see the "Obtaining Documentation, Obtaining Support, and Security Guidelines" section).
Installation Guidelines
This section contains guidelines for the following:
•
•
•
The PRE4 is hot-swappable, which means you can remove and replace a PRE4 while the system is operating—if you have a standby (redundant) PRE4 installed in the chassis. This feature allows you to add, remove, or replace a PRE4 while the system maintains all routing information and ensures session preservation.
Caution
Caution
New Installation Guidelines
If you are replacing the PRE4 in a non-redundant system, you must configure the PRE4 using the configure command. For configuration information, refer to the "Configuring a PRE4" section.
Replacement Installation Guidelines
If the PRE4 is replaced in a redundant system containing two PRE4s, the standby (or newly installed) PRE4 automatically assumes the configuration of the active PRE4; do not configure the new PRE4.
Required Tools and Equipment
You need the following tools and equipment to install the PRE4:
•
•
•
Powering Off the System
Use the following steps to power down the system:
Caution
Step 1
Step 2
Step 3
Figure 3 Setting DC Power Switch to the Off Position
Figure 4 Setting AC Power Switch to the Off Position
Installing or Replacing a PRE4
This section describes how to install or replace the PRE4 in the Cisco 10008 chassis. It contains the following information:
•
•
Installing a PRE4
Use the following procedure to install the PRE4 into slot 0A or slot 0B in the Cisco 10008 chassis.
Step 1
Step 2
Step 3
Step 4
The PRE4 cycles through its power-on self-test. The FAIL LED stays on briefly (10 to 15 seconds) and then shuts off.
Step 5
Caution
Step 6
Figure 5 ESD Chassis Connection
Figure 6 Inserting and Removing the PRE4
Figure 7 Closing and Opening the PRE4 Ejector Levers
Figure 8 PRE4 Captive Screw Locations
Connecting the BITS Filter Module and Clock Contacts (Optional)
The Cisco 10000 series router supports a Building Integrated Timing Source (BITS) Filter module. This module is already installed in a new chassis that is configured with a PRE4. If you are upgrading a Cisco 10000 series router with a PRE4, you can install the Building Integrated Timing Source (BITS) Filter module on the backplane of the chassis. This module is only required if you are connecting a BITS clock to the chassis.
The BITS Filter module (ESR-BITS-FLTR) allows you to attach BITS lines to the router using wire-wrap posts. It has a filter that prevents conducted emissions from the chassis traveling down the BITS lines and isolates the system from voltage surges.
The BITS Filter module has wire wrap posts to connect two sets of twisted pair (shielded or unshielded) receive TIP and RING lines from an external source to the system. The pins are associated with specific PRE slots.
Table 5 lists the wire wrap connector pinouts with the associated PRE slot.
Table 5 Wire Wrap Connector Pinouts
1-A
TIP-A
PRE slot 0A
2-A
SHIELD-A
3-A
RING-A
1-B
TIP-B
PRE slot 0B
2-B
SHIELD-B
3-B
RING-B
Note
Caution
Caution
Use the following procedure to connect the BITS clock to the wire-wrap pins on the BITS filter card:
Step 1
Step 2
Figure 9 Removing Rear Cover
Step 3
Figure 10 Loosening the Screw Terminals
Step 4
Figure 11 Installing the BITS Filter Module
Step 5
Step 6
Step 7
Note
Note
Step 8
Step 9
Step 10
Configuring a PRE4
After the PRE4 is successfully installed, you can configure it for network use. For information about configuring the PRE4, see "Managing the Router Using the Network Management Ethernet Port" section.
Note
For further information about configuring a PRE4, refer to the Cisco 10000 series router publications at this URL:
http://cisco.com/en/US/products/hw/routers/ps133/tsd_products_support_series_home.html
Removing a PRE4
Use the following procedure to remove a PRE from the chassis:
Step 1
Step 2
Note
Step 3
Step 4
Step 5
Note
Warning
Step 6
Troubleshooting the Installation
Refer to Figure 2 and Table 2 for descriptions of the LEDs on the PRE4. Follow the instructions in Table 6 to troubleshoot the installation.
Table 6 PRE4 Installation Troubleshooting
If these troubleshooting procedures do not correct the problem, refer to the Cisco 10000 Series Router Troubleshooting Guide for additional information.
Configuring Network Timing
Network Timing allows you to configure a common clock source, to drive the transmit clock on all the serial interfaces in the Cisco 10000 series router on the line cards that support this feature. Apart from the PRE4, the Cisco 10000 series router also supports the Network Timing module implemented as a daughter card on the PRE4.
This section describes items that need to be configured to enable Network Timing on the Cisco 10000 series router.
•
Configuration Tasks
This section explains the steps to configure Network Timing on the Cisco 10000 series router.
•
•
Enabling Network Timing
Though several items must be configured to enable the Network Timing feature in the Cisco 10000 series router, the network-clock command is the main parser command issued from the global configuration mode. The other options included are specified below:
Router(config)# network-clock ?
Router(config)# network-clock select
Selects a network clock source. See Selecting Clock Sources.
Router(config)# network-clock participate
Enables or disables a slot/subslot from participating in network-clocking. See Selecting Participating Subslots.
Router(config)# network-clock revertive
Reverts the reference clock to the highest priority after the clock recovers from a previous failure. See Reverting to a Higher Priority Clock.
Selecting Clock Sources
Select a reference clock from the existing clock sources, to be used as the central timing supply. When choosing a source clock, you must also select the priority. The network-clock select command is issued from the global configuration mode, to select a clock source.
Router(config)# network-clock select ?The following steps enable you to configure a clock source:
Step 1
Router(config)# network-clock select <1-6>Step 2
Example 1 Options to Source the Clock
In this example, `T'3 is the controller, `1:0' is the serial interface and `pre a' denotes the active PRE.
Router(config)# network-clock select 1 T3 5/0/0Router(config)# network-clock select 1 interface serial 5/0/0/1:0Router(config)# network-clock select 1 slot pre a
Note
Step 3
T1 BITS Input
Router(config)# network-clock select 1 Slot pre-a t1 <esf | sf> <b8zs | ami>E1 BITS Input
Router(config)# network-clock select 1 Slot pre-a e1 <crc4 | no-crc4> <hdb3 | ami>For examples of T1 and E1 Bits input configuration, see Example 5 and Example 6 respectively.
Selecting Participating Subslots
Use the network-clock participate command in global configuration mode to configure individual subslot(s) that source the Network Timing clock.
Router(config)# network-clock participate <1-8>/<0-1>Reverting to a Higher Priority Clock
The network-clock revertive command allows you to automatically switch the clock to a higher priority after it recovers from a previous failure.
Router# network-clock revertive ?<cr>Verifying the Network Timing Configuration
The show network-clock command displays the clock sources configured, with their status and priority, and can be extended to display information about the daughter board and other digital phased locked loop (DPLL) information, as shown in Table 7.
Table 7 show network-clock Commands
Router# show network-clock dpll
Displays DPLL informationas shown in Example 3.
Router# show network-clock ssm
Displays Source Specific Multicast (SSM) information as shown Example 4.
Router# show network-clock |
Displays other information.
Configuration Examples
The following are examples of the show network-clock commands:
router# sh runn | i networknetwork-clock select 1 Slot pre-a t1network-clock select 2 interface Serial7/1/0/1:0network-clock select 3 controller T3 7/0/0Example 2 Show Configured Clocks
router# sh network-clocksActive source = Slot pre-aDriving DPLL pri input from CPLD loc bits mux inputStandby source = Serial7/1/0/1:0Driving DPLL sec input from CPLD pri lc mux inputAll Network Clock Configuration---------------------------------Priority Clock Source State Reason1 Slot pre-a Valid No errs2 Serial7/1/0/1:0 Valid No errs3 T3 7/0/0 Valid No errsCurrent operating mode is RevertiveCurrent OOR Switchover mode is SwitchoverThere are no slots disabled from participating in network clockingExample 3 Show PRE4 and Line Card DPLL Status
router# sh network-clocks dpllPRE-A Nettime Daughter Board DPLL using pri input:Cnfg Mode:norm State:lock (L/H:1/0) Freq. Limit:no BITS LED:greenInput Ref Freq. OOR Acq. HoldoverPri Input:loc bits(t1) 1.544 MHz no noSec Input:pri lc 1.544 MHz no noLine Card DPLLs:S/SS Clock Source Line Card Source Cnfg Mode State PRE-A PRE-B Local1/0 none 4jacket-1 pre-a norm lock ok ok nc7/0 T3 7/0/0 4cht3-hh-1 pre-a norm lock ok ok ok7/1 Serial7/1/0/1:0 4cht3-hh-1 pre-a norm lock ok ok naExample 4 Show SSM Codes Received
router# sh network-clocks ssmSSM Codes:S/SS Clock Source Source Card Rcv SSM (code)-/- Slot pre-a loc PRE n/a (0xFF)1/0 none 4jacket-1 n/a (0xFF)7/0 T3 7/0/0 4cht3-hh-1 n/a (0xFF)7/1 Serial7/1/0/1:0 4cht3-hh-1 n/a (0xFF)Example 5 PRE4 T1 BITS Input Configuration
Router(config)# network-clock select 6 slot pre-a t1 ?esf ESF Framingsf SF FramingRouter(config)# network-clock select 6 slot pre-a t1 esf ?ami AMI Line Codingb8zs B8ZS Line CodingExample 6 PRE4 E1 BITS Input Configuration
Router(config)# network-clock select 6 slot pre-a e1 ?crc4 CRC4 Framingno-crc4 No CRC4 FramingRouter(config)# network-clock select 6 slot pre-a e1 crc4 ?ami AMI Line Codinghdb3 HDB3 Line CodingForcing Failover in a Redundant Pair
To manually force the active and standby devices in a redundant pair to failover, use the redundancy force-switchover main-cpu command. Manually force the active and standby PRE4s to reverse roles if you need to replace the active one. You can then replace the PRE4 while causing only minimal disruption of traffic.
The following example shows how to set the standby PRE4 to be active:
Router# redundancy force-switchover main-cpuThis command does not generate an alarm.
Managing System Boot Parameters
During the boot process, the system reads a software configuration register that defines certain system parameters. The software configuration register is a 16-bit register in NVRAM used to define such characteristics as:
•
•
•
By modifying the boot parameters, you can customize your Cisco 10008 router. For example, a common configuration register setting in some lab environments is 0x2100. Using this setting, the system boots to the ROM monitor (ROMmon) prompt, where a technician can load a specific image by entering the boot command at the ROMmon prompt.
Changing the Software Configuration Register Settings
The factory default value for the software configuration register is 0x2102. To change the software configuration register settings while you are running system software, perform the following steps:
Step 1
Router(config)# config-register 0x2100Consult the hexadecimal column in Table 8 for the possible settings to enter as the 4-bit value parameter.
Step 2
Router(config)# Ctrl-Z Router#Step 3
Router# show version ... #Configuration register is 0x141 (will be 0x2100 at next reload)Step 4
Router# copy running-config startup-configStep 5
The router reboots using the new register settings. The software configuration register setting takes affect only after you reload the system. This happens when you issue the reload command from the console or reboot the router.
Upgrading a PRE3 to a PRE4
This section describes the following procedures to perform a hardware upgrade from a PRE3 to a PRE4:
•
•
You can upgrade a PRE3 to a PRE4 using the In Service Upgrade (ISU) feature. A PRE3 to PRE4 ISU is non-service impacting. Powering down the router is not required.
A PRE3 to PRE4 upgrade without ISU is a service impacting upgrade. The router is not available for user traffic during the upgrade, and traffic cannot resume until the upgrade is complete.
Upgrading a PRE3 to a PRE4 Using ISU
This section describes the procedure to perform a PRE3 to PRE4 upgrade using the ISU feature:
•
Prerequisites
•
•
•
•
•
Upgrade Considerations
•
•
•
Procedure to Upgrade a PRE3 to a PRE4 Using ISU
To upgrade a PRE3 to a PRE4 using ISU, follow these steps:
Step 1
Step 2
Step 3
Router# copy tftp disk0: Address or name of remote host []? 223.255.254.254 Source filename []? PRE4/images/c10k4-p11-mz Destination filename [c10k4-p11-mz]? Accessing tftp://223.255.254.254/PRE4/images/c10k4-p11-mz... Loading PRE4/images/c10k4-p11-mz from 223.255.254.254 (via FastEthernet0/0/0):.... [OK - 25251732 bytes] 25251732 bytes copied in 50.356 secs (501464 bytes/sec) Router#Step 4
Router# dir disk0:Directory of disk0:/1 -rw- 25750196 Mar 4 2000 00:13:24 +00:00 c10k4-p11-mz256503808 bytes total (230752256 bytes free)Step 5
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#Step 6
Router(config)# no boot system flash disk0:c10k4-p11-mz.mce_rp_isp-20060127Step 7
Router(config)# boot system flash disk0:c10k4-p11-mzStep 8
Router(config)# config-register 0x2100
Note
Step 9
Router(config)# exitRouter#Step 10
Router# copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]Step 11
Router# show bootvarBOOT variable = disk0:c10k4-p11-mz,1;CONFIG_FILE variable =BOOTLDR variable =Configuration register is 0x02Standby BOOT variable = disk0:c10k4-p11-mz,1;Standby CONFIG_FILE variable =Standby BOOTLDR variable =Standby Configuration register is 0x2Step 12
Step 13
Caution
Step 14
Step 15
Step 16
Step 17
Step 18
Step 19
Step 20
The PRE3 to PRE4 upgrade is complete.
Upgrading a PRE3 to a PRE4 Without Using ISU
This section describes the procedures for performing a hardware upgrade from a PRE3 to a PRE4 without using the ISU feature:
•
Prerequisites
For all of the software features supported by your current PRE3 (c10k3-p11-mz) image to function correctly, they must be supported by the PRE4 image. Check with the Cisco Technical Assistance Center (TAC) to verify the correct upgrade path before initiating the upgrade.
The upgrade should be performed by a qualified engineer. This person must be familiar with the Cisco router console interface and be able to perform basic router operations, such as configuration loading and router reload functions.
Caution
Upgrade Considerations
All new PRE4s are shipped with an eboot image (c10k4-eboot-mz) stored in bootflash.
Note
Procedure to Upgrade a PRE3 to a PRE4 Without Using ISU
To upgrade a PRE3 to a PRE4 without using ISU, follow these steps:
Step 1
Step 2
Caution
Step 3
Note
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Booting from a TFTP Server
If you saved the PRE4 image on a TFTP server that is reachable from the router (for example, if the router and server are on the same LAN or there is a default proxy server), boot the router from the TFTP server.
In the following example, the router boots the PRE4 image from a network server with the IP address 172.16.15.112:
> boot tftp://172.16.15.112/c10k4-p11-mzThe configuration dialog appears.
You can now proceed to step 9.
Booting from Disk0
If the image was saved to Disk0, boot that image.
The following boot command loads the PRE3 image from Disk0:
> boot disk0:c10k4-p11-mzThe configuration dialog appears.
You can now proceed to step 9.
Booting from the eboot Image
If you did not save the PRE4 image to a TFTP server, boot the eboot (c10k4-eboot-mz) image stored in bootflash.
In the following example, the router boots from the eboot image:
> boot bootflash:c10k4-eboot-mzThe configuration dialog appears.
Proceed to the "Did Not Save the Configuration" section.
Step 10
Saved the Configuration on a CompactFlash Card
If you booted the PRE4 image and saved the previous configuration to a CompactFlash card:
a.
b.
The router is available for normal operations and the upgrade is complete.
Saved the Configuration on a TFTP Server
If you booted the PRE3 image, and you saved the previous configuration to a TFTP server:
a.
b.
c.
d.
The router is available for normal operations and the upgrade is complete.
Did Not Save the Configuration
If you did not save the PRE2 image to a TFTP server and you booted the PRE3 image:
a.
b.
c.
d.
The PRE3 to PRE4 upgrade is complete.
Upgrading Software on a PRE4
This section describes the procedures to upgrade software on a single PRE4 or redundant PRE4s:
•
•
Upgrading Software on a Single PRE4
To upgrade software on a single PRE4, follow these steps:
Step 1
Router# copy tftp disk0: Address or name of remote host []? 223.255.254.254 Source filename []? PRE4/images/c10k4-p11-mz Destination filename [c10k4-p11-mz]? Accessing tftp://223.255.254.254/PRE4/images/c10k4-p11-mz... Loading PRE4/images/c10k4-p11-mz from 223.255.254.254 (via FastEthernet0/0/0):.... [OK - 25251732 bytes] 25251732 bytes copied in 50.356 secs (501464 bytes/sec) Router#Step 2
Router(config)# boot system flash disk0:c10k4-p11-mzStep 3
Router# copy running-config startup-configStep 4
Router# reloadThe system is now using the new Cisco IOS image.
Upgrading Software on Redundant PRE4s
To upgrade software on redundant PRE4s, follow these steps:
Step 1
Router# show redundancy statesmy state = 13 -ACTIVEpeer state = 8 -STANDBY HOTMode = DuplexUnit = PrimaryUnit ID = 0Redundancy Mode (Operational) = SSORedundancy Mode (Configured) = SSORedundancy State = SSOMaintenance Mode = DisabledManual swact enabledCommunications = Upclient count = 38client_notification_TMR = 30000 millisecondsRF debug mask = 0x0Step 2
Router# copy tftp disk0:Address or name of remote host []? 223.255.254.248Source filename []? c10008/c10k4-p11-mzDestination filename [c10k4-p11-mz]?Accessing tftp://223.255.254.248/c10008/c10k4-p11-mz...Loading c10008/c10k4-p11-mz from 223.255.254.248(via FastEthernet0/0/0):!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...[OK - 25750196 bytes]25750196 bytes copied in 50.64 secs (508495 bytes/sec)Step 3
Router# copy tftp stby-disk0The output is similar to that shown in the previous step.
Step 4
Router# dir disk0:Directory of disk0:/1 -rw- 25750196 Mar 4 2000 00:13:24 +00:00 c10k4-p11-mz256503808 bytes total (230752256 bytes free)Router# dir stby-disk0:Directory of stby-disk0:/1 -rw- 25750196 Mar 4 2000 00:14:56 +00:00 c10k4-p11-mz257544192 bytes total (231792640 bytes free)Step 5
Router# show run | i bootboot-start-markerboot system flash disk0:c10k4-p11-mz.mce_rp_isp-20060127boot-end-markerexception crashinfo file bootflash:crashinfoStep 6
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#Step 7
Router(config)# no boot system flash disk0:c10k4-p11-mz.mce_rp_isp-20060127Step 8
Router(config)# boot system flash disk0:c10k4-p11-mzStep 9
Router(config)# config-register 0x2100Step 10
Router(config)# exitRouter#Step 11
Router# copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]Step 12
Router# show bootvarBOOT variable = disk0:c10k4-p11-mz,1;CONFIG_FILE variable =BOOTLDR variable =Configuration register is 0x0Standby BOOT variable = disk0:c10k4-p11-mz,1;Standby CONFIG_FILE variable =Standby BOOTLDR variable =Standby Configuration register is 0x0Step 13
Router# reloadProceed with reload? [confirm]Resetting ..........Both PRE4s are now using the new Cisco IOS image with the new register settings.
Managing the Router Using the Network Management Ethernet Port
The network management Ethernet (NME) port on the PRE4 is used to manage the Cisco 10008 router. The duplex mode and speed of the NME port are configurable.
The following sections describe how to configure the duplex mode and speed of the NME port for the PRE4.
Configuring the NME Port on the PRE4
The NME port for PRE4 supports the following operational modes:
•
•
•
Default configurations do not appear in the router's configuration file.
We recommend that you allow the NME port to autonegotiate the duplex mode. When autonegotiation mode is enabled, the NME port responds only to IEEE 802.3x pause frames from another device.
If the negotiation of duplex mode fails and a duplex mode mismatch occurs, manually set the duplex mode for full-duplex or half-duplex operation. Setting duplex mode disables autonegotiation mode. When you manually set duplex mode, the NME port does not support IEEE 802.3x flow control.
When you manually configure duplex mode, the NME port can experience problems. If this occurs, disable duplex mode by entering the no full-duplex or no half-duplex command. When you enter the no duplex command, the operational mode reverts to autonegotiation mode.
To configure the NME port, perform the following optional configuration tasks:
•
•
Manually Setting the Duplex Mode for the NME Port for the PRE4
Note
To manually set the duplex operational mode of the NME port for the PRE4, enter either of the following commands in interface configuration mode:
Manually Setting the Speed for the NME Port for the PRE4
To manually set the speed of the NME port for PRE4, enter the following command in interface configuration mode. The default speed of the NME port is 100 Mbps.
Onboard Failure Logging
The On-Board Failure Logging (OBFL) feature enables storage and collection of critical failure information in the nonvolatile memory of an FRU (Field Replaceable Unit), like a Route Processor (RP) or Line Card. The Cisco 10000 series router supports OBFL on PRE4 and the SPA Interface Processor (SIP) or jacket card.
The OBFL stored data assists in understanding and debugging field failures upon RMA (Return Material Authorization) of a RP or Line Card at repair and failure analysis sites.
OBFL records operating temperatures, hardware uptime, interrupts and any other important events that assist board diagnosis in case of hardware failures.
For more information on the feature, see the Onboard Failure Logging feature guide located at the following URL:
Logging details for OBFL
The logging details for the OBFL feature are described below:
•
•
•
•
•
•
•
•
Storing OBFL Data
The RP logs are recorded in the bootflash, where other system images, configuration information and crash dumps are stored. OBFL logs are identified by the extension (*_hist or *_cont). The maximum memory used on the flash disk for OBFL storage is 2 MB.
Note
The dir bootflash command displays a list of log files (including OBFL logs). Given below is a sample output of the additional filenames in use by OBFL.
Router# dir bootflash:Directory of bootflash:/4 -rw- 202752 Jan 4 2008 16:13:10 -05:00 env_cont5 -rw- 69120 Jan 4 2008 16:13:12 -05:00 temp_hist13 -rw- 69120 Jan 4 2008 16:13:12 -05:00 volt_hist14 -rw- 33792 Jan 4 2008 16:13:12 -05:00 uptime_cont15 -rw- 201216 Jan 4 2008 16:13:18 -05:00 errmsg_cont16 -rw- 67584 Jan 4 2008 16:13:16 -05:00 env_hist17 -rw- 135168 Jan 4 2008 16:13:18 -05:00 temp_cont18 -rw- 135168 Jan 4 2008 20:17:28 -05:00 volt_cont19 -rw- 6144 Jan 4 2008 16:13:14 -05:00 uptime_exthist20 -rw- 4096 Jan 4 2008 16:13:16 -05:00 uptime_histDisplaying OBFL Data
The show logging onboard [status] <module> <slotnumber/subslotnumber/modulenumber> command displays the logs from the OBFL data. On the Cisco 10000 series router the term module is used to represent a Route Processor (RP) or the SPA Interface Processor (SIP).
For information on OBFL commands, see the "Configuration Tasks" chapter in the Onboard Failure Logging feature guide located at the following URL:
http://www.cisco.com/en/US/partner/docs/ios/12_0s/feature/guide/12sobfl.html#wp1025118
Analyzing and Troubleshooting Packets
The PXF engine of the PRE4 is responsible for processing and forwarding packets. As processing occurs, PXF counters increment to reflect the internal behavior of the PRE. The router collects this statistical information from the counters and appropriately displays it when you enter specific show pxf cpu commands. The output from these commands is useful in analyzing and troubleshooting denied and logged packets.
To correctly interpret packet statistics, it is important that you understand the behavior of the router during packet and access list processing, and the counters that provide the statistical data. This section briefly describes access list processing, some PXF counters and their behavior, and some of the commands you can use to display statistical information. This section is based on PRE4 with differences noted for other PREs.
Access Control Lists
The Cisco 10008 router provides traffic filtering capabilities using Access Control Lists (ACLs). Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. Using ACLs, you can do such things as restrict the contents of routing updates, provide traffic flow control, and provide security for your network.
The Cisco 10008 router supports the following ACL types and features:
•
•
•
•
The access-list command is used to configure an ACL. For example, the following configuration creates ACL 108:
access-list 108 permit udp any host 10.68.1.10 range 0 5000 logaccess-list 108 permit udp host 10.1.1.10 range 0 5000 any logAfter creating an ACL, it is applied to an interface using the ip access-group command. The router executes the ACL from top to bottom, denying or permitting packets as directed by the access-list entries (ACEs). When the log keyword is specified in an ACE, the router sends packet information to the console.
The last line of an ACL is an implicit deny statement that appears to the router as:
deny any anyThis statement causes the router to deny any packets remaining after processing the ACEs of the access list. The implicit deny statement does not include the log keyword; therefore, the router does not send packet information to the console for those packets denied by the implicit deny statement.
For example, the router processes the following ACL from top to bottom as follows:
access-list 108 permit udp any host 10.68.1.10 range 0 5000 logaccess-list 108 permit udp host 10.1.1.10 range 0 5000 any log•
•
•
Packet Statistics and PXF Counters
The PRE4 provides high performance Layer 3 processing using its PXF engine and route processor (RP). As the PXF processes packets, counters such as the following reflect the internal operation of the PRE4:
The statistical information that the PXF counters provide is useful in analyzing and troubleshooting denied and logged packets. Because the internal operation of the PRE4 differs for ACLs, the PXF counters are inconsistent between the PREs. However, system-wide router behavior is consistent for PREs despite the differences in counters.
The following sections describe the PXF counters and the way in which they increment.
IP Forwarding Counter
A Forwarding Information Base (FIB) lookup is one of the initial steps in forwarding a packet. When the router forwarding processor needs information to forward a packet, it performs a lookup operation on the FIB table. The IP forwarding counter reflects the state of that lookup operation. It does not reflect whether or not the packet was forwarded. This counter increments each time an FIB lookup successfully occurs.
ICMP Created Counters
Some FIB lookup operations can cause Internet Control Message Protocol (ICMP) messages to be generated. For example, if a packet's time-to-live (TTL) expires, an address is unreachable, or an ACL-denied packet is dropped, an ICMP message is generated. The ICMP created counters reflect the number of ICMP packets created. The counters increment each time an FIB lookup results in the generation of an ICMP message.
Feedback Counter
Sometimes the PXF cannot complete the processing of a packet before the packet completes a single pass through the PXF; the packet requires additional processing. As a result, the packet is fed back through the PXF and processing continues. This is referred to as a feedback operation.
The following are examples of packets that can cause feedbacks to occur:
•
•
•
The feedback counter reflects the total number of feedbacks through the PXF by all packets. The counter increments one time for each additional pass a packet makes.
When a packet is denied because of an ACL deny statement, the router drops the packet. Dropped packets do not need further processing and, therefore, are not fed back through the PXF. In this case, the feedback counter does not increment.
Displaying Packet Statistics
The Cisco 10008 router supports show pxf cpu commands that allow you to determine the following information:
•
•
•
•
To display packet statistics for the PRE4, enter the following commands:
For more information about show pxf commands, refer to the Cisco IOS Command Reference publication for your Cisco IOS software release.
Sample Case Study
For the purposes of this case study, assume that the following ACL is configured on the router's outbound serial 1/0/0 interface:
access-list 108 permit udp any host 10.68.1.10 range 0 5000 logaccess-list 108 permit udp host 10.1.1.l0 range 0 5000 any logA traffic simulator is used to send 100 UDP packets to the Cisco 10008 router with the source and destination ports of the packets set to 6000. Packets arrive on the Gigabit Ethernet 2/0/0 interface and are supposed to leave the router through the serial 1/0/0 interface.
After processing the 100 UDP packets, the show pxf cpu commands are entered to display statistical information about the packets.
Displaying Packet Statistics for ACLs
The show pxf cpu statistics security command provides statistical information about the packets denied, permitted, and logged by ACLs. The router collects statistics for mini-compiled ACLs, but not for turbo-compiled ACLs.
The following example output provides packet information before sending the 100 packets. Notice that the Packets Denied field indicates that no packets have been denied by ACL 108. The Denied & Log field indicates that no denied packets have been logged.
Router# show pxf cpu statistics securityACL Pkts Pkts Denied Permit OtherName Denied Permitted & Log & Log Packets108 0 0 0 0 0The following example output results after sending the 100 packets. Notice that the Packets Denied field now indicates that 100 packets have been denied. Recall that the router denied the packets because they matched the implicit deny statement. This statement does not include a log keyword, which causes information to be sent to the console. Therefore, no logging occurs and the Denied and Log fields indicate this.
Router# show pxf cpu statistics securityACL Pkts Pkts Denied Permit OtherName Denied Permitted & Log & Log Packets108 100 0 0 0 0Displaying IP Forwarding Statistics
The show pxf cpu statistics ip command provides statistical information about IP forwarding. The following example output indicates that the count of the IP forwarding counter before sending the 100 packets is 402.
Router# show pxf cpu statistics ipFP ip statisticsdropped = 0forwarded = 402punted = 540input_packets = 942icmps_created = 0noadjacency = 0noroute = 6unicast_rpf = 0FP ip multicast statisticsmcast total = 0mcast drops = 0mcast punts = 0mcast switched = 0mcast encaps = 0mcast decaps = 0FP ip frag statisticspackets = 0fragments = 0fragfail = 0dontfrag = 0mcdontfrag = 0FP icmp statisticsunreachsent = 2ttlsent = 0echorepsent = 5echorcv = 5checksumerr = 0FP mpls statisticsdiverted = 0dropped = 0switched = 0feedback = 0icmps created = 0The following example output results after sending the 100 packets. Notice that the IP forwarding counter is now 502.
Router# show pxf cpu statistics ipFP ip statisticsdropped 0forwarded 502 /*incremented by 100*/punted 540input_packets 942icmps_created 0noadjacency 0noroute = 6unicast_rpf = 0FP ip multicast statisticsmcast total = 0mcast drops = 0mcast punts = 0mcast switched = 0mcast encaps = 0mcast decaps = 0FP ip frag statisticspackets = 0fragments = 0fragfail = 0dontfrag = 0mcdontfrag = 0FP icmp statisticsunreachsent = 2ttlsent = 0echorepsent = 5echorcv = 5checksumerr = 0FP mpls statisticsdiverted = 0dropped = 0switched = 0feedback = 0icmps created = 0Displaying Queueing Statistics
The show pxf cpu queue command provides queueing statistics for one interface, all interfaces, or a queue identifier (QID). The following example displays PXF queuing statistics for QID 591.
Router# show pxf cpu queue 591HW Queue: qid=591qlimit=25000 chain_size=7 user_defined_overhead_with_atm=0 length_adjust_or_mlp_class=0lblt=72 quantum=10000 (Y=29, X=53688) w=1 (brr=166) flags=0x0Shape x=0 y=0 (0 bps) invx=0 invy=0 maxTokens=0shapeTS=0x1F92C9F9 curr_token=0x0000 curr_quantum=9937Logical BLT Shadow data: qid=72hwidb=GigabitEthernet1/3/1, lfi bundle qid=0x0, def pblt=19atm_vc=Not an ATM VC, mqc_gqid=0x0, lblt flags=0x4HW Logical BLT: qid=72pblt=19 quantum=10000 (Y=29, X=53688) w=1 (brr=166)Shape: x=0 y=0 (0 bps) invx=0 invy=0 maxTokens=0pkt_size_adj_type=PKT_SIZE_ADJ_TYPE_PRE3_NORMAL user_defined_overhead=0curr_token=0xFFFFFFC0 last_timestamp=0x00000000Flow Control: period=0 offset=0 frag=4095 byte=0 res=0ML / LFI: ml_lfi_flag=0 ml_size=0 start_flag=0 delay_start=1Physical BLT Shadow data: qid=19hwidb=GigabitEthernet1/3/1, pbt flags=0x0Bandwidths max=1000000 kbps, current=1000000 kbps, shaped=0kbps2 child lblts: 70 72HW Physical BLT: qid=19bwm=39322, bws=14,(999989827 bps), resource=11, burst_limit=6826, channel=113flow_period=8, flow_offset=1, flow_resource=14col6_burst_limit=169, pkt_size_adj_type=1, flowoff_byte=0vtp_bwm=0, vtp_bws=0, vtp_burst=0, next_send_blt=19, pblt=19Displaying Drop Statistics
The show pxf cpu statistics drop command provides information about dropped packets and ICMP packets. The following example output indicates the count of the icmp_unrch_interval counter before sending the 100 packets. Notice that the count is zero.
Router# show pxf cpu statistics dropFP drop statisticspackets bytesreasm_err_or_badmtu 0 0mpls_no_eos 0 0fib_zero_dest 0 0fib_drop_null 0 0fib_icmp_no_adj 0 0fib_icmp_bcast_dst 0 0mfib_ttl_0 0 0mfib_disabled 0 0mfib_rpf_failed 0 0mfib_null_oif 0 0mfib_ttl_threshold 0 0tfib_rp_flag 0 0tfib_eos_violation 0 0tfib_nonip_expose 0 0tfib_label_invalid 0 0tfib_path_unknown 0 0tfib_nonip_ttl_exp 0 0icmp_unrch_interval 0 0 /*no ICMP packets created*/icmp_on_icmp 0 0icmp_bad_hdr 0 0icmp_multicast 0 0icmp_frag 0 0macr_bad_tag_num 0 0no_touch 0 0enq_id_0 0 0no_pkt_handles 0 0l2_unsupp_drop 0 0ipm_replay_full 0 0bad_atm_arp 0 0nested_fragmentation 0 0l2less drop packets 0ipv6_not_enabled 0 0ipv6_version 0 0ipv6_length 0 0ipv6_src_mcast 0 0ipv6_src_loopback 0 0ipv6_dst_unspec 0 0ipv6_dst_loopback 0 0ipv6_rpf_fail 0 0...The following example output indicates the count of the icmp_unrch_interval counter after sending the 100 packets. Notice that the icmp_unrch_interval count now indicates 100 due to the dropped packets.
Router# show pxf cpu statistics dropFP drop statisticspackets bytesreasm_err_or_badmtu 0 0mpls_no_eos 0 0fib_zero_dest 0 0fib_drop_null 0 0fib_icmp_no_adj 0 0fib_icmp_bcast_dst 0 0mfib_ttl_0 0 0mfib_disabled 0 0mfib_rpf_failed 0 0mfib_null_oif 0 0mfib_ttl_threshold 0 0tfib_rp_flag 0 0tfib_eos_violation 0 0tfib_nonip_expose 0 0tfib_label_invalid 0 0tfib_path_unknown 0 0tfib_nonip_ttl_exp 0 0icmp_unrch_interval 100 12276 /*incremented by 100*/icmp_on_icmp 0 0icmp_bad_hdr 0 0icmp_multicast 0 0icmp_frag 0 0macr_bad_tag_num 0 0no_touch 0 0enq_id_0 0 0no_pkt_handles 0 0l2_unsupp_drop 0 0ipm_replay_full 0 0bad_atm_arp 0 0nested_fragmentation 0 0l2less drop packets 0ipv6_not_enabled 0 0ipv6_version 0 0ipv6_length 0 0ipv6_src_mcast 0 0ipv6_src_loopback 0 0ipv6_dst_unspec 0 0ipv6_dst_loopback 0 0ipv6_rpf_fail 0 0...Displaying PXF Traffic Loads
The show pxf cpu context command provides the current and historical loads on the PXF.
Note
The following example shows how busy the PXF forwarding process (FP) is with the current traffic load. The FP context statistics section displays the number of contexts of each type that have entered the PXF engine since it was last reloaded. If counters are idle, the PXF pipeline is hung.
Router# show pxf cpu contextFP context statistics count rate (since last time command was run)--------------------- ------------- ----------feed_back 168635 0new_work_from_lc 7474477 13new_work_from_rp 964679 1new_work_from_replay 0 0null_context 3797097495884 6312156----------6312170FP average context/sec 1min 5min 60min--------------------- ---------- ---------- ----------feed_back 0 0 0 cpsnew_work_from_lc 8 8 8 cpsnew_work 1 1 1 cpsnew_work_from_replay 0 0 0 cpsnull_context 6312260 6312261 6312250 cps--------------------- ---------- ---------- ----------Total 6312270 6312271 6312260 cpsFP context utilization 1min 5min 60min--------------------- ---------- ---------- ----------Actual 0 % 0 % 0 %Theoretical 0 % 0 % 0 %Maximum 98 % 98 % 98 %Displaying Feedback Counts
The show pxf cpu feedback command provides the total number of feedbacks through the PXF by all packets.
Router# show pxf cpu feedbackLoad for five secs: 5%/0%; one minute: 6%; five minutes: 2%Time source is hardware calendar, *21:13:02.615 UTC Tue Nov 29 2005FP column 0 feedback countsGlobal packet handle retry counter = 0Name Current Difference (since last show)--------------------- ---------- ----------bypass = 0 0schedule retry = 0 0WRED sample = 0 0MLPPP linkq update = 0 0IP frag = 0 0ICMP = 7 7layer2 divert = 0 0tunnel lookup = 0 0tunnel RX = 0 0tunnel TX = 0 0output qos = 0 0tag not ip = 0 0netflow accumulate = 0 0netflow age = 0 0netflow swap = 0 0.IPv6 Forwarding over MPLS
The Cisco 10008 router supports PXF-accelerated IPv6 packet forwarding over Multiprotocol Label Switching (MPLS) on the PRE4. This feature is enabled by default.
Table 9 lists common IPv6 commands. For more information about IPv6 commands, refer to the Cisco IOS Command Reference publication for your Cisco IOS software release.
TCAM Commands
This section describes the following commands for ACL lookup using the Ternary Content Addressable Memory (TCAM) on the PRE4:
hw-module tcam
To configure the router to merge (or not merge) access control list entries (ACEs) when compiling and storing ACEs in Ternary Content Addressable Memory (TCAM), use the hw-module tcam command in global configuration mode. To not merge ACEs, use the no form of the command.
hw-module tcam compile {no-merge | with-pt-tree}
no hw-module tcam compile with-pt-tree
Syntax Description
Command Default
The router uses the original ACE to program TCAM (no-merge option).
Command Modes
Global configuration
Command History
12.2(31)SB2
This command was introduced on the PRE3 for the Cisco 10000 series router.
12.2(33)SB
This command was introduced on the PRE4 for the Cisco 10000 series router.
Usage Guidelines
Ternary Content Addressable Memory (TCAM) is a hardware device on the PRE3 and the PRE4 that enables QoS ACLs to be collapsed and stored densely. Instead of using the TurboACL algorithm of the PRE3, the PRE3 uses the TCAM to implement ACL lookup for quick retrieval.
The PRE2 does not support the following features for IPv4 security ACLs:
•
•
IPv4 template ACLs have the same functionality on the PR2 as the PRE2 implementation.
The router supports the collection of per-ACE statistical information using the hw-module tcam compile no-merge command.
When configured, the hw-module tcam command applies to all newly added or modified ACLs and QoS-related TCAM entries. When you reload the router or microcode, the command applies to all ACL and QoS-related TCAM entries.
Examples
The following example merges ACEs in TCAM, conserving TCAM space. Per-ACE statistical information is not available when this command is configured.
Router(config)# hw-module tcam compile with-pt-treeRouter(config)#Related Commands
show pxf cpu access-lists
To display parallel express forwarding (PXF) memory information for access control lists (ACLs), use the show pxf cpu access-lists command in privileged EXEC mode.
show pxf cpu access-lists [security | qos | pbr | compiled]
Cisco 10000 Series Router
show pxf cpu access-lists [security [[tcam acl-name [detail]] | flex-sum | children] | qos | pbr | compiled]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Cisco 10000 Series Router (PRE2)
Because memory is shared between TurboACLs and MiniACLs, they can interfere with each other's capacities. The Mini-ACL is automatically set up with space for 8191 Mini-ACLs at router start. If more than 8191 Mini-ACLs are created, another block of MiniACLs (4096) is allocated. This process is repeated as necessary until the router is out of External Column Memory (XCM) in any one bank that the Mini-ACLs need.
Cisco 10000 Series Router (PRE3 and PRE4)
The PRE3 and PRE4 only implement TCAM ACLs. Turbo-ACLs and Mini-ACLs are not supported.
Examples
The sample output from the show pxf cpu access-lists security command (see Sample Output) is based on the configuration of the access control list (ACL) called test_list (see ACL Configuration). The sample output is divided into several sections with a description of the type of information displayed in each.
ACL Configuration
Router# show pxf cpu access-lists test_listExtended IP access list test_list (Compiled)10 permit ip any host 10.1.1.120 permit ip any host 10.1.1.230 permit ip any host 10.1.1.340 permit ip any host 10.1.1.450 permit ip any host 10.1.1.560 permit ip any host 10.1.1.670 permit ip any host 10.1.1.780 permit ip any host 10.1.1.890 permit ip any host 10.1.1.9100 permit ip any host 10.1.1.11110 permit ip any host 10.1.1.12Sample Output
The following sample output describes the information displayed in the first section of the command output from the show pxf cpu access-lists security command:
Router# show pxf cpu access-lists securityPXF Security ACL statistics:ACL State Tables Entries Config Fragment Redundant Memory ACL_index1 Operational 1 - - - - 0Kb 1sl_def_acl Operational 2 - - - - 0Kb 2test Operational 3 - - - - 0Kb 3test_list Operational 1 12 11 0 0 7Kb 1Table 10, Part 1 describes the significant fields shown in the display.
The following sample output describes the information displayed in the next section of the command output from the show pxf cpu access-lists security command:
First level lookup tables:Block Use Rows Columns Memory used0 TOS/Protocol 1/128 1/32 163841 IP Source (MS) 1/128 1/32 163842 IP Source (LS) 1/128 1/32 163843 IP Dest (MS) 2/128 1/32 163844 IP Dest (LS) 12/128 1/32 163845 TCP/UDP Src Port 1/128 1/32 163846 TCP/UDP Dest Port 1/128 1/32 163847 TCP Flags/Fragment 1/128 1/32 16384Table 10, Part 2 describes the significant fields shown in the display.
The following sample output describes the information displayed in the next section of the command output from the show pxf cpu access-lists security command. There are 16 banks of XCM in each PXF column. This output section shows the usage level of each bank.
Banknum Heapsize Freesize %Free0 4718592 4702208 991 8126464 6012928 732 8388608 6290432 743 8388608 6290432 744 5898240 5881856 995 8126464 6012928 736 8388608 6290432 747 8126464 6012928 738 4456448 4440064 999 8126464 6012928 73Table 10, Part 3 describes the significant fields shown in the display.
This section of the sample command output indicates the memory usage of the MiniACLs in the router. All of the rows state about the same thing. To determine the actual number of MiniACLs in play, divide the memory used in any of blocks 1 to 10 by 256, or blocks 11 to 14 by 16.
MiniACL XCM Tables:Block Use Memory Used %Free0 IP Src 1 768 991 IP Src 2 768 992 IP Src 3 768 993 IP Src 4 768 994 IP Dest 1 768 995 IP Dest 2 768 996 IP Dest 3 768 997 IP Dest 4 768 998 ToS 768 999 Protocol 768 9910 TCP Flags/Fragment 768 9911 Source Port 1 48 9912 Source Port 2 48 9913 Destination Port 2 48 9914 Destination Port 2 48 99The following describes the information displayed in the last section of the sample output from the show pxf cpu access-lists security command:
Available MiniACL count = 8191Usable ranges(inclusive):1->8191Table 10, Part 4 describes the significant fields shown in the display.
PRE2 and PRE3 Security ACLs Examples (Cisco 10000 Series Router)
This section compares the output from the show pxf cpu access-lists security command when issued on the PRE2 and PRE3.
For the PRE2, the following sample output displays VMR (value, plus a mask and result) data for the ACL named ICMP_IGMP_MATCH:
Router# show pxf cpu access-lists security tcam ICMP_IGMP_MATCH detail-------------------------------------------------------------VMR Format - handle: 524607B4Format has 5 fields, refcount = 1Field: Format, FIXED, start_bit = 69, end_bit = 71Field: ACL index, FIXED, start_bit = 54, end_bit = 68Field: Flags, FIXED, start_bit = 43, end_bit = 53Field: L4 proto, FIXED CNV, start_bit = 16, end_bit = 23Field: L4 source port, FIXED CNV, start_bit = 0, end_bit = 15 Total bits = 53, format = 72 GMR used: 5 Col 2 LKBP Vector: 544-------------------------------------------------------------VMRs------ VMR 0 ------V: 001B0000 0000010B 00M: FFFFC000 0000FFFF FFR: 00010001Format: 00000000/00000007ACL index: 0000006C/00007FFFL4 source port: 00000B00/0000FFFFL4 proto: 00000001/000000FFFlags: 00000000/00000000------ VMR 1 ------V: 001B0000 00000103 01M: FFFFC000 0000FFFF FFR: 00010002Format: 00000000/00000007ACL index: 0000006C/00007FFFL4 source port: 00000301/0000FFFFL4 proto: 00000001/000000FFFlags: 00000000/00000000------ VMR 2 ------V: 001B0000 00000213 00M: FFFFC000 0000FFFF 00R: 00010003Format: 00000000/00000007ACL index: 0000006C/00007FFFL4 source port: 00001300/0000FF00L4 proto: 00000002/000000FFFlags: 00000000/00000000------ VMR 3 ------V: 001B0000 00000214 00M: FFFFC000 0000FFFF 00R: 00010004Format: 00000000/00000007ACL index: 0000006C/00007FFFL4 source port: 00001400/0000FF00L4 proto: 00000002/000000FFFlags: 00000000/00000000For the PRE3, the following sample output displays for the show pxf cpu access-lists security command. Notice that the output does not include the columns shown above that are relevant to only the PRE2 and the output no longer displays first-level lookup tables.
Router# show pxf cpu access-lists securityPXF Security ACL statistics:ACL State ACL_indexSTANDARD_MATCH_PERMIT Operational 116SRC_IP_MATCH144 Operational 102DST_IP_MATCH Operational 113DST_IP_MATCH144 Operational 112PROTOCOL_MATCH Operational 104PROTOCOL_MATCH144 Operational 103FRAG_MATCH Operational 109PRECEDENCE_TOS_MATCH Operational 106PRECEDENCE_TOS_MATCH144 Operational 105Related Commands
show pxf cpu statistics
Displays PXF CPU statistics.
show pxf statistics
Displays a chassis-wide summary of PXF statistics.
show pxf cpu pbr action
To display policy-based routing (PBR) actions configured in the Parallel eXpress Forwarding (PXF), use the show pxf cpu pbr action command in privileged EXEC mode.
show pxf cpu pbr action map-name
Cisco 10000 Series Router
show pxf cpu pbr [action map-name | tcam map-name | flex-sum]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command is useful to determine if an adjacency has been found for a set ip next-hop ip-address route map configuration command.
Examples
The following example shows the PBR route maps configured in the PXF:
Router# show pxf cpu pbr action fooShow PBR Action:----------------------------------------------------------------------Policy number: 1route-map foo, permit, sequence 10map number = 0action index = 0primary action : SET_ROUTEsecondary action : - none -mac-rewr index = 0x0000 0015vcci = 0x09D4, qos group = 0, tos prec = 0tt_pkt_count = 0 tt_byte_count = 0Adjacency data 0x20D29968XCM adjacency from 0x70000120(RP)0xA0000120(FP) index 0x24:Cisco 10000 Series Router (PRE3 and PRE4)
The following configuration example shows a PBR configuration in which traffic classification is based on the IP access list named pbr_length. The route map permits traffic based on the specified matching criteria and sets the next hop address of each packet.
ip access-list extended pbr_lengthpermit tcp any any!route-map pbr_length permit 10match ip address pbr_lengthmatch length 100 200set ip next-hop 2.0.95.5 !route-map pbr_length permit 20match ip address pbr_lengthmatch length 200 300set ip next-hop 2.0.95.5 !route-map pbr_length permit 30match length 300 400set ip next-hop 2.0.95.5 !The following sample output from the show pxf cpu pbr command shows the type of information that displays based on the above PBR configuration:
Router# show pxf cpu pbr action pbr_lengthShow PBR Action:----------------------------------------------------------------------Policy number: 3route-map pbr_length, permit, sequence 10map number = 0action index = 64map vcci out = 0x0tt_pkt_count = 0 tt_byte_count = 0primary action : NULL_ACTIONsecondary action : - none -mac-rewr index = 0x0000 0000vcci = 0x0000, qos group = 0, tos prec = 0......................................................................route-map pbr_length, permit, sequence 20map number = 1action index = 65map vcci out = 0x0tt_pkt_count = 0 tt_byte_count = 0primary action : NULL_ACTIONsecondary action : - none -mac-rewr index = 0x0000 0000vcci = 0x0000, qos group = 0, tos prec = 0......................................................................route-map pbr_length, permit, sequence 30map number = 2action index = 66map vcci out = 0x0tt_pkt_count = 0 tt_byte_count = 0primary action : NULL_ACTIONsecondary action : - none -mac-rewr index = 0x0000 0000vcci = 0x0000, qos group = 0, tos prec = 0The following sample output from the show pxf cpu pbr tcam command shows the type of detailed VMR (value, plus a mask and result) information that displays:
Router# show pxf cpu pbr tcam pbr_length detailVMR data for Route-map pbr_length-------------------------------------------------------------VMR Format - handle: 5050BC90Format has 5 fields, refcount = 1Field: Format, FIXED, start_bit = 69, end_bit = 71Field: ACL index, FIXED, start_bit = 54, end_bit = 68Field: Flags, FIXED, start_bit = 43, end_bit = 53Field: L4 proto, FIXED CNV, start_bit = 16, end_bit = 23Field: Unknown, FLEX, start_bit = 0, end_bit = 15 Total bits = 53, format = 72 GMR used: 0 Col 3 LKBP Vector: 96CStatus: Running-------------------------------------------------------------VMRs------ VMR 0 ------V: 7000C000 00000600 70M: FFFFD800 0000FFFF F0R: 80000104Format: 00000003/00000007ACL index: 00004003/00007FFFL4 proto: 00000006/000000FFFlags: 00000000/00000300Packet Length: 00000070/0000FFF0------ VMR 1 ------V: 7000C000 00000600 68M: FFFFD800 0000FFFF F8R: 80000104Format: 00000003/00000007ACL index: 00004003/00007FFFL4 proto: 00000006/000000FFFlags: 00000000/00000300Packet Length: 00000068/0000FFF8------ VMR 2 ------V: 7000C000 00000600 64M: FFFFD800 0000FFFF FCR: 80000104Format: 00000003/00000007ACL index: 00004003/00007FFFL4 proto: 00000006/000000FFFlags: 00000000/00000300Packet Length: 00000064/0000FFFC...------ VMR 18 ------V: 7000C000 00000000 00M: FFFFC000 00000000 00R: 80000110Format: 00000003/00000007ACL index: 00004003/00007FFFL4 proto: 00000000/00000000Flags: 00000000/00000000Packet Length: 00000000/00000000Related Commands
show pxf cpu policy-data
Displays QoS policy data index usage statistics.
show pxf cpu vcci
Displays VCCI to interface mapping information.
show pxf cpu qos
To display Parallel eXpress Forwarding (PXF) External Column Memory (XCM) contents related to a particular policy, use the show pxf cpu qos command in privileged EXEC mode.
show pxf cpu qos [policy-map policy-name | vcci]
Cisco 10000 Series Router
show pxf cpu qos [0-65535 | classifiers | flex-sum | policy-map policy-name | tcam | vcci-maps]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command is useful in verifying the presence of a policy on interfaces and indexes programmed in the PXF.
Examples
The following example shows XCM contents related to a policy called police_test, which is defined as follows:
policy-map police_testclass high-prioritypriorityclass low-priorityset atm-clpclass class-defaultqueue-limit 512Router# show pxf cpu qos police_testOutput Policymap: police_testVcci: A05 Flags: 4 Policymap_index: 6 Policymap_data_index: 12OUT AT1/0/0.111 (0x71764660) ref_count 1Output Action Table Contents for vcci 0xA05 - Policymap index: 6class-name: high-priority class_index: 0 action_flags: 0x00srp_class_id: 0x01 prec/dscp: 0x00 cos: 0discard_class: 0x00 exp_value: 0class-name: low-priority class_index: 1 action_flags: 0x10srp_class_id: 0x00 prec/dscp: 0x00 cos: 0discard_class: 0x00 exp_value: 0class-name: class-default class_index: 2 action_flags: 0x00srp_class_id: 0x00 prec/dscp: 0x00 cos: 0discard_class: 0x00 exp_value: 0Related Commands
show pxf cpu statistics qos
Displays match statistics for a service policy on an interface.
show pxf dma
To display the current state of direct memory access (DMA) buffers, error counters, and registers on the Parallel eXpress Forwarding (PXF) engine, use the show pxf dma command in privileged EXEC mode.
show pxf dma [buffers | counters | reassembly | registers]
Cisco 10000 Series Router (PRE3 and PRE4)
show pxf dma [buffers | counters | reassembly | registers] [brief | config | errors | status]
Syntax Description
Command Modes
Privileged EXEC
Command History
Examples
The following example shows PXF DMA buffers information:
Router# show pxf dma buffersPXF To-RP DMA Ring Descriptors & Buffers:Descriptor Buffer Buffer DescriptorAddress Address Length(b) Flags0 0x0CA06340 0x0AC097C0 512 0x00021 0x0CA06350 0x0AC088C0 512 0x00022 0x0CA06360 0x0AC07C40 512 0x00023 0x0CA06370 0x0AC0B5C0 512 0x00024 0x0CA06380 0x0AC0CC40 512 0x00025 0x0CA06390 0x0AC08640 512 0x00026 0x0CA063A0 0x0AC0C240 512 0x00027 0x0CA063B0 0x0AC08B40 512 0x00028 0x0CA063C0 0x0AC0AE40 512 0x00029 0x0CA063D0 0x0AC0BAC0 512 0x000210 0x0CA063E0 0x0AC0C9C0 512 0x000211 0x0CA063F0 0x0AC09CC0 512 0x000212 0x0CA06400 0x0AC0C740 512 0x000213 0x0CA06410 0x0AC0A6C0 512 0x000214 0x0CA06420 0x0AC0B0C0 512 0x000215 0x0CA06430 0x0AC09040 512 0x000216 0x0CA06440 0x0AC0A440 512 0x000217 0x0CA06450 0x0AC065C0 512 0x000218 0x0CA06460 0x0AC06FC0 512 0x000219 0x0CA06470 0x0AC06340 512 0x000220 0x0CA06480 0x0AC07240 512 0x000221 0x0CA06490 0x0AC092C0 512 0x000222 0x0CA064A0 0x0AC0D140 512 0x000223 0x0CA064B0 0x0AC0C4C0 512 0x000224 0x0CA064C0 0x0AC07740 512 0x000225 0x0CA064D0 0x0AC09540 512 0x000226 0x0CA064E0 0x0AC0A940 512 0x000227 0x0CA064F0 0x0AC06840 512 0x000228 0x0CA06500 0x0AC08140 512 0x000229 0x0CA06510 0x0AC06D40 512 0x000230 0x0CA06520 0x0AC07EC0 512 0x000231 0x0CA06530 0x0AC0ABC0 512 0x0003PXF From-RP DMA Ring Descriptors & Buffers:Descriptor Buffer Buffer Descriptor ContextAddress Address Length(b) Flags Bit0 0x0CA06580 0x00000000 0 0x0000 Not set1 0x0CA06590 0x00000000 0 0x0000 Not set2 0x0CA065A0 0x00000000 0 0x0000 Not set3 0x0CA065B0 0x00000000 0 0x0000 Not set4 0x0CA065C0 0x00000000 0 0x0000 Not set5 0x0CA065D0 0x00000000 0 0x0000 Not set6 0x0CA065E0 0x00000000 0 0x0000 Not set7 0x0CA065F0 0x00000000 0 0x0000 Not set8 0x0CA06600 0x00000000 0 0x0000 Not set9 0x0CA06610 0x00000000 0 0x0000 Not set10 0x0CA06620 0x00000000 0 0x0000 Not set11 0x0CA06630 0x00000000 0 0x0000 Not set12 0x0CA06640 0x00000000 0 0x0000 Not set13 0x0CA06650 0x00000000 0 0x0000 Not set14 0x0CA06660 0x00000000 0 0x0000 Not set15 0x0CA06670 0x00000000 0 0x0001 Not setTable 10, Part 1 describes the fields shown in the display.
Related Commands
clear pxf
Clears PXF counters and statistics.
show pxf cpu
Displays PXF CPU statistics.
show pxf microcode
Displays the microcode version running on the PXF.
show pxf tcam
To display version information about Ternary Content Access Memory (TCAM) devices, register values, and cell usage by application regions, use the show pxf tcam command in privileged EXEC mode.
show pxf tcam
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
12.2(31)SB2
This command was introduced on the PRE3 for the Cisco 10000 series router.
12.2(33)SB
This command was introduced on the PRE4 for the Cisco 10000 series router.
Usage Guidelines
The TCAM can only match binary ranges. Therefore, the router creates multiple entries, which together have binary ranges to cover a non-binary range. This is referred to as port expansion. Another example of entry expansion is matching the established keyword. The router implements this as two entries: one to check for the ACK bit and the other to check if the RST bit is set.
If per access control entry (ACE) accounting is required, the router limits you to 64K ACEs for each access control list (ACL). Otherwise, the available TCAM space defines the ACE limitation. If no TCAM space is available, the ACE is not placed into TCAM and the router uses an ACE equivalent to deny ip any any. When sufficient space becomes available in TCAM, you must first remove the ACL from the interface and then reapply it to activate it.
Examples
The following sample output shows the types of information that displays when you enter the show pxf tcam command:
Router# show pxf tcamTCAM register infoToaster Tcam config 0xFE39870FToaster Tcam status 0x00000000Toaster Tcam Xtype/Mask 0x00000000/0x00000100 Toaster Tcam Instr_reg 0x00000004 Toaster Tcam clk cfg 0x000000A0 NETCAM3, dev 0 ver RCNETCAM3 version value = 0x00000000:00000000:4E4C0201NETCAM3 device id = 0x00000000:00000000:00000100NETCAM3 CCR value = 0x00000000:08000059:C000101ANETCAM3 STAT value = 0x00000000:00000000:00060100NETCAM3 PER value = 0x00000000:00000000:00000000NETCAM3 IAERR value = 0x00000000:00000000:00000000NETCAM3 RPID1 = 0x00000000:00000000:00000000NETCAM3 RPID2 = 0x00000000:00000000:00000000NETCAM3 RPID3 = 0x00000000:00000000:00000000NETCAM3 RPID4 = 0x00000000:00000000:00000000NETCAM3 BCS value = 0x00000000:00002492:49000000NETCAM3 HRR0 value = 0x00000000:00000000:C000FFFD NETCAM3, dev 1 ver RCNETCAM3 version value = 0x00000000:00000000:4E4C0201NETCAM3 device id = 0x00000000:00000000:00000104NETCAM3 CCR value = 0x00000000:08000059:F000103ANETCAM3 STAT value = 0x00000000:00000000:00020100NETCAM3 PER value = 0x00000000:00000000:00000000NETCAM3 IAERR value = 0x00000000:00000000:00000000NETCAM3 RPID1 = 0x00000000:01010101:01010101NETCAM3 RPID2 = 0x00000000:01010101:01010101NETCAM3 RPID3 = 0x00000000:01010101:01010101NETCAM3 RPID4 = 0x00000000:01010101:01010101NETCAM3 BCS value = 0x00000000:00004924:92249249NETCAM3 HRR0 value = 0x00000000:00000000:40000000TCAM Info:total regions 133, used cells 7, free cells 524281,used masks 7, free masks 524281Region breakdown info (max=0 means no limit):id name lk_size max_entry used_entry free_cells----------------------------------------------------------------0 72-bit ACL/QOS/PBR/i72 0 5 1310671 144-bit ACL/QOS/PBR/144 0 0 993132 288-bit ACL/QOS/PBR/288 0 0 655363 IPv6 /128 Address Ma144 0 0 337784 IPv6 /127 Address Ma144 0 0 10105 IPv6 /126 Address Ma144 0 0 10106 IPv6 /125 Address Ma144 0 0 10107 IPv6 /124 Address Ma144 0 0 10108 IPv6 /123 Address Ma144 0 0 10109 IPv6 /122 Address Ma144 0 0 101010 IPv6 /121 Address Ma144 0 0 101011 IPv6 /120 Address Ma144 0 0 101012 IPv6 /119 Address Ma144 0 0 101013 IPv6 /118 Address Ma144 0 0 101014 IPv6 /117 Address Ma144 0 0 101015 IPv6 /116 Address Ma144 0 0 101016 IPv6 /115 Address Ma144 0 0 101017 IPv6 /114 Address Ma144 0 0 101018 IPv6 /113 Address Ma144 0 0 100919 IPv6 /112 Address Ma144 0 0 100820 IPv6 /111 Address Ma144 0 0 100821 IPv6 /110 Address Ma144 0 0 100822 IPv6 /109 Address Ma144 0 0 100823 IPv6 /108 Address Ma144 0 0 100824 IPv6 /107 Address Ma144 0 0 100825 IPv6 /106 Address Ma144 0 0 100826 IPv6 /105 Address Ma144 0 0 100827 IPv6 /104 Address Ma144 0 0 100828 IPv6 /103 Address Ma144 0 0 100829 IPv6 /102 Address Ma144 0 0 100830 IPv6 /101 Address Ma144 0 0 100831 IPv6 /100 Address Ma144 0 0 100832 IPv6 /99 Address Map144 0 0 100833 IPv6 /98 Address Map144 0 0 100834 IPv6 /97 Address Map144 0 0 100835 IPv6 /96 Address Map144 0 0 100836 IPv6 /95 Address Map144 0 0 100837 IPv6 /94 Address Map144 0 0 100838 IPv6 /93 Address Map144 0 0 100839 IPv6 /92 Address Map144 0 0 100840 IPv6 /91 Address Map144 0 0 100841 IPv6 /90 Address Map144 0 0 100842 IPv6 /89 Address Map144 0 0 1008...130 IPv6 /1 Address Mapp144 0 0 1007131 IPv6 /0 Address Mapp144 0 1 1007132 MCE V6 MCAST1 288 0 0 65536Table 10, Part 1 describes the fields shown in the display.
Related Commands
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)
Guest
