Cisco IOS under Solaris

Seeing anything strange below?

%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.

unix_reload()

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, Solaris Software (UNIX-P-M), Experimental Version 12.2(20080714:162947) [arvinder-ss_auto_nightly 147]

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Wed 24-Sep-08 12:28 by arvinder

Image text-base: 0x00011D98, data-base: 0x022F2008

Solaris Unix (Sparc) processor with 56561K bytes of memory.

Processor board ID 122882152

4 Ethernet interfaces

16K bytes of NVRAM.

Press RETURN to get started!

*Mar 1 00:00:00.527: Bootstrap Emulator called with code 135

%SYS-5-RESTART: System restarted --

Cisco IOS Software, Solaris Software (UNIX-P-M), Experimental Version 12.2(20080714:162947) [arvinder-ss_auto_nightly 147]

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Wed 24-Sep-08 12:28 by arvinder

Router#sh ver

Cisco IOS Software, Solaris Software (UNIX-P-M), Experimental Version 12.2(20080714:162947) [arvinder-ss_auto_nightly 147]

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Wed 24-Sep-08 12:28 by arvinder

ROM: Bootstrap program is Solaris

Router uptime is 43 minutes

System returned to ROM by reload at 0

System restarted at XXX

System image file is "unix:./.image"

Solaris Unix (Sparc) processor with 56561K bytes of memory.

Processor board ID 122882144

4 Ethernet interfaces

16K bytes of NVRAM.

Configuration register is 0x0

Although the Cisco IOU (IOS-on-Unix) simulator is quite old, i hope some time in the future it will be provided to customers too (i guess it started being used internally by tac people to simulate customer scenarios and now it's being used for various "internal" labs too). It also seems a much better alternative than the one that's included in the various written exam simulation labs. Some years ago, there was a rumor that Cisco employees would get in trouble for even mentioning its existence and certainly if they ever gave access to somebody (only a very small number of Cisco employees had access to it). Nowadays, that it's used widely internally, i hope the above rumor has ceased to exist.

Please do not ask here for information where to get it. Just talk to your ****.

Schedule commands with the Cisco IOS

Have you ever wanted to schedule a command to run on a regular basis on a router? Then the Cisco IOS built in command scheduler called "kron" is for you. This command was introduced in Cisco IOS 12.3(1) and has been updated in 12.4.

The command scheduler will allow you to run commands, or a sequence of commands once or on a recurring basis. This is very similar to the Windows "at" command.

A common request that people have asked me for is to copy a router's running-config to startup-config or to a TFTP server on a certain day of the week every week. This will ensure that no changes are lost if someone forgets to save the config or the router dies.

Here is an example: To get a router to copy the running-config to startup-config every Sunday at 23:00, do the following:

Step 1) Kron policy list

Create a kron policy list - this is your script which lists what commands the router should run at the scheduled time

Router(config)# kron policy-list SaveConfig
Router(config-kron-policy)# cli write
Router(config-kron-policy)# exit

Note:
cli - Specifies EXEC CLI commands within a Command Scheduler policy list.
policy-list - Specifies the policy list associated with a Command Scheduler occurrence.

IMPORTANT: The reason why "write" was used rather than "copy running-config startup-config" is because kron does not support interactive prompts and "copy running-config startup-config" requires interaction. It is important to remember this when creating commands. Also note that kron does not support configuration commands.

Step 2) Create a kron occurrence

Create a kron occurrence, in which you tell the router when and how often you want to run the policy.

Router(config)# kron occurrence SaveConfigSchedule at 23:00 Sun recurring
Router(config-kron-occurrence)# policy-list SaveConfig

Note:
SaveConfigSchedule - Name of occurrence. Length of occurrence-name is from 1 to 31 characters. If the occurrence-name is new, an occurrence structure will be created. If the occurrence-name is not new, the existing occurrence will be edited.
at - Identifies that the occurrence is to run at a specified calendar date and time.
recurring - Identifies that the occurrence is to run on a recurring basis.

3) Verify

Verify that you've entered everything correctly by using the show command.

r1#sh kron schedule
Kron Occurrence Schedule
SaveConfigSchedule inactive, will run again in 1 days 12:37:47 at 23:00 on Sun

You can see that the schedule is ready to go and will run at the date above.

Note:
inactive - means that kron is not running the command(s) at present. Active means that kron is running the current command(s)


Verify that kron works via debugs:

Router#debug kron exec-cli

Dec 17 22:59:59.999: Call parse_cmd 'write'
Dec 17 23:00:01.587: Kron CLI return 0
'
**CLI 'write':
Building configuration...[OK]'
Dec 17 23:00:59.999: Call parse_cmd 'write'
Dec 17 23:01:01.559: Kron CLI return 0
'
**CLI 'write':
Building configuration...[OK]'

4) View the output of your configuration:

Router# show running-configuration

kron occurrence SaveConfigSchedule at 23:00 Sun recurring
policy-list SaveConfig

kron policy-list SaveConfig
cli write

Toll-Free Number | UIFN or ITFS?

“What makes more sense for my business, a UIFN number or an ITFS number and what’s the difference?”

ITFS stands for International Toll Free Service. An ITFS number is the international equivalent of a U.S. Toll Free number in that it allows a customer to call a business and have the business pay for the call. With ITFS, customers in one country can make toll free calls that can then be terminated in another country. The numbers vary country by country.

UIFN is an acronym for Universal Free Phone service whereby businesses can advertise a single number that can be accessed from multiple countries.

Which number makes more sense really depends on each customer’s needs. While the UIFN number is a great idea in principle, in practice it does have some drawbacks.

• UIFN numbers are not available from as many countries as ITFS numbers.
• In some countries where UIFN is available, there are restrictions that are not imposed with ITFS numbers. As examples:
  • In New Zealand, ITFS numbers can be dialed from all mobile phone networks while UIFN numbers can only be dialed from Telecom New Zealand and Vodaphone’s mobile networks.
  • In Taiwan, hotels must allow guests to dial ITFS numbers from the hotel but they are not required to provide UIFN access to their guests.
• UIFN has a one-time universal registration fee which is not required with ITFS numbers where the registration fee is paid by the carrier to the International Telecommunications Union (ITU).
• Probably the most important difference is that with UIFN numbers different dialing prefixes are required from different parts of the world and some are counterintuitive.

UIFN numbers consist of a prefix then 800 then 8 digits. An example would be the UK which has a prefix of 00 so a UIFN number as dialed from the UK would be 00 800 XXXX XXXX. Other prefixes include Australia - 0011, Argentina - 00, Finland - 990, and Canada - 011. So here’s the advice we give to our customers...

If you only need toll-free access from one country, use an ITFS number and save yourself the universal registration fee. If you are displaying the numbers on your corporate web site and can provide a drop down box for countries and corresponding toll free numbers, it still might make sense to go with the ITFS. However, if you are paying for advertising and the “real estate” is at a premium, it may make sense to go with one UIFN number, especially if you are advertising to a large number of countries.

There really is no “one size fits all” answer, but with careful consideration companies can select the option that best meets their and enjoy the many advantages of international toll free services – ITFS or UIFN.

Wavelength Services

A wavelength or lambda is light at a particular frequency or color. This characteristic is generally expressed in terms of wavelength in nanometers rather than frequency in terabits per second. Just as frequencies can be multiplexed to create a broadband wireline service, wavelengths can be multiplexed to offer multiple paths through a single fiber strand.

The multiplexing process at the physical level for fiber optics is called WDM or Wavelength Division Multiplexing. There are two technologies available. CWDM or Coarse Wavelength Division Multiplexing creates anywhere from 2 to 20 independent wavelengths, with 16 being a standard. DWDM or Dense Wavelength Division Multiplexing requires more precise equipment to create from 40 to 128 or more independent wavelengths.

As you can imagine, having dozens of independent wavelengths per fiber optic core and perhaps 100 cores in a cable, the amount of available bandwidth is truly staggering. So much so, that carriers are leasing out entire wavelengths to companies and organizations that need high bandwidth conduits. Wavelength services are similar to point to point T1 lines in that you have exclusive use of the wavelength. While the wavelengths in any particular core may be leased by dozens of different users, any multiplexing on the particular wavelength you are leasing is up to you. It's a private line service, with the line being a particular wavelength of light.

What bandwidths are available on these wavelength services? Commonly available speeds are 2.5 Gbps and 10 Gbps. Other increments of 1 Gbps and 5 Gbps are also increasingly available. Need more than 10 Gbps? It's possible to get as much as 40 Gbps in some areas. Can 100 Gbps be far behind?

Another advantage of wavelength services is that they are not locked into a particular protocol. You can use your wavelengths to transport Fast Ethernet (100 Mbps), Gigabit Ethernet, SONET OC-3, OC-12, OC-48, Fibre Channel, ESCON and Frame Relay.

Who's offering wavelength services suitable for large enterprise and other organizational use? Major competitive carriers such as Level 3, XO Communications and AboveNet have these and other fiber optic bandwidth services available right now. If you have a serious application that needs connectivity at this level, find out what wavelength services are available for your business locations.

Mobile Virtual Network Operator

MVNO is a GSM phenomenon where an operator or company which does not own a licenced sprectrum and generally with out own networking infrastructure. Instead MVNOs resell wireless services under their brand name, using regular telecom operator's network with which they have a business arrangements. Usually they they buy minutes of use from the licenced telecom operator and then resell minutes of usage to their customers of MVNO. Currently MVNOs are emerging in fast pace in European markets and beginning in USA also. Slowly MVNO phenomenon catching up in Asia and other parts of the world also.

An example for MVNO is Virgin Mobile. Virgin Mobile plc is a mobile phone service provider operating in the UK, Australia and Canada, and the US. The company was the world's first Mobile Virtual Network Operator, launched in the UK in 1999. It does not maintain its own network, and instead has contracts to use the existing network(s) of other providers. In the UK, Virgin Mobile uses the T-Mobile network. In the US, the Sprint network is the carrier. In Australia, Virgin Mobile operates on the Optus network. In Canada, it uses the Bell Mobility network. These networks use different technology (GSM in the UK and Australia and CDMA in the US and Canada).

Usually MVNO's do not have their own infrastructure, some providers are actually deploying their own Mobile Switching Centers (MSC) and even Service Control Points (SCP) in some cases. Some MVNO's deploy their own mobile Intelligent Network (IN) infrastructure in order to facilitate the means to offer value-added services. In this way, MNVO's can treat incumbent infrastructure such as radio equipment as a commodity, while the MVNO offers its own advanced and differentiated services based on exploitation of their own IN infrastructure. The goal of offering value-added services is to differentiate versus the incumbent mobile operator, allowing for customer acquisition and preventing the MVNO from needing to compete on the basis of price alone.

Fiber-Optics cable color-code

Color code, used in fiber optics, resembles that of copper. The major difference is 12-color sequence as oppose to 10-color for copper. The sequence of colors is the same, with addition of two colors - Rose (11-th) and Aqua (12-th).

In the high fiber count cables fibers are grouped in 6 or 12, and then the groups themselves are numbered. Therefore, the individual fiber's number equals the number of the group times 6 or 12 plus the number of the fiber in the group. The group size (6 fibers or 12) depends on the cable design and the total fiber count. Be aware that in cables with fiber count that is not a multiple of 12, especially those with more than 24 fibers, you can encounter both 6- and 12-fiber groups at the same time.

Groups of fibers can be designated in several different ways:
Fibers are housed inside of colored plastic tubes, all under the same outer jacket. In this case, colors of the tubes go in the same sequence as colors of the fibers: tube #1 - blue; tube #2 - orange and so on.
Fibers are helix-wrapped in colored threads or plastic ribbons. Same coloring scheme as above applies to the wraps.
Fibers have black stripes, one, two, three or even four. This is by far the most complicated tecnique. The stripes (or stripes pairs, triples etc.) are usually located about a foot (approx. 30 cm) from each other. So, you can't immediately tell what group the individual fiber belongs to. You would have to find the stripes, count them, and then decide what group number it is. If you can't find ANY stripes, it means that this fiber belongs to group one

There are also colors that designate the type of the optical fibers. It is not always followed by all manufacturers, and also, this code only applies to indoor cables: multimode fiber cables have orange jacket, and singlemode fiber cables have yellow.

8P8C Wiring

The most talked about EIA/TIA standard in data, voice is structured wiring. Here is the EIA568B standard, an ethernet cabling. The EIA568A standard is obselete.

Use of Global Route-maps

Cisco IOS has a special feature called local policy routing, which permits to apply a route-map to local (router-generated) traffic. The first way we can use this feature is to re-circulate local traffic (and force it re-enter the router). Here’s an example. By default, locally-generated packets are not inspected by outgoing access-lists. This may cause issues when local traffic is not being reflected under relfexive access-list entries. Say with configuration like that:

!
! Reflect all "session-oriented" traffic
!
ip access-list extended EGRESS
permit tcp any any reflect MIRROR
permit icmp any any reflect MIRROR
permit udp any any reflect MIRROR
!
! Evalute the reflected entries
!
ip access-list extended INGRESS
evaluate MIRROR
permit ospf any any
!
interface Serial 0/0
ip address 54.1.1.6 255.255.255.0
ip access-group INGRESS in
ip access-group EGRESS out

You would not be able to telnet out of a router to destinations behind the Serial interface, even though TCP sessions are reflected in access-list. To fix the issue, we may use local-policy to force the local traffic re-enter the router and be inspected by outgoing access-list:

!
! Redirect local telnet traffic via the Loopback interface
!
ip access-list extended LOCAL_TRAFFIC
permit tcp any any eq 23
!
route-map LOCAL_POLICY 10
match ip address LOCAL_TRAFFIC
set interface Loopback0
!
! Traffic sent to Loopback interface re-enters the router
!
interface Loopback0
ip address 150.1.6.6 255.255.255.50

!
! Apply the local-policy
!
ip local policy route-map LOCAL_POLICY

With this configuration, local telnet session will re-enter the router and hit the outgoing access-list, thereby triggering a reflected entry. This same idea may be utilized to force CBAC inspection of locally-generated traffic, by since 12.3 there has been a special IOS feature to do this natively.

The other useful application of local policy routing is using it for traffic filtering. For example you may want to prohibit outgoing telnet sessions from local router to a certain destination:

ip access-list extended BLOCK_TELNET
permit tcp any host 150.1.1.1 eq 23
!
route-map LOCAL_POLICY 10
match ip address BLOCK_TELNET
set interface Null 0

!
! Apply the local-policy
!
ip local policy route-map LOCAL_POLICY

The syntax is somewhat similar to the vlan access-maps used on Catalyst switches, and similarly the route-map is applied “globally”, i.e. to all router traffic, going out on any interface. Note that you may use the same idea to block incoming session, simply by reversing entries in access-list. (e.g. “permit tcp any eq 23 host 150.1.1.1″). Best of all, with PBR you may apply additional criteria to incoming traffic, e.g. match packet sizes.

The last example is the use of local PBR to apply special treatment to management/control plane traffic - e.g. use different output interfaces for out-of-band management. With local PBR you may also apply special marking for control traffic, e.g. selectively assign IP precedence values.

ip access-list extended MANAGEMENT_TRAFFIC
permit tcp any eq 23 any
permit tcp any eq 22 any
!
route-map LOCAL_POLICY 10
match ip address MANAGEMENT_TRAFFIC
set interface Serial 0/1
set ip precedence 7
!
ip local policy route-map LOCAL_POLICY

This exampls are very userful for real-world problems or mug it up at least for CCIE.

OSS / BSS

Operations Support Systems (also called Operational Support Systems or OSS) are computer systems used by telecommunications service providers. The term OSS most frequently describes "network systems" dealing with the telecom network itself, supporting processes such as maintaining network inventory, provisioning services, configuring network components, and managing faults. The complementary term Business Support Systems or BSS is a newer term and typically refers to "business systems" dealing with customers, supporting processes such as taking orders, processing bills, and collecting payments. The two systems together are often abbreviated BSS/OSS or simply B/OSS.

The term OSS was historically used to include both network and business systems. It is still sometimes used in this sense, which can cause some confusion. When used in this way, the term OSS may be seen as inclusive of BSS. For more detail about the use of other terms such as "network management", see the section on architecture below.

OSS architecture

A lot of the work on OSS has been centred on defining its architecture. Put simply, there are four key elements of OSS:

• Processes
  • the sequence of events
• Data
  • the information that is acted upon
• Applications
  • the components that implement processes to manage data
• Technology
  • how we implement the applications

During the 1990's, new OSS architecture definitions was done by the ITU-T in its TMN model. This established a 4-layer model of TMN applicable within an OSS:

• Business Management Level (BML)
• Service Management Level (SML)
• Network Management Level (NML)
• Element Management Level (EML)

Business Support Systems (BSS) are the components that a telephone operator or telco uses to run its business operations. The term BSS is no longer limited to telephone operators offering mobile to fixed and cable services but also can apply to service providers in all sectors such as utility providers.

Typical types of activities that count as part of BSS are taking a customer’s order, managing customer data, managing order data, billing, rating, and offering B2B and B2C services. Business Support Systems are linked to Operational Support Systems (OSS) in the enhanced Telecom Operations Map (eTOM) that maps processes into the functional areas of Fulfilment, Assurance and Billing where Assurance is typically covered by OSS platform. BSS and OSS platforms are linked in the need to support various end to end services. Each area has its own data and service responsibilities.

Role of Business Support Systems

The role of Business Support Systems in a service provider is to cover 4 main areas:

• Product Management
• Customer Management
• Revenue Management
• Fulfillment Management

• Product Management:

Product management supports the sales and management of products, offers and bundles to businesses and mass-market customers. Product Management regularly includes offering cross-product discounts, appropriate pricing and customer loyalty programmes.

• Customer Management:

Service Providers require a single view of the customer and regularly need to support complex hierarchies across customer-facing applications. Customer Management also covers requirements for partner management and 24x7 Web-based customer self-service. Customer Management can also be thought of a full-fledge Customer Relationship Management systems implemented to help customer care agents handle the customers in a better and informed manner.

• Revenue Management:

Revenue Management is a BSS focus on billing, charging and settlement, that can handle any combination of OSS services, products and offers. BSS Revenue Management supports OSS order provisioning and often partner settlement.

• Fulfillment Management:

Fulfillment Management as part of assurance is normally associated with Operational Support Systems though Business Support Systems are often the business driver for Fulfillment Management and order provisioning.

TeleManagement Forum

Most recently the TM Forum (TMF) has developed a communications domain model that provides the basis for clarifying the distinction between OSS and BSS systems. As shown in the figure the BSS supports the more Customer Facing domains. Whereas the OSS supports the traditional Resource and Resource Facing Service domains.

In NGOSS, applications provide access to system capability, which can generally be categorized as either BSS or OSS. The capability offered by an application through its deployed components can be further categorized as shown in the figure. Business activities such as Fulfillment, Assurance & Billing will necessarily utilize BSS and OSS applications capability from each of the domains to support end-to-end process flows.

For example, problem handling activities (part of Assurance) inside a Service Provider define the interaction between the Customer, Product, Service, Resource and Supplier/Partner entities to resolve the reported incident/problem. As such, problem management applications are required to provide access to Customer, Product, Service, Resource and Supplier/Partner information in support of the problem handling activities that occur throughout the problem management process lifecycle.

Timed Access List

Corp#config t

Corp(config)#time-range no-http
Corp(config-time-range)#periodic we?
Wednesday weekdays weekend
Corp(config-time-range)#periodic weekend ?
hh:mm Starting time
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#time-range tcp-yes
Corp(config-time-range)#periodic weekend 06:00 to 12:00
Corp(config-time-range)#exit
Corp(config)#ip access-list extended Time
Corp(config-ext-nacl)#deny tcp any any eq www time-range no-http
Corp(config-ext-nacl)#permit tcp any any time-range tcp-yes
Corp(config-ext-nacl)#interface f0/0
Corp(config-if)#ip access-group Time in
Corp(config-if)#do show time-range
time-range entry: no-http (inactive)
periodic weekdays 8:00 to 15:00
used in: IP ACL entry
time-range entry: tcp-yes (inactive)
periodic weekend 8:00 to 13:00
used in: IP ACL entry
Corp(config-if)#