Calix E7-2, E5-48, E3-48C Application Manual

Download

E7-2/E5-48/E3-48C R2.4

xDSL Applications Gui de

December 2015

#220-00811, Rev 12

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Contents

About This Guide...................................................................... 5

Chapter 1: VDSL Applications Overview ............................... 9

xDSL Subscriber Access Support ......................................................................... 10

Modular Chassis Deployment ................................................................................ 16

Chapter 2: Configuring VDSL2 Applications ...................... 19

Step 1. Configuring the Network Uplink(s) for VDSL2 Services .......................... 20

Overview: Configuring the Network Uplink(s) ................................................. 20

Configuring the Ethernet Uplink Port............................................................... 21

Configuring an Ethernet Interface ................................................................... 26

Configuring a Link Aggregation Interface ........................................................ 33

Creating the Service VLAN(s) ......................................................................... 47

Additional multicast addressing considerations .............................................. 50

Adding the Uplink Interface(s) to VLAN Memberships .................................... 64

Step 2. Creating VDSL2-Related Profiles............................................................... 68

Overview of VDSL2-Related Profiles .............................................................. 68

Creating the Quality of Service for VDSL2 Traffic Management ..................... 71

Creating Data and Video Service Profiles ..................................................... 105

Creating Voice Service Profiles .................................................................... 155

Step 3. Configure Subscriber Services................................................................ 177

Configuring Data Services ............................................................................ 177

Configuring IP Video Services ...................................................................... 189

Configuring Voice Services ........................................................................... 201

Configuring T1/E1 PWE3 Services ............................................................... 213

xDSL Port Power Save ................................................................................. 213

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Chapter 3: Reference Information ...................................... 215

System Support Capacities .................................................................................. 216

xDSL Support Capacities ...................................................................................... 221

E-Series LED Behavior .......................................................................................... 223

E-Series Line Card Additional Status Descriptions ............................................ 225

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

About This Guide

This Calix E7, E3-48, E5-48 and E5-48C Ethernet service access platforms leverage VDSL2 and ADSL2+ technology, along with an Ethernet switching fabric, to perform L2 aggregation / switching and layer-3-aware service delivery.

The Calix topics in this guide describe how to configure VDSL2-based services for the following platforms:

 E7-2 in stand-alone and modular chassis configurations  E5-48, E5-48C and E3-48C in stand-alone configurations

Note: Calix E7-20 products do not support VDSL2-based cards or services.

Throughout this guide, E-Series is used to refer to the specific product of E7-2 that supports VDSL2 cards and the E3-48C, E5-48 and E5-48C products that supports the equivalent of the VDSL2 line cards.

For specific procedures on provisioning Ethernet elements, such as VLANs, Ethernet ports and interfaces on the E5-48, E5-48C and E3-48C, refer to the Calix E3-48/E5-48/E5-48C User Guide.

Intended Audience

This document is intended for use by network planning engineers, CO technicians, and craft and support personnel responsible for network equipment turn-up, service configuration, and maintenance. The procedures in this guide are of a technical nature and should only be performed by qualified personnel. Familiarity with standard telecom and datacom terminology and practices, as well as standards-based Ethernet technologies and conventions, is recommended.

Related Documentation

 P-Series/T-Series ONT Software Matrix for E7 GPON  Calix P-Series ONT Model/Feature Matrix  Calix 800G GigaCenter Embedded Web Interface (EWI) User's Guide  Calix T1 Pseudowire Applications Guide  Calix C7 VoIP Services Guide  Calix Application Note: Using the ONT VoIP Configuration File  Completing Residential Gateway and SIP Configuration File Intake Forms  Calix P-Series VoIP Configuration File - Template  Calix 836GE RSG Wi-Fi Best Practices Guide  Calix GPON RF Overlay Deployment Guidelines  Calix Application Note: GPON Interface Adaptor  Calix E7 Pluggable Transceiver Module Support  CAB-12-023 - Pairing Bidirectional SFPs (to Support Single-Fiber Ethernet Links)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Chapter 1

VDSL Applications Overview

This chapter describes VDSL2 applications and the Calix E-Series VDSL2 solution.

Topics Covered

This chapter covers the following topics:

 An overview of the E-Series xDSL support  Description of modular chassis deployment with VDSL-based cards

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

xDSL Subscriber Access Support

The Calix E-Series Ethernet service platform leverages VDSL2 and ADSL2+ technology, along with an Ethernet switching fabric, to perform L2 aggregation / switching and layer-3aware service delivery. Up to two dedicated 10 Gigabit and four 2.5 or 1 Gigabit Ethernet uplinks can be leveraged to provide high capacity service delivery on a per-chassis basis.

E7-2 VDSL2-48 Overlay Line Card

Interfaces:

 48x DSL Overlay ports with corresponding 600- or 900-Ohm integrated splitters  Four 1GE / 2.5GE SFP MSA sockets, and two 1GE / 10GE SFP+ MSA sockets

Features:

 The VDSL2-48 also supports pair bonding in both ADSL2+ and VDSL2 modes.  One VDSL2-48 line card can be installed in an E7-2 chassis.  Integrated splitters provide a means to extract analog voice form the service loop and

terminate it on an existing DLC or analog POTS port on a switch line bay. One E7-2 VDSL2-48 line card can be plugged into a Calix E7-2 shelf to create a compact, high density DSL overlay node, with Ethernet aggregation and transport, ideal for copper based delivery of IP services leveraging existing POTS infrastructure, across the access network.

 Rev 13 and above of the VDSL2-48 card supports 600/900 Ω impedance, compatible

with all E7 releases. There is no need to select between 600 and 900 Ω impedance and

the splitter design accommodates either impedance without configuration.

POTS interfaces of the VDSL2-48 line card have the following characteristics:

 Impedance of 600 Ω + 2.16 μf, supporting ETSI based loop plants  Impedance of 900 Ω + 2.16 μf, supporting ANSI based loop plants  Loop current of up to 25mA (during normal operation), and 18mA (during battery

backup)

E7-2 VDSL2-48 r2 Overlay Line Card

This card is backward compatible with the original E7-2 VDSL2-48 Overlay line card.

E7-2 VDSL2-48C Combo Line Card

Interfaces:

 48x Combo DSL and POTS ports, two 1GE / 2.5GE SFP MSA sockets  Two 1GE/10GE SFP+ MSA sockets

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

The E7-2 VDSL2-48C line card can be plugged into one or both of the two universal slots within a Calix E7-2 shelf to create a compact, very high density DSL node of 96 ports in a 1RU high chassis, for DSL and VOIP access. Pair bonding is supported in both ADSL2+ and VDSL2 modes.

E7-2 VDSL2-48C r2 Combo Line Card

This card is backward compatible with the original E7-2 VDSL2-48C Combo Line Card.

E7-2 VDSL2-48D Data-Only Line Card

Interfaces

 48 ports VDSL2/ADSL2+ Fallback data-only  2 SFP sockets at 1GE/2.5GE rates  2 SFP+ sockets at 1GE/10GE rates

The Calix E7-2 VDSL2-48D card can be plugged into one or both of the two universal slots within a Calix E7-2 shelf to create a compact, high-density DSL node, with Ethernet aggregation and transport, ideal for copper based delivery of IP services across the access network. The line card supports pair bonding in both ADSL2+ and VDSL2 modes.

The Calix E7-2 VDSL2-48D Data-Only line card is ideally suited to meet new deployment requirements for the “All-Digital loop” as well as traditional Class 5 TDM Voice Switch consolidation applications. The All-Digital Loop provides high speed data services to all subscribers with the VoIP POTS functionality provided as an integrated component of the home residential gateway or as a separate IAD device attached to the modem. VoIP traffic is packetized in the home and then forwarded across the Calix network to the SIP enabled Softswitch. This application completely removes the POTS functionality from the service loop as the VoIP traffic is forwarded as a prioritized data packet. Using the E7-2 VDSL248D Data-Only line card Service Providers may continue to provide triple play services with the voice element being classified as “digital voice” as compared to “Life-line POTS”.

In this application, the TDM Class 5 POTS and Splitters are external to the E7 solution. The E7-2 VDSL2-48D Data-Only solution does not include splitter functionality. POTS services in this application are provided by the Class 5 switch and the splitter function is external to the E7 solution. In this application, high speed digital traffic is routed across the E7 while POTS signaling is forwarded across the installed TDM network.

E7-2 VDSL2-48D r2 Data-Only Line Card

This card is backward compatible with the original E7-2 VDSL2-48D r2 Data-Only line card.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

The Calix E7-2 VDSL2-48 card combines forty-eight VDSL2/ADSL2+ subscriber ports and corresponding integrated splitters, with four Gigabit Ethernet SFPs and two 10GE SFP+ ports, to provide high speed copper services with integrated Ethernet transport. Integrated splitters provide a means to extract analog voice on a service loop and terminate it on an existing DLC or analog POTS port on a switch line bay. One E7-2 VDSL2-48 line card can be plugged into a Calix E7-2 shelf to create a compact, very high density DSL node, with Ethernet aggregation and transport, ideal for copper based delivery of IP services across the access network. The E7-2 VDSL2-48 supports a full set of subscriber services and network topology protocols.

Interface Capacity

The Calix E7-2 VDSL2-48C line card combines VDSL2 / ADSL2+ fallback subscriber ports and corresponding 900Ω integrated splitters, with GE SFPs and 10GE SFP+ ports, to provide high speed copper services with integrated Ethernet transport.

DSL Ports

per card

Cards(s) per

E7-2 Shelf

DSL Ports

per E7-2

Shelf

Integrated

VF Splitters

1GE/2.5GE

SFP Ports

10GE/1GE

SFP+ Ports

48 1 48

48 4 2

Integrated splitters provide a means to extract analog voice form the service loop and terminate it on an existing DLC or analog POTS port on a switch line bay. One E7-2 VDSL2-48 line card can be plugged into a Calix E7-2 shelf to create a compact, high density DSL overlay node, with Ethernet aggregation and transport, ideal for copper based delivery of IP services leveraging existing POTS infrastructure, across the access network. The E7-2 VDSL2-48 supports a full set of subscriber services and network topology protocols.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Broadband Overlay

The E7-2 can be used when traditional POTS already exists and is passed through the remote location, originating from the access equipment located in the CO or an existing remote DLC. The DSL overlay is passed through an integrated splitter / combiner, allowing the delivery of voice, video, and data to a customer across a common, twisted pair cable. The Calix E7’s GE uplinks may be aggregated on a C7 with GE-2p / FE-4p or GE-4s line cards or on an Ethernet switch or router.

Overlay POTS Services with VDSL2-48

All 48-subscriber ports on the VDSL2-48 line card provide broadband DSL access and access to overlay lifeline POTS service. Analog POTS is carried over the service loop using standard Voice Frequency carriers (300 to 3400 Hertz). A line card integrated voice splitter separates the voice from the data service for each subscriber signal, extracting the POTS service, as an analog signal, back out of the line through the POTS overlay connector ports. The analog POTS service can then be handled via a collocated Digital Loop Carrier (DLC), or sent off to a TDM switch analog front end line bay.

POTS interfaces of the VDSL2-48 line card have the following characteristics:

 Impedance of 900 Ω + 2.16 μf

Loop current of up to 25mA (during normal operation), and 18mA (during battery backup)

E3-48C Node

 48x Combo DSL and POTS ports, two 1GE / 2.5GE SFP MSA sockets, and two

1GE/10GE SFP+ MSA sockets

 The Calix E3-48C is a compact, hardened, high capacity sealed ESAN designed for

outside plant applications.

 The E3-48C may be AC, DC, or Line powered.

E5-48 Overlay Node

 Fixed 1RU form factor  48 x VDSL2/ADSL2+ Fallback  Integrated POTS splitter per port

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 4 x 1G ports for uplink/downlink  Identical to E7-2 with a VDSL2-48 card, with the following exceptions:

 Modular chassis is not supported  LAG supports only two ports in a group, either ports 1&2 or ports 3&4. LAG

group may NOT include ports across the pair boundary. For example, a LAG with ports 1&3, or 2&3 are not supported.

E5-48C Combo Node

 Fixed 1RU form factor  48 x VDSL2/ADSL2+ Fallback ports  48 x POTS ports  4 x 1G ports for uplink/downlink  Identical to E7-2 with a VDSL2-48C card, with the following exceptions:

 Modular chassis is not supported  LAG supports only two ports in a group, either ports 1 and 2 or ports 3 and 4.

LAG group may NOT include ports across the pair boundary. For example, a LAG with ports 1 and 3, or 2 and 3 are not supported.

Multiple modes of DSL deployment

All xDSL ports on the VDSL2 line cards can be configured independently, for any of the xDSL modes of operation. The length and gauge of the copper pair loop determines the DSL mode(s) that can be supported for each port, and the train rate, and the derived service rate that the service provider is able to deliver to the subscriber. During the "handshake" process, the xDSL ports and the CPE agree to determine the DSL mode automatically. The E-Series trains the port at the DSL mode that provides the highest line performance possible, in the following order of priority:

1. VDSL2 PTM

2. ADSL2+ PTM

3. ADSL2+ ATM

4. ADSL2 PTM

5. ADSL2 ATM

6. ADSL ATM

xDSL can operate using either of two transmission convergence layers (PTM-TC, ATM-TC) and in one of several modes, listed above.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Packet mode utilizes PTM encapsulation (Ethernet services) for xDSL port operation. All

traffic on the port shares a single path and requires that all Basic Packet Functions (BPF) be performed in order to support varied services (VLAN) on the port. This is possible when using any of VDSL2, ADSL2+ or ADSL2 physical layers. PTM mode is not possible with ADSL1 physical layers (for example, G.dmt).

 ATM mode utilizes ATM encapsulation for xDSL port operation. In this case, the E-

Series performs a SAR function to interwork packets to/from cells. ATM mode can be used with all xDSL physical layers, except VDSL2.

 Fallback mode is where the E-Series automatically determines that it cannot train up in

VDSL2 mode, and then uses ADSL2+ instead. If the port can use PTM-TC, then it does use it. If the xTU-R does not support PTM-TC, the E-Series uses ATM-TC and performs the SAR function. Note that the E-Series currently supports up to six PVCs per xDSL port for ADSL operation.

 Legacy mode (this mode is only supported on the C7 and E5-series Calix products, and

NOT supported on the E-Series) is distinctly different than the other modes in that ATM VC are connected directly to individual ATM VC on the DSL line, just as with a traditional ADSL card. As such, QoS is provided by the ATM VC, rather than on a perpriority, per VLAN port basis. Traditional CAC functions are performed to ensure that the aggregate capacity of the ATM VC feeding the port do not exceed the ports capacity. The exception being handling of multiple UBR VC on egress, wherein some rate shaping and priority queuing are required.

Bonding

The VDSL card supports bonding wherein a single “bonded” port can be created from multiple physical ports. Bonded ports are treated the same as individual ports. Therefore, all aspects of Basic Packet Functions (BPF) that are applicable to individual ports are also applicable to Bonded ports.

Vectoring

E-Series supports unit level vectoring on all VDSL2 equipment. Vectoring eliminates cross talk between VDSL2 lines and thus recovers bandwidth that would otherwise be “lost” due to crosstalk. Vectoring also ensures a uniform level of performance from pair to pair in a vectored binder group. The E-Series vectoring complies with the ITU G993.5 standard.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Modular Chassis Deployment

The E7-2 MC platform operates as a ‘node’ such that it is managed as a complete entity; adding and deleting service, updating within a node concept, operationally managing troubles and diagnosis as a node. Configuration and installation of ‘stacked’ units to the node is automatically handled with ease of visual indicators to ensure cables are connected properly.

See the following for related information:

 "Turning Up a Modular Chassis System" in the Calix E7 User Guide for information on

initially configuring several E7s into a modular chassis

 Calix Method of Procedure (MOP): Migrating Standalone E7 Systems to an E7 Modular Chassis for

instructions on how to migrate multiple standalone E7 systems into a unified E7 modular chassis

 Calix E7 Maintenance and Troubleshooting Guide for instructions on how to add, replace, or

delete components in a modular chassis system.

Considerations for VDSL2-based cards in a modular chassis

 The VDSL2-48C / VDSL2-48 line cards are supported components of the modular

chassis architecture and platform deployment model.

 Modular chassis with VDSL2 cards support SFP ports at 2.5GE data rates for inter-

chassis stacking ring connectivity.

 The VDSL2-48C card shares a common EXA Powered architecture and feature set

common to all E7 cards and can be mixed interchangeably with other E7 cards to provide an application specific solution.

 Single-card Modular Chassis Controller (MCC) is supported when deploying a multi-shelf

E7-2 with VDSL2-48 Overlay cards.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

In the diagram above, VDSL2-48C line cards in the MCC and MCE shelves lose a forward facing SFP+ socket to the chassis’ backplane. This is not the case with the VDSL2-48 Overlay line card, since it requires no backplane communication to a second card in the E7-2 same chassis. Both the RT and CO nodes are fully and only equipped with E7-2 VDSL2-48C line cards, while they could also use transport cards (for example 10GE-4) in the MCC to aggregate multiple ERPS rings or take advantage of longer range XFP optics. Both nodes support protected 10GE ERPS Transport and / or RSTP or Link Aggregation network protocols from the MCC shelf. See "Turning Up a Modular Chassis system" in the Calix E7 User Guide for configuration guidelines and detailed instructions for configuring a modular chassis system.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Chapter 2

Configuring VDSL2 Applications

This chapter describes how to setup VDSL2 applications, including configuring the E-Series system, creating profiles, and then adding subscriber services.

Note: For procedures on initial turnup and network configuration specific procedures, see the Calix E7 User Guide or the Calix E3-48/E5-48/E5-48C User Guide. See the E7 Maintenance and Troubleshooting Guide for a procedure on VDSL2 Single Ended Line Test (SELT) that is is a DSL pre-provisioning test tool used to assess the line capability prior to installing a modem at the customer premise.

Topics Covered

This chapter covers the following topics:

1. Configure network uplinks for VDSL2 services

2. Creating system profiles that support VDSL2 applications

3. Configure subscriber services

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Step 1. Configuring the Network Uplink(s) for VDSL2 Services

This section describes how to configure the network uplinks for provisioned VDSL2 services.

Topics Covered

This section covers the following topics in bold that are part of the overall VDSL2 services configuration process:

1. Configure network uplinks for VDSL2 services

 Configuring Ethernet port interfaces  Configuring Ethernet ports  Creating service VLANs  Adding interfaces to VLAN memberships

2. Creating system profiles that support VDSL2 applications

3. Configure subscriber services

Overview: Configuring the Network Uplink(s)

This chapter describes how to configure the network uplink(s) for E-Series VDSL2 services.

If the network contains a number of E-Series nodes, such as in a 10GE transport ring, the network uplink(s) may reside in a different shelf from the VDSL2 ports and may include multiple uplinks per service. Network uplink(s) are typically located in a shelf closest to the core or headend.

Note: For information on configuring system-level objects, such as NTP servers and SNMP traps, see the Calix E7 User Guide or the Calix E3-48/E5-48/E5-48C User Guide.

Configuration process

The network uplink configuration process follows:

1. Configure the 10GE or GE uplink port for service.

 Set the Admin status for enable.

2. Configure the Ethernet interface on the uplink port.

 Set the interface role to Trunk.  Enable RSTP for link protection as required.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

3. Create the service VLAN(s).

 Create one VLAN per subscriber for the 1:1 provisioning model.  Create one VLAN per service for the N:1 provisioning model.  For video service, enable IGMP Snooping.

4. Add the Ethernet uplink interface to the service VLAN memberships.

Configuring the Ethernet Uplink Port

The topic describes how to configure an E-Series Ethernet port for an uplink.

E-Series Ethernet ports and the associated Ethernet interfaces always exist and can only be modified. LAG interfaces and their association with Ethernet ports can be created, deleted, and modified. See Configuring an Ethernet or LAG Interface (on page 33).

The physical characteristics of the underlying ports include:

 Speed  Duplex setting  Interface type

ETH-Port names:

 g(port number) = Gigabit Ethernet Ports (GE)  x(port number) = 10Gigabit Ethernet Ports (10GE)

Configuration guidelines

 An Ethernet port is always a member of exactly one interface, even when it is being used

in a standalone manner.

 An Ethernet port can be either assigned to the Ethernet interface associated with the

port, or assigned to an existing LAG interface. (Before you can assign a port to a LAG interface, you must disable the port's default associated interface.)

 The interface provisioning (for example, VLAN membership) applies to the port when

the interface is assigned to the port.

 Keep the LACP role set to the default value of active, unless there is a very clear need.

Specifically, the topology where at least one side of the LAG is cross-card will not operate when either side of the LAG is set to LACP role = passive.

 When a port interface is added to an ERPS ring, the port attribute of Duplex defaults to

full and the Flow Control setting defaults to none. If the port interface is removed from the ERPS domain, these attributes can again be modified.

 Destination lookup failure (DLF) based rate limiting should never be used on aggregation

network elements as this naturally happens when the access network goes through a topology change. The use of this feature at the access node is also not advised as the rate limiter indiscriminately applies to all services including business services.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 The E7-2 supports 2.5 Gbps pluggable module interfaces in the SFP ports of the 10GE-

4, GPON-4, VDSL2-48C, and VDSL2-48 cards.

 The 2.5GE interfaces support equivalent functions and networking protocols as the GE

and 10GE interfaces.

 Auto-negotiation is supported over twisted pair 1000BASE-T links and some fiber

1000BASE-X links. It is not supported over 2.5G or 10G links.

 When connecting to devices that do not support auto-negotiation, provision the E7 port

manually for the speed, duplex, and flow control options that are compatible with the options supported by the other side.

Forced Speed Settings Supported

10M 100M 1G 2.5G 10G

Copper modules in SFP/CSFP ports Direct-Attach cables in SFP/CSFP ports Direct-Attach cables in SFP+ port Copper modules in SFP+ ports 1G fiber modules in SFP or SFP+ ports

2.5G fiber modules in SFP ports

10G fiber modules in SFP+ ports

X X X

X X X X

 The following rules apply for stand-alone E7 shelves and Modular Chassis Controller

(MCC) shelves:

 SFP and SFP+ Network ports; support protection protocols; ERPS, LAG, RSTP:

 Transport ports; ERPS or RSTP protection  Trunk/Edge ports; RSTP and/or LAG protection, towards the edge

switch/router or subtended device

 SFP sockets:

 1GE or 2.5GE data rate modes  At 2.5GE data rate mode, supported port roles are

Stacking/Edge/Trunk/Access

 At 1G data rate mode; supported port roles are Edge/Trunk/Access

 SFP+ sockets:

 1GE or 10GE data rate modes  At 10G data rate mode; supported port roles are Stacking/Edge/Trunk/Access  At 1G data rate mode; supported port roles are Edge/Trunk/Access

 Support for subscriber DSL drops; supported port roles are Access

 The following rules apply for Modular Chassis Expansion (MCE) shelves:

 SFP and SFP+ Access ports; no support for protection protocols

 Aggregation; unprotected pt-to-pt links to subtended devices from SFP and

SFP+ sockets

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 SFP sockets

 1GE or 2.5GE data rate modes  At 2.5GE data rate mode; supported port roles are Stacking/Access (unprotected

pt-to-pt)

 At 1GE data rate mode; supported port roles are Access (unprotected pt-to-pt)

 SFP+ sockets

 1GE or 10GE data rate modes  At 10GE data rate mode; supported port roles are Stacking/Access (unprotected

pt-to-pt)

 At 1GE data rate mode; supported port roles are Access (unprotected pt-to-pt)

Before starting

Before starting the configuration process, check that the following conditions are met:

 The class map and class rules are configured.  The policy map and policies are configured.  The Ethernet or LAG interface is configured.  The Ethernet port grade-of-service (GoS) profile is created.  The class-of-service (CoS) profile is created.

Parameters

You can provision the following parameters for E-Series GE or 10GE Ethernet ports:

Parameter Description Valid Options

Admin State Service state of port.

While troubleshooting a port that has Admin State = "enabled-noalarms," either use the CLI command "show alarm include suppressed," or from the web browser interface temporarily set the Admin State to "enabled," and then refresh the alarm panel manually or wait for default refresh rate to see the suppressed

alarms.

enabled disabled ‡ enabled-no-alarms

Interface Name of interface to select whether to leave the default connection

to the port's logical (associated) Ethernet interface, or assign the port to a link aggregation group (LAG) interface.

Note: Before you can assign a port to a LAG interface, you must disable the port's default associated interface. When a port is assigned to a LAG, the LAG interface provisioning (for example,

VLAN membership) applies to the port.

EthIntf LagIntf

GOS Profile Name of Grade-of-Service (GoS) profile to use that has been

previously defined. The GoS profile specifies the operation

thresholds for the Ethernet port.

Any established Ethernet GoS profile

COS Config Nam e of class-of-service (CoS) profile to use that has been

previously defined. The class-of-service profile specifies the

queuing of packets.

Any established Ethernet port CoS profile

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

Broadcast Max Rate Select whether to disable this parameter (off), or enter a value to

specify the maximum rate for broadcast traffic (packets/second).

This is an ingress rate limiter.

off, 0-16383999 Use "k" and "m" to multiply the

rate.

Unknown Mcast Max Rate

Select whether to disable this parameter (off), or enter a value to limit the rate for unknown multicast traffic (packets/seconds). Use

"k" and "m" to multiply rate.

off ‡ Enter Value = 0–16,383,999

DLF Max Rate Select whether to disable this parameter (off), or enter a value for

the maximum ingress rate for unknown unicast or destination lookup failure (DLF) traffic (packets/seconds). Use "k" and "m" to multiply rate. DLF applies to unicast packets where the bridges lookup the destination MAC address in their learning tables and cannot find it (a lookup miss) thus floods the packet to the broadcast domain until the packet hits a bridge that knows (learned) the destination MAC address or the packet is received by

the destination device.

off ‡ Enter Value = 0–16,383,999

LACP Priority Priority value to use for determining which port to activate in a

LAG. The lower value takes priority. For example, in a cross-card protect i on LAG, set the ports on the

active card to a common LACP priorit y value, and then set the LAG ports on the standby card to another common priority value. The priority value on the active card ports must be lower than the

value set for the ports on the standby card.

0-65535 32768 ‡

LACP Timeout The length of timeout for LACP.

Note: Avoid the use of LACP long timeouts, unless there is a very

specific need.

short ‡ long

Duplex Duplex mode for the port.

 Half-duplex uses Carrier Sense Multiple Access (CSMA) to

detect collisions and recover from them.

 Full-duplex transmits and receives at the same time. Note:

Use this setting for ERPS ring ports.

 Auto:

If the link is auto-negotiated, the duplex attribute is negotiated with the link partner.

If the link speed is forced to a set value, full duplex is the

default.

half, full, auto‡ (auto-negotiate duplex value with the link partner)

Flow control Applies back pressure to a transmitter that is outrunni ng the

receiver's capacity to process incoming data.  tx-pause sends pause packets to the partner link, when

needed.

 rx-pause honors the partner link's pause packets and stops

transmitting, when asked.

 tx-rx sends pause packets and honors the partner link's pause

packets.

 none does not send pause packets and does not honor the

partner link's pause packets. Note: Use this setting for ERPS ring ports.

 Auto:

If the link is auto-negotiated, the pause attribute is negotiated with the partner link.

If the link speed is forced to a set value, tx-rx is the default.

rx-tx, rx-pause, tx-pause, auto‡, none

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

LLDP Mode Link Layer Discovery Prot ocol (LLDP) mode for the port. LLDP

defines a set of information to be transmitted and received periodically on an Ethernet interface to and from connected devices. This information can be leveraged by the management interfaces to build a “network” topology view and identify all connected access nodes.

Note: LLDP is enabled by default for all GE Access interfaces

configured as Edge or Trunk.

disabled, tx-only ‡

Ethernet Speed (Mb/s)

Data rate of port (bits/s). Auto setting:  If the link supports auto-negotiation, the link partners auto-

negotiate the speed while advertising the duplex and flow control parameters specified.

 If the link does NOT support auto-negotiation, the setting is for

the fastest rate that the module can support.

Module-rate is for SFP+ ports, which supports both 10GE and 1GE modules. The bit rate of the installed module is forced as the port speed. No auto-negotiation takes place with this setting. Module rate is not supported for XFP ports.

Fixed speed setting forces the speed to the value specified. (Note: See the configuration guidelines above for the forced speed setting

supported for various ports.)

auto‡, module-rate (native speed of pluggable module), 10mbps, 100mbps, 1gbps,

2.5gbps, 10gbps

‡ Default

To configure an E-Series GE port for service

1. On the Navigation Tree, double-click an E-Series line card, and then click a GE or 10GE

port.

 Alternatively, you can access an E-Series Ethernet port using the following methods:  Click the triangle-arrow to the left of the service card in the Navigation tree, and then

click the specific Ethernet port from the tree.

 On the Navigation Tree, click E-Series, and then click System > Ethernet Ports

and click a listed Ethernet port, or click in the row between the columns to edit the row. You can select multiple ports to edit using the Control+click and Shift+click keys. Click Apply when the parameter settings are complete.

2. Reference the table above to configure the parameters.

3. From the menu, click Apply.

For CLI:

Bulk Modifying Ethernet Ports

Modifying Ethernet ports in selected groups results in rapid configuration changes across a node.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

To create a range of Ethernet ports

1. On the Navigation Tree, select the node, and then click Ethernet Ports.

2. In the work area, select the Ethernet ports to modify using Shift+click or Ctrl+click.

To select a row from the table, click on the portion of the row in between the columns that has no text, as indicated by the red rectangles below.

3. In the edit row at the top of the work area, select the parameter to modify, and select the

new value.

4. Click Enter to identify each row with a modified value as having a pending change,

indicated by an orange arrow.

5. In the Toolbar, click Apply to commit the changes.

For CLI:

Configuring an Ethernet Interface

This topic describes how to configure an Ethernet port's associated interface. E-Series Ethernet interfaces are logical objects that represent the service-related attributes of an Ethernet port.

Ethernet ports and the associated Ethernet interfaces always exist and can only be modified. LAG interfaces and their association with Ethernet ports can be created, deleted, and modified.

See Configuring a Link Aggregation Interface (on page 33) for information.

Interface names

Eth interfaces (Non-LAG related interfaces) share the same name as the E-Series Ethernet Ports (card 1/Eth port g1, for example 1/g1)

 g(port number) = GE(port number)  x(port number) = 10GE(port number)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Interface roles

Each GE and 10GE interface in the system has one of the following configuration-role types:

Trunk: A port connecting to other equipment belonging to the service provider or to another service domain with consistent VLAN tagging levels. These ports may also be referred to as Network ports or Provider ports in industry standards. These ports support outer VLAN tag plus MAC switching.

Examples of trunk ports are 10G ERPS transport ports and GE uplinks. Trunk ports can be configured for link aggregation, RSTP, or ERPS. To properly process ingress double tags, the GE network interface (uplink) must be configured as a Trunk role.

Edge: A port facing customer equipment or facing reduced functionality devices, alternative administrative domains, or managed CPE. Generally, this E-Series Ethernet port interface is where all classification is first performed on ingress traffic (if customer facing). The E-Series Ethernet interface is also expected to add, replace, or remove one or more VLAN tags on edge traffic. RSTP and LAG networking protocols are supported.

Examples of an edge port would include GE ports to managed CPE, a GE/10GE port to external equipment which may use different tagging levels, or GPON ports.

Access: A port facing untrusted customer equipment or other devices serving subscribers. Generally, this port interface is where individual subscriber services are defined and enforced (bandwidth limits, security, multicast profiles). Networking protocols are not supported.

Examples of an access port would be point-to-point connections to subscribers or other devices serving subscribers.

VLAN support

By default, every Ethernet port with a trunk or edge interface on the unit is a member of VLAN 1, the Native VLAN. The Native VLAN is available to pass any untagged traffic. You can provision an Ethernet port interface to use a different existing VLAN as the Native VLAN.

To forward untagged traffic on Ethernet ports with an access interface, an add-tag action must be applied to untagged frames, assigning the traffic to a designated VLAN.

Tagged traffic that does not match any of the tagging criteria is dropped.

For modular chassis nodes, any VLAN created on the system is automatically mapped to the Stacking Ports. The remaining port interfaces in the system must be a VLAN member for traffic to pass on the VLAN through the interface.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Interface role configuration guidelines

Trunk Edge Access

E7-2 or E-Series X X

E7-2 MCC X X

E7-2 MCE

E7-20 SCP X X

E7-20 GE-24

ONT Ethernet Port

Tag Actions

X X

Native VLAN X X

Networking Protocol

(RSTP, ERPS*, LAG)

X X

*Edge ports only support RSTP and LAG networking protocols, NOT ERPS.

Facility and equipment protection using RSTP

Individual Ethernet port interfaces with either a Trunk or Edge role can participate in Rapid Spanning Tree Protocol (RSTP).

 Facility protection can be configured by using two ports on the same E7 card.  Equipment protection can be configured by using one port on two cards in the same E7

shelf. That is, one port on each E7 card.

 For Modular Chassis systems, RSTP is only supported on MCC shelf interfaces.  For E7-20 systems, RSTP is only supported on SCP cards.

Note: Node protection can be configured by using two E7-2 nodes on an ERPS ring. See Configuring RSTP Settings for the RSTP parameters to apply to the nodes.

To view the E-Series Ethernet port interfaces that are actively participating in RSTP, click E- Series on the Navigation Tree, and then click the RSTP > Interfaces tabs.

Configuration guidelines

Follow these guidelines when configuring an Ethernet port interface or LAG interface:

 An Ethernet interface always exists, cannot be deleted, can be modified, and is associated

with a specific companion Ethernet port (GE or 10GE).

 A LAG interface can be created, deleted, and modified.  A port is always a member of exactly one interface, even when it is being used in a

standalone manner.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 You can configure only one of the following attributes on a given VLAN on a given

interface:

 Trunk interfaces:

 VLAN member  Native VLAN

 Edge interfaces:

 VLAN member  Tag-action  Native VLAN

 Access interfaces:

 VLAN member  Tag-action

 Trunk and Edge interfaces are always associated with at least one VLAN, through the

native VLAN attribute (VLAN 1, by default). Access interfaces do not support a Native VLAN, however, tag actions can be used to assign untagged traffic to a VLAN ID.

 All network connections (ERPS, RSTP, LAG, DHCP servers, multicast routers, IGMP-

enabled video servers, network-facing routers) are made on Trunk or Edge interfaces, only.

 Interfaces can be associated with additional VLANs through memberships or tag-actions.  If an Ethernet uplink Edge interface with tag actions (for double-tagged traffic) is on the

same card as Ethernet downlink Edge interfaces (that are members of the outer VLAN), ingress double-tagged traffic from the downlink ports will not flow upstream, resulting in a service interruption. As a workaround, for this application, ensure that one of the following configurations are used:

 The Ethernet uplink Edge port is on a different card than downlink Edge ports.  Ethernet downlink ports are configured with the Trunk interface role.

Note: For this application, if active/standby LAG is used for the uplink, you must ensure that Ethernet downlink ports are configured with the Trunk role.

 When a VLAN has DHCP snooping and Option 82 relay enabled, an Ethernet interface

can be directly added to the VLAN membership, but using a tag action to associate an Ethernet interface to such a VLAN is not supported.

 BPDU Guard and RSTP cannot be enabled on an interface, simultaneously.  For Policy maps:

 For Trunk interfaces, any policy map assignment is allowed.  For Edge and Access interfaces, if a policy map contains a two-tag classification, the

edge or access link must have a tag-action that adds the outer tag being matched by the class rule.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 For an RSTP network, Calix recommends setting the following parameters as shown:

 The VLAN IGMP Mode = snoop-suppress or proxy  The IGMP profile Router Learning Mode = static-dynamic  The IGMP profile Router Solicit On Topology Change = Y (enabled)  The interface NOT be designated as a static router port through the VLAN

membership.

 The Interface Quality Audit (IQA) function periodically checks the number of File Check

Sequence (FCS) errors received as a percentage of total frames received on an interface. An interface that exceeds the provisioned thresholds can be set to generate an alarm, switch traffic to an alternate path, or force the interface to an OOS state where operator intervention is required to bring the interface to an operational state by manually disabling the interface, and then re-enabling the interface.

Before starting

Before starting the configuration process, check that the following conditions are met:

 The policy map that you want to associate to the E-Series Ethernet port interface is

already created.

Parameters

You can provision the following parameters for Ethernet interfaces:

Parameter

Description

Valid Options

Name*

Name of LAG interface or associated Ethernet port (card/Ethernet port).

(Note: This is a case-sensitive string.)

String 31 characters

Role* Role of E-Series Ethernet port interface.

 trunk and edge are supported on E7-2 standalone, E7 modular

chassis controller, and E7-20 SCP cards.

 access is supported on E7-2 standalone, E7 modular chassis

controller, E7 modular chassis expansion cards, and E7-20 linecards.

See the rules and restrictions for each role in the above paragraphs.

trunk edge access E7-2, E7 Modular Chassis Controller, and E7-20 SCP cards:

 10G = trunk ‡  1G = edge ‡

E7-20 and E7 Modular Chassis Expansion:

 10G = access ‡  1G = access ‡

Default (LAG) = NA

Admin State Service state of E-Series port interface. Select whether the interface is

in service. Note: Before you can assign a port to a LAG interface, you must disable

the port's default associated interface. When a port is assigned to a LAG, the LAG interface provisioning (for example, VLAN membership)

applies to the port.

enabled ‡ disabled

Description

Descriptive name for the interface.

String 31 characters

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

RSTP Whether the interface is running rapid spanning tree protocol (RSTP).

The E-Series supports port-level RSTP. Therefore, ensure the far-end device is configured similarly (port-level RSTP) and not using VLANlevel RSTP.

 RSTP (enabled) is only supported for trunk and edge interfaces.  RSTP (tunneled) is supported for all interface roles and should only

be used when configuring TLAN service.

 RSTP and BPDU Guard cannot be enabled on an interface,

simultaneously.

 For Modular Chassis systems, RSTP is only supported on MCC

shelf interfaces.

 For E7-20 systems, RSTP is only supported on SCP interfaces.  For cross-card LAG interfaces, RSTP is not supported and must be

disabled in order to configure a cross-card LAG.

enabled (‡ E7-2) disabled (‡ E7-20) tunneled

STP Priority Spanning tree protocol (STP) priority of this port interface.

Note: Leave the default value unless you are certain of a modified value to assign as an STP priority for the interface.

0, 16, 32, 48, 64, 80, 96, 112, 128‡, 144, 160, 176, 192, 208, 224, 240

STP Path Cost Spanning tree protocol (STP) path cost is the cost of transmitting a

frame on to a network through that port. It is assigned according to the speed of the bridge. The slower the media, the higher the cost.

Note: Leave the default value unless you are certain of a modified value

to assign as the cost of service.

1-200000000 4 ‡

Policy Map Name of policy map used on ingress traffic packets. The associated

map describes what actions to take when the ingress traffic packets

match the listed criteria.

name of map

Subscriber ID Identification information of subscriber, such as phone number, or

account number.

String 0-63 characters

MTU (Bytes) Maximum Transmission Unit size (bytes). E7 supports the ability to set

the MTU size on an interface to a maximum or 9000 bytes, not including the Ethernet header, two VLAN tags for Q-in-Q, and the frame check sequence (32-bit CRC).

 MTU = 9600 bytes for E7 Ethernet interfaces  MTU = 2000 bytes for 700GE and 760GX GPON ONTs  MTU = 1600 bytes for 700GX GPON ONTs

For example:

 2000 bytes = MTU  2026 = Max Ethernet frame (with two VLAN tags without

Preamble/Delimiter)

 2034 = Max Ethernet frame (with two VLAN tags including

Preamble/Delimiter)

 2046 = Max Ethernet frame (with two VLANs, preamble/Delimiter,

and Interframe Gap)

1500-9600 2000 ‡

Ether Type The Ethertype indicates the protocol being transported in the Ethernet

frame.

 0x8100 - IEEE 802.1Q-tagged  0x88a8 - IEEE 802.3ad provider bridging  0x9100 - Q-in-Q (double tagged)

The recommended value of 0x8100 should be used for all interfaces (Ethernet and LAG).

Note: The VLAN tagged frames are identified as having a tag by

utilizing the Ethertype field.

0x8100 ‡ 0x88a8 0x9100

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

Native VLAN Native VLAN to use for untagged user traffic on this interface. VLANs

can be specified by name or by numeric VLAN ID. Supported for trunk and edge interfaces, only.

To forward untagged traffic on E-Series Ethernet ports with an access interface, an add-tag action must be applied to untagged frames,

assigning the traffic to a designated VLAN.

numeric value (range 1-4093) 1 ‡

Split Horizon Forwarding

Enable or disable split-horizon forwarding on this Edge interface of a standalone E7-2 or modular chassis controller shelf. (The Split Horizon Forwarding is not supported on the E7-20 system.)

The default is “Enabled” or "Y" and should only be disabled when setting up TLAN service between multiple edge or access ports on the same E7. When Split-horizon forwarding is enabled on an edge port, traffic from that port will only route to trunk links. The Split-horizon forwarding flag has no effect on trunk links. Examples of an edge port would include GE ports to managed CPE, a GE/10GE port to external equipment which may use different tagging levels, or GPON ports. By default, E7 edge ports have the split horizon feature enabled which

isolates port traffic from other edge ports within the same E7 line card.

disable enable (‡ E7-2)

BPDU MAC Mode M AC for rapid spanning tree protocol (RSTP) bridge protocol data units

(BPDUs).  1d results in the E7 transmitting BPDUs with a DA of

01:80:C2:00:00:00. Use this selection when the E7 is connected to an 802.1d compliant switch with redundant link.

 1ad results in the E7 transmitting BPDUs with a DA of

01:80:C2:00:00:08. Use this selection when the E7 is connected to

an 802.1ad compliant switch with redundant link.

1d ‡ 1ad

LACP Tunnel LACP protocol packets are forwarded when set to enabled (Y) on an

Ethernet interface and should only be used when configuring TLAN

service.

disable ‡ enable

RSTP Auto Edge Link

Enables or disables automatic RSTP detection and protocol negotiation for other connected bridges on E-Series Ethernet ports. Each RSTP edge link transitions immediately to the RSTP forwarding port state, since there is no possibility of it participating in a loop. If another connected bridge is detected on a port with RSTP Edge Link enabled, the port immediately transitions to point-to-point and negotiates the

RSTP topology.

disable ‡ enable

Trusted Whether the interface is a trusted source of DHCP option 82/LDRA

data.  Ethernet interfaces used for LAG or ERPS links can only be set to

Trusted = Y.

 Access interfaces can only be set to Trusted = N.

selected (yes) ‡ unselected (no)

BPDU Guard Enables or disables BPDU guard mode. When enabled, this prevents

topology loops by preventing the participation of an interface in a spanning tree. When the interface receives a BPDU (STP, RSTP, MSTP), it is put into a disabled state where an operator must manually disable, and then re-enable the interface to put the interface back into service.

BPDU Guard and RSTP cannot be enabled on an interface,

simultaneously.

disable (default for E7-2 standalone, MCC shelf, and E7-20 SCP with RSTP enabled on GE/10GE ports)

enable (default for all Access interfaces, where RSTP is not supported)

IGMP Immediate Leave

Enables or disables IGMP immediate leave. When enabled, checks are omitted that would see if there are other hosts interested in the multicast

group.

use-vlan-setting ‡ enabled

disabled

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

Interface Quality Audit Mode

Mode to periodically check the number of File Check Sequence (FCS) errors received as a percentage of total frames received on an interface. An interface that exceeds the provisioned thresholds can be set to one of the following modes:

 no-audit - disables the Interface Quality Audit (IQA) mode  alarm-only - generates an alarm, but, does not take any action on

the interface

 disable-interface – Disable the interface when the threshold is

exceeded

 protocol-action – For ERPS and LAG, only disable the interface if

there is an alternate path that is up and available. For non-ERPS

and non-LAG interfaces, this is interpreted as “alarm only.”

no-audit, alarm-only ‡, protocol-action, disableinterface

Polling Interval Number of seconds between interface quality audits that compare

errored frames to total received frames.

1-60

1 ‡

Error Threshold Number of errored frames per million total frames to consider a specific

interval as failed.

1-100000

1000 ‡

Polling Window Number of interface quality audi t intervals to cons i der for failure

determination.

10-60

60 ‡

Errored Interval

Count

Number of failed audit quality intervals within the polling window that will

indicate an interface failure for IQA to take an alarm or OOS action.

1-60

10 ‡

Interval Min Frames Minimum number of frames that must be received per interval for a

specific interval to be considered valid.

1-2147483647

100 ‡

* Required field ‡ Default

To configure an Ethernet port associated interface for service

1. On the Navigation Tree, click a GE or 10GE port where you want to configure an

associated interface.

2. In the Work Area, click Associated Interface > Provisioning.

3. Reference the table above to configure the parameters.

4. Click Apply.

For CLI:

Configuring a Link Aggregation Interface

This topic describes how to configure an Ethernet interface and a Link Aggregation Group (LAG) interface. E7 Ethernet interfaces are logical objects that represent the service-related attributes of an Ethernet port.

E7 Ethernet ports and the associated Ethernet interfaces always exist and can only be modified. LAG interfaces and their association with E7 Ethernet ports can be created, deleted, and modified.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Interface names

 Eth interfaces (Non-LAG related interfaces) share the same name as the E7 Ethernet

Ports (card 1/Eth port g1, for example 1/g1)

 g(port number) = GE(port number)  x(port number) = 10GE(port number)

 LAG interfaces are named at the time of creation

Interface roles

Each GE and 10GE interface in the E7 has one of the following configuration-role types:

Edge: A port facing customer equipment or facing reduced functionality devices, alternative administrative domains, or managed CPE. Generally, this E7 Ethernet port interface is where all classification is first performed on ingress traffic (if customer facing). The E7 Ethernet interface is also expected to add, replace, or remove one or more VLAN tags on edge traffic. RSTP and LAG networking protocols are supported.

Examples of an edge port would include GE ports to managed CPE, a GE/10GE port to external equipment which may use different tagging levels, or GPON ports.

Examples of an access port would be point-to-point connections to subscribers or other devices serving subscribers.

VLAN support

By default, every E7 Ethernet port with a trunk or edge interface on the unit is a member of VLAN 1, the Native VLAN. The Native VLAN is available to pass any untagged traffic. You can provision an E7 Ethernet port interface to use a different existing VLAN as the Native VLAN.

To forward untagged traffic on E7 Ethernet ports with an access interface, an add-tag action must be applied to untagged frames, assigning the traffic to a designated VLAN.

Tagged traffic that does not match any of the tagging criteria is dropped.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Interface role configuration guidelines

Trunk Edge Access

E7-2 or E-Series X X

E7-2 MCC X X

E7-2 MCE

E7-20 SCP X X

E7-20 GE-24

ONT Ethernet Port

Tag Actions

X X

Native VLAN X X

Networking Protocol

(RSTP, ERPS*, LAG)

X X

*Edge ports only support RSTP and LAG networking protocols, NOT ERPS.

Link aggregation groups

The system uses IEEE 802.3ad/802.1AX Link Aggregation (LAG) to bond multiple GE or 10GE or 2.5GE ports (not mixed) into a single link aggregation group with a single logical Ethernet interface. The ports that comprise a LAG can be on the same line card or on two different line cards in the same shelf.

Link aggregation provides two principle values to the network operator:

 Point to point link protection / redundancy between network elements  Bandwidth expansion of the logical interface beyond the capacity of a single link

You can configure the following LAG configurations:

 The active LAG has all ports in the LAG active and the combined bandwidth of the

ports is available to carry the traffic on the logical link of the LAG. When a failure occurs, the available bandwidth is reduced by the amount of bandwidth carried over the failed port.

For a cross-card LAG, this configuration is known as active/active.

 The active/standby LAG has multiple ports active and one or more port in standby,

positioned to come online when an active port fails.

For a cross-card LAG, a failure threshold defines how many active ports in the group can fail before the group is taken out of service, and the system switches the LAG operation to the ports on the standby card.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Example Single-Card LAGs

Two different single-card LAG configurations are shown below:

 The active LAG configured for the E7 has all ports in the LAG active and the combined

bandwidth of the ports is available to carry the traffic on the logical link of the LAG. When a failure occurs, the available bandwidth is reduced by the amount of bandwidth carried over the failed port.

 The active/standby LAG configured for the router has multiple ports active and one port

in standby, positioned to come online when an active port fails.

Example parameter settings:

 RSTP Enabled = disabled  LAG cross-card = N (No) or disabled  LACP Min Ports = 1  LACP Max Ports = 2**

Note: **Ports added to the LAG that exceed the LACP Max Ports parameter are designated as standby ports.

Example Cross-Card LAGs

The cross-card protection LAGs shown below have half of the LAG ports on one card and the other half of the LAG ports on another card, in the same shelf. You can designate the links on either card as active or standby.

Note: If the number of active ports falls below the Min Ports value, then the system switches the LAG operation to the ports on the standby card. When using cross-card LAG, the LAG on the switch connected to the E7 must have RSTP disabled.

Note: Keep the LACP role set to the default value of active, unless there is a very clear need. Specifically, the topology where at least one side of the LAG is cross-card will not operate when either side of the LAG is set to LACP role = passive.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Example parameter settings:

 RSTP Enabled = disabled  Access router LAG:

 Role = Trunk  LACP Cross Card = active-active  LACP Min Ports = 1  LACP Max Ports = 4  Card 1 Ethernet ports LACP Priority = 128  Card 2 Ethernet ports LACP Priority = 100

 C7 LAG:

 LACP Cross Card = active-standby  LACP Min Ports = 1  LACP Max Ports = 1  Card 1 Ethernet port LACP Priority = 100  Card 2 Ethernet port LACP Priority = 128

LAG per card and RSTP

As a network configuration, RSTP can be enabled on two LAG interfaces to create a protected connection to routers. As shown below, a separate LAG is configured on each card and the LAG interfaces have an aggregated bandwidth capacity of 2Gbps, while RSTP provides E7 cross-card equipment protection. All of the links in the LAG must terminate on the same card for RSTP to be supported.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Example parameter settings:

 RSTP Enabled = enabled  LAG cross-card = N (No) or disabled  Access router LAG:

 LACP Min Ports = 2  LACP Max Ports = 2

Facility and equipment protection using RSTP

Individual Ethernet port interfaces with either a Trunk or Edge role can participate in Rapid Spanning Tree Protocol (RSTP).

 Facility protection can be configured by using two ports on the same E7 card.  Equipment protection can be configured by using one port on two cards in the same E7

shelf. That is, one port on each E7 card.

 For Modular Chassis systems, RSTP is only supported on MCC shelf interfaces.  For E7-20 systems, RSTP is only supported on SCP cards.  For cross-card LAG interfaces, RSTP is not supported on the E7, and the LAG end

connected to a switch must also have RSTP disabled. If RSTP is enabled on the connected system, then that system will take 20-30 seconds to pass traffic again while waiting for RSTP to timeout.

Note: Node protection can be configured by using two E7-2 nodes on an ERPS ring. See Configuring RSTP Settings for the RSTP parameters to apply to the nodes.

To view the E7 Ethernet port interfaces that are actively participating in RSTP, click E7 on the Navigation Tree, and then click the RSTP > Interfaces tabs.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Configuration guidelines

Follow these guidelines when configuring an Ethernet port interface or LAG interface:

 An Ethernet interface always exists, cannot be deleted, can be modified, and is associated

with a specific companion Ethernet port (GE or 10GE).

 A LAG interface can be created, deleted, and modified.  A port is always a member of exactly one interface, even when it is being used in a

standalone manner.

 You can configure only one of the following attributes on a given VLAN on a given

interface:

 Trunk interfaces:

 VLAN member  Native VLAN

 Edge interfaces:

 VLAN member  Tag-action  Native VLAN

 Access interfaces:

 VLAN member  Tag-action

 Trunk and Edge interfaces are always associated with at least one VLAN, through the

native VLAN attribute (VLAN 1, by default). Access interfaces do not support a Native VLAN, however, tag actions can be used to assign untagged traffic to a VLAN ID.

 All network connections (ERPS, RSTP, LAG, DHCP servers, multicast routers, IGMP-

enabled video servers, network-facing routers) are made on Trunk or Edge interfaces, only.

 Interfaces can be associated with additional VLANs through memberships or tag-actions.  If an Ethernet uplink Edge interface with tag actions (for double-tagged traffic) is on the

 The Ethernet uplink Edge port is on a different card than downlink Edge ports.  Ethernet downlink ports are configured with the Trunk interface role.

Note: For this application, if active/standby LAG is used for the uplink, you must ensure that Ethernet downlink ports are configured with the Trunk role.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 When a VLAN has DHCP snooping and Option 82 relay enabled, an Ethernet interface

can be directly added to the VLAN membership, but using a tag action to associate an Ethernet interface to such a VLAN is not supported.

 BPDU Guard and RSTP cannot be enabled on an interface, simultaneously.  For Policy maps:

 For Trunk interfaces, any policy map assignment is allowed.  For Edge and Access interfaces, if a policy map contains a two-tag classification, the

edge or access link must have a tag-action that adds the outer tag being matched by the class rule.

 For an RSTP network, Calix recommends setting the following parameters as shown:

membership.

 The Interface Quality Audit (IQA) function periodically checks the number of File Check

 LAG interfaces:

 The ports in a LAG must be either all GE or all 10GE.

 For GE ports:

♦ up to 8 GE ports per LAG ♦ up to 6 LAGs per shelf

 For 10GE ports:

♦ up to 4 10GE ports per LAG ♦ up to 2 LAGs per shelf

 For 1GE LAG groups, the connectors should be of the same type: SFP or SFP+, not

both.

 All VLAN associations must be removed from a LAG before the LAG can be

deleted.

 Before a port can be assigned to a LAG interface, the port's default associated

interface must be disabled. When a port is assigned to a LAG, the LAG interface provisioning (for example, VLAN membership) applies to the port. See Configuring an Ethernet Port (on page 21) for details on how to add ports to the LAG interface.

 For Modular Chassis (MC) systems, LAG and RSTP interfaces are only supported on

the Modular Chassis Controller (MCC) shelf.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 For E7-20 systems, LAG and RSTP interfaces are only supported on the SCP cards.  A LAG can include ports on the same line card, or on two different line cards within

the same shelf, known as cross-card protection.

 LACP System Priority is used between two systems connected by the LAG to

determine which system should be controlling the LAG. The lower value takes priority. Typically, the upstream side of the LAG is configured for the LAG master (lower value).

 The port priorities on each side of the LAG should be set to the same values.  Keep the interface LACP Role set to the default value of active, unless there is a very

clear need. Specifically, the topology where at least one side of the LAG is cross-card will not operate when either side of the LAG is set to LACP role = passive.

 Keep the Ethernet port parameter LACP Timeout set to the default value of short,

unless there is a very clear need. Specifically, the topology where at least one side of the LAG is cross-card will not operate when either side of the LAG is set to LACP Timeout = long.

 Set the following parameters as shown to achieve the best re-convergence time:

♦ The VLAN IGMP Mode = proxy ♦ The IGMP profile Router Learning Mode = static ♦ The IGMP profile Router Solicit On Topology Change = N (disabled) ♦ The LAG interface is designated as a static router port through the VLAN

membership.

 For a single-card LAG, the ports added to the LAG that exceed the LACP Max Ports

parameter value are designated as standby ports and come online when a LAG active port fails. (This is the equivalent of active/standby LAG on a single card.)

 The Link Aggregation Control Protocol (LACP) assigns a LAG the same MAC

address of the associated Ethernet link with the highest port priority. When two or more ports have the same priority, the MAC address of the port with the lowest port number is used. Therefore, if ports 3, 5, and 7 are configured for a LAG, then the LAG MAC address is the MAC address of port 3. The system MAC address identifies the system in the LACP control messages, and the interface MAC address identifies the Link Aggregation Group.

 RSTP must be disabled in order to configure a cross-card LAG.  For Active/Active cross-card protection LAGS, the interface role parameter must be

set to Trunk.

 For Active/Standby cross-card protection LAGs:

♦ An equal number of links should be configured for the active card and the

standby card (1-4).

♦ The ports on only one of the cards will be active while the ports on the other

card are standby.

♦ When provisioning active/standby LAG, the port priority should NOT be

provisioned to 0.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

♦ For both ends of a LAG, the ports on the active card must all have the same

LACP Priority value for the Ethernet port parameter, and the LAG ports on the standby card must all have the same priority value. Yet, the priority value on the active card ports must be lower than the value set for the ports on the standby card, giving the priority to the active card ports.

♦ A failure threshold defines how many active ports in the group can fail before

the group is taken out of service, and the system switches the LAG operation to the ports on the standby card. This threshold is indicated by the LACP Min Ports parameters.

♦ LACP Min Ports = LACP Max Ports (When one active port fails, the system

switches the LAG operation to the ports on the standby card.)

Before starting

Before starting the configuration process, check that the following conditions are met:

 The policy map that you want to associate to the E7 Ethernet port interface is already

created.

Parameters

You can provision the following parameters for LAG interfaces:

Parameter

Description

Valid Options

Name*

Name of LAG interface or associated Ethernet port (card/Ethernet port).

(Note: This is a case-sensitive string.)

String 31 characters

Role* Role of E7 Ethernet port interface.

 trunk and edge are supported on E7-2 standalone, E7 modular

chassis controller, and E7-20 SCP cards.

 access is supported on E7-2 standalone, E7 modular chassis

controller, E7 modular chassis expansion cards, and E7-20 linecards.

See the rules and restrictions for each role in the above paragraphs.

trunk edge access E7-2, E7 Modular Chassis Controller, and E7-20 SCP cards:

 10G = trunk ‡  1G = edge ‡

E7-20 and E7 Modular Chassis Expansion:

 10G = access ‡  1G = access ‡

Default (LAG) = NA

Admin State Service state of E7 port interface. Select whether the interface is in

service. Note: Before you can assign a port to a LAG interface, you must disable

the port's default associated interface. When a port is assigned to a LAG, the LAG interface provisioning (for example, VLAN membership)

applies to the port.

enabled ‡ disabled

Description Descriptive name for the interface. String 31 characters

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

RSTP Whether the interface is running rapid spanning tree protocol (RSTP).

The E7 supports port-level RSTP. Therefore, ensure the far-end device is configured similarly (port-level RSTP) and not using VLAN-level RSTP.

 RSTP (enabled) is only supported for trunk and edge interfaces.  RSTP (tunneled) is supported for all interface roles and should only

be used when configuring TLAN service.

 RSTP and BPDU Guard cannot be enabled on an interface,

simultaneously.

 For Modular Chassis systems, RSTP is only supported on MCC

shelf interfaces.

 For E7-20 systems, RSTP is only supported on SCP interfaces.  For cross-card LAG interfaces, RSTP is not supported and must be

disabled in order to configure a cross-card LAG.

enabled (‡ E7-2) disabled (‡ E7-20) tunneled

STP Priority Spanning tree protocol (STP) priority of this port interface.

Note: Leave the default value unless you are certain of a modified value to assign as an STP priority for the interface.

0, 16, 32, 48, 64, 80, 96, 112, 128‡, 144, 160, 176, 192, 208, 224, 240

STP Path Cost Spanning tree protocol (STP) path cost i s the cost of transmitti ng a

frame on to a network through that port. It is assigned according to the speed of the bridge. The slower the media, the higher the cost.

Note: Leave the default value unless you are certain of a modified value

to assign as the cost of service.

1-200000000 4 ‡

Policy Map Name of policy map used on ingress traffic packets. The associated

map describes what actions to take when the ingress traffic packets

match the listed criteria.

name of map

Subscriber ID Identification information of subscriber, such as phone number, or

account number.

String 0-63 characters

MTU (Bytes) Maximum Transmission Unit size (bytes). E7 supports the ability to set

the MTU size on an interface to a maximum or 9000 bytes, not including the Ethernet header, two VLAN tags for Q-in-Q, and the frame check sequence (32-bit CRC).

 MTU = 9600 bytes for E7 Ethernet interfaces  MTU = 2000 bytes for 700GE and 760GX GPON ONTs  MTU = 1600 bytes for 700GX GPON ONTs

For example:

 2000 bytes = MTU  2026 = Max Ethernet frame (with two VLAN tags without

Preamble/Delimiter)

 2034 = Max Ethernet frame (with two VLAN tags including

Preamble/Delimiter)

 2046 = Max Ethernet frame (with two VLANs, preamble/Delimiter,

and Interframe Gap)

1500-9600 2000 ‡

Ether Type The Ethertype indicates the protocol being transported in the Ethernet

frame.

 0x8100 - IEEE 802.1Q-tagged  0x88a8 - IEEE 802.3ad provider bridging  0x9100 - Q-in-Q (double tagged)

The recommended value of 0x8100 should be used for all interfaces (Ethernet and LAG).

Note: The VLAN tagged frames are identified as having a tag by

utilizing the Ethertype field.

0x8100 ‡ 0x88a8 0x9100

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

Native VLAN Native VLAN to use for untagged user traffic on this interface. VLANs

can be specified by name or by numeric VLAN ID. Supported for trunk and edge interfaces, only.

To forward untagged traffic on E7 Ethernet ports with an access interface, an add-tag action must be applied to untagged frames,

assigning the traffic to a designated VLAN.

numeric value (range 1-4093) 1 ‡

Split Horizon Forwarding

Enable or disable split-horizon forwarding on this Edge interface of a standalone E7-2 or modular chassis controller shelf. (The Split Horizon Forwarding is not supported on the E7-20 system.)

The default is “Enabled” or "Y" and should only be disabled when setting up TLAN service between multiple edge or access ports on the same E7. When Split-horizon forwarding is enabl ed on an edge port, traffic from that port will only route to trunk links. The Split-horizon forwarding flag has no effect on trunk links. Examples of an edge port would include GE ports to managed CPE, a GE/10GE port to external equipment which may use different tagging levels, or GPON ports. By default, E7 edge ports have the split horizon feature enabled which

isolates port traffic from other edge ports within the same E7 line card.

disable enable (‡ E7-2)

BPDU MAC Mode MAC for rapid spanning tree protocol (RSTP) bridge protocol data units

(BPDUs).  1d results in the E7 transmitting BPDUs with a DA of

01:80:C2:00:00:00. Use this selection when the E7 is connected to an 802.1d compliant switch with redundant link.

 1ad results in the E7 transmitting BPDUs with a DA of

01:80:C2:00:00:08. Use this selection when the E7 is connected to

an 802.1ad compliant switch with redundant link.

1d ‡ 1ad

LACP Tunnel LACP protocol packets are forwarded when set to enabled (Y) on an

Ethernet interface and should only be used when configuring TLAN

service.

disable ‡ enable

RSTP Auto Edge Link

Enables or disables automatic RSTP detection and protocol negotiation for other connected bridges on E7 Ethernet ports. Each RSTP edge link transitions immediately to the RSTP forwarding port state, since there is no possibility of it participating in a loop. If another connected bridge is detected on a port with RSTP Edge Link enabled, the port immediately

transitions to point-to-point and negotiates the RSTP topology.

disable ‡ enable

Trusted Whether the interface is a trusted source of DHCP option 82/LDRA

data.  Ethernet interfaces used for LAG or ERPS links can only be set to

Trusted = Y.

 Access interfaces can only be set to Trusted = N.

selected (yes) ‡ unselected (no)

BPDU Guard Enables or disables BPDU guard mode. When enabled, this prevents

topology loops by preventing the participation of an interfac e in a spanning tree. When the interface receives a BPDU (STP, RSTP, MSTP), it is put into a disabled state where an operator must manually disable, and then re-enable the interface to put the interface back into service.

BPDU Guard and RSTP cannot be enabled on an interface,

simultaneously.

disable (default for E7-2 standalone, MCC shelf, and E7-20 SCP with RSTP enabled on GE/10GE ports)

enable (default for all Access interfaces, where RSTP is not supported)

IGMP Immediate Leave

Enables or disables IGMP immediate leave. When enabled, checks are omitted that would see if there are other hosts interested in the multicast

group.

use-vlan-setting ‡ enabled

disabled

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

Interface Quality Audit Mode

 no-audit - disables the Interface Quality Audit (IQA) mode  alarm-only - generates an alarm, but, does not take any action on

the interface

 disable-interface – Disable the interface when the threshold is

exceeded

 protocol-action – For ERPS and LAG, only disable the interface if

there is an alternate path that is up and available. For non-ERPS

and non-LAG interfaces, this is interpreted as “alarm only.”

no-audit, alarm-only ‡, protocol-action, disableinterface

Polling Interval Number of seconds between interface quality audits that compare

errored frames to total received frames.

1-60

1 ‡

Error Threshold Number of errored frames per million total frames to consider a specific

interval as failed.

1-100000

1000 ‡

Polling Window Number of interface quality audi t intervals to cons i der for failure

determination.

10-60

60 ‡

Errored Interval

Count

Number of failed audit quality intervals within the polling window that will

indicate an interface failure for IQA to take an alarm or OOS action.

1-60

10 ‡

Interval Min Frames Minimum number of frames that must be received per interval for a

specific interval to be considered valid.

1-2147483647

100 ‡

LACP Cross Card (LAG onl y) Whether LAG cross-card protection is enabled, allowing

ports on two cards to be configured into a LAG:  active-standby - one card's ports are active and the other card's

ports are standby.

 active-active - both cards' ports are active.

Note: This only applies to cross-card protection LAGs.

disabled ‡ active-standby active-active

LAG Cross Card Revertive

(LAG only) Whether to have the LAG interface revert to the ports on the active card after a failure is found and fixed.

Note: This only applies to active-standby cross-card protection LAGs.

The active-active LAG does not support the revertive mode.

N (unselected) ‡ Y (selected)

LACP Hash (LAG only) Individual traffic flows will only use a single link in the Link

Aggregation Group (LAG). The link used for each packet is based on a hash algorithm.

 src-dest-mac will likely give the best results for typical

configurations that have many downstream client MACs, and few upstream server/router MACs.

 src-mac or dest-mac may give positive results for a condition of

badly uneven hashing with the typical configuration of many downstream MACs and few upstream MACs. Try src-mac hashing on the upstream LAG link, or try dest-mac hashing on a

downstream LAG link.

src-mac dest-mac src-dest-mac ‡

LACP Min Ports (LAG only) Minimum number of ports required for LAG activation. When

the number of active ports falls below this value, the group is taken out of service.

 When two LAGs are used with RSTP node protection, the system

switches LAG operation to the other LAG.

 For active-standby cross-card LAGs, the system switches the LAG

operation to the ports on the standby card.

1-8 1 ‡

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

LACP Max Ports (LAG only) Maximum number of active ports participating in the LAG.

 For single-card LAGs, the ports added to the LAG that exceed this

value are designated as standby ports and come online when an active LAG port fails.

 For active/standby cross-card LAGs, this value indicates the number

of ports on each card, assuming that there are an equal number of active and standby ports in the LAG. You cannot add more than this number of ports from any one card. The limit is 4.

 For Active/Active LAGs, this value indicates the total number of

ports in the LAG where all available ports must be active, so you

cannot add more than the Max ports. The limit is 8.

1-8 8 ‡

LAG Mode (LAG only) Mode for LAG interface.

 lacp-enable - The LACP protocol is used to control the LAG ports. It

is required for an Active/Standby LAG, or for any LAG that might have standby ports.

 manual - The LACP protocol is not used. Therefore, if a port is

added to the LAG, it is automatically made an active link when the

port is enabled. This is also known as a static LAG.

lacp-enable ‡ manual

LACP System Priority

(LAG only) Used between two systems connected by the LAG to determine which system should be controlling the LAG. The lower value takes priority. Typically, the upstream side of the LAG is configured for the LAG master (lower value).

 When the LACP system-priority is changed, a 2-s econd downtime

will occur where no traffic passes through the LAG.

 When provisioning active/standby LAG, the port priority should NOT

be provisioned to 0.

 For both ends of a cross-card LAG, the LAG ports on each card

must all have the same LACP Priority value for the Ethernet port parameter, and the priority values must be different between the two cards. For active-standby cross-card LAGs, priority on the active card ports must be lower than the value set for the ports on the standby card, giving the priority to the active card ports.

 The port priorities on each side of the LAG should be set to the

same values.

0-65535 32768 ‡

LACP Role (LAG only) Role for this end of the LAG.

 Active control mode actively initiates the LACP negotiations on a

link.  Passive mode does not initiate LACP negotiations, but will respond. Note: Avoid the use of LACP passive role, unless there is a very clear

need. Specifically, the topology where at least one side of the LAG is cross-card will not operate when either side of the LAG is set to LACP

role = passive.

active ‡ passive

* Required field ‡ Default

To create or configure a LAG interface for service

1. On the Navigation Tree, click Interfaces.

2. Either create or modify a LAG interface:

 To create a LAG interface, click Create.  To modify an existing LAG interface, in the table of Ethernet port interfaces, double-

click the row that shows the interface you want to configure.

3. Reference the table above to configure the parameters.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

4. Click Create or Apply.

Note: Before you can assign a port to a LAG interface, you must disable the port's default

associated interface. When a port is assigned to a LAG, the LAG interface provisioning (for example, VLAN membership) applies to the port. See Configuring an Ethernet Port (on page 21) for details on how to add ports to the LAG interface.

For CLI:

 create interface <interface name> (name is case sensitive) role

<trunk|edge>

 disable interface <interface name> (name is case sensitive)  delete interface <interface name> (name is case sensitive)  set interface <interface name> (name is case sensitive)

Example:

create interface “MyLAG” role trunk description “LAG to 3750”

Creating the Service VLAN(s)

This topic shows you how to create a virtual LAN (VLAN) or transparent LAN (TLAN) to segregate traffic for different services or subscribers on the same network and separate device management control messages from traffic. See Provisioning VLAN Ranges (on page

62) if you want to create a set of VLANs with similar settings.

Native VLAN and untagged traffic

By default, every E-Series Ethernet port with an associated interface role of Trunk or Edge is a member of VLAN 1, the Native VLAN. The Native VLAN is available to pass any untagged traffic. You can provision an E-Series Ethernet port interface to use a different existing VLAN as the Native VLAN.

Ethernet ports with an associated interface role of Access do not support a Native VLAN, however, tag actions can be used to match untagged traffic to a VLAN ID.

Note: If you are configuring the E-Series for in-band management, create a VLAN dedicated to E-Series management traffic. Do not put management traffic on the Native VLAN (default is VLAN 1).

Note: For E-Series Ethernet services, the E-Series only passes VLAN tags provisioned on an Edge or Access link interface.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

VLAN tagging and provisioning models

The E-Series provides standards-based VLAN tagging, and Q-in-Q VLAN stacking support. VLAN tagging was developed as a means to allow multiple networks to transparently traverse the same physical network.

VLAN-per-service provisioning model (N:1): When VLANs are provisioned to separate traffic onto VLANs based on the type of service carried in the traffic. For example, IPTV traffic is carried on a separate VLAN from data and voice traffic.

VLAN-per-port provisioning model (1:1): When VLANs are provisioned as a unique customer or port identifier, VLAN C-tags (customer tag) are utilized to create a VLAN per customer / port association.

VLAN stacking or Q-in-Q provisioning model: The ability to add multiple VLAN tags enables the following functionality:

 Expands the addressable VLAN space from 4094 VLANs to over 16 million VLANs  Allows logical separation and trunking of VLANs through a network by using a VLAN

tag to group a larger range of VLAN tags together

The most common way to use VLAN stacking is by inserting two tags on the traffic. These tags are typically referred to as the inner tag or C-tag and the outer tag or S-tag. As stated previously, the C-tag, also known as the customer tag is used to uniquely identify a customer, typically is used on a per port basis. The S-tag, also known as the service-provider tag is used to logically group C-tags together.

Metro Ethernet Forum (MEF)/Transport LAN (TLAN) business service models: MEF/TLAN service can transparently trunk business traffic across a network to other locations, typically a remote office or secondary business location. The traffic received from the business may be untagged, single-tagged, or double-tagged. The E-Series adds an outer tag to all frames to create a private switched LAN with two or more end points.

Calix VDSL2 service model

When a service is provisioned at an xDSL port, a match list and service-tag action specify the classification and marking of packets from the subscriber port into the service VLAN.

VLAN-per-service provisioning model (N:1): A service carried on an N:1 VLAN applies to multiple subscriber ports, where a single match list and tag action can indicate the service.

VLAN-per-port provisioning model (1:1): A service carried on a 1:1 VLAN is the same for each subscriber except the customer tag is unique per subscriber, you can define the match list and tag action pair such that multiple subscriber ports can reference it. This is accomplished by having a special value for the output tag in the tag action, indicating that the value of the output tag is subscriber specific. The customer-specific tag is contained in the Service object.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

VLAN Traffic flow in VDS L 2 Cards

Unlike the Ethernet ports, xDSL Ethernet ports on the E-Serieshave no interface association. Consequently, rather than adding a port interface to a VLAN membership to enable traffic flow, a service-tag action must be created that specifies the VLAN. This service-tag action is then referenced when the service is provisioned on the xDSL port. The VLAN must already be created on the E-Series for an xDSL port to pass traffic carried on a VLAN.

 To view the VLANs associated with specific port, click the port of interest on the

Navigation Tree, and then click the Associated Interface > VLANs tabs.

 To view the services associated with a specific VLAN, click VLANS on the Navigation

Tree, click the particular VLAN from the list that appears in the Work Area, and then click the Service Associations tab.

VLAN with IGMP Snooping and multicast IP addresses

The E-Series supports industry standard IETF RFC 4541 IGMP snooping of multicast video leave and join requests sent between the set-top box and the video distribution network.

IGMP snooping enables the E-Series to determine which ports should be a member of a multicast group. It can provide a local response if the channel already exists on the E-Series or it will forward those requests upstream to a multicast router or another IGMP snooping Ethernet switch. When multicast channels are received from the network, the E-Series forwards the channels to all ports that are currently members of the requested IGMP membership group. The ability to perform snooping can be enabled on a per VLAN basis. If multicast traffic is received on a VLAN where IGMP snooping is not enabled (flood), the traffic is handled as broadcast traffic and sent to all ports on the VLAN.

 Passive IGMP snooping (snoop-suppress), augmented with report suppression reduces

the number of general query and group specific reports sent to the multicast router (querier).

Note: The suppress-snoop parameter does not apply to the E7-20, as it only supports proxy for IGMP.

 Active IGMP Snooping (IGMP Proxy), becomes capable of acting as a general querier

and thus takes an active role in maintaining the IGMP multicast network. When the IGMP mode is set to proxy, an IGMP profile must be referenced from the VLAN. In addition to general querier timing parameters, the following IGMP attributes per multicast VLAN are supported:

 Robustness parameter (number of times E-Series sends out a general query)  Last member query interval  Immediate leave option  Static multicast router interface  Router learn mode

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

IGMP Proxy provides additional scalability to the IGMP network, reducing the IGMP signaling load on the multicast router.

Additional multicast addressing considerations

In accordance with RFC 4541 (section 2.1.2), the E-Series automatically passes multicast IP addresses in the 224.0.0.x address range (defined as link-local) through the system on VLANs with IGMP Snooping mode set to snoop-suppress or proxy (snooping enabled). For example, the following 224.0.0.x multicast addresses are reserved for specific routing protocols, and forwarded automatically on the E-Series without a corresponding join request.

HSRP HELLO DVMRP OSPF ALL RTR OSPF DES RTR RIP

224.0.0.2

224.0.0.4

224.0.0.5

224.0.0.6

224.0.0.9

EIGRP PIM VRRP HSRP MLS ALL SNOOPERS

224.0.0.10

224.0.0.13

224.0.0.18

224.0.0.102

224.0.0.106

If reserved 224.0.0.x multicast addresses are assigned to video channels in your lineup, the ESeries will flood these channels to all ports on IGMP Snoop enabled VLANs, which could potentially consume available bandwidth on subscriber links and result in tiling. Therefore, Calix recommends NOT using 224.0.0.x (or any of the 32 multicast IP addresses that are not unique at the L2/MAC address level) for video channel assignments. See Calix Quick Tip E7 QT-12-003 for more information.

For VLANs with IGMP Snooping set to flood (no snooping), the E-Series passes all multicast traffic transparently.

Service Security

The E-Series supports the following service security features that are defined when the VLAN is created.

 IP Source Verification ensures that only data from IP addresses learned by DHCP

snooping or static provisioning are allowed to ingress xDSL ports.

 MAC Forced-Forwarding ensures that traffic from one subscriber interface cannot be

sent directly to another, reducing the chance that malicious traffic can be transmitted between ports.

Configuration guidelines

 Even if no interface is currently using VLAN 1 as the Native VLAN, it is still off limits

for user provisioning, including use as the Management VLAN or ERPS control VLAN.

 The E-Series reserves four VLAN values for system operation. The E-Series requires

these VLANs always be identified. The default values for these VLANs are 1002, 1003, 1004, and 1005. If required, these four VLAN ID values may be reconfigured to be some other set of four consecutive VLANs, using the basic system settings.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 For an E-Series Ethernet port interface to pass traffic carried on a VLAN, the interface

must be added to the VLAN membership, or specified as the target in a tag action.

 You can configure only one of the following attributes on a given VLAN on a given E-

Series Ethernet port interface:

 VLAN membership  Tag-action (edge and access interfaces only)  Native VLAN (edge and trunk interfaces only)

 For an xDSL port to pass traffic carried on a VLAN, a service tag action must be created

specifying the VLAN.

 For xDSL VLANs that need to carry IPv6 traffic, enable the VLAN TLAN parameter

for transparent passthrough of IPv6 traffic.

 IGMP snooping is only enabled on the outer VLAN ID as multicast traffic is typically

transported throughout the network with a single VLAN ID tag.

 All nodes in an ERPS ring must have the same IGMP Snooping provisioning on the

video VLAN for traffic to flow--either all with snooping (snoop-suppress, proxy) or all without snooping (flood).

 An operator may manually delete a lease entry from the table. However, if an IP Source

Verification is enabled on the VLAN, deleting the DHCP lease entry results in the subscriber traffic being dropped until the subscriber’s IP host requests, and is granted, a new IP address using DHCP.

 When DHCP snooping is enabled on a subscriber VLAN, the E-Series drops all DHCP

server communication originating from subscriber Ethernet interfaces. Calix recommends DHCP snooping be enabled for all residential subscriber services.

 In the VDSL2 subsystems, DHCP leases cannot be learned without also applying a limit

to the number of learned leases on the port. Each Ethernet port has an associated Port Security Profile that can limit DHCP leases in a range of 1-16. A security profile used by an xDSL port must have a DHCP lease limit value of 10 or less.

 When DHCP snooping is enabled, DHCP requests for VLANs do not appear in an E-

Series port mirror session.

 The craft management ports cannot use IP addresses from the same subnet where

DHCP Snooping is enabled.

 DHCP snooping is not supported on management VLANs.  DHCP Snoop must be enabled on the VLAN to support the AE Discovery Event

operation.

 Simultaneous operation of DHCP Snooping and PPPoE are not supported. When a

PPPoE profile is selected, the DHCP features are disabled. See Configuring PPPoAPPPoE Operation for a Data Service (on page 184) for more information.

 For E-Series VDSL2, IP and MAC addresses may be dynamically learned using either

DHCP Snooping or manually provisioned with static IP/MAC addresses. Services with static subnets (without MAC address specification) may also be provisioned for IP Source Verification, but are bound to the port only by IP address.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 DHCP and Static IP host: Binds IP and MAC address to a Port  Static IP Subnet: Checks individual host IP addresses to the subnet and binds the

subnet to a port.

 The following capacities apply to Static IP Addresses/Subnets within the E-Series

VDSL2 subsystem.

♦ 1 Static IP subnet can be provisioned per xDSL Ethernet service. ♦ 4 Static IP hosts can be provisioned per xDSL Ethernet service. ♦ 8 Static IP hosts/subnets can be provisioned per xDSL port, across all

services.

♦ 256 Static addresses total per port (includes static addresses and sizes of static

subnets)

♦ 16 DHCP Leases per port (defined in the Ethernet Security Profile with a

default setting of 8).

 Disabling MAC Learning causes traffic within the VLAN to be flooded to all egress

interfaces with membership in the VLAN, which can degrade throughput.

 Disable MAC Learning for MEF point-to-point Ethernet Private Line (EPL) and

Ethernet Virtual Private Line (EVPL) services to allow service delivery without the ESeries adding any subscriber MAC addresses to the E-Series forwarding table.

 Disabling MAC Learning should only be done with point-to-point services and is NOT

appropriate for a multi-point Ethernet-LAN (ELAN) service or other VLAN-per-service applications.

 MACFF can only be used in conjunction with DHCP Snoop.  Enable MACFF to limit broadcast traffic on the VLAN domain when using the VLAN

Per Service model. It is not required for the VLAN per Port (single and double-tagged, Q-in-Q) data model or PPPoE because this VLAN model by definition limits the broadcast domain to a single access node and the router and makes it easier to manage the broadcast load. However, MACFF should still be enabled on these VLANs when the subscriber edge does not include a residential gateway.

 For E-Series VDSL2, MAC Forced Forwarding (MAC FF) can be used with the

following IP hosts:

 IP hosts learned via DHCP Snooping  IP hosts statically provisioned (IP and MAC)  IP hosts statically provisioned (IP address only)  IP subnets statically provisioned (single IP address/MAC)

 MAC Forced Forwarding supports a single source MAC address with multiple source IP

addresses, when the MAC address is not specified.

 IP Source Verify is not supported for a source MAC address with multiple IP addresses.  For E-Series VDSL2, MAC FF can be used with static IP subnets.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 IGMP snooping is provisioned on a VLAN basis and is recommended for VLANs

carrying video services and should be avoided for VLANs in a Transparent LAN Service (TLS).

 The default behavior for data services is to filter all multicast traffic upstream from an

xDSL port, unless the TLAN parameter is enabled on the VLAN. For VLANs that are carrying IPv6 multicast traffic, enabling (selecting) this feature allows a passthrough of the IPv6 traffic.

 A VLAN can only be deleted if it is NOT referenced by a tag action, a service tag action,

a provisioned service, or a voice service IP Host.

 For the double-tagged VLAN, the same inner tag cannot be used with different outer

tags. Any given (inner) tag received upstream on the VDSL2 card can only be told to push a single (outer) tag. For example, VLAN 100 received on the VDSL2 card can push tag 200; 200 will be popped in the downstream.

 Once a tag is used as a single-tagged VLAN, it cannot also be used in double-tagged

VLANs. For example: if VLAN 300 is single tagged:

 It cannot be used as the inner tag of a double-tagged VLAN because the double

tagged would require VLAN 300 to push an outer tag.

 It cannot not be used as the outer tag in a double-tagged VLAN because that would

mean it would get popped in the downstream direction.

 Multicast addresses on an E7 VDSL2 card must be unique across all IGMP-enabled

VLANs on the VDSL2 card, including MVR VLANs in up to 4 MVR profiles. For example, multicast address w.x.y.z cannot exist in both VLAN-A and VLAN-B on the same VDSL2 card, where IGMP snooping/proxy is enabled on VLAN-A and VLAN-B.

 An MVR VLAN cannot also be used as an Ethernet services VLAN.

 DSL only supports a single MVR VLAN if the IGMP mode is set to snoop-suppress

and will support multiple MVR VLANs if the IGMP mode is set to proxy.

Parameters

You can provision the following parameters for VLANs:

Parameter Description Valid Options

ID* VLAN ID 2-4093

(Except for 1002-1005 which are reserved for E-

Series operation.)

Name Name of VLAN String of 31 characters

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

IGMP Mode IGMP mode for the VLAN.

snoop-suppress (This parameter does not apply to the E7-20, as it only supports proxy for IGMP): Enables IGMP snooping (with report suppression) on the VLAN to manage the multicast group memberships of subscriber ports. The IGMP capability ensures that only multicast channels which are joined by a particular set-top box (STB) appear on the subscriber network. All nodes in an ERPS ring must have the same IGMP Snooping provisioning on the VLAN for video traffic to flow--either all enabled or all disabled.

Within the IGMP protocol, the querier generates the following messages:

 A General Query message is generated where all devices which are

joined to any group respond with a Report message.  A Group Specific Query message is generated where the specific

group responds with a Report message. The messages and reports can generate a lot of IGMP activity in a large

network. Report suppression allows intermediate devices, between the querying router and the multicast consumer host, to suppress duplicate Report messages within the response timer window, in order to reduce the amount of IGMP traffic that must be processed higher in the network. Disabling Report Suppression allows more Report messages to be allowed up through the network.

proxy: Causes the E-Series to act as an IGMP v2 proxy for all STBs, sending join/leave requests to the upstream IGMP router/content provider as required. This provides a more robust IGMPv2 implementation, scaling to the maximum number of subscribers and channels. When the IGMP mode is set to proxy, an IGMP profile must be referenced from the VLAN._

Note: Calix recommends IGMP proxy for the multicast VLAN in all nodes in an ERPS ring.

flood: Disables IGMP snooping and proxy. If multicast traffic is

received, IGMP traffic is forwarded through and multicast traffic is forwarded to all member ports on the VLAN.

Note: Recommended for VLANs not carrying multicast

traffic.

snoop-suppress proxy flood ‡

IGMP Profile Name of the IGMP profile to associate with the VLAN. This profile only

applies if the IGMP mode is set to proxy.

system-default ‡

any existing profile

DHCP Snoop Whether to enable DHCP snooping to track all DHCP activity on that

VLAN and create/update a table of DHCP leases granted. Calix recommends DHCP snooping be enabled for all residential subscriber services.

Note:  When DHCP Snoop is enabled, MAC Learning is disabled by

default.  Maximum number of service VLANs with DHCP Snoop enabled, per

VDSL2 line card = 48.

cleared (disabled) ‡ selected (enabled)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

MAC Forced-Fwd (VDSL2 and PON only) Whether to enable MAC Forced Forwarding

(MAC FF) which screens upstream packets at the ONT Ethernet port or xDSL port and only allows through those packets with a destination MAC address (DMAC) that matches the upstream access router. Calix recommends MAC Forced Forwarding be enabled for all residential and business internet access services. MAC FF supports the following:

Note: Maximum number of service VLANs with MAC Fored-Forwarding

and/or IP-Source-Verify enabled, per VDSL2 line card = 48.

cleared (disabled) ‡ selected (enabled)

IP Src Verify (VDSL2 and PON only) Whether to bind the IP address and MAC

address to the physical ONT Ethernet port or xDSL port, preventing subscribers from assigning an IP address to a device and passing traffic on it. IP Source Verification for Static IP hosts requires MAC FF be enabled. Calix recommends IP Source Verification be enabled for all residential and business internet access services.

Note: Maximum number of service VLANs with MAC Fored-Forwarding

and/or IP-Source-Verify enabled, per VDSL2 line card = 48.

cleared (disabled) ‡ selected (enabled)

MAC Learning Controls MAC address learning. This parameter control only applies to

standalone E7-2 systems.  E7-20 and E7-2 in Modular Chassis mode only support MAC

Learning enabled.  E7-2 system cannot be set to Modular-Chassis mode while any

VLAN has MAC Learning disabled. Calix recommends leaving MAC Learning in the default enabled mode.  Disabling MAC learning causes traffic within the VLAN to be flooded

to all egress interfaces with membership in the VLAN.  Disabling MAC Learning and DHCP Snooping, and enabling MAC

Forced-Fwd, causes all downstream packets to be flooded.

 Enabling DHCP Snoop, sets MAC Learning to disabled by default.

cleared (disabled) selected (enabled) ‡

AE Discovery Event Whether the E7 sends an event to CMS whenever a new Calix AE ONT

is discovered on an untrusted port. When enabled, an event is sent for any new lease added to the binding table entries belonging to AE ONTs. If the lease for the AE ONT already existed in the table at the time of enabling the feature, an event will not be sent.

Note: DHCP Snoop must be enabled on the VLAN to support the AE

Discovery Event operation.

cleared (disabled) ‡ selected (enabled)

TLAN (VDSL2 and PON only) Whether to enable PON or xDSL transparent

LAN service which disables Ethernet Security Profiles, MAC Forced Forwarding, DHCP Lease Limits, or Upstream Broadcast Limits that were applied to the ONT Ethernet port or xDSL port with the associated VLAN.

Note: The default behavior for data services is to limit multicast traffic upstream from an ONT Ethernet port or xDSL port, unless the TLAN parameter is enabled on the VLAN. For GPON or xDSL VLANs that need to carry IPv6 traffic, enable the VLAN TLAN parameter for

transparent passthrough of IPv6 traffic.

cleared (disabled) ‡ selected (enabled)

PON Hairpin (PON only) Whether to enable PON hairpin which allows traffic to flow

upstream from an ONT Ethernet port and back downstream on the same PON to another ONT Ethernet port. The PON Hairpin function is not compatible with DHCP Snoop, IGMP snoop, MAC Forced-Fwd, or IP Source Verify.

Note: Supported for TLAN and T1/E3 PWE3 services.

cleared (disabled) ‡ selected (enabled)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

PPPoE Profile Assign a previously-created PPPoE profile. When a PPPoE profile is

selected, the DHCP features are disabled. See Creating a PPPoE Profile (on page 146

) for instructions.

Setting a VLAN PPPoE profile to “none” passes through all PPPoE traffic, transparently. If a PPPoE profile is used with PPPoE snoop, a list of all the active sessions and statistics are available, and the PPPoE stack is enabled, which passes through PPPoE traffic transparently as long as the Clients/BRAS are operating normally (illegal packets will be dropped).

Note: Simult aneous operat i on of DHCP Snooping and PPPoE are not

supported.

any available PPPoE profile

*Required field

‡ Default

To create a VLAN

1. On the Navigation Tree, click VLANs.

2. In the Work Area, click Provisioning > Create to open the Create VLAN dialog box.

3. In the ID box, enter a VLAN ID for the VLAN you are creating.

4. In the Name box, enter a name that is descriptive of the VLAN use. For example, VoIP

or Management.

5. In the IGMP Mode list, select the IGMP mode. Calix recommends that VLANs used for

video services be set to suppress-snoop or proxy (enable snooping).

Note: DSL only supports a single MVR VLAN if the IGMP mode is set to snoopsuppress and will support multiple MVR VLANs if the IGMP mode is set to proxy.

Note: The suppress-snoop parameter only applies to standalone <e-type> and Modular Chassis systems, as the E7-20 only supports proxy.

6. (Only applies if the IGMP mode is set to proxy.) In the IGMP Profile list, select whether

to accept the system default profile or another existing IGMP profile. Also see Creating an IGMP Profile (on page 119).

7. In the DHCP Snoop list, select whether to enable DHCP snooping. Calix recommends

DHCP snooping be enabled for all residential subscriber services.

8. In the MAC Forced-Fwd list, select whether to enable MAC Forced Forwarding. Calix

recommends MAC Forced Forwarding be enabled for all residential and business internet access services.

9. In the IP Src Verify list, select whether to enable the IP source verification (station

validation).

10. In the MAC Learning list, select whether to enable the MAC address learning for the

VLAN.

Note: This setting only applies to standalone E7-2 systems, as the E7-20 and modular chassis VLANs only support MAC Learning enabled.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

11. In the AE Discover Event list, select whether the E7 sends an event to CMS whenever a

new AE ONT is discovered.

12. In the TLAN list, select whether to enable transparent LAN service for an ONT

Ethernet port or an xDSL port.

Note: The default behavior for data services is to filter all multicast traffic upstream from an ONT Ethernet port or xDSL port, unless the TLAN parameter is enabled on the VLAN.

13. In the PON Hairpin list, select whether to enable PON hairpinning.

Note: Hairpin of services in the PON requires additional resource allocation in the GPON subsystem and should not be enabled unless hairpin service is required.

14. In the PPPoE Profile list, select the name of the profile to use.

15. Click Create.

For CLI:

 create vlan <vlan ID> [name|mac-learning|mac-forced-forwarding|ip-

Configuring DHCP Relay Option 82 and LDRA

This topic shows you how to configure the global DHCPv4 L2 Relay Agent (Option 82) and Lightweight DHCPv6 Relay Agent (LDRA) features. Option 82 applies to all VLANs with DHCP Snooping enabled, and LDRA applies to VLAN per Service data models with DHCP Snooping enabled. These features are enabled simultaneously to add information to DHCP requests that are relayed to a DHCP server to authenticate the source of the requests. See RFC 3046, RFC 6221, and RFC 3315 for more information.

The E-Series implementing LDRA performs a link-layer bridging (i.e., non-routing) function. LDRA resides on the same IPv6 link as the client and a DHCPv6 Relay Agent or server, and is functionally the equivalent of the Layer 2 DHCP Relay Agent for DHCPv4 operation. Both IPv4 and IPv6 are supported for data services simultaneously on VLAN per Service models in all Layer 2 topologies when the following conditions:

 The "DHCP Snoop" is enabled on the S-VLAN  “Option 82/LDRA” is enabled on the E7 or E3/E5 unit or shelf  The Ethernet uplink interface is set for "Trusted=Y"

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

The two sub-options of Option 82 are defined in RFC 3046:

 Agent Circuit-ID (intended for circuits terminated by the system hosting the Relay

agent)

 Agent Remote-ID (intended to identify the remote host end of a circuit)

The two sub-options of LDRA are defined in RFC 3315:

 Agent Interface-ID (equivalent to Option 82 Circuit-ID option in DHCPv4)  Agent Remote-ID (equivalent to Option 82 Remote-ID option in DHCPv4)

The LDRA sub-options are derived from the DHCP Option 82 Circuit-ID and RemoteID sub-options using the same format, and are not user-defined.

When DHCP Option 82/LDRA is enabled, Relay Agent identification information is inserted into DHCP messages captured at the "Untrusted" interfaces and sent to the DHCPv6 server by applying a system-defined access-identifier profile.

 The "eth-system-default" profile is applied to Ethernet and xDSL ports.  The "gpon-system-default" profile is applied to E7 GPON ONT Ethernet ports.

Ethernet interfaces are identified as either "Trusted" or "Untrusted."

 Untrusted interfaces are snooped for client DHCP traffic.  Trusted interfaces are snooped for DHCP server traffic.

Note: All E7 GPON ONT Ethernet ports are implicitly Untrusted and the “Trusted” attribute cannot be configured.

When DHCP snooping is enabled on a VLAN, the E-Series tracks all DHCP activity on that VLAN within the system and maintains a table of DHCPv4 and DHCPv6 leases granted. You can retrieve the table of granted leases via any of the management interfaces containing the following attributes, which may be searched or filtered: VLAN ID, IP address, MAC address, ONT port.

Neighbor Discovery Protocol (NDP) flood control is enabled automatically with LDRA when DHCP Option 82 insertion is enabled. NDP flood control prunes NDP messages so only IP hosts discover the access router. In order to enable visibility into the NDP flood control processing, the E-Series provides a number of counters such as all packets forwarded and discarded on a per packet type basis, and access to the NDP cached entries. This information can be accessed via CLI, EWI and CMS.

Upstream (client to server) DHCP packets captured on Untrusted interfaces, will have the following Option 82 information inserted:

Note: LDRA sub-options are derived from the Option 82 Circuit-ID and Remote-ID suboptions using the same format.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Ethernet and xDSL ports:

 Circuit-ID options:

 Calix-format: <system-ID> eth <shelf>/<slot>/<port>:<Vlan-Id>[-<Vlan-

Id>]

 TR-101-format: <system-ID> <iftype>

<shelf>/<slot>/<tr101port>:<cetag>[-<tag-Id>]

♦ The TR-101 iftype should be either “eth” or “atm” (must be all lower case). ♦ The TR-101 cetag should be one of 3 formats:

:vpi.vci for DSL lines/groups that are trained in ATM mode (tagged or untagged) :ce-vlan-id for tagged subscribers that are either PTM DSL lines/groups or ONT Null for untagged subscribers that are either PTM DSL lines/groups or ONT

 Calix-format-2: <system-ID>:<shelf>/<slot>/<port>

Note: If the xDSL port is a member of a bonded link group, the port within the xDSL bonded link group with the lowest port value will be selected to fill the <port> field in the Circuit-ID string.

 Remote-ID options:

 Subscriber ID of the port on which the DHCP lease request is received. The first

64 characters of the Subscriber ID text field are inserted.

 none (no content is inserted)

 E7 GPON ONT Ethernet ports:

 Circuit ID options:

 Calix-format: <system-ID> eth

<shelf>/<slot>/<port>/<OntID>/<Ontport>:<Vlan-Id>[-<Vlan-Id>]

 TR-101-format: <system-ID> eth

<shelf>/<slot>/<port>/<OntID>/<Ontport>:<cetag>[-<tag-Id>]

 Calix-format-2: <system-

ID>:<shelf>/<slot>/<port>/<OntID>/<Ontport>/

 Remote-ID options:

 ONT FSAN serial number, which is the default, specified in the "gpon-system-

default" profile.

 Subscriber ID of the port on which the DHCP lease request is received. For

ONT VoIP hosts, the subscriber ID of the ONT is used. In both cases, the first 64 characters of the Subscriber ID text field are inserted.

 none (no content is inserted)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Note: The default Calix format will have a defining letter for the port (x,g,v,etc) followed by the port number. The TR101 format will have a defining letter for the port followed by the port number, except for the VDSL ports which will be only the port number (no leading letter 'v').

Downstream (server to client) DHCP packets will be captured and examined on Trusted interfaces.

 If a session match is found for an interface, the Option 82/LDRA string is removed if

Option 82/LDRA is enabled globally, and then the packet is delivered to the Ethernet, xDSL, or ONT Ethernet port interface where the lease request originated.

 If a session match is not found, the DHCP packet will be forwarded unchanged on either

the port for which the MAC is learned, or on all "Trusted" interfaces belonging to the VLAN (in case of broadcast DHCP packets).

All packets received on Untrusted interfaces that already have DHCP Relay Agent information will be dropped.

Configuration guidelines

The following additional constraints only affect VLANs with DHCP Snooping that are provisioned on Ethernet and xDSL port interfaces and where the global DHCP relay Option 82/LDRA is enabled:

 DHCP snooping and Option 82/LDRA are not supported on the Management VLAN.  Ethernet interfaces used for LAG or ERPS links cannot be set to “Untrusted.”  If a line card reboot or reset occurs, the DHCP lease database for all ports (xDSL,

GE/10GE, GPON) persists.

The following guidelines apply to LDRA only:

 LDRA cannot be enabled independently from Option 82.  LDRA is automatically enabled on any VLAN with DHCP Snoop enabled.  LDRA is supported for data services on VLAN per Service models only.  IPv6 residential gateways (RGs) are required for the VLAN per Service data model.  Access interfaces support IPv6 transparency only (no LDRA or NDP flood control) for

TLAN point-to-point, TLAN multi-point, and VLAN-per-port topologies.

 E7-2 and E3-48C 10GE and E5-48 and E5-48C GE access interfaces support LDRA,

but are not expected to be subscriber-facing.

 Edge interfaces do not support LDRA on received RELAY-FORWARD and RELAY-

REPLY messages.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Tag actions can be applied to untagged or single-tagged subscriber traffic processed by

LDRA, including:

 GPON ONT / ETHERNET / VDSL subscriber untagged with tag action: Add Tag  GPON ONT / ETHERNET / VDSL subscriber single tagged with tag action:

Change Tag

 GPON ONT / ETHERNET / VDSL subscriber single tagged with VLAN

membership

 GPON ONT subscriber untagged with tag action: Add 2 Tags

 Security features not supported for IPv6 traffic include: MAC FF, IP Source Verification,

and static IPv6 host entries.

To configure DHCP Option 82/LDRA insertion

1. On the Navigation Tree, select E-Series.

2. In the work area, click DHCP > Provisioning to open the DHCP Configuration form.

3. In the Option 82/LDRA Enabled checkbox, select the checkbox to enable this feature.

4. In the Option 82 Policy list, select whether to drop or overwrite packets with Option 82

on ingress packets.

5. In the toolbar, click Apply.

6. To specify the Remote-ID or Circuit-ID attributes on the global option 82 profile for E-

Series networks, use the procedure shown below.

For CLI:

set dhcp-cfg option-82 [enabled|disabled] set dhcp-cfg option-82-policy [drop|overwrite]

To configure the global access-identifier profiles

1. On the Navigation Tree, select E-Series.

2. In the work area, click Profiles > Access Identifier to view the table of default access-

identifier profiles.

3. Double-click the name of the profile that you want to configure:

 eth-system-default is used for xDSL and GE ports.  gpon-system-default is used for GPON ONT ports.

4. In the Access Identifier Profile form, select the parameter from the attribute list:

 Circuit ID list parameters:

 calix-format  tr101-format  calix-format-2

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Remote ID list parameters:

 ONT FSAN serial number is the default specified in the "gpon-system-default"

profile.

 Subscriber ID of the port on which the DHCP lease request is received. For

ONT VoIP hosts, the subscriber ID of the ONT is used. In both cases, the first 16 characters of the Subscriber ID text field are inserted.

 MAC Address (for DOCSIS provisioning) of the port so that the ONT MAC is

presented to the DHCP server to validate that the subscriber CPE is connected to a valid ONT virtual Cable Modem (vCM). See the Calix Open Link Cable

vCMTS Command-Line Interface (CLI) Reference Guide and Calix Open Link Cable vCMTS SNMP Management Guide for more information.

 none

5. In the toolbar, click Apply.

For CLI:

set access-identifier-profile <eth-system-default|gpon-system-default> remote-id [subscriber-id|fsan-serial-number|mac-addr|none]

set access-identifier-profile <eth-system-default|gpon-system-default> circuit-id [calix-format|tr101-format|calix-format-2]

Provisioning VLAN Ranges

Provisioning VLANs in ranges allows you to efficiently create, update, modify, and delete VLANs. This feature also allows you to quickly create VLAN memberships to multiple Ethernet port interfaces.

To create a range of VLANs

1. On the Navigation Tree, select and expand the E-Series node, and then click VLANS.

2. In the Toolbar, click the Range Operations icon , and then select Range Create to

open the Create VLAN Range dialog box.

3. In the From and To boxes, enter the values of the first VLAN ID and last VLAN ID in

the range.

4. Select the Stop On Failure box to stop the range creation operation if a failure occurs.

For example, if VLANs within the specified range already exist.

5. Enter the parameters to apply to the VLANs in the range, and then click Create. The

Task Progress dialog appears to show the status of each operation.

6. Click ok.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

For CLI:

To update a range of VLANs

1. On the Navigation Tree, select and expand the E-Series node, and then click VLANS.

2. In the Toolbar, click the Range Operations icon , and then select Range Update to

open the Update VLAN Range dialog box.

3. In the From and To boxes, enter the values of the first VLAN ID and last VLAN ID in

the range.

4. Enter only the parameter values that you want to update for the VLANs in the specified

range, and then click Update. The Task Progress dialog appears to show the status of each operation.

5. Click ok.

 Alternatively, to select an E-Series VLAN to edit, click in the VLAN table row

between the columns where there is no text. You can select multiple VLANs to edit using the Control+click and Shift+click keys. Make any modifications using the top edit row. Click Apply from the toolbar when the modifications are complete.

For CLI:

To delete a range of VLANs

1. On the Navigation Tree, select and expand the E-Series node, and then click VLANS.

2. In the Toolbar, click the Range Operations icon , and then select Range Delete to

open the Delete VLAN Range dialog box.

3. In the From and To boxes, enter the values of the first VLAN ID and last VLAN ID in

the range to delete.

4. Select the Stop On Failure box to stop the range deletion operation if a failure occurs.

For example, if VLANs within the specified range do not exist.

5. Select the Force Deletion box to ensure VLANs and associated VLAN memberships are

deleted.

6. Click Delete.

Note: A VLAN can not be deleted if it is referenced by a tag action, a service tag action, an

ONT Ethernet Service, or an ONT IP Host.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Alternatively, to select an E-Series VLAN to delete, click in the VLAN table row between

the columns where there is no text. You can select multiple VLANs to delete using the Control+click and Shift+click keys. Click Delete from toolbar to delete the selected VLANs.

For CLI:

delete vlan <vlan ID>-<vlan ID>

To add interfaces or an ERPS domain to a range of VLAN memberships

1. On the Navigation Tree, select and expand the E-Series node, and then click VLANS.

2. In the Toolbar, click the Range Operations icon , and then select Range Action >

Add VLAN Members to open the Add VLAN Members dialog box.

3. In the From and To boxes, enter the values of the first VLAN ID and last VLAN ID in

the range.

4. In the Add Interfaces/ERPS column, select the interfaces to add to the specified range

of VLAN memberships.

Note: Use Shift+click or Ctrl+click to select multiple interfaces from the column.

5. Click the direction button to add the interfaces to the range of VLAN memberships,

and then click ok.

6. The Task Progress dialog appears to show the status of each operation. Click ok.

For CLI:

add interface <interface name> to-vlan <vlan ID>-<vlan ID>

Related topic

 Creating VLANs

Adding the Uplink Interface(s) to VLAN Memberships

This topic shows you how associate E-Series Ethernet port interfaces, LAG interfaces, multicast router interfaces, and ERPS domains to a VLAN, thereby creating a VLAN membership. A VLAN membership enables traffic on a specific VLAN to be forwarded to or accepted on an E-Series interface or ERPS domain. For any VLAN-tagged traffic to flow through an E-Series Ethernet interface, either the interface must be a member of the tagging VLAN, or the interface must have a corresponding VLAN tag-action associated with it. When you create a tag-action, the interface automatically becomes a member of the VLAN specified in the tag-action.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Configuration guidelines

 You can configure only one of the following attributes on a given VLAN on a given

interface:

 Trunk interfaces:

 VLAN member  Native VLAN

 Edge interfaces:

 VLAN member  Tag-action  Native VLAN

 Access interfaces:

 VLAN member  Tag-action

 When you create a tag-action, the interface automatically becomes a member of the

VLAN specified in the tag-action. See example below.

 Trunk and edge interfaces are always associated with at least one VLAN, through the

native VLAN attribute (VLAN 1 by default).

 An interface role cannot be modified when it is a member of a VLAN.  ERPS domains can only be associated with VLANs through membership.  When you add VLAN router interfaces, you are setting the static multicast router

location on specific ports, allowing the system to know which interface has the multicast router. You can add many interfaces to the static location. For example, if the system is connected to the multicast router via RSTP, you would want to add the static location to both ports (for instance, 1/g1 and 2/g1). RSTP will block one port at a time. When the port switches to the other port, there would still be connectivity to the multicast router.

 When the IGMP profile has the Router Learning Mode configured for 'static-only',

IGMP Proxy will not allow a static multicast router ('mrouter') interface to be a multicast destination. If the interface could become a multicast destination in the event of a network topology change, the interface should not be configured as a mrouter interface.

 Even if no interface is currently using VLAN 1 as the Native VLAN, it is still off limits

for user provisioning, including use as the Management VLAN or ERPS control VLAN.

 For modular chassis nodes, any VLAN created on the system is automatically mapped to

the Stacking Ports. The remaining port interfaces in the system must be a VLAN member for traffic to pass on the VLAN through the interface.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Example application configuration for tag-action versus VLAN membership:

For incoming E-Series traffic where the voice and video services are single-tagged and the per port data VLANs are double-tagged:

 VLAN-per-port for data traffic  Single voice service VLAN  Single video service VLAN

Configure the following:

1. Create a voice VLAN and a video VLAN and add the interface to each of the VLAN

memberships.

2. Create a no-match add-tag action to the interface for all remaining VLANs to add an

outer data service tag.

Before starting

Before starting the VLAN membership creation process, check that the following conditions are met:

 A VLAN must be created prior to adding VLAN member interfaces.  The Ethernet LAG interface or ERPS domain must exist to add it to a VLAN

membership.

To make an interface a VLAN member

1. On the Navigation Tree, click VLANs.

2. Click the Provisioning tab.

3. In the table of existing VLANs, double-click the row showing the VLAN which you

want to add members.

4. Click Action and then select the action to perform:

 Add/Remove VLAN Members enables traffic on a specific VLAN to be

forwarded to or accepted on an E-Series interface or ERPS domain.

 Add/Remove VLAN Router Interfaces sets the static multicast router location on

specific ports, allowing the system to know which interface has the multicast router. You can add many interfaces to the static location.

5. In the dialog box, do the following:

a. In the Available Interfaces/ERPS scrolling list, click the interface or the ERPS

domain to add to the VLAN. You can select more than one item, using the Ctrl+click or Shift+click key combinations.

b. Click the > button to add the selections to the Current Members or Current

Interfaces box.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Note: See the Configuration guidelines above.

Note: If the E7 system is set to Modular Chassis mode, the Ethernet port interfaces are

indicated with a shelf/card/port location. For example, EthIntf:1-2-G1.

6. Click Ok.

For CLI:

add interface <interface-id> to-vlan <vlan-id> add erps-domain <domain-id> to-vlan <vlan-id> add static-mcast-src interface <interface-id> to-vlan <vlan-id>

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Step 2. Creating VDSL2-Related Profiles

This section describes how to create various profiles that are necessary for provisioned VDSL2 services.

Topics Covered

This section covers the following topics in bold that are part of the overall VDSL2 services configuration process:

1. Configure network uplinks for VDSL2 services

2. Creating system profiles that support VDSL2 applications

 Creating Quality-of-Service (QoS) for VDSL2 traffic management  Creating profiles for data and video services  Creating profiles for voice services

3. Configure subscriber services

Overview of VDSL2-Related Profiles

This section describes how to create system profiles to use for VDSL2 applications. Creating profiles allow you define common provisioning attributes that can be reused many times and applied to multiple service ports.

Note: For information about system profiles unrelated to VDSL2 services, refer to the Calix E7 User Guide or the Calix E3-48/E5-48/E5-48C User Guide.

Profiles referenced in service provisioning

Provisioning services at the VDSL2 card port allows you to set up information common to multiple subscribers, maintained via profiles. The service definitions at the subscriber port level reference existing profiles and sometimes provide subscriber-specific information to complement the profiles.

Note: When a profile is changed, all objects referring to that object are affected. For example, if the rate in a bandwidth profile is changed, all provisioned services referencing the profile are changed to the modified bandwidth rate. Profile objects may not be deleted while they are being referenced.

Global profiles in CMS

Global profiles automate synchronizing profiles across multiple E-Series nodes. They support cross-network capabilities such as bulk provisioning. You create a profile once within CMS and apply it across all targeted E-Series nodes to ensure consistency across large deployments.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

When you create a global profile, the profile is automatically downloaded to the networks in the CMS management domain that enable global profile updates.

1. On the Navigation Tree, click CMS.

2. In the Work Area, click Profile > E5-48/E3-48C/E7/ONT (or E3-48C/E5-48/E7),

and then select the profile to create.

Service tag actions:

Each service provisioned at the subscriber port includes a reference to a match list and a tag action that specifies the classifying and marking of packets from the subscriber port into the service VLAN.

A service carried on an N:1 VLAN applies to multiple subscriber ports, so a single match list and tag action can be used to describe the service.

A service carried on a 1:1 VLAN is the same for each subscriber except the customer tag is unique per subscriber. In this case, it would be ideal to define the match list and tag action pair such that multiple subscriber ports can reference it. This is accomplished by having a special value for the output in the tag action that indicates the value of the output tag is subscriber specific. The customer-specific tag is contained in the service definition.

Bandwidth profiles:

Specifies the upstream and downstream rate limits for an individual service member.

A multicast profile references two previously defined profiles:

 Multicast Address Map

Identifies the optional global allowable multicast IP ranges.

 Multicast VLAN Registration (MVR) Profile

Identifies the optional MVR address ranges associated with specified multicast VLANs.

Security profiles:

Specifies security attributes of the xDSL port: DHCP lease limit, upstream broadcast/multicast limit, L2CP filter.

Static IP host addresses and subnets:

Configures a static Ethernet service IP address or subnet, to associate with an xDSL port service.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Multicast video profiles:

A video service is identified by the presence of a service definition, referencing a multicast profile. The multicast profile defines the following attributes of a video service.

 Maximum number of simultaneous streams on subscriber port.

Multiple video profiles will typically differ in the number of streams allowed. A small number of video profiles will be created and applied to many subscriber ports. For example, bronze, gold, and platinum video services.

IGMP profiles:

Defines a profile for VLAN association that sets configuration attributes of the Internet Group Management Protocol (IGMP) snoop used to establish membership in a multicast video services group.

SIP Gateway Voice profiles:

Specifies the SIP service configuration information that previously resided in a SIP configuration file in a primary and a secondary location.

TDM Voice Gateway profiles:

Specifies the port numbers for the UDP control plane traffic, and RTP voice traffic, as well as the IP address of the C7 viper card.

H.248 Gateway profiles and H.248 Gateway:

Specifies the H.248 gateway properties for the VDSL2 H.248 gateway services.

IP host profiles:

The IP host profiles define attributes for static IP hosts, and are used for SIP and TDM gateway services. It defines how the service obtains an IP address for communication.

Grade of Service (GOS) profiles:

Specifies reporting thresholds for certain monitored attributes of an xDSL port. For example, any time a particular count exceeds a specified threshold within a certain period (either 15 minutes or one day), a threshold-crossing alert is generated. For information on creating the profile, see the Calix E7 Maintenance and Troubleshooting Guide or the E3-48/E5- 48/E5-48C User Guide.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Creating the Quality of Service for VDSL2 Traffic Manag ement

The E-Series supports the ability to classify traffic based on the P-bit, DSCP, IP Precedence, or VLAN values of the incoming traffic. Additionally, the VDSL2 card can classify traffic based on the customer equipment MAC OUI value. The E-Series then marks the traffic with a new priority value.

Using the newly marked P-bit values, the egress queues on the port then deliver the traffic to the network using the strict priority queuing scheme (with minimum bandwidth guarantees if desired). Strict priority queuing means that all traffic (in the queues) with the highest priority is delivered to the network first, then lower priority queue traffic is delivered.

 The E-Series xDSL Access ports use match lists and service tag actions to classify

subscriber traffic.

 The E-Series Trunk and Edge ports use class maps and policy maps to classify

incoming network traffic.

This section describes how to create the following traffic-control objects for VDSL2 traffic management:

 Match list and rules: Defines a set of criteria (matching rules) for classifying traffic on

an xDSL port. The match list defines how the VDSL2 card classifies subscriber traffic into a service VLAN. The match list is applied to a service tag action that is then associated with an xDSL port service.

 Service tag actions: Marks the traffic with the appropriate VLAN and priority value

required by the service.

 See Creating an Ethernet Bandwidth Profile (on page 105) for instructions on creating

another traffic-control object for services provisioned on xDSL ports.

 Class map and rules: Defines the matching criteria for traffic on an Ethernet port that

are specified by an associated classification map which lists rules to identify packets, such as VoIP traffic.

 Policy map and policies: Contains lists of QoS-related actions to perform on packets at

the Ethernet port that match certain criteria.

Creating Ethernet Port Class of Service Profile

This topic describes how to create a Class of Service (CoS) profile to associate with an Ethernet port so traffic is sent at a particular rate by controlling the queue of packets. At egress, the E-Series maps 8 priority CoS queues (0–7) to the P-bit values of the traffic, with the highest priority queue matching P-bit 7 and the lowest priority queue matching P-bit 0. You can configure each of the CoS queues with a maximum and minimum bandwidth rate.

On a per-port basis, the E-Series also supports the ability to shape the aggregate traffic that includes a maximum rate and a maximum burst size that determines the level to which traffic is allowed to deviate from the configured rate shaper. The E-Series auto-calculates the burst size if a value is not specified.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Auto-calculated burst size = Number of bits that can be transmitted in 80ms at the configured rate limit

Example

 Rate limit = 100 Mbps  Calculated burst size applied = 8,000 Kbits

Calix recommends the port burst size parameter reflect double the Round Trip Delay (RTD) of the network, with 40 ms used as the default RTD. It is not possible to have a burst size less than the MTU of the interface.

CoS application for Link Aggregation Groups (LAG)

Rate limiters and shapers on a LAG are applied as follows:

 The maximum and minimum bandwidth rates per CoS are applied to the LAG interface

on ingress. The resulting rate limit is distributed over all links in the LAG.

 The port shaping rate and burst size for traffic shaping are applied per-Ethernet port

independent of the other links in the LAG interface.

See "Traffic Management" and "Data Path" in the Calix E7 Engineering and Planning Guide.

Note: The upstream traffic on a service VLAN must have the same priority value as is set for downstream traffic. The priority value must also be consistent with the class of service type as defined in the Ethernet port CoS table.

Class of service parameters

You can provision the following parameters for class of service:

Parameter Description Valid Options

Name*

Name of COS queue.

text string

Queue 1 Rate Shaping rate for queue 1, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 1 Min

Bandwidth

Minimum bandwidth for queue 1, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 2 Rate

Shaping rate for queue 2. Shaping rates are specified in Mbps.

1–10000 Mbps

Queue 2 Min

Bandwidth

Minimum bandwidth for queue 2, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 3 Rate Shaping rate for queue 3, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 3 Min

Bandwidth

Minimum bandwidth for queue 3, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 4 Rate Shaping rate for queue 4, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 4 Min

Bandwidth

Minimum bandwidth for queue 4, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 5 Rate Shaping rate for queue 5, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

Queue 5 Min

Bandwidth

Minimum bandwidth for queue 5, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 6 Rate Shaping rate for queue 6, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 6 Min

Bandwidth

Minimum bandwidth for queue 6, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 7 Rate Shaping rate for queue 7, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 7 Min

Bandwidth

Minimum bandwidth for queue 7, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Queue 8 Rate Shaping rate for queue 8, specified in Mbps. The allowed range is 1–

10000.

1–10000 Mbps

Queue 8 Min

Bandwidth

Minimum bandwidth for queue 8, specified in Mbps. The allowed range

is 1–10000.

1–10000 Mbps

Port Shaping Rate Aggregate shaping rate for the port, specifi ed in Mbps. The allowed

range is 1–10000. Alternately, select none to indicate that shaping should not be done.

none (or keyword "unshaped")

Enter Value: 1–10000 Mbps

or select a value from the list

Port Burst Size Aggregate burst size for port, specified in Kbits. The allowed range is 1

to 128000. Alternately, select auto to automatically calculate the burst size.

auto (or keyword "auto") Enter Value: 1–128000

Kbits or select a value from

the list

* Required field

To create a class of service

1. Access the profile page:

 From CMS:

 On the Navigation Tree, click CMS.  In the Work Area, click Profile > E3-48C/E5-48/E7 > CoS Profile.

 Locally on E-Series:

 On the Navigation Tree, click the unit.  In the Work Area, click Profiles > CoS > Ethernet > Create.

2. Reference the table above to configure the parameters.

3. Click Create.

4. Associate the class of service profile to an Ethernet port so traffic is sent at a particular

rate by controlling the queueing of packets.

5. See Configuring an Ethernet Port (on page 21).

For CLI:

create cos-queue-cfg <queue name> [queue-*-rate|queue-*-min-bw|portrate|port-burst-size]

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Creating VLAN Tag Actions on an Ethernet Interface

This topic describes how to create VLAN tag actions on an E-Series edge or access link interface. A tag-action allows you to add or change, or add and change VLAN tags on packets that are received on a specified GE or 10GE interface. You can use a set of matching criteria to select which packets to transform. Or, packets can be transformed unconditionally.

See the Calix E-Series Engineering and Planning Guide for an example of an E-Series Ethernet interface tag action and an interface QoS policy being applied to an Ethernet interface.

While tag actions are typically described as being applied to packets received (ingress traffic) on an Ethernet port interface, the reverse of the tag action is applied to packets transmitted (egress direction) from the interface. For example, if an Add-Tag action is applied to an interface, that same tag is stripped from packets leaving the interface.

The following VLAN tag actions can be assigned to an edge or access link interface within the networking domain:

 Add Tag - The "add-tag" action adds an outer tag either on all packets on an interface,

or only on packets that match a specified VLAN ID or P-bit.

 Add 2 Tags - The "add-2-tag" action adds an outer tag and an inner tag with the

specified VLAN IDs on packets of untagged traffic.

 Change Tag - The "change-tag" action changes the outermost tag to the specified

VLAN ID on packets that match a specified VLAN ID.

 Add and Change Tag - The "add-and-ch" action changes the tag and then adds an

outer tag on packets that either match a specified VLAN ID or are priority-tagged frames.

Note: Tag-actions can only be applied to edge or access link interfaces. To create tag actions for an ONT Ethernet or xDSL port subscriber service, you must use Service Tag Actions.

Configuration guidelines

 Tag actions can only be assigned to edge or access link interfaces within the networking

domain and are defined with respect to ingress traffic.

 When you create a tag-action, the interface automatically becomes a member of the

VLAN specified in the tag-action.

 When you create an add-tag action, the P-bit of the incoming tag is automatically copied

into the P-bit of the added tag.

 You can configure only one of the following attributes on a given VLAN on a given

interface:

 VLAN membership  Tag-action (add, add-2-tags, change, or add-and-change)  Native VLAN

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 To forward untagged traffic, an access interface must have an add-tag action, add-and-

change, or add-2-tags action applied to untagged frames, assigning the traffic to a VLAN.

 An edge or access link interface can be associated with a particular VLAN either through

a VLAN membership or through a tag-action, but not through both.

 Interfaces can be associated with additional VLANs through memberships or tag-actions.  An interface role cannot be modified when it is assigned a tag-action.  The E-Series can perform the following tag actions on a VLAN that has IGMP enabled:

 Add-tag action to untagged Ethernet frames  Change-tag action to change the VLAN ID at network administrative boundaries

 If no matching criterion is assigned to a tag action, then the tag action is performed on all

packets entering the specified interface, except for the packet traffic on VLANs that have an associated membership with the interface. When the match rule is set to ignore and pbit any that is the same as no matching criterion assigned. You can see this if you create a tag action and leave those fields blank. It will be set to ignore.

 For double-tagged packets, the outer VLAN ID must match a provisioned VLAN. The

inner tag does not have to match a provisioned VLAN ID.

 A priority tagged frame has a new tag added or changed-to with the specified tag value.

Upon egress, the frame still carries the original priority bits onto the newly added or change-to VLAN tag.

 If an Ethernet interface has both a VLAN tag action and a policy map applied, the tag

action function is applied to the interface before the policy map function.

Example add-tag-action configurations

Create an action to add a tag (VLAN 400) to all traffic on the associated interface.

Create an action to add a second tag (VLAN 400) to all VLAN 401 traffic on the associated interface.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Create an action to add a tag (VLAN 400) to all traffic based on the P-bit for the associated interface.

Create an action to add a tag (VLAN 400) to all traffic based on the P-bit and outer tag on the associated interface.

Example application configuration for tag-action versus VLAN membership:

For incoming traffic where the voice and video services are single-tagged and the per-portdata VLANs are double-tagged:

 VLAN-per-port for data traffic  Single voice service VLAN  Single video service VLAN

Configure the following:

1. Create a voice VLAN and a video VLAN and add the interface to each of the VLAN

memberships.

2. Create a no-match add-tag action to the interface for all remaining VLANs to add an

outer data service tag.

Before starting

Before starting the VLAN tag action process, check that the following conditions are met:

 The VLANs must already exist in order to create tag actions.  The interface that is the target for the tag action must have the edge or access role

assigned.

Parameters

You can provision the following parameters for VLAN tag actions to an Ethernet interface:

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

Matching Tag Specifies the match criteria. If you select Enter Value, then you must also

specify the VLAN ID value to match. VLANs can be specified by name, or by numeric VLAN ID.

(VLAN IDs 1002-1005 are reserved for E-Series operat i on. )

ignore, any, untagged, priority, Enter Value (then enter a

VLAN ID 2-4094)

Matching pbit P-bit value that specifies the VLAN priority value to match. pbit-0 to pbit-7, pbit -any,

or leave blank

Action Performed* Specifies whether to add, change, or add and change tags to incoming

packets.

add-tag add-2-tags ch-tag

add-and-ch

S-VLAN (Outer Tag)* New VLAN ID.

(VLAN IDs 1002-1005 are reserved for E-Series operation.)

2-4093

C-VLAN (Inner Tag) New VLAN ID.

(VLAN IDs 1002-1005 are reserved for E-Series operation.) Note: This parameter only applies if the Action Performed selection is "add-

2-tags" or add-and-change.

ignore, any, untagged, Enter Value (then enter a VLAN ID 2-4093)

* Required field

To add VLAN tag actions to an E-Series Ethernet interface

1. On the Navigation Tree, click Interfaces.

2. Double-click the specific interface where you want to add a tag action.

Note: The tag actions only apply to interfaces assigned as edge or access link.

3. Click the Tag Actions tab.

4. From the menu, click Create.

5. Reference the table above to configure the parameters.

6. Click Create.

For CLI:

 To add a tag to all packets on an interface:

create tag-action add-tag <vlan ID> interface <interface name>

 To add a tag only to the packets that match specific criteria on an interface, append one

of the following to the command above:

match-pbit <pbit value> match-tag <vlan ID> match-tag <vlan ID> match-pbit <pbit value>

Note: Using match-pbit criterion without using match-tag criterion will match only

802.1P packets (reserved VLAN 0).

 To add an outer tag and an inner tag to untagged traffic on an interface:

create tag-action add-2-tags outer <vlan id> inner <vlan id> interface <interface name> match-untagged

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 To change the outermost tag on packets that match a specific VLAN ID.

create tag-action change-tag <vlan ID> interface <interface name> match-tag <match vlan ID>

 To change the tag and add an outer tag on packets that match either a specific VLAN ID

or priority-tagged (P-bit) frames:

create tag-action add-and-change outer <vlan id> inner <vlan id> interface <interface name> match-tag <vlan id>

create tag-action add-and-change outer <vlan id> inner <vlan id> interface <interface name> match-prio-tag p-bit any

Creating Match Lists and Rules

The VDSL2 card performs the following two actions:

 Classification – the service match lists are for matching and classifying traffic into

services.

 Marking – the service tag actions are for marking the traffic with the appropriate VLAN

and Priority required by the service.

This topic describes how to create a match list and then add an ordered collection of matching rules to associate with a service tag action. The match list defines how the VDSL2 card classifies subscriber traffic to determine the service in which it belongs. A match list can contain both “tagged” and “untagged” match rules, up to 12 tagged rules and up to 16 untagged rules.

 Untagged match rules can match on the following:

 A portion of the source MAC address as indicated by the Source MAC and Source

MAC Mask attributes of a video Set-Top box

 The Ethernet type to distinguish video and High-Speed Internet (HSI) untagged

traffic

 All untagged traffic by using the system default match list "all-untagged".  PVC VPI and VCI port numbers.

 The E7-2 VDSL2 line cards, E5-48C, E5-48, and E3-48C products support up to

six Services per DSL port that may be configured to support Voice, Data, Video, TR-69 Management, Transparent LAN Services, or other VLAN assignments. Support for multiple services is used when migrating from an ATM based DSLAM to the E-Series solutions. If an E-series DSL product is placed in an existing network that uses multiple PVC assignments, individual PVCs may be mapped to specific VLANs that are applied to the port. For example, PVC assignments (e.g. 0/33, 8/33, 0/35) may be mapped to individual data services (“Data 1”, “Data 2”, “Data 3”) that are applied to the port. The E7-2, E5-48C, E5-48, and E3-48C support one VC assignment per service.

 TR-69 management channel (if present) is handled in-band over data VC.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 The DSL port MUST be set to PTM-Override=ATM in order for Multi-VC

support to work

 The System will not allow a tag action that specifies a PVC match list to be added

if PTM-Override=Auto

 If PTM-Override=Auto, only the provisioned Fallback PVC will work.

 Tagged match rules can match on any combination of the following:

 Outer tag  VLAN-ID  P-bit values  Tag Protocol Identifier (TPID) can also be specified at the E-Series egress Ethernet

port interface, but defaults to 0x8100

Configuration guidelines

 If a residential gateway (RG) at the subscriber's premises classifies traffic into VLANs,

then for each service type, create a match list with a tagged rule that matches the service VLAN.

 In E7 R2.1 and earlier, downstream priority-tagged traffic that does not meet any match

criteria will be passed through unmetered. In E7 R2.2 and above, this is also true for VDSL2 and GPON (if the PON CoS setting allows it).

Match list and rule parameters

You can provision the following parameters for match list and rules:

Parameter Description Valid Options

Name* Name of service mat ch list. text string S-VLAN (Outer Tag) VLAN ID of the outer tag (tagged match rules only). VLANs can be

specified by name or by numeric VLAN ID, which ranges from 1-4094. In addition, "untagged" indicates that only untagged traffic should be matched and "ignore" indicates that the VLAN ID should not be

examined.

text string, 1-4094, untagged, ignore ‡ Default = ignore

Outer Pbit P-bit value of the outer tag (tagged match rules only). P-bit values are in

the range 0-7. Alternately "pbit-none" means the P-bit value is not considered. If this parameter is not specified, "p-bit-none" is the default

behavior.

0-7, ignore Default = p-bit-none

Source MAC Source MAC address (untagged match rules only). six hexadecimal digits in

the range 0-FF, optionally separated by colons

Default = ignore

Source MAC Mask Source MAC mask (untagged match rules only).

 source MAC m ask (x:x:x:x:x:x)  none (no MAC mask)

 oui (mask OUI fiel ds (FF:FF:FF:FF:FF:FF)

six hexadecimal digits in the range 0-FF, optionally separated by colons, none ‡, oui

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter Description Valid Options

Ethertype Ethernet type to match (untagged match rules only).

 any = default  pppoe = 0x8864 (for HSI)  arp = 0x0806 (for video)  ipv4 = 0x0800 (for video)

 ipv6 = 0x86DD (for video)

any ‡, pppoe, arp, ipv4, ipv6

VPI Specify the VPI for the PVC (untagged match rules only) used by the

subscriber's modem (ADSL modems only).

0-255

0 ‡

VCI Specify the VCI for the PVC (untagged match rules only) used by the

subscriber's modem (ADSL modems only).

0-255

0 ‡

*Required field

To create a service match list

1. Access the profile page:

 From CMS:

 On the Navigation Tree, click CMS.  In the Work Area, click Profile > E5-48/E3-48C/E7/ONT > Service >

Tagging > Match Lists.

 Locally on the E-Series:

 On the Navigation Tree, click the E-Series unit.  In the Work Area, click Profiles > Service > Tagging > Match Lists >

Profiles.

2. In the menu, click Create.

3. In the Name box of the Create Match List dialog box, enter the name of the service

match list that you are creating.

4. Click Create.

For CLI:

 create svc-match-list <list name>  delete svc-match-list <list name>  show svc-match-list [list name]

To add a rule to a service match list

1. If you have not already done so, create a service match list. See "To create an Service

match list," above.

2. Access the profile page:

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 From CMS:

 On the Navigation Tree, click CMS.  In the Work Area, click Profile > E7/E5-48/E3-48C > Service > Tagging >

Match Lists.

 Locally on E7:

 On the Navigation Tree, click E7.  In the Work Area, click Profiles > Service > Tagging > Match Lists >

Profiles.

The table of the previously created match lists appears.

3. Double-click the row that shows the match list in which you want to add a rule.

4. In the menu, click Create and select the type of rule:

 Tagged Match Rule  Untagged Match Rule

5. If you chose to create a tagged match rule, do the following:

a. In the Outer Tag list, select one of the following:

 Enter value and then enter the VLAN ID of the outer tag that can be specified

by name or by numeric VLAN ID, which ranges from 1-4095.

 untagged indicates that only untagged traffic should be matched.  ignore indicates that the VLAN ID should not be examined.

b. In the Outer P-bit list, select one of the following:

 pbit value (range 0-7) that specifies the VLAN priority value to match.  pbit-none indicates the P-bit value is not considered. If this parameter is not

specified, "pbit-none" is the default behavior.

c. Click Create.

6. If you chose to create an untagged match rule, do the following:

a. In the Source MAC list, do one of the following:

 Enter the source MAC address (six hexadecimal digits in the range 0-FF,

optionally separated by colons).

 Leave the "ignore" to leave blank.

b. In the Source MAC list, do one of the following:

 Select Enter Source MAC Mask, and then enter the source MAC mask (six

hexadecimal digits in the range 0-FF, optionally separated by colons).

 Select oui to mask the OUI fields.  Select none to ignore.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

c. In the Ethertype list, select the type of Ethernet frames that you want to match. d. In the VPI and VCI boxes, enter values for the Virtual Path Identifier (VPI) and

Virtual Circuit Identifier (VCI). E-series DSL nodes offer support for up to six services per port in ADSL2+ fallback applications.

e. Click Create.

7. Associate the service match list with a service tag action to use on E-Series ingress traffic

packets.

For CLI:

 add tagged-rule to-svc-match-list  add untagged-rule to-svc-match-list  remove tagged-rule <r-index> from-svc-match-list  remove untagged-rule <r-index> from-svc-match-list

Creating Service Tag Actions

Applying service tag actions to service provisioning performs the following two actions:

 Classification – the service match lists are for matching and classifying traffic into

services.

 Marking – the service tag actions are for marking the traffic with the appropriate VLAN

and P-bit required by the service.

This topic describes how to create service-tag actions that can be used for many subscriber ports that require the same actions to be performed. All services configured on an xDSL port exist in a VLAN-tagged service flow, requiring an associated service-tag action.

Service-tag actions are applied to subscriber service provisioning as follows:

 Video and data services provisioning on an xDSL port includes a reference to a service-

tag action.

 Voice services provisioning on a Voice (POTS) port references an IP Host that sets the

output service VLAN and points to a system default service-tag action that specifies the traffic as untagged and assigns the appropriate priority value.

The E-Series can apply the following tag actions assigned to an xDSL port service.

Add a single tag Adds a single outer tag to the matched traffic

 Can be applied to tagged and untagged traffic.  Supported for DSCP/IP Precedence-to-P-bit

translation.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Add 2 tags Adds an inner and outer tag to the matched traffic*

 Can be applied to untagged traffic, only.  Supported for DSCP/IP Precedence-to-P-bit

translation.

Add and change tag Adds an outer tag to the matched traffic and

changes the inner tag

 Can be applied to tagged traffic, only.  NOT supported for DSCP/IP Precedence-to-P-bit

translation.

Change tag Changes the outer tag on the matched traffic

 Can be applied to tagged traffic, only.  NOT supported for DSCP/IP Precedence-to-P-bit

translation.

*To properly process ingress double tags, the GE network interface (uplink) must be configured as a Trunk role.

Determining the tag-action values

When a service is provisioned at an xDSL port, a match list and service-tag action specify the classifying and marking of packets from the subscriber port into the service VLAN.

You have the following options for determining the added- or changed-tag values:

 Specify the VLAN value explicitly.

This option is used for a VLAN-per-service provisioning model (N:1). A service carried on an N:1 VLAN applies to multiple subscriber ports, where a single match list and tag action can indicate the service.

 Reference the VLAN value from the service provisioning on the xDSL port

interface.

This option is used for a VLAN-per-port provisioning model (1:1). A service carried on a 1:1 VLAN is the same for each subscriber except the customer tag is unique for each single subscriber port, so you can define the match list and tag action pair such that multiple subscriber ports can reference it. This is accomplished by indicating "Specified in Service" for the output tag in the tag action, and then the subscriber-specific value for the output tag is defined when the service is provisioned on the port.

Note: The service provisioning process takes place after the creation of a service-tag action.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

You also have the following options for determining the service-tag action P-bit for services provisioned on xDSL ports:

 Specify the P-bit value explicitly.

Enter the P-bit value to use for P-bit marking the outer tag.

 Reference a Layer-3 Priority map.

Use a DSCP table or an IP Precedence table to map to a P-bit value. From the xDSL port associated interface, you can select to use the system-default profiles ("access") or specify another custom profile. See Layer 3 Priority to P-Bit Mapping (on page 96).

 Only one service per port can use DSCP-Bit mapping function.  Works with Add-Tag and Add-2-Tags tag actions.  Either DSCP or IP Precedence can be used for a service, not both.

Provisioning sequence:

a. Create a DSCP-to-P-Bit map (on page 98) or create an IP Precedence to P-Bit Mask (on

page 100), if you do not want to use the system-default.

b. Assign the map to the xDSL port associated interface (on page 182), or leave the system-

default map "access" assignment.

c. Create a service-tag action with an Outer P-Bit Source of Map a layer-3 Priority. d. Create a service using the defined service-tag action.

 Preserve the existing P-bit value upstream.

Indicate that the E-Series preserves the P-bit value set in service provider-supplied CPEs by specifying a P-bit value of "copy."

Note: The upstream traffic on a service VLAN must have the same priority value as is set for downstream traffic.

The table shows 802.1p to DiffServ DSCP system-default mapping table ("access").

Default

P-bits

IP Precedence DiffServ Code Point** Service

0 7 CS6, CS7 (48-56)

Network control

EF (46)

Voice, NSP, CES

5 5 CS5 (40)

Network Management

4 4 CS4 & AF41-43 (32-38)

Video

3 3 CS3 & AF31-33 (24-30)

Data3

2 2 CS2 & AF21-23 (16-22)

Data2

1 1 CS1 & AF11-13 (8-14)

Data1

0 0 Best Effort

**The E-Series supports alphanumeric DSCP values that denote forwarding classes such as AF21, AF31 in addition to

numeric value assignment.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

VLAN Traffic flow in xDSL ports

For xDSL ports, rather than adding a port interface to a VLAN membership to enable traffic flow, a service-tag action must be created that specifies the VLAN and traffic priority. This service-tag action is then referenced when the service is provisioned on the xDSL port. The VLAN must already be created on the E-Series for an xDSL port to pass traffic carried on a VLAN.

 To view the VLANs associated with specific xDSL port, on the Navigation Tree, click

the xDSL port of interest, and then click Associated Interface > VLANs.

 To view the xDSL services associated with a specific VLAN, on the Navigation Tree,

click VLANs, click the particular VLAN from the list that appears in the Work Area, and then click the Service Associations tab.

The xDSL ports support the same VLAN services as the E-Series Ethernet ports, including IEEE 802.1Q VLAN tagging and IEEE 802.1ad VLAN stacking (Q-in-Q). The following service models are supported.

 N:1/VLAN-per-service model: each service is assigned a dedicated VLAN where

multiple subscriber ports are assigned to the VLAN for a single service. This model is often referred to as N:1. An additional tag can be added to limit the size of a group for improved reliability. A service carried on an N:1 VLAN applies to multiple subscriber ports, allowing a single match list and tag action to be used to denote the service.

 Subscriber tag = 110  Match tag = 110  Change tag = 200 (service VLAN)

 1:1/VLAN-per-port model: the traffic frames from each subscriber port are assigned a

unique VLAN ID (tag). The tag is applied to a frame before the traffic is aggregated for transport. An additional tag can also be added to group subscriber ports in logical categories. A service carried on a 1:1 VLAN is the same for each subscriber, except the customer tag is unique per subscriber. You can define the match list and tag action pair such that multiple subscriber ports can reference it. This is accomplished by assigning an attribute for the Output Tag in the tag action that indicates the value of the output tag is subscriber specific (Specified in Service). The customer specific tag is included in the service definition when provisioning the service.

 Subscriber tag = 110  Match tag = 110  Change tag = 110  1:1 VLAN-per-Port, Single Tagged – Subscribers on an E-Series system are

provisioned with individual Customer Tags (C-Tags). Add tag, or change tag action.

 1:1 VLAN-per-Port, Double Tagged – Subscribers on an E-Series system are

provisioned with individual Customer Tags (C-Tags). The S-Tag can be added by the service tag action. Add 2-tags, or change-and-add tag action.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

The 1:1 model does not require any new or different traffic handling techniques to isolate and manage subscriber traffic. With the 1:1 service delivery model, each subscriber's traffic (except broadcast video) is sent down a dedicated single VLAN on a per subscriber basis. When ATM encapsulation is used for ADSL/ADSL2+ modes, the single ATM PVC maps to a single VLAN.

Configuration guidelines:

 The P-bit value specified in the service tag action must be consistent with the DiffServ

Code or IP Precedence as defined in the default profiles, or custom profiles referenced at the xDSL interface.

 If the specified P-Bit source is "copy," the P-bit value cannot be specified because the P-

bit value of the incoming traffic is honored.

 Each service tag action references a service-match list (classify) and specifies a tag action

(mark and tag).

 Each service tag action is associated with a specific service.  Multiple services and service tag actions can be applied to a single xDSL port. However,

if multiple services on the same xDSL port use the same outer VLAN ID, the priority must be specified for each service in the associated service tag action using the P-bit Source = Specify P-Bit. Using the P-Bit Source = Map a layer-3 priority is not supported for this scenario.

 The same service tag action can be used on multiple xDSL ports.  Each E-Series shelf, or E7 Modular Chassis system has a capacity of 256 service tag

actions. For configurations that require large numbers of VLANs, Calix recommends selecting the Specified in Service value for the "Outer Tag" parameter, and then specifying the VLAN ID when provisioning the service.

 For traffic to flow on the VLAN specified in a service tag action, the VLAN and uplink

must already be created on the E-Series.

 For an xDSL port to pass traffic carried on a VLAN, a service tag action must be created

specifying the VLAN and the VLAN must already be created on the E-Series.

 For installations using multiple PVC assignments, individual PVCs may be mapped to

specific VLANs that are applied to the port. For example, installations that have multiple PVC assignments (e.g. 0/33, 8/33, 0/35) may be mapped to individual data services (e.g. “Data 1”, “Data 2”, “Data 3”) that would then be applied to the port.

 If no matching criteria are assigned to a tag action, then the tag action is performed on all

packets entering the xDSL port. For example, when a match list has a single untagged rule with the outer tag set to "ignore" and the Outer P-bit set to "Pbit-none."

 Traffic must have a priority assigned in order to be scheduled on the xDSL port.  The "change-tag" action changes the VLAN ID in the outermost tag.  For double-tagged packets, the outer VLAN ID must match a provisioned VLAN. The

inner tag does not have to match a provisioned VLAN ID.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Within the xDSL subsystem, MAC learning and switching occurs within a single, outer

VLAN ID, referred to as the VLAN C-tag. Packets on the xDSL port always have a Ctag, which consists of a provisioned VLAN ID and priority for classifying subscriber traffic and adding/modifying the C-tag.

 The E-Series reserves four VLAN values for system operation. The default values for

these VLANs are 1002, 1003, 1004 and 1005. You can change these values to another set of four consecutive VLANs, if required.

 Although the "Native VLAN" (VLAN 1) does not apply for traffic arriving at the xDSL

port, the default VLAN 1 is off limits for user provisioning.

 IGMP snooping is provisioned on a VLAN basis.  IGMP snooping is only enabled on the outer VLAN ID as only single-tag multicast

VLANs are supported.

 The following tag actions are supported for VLANs with IGMP enabled:

 Add-tag (ony supported for untagged traffic)  Change-tag

 Services provisioned with DSCP or IP Precedence translation to P-bit values only

support:

 add-tag  add-2-tags  One service per port can use the DSCP or IP Precedence to P-bit mapping function  Either DSCP or IP Precedence can be used for a service, not both

 Once a tag is used as a single-tagged VLAN, it cannot also be used in double-tagged

VLANs. For example, if VLAN 300 is single tagged:

 It cannot be used as the inner tag of a double-tagged VLAN because the double-

tagged VLAN would require VLAN 300 to push an outer tag.

 It cannot be used as the outer tag in a double-tagged VLAN because then it would

get popped in the downstream direction.

 In double-tagged VLANs, if the inner tag is applied to multiple xDSL subscriber ports, it

is an N:1 VLAN.

 For single-tagged VLANs, if the outer tag is applied to multiple xDSL subscriber ports, it

is an N:1 VLAN.

 If a given VLAN, single- or double-tagged is applied to a single xDSL subscriber port, it

is 1:1 VLAN.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Example service-tag action configurations for data services

VLAN-per-service

Applies the specified service-tag action to the matched traffic.

Matches all untagged traffic on the xDSL port.

 Adds VLAN ID 300  Marks with P-bit 0

The upstream traffic on a service VLAN must have the same P-bit value as is set for downstream traffic.

VLAN-per-subscriber

Applies the specified service-tag action to the matched traffic.

Double tags all untagged traffic arriving on the xDSL port.

 Outer tag is explicitly set to 300  Inner tagged is defined when adding the service

to a port  Upstream traffic is marked with P-bit 0 The upstream traffic on a service VLAN must have

the same P-bit value as is set for downstream traffic.

Before starting

Before starting the service tag action creation process, check that the following conditions are met:

 All VLANs that are to be specified in the service tag action have already been created.  The match list that is to be specified in the tag action has already been created.  The DSCP or IP Precedence values are defined, if using a map other than the system

default.

Parameters

You can provision the following parameters for service tag actions:

Parameter

Description

Valid Options

Name*

Descriptive name of service tag action.

text string

Action* Specifies the tag action to occur. Add Tag, Add 2 Tags,

Change Tag, Add and

Change Tag

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Parameter

Description

Valid Options

Match Criteria List Name and ID of the service match list to use for this tag action. Any established service

match list

Outer Tag VLAN ID for the new outer tag. The specified VLAN must already be

provisioned in the system. Alternately, "use-svc" indicates that the VLAN ID will be specified when you provision a service on the VDSL port.

Specified in Service, Enter Value (1-4093)

Inner Tag Name of VLAN for the new inner tag. Alternately, "use-svc" indic at es that

the VLAN ID will be specified when you provision a service on the VDSL port. Note: This parameter only applies if the selected action is "Add 2

Tags" or "Add and Change Tag."

Specified in Service, Not Used, Enter Value (1-4093)

P-Bit Source Specifies where to derive the P-bit value for the outer tag, selecting one

of the following:  Specify P-bit - Sets an explicit P-bit value in the tags.

Note: The upstream traffic on a service VLAN must have the same priority as is set for downstream traffic.

 Map a layer-3 priority - Maps to either a DSCP map or IP Precedence

values. Note: The DSCP map or IP Precedence map is specified in the

xDSL port interface.

Specify P-bit ‡, Map a layer3 priority, From CoS (GPON only)

P-Bit The P-bit value to use for P-bit marking the outer tag when the P-bit

Source is set to "Specify P-bit." Note: When the value of "copy" is selected, the E-Series honors the P-bit

value of the incoming traffic and passes the existing P-bit value

upstream.

0-7, copy 0 ‡

For E7 (Viewable in CMS only.) Indicates that the global CMS profile is for use

with the E7.

Y, N

For AE ONT (Viewable in CMS only. ) Indicates that the global CMS profile is for use

with AE ONTs.

Y, N

Local S-VLAN (Outer Tag)

(Viewable in CMS only.) If enabled, this field allows the global CMS profile to be downloaded/synchronized successfully even if the S-VLAN ID (Outer Tag) value is provisioned differently on the local E7 node (via a local E7 profile with the same name). This allows a service provider’s OSS to provision a service without managing S-VLANS per E7; a single global profile can be used across all E7s even if the S-VLANs differ from network to network.

Y: During profile sync, CMS will not check the S-VLAN (Outer Tag) in the local E7 profile.

N: During profile sync, CMS will check the S-VLAN (Outer Tag) in the local E7 profile, and successful synchronization will only result if the S-

VLAN (Outer Tag) values are the same.

Y, N (Default)

*Required fields

‡ Default

To create a service tag action

1. If you have not already done so, create a match list. See Creating Match Lists and Rules (on

page 78).

2. On the Navigation Tree, double-click the unit.

3. Click Profiles > Service > Tagging > Tag Actions > Profiles.

4. In the menu, click Create.

5. In the Create Service Tag Action dialog box, do the following:

6. In the Name box, enter a descriptive name for the tag action.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

7. In the Action list, select the action to perform if the match criteria is met.

8. In the Match Criteria List, select the service match list to associate match criteria with the

service tag action.

9. In the Outer Tag list, select whether to use the tag value specified in the Ethernet service

provisioning or to enter a tag value for use in the tag action.

10. In the Inner Tag list, select whether to use the Inner Tag, to use the tag value specified in

the Ethernet service provisioning, or to enter a tag value for use in the tag action.

Note: The Inner Tag parameter only applies if the selected action is "Add 2 Tags" or

"Add and Change Tag."

11. In the P-Bit Source list, select where to derive the P-bit value for marking the outer tag

for services provisioned on xDSL ports.

 Specify P-Bit requires that you enter the P-bit value for marking the outer tag, or

select "copy" to pass the existing P-bit value upstream.

 Map a layer-3 priority references the system default DSCP and IP Precedence

values, unless you specify another existing custom map from the xDSL interface parameter.

Note: The upstream traffic on a service VLAN must have the same priority as is set for

downstream traffic.

12. Click Create.

13. Associate the tag action to an xDSL port when provisioning a service.

For CLI:

create svc-tag-action <name> type <add-2-tags|add-and-change> outer <VLAN-ID> inner <VLAN-ID> svc-match-list <l-name> use-p-bit|derivep-bit

create svc-tag-action <name> type <add-tag|change-tag> outer <VLAN_ID|use-svc-vlan> svc-match-list <l-name> use-p-bit|derive-pbit

show svc-tag-action [name] delete svc-tag-action <name>

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Creating a Class Map and Rules

Policy maps are lists of QoS-related actions to perform on packets that match certain criteria. The matching criteria are specified by an associated classification map that lists rules to identify packets, such as VoIP traffic.

This topic describes how to create a class map and class rules that specify certain selection criteria, such as P-bit or VLAN values, to classify traffic from the network that is arriving at the E-Series. If packets match the criteria listed in the class map, an associated policy map states the Quality of Service (QoS) actions to perform on those identified packets. The class map can specify whether packets must match any or all rules in order to be selected.

Class map rule for untagged traffic destined for the Native VLAN

The E-Series Ethernet port Trunk and Edge interfaces are always associated with at least one VLAN, through the native VLAN attribute (VLAN 1 by default). The native VLAN ID is specified on the interface and is used for untagged user traffic on that interface.

Note: Interfaces with the Access role do not support a native VLAN. To forward untagged traffic on E-Series Ethernet ports with an Access interface, an add-tag action must be applied to untagged frames, assigning the traffic to a designated VLAN.

To create a class rule for matching untagged traffic, do the following:

1. Specify the native VLAN ID when defining the Ethernet Interface attributes.

2. Set the following parameters when creating a class rule:

 Match pbit = pbit-any

 Match Outer = native VLAN ID

 Match Inner = Any

For example, if you specify the native VLAN ID as 4 for the Ethernet interface, the class

rule for matching untagged traffic would appear as follows:

3. Apply the class rule to a class map, and then in turn, associate the class map to a policy

map that is associated to the Ethernet interface where you specified the Native VLAN

ID.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

Configuration guidelines

 If the "Match Type" is set to "all," a traffic packet matches the class map criteria if it

matches all of the rules in the map. In this case, you can add multiple rules to a class map

as long as the rules do not conflict. In practice, this limits you to adding one match-tag

rule, one match-2-tags rule, and one match-p-bit rule or match dscp rule.

 If the "Match Type" is set to "any," you can add up to the limit of 100 class rules.

Class map and class rule parameters

You can provision the following parameters for class maps and class rules:

Parameter Description Valid Options

Name* Name of classification m ap. Any existing class map

Map Type

Match type.

any, all ‡

Index* Index of rule in map. This is a numeric index value that uniquely identifies

this object within the system. Index values start with 1.

1-100

Match pbit P-bit value (range 0-7) that specifies the VLAN priority value to match.

Alternately, if "pbit-any" is used or the parameter is not specified, the P-

bit value is not considered.

pbit-0 to pbit-7, pbit-any ‡

Match Outer Ou te r VLAN ID to match . VL ANs can be specified by name or by numeric

VLAN ID (range 1-4093). Selecting "Any" or "Ignore" indicates a match

for both tagged and untagged traffic.

Ignore ‡ Enter Value

Match Inner Inner VLA N ID to match. VLANs can be specified by name or by numeric

VLAN ID (range 1-4093).

Ignore ‡, any, untagged,

Enter Value

Match DSCP DSCP value to match. Not used ‡, Enter Value:

DSCP value 0-63, or: be cs0, cs1, af11, af12, af13, cs2, af21, af22, af23, cs3, af31, af32, af33, cs4, af41, af42, af43, cs5, ef,

cs6, cs7.

*Required field

‡ Default

To create a class map

1. On the Navigation Tree, click E-Series.

2. Click Policies > Class Map.

3. In the menu, click Create.

4. In the Create Class Map dialog box, do the following:

a. In the Name box, enter a descriptive name of the classification map that you are

creating.

b. In the Map Type list, select whether the packets must match any or all of the criteria

listed in the class map.

5. Click Create.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

For CLI:

 create class-map <c-map name>  create class-map <c-map name> match-type all  create class-map <c-map name> match-type any

To create a class rule

1. If you have not already done so, create a class map. See "To create a class map," above.

2. On the Navigation Tree, click the unit.

3. Click Policies > Class Map.

The table of the previously created class maps appears.

4. Double-click the name of the class map in which you want to add a class rule.

5. Click Create.

6. Reference the table above to configure the parameters.

7. Click Create.

8. Associate the class map with a policy map that is associated to an E-Series port interface

to use on ingress traffic packets. See Creating a Policy Map and Policies (on page 93).

For CLI:

 add class-rule <rule index> to-map <c-map name> match-all  add class-rule <rule index> to-map <c-map name> match-pbit <P-bit

value>

 add class-rule <rule index> to-map <c-map name> match-tag <outer vlan

ID> [match-pbit]

 add class-rule <rule index> to-map <c-map name> match-2-tags outer

<outer vlan ID> inner <inner vlan ID> [match-pbit]

 add class-rule <rule index> to-map <c-map name> match-dscp <dscp

value>

 add class-rule <rule index> to-map <c-map name> match-tag <outer vlan

ID> [match-dscp]

Creating a Policy Map and Policies

This topic describes how to create a policy map and policies that specify what Quality of Service (QoS) actions to perform on ingress traffic packets when the packets match selection criteria. The selection criteria are listed in a class map that is associated with the policy map. In turn, the policy map is associated with an E-Series Ethernet port interface.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

See Creating a Policy Map for L3 Priority Mapping (on page 102) for instructions on using a class map to match the layer-3 priority value of incoming frames of ingress traffic on Trunk and Edge Ethernet (GE/10GE) ports, and then using a policy map to assign a corresponding Pbit (priority) value into the classified traffic.

See the Calix E-Series Engineering and Planning Guide for an example of an E-Series Ethernet interface tag action and an interface QoS policy being applied to an Ethernet interface.

The QoS actions that can be taken when packets match the selection criteria are as follows:

 Out P-bit - marks the traffic by specifying a P-bit value to properly prioritize the traffic.

Upon egress, the frame is still priority tagged with the original P-bit value. The upstream

traffic on a service VLAN must have the same P-bit value as is set for downstream

traffic. The P-bit value defined in the policy map must be consistent with the class of

service type, as defined in the Ethernet port Class of Service (CoS) table.

 Rate Limit - ensures ingress traffic does not exceed a specified bit rate.  Maximum Burst Size - ensures that the bursting nature of the traffic is reduced to the

specified value. Set the maximum burst size to a value greater than default when using

jumbo frames (for example 9000 kbyte) at higher rates. Typically, set the burst to the

amount of traffic sent in twice the round trip time. Also consider whether the traffic is

shaped before reaching the E-Series; the edge device that shapes traffic greatly reduces

the buffer requirements in the infrastructure device. Also see Creating Ethernet Port Class of

Service (on page 71) for information on maximum rate and burst size on a per-port basis.

Configuration Considerations

 The E-Series ports have a single-rate traffic shaping function, differing from the MEF

scheme and terms. For example, in MEF terms, Committed Burst Size (CBS) is a

component of a two-rate traffic shaping system. Where you have:

 CIR (Committed Information Rate)

 CBS (Committed Burst Size) for the CIR buffer

 EIR (Excess Information Rate)

 EBS (Excess Burst Size) for the EIR buffer

However, with the E-Series single-rate configuration settings, you have:

 Maximum Rate

 Burst Size

 Consider the provisioned Maximum Rate to be the equivalent of the provisioned

Committed Information Rate (CIR) rate in a two-rate system when the Excess

Information Rate (EIR) value = zero. That is, CIR + (EIR = 0) = PIR = Max.

 The policies are processed in a specified sequence (lowest sequence number first), so

when a match occurs, no more policies are processed for that packet. This process is

important when you have overlapping match criteria. For example: If you create multiple

policy rules that specify an Out P-bit, only the policy rule with the lowest sequence

number ID is carried out.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

 Ethernet port interfaces have the following aspects:

 For Trunk interfaces, any policy map assignment is allowed.

 For Edge and Access interfaces, if a policy map contains a two-tag classification, the

edge or access link must have a tag-action that adds the outer tag being matched by the class rule.

Before starting

Ensure the class map that you want to associate to the policy map is already created and includes class rules.

Policy map and policy parameters

Parameter Description Valid Options

Name*

Name of policy map.

text string

Seq Num* Numeric value that specifies t he sequence for processi ng the polic i es in

the policy map. The lowest sequence number is processed first. If you create multiple policy rules that specify an Out P-it, only the policy rule

with the lowest sequence number ID is carried out.

1-1500

Class Map*

Name of class map to associate to the policy action.

Any existing class map

Out pbit P-bit value that specifies the VLAN priority value. The default sett i ng of

pbit-none does not alter the existing pbit. The upstream traffic on a service VLAN must have the same P-bit value as is set for downstream traffic. The P-bit value must also be consistent with the class of service

type as defined in the Ethernet port CoS table.

pbit-0 to pbit-7, pbit-none ‡ Default = pbit-none

Rate Limit Whether to set an maximum allowable ingress rate limit. this is the

allowable processing rate in Mb/s at which packets entering an E-Series Ethernet port interface are forwarded. If you select "Set a Rate Limit"

you must also enter a limit value.

none ‡ Set a Rate Limit (64kb/s to 10000mb/s )

Max Burst Size Maximum allowable burst size i n kilobytes or use "m" suffix for

megabytes. You must set a non-zero value for the operation to complete. Typically, set the burst to the amount of traffic sent in twice

the round trip time.

none ‡, Set a Burst Size (416000 kilobytes)

*Required fields

‡ Default

To create a policy map

1. On the Navigation Tree, click the unit.

2. Click Policies > Policy Map.

3. In the menu, click Create.

4. In the Create Policy Map dialog box, enter a descriptive name for the policy map that you

are creating.

5. Click Create.

For CLI:

create policy-map <p-map name>

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

To create a policy

1. If you have not already done so, create a policy map. See "To create a policy map,"

above.

2. On the Navigation Tree, click E-Series.

3. Click Policies > Policy Map.

The table of the previously created policy maps appears.

4. Double-click the name of the policy map in which you want to add a policy.

5. In the menu, click Create.

6. Reference the table above to configure the parameters.

7. Click Create.

8. Associate the policy map with an E-Series Ethernet port interface to use on ingress

traffic packets. See Configuring an Ethernet or LAG Interface (on page 33).

For CLI:

add policy <policy index> to-map <p-map name> class-map <c-map name> [setpbit|rate-limit|max-burst-size]

Mapping Layer 3 Priority Values to P-Bits

The E-Series supports mapping Differentiated Services Code Point (DSCP) or IP Precedence priority bit values, used for packet classification on DiffServ networks (defined in RFC 2474 and RFC 2475), to IEEE 802.1p priority-bit values to classify traffic priority.

 Traffic coming from the subscriber to xDSL Access ports can reference the use of

layer 3 priority values from the service tag action associated with the service, and then

from the xDSL port associated interface, indicate whether to use the system-default

profile named "access" or a custom profile to map DSCP or IP precedence values to P-

bit values.

 Guidelines:

 Only one service per port can use DSCP-Bit mapping function.  Works with Add-Tag and Add-2-Tags tag actions.  Either DSCP or IP Precedence can be used for a service, not both.

 Use the following provisioning sequence:

a. Create DSCP to P-Bit map or Create IP Precedence to P-Bit Mask.

Creating and Modifying a DSCP Map for Ingress Traffic (on page 98) Creating and Modifying an IP Precedence Map (on page 100)

b. Assign DSCP to P-Bit map to xDSL port associated interface.

Configuring an xDSL Port Associated Interface (on page 182)

c. Create tag action with an Outer P-Bit source of “Map a layer-3 Priority.”

Creating Service-Tag Actions (on page 82)

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

d. Create service using the defined tag action.

Creating Data Services (on page 183) Creating IP Video Services (on page 196)

Note: The upstream traffic on a service VLAN must have the same priority value as is

set for the downstream traffic.

 Traffic coming from the network going downstream to Ethernet Trunk and Edge

ports can use class map, class rules, and policy maps to match the ingress Layer-3 value

of incoming frames and assign a corresponding P-bit (priority) value.

Some service providers' networks include core routers or aggregation switches that are

not setup to use P-bits for traffic management downstream. Instead DSCP is used for

this purpose. In these cases all traffic received by the access node has a P-Bit value of 0,

and the access node needs to set the P-bit at the network interface, or traffic internal to

the access node will be discarded at random (service unaware).

See Creating a Policy Map for L3 Priority Mapping (on page 102).

DSCP traffic classes

The DSCP traffic classes are described in RFC 2474, RFC 2597, RFC 3246, the P-Bit construct in IEEE 802.1p. The table below shows the mapping between Traffic Classes and P-bits:

IP DSCP

Name

IP DSCP Abbreviation IEEE 802.1p

CSx Class Selector (where x is 0 through 7) as defined in RFC 2474 Mapped to P0 through P7 respectively. For

example: CS0 mapped to P0.

Best Effort (also default)

AFxy "x" refers to Traffic Class, and "y" refers to Drop Precedence (RFC

2597).

Where x is 1,2,3,4 (higher is better), and y is 1, 2, 3 (lower is better)

AF1y

Assured Forwarding

AF2y

Assured Forwarding

AF3y

Assured Forwarding

AF4y

Assured Forwarding

Expedited Forwarding (RFC 3246)

The following table shows the various traffic types and the acronyms used for them:

User Priority

Acronym

Traffic Type

1 BK Background

2 - Spare

0 (Default)

Best Effort 3 EE

Excellent Effort 4 CL

Controlled Load 5 VI

Video, < 100 ms delay 5 VO

Voice, <10 ms delay

7 NC Network Control

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

For more information, see the document Calix Engineering & Planning Guide: L2 Ethernet Access Networks, available on the Calix Resource Center.

Creating and Modifying a DSCP Map for Ingress Traffic

This topic shows you how to create and modify an DSCP Map profile that is applied to xDSL port interfaces to enable and/or specify a mapping of the incoming frame DSCP values to IEEE 802.1p priority bits.

To designate the DSCP profile values as the ingress traffic access list, do the following:

1. In the service tag action that is going to be applied to the data or video service, select

Map a Layer-3 priority from the P-Bit Source list.

2. On the xDSL port associated interface where you are going to be provisioning the

data or video service, select the name of the DSCP profile to use from the DSCP/IP Precedence Profile list.

Note: The upstream traffic on a service VLAN must have the same priority value as is set for downstream traffic.

Note: If IP traffic on an Access Interface has a DSCP setting other than the values included in the assigned DSCP map, the E-Series system interprets this condition as a mismatch and uses a "Default" P-bit value from the assigned DSCP Map profile. For example, if you were using the system-default DSCP Map "Access" and the incoming frames had a DSCP value of 001 001, that value is not included in the assigned DSCP map, so the E-Series would use the default P-bit value of 0. However, you can create a DSCP Map with a Default P-bit value of your choice, and then assign the DSCP Map to xDSL port interfaces.

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

The system-default DSCP profile "Access," has values as follows:

DSCP

Value

Meaning Decimal Drop

Probability

802.1p

Priority-Bit

000 000 001 000 001 010 001 100 001 110 010 000 010 010 010 100 010 110 011 000 011 010 011 100 011 110 100 000 100 010 100 100 100 110 101 000 101 110 110 000 111 000

BE-CS0

CS1 AF11 AF12 AF13

CS2 AF21 AF22 AF23

CS3 AF31 AF32 AF33

CS4 AF41 AF42 AF43

CS5

EF CS6 CS7

Default

8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 46 48 56

n/a

Low

Medium

High

Low

Medium

High

Low

Medium

High

Low

Medium

High

0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 0 0 0

Best Effort (BE) Assured Forwarding (AF) gives assurance of delivery under prescribed conditions Expedited Forwarding (EF) dedicated to low-loss, low-latency traffic

Default = P-bit assigned for a DSCP value that is not included in the DSCP Map

Note: Calix recommends NOT assigning P-bit value 7 to any DSCP value.

To create a DSCP map

1. In the Navigation Tree, click the unit.

2. In the Work Area, click Profiles > DSCP > Create.

3. In the Create DSCP Map dialog, do the following:

a. In the Name box, enter a name that describes the use of this custom profile. b. In each of the designated DSCP value lists, select the correlating P-bit value,

following site requirements and company policies and procedures to assign 802.1p priority bit values to the values listed alongside each list box.

4. Click Create.

100

Proprietary Information: Not for use or disclosure except by written agreement with Calix.

For CLI:

create dscp-map <name> [default|cs0|af11|af12|af13|af21|af22|af23|cs3|af31|af41|ef|cs6|cs7]

To modify a DSCP map

1. In the Navigation Tree, click the unit.

2. In the Work Area, click Profiles > DSCP.

3. Double-click the name of the DSCP map that you want to modify.

4. In each of the designated DSCP value lists, select the correlating P-bit value, following

site requirements and company policies and procedures to assign 802.1p priority bit values to the values listed alongside each list box.

5. Click Apply to save the changes to the map.

For CLI:

set dscp-map <name> [default|cs0|af11|af12|af13|af21|af22|af23|cs3|af31|af41|ef|cs6|cs7]

show dscp-map show dscp-map <name>

Creating and Modifying an IP Precedence Map

This topic shows you how to create and modify an IP precedence map that is applied to xDSL port interfaces to enable and/or specify a mapping of the IP precedence values to IEEE 802.1p priority bits.

To designate the IP precedence profile values as the egress traffic access list, do the following:

1. In the service tag action that is going to be applied to the data or video service, select

Map a Layer-3 priority from the P-Bit Source list.

2. On the xDSL port associated interface where you are going to be provisioning the

data or video service, select the name of the IP precedence profile to use from the DSCP/IP Precedence Profile list.

Calix E7-2, E5-48, E3-48C Application Manual

Specifications and Main Features

Frequently Asked Questions

User Manual