FSP 150CC-GE

Product Training
Course 4 - Management

FSP 150CC-GE110 R8.1.1

January 2017 V1.0

Management
Connection Options
• Local Mgmt LAN direct connect – DCN (eth0)
• Remote via Access or Network in-band management tunnel:
• MAC based Tunnels
• VLAN based with Ethernet encapsulation
• VLAN based with PPP encapsulation
• RIP V2 to reduce need of static route provisioning.
• Management Traffic Bridging
• Allows multiple management connections to be bridged in the same
subnet. Supported for:
• All management tunnels (support of VLAN Based mode)
• Local management port

2 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
DCN (eth0)

• Default System IP is 192.168.0.2

• DHCP Role:
• DHCP Client
• Supported on Mgmt Tunnels and Local Mgmt Port
• DHCP Server – the system will serve ALL host addresses that are
implied by the IP Address/subnet mask range.
• Supported only on Local Management port

3 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
DCN (eth0)
• DHCP Client ID option GUI screen

• With DHCP client enabled, the system allows the user to configure the use
of Client ID in the DHCP messages. Default is Disabled.

• Client ID is independently configurable for each IP interface

• Local management port
• IP management tunnel

• The default Client ID value is the System Name.

4 © 2014 ADVA Optical Networking. All rights reserved. Confidential.
DHCP Client ID

• The system allows the serial number as an option for the DHCP
Client ID. The supported values are:
• MAC address
• System Name
• Serial Number
• User Defined String

5 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Default Gateway Specification

• System supports the ability to specify the default gateway at the

same time when manually configuring the system IP address.
This applies to mgmt tunnels as well.

• Configuration of the System Default Gateway creates a static

route entry that is also manageable by accessing the route table

6 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Default Gateway Specification

• DCN configuration is shown on the initial login screen.

ADVA--> configure communication

ADVA:comms--> configure eth0 ip-address 192.168.131.55 255.255.254.0 192.168.130.100

7 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
DCN (eth0)

• If a DHCP server is available on the DCN network, confirm if the system

has been assigned an IP Address

• If a DHCP server is not available on the network

• Disable DHCP
• Provision communications

8 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

MAC based management tunnel

• R8.1.1

9 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
VLAN MGMT tunnel with Ethernet Encapsulation

• Separate IP address assigned to

the interface
• IP address can be assigned
by user or DHCP

• LAN traffic must use VLANs

unique from mgmt VLAN or have
TVID pushed.

• Single management tunnel per

traffic interface

10 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
VLAN MGMT tunnel with Ethernet Encapsulation

• GE112/GE114 ONLY:
• Vlan Based: C-Tag, (C-Tag and S-Tag), or S-Tag only.

11 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
VLAN MGMT tunnel with PPP Encapsulation
• Recommended for subtending from device that
supports PPP
• Back-to-back or Ethernet extension

• PPP implementation is subset of full

implementation
• Runs Link Control Protocol (LCP)
• Detects and alarms loss of management
connectivity (LCP Failure alarm)

• System IP address is aliased on the tunnel

• LAN traffic must use VLANs unique from mgmt

VLAN or have TVID pushed

• Advantages:
• Single IP address per EDD
• Quick notification of loss of mgmt connectivity
• VLAN ID provides separation of customer and
management traffic

• Disadvantages:
• Potential issue reaching devices in the same subnet
• User or DHCP assigned IP address is not supported

12 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
Tunnel Bandwidth
• Bandwidth of the management tunnel can be adjusted.
• Default values are:
• CIR of 256 kbps (minimum is 64kbps)
• EIR of 768 kbps
• Buffer Size: 32 KB (range 32KB – 15,000KB)
• COS (p-bit): 7

• The maximum bandwidth that can be associated with all management

tunnels that exist at one time is 8 Mbps (4Mbps on GE110)

13 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
Terminology
• Gateway Network Element (GNE)
• The “local” node
• Typical management connection is out-of-band via the Mgmt LAN
port
• Default Router/Gateway set

• Subtending Network Element (SNE)

• The “remote” node
• Reached in-band via a mgmt tunnel
• Typically local Mgmt LAN port is administratively disabled
• Results in subnet associated with the Mgmt LAN port being
withdrawn from the routing table.

SNE
MGMT WAN
LAN

GNE

14 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Proxy ARP

• Typically all devices on the same subnet are physically connected to each
other.

• PROXY ARP allows a subnet to be extended beyond the same physical LAN.

• Proxying for ARP requests is only done on the MGMT LAN port.

10.10.1.1/24 10.10.1.2/24 10.10.1.3/24

SNE

10.10.1.5/24
WAN
GNE
MGMT
LAN
10.10.1.4/24

15 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Default Router or Gateway

• A system level attribute.

• Used when the GNE or SNE needs to respond to a frame that comes
from an IP address outside of the defined subnet(s) it has direct
knowledge of.

172.34.10.2/24
SNE
10.10.1.2/24 10.10.1.3/24

10.10.1.5/24
Gateway: 10.10.1.254
WAN
172.34.10.254/24
10.10.1.254/24 GNE
MGMT
LAN
10.10.1.4/24
Gateway: 10.10.1.254

16 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
The Routing Table

• The routing table is used to determine which interface to send a

frame out.

• Traversed from most specific to least specific looking for best fit.

Search
Destination Subnet Mask Gateway/Interface Metric
Order
0.0.0.0 0.0.0.0 10.10.1.254 1 3
10.10.1.5 255.255.255.255 E1000-N-1 1 1
10.10.1.0 255.255.255.0 eth0 1 2

17 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Management
The Routing Table

ADVA--> show ip-routes

|Interface |Mask |Gateway |Destination |Metric |Advetise|Type
|----------------|---------------|---------------|---------------|--------|--------|--------|
|eth0 |0.0.0.0 |172.17.11.1 |0.0.0.0 |1 |disabled|static
|eth0 |255.255.255.0 |0.0.0.0 |172.17.11.0 |0 |enabed |dynamic

18 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Adding Static Routes

ADVA--> config communication

ADVA:comms--> add ip-route interface 0.0.0.0 0.0.0.0 eth0 2 disable
ADVA:comms--> add ip-route nexthop 172.16.1.1 255.255.255.0 10.10.32.1 eth0 2 disabled

19 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Deleting Static Routes

ADVA--> config communication

ADVA:comms--> delete ip-route 0.0.0.0 0.0.0.0 0.0.0.0 eth0
ADVA:comms--> delete ip-route 172.16.1.0 255.255.255.0 10.10.32.1 eth0

20 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Bridged Management LAN

• Allows multiple management connections to be bridged in the same

subnet
• Eliminates the need for complicated routing and subnet management
techniques

Customer Premise Access Metro Core

10.10.1.9
10.10.1.8
10.10.1.7

10.10.1.5

10.10.1.10
Remote Management Network
tunnels on same Manager
subnet

21 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Management Traffic Bridging

• The Bridged Management LAN supports MAC learning and flooding

of unlearned MAC addresses
• Management tunnels (Management Traffic Bridging enabled) do
not support provisionable attributes for:
• IP Address, Subnet Mask, DHCP, RIP
• Provisioned IP address on DCN eth0 is considered as a System IP

22 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Management Traffic Bridging

• Management Traffic Bridging is enabled on system level

ADVA--> configure system

ADVA:system--> mgmt-traffic-bridge enabled

23 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Management
Management Traffic Bridging

• Management Tunnel with Bridged Management LAN enabled

creation GUI screen

ADVA--> configure communication

ADVA:comms--> add mgmttnl-bridge 1 networkTunnel ethernet vlan 4095 network-1-1-1-1

24 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Configurable DSCP value on Mgmt. tunnel traffic

• Due to Comcast requirement to set the DSCP value of MGMT

packets
• This is a system general setting

25 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Bridged Management LAN
Security
• In certain applications it may be desirable to enable the local management LAN port in order to control
another FSP 150CC device located at the same physical location. In order to protect the operator’s
management network from hacking attempts, the GE20x products introduce a security handshake on the
management DCN port. This handshake ensures that, when enabled, the management LAN port of a GE20x
device will only communicate with the management LAN port of another GE20x device. Attempts to connect
the management LAN port to another type of equipment will disable the LAN port. This security feature
utilizes a proprietary, port-based, time-dependent shared key authentication mechanism to establish
connection to another GE20X device

26 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 DHCP Options 7,12,42,60,61

DHCP Options Description

Option 7 – Log Server The log server option specifies a list of Syslog servers. Servers SHOULD be
listed in order of preference.
Option 12 – Host Name This option specifies the name of the client.
• Either the NE hostname or
• User defined string.
Option 42 – NTP Server This option specifies a list of IP addresses indicating NTP servers available to the
client. Servers SHOULD be listed in order of preference
Option 60 – Class ID This option is a non-user definable string and is used to optionally identify the
type and configuration of a DHCP client.
Option 61 – Client ID This option is a user configurable value used as a unique identifier
• MAC address, system name or user definable string

• DHCP options:
• Available for Eth0 and Access/Network Management tunnels
• DHCP options are currently supported on IPV4

• Note: When any of the above options are changed, the DHCP process will
be restarted

27 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 DHCP Options 7,12,42,60,61

Option 61

Option 60

Option 7
Option 12
Option 42

DHCP Client DHCP Server DHCP Client DHCP Server

1 5 0 1 5 0

CC DHCP Response CC DHCP DISCOVER

DHCP Options 7,42 – If these options DHCP Options 12,60,61 – If

are “enabled”, the DHCP client will configured, these options are
accept them from the DHCP server. transmitted by the DHCP client to the
DHCP server
If these options are “disabled” and
the DHCP server sends this
information to the DHCP client, the
client will ignore these options.

28 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 DHCP Option 7 – Log Server

• If DHCP Log server control is enabled AND

Log Server Method is set to DHCP AND Log
Server information is included in the DHCP
response, then:
• 1st IP address will be used as Log Server 1
• 2nd IP address will be used as Log Server 2
• 3rd IP address will be used as Log Server 3
• Additional IP addresses, if specified, will be
ignored

• User can define the Syslog servers by setting

the Log Server Method to User Defined and
manually adding the Syslog servers.

29 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 DHCP Option 12 – Host Name

• DHCP Host name (Option 12):

• Used to specify the name of the client
• Can use the system name or a user defined name

• If you change the name of the system from the main menu, and dhcp host
name type is set to “system name” and host name control is “enabled”, this
will cause the DHCP client to restart.

30 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 DHCP Option 42 – NTP server

• DHCP NTP server control:

• Enabled
• “System Time of Day” will be set to “NTP
• NTP will be enabled and set to type unicast
• 1st IP address will be used as the Primary Server
• 2nd IP address will be used as the Backup Server
• Additional IP addresses, if specified, will be ignored

31 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

DHCP Option 60 – Class ID

DHCP Option Description

Option 60 – Class ID This option is a non-user definable string and is used to optionally
identify the type and configuration of a DHCP client.
• The format is “FSP150CC-GE112” for the GE112
• The format is “FSP150CC-GE114” for the GE114
• The format is “FSP150CC-GE114H” for the GE114H
• The format is “FSP150CC-GE114PH” for the GE114PH
• The format is “FSP150CC-GE114S” for the GE114S
• The format is “FSP150CC-GE114SH” for the GE114SH

** NOTE: The Class ID for the vendor string can be “ADVA”, “FNC”, or “JDSU”
depending on OEM

32 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

DHCP Option 61 – Client ID

• If DHCP Client ID Control is enabled:

• Client ID can be set to the system name

• Client ID can be set to the Mac address

• Client ID can be set to a user defined name

33 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 IPv6 Management

• Support IPv6 in the management plane

• Support IPv6 addresses on the local management interface (eth0) and
in-band management tunnels
• IPv6 address allocation
• Each management interface supports two IPv6 addresses
• Link local address
• Automatically generated at system start up
• Global Unicast IPv6 address
• User configured
• Stateless address auto-configuration
• Assigned by DHCPv6

• IPv6 routing
• Supports static route entries
• Supports static neighbor entries
• Supports static proxy ND entries
• Supports dynamic routing
• RIPng (RIP next generation)

34 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 IPv6 Management

• Support IPv4/IPv6 dual stack

• Supports simultaneous IPv4 and IPv6 protocol on the local
management interface (eth0) and in-band management tunnels
• Allows tunneling between IPv4 and IPv6

IPv4
IPv4/IPv6
Dual Stack
IPv4

IPv6

IPv6

35 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 IPv6 Management

• Support IPv6 over IPv4 tunneling

• Only one tunnel can be created per system
• Can be on DCN port or on management tunnel
• Tunnels can be:
• Manually configured
• Automatically created
• IPv4 compatible tunnel
• auto 6to4 tunnel
• ISATAP

IPv4/IPv6 Dual
Stack IPv4/IPv6 Dual
Stack

IPv4

IPv6
IPv6 over IPv4 Tunnel

36 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF/YANG

37 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 What’s NETCONF?

• Network management protocol

• Tool to install, manipulate and delete configuration of NEs
• Uses XML data encoding (configuration data and protocol messages)
• Protocol messages transported in a secure way
• Robust way of managing multiple devices
• Standardized by IETF: https://tools.ietf.org/html/rfc4741

38 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF general process

1. Establish a connection between a PC with NETCONF browser and

FSP 150GE11xPro device
2. Configure the equipment:
• Lock the database (to avoid any interferences)
• Provision the equipment. Allowed options:
• Configure port type
• Configure port admin state
• Create a flow
• Edit a flow
• Delete a flow
• Software upgrade
• Unlock database (otherwsie no other changes could be done via any
other MGMT interface)

39 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF protocol layers

40 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 The Secure Transport layer

• Secure and reliable transport of messages between a client and a

server.
• A secure transport must provide:
• authentication
• data integrity
• confidentiality
• replay protection.
• The mandatory to implement secure transport is NETCONF over
SSH (RFC 6242).
• Up to 3 simultaneous NETCONF sessions are supported.

41 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

Message Layer

Include:
• RPC invocations (<rpc> messages) - supported
• RPC results (<rpc-reply> messages) - supported
• event notifications (<notification> messages) – not supported in 8.1
• The <rpc-error> element is sent in <rpc-reply> messages if an
error occurs during the processing of an <rpc> request.
• All NETCONF messages shall be well-formed XML, encoded in UTF-
8. If a peer receives an <rpc> message that is not well-formed
XML or not encoded in UTF-8, it shall reply with a "malformed-
message" error. If a reply cannot be sent for any reason, the
server shall terminate the session.

42 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF operations layer

Operation Description
<get> Retrieve running configuration and device state information
<get-config> Retrieve all or part of a specified configuration datastore
<edit-config> Edit a configuration datastore by creating, deleting, merging or replacing content
<copy-config> Copy an entire configuration datastore to another configuration datastore
<delete-config> Delete a configuration datastore
<lock> Lock an entire configuration datastore of a device
<unlock> Release a configuration datastore lock previously obtained with the <lock> operation
<close-session> Request graceful termination of a NETCONF session
<kill-session> Force the termination of a NETCONF session

43 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Content layer: YANG

• „Yet Another Next Generation”

• Data modeling language
• Data represented in XML format
• NETCONF information model is based on standard YANG schema
• On top of the standard YANG schema ADVA also defined:
• fsp150cm-common
• fsp150cm-entity
• fsp150cm-facility
• fsp150cm-ip
• fsp150cm-system

44 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF/YANG architecture

45 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 NETCONF/YANG architecture

46 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Advantages of Netconf

• Support for robust configuration change

• Transactions models involving a number of devices supported
• More user friendly than SNMP since it is based on XML
• Highly flexible, enable programmatic machine interface
• Easier to implement new service

47 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 GE110Pro Netconf support

• Supports Netconf v1.0 and some v1.1

• 8.1.1 does not include support for the “candidate config”
capability.
• For private YANG model definition, only EVC/flow based YANG
model is supported. It includes:
• Port attribute YANG model including CPD/PCP/EFM OAM/loopbacks
• EVC/flow based YANG model
• CFM/SAT/Y.1731 etc is not supported in first release.

48 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 Get-Config XML example

Get-config „circuit name” reply

Get-config „circuit name” request

49 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 MGMT ACL increase from 10 to 25

• Prior to 8.1.1

• 8.1.1

50 © 2014 ADVA Optical Networking. All rights reserved. Confidential.

 End of Management

IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content,
material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.

The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations
of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or
damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by
or in connection with using and/or relying on the information contained in this presentation.

Copyright © for the entire content of this presentation: ADVA Optical Networking.