NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 02 System Management
Uploaded by
ludsonmendesNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 02 System Management
Uploaded by
ludsonmendesHUAWEI NetEngine 8100 M14/M8, NetEngine
8000 M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
V800R022C00SPC600
Configuration Guide
Issue 01
Date 2022-10-31
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2022. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://www.huawei.com
Email: [email protected]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. i
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
Contents
1 Configuration............................................................................................................................1
1.1 System Management............................................................................................................................................................. 1
1.1.1 VS Configuration.................................................................................................................................................................. 1
1.1.1.1 Overview of VSs................................................................................................................................................................ 1
1.1.1.2 Understanding VSs........................................................................................................................................................... 1
1.1.1.3 Functions Supported by VSs......................................................................................................................................... 3
1.1.1.4 Licensing Requirements for VSs.................................................................................................................................. 9
1.1.1.5 Default Settings for a VS............................................................................................................................................... 9
1.1.1.6 Creating and Starting a VS......................................................................................................................................... 10
1.1.1.6.1 Understanding VS Creation and Startup............................................................................................................ 10
1.1.1.6.2 Creating and Starting a VS...................................................................................................................................... 11
1.1.1.6.3 (Optional) Loading MAC Addresses Allocated to VSs................................................................................... 11
1.1.1.6.4 Configuring Physical Resources for a VS............................................................................................................ 12
1.1.1.6.5 (Optional) Configuring Logical Resources for a VS........................................................................................ 13
1.1.1.6.6 Verifying the Configuration.....................................................................................................................................14
1.1.1.7 Logging In to and Managing a VS........................................................................................................................... 14
1.1.1.7.1 (Optional) Disabling the Command Prompt of a Service VS from Containing the Admin-VS Host
Name................................................................................................................................................................................................ 14
1.1.1.7.2 Switching to a VS and Configuring a Management User for the VS....................................................... 15
1.1.1.7.3 (Optional) Enabling Login Authentication After Switching from the Admin-VS to a Service VS
............................................................................................................................................................................................................ 15
1.1.1.7.4 Verifying the Configuration.....................................................................................................................................16
1.1.1.8 Example for Configuring VSs..................................................................................................................................... 16
1.1.1.9 Maintaining a VS............................................................................................................................................................ 18
1.1.1.9.1 Saving VS Configurations.........................................................................................................................................18
1.1.1.9.2 Restarting a VS............................................................................................................................................................ 18
1.1.1.9.3 Shutting Down a VS.................................................................................................................................................. 19
1.1.1.9.4 Deleting a VS............................................................................................................................................................... 20
1.1.2 LAD Configuration............................................................................................................................................................ 20
1.1.2.1 LAD Description.............................................................................................................................................................. 20
1.1.2.1.1 Overview of LAD......................................................................................................................................................... 20
1.1.2.1.2 Understanding LAD....................................................................................................................................................21
1.1.2.1.3 Application Scenarios for LAD................................................................................................................................26
1.1.2.1.4 Terminology for LAD................................................................................................................................................. 29
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. ii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.2.2 LAD Configuration......................................................................................................................................................... 30
1.1.2.2.1 Overview of LAD......................................................................................................................................................... 30
1.1.2.2.2 Configuration Precautions for LAD.......................................................................................................................31
1.1.2.2.3 Configuring LAD..........................................................................................................................................................31
1.1.2.2.4 Maintaining LAD......................................................................................................................................................... 33
1.1.2.2.5 Configuration Examples for LAD........................................................................................................................... 33
1.1.3 LLDP Configuration........................................................................................................................................................... 36
1.1.3.1 LLDP Description............................................................................................................................................................ 36
1.1.3.1.1 Overview of LLDP....................................................................................................................................................... 36
1.1.3.1.2 Understanding LLDP.................................................................................................................................................. 37
1.1.3.1.3 Application Scenarios for LLDP.............................................................................................................................. 44
1.1.3.1.4 Terminology for LLDP................................................................................................................................................47
1.1.3.2 LLDP Configuration....................................................................................................................................................... 48
1.1.3.2.1 Overview of LLDP....................................................................................................................................................... 48
1.1.3.2.2 Configuration Precautions for LLDP..................................................................................................................... 50
1.1.3.2.3 Configuring Basic LLDP Functions........................................................................................................................ 50
1.1.3.2.4 Configuring the LLDP Alarm Function................................................................................................................ 59
1.1.3.2.5 Maintaining LLDP....................................................................................................................................................... 61
1.1.3.2.6 Configuration Examples for LLDP......................................................................................................................... 61
1.1.4 NTP Configuration............................................................................................................................................................ 67
1.1.4.1 Overview of NTP............................................................................................................................................................ 67
1.1.4.2 Understanding NTP....................................................................................................................................................... 67
1.1.4.2.1 NTP Fundamentals..................................................................................................................................................... 67
1.1.4.2.2 Network Structure of NTP....................................................................................................................................... 68
1.1.4.2.3 Operating Modes of NTP......................................................................................................................................... 69
1.1.4.2.4 NTP Clock Source Selection.................................................................................................................................... 75
1.1.4.2.5 NTP Packet Format.................................................................................................................................................... 75
1.1.4.3 Configuration Precautions for NTP.......................................................................................................................... 78
1.1.4.4 Default Settings for NTP............................................................................................................................................. 78
1.1.4.5 Configuring Basic NTP Functions............................................................................................................................. 79
1.1.4.5.1 Configuring the NTP Master Clock and Listening Interfaces...................................................................... 79
1.1.4.5.2 Configuring Time Parameters for Synchronizing the Client Clock............................................................ 80
1.1.4.5.3 (Optional) Configuring the NTP Client/Server Mode.................................................................................... 81
1.1.4.5.4 (Optional) Configuring the NTP Peer Mode..................................................................................................... 81
1.1.4.5.5 (Optional) Configuring the NTP Broadcast Mode.......................................................................................... 82
1.1.4.5.6 (Optional) Configuring the NTP Multicast Mode........................................................................................... 83
1.1.4.5.7 (Optional) Configuring the NTP Manycast Mode...........................................................................................84
1.1.4.5.8 Enabling the NTP Server Function........................................................................................................................ 85
1.1.4.5.9 Verifying the Configuration.....................................................................................................................................85
1.1.4.5.10 Example for Configuring the NTP Peer Mode................................................................................................86
1.1.4.5.11 Example for Configuring the NTP Multicast Mode...................................................................................... 88
1.1.4.5.12 Example for Configuring the NTP Manycast Mode..................................................................................... 90
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.4.6 Configuring NTP Access Control............................................................................................................................... 93
1.1.4.6.1 Fundamentals of NTP Access Control................................................................................................................. 93
1.1.4.6.2 Enabling NTP Authentication................................................................................................................................. 94
1.1.4.6.3 Configuring NTP Access Authority........................................................................................................................95
1.1.4.6.4 Configuring KOD on the Server............................................................................................................................. 97
1.1.4.6.5 Disabling an Interface from Receiving NTP Packets...................................................................................... 98
1.1.4.6.6 Verifying the Configuration.....................................................................................................................................98
1.1.4.6.7 Example for Configuring the NTP Client/Server Mode with Authentication......................................... 98
1.1.4.6.8 Example for Configuring the NTP Broadcast Mode with Authentication.............................................103
1.1.4.6.9 Example for Configuring KOD Authentication in Client/Server Mode.................................................. 105
1.1.4.7 Maintaining NTP.......................................................................................................................................................... 110
1.1.4.8 Troubleshooting NTP.................................................................................................................................................. 111
1.1.4.8.1 NTP Server Fails to Respond to External Access Requests.........................................................................111
1.1.4.8.2 NTP Authentication Does Not Take Effect...................................................................................................... 112
1.1.5 OPS Configuration.......................................................................................................................................................... 112
1.1.5.1 Overview of OPS.......................................................................................................................................................... 112
1.1.5.2 Understanding OPS.....................................................................................................................................................113
1.1.5.2.1 OPS Architecture...................................................................................................................................................... 113
1.1.5.2.2 Maintenance Assistant........................................................................................................................................... 115
1.1.5.3 Configuration Precautions for OPS........................................................................................................................120
1.1.5.4 Configuring a Command Assistant........................................................................................................................ 121
1.1.5.4.1 Manually Running a Python Script.................................................................................................................... 122
1.1.5.4.2 Configuring a Command Assistant Based on Commands......................................................................... 122
1.1.5.4.3 Configuring a Command Assistant Based on Batch Files.......................................................................... 124
1.1.5.4.4 Verifying the Configuration.................................................................................................................................. 126
1.1.5.4.5 Example for Configuring a Command Assistant for Automatic Health Check...................................126
1.1.5.5 Configuring a Script Assistant................................................................................................................................. 128
1.1.5.5.1 Configuring Basic Functions of a Script Assistant.........................................................................................128
1.1.5.5.2 Compiling OPS API-based Scripts....................................................................................................................... 129
1.1.5.5.3 Verifying the Configuration.................................................................................................................................. 132
1.1.5.5.4 Example for Configuring a Script Assistant for Automatic Health Check............................................ 132
1.1.5.5.5 Appendix: OPS APIs................................................................................................................................................. 134
1.1.5.6 Maintaining OPS.......................................................................................................................................................... 139
1.1.5.6.1 Stopping an OPS Task............................................................................................................................................ 139
1.1.5.6.2 Stopping a Maintenance Assistant.....................................................................................................................140
1.1.5.6.3 Disabling the Maintenance Assistant Function............................................................................................. 140
1.1.5.6.4 Disabling the MTP Function for Maintenance Assistants.......................................................................... 141
1.1.5.6.5 Uninstalling a Script or Batch File...................................................................................................................... 141
1.1.6 System Time Configuration......................................................................................................................................... 142
1.1.6.1 Overview of System Time......................................................................................................................................... 142
1.1.6.2 Configuration Precautions for System Time Management...........................................................................143
1.1.6.3 Configuring the System Time.................................................................................................................................. 143
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. iv
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.7 Physical Layer Clock Synchronization Configuration.......................................................................................... 145
1.1.7.1 Physical-Layer Clock Synchronization Description........................................................................................... 145
1.1.7.1.1 Overview of Clock Synchronization................................................................................................................... 145
1.1.7.1.2 Understanding Clock Synchronization.............................................................................................................. 146
1.1.7.1.3 Terms and Abbreviations for Clock Synchronization................................................................................... 155
1.1.7.2 Physical-Layer Clock Synchronization Configuration...................................................................................... 155
1.1.7.2.1 Overview of Clock Synchronization................................................................................................................... 155
1.1.7.2.2 Configuration Precautions for Physical Layer Clock Synchronization.................................................... 157
1.1.7.2.3 Configuring the Automatic Clock Source Selection Mode......................................................................... 159
1.1.7.2.4 Configuring the Manual or Forcible Clock Source Selection Mode........................................................ 166
1.1.7.2.5 Maintaining Clock Synchronization................................................................................................................... 170
1.1.7.2.6 Configuration Examples for Clock Synchronization..................................................................................... 170
1.1.8 1588v2 Configuration.................................................................................................................................................... 179
1.1.8.1 1588v2, G.8275.1 and SMPTE-2059-2 Feature Description.......................................................................... 179
1.1.8.1.1 Overview of 1588v2, G.8275.1 and SMPTE-2059-2..................................................................................... 179
1.1.8.1.2 Understanding 1588v2, G.8275.1 and SMPTE-2059-2................................................................................ 183
1.1.8.1.3 Application Scenarios for 1588v2, G.8275.1 and SMPTE-2059-2............................................................ 201
1.1.8.1.4 Terms and Abbreviations for 1588v2, G.8275.1, and SMPTE-2059-2.....................................................205
1.1.8.2 1588v2 Configuration.................................................................................................................................................207
1.1.8.2.1 Overview of 1588v2................................................................................................................................................ 207
1.1.8.2.2 Configuration Precautions for 1588v2.............................................................................................................. 209
1.1.8.2.3 (Optional) Configuring the Default State of a PTP Port............................................................................ 213
1.1.8.2.4 Configuring Dynamic 1588v2 Functions.......................................................................................................... 214
1.1.8.2.5 Configuring Static 1588v2 Functions................................................................................................................ 236
1.1.8.2.6 Configuring UTC Time Correction...................................................................................................................... 256
1.1.8.2.7 Configuring the Reference Interface for Deviation Measurement.......................................................... 257
1.1.8.2.8 (Optional) Configuring Lightweight Time Synchronization .....................................................................259
1.1.8.2.9 Maintaining 1588v2................................................................................................................................................ 259
1.1.8.2.10 Configuration Examples for 1588v2................................................................................................................ 261
1.1.8.3 G.8275.1 Configuration..............................................................................................................................................275
1.1.8.3.1 Overview of G.8275.1............................................................................................................................................. 275
1.1.8.3.2 Configuration Precautions for G.8275.1........................................................................................................... 275
1.1.8.3.3 Configuring G.8275.1.............................................................................................................................................. 275
1.1.8.3.4 Configuration Examples for G.8275.1............................................................................................................... 282
1.1.8.4 SMPTE-2059-2 Configuration..................................................................................................................................287
1.1.8.4.1 Overview of SMPTE-2059-2................................................................................................................................. 288
1.1.8.4.2 Configuration Precautions for SMPTE-2059-2............................................................................................... 288
1.1.8.4.3 Configuring SMPTE-2059-2.................................................................................................................................. 288
1.1.9 CU-106 Configuration................................................................................................................................................... 305
1.1.9.1 CU-106 Configuration................................................................................................................................................ 305
1.1.9.1.1 Overview..................................................................................................................................................................... 306
1.1.9.1.2 Configuration Precautions for CU-106..............................................................................................................306
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. v
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.9.1.3 Configuring CU-106.................................................................................................................................................306
1.1.10 1588 ACR Configuration.............................................................................................................................................313
1.1.10.1 1588 ACR Clock Synchronization Description................................................................................................. 313
1.1.10.1.1 Overview of 1588 ACR......................................................................................................................................... 314
1.1.10.1.2 Understanding 1588 ACR.................................................................................................................................... 314
1.1.10.1.3 Application Scenarios for 1588 ACR................................................................................................................ 317
1.1.10.1.4 Terms and Abbreviations for 1588 ACR......................................................................................................... 318
1.1.10.2 1588 ACR Configuration......................................................................................................................................... 319
1.1.10.2.1 Overview of 1588 ACR......................................................................................................................................... 319
1.1.10.2.2 Configuration Precautions for 1588 ACR.......................................................................................................320
1.1.10.2.3 Configuring 1588 ACR in Single-Server Mode............................................................................................. 321
1.1.10.2.4 Configuration Examples for 1588 ACR........................................................................................................... 327
1.1.11 1588 ATR Configuration............................................................................................................................................. 333
1.1.11.1 1588 ATR Description.............................................................................................................................................. 333
1.1.11.1.1 Overview of 1588 ATR......................................................................................................................................... 334
1.1.11.1.2 Understanding 1588 ATR.................................................................................................................................... 335
1.1.11.1.3 Applications of 1588 ATR....................................................................................................................................337
1.1.11.1.4 Terms and Abbreviations for 1588 ATR......................................................................................................... 341
1.1.11.2 1588 ATR Configuration......................................................................................................................................... 342
1.1.11.2.1 Overview of 1588 ATR......................................................................................................................................... 342
1.1.11.2.2 Configuration Precautions for 1588 ATR....................................................................................................... 343
1.1.11.2.3 Configuring 1588 ATR Time Synchronization.............................................................................................. 343
1.1.11.2.4 Maintaining 1588 ATR......................................................................................................................................... 350
1.1.11.2.5 Configuration Examples for 1588 ATR........................................................................................................... 351
1.1.12 Atom GPS Timing Configuration............................................................................................................................. 362
1.1.12.1 Atom GPS Timing Description.............................................................................................................................. 362
1.1.12.1.1 Overview of Atom GPS........................................................................................................................................ 362
1.1.12.1.2 Understanding Atom GPS................................................................................................................................... 363
1.1.12.1.3 Application Scenarios for Atom GPS............................................................................................................... 364
1.1.12.1.4 Terms and Abbreviations for Atom GPS........................................................................................................ 365
1.1.12.2 Atom GPS Timing Configuration......................................................................................................................... 366
1.1.12.2.1 Overview of Atom GPS........................................................................................................................................ 367
1.1.12.2.2 Configuration Precautions for ATOM GPS Timing..................................................................................... 368
1.1.12.2.3 Configuring the SyncE Function....................................................................................................................... 368
1.1.12.2.4 Configuring the Time Synchronization Function........................................................................................ 371
1.1.12.2.5 Maintaining Atom GPS........................................................................................................................................ 376
1.1.12.2.6 Configuration Examples for Atom GPS.......................................................................................................... 378
1.1.13 Atom GPS 3.0 Timing Configuration......................................................................................................................381
1.1.13.1 Atom GPS 3.0 Timing Description....................................................................................................................... 381
1.1.13.1.1 Overview of Atom GPS 3.0................................................................................................................................. 381
1.1.13.1.2 Understanding Atom GPS 3.0............................................................................................................................382
1.1.13.1.3 Applications of Atom GPS 3.0........................................................................................................................... 384
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. vi
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.13.1.4 Terminology for Atom GPS 3.0......................................................................................................................... 385
1.1.13.2 Atom GPS 3.0 Timing Configuration.................................................................................................................. 386
1.1.13.2.1 Overview of Atom GPS 3.0 Timing.................................................................................................................. 386
1.1.13.2.2 Configuration Precautions for Atom GPS 3.0 Timing................................................................................388
1.1.13.2.3 Configuring the SyncE Function....................................................................................................................... 388
1.1.13.2.4 Configuring the Time Synchronization Function........................................................................................ 390
1.1.13.2.5 Maintaining Atom GPS 3.0 Timing.................................................................................................................. 395
1.1.13.2.6 Configuration Examples for Atom GPS 3.0................................................................................................... 396
1.1.14 Atom GNSS Timing Configuration..........................................................................................................................399
1.1.14.1 Atom GNSS Timing Description........................................................................................................................... 399
1.1.14.1.1 Overview of Atom GNSS..................................................................................................................................... 399
1.1.14.1.2 Understanding Atom GNSS................................................................................................................................ 400
1.1.14.1.3 Application Scenarios for Atom GNSS............................................................................................................ 401
1.1.14.1.4 Terms and Abbreviations for Atom GNSS..................................................................................................... 402
1.1.14.2 Atom GNSS Timing Configuration...................................................................................................................... 403
1.1.14.2.1 Overview of Atom GNSS..................................................................................................................................... 404
1.1.14.2.2 Configuration Precautions for Atom GNSS Timing....................................................................................405
1.1.14.2.3 Configuring the SyncE Function....................................................................................................................... 405
1.1.14.2.4 Configuring the Time Synchronization Function........................................................................................ 407
1.1.14.2.5 Maintaining Atom GNSS..................................................................................................................................... 413
1.1.14.2.6 Configuration Examples for Atom GNSS....................................................................................................... 414
1.1.15 SNMP Configuration.................................................................................................................................................... 418
1.1.15.1 Overview of SNMP................................................................................................................................................... 418
1.1.15.2 Understanding SNMP.............................................................................................................................................. 421
1.1.15.2.1 SNMP Fundamentals............................................................................................................................................ 421
1.1.15.2.2 SNMP Management Model................................................................................................................................422
1.1.15.2.3 MIB..............................................................................................................................................................................423
1.1.15.2.4 SMI.............................................................................................................................................................................. 424
1.1.15.2.5 Trap............................................................................................................................................................................. 425
1.1.15.2.6 Support for Standard and Extended Error Codes....................................................................................... 425
1.1.15.2.7 SNMP Support for IPv6........................................................................................................................................ 426
1.1.15.2.8 Comparison of Security in Different SNMP Versions................................................................................ 427
1.1.15.2.9 ACL Support............................................................................................................................................................. 427
1.1.15.2.10 SNMP Proxy........................................................................................................................................................... 427
1.1.15.3 Configuration Precautions for SNMP................................................................................................................. 431
1.1.15.4 Configuring a Device to Communicate with an NMS Using SNMPv1....................................................434
1.1.15.4.1 Understanding SNMPv1...................................................................................................................................... 435
1.1.15.4.2 Configuring Basic SNMPv1 Functions.............................................................................................................438
1.1.15.4.3 (Optional) Controlling the NMS's Access to the Device.......................................................................... 443
1.1.15.4.4 (Optional) Configuring the Trap Function.................................................................................................... 444
1.1.15.4.5 (Optional) Configuring SNMPv1 Anti-Attack.............................................................................................. 445
1.1.15.4.6 Verifying the Configuration................................................................................................................................ 446
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. vii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.15.5 Configuring a Device to Communicate with an NMS Using SNMPv2c..................................................446
1.1.15.5.1 Understanding SNMPv2c.................................................................................................................................... 446
1.1.15.5.2 Configuring Basic SNMPv2c Functions...........................................................................................................447
1.1.15.5.3 (Optional) Controlling the NMS's Access to the Device.......................................................................... 453
1.1.15.5.4 (Optional) Configuring the Trap Function.................................................................................................... 454
1.1.15.5.5 (Optional) Configuring the Inform Function............................................................................................... 455
1.1.15.5.6 (Optional) Configuring SNMPv2c Anti-Attack............................................................................................ 457
1.1.15.5.7 Verifying the Configuration................................................................................................................................ 457
1.1.15.5.8 Example for Configuring a Device to Communicate with NMSs Using SNMPv2c..........................458
1.1.15.6 Configuring a Device to Communicate with an NMS Using SNMPv3 USM User.............................. 461
1.1.15.6.1 Understanding SNMPv3...................................................................................................................................... 461
1.1.15.6.2 Configuring Basic SNMPv3 Functions.............................................................................................................463
1.1.15.6.3 (Optional) Controlling the NMS's Access to the Device.......................................................................... 468
1.1.15.6.4 (Optional) Configuring the Trap Function.................................................................................................... 470
1.1.15.6.5 (Optional) Configuring the Inform Function............................................................................................... 471
1.1.15.6.6 (Optional) Configuring SNMPv3 Anti-Attack.............................................................................................. 472
1.1.15.6.7 Verifying the Configuration................................................................................................................................ 473
1.1.15.6.8 Example for Configuring a Device to Use SNMPv3 USM Users to Communicate with an NMS
......................................................................................................................................................................................................... 474
1.1.15.7 Configuring a Local SNMPv3 User on a Device to Communicate with an NMS................................ 477
1.1.15.7.1 Understanding How a Local SNMPv3 User on a Device Communicates with an NMS................477
1.1.15.7.2 Configuring Basic SNMPv3 Functions.............................................................................................................478
1.1.15.7.3 (Optional) Configuring SNMP Attack Defense........................................................................................... 482
1.1.15.7.4 Verifying the Configuration................................................................................................................................ 483
1.1.15.7.5 Example for Configuring a Local SNMPv3 User on a Device to Communicate with an NMS....483
1.1.15.8 Configuring SNMP Proxy Using User-Defined Parameter Settings..........................................................486
1.1.15.8.1 Configuring SNMP Proxy Using User-Defined Parameter Settings...................................................... 487
1.1.15.8.2 Configuring the Middle-Point Device............................................................................................................. 487
1.1.15.8.3 Configuring the Managed Device.................................................................................................................... 492
1.1.15.8.4 Verifying the Configuration................................................................................................................................ 493
1.1.15.8.5 Example for Configuring a Device to Communicate with an NMS Using an SNMP Proxy......... 493
1.1.16 NETCONF Configuration............................................................................................................................................ 496
1.1.16.1 NETCONF Overview................................................................................................................................................. 496
1.1.16.2 Understanding NETCONF....................................................................................................................................... 498
1.1.16.2.1 NETCONF Network Architecture...................................................................................................................... 498
1.1.16.2.2 NETCONF Protocol Architecture....................................................................................................................... 500
1.1.16.2.3 NETCONF Message Formats.............................................................................................................................. 504
1.1.16.2.4 NETCONF Subtree Filtering................................................................................................................................ 510
1.1.16.3 NETCONF Operation Capabilities........................................................................................................................ 514
1.1.16.3.1 Basic NETCONF Operations............................................................................................................................... 514
1.1.16.3.2 NETCONF Standard Capability Set.................................................................................................................. 528
1.1.16.3.3 NETCONF Extended Capability Set.................................................................................................................. 548
1.1.16.4 Configuration Precautions for NETCONF..........................................................................................................558
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. viii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.16.5 Installing ncclient...................................................................................................................................................... 561
1.1.16.6 Establishing a NETCONF Session......................................................................................................................... 561
1.1.16.6.1 Configuring an SSH User.................................................................................................................................... 561
1.1.16.6.2 Enabling NETCONF............................................................................................................................................... 566
1.1.16.6.3 (Optional) Enabling Proactive NETCONF Registration.............................................................................568
1.1.16.6.4 (Optional) Configuring NETCONF YANG Model Switching.................................................................... 568
1.1.16.6.5 Logging In to the Server Using the NMS...................................................................................................... 569
1.1.16.6.6 Configuring CLI-to-XML Translation................................................................................................................569
1.1.16.6.7 Verifying the Configuration................................................................................................................................ 570
1.1.16.6.8 Example for Configuring a Device to Communicate with ncclient Using NETCONF..................... 570
1.1.16.7 Configuring NETCONF Authorization................................................................................................................ 576
1.1.16.7.1 Understanding HUAWEI-NACM Authorization........................................................................................... 576
1.1.16.7.2 Understanding IETF-NACM Authorization.................................................................................................... 578
1.1.16.7.3 Configuring HUAWEI-NACM Authorization................................................................................................. 585
1.1.16.7.4 Configuring IETF-NACM Authorization.......................................................................................................... 586
1.1.16.8 Maintaining NETCONF............................................................................................................................................ 587
1.1.16.8.1 Enabling NETCONF Operation Log Query.................................................................................................... 587
1.1.16.9 Examples for Basic NETCONF Operations........................................................................................................ 588
1.1.16.9.1 Modifying and Committing the Configuration............................................................................................588
1.1.16.9.2 Displaying Configuration or Status Data...................................................................................................... 590
1.1.16.9.3 Maintenance............................................................................................................................................................ 591
1.1.16.9.4 Subscription Event Notification........................................................................................................................ 592
1.1.16.9.5 Configuration Export............................................................................................................................................ 593
1.1.16.9.6 Configuration Validation..................................................................................................................................... 594
1.1.17 BootLoader Management Configuration............................................................................................................. 595
1.1.17.1 Overview of BootLoader......................................................................................................................................... 595
1.1.17.2 Introduction of the BootLoader Menu............................................................................................................... 595
1.1.17.3 Example for Changing the BootLoader Password During First Login.....................................................600
1.1.17.4 Example for Upgrading the System Software Through the BootLoader Menu...................................602
1.1.17.5 Example for Clearing the Console Port Login Password Through the BootLoader Menu............... 604
1.1.18 Device Management Configuration....................................................................................................................... 605
1.1.18.1 Device Management Description.........................................................................................................................605
1.1.18.1.1 Device Anti-Theft................................................................................................................................................... 606
1.1.18.2 Device Management Configuration....................................................................................................................607
1.1.18.2.1 Overview of Device Management................................................................................................................... 607
1.1.18.2.2 Configuration Precautions for Device Management................................................................................. 608
1.1.18.2.3 Powering Off a Board...........................................................................................................................................609
1.1.18.2.4 Changing the Password of the BootROM Menu.........................................................................................610
1.1.18.2.5 (Optional) Configuring the Default Slot Number for the SMB............................................................. 611
1.1.18.2.6 Managing Online Devices................................................................................................................................... 612
1.1.18.2.7 (Optional) Configuring Automatic Board Power Off Under High Temperature............................. 620
1.1.18.2.8 Configuring the Detection of the Channel Status of the Slave Main Control Board..................... 620
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. ix
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.18.2.9 Configuring the Alarm Threshold for the CPU Usage of a Board.........................................................621
1.1.18.2.10 Configuring the Alarm Threshold for the Usage of a Single CPU on a Board...............................622
1.1.18.2.11 Configuring Alarm Thresholds for Board Performance.......................................................................... 622
1.1.18.2.12 Configuring the Threshold of Memory Usage...........................................................................................623
1.1.18.2.13 Configuring the Threshold of CPU Usage................................................................................................... 624
1.1.18.2.14 Configuring the Multi-level Alarm Boolean Output............................................................................... 624
1.1.18.2.15 Configuring a Port Bandwidth Allocation Mode...................................................................................... 625
1.1.18.2.16 Disable the Function to Use the OFL Button to Power On and Off a Board.................................626
1.1.18.2.17 (Optional) Disabling the Multi-Process Mode of the FEI Component............................................. 627
1.1.18.2.18 Configuring Device Anti-Theft........................................................................................................................ 627
1.1.18.2.19 Configuration Examples for Device Management................................................................................... 628
1.1.19 Information Management Configuration.............................................................................................................629
1.1.19.1 Overview of Information Management............................................................................................................ 629
1.1.19.2 Understanding IM..................................................................................................................................................... 630
1.1.19.2.1 IM Fundamentals................................................................................................................................................... 630
1.1.19.2.2 Information Classification................................................................................................................................... 630
1.1.19.2.3 Information Severity............................................................................................................................................. 632
1.1.19.2.4 Information Format.............................................................................................................................................. 633
1.1.19.2.5 Information Filtering............................................................................................................................................ 635
1.1.19.2.6 Information Suppression..................................................................................................................................... 635
1.1.19.2.7 Information Output...............................................................................................................................................636
1.1.19.3 Configuration Precautions for Information management.......................................................................... 640
1.1.19.4 Default Settings for IM............................................................................................................................................640
1.1.19.5 Configuring Log Output.......................................................................................................................................... 641
1.1.19.5.1 Enabling IM.............................................................................................................................................................. 641
1.1.19.5.2 Configuring the Device to Output Logs to the Log Buffer......................................................................642
1.1.19.5.3 Configuring the Device to Output Logs to a Log File............................................................................... 643
1.1.19.5.4 Configuring the Device to Output Logs to a Log Host.............................................................................644
1.1.19.5.5 Configuring the Device to Output Logs to the Console........................................................................... 645
1.1.19.5.6 Configuring the Device to Output Logs to a Terminal............................................................................. 645
1.1.19.5.7 Verifying the Configuration................................................................................................................................ 646
1.1.19.5.8 Example for Configuring the Device to Output Logs to a Log File...................................................... 646
1.1.19.5.9 Example for Configuring the Device to Output Logs to a Log Host....................................................648
1.1.19.5.10 Example for Configuring the Device to Output SSL-Encrypted Logs to Log Hosts...................... 651
1.1.19.6 Configuring Trap Output........................................................................................................................................ 654
1.1.19.6.1 Enabling IM.............................................................................................................................................................. 654
1.1.19.6.2 Configuring the Device to Output Traps to the Trap Buffer................................................................... 655
1.1.19.6.3 Configuring the Device to Output Traps to an SNMP Agent................................................................. 655
1.1.19.6.4 Configuring the Device to Output Traps to a Log File..............................................................................656
1.1.19.6.5 Configuring the Device to Output Traps to a Log Host........................................................................... 657
1.1.19.6.6 Configuring the Device to Output Traps to the Console..........................................................................658
1.1.19.6.7 Configuring the Device to Output Traps to a Terminal............................................................................ 659
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. x
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.19.6.8 Verifying the Configuration................................................................................................................................ 659
1.1.19.6.9 Example for Configuring the Device to Output Traps to an SNMP Agent........................................ 660
1.1.19.7 Configuring Debugging Message Output......................................................................................................... 662
1.1.19.7.1 Enabling IM.............................................................................................................................................................. 662
1.1.19.7.2 Configuring the Device to Output Debugging Messages to the Console.......................................... 663
1.1.19.7.3 Configuring the Device to Output Debugging Messages to the Terminal........................................ 663
1.1.19.7.4 Verifying the Configuration................................................................................................................................ 664
1.1.19.7.5 Example for Configuring the Device to Output Debugging Messages to the Console................. 664
1.1.19.8 Configuring Log File Output................................................................................................................................. 666
1.1.19.9 Configuring Delayed Event Reporting................................................................................................................666
1.1.19.10 Maintaining IM........................................................................................................................................................ 667
1.1.20 Fault Management Configuration.......................................................................................................................... 668
1.1.20.1 Overview of Fault Management.......................................................................................................................... 668
1.1.20.2 Understanding FM.................................................................................................................................................... 669
1.1.20.3 Configuration Precautions for Fault Management........................................................................................671
1.1.20.4 Default Settings for FM...........................................................................................................................................671
1.1.20.5 Configuring FM.......................................................................................................................................................... 672
1.1.20.5.1 Understanding FM................................................................................................................................................. 672
1.1.20.5.2 Configuring FM....................................................................................................................................................... 673
1.1.20.5.3 Example for Configuring FM..............................................................................................................................675
1.1.20.6 Maintaining FM......................................................................................................................................................... 677
1.1.21 Performance Management Configuration........................................................................................................... 677
1.1.21.1 Overview of Performance Management........................................................................................................... 678
1.1.21.2 Understanding PM.................................................................................................................................................... 678
1.1.21.3 Configuration Precautions for Performance Management........................................................................ 679
1.1.21.4 Default Settings for PM.......................................................................................................................................... 680
1.1.21.5 Configuring PM.......................................................................................................................................................... 681
1.1.21.5.1 Configuring a Performance Statistics Task................................................................................................... 681
1.1.21.5.2 Uploading Performance Statistics Files.......................................................................................................... 683
1.1.21.5.3 Configuring the Function of Viewing and Parsing Statistics Files........................................................ 685
1.1.21.5.4 Verifying the Configuration................................................................................................................................ 687
1.1.21.5.5 Example for Configuring PM............................................................................................................................. 687
1.1.21.6 Maintaining PM......................................................................................................................................................... 690
1.1.22 Upgrade Maintenance Configuration.................................................................................................................... 690
1.1.22.1 Overview of Upgrade Maintenance.................................................................................................................... 690
1.1.22.2 Understanding Upgrade Maintenance...............................................................................................................691
1.1.22.3 Configuration Precautions for Upgrade Maintenance................................................................................. 694
1.1.22.4 Preparing for Upgrade Maintenance.................................................................................................................. 697
1.1.22.5 Configuring a Basic Software Package.............................................................................................................. 700
1.1.22.5.1 Understanding a Basic Software Package..................................................................................................... 700
1.1.22.5.2 Specifying the Basic Software Package That Takes Effect at the Next Startup............................... 700
1.1.22.6 Configuring a Feature Software Package......................................................................................................... 702
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xi
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.22.6.1 Understanding a Feature Software Package................................................................................................ 702
1.1.22.6.2 Configuring In-Service Installation and Uninstallation of a Feature Software Package...............703
1.1.22.6.3 Configuring In-Service Upgrade of a Feature Software Package..........................................................704
1.1.22.6.4 Configuring Hitless Upgrade of a Feature Software Package................................................................ 705
1.1.22.6.5 Specifying the Feature Software Package That Takes Effect at the Next Startup.......................... 705
1.1.22.7 Configuring a Patch.................................................................................................................................................. 707
1.1.22.7.1 Understanding a Patch........................................................................................................................................ 707
1.1.22.7.2 Configuring In-Service Installation and Uninstallation of a Patch....................................................... 709
1.1.22.7.3 Specifying the Patch File That Takes Effect at the Next Startup ......................................................... 710
1.1.22.7.4 (Optional) Configuring a CPU Overload Threshold for Patch Operations........................................ 711
1.1.22.8 Configuring a Module..............................................................................................................................................712
1.1.22.8.1 Understanding a Module.................................................................................................................................... 712
1.1.22.8.2 Configuring In-Service Installation and Uninstallation of a Module................................................... 712
1.1.22.8.3 Specifying the Module That Takes Effect at the Next Startup.............................................................. 713
1.1.22.9 Configuring Software Package Rollback and Rollback Prevention.......................................................... 714
1.1.22.9.1 Understanding Software Package Rollback and Rollback Prevention.................................................714
1.1.22.9.2 Configuring Software Package Rollback........................................................................................................ 715
1.1.22.9.3 Configuring Software Rollback Prevention................................................................................................... 716
1.1.22.10 (Optional) Loading a Digital Signature Certificate Revocation List (CRL)......................................... 717
1.1.22.11 Configuring Electronic Warranty Functions................................................................................................... 717
1.1.22.12 Maintaining Software............................................................................................................................................ 718
1.1.23 DCN Configuration....................................................................................................................................................... 719
1.1.23.1 DCN Description........................................................................................................................................................ 719
1.1.23.1.1 Overview of DCN................................................................................................................................................... 719
1.1.23.1.2 Understanding DCN.............................................................................................................................................. 721
1.1.23.1.3 Application Scenarios for DCN.......................................................................................................................... 723
1.1.23.1.4 Terminology for DCN............................................................................................................................................724
1.1.23.2 DCN Configuration................................................................................................................................................... 725
1.1.23.2.1 Overview of DCN................................................................................................................................................... 725
1.1.23.2.2 Configuration Precautions for DCN................................................................................................................. 727
1.1.23.2.3 Configuring Basic DCN Functions.................................................................................................................... 729
1.1.23.2.4 Configuring Extended DCN Functions............................................................................................................ 733
1.1.23.2.5 Improving DCN Security...................................................................................................................................... 738
1.1.23.2.6 DCN Configuration Examples............................................................................................................................ 748
1.1.24 RMON Configuration.................................................................................................................................................. 754
1.1.24.1 Overview of RMON.................................................................................................................................................. 754
1.1.24.2 Understanding RMON............................................................................................................................................. 754
1.1.24.3 Configuration Precautions for RMON................................................................................................................ 756
1.1.24.4 Configuring RMON................................................................................................................................................... 756
1.1.24.4.1 Configuring the RMON Statistics Function...................................................................................................756
1.1.24.4.2 Configuring the RMON Alarm Function........................................................................................................ 757
1.1.24.4.3 Verifying the RMON Configuration................................................................................................................. 758
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Contents
1.1.24.4.4 Example for Configuring RMON.......................................................................................................................759
1.1.25 SAID Configuration...................................................................................................................................................... 762
1.1.25.1 SAID Description........................................................................................................................................................ 762
1.1.25.1.1 Overview of SAID...................................................................................................................................................762
1.1.25.1.2 Understanding SAID............................................................................................................................................. 763
1.1.25.1.3 Terminology for SAID........................................................................................................................................... 769
1.1.25.2 SAID Configuration................................................................................................................................................... 770
1.1.25.2.1 Overview of SAID...................................................................................................................................................770
1.1.25.2.2 Configuration Precautions for SAID................................................................................................................ 771
1.1.25.2.3 Enabling/Disabling a SAID Node......................................................................................................................772
1.1.25.2.4 Enabling the CFC Node Recovery Function.................................................................................................. 773
1.1.26 PADS Configuration..................................................................................................................................................... 773
1.1.26.1 Overview of PADS..................................................................................................................................................... 773
1.1.26.2 Understanding PADS................................................................................................................................................ 774
1.1.26.3 Configuring the PADS Function............................................................................................................................775
1.1.27 CUSP Description.......................................................................................................................................................... 775
1.1.27.1 Overview of CUSP..................................................................................................................................................... 776
1.1.27.2 Understanding CUSP................................................................................................................................................ 777
1.1.27.2.1 CUSP Fundamentals............................................................................................................................................. 778
1.1.27.2.2 Control channel Establishment and Maintenance..................................................................................... 779
1.1.27.2.3 CUSP-based Port Information Reporting....................................................................................................... 779
1.1.27.2.4 CUSP Flow Table Delivery................................................................................................................................... 780
1.1.27.2.5 CUSP Reliability...................................................................................................................................................... 781
1.1.27.3 Terminology for CUSP..............................................................................................................................................783
1.1.28 KPI Description.............................................................................................................................................................. 783
1.1.28.1 Overview of KPIs....................................................................................................................................................... 783
1.1.28.2 Understanding KPIs.................................................................................................................................................. 783
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xiii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Figures
Figures
Figure 1-1 Admin-VS and service VS......................................................................................................................... 2
Figure 1-2 Configuring VSs......................................................................................................................................... 16
Figure 1-3 LAD packet format on Ethernet interfaces...................................................................................... 21
Figure 1-4 LAD packet format on Ethernet sub-interfaces............................................................................. 22
Figure 1-5 LAD packet format on low-speed interfaces...................................................................................23
Figure 1-6 LAD data unit format.............................................................................................................................. 24
Figure 1-7 Link Detect packet data unit format................................................................................................. 24
Figure 1-8 Link Reply packet data unit format....................................................................................................25
Figure 1-9 LAD networking........................................................................................................................................ 26
Figure 1-10 Single-neighbor networking............................................................................................................... 27
Figure 1-11 Multi-neighbor networking................................................................................................................ 28
Figure 1-12 Networking with aggregated links.................................................................................................. 29
Figure 1-13 LAD networking...................................................................................................................................... 32
Figure 1-14 LAD networking...................................................................................................................................... 34
Figure 1-15 LLDP frame format................................................................................................................................ 37
Figure 1-16 LLDPDU format.......................................................................................................................................38
Figure 1-17 TLV format................................................................................................................................................ 41
Figure 1-18 TLV structure with TLV type being 127.......................................................................................... 41
Figure 1-19 LLDP schematic diagram..................................................................................................................... 43
Figure 1-20 Single neighbor networking............................................................................................................... 45
Figure 1-21 Multi-neighbor networking................................................................................................................ 46
Figure 1-22 Networking with aggregated links.................................................................................................. 47
Figure 1-23 Implementation diagram for LLDP.................................................................................................. 49
Figure 1-24 Networking diagram for the LLDP application............................................................................51
Figure 1-25 Networking diagram for configuring basic LLDP functions.................................................... 62
Figure 1-26 NTP message exchange process....................................................................................................... 68
Figure 1-27 Network structure of NTP................................................................................................................... 69
Figure 1-28 Client/Server mode................................................................................................................................ 71
Figure 1-29 Peer mode.................................................................................................................................................72
Figure 1-30 Broadcast mode...................................................................................................................................... 73
Figure 1-31 Multicast mode....................................................................................................................................... 74
Figure 1-32 Manycast mode...................................................................................................................................... 74
Figure 1-33 NTP packet format................................................................................................................................ 76
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xiv
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Figures
Figure 1-34 Configuring the NTP peer mode.......................................................................................................86
Figure 1-35 Configuring the NTP multicast mode............................................................................................. 88
Figure 1-36 Configuring the NTP manycast mode.............................................................................................91
Figure 1-37 Configuring the NTP client/server mode with authentication............................................... 99
Figure 1-38 Configuring the NTP broadcast mode with authentication..................................................103
Figure 1-39 Configuring KOD authentication in client/server mode.........................................................106
Figure 1-40 OPS architecture.................................................................................................................................. 114
Figure 1-41 Network diagram of automatic health check using commands.........................................126
Figure 1-42 Automatic health check using a Python script..........................................................................132
Figure 1-43 Direct master-slave synchronization............................................................................................. 149
Figure 1-44 Hierarchical master-slave synchronization................................................................................. 150
Figure 1-45 Transmitting clock signals through clock interfaces................................................................151
Figure 1-46 Transmitting clock signals through Ethernet links................................................................... 151
Figure 1-47 Specifying a clock source manually...............................................................................................153
Figure 1-48 Networking diagram of configuring clock synchronization on a ring network.............171
Figure 1-49 Networking diagram of configuring clock synchronization on a hybrid network........ 176
Figure 1-50 Time synchronization and frequency synchronization............................................................180
Figure 1-51 Positions of the OC, BC, and TC on a time synchronization network............................... 185
Figure 1-52 E2E delay measurement in Delay mode......................................................................................188
Figure 1-53 Networking diagram of directly connected BC and OC......................................................... 189
Figure 1-54 Schematic diagram of forwarding delay correction on a TC................................................ 190
Figure 1-55 Networking of the BC, OC, and E2E TC and the synchronization process.......................190
Figure 1-56 Schematic diagram of time synchronization in PDelay mode............................................. 191
Figure 1-57 Networking diagram of time synchronization in PDelay mode between the directly
connected BC and OC................................................................................................................................................. 192
Figure 1-58 Forwarding delay correction in PDelay mode............................................................................193
Figure 1-59 Networking and schematic diagram of forwarding delay correction in PDelay mode on
a P2P TC........................................................................................................................................................................... 193
Figure 1-60 Asymmetric delay correction mechanism................................................................................... 194
Figure 1-61 Layer 2 multicast encapsulation without tags.......................................................................... 195
Figure 1-62 Layer 2 multicast encapsulation with tags................................................................................. 195
Figure 1-63 Layer 3 unicast encapsulation without tags...............................................................................195
Figure 1-64 Layer 3 unicast encapsulation with tags..................................................................................... 195
Figure 1-65 External time synchronization.........................................................................................................196
Figure 1-66 Fiber symmetry and asymmetry.....................................................................................................198
Figure 1-67 Real-time offset monitoring and automatic compensation when GPS is deployed on
the base station side....................................................................................................................................................199
Figure 1-68 Measurement on a ring network................................................................................................... 200
Figure 1-69 Networking diagram of 1588v2 clock synchronization in per-hop mode........................201
Figure 1-70 Networking diagram of the bearer and wireless networks in the same clock domain
............................................................................................................................................................................................ 202
Figure 1-71 Networking diagram of the bearer and wireless networks in different clock domains
............................................................................................................................................................................................ 203
Figure 1-72 G.8275.1 per-hop clock synchronization...................................................................................... 204
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xv
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Figures
Figure 1-73 Networking of SMPTE-2059-2 E2E clock synchronization.................................................... 204
Figure 1-74 Dynamic 1588v2 application........................................................................................................... 215
Figure 1-75 Typical dynamic 1588v2 network with TCandBC devices...................................................... 216
Figure 1-76 Automatic asymmetry measurement over a 1588v2 ring network................................... 220
Figure 1-77 Static 1588v2 application..................................................................................................................236
Figure 1-78 Typical static 1588v2 network with a TCandBC........................................................................ 237
Figure 1-79 Automatic asymmetry measurement over a 1588v2 ring network................................... 240
Figure 1-80 Measurement on a Ring Network................................................................................................. 258
Figure 1-81 Configuring the unicast MAC encapsulation mode for 1588v2 packets to implement
network-wide clock synchronization...................................................................................................................... 262
Figure 1-82 Configuring the multicast MAC encapsulation mode for 1588v2 packets to implement
network-wide clock synchronization...................................................................................................................... 269
Figure 1-83 G.8275.1 application over a bearer network..............................................................................276
Figure 1-84 Configuring the multicast MAC encapsulation mode for G.8275.1 packets to achieve
network-wide time synchronization....................................................................................................................... 283
Figure 1-85 Positions of the T-GM, T-BC, T-TC, and T-TSC on a time synchronization network...... 306
Figure 1-86 CU-106 application over a bearer network................................................................................ 307
Figure 1-87 Clock synchronization in one-way mode.....................................................................................315
Figure 1-88 Clock synchronization in two-way mode.................................................................................... 316
Figure 1-89 Networking diagram of 1588 ACR applications on a network............................................318
Figure 1-90 Network diagram of 1588 ACR.......................................................................................................322
Figure 1-91 Networking diagram of configuring 1588 ACR clock synchronization in a single-server
scenario............................................................................................................................................................................ 327
Figure 1-92 Networking diagram of configuring 1588 ACR clock synchronization in a dual-server
scenario............................................................................................................................................................................ 330
Figure 1-93 Clock synchronization in two-way mode.................................................................................... 336
Figure 1-94 1588 ATR time synchronization...................................................................................................... 337
Figure 1-95 1588 ATR time synchronization through transparent transmission...................................338
Figure 1-96 Hop-by-hop 1588 ATR time synchronization.............................................................................339
Figure 1-97 Lightweight time synchronization................................................................................................. 339
Figure 1-98 Application of the server-and-client mode................................................................................. 341
Figure 1-99 1588 ATR configuration in a dual-server scenario...................................................................352
Figure 1-100 1588v2 hop-by-hop time synchronization................................................................................355
Figure 1-101 T-BC time synchronization............................................................................................................. 358
Figure 1-102 GPS timing........................................................................................................................................... 363
Figure 1-103 Atom GPS networking..................................................................................................................... 365
Figure 1-104 Networking of Atom GPS timing.................................................................................................369
Figure 1-105 Networking of Atom GPS timing.................................................................................................371
Figure 1-106 Atom GPS timing...............................................................................................................................378
Figure 1-107 Atom GPS 3.0 timing....................................................................................................................... 383
Figure 1-108 Network diagram of Atom GPS 3.0 timing.............................................................................. 384
Figure 1-109 Network diagram of Atom GPS 3.0 timing.............................................................................. 388
Figure 1-110 Network diagram of Atom GPS 3.0 timing.............................................................................. 391
Figure 1-111 Network diagram of Atom GPS 3.0 timing.............................................................................. 396
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xvi
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Figures
Figure 1-112 Atom GNSS timing........................................................................................................................... 400
Figure 1-113 Atom GNSS networking.................................................................................................................. 402
Figure 1-114 Networking of Atom GNSS timing..............................................................................................405
Figure 1-115 Networking of Atom GNSS timing..............................................................................................408
Figure 1-116 Atom GNSS timing........................................................................................................................... 415
Figure 1-117 SNMP structure.................................................................................................................................. 419
Figure 1-118 MIB tree structure............................................................................................................................. 419
Figure 1-119 SNMP operations...............................................................................................................................420
Figure 1-120 Typical SNMP configuration.......................................................................................................... 421
Figure 1-121 Schematic diagram for how a proxy agent works................................................................. 422
Figure 1-122 SNMP management model........................................................................................................... 422
Figure 1-123 MIB tree structure............................................................................................................................. 423
Figure 1-124 Process of transmitting a trap message.................................................................................... 425
Figure 1-125 SNMP proxy.........................................................................................................................................427
Figure 1-126 SNMP proxy working principles................................................................................................... 429
Figure 1-127 SNMP proxy schematic diagram.................................................................................................. 430
Figure 1-128 SNMP operations and messages..................................................................................................435
Figure 1-129 Network diagram of configuring a device to communicate with an NMS using
SNMPv2c..........................................................................................................................................................................458
Figure 1-130 Network diagram of configuring a device to communicate with an NMS using
SNMPv3............................................................................................................................................................................474
Figure 1-131 Process of an AAA user logging in to the NMS through SNMP....................................... 478
Figure 1-132 Flowchart for configuring a local SNMPv3 user on a device to communicate with an
NMS................................................................................................................................................................................... 478
Figure 1-133 Network diagram of configuring a local SNMPv3 user to communicate with an NMS
............................................................................................................................................................................................ 484
Figure 1-134 Networking diagram for configuring the device to communicate with NMS through
SNMP proxy.................................................................................................................................................................... 487
Figure 1-135 Networking diagram for configuring a device to communicate with an NMS using an
SNMP proxy.................................................................................................................................................................... 493
Figure 1-136 Basic network architecture of NETCONF.................................................................................. 498
Figure 1-137 Capability interaction between the server and client...........................................................500
Figure 1-138 Structure of a NETCONF YANG request message................................................................. 505
Figure 1-139 Network diagram of configuration file management using NETCONF.........................570
Figure 1-140 HUAWEI-NACM authorization..................................................................................................... 577
Figure 1-141 HUAWEI-NACM authorization..................................................................................................... 578
Figure 1-142 Process of IETF-NACM authorization......................................................................................... 583
Figure 1-143 Connecting a PC to a device through a console port........................................................... 600
Figure 1-144 Connecting a PC to a device through a console port........................................................... 602
Figure 1-145 Connecting to a device through the console port................................................................. 604
Figure 1-146 Device anti-theft................................................................................................................................ 606
Figure 1-147 IM working principles...................................................................................................................... 630
Figure 1-148 Information output channels........................................................................................................ 637
Figure 1-149 Outputting logs to a log file......................................................................................................... 639
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xvii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Figures
Figure 1-150 Outputting logs to a log host....................................................................................................... 640
Figure 1-151 Outputting traps to the NMS........................................................................................................640
Figure 1-152 Outputting debugging messages to the console................................................................... 640
Figure 1-153 Networking diagram of outputting logs to a log file...........................................................646
Figure 1-154 Networking diagram of outputting logs to a log host........................................................ 649
Figure 1-155 Networking diagram of outputting SSL-encrypted logs to log hosts............................. 651
Figure 1-156 Networking diagram of outputting traps to the SNMP agent..........................................660
Figure 1-157 Networking diagram of outputting debugging messages to the console.................... 664
Figure 1-158 Alarm persistence analysis............................................................................................................. 671
Figure 1-159 Networking diagram for configuring FM..................................................................................675
Figure 1-160 Networking diagram for PM......................................................................................................... 687
Figure 1-161 Software package composition.................................................................................................... 692
Figure 1-162 Feature software package.............................................................................................................. 702
Figure 1-163 Transition between patch states.................................................................................................. 708
Figure 1-164 External DCN and internal DCN.................................................................................................. 720
Figure 1-165 Basic DCN principles........................................................................................................................ 722
Figure 1-166 Typical DCN application..................................................................................................................723
Figure 1-167 DCN traversal over a third-party Layer 2 network................................................................724
Figure 1-168 Networking diagram for configuring DCN...............................................................................748
Figure 1-169 Configuring DCN traversal over a third-party Layer 2 network....................................... 751
Figure 1-170 Networking diagram for configuring RMON.......................................................................... 759
Figure 1-171 Process of SAID node state transition........................................................................................ 764
Figure 1-172 Implementation of PADS................................................................................................................ 774
Figure 1-173 Comparison between a traditional network architecture and an SDN network
architecture..................................................................................................................................................................... 778
Figure 1-174 Flowchart for establishing and maintaining a CUSP connection..................................... 779
Figure 1-175 Flowchart for reporting port information.................................................................................780
Figure 1-176 Flowchart for delivering a flow table......................................................................................... 781
Figure 1-177 Service implementation flowchart.............................................................................................. 784
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xviii
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Tables
Tables
Table 1-1 Function support status for a service VS.............................................................................................. 3
Table 1-2 Default settings for a VS.......................................................................................................................... 10
Table 1-3 Fields in an LAD packet on Ethernet interfaces...............................................................................21
Table 1-4 Fields in an LAD packet on Ethernet sub-interfaces...................................................................... 22
Table 1-5 Fields in an LAD packet on low-speed interfaces........................................................................... 23
Table 1-6 LAD data unit fields................................................................................................................................... 24
Table 1-7 Fields in an LLDP frame........................................................................................................................... 37
Table 1-8 Basic TLVs...................................................................................................................................................... 39
Table 1-9 Description of TLVs defined by IEEE 802.1........................................................................................ 40
Table 1-10 Description of TLVs defined by IEEE 802.3...................................................................................... 40
Table 1-11 Feature requirements............................................................................................................................. 50
Table 1-12 LLDP parameters...................................................................................................................................... 55
Table 1-13 Operating modes of NTP...................................................................................................................... 70
Table 1-14 Description of each field in an NTP packet.................................................................................... 76
Table 1-15 Feature requirements............................................................................................................................. 78
Table 1-16 Default settings for NTP........................................................................................................................ 78
Table 1-17 Description of the NTP access authority..........................................................................................96
Table 1-18 Monitoring the NTP operating status............................................................................................ 110
Table 1-19 Clearing NTP statistics......................................................................................................................... 111
Table 1-20 Comparison between maintenance assistants............................................................................ 115
Table 1-21 Cron formats........................................................................................................................................... 116
Table 1-22 Feature requirements........................................................................................................................... 120
Table 1-23 Trigger conditions for an assistant.................................................................................................. 123
Table 1-24 Trigger conditions for an assistant.................................................................................................. 125
Table 1-25 Operations supported by the OPS, RESTCONF, and NETCONF............................................. 129
Table 1-26 Script compiling for various OPS operations............................................................................... 130
Table 1-27 OPS APIs................................................................................................................................................... 135
Table 1-28 Feature requirements........................................................................................................................... 143
Table 1-29 SSM codes................................................................................................................................................ 153
Table 1-30 Feature requirements........................................................................................................................... 157
Table 1-31 Clock source priority and SSM level of each router.................................................................. 172
Table 1-32 Clock source priority and Clock ID of each router..................................................................... 176
Table 1-33 Requirements of wireless standards for the accuracy of frequency and time
synchronization............................................................................................................................................................. 181
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xix
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Tables
Table 1-34 Requirements of wireless standards for the accuracy of frequency and time
synchronization............................................................................................................................................................. 207
Table 1-35 Feature requirements........................................................................................................................... 209
Table 1-36 Default multicast destination MAC addresses for different delay measurement
mechanisms.................................................................................................................................................................... 234
Table 1-37 Multicast destination IP addresses used for UDP encapsulation in different delay
measurement mechanisms....................................................................................................................................... 235
Table 1-38 Default multicast destination MAC addresses for different delay measurement
mechanisms.................................................................................................................................................................... 255
Table 1-39 Multicast destination IP addresses used for UDP encapsulation in different delay
measurement mechanisms....................................................................................................................................... 256
Table 1-40 Mapping between default multicast destination IP addresses and delay measurement
mechanisms.................................................................................................................................................................... 305
Table 1-41 Feature requirements........................................................................................................................... 320
Table 1-42 Feature requirements........................................................................................................................... 343
Table 1-43 Feature requirements........................................................................................................................... 368
Table 1-44 SNMP operations................................................................................................................................... 420
Table 1-45 Types of information managed by the MIB................................................................................. 424
Table 1-46 Comparison of security in different SNMP versions..................................................................427
Table 1-47 Feature requirements........................................................................................................................... 431
Table 1-48 PDU types.................................................................................................................................................436
Table 1-49 Error status.............................................................................................................................................. 436
Table 1-50 Generic trap types................................................................................................................................. 437
Table 1-51 Configuring a source interface for the SNMP agent to receive and respond to NMS
request packets..............................................................................................................................................................441
Table 1-52 Configuring the SNMP proxy to receive and respond to requests from the CCU........... 442
Table 1-53 Configuring a source interface for the SNMP agent to receive and respond to NMS
request packets..............................................................................................................................................................451
Table 1-54 Configuring the SNMP proxy to receive and respond to requests from the CCU........... 452
Table 1-55 Configuring a source interface for the SNMP agent to receive and respond to NMS
request packets..............................................................................................................................................................467
Table 1-56 SNMP proxy configuration tasks...................................................................................................... 488
Table 1-57 Configuring the SNMP proxy to receive and respond to requests from the CCU........... 492
Table 1-58 Comparison between SNMP and NETCONF................................................................................ 497
Table 1-59 Main elements in the basic network architecture of NETCONF........................................... 498
Table 1-60 NETCONF protocol framework......................................................................................................... 501
Table 1-61 Element description.............................................................................................................................. 502
Table 1-62 NETCONF-defined configuration databases................................................................................ 503
Table 1-63 Fields in a NETCONF message.......................................................................................................... 506
Table 1-64 Description of each field in a response message....................................................................... 509
Table 1-65 Subtree filter components.................................................................................................................. 510
Table 1-66 Element descriptions............................................................................................................................ 544
Table 1-67 Element descriptions............................................................................................................................ 546
Table 1-68 Feature requirements........................................................................................................................... 558
Table 1-69 Configuration in different authentication modes...................................................................... 562
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xx
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide Tables
Table 1-70 Creating a local user in the AAA view with the same name as the SSH user................. 563
Table 1-71 Configuring the local RSA, DSA, SM2, or ECC key for the SSH user....................................563
Table 1-72 Binding a PKI realm to the SSH user.............................................................................................. 566
Table 1-73 NETCONF parameters.......................................................................................................................... 567
Table 1-74 Description of IETF-NACM components........................................................................................ 579
Table 1-75 Operations performed for different authorized contents........................................................584
Table 1-76 A user's operation permissions......................................................................................................... 586
Table 1-77 BootLoader main menu...................................................................................................................... 596
Table 1-78 Ethernet submenu................................................................................................................................. 599
Table 1-79 Feature requirements........................................................................................................................... 608
Table 1-80 Information classification................................................................................................................... 631
Table 1-81 Description of information severity.................................................................................................632
Table 1-82 Information format description........................................................................................................ 633
Table 1-83 Default information output channels.............................................................................................637
Table 1-84 Log files..................................................................................................................................................... 639
Table 1-85 Default settings for IM........................................................................................................................ 640
Table 1-86 Clearing statistics...................................................................................................................................667
Table 1-87 Monitoring IM.........................................................................................................................................667
Table 1-88 Checking Security Log Files................................................................................................................668
Table 1-89 Definition of alarm severities............................................................................................................ 670
Table 1-90 Default settings for FM....................................................................................................................... 672
Table 1-91 Clearing alarms...................................................................................................................................... 677
Table 1-92 Monitoring alarms................................................................................................................................ 677
Table 1-93 Feature requirements........................................................................................................................... 679
Table 1-94 Default settings for PM....................................................................................................................... 681
Table 1-95 Format of a statistics file.................................................................................................................... 686
Table 1-96 Feature requirements........................................................................................................................... 694
Table 1-97 Patch states............................................................................................................................................. 708
Table 1-98 Operations related to software package maintenance............................................................ 718
Table 1-99 Feature requirements........................................................................................................................... 727
Table 1-100 Rules for enabling DCN on interfaces by default.................................................................... 731
Table 1-101 Feature requirements........................................................................................................................ 771
Table 1-102 Basic CUSP concepts.......................................................................................................................... 776
Table 1-103 CUSP reliability solutions..................................................................................................................781
Table 1-104 KPI examples........................................................................................................................................ 785
Table 1-105 Format of the KPI file header......................................................................................................... 788
Table 1-106 Format of the KPI packet header.................................................................................................. 788
Table 1-107 Format of the KPI data packet....................................................................................................... 789
Table 1-108 Post-parsing data modes..................................................................................................................790
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. xxi
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1 Configuration
1.1 System Management
1.1.1 VS Configuration
1.1.1.1 Overview of VSs
Definition
Virtual system (VS) technology virtualizes a physical device into multiple logical
devices, known as VSs. Each VS processes services as an independent physical
device.
Purpose
● VS technology enables a single physical device to function as multiple
network nodes on a logical topology, maximizing resource utilization and
reducing the network operating expense (OPEX).
● Different VSs can have different services deployed to isolate services and
faults, thereby improving network security and reliability.
1.1.1.2 Understanding VSs
VS Technology
VS technology uses system software to replicate processes on a physical device,
implementing virtualization of the control plane, management plane, and
forwarding plane. Each created VS functions as an independent device.
● Virtualization of the control plane: Each VS runs its own control protocol
process. As such, a process error in one VS does not affect processes in other
VSs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 1
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Virtualization of the management plane: Each VS maintains its own
configuration file, enabling different VSs to be managed by different
administrators.
● Virtualization of the forwarding plane: Each VS maintains its own forwarding
table and protocol stack. Data flows between VSs do not interfere with each
other, ensuring service isolation and security.
VS Classification
Virtualized logical devices are called VSs. According to their permissions, VSs are
classified into two types: Admin-VS and service VS, as shown in Figure 1-1. All VSs
on a device share the device's physical and logical resources.
The Admin-VS is the default VS. After an administrator logs in to a physical device,
the administrator enters the Admin-VS. Each physical device has an Admin-VS that
remains in running state. The Admin-VS cannot be created, deleted, or shut down.
A service VS is also called a non-Admin-VS. An administrator can create service
VSs, delete service VSs, and allocate resources to service VSs only in the Admin-VS.
Figure 1-1 Admin-VS and service VS
VS Attributes
VSs have two administrator roles: physical system (PS) administrator and VS
administrator.
● PS administrator: Only the Admin-VS has a PS administrator, who has the
highest permission and can create service VSs, delete service VSs, and allocate
resources to service VSs. A PS administrator can also access a service VS.
● VS administrator: A VS administrator can manage only the local VS; that is, it
can only check and configure services in the local VS. A VS administrator
cannot perform operations that affect the entire physical device, such as
resetting cards and backing up electronic labels.
MAC address of a VS: After a VS is created, the system automatically assigns it a
MAC address, which cannot be modified.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 2
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
File system of a VS: Each VS has an independent file system that stores its own
configuration file and log files. A VS administrator can perform operations only on
the local file system. Operations in one VS do not affect other VSs, ensuring
security.
VS alarm: A VS can independently report alarms to the NMS, facilitating
troubleshooting and ensuring VS security.
VS Communication
VSs cannot communicate with each other directly, but do so through the
connected and configured physical interfaces between them.
1.1.1.3 Functions Supported by VSs
The Admin-VS supports all functions of the device. For the functions supported
and not supported by a service VS, see Table 1-1.
Table 1-1 Function support status for a service VS
Feature Function Support Status Description
IP addresses and IPv4 basic Supported -
services
IPv6 basic Supported -
Load balancing Supported -
ARP Supported -
ARP security Supported -
DHCPv4 Supported -
DHCPv6 Supported -
DNS Supported -
DNSv6 Supported -
ACL Supported -
ACL6 Supported -
ND Supported -
MTU Supported -
IP routing Route Supported -
management
IPv4 static route Supported -
IPv6 static route Supported -
OSPF Supported -
OSPFv3 Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 3
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
BGP Supported -
BGP4+ Supported -
IS-IS Supported -
IS-ISv6 Supported -
RIP Supported -
RIPng Supported -
Routing policy Supported -
XPL Supported -
Route monitoring Supported -
group
IP multicast IGMP Supported -
MLD Supported -
PIM Supported -
IPv6 PIM Supported -
MSDP Supported -
IPv4 multicast Supported -
routing
management
IPv6 multicast Supported -
routing
management
BIER Supported -
BIERv6 Supported -
IGMP snooping Supported -
(Layer 2
multicast)
MLD snooping Supported -
(Layer 2
multicast)
Multicast VLAN Supported -
MBGP Supported -
Rosen MVPN Supported -
NG MVPN Supported -
IPv6 NG MVPN Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 4
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
IPv4 user-side Not supported -
multicast
IPv6 user-side Not supported -
multicast
Controllable Supported -
multicast
Multicast NAT Supported -
MPLS MPLS common Supported -
Static MPLS Supported -
MPLS LDP Supported -
MPLS TE Supported -
Seamless MPLS Supported -
GMPLS UNI Supported -
NAT and IPv6 IPv4 over IPv6 Supported -
transition tunnel
NAT Supported -
NAT64 Supported -
MAP Supported -
QoS Traffic policing Supported -
and traffic
shaping
Congestion Supported -
management and
congestion
avoidance
Class-based QoS Supported -
QPPB Supported -
HQoS Supported -
MPLS DiffServ Supported -
User access QoS Supported Last-mile QoS is
supported only in
the Admin-VS.
Multicast QoS Not supported -
VPN QoS Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 5
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
Segment routing Segment routing Supported -
MPLS
Segment routing Supported -
IPv6
VPN L2TPv3 Supported -
GRE Supported -
IPv6 GRE Supported -
DSVPN Supported -
IPv4 L3VPN Supported -
IPv6 L3VPN Supported -
L2VPN accessing Supported -
L3VPN
EVPN Supported -
PBB-EVPN Supported -
Tunnel Supported -
VPWS Supported -
IP hard pipe Supported -
VPLS Supported -
PBB VPLS Supported -
VXLAN VXLAN Supported -
Security AAA and user Supported The RADIUS
management server
(administrator configuration is
users) supported only in
the Admin-VS.
BGP flow Supported -
specification
URPF Supported -
PKI Supported -
Keychain Supported -
FIPS Supported -
GTSM Supported -
LDM Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 6
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
DHCP snooping Supported -
Packet header Supported -
obtaining
IPsec Supported -
MPAC Supported -
Local attack Supported -
defense
SOC Supported -
Mirroring Supported -
Layer 2 traffic Supported -
suppression
Port-based 802.1X Not supported -
authentication
Basic First login Supported -
configuration
ZTP Supported -
Interface Interface basic Supported -
management
Logical interface Supported -
Transmission Supported -
alarm
customization and
suppression
Reliability BFD Supported -
BFDv6 Supported -
VRRP Supported -
VRRP6 Supported -
LPT Supported -
EFM Supported -
CFM Supported -
Y.1731 Supported -
Dual-device Supported -
backup
Bit error-triggered Supported -
switching
MPLS OAM Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 7
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
MPLS-TP OAM Supported -
System LAD Supported -
management
LLDP Supported -
DCN Supported -
Information Supported -
management
System time Supported -
SAID Supported -
System NQA Supported -
monitoring
Ping and tracert Supported -
NetStream Supported -
iFIT Supported -
TWAMP Supported -
IP FPM Supported -
TWAMP Light Supported -
sFlow Supported -
EMDI Supported -
IP traffic Supported -
monitoring
ESQM Supported -
Flow recognition Supported -
Intelligent Supported -
monitoring
Path detection Supported -
Ethernet MAC Supported -
switching
Eth-Trunk Supported -
VLAN Supported -
GVRP Supported -
STP/RSTP/MSTP Supported -
RRPP Supported -
ERPS (G.8032) Supported -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 8
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Function Support Status Description
Layer 2 protocol Supported -
tunneling
QinQ Supported -
EVC Supported -
MAC flapping- Supported -
based loop
detection
BPDU tunnel Supported -
User access and AAA and user Not supported -
authentication management
(access users)
IPv4 address Not supported -
management
IPv6 address Not supported -
management
IPoE access Not supported -
PPPoE access Not supported -
L2TP access Not supported -
VXLAN tunnel- Not supported -
based access
Multi-device Not supported -
backup for user
access
SAID for BRAS Not supported -
Value-added BOD Not supported -
services
DAA Not supported -
EDSG Not supported -
1.1.1.4 Licensing Requirements for VSs
VSs are not under license control.
1.1.1.5 Default Settings for a VS
Table 1-2 describes the default settings for a VS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 9
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-2 Default settings for a VS
Parameter Default Setting
Service VS Not configured
Maximum number of IPv4 multicast 2000
routing entries (m4route)
Maximum number of IPv6 multicast 512
routing entries (m6route)
Maximum number of IPv4 unicast 1048576
routing entries (u4route)
Maximum number of IPv6 unicast 1048576
routing entries (u6route)
Maximum number of VPN instances 512
(vpn-instance)
Maximum CPU usage weight (cpu 10 for the Admin-VS and 5 for a
weight) service VS
1.1.1.6 Creating and Starting a VS
1.1.1.6.1 Understanding VS Creation and Startup
A service VS starts immediately after being created on a physical device, at which
point the PS administrator allocates available resources on the physical device to
it. The allocated resources are then exclusively used by this service VS.
Allocatable resources on a device include physical and logical resources, and all
resources belong to the Admin-VS by default. After resources in a service VS are
released, the resources are automatically reclaimed by the Admin-VS.
Physical Resources
The only physical resources on a device that can be allocated are interfaces on
LPUs. Currently, only the port mode is supported, meaning that any interface on
an LPU can be allocated to any VS, and each interface can be allocated to only
one VS.
Interface resource allocation has the following characteristics:
● By default, all interfaces on an LPU belong to the Admin-VS.
● After an interface is allocated to a service VS, original configurations on the
interface are deleted.
Logical Resources
Allocatable logical resources include multicast IPv4 routing entries (m4route),
multicast IPv6 routing entries (m6route), unicast IPv4 routing entries (u4route),
unicast IPv6 routing entries (u6route), VPN instances (vpn-instance), and
maximum CPU usage weight (cpu weight).
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 10
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Logical resource allocation has the following characteristics:
● After a VS is created, it has default logical resource specifications. A PS
administrator can adjust the logical resource specifications in the VS as
required.
● All VSs share the function and service specifications of the physical device.
● The maximum CPU usage of a VS is calculated using the following formula:
(CPU usage weight of the VS/Sum of CPU usage weights of all VSs) x 100%
1.1.1.6.2 Creating and Starting a VS
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the admin view.
admin
Step 3 Create a VS.
virtual-system vs-name [ pvmb slot slot-name1 [ slot-name2 [ slot-name3 [ slot-name4 ] ] ] ]
By default, the active and standby MPUs of a service VS are the same as those of
the Admin-VS. You can re-specify the active and standby MPUs for a service VS by
specifying the slot parameter.
Step 4 (Optional) Configure an interface allocation mode and a resource template for the
VS.
port-mode port-mode [ resource-template template-name ]
NOTE
The interface allocation mode that has been configured for a VS cannot be deleted.
Step 5 (Optional) Configure a description for the VS.
description description
Step 6 Commit the configuration.
commit
NOTE
The NetStream function stays unavailable for 2 minutes after a VS is created.
----End
1.1.1.6.3 (Optional) Loading MAC Addresses Allocated to VSs
Context
In VS scenarios, each VS requires an independent MAC address. By default,
multiple MAC addresses have been loaded to the main control board of a device
before delivery. If a message is displayed indicating that the MAC addresses are
insufficient when you create VSs, you can load the .txt file in the user view to re-
allocate MAC addresses to the VSs.
The .txt file to be loaded must meet the following requirements:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 11
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● The format of the .txt file is as follows:
mac address num = 4
mac address start = 00e0-fc12-3456
mac address num indicates the number of MAC addresses to be loaded, and
mac address start indicates the start MAC address to be loaded.
NOTE
If the value of mac address num is greater than the maximum number of MAC
addresses supported by the device, the maximum number of MAC addresses
supported by the device takes effect.
● The .txt file must be uploaded to the root directory of the device's CF card.
Otherwise, the loading fails.
Procedure
Step 1 Load the MAC addresses allocated to VSs.
sysmac load sysmac-file chassis [ chassisid ]
NOTE
After the configuration is complete, restart the device for the configuration to take effect.
WARNING
This is a high-risk operation, which will change the system MAC address of the
device. Before performing this operation, plan the MAC addresses properly.
----End
1.1.1.6.4 Configuring Physical Resources for a VS
Context
Physical resources for a VS mainly refer to interface resources.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the admin view.
admin
Step 3 Enter the VS view.
virtual-system vs-name
Step 4 Allocate interface resources to the VS.
assign interface interface-type interface-number
NOTE
Interfaces on an LPU can be allocated to multiple VSs, but an interface can be allocated to
only one VS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 12
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Commit the configuration.
commit
----End
1.1.1.6.5 (Optional) Configuring Logical Resources for a VS
Context
You can use either of the following methods to configure logical resources for a
VS:
● Directly configure logical resources in the VS.
● Configure a logical resource template and bind it to the VS.
Procedure
● Directly configure logical resources in a VS.
a. Enter the system view.
system-view
b. Enter the admin view.
admin
c. Enter the VS view.
virtual-system vs-name
d. Adjust logical resources for the VS. You can adjust one or more resource
values according to your service requirements.
resource u4route upper-limit resource-limit
resource u6route upper-limit resource-limit
resource m4route upper-limit resource-limit
resource m6route upper-limit resource-limit
resource vpn-instance upper-limit resource-limit
resource cpu weight resValue
e. Commit the configuration.
commit
● Configure a logical resource template and bind it to a VS.
a. Enter the system view.
system-view
b. Enter the admin view.
admin
c. Configure a logical resource template.
resource-template template-name
d. Adjust logical resources for the VS. You can adjust one or more resource
values according to your service requirements.
resource u4route upper-limit resource-limit
resource u6route upper-limit resource-limit
resource m4route upper-limit resource-limit
resource m6route upper-limit resource-limit
resource vpn-instance upper-limit resource-limit
resource cpu weight resValue
e. Exit the resource template view.
quit
f. Enter the admin view.
admin
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 13
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
g. Enter the VS view.
virtual-system vs-name
h. Bind the logical resource template.
assign resource-template template-name
NOTE
Skip this step if a logical resource template has been specified for the VS in the
port-mode port-mode [ resource-template template-name ] command.
i. Commit the configuration.
commit
----End
1.1.1.6.6 Verifying the Configuration
Procedure
● Run the display virtual-system [ name vs-name ] [ verbose ] command to
check basic information about a VS, such as the VS name and slot resources.
● Run the display virtual-system configuration state command to check the
configuration status of a VS.
● Run the display virtual-system [ name vs-name ] resource command to
check resource information of a VS.
● Run the display virtual-system resource-template command to check
resource template information of a VS.
----End
1.1.1.7 Logging In to and Managing a VS
1.1.1.7.1 (Optional) Disabling the Command Prompt of a Service VS from
Containing the Admin-VS Host Name
Context
When a user switches from the Admin-VS to a service VS, the command prompt of
the service VS consists of the host names of both the Admin-VS and service VS. In
some cases, such a command prompt will be so long that it affects user
operations. If so, you can disable the command prompt of a service VS from
containing the host name of the Admin-VS.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the admin view.
admin
Step 3 Disable the command prompt of the service VS from containing the host name of
the Admin-VS.
combined-sysname disable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 14
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Commit the configuration.
commit
----End
1.1.1.7.2 Switching to a VS and Configuring a Management User for the VS
Context
For easy user operations, you can run a command in the Admin-VS to directly
switch to a service VS. After this command is run, you can perform operations on
this service VS without switching between login windows.
Procedure
Step 1 Switch to the VS managed by the current user.
switch virtual-system vs-name
NOTE
This command is supported only in the Admin-VS. That is, only switching from the Admin-
VS to a service VS is supported, whereas switching between service VSs is not supported.
After you run this command to switch to a service VS, you can run the quit command in
the service VS view to return to the Admin-VS.
Step 2 Configure the IP address of the VS's interface connected to a terminal to ensure
reachable routes between the VS and terminal.
Step 3 Configure a management user for the VS. For details, see "CLI-based Device Login
Configuration" in Basic Configuration.
----End
1.1.1.7.3 (Optional) Enabling Login Authentication After Switching from the
Admin-VS to a Service VS
Context
After you switch from the Admin-VS to a service VS, you can determine whether
to enable authentication for login based on security requirements.
Procedure
Step 1 Switch to the VS managed by the current user.
switch virtual-system vs-name
NOTE
This command is supported only in the Admin-VS. That is, only switching from the Admin-
VS to a service VS is supported, whereas switching between service VSs is not supported.
After you run this command to switch to a service VS, you can run the quit command in
the service VS view to return to the Admin-VS.
Step 2 Enter the system view of the service VS.
system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 15
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Enable authentication for login after switching from the Admin-VS to a service VS.
virtual-system switch-authentication enable
After this function is enabled, you need to enter the username and password after
switching from the Admin-VS to a service VS.
NOTE
Before enabling authentication for login after switching from the Admin-VS to a service VS,
ensure that the service VS has been configured with AAA local or remote users. Otherwise,
the authentication fails and the service VS cannot be logged in.
----End
1.1.1.7.4 Verifying the Configuration
Procedure
● Run the display virtual-system [ name vs-name ] [ verbose ] command to
check basic information about a VS, such as the VS name and slot resources.
● Run the display virtual-system configuration state command to check the
configuration status of a VS.
----End
1.1.1.8 Example for Configuring VSs
Networking Requirements
On the physical device DeviceA, different VSs need to be created to isolate services
from each other, as shown in Figure 1-2. Interface 1 on DeviceA needs to be
allocated to VS1, interface 2 to VS2, and interface 3 to VS3.
Figure 1-2 Configuring VSs
NOTE
In this example, interface 1, interface 2, and interface 3 represent GigabitEthernet 0/1/1,
GigabitEthernet 0/1/2, and GigabitEthernet 0/1/3, respectively.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 16
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VS1, VS2, and VS3.
2. Configure physical resources for the VSs.
3. Switch to the VSs.
Procedure
Step 1 Create and start VSs.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] admin
[*DeviceA-admin] virtual-system VS1
[*DeviceA-admin-vs:VS1] port-mode port
[*DeviceA-admin-vs:VS1] description VS1
[*DeviceA-admin-vs:VS1] quit
[*DeviceA-admin] virtual-system VS2
[*DeviceA-admin-vs:VS2] port-mode port
[*DeviceA-admin-vs:VS2] description VS2
[*DeviceA-admin-vs:VS2] quit
[*DeviceA-admin] virtual-system VS3
[*DeviceA-admin-vs:VS3] port-mode port
[*DeviceA-admin-vs:VS3] description VS3
[*DeviceA-admin-vs:VS3] quit
[*DeviceA-admin] quit
[*DeviceA] commit
Step 2 Configure physical resources for the VSs.
[~DeviceA] admin
[*DeviceA-admin] virtual-system VS1
[*DeviceA-admin-vs:VS1] assign interface gigabitethernet 0/1/1
[*DeviceA-admin-vs:VS1] quit
[*DeviceA-admin] virtual-system VS2
[*DeviceA-admin-vs:VS2] assign interface gigabitethernet 0/1/1
[*DeviceA-admin-vs:VS2] quit
[*DeviceA-admin] virtual-system VS3
[*DeviceA-admin-vs:VS3] assign interface gigabitethernet 0/1/1
[*DeviceA-admin-vs:VS3] quit
[*DeviceA-admin] quit
[*DeviceA] commit
[~DeviceA] quit
Step 3 Using VS1 as an example, switch to VS1.
<DeviceA> switch virtual-system VS1
<DeviceA-VS1> system-view
NOTE
VS1 functions as an independent device. For details about how to configure it, see the
related manual.
----End
Verifying the Configuration
# Check interface resource information of service VSs in the Admin-VS of DeviceA.
[~DeviceA] display virtual-system
---------------------------------------------------------------
Name Status Description
---------------------------------------------------------------
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 17
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Admin-VS running admin-vs
VS1 running VS1
VS2 running VS2
VS3 running VS3
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
admin
virtual-system VS1
description VS1
port-mode port
assign interface GigabitEthernet0/1/1
virtual-system VS2
description VS2
port-mode port
assign interface GigabitEthernet0/1/1
virtual-system VS3
description VS3
port-mode port
assign interface GigabitEthernet0/1/1
#
return
1.1.1.9 Maintaining a VS
1.1.1.9.1 Saving VS Configurations
Context
A VS has an independent configuration file, just as a common physical device
does. After services are configured, save the configuration to prevent configuration
loss when a VS is restarted or shut down.
Procedure
Step 1 Save configurations of all VSs.
save all virtual-systems
NOTE
This command is supported only in the Admin-VS. It is not supported in a service VS.
----End
1.1.1.9.2 Restarting a VS
Context
You can restart a VS without affecting other VSs. In the Admin-VS, you can restart
any service VS; but in a service VS, you can only restart this service VS.
Procedure
● Restart a service VS in the Admin-VS.
reset virtual-system VsName
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 18
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● This command is supported only in the Admin-VS and can be used to restart only
service VSs.
● While a VS is restarting, all interfaces of the VS switch to the down state, and all
its services are interrupted.
● Before restarting a VS, you must save its configuration; otherwise, the
configuration may be lost.
● Restart a service VS in the service VS.
reset
----End
1.1.1.9.3 Shutting Down a VS
Context
To diagnose faults or terminate services in a VS, you can run the shutdown
command to shut down the VS without affecting other VSs.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the admin view.
admin
Step 3 Enter the VS view.
virtual-system vs-name
Step 4 Shut down the VS.
shutdown
NOTE
● This command is supported only in the Admin-VS.
● Only a service VS can be shut down.
● After a service VS is shut down, its physical and logical resources are not released.
● After a service VS is shut down, all services running in this service VS are interrupted, all
interfaces allocated to it switch to the down state, and all users connected to it go
offline.
● You can run the undo shutdown command to start the service VS that has been shut
down.
Step 5 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 19
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.1.9.4 Deleting a VS
Context
You can delete a service VS in the Admin-VS. The Admin-VS cannot be deleted.
After a service VS is deleted, all services in this service VS are interrupted, and the
physical and logical resources allocated to it are reclaimed by the Admin-VS.
NOTICE
After a service VS is deleted, all services in this service VS are interrupted and
cannot be restored. Therefore, exercise caution when you delete a service VS.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the admin view.
admin
Step 3 Delete a VS.
undo virtual-system vs-name
Step 4 Commit the configuration.
commit
----End
1.1.2 LAD Configuration
1.1.2.1 LAD Description
1.1.2.1.1 Overview of LAD
Definition
Link Automatic Discovery (LAD) is a Huawei proprietary protocol that discovers
neighbors at the link layer. LAD allows a device to issue link discovery requests as
triggered by the NMS or command lines. After the device receives link discovery
replies, the device generates neighbor information and saves it in the local MIB.
The NMS can then query neighbor information in the MIB and generate the
topology of the entire network.
Purpose
Large-scale networks demand increased NMS capabilities, such as obtaining the
topology status of connected devices automatically and detecting configuration
conflicts between devices. Currently, most NMSs use an automated discovery
function to trace changes in the network topology but can only analyze the
network-layer topology. Network-layer topology information notifies you of basic
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 20
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
events like the addition or deletion of devices, but gives you no information about
the interfaces used by one device to connect to other devices or the location or
network operation mode of a device.
LAD is developed to resolve these problems. LAD can identify the interfaces on a
network device and provide detailed information about connections between
devices. LAD can also display paths between clients, switches, routers, application
servers, and network servers. The detailed information provided by LAD can help
efficiently locate network faults.
Benefits
LAD helps network administrators promptly obtain detailed network topology and
changes in the topology and monitor the network status in real time, improving
security and stability for network communication.
1.1.2.1.2 Understanding LAD
Basic Concepts
LAD Packet Formats
Link Automatic Discovery (LAD) packets have three different formats, depending
on the link type.
● When Ethernet interfaces are used on links, LAD packets are encapsulated
into Ethernet frames. Figure 1-3 shows the LAD packet format on Ethernet
interfaces.
Figure 1-3 LAD packet format on Ethernet interfaces
Table 1-3 describes the fields in an LAD packet on Ethernet interfaces.
Table 1-3 Fields in an LAD packet on Ethernet interfaces
Field Length Description
DA 6 bytes Destination MAC address, a broadcast MAC
address fixed at 0xFF-FF-FF-FF-FF-FF
SA 6 bytes Source MAC address, an interface's MAC address
or a device's bridge MAC address
Type 2 bytes Packet type, fixed at 0x0000
Flag 20 bytes LAD packet identifier, fixed as Huawei Link Search
Informati 20-44 LAD data unit, main part of an LAD packet
on bytes
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 21
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Length Description
FCS 4 bytes Frame check sequence
● When Ethernet sub-interfaces are used on links, LAD packets are
encapsulated into Ethernet frames. Figure 1-4 shows the LAD packet format
on Ethernet sub-interfaces.
Figure 1-4 LAD packet format on Ethernet sub-interfaces
Table 1-4 describes the fields in an LAD packet on Ethernet sub-interfaces.
Table 1-4 Fields in an LAD packet on Ethernet sub-interfaces
Field Length Description
DA 6 bytes Destination MAC address, a broadcast MAC
address fixed at 0xFF-FF-FF-FF-FF-FF
SA 6 bytes Source MAC address, an interface's MAC address
or a device's bridge MAC address
Tag 4 bytes 2-byte Ethernet Type field and 2-byte VLAN field
included
Type 2 bytes Packet type, fixed at 0x0806
Field 6 bytes Four fields included:
● Hardware Type, fixed at 0xFF-FF
● Protocol Type, fixed at 0xFF-FF
● Hardware Length, fixed at 0x00
● Protocol Length, fixed at 0x00
Flag 20 bytes LAD packet identifier, fixed as Huawei Link Search
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 22
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Length Description
Informati 20-44 LAD data unit, main part of an LAD packet
on bytes
FCS 4 bytes Frame check sequence
● When low-speed interfaces are used on links, LAD packets are encapsulated
into PPP frames. Figure 1-5 shows the LAD packet format on low-speed
interfaces.
Figure 1-5 LAD packet format on low-speed interfaces
Table 1-5 describes the fields in an LAD packet on low-speed interfaces.
Table 1-5 Fields in an LAD packet on low-speed interfaces
Field Length Description
Flag1 1 byte PPP frame's start ID, fixed at 0x7E
Address 1 byte Remote device's address, fixed at 0xFF
Control 1 byte PPP frame type, fixed at 0x03, indicating an
unsequenced frame
Protocol 2 bytes Packet type (LAD) carried by PPP frames, fixed at
0xce05
Flag2 20 bytes LAD packet identifier, fixed as Huawei Link Search
Informati 20-44 LAD data unit, main part of an LAD packet
on bytes
FCS 2 bytes Frame check sequence
Flag3 1 byte PPP frame's end ID, fixed at 0x7E
The Information field is the same in all the three LAD packet formats, meaning
that the LAD data units are irrelevant to the link type. Figure 1-6 shows the
format of the LAD data unit.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 23
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-6 LAD data unit format
Table 1-6 describes the fields in the LAD data unit.
Table 1-6 LAD data unit fields
Field Length Description
Type 1 byte LAD data unit type:
● 1: Link Detect packet
● 2: Link Reply packet
Version 1 byte LAD protocol version, fixed at 1
Length 2 bytes LAD data unit length
Value 12-16 LAD data unit's sub TLV:
bytes ● Send Link Info SubTLV
● Recv Link Info SubTLV
LAD Packet Types
LAD packets are classified as Link Detect or Link Reply packets, depending on the
LAD data unit type.
● Link Detect packets: link discovery requests triggered by the NMS or
command lines. Link Detect packets carry Send Link Info SubTLV in the data
unit. Figure 1-7 shows the format of the Link Detect packet data unit.
Figure 1-7 Link Detect packet data unit format
● Link Reply packets: link discovery replies in response to the Link Detect
packets sent by remote devices. Link Reply packets carry the Send Link Info
SubTLV (the same as that in the received Link Detect packets) and Recv Link
Info SubTLV. Figure 1-8 shows the format of the Link Reply packet data unit.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 24
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-8 Link Reply packet data unit format
Implementation
Background
To monitor the network status in real-time and to obtain detailed network
topology and changes in the topology, network administrators usually deploy the
Link Layer Discovery Protocol (LLDP) on live networks. LLDP, however, has limited
applications due to the following characteristics:
● LLDP uniquely identifies a device by its IP address. IP addresses are expressed
in dotted decimal notation and therefore are not easy to maintain or manage,
when compared with NE IDs that are expressed in decimal integers.
● LLDP is not supported on Ethernet sub-interfaces, Eth-Trunk interfaces, or
low-speed interfaces, and therefore cannot discover neighbors for these types
of interfaces.
● LLDP-enabled devices periodically broadcast LLDP packets, consuming many
system resources and even affecting the transmission of user services.
Link Automatic Discovery (LAD) addresses the preceding problems and is more
flexible:
● LAD uniquely identifies a device by an NE ID in decimal integers, which are
easier to maintain and manage.
● LAD can discover neighbors for various types of interfaces and therefore are
more widely used than LLDP.
● LAD is triggered by an NMS or command lines and therefore can be
implemented as you need.
Implementation
The following example uses the networking in Figure 1-9 to illustrate how LAD is
implemented.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 25
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-9 LAD networking
The LAD implementation is as follows:
1. DeviceA determines the interface type, encapsulates local information into a
Link Detect packet, and sends the packet to DeviceB.
2. After DeviceB receives the link Detect packet, DeviceB parses the packet and
encapsulates local information and DeviceA's information carried in the
packet into a Link Reply packet, and sends the Link Reply packet to DeviceA.
3. After DeviceA receives the Link Reply packet, DeviceA parses the packet and
saves local information and DeviceB's information carried in the packet to the
local MIB. The local and neighbor information is recorded as one entry.
NOTE
Local and remote devices exchange LAD packets to learn each other's NE ID, slot ID,
subcard ID, interface number, and even each other's VLAN ID if sub-interfaces are
used.
4. The NMS exchanges NETCONF packets with DeviceA to obtain DeviceA's local
and neighbor information and then generates the topology of the entire
network.
Benefits
After network administrators deploy LAD on devices, they can obtain information
about all links connected to the devices. LAD helps extend the network
management scale. Network administrators can obtain detailed network topology
information and topology changes.
1.1.2.1.3 Application Scenarios for LAD
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 26
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
LAD Application in Single-Neighbor Networking
Networking Description
In single-neighbor networking, devices are directly connected, and each device
interface connects only to one neighbor. In Figure 1-10, DeviceA and DeviceB are
directly connected, and each interface on DeviceA and DeviceB connects only to
one neighbor.
Figure 1-10 Single-neighbor networking
Feature Deployment
After enabling Link Automatic Discovery (LAD) on DeviceA, administrators can use
the NMS to obtain Layer 2 configurations of DeviceA and DeviceB, get a detailed
network topology, and determine whether a configuration conflict exists. LAD
helps improve security and stability for network communication.
LAD Application in Multi-Neighbor Networking
Networking Description
In multi-neighbor networking, devices are connected over an unknown network,
and each device interface connects to one or more neighbors. In Figure 1-11,
DeviceA, DeviceB, and DeviceC are connected over a Layer 2 virtual private
network (L2VPN). Devices on the L2VPN may have Link Automatic Discovery
(LAD) disabled or may not need to be managed by the NMS, but they can still
transparently transmit LAD packets. DeviceA has two neighbors, DeviceB and
DeviceC.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 27
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-11 Multi-neighbor networking
Feature Deployment
After enabling Link Automatic Discovery (LAD) on DeviceA, administrators can use
the NMS to obtain Layer 2 configurations of DeviceA, DeviceB, and DeviceC, get a
detailed network topology, and determine whether a configuration conflict exists.
LAD helps ensure security and stability for network communication.
LAD Application in Link Aggregation
Networking Description
On the network shown in Figure 1-12, an Eth-Trunk that comprises aggregated
links exists between DeviceA and DeviceB. Each aggregated link interface connects
directly to only one neighbor, as if it were connected in single-neighbor
networking.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 28
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-12 Networking with aggregated links
Feature Deployment
After enabling Link Automatic Discovery (LAD) on DeviceA, administrators can use
the NMS to obtain Layer 2 configurations of DeviceA and DeviceB, get a detailed
network topology, and determine whether a configuration conflict exists. LAD
helps ensure security and stability for network communication.
1.1.2.1.4 Terminology for LAD
Terms
Term Definition
LAD A Huawei proprietary protocol that discovers neighbors at the
link layer. LAD allows a device to issue link discovery requests
as triggered by the NMS or command lines. After the device
receives link discovery replies, the device generates neighbor
information and saves it in the local MIB. The NMS can then
query neighbor information in the MIB and generate the
topology of the entire network.
LLDP A Layer 2 discovery protocol defined in IEEE 802.1ab. LLDP
provides a standard link-layer discovery mode to encapsulate
information about the capabilities, management address,
device ID, and interface ID of a local device into LLDP packets
and send the packets to neighbors. The neighbors save the
information received in a standard MIB to help the NMS query
and determine the communication status of links.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 29
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Acronyms and Abbreviations
Acronym & Full Name
Abbreviation
LAD Link Automatic Discovery
LLDP Link Layer Discovery Protocol
MIB management information base
NMS network management system
SNMP Simple Network Management Protocol
1.1.2.2 LAD Configuration
Link Automatic Discovery (LAD) is a Huawei proprietary protocol that discovers
neighbors at the link layer. Deploying LAD improves NMS capabilities. LAD
provides the NMS with detailed information about network topology and changes
in topology, and it detects inappropriate configurations existing on the network.
The information provided by LAD helps administrators monitor network status in
real time to keep the network secure and stable.
1.1.2.2.1 Overview of LAD
Link Automatic Discovery (LAD) allows a device to issue link discovery requests as
triggered by the NMS or command lines. After the device receives link discovery
replies, the device generates neighbor information and saves it in the local MIB.
The NMS can query neighbor information in the MIB and generate the topology of
the entire network.
Definition
Link Automatic Discovery (LAD) is a Huawei proprietary protocol that discovers
neighbors at the link layer. LAD allows a device to issue link discovery requests as
triggered by the NMS or command lines. After the device receives link discovery
replies, the device generates neighbor information and saves it in the local MIB.
The NMS can then query neighbor information in the MIB and generate the
topology of the entire network.
Purpose
Large-scale networks demand increased NMS capabilities, such as obtaining the
topology status of connected devices automatically and detecting configuration
conflicts between devices. Currently, most NMSs use an automated discovery
function to trace changes in the network topology but can only analyze the
network-layer topology. Network-layer topology information notifies you of basic
events like the addition or deletion of devices, but gives you no information about
the interfaces used by one device to connect to other devices or the location or
network operation mode of a device.
LAD is developed to resolve these problems. LAD can identify the interfaces on a
network device and provide detailed information about connections between
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 30
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
devices. LAD can also display paths between clients, switches, routers, application
servers, and network servers. The detailed information provided by LAD can help
efficiently locate network faults.
Benefits
LAD helps network administrators promptly obtain detailed network topology and
changes in the topology and monitor the network status in real time, improving
security and stability for network communication.
1.1.2.2.2 Configuration Precautions for LAD
Feature Requirements
None
1.1.2.2.3 Configuring LAD
Link Automatic Discovery (LAD) allows a device to issue link discovery requests
and generates neighbor information based on the received link discovery replies.
The device then saves local and neighbor information in the local MIB. The NMS
can query neighbor information in the MIB and generate the topology of the
entire network, helping network administrators locate inappropriate
configurations.
Usage Scenario
LAD discovers physical and logical links when devices are connected directly or
over a Layer 2 network. The information provided by LAD helps network
administrators promptly obtain detailed network topology and changes in the
topology and monitor the network status in real time, ensuring security and
stability for network communication. On the network shown in Figure 1-13,
before the NMS collects the topology of Device A and Device B, enable LAD on
Device A and Device B so that Device A can send LAD packets to Device B and
Device B can respond with LAD packets. After Device A receives LAD packets, it
generates neighbor information and saves it in the local MIB, helping the NMS
obtain the network topology.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 31
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-13 LAD networking
Pre-configuration Tasks
Before configuring LAD, configure reachable routes between devices and the NMS
and configure NETCONF parameters.
The LAD function is enabled globally on the device.
Procedure
● Enable LAD on Device A and Device B.
a. Run system-view
The system view is displayed.
b. Run interface { interface-name | interface-type interface-number }
The view of an interface on which LAD is to be enabled is displayed.
c. (Optional) Run link-detect enable
LAD is enabled on the interface.
d. Run commit
The configuration is committed.
● Enable Device A to send LAD packets to Device B.
a. Run link detect { { interface { interface-name | { interface-type
interface-number } } } | all }
Device A is enabled to send LAD packets to Device B.
----End
Checking the Configurations
After configuring LAD, check the configurations.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 32
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display link neighbor { slot slot-id | interface interface-type
interface-number | all } command to check neighbor information of
interfaces.
Run the display link neighbor all command to view neighbor information of all
interfaces.
1.1.2.2.4 Maintaining LAD
This section describes how to delete Link Automatic Discovery (LAD) neighbor
information and LAD alarms.
Deleting LAD Neighbor Information
You can run the clear command to delete Link Automatic Discovery (LAD)
neighbor information.
Context
NOTICE
LAD neighbor information cannot be restored after it is deleted. Exercise caution
when running the clear link neighbor command.
Procedure
Step 1 Run the clear link neighbor [ interface interface-type interface-number | slot
slot-id ] { sub-interface | all } command in the user view to delete LAD neighbor
information.
----End
Deleting LAD Alarms in the Trap Buffer
You can run the clear command to delete Link Automatic Discovery (LAD) alarms
in the trap buffer.
Procedure
Step 1 Run the clear link-detect alarm all command in the user view to delete LAD
alarms in the trap buffer.
----End
1.1.2.2.5 Configuration Examples for LAD
This section provides a Link Automatic Discovery (LAD) configuration example.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 33
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Example for Configuring LAD
This section provides an example for configuring Link Automatic Discovery (LAD)
so that the NMS can obtain detailed network topology, helping network
administrators monitor and manage network devices.
Networking Requirements
Large-scale networks demand increased NMS capabilities, with increasing device
types and complex configurations. LAD flexibly discovers neighbors at the data
link layer and provides Layer 2 device information for the NMS.
On the network shown in Figure 1-14, Device A and Device B have reachable
links, and Device A has a reachable route to the NMS. However, the NMS can only
analyze the Layer 3 network topology, not Layer 2 network topology or
configuration conflicts. To allow the NMS to obtain the Layer 2 configurations of
Device A and Device B, or detect configuration conflicts between Device A and
Device B and identify the cause for network failures, configure LAD on both
Device A and Device B.
Figure 1-14 LAD networking
NOTE
Interface 1 in this example represents GE 0/1/1.
Then enable Device A to send LAD Link Detect packets to Device B. After Device A
receives Link Reply packets from Device B, Device A obtains Device B's
information. The NMS can exchange NETCONF packets with Device A to obtain
the network topology between Device A and Device B.
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 34
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Configure IP addresses and routing protocols for Device A and Device B to
implement network layer connectivity.
2. Enable LAD on the specified interfaces of DeviceA and DeviceB.
3. Enable Device A to send LAD Link Detect packets to Device B.
Data Preparation
To complete the configuration, you need the following data:
● Types and numbers of the interfaces connecting Device A and Device B
● IP addresses of GE 0/1/1 on Device A and Device B
Procedure
Step 1 Assign an IP address to each interface.
Configure IP addresses for GE 0/1/1 on Device A and Device B. For configuration
details, see Configuration Files in this section.
Step 2 Configure Open Shortest Path First (OSPF).
Configure OSPF on Device A and Device B so that they are reachable at the
network layer. For configuration details, see Configuration Files in this section.
Step 3 Enable LAD on the specified interfaces of DeviceA and DeviceB.
# Configure Device A.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] link-detect enable
[*DeviceA] commit
[~DeviceA] interface gigabitethernet0/1/1
[~DeviceA-GigabitEthernet0/1/1] link-detect enable
[*DeviceA-GigabitEthernet0/1/1] commit
[~DeviceA-GigabitEthernet0/1/1] quit
[~DeviceA] quit
# Configure Device B.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceB
[*HUAWEI] commit
[~DeviceB] link-detect enable
[*DeviceB] commit
[~DeviceB] interface gigabitethernet0/1/1
[~DeviceB-GigabitEthernet0/1/1] link-detect enable
[*DeviceB-GigabitEthernet0/1/1] commit
Step 4 Enable Device A to send LAD packets to Device B.
<DeviceA> link detect interface gigabitethernet 0/1/1
<DeviceA> commit
Step 5 Verify the configuration.
# Display neighbor information on Device A.
<DeviceA> display link neighbor all
GigabitEthernet0/1/1 has neighbors:
TxNeId TxInterface TxVlanOrVc12 TxVc4Id --- RxNeId RxInterface RxVlanOrVc12
RxVc4Id
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 35
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
0x6 GigabitEthernet0/1/1 0 0 --- 0x10001 GigabitEthernet0/1/1 0 0
Total records of slot 9: 1
----End
Configuration Files
● Device A configuration file
#
sysname Device A
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.10.10.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
#
return
● Device B configuration file
#
sysname Device B
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.10.10.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
#
return
1.1.3 LLDP Configuration
1.1.3.1 LLDP Description
1.1.3.1.1 Overview of LLDP
Definition
The Link Layer Discovery Protocol (LLDP), a Layer 2 discovery protocol defined in
IEEE 802.1ab, provides a standard link-layer discovery method that encapsulates
information about the capabilities, management address, device ID, and interface
ID of a local device into LLDP packets and sends the packets to neighboring
devices. These neighboring devices save the information received in a standard
management information base (MIB) to help the network management system
(NMS) query and determine the link communication status.
Purpose
Diversified network devices are deployed on a network, and configurations of
these devices are complicated. Therefore, NMSs must be able to meet increasing
requirements for network management capabilities, such as the capability to
automatically obtain the topology status of connected devices and the capability
to detect configuration conflicts between devices. A majority of NMSs use an
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 36
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
automated discovery function to trace changes in the network topology, but most
can only analyze the network layer topology. Network layer topology information
notifies you of basic events, such as the addition or deletion of devices, but gives
you no information about the interfaces to connect a device to other devices. The
NMSs can identify neither the device location nor the network operation mode.
LLDP is developed to resolve these problems. LLDP can identify interfaces on a
network device and provide detailed information about connections between
devices. LLDP can also display information about paths between clients, switches,
routers, application servers, and network servers, which helps you efficiently locate
network faults.
Benefits
Deploying LLDP improves NMS capabilities. LLDP supplies the NMS with detailed
information about network topology and topology changes, and it detects
inappropriate configurations existing on the network. The information provided by
LLDP helps administrators monitor network status in real time to keep the
network secure and stable.
1.1.3.1.2 Understanding LLDP
Basic LLDP Concepts
LLDP Frames
LLDP frames are Ethernet frames encapsulated with LLDP data units (LLDPDUs).
LLDP frames support two encapsulation modes: Ethernet II and Subnetwork
Access Protocol (SNAP). Currently, the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M supports the Ethernet II encapsulation mode.
Figure 1-15 shows the format of an Ethernet II LLDP frame.
Figure 1-15 LLDP frame format
Table 1-7 describes the fields in an LLDP frame.
Table 1-7 Fields in an LLDP frame
Field Description
Destination MAC A fixed multicast MAC address 0x0180-C200-000E.
address
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 37
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description
Source MAC address A MAC address for an interface or a bridge MAC address
for a device (Use the MAC address for an interface if
there is one; otherwise, use the bridge MAC address for a
device).
Type Packet type, fixed at 0x88CC.
LLDPDU Main body of an LLDP frame.
FCS Frame check sequence.
LLDPDU
An LLDPDU is a data unit encapsulated in the data field in an LLDP frame.
A device encapsulates local device information in type-length-value (TLV) format
and combines several TLVs into an LLDPDU for transmission. You can combine
various TLVs to form an LLDPDU as required. TLVs allow a device to advertise its
own status and learn the status of neighboring devices.
Figure 1-16 shows the LLDPDU format.
Figure 1-16 LLDPDU format
Each LLDPDU carries a maximum of 28 types of TLVs, and that each LLDPDU
starts with the Chassis ID TLV, Port ID TLV, and Time to Live TLV, and ends with the
End of LLDPDU TLV. These four TLVs are mandatory. Additional TLVs are selected
as needed.
TLV
A TLV is the smallest unit of an LLDPDU. It gives type, length, and other
information for a device object. For example, a device ID is carried in the Chassis
ID TLV, an interface ID in the Port ID TLV, and a network management address in
the Management Address TLV.
LLDPDUs can carry basic TLVs, TLVs defined by IEEE 802.1, TLVs defined by IEEE
802.3, and Data Center Bridging Capabilities Exchange Protocol (DCBX) TLVs.
● Basic TLVs: are the basis for network device management.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 38
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-8 Basic TLVs
TLV Name TLV Type Value Description Mandatory
End of LLDPDU 0 End of an LLDPDU. Yes
TLV
Chassis ID TLV 1 Bridge MAC address Yes
of the transmit
device.
Port ID TLV 2 Number of a Yes
transmit interface
of a device.
Time To Live 3 Time to live of the Yes
TLV local device
information stored
on a neighbor
device.
Port Description 4 String describing an No
TLV Ethernet interface.
System Name 5 Device name. No
TLV
System 6 System description. No
Description TLV
System 7 Primary functions No
Capabilities TLV of the system and
whether these
primary functions
are enabled.
Management 8 Management No
Address TLV address.
Reserved 9–126 Reserved for special No
use.
Organizationall 127 TLVs defined by No
y Specific TLVs organizations.
● Organizationally specific TLVs: include TLVs defined by IEEE 802.1 and those
defined by IEEE 802.3. They are used to enhance network device
management. Use these TLVs as needed.
a. TLVs defined by IEEE 802.1
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 39
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-9 Description of TLVs defined by IEEE 802.1
TLV Name TLV Type Value Description
Reserved 0 Reserved for special
use.
Port VLAN ID TLV 1 VLAN ID on an
interface.
Port And Protocol 2 Protocol VLAN ID on
VLAN ID TLV an interface.
VLAN Name TLV 3 VLAN name on an
interface.
Protocol Identity 4 A set of protocols
TLV supported by an
interface.
Reserved 5–255 Reserved for special
use.
b. TLVs defined by IEEE 802.3
Table 1-10 Description of TLVs defined by IEEE 802.3
TLV Name TLV Type Description
Reserved 0 Reserved for special
use.
MAC/PHY 1 Whether the interface
Configuration/ supports rate auto-
Status TLV negotiation, whether
auto-negotiation is
enabled, as well as the
current bit-rate and
duplex settings of the
device.
Power Via MDI TLV 2 Power supply
capability of an
interface, that is,
whether an interface
supplies or requires
power.
Link Aggregation 3 Link aggregation
TLV status.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 40
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
TLV Name TLV Type Description
Maximum Frame 4 Maximum frame
Size TLV length supported by
interfaces. The
maximum transmission
unit (MTU) of an
interface is used.
Reserved 5-255 Reserved for special
use.
Figure 1-17 shows the TLV format.
Figure 1-17 TLV format
The TLV contains the following fields:
● TLV type: a 7–bit long field. Each value uniquely identifies a TLV type. For
example, value 0 indicates the end of LLDPDU TLV, and value 1 indicates a
Chassis ID TLV.
● TLV information string length: a 9–bit long field indicating the length of a TLV
string.
● TLV information string: a string that contains TLV information. This field
contains a maximum of 511 bytes.
When TLV Type is 127, it indicates that the TLV is an organization-defined TLV. In
this case, the TLV structure is shown in Figure 1-18.
Organizationally unique identifier (OUI) identifies the organization that defines
the TLV.
Figure 1-18 TLV structure with TLV type being 127
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 41
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
LLDP Management Addresses
LLDP management addresses are used by the NMS to identify devices and
implement device management. Management IP addresses uniquely identify
network devices, facilitating network topology layout and network management.
Each management address is encapsulated in a Management Address TLV in an
LLDP frame. The management address must be set to a valid unicast IP address of
a device.
● If you do not specify a management address, a device searches the IP address
list and automatically selects an IP address as the default management
address.
● If the device does not find any proper IP address from the IP address list, the
system uses a bridge MAC address as the default management address.
NOTE
The system searches for the management IP address in the following sequence: IP address
of the loopback interface, IP address of the management network interface, and IP address
of the VLANIF interface. Among the IP addresses of the same type, the system selects the
smallest one as the management address.pac
LLDP Fundamentals
Implementation
LLDP must be used together with MIBs. LLDP requires that each device interface
be provided with four MIBs. An LLDP local system MIB that stores status
information of a local device and an LLDP remote system MIB that stores status
information of neighboring devices are the most important. The status
information includes the device ID, interface ID, system name, system description,
interface description, device capability, and network management address.
LLDP requires that each device interface be provided with an LLDP agent to
manage LLDP operations. The LLDP agent performs the following functions:
● Maintains information in the LLDP local system MIB.
● Sends LLDP packets to notify neighboring devices of local device status.
● Identifies and processes LLDP packets sent by neighboring devices and
maintains information in the LLDP remote system MIB.
● Sends LLDP alarms to the NMS when detecting changes in information stored
in the LLDP local or remote MIB.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 42
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-19 LLDP schematic diagram
Figure 1-19 shows the LLDP implementation process:
● The LLDP module maintains the LLDP local system MIB by exchanging
information with the PTOPO MIB, Entity MIB, Interface MIB, and Other MIBs
of the device.
● An LLDP agent sends LLDP packets carrying local device information to
neighboring devices directly connected to the local device.
● An LLDP agent updates the LLDP remote system MIB after receiving LLDP
packets from neighboring devices.
The NMS collects and analyzes topology information stored in LLDP local and
remote system MIBs on all managed devices and determines the network
topology. The information helps rapidly detect and rectify network faults.
Working Mechanism
LLDP working modes
LLDP is working in one of the following modes:
● Tx mode: enables a device only to send LLDP packets.
● Rx mode: enables a device only to receive LLDP packets.
● Tx/Rx mode: enables a device to send and receive LLDP packets. The default
working mode is Tx/Rx.
● Disabled mode: disables a device from sending or receiving LLDP packets.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 43
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
When the LLDP working mode changes on an interface, the interface initializes the LLDP
state machines. To prevent repeatedly initializations caused by frequent working mode
changes, the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports an initial
delay on the interface. When the working mode changes on the interface, the interface
initializes the LLDP state machines after a configured delay interval elapses.
Principles for sending LLDP packets
● After LLDP is enabled on a device, the device periodically sends LLDP packets
to neighboring devices. If the configuration is changed on the local device, the
device immediately sends LLDP packets to notify neighboring devices of the
changes. If information changes frequently, set a delay for an interface to
send LLDP packets. After an interface sends an LLDP packet, the interface
does not send another LLDP packet until the configured delay time elapses,
which reduces the number of LLDP packets to be sent.
● The fast sending mechanism allows the NetEngine 8100 M, NetEngine 8000E
M, NetEngine 8000 M to override a pre-configured delay time and quickly
advertise local information to other devices in the following situations:
– A device receives an LLDP packet sent by a transmitting device, whereas
the device has no information about the transmitting device.
– LLDP is enabled on a device that previously has LLDP disabled.
– An interface on the device goes Up.
The fast sending mechanism shortens the interval at which LLDP packets are
sent to 1 second. After a specified number of LLDP packets are sent, the pre-
configured delay time is restored.
Principles for receiving LLDP packets
A device verifies TLVs carried in LLDP packets it receives. If the TLVs are valid, the
device saves information about neighboring devices and sets the TTL value carried
in the LLDPDU so that the information ages after the TTL expires. If the TTL value
carried in a received LLDPDU is 0, the device immediately ages information about
neighboring devices.
1.1.3.1.3 Application Scenarios for LLDP
LLDP Applications in Single Neighbor Networking
Networking Description
In single neighbor networking, no interfaces between devices or interfaces
between devices and media endpoints (MEs) are directly connected to
intermediate devices. Each device interface is connected only to one remote
neighboring device. In the single neighbor networking shown in Figure 1-20,
Device B is directly connected to Device A and the ME, and each interface of
Device A and Device B is connected only to a single remote neighboring device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 44
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-20 Single neighbor networking
Feature Deployment
After LLDP is configured on Device A and Device B, an administrator can use the
NMS to obtain Layer 2 configuration information about these devices, collect
detailed network topology information, and determine whether a configuration
conflict exists. LLDP helps make network communications more secure and stable.
LLDP Applications in Multi-Neighbor Networking
Networking Description
In multi-neighbor networking, each interface is connected to multiple remote
neighboring devices. In the multi-neighbor networking shown in Figure 1-21, the
network connected to Device A, Device B, and Device C is unknown. Devices on
this unknown network may have LLDP disabled or may not need to be managed
by the NMS, but they can still transparently transmit LLDP packets. Interfaces on
Device A, Device B, and Device C are connected to multiple remote neighboring
devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 45
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-21 Multi-neighbor networking
Feature Deployment
After LLDP is configured on Device A, Device B, and Device C, an administrator can
use the NMS to obtain Layer 2 configuration information about these devices,
collect detailed network topology information, and determine whether a
configuration conflict exists. LLDP helps make network communications more
secure and stable.
LLDP Applications in Link Aggregation
Networking Description
In Figure 1-22, aggregated links exist between interfaces on Device A and Device
B. Each aggregated link interface is connected directly to another aggregated link
interface in the same way in single neighbor networking.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 46
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-22 Networking with aggregated links
Feature Deployment
After LLDP is configured on Device A and Device B, an administrator can use the
NMS to obtain Layer 2 configuration information about these devices, collect
detailed network topology information, and determine whether a configuration
conflict exists. LLDP helps make network communications more secure and stable.
1.1.3.1.4 Terminology for LLDP
Terms
Term Description
LLDP A Layer 2 discovery protocol defined in IEEE 802.1ab.
DCBX Data Center Bridging Capabilities Exchange Protocol. DCBX
provides parameter negotiation and remote configuration for
Data Center Bridging (DCB)-enabled network devices.
agent A process running on managed devices. Each device interface is
provided with an LLDP agent to manage LLDP operations.
Acronyms and Abbreviations
Acronym and Full Name
Abbreviation
APP Application Protocol
DCBX Data Center Bridging Capabilities Exchange Protocol
ETS Enhanced Transmission Selection
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 47
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Acronym and Full Name
Abbreviation
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
MIB management information base
PFC Priority-based Flow Control
TLV type length value
VM virtual machine
1.1.3.2 LLDP Configuration
The Link Layer Discovery Protocol (LLDP) is a Layer 2 discovery protocol defined in
IEEE 802.1ab. Deploying LLDP improves network management system (NMS)
capabilities. LLDP supplies the NMS with detailed information about network
topology and changes to topology, and it detects inappropriate configurations
existing on the network. The information provided by LLDP helps administrators
monitor network status in real time to keep the network secure and stable.
1.1.3.2.1 Overview of LLDP
LLDP provides a standard link-layer discovery method to encapsulate information
about the capabilities, management address, device ID, and interface ID of a local
device into LLDP packets. These packets are sent to neighboring devices that save
the information received in a standard Management Information Base (MIB) to
help the NMS query and determine the communication status of links.
Background
Diversified network devices are deployed on a network, and configurations of
these devices are complicated. Therefore, NMSs must be able to meet increasing
requirements for network management capabilities, such as the capability to
automatically obtain the topology status of connected devices and the capability
to detect configuration conflicts between devices. A majority of NMSs use an
automated discovery function to trace changes in the network topology, but most
can only analyze the network layer topology. Network layer topology information
notifies you of basic events, such as the addition or deletion of devices, but gives
you no information about the interfaces to connect a device to other devices. The
NMSs can identify neither the device location nor the network operation mode.
LLDP is developed to resolve these problems. LLDP can identify interfaces on a
network device and provide detailed information about connections between
devices. LLDP can also display information about paths between clients, switches,
routers, application servers, and network servers, which helps you efficiently locate
network faults.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 48
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
LLDP Implementation
Figure 1-23 shows how LLDP is implemented.
Figure 1-23 Implementation diagram for LLDP
1. Device A encapsulates its status information into an LLDP packet and sends
the packet to the neighboring device Device B.
2. Device B parses the LLDP packet received and saves information about Device
A to its LLDP remote system MIB, allowing the NMS to collect topology
information.
3. Device B encapsulates its status information into an LLDP packet and sends
the packet to the neighboring device Device A. Device A parses the LLDP
packet received and saves information about Device B to its LLDP remote
system MIB, allowing the NMS to collect topology information.
4. By exchanging SNMP packets with Device A and Device B, the NMS collects
information about Device A and Device B from their LLDP local system MIBs
and LLDP remote system MIBs, and analyzes the status information to
determine network topology.
Benefits
Deploying LLDP improves NMS capabilities. LLDP supplies the NMS with detailed
information about network topology and topology changes, and it detects
inappropriate configurations existing on the network. The information provided by
LLDP helps administrators monitor network status in real time to keep the
network secure and stable.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 49
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.3.2.2 Configuration Precautions for LLDP
Feature Requirements
Table 1-11 Feature requirements
Feature Requirements Series Models
The lldp enable command is mutually exclusive NetEngin NetEngine 8000
with the link-protocol transport lldp command. e 8000 M M14/NetEngine
Ensure that the lldp enable command is not 8000 M14K/
run in the system view or interface view to NetEngine 8000
enable LLDP when LLDP-based PW transparent M4/NetEngine
transmission is configured on an interface. 8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
In an E-Trunk active-active scenario, only the NetEngin NetEngine 8000
LLDP neighbor on one side is displayed for an e 8000 M M14/NetEngine
Eth-Trunk sub-interface. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.3.2.3 Configuring Basic LLDP Functions
After devices are configured with LLDP, the NMS can obtain network topology
information, and information about the capabilities, management address, device
ID, and interface ID of each device.
Usage Scenario
LLDP is used to obtain neighbor information and discover network topology. As
shown in Figure 1-24, if the NMS needs to collect topology information about
Device A and Device B, you can enable LLDP for Device A and Device B. Device A
and Device B send packets encapsulated with status information to each other,
allowing the NMS to obtain the topology information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 50
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-24 Networking diagram for the LLDP application
Pre-configuration Tasks
Before configuring LLDP, complete the following tasks:
● Configuring reachable routes between devices and the NMS and configuring
SNMP parameters
● Configuring an IP address for LLDP management on a device
Enabling LLDP
When LLDP is enabled on a device, the device sends LLDP packets carrying its
status information to its LLDP-capable neighbors and obtains their status
information by receiving LLDP packets from them.
Context
LLDP can be enabled globally or on an interface. The relationships are as follows:
● LLDP is disabled on all interfaces after LLDP is disabled globally.
● An interface can send and receive LLDP packets only when LLDP is enabled
globally and on the interface.
● The command to enable or disable LLDP on an interface is invalid when LLDP
is disabled globally.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 51
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lldp enable
LLDP is enabled globally.
Step 3 Run interface interface-type interface-number
The interface view is displayed.
Step 4 (Optional) Run lldp admin-status { tx | rx | txrx }
The LLDP working mode is configured for the interface.
Step 5 (Optional) Perform the following steps to enable LLDP on a sub-interface:
1. Run the interface interface-type interface-number command to create a sub-
interface.
2. Run the vlan-type dot1q vlan-id command to associate the sub-interface
with a VLAN.
3. Run the lldp enable command in the sub-interface view to enable LLDP on
the sub-interface.
NOTE
● To enable LLDP on some interfaces and disable LLDP on other interfaces on a device,
enable LLDP globally on the device and run the undo lldp enable command on the
interfaces that do not need LLDP.
● For Eth-Trunk interfaces, LLDP can be configured only on Eth-Trunk member interfaces.
Enabling or disabling LLDP on an Eth-Trunk member interface does not affect other
member interfaces.
● Interfaces that support LLDP must be physical interfaces. Logical interfaces such as
VLANIF and Eth-Trunk interfaces do not support LLDP.
● Interfaces do not support LLDP packets carrying the VLAN tag. If LLDP is used and the
peer device is a non-Huawei router, configure the peer device not to carry the VLAN tag
in sent LLDP packets.
● Before enabling LLDP on a sub-interface, you need to enable LLDP on the corresponding
main interface. To enable LLDP on an Eth-Trunk sub-interface, you only need to enable
LLDP on all member interfaces of the Eth-Trunk.
Step 6 Run commit
The configuration is committed.
----End
(Optional) Configuring an LLDP Management IP Address
This section describes how to configure an LLDP management IP address, so that
an NMS can identify a device based on this management address to detect
network topologies.
Carried in the Management Address TLV field in LLDP packets, the LLDP
management IP address is used by the NMS to identify a device and helps the
NMS to detect network topologies, which facilitates network management.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 52
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
In non-interface mode, LLDP management IP address selection is implemented
based on the following rules:
1. If an LLDP management IP address is configured using the lldp
management-address or lldp management-address ipv6 command, the
LLDP management IP address has the highest priority and is preferentially
used.
2. If neither an LLDP management IP address is configured using the lldp
management-address or lldp management-address ipv6 command nor the
final LLDP management IP address is bound to an interface, the device
searches the IP address list for an IP address as the LLDP management IP
address. If no default IP address is available, the device uses its bridge MAC
address as the LLDP management address.
NOTE
The device searches IP addresses of the following interfaces in sequence for the LLDP
management IP address: loopback interface, management network interface, and
VLANIF interface. For the same type of interfaces, the device selects the smallest IP
address as the LLDP management IP address.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lldp management-address ip-address
The LLDP management IP address is configured.
Step 3 Run commit
The configuration is committed.
----End
(Optional) Configuring Types of TLVs Allowed to Be Advertised by LLDP
During the process of exchanging Link Layer Discovery Protocol (LLDP) packets
between devices, the LLDP data unit (LLDPDU) encapsulated in an LLDP packet
carries different type-length-values (TLVs) as needed. A device sends its status
information and receives neighbor status information based on these different
TLVs.
Background
TLVs that can be encapsulated into an LLDPDU include basic TLVs, TLVs defined by
IEEE 802.1, TLVs defined by IEEE 802.3, as well as DDP TLVs (private).
● Basic TLVs implement basic LLDP functions. In addition to optional
management-address, port-description, system-capability, system-
description, and system-name TLVs, basic TLVs also include four mandatory
TLVs that must be encapsulated into LLDPDUs to be advertised. For details,
see NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature
Description > System Management > LLDP.
● TLVs defined by IEEE 802.1, TLVs defined by IEEE 802.3 are optional TLVs used
to enhance the LLDP function. You can decide whether to encapsulate these
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 53
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
TLVs into LLDPDUs to be advertised based on their functions and your actual
requirements. For details, see NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M Feature Description > System Management > LLDP.
NOTE
When configuring a device to advertise basic TLVs, TLVs defined by IEEE 802.1, and TLVs
defined by IEEE 802.3:
● If you specify the all parameter, all optional TLVs of the same type will be advertised.
● If you do not specify the all parameter, only one optional TLV of the same type can be
configured and advertised at a time. You can configure the device repeatedly to
advertise multiple optional TLVs of different types.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run lldp tlv-enable basic-tlv { all | management-address | port-description |
system-capability | system-description | system-name }
The type of TLVs that can be advertised by LLDP is configured.
NOTE
To configure an interface to advertise DDP TLVs, run the ddp enable command so that the
packets sent from the interface carry authentication information.
Step 4 Run commit
The configuration is committed.
----End
(Optional) Optimizing LLDP Performance
This section describes how to adjust LLDP parameters based on the load of a
network to reduce the consumption of system resources and optimize the LLDP
performance.
Background Information
LLDP parameters include: interval for sending LLDP packets, delay for sending
LLDP packets, time multiplier of device information held in neighbors, delay for
initializing LLDP on interfaces, and number of LLDP packets being sent in quick
succession to neighbors. Values of these parameters should be appropriate. You
can adjust these parameters based on the load of a network. Table 1-12 describes
the usage scenarios of LLDP parameters.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 54
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-12 LLDP parameters
Parameter Name Parameter Value Description
Description
message- Sets the interval for ● The longer the interval, the
transmission sending LLDP lower the frequency of LLDP
interval packets to adjust the packets being exchanged. This
frequency of saves system resources.
network topology However, if the interval for
discovery. sending LLDP packets is too
long, the device cannot notify
neighbors of its status in a
timely manner, reducing
network topology discovery
efficiency.
● The shorter the interval, the
higher the frequency of the
local status information being
sent to neighbors. This ensures
prompt network topology
discovery. However, if the
interval is too short, LLDP
packets are exchanged too
frequently, increasing the
system load and wasting
resources.
message- Sets the delay for When the status of a device
transmission delay sending LLDP changes frequently:
packets to avoid ● The longer the delay, the lower
network flapping of the frequency of the local
neighbors caused by status information being sent
LLDP packets being to neighbors. This saves system
frequently sent to resources. However, if the delay
neighbors. for sending LLDP packets is too
long, the device cannot notify
neighbors of its status in a
timely manner, reducing
network topology discovery
efficiency.
● The shorter the delay, the
higher the frequency of the
local status information being
sent to neighbors. This ensures
prompt network topology
discovery. However, if the
interval is too short, LLDP
packets are exchanged too
frequently, increasing the
system load and wasting
resources.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 55
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Parameter Name Parameter Value Description
Description
message- Sets the time ● The higher the time multiplier,
transmission hold- multiplier of device the lower the frequency of
multiplier information held in network topology changes of
neighbors to neighbors. However, if the time
calculate the valid of device information held in
time of LLDP neighbors is too long, the
packets being sent device cannot notify neighbors
to neighbors. The of its status in a timely manner,
time of device reducing network topology
information held in discovery efficiency.
neighbors can be ● The lower the time multiplier,
adjusted by setting the higher the frequency of
this parameter. network topology changes of
neighbors. This ensures prompt
network topology discovery.
However, if the time multiplier
is too low, neighbors refresh
local status information
frequently, increasing the
system load and wasting
resources.
restart-delay Sets the delay for ● The longer the delay, the lower
initializing LLDP on the frequency of network
interfaces to avoid topology changes on a device.
network flapping However, if the delay for
caused by frequent initializing LLDP on interfaces is
LLDP status changes too long, the device cannot
on interfaces. trace changes of neighbor
status. As a result, the device
cannot detect network
topology of neighbors in a
timely manner.
● The shorter the delay, the
higher the frequency of
network topology changes on a
device. This ensures prompt
network topology discovery.
However, if the delay is too
short, the device refreshes
status information about
neighbors frequently, increasing
the system load and wasting
resources.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 56
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Parameter Name Parameter Value Description
Description
fast-count Sets the number of A device sends LLDP packets to
LLDP packets being neighbors every second if LLDP
sent in quick packets are being sent in quick
succession to succession and are not restricted
neighbors to help by the delay time. After sending a
neighbors quickly specified number of LLDP packets
obtain information in quick succession, the device
about the local periodically sends LLDP packets to
device, and help the neighbors based on the set
NMS quickly detect interval.
network topology.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lldp message-transmission interval interval
The global interval for a device to send LLDP packets is configured.
It is recommended that you use the default interval for sending LLDP packets.
Step 3 Run lldp message-transmission delay delay
The delay for sending LLDP packets is configured.
It is recommended that you use the default delay for sending LLDP packets unless
otherwise noted.
The parameters interval and delay for sending LLDP packets affect each other.
Take the value of delay into consideration when adjusting the value of interval.
● Increasing the value of interval is not restricted by the value of delay. interval
can be any number from 5 to 32768.
● Decreasing the value of interval is not restricted by the value of delay. The
target value of interval must be greater than or equal to four times the value
of delay. Otherwise, the value of delay must be adjusted to be less than or
equal to a quarter of the target value of interval.
Step 4 Run lldp message-transmission hold-multiplier hold-multiplier
Time multiplier of device information held in neighbors is configured.
It is recommended that you use the default time multiplier of device information
held in neighbors unless otherwise noted.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 57
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● You can increase the value of hold-multiplier to prolong the time that device
information is held in neighbors.
● The value of hold-multiplier ranges from 2 to 10. The configuration does not take effect
if the value of hold-multiplierxinterval is greater than 65535.
Step 5 Run lldp restart-delay delay
The delay for initializing LLDP on interfaces is configured.
It is recommended that you use the default delay for initializing LLDP unless
otherwise noted.
Step 6 Run lldp fast-count count
The number of LLDP packets being sent in quick succession to neighbors is
configured.
To help neighbors quickly obtain information about a local device, the local device
sends a number of LLDP packets to neighbors when the local device detects a new
neighbor (that is, when the device receives an LLDP packet from a transmitting
device for which it has no information), or when LLDP is enabled for the device
that previously had LLDP disabled, or the interface connected to a neighbor goes
Up.
Step 7 Run commit
The configuration is committed.
----End
Verifying the Configuration of Basic LLDP Functions
After configuring basic LLDP functions, verify the configuration.
Prerequisites
All configurations of basic LLDP functions are complete.
Procedure
● Run the display lldp local [ interface interface-type interface-number ]
command to check local LLDP status information about all interfaces or a
specified interface.
● Run the display lldp neighbor [ interface interface-type interface-number ]
command to check LLDP status information about neighbors connected to all
interfaces or the neighbor connected to a specified interface.
If the peer interface is a POS interface, its encapsulation protocol must be PPP
or HDLC so that LLDP can discover it.
● Run the display lldp neighbor brief command to check the summary LLDP
status information about a neighbor.
If the peer interface is a POS interface, its encapsulation protocol must be PPP
or HDLC so that LLDP can discover it.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 58
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display lldp tlv-config [ interface interface-type interface-number ]
command to check information about optional TLVs that are allowed to be
advertised by all interfaces or a specified interface.
----End
1.1.3.2.4 Configuring the LLDP Alarm Function
This section describes how to configure the LLDP alarm function on a network
device, so that the device can send alarms to the NMS when information about
neighbors changes.
Usage Scenario
After the LLDP alarm function is configured on a device, the device sends alarms
to the NMS when information about neighbors changes.
To avoid network flapping caused by frequent LLDP alarms being sent to the
NMS, configure a delay for the device to send alarms.
Pre-configuration Tasks
Before configuring the LLDP alarm function, complete the following task:
● Configure reachable routes between devices and the NMS, and SNMP
parameters.
Enabling the LLDP Alarm Function
This section describes how to enable the LLDP alarm function, so that a device can
send alarms to the NMS when information about neighbors changes.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run snmp-agent trap enable feature-name lldp [ trap-name
lldpremtableschange ]
The LLDP alarm function is enabled.
After the LLDP alarm function is enabled for a device, the device sends alarms to
the NMS when one of the following events occurs.
● The LLDP 1.0.8802.1.1.2.0.0.1 lldpRemTablesChange alarm will be
generated when the status information about an LLDP neighbor changes.
The LLDP alarm function takes effect globally to control the capability to send
LLDP alarms on all interfaces on a device.
NOTE
The network topology changes frequently when the networking is first formed. After the
LLDP alarm function is enabled for a device, the device will frequently send alarms to the
NMS. This increases the load on the system and wastes resources. It is recommended that
you disable the LLDP alarm function when the networking is first formed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 59
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Run commit
The configuration is committed.
----End
(Optional) Configuring a Delay for Sending LLDP Alarms
This section describes how to configure a delay for sending LLDP alarms, so that
flapping of network topology caused by frequent LLDP alarms can be prevented.
Background Information
The delay for sending LLDP alarms should be appropriate. You can adjust this
parameter based on the load of a network.
● The longer the delay, the lower the frequency of network topology changes
on a device. However, if the delay for sending LLDP alarms is too long, the
NMS cannot trace changes of the neighbor status. As a result, the NMS
cannot refresh network topology for a device in a timely manner.
● The shorter the delay, the higher the frequency of network topology changes
on a device. This helps the NMS refresh network topology on the device in a
timely manner. However, if the delay is too short, the NMS refreshes status
information about neighbors frequently. This causes flapping of network
topology on a device, increases the load on the system, and wastes resources.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lldp enable
The LLDP function is enabled globally.
Step 3 Run lldp trap-interval interval
A delay for sending LLDP alarms is configured.
It is recommended that you use the default delay for sending LLDP alarms unless
otherwise noted.
----End
Verifying the Configuration of the LLDP Alarm Function
After configuring the LLDP alarm function, verify the configuration.
Prerequisites
All configurations for the LLDP alarm function are complete.
Procedure
● Run the display snmp-agent trap feature-name lldp all command to check
all trap messages about the LLDP module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 60
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display lldp local [ interface interface-type interface-number ]
command to check local LLDP status information on a device.
----End
1.1.3.2.5 Maintaining LLDP
Maintaining LLDP includes clearing information about LLDP statistics and
monitoring LLDP status.
Clearing LLDP Statistics
This section describes how to use reset commands to clear Link Layer Discovery
Protocol (LLDP) statistics.
Context
NOTICE
Statistics cannot be restored after being cleared. Therefore, exercise caution when
you run the following commands.
Procedure
● Run the reset lldp statistics [ interface interface-type interface-number ]
command in the user view to clear statistics about LLDP packets.
----End
Monitoring LLDP Status
This section describes how to use display commands to monitor LLDP status.
Context
In routine maintenance, you can run the following commands in any view to
check the LLDP status.
Procedure
● Run the display lldp statistics [ interface interface-type interface-number ]
command to check statistics about LLDP packets transmitted by all interfaces
or a specified interface.
----End
1.1.3.2.6 Configuration Examples for LLDP
The configuration examples provide networking requirements, configuration
roadmap, data preparation, and configuration procedures
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 61
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Example for Configuring Basic LLDP Functions
This section provides an example to describe how to configure basic LLDP
functions to help the NMS obtain information about network topology.
Networking Requirements
As shown in Figure 1-25, there are reachable links between DeviceA, DeviceB, and
DeviceC. DeviceA and DeviceC have reachable routes to the NMS. Before the LLDP
function is configured, DeviceA cannot obtain status information about DeviceB
and DeviceC, and the NMS cannot obtain topology information between DeviceA,
DeviceB, and DeviceC by exchanging SNMP packets with them.
After the LLDP function is configured, devices can obtain status information about
neighbors by exchanging LLDP packets between them. The NMS can search for
DeviceA, DeviceB, and DeviceC based on their LLDP management addresses to
obtain topology information between them.
NOTE
Interface 1 in this example represents GE 0/1/1.
Figure 1-25 Networking diagram for configuring basic LLDP functions
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 62
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Configure IP addresses and routing protocols for interfaces on DeviceA,
DeviceB, and DeviceC to ensure that network-layer routes are reachable.
2. Enable the LLDP function for DeviceA, DeviceB, and DeviceC globally.
3. Configure DeviceA, DeviceB, and DeviceC with LLDP management addresses,
which are used to identify local devices among neighbors.
4. Configure LLDP parameters for DeviceA, DeviceB, and DeviceC to optimize the
LLDP performance.
5. Enable the LLDP alarm function for DeviceA, DeviceB, and DeviceC. Configure
an appropriate delay for a device to send LLDP alarms. An appropriate delay
reduces system resource consumption.
Data Preparation
To complete the configuration, you need the following data:
● LLDP management addresses of DeviceA, DeviceB, and DeviceC (10.10.10.1,
10.10.10.2, and 10.10.10.3, respectively)
● Interval for sending LLDP packets (60s), delay for sending LLDP packets (9s),
and delay for sending LLDP alarms (10s)
Procedure
Step 1 Configure IP addresses and route protocols for interfaces on DeviceA, DeviceB, and
DeviceC, as shown in Figure 1-25. For details, see Configuration Files.
Step 2 Enable the LLDP function for DeviceA, DeviceB, and DeviceC globally.
# Configure DeviceA.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] lldp enable
[*DeviceA] commit
# Configure DeviceB.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceB
[*HUAWEI] commit
[~DeviceB] lldp enable
[*DeviceB] commit
# Configure DeviceC.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceC
[*HUAWEI] commit
[~DeviceC] lldp enable
[*DeviceC] commit
Step 3 Configure LLDP management addresses for DeviceA, DeviceB, and DeviceC.
# Configure 10.10.10.1 as the LLDP management address of DeviceA.
[~DeviceA] lldp management-address 10.10.10.1
[*DeviceA] commit
# Configure 10.10.10.2 as the LLDP management address of DeviceB.
[~DeviceB] lldp management-address 10.10.10.2
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 63
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*DeviceB] commit
# Configure 10.10.10.3 as the LLDP management address of DeviceC.
[~DeviceC] lldp management-address 10.10.10.3
[*DeviceC] commit
Step 4 Configure LLDP parameters for DeviceA, DeviceB, and DeviceC. These parameters
include the interval and delay for a device to send LLDP packets.
# Configure an interval and a delay for DeviceA to send LLDP packets.
[~DeviceA] lldp message-transmission interval 60
[*DeviceA] lldp message-transmission delay 9
[*DeviceA] commit
# Configure an interval and a delay for DeviceB and DeviceC to send LLDP
packets.
For details, see the configuration of DeviceA.
Step 5 Enable the LLDP alarm function for DeviceA, DeviceB, and DeviceC. Configure an
appropriate delay for a device to send LLDP alarms.
# Configure DeviceA.
[~DeviceA] snmp-agent trap enable feature-name lldp
[*DeviceA] lldp trap-interval 10
[*DeviceA] commit
# Configure DeviceB and DeviceC.
For details, see the configuration of DeviceA.
Step 6 Verify the configuration.
# Check whether the LLDP function is enabled, whether an LLDP management
address is configured, whether the LLDP alarm function is enabled, and whether
values of LLDP attributes are the same as values configured for DeviceA.
● Display the local LLDP information of DeviceA.
<DeviceA> display lldp local
System information
--------------------------------------------------------------------------
Chassis type :macAddress
Chassis ID :00e0-fc21-1220
System name :DeviceA
System description :Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.220 (NetEngine 8000 M14 V800R022C00SPC600)
Copyright (C) 2012-2015 Huawei Technologies Co., Ltd.
HUAWEI NetEngine 8000 M14
System capabilities supported :bridge router
System capabilities enabled :bridge router
LLDP Up time :2015/02/26 15:08:28
System configuration
--------------------------------------------------------------------------
LLDP Status :enabled (default is disabled)
LLDP Message Tx Interval :60 (default is 30s)
LLDP Message Tx Hold Multiplier :4 (default is 4)
LLDP Refresh Delay :2 (default is 2s)
LLDP Tx Delay :9 (default is 2s)
LLDP Notification Interval :10 (default is 5s)
LLDP Notification Enable :enabled (default is disabled)
Management Address :ipv4: 10.10.10.1
LLDP Fast Message Count :4 (default is 4)
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 64
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Remote Table Statistics:
--------------------------------------------------------------------------
Remote Table Last Change Time :0 days,0 hours, 11 minutes,49 seconds
Remote Neighbors Added :0
Remote Neighbors Deleted :0
Remote Neighbors Dropped :0
Remote Neighbors Aged :0
Total Neighbors :2
Port information:
--------------------------------------------------------------------------
Interface Gigabitethernet 0/1/1:
LLDP Enable Status :txAndRx (default is disabled)
Total Neighbors :2
Port ID subtype :interfaceName
Port ID :Gigabitethernet 0/1/1
Port description :
Port and Protocol VLAN ID(PPVID) :unsupported
Port VLAN ID(PVID) :0
VLAN name of VLAN :--
Protocol identity :STP RSTP/MSTP LACP EthOAM
Auto-negotiation supported :Yes
Auto-negotiation enabled :No
OperMau :speed (10000) /duplex (Full)
Link aggregation supported :Yes
Link aggregation enabled :No
Aggregation port ID :0
Maximum frame Size :9216
● Display the LLDP information about neighbors connected to DeviceA.
<DeviceA> display lldp neighbor interface gigabitethernet 0/1/1
Gigabitethernet 0/1/1 has 2 neighbor(s):
Neighbor index :1
Chassis type :macAddress
Chassis ID :00e0-fc11-1220
Port ID type :interfaceName
Port ID :Gigabitethernet 0/1/1
Port description :--
System name :DeviceB
System description :Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.220 (NetEngine 8000 M14 V800R022C00SPC600)
Copyright (C) 2012-2015 Huawei Technologies Co., Ltd.
HUAWEI NetEngine 8000 M14
System capabilities supported :bridge router
System capabilities enabled :bridge router
Management address type :ipv4
Management address : 10.10.10.2
Expired time :104 (s)
Port VLAN ID(PVID) :0
Port And Protocol VLAN ID(PPVID) :unsupported
VLAN name of VLAN :--
Protocol identity :--
Auto-negotiation supported :Yes
Auto-negotiation enabled :No
OperMau :speed (10000) /duplex (Full)
Link aggregation supported :Yes
Link aggregation enabled :No
Aggregation port ID :0
Maximum frame Size :0
Discovered time :2015-02-21 11:09:15
Neighbor index :2
Chassis type :macAddress
Chassis ID :00e0-fc33-0013
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 65
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Port ID type :interfaceName
Port ID :Gigabitethernet 0/1/1
Port description :--
System name :DeviceC
System description :Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.220 (NetEngine 8000 M14 V800R022C00SPC600)
Copyright (C) 2012-2015 Huawei Technologies Co., Ltd.
HUAWEI NetEngine 8000 M14
System capabilities supported :bridge router
System capabilities enabled :bridge router
Management address type :ipv4
Management address : 10.10.10.3
Expired time :104 (s)
Port VLAN ID(PVID) :0
Port And Protocol VLAN ID(PPVID) :unsupported
VLAN name of VLAN :--
Protocol identity :--
Auto-negotiation supported :Yes
Auto-negotiation enabled :No
OperMau :speed (10000) /duplex (Full)
Link aggregation supported :Yes
Link aggregation enabled :No
Aggregation port ID :0
Maximum frame Size :0
Discovered time :2015-02-21 11:09:15
# Check whether the LLDP function is enabled and whether LLDP management
addresses are configured for DeviceB and DeviceC.
For details, see the procedures for DeviceA.
----End
Configuration Files
● DeviceA configuration file
#
sysname DeviceA
#
lldp enable
lldp message-transmission interval 60
lldp message-transmission delay 9
lldp restart-delay 3
lldp fast-count 3
#
interface GigabitEthernet0/1/1
ip address 10.10.10.1 255.255.255.0
#
lldp management-address 10.10.10.1
#
return
● DeviceB configuration file
#
sysname DeviceB
#
lldp enable
lldp message-transmission interval 60
lldp message-transmission delay 9
lldp restart-delay 3
lldp fast-count 3
#
interface GigabitEthernet0/1/1
ip address 10.10.10.2 255.255.255.0
#
lldp management-address 10.10.10.2
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 66
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
return
● Configuration file of DeviceC
#
sysname DeviceC
#
lldp enable
lldp message-transmission interval 60
lldp message-transmission delay 9
lldp restart-delay 3
lldp fast-count 3
#
interface GigabitEthernet0/1/1
ip address 10.10.10.3 255.255.255.0
#
lldp management-address 10.10.10.3
#
return
1.1.4 NTP Configuration
1.1.4.1 Overview of NTP
Definition
Network Time Protocol (NTP) is an application layer protocol in the TCP/IP
protocol suite. It is used to synchronize clocks between a series of distributed time
servers and clients.
Purpose
NTP is used to synchronize the time of all clock devices on a network. If time is
not synchronized on a network, time errors may occur because devices run their
own clocks. NTP synchronizes the time on all devices, enabling them to provide
various applications based on consistent time.
NTP is mainly used in the following scenarios where the clocks of all network
devices must be consistent:
● Network management: Synchronized time is used as a reference when a
network management system (NMS) analyzes the logs and debugging
information collected from different devices.
● Charging system: Synchronized time is required to ensure the accuracy and
trustworthiness of charging information.
● Several systems interworking on the same complex event: The systems must
use the same clock for reference to ensure proper sequencing of operations.
● Incremental backup between the backup server and client: Synchronized time
ensures integrity of the backup data which can be used for production system
recovery.
1.1.4.2 Understanding NTP
1.1.4.2.1 NTP Fundamentals
Figure 1-26 shows the NTP message exchange process.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 67
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-26 NTP message exchange process
The NTP message exchange process is as follows:
1. The NTP client sends an NTP request message to the NTP server. The NTP
request message is timestamped as T1 when it leaves the NTP client.
2. The NTP server receives the NTP request message and adds the timestamp T2
to this message.
3. The NTP server sends an NTP response message to the NTP client. The NTP
response message is timestamped as T3 when it leaves the NTP server.
4. The NTP client receives the NTP response message and adds the timestamp
T4 to this message.
Following this message exchange, the NTP client has four timestamps: T1, T2, T3,
and T4.
An example assumes that the one-way delay of a link is Delay and the time
difference between the NTP client and NTP server is Offset (the current time of
the NTP server minus the time of the NTP client). The calculation formulas are as
follows:
T2 - T1 = Delay + Offset
T4 - T3 = Delay - Offset
Therefore, Offset is calculated as follows: Offset = [(T2 - T1) - (T4 - T3)]/2. The
NTP client adjusts its clock based on the Offset value to achieve synchronization
with the NTP server.
The preceding is a brief introduction of how NTP works. Standard NTP algorithms
can be used to further guarantee the precision of clock synchronization.
1.1.4.2.2 Network Structure of NTP
Figure 1-27 shows the network structure of NTP. An NTP synchronization subnet
is a network of primary and secondary time servers, clients, and interconnecting
transmission paths.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 68
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-27 Network structure of NTP
A primary time server is directly synchronized to a primary reference source,
usually a radio clock or a global positioning system (GPS). A secondary time server
derives synchronization through a primary time server or other secondary time
servers, and uses NTP to transmit time information to other hosts on a local area
network (LAN).
In normal cases, the master and slave servers in a synchronization subnet form a
hierarchical master-slave structure. In this hierarchical structure, the master server
is located at the root, the secondary server is close to the leaf node, the number of
layers increases, and the accuracy decreases.
If one or more primary or secondary time servers fail or the network paths
between them fail, the synchronization subnet is automatically adjusted to
maintain accurate and reliable time.
● When all primary time servers being used on a synchronization subnet fail,
one or more backup primary time servers continue operation.
● When all primary time servers on the synchronization subnet fail, the
secondary time servers synchronize among themselves. They drop off the
synchronization subnet and free-run using the last determined time and
frequency. Timekeeping errors are no greater than a few milliseconds per day
if oscillators are appropriately stabilized, even in extended outage periods.
1.1.4.2.3 Operating Modes of NTP
Overview
Table 1-13 lists the operating modes of NTP.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 69
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-13 Operating modes of NTP
Operatin Description Usage Scenario
g Mode
Client/ The client synchronizes In this mode, the server and client run at
Server its clock with the clock a high stratum level on the
mode on the server. synchronization subnet. In this mode, the
IP address of the server needs to be
obtained in advance.
Peer The symmetric active In this mode, the host runs at a relatively
mode peer and symmetric low stratum level on the synchronization
passive peer can subnet.
synchronize with each
other. The peer with a
lower stratum level
(larger stratum value) is
synchronized with the
peer with a higher
stratum level (smaller
stratum value).
Broadcast The server periodically This mode applies to high-speed
mode sends clock networks that have numerous
synchronization packets workstations but lower requirements on
to a broadcast address. synchronization accuracy. In typical
scenarios, one or more time servers
periodically send broadcast packets to
workstations, which then determine the
time based on a millisecond-level delay.
Multicast The server periodically This mode applies to scenarios where a
mode sends clock large number of clients are distributed
synchronization packets on the network. In this mode, the NTP
to a multicast address. server multicasts an NTP packet to all
clients, thereby lowering the number of
NTP packets sent on the network.
Manycast Manycast servers This mode applies to scenarios where
mode continuously listen for multiple servers are sparsely distributed
request packets that on the network. Clients can discover and
manycast clients synchronize with the closest manycast
periodically send to a server. This mode applies to networks
multicast address in where servers are not stable and clients
search of a server with do not need to be reconfigured if a
the fewest number of server fails.
hops.
Client/Server Mode
Figure 1-28 shows the packet exchange process in client/server mode. The client
synchronizes its clock with the clock on the server. The server provides
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 70
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
synchronization information for the client but does not alter its own clock. In
client/server mode, the server is also called a unicast server to distinguish it from
the broadcast server, multicast server, and manycast server in other modes.
Figure 1-28 Client/Server mode
The packet exchange process in client/server mode is as follows:
1. The client periodically sends packets to the server. The value of the Mode field
in the packets is set to 3 (client mode). A client will not verify the reachability
and stratum of the server.
2. After receiving the request packet, the server sends a response packet in
which the Mode field is set to 4 (server mode). The server fills in the required
information to the response packet before sending it to the client. The server
does not need to retain any status information.
3. After receiving the response packet, the client performs the clock filter and
selection procedure and then synchronizes its clock to the server that provides
the optimal clock.
Peer Mode
Figure 1-29 shows the packet exchange process in peer mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 71
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-29 Peer mode
The packet exchange process in peer mode is as follows:
1. The symmetric active peer sends an NTP request packet to the symmetric
passive peer, with the Mode field being 3 (client mode). The symmetric
passive peer replies with an NTP response packet, in which the Mode field is
set to 4 (server mode).
2. The active peer periodically sends packets to the passive peer. The value of
the Mode field in a packet is set to 1, indicating that the packet is sent by the
active peer. Whether the peer is reachable and the number of layers of the
peer are not considered.
3. After receiving the request packet, the symmetric passive peer sends a
response packet in which the Mode field is set to 2 (symmetric passive peer).
The symmetric passive peer does not need to be configured. A host
establishes a connection and sets relevant state variables only after an NTP
packet is received.
4. After the peer relationship is set up, the symmetric active and passive peers
can synchronize with each other. The peer with a lower stratum level (larger
stratum value) is synchronized with the peer with a higher stratum level
(smaller stratum value).
Broadcast Mode
Figure 1-30 shows the packet exchange process in broadcast mode. In this mode,
servers typically run high-speed broadcast media over the network. They provide
synchronization information to all clients, but do not alter their own clocks.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 72
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-30 Broadcast mode
The packet exchange process in broadcast mode is as follows:
1. The broadcast server periodically sends clock synchronization packets to the
broadcast address 255.255.255.255. The Mode field in the packets is set to 5
(broadcast mode or multicast mode), regardless of whether the client is
reachable or the number of layers.
2. The client listens for the broadcast packets sent from the server. After
receiving the first broadcast packet, the client temporarily starts in client/
server mode to exchange packets with the server. This allows the client to
estimate the network delay.
3. The client then enters the broadcast mode, continues to listen for the
subsequent broadcast packets, and synchronizes the local clock according to
the subsequent broadcast packets.
Multicast Mode
Figure 1-31 shows the packet exchange process in multicast mode. In this mode,
servers typically run high-speed broadcast media over the network. They provide
synchronization information to all clients, but do not alter their own clocks.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 73
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-31 Multicast mode
The packet exchange process in multicast mode is as follows:
1. The multicast server periodically sends clock synchronization packets to an
IPv4 or IPv6 multicast address. The Mode field in the packets is set to 5
(broadcast or multicast mode).
2. The client listens for the multicast packets sent from the server. After
receiving the first multicast packet, the client temporarily starts in client/
server mode to exchange packets with the server. This allows the client to
estimate the network delay.
3. The client then enters the multicast mode, continues to listen for the
subsequent multicast packets, and synchronizes the local clock according to
the subsequent multicast packets.
Manycast Mode
Figure 1-32 shows the packet exchange process in manycast mode. In this mode,
servers provide synchronization information to all clients and do not alter their
own clocks.
Figure 1-32 Manycast mode
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 74
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The packet exchange process in manycast mode is as follows:
1. The manycast client periodically sends request packets to an IPv4 or IPv6
multicast address to search for the closest manycast server (smallest TTL).
The value of the Mode field is set to 3 (client mode).
The initial TTL value of a request packet sent by the client is 1. The value
increases by 1 each time a request packet is sent until either the client
receives a response packet or the TTL value reaches the upper limit. Receipt of
a response packet indicates that the client has found the closest manycast
server. To subsequently maintain the connection with this server, the client
sends a packet every time a timeout period expires. If the client does not
receive a response packet when the TTL reaches the upper limit, the client
stops sending request packets for a certain period of time (a timeout period).
This timeout period allows all connections to be cleared. After the timeout
period expires, the client repeats the preceding process.
2. The manycast server continuously listens for packets. If server synchronization
is possible, the server unicasts a response packet to the client, with the Mode
field set to 4 (server mode).
3. After receiving the response packet, the client performs the clock filter and
selection procedure and then synchronizes its clock to the server that provides
the optimal clock.
1.1.4.2.4 NTP Clock Source Selection
When multiple valid server candidates exist for the clock source selection, a client
selects the most accurate and reliable server according to certain rules. NTP
determines the quality of each clock source based on the following parameters:
● Offset: indicates the maximum-likelihood time offset of the server clock
relative to the system clock.
● Delay: indicates the round-trip delay between the client and server.
● Dispersion: indicates the maximum error inherent in the measurement.
● Jitter: indicates the root mean square (RMS) average of the most recent offset
differences.
Upon receipt of each NTP response packet, a client updates the values of these
four parameters to measure the system clock relative to each server clock. The
client uses the selection, cluster, and combine algorithms to determine the most
accurate and reliable candidates to synchronize the system clock. The selection
algorithm is used to select a list of accurate and reliable servers based on the
values of the offset, delay, dispersion, and jitter parameters. The cluster algorithm
uses statistical principles to find the most accurate set of truechimers (a
truechimer is a clock that maintains timekeeping accuracy to a previously
published and trusted standard). The combine algorithm computes the final clock
offset by statistically averaging the surviving truechimers.
1.1.4.2.5 NTP Packet Format
Figure 1-33 shows the NTP packet format.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 75
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-33 NTP packet format
Table 1-14 Description of each field in an NTP packet
Field Length Description
LI (Leap Indicator) 2 bits A code warning of an impending leap second to
be inserted or deleted in the NTP timescale.
The bit values are defined as follows:
● 00: no warning
● 01: last minute has 61 seconds
● 10: last minute has 59 seconds
● 11: alarm condition (clock not synchronized)
VN (Version 3 bits NTP version number. The current version is 3.
Number)
Mode 3 bits NTP mode.
The values are defined as follows:
● 0: reserved
● 1: symmetric active
● 2: symmetric passive
● 3: client mode
● 4: server mode
● 5: broadcast mode
● 6: reserved for NTP control messages
● 7: reserved for private use
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 76
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Length Description
Stratum 8 bits Stratum level of the local clock. It defines the
precision of the clock. The value of this field
ranges from 1 to 15. A stratum 1 clock has the
highest precision.
Poll 8 bits Maximum interval between successive
messages.
Precision 8 bits Precision of the local clock.
Root Delay 32 bits Total round-trip delay to the primary reference
source.
Root Dispersion 32 bits Maximum error relative to the primary
reference source.
Reference Identifier 32 bits ID of a reference clock.
Reference 64 bits Local time at which the local clock was last set
Timestamp or corrected. Value 0 indicates that the local
clock is never synchronized.
Originate 64 bits Local time at which an NTP request packet
Timestamp departed the client for the server.
Receive Timestamp 64 bits Local time at which an NTP request packet
arrived at the server.
Transmit 64 bits Local time at which an NTP response packet
Timestamp departed the server for the client.
Authenticator 96 bits (Optional) Authenticator information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 77
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.4.3 Configuration Precautions for NTP
Feature Requirements
Table 1-15 Feature requirements
Feature Requirements Series Models
1. The existing configuration will not be NetEngin NetEngine 8000
deleted when the NTP service is disabled. e 8000 M M14/NetEngine
2. Currently, each device can be configured 8000 M14K/
with a maximum of 256 multicast servers, NetEngine 8000
peers, unicast servers, 1024 NTP authentication M4/NetEngine
keys, and 1024 multicast clients. A maximum 8000 M8/
of 256 multicast clients can take effect NetEngine 8000
simultaneously. M8K/NetEngine
8000E M14/
3. A device running NTP supports a maximum NetEngine 8000E
of 256 sessions at the same time, including M8/NetEngine
static and dynamic sessions. 8100 M14/
NetEngine 8100
M8
For security purposes, you are not advised to NetEngin NetEngine 8000
use the weak security algorithm or weak e 8000 M M14/NetEngine
security protocol provided by this feature. By 8000 M14K/
default, the device provides the weak security NetEngine 8000
algorithm or protocol feature package M4/NetEngine
WEAKEA. If it is required, run the install 8000 M8/
feature-software WEAKEA command to NetEngine 8000
install the weak security algorithm or protocol M8K/NetEngine
feature package WEAKEA. 8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
1.1.4.4 Default Settings for NTP
Table 1-16 describes the default settings for NTP.
Table 1-16 Default settings for NTP
Parameter Default Setting
Maximum synchronization 1s
distance
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 78
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Parameter Default Setting
NTP server Enabled
After any NTP command is configured, the
system automatically disables the NTP server
function. The NTP server takes effect only
after 1.1.4.5.8 Enabling the NTP Server
Function is performed.
Listening interface of the NTP By default, the system does not listen to any
server interface and therefore does not respond to
any NTP client request.
1.1.4.5 Configuring Basic NTP Functions
1.1.4.5.1 Configuring the NTP Master Clock and Listening Interfaces
Context
An NTP master clock can be configured on the server (which can be a unicast
server, broadcast server, multicast server, manycast server, or symmetric passive
peer) to provide the reference time for other devices. In addition, an interface that
listens for external NTP packets needs to be specified. Otherwise, the server fails
to respond to client requests.
An NTP master clock does not need to be configured when the local server has
been synchronized with an NTP master clock at a higher stratum. When this is the
case, if the NTP master clock at a higher stratum fails, the local server cannot
provide the reference time for lower-level clients. To resolve this problem, you are
advised to configure an NTP master clock on the local server and set its clock
stratum to that of the upper-level server plus 1.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the NTP master clock.
ntp-service refclock-master [ ip-address ] [ stratum ]
Configure the local clock as the NTP master clock to provide the reference time for
other devices. The value of stratum must be smaller than the stratum value of a
client. Otherwise, the client cannot synchronize with the clock on the server.
Step 3 Configure a listening interface for the NTP server.
● Configure a listening interface for an IPv4 NTP server.
ntp-service server source-interface { interface-name |interface-type interface-number }
By default, an NTP IPv4 server does not listen to any interface. If the ntp-
service server source-interface all enable command is run, the device
functions as an NTP IPv4 server and listens to all interfaces.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 79
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Configure a listening interface for an IPv6 NTP server.
ntp-service ipv6 server source-address ipv6Addr [ vpn-instance vpnName ]
By default, an NTP IPv6 server does not listen to any interface. If the ntp-
service ipv6 server source-interface all enable command is run, the device
functions as an NTP IPv6 server and listens to all interfaces.
Step 4 (Optional) Change the port number for receiving NTP messages.
ntp-service port porNum
Step 5 Commit the configuration.
commit
----End
Follow-up Procedure
For details about how to enable the NTP authentication function, see 1.1.4.6.2
Enabling NTP Authentication. Before configuring the working mode, ensure that
the authentication function has been configured.
1.1.4.5.2 Configuring Time Parameters for Synchronizing the Client Clock
Context
If the server clock changes or multiple NTP servers are available, you need to set
the clock synchronization parameters on the client clock. Such parameters include
the interval and the maximum synchronization distance threshold for
synchronizing the client clock. The client clock synchronizes with the clock source
based on the configured clock synchronization parameters.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure a clock synchronization interval on the client.
ntp-service sync-interval interval
By default, the clock synchronization interval is not configured on the client. The
value ranges from 180 to 600, in seconds.
Step 3 (Optional) Configure the maximum synchronization distance.
ntp-service max-distance max-distance-value
By default, the maximum NTP synchronization distance threshold is 1s.
Step 4 (Optional) Configure the offset threshold for clock synchronization.
ntp-service offset-limit maxOffset
By default, the offset threshold for clock synchronization is not configured on the
client.
NOTE
If the time offset between the clock source and the client is greater than the offset
threshold, the client does not synchronize with the clock source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 80
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Commit the configuration.
commit
----End
1.1.4.5.3 (Optional) Configuring the NTP Client/Server Mode
Context
When the client/server mode is used, you need to perform the following
configurations on the client:
Procedure
Step 1 Enter the system view.
system-view
Step 2 (Optional) Specify the source interface for sending NTP packets.
ntp-service [ ipv6 ] source-interface { interface-name | interface_type interface_num } [ vpn-instance
vpnName ]
By default, no interface is specified for sending NTP packets.
Step 3 Specify the service mode of the NTP server.
ntp-service unicast-server { ipv4Addr [ version number | authentication-keyid key-id | port port-number
| source-interface { interface-name | interface-type interface-number } | vpn-instance vpn-instance-name |
preferred | maxpoll max-number | minpoll min-number | burst | iburst | preempt ] * | ipv6 ipv6-address
[ authentication-keyid key-id | port port-number | source-interface { interface-name | interface-type
interface-number } | vpn-instance vpn-instance-name | preferred | maxpoll max-number | minpoll min-
number | burst | iburst | preempt ] *
The IP address of the NTP server is a host address and cannot be a broadcast
address, a multicast address, or the IP address of the reference clock.
If the source-interface parameter is specified, the configured server IP address
must be the same as the IP address of the source interface. Otherwise, clock
synchronization fails.
If the source interface for sending NTP packets has been configured on the server
and the source-interface parameter has been specified, the source-interface
configuration is preferred.
Step 4 Commit the configuration.
commit
----End
1.1.4.5.4 (Optional) Configuring the NTP Peer Mode
Context
When the peer mode is used, you need to perform the following configurations on
the symmetric active peer:
Procedure
Step 1 Enter the system view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 81
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
system-view
Step 2 (Optional) Specify the source interface for sending NTP packets.
ntp-service [ ipv6 ] source-interface { interface-name | interface_type interface_num } [ vpn-instance
vpnName ]
By default, no interface is specified for sending NTP packets.
Step 3 Perform any of the following steps to specify the symmetric passive peer:
ntp-service unicast-peer { ipv4Addr [ version number | port port-number | authentication-keyid key-id |
source-interface { interface-name | interface-type interface-number } | vpn-instance vpn-instance-name |
preference | maxpoll max-number | minpoll min-number | preempt ] * | ipv6 ipv6Addr [ authentication-
keyid key-id | port port-number | source-interface { interface-name | interface-type interface-number } |
vpn-instance vpn-instance-name | preference | maxpoll max-number | minpoll min-number | preempt ] * }
The IP address of the symmetric passive peer is a host address and cannot be a
broadcast address, a multicast address, or the IP address of the reference clock.
If the source-interface parameter is specified, the configured server IP address
must be the same as the IP address of the source interface. Otherwise, clock
synchronization fails.
If the source interface for sending NTP packets has been configured on the
symmetric passive peer and the source-interface parameter has been specified,
the source-interface configuration is preferred.
Step 4 Commit the configuration.
commit
----End
1.1.4.5.5 (Optional) Configuring the NTP Broadcast Mode
Context
When the broadcast mode is used, you need to perform the following
configurations on both the broadcast server and client.
Procedure
● Configure an NTP broadcast server.
a. Enter the system view.
system-view
b. Configure an NTP authentication key.
ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 | aes-128-
cmac | aes-256-cmac } { password | cipher password }
MD5 is a weak security algorithm and is not recommended. You are
advised to use other security algorithms for NTP key authentication. To
configure the MD5 algorithm, run the undo crypto weak-algorithm
disable command to enable the weak security algorithm function first.
c. Enter the view of the interface used for sending NTP broadcast packets.
interface interface-type interface-number
d. Configure the local device as the NTP broadcast server.
ntp-service broadcast-server [ authentication-keyid key-id | version version-number | port
port-number ] *
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 82
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the configuration is complete, the local device functions as the NTP
broadcast server periodically sending clock synchronization packets to the
broadcast address 255.255.255.255 from a specified interface.
e. Commit the configuration.
commit
● Configure an NTP broadcast client.
a. Enter the system view.
system-view
b. Enter the view of the interface used for receiving NTP broadcast packets.
interface interface-type interface-number
c. Configure the local device as the NTP broadcast client.
ntp-service broadcast-client
After the configuration is complete, the local device functions as the NTP
broadcast client listening for the NTP broadcast packets sent from the
server and synchronizing the local clock with the server.
d. Commit the configuration.
commit
----End
1.1.4.5.6 (Optional) Configuring the NTP Multicast Mode
Context
When the multicast mode is used, you need to perform the following
configurations on both the multicast server and client.
Procedure
● Configure an NTP multicast server.
a. Enter the system view.
system-view
b. Configure an NTP authentication key.
ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 | aes-128-
cmac | aes-256-cmac } { password | cipher password }
MD5 is a weak security algorithm and is not recommended. You are
advised to use other security algorithms for NTP key authentication. To
configure the MD5 algorithm, run the undo crypto weak-algorithm
disable command to enable the weak security algorithm function first.
c. Enter the view of the interface used for sending NTP multicast packets.
interface interface-type interface-number
d. Configure the local device as the NTP multicast server.
Run either of the following commands depending on whether the server
IP address is an IPv4 or IPv6 address:
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id | ttl ttl-number |
version number | port port-number ] *
ntp-service multicast-server ipv6 [ ipv6Addr ] [ authentication-keyid keyid | ttl ttl-number |
port portNumber ] *
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 83
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the configuration is complete, the local device functions as the NTP
multicast server periodically sending clock synchronization packets to the
configured destination multicast address from a specified interface.
e. Commit the configuration.
commit
● Configure an NTP multicast client.
a. Enter the system view.
system-view
b. Enter the view of the interface used for receiving NTP multicast packets.
interface interface-type interface-number
c. Configure the local device as the NTP multicast client.
ntp-service multicast-client [ ip-address | ipv6 ipv6-address ]
After the configuration is complete, the local device functions as the NTP
multicast client listening for the NTP multicast packets sent from the
server and synchronizing the local clock with the server.
d. Commit the configuration.
commit
----End
1.1.4.5.7 (Optional) Configuring the NTP Manycast Mode
Context
When the manycast mode is used, you need to perform the following
configurations on both the manycast server and client.
Procedure
● Configure an NTP manycast server.
a. Enter the system view.
system-view
b. Configure the interface used for sending NTP manycast packets.
interface interface-type interface-number
c. Configure the local device as the NTP manycast server.
Run either of the following commands depending on whether the server
IP address is an IPv4 or IPv6 address:
ntp-service manycast-server [ ip-address ]
ntp-service manycast-server ipv6 [ ipv6-address ]
d. Commit the configuration.
commit
● Configure an NTP manycast client.
a. Enter the system view.
system-view
b. Configure the interface used for receiving NTP manycast packets.
interface interface-type interface-number
c. Configure the local device as the NTP manycast client.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 84
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Run either of the following commands depending on whether the client
IP address is an IPv4 or IPv6 address:
ntp-service manycast-client [ ip-address ] [ authentication-keyid key-id | ttl ttl-number | port
port-number ] *
ntp-service manycast-client ipv6 [ ipv6-address ] [ authentication-keyid key-id | ttl ttl-
number | port port-number ] *
After the configuration is complete, the NTP manycast client synchronizes
the local clock with the server after receiving NTP manycast packets from
the server.
d. Commit the configuration.
commit
----End
1.1.4.5.8 Enabling the NTP Server Function
Context
After NTP-related commands are configured on a device, it automatically disables
the NTP server function to prevent external devices from synchronizing their clocks
with the device's clock. In addition, the device generates the ntp [ ipv6 ] server
disable configuration in its configuration file. To use the device as an NTP server,
enable the NTP server function on the device.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the NTP server function.
undo ntp-service [ ipv6 ] server disable
Step 3 Commit the configuration.
commit
----End
1.1.4.5.9 Verifying the Configuration
Prerequisites
All the basic NTP functions have been configured.
Procedure
● Run the display ntp-service sessions command to check the NTP session
status.
● Run the display ntp-service status command to check the status of the NTP
service.
● Run the display ntp-service trace command to check the tracing path
between the local device and the reference clock source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 85
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display ntp-service bd-status command to check the status of the
clock system on the involved board of the local device.
----End
1.1.4.5.10 Example for Configuring the NTP Peer Mode
Networking Requirements
As shown in Figure 1-34, three devices are in the LAN.
● DeviceA sets its local clock as a stratum 2 NTP master clock.
● DeviceB sets DeviceA as its NTP server. That is, DeviceB functions as an NTP
client.
● DeviceC sets DeviceB as its symmetric passive peer. That is, DeviceC functions
as the symmetric active peer.
Figure 1-34 Configuring the NTP peer mode
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as the local master clock so that DeviceB sends request
packets to DeviceA for clock synchronization.
2. Configure DeviceC and DeviceB as peers so that DeviceC sends request
packets to DeviceB for clock synchronization.
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 Configure the NTP client/server mode.
# Configure DeviceA to use its local clock as a stratum 2 NTP master clock.
<DeviceA> system-view
[~DeviceA] ntp-service refclock-master 2
[*DeviceA] commit
# Specify a listening interface on DeviceA.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 86
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceA] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceA] commit
# On DeviceB, configure DeviceA as the NTP server.
<DeviceB> system-view
[~DeviceB] ntp-service unicast-server 10.0.1.31
[*DeviceB] commit
# Specify a listening interface on DeviceB.
[~DeviceB] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceB] commit
Step 3 Configure the NTP peer mode.
# On DeviceC, specify DeviceB as the symmetric passive peer.
<DeviceC> system-view
[~DeviceC] ntp-service unicast-peer 10.0.1.32
[*DeviceC] commit
----End
Verifying the Configuration
# Check the NTP status of DeviceB. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceB is 3, one stratum lower than DeviceA.
[~DeviceB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.0.1.31
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 62.50 ms
root dispersion: 0.20 ms
peer dispersion: 7.81 ms
reference time: 06:52:33.465 UTC Feb 7 2020(C7B7AC31.773E89A8)
synchronization state: clock synchronized
# Check the NTP status of DeviceC. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceC is 4, one stratum lower than DeviceB.
[~DeviceC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.1.32
nominal frequency: 64.0029 Hz
actual frequency: 64.0029 Hz
clock precision: 2^7
clock offset: 0.0000 ms
root delay: 124.98 ms
root dispersion: 0.15 ms
peer dispersion: 10.96 ms
reference time: 06:55:50.784 UTC Feb 7 2020(C7B7ACF6.C8D002E2)
synchronization state: clock synchronized
Configuration Scripts
● DeviceA
#
sysname DeviceA
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 87
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
ntp-service refclock-master 2
ntp-service server source-interface GigabitEthernet0/1/1
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.31 255.255.255.0
#
return
● DeviceB
#
sysname DeviceB
#
ntp-service server source-interface GigabitEthernet0/1/1
ntp-service unicast-server 10.0.1.31
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.32 255.255.255.0
#
return
● DeviceC
#
sysname DeviceC
#
ntp-service unicast-peer 10.0.1.32
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.33 255.255.255.0
#
return
1.1.4.5.11 Example for Configuring the NTP Multicast Mode
Networking Requirements
On the network shown in Figure 1-35:
● DeviceA and DeviceB are on the same network segment.
● DeviceA functions as the NTP multicast server and sends NTP multicast
packets through interface 1. Its local clock is a stratum 2 NTP master clock.
● DeviceB listens for NTP multicast messages on interface 1.
Figure 1-35 Configuring the NTP multicast mode
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 88
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as an NTP multicast server.
2. Configure DeviceB as an NTP multicast client.
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 Configure an NTP multicast server.
# Configure the local clock on DeviceA as a stratum 2 NTP master clock.
<DeviceA> system-view
[~DeviceA] ntp-service refclock-master 2
[*DeviceA] commit
# Specify a listening interface on DeviceA.
[~DeviceA] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceA] commit
# Configure DeviceA as an NTP multicast server that sends NTP multicast packets
from interface 1.
[~DeviceA] interface gigabitethernet 0/1/1
[~DeviceA-GigabitEthernet0/1/1] ntp-service multicast-server
[*DeviceA] quit
[*DeviceA] commit
Step 3 Configure DeviceB as an NTP multicast client that resides on the same network
segment as the NTP multicast server.
# Configure DeviceB as an NTP multicast client that listens for NTP multicast
packets on interface 1.
<DeviceB> system-view
[~DeviceB] interface gigabitethernet 0/1/1
[~DeviceB-GigabitEthernet0/1/1] ntp-service multicast-client
[*DeviceB] quit
[*DeviceB] commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 89
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration
# Check the NTP status of DeviceB. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceB is 3, one stratum lower than DeviceA.
[~DeviceB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.66 ms
root delay: 24.47 ms
root dispersion: 208.39 ms
peer dispersion: 9.63 ms
reference time: 17:03:32.022 UTC Feb 25 2020(C61734FD.800303C0)
synchronization state: clock synchronized
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
ntp-service refclock-master 2
ntp-service server source-interface GigabitEthernet0/1/1
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.31 255.255.255.0
ntp-service multicast-server
#
return
● DeviceB
#
sysname DeviceB
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.32 255.255.255.0
ntp-service multicast-client
#
return
1.1.4.5.12 Example for Configuring the NTP Manycast Mode
Networking Requirements
On the network shown in Figure 1-36:
● DeviceC and DeviceD are on the same network segment, and DeviceA is on a
different network segment. DeviceB is connected to the two network
segments.
● DeviceC is an NTP manycast server that sends anycast packets through
interface 1. The local clock of DeviceC is a stratum 2 NTP master clock.
● DeviceD and DeviceA function as manycast clients and send packets through
their interface 1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 90
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-36 Configuring the NTP manycast mode
NOTE
Interfaces 1 and 2 in this example represent GigabitEthernet0/1/1 and
GigabitEthernet0/1/2, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceC as an NTP manycast server.
2. Configure DeviceA and DeviceD as NTP manycast clients.
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 Configure an NTP manycast server.
# Configure the local clock on DeviceC as a stratum 2 NTP master clock.
<DeviceC> system-view
[~DeviceC] undo ntp-service server disable
[*DeviceC] ntp-service refclock-master 2
[*DeviceC] commit
# Specify a listening interface on DeviceC.
[~DeviceC] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceC] commit
# Configure DeviceC as an NTP manycast server.
[~DeviceC] interface gigabitethernet 0/1/1
[~DeviceC-GigabitEthernet0/1/1] ntp-service manycast-server
[*DeviceC] quit
[*DeviceC] commit
Step 3 Configure DeviceD.
# Configure DeviceD as an NTP manycast client. DeviceD sends NTP manycast
packets to the NTP manycast server through interface 1.
<DeviceD> system-view
[~DeviceD] undo ntp-service server disable
[*DeviceD] interface gigabitethernet 0/1/1
[*DeviceD-GigabitEthernet0/1/1] ntp-service manycast-client
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 91
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*DeviceD] quit
[*DeviceD] commit
Step 4 Configure DeviceA.
# Configure DeviceA as an NTP manycast client. DeviceA sends NTP manycast
packets to the NTP manycast server through interface 1.
<DeviceA> system-view
[~DeviceA] undo ntp-service server disable
[*DeviceA] interface gigabitethernet 0/1/1
[*DeviceA-GigabitEthernet0/1/1] ntp-service manycast-client
[*DeviceA] quit
[*DeviceA] commit
----End
Verifying the Configuration
# Check the NTP clock status of the manycast client (DeviceD is used as an
example). The command output shows that the clock status is synchronized,
indicating that clock synchronization is complete. The stratum of DeviceD is 3, one
stratum lower than DeviceC.
[~DeviceD] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 10.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.66 ms
root delay: 24.47 ms
root dispersion: 208.39 ms
peer dispersion: 9.63 ms
reference time: 17:03:32.022 UTC Feb 25 2020(C61734FD.800303C0)
autokey crypto flags: 0x80021
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.1.1.11 255.255.255.0
ntp-service manycast-client
#
return
● DeviceB
#
sysname DeviceB
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/1/2
undo shutdown
ip address 10.0.1.2 255.255.255.0
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 92
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● DeviceC
#
sysname DeviceC
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.31 255.255.255.0
ntp-service manycast-server
#
ntp-service server source-interface GigabitEthernet0/1/1
#
return
● DeviceD
#
sysname DeviceD
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.32 255.255.255.0
ntp-service manycast-client
#
return
1.1.4.6 Configuring NTP Access Control
1.1.4.6.1 Fundamentals of NTP Access Control
NTP Authentication
NTP authentication can be enabled on networks requiring high security. Different
keys can be used in different NTP operating modes.
When NTP authentication is enabled in an NTP operating mode, the system
records the key IDs corresponding to the operating mode in use. The
authentication process is as follows:
● For packets sent by the system: The system determines whether
authentication is required in an NTP operating mode. If authentication is not
required, the system directly sends packets. If authentication is required, the
system authenticates packets using both the key ID and an authentication
algorithm before sending the packets.
● For packets received by the system: The system determines whether
authentication is required on the received packets. If authentication is
required, the system authenticates the packets based on the key ID and a
decryption algorithm. If authentication fails, the system discards the packets.
If authentication succeeds, the system processes the received packets.
Access Authority
Access authority is a simple measure taken to protect devices. You can configure
access authority on a device to protect its local clock.
NTP access control is implemented based on an access control list (ACL). NTP
supports up to five levels of access authority. An ACL rule may be specified for
each level of access authority. If an NTP access request matches an ACL rule, the
device requesting access is given access authority corresponding to that level.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 93
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
When an NTP access request reaches the local end, access authority is matched
against the following access permissions in sequence. Peer has the maximum
access permission.
1. Peer: This indicates that a time request may be made and a control query
may be performed on the local clock. The local clock can also be synchronized
to a remote server.
2. Server: This indicates that a time request may be made and a control query
may be performed on the local clock. The local clock cannot be synchronized
to a remote server.
3. Synchronization: This indicates that time requests are made only on the local
clock.
4. Query: This indicates that control queries are performed only on the local
clock.
5. Limited: When the rate of NTP packets exceeds the upper limit, incoming NTP
packets are discarded. If the Kiss-of-Death (KOD) function is enabled, a kiss
code is sent.
KOD
The KOD function can be enabled on the server to perform access control. This is
useful if the volume of packets received from clients may overload a server's
loadbearing capabilities within a specified period. KOD is a modern access control
technology implemented in NTPv4 and is used by the server to provide
information, such as status reports and access control, to the client.
A KOD packet is a special type of NTP packet. In a KOD packet, the stratum field
is 0. KOD packets support two types of kiss codes: DENY and RATE.
With the KOD function enabled on a server, the server sends kiss code DENY or
RATE to the client based on configuration.
● When receiving the kiss code DENY, the client terminates all connections to
the server, and stops sending packets to the server.
● When receiving the kiss code RATE, the client immediately reduces its polling
interval to the server. The client will continue to reduce the interval if it
receives subsequent RATE kiss codes.
After the KOD function is enabled, the corresponding ACL rule needs to be
configured. When the ACL rule is configured as deny, the server sends the kiss
code DENY. When the ACL rule is configured as permit and the number of NTP
packets received reaches the configured upper limit, the server sends the RATE kiss
code.
1.1.4.6.2 Enabling NTP Authentication
Context
NTP authentication can be enabled on networks requiring high security. With
password authentication configured between the client and server sides, a client
synchronize its clocks only with the authenticated server.
When configuring the NTP authentication function, comply with the following
rules:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 94
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Enable NTP authentication before configuring the basic NTP functions.
Otherwise, NTP authentication will not be performed.
● Configure NTP authentication on both the client and server. Otherwise, NTP
authentication does not take effect. In NTP peer mode, the client is the
symmetric active peer, and the server is the symmetric passive peer.
● Configure the same key on the client and server.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable NTP authentication.
ntp-service authentication enable
Step 3 Configure an NTP authentication key.
ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 | aes-128-cmac |
aes-256-cmac } { password | cipher password }
MD5 is a weak security algorithm and is not recommended. You are advised to use
other security algorithms for NTP key authentication. To configure the MD5
algorithm, run the undo crypto weak-algorithm disable command to enable the
weak security algorithm function first.
The system automatically verifies the strength of an entered key. Only the key that
meets the strength requirements can be configured. To disable key strength check,
run the ntp-service authentication-password complexity-check disable
command.
NOTICE
Disabling the key strength check function causes security risks. Therefore, you are
advised not to run this command.
Step 4 Declare the authentication key to be reliable.
ntp-service trusted authentication-keyid key-id
NOTE
● A device that attempts to synchronize its clock must declare its key as reliable.
● When the client synchronizes to an authenticated server, the authentication key must be
declared as reliable only on the client side.
Step 5 Commit the configuration.
commit
----End
1.1.4.6.3 Configuring NTP Access Authority
Context
When an NTP access request reaches the local end, access authority is matched
against the following access permissions in sequence: peer, server, synchronization,
query, and limited, and peer has the maximum access permission.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 95
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create a basic ACL.
● Create a basic IPv4 ACL.
acl [ number] basic-acl-number
● Create a basic ACL6.
acl ipv6 [ number] basic-acl6-number
Step 3 Configure an ACL rule.
● Configure a basic ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny } [ fragment-type fragment | source { source-ip-
address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-
instance-name | logging ] *
● Configure a basic ACL6 rule.
rule [ rule-id ] [ name rule-name ] { permit | deny } [ fragment | source { source-ipv6-address
{ prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name
| vpn-instance vpn-instance-name | logging ] *
Check the ACL rule configuration.
● If a source IP address is set to permit in the ACL rule, packets originating from
this address are permitted.
● If a source IP address is set to deny in the ACL rule, packets originating from
this address are denied.
● If a source IP address does not match the ACL rule, packets originating from
this address are denied.
● If no rule exists in the ACL or the referenced ACL does not exist, packets from
all source IP addresses are denied.
Step 4 Return to the system view.
quit
Step 5 Commit the configuration.
commit
Step 6 Configure NTP access authority on the local device.
ntp-service access { peer | query | server | synchronization | limited } { { acl-number | acl-name
aclname } [ ipv6 { acl6-number | acl6-name acl6name } ] | ipv6 { acl6-number | acl6-name acl6name }
[ { acl-number | acl-name aclname } ] }
Determine the device to be configured based on the site requirements. For details,
see Table 1-17.
Table 1-17 Description of the NTP access authority
NTP Operating Mode Type of Restriction Configuration
Object
NTP client/server mode Clock synchronization from the Client
or NTP manycast mode server to the client
Clock synchronization request to be Server
processed by the server
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 96
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NTP Operating Mode Type of Restriction Configuration
Object
NTP peer mode Clock synchronization between the Symmetric
symmetric active peer and active end
symmetric passive peer
Clock synchronization request to be Symmetric
processed by the symmetric passive passive end
peer
NTP multicast mode Clock synchronization between the NTP multicast
client and server client
NTP broadcast mode Clock synchronization between the NTP broadcast
client and server client
Step 7 Commit the configuration.
commit
----End
1.1.4.6.4 Configuring KOD on the Server
Context
KOD cannot be used in broadcast or multicast mode.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable KOD.
ntp-service kod-enable
Step 3 (Optional) Configure access control authority.
ntp-service access { peer | query | server | synchronization | limited } { { acl-number | acl-name
aclname } [ ipv6 { acl6-number | acl6-name acl6name } ] | ipv6 { acl6-number | acl6-name acl6name }
[ { acl-number | acl-name aclname } ] }
Step 4 (Optional) Configure the minimum and average intervals for receiving NTP
packets.
ntp-service discard { min-interval min-interval-val | avg-interval avg-interval-val } *
The value is expressed in the Nth power of 2 seconds. By default, the minimum
interval for sending NTP packets is 1 (2 to the power of 1s = 2s), and the average
interval is 5 (2 to the power of 5s = 32s).
Step 5 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 97
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.4.6.5 Disabling an Interface from Receiving NTP Packets
Context
If a host on a LAN does not need to synchronize its clock with a specified server,
you can disable a specified interface from receiving NTP packets.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the interface view.
interface interface-type interface-number
Step 3 (Optional) Disable an interface from receiving NTP packets.
● Disable an interface from receiving IPv4 NTP packets.
ntp-service in-interface disable
● Disable an interface from receiving IPv6 NTP packets.
ntp-service ipv6 in-interface disable
Step 4 Commit the configuration.
commit
----End
1.1.4.6.6 Verifying the Configuration
Procedure
● Run the display ntp-service status command to check the status of the NTP
service.
● Run the display ntp-service sessions verbose command to check the NTP
session status.
----End
1.1.4.6.7 Example for Configuring the NTP Client/Server Mode with Authentication
Networking Requirements
On the network shown in Figure 1-37:
● DeviceA functions as an NTP server and its local clock functions as a stratum
2 NTP master clock.
● DeviceB functions as an NTP client to synchronize its clock to DeviceA.
● DeviceC and DeviceD function as NTP clients and use DeviceB as their NTP
server.
● NTP authentication needs to be enabled on all devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 98
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-37 Configuring the NTP client/server mode with authentication
NOTE
Interfaces 1 and 2 in this example represent GigabitEthernet0/1/1 and
GigabitEthernet0/1/2, respectively.
Precautions
● Before specifying the NTP server address and the authentication key to be
sent to the NTP server, you must enable NTP authentication on an NTP client.
Otherwise, clock synchronization is directly implemented without NTP
authentication.
● The authentication keys on the NTP client and server must be the same and
the authentication key must be declared. Otherwise, NTP authentication will
fail.
● Enable NTP authentication on both the server and client.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as an NTP server to provide the master clock.
2. Configure DeviceB as an NTP client to synchronize its clock to DeviceA.
3. Configure DeviceC and DeviceD as NTP clients to synchronize their clocks to
DeviceB.
4. Configure NTP authentication on DeviceA, DeviceB, DeviceC, and DeviceD.
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 On DeviceA, configure the NTP master clock, specify a listening interface, and
enable NTP authentication.
# Configure DeviceA to use its local clock as a stratum 2 NTP master clock.
<DeviceA> system-view
[~DeviceA] ntp-service refclock-master 2
[*DeviceA] commit
# Specify a listening interface on DeviceA.
[~DeviceA] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceA] commit
# Enable NTP authentication on DeviceA and configure an authentication key.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 99
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceA] ntp authentication enable
[*DeviceA] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceA] commit
NOTE
The authentication keys configured on the server and the client must be the same.
Step 3 On DeviceB, enable NTP authentication, specify a listening interface, and specify
an NTP server.
# Enable NTP authentication on DeviceB, configure an authentication key, and
declare the authentication key as reliable.
<DeviceB> system-view
[~DeviceB] ntp-service authentication enable
[*DeviceB] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceB] ntp-service trusted authentication-keyid 42
[*DeviceB] commit
# Specify a listening interface on DeviceB.
[~DeviceB] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceB] commit
# Specify DeviceA as the NTP server of DeviceB, and configure DeviceB to use the
configured authentication key.
[~DeviceB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
[*DeviceB] commit
Step 4 On DeviceC, enable NTP authentication and specify its NTP server.
<DeviceC> system-view
[~DeviceC] ntp-service authentication enable
[*DeviceC] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceC] ntp-service trusted authentication-keyid 42
[*DeviceC] ntp-service unicast-server 10.0.0.1 authentication-keyid 42
[*DeviceC] commit
Step 5 On DeviceD, enable NTP authentication and specify its NTP server.
<DeviceD> system-view
[~DeviceD] ntp-service authentication enable
[*DeviceD] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceD] ntp-service trusted authentication-keyid 42
[*DeviceD] ntp-service unicast-server 10.0.0.1 authentication-keyid 42
[*DeviceD] commit
----End
Verifying the Configuration
# Check the NTP status of DeviceB. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceB is 3, one stratum lower than DeviceA.
[~DeviceB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 2.2.2.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 100
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: clock synchronized
# Check the NTP status of DeviceC. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceC is 4, one stratum lower than DeviceB.
[~DeviceC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: clock synchronized
# Check the NTP status of DeviceD. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceD is 4, one stratum lower than DeviceB.
[~DeviceD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: clock synchronized
# Check the NTP status of DeviceA.
[~DeviceA] display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 26.50 ms
peer dispersion: 10.00 ms
reference time: 12:01:48.377 UTC Feb 2 2020(C7B15D2C.60A15981)
synchronization state: clock synchronized
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#JA!v6M22=Gg\
{>U.lx%#)c%yY}0*"/`5mi><QS)L%+%#
ntp-service refclock-master 2
ntp-service authentication enable
ntp-service server source-interface GigabitEthernet0/1/1
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 101
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 2.2.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
return
● DeviceB
#
sysname DeviceB
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#>hD8))_H-
XZVut2u3!_0lq3,+Ph=:OE}pX;T2M'9%+%#
ntp-service trusted authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
ntp-service authentication enable
ntp-service server source-interface GigabitEthernet0/1/1
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/1/2
undo shutdown
ip address 10.1.1.11 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
return
● DeviceC
#
sysname DeviceC
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+
%#m:fVJfk*r&3x"1J`21^K`Y;LH;B+g(t2<ZX^}Q_~%+%#
ntp-service trusted authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
ntp-service authentication enable
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
return
● DeviceD
#
sysname DeviceD
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#$
\`_6BKWy1]kdR@=c;O@UX!)Vor5iYi|zIYEG_v5%+%#
ntp-service trusted authentication-keyid 42
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
ntp-service authentication enable
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.3 255.255.255.0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 102
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
return
1.1.4.6.8 Example for Configuring the NTP Broadcast Mode with Authentication
Networking Requirements
On the network shown in Figure 1-38:
● DeviceA and DeviceB are on the same network segment.
● DeviceA functions as an NTP broadcast server and sends NTP broadcast
packets through interface 1. Its local clock is a stratum 3 NTP master clock.
● DeviceB listens for NTP broadcast messages on interface 1.
● NTP authentication needs to be enabled on DeviceA and DeviceB.
Figure 1-38 Configuring the NTP broadcast mode with authentication
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Precautions
Before configuring an authentication key on the client or server, ensure that the
key already exists.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as an NTP broadcast server.
2. Configure DeviceB as an NTP broadcast client.
3. Enable NTP authentication on DeviceA and DeviceB.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 103
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 Configure DeviceA as an NTP broadcast server.
# Configure the local clock on DeviceA as a stratum 3 NTP master clock.
<DeviceA> system-view
[~DeviceA] ntp-service refclock-master 3
[*DeviceA] commit
# Specify a listening interface on DeviceA.
[~DeviceA] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceA] commit
# Enable NTP authentication.
[~DeviceA] ntp-service authentication enable
[*DeviceA] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 ********
[*DeviceA] commit
# Configure DeviceA as an NTP broadcast server that sends NTP broadcast packets
from interface 1, and configure an authentication key with key ID being 16.
[~DeviceA] interface gigabitethernet 0/1/1
[~DeviceA-GigabitEthernet0/1/1] ntp-service broadcast-server authentication-keyid 16
[*DeviceA-GigabitEthernet0/1/1] quit
[*DeviceA] commit
Step 3 Configure DeviceB as an NTP broadcast client that resides on the same network
segment as the NTP broadcast server.
# Enable NTP authentication.
<DeviceB> system-view
[~DeviceB] ntp-service authentication enable
[*DeviceB] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 ********
[*DeviceB] ntp-service trusted authentication-keyid 16
[*DeviceB] commit
# Configure DeviceB as an NTP broadcast client that listens for NTP broadcast
packets on interface 1.
[~DeviceB] interface gigabitethernet 0/1/1
[*DeviceB-GigabitEthernet0/1/1] ntp-service broadcast-client
[*DeviceB-GigabitEthernet0/1/1] quit
[*DeviceB] commit
----End
Verifying the Configuration
# Check the NTP status of DeviceB. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceB is 4, one stratum lower than DeviceA.
[~DeviceB] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.1.31
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 104
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
root delay: 0.00 ms
root dispersion: 0.42 ms
peer dispersion: 0.00 ms
reference time: 12:17:21.773 UTC Feb 7 2020(C7B7F851.C5EAF25B)
synchronization state: clock synchronized
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %+%#>hD8))_H-
XZVut2u3!_0lq3,+Ph=:OE}pX;T2M'9%+%#
ntp-service refclock-master 3
ntp-service authentication enable
ntp-service server source-interface GigabitEthernet0/1/1
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.31 255.255.255.0
ntp-service broadcast-server authentication-keyid 16
#
return
● DeviceB
#
sysname DeviceB
#
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %+
%#m:fVJfk*r&3x"1J`21^K`Y;LH;B+g(t2<ZX^}Q_~%+%#
ntp-service trusted authentication-keyid 16
ntp-service authentication enable
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.1.32 255.255.255.0
ntp-service broadcast-client
#
return
1.1.4.6.9 Example for Configuring KOD Authentication in Client/Server Mode
Networking Requirements
On the network shown in Figure 1-39:
● DeviceA functions as an NTP unicast server, and its local clock functions as a
stratum 2 NTP master clock.
● DeviceB functions as an NTP unicast client that synchronizes its clock to
DeviceA.
● DeviceC and DeviceD function as NTP clients and use DeviceB as their NTP
server.
● NTP authentication is enabled.
● KOD is enabled on DeviceA so that DeviceA can perform access control when
the volume of packets received overloads its loadbearing capabilities.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 105
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-39 Configuring KOD authentication in client/server mode
NOTE
Interfaces 1 and 2 in this example represent GigabitEthernet0/1/1 and
GigabitEthernet0/1/2, respectively.
Precautions
● Before configuring a key on the client or server, ensure that the key already
exists.
● The authentication key must be reliable on both the client and server.
Authentication must be enabled on the client.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as an NTP server to provide the master clock.
2. Configure DeviceB as an NTP client to synchronize its clock to DeviceA.
3. Configure DeviceC and DeviceD as NTP clients to synchronize their clocks to
DeviceB.
4. Enable NTP authentication on all devices.
NOTE
● Before specifying the NTP server address and the authentication key to be sent to the
NTP server, you must enable NTP authentication on an NTP client. Otherwise, clock
synchronization is directly implemented without NTP authentication.
● You must completely configure the client and server to ensure successful authentication.
Procedure
Step 1 Assign an IP address to each device and ensure that the devices are routable.
Step 2 On DeviceA, configure the NTP master clock, specify a listening interface, and
enable NTP authentication.
# Configure the local clock on DeviceA as a stratum 2 NTP master clock.
<DeviceA> system-view
[~DeviceA] ntp-service refclock-master 2
[*DeviceA] commit
# Specify a listening interface on DeviceA.
[~DeviceA] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceA] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 106
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
# Enable NTP authentication and configure an authentication key. The
authentication key configured on the client must be the same as that on the
server.
[~DeviceA] ntp-service authentication enable
[*DeviceA] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceA] commit
# Configure an ACL rule.
[~DeviceA] acl 2000
[*DeviceA-acl4-basic-2000] rule 2000 permit source 10.1.1.11 0
[*DeviceA-acl4-basic-2000] quit
[*DeviceA] commit
# Configure access control.
[~DeviceA] ntp-service access limited 2000
[*DeviceA] commit
# Configure the minimum and average intervals for receiving NTP packets.
[~DeviceA] ntp-service discard min-interval 4 avg-interval 4
[*DeviceA] commit
# Enable KOD.
[~DeviceA] ntp-service kod-enable
[*DeviceA] commit
Step 3 On DeviceB, configure the NTP master clock, specify a listening interface, and
enable NTP authentication.
# Enable NTP authentication on DeviceB, configure an authentication key, and
declare the authentication key as reliable.
<DeviceB> system-view
[~DeviceB] ntp-service authentication enable
[*DeviceB] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceB] ntp-service trusted authentication-keyid 42
[*DeviceB] commit
# Specify a listening interface on DeviceB.
[~DeviceB] ntp-service server source-interface gigabitethernet 0/1/1
[*DeviceB] commit
# Specify DeviceA as the NTP server of DeviceB, and configure DeviceB to use the
configured authentication key.
[~DeviceB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
[*DeviceB] commit
Step 4 Specify DeviceB as the NTP server of DeviceC.
<DeviceC> system-view
[~DeviceC] ntp-service authentication enable
[*DeviceC] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceC] ntp-service trusted authentication-keyid 42
[*DeviceC] ntp-service unicast-server 10.0.0.1 authentication-keyid 42
[*DeviceC] commit
Step 5 Specify DeviceB as the NTP server of DeviceD.
<DeviceD> system-view
[~DeviceD] ntp-service authentication enable
[*DeviceD] ntp-service authentication-keyid 42 authentication-mode hmac-sha256 ********
[*DeviceD] ntp-service trusted authentication-keyid 42
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 107
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*DeviceD] ntp-service unicast-server 10.0.0.1 authentication-keyid 42
[*DeviceD] commit
----End
Verifying the Configuration
# Check the NTP status of DeviceB. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceB is 3, one stratum lower than DeviceA.
[~DeviceB] display ntp-service status
clock status: synchronized
clock stratum: 3
reference clock ID: 2.2.2.2
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: spike (clock will be set in 1010 secs)
# Check the NTP status of DeviceC. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceC is 4, one stratum lower than DeviceB.
[~DeviceC] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: spike (clock will be set in 1010 secs)
# Check the NTP status of DeviceD. The command output shows that the clock
status is synchronized, indicating that clock synchronization is complete. The
stratum of DeviceD is 4, one stratum lower than DeviceB.
[~DeviceD] display ntp-service status
clock status: synchronized
clock stratum: 4
reference clock ID: 10.0.0.1
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 3.8128 ms
root delay: 31.26 ms
root dispersion: 74.20 ms
peer dispersion: 34.30 ms
reference time: 11:55:56.833 UTC Feb 2 2020(C7B15BCC.D5604189)
synchronization state: spike (clock will be set in 1010 secs)
# Check the NTP status of DeviceA.
[~DeviceA] display ntp-service status
clock status: synchronized
clock stratum: 2
reference clock ID: LOCAL(0)
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 108
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
nominal frequency: 60.0002 Hz
actual frequency: 60.0002 Hz
clock precision: 2^18
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 26.50 ms
peer dispersion: 10.00 ms
reference time: 12:01:48.377 UTC Feb 2 2020(C7B15D2C.60A15981)
synchronization state: spike (clock will be set in 1010 secs)
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 2.2.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#JA!v6M22=Gg\
{>U.lx%#)c%yY}0*"/`5mi><QS)L%+%#
ntp-service refclock-master 2
ntp-service access limited 2000
ntp-service authentication enable
ntp-service kod-enable
ntp-service discard min-interval 4 avg-interval 4
ntp-service server source-interface GigabitEthernet0/1/1
#
acl 2000
rule 2000 permit source 10.1.1.11 0
#
return
● DeviceB
#
sysname DeviceB
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/1/2
undo shutdown
ip address 10.0.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#>hD8))_H-
XZVut2u3!_0lq3,+Ph=:OE}pX;T2M'9%+%#
ntp-service trusted authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
ntp-service authentication enable
ntp-service server source-interface GigabitEthernet0/1/1
#
return
● DeviceC
#
sysname DeviceC
#
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 109
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+
%#m:fVJfk*r&3x"1J`21^K`Y;LH;B+g(t2<ZX^}Q_~%+%#
ntp-service trusted authentication-keyid 42
ntp-service authentication enable
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return
● DeviceD
#
sysname DeviceD
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.0.0.3 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
#
ntp-service authentication-keyid 42 authentication-mode hmac-sha256 cipher %+%#$
\`_6BKWy1]kdR@=c;O@UX!)Vor5iYi|zIYEG_v5%+%#
ntp-service trusted authentication-keyid 42
ntp-service authentication enable
ntp-service unicast-server 10.0.0.1 authentication-keyid 42
#
return
1.1.4.7 Maintaining NTP
Monitoring the NTP Operating Status
During routing maintenance, you can run the following commands in any view to
monitor the NTP operating status.
Table 1-18 Monitoring the NTP operating status
Operation Command
Check the status of dynamic sessions display ntp-service sessions
maintained by the NTP service. [ verbose ]
Check the status of the NTP service. display ntp-service status
Check the tracing path from the local display ntp-service trace
device to the reference IPv4 clock
source.
Check the system time. display clock
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 110
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Clearing NTP Statistics
During routine maintenance, you can run the following commands in the user
view to clear NTP statistics.
NOTICE
NTP statistics cannot be restored after they are cleared. Exercise caution when
running reset commands.
Table 1-19 Clearing NTP statistics
Operation Command
Clear statistics about all the NTP reset ntp-service statistics packet
packets sent and received on the local [ ipv6 ]
device.
Clear statistics about the NTP packets reset ntp-service statistics packet
sent and received on a specified [ ipv6 ] interface { interface-name |
interface. interface-type interface-number | all }
Clear statistics about a specified peer. reset ntp-service statistics packet
peer [ [ ip-address [ vpn-instance
vpn-instance-name ] ] | ipv6 [ ipv6-
address [ vpn-instance vpn-instance-
name ] ] ]
1.1.4.8 Troubleshooting NTP
1.1.4.8.1 NTP Server Fails to Respond to External Access Requests
Fault Symptom
The NTP server does not respond to external access requests. As a result, the NTP
client fails to synchronize its clocks with the NTP server.
Possible Causes
1. No listening interface is configured on the NTP server.
2. The server IP address specified on the NTP client is not the IP address of the
source interface for sending NTP packets.
Procedure
Step 1 Check the NTP configurations on the client and server.
display current-configuration interface [ interface-type [ interface-number ] | interface-name ] [ include-
default ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 111
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Configure a listening interface for the NTP server.
● Configure a listening interface for an IPv4 NTP server.
ntp-service server source-interface { interface-name |interface-type interface-number }
By default, an NTP IPv4 server does not listen to any interface. If the ntp-
service server source-interface all enable command is run, the device
functions as an NTP IPv4 server and listens to all interfaces.
● Configure a listening interface for an IPv6 NTP server.
ntp-service ipv6 server source-address ipv6Addr [ vpn-instance vpnName ]
By default, an NTP IPv6 server does not listen to any interface. If the ntp-
service ipv6 server source-interface all enable command is run, the device
functions as an NTP IPv6 server and listens to all interfaces.
Step 3 Commit the configuration.
commit
Step 4 Reconfigure the server IP address on the NTP client.
Reconfigure the server IP address on the NTP client based on the NTP operating
mode. The server IP address must be the IP address of the source interface for
sending NTP packets.
----End
1.1.4.8.2 NTP Authentication Does Not Take Effect
Fault Symptom
The NTP authentication function does not take effect. Clock synchronization can
be performed even when the server or client is invalid (for example, the keys on
the server and client are inconsistent).
Possible Causes
NTP authentication is not configured before basic NTP functions are configured.
Procedure
Step 1 Clear configurations of the basic NTP functions.
Step 2 Enable NTP authentication.
Step 3 Configure basic NTP functions.
----End
1.1.5 OPS Configuration
1.1.5.1 Overview of OPS
Definition
The open programmability system (OPS) is an open platform that provides
representational state transfer (RESTful) application programming interfaces
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 112
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
(APIs) to achieve programmability, allowing third-party applications to run on the
platform.
Purpose
Conventional network devices provide only limited functions and predefined
services. As networks develop, the static and inflexible service provisioning mode
cannot meet the requirements for diversified and differentiated services. Some
customers require devices with specific openness so that they can develop their
own functions and deploy proprietary management policies to implement
automatic management and maintenance, lowering management costs.
To meet the preceding requirements, Huawei offers the OPS. The OPS, an open
platform with programmability, allows users and third-party developers to develop
and deploy network management policies using open RESTful APIs. Through
programmability, the OPS implements rapid service expansion, automatic function
deployment, and intelligent device management, helping reduce network
operation and maintenance costs and simplify network operations.
Benefits
● The OPS supports user-defined configurations and applications, enhancing the
flexibility in service deployment and network device management.
● The OPS supports various third-party applications, improving network
utilization.
● The OPS allows users to develop private services.
● The OPS achieves flexible application deployment.
Security
The OPS provides the following security measures:
● API security
Only authorized users can operate the OPS. Authentication and authorization
are implemented based on roles and permissions.
● Operation security
Resources are isolated by module in the OPS and their usage can be
monitored.
● Program security
Third-party resources are used to manage programs.
● Important information security
OPS APIs use a secure communication protocol to prevent information
leakage during transmission. However, local data and operation security needs
to be assured by users.
1.1.5.2 Understanding OPS
1.1.5.2.1 OPS Architecture
Figure 1-40 shows the OPS architecture. The OPS is developed based on Huawei's
universal software platform. Through open APIs, the OPS enables applications to
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 113
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
interwork with the modules in the management, control, and data planes of the
system, expanding the overall device functionality.
Figure 1-40 OPS architecture
Module Name Description
OPS Open programmability system.
Python Type of application script supported by
the OPS. The OPS provides a running
environment for Python scripts.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 114
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Module Name Description
OPS API OPS application programming interface
through which the applications in the
OPS can interwork with the modules of
the system.
Management plane Plane that provides management
functions for the entire system. It also
provides coordination between all the
planes, such as the Performance
Management (PM) and Fault
Management (FM).
Control plane Plane that controls calls and
connections. The control plane uses
signaling to set up and release
connections, and can restore a
connection if a failure occurs.
The control plane also performs other
functions in support of call and
connection control, such as routing
information delivery, VPN, OSPF, and
BGP.
Data plane Plane that provides virtual network
paths, such as forwarding information
base (FIB), to transmit data between
nodes.
1.1.5.2.2 Maintenance Assistant
The maintenance assistant function implements automated device management
and maintenance. You can create an assistant and define both a trigger condition
and task for the assistant. If an assistant task is started, the system monitors the
device running status in real time. When the configured trigger condition is met,
the system automatically performs the configured task. Assistants enable the
system to monitor its running status and take actions in different conditions,
improving system maintainability.
Table 1-20 lists different types of maintenance assistants.
Table 1-20 Comparison between maintenance assistants
Type Trigger Condition Task
Command Command- The following trigger Run a
assistant based conditions are configured command.
using commands:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 115
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Type Trigger Condition Task
Batch file- ● Timers Run a batch
based ● Software and hardware file.
alarms
● Software and hardware
events
● SNMP trap OID
● Log
Script assistant Defined by Python scripts Defined by
Python scripts
The extended functions of the maintenance assistant include the Maintain-Probe
(MTP) function, which is an application function of the maintenance assistant and
is used to monitor the connection status of each protocol. When a protocol is
disconnected, the maintenance assistant script is triggered to collect onsite
information, improving the maintainability of the entire device.
You can run the condition timer cron command to set the time (in cron format)
when setting trigger conditions for an assistant. The time can be a single moment,
multiple moments, time range, or interval. Table 1-21 lists the cron time formats.
Table 1-21 Cron formats
Usage Scenario Format Description Example
Specifying a time It uses a set of The condition
single moment integers to timer cron 0 1 2
indicate a specific 5 * 2020
moment. command
configures a
maintenance
assistant to be
executed at 01:00
on May 2, 2020.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 116
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Usage Scenario Format Description Example
Specifying time1,time2,time3 It uses a set of The condition
multiple moments integers to timer cron 0
indicate multiple 1,2,3 2 3 * 2020
moments, each of command
which is separated configures a
by a comma (,) maintenance
without spaces. assistant to be
There is no executed at the
restriction on the following
sequence of moments:
moments. ● 01:00, March 2,
2020
● 02:00 on
March 2, 2020
● 03:00 on
March 2, 2020
Specifying an time/step time is a set of The condition
interval integers indicating timer cron 0 0/10
a specific * 3 * 2020
moment, and step command
specifies an configures a
interval. time and maintenance
step are separated assistant to be
by a slash (/) executed at the
without spaces. following
The time is moments:
calculated in the ● 00:00 on
format of time, March 1, 2020
time + 1 x step, …, ● 10:00 on
time + n x step, March 1, 2020
where n is
determined by ● 20:00 on
step in the March 1, 2020
command. The ● 00:00 on
maximum time March 2, 2020
must be within ● ...
the time range.
● 20:00 on
March 31,
2020
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 117
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Usage Scenario Format Description Example
Specifying a time1-time2 time1 and time2 The condition
period are integers that timer cron 0 0-3
specify the start 1 3 * 2020
and end time of command
an assistant task. configures a
time1-time2 maintenance
represents a time assistant to be
range, with two executed at the
moments being following
connected by a moments:
hyphen (-) ● 00:00 on
without spaces. March 1, 2020
time2 must be
greater than or ● 01:00 on
equal to time1. March 1, 2020
The time is ● 02:00 on
calculated in the March 1, 2020
format of time1, ● 03:00 on
time1 + 1, time1 March 1, 2020
+ 2, ..., time2.
Specifying a * * indicates all The condition
periodical possible timer cron 30 10
moment moments. * 1 1 2020
command
configures a
maintenance
assistant to be
executed at 10:30
every Monday in
January, 2020.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 118
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Usage Scenario Format Description Example
Specifying a time The previous Moments are The condition
combination formats can be separated by a timer cron 0
used together. comma (,) 0/10,2,4-5 1 3 *
without spaces. 2020 command
configures a
maintenance
assistant to be
executed at the
following
moments:
● 00:00 on
March 1, 2020
● 02:00 on
March 1, 2020
● 04:00 on
March 1, 2020
● 05:00 on
March 1, 2020
● 10:00 on
March 1, 2020
● 20:00 on
March 1, 2020
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 119
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.5.3 Configuration Precautions for OPS
Feature Requirements
Table 1-22 Feature requirements
Feature Requirements Series Models
1. Maintenance assistants are classified as NetEngin NetEngine 8000
command assistants or script assistants. A e 8000 M M14/NetEngine
maximum of 100 maintenance assistants can 8000 M14K/
be configured. NetEngine 8000
2. A single script assistant can be configured M4/NetEngine
with one to eight conditions. If multiple 8000 M8/
conditions are configured, use the AND, OR, NetEngine 8000
and NOT logical relationships between the M8K/NetEngine
conditions. A single command assistant can be 8000E M14/
configured with only one condition. NetEngine 8000E
M8/NetEngine
3. If the number of conditions subscribed by all 8100 M14/
assistants (including preset assistants) exceeds NetEngine 8100
200, no new assistant can be created. M8
4. A maximum of 10 subscribed events in a
Python script can be matched at the same
time.
5. A maximum of 100 user-defined
environment variables and 100 script variables
are allowed on the device.
RESTful API requests and responses can use NetEngin NetEngine 8000
only the ASCII character set. If a request or e 8000 M M14/NetEngine
response contains non-ASCII characters, the 8000 M14K/
request or response may fail to be parsed. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 120
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
The maximum size of a single installation file NetEngin NetEngine 8000
is 1 MB. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The maximum number of script environment NetEngin NetEngine 8000
variables is 1000, including a maximum of 100 e 8000 M M14/NetEngine
user-defined variables. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Command assistant specifications: The NetEngin NetEngine 8000
command assistant supports the execution of a e 8000 M M14/NetEngine
maximum of 10 associated commands. These 8000 M14K/
commands are configured in the user view by NetEngine 8000
default, but can also be configured in other M4/NetEngine
views as required. 8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
1.1.5.4 Configuring a Command Assistant
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 121
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.5.4.1 Manually Running a Python Script
Context
To test whether a Python script runs normally, or if you do not want to bind a
Python script to a trigger condition but want to run this script, manually trigger
the execution of this script using a command.
Procedure
Step 1 Upload a Python script file to the device.
For details about how to upload a file to the device, see File System Management.
In the script, you can define the management actions to be performed using
commands. You can also use OPS APIs to define management actions to be
performed. For details, see 1.1.5.5.2 Compiling OPS API-based Scripts.
Step 2 Install the script file in the user view.
ops install file scrFile [ destination directory ]
If you do not specify destination directory in the command, the script is installed
in cfcard:/$_user/ by default. If this parameter is specified, the script is installed in
cfcard:/$_user/directory/.
NOTE
If the specified directory does not exist, the system automatically creates the directory. A
maximum of seven levels of subdirectories can be created under cfcard:/$_user/.
Step 3 Execute the Python script.
ops run python [ background ] script-name [ arguments ]
If you specify background, the Python script is executed in the background.
Otherwise, the script is executed in the foreground.
Step 4 Commit the configuration.
commit
----End
1.1.5.4.2 Configuring a Command Assistant Based on Commands
Context
If you want a device to run a few commands automatically in a specific condition
to implement a function, bind the commands to a command assistant.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 122
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● Ensure that the specified commands are correct and complete. The system does not
provide help information or check the correctness of the commands bound to a
command assistant.
● Because command assistants are executed in the background, you are advised not to
bind interactive or jump commands, such as telnet and stelnet, to a command
assistant.
● When executing an interactive command that requires a Y/N choice, the system
automatically selects Y. When executing an interactive command that requires input of a
character string, the system waits for the input and proceeds to run the next command
when the wait period expires.
● The system switches to the user view by default to run the specified commands. If a
command must be executed in the system view, run the execute priority command
system-view command first. Otherwise, the command configuration does not take
effect.
● A command assistant cannot be configured based on both commands and batch files.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OPS view.
ops
Step 3 Enable the OPS function.
enable
By default, the OPS function is enabled.
Step 4 Create an assistant.
assistant assistant-name
Step 5 Configure a trigger condition for the assistant.
Table 1-23 Trigger conditions for an assistant
Operation Command Description
Set the severity of an condition alarm level A command assistant
alarm that triggers the { eq | ge | gt | le | lt | can match only one
assistant execution. ne } { critical | major | trigger condition.
minor | warning }
Set the name of an condition { alarm
alarm or event that [ alarm-type ] | event }
triggers the assistant feature feature-name
execution. name event-name
[ para-name para-optype
para-value ] &<1-4>
[ occurs occur-number
[ period period-value ] ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 123
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operation Command Description
Set the OID of an SNMP condition snmp-
trap that triggers the notification oid oid-
assistant execution. string [ optype oid-
value ]
Set a log that triggers condition syslog pattern
the assistant execution. reg-express [ occurs
occur-number [ period
period-value ] ]
Set the time when an condition timer cron
assistant is executed. minutes hours
daysOfMonth months
daysOfWeek [ years ]
Step 6 Specify the commands that the command assistant runs.
execute priority command command-string
You can run the command multiple times to specify multiple commands to run.
Step 7 Commit the configuration.
commit
----End
1.1.5.4.3 Configuring a Command Assistant Based on Batch Files
Context
If you want a device to run a few commands automatically in a specific condition
to implement a function, write the commands one by one to a batch file with the
file name extension *.bat. Then, load the batch file and bind it to a command
assistant. When the device runs the command assistant, it executes the commands
in the batch file in sequence.
NOTE
● A command assistant can be configured with only one batch file, and cannot be configured
based on both commands and batch files.
● Ensure that the specified batch file is correct and complete. The system does not check the
correctness of content in the batch file.
● Because command assistants are executed in the background, you are advised not to bind
interactive or jump commands, such as telnet and stelnet, to a command assistant.
● The system switches to the user view by default to run commands in the batch file. If a
command must be executed in the system view, run the system-view command to enter the
system view. Otherwise, the command configuration does not take effect.
Procedure
Step 1 Upload a batch file to the device.
For details about how to upload a file to the device, see File System Management
Configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 124
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Install the batch file in the user view.
ops install file scrFile [ destination directory ]
If you do not specify destination directory in the command, the batch file is
installed in cfcard:/$_user/ by default. If this parameter is specified, the batch file
is installed in cfcard:/$_user/directory/.
If the specified directory does not exist, the system automatically creates the
directory. A maximum of seven levels of subdirectories can be created under
cfcard:/$_user/.
Step 3 Enter the system view.
system-view
Step 4 Enter the OPS view.
ops
Step 5 Enable the OPS function.
enable
By default, the OPS function is enabled.
Step 6 Create an assistant.
assistant assistant-name
Step 7 Configure a trigger condition for the assistant.
Table 1-24 Trigger conditions for an assistant
Operation Command Description
Set the severity of an condition alarm level A command assistant
alarm that triggers the { eq | ge | gt | le | lt | can match only one
assistant execution. ne } { critical | major | trigger condition.
minor | warning }
Set the name of an condition { alarm
alarm or event that [ alarm-type ] | event }
triggers the assistant feature feature-name
execution. name event-name
[ para-name para-
optype para-value ]
&<1-4> [ occurs occur-
number [ period period-
value ] ]
Set the OID of an SNMP condition snmp-
trap that triggers the notification oid oid-
assistant execution. string [ optype oid-
value ]
Set a log that triggers condition syslog
the assistant execution. pattern reg-express
[ occurs occur-number
[ period period-value ] ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 125
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operation Command Description
Set the time when an condition timer cron
assistant is executed. minutes hours
daysOfMonth months
daysOfWeek [ years ]
Step 8 Specify the batch file that the command assistant runs.
execute priority batch-file file-name
A command assistant can be configured with only one batch file.
Step 9 Commit the configuration.
commit
----End
1.1.5.4.4 Verifying the Configuration
Procedure
● Run the display ops assistant method [ name assistant-name ] command to
check information about the maintenance assistant.
● Run the display ops script [ dir-or-file-name ] command to check the
directory to which the script is installed.
----End
1.1.5.4.5 Example for Configuring a Command Assistant for Automatic Health
Check
Networking Requirements
As shown in Figure 1-41, the remote server is an SFTP server. DeviceA and the
SFTP server have reachable routes to each other. To reduce maintenance
workload, configure DeviceA to automatically collect daily health information.
Figure 1-41 Network diagram of automatic health check using commands
NOTE
In this example, interface 1 represents GigabitEthernet0/1/1.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a command assistant and set a timer as the trigger condition for the
assistant, so that the assistant performs a health check periodically.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 126
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
2. Specify the commands that the command assistant runs to collect health
information.
Procedure
Step 1 Configure a command assistant.
# Create a command assistant and configure it to run at 01:00 a.m. every day.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] ops
[~DeviceA-ops] assistant collect_health
[*DeviceA-ops-assistant-collect_health] condition timer cron 0 1 * * * *
[*DeviceA-ops-assistant-collect_health] commit
# Specify the commands that the command assistant runs to collect information,
such as the hardware status, route status, and interface link status, configure the
device to save the collected information to a file.
[~DeviceA-ops-assistant-collect_health] execute 1 command display device > health.txt
[*DeviceA-ops-assistant-collect_health] execute 1.5 command display health >> health.txt
[*DeviceA-ops-assistant-collect_health] execute 2 command display ip routing-table >> health.txt
[*DeviceA-ops-assistant-collect_health] execute 2.5 command display lldp neighbor brief >> health.txt
[*DeviceA-ops-assistant-collect_health] commit
[~DeviceA-ops-assistant-collect_health] return
Step 2 Configure an IP address for the specified interface on DeviceA.
<DeviceA> system-view
[~DeviceA] interface gigabitethernet 0/1/1
[~DeviceA-GigabitEthernet0/1/1] ip address 10.1.1.1 24
[*DeviceA-GigabitEthernet0/1/1] commit
[~DeviceA-GigabitEthernet0/1/1] quit
----End
Verifying the Configuration
# Check the configuration of the command assistant.
<DeviceA> display ops assistant verbose name collect_health
Assistant information
Name : collect_health
State : ready
Type : command
Default assistant : no
Running statistics
Running times :0
Queue size/(free) : 10/(10)
Skip for queue full : 0
Skip for delay :0
Skip for suppression : 0
Skip for error :0
Execute information
Task abstract : display device > health.txt; display health >> health.txt; display ip routing-table >>
health.txt; display lldp
neighbor brief >> health.txt;
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 127
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ops
assistant collect_health
execute 1 command display device > health.txt
execute 1.5 command display health >> health.txt
execute 2 command display ip routing-table >> health.txt
execute 2.5 command display lldp neighbor brief >> health.txt
condition timer cron 0 1 * * * *
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.1.1.1 24
#
1.1.5.5 Configuring a Script Assistant
1.1.5.5.1 Configuring Basic Functions of a Script Assistant
Context
In a script assistant, trigger conditions and tasks must be defined using the Python
ops_condition() and ops_execute() functions, respectively. A script assistant can be
triggered by command line, timer, and route change events.
Procedure
Step 1 Upload a Python script file to the device.
For details about how to upload a file to the device, see File System Management.
Step 2 Install the script file in the user view.
ops install file scrFile [ destination directory ]
If you do not specify destination directory in the command, the script is installed
in cfcard:/$_user/ by default. If this parameter is specified, the script is installed in
cfcard:/$_user/directory/.
NOTE
If the specified directory does not exist, the system automatically creates the directory. A
maximum of seven levels of subdirectories can be created under cfcard:/$_user/.
Step 3 Enter the system view.
system-view
Step 4 Enter the OPS view.
ops
Step 5 Enable the OPS function.
enable
By default, the OPS function is enabled.
Step 6 (Optional) Configure an environment variable.
environment env-name env-value
The OPS supports the following environment variables:
● System environment variables: environment variables that are automatically
generated during system running.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 128
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● User environment variables: environment variables that are configured using
the environment command.
Intermediate data generated during Python script running is lost after the Python
is shut down. You can configure the Python script's running variable as an
environment variable so that data can be saved and used by other users.
Step 7 Create a script assistant.
script-assistant python script-name
A script assistant is enabled by default after being created. When the trigger
condition specified in a Python script is met, the tasks specified in the script will be
automatically executed.
Step 8 Commit the configuration.
commit
----End
1.1.5.5.2 Compiling OPS API-based Scripts
Context
In an OPS script file, you can define operations on YANG model nodes to manage
services through OPS APIs.
The OPS API is a RESTful open and programmable interface. The following table
lists the operations supported by the OPS, RESTCONF, and NETCONF.
Table 1-25 Operations supported by the OPS, RESTCONF, and NETCONF
OPS RESTCONF NETCONF
create POST <edit-config>
(nc:operation="create")
create POST rpc
delete DELETE <edit-config>
(nc:operation="delete")
patch PATCH <edit-config>
(nc:operation="merge")
get GET <get-config>, <get>
set PUT <edit-config>
(nc:operation="replace")
Zero Touch Provisioning (ZTP) can invoke OPS scripts to implement automatic
service deployment when a device starts without any configuration file.
1.1.5.5.5 Appendix: OPS APIs lists the supported service nodes.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 129
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
You can compile Python scripts that are manually run and scripts defined in the
ops_execute() function of the script assistant based on the following procedure
and specifications.
Procedure
Step 1 Run the import ops statement to invoke the OPSConnection(object) function to
establish a connection to the OPS interface.
Step 2 Compile the OPS script.
import ops # Imports the OPS module. This is a fixed format.
import string # Fixed format.
uri = "/restconf/data/huawei-aaa:aaa/domains" # XPath based on the RESTCONF packet
header and YANG model of the service module. For the create, delete, get, and set operations, the
parameter in the path is fixed to data.
uri = "/restconf/operations/huawei-cfg:set-startup " # XPath based on the RESTCONF packet header
and YANG model of the service module. For RPC operations, the parameter in the path is fixed to
operations.
host = "localhost" # Fixed format.
req_data = None # Service body. Enter the data to be added in XML
format. If no data is added, enter None.
opos_conn = ops.OPSConnection(host) # Interface function that triggers OPS
connection establishment.
ret, _, rsp_data = ops_conn.create/delete/get/set(uri, req_data, timeout = time-value) # Triggers various
operations. The timeout parameter specifies an OPS request timeout period. If the OPS request timeout
period is reached, the OPS request is canceled, and a timeout error is returned. This parameter is optional.
Its value is an integer ranging from 0 to 4294967295, in seconds. The default value is 0, indicating that
there is no timeout period for OPS requests.
Table 1-26 Script compiling for various OPS operations
Operati Rule Script Example
on Description
create Creates a import ops
import string
node. The import hashlib
parameter in uri = "/restconf/data/huawei-aaa:aaa/domains"
the URI is host = "localhost"
req_data = '''<domain>
fixed to data. <domainName>test1</domainName>
<authenSchemeName>default</authenSchemeName>
<acctSchemeName>default</acctSchemeName>
<authorSchemeName>default</authorSchemeName>
<domainState>active</domainState>
<accessLimit>283648</accessLimit>
<serviceTerminal>true</serviceTerminal>
<serviceTelnet>true</serviceTelnet>
<serviceFtp>true</serviceFtp>
<serviceSsh>true</serviceSsh>
<serviceSnmp>true</serviceSnmp>
<serviceDot1x>true</serviceDot1x>
<serviceHttp>true</serviceHttp>
</domain>'''
ops_conn = ops.OPSConnection(host)
ret, _, rsp_data = ops_conn.create(uri, req_data)
print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 130
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operati Rule Script Example
on Description
create RPC import ops
import string
operation. import hashlib
The uri = "/restconf/operations/huawei-cfg:set-startup"
parameter in host = "localhost"
req_data = '''<input>
the URI is <filename>vrpcfg1.zip</filename>
fixed to </input>'''
operations. ops_conn = ops.OPSConnection(host)
ret, _, rsp_data = ops_conn.create(uri, req_data)
print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
delete No service import ops
import string
body is import hashlib
allowed. uri = "/restconf/data/huawei-aaa:aaa/domains/domain=test1"
host = "localhost"
req_data = None
ops_conn = ops.OPSConnection(host)
ret, _, rsp_data = ops_conn.delete(uri, req_data)
print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
patch Modifies an import ops
import string
existing import hashlib
service. A uri = "/restconf/data/huawei-aaa:aaa/domains/domain"
service that host = "localhost"
req_data = '''<domain>
does not <domainName>test1</domainName>
exist cannot <authenSchemeName>default</authenSchemeName>
be created. <acctSchemeName>default</acctSchemeName>
<authorSchemeName>default</authorSchemeName>
<domainState>active</domainState>
<accessLimit>283648</accessLimit>
<serviceTerminal>true</serviceTerminal>
<serviceTelnet>true</serviceTelnet>
<serviceFtp>true</serviceFtp>
<serviceSsh>true</serviceSsh>
<serviceSnmp>true</serviceSnmp>
<serviceDot1x>true</serviceDot1x>
<serviceHttp>true</serviceHttp>
</domain>'''
ops_conn = ops.OPSConnection(host)
ret, _, rsp_data = ops_conn.patch(uri, req_data)
print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
get ● No service import ops
import string
body is import hashlib
allowed. print("hello")
print("world")
● When uri = "/restconf/data/huawei-aaa:aaa/domains/domain=test1"
querying host = "localhost"
a list req_data = None
ops_conn = ops.OPSConnection(host)
node, you ret, _, rsp_data = ops_conn.get(uri, req_data)
must print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
specify a
key node
or filter
criteria.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 131
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operati Rule Script Example
on Description
set N/A import ops
import string
import hashlib
uri = "/restconf/data/huawei-aaa:aaa/domains/domain"
host = "localhost"
req_data = '''<domain>
<domainName>test1</domainName>
<authenSchemeName>default</authenSchemeName>
<acctSchemeName>default</acctSchemeName>
<authorSchemeName>default</authorSchemeName>
<domainState>active</domainState>
<accessLimit>283648</accessLimit>
<serviceTerminal>true</serviceTerminal>
<serviceTelnet>true</serviceTelnet>
<serviceFtp>true</serviceFtp>
<serviceSsh>true</serviceSsh>
<serviceSnmp>true</serviceSnmp>
<serviceDot1x>true</serviceDot1x>
<serviceHttp>true</serviceHttp>
</domain>'''
ops_conn = ops.OPSConnection(host)
ret, _, rsp_data = ops_conn.set(uri, req_data)
print(('install_ops_script ret {}, rsp_data {}'.format(ret, rsp_data)))
----End
1.1.5.5.3 Verifying the Configuration
Procedure
● Run the display ops assistant method command to check current
information about maintenance assistants.
----End
1.1.5.5.4 Example for Configuring a Script Assistant for Automatic Health Check
Networking Requirements
As shown in Figure 1-42, the remote server is an SFTP server. DeviceA and the
SFTP server have reachable routes to each other. To reduce maintenance
workload, configure DeviceA to automatically collect daily health information.
Figure 1-42 Automatic health check using a Python script
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 132
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Compile, upload, and install a Python script on DeviceA.
2. Create a script assistant.
Procedure
Step 1 Compile a Python script.
# Compile a Python script named health.py.
In the Python script, set the trigger condition as the timer and the task as
executing commands to collect device information (including hardware status,
route status, and interface link status) and to send the collected information to
the SFTP server. The Python script is as follows:
# Define the function of the trigger condition.
def ops_condition(_ops):
_ops.timer.cron("con1","0 1 * * * *") # Set the timer event.
_ops.correlate("con1")
# Define the functions for tasks.
def ops_execute(_ops):
_ops.set_model_type("YANG") # Configure the RESTful API to use the YANG model.
handle, err_desp = _ops.cli.open() # Enable the CLI channel.
_ops.cli.execute(handle,"display device > health.txt") # Execute commands.
_ops.cli.execute(handle,"display health >> health.txt")
_ops.cli.execute(handle,"display ip routing-table >> health.txt")
_ops.cli.execute(handle,"display lldp neighbor brief >> health.txt")
ret = _ops.cli.close(handle) # Close the CLI channel.
return 0
Step 2 Upload and install the Python script.
# Configure DeviceA functioning as an SFTP client to download the Python script
file health.py from the SFTP server. The Python script is stored on the SFTP server.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] sftp 10.2.1.1
Trying 10.2.1.1 ...
Press CTRL+K to abort
Connected to 10.2.1.1 ...
Please input the username:
Enter password:
sftp-client> get health.py
Info: Transfer file in binary mode.
Please wait for a while...
/ 635 bytes transferred
Info: Downloaded the file successfully.
# Install the Python script on DeviceA.
[~DeviceA] quit
<DeviceA> ops install file health.py
Step 3 Configure a script assistant.
<DeviceA> system-view
[~DeviceA] ops
[~DeviceA-ops] script-assistant python health.py
[*DeviceA-ops] return
[*DeviceA] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 133
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Configure an IP address for the specified interface on DeviceA.
<DeviceA> system-view
[~DeviceA] interface gigabitethernet 0/1/1
[*DeviceA-GigabitEthernet0/1/1] undo portswitch
[~DeviceA-GigabitEthernet0/1/1] ip address 10.1.1.1 24
[*DeviceA-GigabitEthernet0/1/1] commit
[~DeviceA-GigabitEthernet0/1/1] quit
----End
Verifying the Configuration
# Check the configuration of the script assistant.
<DeviceA> display ops assistant verbose name health.py
Assistant information
Name : health.py
State : ready
Type : script
Default assistant : no
Running statistics
Running times :0
Queue size/(free) : 10/(10)
Skip for queue full : 0
Skip for delay :0
Skip for suppression : 0
Skip for error :0
Execute information
Task abstract : health.py : ops_execute()
Trigger control
Occurs threshold :1
Period (s) :0
Delay (s) :0
Suppress max :0
Hits in period :0
Condition information
Correlate expression : con1
Condition tag : con1
Condition type : timer
Subscribe result : success
Occurs threshold : 0
Period (s) :0
Hits in period :0
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
ops
script-assistant python health.py
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.1.1.1 24
#
1.1.5.5.5 Appendix: OPS APIs
The OPS API is a RESTful interface based on the YANG model. For details about
the attributes and constraints of each node in the YANG model, see YANG API
Reference. This section describes the OPS APIs supported by the device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 134
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-27 OPS APIs
URI Functions
huawei-network-instance:network- BGP peer.
instance/instances/instance/huawei-
bgp:bgp/base-process/peers/peer
huawei-bgp:bgp/base-process BGP site.
huawei-network-instance:network- BGP peer address family.
instance/instances/instance/huawei-
bgp:bgp/base-process/peers/
peer/afs/af
huawei-cfg:set-startup Specifies the configuration file for next
startup.
huawei-cfg:clear-startup Clears the configuration file for the
next startup.
huawei-cfg:cfg/startup-infos/startup- Obtains the current startup
info information of the device.
huawei-devm:devm/physical-entitys Physical entity.
huawei-devm:devm/physical-entitys/ Physical entity.
physical-entity
huawei-devm:reboot Resets the device.
huawei-ifm:ifm/interfaces/interface/ Enables the DHCP client function on
huawei-dhcp:dhcp-client-if/address- an interface.
allocation
huawei-dhcp:dhcp/client/client-querys Transmits DHCP requests and
responses.
huawei-dhcp:dhcp/client/client-querys/ Transmits DHCP requests and
client-query responses.
huawei-dhcp:dhcp/client/client- Transmits DHCP requests and
gateway-querys responses.
huawei-dhcp:dhcp/client/client- Transmits DHCP requests and
gateway-querys/client-gateway-query responses.
huawei-dhcp:dhcp/client/client-dns- Transmits DHCP requests and
server-querys responses.
huawei-dhcp:dhcp/client/client-dns- Transmits DHCP requests and
server-querys/client-dns-server-query responses.
huawei-dhcp:dhcp/client/client-log- Transmits DHCP requests and
server-querys responses.
huawei-dhcp:dhcp/client/client-log- Transmits DHCP requests and
server-querys/client-log-server-query responses.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 135
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
URI Functions
huawei-dhcp:dhcp/common/global Basic DHCP configuration.
huawei-dhcp:dhcp/common/global/ Enables DHCP globally.
enable
huawei-ifm:ifm/interfaces/interface/ DHCP Client interface configuration
huawei-dhcp:dhcp-client-if
huawei-ifm:ifm/interfaces/interface/ List of request options except the
huawei-dhcp:dhcp-client-if/request- default options.
option
huawei-dns:dns/global Enables the dynamic domain name
resolution function.
huawei-dns:dns/ipv4-servers Configures the IP address of the DNS
server.
huawei-dns:dns/ipv4-servers/ipv4- Configures the IP address of the DNS
server server.
huawei-dns:dns/query-host-ips Supports the DNS server.
huawei-dns:dns/query-host-ips/query- Supports the DNS server.
host-ip
huawei-ifm:ifm/interfaces/interface/ Port isolation configuration.
ethernet/main-interface/l2-attribute
huawei-ftpc:ftpc-transfer-file FTPC file transfer.
huawei-ifm:ifm/interfaces/interface Interface configuration.
huawei-ifm:ifm/interfaces/interface/ Interface status query.
dynamic
huawei-ifm:ifm/interfaces/interface/ Address configuration.
ipv4
huawei-ifm:ifm/interfaces Interface list.
huawei-license:license-active License activation.
huawei-lldp:lldp Configures LLDP globally.
huawei-ifm:ifm/interfaces/interface/ LLDP interface configuration and
huawei-lldp:lldp neighbor discovery.
huawei-ops:install-application Installs an RPC script.
huawei-ops:uninstall-application Uninstalls an RPC script.
huawei-ops:run-python-script Executes an RPC script.
huawei-ops:ops/assistant/script- Information about a script assistant.
assistants
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 136
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
URI Functions
huawei-ops:ops/assistant/script- Information about a script assistant.
assistants/script-assistant
huawei-ospfv2:ospfv2/sites/site Creates an OSPFv2 process globally.
huawei-ospfv2:ospfv2/sites/site/areas Configures an OSPFv2 area.
huawei-ospfv2:ospfv2/sites/site/areas/ Configures an OSPFv2 area.
area
huawei-ospfv2:ospfv2/sites/site/areas/ OSPFv2 configurations on an interface.
area/interfaces
huawei-ospfv2:ospfv2/sites/site/areas/ OSPFv2 configurations on an interface.
area/interfaces/interface
huawei-ospfv2:ospfv2/sites/site/areas/ Creates an OSPFv2 process globally.
area/networks
huawei-ospfv2:ospfv2/sites/site/areas/ Configures the network command in
area/networks/network the OSPFv2 area.
huawei-ospfv3:ospfv3/sites/site Creates an OSPFv3 process globally.
huawei-ospfv3:ospfv3/sites/site/areas Configures an OSPFv3 area.
huawei-ospfv3:ospfv3/sites/site/areas/ Configures an OSPFv3 area.
area
huawei-ospfv3:ospfv3/sites/site/areas/ Configures OSPFv3 on an interface.
area/interfaces
huawei-ospfv3:ospfv3/sites/site/areas/ Configures OSPFv3 on an interface.
area/interfaces/interface
huawei-network-instance:network- Static routing.
instance/instances/instance/huawei-
l3vpn:afs/af/huawei-routing:routing/
static-routing/unicast-routes/unicast-
route
huawei-network-instance:network- Static routing.
instance/instances/instance/huawei-
l3vpn:afs/af/huawei-routing:routing/
static-routing/unicast-routes
huawei-rsa:rsa/peer-keys Peer key code.
huawei-rsa:rsa/peer-keys/peer-key Peer key code.
huawei-sshc:sshc/client SSH client settings.
huawei-sshc:sshc/server- SSH server name and public key
authentications configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 137
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
URI Functions
huawei-sshc:sshc/server- SSH server name and public key
authentications/server-authentication configuration.
huawei-sshc:ssh-transfer-file SFTP file transfer.
huawei-sshs:sshs/users SSH user configuration.
huawei-sshs:sshs/users/user SSH user configuration.
huawei-sshs:sshs/pubkey-alg Public key algorithm switch.
huawei-sshs:sshs/all-server-source Allows any interface on the SSH server
to be used as the source interface of
the server.
huawei-sshs:sshs/server SSH server configuration statistics.
huawei-sshs:sshs/server-enable SSH server configuration statistics.
huawei-sshs:sshs/call-homes Proactive registration.
huawei-sshs:sshs/call-homes/call- Proactive registration.
home
huawei-sshs:sshs/call-homes/call- Termination node.
home/end-points
huawei-sshs:sshs/call-homes/call- Termination node.
home/end-points/end-point
huawei-routing:routing/static-routing/ IPv4 static routes.
ipv4-routes
huawei-routing:routing/static-routing/ IPv6 static routes.
ipv6-routes
huawei-patch:load-patch Activates the patch file.
huawei-patch:startup-next-patch Sets the patch file for next startup.
huawei-patch:reset-startup-patch Clears the patch for next startup.
huawei-software:startup-by-mode Specifies the system software package
for next startup.
huawei-syslog:syslog/servers Configures a log host.
huawei-syslog:syslog/servers/server Configures a log host.
huawei-syslog:syslog/info-center- Configures a log channel list.
channels
huawei-syslog:syslog/info-center- Configures a log channel list.
channels/info-center-channel
huawei-system:system/system-info System information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 138
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
URI Functions
huawei-tftpc:tftpc-transfer-file TFTP client file transfer.
huawei-file-operation:reset-recycle-bin Command for clearing the recycle bin.
huawei-file-operation:copy-file Command for copying a file.
huawei-file-operation:delete-file Command for deleting a file.
huawei-file-operation:file-operation/ Obtains content or file attributes.
dirs
huawei-file-operation:file-operation/ Obtains disk space information.
disk-usages
huawei-ztp:ztp/ztpEnv Deployment status.
huawei-ztp:ztp Obtains the ZTP deployment status.
huawei-ztp:set-enable-status Sets the ZTP deployment status.
huawei-cli-inner:cli-terminal Opens or closes a session. It is only
internally invoked by the OPS module.
huawei-cli-inner:cli-term-execute Executes a command. It is only
internally invoked by the OPS module.
huawei-cli-inner:cli/cli-term-result Obtains the command execution
result. It is only internally invoked by
the OPS module.
1.1.5.6 Maintaining OPS
1.1.5.6.1 Stopping an OPS Task
Context
The OPS allows you to run the scripts you compile. You can stop a script that is
running or waiting to run.
NOTICE
When you stop a script, subsequent operations specified in the script will not be
performed. Exercise caution when you perform this operation.
Procedure
Step 1 (Optional) View information about running OPS tasks to obtain the ID of the task
to be stopped.
display ops process method
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 139
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Stop the OPS task.
ops stop process process-id
----End
1.1.5.6.2 Stopping a Maintenance Assistant
Context
If a maintenance assistant is no longer needed, you can stop it.
NOTICE
Stopping a running maintenance assistant interrupts the task of the assistant.
Exercise caution when you perform this operation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OPS view.
ops
Step 3 Stop a script assistant.
shutdown script-assistant script-name
To restart the script assistant, run the undo shutdown script-assistant script-
name command.
Step 4 Commit the configuration.
commit
----End
1.1.5.6.3 Disabling the Maintenance Assistant Function
Context
You can disable the maintenance assistant function when you do not need the
functions provided by assistants.
NOTICE
Disabling the maintenance assistant function interrupts all the assistants. Exercise
caution when you perform this operation.
Procedure
Step 1 Enter the system view.
system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 140
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Enter the OPS view.
ops
Step 3 Disable the maintenance assistant function.
assistant scheduler suspend
To re-enable the maintenance assistant function, run the undo assistant
scheduler suspend command.
Step 4 Commit the configuration.
commit
----End
1.1.5.6.4 Disabling the MTP Function for Maintenance Assistants
Context
The MTP function of maintenance assistants is used to monitor connectivity of
various protocols. When a protocol connectivity is interrupted, the maintenance
assistant script is run to collect onsite information for maintainability
improvement.
If you do not need the MTP function provided by a maintenance assistant, you can
disable the function.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the OPS view.
ops
Step 3 Disable the MTP function for maintenance assistants.
mtp assistant disable
Step 4 Commit the configuration.
commit
----End
1.1.5.6.5 Uninstalling a Script or Batch File
Context
You can uninstall unwanted scripts or batch files to release storage space on a
device. If an installed script or batch file needs to be updated, uninstall it first and
then reinstall it after the modification.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 141
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● If a file name is specified, the ops uninstall file command uninstalls the specified file. If
a directory is specified, the ops uninstall file command uninstalls all files in the
directory and its subdirectories.
● The ops uninstall file command cannot uninstall a script that has been bound to an
assistant. To uninstall such a script, unbind it from the assistant first.
● If the script bound to an assistant calls other scripts, the called scripts may be
uninstalled when the ops uninstall file command is run. Therefore, you are advised to
use only one script to implement required functions.
Procedure
Step 1 Uninstall a script or batch file.
ops uninstall file file-name-or-dir
----End
1.1.6 System Time Configuration
1.1.6.1 Overview of System Time
Definition
System time refers to the current time on a device and is an important parameter
for device running.
Purpose
System time recorded in device logs and alarms enables administrators to identify
when specific events occurred. In addition, a correctly configured system time
ensures the accuracy and consistency of device collaboration when multiple
devices interwork on a network.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 142
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.6.2 Configuration Precautions for System Time Management
Feature Requirements
Table 1-28 Feature requirements
Featu Feature Requirements Series Models
re
Date The configured time cannot be earlier than the NetEngin NetEngin
and kernel compilation time. e 8000 M e 8000
time M14/
mana NetEngin
geme e 8000
nt M14K/
NetEngin
e 8000
M4/
NetEngin
e 8000
M8/
NetEngin
e 8000
M8K/
NetEngin
e 8000E
M14/
NetEngin
e 8000E
M8/
NetEngin
e 8100
M14/
NetEngin
e 8100
M8
1.1.6.3 Configuring the System Time
Context
System time is the current time that a device keeps track of and is recorded in
timestamps of sent packets. Users in different regions can configure the system
clock according to the following conventions:
System time = Coordinated Universal Time (UTC) + Time zone offset + Daylight
saving time (DST) offset
The system time needs to be set correctly so that a device can coordinate properly
with other devices. However, on networks that contain multiple devices, setting or
adjusting the system time manually involves a heavy workload and may
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 143
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
compromise the clock accuracy. To ensure that all devices enabled with clock
synchronization can obtain the same time, you can configure the Network Time
Protocol (NTP) feature. This allows devices to synchronize their clocks so that they
can provide diverse applications based on consistent time.
Procedure
Step 1 Configure the time zone.
clock timezone time-zone-name { add | minus } offset
add: adds the specified time zone offset on the basis of the UTC time. The default
system time (UTC time) plus the time zone offset (offset) is the time in the time
zone specified by time-zone-name.
minus: subtracts the time zone offset (offset) from the UTC time. The remainder
obtained by subtracting the time zone offset (offset) from the default system time
(UTC time) is the time in the time zone specified by time-zone-name.
After a time zone is configured, the device adds timestamps to the local log in the
format of original system time ± offset. An example is Apr 27 2020
22:36:09+08:00.
Step 2 Configure the current time.
clock datetime [ utc ] time date
The time format is HH:MM:SS, and the date format is YYYY-MM-DD.
If the configuration contains the keyword utc, the configured time is the UTC
time. If the configuration does not contain the keyword utc and a time zone has
been configured, the configured time is the system time.
If the configuration does not contain the keyword utc and no time zone has been
configured, the system saves the configured time (UTC time) based on time zone
0. In this case, the configured time is the system time. If a time zone is configured
later, the current time plus the time zone offset is the system time.
Step 3 (Optional) Configure the DST.
clock daylight-saving-time dstname one-year start-time start-date end-time end-date offset
or
clock daylight-saving-time dstname repeating start-time { { first | second | third | fourth | last }
startweekday startmonth end-time { first | second | third | fourth | last } endweekday endmonth } offset
[ startyear [ endyear ] ]
During configuration of periodic DST, the start time and end time can be
configured in four modes: date+date, week+week, date+week, and week+date. For
configuration details, see the clock daylight-saving-time command.
NOTE
If the current time is the DST time, you can set a time zone using the clock timezone time-
zone-name { add | minus } offset command. However, the time zone name displayed in the
display clock command output remains as the DST time zone name, which can be
displayed as the configured time zone name only after the DST ends.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 144
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration
Run the display clock [ utc ] command to check the configured system clock.
Follow-up Procedure
To automatically synchronize time from the NTP server, see "NTP Configuration"
in Configuration Guide > System Management Configuration.
1.1.7 Physical Layer Clock Synchronization Configuration
1.1.7.1 Physical-Layer Clock Synchronization Description
In physical-layer clock synchronization scenarios, devices restore the clock
frequency from physical signals to achieve frequency synchronization between
upstream and downstream devices.
NOTE
The NetEngine 8000 M4 FPIC does not support this function.
1.1.7.1.1 Overview of Clock Synchronization
Definition
Synchronization is classified into the following types:
● Clock Synchronization
Clock synchronization maintains a strict relationship between signal
frequencies or between signal phases. Signals are transmitted at the same
average rate within the valid time. In this manner, all devices on a network
run at the same rate.
On a digital communication network, a sender places a pulse signal in a
specific timeslot for transmission. A receiver needs to extract this pulse signal
from this specific timeslot to ensure that the sender and receiver
communicate properly. A prerequisite of successful communication between
the sender and receiver is clock synchronization between them. Clock
synchronization enables the clocks on the sender and receiver to be
synchronized.
● Time Synchronization
Generally, the word "time" indicates either a moment or a time interval. A
moment is a transient in a period, whereas a time interval is the interval
between two transients. Time synchronization is achieved by adjusting the
internal clocks and moments of devices based on received time signals. The
working principle of time synchronization is similar to that of clock
synchronization. When a time is adjusted, both the frequency and phase of a
clock are adjusted. The phase of this clock is represented by a moment in the
form of year, month, day, hour, minute, second, millisecond, microsecond, and
nanosecond. Time synchronization enables devices to receive discontinuous
time reference information and to adjust their times to synchronize times.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 145
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Clock synchronization enables devices to trace a clock source to synchronize
frequencies.
The figure shows the difference between time synchronization and clock
synchronization. In time synchronization (also known as phase synchronization),
watches A and B always keep the same time. In clock synchronization, watches A
and B keep different times, but the time difference between the two watches is a
constant value, for example, 6 hours.
Purpose
On a digital communication network, clock synchronization is implemented to
limit the frequency or phase difference between network elements (NEs) within
an allowable range. Information is encoded into digital pulse signals using pulse
code modulation (PCM) and transmitted on a digital communication network. If
two digital switching devices have different clock frequencies, or if interference
corrupts the digital bit streams during transmission, phase drift or jitter occurs.
Consequently, code-element loss or duplication may occur in the buffer of the
involved digital switching device, resulting in slip of transmitted bit streams. In
addition, if the clock frequency or phase difference exceeds an allowable range, bit
errors or jitter may occur, degrading the network transmission performance.
1.1.7.1.2 Understanding Clock Synchronization
Basic Concepts
Clock Source
A device that provides clock signals for another device is called a clock source. A
device may have multiple clock sources, which are classified as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 146
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● External clock source
An external clock source traces a higher-stratum clock through the clock
interface provided by a clock board. For example, a Building Integrated Timing
Supply (BITS) clock source can be connected to a device through the CLK port
to provide reference time signals.
● Line clock source
A clock board uses POS interfaces, Ethernet interfaces, CPOS interfaces, or E1
interfaces to extract clock signals from Ethernet line signals or STM-N line
signals.
● Internal clock source
The reference clock provided by the local device, for example, the clock
provided by a clock board, is used as the working clock of an interface.
Reference Factors for Clock Source Selection
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M can select a clock
source based on three reference factors: priorities, Synchronization Status Message
(SSM) levels, and IDs of clock sources.
Clock Source Selection Modes
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
following clock source selection modes:
● Automatic clock source selection: The system uses the automatic clock source
selection algorithm to determine a clock source to be traced based on
priorities, SSM levels, and clock IDs of clock sources.
● Manual clock source selection: A clock source to be traced is manually
specified. This clock source must have the highest SSM level.
● Forcible clock source selection: A clock source to be traced is forcibly specified.
This clock source can be any clock source.
NOTE
You are advised to configure the automatic clock source selection mode. In this mode, the
system dynamically selects an optimal clock source based on clock source quality.
If a manually specified clock source becomes invalid, the system automatically switches to
track the clock source selected in automatic clock source selection mode. After the
manually specified clock source recovers, the system does not switch back to the manual
clock source selection mode. If the conditions for manual clock source selection are not
met, automatic clock source selection takes effect. If a forcibly specified clock source
becomes invalid, the system clock enters the holdover state. If the conditions are not met,
the system clock enters the free-run state.
Forcible Participation of SSM Levels in Clock Source Selection
In automatic clock source selection mode, you can configure SSM levels to forcibly
participate in clock source selection. After the configuration is complete, the
device determines a clock source to be traced based on priorities and SSM levels
of clock sources. The device determines the SSM level of each clock source and
preferentially selects a clock source with the highest SSM level. If two or more
clock sources have the same SSM level, the device selects a clock source based on
the priorities of these clock sources.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 147
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
SSM
The International Telecommunication Union-Telecommunication Standardization
Sector (ITU-T) defined the SSM to identify the quality level of a synchronization
source on synchronous digital hierarchy (SDH) networks. As stipulated by the ITU-
T, the four spare bits in one of the five Sa bytes in a 2 Mbit/s bit stream are used
to carry the SSM value. The use of the SSM value in clock source selection
improves synchronization network performance, prevents timing loops, achieves
synchronization on networks with different structures, and enhances
synchronization network reliability.
The SSM levels in ascending order are as follows:
1. UNK: The quality of the clock source is unknown.
2. DNU: Do not use (DNU) the clock source for synchronization.
3. SEC: The clock source is an SDH equipment clock (SEC).
4. SSU-B: The clock source is a G.812 local node clock (LNC).
5. SSU-A: The clock source is a G.812 transit node clock (TNC).
6. PRC: The clock source is a G.811 primary reference clock (PRC).
Extended SSM
The extended SSM function enables clock IDs to participate in automatic clock
source selection. This function prevents clock loops.
When the extended SSM function is enabled, the device does not allow clock IDs
to participate in automatic clock source selection in either of the following cases:
● The clock ID of a clock source is the same as the clock ID configured on the
device.
● The clock ID of a clock source is 0.
Enhanced SSM
The enhanced SSM function adds four SSM levels to the original SSM levels. After
enhanced SSM is enabled, the system controls clock source selection based on
enhanced-SSM levels and collects statistics on the number of high-precision
devices and the number of common-precision devices on clock transmission links.
The four new SSM levels in ascending order are as follows:
1. eSEC: The clock source is a G.8262.1 enhanced synchronous equipment clock
(eSEC).
2. ePRC: The clock source is a G.811.1 enhanced primary reference clock (ePRC).
3. PRTC: The clock source is a G.8272 primary reference time clock (PRTC).
4. ePRTC: The clock source is a G.8272.1 enhanced primary reference time clock
(ePRTC).
Physical-Layer Clock Synchronization Modes and Precautions
There are two synchronization modes for digital communication networks: pseudo
synchronization and master-slave synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 148
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pseudo Synchronization
In pseudo synchronization mode, each switching site has its own clock with very
high accuracy and stability, and these clocks are independent of each other. There
are very small differences in terms of clock frequency and phase among these
clocks, they do not affect service transmission and can be ignored. Therefore, clock
synchronization is not carried out among the switching sites. This is the reason
that the mode is called pseudo synchronization.
Pseudo synchronization is typically applicable to digital communication networks
between countries. Generally, countries use caesium clocks in scenarios of pseudo
synchronization.
Master-Slave Synchronization
In master-slave synchronization mode, a master clock of high accuracy is set on a
network and traced by every site. Each sub-site traces its upper-stratum clock. In
this way, clock synchronization is maintained among all the NEs.
Master-slave synchronization is classified as direct or hierarchical master-slave
synchronization.
Figure 1-43 illustrates direct master-slave synchronization. In this mode, all slave
clocks synchronize with the primary reference clock. Direct master-slave
synchronization is applicable to simple networks.
Figure 1-43 Direct master-slave synchronization
Figure 1-44 illustrates hierarchical master-slave synchronization. In this mode,
there are three stratums of clocks: stratum-1 reference clock, stratum-2 slave
clock, and stratum-3 slave clock. The stratum-2 slave clocks synchronize with the
stratum-1 reference clock, and the stratum-3 slave clocks synchronize with the
stratum-2 slave clocks. Hierarchical master-slave synchronization is applicable to
large and complex networks.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 149
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-44 Hierarchical master-slave synchronization
Master-slave synchronization is generally applicable to digital communication
networks within a country or region. One such network is deployed with a master
clock of high accuracy, and other NEs on the network take this master clock as the
reference clock.
To improve reliability of master-slave synchronization, two master clocks can be
deployed on the network, one as the active master clock and the other as the
standby master clock. Both the active and standby master clocks are caesium
clocks. In normal cases, each NE traces the active master clock, and the standby
master clock also traces it. If the active master clock fails, the standby master
clock takes over as the reference clock for the entire network. After the faulty
active master clock recovers, it becomes the reference clock again.
In master-slave synchronization mode, a slave clock may work in any of the
following states:
● Acquiring
A slave clock traces the clock source provided by an upper-stratum clock. The
clock source may be provided either by the master clock or by the upper-
stratum clock.
● Holdover
After losing connections to all the reference clocks, a slave clock enters the
holdover state. In this case, the slave clock uses the last frequency stored
before it loses the connections as the reference clock frequency. In addition,
the slave clock provides the clock signals that conform to the original
reference clock to ensure that there is only a slight difference between the
frequency of the provided clock signals and that of the original reference
clock in a period of time.
Because the inherent frequency of the oscillator is prone to drifts, the slave
clock in the holdover state may lose accuracy over a prolonged period of time.
The accuracy of a clock in the holdover state is second only to that of the
clock in the acquiring state.
● Free-run
After losing connections to all external reference clocks, a slave clock loses
the clock reference memory or retains the holdover state for an excessively
long time. As a result, the oscillator in the slave clock starts working in the
free-run state.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 150
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Networking Modes of Physical-Layer Clock Synchronization
Transmitting Clock Signals Through Clock Interfaces
A clock interface on a clock board outputs its clock signals to other NEs.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M provides two or
three BITS interfaces. One BITS interface is used to input and output clock
information. Another BITS interface is used to input and output time information.
The third BITS interface can be used to input and output either clock information
or time information.
As shown in Figure 1-45, DeviceA traces the BITS clock. The clock output interface
on DeviceA is connected to the clock input interface on DeviceB using a clock
cable. DeviceB and DeviceC are also connected through clock cables, and DeviceC
traces the clock of DeviceB. In this way, the three routers synchronize with the
BITS clock.
Figure 1-45 Transmitting clock signals through clock interfaces
Transmitting Clock Signals Through Physical Links
The information about the master clock is stored in physical link signals. Other
NEs extract the clock information from the physical link signals through the clock
board and trace and lock the master clock. In this mode, Ethernet links can be
used to implement clock synchronization without the need of constructing a
special clock synchronization network.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M can transmit and
receive clock signals through Ethernet interfaces.
As shown in Figure 1-46, DeviceA traces the BITS clock. DeviceA and DeviceB are
connected through an Ethernet link. DeviceB and DeviceC are also connected
through an Ethernet link, and DeviceC traces DeviceB's clock. In this way, the
clocks of the three Devices synchronize with the BITS clock.
Figure 1-46 Transmitting clock signals through Ethernet links
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 151
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Thanks to the long transmission distance of optical fibers, synchronizing clock
signals through synchronous Ethernet links has become the most common
networking mode for clock synchronization.
Physical-Layer Clock Protection Switching
This section describes how to deploy a highly reliable clock synchronization
network and covers the following topics:
● Overview of physical-layer clock protection switching
● Implementation of physical-layer clock protection switching
● Boards participating in physical-layer clock protection switching
Overview of Physical-Layer Clock Protection Switching
On a live network, each router traces the same reference clock stratum by stratum
through certain clock synchronization paths to implement clock synchronization
on the entire network. Generally, one router has more than one paths for tracing a
clock source. This means that one router may have multiple available clock
sources at the same time. These clock sources may receive clock signals from
either the same master clock or reference clocks of different qualities. On a clock
synchronization network, it is very important to keep the clocks of the routers
synchronized. Automatic protection switching between clock sources can be
configured to prevent the entire clock synchronization network from becoming
faulty because of a faulty clock synchronization path.
Automatic protection switching between clock sources refers to that when a
certain clock source traced by one router is lost, the router can switch
automatically to trace another clock source, which may receive clock signals from
the same reference clock as the previously traced one does or another one of
poorer quality. After the previously traced clock source recovers, the router traces
this clock source again.
Implementation of Physical-Layer Clock Protection Switching
Physical-layer clock protection switching can be implemented in the following
modes:
● Specifying a clock source manually
You can configure a clock board to always trace a certain clock source. You
can also configure different clock sources for the active and standby clock
boards.
As shown in Figure 1-47, on DeviceA that serves as the master clock, the
active clock board is configured to trace BITS1 and the standby clock board is
configured to trace BITS2. Normally, the master clock traces BITS1. When the
active clock board is faulty, an active/standby clock board switchover is
implemented, after which DeviceA traces BITS2. DeviceB is configured to trace
the clock of DeviceA, and DeviceC is configured to trace the clock of DeviceB.
The disadvantage of this mode is that all routers on the entire network traces
the clock of DeviceA. If DeviceA fails, there is no accurate reference clock
available for all routers on the entire network. The routers may trace a
reference clock, but the accuracy of the reference clock cannot meet the clock
synchronization requirements.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 152
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-47 Specifying a clock source manually
● Performing protection switching based on the priorities of clock sources
When there are multiple clock sources, you can set different priorities for
them. During protection switching, if the Synchronous Status Message (SSM)
level is not used in clock source selection, the clock board prefers the clock
source with the highest priority. If the clock source with the highest priority is
faulty, the clock board selects the clock source with the second highest
priority. If the default priority (0) of a clock source is used, this clock source is
not selected during protection switching.
● Performing protection switching based on SSM levels
An SSM is a group of codes used to indicate the level of the clock quality on a
synchronization network. At present, ITU-T specifies that four bits are used for
coding. These four bits comprise the Synchronous Status Message Byte
(SSMB). Table 1-29 lists the SSM codes defined by ITU-T. These codes
represent 16 quality levels of clock sources. If the SSMB of a clock source is
"2", the quality of this clock source is at the highest level. If the SSMB of a
clock source is "f", the quality of this clock source is at the lowest level.
On an SDH transmission network, SSM information is transmitted through the
four low-order bits (b5 through b8) in the S1 byte of the SDH segment
overhead. On a BITS device, however, SSM information is transmitted through
a certain bit in the first timeslot (TS0) of the clock signals of 2 Mbit/s.
Therefore, the clock signals of 2 MHz cannot carry the SSM information.
The difference between the SSMB and S1 byte is that the SSMB is a group of
message codes representing clock quality levels, as listed in Table 1-29,
whereas the S1 byte is a byte in the SDH segment overhead with the four
low-order bits representing the SSMB.
Table 1-29 SSM codes
Z1 (b5 S1 Byte Level of SDH Synchronization Quality
Through b8)
0000 0x00 Unknown
0001 0x01 Reserved
0010 0x02 G.811 clock (PRC, generally a caesium
clock) signals
0011 0x03 Reserved
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 153
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Z1 (b5 S1 Byte Level of SDH Synchronization Quality
Through b8)
0100 0x04 G.812 transit node clock (SSU-A, generally
a rubidium clock) signals
0101 0x05 Reserved
0110 0x06 Reserved
0111 0x07 Reserved
1000 0x08 G.812 local node clock (SSU-B, generally a
rubidium clock or a crystal clock) signals
1001 0x09 Reserved
1010 0x0a Reserved
1011 0x0b SDH equipment clock (SEC, generally a
crystal clock) signals
1100 0x0c Reserved
1101 0x0d Reserved
1110 0x0e Reserved
1111 0x0f Do Not Use (DNU)
When a clock board is powered on, the default SSM levels of all the reference
sources are "Unknown". SSM levels are sorted in descending order of
preference: PRC, SSU-A, SSU-B, SEC, Unknown, and DNU. If the SSM level of a
clock source is DNU and the SSM level is used in clock source selection, this
clock source is not selected during protection switching.
The SSM level of output signals of a clock is determined by the traced clock
source. Specifically, when a clock works in the tracing state, the SSM level of
output signals of this clock and that of the traced clock source are the same.
When a clock does not work in the tracing state, the SSM level of output
signals of this clock is SEC.
For a line clock source, the SSM value can be extracted from an LPU and
reported to the main control board. The main control board then sends the
SSM value of the line clock source to the clock board. Alternatively, the main
control board forcibly configures the SSM level of the line clock source.
For the BITS clock source of the clock module, if the signals are 2.048 Mbit/s,
the SSM value can be extracted by the clock module from the signals; if the
signals are 2.048 MHz, the SSM level can be set manually.
NOTE
A router can only select an SSM value listed in Table 1-29. For values not listed, the router
processes them as DNU.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 154
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Boards Participating in Physical-Layer Clock Protection Switching
Clock protection switching involves boards and protocols. The functions of the
boards during clock protection switching are as follows:
● LPU
An LPU inserts and extracts the SSM value. The SSM value of the best clock
source sent by the clock board is set on each synchronous physical interface
on the LPU for distribution. The SSM value received by each synchronous
physical interface is processed by the LPU.
● Clock board
A clock board extracts the SSM value of an external clock and implements
protection switching between clock sources. After receiving SSM values from
an LPU, the clock board determines the clock source to be traced based on
SSM levels, implements clock protection switching, and sends the SSM value
of the current clock source to other LPUs.
1.1.7.1.3 Terms and Abbreviations for Clock Synchronization
None
1.1.7.2 Physical-Layer Clock Synchronization Configuration
1.1.7.2.1 Overview of Clock Synchronization
Definition
Synchronization is classified into the following types:
● Clock Synchronization
Clock synchronization maintains a strict relationship between signal
frequencies or between signal phases. Signals are transmitted at the same
average rate within the valid time. In this manner, all devices on a network
run at the same rate.
On a digital communication network, a sender places a pulse signal in a
specific timeslot for transmission. A receiver needs to extract this pulse signal
from this specific timeslot to ensure that the sender and receiver
communicate properly. A prerequisite of successful communication between
the sender and receiver is clock synchronization between them. Clock
synchronization enables the clocks on the sender and receiver to be
synchronized.
● Time Synchronization
Generally, the word "time" indicates either a moment or a time interval. A
moment is a transient in a period, whereas a time interval is the interval
between two transients. Time synchronization is achieved by adjusting the
internal clocks and moments of devices based on received time signals. The
working principle of time synchronization is similar to that of clock
synchronization. When a time is adjusted, both the frequency and phase of a
clock are adjusted. The phase of this clock is represented by a moment in the
form of year, month, day, hour, minute, second, millisecond, microsecond, and
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 155
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
nanosecond. Time synchronization enables devices to receive discontinuous
time reference information and to adjust their times to synchronize times.
Clock synchronization enables devices to trace a clock source to synchronize
frequencies.
The figure shows the difference between time synchronization and clock
synchronization. In time synchronization (also known as phase synchronization),
watches A and B always keep the same time. In clock synchronization, watches A
and B keep different times, but the time difference between the two watches is a
constant value, for example, 6 hours.
Purpose
On a digital communication network, clock synchronization is implemented to
limit the frequency or phase difference between network elements (NEs) within
an allowable range. Information is encoded into digital pulse signals using pulse
code modulation (PCM) and transmitted on a digital communication network. If
two digital switching devices have different clock frequencies, or if interference
corrupts the digital bit streams during transmission, phase drift or jitter occurs.
Consequently, code-element loss or duplication may occur in the buffer of the
involved digital switching device, resulting in slip of transmitted bit streams. In
addition, if the clock frequency or phase difference exceeds an allowable range, bit
errors or jitter may occur, degrading the network transmission performance.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 156
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.7.2.2 Configuration Precautions for Physical Layer Clock Synchronization
Feature Requirements
Table 1-30 Feature requirements
Feature Requirements Series Models
When the 2M ring does not trace the source, NetEngin NetEngine 8000
the output action ("clock bits { bits0 | bits1 | e 8000 M M14/NetEngine
bits2 } lti-action-2mbps { send-dnu | send- 8000 M14K/
ais }") of the BITS port is valid only when the NetEngine 8000
BITS signal type is set to 2mbps. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
The BP51-E 24x1GE subcard does not support NetEngin NetEngine 8000
synchronous Ethernet. e 8000 M M8
Involved subcard: ME0D0EFGFE7H.
Frequency synchronization deployment is
affected.
You are advised to use synchronous Ethernet
subcards instead.
In FlexE mode, if the bound logical interface NetEngin NetEngine 8000
(client) is faulty, the clock service fails. In this e 8000 M M14/NetEngine
case, a clock source switchover is triggered. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
In FlexETH mode, the logical interface groups NetEngin NetEngine 8000
and clients bound to the upstream and e 8000 M M14/NetEngine
downstream devices must be the same to 8000 M14K/
ensure that bidirectional clock service flows are NetEngine 8000
available. If they are inconsistent, clock services M4/NetEngine
are unavailable and clock/time synchronization 8000 M8/
is abnormal. NetEngine 8000
You are advised to properly plan service M8K/NetEngine
configurations and ensure that the upstream 8000E M14/
and downstream logical interfaces are bound NetEngine 8000E
to the same group and client. M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 157
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
The MPUP main control board does not meet NetEngin NetEngine 8000
the performance requirements of the G.8273.2 e 8000 M M8
standard.
Plan services properly.
The P51-E 24x1GE subcard does not support NetEngin NetEngine 8000
synchronous Ethernet. e 8000 M M8
Subcards involved: CR5D0EFGFE70/
CR5DL2XEFG7E.
Frequency synchronization deployment is
affected. It is recommended that synchronous
Ethernet subcards be used as substitutes.
In the port extension scenario, the inter-device NetEngin NetEngine 8000
clock synchronization solution supports only e 8000 M M14/NetEngine
physical-layer clock synchronization and 8000 M14K/
1588v2 time synchronization. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
O/E converters do not support synchronous NetEngin NetEngine 8000
Ethernet or PTP time synchronization. The e 8000 M M14/NetEngine
frequency/time synchronization performance 8000 M14K/
cannot be met. NetEngine 8000
When planning the clock/time topology, do not M4/NetEngine
deploy the clock/time source on an interface 8000 M8/
with an O/E conversion module. Instead, use NetEngine 8000
an optical module or an electrical interface. M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Synchronous Ethernet and 1588v2/G.8275.1 NetEngin NetEngine 8000
cannot be deployed on different subcards of e 8000 M M8
the same interface board. They can be
deployed on the same subcard or subcards of
different interface boards. When Ethernet
synchronization and 1588v2/G.8275.1 are
deployed on different subcards of the same
interface board, the system preferentially sends
the 1588v2/G.8275.1 time source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 158
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
During network deployment, ensure that the NetEngin NetEngine 8000
transmit and receive optical fibers of each e 8000 M M14/NetEngine
member link in a FlexETH group have the 8000 M14K/
same length; otherwise, the clock NetEngine 8000
synchronization performance is affected. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
The clock source with an abnormal frequency NetEngin NetEngine 8000
offset can participate in clock source selection e 8000 M M14/NetEngine
again only when frequency offset detection is 8000 M14K/
enabled and the frequency offset switching NetEngine 8000
function is enabled. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.7.2.3 Configuring the Automatic Clock Source Selection Mode
Usage Scenario
If the status or quality of clock sources on a clock synchronization network does
not remain stable, configure the automatic clock source selection mode to ensure
that the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M selects an
optimal clock source.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports three
clock source selection modes: automatic clock source selection, manual clock
source selection, and forcible clock source selection. In automatic clock source
selection mode, the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M
uses the automatic clock source selection algorithm to determine a clock source to
be traced. The reference factors for automatic clock source selection include
priorities, synchronous status message (SSM) levels, and clock IDs of clock sources.
The automatic clock source selection algorithm uses one or more of the reference
factors, depending on the actual configurations.
Pre-configuration Tasks
None
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 159
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring a Clock Source
Context
Before configuring clock synchronization on the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M, configure a clock source. The NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 M supports BITS, PTP, and line clock sources.
Perform one of the following configurations based on the clock source to be used
on a clock synchronization network:
The actual number of BITS interfaces varies with the hardware configuration. You
need to set them based on the actual situation. Similar details are omitted in the
rest of the document.
Procedure
● Configure a BITS clock source.
a. Run system-view
The system view is displayed.
b. Run clock bits-type bits0 { 2mhz | 2mbps } [ slot slotid ] slot slotid
A signal type is configured for the BITS clock source.
c. Run clock source bits0 synchronization enable [ slot slotid ]
Clock synchronization is enabled for the BITS clock source.
d. Run clock source bits0 priority priority-value [ slot slotid ]
A priority is configured for the BITS clock source. A smaller value
indicates a higher priority.
e. (Optional) Run clock sa-bit { sa4 | sa5 | sa6 | sa7 | sa8 } source bits0
[ slot slotid ]
The timeslot from which the BITS clock source extracts SSM levels is
configured.
f. (Optional) Run clock source bits0 ssm { prc | ssua | ssub | sec | dnu |
unk | prtc | eprtc | esec | eprc }
An SSM level is configured for the BITS clock source.
If the signal type of the BITS clock source is 2mhz, the BITS clock source
cannot directly extract SSM level information from clock signals. If you
have configured SSM levels to participate in clock source selection, run
this command to manually configure an SSM level for the clock source.
g. (Optional) Run clock source bits0 clock-id clockid-value
A clock ID is configured for the BITS clock source.
If you have enabled the extended SSM function, configure a clock ID for
the BITS clock source.
h. (Optional) Run clock bits output-threshold { prc | ssua | ssub | sec |
dnu }
A threshold is configured for the SSM level of clock signals sent by the
BITS clock source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 160
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
If the SSM level of the clock signals output by the BITS port is lower than
the set threshold, the BITS port stops outputting clock signals.
i. Run commit
The configuration is committed.
● Configure a PTP clock source.
a. Run system-view
The system view is displayed.
b. Run ptp device-type { oc | bc | e2etc | p2ptc | e2etcoc | p2ptcoc |
tcandbc }
A clock mode is configured for the 1588v2 device.
c. Run ptp enable
PTP is enabled.
d. Run interface interface-type interface-number
The interface view is displayed.
e. Run ptp enable
PTP is enabled on the specified interface.
f. Run quit
Return to the system view.
g. Run clock source ptp priority priority-value
A priority is configured for the PTP clock source.
A smaller value indicates a higher priority.
h. Run clock source ptp synchronization enable
Clock synchronization is enabled for the PTP clock source.
i. (Optional) Run clock source ptp ssm { dnu | prc | sec | ssua | ssub | unk
| prtc | eprtc | esec | eprc }
An SSM level is configured for the PTP clock source.
If you have configured SSM levels to participate in clock source selection,
run this command to manually configure an SSM level for the PTP clock
source.
j. (Optional) Run clock source ptp clock-id clockid-value
A clock ID is configured for the PTP clock source.
k. Run commit
The configuration is committed.
● Configure a line clock source.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 161
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
HP-GE interfaces are used for clock synchronization only.
An HP-GE interface directly connects to a high-precision clock server to receive
frequency and time information. This helps improve the access capability of high-
precision clock sources on the entire network
c. Run clock synchronization enable
Clock synchronization is enabled for the line clock source.
d. (Optional) Run clock [ 2msync-1 | 2msync-2 ] priority priority-value
A priority is configured for the line clock source.
A smaller value indicates a higher priority.
e. (Optional) Run clock ssm { dnu | prc | sec | ssua | ssub | unk | prtc |
eprtc | esec | eprc }
An SSM level is configured for the line clock source.
f. (Optional) Run clock clock-id clockid-value
A clock ID is configured for the line clock source.
g. (Optional) Run clock bundle bundle-value
A bundle group ID is configured for the line clock source, and the line
clock source is added to the bundle group.
This command can be run to prevent a clock loop when two or more
clock links exist between two devices.
h. Run commit
The configuration is committed.
----End
(Optional) Configuring Parameters for Automatic Clock Source Selection
Context
When the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M works in
automatic clock source selection mode, the configurable parameters include:
● Frequency deviation detection
● SSM level mapped to the clock source with an SSM level of unk
● Maximum output SSM level of clock signals
● Reversion mode of the clock source selection algorithm
● Holdoff time after clock source signals are lost
● Wait to restore (WTR) time for a status change after the clock source is
restored
You can configure the function or parameters to improve the synchronization
quality of a clock synchronization network and keep stable clock signals.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 162
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run clock freq-deviation-detect enable
Frequency deviation detection is enabled.
When frequency deviation detection is enabled, frequency deviation detection
results serve as reference factors for automatic clock source selection and may
affect the final clock source selection.
Step 3 Run clock board-freq-switch enable
Frequency deviation-triggered clock source switching is enabled.
After this function is enabled, if the system detects that the frequency deviation of
the clock source is abnormal, it notifies the interface board where the clock source
resides, triggering the interface board to select the optimal clock source for use.
Step 4 Run interface interface-type interface-number
Step 5 Run clock freq-deviation recover
Frequency deviation status recovery is enabled for clock sources.
A clock source can participate in reference clock source selection only when its
frequency deviation status is normal.
NOTE
In scenarios where frequency deviation detection and frequency deviation-triggered clock
source switching are both enabled, if the frequency deviation of a clock source is detected
to be abnormal, then the clock source frequency deviation status is set to be abnormal.
When selecting the reference clock source, the interface board excludes this clock source
from the candidate clock source list. After determining that the frequency deviation of the
clock source has recovered, you can run this command to recover its frequency deviation
status, so that the clock source can participate in reference clock source selection again.
Step 6 Run quit
Return to the system view.
Step 7 Run clock map unk { dnu | prc | sec | ssua | ssub | prtc | eprtc | esec | eprc }
An SSM level is mapped to the clock source with an SSM level of unk.
unk indicates that the clock source has an unknown SSM level. The clock source
with an SSM level of unk cannot participate in clock source selection. To enable
this type of clock source to participate in clock source selection, map a valid SSM
level to it.
Step 8 Run clock max-out-ssm { prc | sec | ssua | ssub | prtc | eprtc | esec | eprc }
The maximum output SSM level is configured for clock signals.
By default, the SSM level that the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M transfers to a downstream device is the actual SSM level of
clock signals. To reduce the probability that a downstream device traces clock
signals with poor quality, configure a lower maximum output SSM level to limit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 163
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
the SSM level that the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M
transfers to this downstream device.
Step 9 Run clock switch { revertive | non-revertive }
A reversion mode is configured for the clock source selection algorithm.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
following reversion modes:
● Revertive mode: If the optimal clock source is faulty, the NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 M uses the clock source selection
algorithm to select the second optimal clock source. If the optimal clock
source is restored, the NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 M automatically retraces it.
● Non-revertive mode: If the optimal clock source is faulty, the NetEngine 8100
M, NetEngine 8000E M, NetEngine 8000 M uses the clock source selection
algorithm to select the second optimal clock source. If the optimal clock
source is restored, the NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 M continues to trace the second optimal clock source. If there is no the
second optimal clock source to select, the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M select the optimal clock source.
Step 10 Run clock source-lost holdoff-time holdoff-time-value
A holdoff time after clock source signals are lost is configured.
When clock source signals are lost, the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M reports status changes only after a holdoff time to instruct the
clock source selection algorithm to reselect a clock source. This processing
mechanism prevents the clock source selection algorithm from frequently
reselecting a clock source when clock source signals are lost for a short time.
Step 11 Run clock wtr wtr-time
A WTR time is configured for a status change after the clock source is restored.
You can configure an appropriate WTR time to minimize the impact of frequent
clock source status changes on clock source selection.
Step 12 Run commit
The configuration is committed.
----End
Configuring the Automatic Clock Source Selection Mode and Reference Factors
Context
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports three
clock source selection modes: automatic clock source selection, manual clock
source selection, and forcible clock source selection. By default, the NetEngine
8100 M, NetEngine 8000E M, NetEngine 8000 M works in automatic clock source
selection mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 164
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
In automatic clock source selection mode, three reference factors may affect the
final clock source selection. The three reference factors are priorities, synchronous
status message (SSM) levels, and clock IDs of clock sources.
● By default, the automatic clock source selection algorithm selects a clock
source based on priorities of clock sources.
● If you have configured SSM levels to participate in clock source selection, the
automatic clock source selection algorithm selects a clock source based on
priorities and SSM levels of clock sources.
● If the extended SSM function is enabled, clock IDs of clock sources also
participate in clock source selection. The participation of clock IDs prevents
clock loops.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run clock clear
The clock source selection mode is restored to automatic clock source selection.
If the command clock { manual | force } source { ptp | interface interface-type
interface-number } has been run, a clock source is manually or forcibly specified
for system clocks.
Then you can run this command to restore the clock source selection mode from
manual or forcible clock source selection to automatic clock source selection.
Step 3 Run clock ssm-control { on | off }
SSM levels are configured to participate in automatic clock source selection.
Step 4 (Optional) Run clock extend-ssm-control { on | off }
The extended SSM function is enabled so that clock IDs participate in automatic
clock source selection.
Step 5 (Optional) Runclock enhanced-ssm-control { on | off }
The enhanced SSM is enabled or disabled.
Step 6 Run commit
The configuration is committed.
----End
Verifying the Configuration of the Automatic Clock Source Selection Mode
Prerequisites
After configuring the automatic clock source selection mode, verify the
configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 165
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run the display clock config command to check clock source selection
configurations.
Step 2 Run the display clock source command to check information about all clock
sources, including the traced clock source.
----End
1.1.7.2.4 Configuring the Manual or Forcible Clock Source Selection Mode
Usage Scenario
By default, the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M uses
the automatic clock source selection algorithm to determine a clock source to be
traced for system or 2M phase-locked loop (PLL) clocks. You can also manually or
forcibly specify a clock source to be traced based on the quality level of clock
sources.
Pre-configuration Tasks
None
Configuring a Clock Source
Context
Before configuring clock synchronization on the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M, configure a clock source. The NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 M supports BITS, PTP, and line clock sources.
Perform one of the following configurations based on the clock source to be used
on a clock synchronization network:
The actual number of BITS interfaces varies with the hardware configuration. You
need to set them based on the actual situation. Similar details are omitted in the
following.
Procedure
● Configure a BITS clock source.
a. Run system-view
The system view is displayed.
b. Run clock bits-type bits0 { 2mhz | 2mbps } [ slot slotid ] slot slotid
A signal type is configured for the BITS clock source.
c. (Optional) Run clock sa-bit { sa4 | sa5 | sa6 | sa7 | sa8 } source bits0
[ slot slotid ]
The timeslot from which the BITS clock source extracts SSM levels is
configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 166
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
d. (Optional) Run clock source bits0 ssm { prc | ssua | ssub | sec | dnu |
unk | prtc | eprtc | esec | eprc }
An SSM level is configured for the BITS clock source.
If the signal type of the BITS clock source is 2mhz, the BITS clock source
cannot extract SSM levels from clock signals. If you have configured SSM
levels to participate in clock source selection, run this command to
manually configure an SSM level for the BITS clock source.
e. (Optional) Run clock bits output-threshold { prc | ssua | ssub | sec |
dnu }
A threshold is configured for the SSM level of clock signals sent by the
BITS clock source.
If the SSM level of the clock signals output by the BITS port is lower than
the set threshold, the BITS port stops outputting clock signals.
f. Run commit
The configuration is committed.
● Configure a PTP clock source.
a. Run system-view
The system view is displayed.
b. Run ptp device-type { oc | bc | e2etc | p2ptc | e2etcoc | p2ptcoc |
tcandbc }
A clock mode is configured for the 1588v2 device.
c. Run ptp enable
PTP is enabled.
d. Run interface interface-type interface-number
The interface view is displayed.
e. Run ptp enable
PTP is enabled on the interface.
f. Run quit
Return to the system view.
g. Run clock source ptp synchronization enable
Clock synchronization is enabled for the PTP clock source.
h. Run clock source ptp priority priority-value
A priority is configured for the PTP clock source.
A smaller value indicates a higher priority.
i. (Optional) Run clock source ptp ssm { dnu | prc | sec | ssua | ssub | unk
| prtc | eprtc | esec | eprc }
An SSM level is configured for the PTP clock source.
j. (Optional) Run clock source ptp clock-id clockid-value
A clock ID is configured for the PTP clock source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 167
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
k. Run commit
The configuration is committed.
● Configure a line clock source.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
NOTE
HP-GE interfaces are used for clock synchronization only.
An HP-GE interface directly connects to a high-precision clock server to receive
frequency and time information. This helps improve the access capability of high-
precision clock sources on the entire network
c. Run clock synchronization enable
Clock synchronization is enabled for the line clock source.
d. (Optional) Run clock [ 2msync-1 | 2msync-2 ] priority priority-value
A priority is configured for the line clock source.
A smaller value indicates a higher priority.
e. (Optional) Run clock ssm { dnu | prc | sec | ssua | ssub | unk | prtc |
eprtc | esec | eprc }
An SSM level is configured for the line clock source.
f. (Optional) Run clock clock-id clockid-value
A clock ID is configured for the line clock source.
g. (Optional) Run clock bundle bundle-value
A bundle group ID is configured for the line clock source, and the line
clock source is added to the bundle group.
This command can be run to prevent a clock loop when two or more
clock links exist between two devices.
h. Run commit
The configuration is committed.
----End
Configuring the Manual or Forcible Clock Source Selection Mode
Context
By default, the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M uses
the automatic clock source selection algorithm to determine a clock source to be
traced. You can also manually or forcibly specify a clock source to be traced based
on the quality level of clock sources.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M allows you to
manually or forcibly specify a clock source to be traced for system or 2M
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 168
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
synchronous PLL-1/2M synchronous PLL-2 clocks. You can specify only a line clock
source for 2M synchronous PLL-1/2M synchronous PLL-2 clocks.
NOTICE
If the status of a forcibly specified clock source is not normal or its SSM level is
dnu, the system clock works in the hold state.
If the status of a manually specified clock source is neither normal nor holdoff, or
its SSM level is not the highest, this manually specified clock source does not take
effect.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run clock { manual | force } { 2msync-1 | 2msync-2 } source interface
{ interface-name | interface-type interface-number }
A clock source is manually or forcibly specified for 2M synchronous PLL-1/2M
synchronous PLL-2 clocks.
NOTE
The clock manual source command configuration is not saved in the configuration file.
You can run the display clock config command to check the configurations. If the specified
clock source becomes invalid, the system automatically uses the automatic clock source
selection mode. After the device is restarted, the clock manual source command
configuration is not restored, and the system uses the default automatic clock source
selection mode. After the device is upgraded to this version from an earlier version, the
clock manual source command run in the earlier version no longer takes effect, and the
system uses the default automatic clock source selection mode.
Step 3 Run clock { manual | force } source { ptp | interface interface-type interface-
number }
A clock source is manually or forcibly specified for system clocks.
NOTE
The clock manual source command configuration is not saved in the configuration file.
You can run the display clock config command to check the configurations. If the specified
clock source becomes invalid, the system automatically uses the automatic clock source
selection mode. After the device is restarted, the clock manual source command
configuration is not restored, and the system uses the default automatic clock source
selection mode. After the device is upgraded to this version from an earlier version, the
clock manual source command run in the earlier version no longer takes effect, and the
system uses the default automatic clock source selection mode.
Step 4 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 169
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration of the Manual or Forcible Clock Source Selection Mode
Prerequisites
After configuring the manual or forcible clock source selection mode, verify the
configuration.
Procedure
Step 1 Run the display clock config command to check clock source selection
configurations.
Step 2 Run the display clock source command to check information about all clock
sources, including the traced clock source.
----End
1.1.7.2.5 Maintaining Clock Synchronization
Context
Perform the following steps on the device:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure the function of maintaining clock synchronization as required.
● Run clock bits bits0 lti-action-2mbps { send-dnu | send-ais } [ slot slotid ]
command to configure the output action of the corresponding BITS interface
when the 2M ring does not trace the clock source.
● Run the clock input-threshold { dnu | prc | sec | ssua | ssub } command to
configure the threshold for the input quality level of an external clock source.
● Run the clock oam profile ccsa command to configure the CCSA OAM
function.
Step 3 Run commit
The configuration is committed.
----End
1.1.7.2.6 Configuration Examples for Clock Synchronization
Example for Configuring Clock Synchronization on a Ring Network
Networking Requirements
Figure 1-48 shows a ring network. On this network, Device A and Device C
connect to one external building integrated timing supply system (BITS) each.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 170
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
During network deployment, each device automatically selects a clock source
based on the clock signals transmitted from Device A and Device C.
Figure 1-48 Networking diagram of configuring clock synchronization on a ring
network
NOTE
The configuration in this example is performed on Device A, Device B, Device C, and Device
D. Interfaces 1 and 2 in this example represent GE0/1/0 and GE0/2/0, respectively.
Precautions
None
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a clock synchronization mode and enable the devices to select clock
sources based on SSM levels.
2. Configure clock sources.
3. Disable Device A from tracing clock signals from its connected BITS and check
whether devices go to trace clock signals from the BITS connected to Device
C.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 171
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Data Preparation
To complete the configuration, plan each router's clock source priority and SSM
level, as listed in Table 1-31.
Table 1-31 Clock source priority and SSM level of each router
router Clock Source in Use Priority
DeviceA BITS0 1
GE0/1/0 2
GE0/2/0 -
DeviceB GE0/1/0 1
GE0/2/0 2
DeviceC BITS0 1
GE0/1/0 -
GE0/2/0 3
DeviceD GE0/1/0 1
GE0/2/0 2
Procedure
Step 1 Enable the devices to select clock sources based on SSM levels.
# Configure Device A.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] clock ssm-control on
[*DeviceA] commit
# Configure other devices by using the same method for configuring Device A.
Step 2 Configure clock sources.
# Configure Device A.
[*DeviceA] clock bits-type bits0 2mbps
[*DeviceA] clock source bits0 synchronization enable
[*DeviceA] clock source bits0 priority 1
[*DeviceA] commit
[~DeviceA] quit
[~DeviceA] interface gigabitethernet 0/1/0
[~DeviceA-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceA-GigabitEthernet0/1/0] clock priority 2
[*DeviceA-GigabitEthernet0/1/0] commit
[~DeviceA-GigabitEthernet0/1/0] quit
[~DeviceA] interface gigabitethernet 0/2/0
[*DeviceA-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceA-GigabitEthernet0/2/0] commit
# Configure Device B.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 172
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceB] interface gigabitethernet 0/1/0
[~DeviceB-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceB-GigabitEthernet0/1/0] clock priority 1
[*DeviceB-GigabitEthernet0/1/0] commit
[~DeviceB-GigabitEthernet0/1/0] quit
[~DeviceB] interface gigabitethernet 0/2/0
[*DeviceB-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceB-GigabitEthernet0/2/0] clock priority 2
[*DeviceB-GigabitEthernet0/2/0] commit
# Configure Device D by using the same method for configuring Device B.
# Configure Device C.
[*DeviceC] clock bits-type bits0 2mbps
[*DeviceC] clock source bits0 synchronization enable
[*DeviceC] clock source bits0 priority 1
[*DeviceC] commit
[~DeviceC] quit
[~DeviceC] interface gigabitethernet 0/1/0
[*DeviceC-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceC-GigabitEthernet0/1/0] commit
[~DeviceC-GigabitEthernet0/1/0] quit
[~DeviceC] interface gigabitethernet 0/2/0
[*DeviceC-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceC-GigabitEthernet0/2/0] clock priority 3
[*DeviceC-GigabitEthernet0/2/0] commit
Step 3 Verify the configuration.
Run the display clock source command on Device A, Device B, Device C, and
Device D to check the clock synchronization configurations and clock source
information.
# Verify the configuration on Device A.
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: bits0
Current 2M-1 trace source: system PLL
Current 2M-2 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1/2m-2) In-SSM Out-SSM State Ref-Source
--------------------------------------------------------------------------
bits0/11 1/---/--- ssua -- normal yes
GE0/1/0 2/---/--- dnu ssua normal yes
GE0/2/0 ---/---/--- ssua ssua normal yes
# Verify the configuration on Device B.
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: GigabitEthernet0/1/0
Current 2M-1 trace source: system PLL
Current 2M-2 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1/2m-2) In-SSM Out-SSM State Ref-Source
--------------------------------------------------------------------------
GE0/1/0 1/---/--- ssua dnu normal yes
GE0/2/0 2/---/--- dnu ssua normal yes
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 173
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
# Verify the configuration on Device C.
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: GigabitEthernet0/2/0
Current 2M-1 trace source: system PLL
Current 2M-2 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1/2m-2) In-SSM Out-SSM State Ref-Source
--------------------------------------------------------------------------
bits0/11 1/---/--- ssub -- normal yes
GE0/1/0 ---/---/--- dnu ssua normal yes
GE0/2/0 3/---/--- ssua dnu normal yes
# Verify the configuration on Device D.
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: GigabitEthernet0/1/0
Current 2M-1 trace source: system PLL
Current 2M-2 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1/2m-2) In-SSM Out-SSM State Ref-Source
--------------------------------------------------------------------------
GE0/1/0 1/---/--- ssua dnu normal yes
GE0/2/0 2/---/--- ssua ssua normal yes
----End
Configuration Files
● Configuration file of Device A
#
sysname DeviceA
#
clock ssm-control on
clock bits-type bits0 2mbps
clock source bits0 synchronization enable
clock source bits0 priority 1
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 2
#
interface GigabitEthernet0/2/0
clock synchronization enable
#
return
● Configuration file of Device B
#
sysname DeviceB
#
clock ssm-control on
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 1
#
interface GigabitEthernet0/2/0
clock synchronization enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 174
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
clock priority 2
#
return
● Configuration file of Device C
#
sysname DeviceC
#
clock ssm-control on
clock bits-type bits0 2mbps
clock source bits0 synchronization enable
clock source bits0 priority 1
#
interface GigabitEthernet0/1/0
clock synchronization enable
#
interface GigabitEthernet0/2/0
clock synchronization enable
clock priority 3
#
return
● Configuration file of Device D
#
sysname DeviceD
#
clock ssm-control on
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 1
#
interface GigabitEthernet0/2/0
clock synchronization enable
clock priority 2
#
return
Example for Configuring Clock Synchronization on a Hybrid Network
On a hybrid clock synchronization network, enabling extensive Synchronization
Status Message (SSM) function can prevent clock loops.
Networking Requirements
As shown in Figure 1-49, this is a clock synchronization network consisting of
both a ring and a chain. Device A, Device B and Device C are on the same ring
clock synchronization network. Device A directly connects the external building
integrated timing supply system (BITS). Device C directly connects Device D that
belongs to the chain clock synchronization network.
In this hybrid network, each device synchronizes the best quality clock signals
from BITS when the BITS clock is normal. When a fault occurs on BITS, all devices
switch to trace the clock signals from the chain clock synchronization network to
which Device D belongs. The extensive SSM function is enabled on the network to
solve the problem of clock loops.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 175
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-49 Networking diagram of configuring clock synchronization on a hybrid
network
NOTE
The configuration in this example is performed on Device A, Device B, Device C, and Device
D.
Interfaces 1 through 3 in this example represent GE 0/1/0, GE 0/2/0, GE 0/3/0, respectively.
Precautions
None
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the mode of clock synchronization, and enable extensive SSM
function.
2. Configure clock sources.
Data Preparation
To complete the configuration, plan each router's clock source priority and clock
ID, as listed in Table 1-32.
Table 1-32 Clock source priority and Clock ID of each router
router Clock Source in Priority Clock ID
Use
DeviceA BITS0 1 1
GE 0/1/0 - 2
GE 0/2/0 3 3
DeviceB GE 0/1/0 1 4
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 176
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
router Clock Source in Priority Clock ID
Use
GE 0/2/0 2 5
DeviceC GE 0/1/0 2 8
GE 0/2/0 3 7
GE 0/3/0 - 6
DeviceD GE 0/1/0 1 9
Procedure
Step 1 Enable extensive SSM function.
# Configure DeviceA.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[HUAWEI] commit
[~DeviceA] clock extend-ssm-control on
[*DeviceA] commit
# Configure other devices by using the same method for configuring DeviceA.
Step 2 Configure clock sources.
# Configure DeviceA.
[*DeviceA] clock bits-type bits0 2mbps
[*DeviceA] clock source bits0 priority 1
[*DeviceA] clock source bits0 clock-id 1 slot 11
[*DeviceA] commit
[~DeviceA] quit
[~DeviceA] interface gigabitethernet 0/1/0
[*DeviceA-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceA-GigabitEthernet0/1/0] clock clock-id 2
[*DeviceA-GigabitEthernet0/1/0] commit
[~DeviceA-GigabitEthernet0/1/0] quit
[~DeviceA] interface gigabitethernet 0/2/0
[*DeviceA-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceA-GigabitEthernet0/2/0] clock priority 3
[*DeviceA-GigabitEthernet0/2/0] clock clock-id 3
[*DeviceA-GigabitEthernet0/2/0] commit
# Configure DeviceB.
[~DeviceB] interface gigabitethernet 0/1/0
[*DeviceB-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceB-GigabitEthernet0/1/0] clock priority 1
[*DeviceA-GigabitEthernet0/1/0] clock clock-id 4
[*DeviceB-GigabitEthernet0/1/0] commit
[~DeviceB-GigabitEthernet0/1/0] quit
[~DeviceB] interface gigabitethernet 0/2/0
[*DeviceB-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceB-GigabitEthernet0/2/0] clock priority 2
[*DeviceA-GigabitEthernet0/2/0] clock clock-id 5
[*DeviceB-GigabitEthernet0/2/0] commit
# Configure DeviceC.
[~DeviceC] interface gigabitethernet 0/3/0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 177
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*DeviceC-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceA-GigabitEthernet0/2/0] clock clock-id 6
[*DeviceC-GigabitEthernet0/2/0] commit
[~DeviceC-GigabitEthernet0/2/0] quit
[~DeviceC] interface gigabitethernet 0/2/0
[*DeviceC-GigabitEthernet0/2/0] clock synchronization enable
[*DeviceC-GigabitEthernet0/2/0] clock priority 3
[*DeviceA-GigabitEthernet0/2/0] clock clock-id 7
[*DeviceC-GigabitEthernet0/2/0] commit
[~DeviceC-GigabitEthernet0/2/0] quit
[~DeviceC] interface gigabitethernet 0/1/0
[*DeviceC-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceC-GigabitEthernet0/1/0] clock priority 2
[*DeviceA-GigabitEthernet0/1/0] clock clock-id 8
[*DeviceC-GigabitEthernet0/1/0] commit
# Configure DeviceD.
[~DeviceC] interface gigabitethernet 0/1/0
[*DeviceC-GigabitEthernet0/1/0] clock synchronization enable
[*DeviceC-GigabitEthernet0/1/0] clock priority 1
[*DeviceA-GigabitEthernet0/1/0] clock clock-id 9
[*DeviceC-GigabitEthernet0/1/0] commit
[~DeviceC-GigabitEthernet0/1/0] quit
----End
Configuration Files
● DeviceA configuration file
#
sysname DeviceA
#
clock extend-ssm-control on
clock bits-type bits0 2mbps
clock source bits0 clock-id 1 slot 11
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock clock-id 2
#
interface GigabitEthernet0/2/0
clock synchronization enable
clock priority 3
clock clock-id 3
#
return
● DeviceB configuration file
#
sysname DeviceB
#
clock extend-ssm-control on
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 1
clock clock-id 4
#
interface GigabitEthernet0/2/0
clock synchronization enable
clock priority 2
clock clock-id 5
#
return
● DeviceC configuration file
#
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 178
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
sysname DeviceC
#
clock extend-ssm-control on
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 2
clock clock-id 8
#
interface GigabitEthernet0/2/0
clock synchronization enable
clock priority 3
clock clock-id 7
#
interface GigabitEthernet0/3/0
clock synchronization enable
clock clock-id 6
#
return
● Configuration file of Device D
#
sysname DeviceD
#
clock extend-ssm-control on
#
interface GigabitEthernet0/1/0
clock synchronization enable
clock priority 1
clock clock-id 9
#
return
1.1.8 1588v2 Configuration
1.1.8.1 1588v2, G.8275.1 and SMPTE-2059-2 Feature Description
1588v2, G.8275.1 and SMPTE-2059-2 are time synchronization protocols. 1588v2 is
defined by IEEE, G.8275.1 is defined by ITU-T for telecom applications, and
SMPTE-2059-2 is an IEEE 1588-based standard used to allow time synchronization
for video devices over an IP network. This section describes 1588v2 , G.8275.1 and
SMPTE-2059-2.
1.1.8.1.1 Overview of 1588v2, G.8275.1 and SMPTE-2059-2
Description
● Synchronization
On a modern communications network, most telecommunications services
require that the frequency offset or time difference between devices be within
an acceptable range. To meet this requirement, network clock synchronization
must be implemented. Network clock synchronization includes frequency
synchronization and time synchronization.
– Time synchronization
Time synchronization, also called phase synchronization, means that both
the frequency of and the time between signals remain consistent. In this
case, the time offset between signals is always 0.
– Frequency synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 179
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Frequency synchronization, also known as clock synchronization, refers to
a strict relationship between signals based on a constant frequency offset
or a constant phase offset, in which signals are sent or received at the
same average rate at a valid instant. In this manner, all devices on the
communications network operate at the same rate, with the phase
difference between signals remaining at a fixed value.
Figure 1-50 Time synchronization and frequency synchronization
Figure 1-50 shows the difference between time synchronization and
frequency synchronization. In time synchronization, Watch A and Watch B
always keep the same time. In frequency synchronization, Watch A and Watch
B keep different time, but the time difference between the two watches is a
constant value, for example, 6 hours.
● IEEE 1588
IEEE 1588, also called Precision Time Protocol (PTP), is defined by the Institute
of Electrical and Electronics Engineers (IEEE) as a precision clock
synchronization protocol for networked measurement and control systems.
IEEE 1588v1, released in 2002, applies to industrial automation and tests and
measurements fields. With the development of IP networks and the
popularization of 3G networks, the demand for time synchronization on
telecommunications networks has grown stronger. To satisfy this demand,
IEEE drafted IEEE 1588v2 based on IEEE 1588v1 in June 2006, revised IEEE
1588v2 in 2007, and released IEEE 1588v2 at the end of 2008.
Targeted at telecommunications industry applications, IEEE 1588v2 improves
on IEEE 1588v1 in the following aspects:
– Encapsulation of Layer 2 and Layer 3 packets has been added.
– The transmission rate of Sync messages is increased.
– The transparent clock (TC) model has been developed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 180
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
– Hardware timestamp processing has been defined.
– Time-length-value (TLV) extension is used to enhance protocol features
and functions.
IEEE 1588v2 is defined as a time synchronization protocol, which allows for
high-precision time synchronization between devices. It is also used to
implement frequency synchronization between devices.
● ITU-T G.8275.1
ITU-T defines the precision time protocol telecom profile for phase/time
synchronization with full timing support from the network, known as G.
8275.1.
G.8275.1 defines three types of clocks, including T-GM, T-BC and T-TSC. A
bearer network device is configured as a T-BC.
● SMPTE-2059-2
SMPTE-2059-2 is an IEEE 1588-based standard that allows time
synchronization of video devices over an IP network.
Purpose
Data communications networks do not require time or frequency synchronization
and, therefore, routers on such networks do not need to support time or frequency
synchronization. On IP radio access networks (RANs), time or frequency needs to
be synchronized among base transceiver stations (BTSs). Therefore, routers on IP
RANs are required to support time or frequency synchronization.
Frequency synchronization between BTSs on an IP RAN requires that frequencies
between BTSs be synchronized to a certain level of accuracy; otherwise, calls may
be dropped during mobile handoffs. In addition to frequency synchronization,
some wireless standards require time synchronization. Table 1-33 lists the
requirements of wireless standards for the accuracy of frequency and time
synchronization.
Table 1-33 Requirements of wireless standards for the accuracy of frequency and
time synchronization
Wireless Standard Required Frequency Required Time
Synchronization Synchronization
Accuracy Accuracy
GSM 0.05 ppm NA
WCDMA 0.05 ppm NA
TD-SCDMA 0.05 ppm 3 µs
CDMA2000 0.05 ppm 3 µs
WiMax FDD 0.05 ppm N/A
WiMax TDD 0.05 ppm 1 µs
LTE 0.05 ppm In favor of time
synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 181
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Different BTSs have different requirements for frequency synchronization. These
requirements can be satisfied through physical clock synchronization (including
external clock input, WAN clock input, and synchronous Ethernet clock input) and
packet-based clock recovery.
Traditional packet-based clock recovery cannot meet the time synchronization
requirement of BTSs. For example, NTP-based time synchronization is only
accurate to within one second and 1588v1-based time synchronization is only
accurate to within one millisecond. To meet time synchronization requirements,
BTSs need to be connected directly to a global positioning system (GPS). This
solution, however, has some disadvantages such as GPS installation and
maintenance costs are high and communications may be vulnerable to security
breaches because a GPS uses satellites from different countries.
1588v2, with hardware assistance, provides time synchronization accuracy to
within one microsecond to meet the time synchronization requirements of wireless
networks. Thus, in comparison with a GPS, 1588v2 deployment is less costly and
operates independently of GPS, making 1588v2 strategically significant.
In addition, operators are paying more attention to the operation and
maintenance of networks, requiring routers to provide network quality analysis
(NQA) to support high-precision delay measurement at the 100 μs level.
Consequently, high-precise time synchronization between measuring devices and
measured devices is required, which I588v2 can provide.
1588v2 packets are of the highest priority by default to avoid packet loss and keep
clock precision.
Benefits
This feature brings the following benefits to carriers:
● Construction and maintenance costs for time synchronization on wireless
networks are reduced.
● Time synchronization and frequency synchronization on wireless networks are
independent of GPS, providing a higher level of strategic security.
● High-precision NQA-based unidirectional delay measurement is supported.
● Y.1731 and IP FPM are supported.
Concepts of G.8275.1
ITU-T defines the precision time protocol telecom profile for phase/time
synchronization with full timing support from the network, known as G.8275.1,
which is a time synchronization protocol.
A physical network can be logically divided into multiple clock domains. Each
clock domain has its own independent synchronous time, with which clocks in the
same domain synchronize.
Each node on a time synchronization network is called a clock. G.8275.1 defines
the following types of clocks:
● Telecom grandmaster (T-GM): A T-GM can only be the master clock that
provides time synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 182
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Telecom-boundary clock (T-BC): A T-BC has more than one G.8275.1 interface.
One interface of the T-BC synchronizes time signals with an upstream clock,
and the other interfaces distribute the time signals to downstream clocks.
● Telecom transparent clock (T-TC): A T-TC has more than one G.8275.1
interface through which the T-TC forwards G.8275.1 packets, and corrects the
packet transmission delay. A T-TC does not synchronize the time through any
of these G.8275.1 interfaces.
● Telecom time slave clock (T-TSC): A T-TSC can only be the slave clock that
synchronizes the time information of the upstream device.
NOTE
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M can function only as a
T-BC or T-TC.
Concepts of SMPTE-2059-2
SMPTE-2059-2 is an IEEE 1588-based standard that allows time synchronization of
video devices over an IP network.
The SMPTE-2059-2 protocol provides acceptable lock time, jitter, and accuracy.
SMPTE-2059-2 is developed based on IEEE 1588. For details about the principles,
networking, and related concepts of SMPTE-2059-2, see the IEEE 1588 protocol.
1.1.8.1.2 Understanding 1588v2, G.8275.1 and SMPTE-2059-2
Basic Concepts
Clock Domain
A physical network can be logically divided into multiple clock domains. Each
clock domain has a reference time with which all devices in the domain are
synchronized. The reference time in one clock domain is different from and
independent of that in another clock domain.
A device can transparently transmit the time information from multiple clock
domains over a transport network to provide reference times for multiple mobile
carrier networks. The device, however, can join only one clock domain and
synchronize the time with only one reference time.
Clock Nodes
Each node on a time synchronization network is called a clock. 1588v2 defines the
following types of clocks:
● Ordinary clock (OC)
An OC has only one 1588v2 interface. Through this interface the OC
synchronizes the time with an upstream node or distributes the time to
downstream nodes.
● Boundary clock (BC)
A BC has multiple 1588v2 interfaces. The BC uses one of these interfaces to
synchronize the time with an upstream node and uses the other interfaces to
distribute the time to downstream nodes.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 183
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The following is an example of a special case: If a device obtains the reference
time from a BITS source through an external time interface (which is not
enabled with 1588v2) and then distributes the time to downstream nodes
through two 1588v2 interfaces, the device is a BC because it has more than
one 1588v2 interface.
● Transparent clock (TC)
The biggest difference between a TC and a BC or an OC is that a TC does not
synchronize the time with other devices where a BC or an OC does. A TC has
multiple 1588v2 interfaces. Through these interfaces, the TC forwards 1588v2
packets and corrects the packet forwarding delay. Unlike a BC and OC, a TC
does not synchronize the time with other devices through any of these 1588v2
interfaces.
TCs are classified as either end-to-end (E2E) TCs or peer-to-peer (P2P) TCs.
● TC+OC
A TC+OC is a special TC. It has the same functions as a TC in terms of time
synchronization (forwarding 1588v2 packets and correcting the forwarding
delay) and performs clock synchronization on OC interfaces (only clock
synchronization is performed, whereas time synchronization is not).
As described earlier, a TC can correct the forwarding delay for the 1588v2
packets forwarded by itself. As long as a TC'S inbound and outbound
interfaces keep synchronized time, the time difference between when the
inbound interface receives a packet and when the outbound interface sends a
packet is the forwarding delay. However, if a TC is not synchronous with a BC
or OC that performs time synchronization, the packet forwarding delay is
inaccurate. This results in the BC or OC calculating time synchronization
incorrectly, decreasing the time synchronization precision.
Usually, it is recommended that the clock synchronization between a TC and a
BC or OC be implemented through a physical clock, such as a WAN clock or
synchronous Ethernet clock. If no physical clock is available, the TC needs to
synchronize the frequency using the 1588v2 Sync packets periodically sent by
an upstream device, thereby achieving clock synchronization with the
upstream device. This is the function of a TC+OC.
TC+OCs are classified as either E2E TC+OCs or P2P TC+OCs.
Figure 1-51 shows the positions of the OC, BC, and TC on a time synchronization
network.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 184
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-51 Positions of the OC, BC, and TC on a time synchronization network
Time Source Selection
On a 1588v2 network, all clocks are deployed in a hierarchical structure according
to the master-slave relationship. The grandmaster clock provides the reference
time and is at the highest stratum. Such a topology can be statically configured or
automatically generated through the best master clock algorithm (BMCA) defined
in IEEE 1588v2.
IEEE 1588v2 defines an Announce message that is used to exchange time source
information between clock nodes. Such information includes the precedence of the
grandmaster clock, stratum, time precision, and number of hops to the
grandmaster clock. With this information, clock nodes determine the grandmaster
clock, select the interfaces through which to synchronize the time with the
grandmaster clock, and determine the master-slave relationship between two
clock nodes. After a time source is selected, a spanning tree can be created, which
is a fully connected loop-free topology that has the grandmaster clock as the root.
If a master-slave relationship has been set up between two nodes, the master
node periodically sends an Announce message to the slave node. If the slave node
does not receive an Announce message from the master node within a specified
period, the slave node terminates the current master-slave relationship and finds
another interface with which to establish a new master-slave relationship.
Clock nodes also support packet timing signal fail (PTSF)-triggered source
switching. If the current time source has an offset change (greater than 1.1 μs for
three consecutive seconds) or a signal failure occurs due to the loss of Sync
packets, a clock node automatically switches to another valid time source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 185
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Clock Modes of a 1588v2 Device
● OC
● BC
● TC
● E2ETC
● P2PTC
● E2ETCOC
● TCandBC
● P2PTCOC
1588v2 Packet Encapsulation Modes
A 1588v2 packet can be encapsulated in either MAC or UDP mode:
● In MAC encapsulation, VLAN IDs and 802.1p priorities are carried in 1588v2
packets. MAC encapsulation is divided into two types:
– Unicast encapsulation
– Multicast encapsulation
● In UDP encapsulation, differentiated services code point (DSCP) values are
carried in 1588v2 packets. UDP encapsulation is divided into two types:
– Unicast encapsulation
– Multicast encapsulation
Supported Link Types
Theoretically, 1588v2 supports all types of links. However, 1588v2 defines the
encapsulation and implementation only on Ethernet links. Therefore, the
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports 1588v2 only
over Ethernet links.
Grandmaster
A time synchronization network is like a spanning tree, on which the grandmaster
clock is the root node. Other nodes synchronize their time with the grandmaster
clock.
Master/Slave
When a pair of nodes performs time synchronization, the upstream node
distributing the reference time is the master node and the downstream node
receiving the reference time is the slave node.
IEEE 1588v2 Synchronization Principle
The principle of 1588v2 time synchronization is the same as that of NTP time
synchronization. The master and slave nodes exchange timing packets, and
calculate the packet transmission delays in both directions (sending and receiving)
according to the receiving and sending timestamps in the exchanged timing
packets. If the packet transmission delays in both directions are identical, the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 186
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
unidirectional delay is half the bidirectional delay. On this basis, the time offset
between the slave and master nodes can be obtained. The slave node then
synchronizes with the master node by correcting its local time according to the
time offset.
However, the delay variation on an existing network and the different delays in
opposite directions on a link result in low time synchronization precision. For
example, the precision in NTP can be as low as 10 ms to 100 ms.
While 1588v2 and NTP have the same principles, they differ in implementation.
NTP runs at the application layer, for example, on the MPU of NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 M. The delay measured by NTP, in addition
to the link delay, includes various internal processing delays, such as the internal
congestion queuing, software scheduling, and software processing delays. These
make the packet transmission delay unstable, causing packet transmission delays
in two directions to be asymmetric. As a result, the accuracy of NTP-based time
synchronization is low.
Different from NTP, 1588v2 assumes that the link delay is a constant value (or
changes slowly, and the change between synchronization processes is a trivial
value that can be ignored), and that delays in opposite directions on a link are the
same. In this case, 1588v2 adds timestamps at the points closest to each end of a
link to measure the link delay, achieving the highest possible degree of time
synchronization precision.
1588v2 defines two modes for the delay measurement and time synchronization,
namely, Delay and Peer Delay (PDelay).
Delay Mode
The Delay mode is applied to E2E delay measurement. Figure 1-52 shows the
delay measurement in Delay mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 187
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-52 E2E delay measurement in Delay mode
NOTE
In Figure 1-52, t-sm and t-ms are delays in opposite directions. In the following example,
the two delay values are the same. If they are different, the asymmetrical delay correction
mechanism can be used to compensate for the asymmetric delay. For details about
asymmetric delay correction, see the following part of this section.
Follow_Up packets are used in two-step mode. Here, the one-step mode is described and
Follow_Up packets are disregarded. The two-step mode is described later in this section.
A master node periodically sends a Sync packet carrying the sending timestamp t1
to the slave node. When the slave node receives the Sync packet, it adds the
timestamp t2 to the packet.
The slave node periodically sends a Delay_Req packet to the master node and
records the sending timestamp t3. When the master node receives the Delay_Req
packet, it adds the timestamp t4 to the packet and returns a Delay_Resp packet to
the slave node.
In this way, the slave node obtains a set of timestamps, namely, t1, t2, t3, and t4.
Essentially, the bidirectional delays are as follows:
The sum of bidirectional delays on the link between the master and slave nodes is
equal to (t4 – t1) – (t3 – t2). The unidirectional delay (Delay) on the link between
the master and slave nodes (assuming that the delays in opposite directions are
symmetric) is equal to [(t4 – t1) – (t3 – t2)]/2.
If the time offset of the slave node relative to the master node is Offset, then:
t2 – t1 = Delay + Offset
t4 – t3 = Delay – Offset
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 188
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Therefore, Offset is [(t2 – t1) – (t4 – t3)]/2.
Based on the time offset, the slave node synchronizes its time with the master
node.
This process is performed repeatedly to maintain time synchronization between
the slave and master nodes. Figure 1-53 shows the networking.
Figure 1-53 Networking diagram of directly connected BC and OC
Figure 1-53 shows a scenario in which a BC and an OC are directly connected. TCs can also be deployed
between the BC and OC; however, the TCs must be 1588v2-capable devices in order to ensure the precision
of time synchronization. If TCs are deployed, they only transparently transmit 1588v2 packets and correct
the forwarding delays in these packets.
Stable delay, without variation, between two nodes is key to achieving high precision in 1588v2 time
synchronization. Generally, link delays can meet this requirement. However, because the forwarding delay
varies significantly, the precision of time synchronization cannot be ensured if a forwarding device is
deployed between two nodes that perform time synchronization. The solution to this is to perform
forwarding delay correction on forwarding devices (which must be TCs).
Figure 1-54 shows how the forwarding delay correction is performed on a TC.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 189
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-54 Schematic diagram of forwarding delay correction on a TC
The TC modifies the CorrectionField field of a 1588v2 packet on the inbound and outbound interfaces.
Specifically, the TC subtracts the timestamp indicating when the 1588v2 packet was received on the
inbound interface and adds the timestamp indicating when the 1588v2 packet was sent from the outbound
interface. As such, the forwarding delay of the 1588v2 packet on the TC is added to the CorrectionField field.
In this manner, the 1588v2 packet exchanged between the master and slave nodes, when passing through
multiple TCs, carry packet forwarding delays of all TCs in the CorrectionField field. When the slave node is
synchronized with the master node, the value of the CorrectionField field is deducted and the value
obtained is the link delay. This ensures high-precision time synchronization.
The preceding TCs are called E2E TCs. In Delay mode, only E2E TCs are applicable. Figure 1-55 shows how
the BC, OC and E2E TC are connected and how 1588v2 operates.
Figure 1-55 Networking of the BC, OC, and E2E TC and the synchronization
process
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 190
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
PDelay Mode
When performing time synchronization in PDelay mode, the slave node deducts
both the packet forwarding delay and upstream link delay. The time
synchronization in PDelay mode requires that each device obtains its upstream
link delay. This can be achieved by running the peer delay protocol between
adjacent devices. Figure 1-56 shows the time synchronization process.
Figure 1-56 Schematic diagram of time synchronization in PDelay mode
NOTE
In Figure 1-52, t-sm and t-ms are delays in opposite directions. In the following example,
the two delay values are the same. If they are different, the asymmetrical delay correction
mechanism can be used to compensate for the asymmetric delay. For details about
asymmetric delay correction, see the following part of this section.
Follow_Up packets are used in two-step mode. Here, the one-step mode is described and
Follow_Up packets are disregarded. The two-step mode is described later in this section.
Node 1 periodically sends a PDelay_Req packet carrying the sending timestamp t1
to node 2. When node 2 receives the Sync packet, it adds the timestamp t2 to the
packet. Node 2 sends a PDelay_Resp packet to node 1 and saves the sending
timestamp t3. When node 1 receives the PDelay_Resp packet, it adds the
timestamp t4 to the packet.
In this way, node 1 obtains a set of timestamps, namely, t1, t2, t3, and t4.
Essentially, the bidirectional delays are as follows:
The sum of bidirectional delays on the link between node 1 and node 2 is equal to
(t4 – t1) – (t3 – t2).
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 191
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The unidirectional delay on the link between node 1 and node 2 (assuming that
the delays in opposite directions are symmetric) is equal to [(t4 – t1) – (t3 –
t2)]/2.
The delay measurement in PDelay mode does not differentiate between the
master and slave nodes. All nodes send PDelay packets to their adjacent nodes to
calculate adjacent link delay. This calculation process repeats and the packet
transmission delay in one direction is updated accordingly.
In the preceding process, the link delay is calculated and updated in real time, but
time synchronization is not performed. For time synchronization, Sync packets
must be sent from the master node to the slave node. Specifically, the master
node periodically sends a Sync packet to the slave node, which obtains two
timestamps, namely, t1 and t2. After the slave node corrects the delay by
deducting the delay on the link from the master node to the slave node, the
obtained value (t2 – t1 – CorrectionField) is the time offset of the slave node
relative to the master node. Based on the time offset, the slave node synchronizes
its time with the master node. Figure 1-57 shows the networking.
Figure 1-57 Networking diagram of time synchronization in PDelay mode
between the directly connected BC and OC
As shown in Figure 1-57, the BC and OC are directly connected.
Other devices can be deployed between the BC and OC; however, they must be
TCs in order to ensure the precision of time synchronization. If TCs are deployed,
they only transparently transmit 1588v2 packets and correct the forwarding delays
in these packets. Different from an E2E TC, a P2P TC corrects not only the
forwarding delay but also the upstream link delay. Figure 1-58 shows how the
forwarding delay correction is performed on a P2P TC.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 192
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-58 Forwarding delay correction in PDelay mode
Figure 1-59 shows how the BC, OC and P2P TC are connected and how PDelay
operates.
Figure 1-59 Networking and schematic diagram of forwarding delay correction in
PDelay mode on a P2P TC
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 193
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
One-Step/Two-Step
In one-step mode, Sync packets for time synchronization in Delay mode and
PDelay_Resp packets for time synchronization in PDelay mode include a sending
timestamp.
In two-step mode, Sync packets for time synchronization in Delay mode and
PDelay_Resp packets for time synchronization in PDelay mode do not include a
sending timestamp. Instead, their sending time is recorded and then added as a
timestamp in subsequent packets, such as Follow_Up and PDelay_Resp_Follow_Up
packets.
NOTE
For time synchronization protocols, when an HP-GE interface is used to connect to an ultra-
high-precision time server, the two-step mode is supported by default, and the one-step
mode is not supported.
Asymmetry Delay Correction
Theoretically, 1588v2 requires symmetric bidirectional delays on a link. Otherwise,
the algorithms of 1588v2 time synchronization cannot be implemented. In real-
world scenarios, however, bidirectional delays on a link may be asymmetric due to
the attributes of a link or device. For example, bidirectional delays are inconsistent
on the link segment from the location of a timestamp to the link. To solve the
problem, 1588v2 provides an asymmetric delay correction mechanism, which is
shown in Figure 1-60.
Figure 1-60 Asymmetric delay correction mechanism
Generally, the values of t-sm and t-ms are the same. If they are different and the
difference remains fixed, you can measure the delay difference using a meter, and
then configure the delay difference. On this basis, 1588v2 calculates the
asymmetry correction value during time synchronization calculation, thereby
achieving precise time synchronization even for links with asymmetric delays.
Packet Encapsulation
1588v2 defines the following packet encapsulation modes:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 194
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Layer 2 multicast encapsulation through a multicast MAC address
The EtherType value is 0x88F7, and the multicast MAC address is 01-80-
C2-00-00-0E (in PDelay packets) or 01-1B-19-00-00-00 (in non-PDelay
packets).
Layer 2 multicast encapsulation is a recommended encapsulation mode. The
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports this
mode and packets with VLAN tags. Figure 1-61 shows Layer 2 multicast
encapsulation without tags.
Figure 1-61 Layer 2 multicast encapsulation without tags
Figure 1-62 shows Layer 2 multicast encapsulation with tags.
Figure 1-62 Layer 2 multicast encapsulation with tags
● Layer 3 unicast encapsulation through unicast UDP
The destination UDP port number is 319 or 320, depending on the types of
1588v2 packets.
Currently, this encapsulation mode is recommended for Huawei wireless base
stations. The IP clock server is connected to multiple BTSs and uses unicast
UDP to exchange 1588v2 protocol packets. Figure 1-63 shows Layer 3 unicast
encapsulation without tags.
Figure 1-63 Layer 3 unicast encapsulation without tags
Figure 1-64 shows Layer 3 unicast encapsulation with tags.
Figure 1-64 Layer 3 unicast encapsulation with tags
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 195
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Layer 3 multicast encapsulation through multicast UDP
● Layer 2 unicast encapsulation through a unicast MAC address
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports Layer 2
multicast encapsulation, Layer 3 unicast encapsulation, Layer 3 multicast
encapsulation, and Layer 2 unicast encapsulation.
BITS Interface
1588v2 enables time synchronization between clock nodes, but cannot
synchronize these clock nodes with the Coordinated Universal Time (UTC). To
ensure that the clock nodes are synchronized with the UTC, an external time
source is required. In other words, the grandmaster clock needs to be connected to
an external time source to obtain synchronized time in non-1588v2 mode.
Currently, external time sources are predominantly satellite-based, for example,
the GPS (US), Galileo (Europe), GLONASS (Russia), and Beidou (China). Figure
1-65 shows the connection mode.
Figure 1-65 External time synchronization
Each main control board on the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M provides one external time interface and one external clock
interface, and each channel of time/clock signals is exchanged between the active
and standby main control boards.
● RJ45 interface (using a 120-ohm balanced cable)
Two RJ45 interfaces, one of which functions as an external clock interface and
the other as an external time interface. They provide the following clock or
time signals:
– 2 MHz clock signal (differential level with one line clock input and one
line clock output)
– 2 Mbit/s clock signal (differential level with one line clock input and one
line clock output)
– DC level shifter (DCLS) time signal (RS422 differential level with one line
clock input and one line clock output)
– 1 pps + TOD time signal (RS422 differential level with one line time
input)
– 1 pps + TOD time signal (RS422 differential level with one line time
output)
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 196
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Clock Synchronization
In addition to time synchronization, 1588v2 can be used for clock synchronization.
That is, frequency synchronization can be achieved through 1588v2 packets.
1588v2 time synchronization in Delay or PDelay mode requires the device at one
or both ends of a link to periodically send Sync packets to its peer.
The Sync packet carries a sending timestamp. After receiving the Sync packet, the
peer end adds a receiving timestamp to it. If the link delay is stable, the sending
and receiving timestamps change at the same pace. If the receiving timestamp
changes faster or slower than the sending timestamp, the clock on the receiving
device runs faster or slower than the clock on the sending device. In this case, the
local clock on the receiving device must be adjusted to ensure frequency
synchronization between the two devices.
Frequency synchronization through 1588v2 packets has a lower precision than
that through synchronous Ethernet. Where possible, you are therefore advised to
use synchronous Ethernet to perform clock synchronization and use 1588v2 to
perform time synchronization.
1588v2 frequency synchronization can be implemented in either of the following
modes:
● Hop-by-hop frequency synchronization
In hop-by-hop mode, all devices on a link are required to support 1588v2. The
frequency synchronization accuracy in this mode is high and can meet the
requirements of ITU-T G.813 (stratum 3 clock standard) if there are few hops.
● E2E frequency synchronization (Delay variation may occur on the
intermediate network.)
In end-to-end mode, the intermediate devices do not need to support 1588v2.
This mode only requires that the delay variation of the forwarding path meet
a specified requirement, for example, less than 20 ms. However, the frequency
synchronization accuracy in this mode is low and can meet only the
requirements of the G.8261 and wireless base stations (50 ppb) rather than
that of the stratum 3 clock standard.
To achieve high frequency synchronization accuracy, 1588v2 requires Sync packets
to be sent at a high rate of at least 100 pps.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M is compliant with
the following clock standards:
● G.813 and G.823 for external clock synchronization
● G.813 for SDH clocks (such as CPOS and c-STM-1)
● G.813 and G.823/G.824 for E1 clocks
● G.8261 and G.8262 for synchronous Ethernet clocks
At present, NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports
frequency synchronization through 1588v2 packets only in hop-by-hop mode, not
in E2E or inter-PDV-network mode. Although the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M is compliant with G.8261 and G.823/G.824,
compliance with G.813 and G.8262 is not guaranteed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 197
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
G.8275.1 Synchronization Principle
The principle of G.8275.1 time synchronization is the same as that of 1588v2 time
synchronization. The master and slave nodes exchange timing packets, and
calculate the packet transmission delays in both directions (sending and receiving)
according to the receiving and sending timestamps in the exchanged timing
packets. If the packet transmission delays in both directions are identical, the
unidirectional delay (the time offset between the slave and master nodes) is half
the bidirectional delay. The slave node then synchronizes with the master node by
correcting its local time according to the time offset.
Offset Measurement and Automatic Compensation
In the clock networking, the synchronization offset may exist due to the
asymmetry of optical fibers. The device works with NCE to calculate the offset
value, and NCE automatically delivers the offset value to the device for
compensation.
Offset Introduction
The function of 1588v2 and G.8275.1 requires that the delay on the transmit and
receive paths between the master and slave devices be the same. If the receive
and transmit path delay values are different, a synchronization error is introduced,
which is half of the receive and transmit path delay difference. In the hop-by-hop
synchronization scenario, whether the delay of the receive and transmit paths
between the master and slave devices is the same is determined based on the
lengths of the receive and transmit fibers.
As shown in Figure 1-66, fiber asymmetry does not occur if the transmit and
receive fibers between the master and slave devices are routed through the same
optical cable and the lengths of pigtails are the same. If the transmit and receive
optical fibers between the master and slave devices are routed through optical
cables of different lengths or the lengths of pigtails are different, fiber asymmetry
occurs.
Figure 1-66 Fiber symmetry and asymmetry
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 198
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Real-time offset Monitoring and Automatic Compensation When GPS Is
Configured on the Base Station Side
As shown in Figure 1-67, when the GPS feature is deployed on the base station
side, the device works with NCE to implement real-time offset monitoring and
automatic compensation.
Figure 1-67 Real-time offset monitoring and automatic compensation when GPS
is deployed on the base station side
The service process is as follows:
1. After the clock networking is complete, all devices synchronize time.
2. The clock interface of each device sends the time information of the device to
the base station.
3. The base station calculates the offset values and sends the signaling packets
back to each device, which carry offset information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 199
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
4. NCE obtains the offset information received by each clock port from each
device in polling mode.
5. NCE determines asymmetric links and offset values on the network based on
the offset information reported by each device.
6. NCE delivers the offset values to the devices at both ends of the asymmetric
links.
Offset Measuring Mode and Automatic Compensation of the Reference Port
If the device cannot obtain the GPS time offset information, connect the reference
source (such as the BITS meter or Atom GPS) to the reference port on the device.
Then, the device and NCE calculate the time offset and automatically compensate
for it.
Figure 1-68 Measurement on a ring network
As shown in Figure 1-68, the service process on a ring network is as follows:
1. After the passive port detection function is enabled on the entire network, the
device automatically determines the device with both the slave port and
passive port using the BMC algorithm.
2. If the offset value on the passive port is greater than the threshold, an alarm
is triggered. Otherwise, the clock network is normal and no offset is required.
3. On the device where the passive port resides, select a reference port that
supports 1588 synchronization and connect the reference source to the
reference port.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 200
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
4. Each device receives the time synchronization information delivered from the
reference port and calculates the offset between the restored time of the
slave port and the time of the reference port.
5. NCE obtains the offset information fed back by each device and determines
the asymmetric links and offset values on the network.
6. NCE delivers the offset values to the devices at both ends of the asymmetric
links.
The service process on a chain network is as follows:
1. When services are abnormal, select a reference port that supports 1588
synchronization at the end node of the chain and connect the reference
source to the reference port.
2. Each device receives the time synchronization information delivered from the
reference port and calculates the offset between the restored time of the
slave port and the time of the reference port.
3. NCE obtains the offset information fed back by each device and determines
the asymmetric links and offset values on the network.
4. NCE delivers the offset values to the devices at both ends of the asymmetric
links.
1.1.8.1.3 Application Scenarios for 1588v2, G.8275.1 and SMPTE-2059-2
1588v2 support is currently implemented on a hop by hop basis, whereby all
devices on a link must support 1588v2. A maximum of 20 hops are supported on a
1588v2 network.
Because a master clock has multiple slave clocks, it is recommended that you use
the BITS or IP clock server as the master clock. It is not recommended to use any
device as the master clock because the CPU of the device may be overloaded.
1588v2 Clock Synchronization in Hop-by-Hop Mode
Figure 1-69 Networking diagram of 1588v2 clock synchronization in per-hop
mode
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 201
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
As shown in Figure 1-69, the clock source can send clock signals to gNodeBs
through the 1588v2 clock, WAN clock, synchronous Ethernet clock, or any
combination of clocks.
Scenario description:
● gNodeBs only need frequency synchronization.
● GE links on the bearer network support the 1588v2 clock rather than the
synchronous Ethernet clock.
Solution description:
● The Synchronous Digital Hierarchy (SDH) or synchronous Ethernet clock sends
stratum 3 clock signals through physical links. On the GE links that do not
support the synchronous Ethernet clock, stratum 3 clock signals are
transmitted through 1588v2.
● Advantage of the solution: The solution is simple and flexible.
● Disadvantage of the solution: Only frequency synchronization rather than
time synchronization is performed.
1588v2 Clock Synchronization in Bearer and Wireless Networks in the Same
Clock Domain
Figure 1-70 Networking diagram of the bearer and wireless networks in the same
clock domain
Scenario description:
● gNodeBs need to synchronize time with each other.
● The bearer and wireless networks are in the same clock domain.
Solution description:
● The core node supports GPS or BITS clock interfaces.
● All nodes on the bearer network function as BC nodes, which support the link
delay measurement mechanism to handle fast link switching.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 202
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Links or devices that do not support 1588v2 can be connected to devices with
GPS or BITS clock interfaces to perform time synchronization.
● Advantage of the solution: The time of all nodes is synchronous on the entire
network.
● Disadvantage of the solution: All nodes on the entire network must support
1588v2.
1588v2 Clock Synchronization in Bearer and Wireless Networks in Different
Clock Domains
Figure 1-71 Networking diagram of the bearer and wireless networks in different
clock domains
Scenario description:
● gNodeBs need to synchronize time with each other.
● The bearer and wireless networks are in different time domains.
Solution description:
● The GPS is used as a time source and is connected to the wireless IP clock
server.
● BCs are deployed in the middle of the bearer network to synchronize the time
of the intermediate network.
● TCs are deployed on both ends of the bearer network. TCs only correct the
message transmission delay and send the time to NodeBs, but do not
synchronize the time with the clock server.
● Advantage of the solution: The implementation is simple because the bearer
network does not need to synchronize with the clock server.
● Disadvantage of the solution: Devices on both ends of the bearer network
need to support 1588v2 in TCandBC mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 203
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
G.8275.1 Per-Hop Clock Synchronization
Figure 1-72 G.8275.1 per-hop clock synchronization
Scenario description:
● gNodeBs need to synchronize time with each other.
● The bearer and wireless networks are in the same clock domain.
Solution description:
● The core node supports GPS or BITS clock interfaces.
● Network-wide time synchronization is achieved from the core node in T-BC
mode. All T-BC nodes support path delay measurement to adapt to fast link
switching.
● Network-wide synchronization can be traced to two grand masters.
● Advantage of the solution: The network-wide time is synchronized to ensure
the optimal tracing path.
● Disadvantage of the solution: All nodes on the entire network must support
1588v2 and G.8257.1.
SMPTE-2059-2 E2E Clock Synchronization
Figure 1-73 Networking of SMPTE-2059-2 E2E clock synchronization
As shown in Figure 1-73, the clock server and the base station transmit TOP-
encapsulated SMPTE-2059-2 packets over a bearer network enabled with QoS
assurance (jitter < 20 ms).
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 204
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Scenario description:
● gNodeBs only need frequency synchronization.
● The bearer network does not support SMPTE-2059-2 or the use of SyncE to
restore frequency.
Solution description:
● Bearer network devices are connected to the wireless IP clock server, and
SMPTE-2059-2 is used to transmit and restore clock in E2E mode.
● The clock server sends timing messages in the SMPTE-2059-2 format. The
bearer network transparently transmits the timing messages. Upon receipt of
the timing messages, gNodeBs restore clock information.
● SMPTE-2059-2 packets are transparently transmitted over the bearer network
by priority to ensure an E2E jitter of less than 20 ms.
● Advantage of the solution: Devices on the bearer network are not required to
support SMPTE-2059-2, and are therefore easily deployed.
● Disadvantage of the solution: Only frequency synchronization rather than
time synchronization is performed. In practice, an E2E jitter of less than 20 ms
is not ensured.
1.1.8.1.4 Terms and Abbreviations for 1588v2, G.8275.1, and SMPTE-2059-2
Terms
Terms Description
Synchro On a modern communications network, most telecommunications
nization services require that the frequency offset or time difference between
devices be within an acceptable range. To meet this requirement,
network clock synchronization must be implemented. Network clock
synchronization includes frequency synchronization and time
synchronization.
● Time synchronization
Time synchronization, also known as phase synchronization, refers
to the consistency of both frequencies and phases between
signals. This means that the phase offset between signals is
always 0.
● Frequency synchronization
Frequency synchronization, also known as clock synchronization,
refers to a strict relationship between signals based on a constant
frequency offset or a constant phase offset, in which signals are
sent or received at the same average rate at a valid instant. In this
manner, all devices on the communications network operate at
the same rate, with the phase difference between signals
remaining at a fixed value.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 205
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Terms Description
IEEE 1588v2, also called Precision Time Protocol (PTP), is defined by the
1588v2 Institute of Electrical and Electronics Engineers (IEEE) as a precision
PTP clock synchronization protocol for networked measurement and
control systems.
Clock Logically, a physical network can be divided into multiple clock
domain domains. Each clock domain has its own independent synchronous
time, with which clocks in the same domain synchronize.
Clock Each node on a time synchronization network is called a clock. The
node 1588v2 protocol defines three types of clocks: OC, BC, and TC.
Clock Clock source selection is a method to select reference clocks based on
source the clock selection algorithm.
selectio
n
One- In one-step mode, Sync packets for time synchronization in Delay
step mode and PDelay_Resp packets for time synchronization in PDelay
mode mode include a sending timestamp.
Two- In two-step mode, Sync packets for time synchronization in Delay
step mode and PDelay_Resp packets for time synchronization in PDelay
mode mode do not include a sending timestamp. Instead, their sending
time is recorded and then added as a timestamp in subsequent
packets, such as Follow_Up and PDelay_Resp_Follow_Up packets.
Acronyms and Abbreviations
Acronyms and Full spelling
Abbreviations
1588v2 Precision Time Protocol
IP RAN Internet Protocol Radio Access Network
GSM Global System for Mobile Communications
WCDMA Wideband Code Division Multiple Access
TD-SCDMA Time Division-Synchronous Code Division Multiple Access
WiMax FDD Worldwide Interoperability for Microwave Access Frequency
Division Duplex
WiMax TDD Worldwide Interoperability for Microwave Access Time
Division Duplex
NTP Network Time Protocol
GPS Global Positioning System
LTE Long Term Evolution
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 206
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Acronyms and Full spelling
Abbreviations
BC Boundary Clock
OC Ordinary Clock
TC Transparent Clock
BMC Best Master Clock
BITS Building Integrated Time Supply System
1.1.8.2 1588v2 Configuration
By configuring IEEE 1588v2, you can enable devices in the IP RAN scenario to
implement time synchronization and clock synchronization.
1.1.8.2.1 Overview of 1588v2
Purpose
Data communications networks do not require time or frequency synchronization
and, therefore, routers on such networks do not need to support time or frequency
synchronization. On IP radio access networks (RANs), time or frequency needs to
be synchronized among base transceiver stations (BTSs). Therefore, routers on IP
RANs are required to support time or frequency synchronization.
Frequency synchronization between BTSs on an IP RAN requires that frequencies
between BTSs be synchronized to a certain level of accuracy; otherwise, calls may
be dropped during mobile handoffs. In addition to frequency synchronization,
some wireless standards require time synchronization. Table 1-34 lists the
requirements of wireless standards for the accuracy of frequency and time
synchronization.
Table 1-34 Requirements of wireless standards for the accuracy of frequency and
time synchronization
Wireless Standard Required Frequency Required Time
Synchronization Synchronization
Accuracy Accuracy
GSM 0.05 ppm NA
WCDMA 0.05 ppm NA
TD-SCDMA 0.05 ppm 3 µs
CDMA2000 0.05 ppm 3 µs
WiMax FDD 0.05 ppm N/A
WiMax TDD 0.05 ppm 1 µs
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 207
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Wireless Standard Required Frequency Required Time
Synchronization Synchronization
Accuracy Accuracy
LTE 0.05 ppm In favor of time
synchronization
Different BTSs have different requirements for frequency synchronization. These
requirements can be satisfied through physical clock synchronization (including
external clock input, WAN clock input, and synchronous Ethernet clock input) and
packet-based clock recovery.
Traditional packet-based clock recovery cannot meet the time synchronization
requirement of BTSs. For example, NTP-based time synchronization is only
accurate to within one second and 1588v1-based time synchronization is only
accurate to within one millisecond. To meet time synchronization requirements,
BTSs need to be connected directly to a global positioning system (GPS). This
solution, however, has some disadvantages such as GPS installation and
maintenance costs are high and communications may be vulnerable to security
breaches because a GPS uses satellites from different countries.
1588v2, with hardware assistance, provides time synchronization accuracy to
within one microsecond to meet the time synchronization requirements of wireless
networks. Thus, in comparison with a GPS, 1588v2 deployment is less costly and
operates independently of GPS, making 1588v2 strategically significant.
In addition, operators are paying more attention to the operation and
maintenance of networks, requiring routers to provide network quality analysis
(NQA) to support high-precision delay measurement at the 100 μs level.
Consequently, high-precise time synchronization between measuring devices and
measured devices is required, which I588v2 can provide.
1588v2 packets are of the highest priority by default to avoid packet loss and keep
clock precision.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 208
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.8.2.2 Configuration Precautions for 1588v2
Feature Requirements
Table 1-35 Feature requirements
Feature Requirements Series Models
The PTP time synchronization performance of NetEngin NetEngine 8000
colored optical modules can only meet the e 8000 M M14/NetEngine
+/-200 ns requirement. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
When the lightweight clock mode is enabled NetEngin NetEngine 8000
on the cluster device, the cluster device also e 8000 M M8
uses lightweight clock synchronization
between chassis. The slave chassis only
synchronizes time with the master chassis, but
does not synchronize the frequency. Therefore,
if the cluster device is used to export the
frequency to the downstream application, note
that only the master chassis can export the
frequency synchronization source to the
downstream device.
When the rate for sending Announce, NetEngin NetEngine 8000
Delay_Req, and Pdelay_Req packets is set to e 8000 M M14/NetEngine
the highest on a FlexE 10GE interface and the 8000 M4/
one-step mode is used, the rate for sending NetEngine 8000
Sync packets of the smpte-2059-2 protocol M8
cannot be lower than 6, and the rate for
sending Sync packets of the non-smpte-2059-2
protocol cannot be lower than 5. In two-step
mode, the rate of sending Sync packets cannot
be lower than 6.
After 1588 is enabled for the first time on a NetEngin NetEngine 8000
CR5D00TBXF70/CR5D00T6XF70 subcard or a e 8000 M M8
single link fault is rectified for a long time, the
time required for locking the 1588 time
becomes longer (about 50 minutes at most).
You can enable the PTP function on the port
again to quickly lock the port.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 209
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
Due to hardware limitations, the following NetEngin NetEngine 8000
performance counters required by G.8273.2 e 8000 M M8
cannot be supported by the X3A router:
1. Incompliance with ITU-T G.8273.2 section
7.3.1: low-pass feature. The bandwidth ranges
from 0.5 Hz to 0.1 Hz, and the gain is less than
0.1 dB
2. Incompliance with ITU-T G.8273.2: band-
pass feature. The low-side cutoff frequency
ranges from 0.5 Hz to 0.1 Hz, and the high-
side cutoff frequency ranges from 1 Hz to 1
Hz. The gain in the passband is less than 0.2
dB
3. Incompliance with ITU-T G.8273.2 section
7.4.1.2: When a SyncE ring network switching
occurs, the output complies with the related
profile (see Annex B). Other G.8273.2
specifications can be supported.
Due to hardware limitations, the following NetEngin NetEngine 8000
performance counters required by G.8273.2 e 8000 M M8
cannot be supported by router hardware:
1. Incompliance with ITU-T G.8273.2 section
7.3.1: low-pass feature. The bandwidth ranges
from 0.5 Hz to 0.1 Hz, and the gain is less than
0.1 dB
2. Incompliance with ITU-T G.8273.2: band-
pass feature. The low-side cutoff frequency
ranges from 0.5 Hz to 0.1 Hz, and the high-
side cutoff frequency ranges from 1 Hz to 1
Hz. The gain in the passband is less than 0.2
dB
3. Incompliance with ITU-T G.8273.2 section
7.4.1.2: When a SyncE ring network switching
occurs, the output complies with the related
profile (see Annex B). Other G.8273.2
specifications can be supported.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 210
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
Routers' OTN colored optical interfaces support NetEngin NetEngine 8000
1588v2. When routers and WDM devices are e 8000 M M8
deployed on the same network, the 1588v2
synchronization performance is affected by the
asymmetrical OLP single-ended switching
optical fibers on intermediate WDM devices. As
a result, the time synchronization performance
is affected. Therefore, when OTN colored
optical interfaces and WDM devices are
deployed on the same network, 1588v2 does
not support OLP single-ended switching on
WDM devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 211
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
Restrictions on automatic asymmetric NetEngin NetEngine 8000
measurement on a ring network: e 8000 M M14/NetEngine
1. This function is applicable only to the 8000 M14K/
scenario where a fiber on a ring network is NetEngine 8000
broken and then repaired. The NE M4/NetEngine
automatically measures the asymmetry value 8000 M8/
of the repaired fiber. This function does not NetEngine 8000
apply to other scenarios, for example, the ring M8K/NetEngine
is broken to add new nodes. The asymmetry 8000E M14/
values in these scenarios must be manually NetEngine 8000E
measured. M8
2. Automatic measurement on a ring network
is supported only when all devices on the ring
network work in BC mode.
3. When performing ring network test on an
NE, ensure that time out-of-lock or device
reset does not occur on the NE and its
upstream NEs. For example, a device is
powered off, or warm/cold reset occurs on a
board in use.
4. After an alarm indicating a fiber length
change is reported on a device, check whether
the fiber length changes and clear the alarm
as soon as possible. Before the alarm is
cleared, do not perform any operation that
may cause a source switching (such as
disabling an interface or modifying NE
configurations) on the device.
5. This solution does not apply to the scenario
where multiple points of failure occur and no
backup path is available.
6. After an alarm indicating a fiber length
change calculation failure is reported,
manually measure the asymmetry value of the
repaired fiber. The asymmetry value must be
configured on the NE before the NE switches
to the normal tracing path.
7. If the optical fiber in the transmit direction
of the slave or passive port is faulty, the port
does not change from Down to Up. In this
case, automatic measurement is not supported.
It is recommended that you enable the ring-
network automatic asymmetric measurement
function according to the corresponding
instructions.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 212
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
The slaveonly function and the static 1588v2 NetEngin NetEngine 8000
function are mutually exclusive on an OC, e 8000 M M14/NetEngine
affecting time synchronization. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
If 1pps is specified as the type of imported NetEngin NetEngine 8000
signals, set the protocol standard with which e 8000 M M14/NetEngine
TOD information complies to be the same as 8000 M14K/
the signal type of the BITS0, BITS1, or BITS2 NetEngine 8000
clock based on the type of the external BITS M4/NetEngine
clock signals. Otherwise, time synchronization 8000 M8/
will be affected. NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
The device supports only the performance NetEngin NetEngine 8000
indicators MAX|TE|, cTE, and dTE required by e 8000 M M8
the G.8273.2 standard.
PTP (1588v2/G.8275.1) and 1588 ACR client NetEngin NetEngine 8000
cannot be deployed on the same device. e 8000 M M14/NetEngine
Do not deploy PTP (1588v2/G.8275.1) and 8000 M14K/
1588 ACR client at the same time. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.8.2.3 (Optional) Configuring the Default State of a PTP Port
Context
In scenarios where the standard BMC algorithm is used for clock source selection,
if the default state of a PTP port expected to work in the slave state is set to
master, or the default state of a PTP port expected to work in the master state is
set to slave, the BMC status of the port is determined as passive. In other cases,
configuring the default state of a PTP port does not affect the BMC status of the
port.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 213
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the default state of a PTP port is configured, the passive detection
mechanism can be used to detect whether the corresponding optical fiber link on
the network changes abruptly.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run ptp port-state primary { slave | master }
The default state of the PTP port is configured.
Step 4 Run commit
The configuration is committed.
----End
1.1.8.2.4 Configuring Dynamic 1588v2 Functions
On a 1588v2 network, the best master clock algorithm (BMCA) is typically used to
dynamically determine a master clock. 1588v2 functions need to be configured
according to the device type.
Usage Scenario
A 1588v2 network has to import BITS time signals before implementing clock
synchronization. The BMC algorithm can be used to select the grandmaster and
determine the master and slave clocks. A dynamic 1588v2 network allows devices
to elect a clock source with the highest priority.
● Typical dynamic 1588v2 network with OC, BC, TC, and TCOC devices
Figure 1-74 shows that a BC and an OC are separately connected to BITSs or
GPSs. The BC and OC use the BMC algorithm to select the OC as the
grandmaster. The grandmaster obtains time signals and sends 1588v2 packets
carrying time information over the bearer network. TCs, including the TCOC,
are core devices on the bearer network. TCs transparently transmit time
information over the bearer network. The TCOC can also implement
frequency synchronization. BCs at the edge of the bearer network send highly
accurate time information carried in 1588v2 packets to wireless access
devices, such as gNodeBs and radio network controllers (RNCs).
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 214
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-74 Dynamic 1588v2 application
● Typical dynamic 1588v2 network with TCandBC devices
All devices, including the gNodeB, run 1588v2 on the network shown in
Figure 1-75. ISP A operates the gNodeB, OC2, and to the BC. OC2 is
connected to BITS2, and to the BC is connected to a BITS or GPS. ISP A's
network does not have bearer network devices. ISP A leases the bearer
network that ISP B operates, and ISP B devices trace BITS1. Time
synchronization on ISP A's network is independent of that on ISP B's network.
Devices on ISP A's network can dynamically select a clock source. The
deployment is as follows:
– Establish domain1 for ISP B's 1588v2 network and domain2 for ISP A's
1588v2 network.
– OC1 in domain1 obtains BITS1 signals and sends 1588v2 packets carrying
clock synchronization information to the BC interface that directly
connects the TCandBC to OC1.
– OC2 in domain2 obtains signals from the grandmaster and sends 1588v2
packets carrying clock synchronization information to the TCandBC. TC
interfaces connect the TCandBC to OC2 and to the BC. The TC interfaces
transparently transmit BITS2 time information to the BC. Upon receipt,
the BC advertises the time information to the gNodeB.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 215
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-75 Typical dynamic 1588v2 network with TCandBC devices
Pre-configuration Tasks
● Set physical parameters of interfaces and ensure that the interfaces are
physically Up.
Importing Time Signals from an External BITS Source
On a 1588v2 network, time signals are typically imported from an external BITS
source. You can configure multiple routers to import time signals from an external
BITS source. A master clock can be selected dynamically or statically.
Context
BITSs provide time signals for routers. 1588v2 routers can be configured to import
time signals from BITSs and use the BMC algorithm to select a master clock. The
master clock provides time signals for other devices over a 1588v2 network.
1588v2 routers obtain clock synchronization information from the grandmaster.
Perform the following steps on each router that is connected to a BITS on a
1588v2 network:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 216
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Select the type of the input time signal.
The following example shows how to import an external clock source from the
1pps bits1 interface.
clock bits-type bits1 1pps input
The actual number of BITS interfaces and their numbers depend on the hardware
configuration. For details about clock interfaces, see Hardware Description.
Generally, BITS0 provides frequency signals for physical clock synchronization and
corresponds to CLK or CLK/TOD0 on the interface panel; BITS1 provides time
signals and corresponds to TOD or CLK/TOD1 on the interface panel. If there is
only one CLK/TOD interface on a device, the device can provide the BITS0 and
BITS1 interfaces through a one-to-two cable.
Step 3 Configure BITS signals to participate in BMC calculation.
The following example uses BITS1 signals.
ptp clock-source bits1 on
Step 4 (Optional) Configure the correction time for the delay in sending and receiving
time signals from the BITS interface.
Configuration on the BITS1 interface is used as an example.
ptp clock-source bits1 { receive-delay receive-delay-value | send-delay send-delay-value }
Step 5 Run commit
The configuration is committed.
----End
Configuring Clock Source Attributes for BMC Selection
This section describes how to configure clock source attributes used for BMC
selection. The routers configured with clock source attributes can participate in
BMC selection. A local clock on a 1588v2 router can also participate in BMC
selection. The BMC algorithm helps 1588v2 routers to select a master clock. The
master clock provides time signals for other routers over a 1588v2 network.
1588v2 routers obtain clock synchronization information from the grandmaster.
Context
A 1588v2 router runs the BMC algorithm to use the following parameters in
sequence to select a master clock:
● priority1
● clock-class
● clock-accuracy
● priority2
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 217
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
For example, the router compares priority1 values of two candidates. If the two
candidates have the same priority1 value, the router compares clock classes of the
two candidates. The process repeats until the router selects a master clock.
Perform the following steps on each router that is connected to a BITS on a
1588v2 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure the type of the clock source to be traced.
This example uses the local clock and BITS1 signals. The actual number of BITS
interfaces and their numbers depend on the hardware configuration.
ptp clock-source { local time-source time-source-value | bits1 time-source time-source-value }
NOTE
This configuration can be performed only on the grandmaster clock. The time-source-value
parameter is set based on the type of the clock source. For the mapping between the time-
source-value parameter and clock source types, see ptp clock-source in the NetEngine
8100 M, NetEngine 8000E M, NetEngine 8000 M Command Reference.
Step 3 Configure the accuracy of the clock source.
ptp clock-source { local clock-accuracy clock-accuracy-value | bits1 clock-accuracy clock-accuracy-value }
For the mapping between the clock-accuracy-value parameter and clock precision,
see ptp clock-source in the NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 M Command Reference.
Step 4 Configure the class of the clock source.
ptp clock-source { local clock-class clock-class-value | bits1 clock-accuracy clock-class-value }
For the mapping between the clock-class-value parameter and the clock source
level, see ptp clock-source in the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M Command Reference.
If the clock-class-value value is less than 128, the device cannot function as a
slave clock.
Step 5 Configure priority1 of the clock source.
ptp clock-source { local priority1 priority1-value | bits1 priority1 priority1-
value }
Step 6 Configure priority2 of the clock source.
ptp clock-source { local priority2 priority2-value | bits1 priority2 priority2-
value }
Step 7 (Optional) Configure the grandmaster clock ID of the clock source.
ptp clock-source bits1 grandmaster-clockid grandmaster-clockid-value
Step 8 (Optional) Configure the stability value of the clock source.
ptp clock-source bits1 offsetscaled-logvariance offsetscaled-logvariance-value
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 218
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 9 Run commit
The configuration is committed.
----End
Globally Enabling 1588v2
1588v2 takes effect after you configure 1588v2 in both the system and interface
views. After 1588v2 is enabled in the system view, you also need to set other basic
information, including the domain number and virtual clock ID, to establish a
1588v2 network.
Context
Determine 1588v2 device types based on the 1588v2 network plan before
enabling 1588v2 in the system view on each device.
● 1588v2 clock types
– OC: ordinary clock
– BC: boundary clock
– E2ETC: end-to-end transparent clock
– P2PTC: peer-to-peer transparent clock
– TCandBC: transparent and boundary clock
– E2ETCOC: end-to-end transparent clock and ordinary clock
– P2PTCOC: peer-to-peer transparent and ordinary clock
● Domain
A 1588v2 network may be large in scale and may allow multiple carriers to
lease the 1588v2 network as a bearer network. To transparently transmit
1588v2 packets for specific carriers, the 1588v2 network can be logically
divided into clock domains. Each clock domain has a single clock source, and
all devices in one domain synchronize with the clock source in the domain.
1588v2 devices only accept 1588v2 packets in their own domains.
● Virtual clock ID
A virtual clock ID uniquely identifies a 1588v2 device. It remains even if a
main control board is replaced on the device.
● Slave-only mode for an OC
An OC has only one interface that can be enabled with 1588v2. This means
that an OC can function as either a master clock to advertise clock signals to
downstream devices or as a slave clock to receive upstream clock signals. To
enable an OC to work only as a slave clock on a clock synchronization
network, run the ptp slaveonly command.
● Automatic asymmetry measurement over a 1588v2 ring network by BCs
and TCandBCs
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 219
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-76 Automatic asymmetry measurement over a 1588v2 ring network
On the ring network shown in Figure 1-76, gNodeB can synchronize its clock
with the global positioning system (GPS) only if the lengths of fiber links
working in opposite directions on each network segment are identical after
being compensated based on manual measurements. In this case, each node
can synchronize its clock with the GPS, irrespective of changes in clock sources
that slave clocks trace. If a fiber link between BC5 and BC6 is faulty and
disconnected, BC6 traces clock signals from BC3. BC6 uses a compensation
value, which has been calculated based on manual measurements during
1588v2 deployment, for the fiber link lengths between BC3 and BC6 to
successfully synchronize with the GPS.
After the faulty fiber link between BC5 and BC6 is restored, assume that the
difference between the lengths of the fiber links that carry traffic in opposite
directions between BC5 and BC6 changes largely. In this case, when BC6
traces clock signals from BC5 in stead of those from BC3, and if BC6 still uses
the previous compensation value, it fails to synchronize with the GPS due to
large time deviation. To address this problem, enable automatic asymmetry
measurement on the NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 M.
Procedure
● Perform the following steps on each OC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 220
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run ptp device-type oc
The device type is set to OC.
d. (Optional) Run ptp slaveonly
The OC is configured to work in slave-only mode.
The router can be configured as an OC working in slave-only mode to
synchronize with other clocks. In this case, the PTP port on the OC works
in the slave state, and the OC only receives clock signals from other
clocks but cannot function as a master clock to provide clock signals for
other clocks.
e. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
f. (Optional) Run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source.
Run the ptp ptsf auto-recovery-time time-value command to specify the
PTSF automatic recovery time. When this specified time elapses, the
device automatically switches back to the original clock source. By
default, the PTSF automatic recovery time is 0 minutes. That is, this
function is disabled.
Run the ptp ptsf enhanced-mode command to enable the PTSF
enhanced mode. After the PTSF enhanced mode is enabled, the system
automatically checks whether the clock source fault is rectified. If the
fault is rectified, the system clears the corresponding alarm, and the
recovered clock source re-participates in BMC source selection. By default,
the PTSF enhanced mode is disabled.
g. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
h. Run commit
The configuration is committed.
● Perform the following steps on each BC:
a. Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 221
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type bc
The device type is set to BC.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over a 1588v2 ring network is
enabled on the router.
h. (Optional) Run ptp max-steps-removedmax-steps-removed-value
The maximum number of hops for time synchronization is configured.
A clock source is considered unavailable if the value of stepsRemoved in
the Announce packets received by the clock source is greater than or
equal to max-steps-removed-value.
i. Run commit
The configuration is committed.
● Perform the following steps on each TC and TCOC:
a. Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 222
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type { e2etc | e2etcoc | p2ptc | p2ptcoc }
The device type is set to TC or TCOC. One of the following parameters
can be configured:
▪ e2etc: The device type is set to E2ETC.
▪ e2etcoc: The device type is set to E2ETCOC.
▪ p2ptc: The device type is set to P2PTC.
▪ p2ptcoc: The device type is set to P2PTCOC.
NOTE
A TCOC has the same functions as a TC and also implements frequency
synchronization.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. Run commit
The configuration is committed.
● Perform the following steps on each TCandBC:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 223
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type tcandbc
The device type is set to TCandBC.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over a 1588v2 ring network is
enabled on the router.
h. Run commit
The configuration is committed.
----End
(Optional) Enabling the Control of Access to 1588v2 Clock Sources
This section describes how to enable a 1588v2 router to control the access to clock
sources. A 1588v2 network contains lots of routers that participate in dynamic
clock source selection. Clock source-based attacks or configuration errors cause
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 224
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
clock flapping over the 1588v2 network. You can enable the control of the access
to clock sources so that a 1588v2 router selects a clock source within a specified
range.
Context
Perform the following steps on each of OCs, BCs, and TCandBCs:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp acl enable
The control of access to clock sources is enabled.
Step 3 Run ptp acl-permit-clockid clockid-value
An ID of a clock source is set to allow a local 1588v2 router to use the BMC
algorithm to select.
Step 4 Run commit
The configuration is committed.
----End
(Optional) Monitoring the Performance of a Passive Interface
This section describes how to monitor the performance of a passive interface.
After a 1588v2 network achieves stable time synchronization, monitor the passive
interface's offset that is between the master and slave clocks.
Prerequisites
A passive interface is determined. The display ptp all command output contains
"passive" in the State field of the Port Info part.
Context
Passive interfaces do not trace or advertise time information. If a device has
multiple master 1588v2 interfaces in the same clock domain, the device selects
the interface with the highest priority as the master clock, and the interface
connected to the master clock is the slave clock. Other local interfaces are passive
interfaces that function as backups for the slave clock. Passive interfaces can send
Delay_Req, Pdelay_Resp, Delay_Resp_Follow_Up, signaling, and management
response messages.
On a dynamic 1588v2 network, a passive interface may change to be a slave clock
or a master clock to participate in time synchronization after a clock source
changes. Monitoring passive interfaces before a clock source changes helps keep
stable time signals on the 1588v2 network.
After the router stably synchronizes time signals with a clock source, the router
can monitor the performance of its passive interface. The router checks the offset
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 225
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
between the master and slave clocks on the passive interface every 300s. If the
offset greater than a configured alarm threshold, the router sends an alarm
named hwPtpPassiveFiberLengthChange to a network management system
(NMS).
Perform the following step on each of BCs and TCandBCs:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp passive-measure enable
The monitoring function is enabled on the passive interface of a 1588v2 router.
Step 3 Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold of the offset is set.
Step 4 Run commit
The configuration is committed.
----End
Enabling 1588v2 on a Specific Interface
This section describes how to enable 1588v2 on a specific interface. 1588v2 takes
effect after you configure 1588v2 in the system and interface views. You can set
1588v2 parameters in the interface view. The parameters include the link delay
measurement mechanism, asymmetric delay correction, and timestamping mode.
Context
Two devices exchange Announce packets to determine the master/slave
relationship. The master device sends Sync packets to notify the slave device of
time signal parameters and uses a delay measurement mechanism to achieve time
signals accuracy.
After 1588v2 is enabled and a device type is specified on a specific 1588v2 router,
enable 1588v2 and configure 1588v2 functions on each interface:
● Delay measurement mechanisms for the OC, BC, and TCandBC
Different delays on links deteriorate the accuracy of 1588v2 time
synchronization. 1588v2 uses the delay measurement mechanism to correct
time signals. A delay measurement process is implemented by sending delay
measurement request packets and delay response packets. Either of the
following parameters can be configured in the ptp delay-mechanism
command to enable a specific delay measurement mechanism:
– delay: enables the delay request-response mechanism, in which
information about the clock and time is calculated based on the delay of
an entire link between the master and slave clocks. Only the slave clock
sends Delay_Req packets to the master clock, and the master clock
replies with Delay_Resp packets. Upon receipt, the slave clock uses
information carried in Delay_Resp packets to correct time signals.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 226
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
– pdelay: enables the peer delay mechanism, in which information about
the clock and time is calculated based on the delay time of each link
along the path between the master and slave clocks. In this mode, the
master and slave clocks can send Pdelay_Rep packets to each other and
then correct time signals based on the Pdelay_Resp packets. Upon receipt
of the responses, the slave or master clock uses information carried in
Delay_Resp packets to correct time signals.
The PDelay mechanism helps rapidly correct the difference between the delay
time in opposite directions on the network, on which the master and slave
clocks obtain the delay time in opposite directions.
NOTE
● Both ends of a link must use the same delay measurement mechanism.
● If an E2ETC, an E2ETCOC, a P2PTC, and a P2PTCOC use the default delay
measurement mechanism, their interfaces can directly be enabled with 1588v2.
● Asymmetric delay corrections
Although the delay time for sending packets differs from that for receiving
packets, 1588v2 considers that the opposite paths have the same delay time.
To compensate for the difference between the delay time for sending packets
and the delay time for receiving packets, run the ptp asymmetry-correction
command to set the asymmetry correction value. A 1588v2 device
automatically uses the asymmetry correction value in path delay calculation
complying with the Pdelay or delay measurement mechanism.
● Timestamping modes
1588v2 adds timestamps into packets to record the time when these packets
are sent. 1588v2 uses timestamps to adjust clock signals and implement clock
synchronization. Either of the following parameters can be specified in the
ptp clock-step command to configure a command:
– one-step: A Sync message in Delay mode and a PDelay_Resp message in
PDelay mode are stamped with the time when these messages are sent.
– two-step: A Sync message in Delay mode and a PDelay_Resp message in
PDelay mode only record the time when they are generated, but carry no
timestamps. A Follow_Up message is stamped with the time when the
Sync message was sent, and a PDelay_Resp_Follow_Up message is
stamped with the time when the PDelay_Resp message was sent.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
one-step mode by default. The NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M that uses the one-step mode can identify Follow_Up
messages sent by another device that uses the two-step mode.
1588v2 interfaces that support different timestamping modes can
communicate with each other.
Procedure
● Perform the following steps on each OC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 227
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run interface interface-type interface-number
The interface view is displayed.
d. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
e. Run ptp enable
1588v2 is enabled on the interface.
f. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
g. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
h. Run commit
The configuration is committed.
● Perform the following steps on each BC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
e. Run ptp enable
1588v2 is enabled on the interface.
f. (Optional) Run ptp announce-drop enable
The BC is configured to discard Announce packets.
NOTE
routers exchange Announce packets to establish synchronization relationships. If
an interface of a 1588v2 router discards Announce packets, the router cannot
receive clock information from other 1588v2 routers. The ptp announce-drop
enable command is run on a user-side 1588v2 interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 228
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
g. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
h. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
i. Run commit
The configuration is committed.
● Perform the following steps on each TC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp asymmetry-correction { positive | negative } correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
e. Run ptp enable
1588v2 is enabled on the interface.
f. Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
g. Run commit
The configuration is committed.
● Perform the following steps on each TCOC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp enable
1588v2 is enabled on the interface.
e. Run ptp tcoc-clock-id clock-source-id port-num port-num
The clock source traced by an interface on the TCOC is configured.
Unlike a TC, a TCOC has an OC interface to implement frequency
synchronization. The TCOC also has TC interfaces to transparently
transmit 1588v2 packets.
To specify a clock source that the OC interface on the TCOC tracks, run
the ptp tcoc-clock-id command. The OC interface can then receive
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 229
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588v2 packets to synchronize frequencies with the master clock
interface. If the ptp tcoc-clock-id command is not run on the OC
interface of the TCOC, each TCOC interface functions as a TC interface,
which only transparently transmits 1588v2 packets.
f. Run ptp asymmetry-correction { positive | negative } correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
g. Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
h. Run commit
The configuration is committed.
● Perform the following steps on each TCandBC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp port-type { bc | tc }
The clock type of the interface is set to TC or BC.
e. Run ptp domain domain-value
A domain ID is set in the interface view of a TC interface.
NOTE
A BC interface uses the same domain ID as that configured in the system view.
The TC interface on the TCandBC uses another domain ID configured in the
interface view.
f. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
g. Run ptp enable
1588v2 is enabled on the interface.
h. Run ptp enable
1588v2 is enabled on the device.
i. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 230
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
j. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
k. Run commit
The configuration is committed.
----End
(Optional) Configuring Time Attributes for 1588v2 Packets
This section describes how to configure time attributes for 1588v2 packets. 1588v2
routers exchange Announce, Sync, and Delay or Pdelay packets to send time
information and maintain 1588v2 connections. You can set the interval at which a
1588v2 interface sends Announce, Sync, and Delay or Pdelay packets and the
maximum number of Announce packet timeouts. Using the default time attribute
values is recommended.
Context
Two devices exchange Announce packets to determine the master/slave
relationship. The master device sends Sync packets to notify the slave device of
time signal parameters and uses a delay measurement mechanism to achieve time
signals accuracy.
If routers exchange 1588v2 packets frequently and consume a lot of bandwidth
resources, increase the interval value. If the time synchronization accuracy is low,
reduce the interval value.
● Announce packets
To set the maximum number of Announce packets that a 1588v2 interface
fails to receive consecutively, run the ptp announce receipt-timeout
command. If the 1588v2 interface on a device fails to receive a specified
number of Announce packets, the interface status becomes Master, and the
device stops attempting to synchronize the time with other 1588v2 devices.
The device uses the BMC algorithm to select a clock source and synchronize
the time with the clock source. Increase receipt-timeout to reduce the clock
source switching frequency; reduce receipt-timeout to switch clock sources.
Using the default value is recommended.
● Sync packets
The master interface periodically sends multicast Sync packets.
The time when the Sync packets can be stamped into the Sync packets if the
one-step timestamping mode is used or into Follow_Up packets if the two-
step timestamping mode is used. To specify a timestamping mode, run the
ptp clock-step { one-step | two-step } command.
● Delay or Pdelay packets
A router uses a delay measurement mechanism to send request packets and
receive response packets from its remote router. The router uses timestamps
carried in the packets to correct time signals.
Perform the following steps on each 1588v2 router:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 231
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
● Configure time attributes for Announce packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp announce-interval announce-interval
The interval at which the interface sends Announce packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to announce-interval
Remote timeout period of receiving Announce packets = Remotely
configured receipt-timeout x Local interval at which Announce packets
are sent
d. Run ptp announce receipt-timeout receipt-timeout
The maximum number of Announce packets that the interface fails to
receive is set. If the interface fails to consecutively receive the specified
maximum number of Announce packets, the interface enters the Master
state.
Local timeout period of receiving Announce packets = Locally configured
receipt-timeout x Remote interval at which Announce packets are sent
e. Run commit
The configuration is committed.
● Configure time attributes for Sync packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp sync-interval sync-interval
The interval at which the interface sends Sync packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to sync-interval
d. Run commit
The configuration is committed.
● Configure time attributes for Delay or Pdelay packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 232
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run ptp min-delayreq-interval min-delayreq-interval
The interval at which the interface sends Delay_Req packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to min-delayreq-interval
d. Run ptp min-pdelayreq-interval min-pdelayreq-interval
The interval at which the interface sends Pdelay_Req packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to min-pdelayreq-interval
e. Run commit
The configuration is committed.
----End
(Optional) Configuring a 1588v2 Packet Encapsulation Mode
1588v2 packets can be encapsulated into Layer 2 or Layer 3 packets. You can
configure an encapsulation mode for 1588v2 packets based on the actual network
conditions, as well as the destination addresses and transmission priority for the
1588v2 packets.
Prerequisites
Before configuring a 1588v2 packet encapsulation mode, check the link type used
for 1588v2 packet transmission.
● For the 1588v2 packets transmitted over a Layer 2 link, configure the MAC
encapsulation mode.
● For the 1588v2 packets transmitted over a Layer 3 link, configure the UDP
encapsulation mode.
Context
You can encapsulate 1588v2 messages into Layer 2 and Layer 3 packets and set
the destination address and transmission priority.
Perform the following steps on each 1588v2 device:
Procedure
● Configure the MAC encapsulation mode.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp mac-egress { destination-mac destination-mac | vlan vlan-id
[ priority priority-value ] }The MAC encapsulation mode is configured for
1588v2 packets to be sent from the interface, and a destination MAC
address is configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 233
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
▪ For unicast MAC encapsulation
Run this command to specify the destination MAC address for the
1588v2 packets to be sent from the interface.
▪ For multicast MAC encapsulation
A default multicast destination MAC address is adopted, which
means that no extra configuration is required. Default multicast
destination MAC addresses for different delay measurement
mechanisms For details, see the following table.
Table 1-36 Default multicast destination MAC addresses for different
delay measurement mechanisms
Delay Measurement MAC Address
Mechanism
Non-peer delay measurement 01-1B-19-00-00-00
mechanism
Peer delay measurement 01-80-C2-00-00-0E
mechanism
NOTE
If no unicast destination MAC address is specified, the interface uses the
multicast destination MAC address by default.
d. Run ptp mac-egress vlan vlan-id [ priority priority ]
A VLAN ID and 802.1p value are set.
1588v2 services require higher priority than other services. A high
transmission priority minimizes the delay or congestion impact on clock
signal recovery. Using the default highest priority is recommended.
e. Run commit
The configuration is committed.
● Configure the UDP encapsulation mode.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
The UDP encapsulation mode is specified for the 1588v2 packets to be
sent by the interface and the source and destination IP addresses of
1588v2 packets are configured.
▪ For UDP unicast encapsulation:
Specify a destination IP address for unicast encapsulation.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 234
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
▪ For UDP multicast encapsulation:
Multicast 1588v2 packets have a default multicast destination IP
address. Therefore, the destination-ip destination-ip parameter does
not need to be specified. The multicast destination IP address used
by UDP encapsulation varies according to the delay measurement
mechanism. For details, see the following table.
Table 1-37 Multicast destination IP addresses used for UDP
encapsulation in different delay measurement mechanisms
Delay Measurement IP Address
Mechanism
Non-peer delay measurement 224.0.1.129
mechanism
Peer delay measurement 224.0.0.107
mechanism
NOTE
If the destination-ip destination-ip parameter is not specified, the multicast IP
address is used by default.
d. Run ptp udp-egress destination-mac destination-mac
A next-hop MAC address is specified for the 1588v2 packets to be sent
from the interface.
e. Run ptp udp-egress source-ip source-ip [ dscp dscp ]
A DSCP value is set for the UDP 1588v2 packets to be sent from the
interface.
f. Run ptp udp-egress source-ip source-ip vlan vlan-id [ priority priority ]
A VLAN ID and a priority value are set for 1588v2 packets.
1588v2 services require a higher DSCP value and a higher priority value
than other services. A high transmission priority minimizes the delay or
congestion impact on clock signal recovery.
g. Run commit
The configuration is committed.
----End
Verifying the Configuration of Dynamic 1588v2 Functions
After configuring dynamic 1588v2 functions, verify the configuration.
Procedure
● Run the display ptp all [ state | config ] command to check the 1588v2
operating status and configurations.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 235
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display ptp interface interface-type interface-number command to
check 1588v2 information on a specific 1588v2 interface.
----End
1.1.8.2.5 Configuring Static 1588v2 Functions
This section describes how to configure static 1588v2 functions. You can specify
the master and slave clocks manually, without using the BMC algorithm.
Applicable Environment
To manually determine the master/slave relationship between clock nodes within
a network, run the ptp port-state command to set the status of 1588v2 interfaces
on the nodes. Static clock source selection and dynamic BMC selection are two
independent mechanisms. Static clock source selection has a higher priority than
dynamic BMC selection.
NOTE
The 1588v2 status needs to be specified on OC, BC, and TCandBC interfaces. The 1588v2
status is Premaster on TCs interfaces, including those on TCOC and TCandBC devices.
● Typical static 1588v2 network with OC, BC, TC, and TCOC devices
The OC on the 1588v2 network shown in Figure 1-77 functions as the
grandmaster to receive time signals provided by a BITS or GPS and sends
1588v2 packets carrying the time signals over the bearer network. TCs,
including the TCOC, are core devices on the bearer network. TCs transparently
transmit time information over the bearer network. The TCOC can also
implement frequency synchronization. BCs at the edge of the bearer network
send highly accurate time information carried in 1588v2 packets to wireless
access devices, such as gNodeBs and radio network controllers (RNCs).
Figure 1-77 Static 1588v2 application
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 236
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Typical static 1588v2 network with TCandBC devices
All devices, including the gNodeB, run 1588v2 on the network shown in
Figure 1-78. ISP A's network contains the gNodeB, OC2, and BC. OC2 is
connected to BITS2 on ISP A's network. ISP A's network has no bearer
network device. ISP A's network has no bearer network device. ISP A leases
the bearer network that ISP B operates, and ISP B devices trace clock signals
of BITS1. Time synchronization on ISP A's network is independent of that on
ISP B's network. Devices on ISP A's and ISP B's networks support static
1588v2. The deployment is as follows:
– Establish domain1 for ISP B's 1588v2 network and domain2 for ISP A's
1588v2 network.
– OC1 in domain1 obtains BITS1 signals and sends 1588v2 packets carrying
clock synchronization information to the BC interface that directly
connects the TCandBC to OC1.
– OC2 in domain 2 is selected as the grandmaster and connected to BITS2.
OC2 sends downstream 1588v2 packets carrying clock information. TC
interfaces connect the TCandBC to OC2 and to the BC. The TC interfaces
transparently transmit BITS2 time information to the BC. Upon receipt,
the BC advertises the time information to the gNodeB.
Figure 1-78 Typical static 1588v2 network with a TCandBC
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 237
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pre-configuration Tasks
● Set physical parameters of interfaces and ensure that the interfaces are
physically Up.
Importing Time Signals from an External BITS Source
On a 1588v2 network, time signals are typically imported from an external BITS
source. You can configure multiple routers to import time signals from an external
BITS source. A master clock can be selected dynamically or statically.
Context
BITSs provide time signals for routers. 1588v2 routers can be configured to import
time signals from BITSs and use the BMC algorithm to select a master clock. The
master clock provides time signals for other devices over a 1588v2 network.
1588v2 routers obtain clock synchronization information from the grandmaster.
Perform the following steps on each router that is connected to a BITS on a
1588v2 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Select the type of the input time signal.
The following example shows how to import an external clock source from the
1pps bits1 interface.
clock bits-type bits1 1pps input
The actual number of BITS interfaces and their numbers depend on the hardware
configuration. For details about clock interfaces, see Hardware Description.
Generally, BITS0 provides frequency signals for physical clock synchronization and
corresponds to CLK or CLK/TOD0 on the interface panel; BITS1 provides time
signals and corresponds to TOD or CLK/TOD1 on the interface panel. If there is
only one CLK/TOD interface on a device, the device can provide the BITS0 and
BITS1 interfaces through a one-to-two cable.
Step 3 Configure BITS signals to participate in BMC calculation.
The following example uses BITS1 signals.
ptp clock-source bits1 on
Step 4 (Optional) Configure the correction time for the delay in sending and receiving
time signals from the BITS interface.
Configuration on the BITS1 interface is used as an example.
ptp clock-source bits1 { receive-delay receive-delay-value | send-delay send-delay-value }
Step 5 Run commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 238
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The configuration is committed.
----End
Globally Enabling 1588v2
1588v2 takes effect after you configure 1588v2 in both the system and interface
views. After 1588v2 is enabled in the system view, you also need to set other basic
information, including the domain number and virtual clock ID, to establish a
1588v2 network.
Context
Determine 1588v2 device types based on the 1588v2 network plan before
enabling 1588v2 in the system view on each device.
● 1588v2 clock types
– OC: ordinary clock
– BC: boundary clock
– E2ETC: end-to-end transparent clock
– P2PTC: peer-to-peer transparent clock
– TCandBC: transparent and boundary clock
– E2ETCOC: end-to-end transparent clock and ordinary clock
– P2PTCOC: peer-to-peer transparent and ordinary clock
● Domain
A 1588v2 network may be large in scale and may allow multiple carriers to
lease the 1588v2 network as a bearer network. To transparently transmit
1588v2 packets for specific carriers, the 1588v2 network can be logically
divided into clock domains. Each clock domain has a single clock source, and
all devices in one domain synchronize with the clock source in the domain.
1588v2 devices only accept 1588v2 packets in their own domains.
● Virtual clock ID
A virtual clock ID uniquely identifies a 1588v2 device. It remains even if a
main control board is replaced on the device.
● Slave-only mode for an OC
An OC has only one interface that can be enabled with 1588v2. This means
that an OC can function as either a master clock to advertise clock signals to
downstream devices or as a slave clock to receive upstream clock signals. To
enable an OC to work only as a slave clock on a clock synchronization
network, run the ptp slaveonly command.
● Automatic asymmetry measurement over a 1588v2 ring network by BCs
and TCandBCs
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 239
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-79 Automatic asymmetry measurement over a 1588v2 ring network
On the ring network shown in Figure 1-79, gNodeB can synchronize its clock
with the global positioning system (GPS) only if the lengths of fiber links
working in opposite directions on each network segment are identical after
being compensated based on manual measurements. In this case, each node
can synchronize its clock with the GPS, irrespective of changes in clock sources
that slave clocks trace. If a fiber link between BC5 and BC6 is faulty and
disconnected, BC6 traces clock signals from BC3. BC6 uses a compensation
value, which has been calculated based on manual measurements during
1588v2 deployment, for the fiber link lengths between BC3 and BC6 to
successfully synchronize with the GPS.
After the faulty fiber link between BC5 and BC6 is restored, assume that the
difference between the lengths of the fiber links that carry traffic in opposite
directions between BC5 and BC6 changes largely. In this case, when BC6
traces clock signals from BC5 in stead of those from BC3, and if BC6 still uses
the previous compensation value, it fails to synchronize with the GPS due to
large time deviation. To address this problem, enable automatic asymmetry
measurement on the NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 M.
Procedure
● Perform the following steps on each OC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 240
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run ptp device-type oc
The device type is set to OC.
d. (Optional) Run ptp slaveonly
The OC is configured to work in slave-only mode.
The router can be configured as an OC working in slave-only mode to
synchronize with other clocks. In this case, the PTP port on the OC works
in the slave state, and the OC only receives clock signals from other
clocks but cannot function as a master clock to provide clock signals for
other clocks.
e. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
f. (Optional) Run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source.
Run the ptp ptsf auto-recovery-time time-value command to specify the
PTSF automatic recovery time. When this specified time elapses, the
device automatically switches back to the original clock source. By
default, the PTSF automatic recovery time is 0 minutes. That is, this
function is disabled.
Run the ptp ptsf enhanced-mode command to enable the PTSF
enhanced mode. After the PTSF enhanced mode is enabled, the system
automatically checks whether the clock source fault is rectified. If the
fault is rectified, the system clears the corresponding alarm, and the
recovered clock source re-participates in BMC source selection. By default,
the PTSF enhanced mode is disabled.
g. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
h. Run commit
The configuration is committed.
● Perform the following steps on each BC:
a. Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 241
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type bc
The device type is set to BC.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over a 1588v2 ring network is
enabled on the router.
h. (Optional) Run ptp max-steps-removedmax-steps-removed-value
The maximum number of hops for time synchronization is configured.
A clock source is considered unavailable if the value of stepsRemoved in
the Announce packets received by the clock source is greater than or
equal to max-steps-removed-value.
i. Run commit
The configuration is committed.
● Perform the following steps on each TC and TCOC:
a. Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 242
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type { e2etc | e2etcoc | p2ptc | p2ptcoc }
The device type is set to TC or TCOC. One of the following parameters
can be configured:
▪ e2etc: The device type is set to E2ETC.
▪ e2etcoc: The device type is set to E2ETCOC.
▪ p2ptc: The device type is set to P2PTC.
▪ p2ptcoc: The device type is set to P2PTCOC.
NOTE
A TCOC has the same functions as a TC and also implements frequency
synchronization.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. Run commit
The configuration is committed.
● Perform the following steps on each TCandBC:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 243
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp device-type tcandbc
The device type is set to TCandBC.
d. Run ptp domain domain-value
A clock domain number is specified.
NOTE
The devices that implement time synchronization through 1588v2 messages must
reside in the same 1588v2 domain.
e. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source. Run the ptp ptsf auto-recovery-time time-value command to
specify the PTSF automatic recovery time. When this specified time
elapses, the device automatically switches back to the original clock
source.
f. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
g. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over a 1588v2 ring network is
enabled on the router.
h. Run commit
The configuration is committed.
----End
(Optional) Monitoring the Performance of a Passive Interface
This section describes how to monitor the performance of a passive interface.
After a 1588v2 network achieves stable time synchronization, monitor the passive
interface's offset that is between the master and slave clocks.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 244
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Prerequisites
A passive interface is determined. The display ptp all command output contains
"passive" in the State field of the Port Info part.
Context
Passive interfaces do not trace or advertise time information. If a device has
multiple master 1588v2 interfaces in the same clock domain, the device selects
the interface with the highest priority as the master clock, and the interface
connected to the master clock is the slave clock. Other local interfaces are passive
interfaces that function as backups for the slave clock. Passive interfaces can send
Delay_Req, Pdelay_Resp, Delay_Resp_Follow_Up, signaling, and management
response messages.
On a dynamic 1588v2 network, a passive interface may change to be a slave clock
or a master clock to participate in time synchronization after a clock source
changes. Monitoring passive interfaces before a clock source changes helps keep
stable time signals on the 1588v2 network.
After the router stably synchronizes time signals with a clock source, the router
can monitor the performance of its passive interface. The router checks the offset
between the master and slave clocks on the passive interface every 300s. If the
offset greater than a configured alarm threshold, the router sends an alarm
named hwPtpPassiveFiberLengthChange to a network management system
(NMS).
Perform the following step on each of BCs and TCandBCs:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp passive-measure enable
The monitoring function is enabled on the passive interface of a 1588v2 router.
Step 3 Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold of the offset is set.
Step 4 Run commit
The configuration is committed.
----End
Enabling 1588v2 on a Specific Interface
This section describes how to enable 1588v2 on a specific interface. 1588v2 takes
effect after you configure 1588v2 in the system and interface views. You can set
1588v2 parameters in the interface view. The parameters include the link delay
measurement mechanism, asymmetric delay correction, and timestamping mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 245
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Two devices exchange Announce packets to determine the master/slave
relationship. The master device sends Sync packets to notify the slave device of
time signal parameters and uses a delay measurement mechanism to achieve time
signals accuracy.
After 1588v2 is enabled and a device type is specified on a specific 1588v2 router,
enable 1588v2 and configure 1588v2 functions on each interface:
● Delay measurement mechanisms for the OC, BC, and TCandBC
Different delays on links deteriorate the accuracy of 1588v2 time
synchronization. 1588v2 uses the delay measurement mechanism to correct
time signals. A delay measurement process is implemented by sending delay
measurement request packets and delay response packets. Either of the
following parameters can be configured in the ptp delay-mechanism
command to enable a specific delay measurement mechanism:
– delay: enables the delay request-response mechanism, in which
information about the clock and time is calculated based on the delay of
an entire link between the master and slave clocks. Only the slave clock
sends Delay_Req packets to the master clock, and the master clock
replies with Delay_Resp packets. Upon receipt, the slave clock uses
information carried in Delay_Resp packets to correct time signals.
– pdelay: enables the peer delay mechanism, in which information about
the clock and time is calculated based on the delay time of each link
along the path between the master and slave clocks. In this mode, the
master and slave clocks can send Pdelay_Rep packets to each other and
then correct time signals based on the Pdelay_Resp packets. Upon receipt
of the responses, the slave or master clock uses information carried in
Delay_Resp packets to correct time signals.
The PDelay mechanism helps rapidly correct the difference between the delay
time in opposite directions on the network, on which the master and slave
clocks obtain the delay time in opposite directions.
NOTE
● Both ends of a link must use the same delay measurement mechanism.
● If an E2ETC, an E2ETCOC, a P2PTC, and a P2PTCOC use the default delay
measurement mechanism, their interfaces can directly be enabled with 1588v2.
● Asymmetric delay corrections
Although the delay time for sending packets differs from that for receiving
packets, 1588v2 considers that the opposite paths have the same delay time.
To compensate for the difference between the delay time for sending packets
and the delay time for receiving packets, run the ptp asymmetry-correction
command to set the asymmetry correction value. A 1588v2 device
automatically uses the asymmetry correction value in path delay calculation
complying with the Pdelay or delay measurement mechanism.
● Timestamping modes
1588v2 adds timestamps into packets to record the time when these packets
are sent. 1588v2 uses timestamps to adjust clock signals and implement clock
synchronization. Either of the following parameters can be specified in the
ptp clock-step command to configure a command:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 246
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
– one-step: A Sync message in Delay mode and a PDelay_Resp message in
PDelay mode are stamped with the time when these messages are sent.
– two-step: A Sync message in Delay mode and a PDelay_Resp message in
PDelay mode only record the time when they are generated, but carry no
timestamps. A Follow_Up message is stamped with the time when the
Sync message was sent, and a PDelay_Resp_Follow_Up message is
stamped with the time when the PDelay_Resp message was sent.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
one-step mode by default. The NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M that uses the one-step mode can identify Follow_Up
messages sent by another device that uses the two-step mode.
1588v2 interfaces that support different timestamping modes can
communicate with each other.
Procedure
● Perform the following steps on each OC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
e. Run ptp enable
1588v2 is enabled on the interface.
f. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
g. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
h. Run commit
The configuration is committed.
● Perform the following steps on each BC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 247
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
e. Run ptp enable
1588v2 is enabled on the interface.
f. (Optional) Run ptp announce-drop enable
The BC is configured to discard Announce packets.
NOTE
routers exchange Announce packets to establish synchronization relationships. If
an interface of a 1588v2 router discards Announce packets, the router cannot
receive clock information from other 1588v2 routers. The ptp announce-drop
enable command is run on a user-side 1588v2 interface.
g. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
h. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
i. Run commit
The configuration is committed.
● Perform the following steps on each TC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp asymmetry-correction { positive | negative } correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
e. Run ptp enable
1588v2 is enabled on the interface.
f. Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 248
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
g. Run commit
The configuration is committed.
● Perform the following steps on each TCOC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp enable
1588v2 is enabled on the interface.
e. Run ptp tcoc-clock-id clock-source-id port-num port-num
The clock source traced by an interface on the TCOC is configured.
Unlike a TC, a TCOC has an OC interface to implement frequency
synchronization. The TCOC also has TC interfaces to transparently
transmit 1588v2 packets.
To specify a clock source that the OC interface on the TCOC tracks, run
the ptp tcoc-clock-id command. The OC interface can then receive
1588v2 packets to synchronize frequencies with the master clock
interface. If the ptp tcoc-clock-id command is not run on the OC
interface of the TCOC, each TCOC interface functions as a TC interface,
which only transparently transmits 1588v2 packets.
f. Run ptp asymmetry-correction { positive | negative } correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
g. Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
h. Run commit
The configuration is committed.
● Perform the following steps on each TCandBC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run interface interface-type interface-number
The interface view is displayed.
d. Run ptp port-type { bc | tc }
The clock type of the interface is set to TC or BC.
e. Run ptp domain domain-value
A domain ID is set in the interface view of a TC interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 249
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
A BC interface uses the same domain ID as that configured in the system view.
The TC interface on the TCandBC uses another domain ID configured in the
interface view.
f. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured for the router.
NOTE
Two interfaces on both ends of a link must use the same delay measurement
mechanism. A delay measurement mechanism inconsistency causes a
communication failure.
g. Run ptp enable
1588v2 is enabled on the interface.
h. Run ptp enable
1588v2 is enabled on the device.
i. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for 1588v2 packets to be sent.
j. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for 1588v2 packets.
k. Run commit
The configuration is committed.
----End
Specifying the 1588v2 Interface Status
This section describes how to specify the 1588v2 interface status. After 1588v2 is
enabled in the system and interface views, specify the 1588v2 status for interfaces.
The master/slave clock relationships can be established based on the plan.
Context
A 1588v2 interface works in a specific state:
● slave: A slave interface only tracks time information of a specific clock source.
Each 1588v2 device has a single slave interface.
● uncalibrated: An uncalibrated interface has detected one or more master
interfaces in the same clock domain. The uncalibrated interface selects a
master interface as a time source to synchronize with. The Uncalibrated state
is a temporary state. There are a few scenarios for the uncalibrated
parameter when static 1588v2 is used.
● passive: A passive interface does not trace or advertise time information.
Passive interfaces can send Delay_Req, Pdelay_Resp, Delay_Resp_Follow_Up,
signaling, and management response messages. If a device has multiple
master 1588v2 interfaces in the same clock domain, the device selects the
interface with the highest priority as the master clock. The interface
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 250
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
connected to the master clock is the slave clock. The unselected master
interfaces enter the Passive state and function as backups for the slave clock.
● master: A master interface only advertises time information.
● premaster: A premaster interface does not trace nor advertise time
information. Premaster interfaces can send Pdelay_Req, Pdelay_Resp,
Delay_Resp_Follow_Up, signaling, and management response messages.
● listening: A listening interface does not trace or advertise time information.
An OC working in slave-only mode changes from the Master state to the
Listening state if the OC fails.
● faulty: A faulty interface does not send 1588v2 packets, except for responses
to some management messages.
● disabled: A disabled interface sends no 1588v2 packets and discards all
received 1588v2 packets, except for management messages. Setting a 1588v2
interface to the Disabled state is equivalent to running the undo ptp enable
command in the interface view to disable 1588v2 on the interface.
● initializing: An initializing interface does not send or receive 1588v2 packets.
After statically specifying the 1588v2 interface status is enabled, all 15882v2
interfaces on a device work in the Initializing state by default.
The status of a TC interface is fixed to be premaster. Therefore, you cannot change
the status of the TC interfaces, including all the PTP interfaces on the E2ETC and
P2PTC devices and TC interfaces on the E2ETCOC, P2PTCOC, and TCandBC devices,
through command lines. Perform the following step on each of the OCs, BC, and
TCandBC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp set-port-state enable
Statically specifying the 15882v interface status is enabled.
NOTE
● Delete the state setting before you perform either of the following operations:
– Change the clock type to E2ETC, P2PTC, E2ETCOC, or P2PTCOC.
– Configure an interface on a TCandBC as a TC interface.
Step 3 Run interface interface-type interface-number
The interface view is displayed.
Step 4 Run ptp port-state { slave | uncalibrated | passive | master | premaster |
listening | faulty | disabled | initializing }
The 1588v2 interface is configured to work in a specified state.
Step 5 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 251
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
(Optional) Configuring Time Attributes for 1588v2 Packets
This section describes how to configure time attributes for 1588v2 packets. 1588v2
routers exchange Announce, Sync, and Delay or Pdelay packets to send time
information and maintain 1588v2 connections. You can set the interval at which a
1588v2 interface sends Announce, Sync, and Delay or Pdelay packets and the
maximum number of Announce packet timeouts. Using the default time attribute
values is recommended.
Context
Two devices exchange Announce packets to determine the master/slave
relationship. The master device sends Sync packets to notify the slave device of
time signal parameters and uses a delay measurement mechanism to achieve time
signals accuracy.
If routers exchange 1588v2 packets frequently and consume a lot of bandwidth
resources, increase the interval value. If the time synchronization accuracy is low,
reduce the interval value.
● Announce packets
To set the maximum number of Announce packets that a 1588v2 interface
fails to receive consecutively, run the ptp announce receipt-timeout
command. If the 1588v2 interface on a device fails to receive a specified
number of Announce packets, the interface status becomes Master, and the
device stops attempting to synchronize the time with other 1588v2 devices.
The device uses the BMC algorithm to select a clock source and synchronize
the time with the clock source. Increase receipt-timeout to reduce the clock
source switching frequency; reduce receipt-timeout to switch clock sources.
Using the default value is recommended.
● Sync packets
The master interface periodically sends multicast Sync packets.
The time when the Sync packets can be stamped into the Sync packets if the
one-step timestamping mode is used or into Follow_Up packets if the two-
step timestamping mode is used. To specify a timestamping mode, run the
ptp clock-step { one-step | two-step } command.
● Delay or Pdelay packets
A router uses a delay measurement mechanism to send request packets and
receive response packets from its remote router. The router uses timestamps
carried in the packets to correct time signals.
Perform the following steps on each 1588v2 router:
Procedure
● Configure time attributes for Announce packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 252
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run ptp announce-interval announce-interval
The interval at which the interface sends Announce packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to announce-interval
Remote timeout period of receiving Announce packets = Remotely
configured receipt-timeout x Local interval at which Announce packets
are sent
d. Run ptp announce receipt-timeout receipt-timeout
The maximum number of Announce packets that the interface fails to
receive is set. If the interface fails to consecutively receive the specified
maximum number of Announce packets, the interface enters the Master
state.
Local timeout period of receiving Announce packets = Locally configured
receipt-timeout x Remote interval at which Announce packets are sent
e. Run commit
The configuration is committed.
● Configure time attributes for Sync packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp sync-interval sync-interval
The interval at which the interface sends Sync packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to sync-interval
d. Run commit
The configuration is committed.
● Configure time attributes for Delay or Pdelay packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp min-delayreq-interval min-delayreq-interval
The interval at which the interface sends Delay_Req packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to min-delayreq-interval
d. Run ptp min-pdelayreq-interval min-pdelayreq-interval
The interval at which the interface sends Pdelay_Req packets is set. The
following formula applies:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 253
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Interval = 2n x 1/1024s, where n equals to min-pdelayreq-interval
e. Run commit
The configuration is committed.
----End
(Optional) Configuring a 1588v2 Packet Encapsulation Mode
1588v2 packets can be encapsulated into Layer 2 or Layer 3 packets. You can
configure an encapsulation mode for 1588v2 packets based on the actual network
conditions, as well as the destination addresses and transmission priority for the
1588v2 packets.
Prerequisites
Before configuring a 1588v2 packet encapsulation mode, check the link type used
for 1588v2 packet transmission.
● For the 1588v2 packets transmitted over a Layer 2 link, configure the MAC
encapsulation mode.
● For the 1588v2 packets transmitted over a Layer 3 link, configure the UDP
encapsulation mode.
Context
You can encapsulate 1588v2 messages into Layer 2 and Layer 3 packets and set
the destination address and transmission priority.
Perform the following steps on each 1588v2 device:
Procedure
● Configure the MAC encapsulation mode.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp mac-egress { destination-mac destination-mac | vlan vlan-id
[ priority priority-value ] }The MAC encapsulation mode is configured for
1588v2 packets to be sent from the interface, and a destination MAC
address is configured.
▪ For unicast MAC encapsulation
Run this command to specify the destination MAC address for the
1588v2 packets to be sent from the interface.
▪ For multicast MAC encapsulation
A default multicast destination MAC address is adopted, which
means that no extra configuration is required. Default multicast
destination MAC addresses for different delay measurement
mechanisms For details, see the following table.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 254
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-38 Default multicast destination MAC addresses for different
delay measurement mechanisms
Delay Measurement MAC Address
Mechanism
Non-peer delay measurement 01-1B-19-00-00-00
mechanism
Peer delay measurement 01-80-C2-00-00-0E
mechanism
NOTE
If no unicast destination MAC address is specified, the interface uses the
multicast destination MAC address by default.
d. Run ptp mac-egress vlan vlan-id [ priority priority ]
A VLAN ID and 802.1p value are set.
1588v2 services require higher priority than other services. A high
transmission priority minimizes the delay or congestion impact on clock
signal recovery. Using the default highest priority is recommended.
e. Run commit
The configuration is committed.
● Configure the UDP encapsulation mode.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
The UDP encapsulation mode is specified for the 1588v2 packets to be
sent by the interface and the source and destination IP addresses of
1588v2 packets are configured.
▪ For UDP unicast encapsulation:
Specify a destination IP address for unicast encapsulation.
▪ For UDP multicast encapsulation:
Multicast 1588v2 packets have a default multicast destination IP
address. Therefore, the destination-ip destination-ip parameter does
not need to be specified. The multicast destination IP address used
by UDP encapsulation varies according to the delay measurement
mechanism. For details, see the following table.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 255
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-39 Multicast destination IP addresses used for UDP
encapsulation in different delay measurement mechanisms
Delay Measurement IP Address
Mechanism
Non-peer delay measurement 224.0.1.129
mechanism
Peer delay measurement 224.0.0.107
mechanism
NOTE
If the destination-ip destination-ip parameter is not specified, the multicast IP
address is used by default.
d. Run ptp udp-egress destination-mac destination-mac
A next-hop MAC address is specified for the 1588v2 packets to be sent
from the interface.
e. Run ptp udp-egress source-ip source-ip [ dscp dscp ]
A DSCP value is set for the UDP 1588v2 packets to be sent from the
interface.
f. Run ptp udp-egress source-ip source-ip vlan vlan-id [ priority priority ]
A VLAN ID and a priority value are set for 1588v2 packets.
1588v2 services require a higher DSCP value and a higher priority value
than other services. A high transmission priority minimizes the delay or
congestion impact on clock signal recovery.
g. Run commit
The configuration is committed.
----End
Verifying the Configuration of Static 1588v2 Functions
After configuring static 1588v2 functions, verify the configuration.
Procedure
● Run the display ptp all [ state | config ] command to check the 1588v2
operating status and configurations.
● Run the display ptp interface interface-type interface-number command to
check 1588v2 information on a specific 1588v2 interface.
----End
1.1.8.2.6 Configuring UTC Time Correction
This section describes how to configure UTC time correction. This function helps
ensure time signal accuracy on a 1588v2 network and a fix offset between the
UTC and TAI time.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 256
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
The UTC time is Greenwich Mean Time (GMT) that is displayed on a 1588v2
device, There is a fixed offset between the UTC time and TAI time. The
International Earth Rotation Service (IERS) advertises the offset.
When a 1588v2 device tracks a BITS, the device uses the offset provided by the
BITS by default. If the BITS clock signals are lost, the 1588v2 uses the previous
offset, which may change. An offset change causes inaccurate time signals on the
1588v2 network.
To manually set the offset between the UTC time and TAI time, run the ptp utc-
offset command only on the grandmaster.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp utc-offset utc-offset
An accumulative offset between the UTC and TAI time is set.
Step 3 Run commit
The configuration is committed.
----End
Checking the Configuration
Run the following command to check the previous configuration.
Run the display ptp utc command to check the UTC time. For example:
<HUAWEI> display ptp utc
1.1.8.2.7 Configuring the Reference Interface for Deviation Measurement
A reference interface for deviation measurement can be configured on a device to
connect to the reference source (such as the BITS meter or Atom GPS) so that the
device and NCE can calculate and automatically compensate for the deviation. In
the intelligent clock solution, the reference interface-based deviation
measurement mode is generally used when base stations cannot obtain the GPS
deviation value.
Context
Only an interface supporting 1588 synchronization can be configured as the
reference interface. You can query the synchronization capability of interfaces
using commands.
On a ring network as shown in Figure 1-80, select a reference interface that
supports 1588 synchronization on the device where the passive interface is
located. On a chain network, select a reference interface that supports 1588
synchronization at the end node of the chain.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 257
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-80 Measurement on a Ring Network
Procedure
Step 1 Run display clock device-capability
The synchronization capability of interfaces is displayed. The interface whose 1588
attribute is Yes supports 1588 synchronization.
Step 2 Run system-view
The system view is displayed.
Step 3 Run ptp standard-time-port
The reference interface is configured based on the interface type.
Step 4 Run commit
The configuration is committed.
Step 5 Log in to iMaster NCE, and stop the measurement based on the result determined
by iMaster NCE, or select the next device to continue the measurement as
prompted.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 258
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Follow-up Procedure
After iMaster NCE obtains the network-wide deviation data and delivers the
compensation value, run the undo command to delete the reference interface
configurations of all devices to prevent interference to normal service running.
1.1.8.2.8 (Optional) Configuring Lightweight Time Synchronization
Lightweight time synchronization implements automatic identification and
switching within a device, loosening the requirements on time synchronization
precision and simplifying the configuration process.
Context
The system preferentially uses hop-by-hop 1588v2 time synchronization in In-situ
Flow Information Telemetry (IFIT) delay measurement scenarios. Hop-by-hop
1588v2 time synchronization requires that all devices on the network support
1588v2 in order to achieve delay measurement in the sub-microsecond range. If
some devices on the network do not support 1588v2, you can enable lightweight
and sub-millisecond-level time synchronization on downstream devices to achieve
delay measurement in the sub-millisecond range.
NOTE
This command does not need to be configured in non-IFIT scenarios. Otherwise, the time
synchronization precision is affected.
Lightweight clocks cannot be used in mobile backhaul scenarios, and the clock
synchronization precision cannot meet the performance requirements of base stations.
After lightweight time synchronization is enabled, reported PTSF alarms are cleared, and
new PTSF alarms cannot be reported.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp lite-sync sub-ms enable
Lightweight time synchronization is enabled.
Step 3 Run commit
The configuration is committed.
----End
1.1.8.2.9 Maintaining 1588v2
This section describes how to collect 1588v2 statistics, clear the 1588v2 statistics,
and monitor the 1588v2 running status.
Clearing 1588v2 Statistics
This section describes how to clear 1588v2 statistics.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 259
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
NOTICE
ACL statistics cannot be restored after being cleared. Exercise caution when
running the reset command.
After you confirm to clear 1588v2 statistics, run the following command.
Procedure
Step 1 Run the reset ptp statistics { all | interface interface-type interface-number }
command in the user view to clear statistics about 1588v2 packets.
----End
Monitoring the 1588v2 Operating Status
This section describes how to use the display ptp command to monitor the
1588v2 operating status. The command output includes the current operating
mode, clock synchronization status, clock source ID, and names of interfaces that
receive clock information.
Context
You can run the following command in any view to check the 1588v2 operating
status during routine maintenance.
Procedure
● Run the display ptp { all [ config | state ] | interface interface-type
interface-number }command to view the 1588v2 operating status.
----End
Configuring the Time Synchronization Alarm Function
The time synchronization alarm function can be configured to help monitor the
time synchronization status. When a time synchronization alarm is generated, the
alarm information will be reported to the NMS for further troubleshooting and
maintenance.
Context
Perform the following steps on a device:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run any of the following commands:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 260
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● To configure the alarm threshold for the clock class value of a PTP source, run
the ptp alarm-threshold clock-class clock-class-value command.
● To configure the alarm threshold for the absolute time offset of a PTP source,
run the ptp alarm-threshold standard-time-offset time-offset-value
command.
● To configure the alarm threshold of the peak value of the accumulated time
offsets of a PTP source, run the ptp alarm-threshold time-offset-sum time-
offset-sum command.
● To configure an alarm threshold for frequency offset at the physical layer, run
the clock alarm-threshold frequency-offset frequency-offset-value
command.
Step 3 Run commit
The configuration is committed.
----End
1.1.8.2.10 Configuration Examples for 1588v2
This chapter provides 1588v2 configuration examples. The configuration roadmap
in the examples will help you understand the configuration procedures. Each
configuration example includes networking requirements, configuration roadmap,
data preparation, configuration procedure, and configuration files.
Example for Configuring the Unicast UDP Encapsulation Mode for 1588v2 Packets
to Implement Network-wide Clock Synchronization
1588v2 is used to transmit frequency signals and time signals from the BITS server,
allowing network-wide clock synchronization on the wireless transport network
and wireless access network. For the gNodeBs that support only UDP
encapsulation, NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms can
send UDP-encapsulated 1588v2 packets to these gNodeBs.
Context
Networking Requirements
On the network shown in Figure 1-81, the transport network transmits wireless
services between gNodeBs, and all transport network nodes support 1588v2. Core
nodes PE1 and PE2 receive time information from the BITS server. gNodeB-2
supports SyncE, instead of 1588v2. Both gNodeB-1 and gNodeB-3 support 1588v2.
PE1 and PE2 dynamically select the grandmaster clock. The grandmaster clock
transmits 1588v2 time signals over the entire network. 1588v2-enabled gNodeBs
and PEs can also achieve time synchronization in addition to frequency
synchronization.
Because all nodes on the transport network support 1588v2, they can be
configured as BCs to transmit clock information. For gNodeB-2 that does not
support 1588v2, frequency information can be transmitted through the clock
signals over an E1 line.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 261
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-81 Configuring the unicast MAC encapsulation mode for 1588v2 packets
to implement network-wide clock synchronization
NOTE
The configurations in this example are performed on PE1, PE2, CE1, and CE2. HUAWEI
NetEngine 8100 M14/M8, NetEngine 8000 M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series can function as PE1, PE2, CE1, and CE2.
Device Name Interface Name Interface IP Address Interface MAC Address
PE1 GE 0/2/0 10.0.0.1/24 00e0-fc22-1111
PE1 GE 0/1/0 172.16.0.1/24 00e0-fc11-1111
PE2 GE 0/2/0 10.0.0.2/24 00e0-fc22-2222
PE2 GE 0/1/0 192.168.0.1/24 00e0-fc11-2222
CE1 GE 0/2/0 172.16.0.2/24 00e0-fc22-1111
CE1 GE 0/1/0 10.10.0.1/24 00e0-fc22-3333
CE2 GE 0/1/0 192.168.0.2/24 00e0-fc22-4444
CE2 GE 0/1/1 172.16.1.1/24 00e0-fc22-5555
gNodeB-1 - 10.10.0.2/24 00e0-fc33-1111
gNodeB-3 - 172.16.1.2/24 00e0-fc33-2222
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 262
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Configure a routing protocol and ensure the communion between devices. In
this example, OSPF is used.
2. Connect PE1 and PE2 to BITS servers.
3. Configure PE1, PE2, CE1, and CE2 as BCs.
4. Configure the unicast UDP encapsulation mode for 1588v2 packets.
Data Preparation
To complete the configuration, you need the following data:
● Delay measurement mechanism of 1588 links: PDelay
● Value of the 1588v2 domain where clock devices reside
● Interval at which Announce messages are sent and the number of times
Announce message receiving times out
● Interval at which Sync messages are sent
● Interval at which PDelay messages are sent
Procedure
Step 1 Assign an IP address to each interface and configure OSPF. The configuration
details are not provided here.
Step 2 Configure PE1 and PE2 to use clock interfaces to import BITS signals.
1. Configure PE1 to import BITS1 signals from BITS-1, participate in dynamic
1588v2 clock source selection, and import 1588v2 time signals.
[*PE1] ptp enable
[*PE1] clock bits-type bits1 1pps input
[*PE1] ptp clock-source bits1 on
[*PE1] ptp clock-source bits1 priority1 2
[*PE1] clock source ptp synchronization enable
[*PE1] clock source ptp priority 1
[*PE1] ptp source-switch ptsf enable
[*PE1] commit
2. Configure PE2 to import BITS1 signals from BITS-2, participate in dynamic
1588v2 clock source selection, and import 1588v2 time signals.
[*PE2] ptp enable
[*PE2] clock bits-type bits1 1pps input
[*PE2] ptp clock-source bits1 on
[*PE2] ptp clock-source bits1 priority1 1
[*PE2] clock source ptp synchronization enable
[*PE2] clock source ptp priority 1
[*PE2] ptp source-switch ptsf enable
[*PE2] commit
Step 3 Configure PE1, PE2, CE1, and CE2 as BCs.
1. Enable 1588v2 and configure 1588v2 parameters on PE1.
[*PE1] ptp enable
[*PE1] ptp device-type bc
[*PE1] ptp domain 1
[*PE1] commit
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*PE1-GigabitEthernet0/1/0] ptp enable
[*PE1-GigabitEthernet0/1/0] ptp udp-egress source-ip 172.16.0.1 destination-ip 172.16.0.2
[*PE1-GigabitEthernet0/1/0] ptp udp-egress destination-mac 00e0-fc22-1111
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 263
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~PE1] interface gigabitethernet 0/2/0
[~PE1-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*PE1-GigabitEthernet0/2/0] ptp enable
[*PE1-GigabitEthernet0/2/0] ptp udp-egress source-ip 10.0.0.1 destination-ip 10.0.0.2
[*PE1-GigabitEthernet0/2/0] ptp udp-egress destination-mac 00e0-fc22-2222
[*PE1-GigabitEthernet0/2/0] commit
[~PE1-GigabitEthernet0/2/0] quit
2. Enable 1588v2 and configure 1588v2 parameters on PE2.
[*PE2] ptp enable
[*PE2] ptp device-type bc
[*PE2] ptp domain 1
[*PE2] commit
[~PE2] interface gigabitethernet 0/1/0
[~PE2-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*PE2-GigabitEthernet0/1/0] ptp enable
[*PE2-GigabitEthernet0/1/0] ptp udp-egress source-ip 192.168.0.1 destination-ip 192.168.0.2
[*PE2-GigabitEthernet0/1/0] ptp udp-egress destination-mac 00e0-fc22-4444
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
[~PE2] interface gigabitethernet 0/2/0
[~PE2-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*PE2-GigabitEthernet0/2/0] ptp enable
[*PE2-GigabitEthernet0/2/0] ptp udp-egress source-ip 10.0.0.2 destination-ip 10.0.0.1
[*PE2-GigabitEthernet0/2/0] ptp udp-egress destination-mac 00e0-fc22-1111
[*PE2-GigabitEthernet0/2/0] commit
[~PE2-GigabitEthernet0/2/0] quit
3. Enable 1588v2 and configure 1588v2 parameters on CE1.
[*CE1] ptp enable
[*CE1] ptp device-type bc
[*CE1] ptp domain 1
[*CE1] commit
[~CE1] interface gigabitethernet 0/2/0
[~CE1-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*CE1-GigabitEthernet0/2/0] ptp enable
[*CE1-GigabitEthernet0/2/0] ptp udp-egress source-ip 172.16.0.2 destination-ip 172.16.0.1
[*CE1-GigabitEthernet0/2/0] ptp udp-egress destination-mac 00e0-fc11-1111
[*CE1-GigabitEthernet0/2/0] commit
[~CE1-GigabitEthernet0/2/0] quit
[~CE1] interface gigabitethernet 0/1/0
[~CE1-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*CE1-GigabitEthernet0/1/0] ptp enable
[*CE1-GigabitEthernet0/1/0] ptp udp-egress source-ip 10.10.0.1 destination-ip 10.10.0.2
[*CE1-GigabitEthernet0/1/0] ptp udp-egress destination-mac 00e0-fc33-1111
[*CE1-GigabitEthernet0/1/0] commit
[~CE1-GigabitEthernet0/1/0] quit
4. Configure gNodeB-1 to receive 1588v2 packets from CE1. The configuration
details are not provided here.
5. Enable 1588v2 and configure 1588v2 parameters on CE2. Specify 1588v2 time
signals as the local primary clock reference source.
[*CE2] ptp enable
[*CE2] ptp device-type bc
[*CE2] ptp domain 1
[*CE2] clock manual source ptp
[*CE2] commit
[~CE2] interface gigabitethernet 0/1/0
[~CE2-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*CE2-GigabitEthernet0/1/0] ptp enable
[*CE2-GigabitEthernet0/1/0] ptp udp-egress source-ip 192.168.0.2 destination-ip 192.168.0.1
[*CE2-GigabitEthernet0/1/0] ptp udp-egress destination-mac 00e0-fc11-2222
[*CE2-GigabitEthernet0/1/0] commit
[*CE2-GigabitEthernet0/1/0] quit
[~CE2] interface gigabitethernet 0/1/1
[~CE2-GigabitEthernet0/1/1] ptp delay-mechanism pdelay
[*CE2-GigabitEthernet0/1/1] ptp enable
[*CE2-GigabitEthernet0/1/1] ptp udp-egress source-ip 172.16.1.1 destination-ip 172.16.1.2
[*CE2-GigabitEthernet0/1/1] ptp udp-egress destination-mac 00e0-fc33-2222
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 264
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*CE2-GigabitEthernet0/1/1] commit
[~CE2-GigabitEthernet0/1/1] quit
6. Configure gNodeB-3 to receive 1588v2 packets from CE2. The configuration
details are not provided here.
Step 4 Configure CE2 to use WAN clock techniques to transmit clock signals to gNodeB-2.
a. Configure an E1 interface on CE2 as the master clock.
[*CE2] controller e1 0/2/0
[*CE2-E1 0/2/0] clock master
[*CE2-E1 0/2/0] commit
b. Configure the interface that connects gNodeB-2 to CE2 as the slave clock. The
configuration details are not provided here.
Step 5 Configure 1588v2 packet attributes on PE1, PE2, CE1, and CE2.
1. Configure CE1.
[~CE1] interface gigabitethernet 0/2/0
[~CE1-GigabitEthernet0/2/0] ptp announce receipt-timeout 10
[*CE1-GigabitEthernet0/2/0] ptp min-pdelayreq-interval 10
[*CE1-GigabitEthernet0/2/0] commit
[~CE1-GigabitEthernet0/2/0] quit
[~CE1] interface gigabitethernet 0/1/0
[~CE1-GigabitEthernet0/1/0] ptp announce-drop enable
[*CE1-GigabitEthernet0/1/0] commit
2. Configure CE2.
[~CE2] interface gigabitethernet 0/1/0
[~CE2-GigabitEthernet0/1/0] ptp announce receipt-timeout 10
[*CE2-GigabitEthernet0/1/0] ptp min-pdelayreq-interval 10
[*CE2-GigabitEthernet0/1/0] commit
[~CE2-GigabitEthernet0/1/0] quit
[~CE2] interface gigabitethernet 0/1/1
[~CE2-GigabitEthernet0/1/1] ptp announce-drop enable
[*CE2-GigabitEthernet0/1/1] commit
3. Configure PE1.
[~PE1] interface gigabitethernet 0/2/0
[~PE1-GigabitEthernet0/2/0] ptp announce receipt-timeout 10
[*PE1-GigabitEthernet0/2/0] commit
[~PE1-GigabitEthernet0/2/0] quit
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] ptp announce-interval 8
[*PE1-GigabitEthernet0/1/0] ptp min-pdelayreq-interval 10
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
4. Configure PE2.
[~PE2] interface gigabitethernet 0/2/0
[~PE2-GigabitEthernet0/2/0] ptp announce receipt-timeout 10
[*PE2-GigabitEthernet0/2/0] commit
[*PE2-GigabitEthernet0/2/0] quit
[~PE2] interface gigabitethernet 0/1/0
[~PE2-GigabitEthernet0/1/0] ptp announce-interval 8
[*PE2-GigabitEthernet0/1/0] ptp min-pdelayreq-interval 10
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
Step 6 Verify the configuration.
After completing the configurations, run the display ptp all state command to
view the 1588v2 operating status. The following example uses the command
output on CE1. The command output shows that GE 0/2/0 of CE1 is working in the
Slave state, the grandmaster clock ID is 000a0bfffe0c0dd4, and the parent clock ID
is also 000a0bfffe0c0dd4. CE1 has synchronized with the master clock source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 265
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<CE1> display ptp all state
Device config info
------------------------------------------------------------------
PTP state :enabled Domain value :1
Slave only :no Device type :BC
Set port state :no Local clock ID :000a0bfffe0c0d42
Acl :no Virtual clock ID :no
Acr :no Time lock success :yes
Asymmetry measure :disable Passive measure :disable
BMC run info
------------------------------------------------------------------
Grand clock ID :000a0bfffe0c0dd4
Receive number :GigabitEthernet0/2/0
Parent clock ID :000a0bfffe0c0dd4
Parent portnumber :6417
Priority1 :128 Priority2 :128
Step removed :1 Clock accuracy :49
Clock class :187 Time Source :160
UTC Offset :0 UTC Offset Valid :False
Timescale :ARB Time Traceable :False
Leap :None Frequence Traceable:False
Offset scaled :0xffff Sync uncertain :False
Port info
Name State Delay-mech Ann-timeout Type Domain
------------------------------------------------------------------------
GigabitEthernet0/2/0 slave pdelay 10 BC 1
Time Performance Statistics(ns): Slot X Card X Port X
------------------------------------------------------------------------
Realtime(T2-T1) :534 Pathdelay :0
Max(T2-T1) :887704804
Min(T2-T1) :512
Clock source info
Clock Pri1 Pri2 Accuracy Class TimeSrc Signal Switch Direction In-Status
------------------------------------------------------------------------
local 200 128 0x31 187 0xa0 - - - -
bits1/6 128 128 0x20 6 0x20 none off -/- abnormal
bits1/7 128 128 0x20 6 0x20 none off -/- abnormal
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
ptp enable
ptp device-type bc
ptp domain 1
#
interface GigabitEthernet0/2/0
undo shutdown
ip address 172.16.0.2 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp announce receipt-timeout 10
ptp min-pdelayreq-interval 10
ptp udp-egress source-ip 172.16.0.2 destination-ip 172.16.0.1
ptp udp-egress destination-mac 00e0-fc11-1111
#
interface GigabitEthernet0/1/0
undo shutdown
ip address 10.10.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 266
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ptp min-pdelayreq-interval 10
ptp announce-drop enable
ptp udp-egress source-ip 10.10.0.1 destination-ip 10.10.0.2
ptp udp-egress destination-mac 00e0-fc33-1111
#
ospf 1
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 10.10.0.0 0.0.0.255
#
● CE2 configuration file
#
sysname CE2
#
ptp enable
ptp device-type bc
ptp domain 1
clock manual source ptp
#
interface GigabitEthernet0/1/0
undo shutdown
ip address 192.168.0.2 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp announce receipt-timeout 10
ptp min-pdelayreq-interval 10
ptp udp-egress source-ip 192.168.0.2 destination-ip 192.168.0.1
ptp udp-egress destination-mac 00e0-fc11-2222
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 172.16.1.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp announce-drop enable
ptp udp-egress source-ip 172.16.1.1 destination-ip 172.16.1.2
ptp udp-egress destination-mac 00e0-fc33-2222
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
● PE1 configuration file
#
sysname PE1
#
ptp enable
clock bits-type bits1 1pps input
ptp clock-source bits1 on
ptp clock-source bits1 priority1 2
clock source ptp synchronization enable
clock source ptp priority 1
ptp device-type bc
ptp domain 1
interface GigabitEthernet0/1/0
undo shutdown
ip address 172.16.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp announce-interval 8
ptp min-delayreq-interval 10
ptp udp-egress source-ip 172.16.0.1 destination-ip 172.16.0.2
ptp udp-egress destination-mac 00e0-fc22-1111
interface GigabitEthernet0/2/0
undo shutdown
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 267
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ip address 10.0.0.1 255.255.255.0
ptp announce receipt-timeout 10
ptp udp-egress source-ip 10.0.0.1 destination-ip 10.0.0.2
ptp udp-egress destination-mac 00e0-fc22-2222
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
network 172.16.0.0 0.0.0.255
#
● PE2 configuration file
#
sysname PE2
#
ptp enable
clock bits-type bits1 1pps input
ptp clock-source bits1 on
ptp clock-source bits1 priority1 1
clock source ptp synchronization enable
clock source ptp priority 1
ptp device-type bc
ptp domain 1
interface GigabitEthernet0/1/0
undo shutdown
ip address 192.168.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp announce-interval 8
ptp min-delayreq-interval 10
ptp udp-egress source-ip 192.168.0.1 destination-ip 192.168.0.2
ptp udp-egress destination-mac 00e0-fc22-4444
interface gigabitethernet 0/2/0
undo shutdown
ip address 10.0.0.2 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
ptp udp-egress source-ip 10.0.0.2 destination-ip 10.0.0.1
ptp udp-egress destination-mac 00e0-fc22-1111
ptp announce receipt-timeout 10
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
network 192.168.0.0 0.0.0.255
#
Example for Configuring the Multicast MAC Encapsulation Mode for 1588v2
Packets to Implement Network-wide Clock Synchronization
1588v2 is used to transmit frequency signals and time signals from the BITS server,
allowing network-wide clock synchronization on the wireless transport network
and wireless access network. NetEngine 8100 M, NetEngine 8000E M, NetEngine
8000 Ms by default use the multicast MAC encapsulation mode to transmit
1588v2 packets. For gNodeBs that support multicast MAC encapsulation of 1588v2
packets, it is convenient to implement network-wide clock synchronization by
configuring all NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms as
BCs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 268
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Networking Requirements
On the network shown in Figure 1-82, the transport network transmits wireless
services between gNodeBs, and all transport network nodes support 1588v2. Core
nodes PE1 and PE2 receive time information from the BITS server. gNodeB-2
supports SyncE, instead of 1588v2. Both gNodeB-1 and gNodeB-3 support 1588v2.
PE1 and PE2 dynamically select the grandmaster clock. The grandmaster clock
transmits 1588v2 time signals over the entire network. Frequency synchronization
can be achieved between gNodeBs and transport network devices. Time
synchronization can be achieved between 1588v2-capable gNodeBs and transport
network devices.
Because all nodes on the transport network support 1588v2, they can be
configured as BCs to transmit clock information. For gNodeB-2 that does not
support 1588v2, frequency information can be transmitted through the clock
signals over an E1 line.
Figure 1-82 Configuring the multicast MAC encapsulation mode for 1588v2
packets to implement network-wide clock synchronization
NOTE
The configurations in this example are performed on PE1, PE2, CE1, and CE2. HUAWEI
NetEngine 8100 M14/M8, NetEngine 8000 M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series can function as PE1, PE2, CE1, and CE2.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 269
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Device Name Interface Name Interface IP Address
PE1 GE 0/2/0 10.0.0.1/24
PE1 GE 0/1/0 172.16.0.1/24
PE2 GE 0/2/0 10.0.0.2/24
PE2 GE 0/1/0 192.168.0.1/24
CE1 GE 0/2/0 172.16.0.2/24
CE1 GE 0/1/0 10.10.0.1/24
CE2 GE 0/1/0 192.168.0.2/24
CE2 GE 0/1/1 172.16.1.1/24
gNodeB-1 - 10.10.0.2/24
gNodeB-3 - 172.16.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Connect PE1 and PE2 to BITS servers.
2. Configure PE1, PE2, CE1, and CE2 as BCs.
NOTE
Configure devices to use the default multicast MAC encapsulation mode to transmit 1588v2
packets.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 270
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Data Preparation
To complete the configuration, you need the following data:
● Delay measurement mechanism of 1588 links: PDelay
● Value of the 1588v2 clock domain where clock devices reside
● Interval at which Announce messages are sent and the number of times
Announce message receiving times out
● Interval at which Sync messages are sent
● Interval at which PDelay messages are sent
Procedure
Step 1 Assign an IP address to each interface and configure OSPF. The configuration
details are not provided here.
Step 2 Configure PE1 and PE2 to use clock interfaces to import BITS signals.
1. Configure PE1 to import clock signals from the external BITS source BITS1,
participate in master clock selection on the 1588v2 network, and import
1588v2 time signals.
[*PE1] ptp enable
[*PE1] clock bits-type bits1 1pps input
[*PE1] ptp clock-source bits1 on
[*PE1] ptp clock-source bits1 priority1 2
[*PE1] ptp source-switch ptsf enable
[*PE1] commit
2. Configure PE2 to import clock signals from the external BITS source BITS2,
participate in master clock selection on the 1588v2 network, and import
1588v2 time signals.
[*PE2] ptp enable
[*PE2] clock bits-type bits1 1pps input
[*PE2] ptp clock-source bits1 on
[*PE2] ptp clock-source bits1 priority1 1
[*PE2] ptp source-switch ptsf enable
[*PE2] commit
Step 3 Configure PE1, PE2, CE1, and CE2 as BCs.
1. Enable 1588v2 and configure 1588v2 parameters on PE1.
[*PE1] ptp enable
[*PE1] ptp device-type bc
[*PE1] ptp domain 1
[*PE1] commit
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*PE1-GigabitEthernet0/1/0] ptp enable
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
[~PE1] interface gigabitethernet 0/2/0
[~PE1-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*PE1-GigabitEthernet0/2/0] ptp enable
[*PE1-GigabitEthernet0/2/0] commit
[~PE1-GigabitEthernet0/2/0] quit
2. Enable 1588v2 and configure 1588v2 parameters on PE2.
[*PE2] ptp enable
[*PE2] ptp device-type bc
[*PE2] ptp domain 1
[*PE2] commit
[~PE2] interface gigabitethernet 0/1/0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 271
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~PE2-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*PE2-GigabitEthernet0/1/0] ptp enable
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
[~PE2] interface gigabitethernet 0/2/0
[~PE2-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*PE2-GigabitEthernet0/2/0] ptp enable
[*PE2-GigabitEthernet0/2/0] commit
[~PE2-GigabitEthernet0/2/0] quit
3. Enable 1588v2 and configure 1588v2 parameters on CE1.
[*CE1] ptp enable
[*CE1] ptp device-type bc
[*CE1] ptp domain 1
[*CE1] commit
[~CE1] interface gigabitethernet 0/2/0
[~CE1-GigabitEthernet0/2/0] ptp delay-mechanism pdelay
[*CE1-GigabitEthernet0/2/0] ptp enable
[*CE1-GigabitEthernet0/2/0] commit
[~CE1-GigabitEthernet0/2/0] quit
[*CE1] interface gigabitethernet 0/1/0
[~CE1-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*CE1-GigabitEthernet0/1/0] ptp enable
[*CE1-GigabitEthernet0/1/0] commit
[~CE1-GigabitEthernet0/1/0] quit
4. Configure gNodeB-1 to receive 1588v2 packets from CE1. The configuration
details are not provided here.
5. Enable 1588v2 and configure 1588v2 parameters on CE2. Specify 1588v2 time
signals as the local primary clock reference source.
[*CE2] ptp enable
[*CE2] ptp device-type bc
[*CE2] ptp domain 1
[*CE2] commit
[~CE2] interface gigabitethernet 0/1/1
[~CE2-GigabitEthernet0/1/1] ptp delay-mechanism pdelay
[*CE2-GigabitEthernet0/1/1] ptp enable
[*CE2-GigabitEthernet0/1/1] commit
[~CE2-GigabitEthernet0/1/1] quit
[~CE2] interface gigabitethernet 0/1/0
[~CE2-GigabitEthernet0/1/0] ptp delay-mechanism pdelay
[*CE2-GigabitEthernet0/1/0] ptp enable
[*CE2-GigabitEthernet0/1/0] commit
[~CE2-GigabitEthernet0/1/0] quit
Step 4 Verify the configuration.
After completing the configurations, run the display ptp all state command to
view the 1588v2 operating status. The following example uses the command
output on CE1. The command output shows that GE 0/2/0 of CE1 is working in the
Slave state, the grandmaster clock ID is 000a0bfffe0c0dd4, and the parent clock ID
is also 000a0bfffe0c0dd4. CE1 has synchronized with the master clock source.
<CE1> display ptp all
Device config info
------------------------------------------------------------------
PTP state :enabled Domain value :1
Slave only :no Device type :BC
Set port state :no Local clock ID :000a0bfffe0c0d42
Acl :no Virtual clock ID :no
Acr :no Time lock success :yes
Asymmetry measure :disable Passive measure :disable
BMC run info
------------------------------------------------------------------
Grand clock ID :000a0bfffe0c0dd4
Receive number :GigabitEthernet0/2/0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 272
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Parent clock ID :000a0bfffe0c0dd4
Parent portnumber :6417
Priority1 :128 Priority2 :128
Step removed :1 Clock accuracy :49
Clock class :187 Time Source :160
UTC Offset :0 UTC Offset Valid :False
Timescale :ARB Time Traceable :False
Leap :None Frequence Traceable:False
Offset scaled :0xffff Sync uncertain :False
Port info
Name State Delay-mech Ann-timeout Type Domain
------------------------------------------------------------------------
GigabitEthernet0/2/0 slave pdelay 10 BC 1
Time Performance Statistics(ns): Slot X Card X Port X
------------------------------------------------------------------------
Realtime(T2-T1) :534 Pathdelay :0
Max(T2-T1) :887704804
Min(T2-T1) :512
Clock source info
Clock Pri1 Pri2 Accuracy Class TimeSrc Signal Switch Direction In-Status
------------------------------------------------------------------------
local 200 128 0x31 187 0xa0 - - - -
bits1/6 128 128 0x20 6 0x20 none off -/- abnormal
bits1/7 128 128 0x20 6 0x20 none off -/- abnormal
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
ptp enable
ptp device-type bc
ptp domain 1
#
interface GigabitEthernet0/2/0
undo shutdown
ip address 172.16.0.2 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
interface GigabitEthernet0/1/0
undo shutdown
ip address 10.10.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
ospf 1
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 10.10.0.0 0.0.0.255
#
● CE2 configuration file
#
sysname CE2
#
ptp enable
ptp device-type bc
ptp domain 1
#
interface GigabitEthernet0/1/0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 273
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
undo shutdown
ip address 192.168.0.2 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 172.16.1.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
ospf 1
area 0.0.0.0
network 192.168.0.0 0.0.0.255
network 172.16.1.0 0.0.0.255
#
● PE1 configuration file
#
sysname PE1
#
ptp enable
clock bits-type bits1 1pps input
ptp clock-source bits1 on
ptp clock-source bits1 priority1 2
ptp device-type bc
ptp domain 1
interface GigabitEthernet0/1/0
undo shutdown
ip address 172.16.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
interface GigabitEthernet0/2/0
undo shutdown
ip address 10.0.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
network 172.16.0.0 0.0.0.255
#
● PE2 configuration file
#
sysname PE2
#
ptp enable
clock bits-type bits1 1pps input
ptp clock-source bits1 on
ptp clock-source bits1 priority1 1
ptp device-type bc
ptp domain 1
interface GigabitEthernet0/1/0
undo shutdown
ip address 192.168.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
interface gigabitethernet 0/2/0
undo shutdown
ip address 10.0.0.1 255.255.255.0
ptp enable
ptp delay-mechanism pdelay
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 274
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
network 192.168.0.0 0.0.0.255
#
1.1.8.3 G.8275.1 Configuration
1.1.8.3.1 Overview of G.8275.1
Concepts of G.8275.1
ITU-T defines the precision time protocol telecom profile for phase/time
synchronization with full timing support from the network, known as G.8275.1,
which is a time synchronization protocol.
A physical network can be logically divided into multiple clock domains. Each
clock domain has its own independent synchronous time, with which clocks in the
same domain synchronize.
Each node on a time synchronization network is called a clock. G.8275.1 defines
the following types of clocks:
● Telecom grandmaster (T-GM): A T-GM can only be the master clock that
provides time synchronization.
● Telecom-boundary clock (T-BC): A T-BC has more than one G.8275.1 interface.
One interface of the T-BC synchronizes time signals with an upstream clock,
and the other interfaces distribute the time signals to downstream clocks.
● Telecom transparent clock (T-TC): A T-TC has more than one G.8275.1
interface through which the T-TC forwards G.8275.1 packets, and corrects the
packet transmission delay. A T-TC does not synchronize the time through any
of these G.8275.1 interfaces.
● Telecom time slave clock (T-TSC): A T-TSC can only be the slave clock that
synchronizes the time information of the upstream device.
NOTE
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M can function only as a
T-BC or T-TC.
1.1.8.3.2 Configuration Precautions for G.8275.1
Feature Requirements
None
1.1.8.3.3 Configuring G.8275.1
Usage Scenario
On the network shown in Figure 1-83, the BITS interface that functions as the T-
GM obtains high-accuracy time information from a global positioning system
(GPS), encapsulates the information into a G.8275.1 packet, and sends the packet
to the bearer network. A bearer network device that functions as the T-BC
transparently transmits the time information to all devices on the bearer network.
BCs send high-accuracy time information carried in the G.8275.1 packet to
wireless access devices, such as a gNodeB.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 275
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-83 G.8275.1 application over a bearer network
Pre-configuration Tasks
● Set physical parameters of interfaces and ensure that the interfaces are
physically Up.
Configuring a BITS Source As the T-GM
You can configure a building integrated timing supply system (BITS) source as the
telecom grandmaster (T-GM). The T-GM is connected to telecom boundary clocks
(T-BCs) through Ethernet clock interfaces. The T-GM serves as the grandmaster
clock to provide time signals to T-BCs on the transport network, allowing time
synchronization between T-BCs and the T-GM.
Context
For details about configuring a BITS source as the T-GM, see the BITS source
configuration guide.
NOTE
When a device connects to an external BITS source, the configuration needs to be
performed on the local device. By default, the clock accuracy value of a BITS source is 0x20.
When the default value is used, downstream devices cannot communicate with the local
device using the G.8275.1 protocol of the 2014 version. This is because the clock accuracy in
this version can only be set to 0x21 or 0xFE. In this scenario, you are advised to set the
clock accuracy of a BITS source to 0x21.
Globally Configuring G.8275.1
To ensure G.8275.1 for time synchronization, you need to globally enable G.8275.1
in the system view, set the device type to T-BC/T-TC, and configure basic
information such as the domain value and virtual clock ID.
Context
Perform the following steps on each T-BC/T-TC:
Procedure
Step 1 Run system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 276
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The system view is displayed.
Step 2 Run ptp enable
PTP is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you can run
the ptp uhpc enable command to improve the precision of time synchronization.
To view the capabilities supported by the corresponding port, run the display ptp
interface { interface-name | interface-type interface-number } command.
Step 3 Run ptp profile g-8275-1 enable
G.8275.1 is enabled on the device.
Step 4 Run ptp device-type { t-bc | t-tc }
The device type is set to T-BC or T-TC.
Step 5 (Optional) Run ptp domain domain-value The clock domain where the device
resides is configured.
NOTE
When G.8275.1 is used to perform time synchronization, T-BCs and T-TCs must reside in the
same clock domain.
Step 6 (Optional) Run ptp source-switch ptsf enable The packet timing signal fail
(PTSF)-triggered source switching function is enabled.
After this function is enabled, the device automatically switches to another valid
time source if the current time source has an offset change greater than 1.1 µs for
three consecutive seconds or the signal fails due to the loss of Sync packets. After
the time source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to restore the current time source. If you want to
automatically restore the time source after a certain period of time, run the ptp
ptsf auto-recovery-time command to configure the PTSF auto-recovery time. By
default, the PTSF auto-recovery time is 0 minute, that is, the function is disabled.
Step 7 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
Step 8 (Optional) Run ptp local-clock-class holdoff-time time-value
The hold-off time for the clock class of the local source is configured on the
device.
Step 9 (Optional) Configure automatic measurement on fiber asymmetry on the T-BC.
1. Run ptp asymmetry-measure enable
Automatic measurement on fiber asymmetry is enabled on the device.
2. Run ptp passive-measure enable
The performance monitoring function is enabled on the passive interface of
the device.
3. Run ptp passive-measure alarm-threshold alarm-threshold-value
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 277
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
An alarm threshold is configured for the time offset (time difference between
the master and slave clocks) on the passive interface of the device.
Step 10 (Optional) Configure the clock source access control function on the T-BC..
1. Run ptp acl enable
The clock source access control function is enabled.
2. Run ptp acl-permit-clockid clockid-value
A clock ID is configured for another T-BC which is allowed to participate in
BMC selection.
Step 11 (Optional) Run ptp max-steps-removed max-steps-removed-value on the T-BC.
The maximum number of hops for time synchronization is configured. A clock
source is considered unavailable if the value of stepsRemoved in the Announce
packets received by the clock source is greater than or equal to the value of max-
steps-removed-value.
Step 12 Run commit
The configuration is committed.
----End
Configuring Clock Source Attributes for BMC Selection
After BITS signal input is configured on multiple T-BCs, you can configure the
clock source attributes of the T-BCs to allow them to participate in best master
clock (BMC) selection. You can also configure the local clocks of T-BCs to
participate in BMC selection. The BMC algorithm (BMCA) helps routers to
dynamically select a master clock. The master clock provides time signals for the
entire G.8275.1 network. T-BCs use G.8275.1 to achieve time synchronization with
the grandmaster clock.
Context
Perform the following steps on each router connected to a BITS source on a G.
8275.1 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp clock-source local priority2 priority2-value
The priority2 of the local clock source is configured.
Step 3 Run ptp clock-source local local-priority local-priority-value
The priority of the local clock source is configured.
Step 4 Run ptp clock-source local time-source time-source-value
The time source attribute of the local clock source is configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 278
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Run commit
The configuration is committed.
----End
(Optional) Configuring the Time Synchronization Alarm Function
After the time synchronization alarm function is configured to monitor time
synchronization status information, the alarm information will be reported to the
NMS for further troubleshooting and maintenance.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure the time synchronization alarm function as required.
● To configure the alarm threshold for PTP source input deterioration, run the
ptp alarm-threshold clock-class clock-class-value command.
● To configure the alarm threshold for the PTP source absolute time reference,
run the ptp alarm-threshold standard-time-offset time-offset-value
command.
● To configure the alarm threshold for the peak value of the accumulated PTP
source time offsets, run the ptp alarm-threshold time-offset-sum time-
offset-sum command.
Step 3 Run commit
The configuration is committed.
----End
Configuring G.8275.1 on an Interface
After enabling G.8275.1 in the system view, you need to enable G.8275.1 in the
interface view.
Context
Perform the following operations on the T-BC and T-TC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 279
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Run ptp enable
PTP is enabled on the interface.
Step 4 (Optional) Run ptp notslave disable on the T-BC
The notslave attribute of the interface is set to FALSE.
Step 5 (Optional) Run ptp local-priority local-priority-value
The local priority of a PTP interface is set.
Step 6 (Optional) Run ptp asymmetry-correction { positive | negative } correction-
value
The asymmetric correction time for sending G.8275.1 packets on the interface is
set.
Step 7 (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode of the synchronization packets sending by the G.8275.1
port is set.
Step 8 Run commit
The configuration is committed.
----End
Configuring Time Attributes for G.8275.1 Packets
T-BCs exchange Announce, Sync, and Delay or Pdelay packets to send time
information and maintain G.8275.1 connections. You can set the interval at which
a G.8275.1 interface sends Announce, Sync, and Delay or Pdelay packets and the
maximum number of Announce packet timeouts. Using the default time attribute
values is recommended.
Context
Perform the following operations on the T-BC:
Procedure
● Configure time attributes for Announce packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp announce-interval announce-interval
The interval at which the interface sends Announce packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to announce-interval
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 280
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Remote timeout period of receiving Announce packets = Remotely
configured receipt-timeout x Local interval at which Announce packets
are sent
d. Run ptp announce receipt-timeout receipt-timeout
The maximum number of Announce packets that the interface fails to
receive is set. If the interface fails to consecutively receive the specified
maximum number of Announce packets, the interface enters the Master
state.
Local timeout period of receiving Announce packets = Locally configured
receipt-timeout x Remote interval at which Announce packets are sent
e. Run commit
The configuration is committed.
● Configure time attributes for Sync packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp sync-interval sync-interval
The interval at which the interface sends Sync packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to sync-interval
d. Run commit
The configuration is committed.
● Configure time attributes for Delay or Pdelay packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp min-delayreq-interval min-delayreq-interval
The interval at which the interface sends Delay_Req packets is set. The
following formula applies: Interval = 2n x 1/1024s, where n equals to min-
delayreq-interval.
The default min-delayreq-interval value is 6, which means that an
interface sends a Delay_Req every 64/1024s.
d. Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 281
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring Encapsulation Modes for G.8275.1 Packets
You can configure destination MAC addresses of packets according to the actual
networking.
Prerequisites
G.8275.1 packets can be encapsulated only in Layer 2 multicast MAC
encapsulation mode.
NOTE
In G.8275.1 mode, the ptp mac-egress command does not support setting of VLAN
parameters.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run ptp mac-egress destination-mac destination-mac
The G.8275.1 packets to be sent from the interface are encapsulated in multicast
MAC encapsulation mode, and a destination multicast MAC address is configured.
Step 4 Run commit
The configuration is committed.
----End
Verifying the G.8275.1 Configuration
After configuring the G.8275.1 function, verify the configuration.
Procedure
● Run the display ptp all [ state | config ] command to view the time
synchronization status and configurations of device operation.
● Run the display ptp interface interface-type interface-number command to
view the time synchronization information on a device interface.
----End
1.1.8.3.4 Configuration Examples for G.8275.1
This section provides G.8275.1 configuration examples, including the networking
requirements, precautions, and configuration roadmap.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 282
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Example for Configuring the Multicast MAC Encapsulation Mode for G.8275.1
Packets to Achieve Network-wide Time Synchronization
Networking Requirements
G.8275.1 can be used as a time synchronization protocol to transmit time signals
of the BITS server on the entire network so that network-wide time
synchronization can be achieved for base stations.
On the network shown in Example for Configuring the Multicast MAC
Encapsulation Mode for G.8275.1 Packets to Achieve Network-wide Time
Synchronization, the transport network carries the wireless services between
gNodeBs, and all transport network nodes support G.8275.1. To ensure time
synchronization between G.8275.1-capable base stations and transport network
devices, you can configure G.8275.1 and time can be configured use network-wide
T-BCs to transmit time information.
Figure 1-84 Configuring the multicast MAC encapsulation mode for G.8275.1
packets to achieve network-wide time synchronization
NOTE
Interfaces 1 through 3 in this example represent GE 0/1/0, GE 0/1/1, and GE 0/1/2,
respectively.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 283
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Connect PE1 and PE2 to BITS servers.
2. Configure PE1, PE2, Device1, and Device2 as T-BCs to implement network-
wide time synchronization.
3. Configure synchronous Ethernet to implement frequency synchronization for a
higher synchronization precision.
4. Enable performance monitoring on the passive interfaces of Device1 and
Device2.
5. To prevent reverse synchronization of clock signals, disable Interface 1 on PE1
and PE2 and Interface 2 on Device1 and Device2 from working in the slave
state.
NOTE
Configure devices to use the default multicast MAC encapsulation mode to transmit G.
8275.1 packets.
Data Preparation
N/A
Procedure
Step 1 Configure PE1 and PE2 to import BITS clock signals through their clock interfaces.
The configuration details are not provided here.
Step 2 Configure PE1, PE2, Device1, and Device2 as T-BCs.
1. Configure PE1.
[*PE1] ptp enable
[*PE1] ptp profile g-8275-1 enable
[*PE1] ptp device-type t-bc
[*PE1] commit
[~PE1] interface gigabitethernet 0/1/0
[~PE1-GigabitEthernet0/1/0] ptp enable
[*PE1-GigabitEthernet0/1/0] clock synchronization enable
[*PE1-GigabitEthernet0/1/0] commit
[~PE1-GigabitEthernet0/1/0] quit
2. Configure PE2.
[*PE2] ptp enable
[*PE2] ptp profile g-8275-1 enable
[*PE2] ptp device-type t-bc
[*PE2] commit
[~PE2] interface gigabitethernet 0/1/0
[~PE2-GigabitEthernet0/1/0] ptp enable
[*PE2-GigabitEthernet0/1/0] clock synchronization enable
[*PE2-GigabitEthernet0/1/0] commit
[~PE2-GigabitEthernet0/1/0] quit
3. Configure Device1.
[*Device1] ptp enable
[*Device1] ptp profile g-8275-1 enable
[*Device1] ptp device-type t-bc
[*Device1] ptp passive-measure enable
[*Device1] commit
[~Device1] interface gigabitethernet 0/1/0
[~Device1-GigabitEthernet0/1/0] ptp enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 284
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*Device1-GigabitEthernet0/1/0] ptp notslave disable
[*Device1-GigabitEthernet0/1/0] clock synchronization enable
[*Device1-GigabitEthernet0/1/0] clock priority 10
[*Device1-GigabitEthernet0/1/0] commit
[~Device1-GigabitEthernet0/1/0] quit
[~Device1] interface gigabitethernet 0/1/1
[~Device1-GigabitEthernet0/1/1] ptp enable
[*Device1-GigabitEthernet0/1/1] clock synchronization enable
[*Device1-GigabitEthernet0/1/1] commit
[~Device1-GigabitEthernet0/1/1] quit
[~Device1] interface gigabitethernet 0/1/2
[~Device1-GigabitEthernet0/1/2] ptp enable
[*Device1-GigabitEthernet0/1/2] ptp notslave disable
[*Device1-GigabitEthernet0/1/2] clock synchronization enable
[*Device1-GigabitEthernet0/1/2] clock priority 20
[*Device1-GigabitEthernet0/1/2] commit
[~Device1-GigabitEthernet0/1/2] quit
4. Configure Device2.
[*Device2] ptp enable
[*Device2] ptp profile g-8275-1 enable
[*Device2] ptp device-type t-bc
[*Device2] ptp passive-measure enable
[*Device2] commit
[~Device2] interface gigabitethernet 0/1/0
[~Device2-GigabitEthernet0/1/0] ptp enable
[*Device2-GigabitEthernet0/1/0] ptp notslave disable
[*Device2-GigabitEthernet0/1/0] clock synchronization enable
[*Device2-GigabitEthernet0/1/0] clock priority 10
[*Device2-GigabitEthernet0/1/0] commit
[~Device2-GigabitEthernet0/1/0] quit
[~Device2] interface gigabitethernet 0/1/1
[~Device2-GigabitEthernet0/1/1] ptp enable
[*Device2-GigabitEthernet0/1/1] clock synchronization enable
[*Device2-GigabitEthernet0/1/1] commit
[~Device2-GigabitEthernet0/1/1] quit
[~Device2] interface gigabitethernet 0/1/2
[~Device2-GigabitEthernet0/1/2] ptp enable
[*Device2-GigabitEthernet0/1/2] ptp notslave disable
[*Device2-GigabitEthernet0/1/2] clock synchronization enable
[*Device2-GigabitEthernet0/1/2] clock priority 20
[*Device2-GigabitEthernet0/1/2] commit
[~Device2-GigabitEthernet0/1/2] quit
Step 3 Configure base stations to receive G.8275.1 packets from Device1 and Device2.
The configuration details are not provided here.
Step 4 Verify the configuration.
After completing the configurations, run the display ptp all command to check
the running status of G.8275.1. The following example uses the command output
on Device1. The command output shows that the G.8275.1 interface GE 0/1/0 on
Device1 is working in the Slave state, the grandmaster clock ID is
0a05d7fffe341500, and the parent clock ID is 0a05d7fffe341500. Device1 has
synchronized with the master clock source.
[~Device1] display ptp all
Device config info
------------------------------------------------------------------------------
PTP state :enabled Domain value :24
Slave only :- Device type :T-BC
Set port state :- Local clock ID :0aa1c6fffe699700
Acl :no Virtual clock ID :no
Acr :- Time lock success :yes
Asymmetry measure :disable Passive measure :enable
PTP profile :G.8275.1 V2.0
Send GM WTR :no
BMC run info
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 285
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
------------------------------------------------------------------------------
Grand clock ID :0a05d7fffe341500
Receive number :GigabitEthernet0/1/0
Parent clock ID :0a05d7fffe341500
Parent portnumber :35585
Priority1 :128 Priority2 :128
Step removed :0 Clock accuracy :0xfe
Clock class :6 Time Source :0xa0
UTC Offset :35 UTC Offset Valid :True
Timescale :PTP Time traceable :True
Leap :None Frequency traceable :True
Offset scaled :0xffff Sync uncertain :True
Port info
Name State Delay-mech Ann-timeout Type
Domain
------------------------------------------------------------------------------
GigabitEthernet0/1/0 slave delay 3 T-BC 24
Time Performance Statistics(ns): Slot X Card X Port X
------------------------------------------------------------------------------
Realtime(T2-T1) :1104 Pathdelay :0
Max(T2-T1) :1110
Min(T2-T1) :1100
Clock source info
Clock Pri Pri2 Accuracy Class TimeSrc Signal Switch Direction In-Status
------------------------------------------------------------------------------
local 128 128 0xFE 248 0xa0 - - - -
bits1/11 128 128 0x20 6 0x20 1pps off in/- normal
bits1/12 128 128 0x20 6 0x20 1pps off in/- normal
----End
Configuration Files
● PE1 configuration file
#
sysname PE1
#
ptp enable
ptp profile g-8275-1 enable
ptp device-type t-bc
#
interface GigabitEthernet0/1/0
undo shutdown
clock synchronization enable
ptp enable
#
return
● PE2 configuration file
#
sysname PE2
#
ptp enable
ptp profile g-8275-1 enable
ptp device-type t-bc
#
interface GigabitEthernet0/1/0
undo shutdown
clock synchronization enable
ptp enable
#
return
● Device1 configuration file
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 286
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
sysname Device1
#
ptp enable
ptp profile g-8275-1 enable
ptp device-type t-bc
ptp passive-measure enable
#
interface GigabitEthernet0/1/0
undo shutdown
ptp notslave disable
clock synchronization enable
clock priority 10
ptp enable
#
interface GigabitEthernet0/1/1
undo shutdown
clock synchronization enable
ptp enable
#
interface GigabitEthernet0/1/2
undo shutdown
ptp notslave disable
clock synchronization enable
clock priority 20
ptp enable
#
return
● Device2 configuration file
#
sysname Device2
#
ptp enable
ptp profile g-8275-1 enable
ptp device-type t-bc
ptp passive-measure enable
#
interface GigabitEthernet0/1/0
undo shutdown
ptp notslave disable
clock synchronization enable
clock priority 10
ptp enable
#
interface GigabitEthernet0/1/1
undo shutdown
clock synchronization enable
ptp enable
#
interface GigabitEthernet0/1/2
undo shutdown
ptp notslave disable
clock synchronization enable
clock priority 20
ptp enable
#
return
1.1.8.4 SMPTE-2059-2 Configuration
SMPTE-2059-2 defines how different devices transmit clock information on a
communication network through SMPTE-2059-2 packets. This section describes
the fundamentals and configuration procedure of SMPTE-2059-2.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 287
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.8.4.1 Overview of SMPTE-2059-2
SMPTE-2059-2 is an IEEE 1588-based standard that allows time synchronization of
video devices over an IP network.
The SMPTE-2059-2 protocol provides acceptable lock time, jitter, and precision.
1.1.8.4.2 Configuration Precautions for SMPTE-2059-2
Feature Requirements
None
1.1.8.4.3 Configuring SMPTE-2059-2
This section describes how to configure SMPTE-2059-2. An SMPTE-2059-2
network typically uses the BMC algorithm to dynamically establish the master-
slave hierarchy. For different types of devices on an SMPTE-2059-2, the
corresponding functions need to be configured.
Usage Scenario
The first step of establishing an SMPTE-2059-2 network is to import time signals
from an external BITS clock source. The BMC algorithm can be used to select the
grandmaster clock and master clock from SMPTE-2059-2 devices. Alternatively,
the grandmaster clock and master clock can be manually configured. On a
dynamic SMPTE-2059-2 network, clock source selection is implemented by
comparing priorities to ensure the precision of clock signals to the maximum
extent.
Pre-configuration Tasks
● Set physical parameters of interfaces so that the interfaces are physically Up.
● Run the license active file-name command to activate the clock
synchronization license file on the main control board. If the clock
synchronization license file is not loaded, the ptp enable command is not
allowed to be configured.
Importing Time Signals from an External BITS Source
On an SMPTE-2059-2 network, time signals are typically imported from an
external building integrated timing supply system (BITS) source. Multiple routers
can be configured to import time signals from an external BITS source before the
grandmaster clock is determined.
Context
A BITS source provides reference time signals. If dynamic best master clock (BMC)
selection is used, multiple SMPTE-2059-2 devices can be configured to import BITS
signals so that all these SMPTE-2059-2 devices can participate in BMC selection
for the determination of the grandmaster clock. The grandmaster clock provides
time signals for the entire SMPTE-2059-2 network, and other network devices use
the SMPTE-2059-2 protocol to obtain clock synchronization information from the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 288
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
grandmaster clock. Perform the following steps on each router connected to an
external BITS source on an SMPTE-2059-2 network:
Perform the following steps on each router connected to an external BITS source
on an SMPTE-2059-2 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Select the type of the input time signal.
Importing time signals from the 1PPS BITS1 interface is used as an example.
clock bits-type bits1 1pps input
The actual number of BITS interfaces and their IDs depend on the hardware
configuration. For details about clock interfaces, see Hardware Description.
Generally, BITS0 provides frequency signals for physical clock synchronization and
corresponds to CLK or CLK/TOD0 on the interface panel; BITS1 provides time
signals and corresponds to TOD or CLK/TOD1 on the interface panel. If there is
only one CLK/TOD interface on a device, the device can provide the BITS0 and
BITS1 interfaces through a one-to-two cable.
Step 3 Configure the device to participate in BMC selection using BITS signals.
BITS1 signals are used as an example.
ptp clock-source bits1 on
Step 4 (Optional) Configure the correction time for the delay in sending and receiving
time signals on a BITS interface.
The BITS1 interface is used as an example.
ptp clock-source bits1 { receive-delay receive-delay-value | send-delay send-delay-value }
Step 5 Run commit
The configuration is committed.
----End
Configuring Clock Source Attributes for Dynamic BMC Selection
After multiple SMPTE-2059-2 devices are configured with BITS signal input, clock
source attributes can be configured on these devices to allow them to participate
in BMC selection. The local clock of an SMPTE-2059-2 device can also participate
in BMC selection. The BMC algorithm (BMCA) helps SMPTE-2059-2 devices
dynamically determine the grandmaster clock which provides time signals for the
entire SMPTE-2059-2 network. SMPTE-2059-2 devices can obtain clock
synchronization information from the grandmaster clock through the
SMPTE-2059-2 protocol.
Context
When an SMPTE-2059-2-enabled router uses the BMCA to dynamically select a
clock source, the router compares the following parameters in sequence: priority1
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 289
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
> clock-class > clock-accuracy > priority2. That is, the router preferentially
compares priority1 of clock sources. The clock source with the largest value of
priority1 is selected as the grandmaster clock. If the priority1 values are the
same, the router then compares clock-class.
Perform the following steps on each router connected to an external BITS source
on an SMPTE-2059-2 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure the type of the clock source to be traced.
The local clock and BITS1 signals are used as an example. The actual number of
BITS interfaces and their IDs depend on the hardware configuration.
ptp clock-source { local time-source time-source-value | bits1 time-source time-source-value }
NOTE
This command applies only to the grandmaster. The parameter settings vary according to
the type of the clock source. For the mapping between time-source-value and the clock
source type, see ptp clock-source in the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M Command Reference.
Step 3 Run ptp clock-source { local clock-accuracy clock-accuracy-value | bits1 clock-
accuracy clock-accuracy-value }
The clock accuracy of the clock source is configured.
For the mapping between clock-accuracy-value and the clock accuracy, see ptp
clock-source in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M
Command Reference.
Step 4 Run ptp clock-source { local clock-class clock-class-value | bits1 clock-accuracy
clock-class-value }
The clock class of the clock source is configured.
For the mapping between clock-class-value and the clock source level, see ptp
clock-source in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M
Command Reference.
If the value of clock-class-value is less than 128, the device cannot function as a
slave clock.
Step 5 Run ptp clock-source { local priority1 priority1-value | bits1 priority1 priority1-
value }
The priority1 of the clock source is configured.
Step 6 Run ptp clock-source { local priority2 priority2-value | bits1 priority2 priority2-
value }
The priority2 of the clock source is configured.
Step 7 (Optional) Run ptp clock-source bits1 grandmaster-clockid grandmaster-
clockid-value
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 290
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The grandmaster clock ID of the clock source is configured.
Step 8 (Optional) Run ptp clock-source bits1 offsetscaled-logvariance
The stability of the clock source is configured.
Step 9 Run commit
The configuration is committed.
----End
Enabling SMPTE-2059-2 Globally
To enable SMPTE-2059-2, you need to configure SMPTE-2059-2 in both the
system view and interface view. After SMPTE-2059-2 is enabled in the system
view, you need to configure basic device information, such as the domain value
and virtual clock ID, required for setup of an SMPTE-2059-2 network.
Procedure
● Perform the following steps on each OC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp profile smpte-2059-2 enable
SMPTE-2059-2 is enabled.
d. Run ptp device-type oc
The device type is set to OC.
e. (Optional) Run ptp slaveonly
The OC is configured to work in slave-only mode.
A device that functions as an OC to synchronize time signals with other
devices can be configured to work in slave-only mode. The OC working in
slave-only mode has its interfaces in the slave state. This means that the
OC can function as a slave clock to receive clock signals from other
clocks, but cannot function as a master clock to provide clock signals for
other clocks.
f. Run ptp domain domain-value
The clock domain where the SMPTE-2059-2 device resides is specified.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 291
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
Devices that exchange SMPTE-2059-2 packets to implement time synchronization
must reside in the same SMPTE-2059-2 clock domain.
g. (Optional) Run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source.
Run the ptp ptsf auto-recovery-time time-value command to specify the
PTSF automatic recovery time. When this specified time elapses, the
device automatically switches back to the original clock source. By
default, the PTSF automatic recovery time is 0 minutes. That is, this
function is disabled.
Run the ptp ptsf enhanced-mode command to enable the PTSF
enhanced mode. After the PTSF enhanced mode is enabled, the system
automatically checks whether the clock source fault is rectified. If the
fault is rectified, the system clears the corresponding alarm, and the
recovered clock source re-participates in BMC source selection. By default,
the PTSF enhanced mode is disabled.
h. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
i. Run commit
The configuration is committed.
● Perform the following steps on each BC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp profile smpte-2059-2 enable
SMPTE-2059-2 is enabled.
d. Run ptp device-type bc
The device type is set to BC.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 292
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
e. Run ptp domain domain-value
The clock domain where the SMPTE-2059-2 device resides is specified.
NOTE
Devices that exchange SMPTE-2059-2 packets to implement time synchronization
must reside in the same SMPTE-2059-2 clock domain.
f. (Optional) Run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source.
Run the ptp ptsf auto-recovery-time time-value command to specify the
PTSF automatic recovery time. When this specified time elapses, the
device automatically switches back to the original clock source. By
default, the PTSF automatic recovery time is 0 minutes. That is, this
function is disabled.
Run the ptp ptsf enhanced-mode command to enable the PTSF
enhanced mode. After the PTSF enhanced mode is enabled, the system
automatically checks whether the clock source fault is rectified. If the
fault is rectified, the system clears the corresponding alarm, and the
recovered clock source re-participates in BMC source selection. By default,
the PTSF enhanced mode is disabled.
g. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
h. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over an SMPTE-2059-2 ring network
is enabled on the device.
i. (Optional) Run ptp max-steps-removed max-steps-removed-value
The maximum number of hops for time synchronization is specified.
A clock source is considered unavailable if the value of stepsRemoved in
the received Announce messages is greater than or equal to max-steps-
removed-value.
j. Run commit
The configuration is committed.
● Perform the following steps on each TC or TCOC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 293
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp profile smpte-2059-2 enable
SMPTE-2059-2 is enabled.
d. Run ptp device-type { e2etc | e2etcoc | p2ptc | p2ptcoc }
The SMPTE-2059-2 device is configured as a TC or TCOC.
NOTE
A TCOC is considered as a special TC. In addition to the functions of a TC, a TCOC
can also perform frequency synchronization through SMPTE-2059-2.
e. Run ptp domain domain-value
The clock domain where the SMPTE-2059-2 device resides is specified.
NOTE
Devices that exchange SMPTE-2059-2 packets to implement time synchronization
must reside in the same SMPTE-2059-2 clock domain.
f. (Optional) Run ptp source-switch ptsf enable
The PTSF-triggered source switching function is enabled.
After this function is enabled, if the current time source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid time source. After the time source
fault is rectified, run the ptp source-switch ptsf recover command in the
interface view to restore the original time source. To restore the original
time source after a specified period of time, run the ptp ptsf auto-
recovery-time time-value command to set the PTSF automatic recovery
time. By default, the PTSF automatic recovery time is 0 minutes. That is,
this function is disabled.
g. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
h. Run commit
The configuration is committed.
● Perform the following steps on each TCandBC:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you
can run the ptp uhpc enable command to improve the precision of time
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 294
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
synchronization. To view the capabilities supported by the corresponding
port, run the display ptp interface { interface-name | interface-type
interface-number } command.
c. Run ptp profile smpte-2059-2 enable
SMPTE-2059-2 is enabled.
d. Run ptp device-type tcandbc
The device type is set to TCandBC.
e. Run ptp domain domain-value
The clock domain where the SMPTE-2059-2 device resides is specified.
NOTE
Devices that exchange SMPTE-2059-2 packets to implement time synchronization
must reside in the same SMPTE-2059-2 clock domain.
f. (Optional) Run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, if the current clock source has an offset
change of greater than 1.1 µs for three consecutive seconds or
encounters a signal failure due to the loss of Sync packets, the device
automatically switches to another valid clock source. After the clock
source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to switch back to the original clock
source.
Run the ptp ptsf auto-recovery-time time-value command to specify the
PTSF automatic recovery time. When this specified time elapses, the
device automatically switches back to the original clock source. By
default, the PTSF automatic recovery time is 0 minutes. That is, this
function is disabled.
Run the ptp ptsf enhanced-mode command to enable the PTSF
enhanced mode. After the PTSF enhanced mode is enabled, the system
automatically checks whether the clock source fault is rectified. If the
fault is rectified, the system clears the corresponding alarm, and the
recovered clock source re-participates in BMC source selection. By default,
the PTSF enhanced mode is disabled.
g. (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
h. (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement over an SMPTE-2059-2 ring network
is enabled on the device.
i. Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 295
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
(Optional) Configuring Access Control for SMPTE-2059-2 Clock Sources
This section describes how to configure access control for SNMPTE-2059-2 clock
sources. On a large SMPTE-2059-2 clock synchronization network, lots of devices
may participate in dynamic clock source selection. In this case, a malicious clock
attack or configuration error may cause clock flapping on the entire network. You
can enable the control access for SMPTE-2059-2 clock sources so that the system
selects a clock source within a specified range.
Context
Perform the following steps on an OC, a BC, or a TCandBC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp acl enable
The access control function is enabled for SMPTE-2059-2 clock sources.
Step 3 Run ptp acl-permit-clockid clockid-value
A clock ID is configured for an SMPTE-2059-2 device that is allowed to participate
in local BMC selection.
Step 4 Run commit
The configuration is committed.
----End
(Optional) Monitoring the Performance of a Passive Interface
This section describes how to monitor the performance of a passive interface.
After an SMPTE-2059-2 network achieves stable time synchronization, monitor the
offset between the master and slave clocks on the passive interface.
Prerequisites
Determining a passive interface: Run the display ptp all command output. If the
value of State in Port info of the command output is passive, the interface is a
passive interface.
Context
A passive interface does not trace or advertise time information. If a device has
multiple master SMPTE-2059-2 interfaces in the same clock domain, the device
selects the interface with the highest priority as the master clock. The interface
connected to the master clock is the slave clock. In this case, other local interfaces
are in the passive state and provide backup for the slave interface. Passive
interfaces can send Pdelay_Req, Pdelay_Resp, delay_Resp_Follow_Up, signaling,
and management response messages.
A passive interface can be selected as a slave clock or a master clock to participate
in time synchronization after a clock source changes. Monitoring the passive
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 296
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
interface before a clock source changes helps keep stable time signals on an
SMPTE-2059-2 network.
After the router stably synchronizes time signals with a clock source, the router
can monitor the performance of its passive interface. The router checks the offset
between the master and slave clocks on the passive interface every 300s. If the
offset is greater than a configured alarm threshold, the router sends an alarm
named hwPtpPassiveFiberLengthChange to NMS.
Perform the following steps on a BC or a TCandBC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp passive-measure enable
The performance monitoring function is enabled for the passive interface on the
SMPTE-2059-2 device.
Step 3 Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold is configured for the offset of the passive interface on the
SMPTE-2059-2 device.
Step 4 Run commit
The configuration is committed.
----End
Enabling SMPTE-2059-2 on an Interface
This section describes how to enable SMPTE-2059-2 on an interface.
SMPTE-2059-2 needs to be enabled in both the system view and interface view.
After being globally enabled in the system view, SMPTE-2059-2 also needs to be
enabled on an interface. The parameters to be set in the interface view include the
link delay measurement mechanism, asymmetric delay correction time, and
timestamping mode.
Context
During SMPTE-2059-2 clock synchronization, an Announce packet is sent to
determine the master-slave hierarchy, where the upstream node that advertises
the synchronization time is the master device and the downstream node that
receives the synchronization time is called the slave device. The master device
sends Sync packets to the slave device to transmit performance parameters of
time signals. In addition, the delay measurement mechanism can be implemented
to ensure the accuracy of time signals.
Perform the following operations on each SMPTE-2059-2 device:
Procedure
● Perform the following steps on an OC:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 297
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured.
NOTE
Two SMPTE-2059-2 interfaces on both ends of a link must use the same delay
measurement mechanism. A delay measurement mechanism inconsistency
causes a communication failure.
d. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
[ dscp dscp ] [ vlan vlan-id [ priority priority-value ] ]
The interface is configured to send SMPTE-2059-2 packets in UDP
encapsulation mode, and the source IP address of UDP-encapsulated
SMPTE-2059-2 packets is configured.
NOTE
Run this command before PTP is enabled on the interface. Otherwise, the IP
address of the management interface is automatically used as the source IP
address of SMPTE-2059-2 packets. To disable the PTP function from the interface,
run the undo ptp udp-egress source-ip command.
e. Run ptp enable
PTP is enabled on the interface.
f. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for the SMPTE-2059-2 packets to
be sent by the interface.
g. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for SMPTE-2059-2 packets.
h. Run commit
The configuration is committed.
● Perform the following steps on a BC:
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 298
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
Two SMPTE-2059-2 interfaces on both ends of a link must use the same delay
measurement mechanism. A delay measurement mechanism inconsistency
causes a communication failure.
d. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
[ dscp dscp ] [ vlan vlan-id [ priority priority-value ] ]
The interface is configured to send SMPTE-2059-2 packets in UDP
encapsulation mode, and the source IP address of UDP-encapsulated
SMPTE-2059-2 packets is configured.
NOTE
Run this command before PTP is enabled on the interface. Otherwise, the IP
address of the management interface is automatically used as the source IP
address of SMPTE-2059-2 packets. To disable the PTP function from the interface,
run the undo ptp udp-egress source-ip command.
e. Run ptp enable
PTP is enabled on the interface.
f. (Optional) Run ptp announce-drop enable
The interface is configured to discard Announce packets.
NOTE
SMPTE-2059-2 devices exchange Announce packets to establish the
synchronization hierarchy. If an interface is configured to discard Announce
packets, the device cannot receive clock synchronization information from other
devices through this interface. This command is typically run on a user-side
SMPTE-2059-2 interface.
g. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for SMPTE-2059-2 packets.
h. (Optional) Run ptp announce-drop enable
The interface is configured to discard Announce packets.
NOTE
SMPTE-2059-2 devices exchange Announce packets to establish the
synchronization hierarchy. If an interface is configured to discard Announce
packets, the device cannot receive clock synchronization information from other
devices through this interface. This command is typically run on a user-side
SMPTE-2059-2 interface.
i. Run commit
The configuration is committed.
● Perform the following steps on a TC:
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 299
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
c. Run ptp asymmetry-correction { positive | negative } correction-value
The asymmetric correction time is set for the SMPTE-2059-2 packets to
be sent by the interface.
d. Run ptp enable
PTP is enabled on the interface.
e. Run ptp clock-step { one-step | two-step }
The timestamping mode is set for the SMPTE-2059-2 packets to be sent
by the interface.
f. Run commit
The configuration is committed.
● Perform the following steps on a TCOC:
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
[ dscp dscp ] [ vlan vlan-id [ priority priority-value ] ]
The interface is configured to send SMPTE-2059-2 packets in UDP
encapsulation mode, and the source IP address of UDP-encapsulated
SMPTE-2059-2 packets is configured.
NOTE
Run this command before PTP is enabled on the interface. Otherwise, the IP
address of the management interface is automatically used as the source IP
address of SMPTE-2059-2 packets. To disable the PTP function from the interface,
run the undo ptp udp-egress source-ip command.
d. Run ptp enable
PTP is enabled on the interface.
e. Run ptp tcoc-clock-id clock-source-id port-num port-num
The clock source traced by a specified interface on the TCOC is
configured.
Unlike a TC, a TCOC has an OC interface to implement frequency
synchronization. The TCOC also has TC interfaces to transparently
transmit SMPTE-2059-2 packets.
This command specifies a clock source that the OC interface on the TCOC
tracks, namely, the master clock interface. The OC interface can then
receive SMPTE-2059-2 packets to synchronize frequencies with the
master clock interface. If this command is not run, each TCOC interface
functions as a TC interface, which only transparently transmits
SMPTE-2059-2 packets instead of restoring frequency.
.
f. Run ptp asymmetry-correction { positive | negative } correction-value
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 300
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The asymmetric correction time is set for the SMPTE-2059-2 packets to
be sent by the interface.
g. Run ptp clock-step { one-step | two-step }
The timestamping mode is set for the SMPTE-2059-2 packets to be sent
by the interface.
h. Run commit
The configuration is committed.
● Perform the following steps on a TCandBC:
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp port-type { bc | tc }
The clock type of the interface is set to TC or BC.
d. In the TC interface view, run: ptp domain domain-value
The clock domain where the interface resides is specified.
NOTE
A BC interface uses the same clock domain ID as that configured in the system
view and therefore does not need to be specifically configured in the interface
view. The clock domain ID of a TC interface needs to be specified in the interface
view.
e. (Optional) Run ptp delay-mechanism { delay | pdelay }
A delay measurement mechanism is configured.
NOTE
Two SMPTE-2059-2 interfaces on both ends of a link must use the same delay
measurement mechanism. A delay measurement mechanism inconsistency
causes a communication failure.
f. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
[ dscp dscp ] [ vlan vlan-id [ priority priority-value ] ]
The interface is configured to send SMPTE-2059-2 packets in UDP
encapsulation mode, and the source IP address of UDP-encapsulated
SMPTE-2059-2 packets is configured.
NOTE
Run this command before PTP is enabled on the interface. Otherwise, the IP
address of the management interface is automatically used as the source IP
address of SMPTE-2059-2 packets. To disable the PTP function from the interface,
run the undo ptp udp-egress source-ip command.
g. Run ptp enable
PTP is enabled on the interface.
h. (Optional) Run ptp announce-drop enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 301
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The interface is configured to discard Announce packets.
NOTE
SMPTE-2059-2 devices exchange Announce packets to establish the
synchronization hierarchy. If an interface is configured to discard Announce
packets, the device cannot receive clock synchronization information from other
devices through this interface. This command is typically run on a user-side
SMPTE-2059-2 interface.
i. (Optional) Run ptp asymmetry-correction { positive | negative }
correction-value
The asymmetric correction time is set for the SMPTE-2059-2 packets to
be sent by the interface.
j. (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode is specified for SMPTE-2059-2 packets.
k. Run commit
The configuration is committed.
----End
(Optional) Configuring Time Attributes for SMPTE-2059-2 Packets
This section describes how to configure time attributes for SMPTE-2059-2 packets.
SMPTE-2059-2 nodes exchange Announce, Sync, and Delay or Pdelay packets to
send time information and maintain SMPTE-2059-2 connections. You can set the
interval at which an SMPTE-2059-2 interface sends Announce, Sync, and Delay or
Pdelay packets and the maximum number of Announce packet timeouts. Using
the default time attribute values is recommended.
Context
During SMPTE-2059-2 clock synchronization, an Announce packet is sent to
determine the master-slave hierarchy, where the upstream node that advertises
the synchronization time is the master device and the downstream node that
receives the synchronization time is called the slave device. The master device
sends Sync packets to the slave device to transmit performance parameters of
time signals. In addition, the delay measurement mechanism can be implemented
to ensure the accuracy of time signals.
If the packet sending interval is too small, devices frequently exchange
SMPTE-2059-2 packets, consuming too many bandwidth resources. If the packet
sending interval is too large, the precision of time synchronization cannot be
guaranteed. Given that the time precision is guaranteed, set the packet sending
interval to a large value.
Perform the following operations on an SMPTE-2059-2 device:
Procedure
● Configure time attributes for Announce packets.
a. Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 302
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp announce-interval announce-interval
The interval at which the interface sends Announce packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to announce-interval.
Remote timeout period of receiving Announce packets = Remotely
configured receipt-timeout x Local interval at which Announce packets
are sent
d. Run ptp announce receipt-timeout receipt-timeout
The maximum number of timeouts for receiving Announce packets is set.
Local timeout period of receiving Announce packets = Locally configured
receipt-timeout x Remote interval at which Announce packets are sent
e. Run commit
The configuration is committed.
● Configure time attributes for Sync packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp sync-interval sync-interval
The interval at which the interface sends Sync packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to sync-interval.
d. Run commit
The configuration is committed.
● Configure time attributes for Delay or Pdelay packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp min-delayreq-interval min-delayreq-interval
The interval at which the interface sends Delay_Req packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to min-delayreq-interval.
d. Run ptp min-pdelayreq-interval min-pdelayreq-interval
The interval at which the interface sends Pdelay_Req packets is set. The
following formula applies:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 303
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Interval = 2n x 1/1024s, where n equals to min-pdelayreq-interval.
e. Run commit
The configuration is committed.
----End
(Optional) Configuring an SMPTE-2059-2 Packet Encapsulation Mode
This section describes how to configure an SMPTEe -2059-2 packet encapsulation
mode. SMPTE-2059-2 packets can be encapsulated into Layer 3 packets for
transmission. Select the encapsulation type based on networking environments
and configure the source and destination IP addresses and transmission priority.
Prerequisites
Before configuring an SMPTE-2059-2 packet encapsulation mode, check the type
of the link over which SMPTE-2059-2 packets are transmitted.
● For Layer 3 link transmission, select the UDP encapsulation mode.
Context
Select an SMPTE-2059-2 packet encapsulation mode based on networking
environments and specify the source IP address, destination IP address, and
transmission priority for SMPTE-2059-2 packets.
Perform the following operations on an SMPTE-2059-2 device:
Procedure
● Configure the UDP encapsulation mode.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp udp-egress source-ip source-ip [ destination-ip destination-ip ]
The interface is configured to use UDP to encapsulate SMPTE-2059-2
packets with the specified source and destination IP addresses.
▪ For unicast UDP encapsulation:
Specify the unicast destination IP address encapsulated in the PTP
packet in the interface view.
▪ For multicast UDP encapsulation:
A default multicast destination IP address is adopted, which means
that the destination-ip destination-ip parameter does not need to
be configured. The following table lists the mapping between default
multicast destination IP addresses and delay measurement
mechanisms.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 304
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-40 Mapping between default multicast destination IP
addresses and delay measurement mechanisms
Packet Type IP Address
Non-peer delay measurement 224.0.1.129
mechanism
Peer delay measurement 224.0.0.107
mechanism
NOTE
If the destination-ip destination-ip parameter is not specified, a multicast IP
address is used by default.
d. Run ptp udp-egress destination-mac destination-mac
The next-hop MAC address is specified for the interface to send
SMPTE-2059-2 packets.
e. Run ptp udp-egress source-ip source-ip [ dscp dscp ]
A DSCP value is set for the interface to send UDP-encapsulated
SMPTE-2059-2 packets.
f. Run ptp udp-egress source-ip source-ip vlan vlan-id [ priority priority ]
A VLAN ID and a priority value are set for the interface to send or receive
UDP-encapsulated SMPTE-2059-2 packets.
For SMPTE-2059-2 services, higher values of dscp and priority minimize
the delay or congestion impact on clock signal recovery. Using the largest
values of dscp and priority is recommended.
g. Run commit
The configuration is committed.
----End
Verifying the SMPTE-2059-2 Configuration
After configuring SMPTE-2059-2 functions, verify the configuration.
Procedure
● Run the display ptp all [ state | config ] command to check the
SMPTE-2059-2 running status and configurations.
● Run the display ptp interface interface-type interface-number command to
check SMPTE-2059-2 information on a specific interface.
----End
1.1.9 CU-106 Configuration
1.1.9.1 CU-106 Configuration
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 305
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.9.1.1 Overview
PTP Clock Types Supported by the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M
CU-106 supports the following types of PTP clocks:
● Telecom grandmaster (T-GM): is a master-only clock that can have one or
more PTP ports. It does not trace other PTP clocks.
● Telecom boundary clock (T-BC): can be either a master clock or a clock
tracing another PTP clock.
● Telecom transparent clock (T-TC): forwards CU-106 packets. T-TCs correct the
forwarding delay in CU-106 packets, instead of synchronizing time with any
port.
● Telecom time slave clock (T-TSC): is a slave-only clock and cannot be used as
a master clock.
Figure 1-85 shows the positions of the T-GM, T-BC, T-TC, and T-TSC on a time
synchronization network.
Figure 1-85 Positions of the T-GM, T-BC, T-TC, and T-TSC on a time
synchronization network
Delay Measurement Mechanism Supported by the NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 M
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
delay request-response mechanism. Specifically, the system calculates the time
offset according to the link delay between the master and slave clocks.
Clock Source Tracing Modes Supported by the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M
BMCA
On a CU-106 network, all clocks are deployed in a hierarchical structure according
to the master-slave relationship. The grandmaster clock provides the reference
time and is at the highest stratum level. Such a topology can be automatically
generated through the best master clock algorithm (BMCA).
1.1.9.1.2 Configuration Precautions for CU-106
Feature Requirements
None
1.1.9.1.3 Configuring CU-106
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 306
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Usage Scenario
On the network shown in Figure 1-86, the BITS interface that functions as the T-
GM obtains high-accuracy time information from a global positioning system
(GPS), encapsulates the information into a CU-106 packet, and sends the packet
to the bearer network. A bearer network device that functions as the T-BC
transparently transmits the time information to all devices on the bearer network.
BCs send high-accuracy time information carried in the CU-106 packet to wireless
access devices, such as a gNodeB.
Figure 1-86 CU-106 application over a bearer network
Pre-configuration Tasks
● Set physical parameters of interfaces and ensure that the interfaces are
physically Up.
Configuring a BITS Source as the T-GM
You can configure a building integrated timing supply system (BITS) source as the
telecom grandmaster (T-GM). The T-GM then provides time signals for its
connected transport network T-BCs over Ethernet clock interfaces, allowing the T-
BCs to achieve time synchronization with the T-GM.
Context
For details about the clock source configuration of the T-GM on a BITS source, see
the associated configuration guide.
Configuring Clock Source Attributes for BMC Selection
After multiple T-BCs are configured with the input of BITS signals, clock source
attributes for BMC selection can be configured on the T-BCs to allow the T-BCs to
participate in BMC selection. The local clocks of T-BCs can also be configured to
participate in BMC selection. BMCA can be used to dynamically determine the T-
GM. The T-GM provides time signals for the entire CU-106 network. T-BCs use
CU-106 to obtain time synchronization information from the T-GM.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 307
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Perform the following steps on each router that is connected to a BITS source on
the CU-106 network:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp clock-source bits1 grandmaster-clockid grandmaster-clockid-value
The grandmaster clock ID is specified for the BITS source.
NOTE
● clockid-value must be the same as that of the external BITS source. Otherwise, if both
the BITS and PTP clock sources are deployed, the computation of the time
synchronization path will be affected.
● If the clock ID of the external BITS source is changed due to factors such as device
replacement, the value of clockid-value must also be changed accordingly.
Step 3 Run ptp clock-source bits1 clock-accuracy clock-accuracy-value
The accuracy value of the clock source is set.
NOTE
In T-BC mode, the default accuracy value (0xFE) of the local clock source is used.
Step 4 Run ptp clock-source bits1 clock-class clock-class-value
The clock class is set for the BITS source.
NOTE
In T-BC mode, the default clock class is 248. If the clock class of a locked clock is less than 135,
the clock class automatically changes to 165 after the clock is out of lock and this clock class
cannot be configured.
Step 5 Run ptp clock-source local priority2 priority2-value
Priority2 of the local clock source is set.
Step 6 Run ptp clock-source bits1 local-priority local-priority-value
The priority of the local clock source is set.
Step 7 Run ptp clock-sourcelocal time-source time-source-value
The time source of the local clock source is configured.
Step 8 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 308
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Globally Enabling CU-106
To ensure CU-106 for time synchronization, enable CU-106 globally in the system
view and configure basic information on a device, such as the device type (T-BC or
T-TC), domain value, and virtual clock ID.
Context
Perform the following steps on each T-BC and T-TC:
Procedure
Step 1 Run system-view
Step 2 Run ptp enable
PTP is enabled on the device.
If the device hardware supports ultra-high-precision timestamping, you can run
the ptp uhpc enable command to improve the precision of time synchronization.
To view the capabilities supported by the corresponding port, run the display ptp
interface { interface-name | interface-type interface-number } command.
Step 3 Run ptp profile cu-106 enable
CU-106 is enabled on the device.
Step 4 Run ptp device-type t-bc
The device type is set to T-BC or T-TC.
Step 5 (Optional) Run ptp domain domain-value
The domain where the device resides is configured.
NOTE
All the T-BCs that use CU-106 to perform time synchronization must reside in the same
clock domain.
Step 6 (Optional) On the T-BC, run ptp source-switch ptsf enable
The packet timing signal fail (PTSF)-triggered source switching function is
enabled.
After this function is enabled, the device automatically switches to another valid
time source if the current time source has an offset change of greater than 1.1 µs
for three consecutive seconds or the signals fail due to a loss of Sync packets.
After the time source fault is rectified, run the ptp source-switch ptsf recover
command in the interface view to restore the current time source. If you want to
automatically restore the time source after a certain period of time, run the ptp
ptsf auto-recovery-time command to configure the PTSF auto-recovery time. By
default, the PTSF auto-recovery time is 0 minute, that is, the function is disabled.
Step 7 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is configured.
Step 8 (Optional) Configure automatic measurement of fiber asymmetry on the T-BC.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 309
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Run ptp asymmetry-measure enable
The automatic measurement of fiber asymmetry on a ring network is enabled
on the device.
2. Run ptp passive-measure enable
The performance monitoring function is enabled on the passive interface of
the device.
3. Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold is configured for the time offset (time difference between
the master and slave clocks) on the passive interface of the device.
Step 9 Run commit
The configuration is committed.
----End
(Optional) Configuring the Time Synchronization Alarm Function
After the time synchronization alarm function is configured to monitor time
synchronization status information, the alarm information will be reported to the
NMS for further troubleshooting and maintenance.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Configure the time synchronization alarm function as required.
● Run the ptp alarm-threshold clock-class clock-class-value command to
configure the alarm threshold for PTP source input deterioration.
● Run the ptp alarm-threshold standard-time-offset time-offset-value
command to configure the alarm threshold for the PTP source absolute time
reference.
● Run the ptp alarm-threshold time-offset-sum time-offset-sum command to
configure the alarm threshold for the peak value of the accumulated PTP
source time offsets.
Step 3 Run commit
The configuration is committed.
----End
Configuring CU-106 on an Interface
After enabling CU-106 in the system view, you need to enable CU-106 in the
interface view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 310
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Perform the following operations on the T-BC and T-TC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run ptp enable
PTP is enabled on the interface.
Step 4 (Optional) Run ptp local-priority local-priority-value
The local priority of a PTP interface is set.
Step 5 (Optional) Run ptp asymmetry-correction { positive | negative } correction-
value
The asymmetric correction time for sending CU-106 packets on the interface is set.
Step 6 (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode of the synchronization packets sending by the CU-106
port is set.
Step 7 Run commit
The configuration is committed.
----End
Configuring Time Attributes for CU-106 Packets
This section describes how to configure time attributes for CU-106 packets. T-BCs
exchange Announce, Sync, and Delay or Pdelay packets to send time information
and maintain CU-106 connections. You can set the interval at which a CU-106
interface sends Announce, Sync, and Delay or Pdelay packets and the maximum
number of Announce packet timeouts. Using the default time attribute values is
recommended.
Context
Perform the following operations on the T-BC:
Procedure
● Configure time attributes for Announce packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 311
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The interface view is displayed.
c. Run ptp announce-interval announce-interval
The interval at which the interface sends Announce packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to announce-interval
Remote timeout period of receiving Announce packets = Remotely
configured receipt-timeout x Local interval at which Announce packets
are sent
d. Run ptp announce receipt-timeout receipt-timeout
The maximum number of Announce packets that the interface fails to
receive is set. If the interface fails to consecutively receive the specified
maximum number of Announce packets, the interface enters the Master
state.
Local timeout period of receiving Announce packets = Locally configured
receipt-timeout x Remote interval at which Announce packets are sent
e. Run commit
The configuration is committed.
● Configure time attributes for Sync packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp sync-interval sync-interval
The interval at which the interface sends Sync packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to sync-interval
d. Run commit
The configuration is committed.
● Configure time attributes for Delay or Pdelay packets.
a. Run system-view
The system view is displayed.
b. Run interface interface-type interface-number
The interface view is displayed.
c. Run ptp min-delayreq-interval min-delayreq-interval
The interval at which the interface sends Delay_Req packets is set. The
following formula applies:
Interval = 2n x 1/1024s, where n equals to min-delayreq-interval
d. Run commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 312
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The configuration is committed.
----End
Configuring Encapsulation Modes for CU-106 Packets
You can configure destination MAC addresses of packets according to the actual
networking.
Prerequisites
By default, CU-106 packets are encapsulated in MAC encapsulation mode.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run ptp mac-egress destination-mac destination-mac
The CU-106 packets to be sent from the interface is encapsulated in MAC
encapsulation mode, and a destination MAC address is configured.
Step 4 Run commit
The configuration is committed.
----End
Verifying the Configuration of CU-106
After configuring the CU-106 function, verify the configuration.
Procedure
● Run the display ptp all [ state | config ] command to view the time
synchronization status and configurations of device operation.
● Run the display ptp interface interface-type interface-number command to
view the time synchronization information on a device interface.
----End
1.1.10 1588 ACR Configuration
1.1.10.1 1588 ACR Clock Synchronization Description
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 313
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.10.1.1 Overview of 1588 ACR
Definition
The 1588 adaptive clock recovery (ACR) algorithm is used to carry out clock
(frequency) synchronization between the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M and clock servers by exchanging 1588v2 messages over a clock
link that is set up by sending Layer 3 unicast packets.
Unlike 1588v2 that achieves frequency synchronization only when all devices on a
network support 1588v2, 1588 ACR is capable of implementing frequency
synchronization on a network with both 1588v2-aware devices and 1588v2-
unaware devices.
After 1588 ACR is enabled on a server, the server provides 1588 ACR frequency
synchronization services for clients.
NOTE
1588 ACR records PDV performance statistics in the CF card. The performance statistics
indicate the delay and jitter information about packets but not information in the packets.
Purpose
All-IP has become the trend for future networks and services. Therefore,
traditional networks based on the Synchronous Digital Hierarchy (SDH) have to
overcome various constraints before migrating to IP packet-switched networks.
Transmitting Time Division Multiplexing (TDM) services over IP networks presents
a major technological challenge. TDM services are classified into two types: voice
services and clock synchronization services. With the development of VoIP,
technologies of transmitting voice services over an IP network have become
mature and have been extensively used. However, development of technologies of
transmitting clock synchronization services over an IP network is still under way.
1588v2 is a software-based technology that carries out time and frequency
synchronization. To achieve higher accuracy, 1588v2 requires that all devices on a
network support 1588v2; if not, frequency synchronization cannot be achieved.
Derived from 1588v2, 1588 ACR implements frequency synchronization with clock
servers on a network with both 1588v2-aware devices and 1588v2-unaware
devices. Therefore, in the situation where only frequency synchronization is
required, 1588 ACR is more applicable than 1588v2.
Benefits
This feature brings the following benefits to operators:
● Frequency synchronization can be achieved on networks with both 1588v2-
aware and 1588v2-unaware devices, reducing the costs of network
construction.
● Operators can provide more services that can meet subscribers' requirements
for frequency synchronization.
1.1.10.1.2 Understanding 1588 ACR
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 314
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Basic Principles of 1588 ACR
1588 ACR aims to synchronize frequencies of clock clients (clients) with those of
clock servers (servers).
1588 ACR sends Layer 3 unicast packets to establish a clock link between a client
and a server to exchange 1588v2 messages. 1588 ACR obtains a clock offset by
comparing timestamps carried in the 1588v2 messages, which enables the client
to synchronize frequencies with the server.
Process of 1588 ACR Clock Synchronization
1588 ACR implements clock (frequency) synchronization by adjusting time
differences between the time when the server sends 1588v2 messages and the
time when the client receives the 1588v2 messages over a link that is established
after negotiations. The detailed process is described as follows:
1588 ACR clock synchronization is implemented in two modes: one-way mode and
two-way mode.
● One-way mode
Figure 1-87 Clock synchronization in one-way mode
a. The server sends the client 1588v2 messages at t1 and t1' and time-
stamps the messages with t1 and t1'.
b. The client receives the 1588v2 messages at t2 and t2' and time-stamps
the messages with t2 and t2'.
t1 and t1' are the clock time of the server, and t2 and t2' are the clock time of
the client.
By comparing the sending time on the server and the receiving time on the
client, 1588 ACR calculates a frequency offset between the server and client
and then implements frequency synchronization. For example, if the result of
the formula (t2 - t1)/(t2' - t1') is 1, frequencies on the server and client are
the same; if not, the frequency of the client needs to be adjusted so that it is
the same as the frequency of the server.
● Two-way mode
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 315
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-88 Clock synchronization in two-way mode
a. The server clock sends a 1588 sync packet carrying a timestamp t1 to the
client server at t1.
b. The client server receives a 1588 sync packet from the server clock at t2.
c. The client clock sends a 1588 delay_req packet to the server clock at t3.
d. The server clock receives the 1588 delay_req packet from the client clock
at t4, and sends a delay_resp packet to the slave clock.
The same calculation method is used in two-way and one-way modes. t1 and t2
are compared with t3 and t4. A group of data with less jitter is used for
calculation. In the same network conditions, the clock signals with less jitter in one
direction can be traced, which is more precise than clock signal tracing in one
direction. The two-way mode has a better frequency recovery accuracy and higher
reliability than the one-way mode. If adequate bandwidth is provided, using clock
synchronization in two-way mode is recommended for frequency synchronization
when deploying 1588 ACR.
Layer 3 Unicast Negotiation Mechanism
Layer 3 unicast negotiations can be enabled to carry out 1588 ACR frequency
synchronization as required. The principle of Layer 3 unicast negotiations is as
follows:
A client initiates a negotiation with a server in the server list by sending a request
to the server. After receiving the request, the server replies with an authorization
packet, implementing a 2-way handshake. After the handshake is complete, the
client and server exchange Layer 3 unicast packets to set up a clock link, and then
exchange 1588v2 messages over the link to achieve frequency synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 316
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Dual Server Protection Mechanism
1588 ACR supports the configuration of double servers. Dual server protection is
performed as follows:
After triggering a negotiation with one server, a client periodically queries the
negotiation result. If the client detects that the negotiation fails, it automatically
negotiates with another server. Alternatively, if the client successfully synchronizes
with one server and detects that the negotiation status changes due to a server
failure, the client automatically negotiates with another server. This dual server
protection mechanism ensures uninterrupted communications between the server
and the client.
When only one server is configured, the client re-attempts to negotiate with the
server after a negotiation failure. This allows a client to renegotiate with a server
that is only temporarily unavailable in certain situations, such as when the server
fails and then recovers or when the server is restarted.
Duration Mechanism
On a 1588 ACR client, you can configure a duration for Announce, Sync and
delay_resp packets. The duration value is carried in the TLV field of a packet for
negotiating signaling and sent to a server.
Generally, the client sends a packet to renegotiate with the server before the
duration times out so that the server can continue to provide the client with
synchronization services.
If the link connected to the client goes Down or fails, the client cannot renegotiate
with the server. When the duration times out, the server stops sending Sync
packets to the client.
1.1.10.1.3 Application Scenarios for 1588 ACR
Typical Applications of 1588 ACR
On an IP RAN shown in Figure 1-89, gNodeBs need to implement only frequency
synchronization rather than phase synchronization; devices on an MPLS backbone
network do not support 1588v2; the NGC-side device is connected to an IPCLK
server; closed subscriber groups (CSGs) support 1588 ACR.
gNodeB1 transmits wireless services along an E1 link to a CSG, and gNodeB2
transmits wireless services along an Ethernet link to the other CSG.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 317
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-89 Networking diagram of 1588 ACR applications on a network
On the preceding network, CSGs support 1588 ACR and function as clients to
initiate requests for Layer 3 unicast connections to the upstream IPCLK server. The
CSGs then exchange 1588v2 messages with the IPCLK server over the connections,
achieving frequency recovery. BITS1 and BITS2 are configured as clock servers for
the CSGs to provide protection.
One CSG sends line clock signals carrying frequency information to gNodeB1
along an E1 link. The other CSG transmits gNodeB2 frequency information either
along a synchronous Ethernet link or by sending 1588v2 messages. In this manner,
both NodeBs connected to the CSGs can achieve frequency synchronization.
1.1.10.1.4 Terms and Abbreviations for 1588 ACR
Terms
Term Description
Synchronizat On a modern communications network, in most cases, the
ion proper functioning of telecommunications services requires
network clock synchronization, meaning that the frequency
offset or time difference between devices must be kept in an
acceptable range. Network clock synchronization includes
frequency synchronization and time synchronization.
Time Time synchronization, also called phase synchronization, refers to
synchronizat the consistency of both frequencies and phases between signals.
ion This means that the phase offset between signals is always 0.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 318
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Term Description
Frequency Frequency synchronization, also called clock synchronization,
synchronizat refers to a strict relationship between signals based on a
ion constant frequency offset or a constant phase offset, in which
signals are sent or received at the same average rate in a valid
instance. In this manner, all devices on the communications
network operate at the same rate. That is, the phase difference
between signals remains a fixed value.
IEEE 1588v2 1588v2, defined by the Institute of Electrical and Electronics
PTP Engineers (IEEE), is a standard for Precision Clock
Synchronization Protocol for Networked Measurement and
Control Systems. The Precision Time Protocol (PTP) is used for
short.
ITU-T G. G.8265.1 defines the main protocols of 1588 ACR. Therefore, G.
8265.1 8265.1 usually refers to the 1588 ACR feature.
Abbreviations
Abbreviation Full Spelling
PTP Precision Time Protocol
1588v2
BITS Building Integrated Time Supply System
BMC Best Master Clock
ACR Adaptive Clock Recovery
1.1.10.2 1588 ACR Configuration
1.1.10.2.1 Overview of 1588 ACR
Purpose
All-IP has become the trend for future networks and services. Therefore,
traditional networks based on the Synchronous Digital Hierarchy (SDH) have to
overcome various constraints before migrating to IP packet-switched networks.
Transmitting Time Division Multiplexing (TDM) services over IP networks presents
a major technological challenge. TDM services are classified into two types: voice
services and clock synchronization services. With the development of VoIP,
technologies of transmitting voice services over an IP network have become
mature and have been extensively used. However, development of technologies of
transmitting clock synchronization services over an IP network is still under way.
1588v2 is a software-based technology that carries out time and frequency
synchronization. To achieve higher accuracy, 1588v2 requires that all devices on a
network support 1588v2; if not, frequency synchronization cannot be achieved.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 319
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Derived from 1588v2, 1588 ACR implements frequency synchronization with clock
servers on a network with both 1588v2-aware devices and 1588v2-unaware
devices. Therefore, in the situation where only frequency synchronization is
required, 1588 ACR is more applicable than 1588v2.
Definition
The 1588 adaptive clock recovery (ACR) algorithm is used to carry out clock
(frequency) synchronization between the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M and clock servers by exchanging 1588v2 messages over a clock
link that is set up by sending Layer 3 unicast packets.
Unlike 1588v2 that achieves frequency synchronization only when all devices on a
network support 1588v2, 1588 ACR is capable of implementing frequency
synchronization on a network with both 1588v2-aware devices and 1588v2-
unaware devices.
After 1588 ACR is enabled on a server, the server provides 1588 ACR frequency
synchronization services for clients.
NOTE
1588 ACR records PDV performance statistics in the CF card. The performance statistics
indicate the delay and jitter information about packets but not information in the packets.
1.1.10.2.2 Configuration Precautions for 1588 ACR
Feature Requirements
Table 1-41 Feature requirements
Feature Requirements Series Models
1588 ACR is not supported in the port NetEngin NetEngine 8000
extension scenario. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 320
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
1588v2 ACR has the following requirements for NetEngin NetEngine 8000
the intermediate network: e 8000 M M14/NetEngine
1. The PDV of the intermediate network 8000 M14K/
cannot exceed 16 ms. NetEngine 8000
M4/NetEngine
2. When the intermediate network is a packet 8000 M8/
switched network (PSN), the scenarios defined NetEngine 8000
in G.8261 are supported. The packet loss rate is M8K/NetEngine
less than 0.5%, the highest QoS priority is 8000E M14/
used, the number of hops is less than 10 (10 NetEngine 8000E
NEs), and the long-term traffic is less than M8
80% of the total traffic.
3. If the intermediate network is an SDH
network, the SDH network must support VC-4
encapsulation but not VC-12 or VC-3
encapsulation. ACR packets can only be sent
and received across the SDH network once.
4. If the intermediate network is a microwave
network, the microwave is Packet microwave.
TDM microwave is the same as SDH
microwave. The highest QoS priority is used.
The microwave bandwidth must be greater
than 100 Mbit/s, the number of hops must be
less than or equal to two (three NEs), and the
long-term traffic must be less than 80% of the
total traffic.
The 1588 ACR frequency synchronization
performance is affected. Therefore, you are
advised to plan a 1588 ACR clock
synchronization network.
The 1588ACR server and 1588v2 Layer 3 NetEngin NetEngine 8000
unicast encapsulation mode cannot be used e 8000 M M14/NetEngine
together. If the local IP address of 1588 ACR is 8000 M14K/
the same as the destination IP address of NetEngine 8000
1588v2, 1588 ACR packets are processed as M4/NetEngine
1588v2 packets. As a result, 1588 ACR 8000 M8/
negotiation fails. NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.10.2.3 Configuring 1588 ACR in Single-Server Mode
In one 1588 ACR domain, a client initiates a request for negotiation, and
exchanges Layer 3 unicast packets with the server to set up a connection. The
client exchanges 1588v2 packets with the server over the connection to restore
clock information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 321
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Applicable Environment
On the IP RAN shown in Figure 1-90, two PEs are connected by a Layer 3 network
deployed with 1588v2-unaware devices. PE1 attached to an NGC is connected to a
BITS. 1588 ACR-capable PE2 initiates a request for negotiation and exchanges
Layer 3 unicast packets with PE1 to set up a connection. If the connection is
successful, PE2 exchanges 1588v2 packets with PE1 over the connection to
implement clock synchronization.
Figure 1-90 Network diagram of 1588 ACR
Pre-configuration Tasks
Before configuring 1588 ACR in single-server mode, complete the following tasks:
● Configure static routes or an IGP to ensure IP route reachability among nodes.
● Ensure that the clock server has correctly imported clock signals from a BITS.
Configuring the Unicast Negotiation Function for a Client
The unicast negotiation function and parameters for a connection between a
client and a clock server are configured on the router functioning as a 1588 ACR
client.
Context
ACR, which is an adaptive clock recovery technology, allows a 1588 ACR client to
exchange 1588v2 packets with a clock server on a link where a 1588v2-incapable
device resides. After receiving 1588v2 packets, the client uses clock information
carried in the packets to restore clock information.
The 1588 ACR features supported by the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M are as follows:
● 1588 ACR clock synchronization in single-server scenarios
In a 1588 ACR domain, a client establishes a client/server relationship only
with the remote clock server. The client initiates unicast negotiation requests
and obtains 1588v2 packets for clock restoration. If a clock server becomes
faulty, the client does not automatically initiate a connection request to
another clock server.
● 1588 ACR clock synchronization in dual-server scenarios
In a 1588 ACR domain, a client establishes a client/server relationship with
two remote clock servers. The client initiates unicast negotiation requests and
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 322
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
obtains 1588v2 packets for clock restoration. If the master clock server
becomes faulty, the client automatically initiates a connection request to the
slave clock server.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp-adaptive enable
1588 ACR is enabled.
Step 3 Run ptp-adaptive device-type client
The 1588 ACR clock working mode is set to client.
Step 4 (Optional) Run ptp-adaptive frequency profile
The 1588 ACR-enabled device to totally comply with ITU-T G.8265.1 is configured.
After the ptp-adaptive frequency profile command is run, the default domain
value changes to 4. The domain value range changes to 4-23.
Step 5 (Optional) Run ptp-adaptive domain domain-value
A 1588 ACR domain is configured.
NOTE
The client and clock server, which exchange 1588 ACR packets for clock or time
synchronization, must be in one 1588 ACR clock domain.
Step 6 Run ptp-adaptive local-ip ip-address
An IP address is assigned to the client, which is used to initiate a request for
negotiation and send Layer 3 unicast packets.
The clock server's and client's IP addresses uniquely identify a 1588 ACR
connection, which is set up by exchanging Layer 3 unicast packets between a
client and a clock server during negotiation. Configuring a loopback address as the
client's IP address is recommended, not the IP address of the management
network port on the device, helping the clock server direct packets to the client.
Step 7 (Optional) Run ptp-adaptive vpn-instance vpn-name
The VPN instance name carried in 1588v2 packets is specified, which identifies the
VPN instance bound to the server's loopback interface.
Step 8 Run ptp-adaptive { remote-server1-ip | remote-server2-ip } ip-address
The remote clock server list is configured.
If multiple clock servers exist on a network, the router, functioning as a client,
tracks its clock server based on the clock server's IP address. Running this
command twice specifies master and slave clock servers.
If two clock servers are configured, a client initiates connection requests to both
servers. If a connection to a server fails to be established or is disconnected, the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 323
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
client automatically initiates a connection to the other client. The process repeats
until the client is connected to a server.
Step 9 Run ptp-adaptive { acr [ one-way | two-way ] | atr } unicast-negotiate enable
1588 ACR unicast negotiation is enabled on the router and the frequency recovery
mode is configured.
Step 10 Run commit
The configuration is committed.
----End
Configuring the Unicast Negotiation Function for a Server
The unicast negotiation function and parameters for a connection between a
client and a clock server are configured on the router functioning as a 1588 ACR
clock server.
Context
ACR, which is an adaptive clock recovery technology, allows a 1588 ACR client to
exchange 1588v2 packets with a clock server on a link where a 1588v2-incapable
device resides. After receiving 1588v2 packets, the client uses clock information
carried in the packets to restore clock information.
1588 ACR client and 1588v2 (which implements hop-by-hop clock
synchronization) are mutually exclusive. If 1588 ACR is enabled on a 1588v2-
capable device, the 1588v2 configurations on the device no longer take effect. The
1588 ACR server and 1588v2 can be both configured on the device.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp-adaptive enable
1588 ACR is enabled.
Step 3 Run ptp-adaptive device-type server
The 1588 ACR clock working mode is set to server.
Step 4 (Optional) Run ptp-adaptive frequency profile
The 1588 ACR-enabled device to totally comply with ITU-T G.8265.1 is configured.
After the ptp-adaptive frequency profile command is run, the default domain
value changes to 4. The domain value range changes to 4-23.
Step 5 (Optional) Run ptp-adaptive domain domain-value
A 1588 ACR domain is configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 324
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The client and clock server, which exchange 1588 ACR packets for clock synchronization,
must be in one 1588 ACR clock domain.
Step 6 Run ptp-adaptive local-ip ip-address
An IP address is assigned to the clock server.
The clock server's and client's IP addresses uniquely identify a 1588 ACR
connection, which is set up by exchanging Layer 3 unicast packets between a
client and a clock server during negotiation. Configuring a loopback address as the
server's IP address is recommended, helping the clock server direct packets to the
client.
Step 7 (Optional) Run ptp-adaptive vpn-instance vpn-name
The VPN instance name carried in 1588v2 packets is specified, which identifies the
VPN instance bound to the server's loopback interface.
Step 8 Run ptp-adaptive { acr [ one-way | two-way ] | atr } unicast-negotiate enable
The 1588 ACR unicast negotiation on the device is configured.
Step 9 Run commit
The configuration is committed.
----End
(Optional) Adjusting Parameters for Establishing a Unicast Negotiation
Connection
Adjustable parameters include the maximum number of consecutive Announce
packets that the client fails to receive (If the number of unreceived Announce
packets exceeds the threshold, the client determines that the connection to the
server fails), duration of the Sync, Delay_Resp, and Announce packets (After the
duration of a Sync packet, a Delay_Resp packet, or an Announce packet expires,
the client re-establishes the connection with the server), DSCP value (the DSCP
value ensures that 1588v2 packets reach the destination even if a congestion
occurs on the network), and the interval at which the server sends Sync,
Delay_Resp, and Announce packets.
Context
Adjustable parameters on a client are as follows:
● Maximum number of consecutive Delay_Resp packets that the client fails to
receive
● Duration field values in Sync, Delay_Resp and Announce packets
● DSCP value for 1588 ACR packets
● Interval at which Sync, Delay_Resp and Announce packets are sent
Adjustable parameters on a clock server are as follows:
● DSCP value for 1588 ACR packets
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 325
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run ptp-adaptive dscp dscp-value
The DSCP value in 1588 ACR packets is set.
Setting a large DSCP value to ensure that 1588v2 packets reach the destination
even if a congestion occurs on a network. This value is adjustable on both the
client and clock server.
Step 2 Run ptp-adaptive { announce-duration | sync-duration | delay-resp-duration }
duration-value
The duration field value is set for each type of 1588 ACR packet.
Step 3 Run ptp-adaptive request sync-interval interval-value
The interval at which an ACR clock server sends Sync packets is set.
Step 4 Run ptp-adaptive request announce-interval announce-interval-value
The interval at which an ACR clock server sends Announce packets is set.
Step 5 Run ptp-adaptive request delay-resp-interval interval-value
The interval at which the 1588 ACR-enabled server sends Delay_Resp packets is
set.
Step 6 Run ptp-adaptive announce receipt-timeout timeout-time
The allowable maximum number of consecutive Announce packets that the client
fails to receive is set.
Step 7 Run commit
The configuration is committed.
----End
Verifying the Configuration of 1588 ACR
After configuring 1588 ACR on the router, verify the configuration.
Procedure
● When the router functions as a client:
a. Run the display ptp-adaptive all command to check all 1588 ACR
configurations on the client.
b. Run the display ptp-adaptive server [ server-id ] command to check
detailed information about a clock server that is connected to the 1588
ACR enabled client and statistics about packets exchanged between the
client and server.
● When the router functions as a server:
a. Run the display ptp-adaptive all command to check all 1588 ACR
configurations on the server.
b. Run the display ptp-adaptive { all | client [ client-id ] } command to
check detailed information about a clock client that is connected to the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 326
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588 ACR enabled server and statistics about packets exchanged between
the client and server.
----End
1.1.10.2.4 Configuration Examples for 1588 ACR
The configuration roadmap in the examples will help you understand the
configuration procedures. This section provides examples for configuring clock
synchronization.
Example for Configuring 1588 ACR Clock Synchronization in a Single-Server
Scenario
This section describes how to configure 1588 ACR on the router functioning as a
client and the router functioning as a server to restore clock information in a
single-server scenario by using an example.
Networking Requirements
On the IP RAN shown in Figure 1-91, DeviceA functions as a clock server. DeviceC
functions as a client, and sends a 1588 ACR Layer 3 unicast negotiation request to
the server to achieve clock synchronization.
Figure 1-91 Networking diagram of configuring 1588 ACR clock synchronization
in a single-server scenario
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure DeviceA as a server.
2. Configure DeviceC as a client.
3. Adjust Layer 3 unicast negotiation parameters on the server and the client.
4. Configure unicast negotiation on the server and client.
5. On the client, configure a PTP clock reference source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 327
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Data Preparation
To complete the configuration, you need the following data:
● IP address of the server and the IP address of the client
● Interval for sending Sync, Delay_Resp and Announce packets on the server
Procedure
Step 1 Configure DeviceA as a server.
<DeviceA> system-view
[~DeviceA] interface loopback 0
[*DeviceA-Loopback0] ip address 1.1.1.1 32
[*DeviceC-Loopback0] commit
[~DeviceA-Loopback0] quit
[*DeviceA] ptp-adaptive enable
[*DeviceA] ptp-adaptive device-type server
[*DeviceA] ptp-adaptive local-ip 1.1.1.1
[~DeviceA] commit
Step 2 Configure Device C as a client.
<DeviceC> system-view
[~DeviceC] interface loopback 0
[*DeviceC-Loopback0] ip address 2.2.2.2 32
[*DeviceC-Loopback0] commit
[~DeviceC-Loopback0] quit
[*DeviceC] ptp-adaptive enable
[*DeviceC] ptp-adaptive device-type client
[*DeviceC] ptp-adaptive local-ip 2.2.2.2
[*DeviceC] ptp-adaptive remote-server1-ip 1.1.1.1
[~DeviceC] commit
Step 3 Adjust Layer 3 unicast negotiation parameters on the client and the server.
# Configure the client.
[*DeviceC] ptp-adaptive request sync-interval 4
[*DeviceC] ptp-adaptive request announce-interval 12
[*DeviceC] ptp-adaptive request delay-resp-interval 6
[*DeviceC] commit
Step 4 Configure unicast negotiation on the server and client.
# Configure the server.
[*DeviceA] ptp-adaptive acr unicast-negotiate enable
[*DeviceA] commit
# Configure the client.
[*DeviceC] ptp-adaptive acr unicast-negotiate enable
[*DeviceC] commit
Step 5 On the client, configure a PTP clock reference source.
[*DeviceC] clock source ptp synchronization enable
[*DeviceC] clock source ptp priority 1
[*DeviceC] clock source ptp ssm prc
[*DeviceC] commit
Step 6 Verify the configuration.
# Check the 1588 ACR configuration on DeviceC.
<DeviceC> display ptp-adaptive all
Device config info
---------------------------------------------------------------------------
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 328
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Ptp adaptive state :enable Device type :client
Sync mode :frequency Current state :slave
Packet dscp :56 Domain value :0
Announce interval :12 Announce duration :300s
Sync interval :4 Sync duration :300s
Delay_resp interval :6 Delay_resp duration:300s
Announce receipt timeout:3 Acr mode :one-way
Local ip :2.2.2.2 Client board :5
Frequency profile :no
VPN :none
BMCA run info
---------------------------------------------------------------------------
Current trace source :server1
Frequency lock success :yes
Time performance statistics(ns):
------------------------------------------------------------------------
Realtime(T2-T1) :987740873
Max(T2-T1) :987742555
Min(T2-T1) :987423502
Remote server info
---------------------------------------------------------------------------
Ip address Negotiate state Pri1 Class Accuracy Pri2
Server1: 1.1.1.1 Nego success 128 6 0x34 128
Server2:
# Check the 1588 ACR configuration on DeviceA.
<DeviceA> display ptp-adaptive all
Device config info
---------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server
Sync mode :frequency Current state :master
Packet dscp :56 Domain value :0
Local ip :1.1.1.1 Server board :5
Frequency profile :no
VPN :none
Client info
ID Ip Address Clock ID Mode Announce Sync Delay_resp
---------------------------------------------------------------------------
1 0 2.2.2.2 001882fffed48301 one-way 2 -6 none
----End
Configuration Files
● Configuration file of DeviceA
#
sysname DeviceA
#
ptp-adaptive enable
ptp-adaptive device-type server
ptp-adaptive local-ip 1.1.1.1
ptp-adaptive acr unicast-negotiate enable
#
interface Loopback0
ip address 1.1.1.1 255.255.255.255
#
return
● Configuration file of DeviceC
#
sysname DeviceC
#
ptp-adaptive enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 329
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ptp-adaptive device-type client
ptp-adaptive local-ip 2.2.2.2
ptp-adaptive remote-server1-ip 1.1.1.1
ptp-adaptive request sync-interval 4
ptp-adaptive request announce-interval 12
ptp-adaptive request delay-resp-interval 6
ptp-adaptive acr unicast-negotiate enable
clock source ptp synchronization enable
clock source ptp priority 1
clock source ptp ssm prc
#
interface Loopback0
ip address 2.2.2.2 255.255.255.255
#
return
Example for Configuring 1588 ACR Clock Synchronization in a Dual-Server Scenario
In a 1588 ACR domain, a client sets up the client/server relationship with two
remote clock servers that work in the master/slave mode, and sends a unicast
negotiation request to the two clock servers to restore clock information. Once the
master clock server becomes faulty, the client sends a request for establishing a
connection to the slave clock server.
Networking Requirements
As shown in Figure 1-92, Device A and Device B function as clock servers that
work in the master/slave mode. As a client, Device C first sends a 1588 ACR Layer
3 unicast negotiation request to Device A that functions as the master clock server
to obtain clock synchronization information. If the link between DeviceC and
DeviceA goes Down, DeviceC sends a Layer 3 unicast negotiation request to
DeviceB to ensure that its clock is synchronized with that of the clock server.
Figure 1-92 Networking diagram of configuring 1588 ACR clock synchronization
in a dual-server scenario
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 330
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Configure DeviceA as server 1.
2. Configure DeviceB as server 2.
3. Configure DeviceC as a client.
4. Adjust Layer 3 unicast negotiation parameters on the client and the servers.
5. Configure unicast negotiation on servers and the client.
6. On the client, configure a PTP clock reference source.
Data Preparation
To complete the configuration, you need the following data:
● IP addresses of the servers and the IP address of the client
● Interval for sending Sync, Delay_Resp and Announce packets on the servers
Procedure
Step 1 Configure DeviceA as server 1.
<DeviceA> system-view
[~DeviceA] interface loopback 0
[*DeviceA-Loopback0] ip address 1.1.1.1 32
[*DeviceA-Loopback0] commit
[~DeviceA-Loopback0] quit
[*DeviceA] ptp-adaptive enable
[*DeviceA] ptp-adaptive device-type server
[*DeviceA] ptp-adaptive local-ip 1.1.1.1
[*DeviceA] commit
Step 2 Configure DeviceB as server 2.
<DeviceB> system-view
[~DeviceB] interface loopback 0
[*DeviceB-Loopback0] ip address 2.2.2.2 32
[*DeviceB-Loopback0] commit
[~DeviceB-Loopback0] quit
[*DeviceB] ptp-adaptive enable
[*DeviceB] ptp-adaptive device-type server
[*DeviceB] ptp-adaptive local-ip 2.2.2.2
[*DeviceB] commit
Step 3 Configure DeviceC as a client.
<DeviceC> system-view
[~DeviceC] interface loopback 0
[*DeviceC-Loopback0] ip address 3.3.3.3 32
[*DeviceC-Loopback0] commit
[~DeviceC-Loopback0] quit
[*DeviceC] ptp-adaptive enable
[*DeviceC] ptp-adaptive device-type client
[*DeviceC] ptp-adaptive local-ip 3.3.3.3
[*DeviceC] ptp-adaptive remote-server1-ip 1.1.1.1
[*DeviceC] ptp-adaptive remote-server2-ip 2.2.2.2
[*DeviceC] commit
Step 4 Adjust Layer 3 unicast negotiation parameters on the client and the servers.
# Configure the client.
[*DeviceC] ptp-adaptive request sync-interval 4
[*DeviceC] ptp-adaptive request announce-interval 12
[*DeviceC] ptp-adaptive request delay-resp-interval 6
[*DeviceC] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 331
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Configure unicast negotiation on servers and the client.
# Configure server 1.
[*DeviceA] ptp-adaptive acr unicast-negotiate enable
[*DeviceA] commit
# Configure server 2.
[*DeviceB] ptp-adaptive acr unicast-negotiate enable
[*DeviceA] commit
# Configure the client.
[*DeviceC] ptp-adaptive acr unicast-negotiate enable
[*DeviceC] commit
Step 6 On the client, configure a PTP clock reference source.
[*DeviceC] clock source ptp synchronization enable
[*DeviceC] clock source ptp priority 1
[*DeviceC] clock source ptp ssm prc
[*DeviceC] commit
Step 7 Verify the configuration.
# Check the 1588 ACR configuration on DeviceC.
<DeviceC> display ptp-adaptive all
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :client
Sync mode :frequency Current state :slave
Packet dscp :56 Domain value :4
Announce interval :11 Announce duration :300s
Sync interval :3 Sync duration :300s
Delay_resp interval :4 Delay_resp duration:400s
Announce receipt timeout:3 One-way or two-way :one-way
Local ip :3.3.3.3 Profile :frequency
Client board :
VPN :none
BMCA run info
------------------------------------------------------------------------------
Current trace source :server1
Time performance statistics
------------------------------------------------------------------------------
Realtime(T2-T1) :+0s, 23281ns
Max(T2-T1) :+0s, 26277ns
Min(T2-T1) :+0s, 21853ns
Remote server info
------------------------------------------------------------------------------
Ip address Negotiate state SSM Priority PTSF
Server1: 1.1.1.1 Nego success PRC 1 normal
Server2: 2.2.2.2 Nego success PRC 1 normal
# Check the 1588 ACR configuration on the server. Take the display on DeviceA as
an example.
<DeviceA> display ptp-adaptive all
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server
Sync mode :frequency Current state :master
Packet dscp :56 Domain value :4
Local ip :1.1.1.1 Profile :frequency
Server board :
VPN :none
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 332
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Client info
ID Ip Address Clock ID Mode Announce Sync Delay_resp
------------------------------------------------------------------------------
1 500 3.3.3.3 00259efffed1efcf two-way 1 -3 -3
2 489 4.4.4.4 286ed4fffebcdc76 one-way 1 -3 -3
----End
Configuration Files
● Configuration file of DeviceA
#
sysname DeviceA
#
ptp-adaptive enable
ptp-adaptive device-type server
ptp-adaptive local-ip 1.1.1.1
ptp-adaptive acr unicast-negotiate enable
#
interface Loopback0
ip address 1.1.1.1 255.255.255.255
#
return
● Configuration file of DeviceB
#
sysname DeviceB
#
ptp-adaptive enable
ptp-adaptive device-type server
ptp-adaptive local-ip 2.2.2.2
ptp-adaptive acr unicast-negotiate enable
#
interface Loopback0
ip address 2.2.2.2 255.255.255.255
#
return
● Configuration file of DeviceC
#
sysname DeviceC
#
ptp-adaptive enable
ptp-adaptive device-type client
ptp-adaptive local-ip 3.3.3.3
ptp-adaptive remote-server1-ip 1.1.1.1
ptp-adaptive remote-server1-ip 2.2.2.2
ptp-adaptive request sync-interval 4
ptp-adaptive request announce-interval 12
ptp-adaptive request delay-resp-interval 6
ptp-adaptive acr unicast-negotiate enable
clock source ptp synchronization enable
clock source ptp priority 1
clock source ptp ssm prc
#
interface Loopback0
ip address 3.3.3.3 255.255.255.255
#
return
1.1.11 1588 ATR Configuration
1.1.11.1 1588 ATR Description
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 333
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.11.1.1 Overview of 1588 ATR
Definition
1588 Adaptive Time Recovery (1588 ATR) is an adaptive time recovery algorithm
based on PTP. It establishes clock links between routers by sending Layer 3 unicast
packets. Then, PTP packets are exchanged to achieve time synchronization over a
third-party network between devices.
In 1588v2 time synchronization mode, devices on the entire network must support
1588v2 hop by hop. 1588 ATR can be used to implement time synchronization
across devices that do not support 1588v2.
1588 ATR involves the server and client. The server provides 1588 ATR time
synchronization for the client, and the client synchronizes with the server.
When the time server (such as the SSU2000) supports only the 1588v2 unicast
negotiation mode, the client sends a negotiation request to the server, and the
server sends time synchronization packets to the client after the negotiation is
established. The client is configured with the 1588 ATR hop-by-hop mode and
interconnected with the time server to achieve time synchronization in 1588v2
unicast negotiation mode. After that, the client can function as a BC to provide
time synchronization for downstream gNodeBs.
Purpose
1588v2 is a software-based technology used to achieve frequency and time
synchronization and can support hardware assistance to provide greater accuracy.
However, 1588v2 requires support from all devices on the live network.
To address this disadvantage, 1588 ATR is introduced to allow time
synchronization over a third-party network that includes 1588v2-incapable
devices. On the live network, hop-by-hop 1588v2 is preferred for 1588v2-capable
devices, and 1588 ATR is used when 1588v2-incapable devices exist.
Benefits
This feature offers the following benefits to carriers:
● Does not require 1588v2 to be supported by all network devices, reducing
network construction costs.
● Fits for more network applications that meet time synchronization
requirements.
Features Supported
The 1588 ATR features supported by NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 Ms are as follows:
● An NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M that functions
as a 1588 ATR server can synchronize time information with upstream devices
using the BITS source and transmit time information to downstream devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 334
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● An NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M that functions
as a 1588 ATR server can synchronize time information with upstream devices
using 1588v2/G.8275.1 and transmit time information to downstream devices.
● The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M functioning
as a 1588 ATR client supports time synchronization with upstream and
downstream devices in 1588 ATR hop-by-hop mode.
● The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M that
functions as a 1588 ATR client can synchronize time with the upstream device
in 1588 ATR transparent transmission mode and transmit time signals to the
downstream device.
● All the preceding functions are supported if the device functions as both the
server and the client.
NOTE
An NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M can function only as the
1588 ATR server. The following restrictions apply to network deployment:
● When 1588 ATR is used to implement time synchronization over a third-party network,
reduce the packet delay variation (PDV) and the number of devices on the third-party
network as much as possible in order to ensure time synchronization performance on
clients. For details, see performance specifications for clients.
● The server and client communicate with each other through PTP packets which can be
either Layer 3 IP packets or single-VLAN-tagged packets. The PTP packets cannot carry
two VLAN tags or the MPLS label.
● The outbound interface of PTP packets on the server must support 1588v2.
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the 1588 ATR
client. Network deployment has the following restrictions:
● When the 1588 ATR client in hop-by-hop mode is interconnected with the time source
in 1588v2 unicast negotiation mode, the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M must be directly connected to the time source.
1.1.11.1.2 Understanding 1588 ATR
Synchronization Principles of 1588 ATR
1588 ATR is used to deliver time synchronization between clock clients and clock
servers.
Basic principles: 1588 ATR establishes a clock link between a client and a server by
exchanging Layer 3 unicast packets, and obtains the offset between the client and
server clocks by exchanging PTP packets. In this way, the client clock can be
synchronized with the server clock.
Time Synchronization Process of 1588 ATR
1588 ATR time synchronization is implemented based on the time when the server
sends PTP packets to the client and the time when the client receives PTP packets
after negotiation. A specific process is described as follows.
1588 ATR clock synchronization is implemented in two-way mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 335
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-93 Clock synchronization in two-way mode
1. The server sends a Sync packet carrying timestamp t1 to the client.
2. The client receives the Sync packets at timepoint t2.
3. The client clock sends a delay_req packet to the server clock at t3.
4. The server clock receives the delay_req packet from the client clock at t4, and
sends a latency_resp packet to the slave clock.
The round-trip latency of the link between the server and client is (t4-t1)-(t3-t2).
1588 ATR requires the same link latency on two links involved in the same round
trip. Therefore, the offset of the client is [(t2 - t1) -(t4 - t3)]/2, compared to the
time of the server. The client then uses the calculation result to adjust its local
time.
Layer 3 Unicast Negotiation Mechanism
Layer 3 unicast negotiation can be enabled to implement 1588 ATR time
synchronization. The implementation of Layer 3 unicast negotiation is as follows:
A client initiates a negotiation request with a server. The server replies with an
authorization packet to implement handshake. After the handshake succeeds, the
client and server establish a clock link through Layer 3 unicast packets. Then, the
client and server exchange1588 ATR packets to implement time synchronization
over the clock link.
Master/Slave Server Protection Mechanism
1588 ATR supports the master/slave server protection mechanism.
A client supports negotiation with two servers and queries the negotiation result
on a regular basis. If either of the servers fails after time synchronization, the
client discovers the change of the negotiation status and automatically switches
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 336
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
services to the other server. This implementation achieves service protection
between the two servers.
When only one server is configured, the client re-attempts to negotiate with the
server after a negotiation failure. This allows a client to renegotiate with a server
that is only temporarily unavailable in certain situations, such as when the server
fails and then recovers or when the server is restarted.
Duration Mechanism
A 1588 ATR client supports the duration specified in Announce, Sync, and delay
resp packets. The duration can be placed to the TLV field in Signaling packets
before they are sent to the server.
In normal situations, a client initiates a re-negotiation to a server before the
duration expires so that the server can continue providing synchronization with
the client.
If a client or its link becomes Down, it cannot initiate a re-negotiation. After the
duration collapses, the server does not send synchronization packets to the client
anymore.
Per-hop BC + Server
Servers can synchronize time synchronization with upstream devices and send the
time source information to downstream clients through the server.
Figure 1-94 1588 ATR time synchronization
1.1.11.1.3 Applications of 1588 ATR
1588 ATR establishes a clock link between a client and a server by exchanging
Layer 3 unicast packets, and obtains the offset between the client and server
clocks by exchanging PTP packets. In this way, the client clock can be synchronized
with the server clock.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 337
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588 ATR Time Synchronization Through Transparent Transmission
Figure 1-95 1588 ATR time synchronization through transparent transmission
Scenario Description
● On an IP RAN, time synchronization is required between gNodeBs.
● Third-party networks (such as microwave and switch networks) do not
support 1588v2 time synchronization.
Solution Description
● Configure 1588 ATR or an external Atom GPS timing module on the client to
implement time synchronization across third-party networks. BCs support the
1588 ATR server function. After synchronizing time with an upstream device, a
BC can function as an ATR server to provide the time synchronization service
for downstream gNodeBs. A client can receive time synchronization
information through the ATOM GPS timing module or implement 1588 ATR
time synchronization through transparent transmission.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 338
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Hop-by-Hop 1588 ATR Time Synchronization
Figure 1-96 Hop-by-hop 1588 ATR time synchronization
Scenario Description
● Time synchronization is required between gNodeBs and the time server.
● The time server (for example, the SSU2000) only supports the 1588v2 unicast
negotiation mode.
● A client first sends a negotiation request to the server, which sends time
synchronization packets back to the client only after the negotiation
relationship is established.
Solution Description
● The client is configured with the 1588 ATR hop-by-hop mode and
interconnected with the time server to achieve time synchronization in 1588v2
unicast negotiation mode. After that, the client can function as a BC to
provide time synchronization for downstream gNodeBs.
Lightweight Time Synchronization
Figure 1-97 Lightweight time synchronization
Scenario Description
● Time synchronization is required between gNodeBs and the time server.
● Several devices on the network do not support 1588v2 time synchronization.
Solution Description
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 339
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● With a lightweight clock deployed, lightweight time synchronization
implements automatic identification and switching within a device, lowering
the requirements for time synchronization precision. The system preferentially
uses hop-by-hop 1588v2 time synchronization in In-situ Flow Information
Telemetry (IFIT) delay measurement scenarios. Hop-by-hop 1588v2 time
synchronization requires that all devices on the network support 1588v2 in
order to achieve latency measurement in the sub-microsecond range. If some
devices on the network do not support 1588v2, you can enable lightweight
and sub-millisecond-level time synchronization on downstream devices to
achieve latency measurement in the sub-millisecond range.
NOTE
Lightweight clocks do not need to be configured in non-iFIT scenarios as doing so will
impact time synchronization precision.
Lightweight clocks cannot be used in mobile transport scenarios, because lightweight
time synchronization cannot meet base station performance requirements.
Server-and-Client Mode
If the time node where the high-precision time source resides and the router close
to base stations belong to different VPNs, the interconnection device between the
two VPNs needs to serve as a client to synchronize time with the time source and
as a server to provide the time service for the router close to base stations.
A device configured with the server-and-client mode is called a T-BC, which
involves two important concepts:
● master-only vport: The master-only vport on a T-BC is always in the master
state and outputs time source information to the downstream device. It is
usually used on an NE where multiple rings intersect. The master-only vport
outputs time information to the lower-layer network. It can also be used on
an NE connected to base stations to provide time information for base
stations.
● vport: The status of the vport on a T-BC is not fixed. It is usually used on an
NE where multiple rings intersect. The NE uses the vport BMCA algorithm to
implement ring network protection.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 340
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-98 Application of the server-and-client mode
1.1.11.1.4 Terms and Abbreviations for 1588 ATR
Terms
Term Definition
Synchro Most telecommunication services running on a modern
nization communications network require network-wide synchronization.
Synchronization means that the frequency offset or time difference
between devices must remain in a specified range. Clock
synchronization is categorized as frequency synchronization or time
synchronization.
Time Time synchronization, also known as phase synchronization, refers to
synchro the consistency of both frequencies and phases between signals. That
nization is, the phase offset between signals is always 0.
Frequen Frequency synchronization, also known as clock synchronization,
cy refers to the strict relationship between signals based on a constant
synchro frequency offset or phase offset, in which signals are sent or received
nization at an average rate in a moment. In this manner, all devices in the
communications network operate at the same rate. That is, the
difference of phases between signals is a constant value.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 341
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Term Definition
IEEE A standard entitled Precision Clock Synchronization Protocol for
1588v2 Networked Measurement and Control Systems, defined by the
PTP Institute of Electrical and Electronics Engineers (IEEE). It is also called
the Precision Time Protocol (PTP).
ITU-T G. G.8275.2 defines the main protocols of 1588 ATR. Therefore, G.8275.2
8275.2 usually refers to the 1588 ATR feature.
Acronyms and Abbreviations
Acronyms and Full Name
Abbreviations
PTP Precision Time Protocol
1588v2
BITS Building Integrated Timing Supply System
BMC Best Master Clock
ACR Adaptive Clock Recovery
ATR Adaptive Time Recovery
1.1.11.2 1588 ATR Configuration
1.1.11.2.1 Overview of 1588 ATR
Definition
1588 Adaptive Time Recovery (1588 ATR) is an adaptive time recovery algorithm
based on PTP. It establishes clock links between routers by sending Layer 3 unicast
packets. Then, PTP packets are exchanged to achieve time synchronization over a
third-party network between devices.
In 1588v2 time synchronization mode, devices on the entire network must support
1588v2 hop by hop. 1588 ATR can be used to implement time synchronization
across devices that do not support 1588v2.
1588 ATR involves the server and client. The server provides 1588 ATR time
synchronization for the client, and the client synchronizes with the server.
When the time server (such as the SSU2000) supports only the 1588v2 unicast
negotiation mode, the client sends a negotiation request to the server, and the
server sends time synchronization packets to the client after the negotiation is
established. The client is configured with the 1588 ATR hop-by-hop mode and
interconnected with the time server to achieve time synchronization in 1588v2
unicast negotiation mode. After that, the client can function as a BC to provide
time synchronization for downstream gNodeBs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 342
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.11.2.2 Configuration Precautions for 1588 ATR
Feature Requirements
Table 1-42 Feature requirements
Feature Requirements Series Models
Routers support the 1588 ATR server function NetEngin NetEngine 8000
and comply with G.8275.2. Network e 8000 M M14/NetEngine
deployment has the following limitations: 8000 M14K/
1. The upstream and downstream paths NetEngine 8000
between the server and client are the same, M4/NetEngine
and the path between the server and client is 8000 M8/
unique. NetEngine 8000
M8K/NetEngine
2. A maximum of three microwave hops (four 8000E M14/
devices) or three L2 switches can be deployed NetEngine 8000E
on the intermediate network. Routers cannot M8
be traversed.
3. The server and client exchange PTP packets.
PTP packets can be Layer 3 IP packets or
packets with a single VLAN tag, but cannot
carry Layer 2 VLAN tags or MPLS tags.
4. The outbound interface for PTP packets on
the server must support the 1588 TC mode.
5. Measures and compensates for the static
asymmetry of the upstream and downstream
delays of the master and slave 1588 packets.
6. If LAG is configured on the transit network,
the optical fibers of LAG member links must be
of the same length. The asymmetric delay is a
fixed value regardless of the change.
7. PTP packets have the highest priority. The
transit network identifies the priority of PTP
packets and schedules them.
The time synchronization performance cannot
be met.
1.1.11.2.3 Configuring 1588 ATR Time Synchronization
In a 1588 ATR domain, a clock client establishes a client/server relationship only
with a remote clock server. The client initiates unicast negotiation requests to the
server and uses PTP packets to implement clock recovery.
Pre-configuration Tasks
Before configuring 1588 ATR time synchronization, complete the following tasks:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 343
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Configure static routes or an IGP to ensure IP route reachability among nodes.
● Configure the clock server to properly process clock signals from the BITS
source.
Configuring the Unicast Negotiation Function for a Client
The unicast negotiation function and parameters for a connection between a
client and a clock server are configured on the HUAWEI NetEngine 8100 M14/M8,
NetEngine 8000 M14K/M14/M8K/M8/M4 & NetEngine 8000E M14/M8 series
functioning as a 1588 ATR client.
Context
ATR, which is an adaptive clock recovery technology, allows a 1588 ATR client to
exchange 1588v2 packets with a clock server on a link where a 1588v2-incapable
device resides. After receiving 1588v2 packets, the client uses clock information
carried in the packets to restore clock information.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
1588v2 is enabled on the device.
Step 3 Run ptp-adaptive enable
1588 ATR is enabled on the device.
Step 4 Run clock source ptp synchronization enable
A PTP clock is specified to participate in clock source selection.
Step 5 Run ptp-adaptive device-type client
The 1588 ATR clock working mode of the router is set to client.
Step 6 Run ptp-adaptive time profile
The 1588 ATR device is configured to totally comply with ITU-T G.8275.2.
After the ptp-adaptive time profile command is run, the default domain value
changes to 44. The domain value range changes to 44–63.
Step 7 Run ptp-adaptive atr hop-by-hop
The 1588 ATR client hop-by-hop mode is enabled.
The ptp-adaptive atr hop-by-hop command is used when the time server
supports only the 1588v2 ATR unicast negotiation mode.
Step 8 (Optional) Run ptp-adaptive domain domain-value
A 1588 ATR domain is configured.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 344
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The client and server, which exchange 1588 ATR packets for clock synchronization, must be
in one 1588 ATR clock domain.
Step 9 Run ptp-adaptive local-ip ip-address
An IP address is assigned to the client, which is used to initiate a request for
negotiation and send Layer 3 unicast packets.
The clock server's and client's IP addresses uniquely identify a 1588 ATR
connection, which is set up by exchanging Layer 3 unicast packets between a
client and a clock server during negotiation. Configuring a loopback address as the
client's IP address is recommended, not the IP address of the management
network port on the device, helping the clock server direct packets to the client.
Step 10 Run ptp-adaptive { remote-server1-ip | remote-server2-ip } ip-address
The list of remote clock servers for unicast negotiation is configured.
If multiple clock servers exist on a network, the router, functioning as a client,
traces a specific clock server based on the clock server's IP address.
Running this command once specifies a clock server, and running it twice specifies
a pair of master and slave clock servers.
If two clock servers are configured, the client sends independent signaling packets
to both clock servers. After the negotiation succeeds, the client periodically checks
the negotiation result. If the traced server is faulty, the client automatically
switches to the other server. If the two servers are normal, the client determines
which server to trace by comparing the clock quality levels of the two servers.
Step 11 Run ptp-adaptive atr unicast-negotiate enable
1588 ATR unicast negotiation is enabled on the router.
Step 12 Enable 1588 ATR on the outbound interface used to transmit 1588 ATR packets.
1. Run interface interface-type interface-number
The interface view is displayed.
2. Run ptp-adaptive atr enable
1588 ATR is enabled on the interface.
3. Run commit
The configuration is committed.
4. Run quit
The system view is displayed.
Step 13 Run commit
The configuration is committed.
----End
Configuring Unicast Negotiation on a 1588 ATR Server
An router that functions as a 1588 ATR server needs to be enabled with unicast
negotiation so that it can use Layer 3 unicast packets to establish clock links with
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 345
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
a 1588 ATR client and use PTP packets to implement time synchronization over a
third-party network.
Context
NOTE
If the router only functions as a client in 1588 ATR client hop-by-hop mode, configuration on
the server side is not involved.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp-adaptive enable
1588 ATR is enabled on the device.
Step 3 Run ptp-adaptive device-type server
The router is configured to function as a 1588 ATR server.
Step 4 Run ptp-adaptive time profile
The 1588 ATR device is configured to support ITU-T G.8275.2.
After the ptp-adaptive time profile command is run, the default value of the
clock domain changes to 44, and the value range changes to 44 to 63.
Step 5 (Optional) Run ptp-adaptive domain domain-value
A 1588 ATR domain is configured for the device.
NOTE
The 1588 ATR client and server must be in the same clock domain.
Step 6 Run ptp-adaptive local-ip ip-address
The local IP address used for implementing Layer 3 unicast negotiation is
configured.
During Layer 3 unicast negotiation, a 1588 ATR client initiates a connection
request to a 1588 ATR server. The local IP address and server IP address uniquely
identify a 1588 ATR Layer 3 unicast negotiation connection. Specifying a local
loopback interface IP address as the local IP address is recommended to allow all
the packets to be transmitted from the server to the client.
Step 7 Run ptp-adaptive atr unicast-negotiate enable
1588 ATR unicast negotiation is enabled on the router.
Step 8 Enable 1588 ATR on the outbound interface used to transmit 1588 ATR packets.
1. Run interface interface-type interface-number
The interface view is displayed.
2. Run ptp-adaptive atr enable
1588 ATR is enabled on the interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 346
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
3. Run commit
The configuration is committed.
4. Run quit
The system view is displayed.
Step 9 Run commit
The configuration is committed.
----End
(Optional) Adjusting Unicast Negotiation Parameters
Time synchronization is the basis for normal network operations. 1588 ATR
packets should have a higher priority than other service packets so that they can
reach the destination in case of network congestion.
Context
This section describes the configuration of unicast negotiation parameters on a
1588 ATR server only. For details about how to configure unicast negotiation
parameters on a 1588 ATR client, see the configuration manual.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp-adaptive dscp dscp-value
The DSCP priority value is configured for 1588 ATR packets.
Step 3 Run commit
The configuration is committed.
----End
(Optional) Configuring Lightweight Time Synchronization
Lightweight time synchronization implements automatic identification and
switching within a device, loosening the requirements on time synchronization
precision and simplifying the configuration process.
Context
The system preferentially uses hop-by-hop 1588v2 time synchronization in In-situ
Flow Information Telemetry (IFIT) delay measurement scenarios. Hop-by-hop
1588v2 time synchronization requires that all devices on the network support
1588v2 in order to achieve delay measurement in the sub-microsecond range. If
some devices on the network do not support 1588v2, you can enable lightweight
and sub-millisecond-level time synchronization on downstream devices to achieve
delay measurement in the sub-millisecond range.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 347
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
This command does not need to be configured in non-IFIT scenarios. Otherwise, the time
synchronization precision is affected.
Lightweight clocks cannot be used in mobile backhaul scenarios, and the clock
synchronization precision cannot meet the performance requirements of base stations.
After lightweight time synchronization is enabled, reported PTSF alarms are cleared, and
new PTSF alarms cannot be reported.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp lite-sync sub-ms enable
Lightweight time synchronization is enabled.
Step 3 Run commit
The configuration is committed.
----End
Configuring Time Synchronization in Server-and-Client Mode
Context
To achieve time synchronization across the VPN, the device needs to serve as both
a client to synchronize time with the time source and a server to provide time
services for the router close to the base station. The device must be configured to
work in server-and-client mode. That is, the device must function as a T-BC.
Procedure
● On both upstream and downstream devices:
a. Run system-view
The system view is displayed.
b. Run ptp enable
1588v2 is enabled on the device.
c. Run ptp device-type bc
The device type is configured as BC.
d. Run ptp clock-source atr enable
1588 ATR time source synchronization is enabled.
● On the upstream device:
a. Run system-view
The system view is displayed.
b. Run ptp-adaptive enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 348
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1588 ATR is enabled on the device.
c. Run ptp-adaptive time profile
The 1588 ATR device is configured to support ITU-T G.8275.2.
d. Run ptp-adaptive device-type server-and-client
The 1588 ATR working mode of the device is configured as server-client.
e. Run ptp-adaptive atr unicast-negotiate enable
1588 ATR unicast negotiation is enabled on the device.
f. Run ptp-adaptive master-only-vport port-id port-ip ip-address [ vpn-
instance vpn-name ]
The local IP address and VPN instance name used by the virtual upstream
interface of the T-BC to initiate Layer 3 unicast negotiation are
configured.
g. Run commit
The configuration is committed.
h. Run quit
Return to the system view.
i. Enable 1588 ATR on the outbound interface used to transmit 1588 ATR
packets.
i. Run interface interface-type interface-number
The interface view is displayed.
ii. Run ptp-adaptive atr enable
1588 ATR is enabled on the interface.
iii. Run ip address ip-address { mask | mask-length }
An IP address is configured for the interface. The IP address must be
the same as that configured for the master-only-vport.
iv. Run commit
The configuration is committed.
● On the downstream device:
a. Run system-view
The system view is displayed.
b. Run ptp-adaptive enable
1588 ATR is enabled on the device.
c. Run ptp-adaptive time profile
The 1588 ATR device is configured to support ITU-T G.8275.2.
d. Run ptp-adaptive device-type server-and-client
The 1588 ATR working mode of the device is configured as server-client.
e. Run ptp-adaptive atr unicast-negotiate enable
1588 ATR unicast negotiation is enabled on the device.
f. Run ptp-adaptive vport port-id port-ip ip-address [ vpn-instance vpn-
name ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 349
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The local IP address and VPN instance name used by the T-BC port to
initiate Layer 3 unicast negotiation are configured.
g. Run ptp-adaptive vport port-id remote-port-ip remote-ip-address
A list of remote clock servers for unicast negotiation with the specified
virtual port is configured.
h. Enable 1588 ATR on the inbound interface of 1588 ATR packets.
i. Run interface interface-type interface-number
The interface view is displayed.
ii. Run ptp-adaptive atr enable
1588 ATR is enabled on the interface.
iii. Run ip address address-value { mask | mask-length }
An IP address is configured for the interface. This IP address must be
the same as the vport port-ip value.
iv. Run commit
The configuration is committed.
----End
Verifying the Configuration
After configuring 1588 ATR on the router that functions as a server or client in
hop-by-hop mode, verify the configuration.
Procedure
● Run the display ptp-adaptive all command to check all configurations of the
1588 ATR module on the server or client in hop-by-hop mode.
● Run the display ptp-adaptive config command to check 1588 ATR related
configurations on the server or client in hop-by-hop mode.
● Run the display ptp-adaptive client [ client-id ] command to check detailed
information and packet statistics about the client from which the 1588 ATR
server receives a negotiation request.
● Run the display ptp-adaptive master-only-vport [ mvport-id ] command to
check configurations of the master-only-vport on the T-BC as well as the
information about the connected client.
● Run the display ptp-adaptive vport [ vport-id ] command to check
configurations of the vport on the T-BC as well as the status information.
----End
1.1.11.2.4 Maintaining 1588 ATR
This section describes how to maintain 1588 ATR, including how to clear 1588 ATR
statistics.
Usage Scenario
You can run the reset command to clear statistics about the configured 1588 ATR
function.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 350
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pre-configuration Tasks
The 1588 ATR function has been configured.
Clearing 1588 ATR Statistics
This section describes how to clear 1588 ATR statistics using the reset ptp-
adaptive statistics command.
Context
NOTICE
Statistics cannot be restored after being cleared. Exercise caution when running
the reset ptp-adaptive statistics command.
After you confirm the statistics need to be cleared, run the following command in
the user view.
Procedure
Step 1 Run reset ptp-adaptive statistics
1588 ATR statistics are cleared.
----End
1.1.11.2.5 Configuration Examples for 1588 ATR
This section provides 1588 ATR configuration examples.
Example for Configuring 1588 ATR Transparent Transmission Time Synchronization
in a Dual-Server Scenario
In a 1588 ATR domain, a client can establish a client/server relationship with two
remote clock servers and send unicast negotiation requests to these clock servers
to implement 1588 ATR time synchronization. Once the master clock server
becomes faulty, the client automatically initiates a connection request to the slave
clock server.
Networking Requirements
On the IP RAN shown in Figure 1-99, time synchronization needs to be performed
between gNodeBs, but the third-party network (such as a microwave or switch
network) does not support 1588v2. In this case, 1588 ATR can be configured to
allow time synchronization over the third-party network. NetEngine 8100 M,
NetEngine 8000E M, NetEngine 8000 Ms enabled with 1588 ATR can function as a
BC to synchronize time information with upstream devices and as a 1588 ATR
server to synchronize time information with gNodeBs.
Server1 and Server2 are the master and slave clock servers. A client initiates Layer
3 unicast negotiation requests to both Server1 and Server2 using 1588 ATR
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 351
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
packets to obtain time synchronization information. If the client is disconnected
from Server1, the client then initiates a Layer 3 unicast negotiation request to
Server2 to ensure time synchronization with the clock server.
Figure 1-99 1588 ATR configuration in a dual-server scenario
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure unicast negotiation on a 1588 ATR client.
2. Configure unicast negotiation on Server1 and Server2.
Data Preparation
To complete the configuration, you need the following data:
● Local server's IP address
● 1588 ATR domain where the servers reside
● Outbound interface for transmitting 1588 ATR packets
● DSCP priority value of 1588 ATR packets
Procedure
Step 1 Configure unicast negotiation on a 1588 ATR client.
For details about how to configure unicast negotiation on a client, see the related
configuration guide.
Step 2 Configure unicast negotiation on Server1 and Server2.
● Configure Server1 as the server.
<Server1> system-view
[~Server1] interface loopback 0
[*Server1-Loopback0] ip address 1.1.1.1 32
[*Server1-Loopback0] commit
[~Server1-Loopback0] quit
[*Server1] ptp-adaptive enable
[*Server1] ptp-adaptive device-type server
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 352
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*Server1] ptp-adaptive time profile
[*Server1] ptp-adaptive domain 45
[*Server1] ptp-adaptive dscp 60
[*Server1] ptp-adaptive local-ip 1.1.1.1
[*Server1] ptp-adaptive atr unicast-negotiate enable
[*Server1] interface gigabitethernet 0/1/0
[*Server1-GigabitEthernet0/1/0] ptp-adaptive atr enable
[*Server1-GigabitEthernet0/1/0] commit
[*Server1-GigabitEthernet0/1/0] quit
[*Server1] commit
● Configure unicast negotiation on Server2.
<Server2> system-view
[~Server2] interface loopback 0
[*Server2-Loopback0] ip address 2.2.2.2 32
[*Server2-Loopback0] commit
[~Server2-Loopback0] quit
[*Server2] ptp-adaptive enable
[*Server2] ptp-adaptive device-type server
[*Server2] ptp-adaptive time profile
[*Server2] ptp-adaptive domain 45
[*Server2] ptp-adaptive dscp 60
[*Server2] ptp-adaptive local-ip 2.2.2.2
[*Server2] ptp-adaptive atr unicast-negotiate enable
[*Server2] interface gigabitethernet 0/1/0
[*Server2-GigabitEthernet0/1/0] ptp-adaptive atr enable
[*Server2-GigabitEthernet0/1/0] commit
[*Server2-GigabitEthernet0/1/0] quit
[*Server2] commit
Step 3 Verify the configuration.
# View all configurations of the 1588 ATR module on the servers. The following
example uses the command output on Server1.
<Server1> display ptp-adaptive all
Device config info
-------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server
Sync mode :time Current state :master
Packet dscp :60 Domain value :45
Local ip :1.1.1.1 Server board :5
Profile :time
VPN :none
Client info
ID Ip Address Clock ID Mode Announce Sync Delay_resp
-------------------------------------------------------------------------------
0 0 3.3.3.3 2cab00fffec65e58 two-way 1 -7 -7
1 1 4.4.4.4 286ed4fffebcdc76 two-way 1 -7 -7
# View 1588 ATR related configurations on the servers. The following example
uses the command output on Server1.
<Server1> display ptp-adaptive config
Device config info
-------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server
Sync mode :time Current state :master
Packet dscp :60 Domain value :45
Local ip :1.1.1.1 Server board :5
Profile :time
VPN :none
Port config info
Name ATR enable
-----------------------------------
GigabitEthernet0/1/0 true
# View configurations of the 1588 ATR client.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 353
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<Server1> display ptp-adaptive client 0
Client id :0 IP address :3.3.3.3
Clock id :2cab00fffec65e58 Mode :two-way
Announce interval :1 Announce duration :300s
Sync interval :-7 Sync duration :300s
Delay_resp interval :-7 Delay_resp duration :300s
Receive packet statistics
---------------------------------------------------------------------------
Signalling :60 Delay_req :655778
Send packet statistics
---------------------------------------------------------------------------
Signalling :60 Announce :2547
Sync :655945 Delay_resp :655778
Discard packet statistics
---------------------------------------------------------------------------
Signalling :0
Delay_req :0
----End
Configuration Files
● Server1 configuration file
#
sysname Server1
#
ptp-adaptive enable
ptp-adaptive device-type server
ptp-adaptive time profile
ptp-adaptive domain 45
ptp-adaptive dscp 60
ptp-adaptive local-ip 1.1.1.1
ptp-adaptive atr unicast-negotiate enable
#
interface gigabitethernet 0/1/0
ptp-adaptive atr enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
return
● Server2 configuration file
#
sysname Server2
#
ptp-adaptive enable
ptp-adaptive device-type server
ptp-adaptive time profile
ptp-adaptive domain 45
ptp-adaptive dscp 60
ptp-adaptive local-ip 2.2.2.2
ptp-adaptive atr unicast-negotiate enable
#
interface gigabitethernet 0/1/0
ptp-adaptive atr enable
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 354
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Example for Configuring 1588 ATR Client Hop-by-Hop Time Synchronization
In a 1588 ATR domain, a client sends a unicast negotiation request to the server
to implement time synchronization using 1588 ATR packets.
Networking Requirements
On the IP RAN shown in Figure 1-100, the time server SSU2000 supports only the
1588v2 unicast negotiation mode. To allow the NetEngine 8100 M, NetEngine
8000E M, NetEngine 8000 M to directly connect to the time server, configure the
1588 ATR hop-by-hop mode on the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M to achieve time synchronization in 1588v2 unicast negotiation
mode.
Figure 1-100 1588v2 hop-by-hop time synchronization
Configuration Roadmap
NOTE
This section describes the configurations only in 1588 ATR client hop-by-hop mode. In
Figure 1-100, BCs perform time synchronization using 1588v2. For detailed configuration,
see 1.1.8.2 1588v2 Configuration.
The configuration roadmap is as follows:
1. Configure the hop-by-hop mode and enable the unicast negotiation function
on the 1588 ATR client.
2. Configure the unicast negotiation function on the time server. This step can
be skipped if the time server is not a Huawei device.
3. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
● Server's local IP address
● 1588 ATR domain where the server resides
● Outbound interface for forwarding 1588 ATR packets
● DSCP value of 1588 ATR packets
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 355
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Configure the hop-by-hop mode and enable the unicast negotiation function on
the 1588 ATR client.
<HUAWEI> system-view
[~HUAWEI] interface loopback 0
[*HUAWEI-Loopback0] ip address 2.2.2.2 32
[*HUAWEI-Loopback0] commit
[~HUAWEI-Loopback0] quit
[*HUAWEI] ptp enable
[*HUAWEI] ptp device-type bc
[*HUAWEI] ptp-adaptive enable
[*HUAWEI] ptp-adaptive device-type client
[*HUAWEI] ptp-adaptive time profile
[*HUAWEI] ptp-adaptive atr hop-by-hop
[*~HUAWEI] ptp-adaptive dscp 60
[*HUAWEI] ptp-adaptive local-ip 2.2.2.2
[*HUAWEI] ptp-adaptive remote-server1-ip 1.1.1.1
[*HUAWEI] clock source ptp synchronization enable
[*HUAWEI] clock source ptp priority 5
[*HUAWEI] ptp-adaptive atr unicast-negotiate enable
[*HUAWEI] ptp clock-source atr enable
[*HUAWEI] commit
[~HUAWEI] interface gigabitethernet 0/2/1
[~HUAWEI-GigabitEthernet0/2/1] ip address 10.1.1.1 255.255.255.0
[~HUAWEI-GigabitEthernet0/2/1] ptp-adaptive atr enable
[*HUAWEI-GigabitEthernet0/2/1] commit
[~HUAWEI-GigabitEthernet0/2/1] quit
Step 2 Configure the unicast negotiation function on the time server. This step can be
skipped if the time server is not a Huawei device.
Step 3 Verify the configuration.
# Display all configurations of the 1588 ATR client.
<HUAWEI> display ptp-adaptive all
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :client
Sync mode :time Current state :slave
Packet dscp :60 Domain value :44
Announce interval :10 Announce duration :300s
Sync interval :3 Sync duration :300s
Delay_resp interval :3 Delay_resp duration:300s
Announce receipt timeout:3 One-way or two-way :two-
way
Local ip :2.2.2.2 Profile :time
Client board :5 Hop_by_hop mode :yes
VPN :none
# Display the configurations associated with the 1588 ATR client function.
<HUAWEI> display ptp-adaptive config
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :client
Sync mode :time Current state :slave
Packet dscp :60 Domain value :44
Announce interval :10 Announce duration :300s
Sync interval :3 Sync duration :300s
Delay_resp interval :3 Delay_resp duration:300s
Announce receipt timeout:3 One-way or two-way :two-way
Local ip :2.2.2.2 Profile :time
Client board :5 Hop_by_hop mode :yes
VPN :none
Server config info
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 356
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
------------------------------------------------------------------------------
Ip address Asymmetry(ns)
Server1: 1.1.1.1 --
Port config info
Name ATR enable
------------------------------------------------------------------------------
GigabitEthernet0/2/1 true
# Display detailed information and packet statistics of the 1588 ATR client.
<HUAWEI> display ptp-adaptive client 0
Client id :0 IP address :2.2.2.2
Clock id :2cab00fffec65e58 Mode :two-way
Announce interval :1 Announce duration :300s
Sync interval :-7 Sync duration :300s
Delay_resp interval :-7 Delay_resp duration :300s
Receive packet statistics
---------------------------------------------------------------------------
Signalling :60 Delay_req :655778
Send packet statistics
---------------------------------------------------------------------------
Signalling :60 Announce :2547
Sync :655945 Delay_resp :655778
Discard packet statistics
---------------------------------------------------------------------------
Signalling :0
Delay_req :0
----End
Configuration Files
#
ptp-adaptive enable
ptp-adaptive time profile
ptp-adaptive device-type client
ptp-adaptive atr hop-by-hop
ptp-adaptive dscp 60
ptp-adaptive local-ip 2.2.2.2
ptp-adaptive atr unicast-negotiate enable
ptp-adaptive remote-server1-ip 1.1.1.1
ptp enable
ptp device-type bc
ptp clock-source atr enable
clock source ptp synchronization enable
clock source ptp priority 5
#
interface GigabitEthernet0/2/1
undo shutdown
ip address 10.1.1.1 255.255.255.0
ptp-adaptive atr enable
#
interface Loopback0
ip address 2.2.2.2 255.255.255.255
#
return
Example for Configuring 1588 ATR Time Synchronization in Server-and-Client
Mode
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 357
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Networking Requirements
On the network shown in Figure 1-101, the NetEngine 8100 M, NetEngine 8000E
M, NetEngine 8000 M can be directly connected to a time server and be
configured to work in 1588 ATR server-and-client mode. The T-BC can be
connected to a base station or a hierarchical node to output time signals to the
downstream device. Some NEs on the intermediate microwave network do not
support clock synchronization, but network devices can properly communicate
with each other.
Figure 1-101 T-BC time synchronization
Configuration Roadmap
The configuration roadmap is as follows:
Enable 1588v2 on a device, set the device type to BC, and enable 1588 ATR time
synchronization.
● On the upstream device:
1. Enable 1588 ATR and unicast negotiation.
2. Configure the device to support ITU-T G.8275.2.
3. Configure the device to work in server-and-client mode.
4. Configure the local IP address of the master-only-vport.
5. Configure an IP address for the outbound interface and enable ATR on the
interface.
6. Verify the configuration.
● On the downstream device:
1. Enable 1588 ATR and unicast negotiation.
2. Configure the device to support ITU-T G.8275.2.
3. Configure the device to work in server-and-client mode.
4. Configure the local IP address of the vport and the list of remote clock servers
that support negotiation.
5. Configure an IP address for the inbound interface and enable ATR on the
interface.
6. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 358
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Local IP address of the upstream device
● Local IP address of the downstream device
● Outbound interface of upstream 1588 ATR packets
● Inbound interface of downstream 1588 ATR packets
Procedure
Step 1 Configure 1588v2 and enable 1588 ATR time synchronization on both upstream
and downstream devices.
<HUAWEI> system-view
[~HUAWEI] ptp enable
[*HUAWEI] ptp device-type bc
[*HUAWEI] ptp clock-source atr enable
[*HUAWEI] commit
Step 2 Enable 1588 ATR and configure the server-and-client mode.
# Configure T-BC1.
<HUAWEI> system-view
[~HUAWEI] sysname T-BC1
[*HUAWEI] commit
[~T-BC1] ptp-adaptive enable
[*T-BC1] ptp-adaptive atr unicast-negotiate enable
[*T-BC1] ptp-adaptive time profile
[*T-BC1] ptp-adaptive device-type server-and-client
[*T-BC1] commit
# Enable 1588 ATR and set the server-and-client mode on T-BC2. The
configuration of T-BCs is similar to that of T-BC1.
Step 3 Configure the master-only-vport information on T-BC1.
[~T-BC1] ip vpn-instance vpn1
[*T-BC1-vpn-instance-vpn1] commit
[~T-BC1-vpn-instance-vpn1] quit
[~T-BC1] ptp-adaptive master-only-vport 1 port-ip 10.1.1.2 vpn-instance vpn1
[*T-BC1] commit
Step 4 Configure the vport of T-BC2 and the list of remote clock servers.
[~T-BC2] ip vpn-instance vpn1
[*T-BC2-vpn-instance-vpn1] commit
[~T-BC2-vpn-instance-vpn1] quit
[~T-BC2] ptp-adaptive vport 1 port-ip 10.1.1.1 vpn-instance vpn1
[*T-BC2] ptp-adaptive vport 1 remote-port-ip 10.1.1.2
[*T-BC2] commit
Step 5 Enable ATR on an interface and configure a local IP address for the interface.
# Configure T-BC1.
[~T-BC1] interface gigabitethernet 0/2/1
[*T-BC1-GigabitEthernet0/2/1] ptp-adaptive atr enable
[*T-BC1-GigabitEthernet0/2/1] ip binding vpn-instance vpn1
[*T-BC1-GigabitEthernet0/2/1] ip address 10.1.1.2 24
[*T-BC1-GigabitEthernet0/2/1] commit
[~T-BC1-GigabitEthernet0/2/1] quit
# Configure T-BC2.
[~T-BC2] interface gigabitethernet 0/2/1
[*T-BC2-GigabitEthernet0/2/1] ptp-adaptive atr enable
[*T-BC2-GigabitEthernet0/2/1] ip binding vpn-instance vpn1
[*T-BC2-GigabitEthernet0/2/1] ip address 10.1.1.1 24
[*T-BC2-GigabitEthernet0/2/1] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 359
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~T-BC2-GigabitEthernet0/2/1] quit
Step 6 Verify the configuration.
# Display all configurations of the 1588 ATR module.
<T-BC1> display ptp-adaptive all
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server-and-client
Sync mode :time Current state :master+slave
Packet dscp :56 Domain value :44
Announce interval :10 Announce duration :300s
Sync interval :3 Sync duration :300s
Delay_resp interval :3 Delay_resp duration:300s
Announce receipt timeout:3 One-way or two-way :two-
way
Profile :time
BMCA run info
------------------------------------------------------------------------------
Current trace source :local
Vport list
------------------------------------------------------------------------------
ID Port state Negotiate state
Master-only-vport list
------------------------------------------------------------------------------
ID Ip Address VPN Client number
1 10.1.1.2 vpn1 1
# Display information about successful negotiation of T-BC2.
<T-BC2> display ptp-adaptive all
Device config info
------------------------------------------------------------------------------
Ptp adaptive state :enable Device type :server-and-client
Sync mode :time Current state :master+slave
Packet dscp :56 Domain value :44
Announce interval :10 Announce duration :300s
Sync interval :3 Sync duration :300s
Delay_resp interval :3 Delay_resp duration:300s
Announce receipt timeout:3 One-way or two-way :two-
way
Profile :time
BMCA run info
------------------------------------------------------------------------------
Current trace source :vport 1
Time performance statistics
------------------------------------------------------------------------------
Realtime(T2-T1) :+0s, 127ns
Max(T2-T1) :+11163s, 2057757ns
Min(T2-T1) :-0s, 62882358ns
Realtime(T4-T3) :+0s, 119ns
Max(T4-T3) :+114224s, 804881946ns
Min(T4-T3) :-0s, 110ns
Vport list
------------------------------------------------------------------------------
ID Port state Negotiate state
1 slave Nego success
# Display 1588 ATR vport information.
<T-BC1> display ptp-adaptive master-only-vport
Master-only-vport list
------------------------------------------------------------------------------
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 360
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ID Ip Address VPN Client number
1 10.1.1.2 vpn1 1
Master-only-vport 1 client list
ID Ip Address Clock ID Mode Announce Sync
Delay_resp
------------------------------------------------------------------------------
0 14 10.1.1.1 202008fffe261204 two-way 0 -7 -7
# Display vport information on the downstream device.
<T-BC2> display ptp-adaptive vport
Vport 1
------------------------------------------------------------------------------
VPN :vpn1
Local ip :10.1.1.1 Remote port ip :10.1.1.2
Negotiate state :Nego success
Port state :slave Clock Class :6
Pri2 :128 Accuracy :0xFE
Local priority :128 Asymmetry(ns) :0
----End
Configuration Files
T-BC1 configuration file
#
sysname T-BC1
#
ptp-adaptive enable
ptp-adaptive time profile
ptp-adaptive device-type server-and-client
ptp-adaptive atr unicast-negotiate enable
ptp-adaptive master-only-vport 1 port-ip 10.1.1.2
#
ptp enable
ptp device-type bc
ptp clock-source atr enable
#
interface GigabitEthernet0/2/1
undo shutdown
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
ptp-adaptive atr enable
#
return
T-BC2 configuration file
#
sysname T-BC2
#
ptp-adaptive enable
ptp-adaptive time profile
ptp-adaptive device-type server-and-client
ptp-adaptive atr unicast-negotiate enable
ptp-adaptive vport 1 port-ip 10.1.1.1
ptp-adaptive vport 1 remote-port-ip 10.1.1.2
#
ptp enable
ptp device-type bc
ptp clock-source atr enable
#
interface GigabitEthernet0/2/1
undo shutdown
ip binding vpn-instance vpn1
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 361
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ip address 10.1.1.1 255.255.255.0
ptp-adaptive atr enable
#
return
1.1.12 Atom GPS Timing Configuration
1.1.12.1 Atom GPS Timing Description
1.1.12.1.1 Overview of Atom GPS
Background
As the commercialization of LTE-TDD and LTE-A accelerates, there is a growing
need for time synchronization on base stations. Traditionally, the GPS and PTP
solutions were used on base stations to implement time synchronization.
The GPS solution requires GPS antenna to be deployed on each base station,
leading to high TCO. The PTP solution requires 1588v2 support on network-wide
devices, resulting in huge costs on network reconstruction for network carriers.
Furthermore, GPS antenna can properly receive data from GPS satellites only
when they are placed outdoor and meet installation angle requirements. When it
comes to indoor deployment, long feeders are in place to penetrate walls, and site
selection requires heavy consideration due to high-demanding lightning
protection. These disadvantages lead to high TCO and make GPS antenna
deployment challenging on indoor devices. Another weakness is that most indoor
equipment rooms are leased, which places strict requirements for coaxial cables
penetrating walls and complex application procedure. For example, taking security
factors into consideration, the laws and regulations in Japan specify that radio
frequency (RF) cables are not allowed to be deployed in rooms by penetrating
walls.
To address the preceding challenges, the Atom GPS timing system is introduced to
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Specifically, an Atom
GPS module which is comparable to a lightweight BITS device is inserted to an
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M to provide GPS access
to the bearer network. Upon receipt of GPS clock signals, the Atom GPS module
converts them into SyncE signals and then sends the SyncE signals to NetEngine
8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Upon receipt of GPS time
signals, the Atom GPS module converts them into 1588v2 signals and then sends
the 1588v2 signals to base stations. This mechanism greatly reduces the TCO for
carriers.
Benefits
This feature offers the following benefits to carriers:
● For newly created time synchronization networks, the Atom GPS timing
system reduces the deployment costs by 80% compared to traditional time
synchronization solutions.
● For the expanded time synchronization networks, the Atom GPS timing
system can reuse the legacy network to protect investment.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 362
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.12.1.2 Understanding Atom GPS
Modules
The Atom GPS timing system includes two types of modules: Atom GPS modules
and clock/time processing modules on routers.
Related Modules
Figure 1-102 GPS timing
Atom GPS timing involves two modules: Atom GPS timing module an clock/time
processing module on the router.
Atom GPS Modules
● GPS antenna: receives signals from GPS satellites.
● GPS receiver: processes GPS RF signals and obtains frequency and time
information from the GPS RF signals.
● Phase-locked loop (PLL):
– Frequency PLL: locks the 1PPS reference clocks and outputs a high-
frequency clock.
– Analog PLL (APLL): multiplies the system clock to a higher frequency
clock.
– Time PLL: locks the UTC time and outputs the system time.
● Real-time clock (RTC): provides real-time timestamps for PTP event messages.
● PTP grandmaster (GM): functions as the SyncE slave to obtain SyncE clock
data.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 363
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Clock/Time Processing Modules on routers
An Atom GPS module must work in conjunction with clock/time processing
modules to implement clock and time synchronization. routers support two types
of clock/time processing modules:
● SyncE Slave: This module is used to obtain SyncE clock data.
● PTP BC: This module typically functions as a slave BC to process PTP messages
and extract PTP information.
Implementation Principles
The Atom GPS timing feature provides two key functions:
● Serves as the SyncE clock source to provide clock synchronization.
● Serves as the PTP time source to provide time synchronization.
Processing for Key Function 1
1. The Atom GPS module uses a built-in GPS Receiver module to receive satellite
signals from GPS antenna and output 1PPS GPS frequency signals.
2. The Atom GPS module uses a built-in frequency PLL module to trace and lock
1PPS phase and frequency and output the system clock.
3. The Atom GPS module uses a built-in APLL module to multiply the system
clock to a clock at GE rate which is then used as the SyncE transmit clock.
4. The device uses the GE interface to obtain SyncE clock signals from the Atom
GPS module and transmits the clock signals to downstream devices.
Processing for Key Function 2
1. The Atom GPS module uses a built-in GPS receiver to receive satellite signals
from GPS antenna and output the UTC time.
2. The Atom GPS module uses a built-in time PLL module to trace time PLL, lock
the UTC time, and output the system time.
3. The Atom GPS module uses a built-in time RTC module to obtain the system
time.
4. The Atom GPS module uses a built-in PTP GM module to process PTP
messages. The timestamps carried in PTP event messages are generated by
the RTC module.
5. The device uses the GE interface to obtain PTP time signals from the Atom
GPS module and transmits the time signals to downstream devices.
1.1.12.1.3 Application Scenarios for Atom GPS
On the network shown in the following figure, the Atom GPS timing feature is
mainly used in three synchronization solutions:
● SyncE frequency synchronization + Atom GPS time synchronization
On networks that do not support time synchronization, this solution allows
time synchronization with an Atom GPS module inserted into an router.
● Atom GPS frequency synchronization + 1588v2 time synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 364
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
On networks that do not support frequency synchronization, this solution
allows frequency synchronization with an Atom GPS module inserted into an
router.
● Atom GPS frequency synchronization + Atom GPS time synchronization
On networks that cannot be reconstructed, this solution allows time and
frequency synchronization with an Atom GPS module inserted into an router.
Figure 1-103 Atom GPS networking
1.1.12.1.4 Terms and Abbreviations for Atom GPS
Terms
Term Definition
Synchro Most telecommunication services running on a modern
nization communications network require network-wide synchronization.
Synchronization means that the frequency offset or time difference
between devices must remain in a specified range. Clock
synchronization is categorized as frequency synchronization or time
synchronization.
Time Time synchronization, also known as phase synchronization, refers to
synchro the consistency of both frequencies and phases between signals. That
nization is, the phase offset between signals is always 0.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 365
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Term Definition
Frequen Frequency synchronization, also known as clock synchronization,
cy refers to the strict relationship between signals based on a constant
synchro frequency offset or phase offset, in which signals are sent or received
nization at an average rate in a moment. In this manner, all devices in the
communications network operate at the same rate. That is, the
difference of phases between signals is a constant value.
IEEE A standard entitled Precision Clock Synchronization Protocol for
1588v2 Networked Measurement and Control Systems, defined by the
PTP Institute of Electrical and Electronics Engineers (IEEE). It is also called
the Precision Time Protocol (PTP).
Acronyms and Abbreviations
Acronyms and Full Name
Abbreviations
GPS Global Positioning System
PRC Primary Reference Clock
PRTC Primary Reference Timing Clock
PTP Precision Time Protocol
UTC Coordinated Universal Clock
PLL Phase-Locked Loop
SyncE Synchronization Ethernet
RTC Real-time Clock
1.1.12.2 Atom GPS Timing Configuration
Context
NOTE
● When an Atom GPS module is horizontally inserted into a board, no other optical
modules can be inserted into the interfaces that are horizontally in parallel to the
Atom GPS module. When an Atom GPS module is vertically inserted into a board, no
other optical modules can be inserted into the interfaces that are vertically in parallel
to the Atom GPS module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 366
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.12.2.1 Overview of Atom GPS
Background
As the commercialization of LTE-TDD and LTE-A accelerates, there is a growing
need for time synchronization on base stations. Traditionally, the GPS and PTP
solutions were used on base stations to implement time synchronization.
The GPS solution requires GPS antenna to be deployed on each base station,
leading to high TCO. The PTP solution requires 1588v2 support on network-wide
devices, resulting in huge costs on network reconstruction for network carriers.
Furthermore, GPS antenna can properly receive data from GPS satellites only
when they are placed outdoor and meet installation angle requirements. When it
comes to indoor deployment, long feeders are in place to penetrate walls, and site
selection requires heavy consideration due to high-demanding lightning
protection. These disadvantages lead to high TCO and make GPS antenna
deployment challenging on indoor devices. Another weakness is that most indoor
equipment rooms are leased, which places strict requirements for coaxial cables
penetrating walls and complex application procedure. For example, taking security
factors into consideration, the laws and regulations in Japan specify that radio
frequency (RF) cables are not allowed to be deployed in rooms by penetrating
walls.
To address the preceding challenges, the Atom GPS timing system is introduced to
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Specifically, an Atom
GPS module which is comparable to a lightweight BITS device is inserted to an
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M to provide GPS access
to the bearer network. Upon receipt of GPS clock signals, the Atom GPS module
converts them into SyncE signals and then sends the SyncE signals to NetEngine
8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Upon receipt of GPS time
signals, the Atom GPS module converts them into 1588v2 signals and then sends
the 1588v2 signals to base stations. This mechanism greatly reduces the TCO for
carriers.
Supported Interface Type
An Atom GPS module supports only GE optical interfaces and the 1000M full
duplex mode. It does not support the adaptive mode.
NOTE
After an atom GPS module is installed on an interface, the interface supports only the clock
feature and does not allow the configuration of other features.
Supported PTP Device Type
The PTP device type supported by an Atom GPS module can be boundary clock
(BC) or telecom boundary clock (T-BC). A BC or T-BC has multiple clock interfaces.
On a BC/T-BC, one interface is used to implement time synchronization with
upstream devices, and other interfaces (passive interfaces excluded) are used to
transmit time information to downstream devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 367
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Supported Delay Measurement Mechanism
By default, an Atom GPS module supports the delay request-response mechanism,
which is the PTP link delay measurement mechanism. Configuring this mechanism
is not supported.
1.1.12.2.2 Configuration Precautions for ATOM GPS Timing
Feature Requirements
Table 1-43 Feature requirements
Feature Requirements Series Models
The ATOM GPS 1.0/2.0/3.0 module can only be NetEngin NetEngine 8000
inserted into a GE optical interface. e 8000 M M14/NetEngine
When a GE optical interface that has an Atom 8000 M14K/
GPS module installed is replaced with a NetEngine 8000
common optical module, the Atom GPS timing M4/NetEngine
configuration on the GE optical interface is 8000 M8/
cleared. NetEngine 8000
M8K/NetEngine
Time synchronization is affected. 8000E M14/
This restriction requires that the device must NetEngine 8000E
have GE optical interfaces. M8
1.1.12.2.3 Configuring the SyncE Function
This section describes how to configure the SyncE function.
Usage Scenario
On the IP RAN shown in Figure 1-104, clock synchronization needs to be achieved
between NodeBs. The Atom GPS timing solution can be deployed as follows to
allow clock synchronization: Insert an Atom GPS module into an ASG so that the
Atom GPS module can synchronize clock signals with the GPS and the ASG can
synchronize clock signals with the Atom GPS module. Then, configure the SyncE
function to allow transmission of clock signals to downstream devices and then to
NodeBs. In this manner, network-wide clock synchronization is achieved.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 368
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-104 Networking of Atom GPS timing
Pre-configuration Tasks
Before configuring the SyncE function, complete the following task:
● Configure the Atom GPS module to properly process GPS clock signals.
Configuring the SyncE Function on an Atom GPS Module
Context
NOTE
The SyncE function is enabled on an Atom GPS module by default, with no need for
manual configuration.
Configuring the SyncE Function on the Device Where an Atom GPS Module Houses
To achieve network-wide clock synchronization, the SyncE function needs to be
configured on a device where the Atom GPS module houses so that clock signals
can be transmitted to downstream devices.
Context
Perform the following steps on the device equipped with an AE 905S module:
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 369
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run clock synchronization enable
Clock synchronization is enabled for the interface.
Step 4 Run clock priority priority-value
A priority is configured for the clock reference source of the interface.
Step 5 Run quit
Return to the system view.
Step 6 (Optional) Run clock ssm-control { on | off }
The device is configured whether to select a clock source based on SSM levels.
NOTE
After SSM control is enabled, to use the enhanced SSM level as the information for clock
source selection, run the clock enhanced-ssm-control {on | off} command to enable
enhanced SSM. For details, see the page Enhanced SSM.
Step 7 (Optional) Run clock run-mode { free | hold | normal }
An Ethernet Equipment Clock (EEC) running mode is configured.
Step 8 (Optional) Run clock switch { revertive | non-revertive }
A clock recovery mode is configured.
Step 9 (Optional) Run clock wtr wtr-time
A clock WTR time is configured.
Step 10 (Optional) Run clock source-lost holdoff-time holdoff-time-value
A clock holdoff time upon a timing signal failure is configured.
Step 11 (Optional) Run clock max-out-ssm { prc | ssua | ssub | sec | prtc | eprtc | esec |
eprc }
The maximum output SSM level is configured for the interface clock source.
Step 12 (Optional) Run clock freq-deviation-detect enable
Clock frequency offset detection is enabled.
Step 13 (Optional) Run clock input-threshold { dnu | prc | sec | ssua | ssub | prtc | eprtc |
esec | eprc }
A lower quality threshold of external clock signals is specified.
Step 14 Run commit
The configuration is committed.
----End
Checking the Configurations
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 370
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
After configuring the SyncE function of the Atom GPS timing system, check the
configurations.
Procedure
● Run the display clock { config | source } command to check clock
synchronization configurations and clock source configurations.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GPS module on a specified
interface.
----End
1.1.12.2.4 Configuring the Time Synchronization Function
This section describes how to configure the time synchronization function.
Usage Scenario
On the IP RAN shown in Figure 1-105, time synchronization needs to be
performed between gNodeBs. The Atom GPS timing solution can be deployed as
follows to allow time synchronization: Insert an Atom GPS module into an ASG so
that the Atom GPS module can synchronize clock signals with the GPS and the
ASG can synchronize clock signals with the Atom GPS module. Then, configure the
time synchronization function to allow transmission of clock signals to other
devices on the bearer network. In this manner, network-wide clock synchronization
is achieved.
Figure 1-105 Networking of Atom GPS timing
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 371
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pre-configuration Tasks
Before configuring the time synchronization function, complete the following
tasks:
● Configure physical parameters of an interface and set the physical status of
the interface to Up.
● Configure the Atom GPS module to properly process GPS time signals.
Configuring the Time Synchronization Function on an Atom GPS Module
This section describes how to configure the time synchronization function on an
Atom GPS module so that GPS time signals can be transmitted to the router
where the Atom GPS module houses through 1588v2 packets and then to
downstream devices.
Context
NOTE
The attributes that can be configured on an Atom GPS module are the clock domain and
priority1 and priority2 of the time source.
● The class of a clock source cannot be specified. The initial class 248 is used by default when
a clock source goes online. After the clock source successfully traces GPS signals, its class
changes to 6 (a device using a class-6 clock source cannot be the secondary devices of other
clocks in the clock domain). After the clock source loses track of GPS signals, its class
changes to 248 again.
● The accuracy of a clock source cannot be specified. The initial value 0xFE is used by default
when a clock source goes online. After the clock source successfully traces GPS signals, its
accuracy changes to 0x21 (specific to 100 ns). After the clock source loses track of GPS
signals, its class changes to 0xFE again.
● The stability of a clock source cannot be configured. The value is 0xFFFF (if T-GM is not
connected to ePRTC).
Perform the following operations on the router where the Atom GPS module
houses:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) Run smart-clock ptp domain domain-value
A clock domain is configured for the Atom GPS module.
Step 4 (Optional) Run smart-clock ptp { priority1 priority1-value | priority2 priority2-
value }
Priority 1 or priority 2 of the time source is configured for the Atom GPS module.
Step 5 Run commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 372
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The configuration is committed.
----End
Configuring the 1588v2 Synchronization Function on the Device Where an Atom
GPS Module Houses
Configuring 1588v2 globally involves operations such as enabling 1588v2 in the
system view and setting the device type to BC. After enabling 1588v2 in the
system view, enable it in the interface view. In addition, specify the link delay
measurement mechanism, asymmetric correction value, and timestamping mode
for the interfaces.
Context
Perform the following steps on the BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
1588v2 is enabled.
Step 3 Run ptp device-type bc
The device type is set to BC.
Step 4 (Optional) Run ptp domain domain-value
A clock domain is configured.
NOTE
Devices in the same clock domain can exchange 1588v2 packets to synchronize time signal.
Step 5 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is configured for the BC.
Step 6 (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement is enabled for the BC on a 1588v2 ring
network.
Step 7 (Optional) Run ptp set-port-state enable
Manually specifying the 1588v2 interface status is enabled.
Step 8 Run interface interface-type interface-number
The interface view is displayed.
Step 9 (Optional) Run ptp port-state slave
Configures a 1588v2 interface to work in the Slave state. This interface keeps
tracking time information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 373
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 10 Run ptp delay-mechanism delay
The delay request-response mechanism is configured.
Step 11 Run ptp enable
1588v2 is enabled for the interface.
Step 12 (Optional) Run ptp announce-drop enable
The interface is configured to discard Announce messages.
NOTE
Devices exchange Announce messages to establish the synchronization hierarchy. If an
interface is configured to discard Announce messages, the device cannot receive clock
synchronization information from other devices through this interface.
Step 13 (Optional) Run ptp clock-step one-step
The timestamping mode for 1588v2 packets is set to one-step.
Step 14 (Optional) Run ptp passive-measure enable
Performance measurement is enabled for the interface in the passive state.
Step 15 (Optional) Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold of the offset (time difference between slave and master
clocks) is configured for the interface in the passive state.
Step 16 Run commit
The configuration is committed.
----End
Configuring the G.8275.1 Synchronization Function on the router Where an Atom
GPS Module Houses
To ensure G.8275.1 for time synchronization, you need to globally enable G.8275.1
in the system view, set the device type to T-BC, and configure basic information
such as the domain value and virtual clock ID. After enabling G.8275.1 in the
system view, you need to enable G.8275.1 in the interface view.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
PTP is enabled.
Step 3 Run ptp profile g-8275-1 enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 374
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
G.8275.1 is enabled.
Step 4 Run ptp device-type t-bc
The device type is set to T-BC.
Step 5 (Optional) Run ptp domain domain-value
The domain where the device resides is configured.
NOTE
Devices in the same clock domain can exchange G.8275.1 packets to synchronize time
signals.
Step 6 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
Step 7 (Optional) Configure automatic asymmetry measurement for fibers.
1. Run ptp asymmetry-measure enable
Automatic asymmetry measurement is enabled on the device.
2. Run ptp passive-measure enable
The performance monitoring function is enabled on the passive interface of a
G.8275.1 device.
3. Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold is configured for the time offset (time difference between
the master and slave clocks) on the passive interface of a G.8275.1 device.
Step 8 (Optional) Configure the clock source access control function.
1. Run ptp acl enable
The clock source access control function is enabled.
2. Run ptp acl-permit-clockid clockid-value
A clock ID is configured for a T-BC to allow for local BMC algorithm.
Step 9 (Optional) Run ptp max-steps-removed max-steps-removed-value
The maximum number of hops for time synchronization is configured.
A clock source is considered unavailable if stepsRemoved in the Announce
packets received by the clock source is greater than or equal to max-steps-
removed-value.
Step 10 Run commit
The configuration is committed.
Step 11 Run interface interface-type interface-number
The interface view is displayed.
Step 12 Run ptp enable
PTP is enabled on the interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 375
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 13 (Optional) Run ptp notslave disable.
The notslave attribute of the interface is set to FALSE.
Step 14 (Optional) Run ptp local-priority local-priority-value.
The local priority of a PTP interface is set.
Step 15 (Optional) Run ptp asymmetry-correction { positive | negative } correction-
value
The asymmetric correction time for sending G.8275.1 packets on the interface is
set.
Step 16 (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode of the synchronization packets sending by the G.8275.1
port is set.
Step 17 Run commit
The configuration is committed.
----End
Checking the Configurations
Context
After configuring the SyncE function of the Atom GPS timing system, check the
configurations.
Procedure
● Run the display ptp all [ state | config ] command to check the time
synchronization status and configurations of the involved device.
● Run the display ptp interface interface-type interface-number command to
check the time synchronization information about the specified interface.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GPS module on the specified
interface.
----End
1.1.12.2.5 Maintaining Atom GPS
Atom GPS timing maintenance includes resetting an Atom GPS module and
enabling self-healing on an Atom GPS module.
Resetting an Atom GPS Module
This section describes how to reset an Atom GPS module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 376
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Perform the following operations on the router where the Atom GPS module
houses:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run reset smart-clock
The Atom GPS module is reset.
----End
Enabling Self-healing of an Atom GPS Module
This section describes how to enable self-healing of an Atom GPS module in
response to an IIC watchdog abnormality.
Context
After self-healing is enabled on an Atom GPS module, the Atom GPS module is
automatically reset, and the SyncE and 1588v2 functions are disabled from the
involved interface. After the WTR timer is expired, the SyncE and 1588v2 functions
are re-enabled, and services are restored. If self-healing is not enabled, the
involved device remains abnormal and waits for user processing.
Perform the following operations on the router where the Atom GPS module
houses:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run smart-clock recovery enable
Self-healing is enabled on the Atom GPS module.
Step 4 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 377
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.12.2.6 Configuration Examples for Atom GPS
This section describes Atom GPS timing configuration examples.
Example for Configuring Atom GPS Timing
Networking Requirements
On the IP RAN shown in Figure 1-106, the Atom GPS timing solution can be
deployed to implement clock synchronization and time synchronization between
gNodeBs. Based on the Atom GPS timing solution, an Atom GPS module, which is
comparable to a lightweight BITS source, is inserted to an ASG to provide GPS
access for the bearer network. The Atom GPS module can receive clock and time
signals from the GPS satellite and then convert these signals before sending them
to the ASG. The clock signals are converted to SyncE signals and the time signals
to 1588v2 signals. The ASG then transmits converted signals to gNodeBs through
downstream devices. In this manner, network-wide clock synchronization and time
synchronization are achieved.
Figure 1-106 Atom GPS timing
Configuration Roadmap
NOTE
This section describes Atom GPS timing configuration only on ASGs. For details about how
to configure SyncE to implement clock synchronization for downstream devices of ASGs, see
Clock Synchronization Configuration. For details about how to configure 1588v2 to
implement time synchronization for downstream devices of ASGs, see 1.1.8.2 1588v2
Configuration.
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 378
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Configure SyncE.
2. Configure time synchronization.
Data Preparation
To complete the configuration, you need the following data:
● Information about the optical interface to which the Atom GPS module is
inserted
● Priority of the clock source
● Clock domain
● Interface delay measurement mechanism
Procedure
Step 1 Configure SyncE on ASG1 and ASG2.
ASG1 configuration is similar to ASG2 configuration. ASG1 configuration is used as
an example.
1. Configure SyncE on the Atom GPS module.
NOTE
The SyncE function has been enabled on the Atom GPS module by default, with no
need for manual configuration.
2. Configure SyncE on ASG1 where the Atom GPS module houses.
# Configure clock source selection based on SSM levels.
<ASG1> system-view
[~ASG1] clock ssm-control on
[*ASG1] commit
# Enable SyncE and configure priorities for interfaces.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] clock synchronization enable
[*ASG1-GigabitEthernet0/1/0] clock priority 1
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 2 Configure time synchronization on ASG1 and ASG2.
ASG1 configuration is similar to ASG2 configuration. ASG1 configuration is used as
an example.
1. Configure time synchronization on the Atom GPS module.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] smart-clock ptp domain 255
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
2. Configure time synchronization on ASG1 where the Atom GPS module houses.
# Configure 1588v2 globally.
[*ASG1] ptp enable
[*ASG1] ptp device-type bc
[*ASG1] ptp domain 255
[*ASG1] commit
# Configure 1588v2 on interfaces.
[~ASG1] interface gigabitethernet 0/1/0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 379
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*ASG1-GigabitEthernet0/1/0] ptp enable
[~ASG1-GigabitEthernet0/1/0] ptp delay-mechanism delay
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 3 Verify the configuration.
Run the display clock source command to check the status information about all
clock sources or the clock source being tracked.
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: bits0
Current 2M-1 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1) In-SSM Out-SSM State Ref
--------------------------------------------------------------------------
bits0/ 1/--- sec dnu normal yes
GE0/1/0 2/--- sec sec normal yes
GE0/2/0 3/--- sec sec normal yes
Run the display ptp all command to check whether BITS information has been
successfully input.
<HUAWEI> display ptp all
Device config info
------------------------------------------------------------------------------
PTP state :enabled Domain value :0
Slave only :no Device type :BC
Set port state :no Local clock ID :0aa1c6fffe699700
Acl :no Virtual clock ID :no
Acr :no Time lock success :no
Asymmetry measure :disable Passive measure :disable
BMC run info
------------------------------------------------------------------------------
Grand clock ID :0a05d7fffe341500
Receive number :GigabitEthernet0/1/0
Parent clock ID :0a05d7fffe341500
Parent portnumber :35585
Priority1 :128 Priority2 :128
Step removed :0 Clock accuracy :0x31
Clock class :187 Time Source :0xa0
UTC Offset :35 UTC Offset Valid :False
Timescale :PTP Time traceable :False
Leap :None Frequency traceable :False
Offset scaled :0xffff Sync uncertain :False
Port info
Name State Delay-mech Ann-timeout Type Domain
------------------------------------------------------------------------------
GigabitEthernet0/1/0 slave delay 3 BC 0
Time Performance Statistics(ns): Slot 0 Card 1 Port 5
------------------------------------------------------------------------------
Realtime(T2-T1) :20942575 Pathdelay :0
Max(T2-T1) :95695479
Min(T2-T1) :20942575
Clock source info
Clock Pri1 Pri2 Accuracy Class TimeSrc Signal Switch Direction In-Status
------------------------------------------------------------------------------
local 128 128 0x31 187 0xa0 - - - -
bits1/11 128 128 0x20 6 0x20 1pps off in/- normal
bits1/12 128 128 0x20 6 0x20 1pps off in/- normal
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 380
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Files
● ASG1 configuration file
#
sysname ASG1
#
clock ssm-control on
#
ptp enable
ptp device-type bc
ptp domain 255
#
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock ptp domain 255
ptp enable
ptp delay-mechanism delay
#
#
return
● ASG2 configuration file
#
sysname ASG2
#
clock ssm-control on
#
ptp enable
ptp device-type bc
ptp domain 255
#
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock ptp domain 255
ptp enable
ptp delay-mechanism delay
#
#
return
1.1.13 Atom GPS 3.0 Timing Configuration
1.1.13.1 Atom GPS 3.0 Timing Description
Only the CR5D00EAGF95 supports this timing module. The HP-GE interface can
house this timing module.
For the NetEngine 8000 M8, this timing module can be installed only on the
CR8D00EAGFC3 and CR5D00EAGF95 subcards of the DP31CXP1T2B main control
board.
For the NetEngine 8000 M14, this timing module can be installed only on the
CR8D00EAGFC3 and CR5D00EAGF95 subcards of the DP51CXP1T2A and
DP51CXP2T2A main control boards.
1.1.13.1.1 Overview of Atom GPS 3.0
Background of Atom GPS 3.0
The rapid commercial deployment of Long Term Evolution (LTE) Time Division
Duplex (TDD) and LTE-Advanced (LTE-A) drives the need for time synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 381
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
of base stations. Two time synchronization solutions are commonly used: one
solution is to directly connect base stations to the Global Positioning System (GPS)
and the other solution is to obtain the Precision Time Protocol (PTP) time from
the network.
If base stations connect directly to the GPS, each base station must pay GPS
deployment costs. Consequently, the total cost of ownership (TCO) increases as
the number of base stations increases. If base stations obtain PTP time from the
network, the entire network must support PTP time synchronization, which results
in high network-wide reconstruction costs.
Using the GPS solution also has additional limitations. For example, the GPS
antenna must be installed outdoors and positioned to receive signals from GPS
satellites. As a result, long feeders must be used to connect to devices that are
deployed indoors, and holes must be drilled through walls in order to route these
feeders indoors. In addition, requirements such as lightning protection must be
considered when selecting antenna sites. These limitations make it difficult and
costly to deploy GPS antennas for indoor devices. Furthermore, rented indoor
equipment rooms may have restrictions in place that prevent or strictly control
through-wall installation of cables, and obtaining permissions for such installation
may be complex. For example, in Japan, it is illegal to connect radio frequency
(RF) cables (such as GPS cables) from outdoor to indoor due to security concerns.
The Atom GPS 3.0 timing system has been developed to overcome the problems.
The Atom GPS 3.0 module can be installed in a device to function as a lightweight
BITS source capable of providing GPS access for the transport network. The Atom
GPS 3.0 module can receive clock and time signals from the GPS. The clock and
time signals are converted into SyncE and 1588v2 signals, respectively, and then
output to the device where the module resides. PTP is used to synchronize the
time to all base stations on the network. This significantly reduces the TCO of
time synchronization for carriers.
Benefits
Atom GPS 3.0 timing offers the following benefits to carriers:
● For a new time synchronization network, Atom GPS 3.0 timing reduces the
overall deployment cost by 80% compared with the traditional solution.
● For capacity expansion of existing networks that support time
synchronization, Atom GPS 3.0 timing reuses existing network resources,
protecting the initial investment of carriers.
1.1.13.1.2 Understanding Atom GPS 3.0
Introduction to the Timing Module
The Atom GPS 3.0 module refers to the AE 905M module and works with the
housing device to implement clock/time synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 382
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Module Overview
Figure 1-107 Atom GPS 3.0 timing
The Atom GPS 3.0 timing feature involves two modules: Atom GPS 3.0 timing
module and the built-in clock/time processing module.
Atom GPS 3.0 timing module
● GPS antenna: receives GPS satellite signals.
● GPS receiver: processes GPS RF signals and extracts frequency and time
information from the signals.
● Interface conversion: converts the time information obtained from the GPS to
the time in seconds.
Clock/Time Processing Module
The Atom GPS 3.0 module needs to work with the built-in clock/time processing
module on the device to implement clock/time synchronization. The clock/time
processing module on the device includes :
● Phase-locked loop (PLL)
– Frequency PLL: locks the 1PPS reference clock and outputs a high-
frequency clock.
– Time PLL: locks the UTC time and outputs the system time.
● System clock: processes system clock signals.
● System RTC: provides real-time timestamps for PTP event messages.
Implementation Fundamentals
The Atom GPS 3.0 timing feature provides two major service functions:
● Service function 1: The Atom GPS 3.0 module functions as the SyncE clock
source to implement clock synchronization for devices.
● Service function 2: The Atom GPS 3.0 module functions as the PTP time
source to implement time synchronization for devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 383
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The implementation process of service function 1 is as follows:
1. The built-in GPS receiver on the Atom GPS 3.0 module receives satellite
signals from the GPS antenna and outputs 1PPS GPS frequency signals.
2. The device obtains the 1PPS frequency signals from the Atom GPS 3.0 module
through GE interfaces.
3. The built-in frequency PLL on the device traces and locks the 1PPS phase and
frequency, and outputs the system clock.
4. The device transmits clock signals to downstream devices.
The implementation process of service function 2 is as follows:
1. The built-in GPS receiver on the Atom GPS 3.0 module receives satellite
signals from the GPS antenna and outputs the UTC time.
2. The built-in time information conversion module on the Atom GPS 3.0
module converts the UTC time information obtained from the GPS into the
time expressed in seconds.
3. The built-in time PLL on the device traces and locks the UTC time and outputs
the system time.
4. The built-in system RTC module on the device processes PTP messages and
generates the timestamps of PTP Event messages.
5. The device transmits time signals to downstream devices.
1.1.13.1.3 Applications of Atom GPS 3.0
Figure 1-108 Network diagram of Atom GPS 3.0 timing
The Atom GPS 3.0 timing networking shown in Figure 1-108 supports the
following synchronization solutions:
● Atom GPS 3.0 timing solution 1: SyncE frequency synchronization + Atom
GPS 3.0 time synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 384
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
This solution applies to networks that do not support time synchronization.
Atom GPS 3.0 modules can be inserted into devices to implement time
synchronization.
● Atom GPS 3.0 timing solution 2: Atom GPS 3.0 frequency synchronization
+ 1588v2 time synchronization
This solution applies to networks that do not support frequency
synchronization. Atom GPS 3.0 modules can be inserted into devices to
implement frequency synchronization.
● Atom GPS 3.0 timing solution 3: Atom GPS 3.0 frequency synchronization
+ Atom GPS 3.0 time synchronization
This solution applies to scenarios where the live network cannot be
reconstructed. Atom GPS 3.0 modules can be inserted into devices to
implement frequency and time synchronization.
1.1.13.1.4 Terminology for Atom GPS 3.0
Terms
Term Definition
Synchro On a modern communications network, most telecommunications
nization services require that the frequency offset or time difference between
devices be within an acceptable range. To meet this requirement,
network clock synchronization must be implemented. Network clock
synchronization includes frequency synchronization and time
synchronization.
Time Time synchronization, also known as phase synchronization, refers to
synchro the consistency of both frequencies and phases between signals. This
nization means that the phase offset between signals is always 0.
Frequen Frequency synchronization, also known as clock synchronization,
cy refers to a strict relationship between signals based on a constant
synchro frequency offset or a constant phase offset, in which signals are sent
nization or received at the same average rate at a valid instant. In this
manner, all devices on the communications network operate at the
same rate, with the phase difference between signals remaining at a
fixed value.
IEEE 1588v2, defined by the IEEE, is a standard for Precision Clock
1588v2 Synchronization Protocol for Networked Measurement and Control
PTP Systems. Precision Time Protocol (PTP) is used for short.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 385
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Acronyms and Abbreviations
Acronym and Full Name
Abbreviation
GPS Global Positioning System
PTP Precision Time Protocol
UTC Coordinated Universal Clock
PLL Phase-Locked Loop
RTC Real-time Clock
1.1.13.2 Atom GPS 3.0 Timing Configuration
Only the CR5D00EAGF95 supports this timing module. The HP-GE interface can
house this timing module.
For the NetEngine 8000 M8, this timing module can be installed only on the
CR8D00EAGFC3 and CR5D00EAGF95 subcards of the DP31CXP1T2B main control
board.
For the NetEngine 8000 M14, this timing module can be installed only on the
CR8D00EAGFC3 and CR5D00EAGF95 subcards of the DP51CXP1T2A and
DP51CXP2T2A main control boards.
Context
NOTE
● The Atom GPS 3.0 module refers to the AE 905M module.
● When the board where the housing interface of the Atom GPS 3.0 module resides is
horizontally inserted, other optical modules cannot be inserted into the interfaces that
are horizontally parallel to the housing interface of the Atom GPS 3.0 module.
● When the board where the housing interface of the Atom GPS 3.0 module resides is
vertically inserted, other optical modules cannot be inserted into the interfaces that are
vertically parallel to the housing interface of the Atom GPS 3.0 module.
● When the Atom GPS module inserted into the GE optical interface is replaced with a
common optical module, the Atom GPS timing-related configurations on the GE optical
interface will be deleted.
● A maximum of two timing modules can be installed on a device.
1.1.13.2.1 Overview of Atom GPS 3.0 Timing
Background of Atom GPS 3.0
The rapid commercial deployment of Long Term Evolution (LTE) Time Division
Duplex (TDD) and LTE-Advanced (LTE-A) drives the need for time synchronization
of base stations. Two time synchronization solutions are commonly used: one
solution is to directly connect base stations to the Global Positioning System (GPS)
and the other solution is to obtain the Precision Time Protocol (PTP) time from
the network.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 386
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
If base stations connect directly to the GPS, each base station must pay GPS
deployment costs. Consequently, the total cost of ownership (TCO) increases as
the number of base stations increases. If base stations obtain PTP time from the
network, the entire network must support PTP time synchronization, which results
in high network-wide reconstruction costs.
Using the GPS solution also has additional limitations. For example, the GPS
antenna must be installed outdoors and positioned to receive signals from GPS
satellites. As a result, long feeders must be used to connect to devices that are
deployed indoors, and holes must be drilled through walls in order to route these
feeders indoors. In addition, requirements such as lightning protection must be
considered when selecting antenna sites. These limitations make it difficult and
costly to deploy GPS antennas for indoor devices. Furthermore, rented indoor
equipment rooms may have restrictions in place that prevent or strictly control
through-wall installation of cables, and obtaining permissions for such installation
may be complex. For example, in Japan, it is illegal to connect radio frequency
(RF) cables (such as GPS cables) from outdoor to indoor due to security concerns.
The Atom GPS 3.0 timing system has been developed to overcome the problems.
The Atom GPS 3.0 module can be installed in a device to function as a lightweight
BITS source capable of providing GPS access for the transport network. The Atom
GPS 3.0 module can receive clock and time signals from the GPS. The clock and
time signals are converted into SyncE and 1588v2 signals, respectively, and then
output to the device where the module resides. PTP is used to synchronize the
time to all base stations on the network. This significantly reduces the TCO of
time synchronization for carriers.
Interface Types Supported by the Atom GPS 3.0 Module
The Atom GPS 3.0 module can be inserted into only GE optical interfaces and
supports only the 1000M full duplex mode, rather than the auto-sensing mode.
NOTE
● After the Atom GPS 3.0 module is inserted into a device interface, the interface can be
configured with only the clock feature, rather than other services.
● You can run the port-mode 1ge command to switch a 10GE interface to a 1GE interface
only when the involved interface and the MAC and PHY of the subcard support mode
switching.
PTP Device Types Supported by the Atom GPS 3.0 Module
The PTP device type supported by the Atom GPS 3.0 module can only be boundary
clock (BC) or telecom boundary clock (T-BC). A BC or T-BC has multiple clock
interfaces: One is used to synchronize the time with the upstream device, and the
others (passive interfaces excluded) are used to transmit time information to
downstream devices.
Delay Measurement Mechanism Supported by the Atom GPS 3.0 Module
By default, the Atom GPS 3.0 module supports the delay request-response
mechanism of PTP. This default setting cannot be modified.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 387
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.13.2.2 Configuration Precautions for Atom GPS 3.0 Timing
Feature Requirements
None
1.1.13.2.3 Configuring the SyncE Function
This section describes how to configure the SyncE function for the Atom GPS 3.0
timing system.
Context
On the IP RAN shown in Figure 1-109, clock synchronization needs to be
performed between NodeBs. In this case, you can deploy the Atom GPS 3.0 timing
solution as follows: Insert the Atom GPS 3.0 module into the access aggregation
node ASG. The Atom GPS 3.0 module synchronizes clock signals from the GPS, and
the ASG synchronizes clock signals from the Atom GPS 3.0 module. You can
deploy the SyncE function so that clock signals are transmitted to downstream
devices, which then transmit the clock signals to NodeBs, achieving network-wide
clock synchronization.
Figure 1-109 Network diagram of Atom GPS 3.0 timing
Pre-configuration Tasks
Before configuring the SyncE function, you have completed the following task:
● Configure the Atom GPS 3.0 module to properly receive clock signals from the
GPS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 388
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring the SyncE Function on the Atom GPS 3.0 Module
Context
NOTE
The SyncE function has been enabled on the Atom GPS 3.0 module by default, requiring no
manual configuration.
Configuring the SyncE Function on the Device Where the Atom GPS 3.0 Module
Resides
After the device where the Atom GPS 3.0 module resides synchronizes clock
information from the Atom GPS 3.0 module, the device needs to transmit clock
signals to downstream devices in order to achieve network-wide clock
synchronization. Therefore, the SyncE function needs to be configured on the
device.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the clock synchronization enable command to enable clock synchronization
on the interface.
Step 4 Run the clock priority priority-value command to configure a clock source priority
for the interface.
Step 5 Run the quit command to exit the interface view and enter the system view.
Step 6 (Optional) Run the clock ssm-control { on | off } command to enable or disable
SSM control.
NOTE
After SSM control is enabled, if you want to use the enhanced SSM quality level as the
clock source control information, you can run the clock enhanced-ssm-control { on | off }
command to enable the enhanced SSM function. For details, see Enhanced SSM.
Step 7 (Optional) Run the clock run-mode { free | hold | normal } command to
configure a running mode for the EEC.
Step 8 (Optional) Run the clock switch { revertive | non-revertive } command to
configure the clock recovery mode.
Step 9 (Optional) Run the clock wtr wtr-time command to configure the WTR time of a
clock source.
Step 10 (Optional) Run the clock source-lost holdoff-time holdoff-time-value command
to configure the holdoff time for the system to consider a clock source lost.
Step 11 (Optional) Run the clock max-out-ssm { prc | ssua | ssub | sec | prtc | eprtc |
esec | eprc } command to configure the maximum output SSM level of a clock
source.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 389
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 12 (Optional) Run the clock freq-deviation-detect enable command to enable
frequency deviation detection.
Step 13 (Optional) Run the clock input-threshold { dnu | prc | sec | ssua | ssub | prtc |
eprtc | esec | eprc } command to configure the lower threshold for the input
quality level of an external clock source.
----End
Verifying the Configuration
Context
After configuring the SyncE function for the Atom GPS 3.0 timing system, run the
following commands to check the configurations:
Procedure
● Run the display clock { config | source } command to check clock
synchronization and clock source configurations.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GPS 3.0 module on the
specified interface.
----End
1.1.13.2.4 Configuring the Time Synchronization Function
This section describes how to configure the time synchronization function for the
Atom GPS 3.0 timing system.
Context
On the IP RAN shown in Figure 1-110, time synchronization needs to be
performed between gNodeBs. In this case, you can deploy the Atom GPS 3.0
timing solution as follows: Insert the Atom GPS 3.0 module into the access
aggregation node ASG. The Atom GPS 3.0 module synchronizes time signals from
the GPS, and the ASG synchronizes time signals from the Atom GPS 3.0 module. In
addition, the time synchronization function is deployed to transmit time signals to
other devices on the IP RAN, achieving network-wide time synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 390
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-110 Network diagram of Atom GPS 3.0 timing
Pre-configuration Tasks
Before configuring the time synchronization function, complete the following
tasks:
● Configure physical parameters of an interface and set the physical status of
the interface to up.
● Configure the Atom GPS 3.0 module to properly receive time signals from the
GPS.
Configuring the Time Synchronization Function for the Atom GPS 3.0 Module
This section describes how to configure the time synchronization function on an
Atom GPS 3.0 module so that GPS time signals can be first transmitted to the
device where the Atom GPS 3.0 module resides and then to downstream devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 391
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
NOTE
The Atom GPS 3.0 module supports configuration of only the priority1 and priority2 attributes
of a time source. Other attributes cannot be modified on the Atom GPS 3.0 module.
● The class of a clock source cannot be configured. After the module is powered on, the initial
class 248 is used by default when no other clockClass is defined. Once the clock source
successfully traces GPS signals, its class changes to 6 (Clock devices with clockClass being 6
cannot be the slave device of another clock in this domain.) After the clock source loses
track of GPS signals, its class changes to 248 again.
● The accuracy of a clock source cannot be configured. After the module is powered on, the
initial value 0xFE is used (The time accuracy is unknown.) Once the clock source successfully
traces GPS signals, its accuracy changes to 0x21 (The time accuracy is specific to 100 ns.)
After the clock source loses track of GPS signals, its accuracy changes to 0xFE again.
● The stability of a clock source cannot be configured. The value is always 0xFFFF (The T-GM
is not connected to ePRTC.)
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run smart-clock cable-delay delay-value
The feeder delay compensation value is configured for the Atom GPS 3.0 module.
Step 4 (Optional) Run smart-clock holdoff-time holdoff-time-value
The holding time is configured for the ATOM GPS 3.0 module.
Step 5 (Optional) Run smart-clock wtr-time wtr-time-value
The wait to restore (WTR) time is configured for the ATOM GPS3.0 module.
Step 6 (Optional) Run smart-clock ptp domain domain-value
A clock domain is configured for the Atom GPS 3.0 module.
Step 7 (Optional) Run smart-clock ptp { priority1 priority1-value | priority2 priority2-
value }
The time source priority1 or priority2 is configured for the Atom GPS 3.0 module.
Step 8 Run commit
The configuration is committed.
----End
Configuring 1588v2 on the Device Where the Atom GPS 3.0 Module Resides
After 1588v2 is enabled in the system view, you need to enable 1588v2 in the
interface view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 392
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the ptp enable command to enable 1588v2 for the device.
Step 3 (Optional) Run the ptp virtual-clock-id clock-id-value command to configure a
virtual clock ID for the device.
Step 4 (Optional) Run the ptp asymmetry-measure enable command to enable
automatic asymmetry measurement on the 1588v2 ring network.
Step 5 (Optional) Run the ptp set-port-state enable command to enable the function to
statically specify the 1588v2 interface status on the device.
Step 6 Run the interface interface-type interface-number command to enter the
interface view.
Step 7 (Optional) Run the ptp port-state slave command to configure the interface to
work in slave state to trace external time information.
Step 8 Run the ptp enable command to enable IEEE 1588v2 on the interface.
Step 9 (Optional) Run the ptp announce-drop enable command to allow the interface
to discard Announce messages.
NOTE
Announce messages are used to establish the synchronization hierarchy of IEEE 1588v2
clocks. If an interface is configured to discard Announce messages, the device cannot use
this interface to receive clock synchronization information from other devices.
Step 10 (Optional) Run the ptp passive-measure enable command to enable
performance monitoring on the passive interface.
Step 11 (Optional) Run the ptp passive-measure alarm-threshold alarm-threshold-value
command to configure an alarm threshold for the offset (time offset between the
master and slave devices) of the passive interface.
----End
Configuring G.8275.1 on the Device Where the Atom GPS 3.0 Module Resides
To ensure G.8275.1 for time synchronization, you need to globally enable G.8275.1
in the system view, set the device type to T-BC, and configure basic information
such as the domain value and virtual clock ID. After enabling G.8275.1 in the
system view, you need to enable G.8275.1 in the interface view.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
PTP is enabled on the device.
Step 3 Run ptp profile g-8275-1 enable
G.8275.1 is enabled on the device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 393
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is configured.
Step 5 (Optional) Configure automatic fiber asymmetry measurement.
1. Run ptp asymmetry-measure enable
Automatic ring network asymmetry measurement is enabled on the device.
2. Run ptp passive-measure enable
Performance monitoring is enabled on the passive interface of the device.
3. Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold for the offset (time offset between the master and slave
devices) is configured on the passive interface of the device.
Step 6 (Optional) Configure the clock source access control function.
1. Run ptp acl enable
The clock source access control function is enabled on the device.
2. Run ptp acl-permit-clockid clockid-value
The clock ID of another device that is allowed to participate in local BMC
calculation is specified.
Step 7 (Optional) Run ptp max-steps-removed max-steps-removed-value
The maximum number of hops for time synchronization is set.
A clock source is considered unavailable if stepsRemoved in the received
Announce messages is greater than or equal to max-steps-removed-value.
Step 8 Run commit
The configuration is committed.
Step 9 Run interface interface-type interface-number
The interface view is displayed.
Step 10 Run ptp enable
PTP is enabled on the interface.
Step 11 (Optional) Run ptp notslave disable
The notSlave attribute of the interface is configured as FALSE.
Step 12 (Optional) Run ptp local-priority local-priority-value
A local priority is configured for the interface.
Step 13 Run commit
The configuration is committed.
----End
Verifying the Configuration
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 394
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
After configuring the time synchronization function for the Atom GPS 3.0 timing
system, run the following commands to check the configurations:
Procedure
● Run the display ptp all [ state | config ] command to check the time
synchronization status and configurations of the involved device.
● Run the display ptp interface interface-type interface-number command to
check the time synchronization information about the specified interface.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GPS 3.0 module on the
specified interface.
----End
1.1.13.2.5 Maintaining Atom GPS 3.0 Timing
Maintaining Atom GPS 3.0 timing involves resetting the Atom GPS 3.0 module and
enabling the self-healing function of the Atom GPS 3.0 module.
Resetting the Atom GPS 3.0 Module
When the Atom GPS 3.0 module on an interface reports an alarm, you can reset
the Atom GPS 3.0 module on the interface.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the reset smart-clock command to reset the Atom GPS 3.0 module on the
interface.
----End
Enabling Self-Healing for the Atom GPS 3.0 Module
The device supports real-time detection of the IIC watchdog function on the Atom
GPS 3.0 module. If the device detects an IIC watchdog abnormality on the Atom
GPS 3.0 module, you can enable self-healing for the Atom GPS 3.0 module.
Context
After self-healing is enabled on the Atom GPS 3.0 module, the device where the
module resides automatically resets the module and disables SyncE and 1588v2
from the involved interface. After the WTR timer expires, re-enable the SyncE and
1588v2 functions on the interface to recover the device. Otherwise, the device
remains in the abnormal state and waits to be processed by users.
Perform the following steps on the device where the Atom GPS 3.0 module
resides:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 395
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the
interface view.
Step 3 Run the smart-clock recovery enable command to enable self-healing for the
Atom GPS 3.0 module.
Step 4 Run the commit command to commit the configuration.
----End
1.1.13.2.6 Configuration Examples for Atom GPS 3.0
This section describes configuration examples for Atom GPS 3.0 timing.
Example for Configuring Atom GPS 3.0 Timing
Networking Requirements
On the IP RAN shown in Figure 1-111, clock synchronization and time
synchronization need to be performed between gNodeBs. In this case, you can
deploy the Atom GPS 3.0 timing solution as follows: Insert the Atom GPS 3.0
module into the access aggregation node ASG. The Atom GPS 3.0 module
functions as a lightweight BITS source to provide GPS access for the transport
network. The Atom GPS 3.0 module can receive clock and time signals from the
GPS. The clock and time signals are converted into SyncE and 1588v2 signals,
respectively, and then output to the ASG. The ASG transmits the clock/time signals
to downstream devices which then transmit the signals to gNodeBs, achieving
network-wide clock and time synchronization.
Figure 1-111 Network diagram of Atom GPS 3.0 timing
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 396
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
NOTE
This section describes only the Atom GPS 3.0 timing configuration of the ASG. For details
about how to configure the SyncE function to implement clock synchronization for
downstream devices of ASGs, see Clock Synchronization Configuration. For details about
how to configure 1588v2 to implement time synchronization for downstream devices of
ASGs, see 1.1.8.2 1588v2 Configuration.
The configuration roadmap is as follows:
1. Configure the SyncE function.
2. Configure the time synchronization function.
Data Preparation
To complete the configuration, you need the following data:
● Optical port to which the Atom GPS 3.0 module is inserted
● Priority of the clock source
Procedure
Step 1 Configure the SyncE function on ASG1 and ASG2.
The configuration of ASG1 is similar to the configuration of ASG2. The
configuration of ASG1 is used as an example.
NOTE
The SyncE function has been enabled on the Atom GPS 3.0 module by default, requiring no
manual configuration.
1. Configure the SyncE function on ASG1 where the Atom GPS 3.0 module
resides.
# Configure the device to automatically participate in clock source selection
based on the SSM quality level.
<ASG1> system-view
[~ASG1] clock ssm-control on
[*ASG1] commit
# Enable SyncE and configure a priority for the involved interface.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] clock synchronization enable
[*ASG1-GigabitEthernet0/1/0] clock priority 1
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 2 Configure the time synchronization function on ASG1 and ASG2.
The configuration of ASG1 is similar to the configuration of ASG2. The
configuration of ASG1 is used as an example.
1. Configure the time synchronization function for the Atom GPS 3.0 module.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] smart-clock cable-delay 60
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 397
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
2. Configure the time synchronization function on ASG1 where the Atom GPS
3.0 module resides.
# Enable 1588v2 globally.
[*ASG1] ptp enable
[*ASG1] commit
# Enable 1588v2 on the involved interface.
[~ASG1] interface gigabitethernet 0/1/0
[*ASG1-GigabitEthernet0/1/0] ptp enable
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 3 Verify the configuration.
Run the display ptp interface GigabitEthernet 0/1/0 command to check whether
the BITS time information is successfully input.
<HUAWEI> display ptp interface GigabitEthernet 0/1/0
Port State :slave
Port Clock ID :100015fffe228801
Port Number :60937
Port Precision Capability :Ultra high precision clock
Port Precision Work Mode :High precision clock
Announce-interval :7
Grand clock ID :002110fffe201410
Receive number :GigabitEthernet0/1/0
Parent clock ID :002110fffe201410
Parent portnumber :1
Priority1 :20 Priority2 :30
Step removed :0 Clock accuracy :0x21
Clock class :6 Time Source :0x20
UTC Offset :37 UTC Offset Valid :False
Timescale :PTP Time traceable :True
Leap :None Frequency traceable :True
Offset scaled :0xffff Sync uncertain :False
Port Sfp :GPS 3.0
----End
Configuration Files
● ASG1 configuration file
#
sysname ASG1
#
clock ssm-control on
#
ptp enable
#
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock cable-delay 60
ptp enable
#
#
return
● ASG2 configuration file
#
sysname ASG2
#
clock ssm-control on
#
ptp enable
ptp device-type bc
ptp domain 255
#
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 398
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock cable-delay 60
ptp enable
#
#
return
1.1.14 Atom GNSS Timing Configuration
1.1.14.1 Atom GNSS Timing Description
1.1.14.1.1 Overview of Atom GNSS
Background
As the commercialization of LTE-TDD and LTE-A accelerates, there is a growing
need for time synchronization on base stations. Traditionally, the GNSS (GPS/
GLONASS/Beidou) and PTP solutions were used on base stations to implement
time synchronization.
The GNSS solution requires GNSS antenna to be deployed on each base station,
leading to high TCO. The PTP solution requires 1588v2 support on network-wide
devices, resulting in huge costs on network reconstruction for network carriers.
Furthermore, GNSS antenna can properly receive data from GNSS satellites only
when they are placed outdoor and meet installation angle requirements. When it
comes to indoor deployment, long feeders are in place to penetrate walls, and site
selection requires heavy consideration due to high-demanding lightning
protection. These disadvantages lead to high TCO and make GNSS antenna
deployment challenging on indoor devices. Another weakness is that most indoor
equipment rooms are leased, which places strict requirements for coaxial cables
penetrating walls and complex application procedure. For example, taking security
factors into consideration, the laws and regulations in Japan specify that radio
frequency (RF) cables are not allowed to be deployed in rooms by penetrating
walls.
To address the preceding challenges, the Atom GNSS timing system is introduced
to NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Specifically, an
Atom GNSS module which is comparable to a lightweight BITS device is inserted
to an NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M to provide GNSS
access to the bearer network. Upon receipt of GNSS clock signals, the Atom GNSS
module converts them into SyncE signals and then sends the SyncE signals to
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Upon receipt of
GNSS time signals, the Atom GNSS module converts them into 1588v2 signals and
then sends the 1588v2 signals to base stations. This mechanism greatly reduces
the TCO for carriers.
Benefits
This feature offers the following benefits to carriers:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 399
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● For newly created time synchronization networks, the Atom GNSS timing
system reduces the deployment costs by 80% compared to traditional time
synchronization solutions.
● For the expanded time synchronization networks, the Atom GNSS timing
system can reuse the legacy network to protect investment.
1.1.14.1.2 Understanding Atom GNSS
Modules
The Atom GNSS timing system includes two types of modules: Atom GNSS
modules and clock/time processing modules on routers.
Related Modules
Figure 1-112 Atom GNSS timing
Atom GNSS timing involves two modules: Atom GNSS timing module and clock/
time processing module on the router.
Atom GNSS Modules
● GNSS antenna: receives signals from GNSS satellites.
● GNSS receiver: processes GNSS RF signals and obtains frequency and time
information from the GNSS RF signals.
● Phase-locked loop (PLL):
– Frequency PLL: locks the 1PPS reference clocks and outputs a high-
frequency clock.
– Analog PLL (APLL): multiplies the system clock to a higher frequency
clock.
– Time PLL: locks the UTC time and outputs the system time.
● Real-time clock (RTC): provides real-time timestamps for PTP event messages.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 400
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● PTP grandmaster (GM): functions as the SyncE slave to obtain SyncE clock
data.
Clock/Time Processing Modules on routers
An Atom GNSS module must work in conjunction with clock/time processing
modules to implement clock and time synchronization. routers support two types
of clock/time processing modules:
● SyncE Slave: This module is used to obtain SyncE clock data.
● PTP BC: This module typically functions as a slave BC to process PTP messages
and extract PTP information.
Implementation Principles
The Atom GNSS timing feature provides two key functions:
● Serves as the SyncE clock source to provide clock synchronization.
● Serves as the PTP time source to provide time synchronization.
Processing for Key Function 1
1. The Atom GNSS module uses a built-in GNSS Receiver module to receive
satellite signals from GNSS antenna and output 1PPS GNSS frequency signals.
2. The Atom GNSS module uses a built-in frequency PLL module to trace and
lock 1PPS phase and frequency and output the system clock.
3. The Atom GNSS module uses a built-in APLL module to multiply the system
clock to a clock at GE rate which is then used as the SyncE transmit clock.
4. The device uses the GE interface to obtain SyncE clock signals from the Atom
GNSS module and transmits the clock signals to downstream devices.
Processing for Key Function 2
1. The Atom GNSS module uses a built-in GNSS receiver to receive satellite
signals from GNSS antenna and output the UTC time.
2. The Atom GNSS module uses a built-in time PLL module to trace time PLL,
lock the UTC time, and output the system time.
3. The Atom GNSS module uses a built-in time RTC module to obtain the system
time.
4. The Atom GNSS module uses a built-in PTP GM module to process PTP
messages. The timestamps carried in PTP event messages are generated by
the RTC module.
5. The device uses the GE interface to obtain PTP time signals from the Atom
GNSS module and transmits the time signals to downstream devices.
1.1.14.1.3 Application Scenarios for Atom GNSS
On the network shown in the following figure, the Atom GNSS timing feature is
mainly used in three synchronization solutions:
● SyncE frequency synchronization + Atom GNSS time synchronization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 401
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
On networks that do not support time synchronization, this solution allows
time synchronization with an Atom GNSS module inserted into an router.
● Atom GNSS frequency synchronization + 1588v2 time synchronization
On networks that do not support frequency synchronization, this solution
allows frequency synchronization with an Atom GNSS module inserted into an
router.
● Atom GNSS frequency synchronization + Atom GNSS time
synchronization
On networks that cannot be reconstructed, this solution allows time and
frequency synchronization with an Atom GNSS module inserted into an
router.
Figure 1-113 Atom GNSS networking
1.1.14.1.4 Terms and Abbreviations for Atom GNSS
Terms
Term Definition
Synchro Most telecommunication services running on a modern
nization communications network require network-wide synchronization.
Synchronization means that the frequency offset or time difference
between devices must remain in a specified range. Clock
synchronization is categorized as frequency synchronization or time
synchronization.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 402
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Term Definition
Time Time synchronization, also known as phase synchronization, refers to
synchro the consistency of both frequencies and phases between signals. That
nization is, the phase offset between signals is always 0.
Frequen Frequency synchronization, also known as clock synchronization,
cy refers to the strict relationship between signals based on a constant
synchro frequency offset or phase offset, in which signals are sent or received
nization at an average rate in a moment. In this manner, all devices in the
communications network operate at the same rate. That is, the
difference of phases between signals is a constant value.
IEEE A standard entitled Precision Clock Synchronization Protocol for
1588v2 Networked Measurement and Control Systems, defined by the
PTP Institute of Electrical and Electronics Engineers (IEEE). It is also called
the Precision Time Protocol (PTP).
Acronyms and Abbreviations
Acronyms and Full Name
Abbreviations
GPS Global Positioning System
GNSS Global Navigation Satellite System
PRC Primary Reference Clock
PRTC Primary Reference Timing Clock
PTP Precision Time Protocol
UTC Coordinated Universal Clock
PLL Phase-Locked Loop
SyncE Synchronization Ethernet
RTC Real-time Clock
1.1.14.2 Atom GNSS Timing Configuration
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 403
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
NOTE
● The Atom GNSS module can be inserted only into a GE optical interface. If the Atom
GNSS module inserted into a GE optical interface is replaced with a common optical
module, all the configurations related to Atom GNSS timing will be deleted.
● When an Atom GNSS module is horizontally inserted into a board, no other optical
modules can be inserted into the interfaces that are horizontally in parallel to the
Atom GNSS module. When an Atom GNSS module is vertically inserted into a board,
no other optical modules can be inserted into the interfaces that are vertically in
parallel to the Atom GNSS module.
1.1.14.2.1 Overview of Atom GNSS
Background
As the commercialization of LTE-TDD and LTE-A accelerates, there is a growing
need for time synchronization on base stations. Traditionally, the GNSS (GPS/
GLONASS/Beidou) and PTP solutions were used on base stations to implement
time synchronization.
The GNSS solution requires GNSS antenna to be deployed on each base station,
leading to high TCO. The PTP solution requires 1588v2 support on network-wide
devices, resulting in huge costs on network reconstruction for network carriers.
Furthermore, GNSS antenna can properly receive data from GNSS satellites only
when they are placed outdoor and meet installation angle requirements. When it
comes to indoor deployment, long feeders are in place to penetrate walls, and site
selection requires heavy consideration due to high-demanding lightning
protection. These disadvantages lead to high TCO and make GNSS antenna
deployment challenging on indoor devices. Another weakness is that most indoor
equipment rooms are leased, which places strict requirements for coaxial cables
penetrating walls and complex application procedure. For example, taking security
factors into consideration, the laws and regulations in Japan specify that radio
frequency (RF) cables are not allowed to be deployed in rooms by penetrating
walls.
To address the preceding challenges, the Atom GNSS timing system is introduced
to NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Specifically, an
Atom GNSS module which is comparable to a lightweight BITS device is inserted
to an NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M to provide GNSS
access to the bearer network. Upon receipt of GNSS clock signals, the Atom GNSS
module converts them into SyncE signals and then sends the SyncE signals to
NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 Ms. Upon receipt of
GNSS time signals, the Atom GNSS module converts them into 1588v2 signals and
then sends the 1588v2 signals to base stations. This mechanism greatly reduces
the TCO for carriers.
Supported Interface Type
An Atom GNSS module supports only GE optical interfaces and the 1000M full
duplex mode. It does not support the adaptive mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 404
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Supported PTP Device Type
The PTP device type supported by an Atom GNSS module can be boundary clock
(BC) or telecom boundary clock(T-BC). A BC or T-BC has multiple clock interfaces.
On a BC/T-BC, one interface is used to implement time synchronization with
upstream devices, and other interfaces (passive interfaces excluded) are used to
transmit time information to downstream devices.
Supported Delay Measurement Mechanism
By default, an Atom GNSS module supports the delay request-response
mechanism, which is the PTP link delay measurement mechanism. Configuring this
mechanism is not supported.
1.1.14.2.2 Configuration Precautions for Atom GNSS Timing
Feature Requirements
None
1.1.14.2.3 Configuring the SyncE Function
This section describes how to configure the SyncE function.
Usage Scenario
On the IP RAN shown in Figure 1-114, clock synchronization needs to be achieved
between NodeBs. The Atom GNSS timing solution can be deployed as follows to
allow clock synchronization: Insert an Atom GNSS module into an ASG so that the
Atom GNSS module can synchronize clock signals with the GNSS and the ASG can
synchronize clock signals with the Atom GNSS module. Then, configure the SyncE
function to allow transmission of clock signals to downstream devices and then to
NodeBs. In this manner, network-wide clock synchronization is achieved.
Figure 1-114 Networking of Atom GNSS timing
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 405
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pre-configuration Tasks
Before configuring the SyncE function, complete the following task:
● Configure the Atom GNSS module to properly process GNSS clock signals.
Configuring the SyncE Function on an Atom GNSS Module
Context
NOTE
The SyncE function is enabled on an Atom GNSS module by default, with no need for
manual configuration.
Configuring the SyncE Function on the Device Where an Atom GNSS Module
Houses
To achieve network-wide clock synchronization, the SyncE function needs to be
configured on the device where the Atom GNSS module houses so that clock
signals can be transmitted to downstream devices.
Context
Perform the following steps on the device equipped with an Atom GNSS module:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run clock synchronization enable
Clock synchronization is enabled for the interface.
Step 4 Run clock priority priority-value
A priority is configured for the clock reference source of the interface.
Step 5 Run quit
Return to the system view.
Step 6 (Optional) Run clock ssm-control { on | off }
The device is configured whether to select a clock source based on SSM levels.
NOTE
After SSM control is enabled, to use the enhanced SSM level as the information for clock
source selection, run the clock enhanced-ssm-control {on | off} command to enable
enhanced SSM. For details, see the page Enhanced SSM.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 406
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 7 (Optional) Run clock run-mode { free | hold | normal }
An Ethernet Equipment Clock (EEC) running mode is configured.
Step 8 (Optional) Run clock switch { revertive | non-revertive }
A clock recovery mode is configured.
Step 9 (Optional) Run clock wtr wtr-time
A clock WTR time is configured.
Step 10 (Optional) Run clock source-lost holdoff-time holdoff-time-value
A clock holdoff time upon a timing signal failure is configured.
Step 11 (Optional) Run clock max-out-ssm { prc | ssua | ssub | sec | prtc | eprtc | esec |
eprc }
The maximum output SSM level is configured for the interface clock source.
Step 12 (Optional) Run clock freq-deviation-detect enable
Clock frequency offset detection is enabled.
Step 13 (Optional) Run clock input-threshold{ dnu | prc | sec | ssua | ssub | prtc | eprtc |
esec | eprc }
A lower quality threshold of external clock signals is specified.
----End
Checking the Configurations
Context
After configuring the SyncE function of the Atom GNSS timing system, check the
configurations.
Procedure
● Run the display clock { config | source } command to check clock
synchronization configurations and clock source configurations.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GNSS module on a specified
interface.
----End
1.1.14.2.4 Configuring the Time Synchronization Function
This section describes how to configure the time synchronization function.
Usage Scenario
On the IP RAN shown in Figure 1-115, time synchronization needs to be
performed between NodeBs. The Atom GNSS timing solution can be deployed as
follows to allow time synchronization: Insert an Atom GNSS module into an ASG
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 407
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
so that the Atom GNSS module can synchronize clock signals with the GNSS and
the ASG can synchronize clock signals with the Atom GNSS module. Then,
configure the time synchronization function to allow transmission of clock signals
to other devices on the bearer network. In this manner, network-wide clock
synchronization is achieved.
Figure 1-115 Networking of Atom GNSS timing
Pre-configuration Tasks
Before configuring the time synchronization function, complete the following
tasks:
● Configure physical parameters of an interface and set the physical status of
the interface to Up.
● Configure the Atom GNSS module to properly process GNSS time signals.
Configuring the Time Synchronization Function on an Atom GNSS Module
This section describes how to configure the time synchronization function on an
Atom GNSS module so that GNSS time signals can be transmitted to the router
where the Atom GNSS module houses through 1588v2 packets and then to
downstream devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 408
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
NOTE
The attributes that can be configured on an Atom GNSS module are the clock domain and
priority1 and priority2 of the time source.
● The class of a clock source cannot be specified. The initial class 248 is used by default when
a clock source goes online. After the clock source successfully traces GNSS signals, its class
changes to 6 (a device using a class-6 clock source cannot be the secondary devices of other
clocks in the clock domain). After the clock source loses track of GNSS signals, its class
changes to 248 again.
● The accuracy of a clock source cannot be specified. The initial value 0xFE is used by default
when a clock source goes online. After the clock source successfully traces GNSS signals, its
accuracy changes to 0x21 (specific to 100 ns). After the clock source loses track of GNSS
signals, its class changes to 0xFE again.
● The stability of a clock source cannot be configured. The value is 0xFFFF (if T-GM is not
connected to ePRTC).
Perform the following operations on the router where the Atom GNSS module
houses:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run smart-clock gnss-model { gps | glonass | beidou | gps-glonass | gps-
beidou } [ gps | glonass | beidou | gps-glonass | gps-beidou ] [ gps | glonass |
beidou | gps-glonass | gps-beidou ] [ gps | glonass | beidou | gps-glonass | gps-
beidou ] [ gps | glonass | beidou | gps-glonass | gps-beidou ]
The mode in which the multi-mode smart clock module on a GE optical interface
works is configured.
Step 4 Run smart-clock cable-delay delay-value
The feeder delay compensation value for the smart clock module of a GE optical
interface is configured.
Step 5 (Optional) Run smart-clock leap manual-mode enable
Configure the multi-mode smart clock model on a GE optical interface to obtain
leap seconds in manual mode.
Step 6 (Optional) Run smart-clock leap current-leap current-leap-value [ { leap59 |
leap61 } date date ]
Configure the current leap second value of the multi-mode smart clock module as
well as the direction and date of the next leap second adjustment.
Step 7 (Optional) Run smart-clock ptp domain domain-value
A clock domain is configured for the Atom GNSS module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 409
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 8 (Optional) Run smart-clock ptp { priority1 priority1-value | priority2 priority2-
value }
Priority 1 or priority 2 of the time source is configured for the Atom GNSS module.
Step 9 Run commit
The configuration is committed.
----End
Configuring the 1588v2 Synchronization Function on the router Where an Atom
GNSS Module Houses
Configuring 1588v2 globally involves operations such as enabling 1588v2 in the
system view and setting the device type to BC. After enabling 1588v2 in the
system view, enable it in the interface view. In addition, specify the link delay
measurement mechanism, asymmetric correction value, and timestamping mode
for the interfaces.
Context
Perform the following steps on the BC.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
1588v2 is enabled.
Step 3 Run ptp device-type bc
The device type is set to BC.
Step 4 (Optional) Run ptp domain domain-value
A clock domain is configured.
NOTE
Devices in the same clock domain can exchange 1588v2 packets to synchronize time signal.
Step 5 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is configured for the BC.
Step 6 (Optional) Run ptp asymmetry-measure enable
Automatic asymmetry measurement is enabled for the BC on a 1588v2 ring
network.
Step 7 (Optional) Run ptp set-port-state enable
Manually specifying the 1588v2 interface status is enabled.
Step 8 (Optional) Run ptp passive-measure enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 410
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Performance measurement is enabled for the interface in the passive state.
Step 9 (Optional) Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold of the offset (time difference between slave and master
clocks) is configured for the interface in the passive state.
Step 10 Run interface interface-type interface-number
The interface view is displayed.
Step 11 Run ptp delay-mechanism delay
The delay request-response mechanism is configured.
Step 12 Run ptp enable
1588v2 is enabled for the interface.
Step 13 (Optional) Run ptp announce-drop enable
The interface is configured to discard Announce messages.
NOTE
Devices exchange Announce messages to establish the synchronization hierarchy. If an
interface is configured to discard Announce messages, the device cannot receive clock
synchronization information from other devices through this interface.
Step 14 (Optional) Run ptp clock-step one-step
The timestampin mode for 1588v2 packets is set to one-step.
----End
Configuring the G.8275.1 Synchronization Function on the router Where an Atom
GNSS Module Houses
To ensure G.8275.1 for time synchronization, you need to globally enable G.8275.1
in the system view, set the device type to T-BC, and configure basic information
such as the domain value and virtual clock ID. After enabling G.8275.1 in the
system view, you need to enable G.8275.1 in the interface view.
Context
Perform the following operations on the T-BC:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ptp enable
PTP is enabled.
Step 3 Run ptp profile g-8275-1 enable
G.8275.1 is enabled.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 411
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Run ptp device-type t-bc
The device type is set to T-BC.
Step 5 (Optional) Run ptp domain domain-value
The domain where the device resides is configured.
NOTE
Devices in the same clock domain can exchange G.8275.1 packets to synchronize time
signals.
Step 6 (Optional) Run ptp virtual-clock-id clock-id-value
A virtual clock ID is set.
Step 7 (Optional) Configure automatic asymmetry measurement for fibers.
1. Run ptp asymmetry-measure enable
Automatic asymmetry measurement is enabled on the router.
2. Run ptp passive-measure enable
The performance monitoring function is enabled on the passive interface of a
G.8275.1 device.
3. Run ptp passive-measure alarm-threshold alarm-threshold-value
An alarm threshold is configured for the time offset (time difference between
the master and slave clocks) on the passive interface of a G.8275.1 device.
Step 8 (Optional) Configure the clock source access control function.
1. Run ptp acl enable
The clock source access control function is enabled.
2. Run ptp acl-permit-clockid clockid-value
A clock ID is configured for a T-BC to allow for local BMC algorithm.
Step 9 (Optional) Run ptp max-steps-removed
The maximum number of hops for time synchronization is configured. A clock
source is considered unavailable if stepsRemoved in the Announce packets
received by the clock source is greater than or equal to max-steps-removed-value.
Step 10 Run commit
The configuration is committed.
Step 11 Run interface interface-type interface-number
The interface view is displayed.
Step 12 Run ptp enable
PTP is enabled on the interface.
Step 13 (Optional) Run ptp notslave disable
The notslave attribute of the interface is set to FALSE.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 412
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 14 (Optional) Run ptp local-priority local-priority-value
The local priority of a PTP interface is set.
Step 15 (Optional) Run ptp asymmetry-correction { positive | negative } correction-
value
The asymmetric correction time for sending G.8275.1 packets on the interface is
set.
Step 16 (Optional) Run ptp clock-step { one-step | two-step }
The timestamping mode of the synchronization packets sending by the G.8275.1
port is set.
Step 17 Run commit
The configuration is committed.
----End
Checking the Configurations
Context
After configuring the SyncE function of the Atom GNSS timing system, check the
configurations.
Procedure
● Run the display ptp all [ state | config ] command to check the time
synchronization status and configurations of the involved device.
● Run the display ptp interface interface-type interface-number command to
check the time synchronization information about the specified interface.
● Run the display smart-clock interface interface-type interface-number
command to check information about the Atom GNSS module on the
specified interface.
----End
1.1.14.2.5 Maintaining Atom GNSS
Atom GNSS timing maintenance includes resetting an Atom GNSS module and
enabling self-healing on an Atom GNSS module.
Resetting an Atom GNSS Module
This section describes how to reset an Atom GNSS module.
Context
Perform the following operations on the router where the Atom GNSS module
houses:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 413
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run reset smart-clock
The Atom GNSS module is reset.
----End
Enabling Self-healing of an Atom GNSS Module
This section describes how to enable self-healing of an Atom GNSS module in
response to an IIC watchdog abnormality.
Context
After self-healing is enabled on an Atom GNSS module, the Atom GNSS module is
automatically reset, and the SyncE and 1588v2 functions are disabled from the
involved interface. After the WTR timer is expired, the SyncE and 1588v2 functions
are re-enabled, and services are restored. If self-healing is not enabled, the
involved device remains abnormal and waits for user processing.
Perform the following operations on the router where the Atom GNSS module
houses:
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run smart-clock recovery enable
Self-healing is enabled on the Atom GNSS module.
Step 4 Run commit
The configuration is committed.
----End
1.1.14.2.6 Configuration Examples for Atom GNSS
This section describes Atom GNSS timing configuration examples.
Example for Configuring Atom GNSS Timing
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 414
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Networking Requirements
On the IP RAN shown in Figure 1-116, the Atom GNSS timing solution can be
deployed to implement clock synchronization and time synchronization between
gNodeBs. Based on the Atom GNSS timing solution, an Atom GNSS module, which
is comparable to a lightweight BITS source, is inserted to an ASG to provide GNSS
access for the bearer network. The Atom GNSS module can receive clock and time
signals from the GNSS satellite and then convert these signals before sending
them to the ASG. The clock signals are converted to SyncE signals and the time
signals to 1588v2 signals. The ASG then transmits converted signals to gNodeBs
through downstream devices. In this manner, network-wide clock synchronization
and time synchronization are achieved.
Figure 1-116 Atom GNSS timing
Configuration Roadmap
NOTE
This section describes Atom GNSS timing configuration only on ASGs. For details about how
to configure SyncE to implement clock synchronization for downstream devices of ASGs, see
Clock Synchronization Configuration. For details about how to configure 1588v2 to
implement time synchronization for downstream devices of ASGs, see 1.1.8.2 1588v2
Configuration.
The configuration roadmap is as follows:
1. Configure SyncE.
2. Configure time synchronization.
Data Preparation
To complete the configuration, you need the following data:
● Information about the optical interface to which the Atom GNSS module is
inserted
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 415
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Priority of the clock source
● Clock domain
● Interface delay measurement mechanism
Procedure
Step 1 Configure SyncE on ASG1 and ASG2.
ASG1 configuration is similar to ASG2 configuration. ASG1 configuration is used as
an example.
1. Configure SyncE on the Atom GNSS module.
NOTE
The SyncE function has been enabled on the Atom GNSS module by default, with no
need for manual configuration.
2. Configure SyncE on ASG1 where the Atom GNSS module houses.
# Configure clock source selection based on SSM levels.
<ASG1> system-view
[~ASG1] clock ssm-control on
[*ASG1] commit
# Enable SyncE and configure priorities for interfaces.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] clock synchronization enable
[*ASG1-GigabitEthernet0/1/0] clock priority 1
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 2 Configure time synchronization on ASG1 and ASG2.
ASG1 configuration is similar to ASG2 configuration. ASG1 configuration is used as
an example.
1. Configure time synchronization on the Atom GNSS module.
[~ASG1] interface gigabitethernet 0/1/0
[~ASG1-GigabitEthernet0/1/0] smart-clock ptp domain 255
[~ASG1-GigabitEthernet0/1/0] smart clock gnss-model gps glonass
[~ASG1-GigabitEthernet0/1/0] smart-clock cable-delay 60
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
2. Configure time synchronization on ASG1 where the Atom GNSS module
houses.
# Configure 1588v2 globally.
[*ASG1] ptp enable
[*ASG1] ptp device-type bc
[*ASG1] ptp domain 255
[*ASG1] commit
# Configure 1588v2 on interfaces.
[~ASG1] interface gigabitethernet 0/1/0
[*ASG1-GigabitEthernet0/1/0] ptp enable
[~ASG1-GigabitEthernet0/1/0] ptp delay-mechanism delay
[*ASG1-GigabitEthernet0/1/0] commit
[~ASG1-GigabitEthernet0/1/0] quit
Step 3 Verify the configuration.
Run the display clock source command to check the status information about all
clock sources or the clock source being tracked.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 416
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<HUAWEI> display clock source
System trace source State: lock mode
into pull-in range
Current system trace source: bits0
Current 2M-1 trace source: system PLL
Frequency lock success: yes
Master board
Source Pri(sys/2m-1) In-SSM Out-SSM State Ref
--------------------------------------------------------------------------
bits0/ 1/--- sec dnu normal yes
GE0/1/0 2/--- sec sec normal yes
GE0/2/0 3/--- sec sec normal yes
Run the display ptp all command to check whether BITS information has been
successfully input.
<HUAWEI> display ptp all
Device config info
------------------------------------------------------------------------------
PTP state :enabled Domain value :0
Slave only :no Device type :BC
Set port state :no Local clock ID :0aa1c6fffe699700
Acl :no Virtual clock ID :no
Acr :no Time lock success :no
Asymmetry measure :disable Passive measure :disable
BMC run info
------------------------------------------------------------------------------
Grand clock ID :0a05d7fffe341500
Receive number :GigabitEthernet0/1/0
Parent clock ID :0a05d7fffe341500
Parent portnumber :35585
Priority1 :128 Priority2 :128
Step removed :0 Clock accuracy :0x31
Clock class :187 Time Source :0xa0
UTC Offset :35 UTC Offset Valid :False
Timescale :PTP Time traceable :False
Leap :None Frequency traceable :False
Offset scaled :0xffff Sync uncertain :False
Port info
Name State Delay-mech Ann-timeout Type Domain
------------------------------------------------------------------------------
GigabitEthernet0/1/0 slave delay 3 BC 0
Time Performance Statistics(ns): Slot 0 Card 1 Port 5
------------------------------------------------------------------------------
Realtime(T2-T1) :20942575 Pathdelay :0
Max(T2-T1) :95695479
Min(T2-T1) :20942575
Clock source info
Clock Pri1 Pri2 Accuracy Class TimeSrc Signal Switch Direction In-Status
------------------------------------------------------------------------------
local 128 128 0x31 187 0xa0 - - - -
bits1/11 128 128 0x20 6 0x20 1pps off in/- normal
bits1/12 128 128 0x20 6 0x20 1pps off in/- normal
----End
Configuration Files
● ASG1 configuration file
#
sysname ASG1
#
clock ssm-control on
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 417
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
ptp enable
ptp device-type bc
ptp domain 255
#
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock ptp domain 255
smart clock gnss-model gps glonass
smart-clock cable-delay 60
ptp enable
ptp delay-mechanism delay
#
#
return
● ASG2 configuration file
#
sysname ASG2
#
clock ssm-control on
#
ptp enable
ptp device-type bc
ptp domain 255
#
interface gigabitEthernet 0/1/0
clock synchronization enable
clock priority 1
smart-clock ptp domain 255
smart clock gnss-model gps glonass
smart-clock cable-delay 60
ptp enable
ptp delay-mechanism delay
#
#
smart clock gnss-model gps glonass smart-clock cable-delay 60
return
1.1.15 SNMP Configuration
1.1.15.1 Overview of SNMP
The Simple Network Management Protocol (SNMP) is a network management
standard widely used on UDP networks, whereby a central computer, that is, a
network management system (NMS), runs network management software to
manage various network elements (NEs). Three SNMP versions are available —
SNMPv1, SNMPv2c, and SNMPv3 — and one or more versions can be selected as
required.
An NMS performs Get and Set operations on a managed device running the SNMP
agent to manage objects, which are uniquely identified in the management
information base (MIB).
On a large network, if a fault occurs on a device, the network administrator is
unable to rapidly detect, locate, and rectify the fault as the device does not report
it. This affects maintenance efficiency and increases the overall maintenance
workload. To resolve this problem, device vendors have provided network
management functions in some products, enabling the NMS to query the status of
remote devices and allowing devices to report alarms to the NMS if an event
occurs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 418
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
SNMP operates at the application layer of the IP suite and defines the
transmission of management information between the NMS and devices. SNMP
defines several device management operations that can be performed by the NMS
and allows devices to send alarms to the NMS to notify the NMS of device faults.
SNMP Components
An SNMP managed network consists of the following three components:
● NMS: sends various messages to query managed devices and receives alarms
from these devices.
● Agent: a network-management process on a managed device. An agent
provides the following functions:
– Receives and parses query messages sent from the NMS.
– Reads or writes management variables based on the query type and
generates and sends response messages to the NMS.
– Sends alarms to the NMS when an event occurs. For example, when the
system view is displayed or closed, or if the device is restarted. Protocol
modules on the device define the conditions that result in alarms.
● Managed device: managed by an NMS and generates and reports alarms to
the NMS.
Figure 1-117 shows the relationship between the NMS and agent.
Figure 1-117 SNMP structure
MIB
To uniquely identify managed objects, SNMP organizes them in a hierarchical tree
structure and identifies each through a path originating from the tree root, as
shown in Figure 1-118. The NMS uses the MIB to identify and manage device
objects. Each node on the tree is a managed object.
Figure 1-118 MIB tree structure
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 419
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
As shown in Figure 1-118, object B is uniquely identified by a string of numbers,
{1.2.1.1}, known as an object identifier (OID). A MIB tree describes the hierarchy
of data in a MIB that collects the definitions of variables on the managed devices.
You can use a standard MIB or define a MIB based on certain standards. Using a
standard MIB reduces the costs on proxy deployment, which leads to reduced costs
on the entire network management system.
SNMP Operations
SNMP uses GET and SET operations to replace a complex command set. The
operations described in Figure 1-119 can implement all functions.
Figure 1-119 SNMP operations
Table 1-44 lists functions of SNMP operations.
Table 1-44 SNMP operations
Operation Function
GetRequest Retrieves the value of a variable. The NMS sends
the request to a managed device to obtain the
status of an object on the device.
GetNextRequest Retrieves the value of the next variable. The NMS
sends the request to a managed device to obtain
the status of the next object on the device.
GetResponse Responds to GetRequest, GetNextRequest, and
SetRequest operations. GetResponse is sent from
the managed device to the NMS and is processed
by SNMP agent.
GetBulk An NMS-to-agent request, which functions the
same as continuous GetNext operations.
SetRequest Sets the value of a variable. The NMS sends the
request to a managed device to adjust the status
of an object on the device.
Trap Reports an event to the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 420
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operation Function
Inform Reports an event to the NMS and requires
acknowledgement from the NMS.
1.1.15.2 Understanding SNMP
1.1.15.2.1 SNMP Fundamentals
Figure 1-120 shows a typical SNMP management system. The entire system must
have an NMS that functions as a network management center for the network
and runs management processes.
Each managed object must have an agent process. The managed device can be a
common user terminal or a device with the routing function. Management
processes and agent processes use UDP to transmit SNMP messages for
communication.
Figure 1-120 Typical SNMP configuration
An NMS running SNMP cannot manage NEs (managed objects) running a
network management protocol other than SNMP. In this scenario, the NEs must
use proxy agents for management, which can provide functions such as protocol
transition and filtering operations. Figure 1-121 shows how a proxy agent works.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 421
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-121 Schematic diagram for how a proxy agent works
1.1.15.2.2 SNMP Management Model
In an SNMP management system, an NMS and agents exchange signals.
● The NMS sends an SNMP Request message to an SNMP agent.
● The SNMP agent searches the MIB on the device for desired information and
sends an SNMP Response message to the NMS.
● If the trap triggering conditions defined for a module are met, the agent for
that module sends a message to notify the workstation that an event has
occurred on a managed object. This helps the network administrator deal
with network faults.
Figure 1-122 shows an SNMP management model.
Figure 1-122 SNMP management model
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 422
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.2.3 MIB
A MIB specifies variables (MIB object identifiers or OIDs) maintained by NEs.
These variables can be queried and set in the management process. A MIB
provides a structure that contains data on all NEs that may be managed on the
network. The SNMP MIB uses a hierarchical tree structure similar to the Domain
Name System (DNS), beginning with a nameless root at the top. Figure 1-123
shows an object naming tree, one part of the MIB.
Figure 1-123 MIB tree structure
The three objects at the top of the object naming tree are: ISO, ITU-T (formerly
CCITT), and the sum of ISO and ITU-T. There are four objects under ISO. Of these,
the number 3 identifies an organization. A Department of Defense (DoD) sub-tree,
marked dod (6), is under the identified organization (3). Under dod (6) is internet
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 423
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
(1). If the only objects being considered are Internet objects, you may begin
drawing the sub-tree below the Internet object (the square frames in dotted lines
with shadow marks in the following diagram), and place the identifier {1.3.6.1}
next to the Internet object.
One of the objects under the Internet object is mgmt (2). The object under mgmt
(2) is mib-2 (1) (formerly renamed in the new edition MIB-II defined in 1991).
mib-2 is identified by an OID, {1.3.6.1.2.1} or {Internet(1).2.1}. This kind of
identifier is the OID.
Table 1-45 Types of information managed by the MIB
Type Identifier Information
system 1 Operating system of a host or device
interfaces 2 Various types of network interfaces and traffic
volumes on these interfaces
address translation 3 Address translation (such as ARP mapping)
ip 4 Internet software (for collecting statistics
about IP fragments)
Internet Control 5 ICMP software (for collecting statistics about
Message Protocol received ICMP messages)
(icmp)
Tcp 6 TCP software (for algorithms, parameters, and
statistics)
udp 7 UDP software (for collecting statistics on UDP
traffic volumes)
External Gateway 8 EGP software (for collecting statistics on EGP
Protocol (EGP) traffic)
MIB is defined independently of a network management protocol. Device
manufacturers can integrate SNMP agent software into their products, but they
must ensure that this software complies with relevant standards after new MIBs
are defined. You can use the same network management software to manage
devices with different MIB versions. However, the network management software
cannot manage a device that does not support the MIB function.
1.1.15.2.4 SMI
Structure of Management Information (SMI) is a set of rules used to name and
define managed objects. It can define the ID, type, access level, and status of
managed objects. At present, there are two SMI versions: SMIv1 and SMIv2.
The following standard data types are defined in SMI:
● INTEGER
● OCTER STRING
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 424
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● DisplayString
● OBJECT IDENTIFIER
● NULL
● IpAddress
● PhysAddress
● Counter
● Gauge
● TimeTicks
● SEQUENCE
● SEQUENDEOF
1.1.15.2.5 Trap
A managed device sends unsolicited trap messages to notify an NMS that an
urgent and significant event has occurred on the managed device. For example,
the managed device restarts. Figure 1-124 shows the process of transmitting a
trap message.
Figure 1-124 Process of transmitting a trap message
If the trap triggering conditions defined for the agent's module are met, the agent
sends a trap message to notify the NMS that a significant event has occurred.
Network administrators can promptly handle the event.
The NMS uses port 162 to receive trap messages from the agent. The trap
messages are carried over UDP. After the NMS receives trap messages, it does not
need to acknowledge the messages.
1.1.15.2.6 Support for Standard and Extended Error Codes
In communication between the NE and NMS, an SNMP error code returned by the
NE in response to SNMP requests can provide error information, such as excessive
message length and nonexistent index. The error code defined by SNMP is called
the standard error code.
The SNMP protocol provides 21 types of standard error codes:
● Five error codes are specialized for SNMPv1.
● Sixteen error codes are shared by SNMPv2 and SNMPv3.
With an increasing number of system features and scenarios, the current SNMP
standard error code types are inadequate. Consequently, the workstation cannot
identify the scenario where a fault occurs when the NE processes messages. As a
solution, the extended error code was introduced.
When a fault occurs during message processing, the NE returns an error code
corresponding to the fault scenario. If the fault scenario is beyond the range of the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 425
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
SNMP standard error code, a generic error or a user-defined error code is
returned.
The error code that is defined by users is called the extended error code.
The extended error code applies to more scenarios. Only Huawei workstations can
correctly parse the fault scenario of the current NE based on the agreement with
NEs.
Extended error code can be enabled using either command lines or operations on
the workstation. After extended error code is enabled, SNMP converts the internal
error codes returned from features into different extended error codes and then
sends them to the workstation based on certain rules. If the internal error codes
returned from features are standard error codes, SNMP sends them directly to the
workstation.
If extended error code is disabled, standard error codes and internal error codes
defined by modules are sent directly to the workstation.
The system generates and manages extended error codes based on those
registered on the modules and the module number. The workstation parses
extended error codes according to its agreement with NEs and then displays the
obtained information.
1.1.15.2.7 SNMP Support for IPv6
The transition from IPv4 to IPv6 networks has already begun. NEs must be capable
of running IPv6 and transmitting SNMP messages on IPv6 networks.
SNMP processes both SNMP IPv4 and SNMP IPv6 messages in the same manner.
SNMP supports IPv6 by:
● Reading SNMP messages
SNMP can read and process both SNMP IPv4 and IPv6 messages. The two
types of messages do not affect each other. NEs can run on either IPv6
networks or IPv4 and IPv6 dual-stack networks.
Upon receiving a message, an NE first determines whether the message is an
IPv4 or IPv6 message. Depending on the message type, it then dispatches the
message to perform a task and processes the message. A processing result
based on the IP protocol type of the message is sent to the workstation.
Like SNMP IPv4 messages, IPv6 messages are sent to port 161. NEs can obtain
information of both SNMP IPv4 and SNMP IPv6 messages by monitoring port
161.
● Sending IPv6-based alarms in trap mode
Command lines are used to configure a network management host with an
IPv6 address. NEs use IPv6 to send alarms to the host with this IPv6 address.
NOTE
SNMP does not support IPv6 Inform messages.
● Recording SNMP IPv6 messages
Commands used to configure SNMP IPv6 and SNMP IPv4 are the same, and
command outputs are separately displayed according to protocol types.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 426
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NEs separate IPv6 messages from IPv4 messages by automatically matching
messages with their upper layer protocols.
1.1.15.2.8 Comparison of Security in Different SNMP Versions
Table 1-46 Comparison of security in different SNMP versions
Protocol User Checksum Encryptio Authentication
Version n
v1 No. Uses a community name. No No
v2c No. Uses a community name. No No
v3 Yes. User-name-based Yes Yes
verification.
NOTE
SNMPv1 and SNMPv2c have security risks. Using SNMPv3 is recommended.
1.1.15.2.9 ACL Support
In SNMP, ACLs are used to implement access control based on communities, USM
users and VACM groups, thereby preventing unauthorized access to a device Such
ACLs can be configured independently.
1.1.15.2.10 SNMP Proxy
Context
With SNMP, an NMS runs network management software to manage NEs. If the
NMS and device use different SNMP versions, the NMS cannot manage the device.
To resolve this problem, configure SNMP proxy on a device between the NMS and
device to be managed, as shown in Figure 1-125. In the following description, the
device on which SNMP proxy needs to be configured is referred to as a middle-
point device.
The NMS manages the middle-point device and managed device as an
independent NE, reducing the number of managed NEs and management costs.
Figure 1-125 SNMP proxy
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 427
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
An SNMP proxy provides the following functions:
● Receives SNMP messages from other SNMP entities, forwards SNMP
messages to other SNMP entities, or forwards responses to SNMP request
originators.
● Supports SNMPv1, SNMPv2c, and SNMPv3 and enables communication
between SNMP entities running SNMPv1, SNMPv2c, and SNMPv3.
An SNMP proxy can work between one or more NMSs and multiple NEs.
Fundamentals
The principles of SNMP proxy are described as follows:
In Figure 1-126, the middle-point device allows you to manage the network
access, configurations, and system software version of the managed device. The
NE MIB files loaded to the NMS include the MIB tables of both the middle-point
device and managed device. After you configure SNMP proxy on the middle-point
device, the middle-point device automatically forwards SNMP requests from the
NMS to the managed device and forwards SNMP responses from the managed
device to the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 428
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-126 SNMP proxy working principles
Figure 1-127 shows the SNMP proxy schematic diagram.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 429
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-127 SNMP proxy schematic diagram
● The process in which an NMS uses a middle-point device to query the MIB
information of a managed device is as follows:
a. The NMS sends an SNMP request that contains the MIB object ID of the
managed device to the middle-point device.
▪ The engine ID carried in an SNMPv3 request must be the same as
the engine ID of the SNMP agent on the managed device.
▪ If the SNMP request is an SNMPv1 or SNMPv2c message, a proxy
community name must be configured on the middle-point device
with the engine ID of the SNMP agent on the managed device be
specified. The community name carried in the SNMP request
message must match the community name configured on the
managed device.
b. Upon receipt, the middle-point device searches its proxy table for a
forwarding entry based on the engine ID.
▪ If a matching forwarding entry exists, the middle-point device caches
the request and encapsulates the request based on forwarding rules.
▪ If no matching forwarding entry exists, the middle-point device drops
the request.
c. The middle-point device forwards the encapsulated request to the
managed device and waits for a response.
d. After the middle-point device receives a response from the managed
device, the middle-point device forwards the response to the NMS.
If the middle-point device fails to receive a response within a specified
period, the middle-point device drops the SNMP request.
● The process in which a managed device uses a middle-point device to send a
notification to an NMS is as follows:
a. The managed device generates a notification due to causes such as
overheating and sends the notification to the middle-point device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 430
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Upon receipt, the middle-point device searches its proxy table for a
forwarding entry based on the engine ID.
▪ If a matching forwarding entry exists, the middle-point device
encapsulates the notification based on forwarding rules.
▪ If no matching forwarding entry exists, the middle-point device drops
the notification.
c. The middle-point device forwards the encapsulated notification to the
NMS.
If the notification is sent as an inform by the managed device, the
middle-point device forwards the notification to the NMS and waits for a
response after forwarding the notification to the NMS. If the middle-point
device does not receive any response from the NMS within a specified
period, the middle-point device drops the notification.
d. The NMS receives the notification.
1.1.15.3 Configuration Precautions for SNMP
Feature Requirements
Table 1-47 Feature requirements
Feature Requirements Series Models
Each independent admin VS allows a NetEngin NetEngine 8000
maximum of three target hosts to enable the e 8000 M M14/NetEngine
private VB function. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 431
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
SNMPv1 does not support GetBulk operations NetEngin NetEngine 8000
or Inform alarms. IPv6 networks do not e 8000 M M14/NetEngine
support Inform alarms. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
If the NMS frequently accesses a device (for NetEngin NetEngine 8000
example, the access frequency set on the NMS e 8000 M M14/NetEngine
is high or multiple NMSs access the device), 8000 M14K/
the CPU usage may increase and the device NetEngine 8000
may respond slowly to the NMS. In this case, M4/NetEngine
you can reduce the access frequency of the 8000 M8/
NMS to ensure that the device can respond to NetEngine 8000
the SNMP packets sent by the NMS in a timely M8K/NetEngine
manner. 8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
When the number of nodes in the SNMP IP NetEngin NetEngine 8000
address locking list exceeds 512, the device e 8000 M M14/NetEngine
stops processing SNMP packets. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 432
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
SNMPv3 is recommended because it is more NetEngin NetEngine 8000
secure than SNMPv1 and SNMPv2c. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
SNMPv1 does not support the GetBulk NetEngin NetEngine 8000
operation. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
SNMP supports dying gasp traps, but cannot NetEngin NetEngine 8000
receive the NMS's reply to a dying gasp e 8000 M M14/NetEngine
message sent in Inform mode. In addition, 8000 M14K/
SNMP does not support the re-transmission of NetEngine 8000
dying gasp messages in Inform mode. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 433
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
The port number and authentication NetEngin NetEngine 8000
parameters configured on the NMS must be e 8000 M M14/NetEngine
the same as those on the device, and the 8000 M14K/
SNMP version used on the NMS must be NetEngine 8000
enabled on the device; otherwise, the NMS M4/NetEngine
cannot manage the device. 8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The default aging time of the SNMP get-next/ NetEngin NetEngine 8000
get-bulk query cache is 5 seconds. Within the 5 e 8000 M M14/NetEngine
seconds, the data in the cache may have been 8000 M14K/
deleted or the value may have changed in the NetEngine 8000
DB or APP component. However, SNMP cannot M4/NetEngine
detect this situation, the data in the buffer is 8000 M8/
still returned to the NMS. NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
For security purposes, you are not advised to NetEngin NetEngine 8000
use the weak security protocol provided by this e 8000 M M14/NetEngine
feature. By default, the device provides the 8000 M14K/
weak protocol feature package WEAKEA. If it is NetEngine 8000
required, run the install feature-software M4/NetEngine
WEAKEA command to install the weak 8000 M8/
protocol feature package WEAKEA. NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
1.1.15.4 Configuring a Device to Communicate with an NMS Using SNMPv1
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 434
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.4.1 Understanding SNMPv1
SNMP defines five types of protocol data units (PDUs), also called SNMP
messages, exchanged between the workstation and agent.
● Get-Request PDUs: Generated and transmitted by the workstation to obtain
one or more parameter values from an agent.
● Get-Next-Request PDUs: Generated and transmitted by the workstation to
obtain parameter values in alphabetical order from an agent.
● Set-Request PDUs: Used to set one or more parameter values for an agent.
● Get-Response PDUs: Contain one or more parameters. They are generated by
an agent and transmitted in reply to any of the preceding operations.
● Traps: Messages that originate with an agent and are sent to inform the
workstation of network events.
The first three operations are sent by the workstation to an agent, and the latter
two operations are sent by an agent to the workstation. For simplification, the first
three operations are described as Get, Get-Next, and Set operations. Figure 1-128
shows the five SNMP packet operations.
NOTE
By default, an agent uses port 161 to receive Get and Set messages, and the workstation
uses port 162 to receive traps.
Figure 1-128 SNMP operations and messages
An SNMP message consists of a common SNMP header, a Get/Set header, a trap
header, and variable binding.
Common SNMP Header
A common SNMP header has the following fields:
● Version
The value for this field is determined by subtracting one from the actual
version number. For example, the version field value of an SNMPv1 message
is 0.
● Community
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 435
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The community is a simple text password shared by the workstation and an
agent. It is a string. A common value is the 6-character string "public".
● PDU type
There are five types of PDUs in total, as listed in Table 1-48.
Table 1-48 PDU types
PDU Type Name
0 Get-Request
1 Get-Next-Request
2 Get-Response
3 Set-Request
4 Trap
Get/Set Header
● Request ID
An integer set by the workstation. It is carried in Get-Request messages sent
by the workstation and in Get-Response messages returned by an agent. The
workstation can send Get messages to multiple agents simultaneously. All Get
messages are transmitted using UDP. A response to the request message sent
first may be the last to arrive. In such cases, Request IDs carried in the Get-
Response messages enable the workstation to identify the returned messages.
● Error status
An agent enters a value in this field of a Get-Response message to specify an
error, as listed in Table 1-49.
Table 1-49 Error status
Value Name Description
0 noError No error exists.
1 tooBig The agent cannot encapsulate its response
in an SNMP message.
2 noSuchName A nonexistent variable is contained in a
message.
3 badValue A Set operation has returned an invalid
value or syntax.
4 readOnly The workstation has attempted to modify a
read-only variable.
5 genErr Other errors.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 436
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Error index
When a noSuchName, badValue, or readOnly error occurs, the agent sets an
integer in the Response message to specify an offset value for the faulty
variable in the list. By default, the offset value in Get-Request messages is 0.
● Variable binding (variable-bindings)
The variable binding specifies the names and values of one or more variables.
In the Get or Get-Next message, this field is null.
Trap Header
● Enterprise
This field is an object identifier of a network device that sends traps. The
object identifier resides in the sub-tree of the enterprise object {1.3.6.1.4.1} in
the object naming tree.
● Generic trap type
The formal name of this field is generic-trap. Table 1-50 lists the generic trap
types that can be received by SNMP.
Table 1-50 Generic trap types
Value Type Description
0 coldStart A coldStart trap signifies that the SNMP
entity, supporting a notification originator
application, is reinitializing itself and that
its configuration may have been altered.
1 warmStart A warmStart trap signifies that the SNMP
entity, supporting a notification originator
application, is reinitializing itself such that
its configuration is unaltered.
2 linkDown An interface has changed from the up state
to the down state.
3 linkUp An interface has changed from the down
state to the up state.
4 authenticationFai- The SNMP workstation has received an
lure invalid community name.
5 egpNeighborLoss An EGP peer device has changed to the
down state.
6 enterpriseSpecific An event defined by the agent and
specified by a code.
To send a type 2, 3, or 5 trap, you must use the first variable in the trap's variable
binding field to identify the interface responding to the trap.
● Specific-code
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 437
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
If an agent sends a type 6 trap, the value in the Specific-code field specifies
an event defined by the agent. If the trap type is not 6, this field value is 0.
● Timestamp
This specifies the duration from when an agent is initializing to when an
event reported by a trap occurs. This value is expressed in 10 ms. For example,
a timestamp of 1908 means that an event occurred 19080 ms after
initialization of the agent.
1.1.15.4.2 Configuring Basic SNMPv1 Functions
Prerequisites
Before configuring a device to communicate with an NMS using SNMPv1,
complete the following tasks:
● Configure a routing protocol to ensure that the device and NMS are reachable
to each other.
● Run the install feature-software WEAKEA command in the user view to
install the weak security protocol feature package (WEAKEA).
Context
SNMP needs to be deployed on a network to allow the NMS to manage network
devices.
If the network is secure and has few devices (for example, a campus network or a
small enterprise network), SNMPv1 can be deployed to ensure communication
between the NMS and managed devices.
SNMPv1 has a security risk. Using SNMPv3 is recommended.
After basic SNMP functions are configured, an NMS can perform basic operations
such as Get and Set operations on a managed device, and the managed device
can send alarms to the NMS.
The NMS can communicate with managed devices after basic SNMP functions
have been configured.
Procedure
Step 1 Enter the system view.
system-view
Step 2 (Optional) Set the minimum SNMP password length.
snmp-agent password min-length min-length
After this command is run, the length of a configured SNMP password must be
longer than or equal to the minimum SNMP password length.
Step 3 (Optional) Start the SNMP agent service.
snmp-agent
By default, the SNMP agent service is disabled. Running any snmp-agent
configuration command (regardless of whether parameters are specified) starts
the SNMP agent service. Therefore, this step is optional.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 438
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 (Optional) Change the listening port number of the SNMP agent.
snmp-agent udp-port port-number
By default, the listening port number of the SNMP agent is 161. If this command
is not configured, the default listening port number is used.
Step 5 Configure an SNMP version.
snmp-agent sys-info version v1
By default, SNMPv3 is enabled.
After SNMPv1 is enabled on the managed device, the device supports both
SNMPv1 and SNMPv3. This means that the device can be monitored and
managed by NMSs running SNMPv1 or SNMPv3.
NOTE
The snmp-agent sys-info version v1 command can be used only after the weak security
protocol feature package is installed.
Step 6 Configure a read/write community name.
snmp-agent community { read | write } { community-name | cipher host-string } [ mib-view security-
string-cipher | acl { acl-number | acl-name } | alias alias-name ]
The community name will be saved in encrypted format in the configuration file.
To facilitate identification of community names, set the alias names for the
communities. The alias names are stored in cleartext in the configuration file.
By default, the device checks complexity of community names. If the check fails,
the community name cannot be configured. You can run the snmp-agent
community complexity-check disable command to disable complexity check for
community names. However, to ensure system security, you are advised to enable
complexity check for community names.
NOTE
The device has the following requirements for community name complexity:
● A community name contains at least eight characters.
● A community name contains at least two types of characters: uppercase characters,
lowercase characters, digits, and special characters, excluding question marks (?) and
spaces.
● After the weak password dictionary maintenance function is enabled, the value of
community-name cannot be the password defined in the weak password dictionary.
(You can run the display security weak-password-dictionary command to view the
password defined in the weak password dictionary.)
After the community name is set, if no MIB view is configured, the NMS that uses
the community name has permission to access objects in the Viewdefault view
(1.3.6.1).
● If the NMS administrator needs the read permission in a specified view,
configure read in this command. For example, a low-level administrator needs
to read certain data.
● If the NMS administrator needs the read and write permissions in a specified
view, configure write in this command. For example, a high-level
administrator needs to read and write certain data.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 439
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 7 Choose one of the following commands based on network requirements to
configure the destination IP address for the alarms and error codes sent from the
device.
● On an IPv4 network, run the following command:
snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-
port port-number ] | [ { vpn-instance vpn-instance-name | public-net } ] | [ source { interface-name
| interface-type interface-number } ] ] * params securityname { security-name [ v1 | private-
netmanager | ext-vb | notify-filter-profile profile-name ] * | cipher cipher-name [ v1 | private-
netmanager | ext-vb | notify-filter-profile profile-name ] * }
● On an IPv6 network, run the following command:
snmp-agent target-host [ host-name host-name ] trap ipv6 address udp-domain ipv6-address
[ [ udp-port port-number ] | [ vpn-instance vpn-instance-name | public-net ] | [ source { interface-
name | interface-type interface-number } ] ] * params securityname { security-name [ v1 | ext-vb |
notify-filter-profile profile-name | private-netmanager ] * | cipher cipher-name [ v1 | ext-vb |
notify-filter-profile profile-name | private-netmanager ] * }
The parameters can be set as follows:
● udp-port needs to be configured to change the default UDP port number of
162 to a non-well-known port number to meet special requirements.
● public-net needs to be configured to allow a device that an NMS manages to
send traps through a public network to the NMS. Alternatively, vpn-instance
vpn-instance-name needs to be configured to allow the device that an NMS
manages to send traps through a private network to the NMS.
● securityname needs to be configured to identify a source device that sends
traps.
● private-netmanager needs to be configured to allow alarm messages to
carry more information when the NMS and a device that the NMS manages
are both provided by Huawei. For example, an alarm message can carry alarm
type, sequence number, and time information when being sent. The
information helps rectify faults.
● notify-filter-profile needs to be configured to allow a device to send desired
alarms to the NMS host, which reduces irrelevant alarms and speeds up fault
identification. notify-view needs to be configured to allow the alarm filter
policy to take effect when you configure a user group.
Step 8 (Optional) Configure the contact information and location of the device
administrator.
snmp-agent sys-info { contact contact | location location }
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator contact the device administrators for fault location
and rectification.
Step 9 (Optional) Set the maximum size of an SNMP message that can be received or
sent by the device.
snmp-agent packet max-size byte-count
By default, the maximum size of an SNMP message that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP message that is
larger than the set size.
Step 10 (Optional) Enable the SNMP extended error code function.
snmp-agent extend error-code enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 440
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
By default, SNMP sends standard error codes to an NMS. The extended error code
function allows an SNMP device to send extended error codes to the NMS.
Step 11 (Optional) Enable the function to cache SET response packets.
snmp-agent set-cache enable
By default, the function to cache SET response packets is disabled.
Step 12 Configure a source interface for the SNMP agent to receive and respond to NMS
request packets.
Table 1-51 Configuring a source interface for the SNMP agent to receive and
respond to NMS request packets
Operation Command Description
Specify the source snmp-agent protocol N/A
interface used by SNMP source-interface
to receive and respond { protocol-interface-type
to requests from an protocol-interface-
NMS. number | protocol-
interface-name }
Enable the function that snmp-agent protocol N/A
allows all interfaces on source-status all-
the device to be used by interface
SNMP to receive and
respond to requests from
an NMS.
Specify an IPv6 source snmp-agent protocol N/A
address for SNMP to ipv6 source-ip ip-
receive and respond to address [ vpn-instance
requests from an NMS. vpn-instance-name ]
Enable the function that snmp-agent protocol N/A
allows all IPv6 addresses source-status ipv6 all-
on the device to be used interface
by SNMP to receive and
respond to requests from
an NMS.
NOTE
You are advised not to use all interfaces to receive and respond to NMS request messages.
Specifying a source interface is recommended.
Step 13 (Optional) Configure the SNMP agent to receive and respond to NMS request
packets through a VPN or public network.
snmp-agent protocol [ ipv6 ] { vpn-instance vpn-instance-name | public-net }
Step 14 (Optional) Set the engine ID of the local SNMP entity.
snmp-agent local-engineid engineid
By default, the system uses the internal algorithm to automatically generate a
device engine ID, which includes the enterprise ID and device information. The
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 441
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
system uses the MAC address of the management interface on a device as the
device information of the engine ID.
NOTE
To improve system security, run the snmp-agent packet contextengineid-check enable
command to check for consistency between the contextEngineID and local engine ID.
Step 15 (Optional) Disable the SNMP IPv4 or IPv6 listening port.
snmp-agent protocol server [ ipv4 | ipv6 ] disable
After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent
protocol server disable command, SNMP no longer processes SNMP packets.
Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
Step 16 (Optional) Configure the SNMP proxy to receive and respond to requests from the
CCU.
Table 1-52 Configuring the SNMP proxy to receive and respond to requests from
the CCU
Operation Command Description
Specify the source snmp-agent proxy N/A
interface for the SNMP protocol source-
proxy to receive and interface { protocol-
respond to requests from interface-type protocol-
the CCU. interface-number |
protocol-interface-
name }
Enable the function that snmp-agent proxy N/A
allows all IPv4 addresses protocol source-status
on the device to be used all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Specify the IPv6 source snmp-agent proxy N/A
address for the SNMP protocol ipv6 source-ip
proxy to receive and ip-address [ vpn-
respond to requests from instance vpn-instance-
the CCU. name ]
Enable the function that snmp-agent proxy N/A
allows all IPv6 addresses protocol source-status
on the device to be used ipv6 all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Step 17 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 442
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.4.3 (Optional) Controlling the NMS's Access to the Device
Context
To enhance SNMP communication security, restrict the NMSs that are allowed to
access the device and restrict the MIB objects to be managed.
If a device is managed by multiple NMSs that use the same community name,
note the following points:
● If all the NMSs are required to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.
● If some of the NMSs are required to access the objects in the Viewdefault
view (1.3.6.1), skip steps 7 and 8.
● If all the NMSs are required to manage specified objects on the device, skip
steps 2, 3, and 4.
● If some of the NMSs are required to manage specified objects on the device,
perform all the following steps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create a basic ACL to filter network administrators.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-acl-number }
After the access permissions are configured and the NMS's IP address is specified
in the ACL rule, if the IP address changes (for example, the network management
station changes its location, or IP addresses are re-allocated due to network
adjustment), you need to change the IP address in the ACL. Otherwise, the NMS
cannot access the device.
Step 3 Configure a basic ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny }
● If the address of a login user matches an ACL rule in which the specified
action is permit, the user is allowed to log in to the device.
● If the address of a login user matches an ACL rule in which the specified
action is deny, the user is not allowed to log in to the device.
● If the address of a login user is not within the address range specified in the
configured ACL rule, the user is not allowed to log in to the device.
● If the referenced ACL does not contain any rules or does not exist, the login of
users is not subject to the ACL, and any users can log in to the device.
Step 4 Return to the system view.
quit
Step 5 Commit the configuration.
commit
Step 6 (Optional) Configure an ACL for SNMP.
snmp-agent acl { acl-number | aclName }
Step 7 Create a MIB view and specify the MIB objects that can be monitored and
managed by the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 443
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
snmp-agent mib-view type view-name oid-tree
By default, the NMS has the permission to access the Viewdefault view (1.3.6.1).
The value of type can be included or excluded. The included parameter specifies
the MIB objects that the NMS needs to manage. If some MIB objects do not need
to be managed, you can specify the excluded parameter to exclude them.
Step 8 Control the NMS's access to the device.
snmp-agent community { read | write } { community-name | cipher host-string } [ mib-view security-
string-cipher | acl { acl-number | acl-name } | alias alias-name ]
● read: If the NMS administrator needs the read permission in a specified view,
configure read in this command. For example, a low-level administrator needs
to read certain data.
● write: If the NMS administrator needs the read and write permissions in a
specified view, configure write in this command. For example, a high-level
administrator needs to read and write certain data.
● mib-view: If some of the NMSs that use the community name need to have
permission to access the objects in the Viewdefault view (1.3.6.1), you do not
need to configure mib-view view-name in the command.
● acl: If all the NMSs that use the community name need to manage specified
objects on the device, you do not need to configure acl acl-number in the
command.
● If some of the NMSs that use the community name need to manage specified
objects on the device, configure both mib-view and acl in the command.
Step 9 Commit the configuration.
commit
----End
1.1.15.4.4 (Optional) Configuring the Trap Function
Context
The device can be configured to send specified traps to the NMS, which facilitates
fault locating. To enhance the trap transmission security, specify parameters for
sending traps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to send traps to the NMS.
snmp-agent trap enable
Step 3 Enable the function of sending a specified trap of a feature to the NMS.
snmp-agent trap enable feature-name feature-name trap-name trap-name
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 444
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
If the snmp-agent trap enable command has been run to enable the trap functions of all
modules, or the snmp-agent trap enable feature-name command has been run to enable
a specific trap function, note the following points:
● To disable the trap functions of all modules, run the snmp-agent trap disable
command.
● To restore the trap functions of all modules to the default status, run the undo snmp-
agent trap enable or undo snmp-agent trap disable command.
● To disable the trap function for a specified module, run the undo snmp-agent trap
enable feature-name command.
● To delete all the trap function configurations of a feature in a one-click manner, run
the clear configuration snmp-agent trap enable command.
Step 4 Set the source address of traps. Perform one or two of the following operations as
required:
● Set the source interface of traps. The IPv4 address of the source interface is
used as the source IPv4 address of traps.
snmp-agent trap source interface-type interface-number
To ensure device security, you are advised to specify the local loopback
interface as the source interface of traps.
The source interface of traps specified on the device must be the same as that
specified on the NMS. Otherwise, the NMS does not accept the traps sent
from the device.
● Set the source IPv6 address of traps.
snmp-agent trap source ipv6 ipv6-address [ vpn-instance vpn-instance-name ]
Step 5 Set a source port number for traps.
snmp-agent trap source-port port-number
To improve network security, configure a specific source port number for traps. In
this case, the user terminal's firewall filters packets based on the port number.
Step 6 Commit the configuration.
commit
----End
1.1.15.4.5 (Optional) Configuring SNMPv1 Anti-Attack
Context
To enhance security, the SNMP blacklist function can be configured to defend
against malicious user attacks and user password cracking.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the blacklist function for an IP address.
undo snmp-agent blacklist ip-block disable
Step 3 Commit the configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 445
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
commit
----End
1.1.15.4.6 Verifying the Configuration
Procedure
● Run the display snmp-agent community command to check the configured
community name.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check the rules in the specified
ACL.
● Run the display snmp-agent mib-view command to check the MIB view.
● Run the display snmp-agent mib modules command to check information
about a loaded MIB file.
● Run the display snmp-agent sys-info contact command to check the device
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the device.
● Run the display snmp-agent vacmgroup command to check all the
configured VACM groups.
● Run the display snmp-agent target-host command to check information
about the target host.
----End
1.1.15.5 Configuring a Device to Communicate with an NMS Using SNMPv2c
1.1.15.5.1 Understanding SNMPv2c
SNMPv2c has been released as a recommended Internet standard.
Simplicity is the main reason for the success of SNMP. On a large and complicated
network with devices from multiple vendors, a management protocol is required
to provide specific functions to simplify management. However, to make the
protocol simple, SNMP:
● Does not provide the batch access mechanism and has low access efficiency
of bulk data.
● Only is able to run on TCP/IP networks.
● Does not provide a communication mechanism for managers and is therefore
suitable for only centralized management, not distributed management.
● Is suitable for monitoring network devices, not a network.
In July 1992, to enhance the security of SNMP, SNMPv2 was introduced. In 1996,
the Internet Engineering Task Force (IETF) issued a series of SNMP-associated
standards. These documents defined SNMPv2c and abandoned the security
standard in SNMPv2.
SNMPv2c enhances the following aspects of SNMPv1:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 446
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Structure of management information (SMI)
● Communication between workstations
● Protocol control
SNMPv2c Security
The improvement on the security in SNMPv2 is abandoned in SNMPv2c. SNMPv2c
inherits the message mechanism and community concepts in SNMPv1.
New PDU Types in SNMPv2c
● Get-Bulk PDUs: A Get-Bulk PDU is generated on the workstation. The Get-
Bulk operation (transmission of Get-Bulk PDUs) is implemented based on
Get-Next operations. The Get-Bulk operation enables the workstation to
query managed object group information. One Get-Bulk operation equals
several consecutive Get-Next operations. You can set the number of recycle
times for a Get-Bulk PDU on the workstation. The number of recycle times
equals the number of times for performing Get-Next operations during a one-
time message exchange on the host.
● Inform-Request PDUs: An Inform-Request PDU is generated on the agent. The
Inform-Request operation (transmission of Inform-Request PDUs) provides a
guarantee for the trap mechanism. After the agent sends an Inform-Request
PDU, the workstation should return an acknowledge message to notify the
agent of successful receipt of the Inform-Request PDU. If the acknowledge
message is not returned within a specified period, the Inform-Request PDU is
retransmitted until the number of retransmission times exceeds the threshold.
1.1.15.5.2 Configuring Basic SNMPv2c Functions
Prerequisites
Before configuring a device to communicate with an NMS using SNMPv2c,
complete the following tasks:
● Configure a routing protocol to ensure that the device and NMS are reachable
to each other.
● Run the install feature-software WEAKEA command in the user view to
install the weak security protocol feature package (WEAKEA).
Context
SNMP needs to be deployed on a network to allow the NMS to manage network
devices.
If the network is of a large scale with many devices and its security requirements
are not strict, or the network is secure (for example, a VPN network) but services
on the network are so busy that traffic congestion may occur, SNMPv2c can be
deployed to ensure communication between the NMS and managed devices.
SNMPv2c has a security risk. Using SNMPv3 is recommended.
After basic SNMP functions are configured, an NMS can perform basic operations
such as Get and Set operations on a managed device, and the managed device
can send alarms to the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 447
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The NMS can communicate with managed devices after basic SNMP functions
have been configured.
Procedure
Step 1 Enter the system view.
system-view
Step 2 (Optional) Set the minimum SNMP password length.
snmp-agent password min-length min-length
After this command is run, the length of a configured SNMP password must be
longer than or equal to the minimum SNMP password length.
Step 3 (Optional) Start the SNMP agent service.
snmp-agent
By default, the SNMP agent service is disabled. Running any snmp-agent
configuration command (regardless of whether parameters are specified) starts
the SNMP agent service. Therefore, this step is optional.
Step 4 (Optional) Change the listening port number of the SNMP agent.
snmp-agent udp-port port-number
By default, the listening port number of the SNMP agent is 161. If this command
is not configured, the default listening port number is used.
Step 5 Configure an SNMP version.
snmp-agent sys-info version v2c
After SNMPv2c is enabled on the managed device, the device supports both
SNMPv2c and SNMPv3. This means that the device can be monitored and
managed by NMSs running SNMPv2c or SNMPv3.
NOTE
The snmp-agent sys-info version v2c command can be used only after the weak security
protocol feature package is installed.
Step 6 Configure a read/write community name.
snmp-agent community { read | write } { community-name | cipher host-string } [ mib-view security-
string-cipher | acl { acl-number | acl-name } | alias alias-name ]
The community name will be saved in encrypted format in the configuration file.
To facilitate identification of community names, set the alias names for the
communities. The alias names are stored in cleartext in the configuration file.
By default, the device checks complexity of community names. If the check fails,
the community name cannot be configured. You can run the snmp-agent
community complexity-check disable command to disable complexity check for
community names. However, to ensure system security, you are advised to enable
complexity check for community names.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 448
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The device has the following requirements for community name complexity:
● A community name contains at least eight characters.
● A community name contains at least two types of characters: uppercase characters,
lowercase characters, digits, and special characters, excluding question marks (?) and
spaces.
● After the weak password dictionary maintenance function is enabled, the value of
community-name cannot be the password defined in the weak password dictionary.
(You can run the display security weak-password-dictionary command to view the
password defined in the weak password dictionary.)
After the community name is set, if no MIB view is configured, the NMS that uses
the community name has permission to access objects in the Viewdefault view
(1.3.6.1).
● If the NMS administrator needs the read permission in a specified view,
configure read in this command. For example, a low-level administrator needs
to read certain data.
● If the NMS administrator needs the read and write permissions in a specified
view, configure write in this command. For example, a high-level
administrator needs to read and write certain data.
Step 7 Run one of following commands as needed:
● On an IPv4 network, a device can be configured to send alarms in Inform or
trap mode.
NOTE
The differences between alarms in trap and Inform modes are as follows:
– In trap mode, a managed device does not need to receive a response from the
alarm host after sending an alarm.
– In Inform mode, a managed device needs to receive a response from the alarm
host after sending an alarm. If no response is received within the timeout period,
the managed device retransmits the alarm until the number of sent alarms reaches
the maximum number of allowed retransmissions.
The managed device sends the alarm in Inform mode and records an alarm log at
the same time. If the NMS or a link fails, the NMS can synchronize alarms
generated during the fault period after the fault is rectified.
Therefore, the alarm in Inform mode is more reliable than that in trap mode. However,
the Inform mode may cause the device to cache massive alarm messages due to the
retransmission mechanism, consuming a great number of memory resources.
If the network environment is stable, sending alarms in trap mode is recommended. If
device resources are sufficient but the network environment is unstable, sending
alarms in Inform mode is recommended.
The same target host cannot be configured for Inform and trap messages. Otherwise,
the latest configuration overrides the previous configuration.
Configure the device to send alarms in trap mode.
snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-
port port-number ] | [ { vpn-instance vpn-instance-name | public-net } ] | [ source { interface-name
| interface-type interface-number } ] ] * params securityname { security-name [ v2c | private-
netmanager | ext-vb | notify-filter-profile profile-name ] * | cipher cipher-name [ v2c | private-
netmanager | ext-vb | notify-filter-profile profile-name ] * }
Configure the device to send alarms in Inform mode.
snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ [ udp-
port server-port ] | [ { vpn-instance vpn-instance-name | public-net } ] | [ source { interface-name |
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 449
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
interface-type interface-number } ] ] * params securityname { security-name v2c | cipher cipher-
name v2c } [ [ private-netmanager | ext-vb | notify-filter-profile profile-name ] * ] *
● On an IPv6 network, alarms can be sent only in trap mode.
snmp-agent target-host [ host-name host-name ] trap ipv6 addressudp-domain ipv6-address
[ [ udp-port port-number ] | [ vpn-instance vpn-instance-name | public-net ] | [ source { interface-
name | interface-type interface-number } ] ] * params securityname { security-name [ v2c | ext-vb |
notify-filter-profile profile-name | private-netmanager ] * | cipher cipher-name [ v2c | ext-vb |
notify-filter-profile profile-name | private-netmanager ] * }
The parameters can be set as follows:
● udp-port needs to be configured to change the default UDP port number of
162 to a non-well-known port number to meet special requirements.
● public-net needs to be configured to allow a device that an NMS manages to
send traps through a public network to the NMS. Alternatively, vpn-instance
vpn-instance-name needs to be configured to allow the device that an NMS
manages to send traps through a private network to the NMS.
● securityname needs to be configured to identify a source device that sends
traps.
● private-netmanager needs to be configured to allow alarm messages to
carry more information when the NMS and a device that the NMS manages
are both provided by Huawei. For example, an alarm message can carry alarm
type, sequence number, and time information when being sent. The
information helps rectify faults.
● notify-filter-profile needs to be configured to allow a device to send desired
alarms to the NMS host, which reduces irrelevant alarms and speeds up fault
identification. notify-view needs to be configured to allow the alarm filter
policy to take effect when you configure a user group.
Step 8 (Optional) Configure the contact information and location of the device
administrator.
snmp-agent sys-info { contact contact | location location }
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator contact the device administrators for fault location
and rectification.
Step 9 (Optional) Set the maximum size of an SNMP message that can be received or
sent by the device.
snmp-agent packet max-size byte-count
By default, the maximum size of an SNMP message that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP message that is
larger than the set size.
Step 10 (Optional) Enable the SNMP extended error code function.
snmp-agent extend error-code enable
By default, SNMP sends standard error codes to an NMS. The extended error code
function allows an SNMP device to send extended error codes to the NMS.
Step 11 (Optional) Enable the function to cache SET response packets.
snmp-agent set-cache enable
By default, the function to cache SET response packets is disabled.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 450
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 12 Configure a source interface for the SNMP agent to receive and respond to NMS
request packets.
Table 1-53 Configuring a source interface for the SNMP agent to receive and
respond to NMS request packets
Operation Command Description
Specify the source snmp-agent protocol N/A
interface used by SNMP source-interface
to receive and respond { protocol-interface-type
to requests from an protocol-interface-
NMS. number | protocol-
interface-name }
Enable the function that snmp-agent protocol N/A
allows all interfaces on source-status all-
the device to be used by interface
SNMP to receive and
respond to requests from
an NMS.
Specify an IPv6 source snmp-agent protocol N/A
address for SNMP to ipv6 source-ip ip-
receive and respond to address [ vpn-instance
requests from an NMS. vpn-instance-name ]
Enable the function that snmp-agent protocol N/A
allows all IPv6 addresses source-status ipv6 all-
on the device to be used interface
by SNMP to receive and
respond to requests from
an NMS.
NOTE
You are advised not to use all interfaces to receive and respond to NMS request messages.
Specifying a source interface is recommended.
Step 13 (Optional) Configure the SNMP agent to receive and respond to NMS request
packets through a VPN or public network.
snmp-agent protocol [ ipv6 ] { vpn-instance vpn-instance-name | public-net }
Step 14 (Optional) Set the engine ID of the local SNMP entity.
snmp-agent local-engineid engineid
By default, the system uses the internal algorithm to automatically generate a
device engine ID, which includes the enterprise ID and device information. The
system uses the MAC address of the management interface on a device as the
device information of the engine ID.
NOTE
To improve system security, run the snmp-agent packet contextengineid-check enable
command to check for consistency between the contextEngineID and local engine ID.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 451
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 15 (Optional) Disable the SNMP IPv4 or IPv6 listening port.
snmp-agent protocol server [ ipv4 | ipv6 ] disable
After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent
protocol server disable command, SNMP no longer processes SNMP packets.
Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
Step 16 (Optional) Configure the SNMP proxy to receive and respond to requests from the
CCU.
Table 1-54 Configuring the SNMP proxy to receive and respond to requests from
the CCU
Operation Command Description
Specify the source snmp-agent proxy N/A
interface for the SNMP protocol source-
proxy to receive and interface { protocol-
respond to requests from interface-type protocol-
the CCU. interface-number |
protocol-interface-
name }
Enable the function that snmp-agent proxy N/A
allows all IPv4 addresses protocol source-status
on the device to be used all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Specify the IPv6 source snmp-agent proxy N/A
address for the SNMP protocol ipv6 source-ip
proxy to receive and ip-address [ vpn-
respond to requests from instance vpn-instance-
the CCU. name ]
Enable the function that snmp-agent proxy N/A
allows all IPv6 addresses protocol source-status
on the device to be used ipv6 all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Step 17 (Optional) Set a Get-Bulk operation timeout period.
snmp-agent protocol get-bulk timeout time
The default Get-Bulk operation timeout period is 2s. Using the default Get-Bulk
operation timeout period is recommended. If you need to change the Get-Bulk
operation timeout period, ensure that the configured period is less than an NMS's
timeout period.
Step 18 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 452
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.5.3 (Optional) Controlling the NMS's Access to the Device
Context
To enhance SNMP communication security, restrict the NMSs that are allowed to
access the device and restrict the MIB objects to be managed.
If a device is managed by multiple NMSs that use the same community name,
note the following points:
● If all the NMSs are required to access the objects in the Viewdefault view
(1.3.6.1), skip the following steps.
● If some of the NMSs are required to access the objects in the Viewdefault
view (1.3.6.1), skip steps 7 and 8.
● If all the NMSs are required to manage specified objects on the device, skip
steps 2, 3, and 4.
● If some of the NMSs are required to manage specified objects on the device,
perform all the following steps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create a basic ACL to filter network administrators.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-acl-number }
After the access permissions are configured and the NMS's IP address is specified
in the ACL rule, if the IP address changes (for example, the network management
station changes its location, or IP addresses are re-allocated due to network
adjustment), you need to change the IP address in the ACL. Otherwise, the NMS
cannot access the device.
Step 3 Configure a basic ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny }
● If the address of a login user matches an ACL rule in which the specified
action is permit, the user is allowed to log in to the device.
● If the address of a login user matches an ACL rule in which the specified
action is deny, the user is not allowed to log in to the device.
● If the address of a login user is not within the address range specified in the
configured ACL rule, the user is not allowed to log in to the device.
● If the referenced ACL does not contain any rules or does not exist, the login of
users is not subject to the ACL, and any users can log in to the device.
Step 4 Return to the system view.
quit
Step 5 Commit the configuration.
commit
Step 6 (Optional) Configure an ACL for SNMP.
snmp-agent acl { acl-number | aclName }
Step 7 Create a MIB view and specify the MIB objects that can be monitored and
managed by the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 453
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
snmp-agent mib-view type view-name oid-tree
By default, the NMS has the permission to access the Viewdefault view (1.3.6.1).
The value of type can be included or excluded. The included parameter specifies
the MIB objects that the NMS needs to manage. If some MIB objects do not need
to be managed, you can specify the excluded parameter to exclude them.
Step 8 Control the NMS's access to the device.
snmp-agent community { read | write } { community-name | cipher host-string } [ mib-view security-
string-cipher | acl { acl-number | acl-name } | alias alias-name ]
● read: If the NMS administrator needs the read permission in a specified view,
configure read in this command. For example, a low-level administrator needs
to read certain data.
● write: If the NMS administrator needs the read and write permissions in a
specified view, configure write in this command. For example, a high-level
administrator needs to read and write certain data.
● mib-view: If some of the NMSs that use the community name need to have
permission to access the objects in the Viewdefault view (1.3.6.1), you do not
need to configure mib-view view-name in the command.
● acl: If all the NMSs that use the community name need to manage specified
objects on the device, you do not need to configure acl acl-number in the
command.
● If some of the NMSs that use the community name need to manage specified
objects on the device, configure both mib-view and acl in the command.
Step 9 Commit the configuration.
commit
----End
1.1.15.5.4 (Optional) Configuring the Trap Function
Context
The device can be configured to send specified traps to the NMS, which facilitates
fault locating. To enhance the trap transmission security, specify parameters for
sending traps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to send traps to the NMS.
snmp-agent trap enable
Step 3 Enable the function of sending a specified trap of a feature to the NMS.
snmp-agent trap enable feature-name feature-name trap-name trap-name
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 454
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
If the snmp-agent trap enable command has been run to enable the trap functions of all
modules, or the snmp-agent trap enable feature-name command has been run to enable
a specific trap function, note the following points:
● To disable the trap functions of all modules, run the snmp-agent trap disable
command.
● To restore the trap functions of all modules to the default status, run the undo snmp-
agent trap enable or undo snmp-agent trap disable command.
● To disable the trap function for a specified module, run the undo snmp-agent trap
enable feature-name command.
● To delete all the trap function configurations of a feature in a one-click manner, run
the clear configuration snmp-agent trap enable command.
Step 4 Set the source address of traps. Perform one or two of the following operations as
required:
● Set the source interface of traps. The IPv4 address of the source interface is
used as the source IPv4 address of traps.
snmp-agent trap source interface-type interface-number
To ensure device security, you are advised to specify the local loopback
interface as the source interface of traps.
The source interface of traps specified on the device must be the same as that
specified on the NMS. Otherwise, the NMS cannot receive the traps sent from
the device.
● Set the source IPv6 address of traps.
snmp-agent trap source ipv6 ipv6-address [ vpn-instance vpn-instance-name ]
Step 5 Set a source port number for traps.
snmp-agent trap source-port port-number
To improve network security, configure a specific source port number for traps. In
this case, the user terminal's firewall filters packets based on the port number.
Step 6 Commit the configuration.
commit
----End
1.1.15.5.5 (Optional) Configuring the Inform Function
Context
The device enabled with the SNMP agent function can generate two types of
notifications: traps and informs. Traps are messages alerting the NMS to a
condition on the network, and informs are traps that require a reply from the
NMS and are resent until a reply is received. Informs are more reliable than traps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to send traps.
snmp-agent trap enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 455
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Enable the function of sending a trap of a specified feature to the NMS.
snmp-agent trap enable feature-name feature-name trap-name trap-name
NOTE
If the snmp-agent trap enable command has been run to enable the trap functions of all
modules, or the snmp-agent trap enable feature-name command has been run to enable
three or more trap functions of a module, note the following points:
● To disable the trap functions of all modules, run the snmp-agent trap disable
command.
● To restore the trap functions of all modules to the default status, run the undo snmp-
agent trap enable or undo snmp-agent trap disable command.
● To disable the trap function for a specified module, run the undo snmp-agent trap
enable feature-name command.
Step 4 (Optional) Set the timeout period for waiting for inform Ack messages, number of
times to resend Inform messages, and the maximum pieces of pending Inform
messages (Inform messages need to be acknowledged).
snmp-agent inform { timeout seconds | resend-times times | pending number } *
By default, the timeout period for waiting for an Inform ACK message is 15
seconds, the number of Inform retransmissions is 3, and the maximum number of
unacknowledged Inform messages is 39.
NOTE
If the network is unstable, you need to increase the timeout period. At the same time, you
need to increase the number of times to resend Inform messages and the maximum count
of pending Inform messages.
Step 5 Set the timeout period for waiting for Inform ACK messages and the number of
Inform retransmissions.
snmp-agent inform { timeout seconds | resend-times times } * { host-name target-host-name | address
udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name |
cipher security-name } }
Step 6 Enable the alarm logging function.
snmp-agent notification-log enable
If the link between the managed device and the NMS is faulty, the route is
unreachable. The managed device does not send Inform alarms but continues to
record alarm logs. After the link recovers, the NMS obtains alarm logs generated
during the fault period from the managed device.
The alarm logging function logs only informs. By default, the alarm logging
function is disabled.
Step 7 Set the aging time of alarm logs and maximum number of alarm logs allowed to
be stored in the log buffer.
snmp-agent notification-log { global-ageout ageout [ minute minute ] | global-limit limit } *
By default, the aging time of alarm logs is 24 hours. Alarm logs are automatically
deleted after 24 hours.
By default, a maximum of 500 alarm logs can be saved in the log buffer. If the
number of alarm logs exceeds the limit, the earliest alarm log is deleted.
Step 8 Commit the configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 456
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
commit
----End
1.1.15.5.6 (Optional) Configuring SNMPv2c Anti-Attack
Context
To enhance security, the SNMP blacklist function can be configured to defend
against malicious user attacks and user password cracking.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the blacklist function for an IP address.
undo snmp-agent blacklist ip-block disable
Step 3 Commit the configuration.
commit
----End
1.1.15.5.7 Verifying the Configuration
Procedure
● Run the display snmp-agent community command to check the configured
community name.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check the rules in the specified
ACL.
● Run the display snmp-agent mib-view command to check the MIB view.
● Run the display snmp-agent mib modules command to check information
about a loaded MIB file.
● Run the display snmp-agent sys-info contact command to check the device
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the device.
● Run the display snmp-agent target-host command to check information
about the target host.
● Run the display snmp-agent inform command to check inform parameters
of all target hosts or a specified target host.
● Run the display snmp-agent notification-log command to check inform logs
stored in the log buffer.
● Run the display snmp-agent vacmgroup command to check all the
configured View-based Access Control Model (VACM) groups.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 457
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.5.8 Example for Configuring a Device to Communicate with NMSs Using
SNMPv2c
Networking Requirements
As shown in Figure 1-129, two NMSs (NMS1 and NMS2) and the device are
connected across a public network. According to the network planning, NMS2 can
manage every MIB object on the device, and NMS1 does not manage the device.
On the device, only the modules that are enabled by default are allowed to send
alarms to NMS2. This prevents an excess of unwanted alarms from being sent to
NMS2. Excessive alarms make fault location difficult. Inform messages need to be
used to ensure that alarms are received by NMS2, because alarms sent by the
device have to travel across the public network to reach NMS2.
Contact information of the device administrator needs to be configured on the
device. This helps the NMS administrator contact the device administrator if a
fault occurs.
Figure 1-129 Network diagram of configuring a device to communicate with an
NMS using SNMPv2c
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Precautions
If the network environment is insecure, you are advised to use SNMPv3 for
communication with the NMS.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the SNMP agent.
2. Configure the device to run SNMPv2c.
3. Configure an ACL to allow NMS2 to manage MIB objects on the device.
4. Configure a source interface for SNMP to receive and respond to NMS request
messages.
5. Configure the device to send Inform messages to NMS2 to ensure alarm
sending reliability.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 458
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
6. Configure the contact information of the device administrator.
7. Configure NMS2.
Procedure
Step 1 Run the install feature-software WEAKEA command in the user view to install
the weak security protocol feature package (WEAKEA).
Step 2 Configure available routes between the device and the NMSs. For detailed
configurations, see Configuration Scripts.
Step 3 Enable the SNMP agent.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] snmp-agent password min-length 9
[*DeviceA] snmp-agent
[*DeviceA] commit
Step 4 Configure the device to run SNMPv2c.
[~DeviceA] snmp-agent sys-info version v2c
[*DeviceA] commit
# Check the configured SNMP version.
[~DeviceA] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv2c SNMPv3
Step 5 Configure a source interface for SNMP to receive and respond to NMS request
messages.
[~DeviceA] snmp-agent protocol source-interface Loopback0
[*DeviceA] commit
Step 6 Configure the NMS access permission.
# Configure an ACL to allow NMS2 to manage and disallow NMS1 from
managing the device.
[~DeviceA] acl 2001
[*DeviceA-acl4-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[*DeviceA-acl4-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[*DeviceAacl4-basic-2001] commit
[~DeviceA-acl4-basic-2001] quit
# Configure a MIB view.
[~DeviceA] snmp-agent mib-view excluded allexthgmp 1.3.6.1.4.1.2011.6.7
[*DeviceA] commit
# Configure a community to reference an ACL to allow NMS2 to manage the
objects in the MIB view.
[~DeviceA] snmp-agent community write adminnms2 mib-view allexthgmp acl 2001
[*DeviceA] commit
Step 7 Configure the trap function.
[~DeviceA] snmp-agent target-host inform address udp-domain 1.1.1.2 params securityname
Huawei-1234 v2c
[*DeviceA] snmp-agent inform timeout 5 resend-times 6 pending 7
[*DeviceA] snmp-agent trap enable
[*DeviceA] snmp-agent notification-log enable
[*DeviceA] snmp-agent notification-log global-ageout 36
[*DeviceA] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 459
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 8 Configure the contact information of the device administrator.
[~DeviceA] snmp-agent sys-info contact call Operator at 010-12345678
[*DeviceA] commit
Step 9 Configure NMS2.
For details on how to configure NMS2, see the relevant NMS configuration guide.
----End
Verifying the Configuration
# Check the configured SNMP version.
[~DeviceA] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv2c SNMPv3
# Check information about the SNMP community name.
<DeviceA> display snmp-agent community
Community name: %@%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%-3Bw@/>NzBr/k=X0[ALT.K~:,!!!!!2jp5!!!!!!U!!!!%
{+lTl_[/Jh<3.<4RvQ/.Z'33]YwP
JkB^`J9g":TFqD-'B$kmL6;vyHwQ74KEFp22!!!!!!!!!!!!!!!%@
%#
Group name: %@%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%-3Bw@/>NzBr/k=X0[ALT.K~:,!!!!!2jp5!!!!!!U!!!!%{+lTl_[/
Jh<3.<4RvQ/.Z'33]YwP
JkB^`J9g":TFqD-'B$kmL6;vyHwQ74KEFp22!!!!!!!!!!!!!!!%@
%#
Acl: 2001
Alias name:
__CommunityAliasName_01_8357
Storage-type: nonVolatile
# Check the configured ACL.
<DeviceA> display acl 2001
Basic ACL 2001, 2 rules
Acl's step is 5
rule 5 permit source 1.1.1.2 0 (0 times matched)
rule 6 deny source 1.1.1.1 0 (0 times matched)
# Check the MIB view.
<DeviceA> display snmp-agent mib-view viewname allexthgmp
View name: allexthgmp
MIB Subtree: huaweiUtility.7
Subtree mask: FF80(Hex)
Storage-type: nonVolatile
View Type: excluded
View status: active
# Check the target host.
<DeviceA> display snmp-agent target-host
Target-host NO. 1
---------------------------------------------------------------------------
Host-name : __targetHost_1_41354
IP-address : 1.1.1.2
Source interface :-
VPN instance :-
Security name : %+%##!!!!!!!!!"!!!!$!!!!*!!!!%&K/U}|G\2KYm@@k}uDDU#gLLO<J"0Q'/kH!!!!!
2jp5!!!!!!<!!!!rv4VL.ucqLA!PK/olg}.vn0tBf0m4'5^XcK!!!!!%+%#
Port : 162
Type : inform
Version : v2c
Level : No authentication and privacy
NMS type : NMS
With ext vb : No
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 460
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Notification filter profile name : -
Heart beat required : No
---------------------------------------------------------------------------
# Check the contact information of the device administrator.
<DeviceA> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
acl number 2001
rule 5 permit source 1.1.1.2 0
rule 6 deny source 1.1.1.1 0
#
interface GigabitEthernet0/1/1
ip address 1.1.2.1 255.255.255.0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
#
snmp-agent
snmp-agent local-engineid 800007DB0300FDFDFD2211
snmp-agent community write cipher %@%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%-3Bw@/>NzBr/
k=X0[ALT.K~:,!!!!!2jp5!!!!!!U!!!!%{+lTl_[/Jh<3.<4RvQ/.Z'33]YwPJkB^`J9g":TFqD-'B
$kmL6;vyHwQ74KEFp22!!!!!!!!!!!!!!!%@%# mib-view allexthgmp acl 2001 alias
__CommunityAliasName_01_8357
#
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v2c
snmp-agent password min-length 9
snmp-agent target-host host-name __targetHost_1_11752 inform address udp-domain 1.1.1.2 params
securityname cipher %+%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%<OoF8~{B=#QW("E3cky"H*I%E!!!!!2jp5!!!!!!
<!!!!%m9qN;K61!+'7q>-bKZ&qJzJ3nQ\g)WWHkL!!!!!%+%# v2c
#
snmp-agent mib-view excluded allexthgmp huaweiUtility.7
#
snmp-agent notification-log enable
snmp-agent notification-log global-ageout 36
snmp-agent inform timeout 5
snmp-agent inform resend-times 6
snmp-agent inform pending 7
#
#
snmp-agent protocol source-interface LoopBack0
#
snmp-agent trap enable
#
return
1.1.15.6 Configuring a Device to Communicate with an NMS Using SNMPv3
USM User
1.1.15.6.1 Understanding SNMPv3
The SNMPv3 architecture embodies the model-oriented design and simplifies the
addition and modification of functions. SNMPv3 features the following:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 461
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Strong adaptability: SNMPv3 is applicable to multiple operating systems. It
can manage both simple and complex networks.
● Good extensibility: New models can be added as needed.
● High security: SNMPv3 provides multiple security processing models.
SNMPv3 has four models: message processing and control model, local processing
model, user security model, and view-based access control model.
Unlike SNMPv1 and SNMPv2, SNMPv3 can implement access control, identity
authentication, and data encryption using the local processing model and user
security model.
Message Processing and Control Model
A message processing and control model is responsible for constructing and
analyzing SNMP messages and determining whether the messages can pass
through a proxy server. In the message constructing process, the message
processing and control model receives a PDU from a dispatcher and then sends it
to the user security model to add security parameters to the PDU header. When
analyzing the received PDU, the user security model must first process the security
parameters in the PDU header and then send the unpacked PDU to the dispatcher
for processing.
Local Processing Model
A local processing model is primarily used to implement access control, data
packaging, and data interruption. Access control is implemented by setting
information related to the agent so that the management processes on different
workstations can have different access permissions to the agent. This process is
implemented through PDU transmission. There are two commonly used access
control policies: restricting the workstation from delivering some commands to the
agent, and specifying the details in the MIB of the agent that the workstation can
access. Access control policies must be predefined. SNMPv3 flexibly defines access
control policies using the syntax with various parameters.
User Security Model
A user security model provides identity authentication and data encryption
services. The two preceding services require that the workstation and agent use a
shared key.
● Identity authentication: A process in which the agent (or workstation)
confirms whether the received message is from an authorized workstation (or
agent) and whether the message is changed during transmission. HMAC is an
effective tool that is widely applied on the Internet to generate the message
authentication code using the security hash function and shared key.
● Data encryption: The workstation uses the key to calculate the CBC code and
then adds a CBC code to the message while the agent uses the same key to
decrypt the authentication code and then obtains the actual information.
Similar to identity authentication, the encryption requires that the
workstation and agent share the same key to encrypt and decrypt the
message.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 462
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
To improve system security, it is advised to configure different authentication and
encryption passwords for an SNMP user.
View-Based Access Control Model
A view-based access control model is mainly used to restrict the access
permissions of user groups or communities to specific views. You must pre-
configure a view and specify its permission. When you configure a user or a user
group or a community, load this view to implement read/write permission control
or the trap function (for SNMPv3).
1.1.15.6.2 Configuring Basic SNMPv3 Functions
Prerequisites
Before configuring a device to communicate with an NMS using SNMPv3 USM
user, configure a routing protocol to ensure that at least one route exists between
the device and NMS.
Context
The NMS manages a device by the following ways:
● Sends requests to the managed device to perform the GetRequest,
GetNextRequest, GetResponse, GetBulk, or SetRequest operation to obtain
data or set values.
● Passively receives alarms (traps or informs) from the managed device to
locate and handle device faults based on the alarm information.
After basic SNMP functions are configured, an NMS can perform basic operations
such as Get and Set operations on a managed device, and the managed device
can send alarms to the NMS.
The NMS can communicate with managed devices after basic SNMP functions
have been configured.
The algorithms indicated by md5, sha, sha2-224, DES56, and 3DES168 in the
snmp-agent usm-user command are weak security algorithms. You are advised to
use other secure algorithms. To configure a weak security algorithm, run the undo
crypto weak-algorithm disable command to enable the weak security algorithm
function first.
After the weak password dictionary maintenance function is enabled, the
password configured using the snmp-agent usm-user command cannot be the
password defined in the weak password dictionary. (You can run the display
security weak-password-dictionary command to view the password defined in
the weak password dictionary.)
Procedure
Step 1 Enter the system view.
system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 463
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 (Optional) Set the minimum SNMP password length.
snmp-agent password min-length min-length
After this command is run, the length of a configured SNMP password must be
longer than or equal to the minimum SNMP password length.
Step 3 (Optional) Start the SNMP agent service.
snmp-agent
By default, the SNMP agent service is disabled. Running any snmp-agent
configuration command (regardless of whether parameters are specified) starts
the SNMP agent service. Therefore, this step is optional.
Step 4 (Optional) Change the listening port number of the SNMP agent.
snmp-agent udp-port port-number
By default, the listening port number of the SNMP agent is 161. If this command
is not configured, the default listening port number is used.
Step 5 Configure an SNMP version.
snmp-agent sys-info version v3
By default, SNMPv3 is enabled.
Step 6 Configure an SNMP user group.
snmp-agent group v3 group-name { authentication | privacy | noauthentication } [ read-view read-view
| write-view write-view | notify-view notify-view ] * [ acl { acl-number | acl-name } ]
If the NMS and network devices are in an insecure environment (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in
the command to enable data authentication or privacy.
The available authentication and privacy modes are as follows:
● No authentication and no privacy: Neither authentication nor privacy or
noauthentication is configured in the command. This mode is applicable to
secure networks managed by a specified administrator.
● Authentication without privacy: Only authentication is configured in the
command. This mode is applicable to secure networks managed by many
administrators who may frequently perform operations on the same device. In
this mode, only the authenticated administrators can access the managed
device.
● Authentication and privacy: Both authentication and privacy are configured
in the command. This mode is applicable to insecure networks managed by
many administrators who may frequently perform operations on the same
device. In this mode, only the authenticated administrators can access the
managed device, and transmitted data is encrypted to guard against
tampering and data leaking.
read-view needs to be configured in the command if the NMS administrator
needs the read permission in a specified view in some cases. For example, a low-
level administrator needs to read certain data.
write-view needs to be configured in the command if the NMS administrator
needs the read and write permissions in a specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
notify-view needs to be configured in the command if you want to filter out
irrelevant alarms and configure the managed device to send only the alarms of
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 464
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
specified MIB objects to the NMS. If the parameter is configured, only the alarms
of the MIB objects specified by notify-view are sent to the NMS.
Step 7 (Optional) Set the engine ID of the local SNMP entity.
snmp-agent local-engineid engineid
By default, the system uses the internal algorithm to automatically generate a
device engine ID, which includes the enterprise ID and device information. The
system uses the MAC address of the management interface on a device as the
device information of the engine ID.
NOTE
To improve system security, run the snmp-agent packet contextengineid-check enable
command to check for consistency between the contextEngineID and local engine ID.
Step 8 Run one of following commands as needed:
● On an IPv4 network, a device can be configured to send alarms in Inform or
trap mode.
NOTE
The differences between alarms in trap and Inform modes are as follows:
– A managed device does not need to receive a response from the alarm host when
sending an alarm in trap mode. Therefore, remote-engineid does not need to be
configured.
– A managed device needs to receive a response from the alarm host when sending
an alarm in Inform mode. Therefore, specify the engine ID of the alarm host on the
managed device. This means that remote-engineid must be the same as the
engine ID of the alarm host that receives the alarm. If the managed device receives
no response from the NMS within a timeout period, it resends the alarm until a
response is returned or the number of sent alarms reaches the maximum number
of allowed retransmissions.
The managed device sends the alarm in Inform mode and records an alarm log at
the same time. If the NMS or a link fails, the NMS can synchronize alarms
generated during the fault period after the fault is rectified.
Therefore, the alarm in Inform mode is more reliable than that in trap mode. However,
the Inform mode may cause the device to cache massive alarm messages due to the
retransmission mechanism, consuming a great number of memory resources.
If the network environment is stable, sending alarms in trap mode is recommended. If
device resources are sufficient but the network environment is unstable, sending
alarms in Inform mode is recommended.
The same target host cannot be configured for Inform and trap messages. Otherwise,
the latest configuration overrides the previous configuration.
Configure the device to send alarms in trap mode.
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha | sha2-224 |
sha2-256 | sha2-384 | sha2-512 } password [ privacy-mode { des56 | 3des168 | aes128 | aes192 |
aes256 } password ] ] [ acl { acl-number | acl-name } ]
snmp-agent target-host [ host-name host-name ] trap address udp-domain ip-address [ [ udp-
port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-
instance-name ] ] * params securityname { security-name [ v3 [ authentication | privacy ] | private-
netmanager | ext-vb | notify-filter-profile profile-name ] * }
Configure the device to send alarms in Inform mode.
snmp-agent remote-engineid remote-engineid-name usm-user v3 user-name group-name
[ authentication-mode { md5 | sha | sha2-224 | sha2-256 | sha2-384 | sha2-512 } password
[ privacy-mode { des56 | 3des168 | aes128 | aes192 | aes256 } password ] ] [ acl { acl-number | acl-
name } ]
snmp-agent target-host [ host-name host-name ] inform address udp-domain ip-address [ [ udp-
port port-number ] | [ source interface-type interface-number ] | [ public-net | vpn-instance vpn-
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 465
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
instance-name ] ] * params securityname { security-name v3 [ authentication | privacy ] } [ [ ext-
vb | notify-filter-profile profile-name | private-netmanager ] * ] *
● On an IPv6 network, alarms can be sent only in trap mode.
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha | sha2-224 |
sha2-256 | sha2-384 | sha2-512} password [ privacy-mode { des56 | 3des168 | aes128 | aes192 |
aes256 } password ] ] [ acl { acl-number | acl-name } ]
snmp-agent target-host [ host-name host-name ] trap ipv6 address udp-domain ipv6-address
[ udp-port port-number | [ { vpn-instance vpn-instance-name | public-net ] | [ source { interface-
name | interface-type interface-number } ] ] * params securityname { security-name [ v3
[ authentication | privacy ] | private-netmanager | ext-vb | notify-filter-profile profile-name ] * }
By default, the complexity check is performed on the authentication or
encryption password configured for a USM user. If the password fails the
check, the configuration fails. To disable the password complexity check, run
the snmp-agent usm-user password complexity-check disable command.
However, enabling this function is recommended as this improves system
security.
To improve system security, it is advised to configure different encryption and
authentication passwords for the same SNMP USM user.
The parameters can be set as follows:
● udp-port needs to be configured to change the default UDP port number of
162 to a non-well-known port number to meet special requirements.
● public-net needs to be configured to allow a device that an NMS manages to
send traps through a public network to the NMS. Alternatively, vpn-instance
vpn-instance-name needs to be configured to allow the device that an NMS
manages to send traps through a private network to the NMS.
● securityname needs to be configured to identify a source device that sends
traps.
● private-netmanager needs to be configured to allow alarm messages to
carry more information when the NMS and a device that the NMS manages
are both provided by Huawei. For example, an alarm message can carry alarm
type, sequence number, and time information when being sent. The
information helps rectify faults.
● notify-filter-profile needs to be configured to allow a device to send desired
alarms to the NMS host, which reduces irrelevant alarms and speeds up fault
identification. notify-view needs to be configured to allow the alarm filter
policy to take effect when you configure a user group.
Step 9 (Optional) Configure the contact information and location of the device
administrator.
snmp-agent sys-info { contact contact | location location }
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator contact the device administrators for fault location
and rectification.
Step 10 (Optional) Set the maximum size of an SNMP message that can be received or
sent by the device.
snmp-agent packet max-size byte-count
By default, the maximum size of an SNMP message that the device can receive or
send is 12000 bytes.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 466
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the maximum size is set, the device discards any SNMP message that is
larger than the set size.
Step 11 Configure a source interface for the SNMP agent to receive and respond to NMS
request packets.
Table 1-55 Configuring a source interface for the SNMP agent to receive and
respond to NMS request packets
Operation Command Description
Specify the source snmp-agent protocol N/A
interface used by SNMP source-interface
to receive and respond { protocol-interface-type
to requests from an protocol-interface-
NMS. number | protocol-
interface-name }
Enable the function that snmp-agent protocol N/A
allows all interfaces on source-status all-
the device to be used by interface
SNMP to receive and
respond to requests from
an NMS.
Specify an IPv6 source snmp-agent protocol N/A
address for SNMP to ipv6 source-ip ip-
receive and respond to address [ vpn-instance
requests from an NMS. vpn-instance-name ]
Enable the function that snmp-agent protocol N/A
allows all IPv6 addresses source-status ipv6 all-
on the device to be used interface
by SNMP to receive and
respond to requests from
an NMS.
NOTE
You are advised not to use all interfaces to receive and respond to NMS request messages.
Specifying a source interface is recommended.
Step 12 (Optional) Enable the SNMP extended error code function.
snmp-agent extend error-code enable
By default, SNMP sends standard error codes to an NMS. The extended error code
function allows an SNMP device to send extended error codes to the NMS.
Step 13 (Optional) Enable the function to cache SET response packets.
snmp-agent set-cache enable
By default, the function to cache SET response packets is disabled.
Step 14 (Optional) Set a Get-Bulk operation timeout period.
snmp-agent protocol get-bulk timeout time
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 467
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The default Get-Bulk operation timeout period is 2s. Using the default Get-Bulk
operation timeout period is recommended. If you need to change the Get-Bulk
operation timeout period, ensure that the configured period is less than an NMS's
timeout period.
Step 15 (Optional) Disable the SNMP IPv4 or IPv6 listening port.
snmp-agent protocol server [ ipv4 | ipv6 ] disable
After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent
protocol server disable command, SNMP no longer processes SNMP packets.
Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
Step 16 Commit the configuration.
commit
----End
1.1.15.6.3 (Optional) Controlling the NMS's Access to the Device
Context
This section describes how to specify an NMS and manageable MIB objects for
SNMPv3-based communication between the NMS and managed device to
improve communication security.
If a device is managed by multiple NMSs that are in the same SNMPv3 user
group, note the following points:
● If all the NMSs need to have permission to access the objects in the
Viewdefault view, skip the following steps.
● If some of the NMSs need to have permission to access the objects in the
Viewdefault view, skip 7 and Step 8.
● If all the NMSs are required to manage specified objects on the device, skip
steps 2, 3, and 4.
● If some of the NMSs are required to manage specified objects on the device,
perform all the following steps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create a basic ACL to filter network administrators.
acl { name basic-acl-name { basic | [ number ] basic-acl-number } | [ number ] basic-acl-number }
After the access permissions are configured and the NMS's IP address is specified
in the ACL rule, if the IP address changes (for example, the network management
station changes its location, or IP addresses are re-allocated due to network
adjustment), you need to change the IP address in the ACL. Otherwise, the NMS
cannot access the device.
Step 3 Configure a basic ACL rule.
rule [ rule-id ] [ name rule-name ] { permit | deny }
● If the address of a login user matches an ACL rule in which the specified
action is permit, the user is allowed to log in to the device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 468
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● If the address of a login user matches an ACL rule in which the specified
action is deny, the user is not allowed to log in to the device.
● If the address of a login user is not within the address range specified in the
configured ACL rule, the user is not allowed to log in to the device.
● If the referenced ACL does not contain any rules or does not exist, the login of
users is not subject to the ACL, and any users can log in to the device.
Step 4 Return to the system view.
quit
Step 5 Commit the configuration.
commit
Step 6 (Optional) Configure an ACL for SNMP.
snmp-agent acl { acl-number | aclName }
Step 7 Create a MIB view and specify the MIB objects that can be monitored and
managed by the NMS.
snmp-agent mib-view type view-name oid-tree
By default, the NMS has the permission to access the Viewdefault view (1.3.6.1).
The value of type can be included or excluded. The included parameter specifies
the MIB objects that the NMS needs to manage. If some MIB objects do not need
to be managed, you can specify the excluded parameter to exclude them.
Step 8 Configure an SNMP user group.
snmp-agent group v3 group-name { authentication | privacy | noauthentication } [ read-view read-view
| write-view write-view | notify-view notify-view ] * [ acl { acl-number | acl-name } ]
If the NMS and network devices are in an insecure environment (for example, the
network is vulnerable to attacks), authentication or privacy can be configured in
the command to enable data authentication or privacy.
The available authentication and privacy modes are as follows:
● No authentication and no privacy: Neither authentication nor privacy or
noauthentication is configured in the command. This mode is applicable to
secure networks managed by a specified administrator.
● Authentication without privacy: Only authentication is configured in the
command. This mode is applicable to secure networks managed by many
administrators who may frequently perform operations on the same device. In
this mode, only the authenticated administrators can access the managed
device.
● Authentication and privacy: Both authentication and privacy are configured
in the command. This mode is applicable to insecure networks managed by
many administrators who may frequently perform operations on the same
device. In this mode, only the authenticated administrators can access the
managed device, and transmitted data is encrypted to guard against
tampering and data leaking.
read-view needs to be configured in the command if the NMS administrator
needs the read permission in a specified view in some cases. For example, a low-
level administrator needs to read certain data.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 469
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
write-view needs to be configured in the command if the NMS administrator
needs the read and write permissions in a specified view in some cases. For
example, a high-level administrator needs to read and write certain data.
notify-view needs to be configured in the command if you want to filter out
irrelevant alarms and configure the managed device to send only the alarms of
specified MIB objects to the NMS. If the parameter is configured, only the alarms
of the MIB objects specified by notify-view are sent to the NMS.
Step 9 Commit the configuration.
commit
----End
1.1.15.6.4 (Optional) Configuring the Trap Function
Context
The device can be configured to send specified traps to the NMS, which facilitates
fault locating. To enhance the trap transmission security, specify parameters for
sending traps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to send traps to the NMS.
snmp-agent trap enable
Step 3 Enable the function of sending a specified trap of a feature to the NMS.
snmp-agent trap enable feature-name feature-name trap-name trap-name
NOTE
If the snmp-agent trap enable command has been run to enable the trap functions of all
modules, or the snmp-agent trap enable feature-name command has been run to enable
a specific trap function, note the following points:
● To disable the trap functions of all modules, run the snmp-agent trap disable
command.
● To restore the trap functions of all modules to the default status, run the undo snmp-
agent trap enable or undo snmp-agent trap disable command.
● To disable the trap function for a specified module, run the undo snmp-agent trap
enable feature-name command.
● To delete all the trap function configurations of a feature in a one-click manner, run
the clear configuration snmp-agent trap enable command.
Step 4 Set the source address of traps. Perform one or two of the following operations as
required:
● Set the source interface of traps. The IPv4 address of the source interface is
used as the source IPv4 address of traps.
snmp-agent trap source interface-type interface-number
To ensure device security, you are advised to specify the local loopback
interface as the source interface of traps.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 470
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The source interface of traps specified on the device must be the same as that
specified on the NMS. Otherwise, the NMS cannot receive the traps sent from
the device.
● Set the source IPv6 address of traps.
snmp-agent trap source ipv6 ipv6-address [ vpn-instance vpn-instance-name ]
Step 5 Set a source port number for traps.
snmp-agent trap source-port port-number
To improve network security, configure a specific source port number for traps. In
this case, the user terminal's firewall filters packets based on the port number.
Step 6 Commit the configuration.
commit
----End
1.1.15.6.5 (Optional) Configuring the Inform Function
Context
The device enabled with the SNMP agent function can generate two types of
notifications: traps and informs. Traps are messages alerting the NMS to a
condition on the network, and informs are traps that require a reply from the
NMS and are resent until a reply is received. Informs are more reliable than traps.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to send traps.
snmp-agent trap enable
Step 3 Enable the function of sending a trap of a specified feature to the NMS.
snmp-agent trap enable feature-name feature-name trap-name trap-name
NOTE
If the snmp-agent trap enable command has been run to enable the trap functions of all
modules, or the snmp-agent trap enable feature-name command has been run to enable
three or more trap functions of a module, note the following points:
● To disable the trap functions of all modules, run the snmp-agent trap disable
command.
● To restore the trap functions of all modules to the default status, run the undo snmp-
agent trap enable or undo snmp-agent trap disable command.
● To disable the trap function for a specified module, run the undo snmp-agent trap
enable feature-name command.
Step 4 (Optional) Set the timeout period for waiting for inform Ack messages, number of
times to resend Inform messages, and the maximum pieces of pending Inform
messages (Inform messages need to be acknowledged).
snmp-agent inform { timeout seconds | resend-times times | pending number } *
By default, the timeout period for waiting for an Inform ACK message is 15
seconds, the number of Inform retransmissions is 3, and the maximum number of
unacknowledged Inform messages is 39.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 471
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
If the network is unstable, you need to increase the timeout period. At the same time, you
need to increase the number of times to resend Inform messages and the maximum count
of pending Inform messages.
Step 5 Set the timeout period for waiting for Inform ACK messages and the number of
Inform retransmissions.
snmp-agent inform { timeout seconds | resend-times times } * { host-name target-host-name | address
udp-domain ip-address [ vpn-instance vpn-instance-name ] params securityname { security-name |
cipher security-name } }
Step 6 Enable the alarm logging function.
snmp-agent notification-log enable
If the link between the managed device and the NMS is faulty, the route is
unreachable. The managed device does not send Inform alarms but continues to
record alarm logs. After the link recovers, the NMS obtains alarm logs generated
during the fault period from the managed device.
The alarm logging function logs only informs. By default, the alarm logging
function is disabled.
Step 7 Set the aging time of alarm logs and maximum number of alarm logs allowed to
be stored in the log buffer.
snmp-agent notification-log { global-ageout ageout [ minute minute ] | global-limit limit } *
By default, the aging time of alarm logs is 24 hours. Alarm logs are automatically
deleted after 24 hours.
By default, a maximum of 500 alarm logs can be saved in the log buffer. If the
number of alarm logs exceeds the limit, the earliest alarm log is deleted.
Step 8 Commit the configuration.
commit
----End
1.1.15.6.6 (Optional) Configuring SNMPv3 Anti-Attack
Context
To enhance security, the SNMPv3 blacklist function can be configured to defend
against malicious user attacks and user password cracking.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the blacklist function for an IP address.
undo snmp-agent blacklist ip-block disable
Step 3 The blacklist function for an SNMPv3 user is enabled.
undo snmp-agent blacklist user-block disable
By default, the blacklist function for an SNMPv3 user is enabled.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 472
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Configure the maximum number of consecutive authentication failures allowed
for an SNMPv3 user.
snmp-agent blacklist user-block failed-times failed-times period period-time
By default, an SNMPv3 user is locked if the user's five consecutive authentication
attempts fail within 5 minutes
Step 5 Configure the locking period for an SNMPv3 user after the user's authentication
failures exceed a specified number of consecutive times.
snmp-agent blacklist user-block reactive reactive-time
By default, the locking period is 5 minutes. After the period of time elapses, the
user is automatically unlocked and can continue to be authenticated.
To unlock users during the locking period, run the snmp-agent activate usm-user
user-name [ remote-engineid remote-engineid ] command.
Step 6 Commit the configuration.
commit
----End
1.1.15.6.7 Verifying the Configuration
Procedure
● Run the display snmp-agent usm-user [ engineid engineid | group group-
name | username user-name ] * command to check user information.
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display acl acl-number command to check the rules in the specified
ACL.
● Run the display snmp-agent mib-view command to check the MIB view.
● Run the display snmp-agent mib modules command to check information
about a loaded MIB file.
● Run the display snmp-agent sys-info contact command to check the device
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the device.
● Run the display snmp-agent target-host command to check information
about the target host.
● Run the display snmp-agent inform [ host-name host-name | [ address
udp-domain ip-address [ vpn-instance vpn-instance-name ] params
securityname security-name ] ] command to check Inform parameters and
host statistics of all or a specified target host.
● Run the display snmp-agent vacmgroup command to check all the
configured View-based Access Control Model (VACM) groups.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 473
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.6.8 Example for Configuring a Device to Use SNMPv3 USM Users to
Communicate with an NMS
Networking Requirements
As shown in Figure 1-130, two NMSs (NMS1 and NMS2) and the device are
connected across a public network. According to the network planning, NMS2 can
manage every MIB object on the device, and NMS1 does not manage the device.
On the device, only the modules that are enabled by default are allowed to send
alarms to NMS2. This prevents an excess of unwanted alarms from being sent to
NMS2. Excessive alarms make fault location difficult.
The data transmitted between NMS2 and the device needs to be encrypted and
the NMS administrator needs to be authenticated because the data has to travel
across the public network. Contact information of the device administrator needs
to be configured on the device. This helps the NMS administrator to contact the
equipment administrator if a fault occurs.
Figure 1-130 Network diagram of configuring a device to communicate with an
NMS using SNMPv3
NOTE
In this example, interface 1 represents GigabitEthernet0/1/1.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the SNMP agent.
2. Configure the device to run SNMPv3.
3. Configure a source interface for SNMP to receive and respond to NMS request
messages.
4. Configure an ACL to allow NMS2 to manage MIB objects on the device. Set
the authentication and encryption algorithms for data to sha2-256 and
aes128 respectively.
5. Configure the trap function to allow the device to send alarms to NMS2.
6. Configure the contact information of the device administrator.
7. Configure NMS2.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 474
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Configure available routes between the device and the NMSs. For detailed
configurations, see Configuration Scripts.
Step 2 Configure the SNMP agent.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] snmp-agent password min-length 10
[*DeviceA] snmp-agent
[*DeviceA] commit
Step 3 Configure the device to run SNMPv3.
[~DeviceA] snmp-agent sys-info version v3
[*DeviceA] commit
Step 4 Configure a source interface for SNMP to receive and respond to NMS request
messages.
[~DeviceA] snmp-agent protocol source-interface Loopback0
[*DeviceA] commit
Step 5 Configure the NMS access permission.
# Configure an ACL to allow NMS2 to manage and disallow NMS1 from
managing the device.
[~DeviceA] acl 2001
[*DeviceA-acl4-basic-2001] rule 5 permit source 1.1.1.2 0.0.0.0
[*DeviceA-acl4-basic-2001] rule 6 deny source 1.1.1.1 0.0.0.0
[*DeviceA-acl4-basic-2001] commit
[~DeviceA] quit
# Configure a MIB view.
[~DeviceA] snmp-agent mib-view included iso iso
[*DeviceA] commit
# Configure a user group and a user. Configure authentication and encryption for
data of the user.
[~DeviceA] snmp-agent group v3 admin privacy write-view iso notify-view iso read-view iso
[*DeviceA] snmp-agent usm-user v3 nms2-admin group admin acl 2001
[*DeviceA] snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256
Please configure the authentication password (8-255)
Enter Password:
Confirm Password:
[*DeviceA] snmp-agent usm-user v3 nms2-admin privacy-mode aes128
Please configure the privacy password (8-255)
Enter Password:
Confirm Password:
[*DeviceA] commit
Step 6 Configure the trap function.
[~DeviceA] snmp-agent target-host trap address udp-domain 1.1.1.2 params securityname nms2-
admin v3 privacy
[*DeviceA] snmp-agent trap enable
[*DeviceA] commit
Step 7 Configure the contact information of the device administrator.
[~DeviceA] snmp-agent sys-info contact call Operator at 010-12345678
[*DeviceA] commit
Step 8 Configure the NMS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 475
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
For details on how to configure NMS2, see the relevant NMS configuration guide.
----End
Verifying the Configuration
# Check the configured SNMP version.
<DeviceA> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3
# Check the user group information.
<DeviceA> display snmp-agent group admin
Group name: admin
Security model: USM AuthPriv
Readview: iso
Writeview: iso
Notifyview: iso
Storage-type: nonVolatile
# Check the user information.
<DeviceA> display snmp-agent usm-user
User name: nms2-admin
Engine ID: 800007DB03D0C65B951201 active
Authentication Protocol: sha2-256
Privacy Protocol: aes128
Group name: admin
Acl: 2001
State: Active
# Check the configured ACL.
<DeviceA> display acl 2001
Basic ACL 2001, 2 rules
ACL's step is 5
rule 5 permit ip source 1.1.1.2 0 (4 times matched)
rule 6 deny source 1.1.1.1 0 (0 times matched)
# Check the MIB view.
<DeviceA> display snmp-agent mib-view viewname iso
View name: iso
MIB Subtree: iso
Subtree mask: 80(Hex)
Storage-type: nonVolatile
View Type: included
View status: active
# Check the target host.
<DeviceA> display snmp-agent target-host
Target-host NO. 1
---------------------------------------------------------------------------
Host name : __targetHost_1_27466
IP address : 1.1.1.2
Source interface :-
VPN instance :-
Security name : nms2-admin
Port : 162
Type : trap
Version : v3
Level : Privacy
NMS type : NMS
With ext vb : No
Notification filter profile name : -
Heart beat required : No
---------------------------------------------------------------------------
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 476
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
# Check the contact information of the device administrator.
<DeviceA> display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
acl number 2001
rule 5 permit source 1.1.1.2 0.0.0.0
rule 6 deny source 1.1.1.1 0.0.0.0
#
interface GigabitEthernet0/1/1
ip address 1.1.2.1 255.255.255.0
#
interface loopback0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent local-engineid 800007DB03D0C65B951201
#
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent password min-length 10
snmp-agent group v3 admin privacy read-view iso write-view iso notify-view iso
snmp-agent target-host host-name __targetHost_1_27466 trap address udp-domain 1.1.1.2 params
securityname nms2-admin v3 privacy
#
snmp-agent mib-view included iso iso
snmp-agent usm-user v3 nms2-admin
snmp-agent usm-user v3 nms2-admin group admin
snmp-agent usm-user v3 nms2-admin authentication-mode sha2-256 cipher %+%##!!!!!!!!!"!!!!"!!!!*!!!!
PR=uJ|5'u%{Ku|VKwEyE-uN:Pp9K`O+oLF,!!!!!2jp5!!!!!!<!!!!6r!o;)ju=D<fXX.r3a`QWe'gPol7aEif^M'!!!!!%+
%#
snmp-agent usm-user v3 nms2-admin privacy-mode aes128 cipher %+%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u
%B.79IwRIE3(xTzFsYNQ5iH4;X!!!!!2jp5!!!!!!<!!!!A"X3:)AC815G!a6]bVc8-wj'EK9!&V<M0HP!!!!!%+%#
snmp-agent usm-user v3 nms2-admin acl 2001
#
snmp-agent protocol source-interface LoopBack0
#
snmp-agent trap enable
#
return
1.1.15.7 Configuring a Local SNMPv3 User on a Device to Communicate with
an NMS
1.1.15.7.1 Understanding How a Local SNMPv3 User on a Device Communicates
with an NMS
After SNMPv3 is configured, a managed device and an NMS can run SNMPv3 to
communicate with each other. To ensure normal communication between them,
you need to perform configuration on both the NMS and agent sides. This section
describes only the configuration on the agent side. For details about the
configuration on the NMS side, see the NMS operation guide.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 477
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Application Scenarios
AAA is an authentication, authorization, and accounting technique. Local AAA
users can be configured to log in to a device in multiple modes, such as FTP,
Telnet, or SSH. However, SNMPv3 supports only SNMP user login, which can be
inconvenient for network administrators in unified network device management
scenarios.
To resolve this issue, you can configure SNMP to support AAA users. This allows
AAA users to access the NMS, facilitates network administrators to manage
devices in a unified manner, and achieves task-based authentication on different
MIB nodes. The NMS does not distinguish between AAA user login and SNMP user
login.
Figure 1-131 shows the process of an AAA user logging in to the NMS through
SNMP.
Figure 1-131 Process of an AAA user logging in to the NMS through SNMP
The NMS can communicate with the devices to be managed once basic functions
are configured. To perform refined management, you can refer to the follow-up
configuration procedure.
Pre-configuration Tasks
Before configuring a device to communicate with an NMS using SNMPv3,
configure a routing protocol to ensure that routes between the router and NMS
are reachable.
Procedure
Figure 1-132 Flowchart for configuring a local SNMPv3 user on a device to
communicate with an NMS
1.1.15.7.2 Configuring Basic SNMPv3 Functions
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 478
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Basic SNMPv3 functions can be configured to allow an NMS to perform basic
monitoring and management operations on managed devices.
Before a local SNMP user is configured on a device to communicate with an NMS,
the user must be added to a user group on the AAA side, and the user group must
be associated with a specific task group. The task group can be configured with
multiple tasks, each of which is mapped to a MIB object that is granted reading
and writing permissions. This achieves task-based MIB object authentication.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable AAA and enter the AAA view.
aaa
Step 3 Create a task group and enter the task group view.
task-group task-group-name
Step 4 Add a specified task to the task group and grant permissions to the task.
task snmp { debug | execute | read | write } *
Each MIB object is associated with a specific task. This step can be performed to
grant permissions to SNMP MIB objects.
Step 5 Return to the AAA view.
quit
Step 6 Create a user group and enter the user group view.
user-group user-group-name
Step 7 Associate the user group with a specified task group.
task-group task-group-name
Step 8 Return to the AAA view.
quit
Step 9 Create a local user and configure a login password for the user.
local-user user-name password [ cipher password | irreversible-cipher irreversible-cipher-password ]
If the AAA user is configured as a local SNMP user, the length of user-name
ranges from 1 to 32 characters.
Step 10 Add the created local user to the specified user group.
local-user user-name user-group user-group-name
One user group can be used by multiple local users. However, each local user can
belong to only one user group.
Step 11 Set the access type of the local user to SNMP.
local-user user-name service-type snmp
Step 12 Return to the system view.
quit
Step 13 (Optional) Start the SNMP agent service.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 479
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
snmp-agent
By default, the SNMP agent service is disabled. Running any snmp-agent
configuration command (regardless of whether parameters are specified) starts
the SNMP agent service. Therefore, this step is optional.
Step 14 (Optional) Set the minimum SNMP password length.
snmp-agent password min-length min-length
After this command is run, the length of a configured SNMP password must be
longer than or equal to the minimum SNMP password length.
Step 15 (Optional) Change the listening port number of the SNMP agent.
snmp-agent udp-port port-number
By default, the listening port number of the SNMP agent is 161. If this command
is not configured, the default listening port number is used.
Step 16 Configure an SNMP version.
snmp-agent sys-info version v3
By default, SNMPv3 is enabled.
Step 17 Configure information about the local SNMP user.
snmp-agent local-user v3 user-name authentication-mode authen-protocol { privacy-mode privacy-
protocol | cipher authKey privacy-mode privacy-protocol cipher privKey }
The authentication and encryption password configured for an AAA user can be
different from those configured for a local SNMP user. Deleting a local AAA user
will also result in the deletion of the local SNMP user. However, deleting a local
SNMP user does not affect the local AAA user.
The priority of an SNMP USM user is higher than that of a local SNMP user.
Consequently, if an SNMP USM user and a local SNMP user have the same
username but different authentication and encryption passwords, the SNMP USM
user's authentication and encryption passwords are used for login.
By default, the device checks the complexity of the local users' authentication and
encryption passwords. If the check fails, the passwords fail to be configured. To
disable the password complexity check, run the snmp-agent local-user password
complexity-check disable command. However, enabling this function is
recommended as this improves system security.
To improve system security, you are advised to configure different authentication
and encryption passwords for a local SNMP user.
The algorithms indicated by md5, sha, sha2-224, DES56, and 3DES168 in the
snmp-agent local-user command are weak security algorithms. You are advised
to use other secure algorithms. To configure a weak security algorithm, run the
undo crypto weak-algorithm disable command to enable the weak security
algorithm function first.
After the weak password dictionary maintenance function is enabled, the
password configured using the snmp-agent local-user command cannot be the
password defined in the weak password dictionary. (You can run the display
security weak-password-dictionary command to view the password defined in
the weak password dictionary.)
Step 18 (Optional) Configure the SNMP proxy to receive and respond to requests from the
CCU.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 480
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● IPv4 network
– Specify the source interface for the SNMP proxy to receive and respond to
requests from the CCU.
snmp-agent proxy protocol source-interface { protocol-interface-type protocol-interface-
number | protocol-interface-name }
– Enable the function that allows all IPv4 addresses on the device to be
used by the SNMP proxy to receive and respond to requests from the
CCU.
snmp-agent proxy protocol source-status all-interface
● IPv6 network
– Configure the source IPv6 address for the SNMP agent to receive and
respond to CCU packets.
snmp-agent proxy protocol ipv6 source-ip ip-address [ vpn-instance vpn-instance-name ]
– Enable the function that allows all IPv6 addresses on the device to be
used by the SNMP proxy to receive and respond to requests from the
CCU.
snmp-agent proxy protocol source-status ipv6 all-interface
Step 19 (Optional) Configure the contact information and location of the device
administrator.
snmp-agent sys-info { contact contact | location location }
This step is required for the NMS administrator to view contact information and
locations of the device administrator when the NMS manages many devices. This
helps the NMS administrator contact the device administrators for fault location
and rectification.
Step 20 (Optional) Set the maximum size of an SNMP message that can be received or
sent by the device.
snmp-agent packet max-size byte-count
By default, the maximum size of an SNMP message that the device can receive or
send is 12000 bytes.
After the maximum size is set, the device discards any SNMP message that is
larger than the set size.
Step 21 (Optional) Run either of the following commands as required to configure the
SNMP agent to receive and respond to NMS request packets:
● Configure a source interface for the SNMP agent to receive and respond to
NMS request packets.
snmp-agent protocol source-interface interface-type interface-number
● Enable the function that allows all interfaces on the device to be used by
SNMP to receive and respond to requests from an NMS.
snmp-agent protocol source-status all-interface
● Configure the isolated source address for the SNMP agent to receive and
respond to NMS request packets.
snmp-agent protocol physic-isolate source-interface protocol-interface-name source-ip ip-address
NOTE
After the interface isolation attribute is set successfully, packets can be sent to the
server only through the specified physical interface, and those sent through other
interfaces are discarded.
● Configure the source IPv6 address for the SNMP agent to receive and respond
to NMS request packets.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 481
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
snmp-agent protocol ipv6 source-ip ip-address
● Configure the isolated IPv6 source address for the SNMP agent to receive and
respond to CCU packets.
snmp-agent protocol ipv6 physic-isolate source-interface protocol-interface-name source-ip ip-
address
● Enable the function that allows all IPv6 addresses on the device to be used by
SNMP to receive and respond to requests from an NMS.
snmp-agent protocol source-status ipv6 all-interface
● Configure the SNMP agent to receive and respond to NMS request packets
through a VPN or public network.
– For an IPv4 network, run the snmp-agent protocol { vpn-instance vpn-
instance-name | public-net } command.
– For an IPv6 network, run the snmp-agent protocol ipv6 { vpn-instance
vpn-instance-name | public-net } command.
NOTE
In scenarios such as interface unnumbered, if both an isolated source interface and a
common source interface (non-isolated source interface) are configured to listen to the
same IP address and VPN instance, the common source interface takes effect. When the
listening mode is set to all-interface and an isolated source interface is configured, the
isolated source interface configuration takes effect if it is matched based on the 5-tuple
matching rule, whereas the all-interface configuration takes effect if the isolated source
interface is not matched based on the 5-tuple matching rule. The source IP address
specified for the isolated source interface does not need to be the interface's IP address.
Step 22 (Optional) Set the engine ID of the local SNMP entity.
snmp-agent local-engineid engineid
NOTE
To improve system security, run the snmp-agent packet contextengineid-check enable
command to check for consistency between the contextEngineID and local engine ID.
By default, the system uses the internal algorithm to automatically generate a
device engine ID, which includes the enterprise ID and device information. The
system uses the MAC address of the management interface on a main control
board as the device information of the engine ID.
Step 23 (Optional) Enable the function to cache SET response packets.
snmp-agent set-cache enable
By default, the function to cache SET response packets is disabled.
Step 24 (Optional) Disable the SNMP IPv4 or IPv6 listening port.
snmp-agent protocol server [ ipv4 | ipv6 ] disable
After you disable the SNMP IPv4 or IPv6 listening port using the snmp-agent
protocol server disable command, SNMP no longer processes SNMP packets.
Exercise caution when you disable the SNMP IPv4 or IPv6 listening port.
Step 25 Commit the configuration.
commit
----End
1.1.15.7.3 (Optional) Configuring SNMP Attack Defense
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 482
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
Configure the SNMP blacklist function to defense against a malicious user's attack
on other users' passwords and improve security.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the IP address blacklist function.
undo snmp-agent blacklist ip-block disable
Step 3 Enable the user blacklist function.
undo snmp-agent blacklist user-block disable
Step 4 Commit the configuration.
commit
----End
1.1.15.7.4 Verifying the Configuration
Prerequisites
Basic SNMPv3 functions have been configured.
Context
After configuring basic SNMPv3 functions, check the configurations.
Procedure
● Run the display snmp-agent sys-info version command to check the
enabled SNMP version.
● Run the display snmp-agent sys-info contact command to view the
administrator's contact information.
● Run the display snmp-agent sys-info location command to check the
location of the router.
● Run the display current-configuration | include max-size command to
check the allowable maximum size of an SNMP packet.
● Run the display snmp-agent local-user [ username user-name ] command
to check local SNMP user information.
----End
1.1.15.7.5 Example for Configuring a Local SNMPv3 User on a Device to
Communicate with an NMS
Networking Requirements
On the network shown in Figure 1-133, two NMSs are connected to DeviceA over
a public network. To meet service requirements, NMS2 is configured to manage all
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 483
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
objects on DeviceA as a local SNMPv3 user, while NMS1 no longer manages
DeviceA.
As the data between NMS2 and DeviceA needs to traverse the public network,
user data must be authenticated and encrypted.
The NMS administrator is located far away from routers. To enable the NMS
administrator to quickly contact the device administrator if a fault occurs on
DeviceA, configure the contact information of the device administrator on
DeviceA.
Figure 1-133 Network diagram of configuring a local SNMPv3 user to
communicate with an NMS
NOTE
In this example, interface1 represents GE0/1/0.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an AAA task group and grant permissions.
2. Configure an AAA user group and associate it with the task group.
3. Configure a local AAA user and set its access service type to SNMP.
4. Enable the SNMP agent.
5. Set the SNMP version of the router to SNMPv3.
6. Configure a source interface for the SNMP agent to receive and respond to
NMS request packets.
7. Configure a local SNMPv3 user.
8. Configure the contact information of the device administrator.
9. Configure NMS2.
Procedure
Step 1 Configure available routes between the router and the NMSs. For detailed
configurations, see Configuration Scripts.
Step 2 Configure an AAA task group and grant permissions.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 484
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*HUAWEI] commit
[~DeviceA-aaa] aaa
[~DeviceA-aaa] task-group tg1
[*DeviceA-aaa-task-group-tg1] task snmp read
[*DeviceA-aaa-task-group-tg1] task snmp write
[*DeviceA-aaa-task-group-tg1] commit
[~DeviceADeviceA-aaa-task-group-tg1] quit
Step 3 Configure an AAA user group and associate it with the task group.
[~DeviceA-aaa] user-group grp1
[*DeviceA-aaa-user-group-grp1] task-group tg1
[*DeviceA-aaa-user-group-grp1] commit
[~DeviceA-aaa-user-group-grp1] quit
Step 4 Configure a local AAA user and set its access service type to SNMP.
[~DeviceA-aaa] local-user nms2-admin password
Please configure the password (8-128)
Enter Password:
Confirm Password:
[*DeviceA-aaa] local-user nms2-admin user-group grp1
[*DeviceA-aaa] local-user nms2-admin service-type snmp
[*DeviceA-aaa] commit
[~DeviceA-aaa] quit
Step 5 Enable the SNMP agent.
[~DeviceA] snmp-agent password min-length 10
[*DeviceA] snmp-agent
[*DeviceA] commit
Step 6 Set the SNMP version to SNMPv3.
[~DeviceA] snmp-agent sys-info version v3
[*DeviceA] commit
Step 7 Configure a source interface for the SNMP agent to receive and respond to NMS
request packets.
[~DeviceA] snmp-agent protocol source-interface Loopback0
[*DeviceA] commit
Step 8 Configure a local SNMPv3 user.
[~DeviceA] snmp-agent local-user v3 nms2-admin authentication-mode sha2-224 privacy-mode
aes128
Please configure the authentication password (8-255)
Enter Password:
Confirm Password:
Please configure the privacy password (8-255)
Enter Password:
Confirm Password:
[*DeviceA] commit
Step 9 Configure the contact information of the device administrator.
[~DeviceA] snmp-agent sys-info contact call Operator at 010-12345678
[*DeviceA] commit
Step 10 Configure the NMS.
For details about NMS configuration, see the corresponding NMS configuration
guide.
----End
Verifying the Configuration
# Check the configured SNMP version.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 485
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceA] display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3
#Check local user information.
[~DeviceA] display snmp-agent local-user
User name: nms2-admin
Engine ID: 800007DB03001974593301
Authentication Protocol: sha
Privacy Protocol: aes128
State: Active
# Display the contact information of the device administrator.
[~DeviceA] display snmp-agent sys-info contact
The contact person for this managed node:
call Operator at 010-12345678
Configuration Scripts
● DeviceA
#
sysname DeviceA
#
aaa
local-user nms2-admin password irreversible-cipher $1d$wl_$UbtQ(DLL4u'7$7_6GB8@h'P\<e_Wa!
TzW'enO<Slqi#Spv`54f]V;$
local-user nms2-admin service-type snmp
local-user nms2-admin user-group grp1
#
task-group tg1
task snmp write
#
user-group grp1
task-group tg1
#
interface GigabitEthernet 0/1/0
undo shutdown
ip address 1.1.2.1 255.255.255.0
#
interface loopback0
ip address 1.1.3.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.255
network 1.1.3.1 0.0.0.0
#
snmp-agent
snmp-agent password min-length 10
snmp-agent local-engineid 800007DB03001974593301
#
snmp-agent protocol source-interface Loopback0
#
snmp-agent sys-info contact call Operator at 010-12345678
snmp-agent sys-info version v3
snmp-agent local-user v3 nms2-admin authentication-mode sha2-224 cipher %+%##!!!!!!!!!"!!!!"!!!!*!!!!
Q/C$./\p}NjEHjN:n.RCPbLa:/*9'Qx
FkAJ!!!!!2jp5!!!!!!<!!!!UO"[X^t)qX]BX.Yzz3#'MIB&54%EWXlh[0&!!!!!%+%# privacy-mode aes128 cipher
%+%##!!!!!!!!!"!!!!"!!!!*!!!!Q/C$./\
p}NCL837}@S"Q]/.jXPTgK%c]aJ*!!!!!2jp5!!!!!!<!!!!gS&*AU:]E#F|F1,x2Sa")ogh;CxFQ#Jf.W4!!!!!%+%#
#
return
1.1.15.8 Configuring SNMP Proxy Using User-Defined Parameter Settings
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 486
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.8.1 Configuring SNMP Proxy Using User-Defined Parameter Settings
This section describes how to configure SNMP proxy using user-defined parameter
settings. The NMS manages the middle-point device and managed device as an
independent network element, reducing the number of managed network
elements and management costs.
As shown in Figure 1-134, an SNMP proxy and the cabinet control unit (CCU) of a
managed device are placed in an outdoor cabinet. The SNMP proxy enables
communication between the NMS and managed device and allows you to
manage the configurations and system software version of the managed device.
Figure 1-134 Networking diagram for configuring the device to communicate with
NMS through SNMP proxy
If you want to use the NMS to manage the middle-point device and the managed
device in a unified manner, deploy SNMP proxy on the middle-point device. The
NMS considers the middle-point device and the managed device as a virtual
management unit, which significantly reduces the number of NEs to be managed
by the NMS. The NMS monitors the performance of managed devices in real time,
helping to improve service quality.
If you do not want the middle-point device to communicate with the managed
device based on default parameter settings, configure SNMP proxy using user-
defined parameter settings. After you configure SNMP proxy, the middle-point
device communicates with the managed device based on the user-defined
parameter settings.
1.1.15.8.2 Configuring the Middle-Point Device
Prerequisites
Before configuring a device to communicate with an NMS using SNMP proxy,
complete the following tasks:
● Configure a routing protocol to ensure that there are reachable routes
between the NMS and the middle-point device and between the middle-point
device and the managed device.
Context
This section describes how to use user-defined parameter settings to configure
Simple Network Management Protocol (SNMP) proxy on the middle-point device.
In this type of SNMP proxy configuration, you must configure SNMP on the
managed device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 487
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Set the minimum SNMP password length.
snmp-agent password min-length min-length
After this command is run, the length of a configured SNMP password must be
longer than or equal to the minimum SNMP password length.
Step 3 Configure SNMP proxy on the middle-point device.
Table 1-56 SNMP proxy configuration tasks
Operatio Command Description
n
Configure ● If the SNMP message type is To enable an NMS to
a proxy GetRequest, SetRequest, or Trap, effectively manage a
rule for run the snmp-agent proxy rule managed device, perform this
SNMP rule-name { inform | read | trap operation to configure
messages. | write } remote-engineid attributes of the target hosts
remote-engineid target-host for receiving SNMP proxy
target-host-name params-in messages so that the middle-
securityname { security-name point device can filter out
{ v1 | v2c | v3 [ authentication | SNMP messages that do not
privacy ] } | cipher cipher-text match the specified
{ v1 | v2c } } command to attributes, you must correctly
configure a proxy rule for SNMP configure proxy rules for
messages. SNMP messages and ensure
● If the SNMP message type is that these proxy rules are
Inform, run the snmp-agent unique on the middle-point
proxy rule rule-name inform device.
remote-engineid remote- If you specify neither
engineid target-host target- authentication nor privacy,
host-name params-in SNMPv3 messages are
securityname { security-name neither authenticated nor
{ v2c | v3 [ authentication | encrypted.
privacy ] } | cipher cipher-text
v2c } command to configure a
proxy rule for SNMP messages.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 488
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operatio Command Description
n
Create an snmp-agent proxy community An SNMP proxy community
SNMP { community-name | cipher cipher- defines administrative
proxy name } remote-engineid remote- relationships between NMSs
communit engineid [ acl { acl-number | acl- and managed devices. The
y. name } | alias alias-name ] * community name acts like a
password to regulate access
to a managed device. An
NMS can access a managed
device only if the community
name carried in the SNMP
request sent by the NMS is
the same as the community
name configured on the
managed device.
After the weak password
dictionary maintenance
function is enabled, the value
of community-name cannot
be the password defined in
the weak password
dictionary. (You can run the
display security weak-
password-dictionary
command to view the
password defined in the
weak password dictionary.)
This operation applies only to
SNMPv1 and SNMPv2c.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 489
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operatio Command Description
n
Configure Run one of following commands as To enable the middle-point
attributes needed: device to forward SNMP
of the ● On an IPv4 network, run the requests from the NMS to
target snmp-agent proxy target-host the managed device and
hosts for target-host-name address udp- forward responses from the
receiving domain ip-address udp-port managed device to the NMS.
SNMP port-number [ source interface- ● The target host may be
proxy type interface-number | { vpn- either the NMS or the
messages. instance vpn-instance-name | managed device.
public-net } | timeout timeout- ● You can run this command
interval ]* params multiple times with
securityname { security-name different parameters set
{ v1 | v2c | v3 [ authentication | to configure a middle-
privacy ] } | cipher cipher-text point device to send
{ v1 | v2c } } command to SNMP proxy messages to
configure attributes for the multiple NMSs.
target host that receives SNMP
● The default number of the
proxy messages.
destination User
● On an IPv6 network, run the Datagram Protocol (UDP)
snmp-agent proxy target-host port is 162, a well-known
target-host-name ipv6 address port number. If you want
udp-domain ipv6-address udp- to change this number to
port port-number [ timeout a non-well-known port
timeout-interval ] params number, ensure that the
securityname { security-name new UDP port number is
{ v1 | v2c | v3 [ authentication | the same as that on the
privacy ] } | cipher cipher-text NMS.
{ v1 | v2c } } command to
● If you specify neither
configure attributes for the
authentication nor
target host that receives SNMP
privacy, SNMPv3
proxy messages.
messages are neither
authenticated nor
encrypted.
● If the NMS and managed
device need to
communicate over a
virtual private network
(VPN), use the vpn-
instance vpn-instance-
name parameter.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 490
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operatio Command Description
n
Create an snmp-agent remote-engineid SNMPv1 and SNMPv2c use
SNMP engine-Id community names for
proxy authentication, whereas
user. SNMPv3 uses usernames for
authentication.
Unlike SNMPv1 or SNMPv2c,
SNMPv3 can implement
access control, identity
authentication, and data
encryption using the local
processing model and User-
based Security Model (USM).
SNMPv3 achieves higher
security and confidentiality
and is applicable to a wider
range than SNMPv1 and
SNMPv2c.
This operation applies only to
SNMPv3 networking.
(Optional snmp-agent packet-priority Change the priority of SNMP
) { snmp | trap } priority-level messages in the following
Configure scenarios if necessary:
the ● Increase the priority of
priority of notifications to ensure
SNMP that the NMS receives
messages. them.
● Increase the priority of
GetResponse and
SetResponse PDUs to
facilitate management
operations performed in
the management
information base (MIB) of
a managed device by the
NMS.
● Reduce the priority of
SNMP messages
(including GetResponse,
SetResponse, Trap, and
Inform messages) to
prevent frequent message
sending when network
congestion occurs.
The default priority of SNMP
messages is 6.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 491
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Configure the SNMP proxy to receive and respond to requests from the CCU.
Table 1-57 Configuring the SNMP proxy to receive and respond to requests from
the CCU
Operation Command Description
Specify the source snmp-agent proxy N/A
interface for the SNMP protocol source-
proxy to receive and interface { protocol-
respond to requests from interface-type protocol-
the CCU. interface-number |
protocol-interface-
name }
Enable the function that snmp-agent proxy N/A
allows all IPv4 addresses protocol source-status
on the device to be used all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Specify the IPv6 source snmp-agent proxy N/A
address for the SNMP protocol ipv6 source-ip
proxy to receive and ip-address [ vpn-
respond to requests from instance vpn-instance-
the CCU. name ]
Enable the function that snmp-agent proxy N/A
allows all IPv6 addresses protocol source-status
on the device to be used ipv6 all-interface
by the SNMP proxy to
receive and respond to
requests from the CCU.
Step 5 Commit the configuration.
commit
----End
1.1.15.8.3 Configuring the Managed Device
Context
● To configure SNMPv1 on the managed device, see 1.1.15.4 Configuring a
Device to Communicate with an NMS Using SNMPv1.
● To configure SNMPv2c on the managed device, see 1.1.15.5 Configuring a
Device to Communicate with an NMS Using SNMPv2c.
● To configure SNMPv3 on the managed device, see 1.1.15.6 Configuring a
Device to Communicate with an NMS Using SNMPv3 USM User.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 492
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.15.8.4 Verifying the Configuration
Procedure
● Verify the SNMP proxy configuration on the middle-point device.
– Run the display snmp-agent proxy community command to check
SNMP proxy community information.
– Run the display snmp-agent proxy rule command to check proxy rules
for SNMP messages.
– Run the display snmp-agent proxy target-host command to check
target host information.
– Run the display snmp-agent usm-user command to check SNMPv3
proxy user information.
– Run the display snmp-agent proxy statistics command to check
statistics about SNMP proxy messages.
● Verify the SNMP configuration on the managed device.
– For SNMPv1, see 1.1.15.4.6 Verifying the Configuration.
– For SNMPv2c, see 1.1.15.5.7 Verifying the Configuration.
– For SNMPv3, see 1.1.15.6.7 Verifying the Configuration.
----End
1.1.15.8.5 Example for Configuring a Device to Communicate with an NMS Using
an SNMP Proxy
Networking Requirements
An NMS can manage NEs through SNMP, but management costs increase as the
number of NEs increases.
To reduce management costs, configure a middle-point device as the SNMP proxy,
as shown in Figure 1-135. After the configuration is complete, the NMS considers
the middle-point device and managed device as an independent NE. This reduces
the number of NEs that the NMS needs to manage, thereby reducing
management costs.
Figure 1-135 Networking diagram for configuring a device to communicate with
an NMS using an SNMP proxy
NOTE
In this example, interface 1 and interface 2 represent GigabitEthernet0/1/1 and
GigabitEthernet0/1/2, respectively.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 493
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
● Configure the middle-point device.
a. Configure IP addresses for interfaces that connect the middle-point device
to the NMS and managed device.
b. Configure the middle-point device as an SNMP proxy, enabling it to
access the managed device based on the configured parameters for
management.
● Configure the managed device.
a. Configure an IP address for the interface that connects the managed
device to the middle-point device.
b. Configure SNMP for the managed device to communicate with the NMS.
Procedure
Step 1 Configure an IP address for the interface on the middle-point device.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] vlan 100
[*DeviceA-vlan100] quit
[*DeviceA] interface vlanif 100
[*DeviceA-Vlanif100] ip address 10.1.1.1 24
[*DeviceA-Vlanif100] quit
[*DeviceA] interface gigabitethernet 0/1/1
[*DeviceA-GigabitEthernet0/1/1] port link-type trunk
[*DeviceA-GigabitEthernet0/1/1] port trunk pvid vlan 100
[*DeviceA-GigabitEthernet0/1/1] port trunk allow-pass vlan 100
[*DeviceA-GigabitEthernet0/1/1] quit
[*DeviceA] vlan 200
[*DeviceA-vlan200] quit
[*DeviceA] interface vlanif 200
[*DeviceA-Vlanif200] ip address 192.168.1.1 24
[*DeviceA-Vlanif200] quit
[*DeviceA] interface gigabitethernet 0/1/2
[*DeviceA-GigabitEthernet0/1/2] port link-type trunk
[*DeviceA-GigabitEthernet0/1/2] port trunk pvid vlan 200
[*DeviceA-GigabitEthernet0/1/2] port trunk allow-pass vlan 200
[*DeviceA-GigabitEthernet0/1/2] quit
Step 2 Configure the middle-point device as the SNMP proxy.
[*DeviceA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3
[*DeviceA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3
authentication-mode sha
Please configure the authentication password (8-255)
Enter Password:
Confirm Password:
[*DeviceA] snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 privacy-
mode aes256
Please configure the privacy password (8-255)
Enter Password:
Confirm Password:
[*DeviceA] snmp-agent proxy rule proxy_rule_read read remote-engineid 800007DB0338EBD9210010
target-host proxy_host params-in securityname snmpv3 v3 privacy
[*DeviceA] snmp-agent proxy rule proxy_rule_write write remote-engineid 800007DB0338EBD9210010
target-host proxy_host params-in securityname snmpv3 v3 privacy
[*DeviceA] snmp-agent proxy target-host proxy_host@NMS address udp-domain 10.1.2.1 udp-port 162
params securityname snmpv3 v3 privacy
[*DeviceA] commit
[DeviceA] quit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 494
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Configure the managed device.
For details about how to configure SNMPv3, see 1.1.15.6.8 Example for
Configuring a Device to Use SNMPv3 USM Users to Communicate with an
NMS.
Step 4 Verify the configuration.
# Check the proxy rules for SNMP packets.
<DeviceA> display snmp-agent proxy rule
Proxy rule name : proxy_rule_read
Type : read
Remote engine ID : 800007DB0338EBD9210010
Host name : proxy_host
Security name : snmpv3
Version : v3
Level : Privacy
Proxy rule name : proxy_rule_write
Type : write
Remote engine ID : 800007DB0338EBD9210010
Host name : proxy_host
Security name : snmpv3
Version : v3
Level : Privacy
# Check the target host information of the SNMP proxy.
<DeviceA> display snmp-agent proxy target-host
Proxy target host NO. 1
-----------------------------------------------------------
Host name : proxy_host@NMS
IP address : 10.1.2.1
Port : 162
Timeout : 15
Source interface : -
VPN instance :-
Security name : snmpv3
Version : v3
Level : Privacy
-----------------------------------------------------------
----End
Configuration Files
DeviceA configuration file
#
sysname DeviceA
#
vlan batch 100 200
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif200
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/1/2
port link-type trunk
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 495
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
port trunk pvid vlan 200
port trunk allow-pass vlan 200
#
snmp-agent
snmp-agent local-engineid 800007DB03001974593301
#
snmp-agent sys-info version v3
#
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 authentication-mode sha
cipher %+%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%{Ku|VKwEyE-uN:Pp9K`O+oLF,!!!!!2jp5!!!!!!<!!!!6r!
o;)ju=D<fXX.r3a`QWe'gPol7aEif^M'!!!!!%+%#
snmp-agent remote-engineid 800007DB0338EBD9210010 usm-user v3 snmpv3 privacy-mode aes256 cipher
%+%##!!!!!!!!!"!!!!"!!!!*!!!!PR=uJ|5'u%B.79IwRIE3(xTzFsYNQ5iH4;X!!!!!2jp5!!!!!!<!!!!A"X3:)AC815G!a6]bVc8-
wj'EK9!&V<M0HP!!!!!%+%#
#
snmp-agent proxy target-host proxy_host@NMS address udp-domain 10.1.2.1 udp-port 162 params
securityname snmpv3 v3 privacy
#
snmp-agent proxy rule proxy_rule_read read remote-engineid 800007DB0338EBD9210010 target-host
proxy_host params-in securityname snmpv3 v3 privacy
snmp-agent proxy rule proxy_rule_write write remote-engineid 800007DB0338EBD9210010 target-host
proxy_host params-in securityname snmpv3 v3 privacy
#
return
1.1.16 NETCONF Configuration
1.1.16.1 NETCONF Overview
Definition
The Network Configuration Protocol (NETCONF) is an extensible markup
language (XML)-based network configuration and management protocol.
NETCONF uses a simple remote procedure call (RPC) mechanism to implement
communication between a client and a server. NETCONF provides a method for a
network management station (client), which is a central computer that runs
network management software, to remotely manage and monitor devices.
The NMS uses NETCONF to implement local management and perform operations
such as adding, modifying, and deleting configurations of remote devices. This
protocol allows a device to provide a complete and formal application
programming interface (API). Network management applications can use this API
to send and receive complete or partial configuration data sets.
Purpose
As networks become larger and more complex, the Simple Network Management
Protocol (SNMP) can no longer meet the requirements for managing and
configuring networks. This is where NETCONF comes into play.
Table 1-58 lists the differences between SNMP and NETCONF.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 496
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-58 Comparison between SNMP and NETCONF
Funct SNMP NETCONF
ion
Confi SNMP does not provide a NETCONF provides a lock mechanism
gurati lock mechanism when to ensure that operations performed by
on multiple users perform multiple users do not conflict with each
mana operations on the same other.
geme configuration.
nt
Quer SNMP can be used to query NETCONF allows you to directly query
ying one or more records in a the configuration data of the system
table, requiring multiple and supports data filtering.
interactions.
Scala Poor. Good.
bility ● The NETCONF protocol framework
adopts a hierarchical structure with
four independent layers. Extensions
to one layer have little impact on the
other layers.
● XML encoding helps expand
NETCONF's management capabilities
and system compatibility.
Safet SNMPv2, released by the NETCONF uses existing security
y International Architecture protocols to ensure network security
Board (IAB) in 1996, provides and is not specific to any security
only limited security protocols. NETCONF is therefore more
improvements over SNMPv1. flexible than SNMP in security
SNMPv3, released in 2002, protection.
provides important security NOTE
improvements over the Secure Shell (SSH) is the preferred transport
previous two versions, but it protocol in NETCONF and is used to
is inextensible. This is transmit XML information.
because SNMPv3 security
parameters depend on the
use of the security model.
Benefits
● Facilitates configuration data management and interoperability between
different vendors' devices by using XML encoding to define messages and
using the RPC mechanism to modify configuration data.
● Reduces network faults caused by manual configuration errors.
● Improves the efficiency of tool-based upgrades to system software.
● Provides high extensibility, allowing different vendors to define additional
NETCONF operations.
● Improves data security using authentication and authorization mechanisms.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 497
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
This document is written according to device information obtained under lab conditions and
therefore may not cover all scenarios. Due to factors such as version upgrades and
differences in device models, the content provided in this document may differ from the
information on user device interfaces. Such information takes precedence over the content
provided by this document.
1.1.16.2 Understanding NETCONF
1.1.16.2.1 NETCONF Network Architecture
Basic Network Architecture of NETCONF
Figure 1-136 shows the basic network architecture of NETCONF. It must contain
at least one network management system (NMS) that runs on an NMS server and
manages devices.
Figure 1-136 Basic network architecture of NETCONF
The architecture consists of two main elements: client and server.
Table 1-59 Main elements in the basic network architecture of NETCONF
Main Element Function
NETCONF client A client manages network devices using
NETCONF.
● The client sends RPC requests to a
server to query or modify one or more
parameter values.
● The client learns the status of a
managed device based on the alarms
and events sent by the server.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 498
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Main Element Function
NETCONF server A server maintains information of
managed devices, responds to RPC
requests sent by clients, and sends the
requested management data to the
clients.
● After receiving a request from a client,
the server parses the request, processes
the request based on the configuration
management framework (CMF), and
then returns a response to the client.
● If a fault or another type of event
occurs on a managed device, the server
reports the alarm or event to the client
through the notification mechanism.
This allows the client to learn the
status of the managed device.
A network device must support at least one NETCONF session, which is a logical
connection between a client and a server. The information that a client obtains
from a server can be configuration or status data.
● The client can modify and operate configuration data to implement a user-
expected status of the server.
● The client cannot modify status data, which mainly includes the running
status and statistics of the server.
Establishing a Basic NETCONF Session
1. The client triggers the establishment of a NETCONF session. It then completes
SSH connection setup after authentication and authorization are complete.
2. The client and server complete NETCONF session establishment and capability
negotiation.
3. The client sends one or more requests to the server for RPC interaction
(authorization). For example:
– Modify and commit the configuration.
– Query the configuration data or status.
– Perform maintenance operations on the device.
4. Terminate the NETCONF session.
5. Tear down the SSH connection.
Session Interaction Between the Client and Server
After a NETCONF session is established, the client and server immediately
exchange Hello messages with each other (these messages include the <hello>
element, which contains the set of capabilities supported locally). If both ends
support a capability, they can implement special management functions based on
this capability.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 499
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The result of negotiating standard capabilities (except the notification capability)
depends on the server-side capability set whereas that of extended capabilities
depends on which capabilities both ends support.
NOTE
A NETCONF server can send a <hello> element to advertise the capabilities that it supports.
When a Huawei device interconnects with a non-Huawei device:
● If the capabilities contained in a <hello> element sent from the peer are all standard
capabilities, the Huawei device replies with a YANG packet.
After a NETCONF server exchanges <hello> elements with a NETCONF client, the
server waits for <rpc> elements from the client and responds an <rpc-reply>
element for each received <rpc> element. Figure 1-137 shows the capability
interaction between the NETCONF server and client.
Figure 1-137 Capability interaction between the server and client
1.1.16.2.2 NETCONF Protocol Architecture
NETCONF Protocol Framework
Like the open systems interconnection (OSI) model, the NETCONF protocol
framework also uses a hierarchical structure. Each layer encapsulates certain
functions and provides services for its upper layer.
This hierarchical structure enables each layer to focus only on a single aspect of
NETCONF and reduces the dependencies between different layers. In this way, the
impact that internal implementation imposes on other layers can be minimized.
Table 1-60 describes the four layers of the NETCONF protocol framework.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 500
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-60 NETCONF protocol framework
Layer Example Description
Layer BEEP, SSH, The transport layer provides a communication path for
1: and SSL interaction between a NETCONF client and server.
transp NETCONF can be carried over any transport protocol that
ort meets the following basic requirements:
● The transport protocol is connection-oriented and
establishes a persistent connection between the
NETCONF client and server. This connection provides
reliable, sequenced data transmission.
● The transport layer provides user authentication, data
integrity, and security encryption for NETCONF.
● The transport protocol provides a mechanism to
distinguish the session type (client or server) for
NETCONF.
NOTE
Currently, the device supports only SSH as the transport layer
protocol for NETCONF.
Layer <rpc> and The message layer provides a simple RPC request and
2: <rpc-reply> response mechanism independent of transport protocols.
messa The client encapsulates RPC request information in the
ge <rpc> element and sends it to the server through a secure
layer and connection-oriented session. The server encapsulates
RPC reply information (content at the operation and
content layers) in the <rpc-reply> element and sends it to
the client.
In normal cases, the <rpc-reply> element encapsulates
data required by the client or information about a
configuration success. If the client sends an incorrect
request or the server fails to process a request from the
client, the server encapsulates the <rpc-error> element
containing detailed error information in the <rpc-reply>
element and sends the <rpc-reply> element to the client.
Layer <get- The operations layer defines a series of basic operations
3: config>, used in RPC. These operations constitute basic capabilities
operat <edit- of NETCONF.
ions config>,
and
<notificatio
n>
Layer Configurati The content layer describes configuration data involved in
4: on data network management. The configuration data depends
conte on vendors' devices.
nt To date, only the content layer remains to be
standardized for NETCONF. This layer has no standard
NETCONF data modeling language or data model.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 501
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NETCONF Modeling Language
YANG is a data modeling language developed to design NETCONF-oriented
configuration data, status data models, RPC models, and notification mechanisms.
The YANG data model is a machine-oriented model interface, which defines data
structures and constraints to provide more flexible and complete data description.
Encoding Format
XML encoding is used in NETCONF, allowing complex hierarchical data to be
expressed in a text format that can be read, saved, and manipulated with both
traditional text tools and XML-specific tools.
XML-based network management uses XML to describe managed data and
management operations. In this way, management information forms a database
that is understandable to computers, allowing them to efficiently process network
management data using enhanced management capabilities.
The format of the file header used in XML encoding is <?xml version="1.0"
encoding="UTF-8"?>, where:
● <?: indicates the start of an instruction.
● xml: identifies an XML file.
● version="1.0": The XML1.0 standard version is used.
● encoding: indicates the character set encoding format. Only UTF-8 encoding
is supported.
● ?>: indicates the end of an instruction.
Communication Modes
The NETCONF client and server communicate through the RPC mechanism. To
implement the communication, a secure and connection-oriented session must be
established. After receiving an RPC request from the client, the server processes
the request and sends a response message to the client. The RPC request from the
client and the response message from the server are encoded in XML format. The
XML-encoded <rpc> and <rpc-reply> elements provide a request and response
message framework independent of transport layer protocols. Table 1-61 lists
some basic RPC elements.
Table 1-61 Element description
Element Description
<rpc> Encapsulates a request that the client sends to the NOTCONF
server.
<rpc-reply> Encapsulates a response message that the NETCONF server
sends in reply to each <rpc> request it receives.
<rpc-error> Notifies a client of an error that occurs during processing of an
<rpc> request. The server encapsulates the <rpc-error> element
in the <rpc-reply> element and sends the <rpc-reply> element to
the client.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 502
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Element Description
<ok> Notifies a client that no errors occur during processing of an
<rpc> request. The server encapsulates the <ok> element in the
<rpc-reply> element and sends the <rpc-reply> element to the
client.
Capability Set
NETCONF defines the syntax and semantics of capabilities. The protocol allows
the client and server to notify each other of supported capabilities. The client can
send the operation requests only within the capability range supported by the
server.
A capability set includes basic and extended functions implemented based on
NETCONF. The NETCONF capability set includes a standard capability set defined
by the IETF standards organization. In addition, a device can use the capability set
to add a protocol operation so that the operation range of the existing
configuration object is extended.
Each capability is identified by a unique uniform resource identifier (URI). The URI
format of the capability set defined by NETCONF is as follows:
urn:ietf:params:xml:ns:netconf:capability:{name}:{version}
In addition to the NETCONF-defined capability set, a vendor can define additional
capability sets to extend management functions. A module that supports the
YANG model needs to add YANG notifications to Hello messages before sending
the messages. The message format is as follows:
<capability>urn:huawei:yang:huawei-ifm?module=huawei-ifm&revision=2022-03-30</capability>
Configuration Database
A configuration database is a collection of complete configuration parameters for
a device. Table 1-62 describes NETCONF-defined configuration databases.
Table 1-62 NETCONF-defined configuration databases
Configur Description
ation
Database
<running/ Stores the device's currently running configuration, status
> information, and statistics.
Unless the NETCONF server supports the candidate capability, this
configuration database is the only standard database that is
mandatory.
To support modification of the <running/> configuration database,
a device must have the writable-running capability.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 503
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configur Description
ation
Database
<candidat Stores the configuration data to be run on a device.
e/> An administrator can perform operations on the <candidate/>
configuration database. Any change to the <candidate/> database
does not directly affect the configurations currently running on the
device.
To support the <candidate/> configuration database, a device must
have the candidate capability.
NOTE
The <candidate/> configuration databases supported by devices do not allow
inter-session data sharing. Therefore, the configuration of the <candidate/>
configuration database does not require additional locking operations.
<startup/ Stores the configuration data loaded during device startup, which is
> similar to the saved configuration file.
To support the <startup/> configuration database, a device must
have the distinct startup capability.
1.1.16.2.3 NETCONF Message Formats
Request Message
Figure 1-138 shows the structure of a complete NETCONF request message.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 504
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-138 Structure of a NETCONF YANG request message
A NETCONF request message consists of three layers. Table 1-63 describes the
fields in a NETCONF request message.
● Message: The message layer provides a simple and independent mechanism
of transmitting frames for RPC messages. The client encapsulates an RPC
request into an <rpc> element and sends it to the server, which encapsulates
the result of processing this request into the <rpc-reply> element and sends it
to the client.
● Operations: The operations layer defines a set of basic NETCONF operations.
These operations are invoked by RPC methods that are based on XML
encoding parameters.
● Content: The content (managed object) layer defines a configuration data
model. Currently, mainstream configuration data models include the YANG
model.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 505
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-63 Fields in a NETCONF message
Field Description
message-id Indicates the information code. The
value is specified by the client that
initiates the RPC request. After
receiving the RPC request message, the
server saves the message-id attribute,
which is used in an <rpc-reply>
message to be generated.
xmlns="urn:ietf:params:xml:ns:netconf: Indicates the NETCONF XML
base:1.0" namespace. base indicates that basic
operation types are supported.
base1.0: Indicates that the <running/>
configuration database is supported.
Basic operations, such as <get-config>,
<get>, <edit-config>, <copy-config>,
<delete-config>, <lock>, <unlock>,
<close-session>, and <kill-session>, are
defined. You can set the <error-option>
parameter to stop-on-error, continue-
on-error, or rollback-on-error.
base1.1: Indicates an upgrade of
base1.0, with the following changes:
● The remove operation is added to
the operation attribute of <edit-
config>.
● The well-known error-
tagmalformed-message is added,
and the well-known error-
tagpartial-operation is obsolete.
● The namespace wildcarding
mechanism is added for subtree
filtering.
● The chunked framing mechanism is
added to resolve the security issues
in the end-of-message (EOM)
mechanism.
If you want to perform an operation in
base1.1, the client must support
base1.1 so that this capability can be
advertised during capability set
exchange.
<edit-config> Indicates the operation type.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 506
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description
<target> Indicates the target data set to be
operated:
● running
● candidate
● startup
<default-operation> Indicates the default operation type.
<error-option> Indicates the mode for processing
subsequent operations if an error
occurs during an <edit-config>
operation. The options are as follows:
● stop-on-error: stops the operation
when an error occurs.
● continue-on-error: records the
error information and continues the
execution after an error occurs. If
an error occurs, the NETCONF
server returns an <rpc-reply>
message to the client, indicating an
operation failure.
● rollback-on-error: stops the
operation after an error occurs and
rolls back the configuration to the
state before the <edit-config>
operation is performed. This
operation is supported only when
the device supports the rollback-on-
error capability.
<config> Indicates a group of hierarchical
configuration items defined in the data
model. The configuration items must
be placed in the specified namespace
and meet the constraints of that data
model, as defined by its capability set.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 507
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description
]]>]]> Indicates the end character of an XML
message.
NOTE
When a server exchanges XML packets
with a client, the packets must be
concluded with the end character ]]>]]>.
Otherwise, the device cannot identify the
XML packets and does not respond to
them. By default, the end character is
automatically added to XML messages sent
by a device. The examples provided in this
document omit the end character for
brevity.
If the capability set in the <hello> elements
contains base1.1, the RPC messages in the
YANG model support the chunk format.
Messages in chunk format can be
fragmented. The end character is \n##\n.
Response Message
If a request message is successfully executed, the device returns a successful
response. Otherwise, the device returns a failed response.
● For a successful response, an <rpc-reply> message carrying the <ok> element
is returned.
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="10"
nc-ext:flow-id="33"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/></rpc-reply>
● For a failed response, an <rpc-reply> message carrying the <rpc-error>
element is returned.
<?xml version="1.0" encoding="utf-8"?
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<rpc-error>
<error-type>application</error-type>
<error-tag>data-exists</error-tag>
<error-severity>error</error-severity>
<error-app-tag>43</error-app-tag>
<error-path xmlns:acl="urn:huawei:yang:huawei-acl">acl:acl/acl:groups/
acl:group[acl:identity='2000']</error-path>
<error-message xml:lang="en">Invalid ACL number:Number can not be the number of an existent
ACL.</error-message>
<error-info xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext">
<nc-ext:error-info-code>8123</nc-ext:error-info-code>
</error-info>
</rpc-error>
</rpc-reply>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 508
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-64 Description of each field in a response message
Field Description
xmlns Indicates the NETCONF XML
namespace.
message-id Indicates the information code. The
value is specified by the client that
initiates the RPC request. After
receiving the RPC request message,
the server saves the message-id
attribute, which is used in an <rpc-
reply> message to be generated.
flow-id Indicates the configuration change
ID.
NOTE
The flow-id field is carried only in the
running data set of the <edit-config> or
<edit-data> operation or in the response
packet of the <commit> or <sync-full>
operation.
flow-id-time Indicates the time when the
configuration change ID is
generated.
NOTE
The flow-id-time field is carried only in
the running data set of the <edit-
config> operation and <edit-data>
operation or the response packet of the
<commit> operation.
<error-type> Defines the protocol layer at which
an error occurs. The value can be
transport, RPC, protocol, or
application.
<error-tag> Indicates the error information.
<error-severity> Indicates the severity of an error.
The value can be error or warning.
<error-app-tag> Indicates a specific error type. This
element is not present if no <error-
tag> is associated with the error
type.
<error-path> Indicates the location where the
error occurs and the name of the file
where the error occurs.
<error-message> Indicates the description of the error.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 509
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description
<error-info> Indicates the error information
about a specific protocol or data
model. This element is not present if
the correct <error-info> is not
provided.
<error-paras> Indicates an error parameter list.
1.1.16.2.4 NETCONF Subtree Filtering
Overview
Subtree filtering is a mechanism that allows an application to query particular
data for a <get> or <get-config> operation.
Subtree filtering provides a small set of filters for inclusion, simple content exact-
match, and selection. The NETCONF agent does not need to use any semantics
specific to any particular data model during processing, allowing for simple and
centralized implementation policies.
Subtree Filter Components
Each node specified in subtree filtering represents a filter. The filter only selects
nodes associated with the basic data model of a specified database on the
NETCONF server. A node matching any filtering rule and element hierarchy is
selected. Table 1-65 describes subtree filter components.
Table 1-65 Subtree filter components
Component Description
Namespace If namespaces are used, the filter output will include only
selection elements from the specified namespace.
Containment node A containment node is a node that contains child elements
within a subtree filter.
For each containment node specified in a subtree filter, all
data model instances that are exact matches for the
specified namespaces and element hierarchy are included
in the filter output.
Content match A content match node is a leaf node that contains simple
node content within a subtree filter.
This node is used to select some or all of its relevant nodes
for filter output and represents an exact-match filter of the
leaf node element content.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 510
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Component Description
Selection node A selection node is an empty leaf node within a subtree
filter.
This node represents an explicit selection filter of the
underlying data model. Presence of any selection nodes
within a set of sibling nodes will cause the filter to select
the specified subtrees and suppress automatic selection of
the entire set of sibling nodes in the underlying data
model.
● Namespace selection
If the XML namespace associated with a specific node in the <filter> element
is the same as that in the underlying data model, the namespace is matched.
<filter type="subtree">
<top xmlns="http://example.com/schema/1.2/config"/>
</filter>
In this example, the <top> element is a selection node. If the node namespace
complies with http://example.com/schema/1.2/config, the node and its
child nodes will be included in the filter for output.
● Containment node
The child element of a containment node can be a node of any type,
including another containment node. For each containment node specified in
the subtree filter, all data model instances that completely match the
specified namespace and element hierarchy, and any attribute-matching
expression are included in the output.
<filter type="subtree">
<top xmlns="http://example.com/schema/1.2/config">
<users/>
</top>
</filter>
In this example, the <top> element is a containment node.
● Content match node
A leaf node that contains simple content is called a content match node. It is
used to select some or all of its sibling nodes for filter output and represents
exact match of the leaf node element content.
<filter type="subtree">
<top xmlns="http://example.com/schema/1.2/config">
<users>
<user>
<name>fred</name>
</user>
</users>
</top>
</filter>
In this example, both the <users> and <user> nodes are containment nodes,
and the <name> node is a content match node. Because the sibling nodes of
the <name> node are not specified, only <user> nodes that comply with
namespace http://example.com/schema/1.2/config, with their element
hierarchies matching the name element and their values being fred, can be
included in the filter output. All sibling nodes of the <name> node are
included in the filter output.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 511
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The support-filter statement in the YANG model indicates whether filtering based on
node content is supported when a node is being operated.
● For key nodes, filtering based on node content is supported by default.
● For non-key nodes, filtering based on node content is not supported by default. If
the value of the support-filter statement is set to true for a non-key node, filtering
based on node content is supported.
● Selection node
Selection nodes represent a basic data model for an explicit selection of
filters. If any selection node appears in a group of same-level sibling nodes,
the filter selects a specified subtree and suppresses the automatic selection of
the entire sibling node set in the basic data model. In a filtering expression,
an empty tag (such as <foo/>) or an expression with explicit start and end
tags (such as <foo> </ foo>) can be used to specify an empty leaf node. In
this case, all blank characters will be ignored.
<filter type="subtree">
<top xmlns="http://example.com/schema/1.2/config">
<users/>
</top>
</filter>
In this example, the <top> node is a containment node, and the <users> node
is a selection node. The <users> node can be included for filter output only
when the <users> node complies with namespace http://example.com/
schema/1.2/config and is contained in the <top> element in the root
directory of the configuration database.
Subtree Filter Processing
First, the subtree filter output is set as empty. Each subtree filter can contain one
or more data model segments, each of which represents one of the selected
output parts of the selected data model. Each subtree data segment is composed
of data models supported by the NETCONF server. If the entire subtree data
segment completely matches part of the data models supported by the NETCONF
server, all nodes and child nodes of the subtree data segment are selected and
output to the query result.
● If no filter is used, all data in the current data model is returned in the query
result.
RPC request
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get/>
</rpc>
RPC reply
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<!-- ... entire set of data returned ... -->
</data>
</rpc-reply>
● If an empty filter is used, the query result contains no data output, in that no
content match or selection node is specified.
RPC request
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 512
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter type="subtree">
</filter>
</get>
</rpc>
RPC reply
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
</data>
</rpc-reply>
● Multi-subtree filtering
The following example uses the root, fred, and barney subtree filters.
The root subtree filter contains two containment nodes (<users> and <user>),
one content match node (<name>), and one selection node (<company-
info>). As for subtrees that meet selection criteria, only <company-info> is
selected.
The fred subtree filter contains three containment nodes (<users>, <user>,
and <company-info>), one content match node (<name>), and one selection
node (<id>). As for subtrees that meet the selection criteria, only the <id>
element in <company-info> is selected.
The barney subtree filter contains three containment nodes (<users>, <user>,
and <company-info>), two content match nodes (<name> and <type>), and
one selection node (<dept>). User barney is not of the userbarney type and
does not comply with the subtree filtering rule. Therefore, the entire subtree
of barney (including its parent node <user>) is not selected.
RPC request
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-config>
<source>
<running/>
</source>
<filter type="subtree">
<ifm xmlns="http://example.com/schema/1.2/config">
<users>
<user>
<name>root</name>
<company-info/>
</user>
<user>
<name>fred</name>
<company-info>
<id/>
</company-info>
</user>
<user>
<name>barney</name>
<type>userbarney</type>
<company-info>
<dept/>
</company-info>
</user>
</users>
</ifm>
</filter>
</get-config>
</rpc>
RPC reply
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 513
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<ifm xmlns="http://example.com/schema/1.2/config">
<users>
<user>
<name>root</name>
<company-info>
<dept>1</dept>
<id>1</id>
</company-info>
</user>
<user>
<name>fred</name>
<company-info>
<id>2</id>
</company-info>
</user>
</users>
</ifm>
</data>
</rpc-reply>
1.1.16.3 NETCONF Operation Capabilities
NETCONF provides a set of basic operations for you to manage device
configurations and retrieve device configuration and status data. NETCONF also
provides additional operations based on the capabilities advertised by a device.
1.1.16.3.1 Basic NETCONF Operations
get-config
The <get-config> operation queries all or specified configuration data sets.
● source: specifies a configuration database in which configuration data is
being queried. The value can be <running/>, <candidate/>, or <startup/>.
● filter: specifies a range to be queried in the configuration database. If this
parameter is not specified, all configurations on the device are returned.
The following example shows how to query interface configuration of the IFM
feature in the <running/> database. The queried interface information is contained
in an RPC reply message.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="827">
<get-config>
<source>
<running/>
</source>
<filter type="subtree">
<ifm:ifm xmlns:ifm="urn:huawei:yang:huawei-ifm">
<ifm:interfaces>
<ifm:interface/>
</ifm:interfaces>
</ifm:ifm>
</filter>
</get-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 514
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<class>main-interface</class>
<type>GigabitEthernet</type>
<number>0/1/1</number>
<admin-status>up</admin-status>
<link-protocol>ethernet</link-protocol>
<statistic-enable>true</statistic-enable>
<mtu>1500</mtu>
<spread-mtu-flag>false</spread-mtu-flag>
<vrf-name>_public_</vrf-name>
</interface>
</interfaces>
</ifm>
</data>
get-data
The <get-data> operation can be used to retrieve all or specified configuration or
status data sets from the NMDA data set.
● source: indicates the name of the database being queried. If the database
name is <ietf-datastores:running/>, <ietf-datastores:candidate/>, or < ietf-
datastores:startup/>, the configuration data is queried. If the database name
is <ietf-datastore:operational/>, the configuration and status data of the
current device is returned.
● xpath-filter: specifies a range to be queried in the configuration database in
the form of an XPath. If this parameter is not specified, all configurations on
the device are returned.
● subtree-filter: specifies a range to be queried in the configuration database in
the form of a subtree. If this parameter is not specified, all configurations on
the device are returned.
The following example shows how to query the task group configuration of the
AAA feature in the <ietf-datastores:running/> database. The queried group
information is returned in an RPC reply message.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<datastore>ds:running</datastore>
<subtree-filter>
<aaa:aaa xmlns:aaa="urn:huawei:yang:huawei-aaa">
<aaa:task-groups>
<aaa:task-group/>
</aaa:task-groups>
</aaa:aaa>
</subtree-filter>
</get-data>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">
<aaa xmlns="urn:huawei:yang:huawei-aaa">
<task-groups>
<task-group>
<name>manage-tg</name>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 515
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
</task-group>
<task-group>
<name>system-tg</name>
</task-group>
<task-group>
<name>monitor-tg</name>
</task-group>
<task-group>
<name>visit-tg</name>
</task-group>
</task-groups>
</aaa>
</data>
</rpc-reply>
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<datastore>ds:running</datastore>
<xpath-filter xmlns:aaa="urn:huawei:yang:huawei-aaa">/aaa:aaa/aaa:task-groups/aaa:task-group</
xpath-filter>
</get-data>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">
<aaa xmlns="urn:huawei:yang:huawei-aaa">
<task-groups>
<task-group>
<name>manage-tg</name>
</task-group>
<task-group>
<name>system-tg</name>
</task-group>
<task-group>
<name>monitor-tg</name>
</task-group>
<task-group>
<name>visit-tg</name>
</task-group>
</task-groups>
</aaa>
</data>
</rpc-reply>
get
The <get> operation only retrieves data from the <running/> configuration
database.
If the <get> operation is successful, the NETCONF server returns an <rpc-reply>
element containing a <data> element with the results of the query. If the
operation fails, the server returns an <rpc-reply> element containing an <rpc-
error> element.
NOTE
The differences between <get> and <get-config> operations are as follows:
● The <get-config> operation can retrieve data from the <running/>, <candidate/>, and
<startup/> configuration databases, whereas the <get> operation can only retrieve
data from the <running/> configuration database.
● The <get-config> operation can only retrieve configuration data, whereas the <get>
operation can retrieve both configuration and status data.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 516
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The following example shows how to query interface configuration of the IFM
feature in the database. The queried interface information is contained in an RPC
reply message.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="831">
<get>
<filter type="subtree">
<ifm:ifm xmlns:ifm="urn:huawei:yang:huawei-ifm">
<ifm:interfaces>
<ifm:interface/>
</ifm:interfaces>
</ifm:ifm>
</filter>
</get>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<index>4</index>
<class>main-interface</class>
<type>GigabitEthernet</type>
<position>0/0/0</position>
<number>0/1/1</number>
<admin-status>up</admin-status>
<link-protocol>ethernet</link-protocol>
<statistic-enable>true</statistic-enable>
<mtu>1500</mtu>
<spread-mtu-flag>false</spread-mtu-flag>
<vrf-name>_public_</vrf-name>
<dynamic>
<oper-status>up</oper-status>
<physical-status>up</physical-status>
<link-status>up</link-status>
<mtu>1500</mtu>
<bandwidth>100000000</bandwidth>
<ipv4-status>up</ipv4-status>
<ipv6-status>down</ipv6-status>
<is-control-flap-damp>false</is-control-flap-damp>
<mac-address>00e0-fc12-3456</mac-address>
<line-protocol-up-time>2019-05-25T02:33:46Z</line-protocol-up-time>
<is-offline>false</is-offline>
<link-quality-grade>good</link-quality-grade>
</dynamic>
<mib-statistics>
<receive-byte>0</receive-byte>
<send-byte>0</send-byte>
<receive-packet>363175</receive-packet>
<send-packet>61660</send-packet>
<receive-unicast-packet>66334</receive-unicast-packet>
<receive-multicast-packet>169727</receive-multicast-packet>
<receive-broad-packet>127122</receive-broad-packet>
<send-unicast-packet>61363</send-unicast-packet>
<send-multicast-packet>0</send-multicast-packet>
<send-broad-packet>299</send-broad-packet>
<receive-error-packet>0</receive-error-packet>
<receive-drop-packet>0</receive-drop-packet>
<send-error-packet>0</send-error-packet>
<send-drop-packet>0</send-drop-packet>
</mib-statistics>
<common-statistics>
<stati-interval>300</stati-interval>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 517
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<in-byte-rate>40</in-byte-rate>
<in-bit-rate>320</in-bit-rate>
<in-packet-rate>2</in-packet-rate>
<in-use-rate>0.01%</in-use-rate>
<out-byte-rate>0</out-byte-rate>
<out-bit-rate>0</out-bit-rate>
<out-packet-rate>0</out-packet-rate>
<out-use-rate>0.00%</out-use-rate>
<receive-byte>0</receive-byte>
<send-byte>0</send-byte>
<receive-packet>363183</receive-packet>
<send-packet>61662</send-packet>
<receive-unicast-packet>66334</receive-unicast-packet>
<receive-multicast-packet>169727</receive-multicast-packet>
<receive-broad-packet>127122</receive-broad-packet>
<send-unicast-packet>61363</send-unicast-packet>
<send-multicast-packet>0</send-multicast-packet>
<send-broad-packet>299</send-broad-packet>
<receive-error-packet>0</receive-error-packet>
<receive-drop-packet>0</receive-drop-packet>
<send-error-packet>0</send-error-packet>
<send-drop-packet>0</send-drop-packet>
<send-unicast-bit>0</send-unicast-bit>
<receive-unicast-bit>0</receive-unicast-bit>
<send-multicast-bit>0</send-multicast-bit>
<receive-multicast-bit>0</receive-multicast-bit>
<send-broad-bit>0</send-broad-bit>
<receive-broad-bit>0</receive-broad-bit>
<send-unicast-bit-rate>0</send-unicast-bit-rate>
<receive-unicast-bit-rate>0</receive-unicast-bit-rate>
<send-multicast-bit-rate>0</send-multicast-bit-rate>
<receive-multicast-bit-rate>0</receive-multicast-bit-rate>
<send-broad-bit-rate>0</send-broad-bit-rate>
<receive-broad-bit-rate>0</receive-broad-bit-rate>
<send-unicast-packet-rate>0</send-unicast-packet-rate>
<receive-unicast-packet-rate>0</receive-unicast-packet-rate>
<send-multicast-packet-rate>0</send-multicast-packet-rate>
<receive-multicast-packet-rate>0</receive-multicast-packet-rate>
<send-broadcast-packet-rate>0</send-broadcast-packet-rate>
<receive-broadcast-packet-rate>0</receive-broadcast-packet-rate>
</common-statistics>
</interface>
</ifm>
</data>
edit-config
The <edit-config> operation loads all or some configurations to a specified target
configuration database (<running/> or <candidate/>).
The <edit-config> operation supports multiple modes for loading configurations.
For example, you can load local and remote files, and edit files online. If a
NETCONF server supports the URL capability, the <url> parameter (which
identifies a local configuration file) can be used to replace the <config> parameter.
Parameters in an RPC message of the <edit-config> operation are described as
follows:
● <config>: indicates a group of hierarchical configuration items defined in the
data model.
The <config> parameter may contain the optional operation attribute, which
is used to specify an operation type for a configuration item. If the operation
attribute is not present, the <merge> operation is performed by default. The
values of the operation attribute are as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 518
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
– merge: modifies or creates data in the database. This is the default
operation.
– create: adds configuration data to the configuration database only if
such data does not exist. If the configuration data already exists, <rpc-
error> is returned, in which the <error-tag> value is data-exists.
– delete: deletes a specified configuration data record from the
configuration database. If the data exists, it is deleted. If the data does
not exist, <rpc-error> is returned, in which the <error-tag> value is data-
missing.
– remove: removes a specified configuration data record from the
configuration database. If the data exists, it is deleted. If the data does
not exist, a success message is returned.
– replace: replaces existing data or creates data that does not exist in the
database.
● <target>: indicates the configuration database to be edited. The configuration
database can be set based on scenarios.
– In immediate validation mode, set the database to <running/>.
– In two-phase validation mode, set the database to <candidate/>. After
editing the database, perform the <commit> operation so that the
modified configuration takes effect.
– In trial mode, set the database to <candidate/>.
● <default-operation>: sets a default operation for the <edit-config> operation.
The <default-operation> parameter is optional. Its values are as follows:
– merge: merges the configuration data in the <config> parameter with
that in the target configuration database. This is the default operation.
– replace: completely replaces the configuration data in the target
configuration database with the configuration data in the <config>
parameter.
– none: ensures that the configuration data in <config> does not affect
that in the target configuration database, with the exception that the
operation specified by the <operation> attribute is performed. If the
<config> parameter contains configuration data that does not exist at the
corresponding data level in the target configuration database, <rpc-error>
is returned, in which the <error-tag> value is data-missing. This prevents
redundant elements from being created when a specified operation is
performed. For example, when a specified child element is deleted,
<config> contains the parent hierarchical structure of the child element
but the target database does not contain the configuration of the parent
element. If the value of the <default-operation> parameter is not none,
the configuration of the parent element is created in the database when
the child element is deleted. Otherwise, the child element is deleted, and
the configuration of the parent element is not created.
● <error-option>: sets a mode for processing subsequent instance configurations
if an error occurs in the current instance configuration. Its values are as
follows (the default value is stop-on-error):
– If the target configuration database is <running/>:
▪ stop-on-error: stops the operation if an error occurs and rolls back
the configuration according to rollback-on-error.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 519
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
▪ continue-on-error: records the error information and continues the
execution after an error occurs. If an error occurs, the NETCONF
server returns an RPC reply message to the client, indicating an
operation failure.
▪ rollback-on-error: stops the operation after an error occurs and rolls
back the configuration to the state before the <edit-config>
operation is performed. This operation is supported only when the
device supports the rollback-on-error capability.
– If the target configuration database is <candidate/>, set the value of
<error-option> to rollback-on-error for subsequent instances after an
error occurs in the current instance configuration.
The following example shows how to change the ifDescr value of
GigabitEthernet0/1/1 in the running configuration database to huawei.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="15">
<edit-config>
<target>
<running/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<class>main-interface</class>
<type>GigabitEthernet</type>
<number>0/1/1</number>
<admin-status>up</admin-status>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="15"
nc-ext:flow-id="27"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
The following example shows how to delete the configuration of the interface
named LoopBack1023 from the running configuration database.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="844">
<edit-config>
<target>
<running/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="delete">
<name>LoopBack1023</name>
</interface>
</interfaces>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 520
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
</ifm>
</config>
</edit-config>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="844"
nc-ext:flow-id="29"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
If the validate capability is supported, the <test-option> parameter can be
specified for the <edit-config> operation. If the <test-option> parameter is not
specified, the system processes the <edit-config> operation based on the test-
then-set process by default.
● If the <test-option> parameter value is test-then-set or the parameter is not
specified, nodes at any layer support the <replace> operation, which replaces
the configuration in the target database with that in the current RPC request.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="">
<edit-config>
<target>
<running/>
</target>
<config>
<acl xmlns="urn:huawei:yang:huawei-acl">
<groups>
<group nc:operation="replace" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<identity>2000</identity>
<type>basic</type>
<match-order>config</match-order>
<step>5</step>
</group>
</groups>
</acl>
</config>
</edit-config>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="849"
nc-ext:flow-id="31"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
● If the <test-option> parameter value is test-then-set or the parameter is not
specified, nodes at any layer support the <delete> and <remove> operations,
which delete all configuration data of a specified node in the configuration
database.
The following example shows how to delete the vplsInstances configuration.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="849">
<edit-config>
<target>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 521
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<running/>
</target>
<config>
<l2vpn xmlns="urn:huawei:yang:huawei-l2vpn">
<instances xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="delete"/>
</l2vpn>
</config>
</edit-config>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="849"
nc-ext:flow-id="31"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
edit-data
The <edit-data> operation can be used to load all or some configuration data to a
specified target configuration database (<ietf-datastores:running/> or <ietf-
datastores:candidate/>). The device authorizes the operation in <edit-data>. After
the authorization succeeds, the device performs corresponding modification.
The <edit-data> operation supports multiple modes for loading configurations. For
example, you can load local and remote files, and edit files online. If a NETCONF
server supports the URL capability, the <url> parameter (which identifies a local
configuration file) can be used to replace the <config> parameter.
Parameters in an RPC message of the <edit-data> operation are described as
follows:
● <config>: indicates a group of hierarchical configuration items defined in the
data model.
The <config> parameter may contain the optional operation attribute, which
is used to specify an operation type for a configuration item. If the operation
attribute is not present, the <merge> operation is performed by default. The
<operation> attribute values are as follows:
– merge: modifies or creates data in the database. This is the default
operation.
– create: adds configuration data to the configuration database only if
such data does not exist. If the configuration data already exists, <rpc-
error> is returned, in which the <error-tag> value is data-exists.
– delete: deletes a specified configuration data record from the
configuration database. If the data exists, it is deleted. If the data does
not exist, <rpc-error> is returned, in which the <error-tag> value is data-
missing.
– remove: removes a specified configuration data record from the
configuration database. If the data exists, it is deleted. If the data does
not exist, a success message is returned.
– replace: replaces configuration data records in the configuration
database. If the data exists, all relevant data is replaced. If the data does
not exist, the data is created. Different from the <copy-config> operation
(which completely replaces the configuration data in the target
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 522
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
configuration database), this operation affects only the configuration that
exists in the <config> parameter.
● target: indicates the configuration database to be edited. The configuration
database can be set based on scenarios.
– In immediate validation mode, set the database to <ietf-
datastores:running/>.
– In two-phase validation mode, set the database to <ietf-
datastores:candidate/>. After editing the database, perform the
<commit> operation to submit the configuration for the modification to
take effect.
– In trial mode, set the database to <ietf-datastores:candidate/>.
● default-operation: sets a default operation for the <edit-data> operation.
The <default-operation> parameter is optional. Its values are as follows:
– merge: merges the configuration data in the <config> parameter with
that in the target configuration database. This is the default operation.
– replace: completely replaces the configuration data in the target
configuration database with the configuration data in the <config>
parameter.
– none: ensures that the configuration data in <config> does not affect
that in the target configuration database, with the exception that the
operation specified by the <operation> attribute is performed. If the
<config> parameter contains configuration data that does not exist at the
corresponding data level in the target configuration database, <rpc-error>
is returned, in which the <error-tag> value is data-missing. This prevents
redundant elements from being created when a specified operation is
performed. For example, when a specified child element is deleted,
<config> contains the parent hierarchical structure of the child element
but the target database does not contain the configuration of the parent
element. If the value of the <default-operation> parameter is not none,
the configuration of the parent element is created in the database when
the child element is deleted. Otherwise, the child element is deleted, and
the configuration of the parent element is not created.
The following example shows how to change the description value of the
GigabitEthernet0/1/1 interface in the <ietf-datastores:running/> database to
huawei.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<edit-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<datastore>ds:running</datastore>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<description>huawei</description>
</interface>
</interfaces>
</ifm>
</config>
</edit-data>
</rpc>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 523
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="5"
nc-ext:flow-id="27"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
The following example shows how to delete the configuration of the interface
named LoopBack1023 from the running configuration database.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<edit-data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<datastore>ds:running</datastore>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="delete">
<name>LoopBack1023</name>
</interface>
</interfaces>
</ifm>
</config>
</edit-data>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="5"
nc-ext:flow-id="28"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
copy-config
The <copy-config> operation replaces the target configuration database with the
source configuration database. The target database is overwritten if it exists, or a
new one is created, if allowed.
● The configuration data in the <candidate/> and <running/> databases can be
saved to a specified URL file.
● The configuration data in the <running/> database can be copied to the
<candidate/> or <startup/> database.
Save the configuration data in the <running/> database to the local abc.xml file:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<copy-config>
<target>
<url>file:///abc.xml</url>
</target>
<source>
<running/>
</source>
</copy-config>
</rpc>
● RPC reply
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 524
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Use FTP to save the configuration data in the <candidate/> configuration
database to a remote path specified by the URL.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<copy-config>
<target>
<url>ftp://root:[email protected]/abc.xml</url>
</target>
<source>
<candidate/>
</source>
</copy-config>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
delete-config
This operation deletes a configuration database. The <running/> configuration
database cannot be deleted.
If the <delete-config> operation is successful, the server sends an <rpc-reply>
element containing an <ok> element. Otherwise, the server sends an <rpc-reply>
element containing an <rpc-error> element.
The following is an example of deleting the <startup/> database.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<delete-config>
<target>
<startup/>
</target>
</delete-config>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
lock
This operation locks a configuration database of a device, preventing it from being
modified by other users. The locks eliminate errors caused by simultaneous
modifications of the database by NETCONF managers or SNMP or CLI scripts.
If the configuration database is already locked by an authorized user, the <error-
tag> element will be displayed as lock-denied and the <error-info> element will
include <session-id> of the lock owner in the reply message.
The following example shows a successful locking of the <running/> configuration
database.
● RPC request
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 525
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<lock>
<target>
<running/>
</target>
</lock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
If the NMDA data set is supported, the data set format in the target configuration
database is different, as shown in the following:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<lock xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<target>
<datastore xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">ds:running</datastore>
</target>
</lock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
The following example shows a failure to lock the <running/> configuration
database.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<lock>
<target>
<running/>
</target>
</lock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<rpc-error>
<error-type>protocol</error-type>
<error-tag>lock-denied</error-tag>
<error-severity>error</error-severity>
<error-app-tag>43</error-app-tag>
<error-message>The configuration is locked by other user. [Session ID = 629] </error-message>
<error-info>
<session-id>629</session-id>
<error-paras>
<error-para>629</error-para>
</error-paras>
</error-info>
</rpc-error>
</rpc-reply>
If the NMDA data set is supported, the data set format in the target configuration
database is different, as shown in the following:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<lock xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<target>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 526
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<datastore xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">ds:running</datastore>
</target>
</lock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<rpc-error>
<error-type>protocol</error-type>
<error-tag>lock-denied</error-tag>
<error-severity>error</error-severity>
<error-app-tag>43</error-app-tag>
<error-message>The configuration is locked by other user. [Session ID = 629] </error-message>
<error-info>
<session-id>629</session-id>
<error-paras>
<error-para>629</error-para>
</error-paras>
</error-info>
</rpc-error>
</rpc-reply>
unlock
This operation cancels the <lock> operation performed by the specified user, rather
than the <lock> operation performed by other users.
If the <unlock> operation is successful, the server sends an <rpc-reply> element
containing an <ok> element. Otherwise, the server sends an <rpc-reply> element
containing an <rpc-error> element.
The following is an example of unlocking the <running/> database.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<unlock>
<target>
<running/>
</target>
</unlock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
If the NMDA data set is supported, the data set format in the target configuration
database is different, as shown in the following:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<unlock xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<target>
<datastore xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">ds:running</datastore>
</target>
</unlock>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 527
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
close-session
This operation terminates a NETCONF session.
After receiving a <close-session> request, the NETCONF server terminates the
current NETCONF session. The server releases all locks and resources associated
with the session. After receiving a <close-session> request, the NETCONF server
ignores all request messages of the session.
The following is an example of terminating the current NETCONF session.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session/>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
kill-session
The <kill-session> operation forcibly terminates a NETCONF session. Only an
administrator is authorized to perform this operation.
After receiving a <kill-session> request, the NETCONF server stops all operations
that are being performed for the session, releases all the locks and resources
associated with the session, and terminates the session.
If the NETCONF server receives a <kill-session> request when performing the
<commit> operation, it must restore the configuration to the state before the
configuration is committed.
The following is an example of forcibly terminating the NETCONF session with the
session ID of 4.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<kill-session>
<session-id>4</session-id>
</kill-session>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
1.1.16.3.2 NETCONF Standard Capability Set
Writable-running
This capability indicates that the device supports direct writes to the <running/>
configuration database. Specifically, the device supports <edit-config> and <copy-
config> operations on the <running/> configuration database.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 528
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<edit-config>
<target>
<running/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1500</mtu>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="101"
nc-ext:flow-id="27"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
Candidate Configuration
This capability indicates that the device supports the <candidate/> configuration
database.
The <candidate/> configuration database holds a complete set of configuration
data that can be manipulated without impacting the device's current
configuration. This configuration database serves as a work place for manipulating
configuration data.
Additions, deletions, and changes can be made to the data in the <candidate/>
configuration database to construct the desired configuration data. The following
operations can be performed at any time:
● <commit>: converts all configuration data in the <candidate/> configuration
database into running configuration data.
If the <commit> operation fails, the content in the <candidate/> configuration
database remains unchanged.
● <discard-changes>: discards uncommitted configuration data in the
<candidate/> configuration database. After this operation is performed, the
configuration data in the <candidate/> configuration database is the same as
that in the <running/> configuration database again.
A device establishes an independent <candidate/> configuration database for each
NETCONF session.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<candidate/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 529
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1500</mtu>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<ok/>
</rpc-reply>
Confirmed Commit
This capability indicates that the device can confirm configurations. In other
words, the <commit> message delivered in this instance does not directly commit
the configuration and depends on the next <commit> message to trigger
configuration commitment.
confirmed-commit:1.0
The <commit> operation can carry the <confirmed> and <confirm-timeout>
parameters.
● <confirmed>: submits the configuration data in the <candidate/>
configuration database and converts it into the running configuration data on
a device (configuration data in the <running/> configuration database).
● <confirm-timeout>: specifies a timeout period for confirming the <commit>
operation, in seconds. The default value is 600s. After the <commit> operation
is performed, if the confirmation operation is not performed within the
timeout period, the configuration in the <running/> configuration database is
rolled back to the state before the <commit> operation is performed and the
modified data in the <candidate/> configuration database is abandoned.
This capability is valid only when the device supports the candidate configuration
capability. It is mainly used in service trial running and verification scenarios.
The following is an example of submitting the current configuration and setting
the timeout period for confirming the <commit> operation to 120s.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<commit>
<confirmed/>
<confirm-timeout>120</confirm-timeout>
</commit>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="101"
nc-ext:flow-id="29"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 530
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
confirmed-commit:1.1
● The <commit> operation can carry the <persist> and <persist-id> parameters.
If a <confirmed-commit> message carries the <persist> parameter, the trial
run operation created using <confirmed-commit> is still effective after the
associated session is terminated. The device allows a message to carry the
<persist-id> parameter to update an existing trial run operation.
The following example shows how to carry the <persist> parameter in a
message for the <commit> operation.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
<commit>
<confirmed/>
<persist>123</persist>
</commit>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="3"
nc-ext:flow-id="29"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
The following example shows how to carry the <persist-id> parameter in a
message for the <commit> operation.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<commit>
<confirmed/>
<persist-id>123</persist-id>
</commit>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="2"
nc-ext:flow-id="29"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
● The <cancel-commit> operation is supported. The <persist-id> parameter can
be carried to terminate the trial run operation being executed, which is
created using <confirmed-commit> with the <persist> parameter.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<cancel-commit>
<persist-id>IQ,d4668</persist-id>
</cancel-commit>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 531
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<ok/>
</rpc-reply>
Rollback on Error
This capability allows the device to perform a rollback when an error occurs.
Specifically, "rollback-on-error" can be carried in the <error-option> parameter of
the <edit-config> operation. If an error occurs and the <rpc-error> element is
generated, the server stops performing the <edit-config> operation and restores
the specified configuration to the state before the <edit-config> operation is
performed.
This capability is valid only when the device supports the candidate configuration
capability.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<error-option>rollback-on-error</error-option>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1000</mtu>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="101"
nc-ext:flow-id="27"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
Distinct Startup
This capability indicates that the device can perform an independent startup.
Specifically, the device can distinguish the <running/> configuration database from
the <startup/> configuration database.
The NETCONF server needs to independently maintain the running configuration
and restore the configuration after the device restarts. Because the configuration
data of the <running/> configuration database is not automatically synchronized
to the <startup/> configuration database, you must copy the data from the
<running/> configuration database to the <startup/> configuration database by
using an operation such as a <copy-config>.
The following is an example of executing the <copy-config> operation to copy the
data from the <running/> database to the <startup/> database.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 532
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<copy-config>
<source>
<running/>
</source>
<target>
<startup/>
</target>
</copy-config>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
XPath Capability
This capability indicates that the device can use XPath expressions in the <filter>
element as query conditions, and the <get> and <get-config> operations can
query specified data through an XPath.
XPath — XML Path Language — uses path expressions for the addressing of parts
of an XML file. The XPath syntax is similar to the file path in the file management
system.
XPath syntax specifications are as follows:
● An XPath can only function as a basic absolute path, and steps are separated
using slashes (/), for example, /acl/aclGroups/aclGroup.
● Only predicates in the [node name='value'] format (for example,
[genre='Computer']) are supported, and there can be multiple predicates in
an AND relationship.
● XPath supports multiple namespaces, which are separated using colons.
If an XPath expression is used as a filter criterion, the value of the type attribute in
the <filter> element is xpath, and the value of the select attribute (which must
exist) is the XPath expression.
<filter type="xpath" xmlns:acl="urn:huawei:yang:huawei-acl" select="/acl:acl/acl:groups/
acl:group[acl:identity='2000']"/>
NOTE
XPath expressions cannot be used as filter criteria for such operations as notifications, full
synchronization, incremental synchronization, or copy-config.
XPath expressions support the following operations:
● Use the specified XPath as a filter criterion to query information about all
nodes in the XPath.
The following is an example of querying information about all nodes in the /
acl:acl/acl:groups/acl:group XPath of the <running/> database.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="19">
<get-config>
<source>
<running/>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 533
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
</source>
<filter xmlns:acl="urn:huawei:yang:huawei-acl" type="xpath"
select="/acl:acl/acl:groups/acl:group"/>
</get-config>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="6">
<data>
<acl xmlns="urn:huawei:yang:huawei-acl">
<groups>
<group>
<identity>2000</identity>
<type>basic</type>
<match-order>config</match-order>
<step>5</step>
</group>
</groups>
</acl>
</data>
</rpc-reply>
– Use the value of a node in the specified XPath as a filter criterion to
query information about the node that matches this value in the XPath.
The following is an example of querying information about the node for
which "identity" is set to 2000 in the /acl:acl/acl:groups/acl:group XPath
of the <running/> database.
▪ RPC request
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<get-config>
<source>
<running/>
</source>
<filter type="xpath" xmlns:acl="urn:huawei:yang:huawei-acl"
select="/acl:acl/acl:groups/acl:group[acl:identity='2000']"/>
</get-config>
</rpc>
▪ RPC reply
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<data>
<acl xmlns="urn:huawei:yang:huawei-acl">
<groups>
<group>
<identity>2000</identity>
<type>basic</type>
<match-order>config</match-order>
<step>5</step>
</group>
</groups>
</acl>
</data>
</rpc-reply>
● Use two or more XPaths in the OR relationship as filter criteria to query
information about the same node in all expressions.
The following is an example of querying information about the same node in
the /nacm/rule-list/group and /nacm/rule-list/rule XPaths of the <candidate/>
database.
– RPC request
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-config>
<source>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 534
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<candidate/>
</source>
<filter type="xpath" select="/t:nacm/t:rule-list/t:group | /t:nacm/t:rule-list/t:rule"
xmlns:t="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"/>
</get-config>
</rpc>
– RPC reply
<rpc-reply message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<rule-list>
<name>list1</name>
<group>group1</group>
<rule>
<name>rule11</name>
<module-name>*</module-name>
<access-operations>create read update delete</access-operations>
<action>permit</action>
<rpc-name>commit</rpc-name>
</rule>
<rule>
<name>rule12</name>
<module-name>*</module-name>
<access-operations>read</access-operations>
<action>deny</action>
<rpc-name>edit-config</rpc-name>
</rule>
</rule-list>
<rule-list>
<name>list2</name>
<group>group2</group>
<rule>
<name>rule21</name>
<module-name>*</module-name>
<access-operations>create read update delete</access-operations>
<action>permit</action>
<rpc-name>commit</rpc-name>
</rule>
</rule-list>
</nacm>
</data>
</rpc-reply>
● Use the /* symbol as a filter criterion to query information about all nodes in
the specified XPath (before the * symbol).
The following is an example of querying information about all nodes in the /
nacm XPath of the <candidate/> database.
– RPC request
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-config>
<source>
<candidate/>
</source>
<filter type="xpath" select="/t:nacm/*" xmlns:t="urn:ietf:params:xml:ns:yang:ietf-netconf-
acm"/>
</get-config>
</rpc>
– RPC reply
<rpc-reply message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<enable-nacm>false</enable-nacm>
<read-default>deny</read-default>
<write-default>deny</write-default>
<exec-default>deny</exec-default>
<groups>
<group>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 535
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<name>group1</name>
<user-name>puneeth1</user-name>
<user-name>puneeth2</user-name>
<user-name>puneeth3</user-name>
</group>
<group>
<name>group2</name>
<user-name>puneeth1</user-name>
<user-name>puneeth2</user-name>
<user-name>puneeth3</user-name>
</group>
</groups>
<rule-list>
<name>list1</name>
<group>group1</group>
<rule>
<name>rule11</name>
<module-name>*</module-name>
<access-operations>create read update delete</access-operations>
<action>permit</action>
<rpc-name>commit</rpc-name>
</rule>
<rule>
<name>rule12</name>
<module-name>*</module-name>
<access-operations>read</access-operations>
<action>deny</action>
<rpc-name>edit-config</rpc-name>
</rule>
</rule-list>
</nacm>
</data>
</rpc-reply>
● Pagination query is supported. That is, in the <get-config> and <get>
operations, the optional parameter [position() >= a and position() <= b] is
added to the XPath filter expression to query the data of the list/leaf-list
nodes in the specified range [a, b].
– You can specify the left and right boundaries, which are interchangeable,
for the pagination query.
For example, either of the following expressions is used to query the data
of nodes 1 to 100 on the list node interface.
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() >= 1 and
position() <= 100] "
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() <= 100 and
position() >= 1] "
– You can specify the same left and right boundary values for the
pagination query. If they are the same, the query range is a fixed value
rather than a value range.
For example, the following expression is used to query the data of the
first node on the list node interface.
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() >= 1 and
position() <= 1] "
– You can specify only one boundary (left or right) for the pagination
query. If only the left boundary is specified, the data of the specified node
and all the subsequent nodes is queried. Conversely, if only the right
boundary is specified, the data of node 1 to the specified node is queried.
For example, the first of the following two expressions is used to query
information about node 100 and all the subsequent nodes on the list
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 536
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
node interface, and the second expression is used to query information
about nodes 1 to 200 on the list node interface.
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() >= 100] "
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() <= 200] "
– The pagination query function verifies a specified query range, which
must meet the following conditions:
▪ The left boundary value must be less than or equal to the right
boundary value.
▪ The left and right boundary values are integers ranging from 1 to
1000000000. If the left boundary of the specified query range
exceeds the actual number of data records to be queried, no query
result is displayed.
– The pagination query function supports query based on multiple filter
criteria, meaning that each query can contain more than one filter
criterion.
For example, the following expression contains two filter criteria,
indicating that the LoopBack port data of nodes 1 to 100 is queried.
select="/ifm:ifm/ifm:interfaces/ifm:interface[ifm:type='LoopBack']
[position() >= 1 and position()<= 100]"
– Only the list and leaf-list nodes support the pagination query function,
and no other node can follow the position() parameter.
For example:
select="/ifm:ifm/ifm:interfaces/ifm:interface[position() >= 1 and
position() <= 100] "
In the preceding expression, the node interface is a list node, and the
expression [position() >= 1 and position() <= 100] is not followed by
another node.
– Multiple position() parameters cannot be combined by the OR symbol (|)
to deliver the pagination query operation. To query different services, you
must therefore deliver the pagination query operations separately.
– If a user sends two pagination query requests at a maximum interval of 3
minutes, the entered XPaths are the same (same prefix, namespace, and
node), and the input numbers for the pagination query are consecutive,
the device considers the later query request as part of the first one and
preferentially obtains the data to be queried from the cache. If the input
numbers for pagination query are not consecutive or the interval
between two requests exceeds 3 minutes, the later query operation is
processed as a new request. The queried content is obtained from the
device configuration database.
For example:
▪ A user delivers two pagination query requests within 3 minutes. The
first queries the content of nodes 1 to 100 of a specified list/leaf-list
node, and the second queries the content of nodes 101 to 200 of the
same XPath. If the device configuration changes at any time between
the two query operations, the data queried by the user is the data
before the change, that is, the data in the cache.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 537
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
▪ If a user delivers two pagination query requests (with the first
querying the content of nodes 1 to 100 and the second querying the
content of nodes 301 to 400) and the device configuration changes
at any time between the two query operations, the pre-change data
is obtained for the first request and the post-change data is obtained
for the second. This is true regardless of whether the interval
between the two requests exceeds 3 minutes.
▪ The same XPath indicates that the prefixes, namespaces, and nodes
are identical. If one of them is different, the queries are considered to
also be different. For example, the XPath prefixes of the following
two expressions are considered different, meaning that the device
processes them as two independent requests.
select="/t:ifm/t:interfaces/t:interface[t:type='LoopBack'][position() >=
1 and position()<= 100]"
select="/l:ifm/l:interfaces/l:interface[l:type='LoopBack'][position() >=
101 and position()<= 200]"
NOTE
During packet delivery, the greater-than sign (>) and less-than sign (<) in the
position() expression must be represented by the escape characters > and <.
For example, query information about the first and second NACM
authentication user groups in the <running/> configuration database.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="827">
<get-config>
<source>
<running/>
</source>
<filter xmlns:t="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" type="xpath"
select="/t:nacm/t:groups/t:group[position()>=1 and position()<=2]"/>
</get-config>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
<groups>
<group>
<name>1</name>
<user-name>test1</user-name>
<user-name>test2</user-name>
<user-name>test3</user-name>
<user-name>test4</user-name>
</group>
<group>
<name>2</name>
<user-name>test1</user-name>
<user-name>test2</user-name>
<user-name>test3</user-name>
</group>
</groups>
</nacm>
</data>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 538
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Validate
This capability indicates that the device can deliver configurations without
considering the configuration sequence. During the delivery, the device checks only
the syntactic validity of configurations rather than the configuration sequence. The
device checks semantic validity when committing the configurations. After
correcting the configuration delivery sequence, the device commits the
configurations to the <running/> configuration database.
Before performing the validate operation, you are advised to lock the <running/>
configuration database to prevent adverse impacts on the validate operation when
other users operate the <running/> configuration database.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<validate>
<source>
<candidate/>
</source>
</validate>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
If the NMDA data set is supported, the data set format in the source configuration
database is different, as shown in the following:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<validate xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">
<source>
<datastore xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-nmda">ds:running</datastore>
</source>
</validate>
</rpc>
● RPC reply
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
There are two types of validate checks: syntactic and semantic checks.
● Syntactic check: checks RPC packet validity, model matching, data type, value
range, authorization, whether data to be created already exists or data to be
deleted has already been deleted, and whether there is a parent node.
● Semantic check: checks semantic items, such as the dependency between
configurations.
The <source> parameter of the validate operation supports only the <candidate/>
and <running/> configuration databases.
With the validate capability supported, the <edit-config> operation supports the
<test-option> parameter. The value of this parameter is test-then-set, set, or test-
only. If this parameter is not carried in the <edit-config> operation, the system
follows the test-then-set process by default.
● test-then-set: The system checks the delivered configurations for syntactic and
semantics errors. If the check succeeds, the system modifies the configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 539
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
If the check fails, the system displays a failure message and the failure cause
and does not modify the configuration.
● set: The system checks configurations for syntactic errors. If no errors are
found, the system commits the configurations to the <candidate/>
configuration database. Semantic errors are not checked. However, when
performing the commit or confirmed-commit operation, the system checks
configurations for semantic errors and commits the configurations to the
<running/> configuration database if no errors are found.
● test-only: The system checks configurations only for syntactic and semantic
errors and reports the result without committing the configurations to any
configuration database.
The interface name of the ifm feature in the <running/> database is changed to
text, and syntax and semantic verification examples are provided.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc message-id="2" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<test-option>test-then-set</test-option>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="merge">
<name>GigabitEthernet0/1/1</name>
<description>text</description>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="2"
nc-ext:flow-id="27"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
URL
This capability indicates that the device can modify or copy files in a specified
path. Currently, the <edit-config> and <copy-config> operations are supported.
Password information in URLs is protected. When configuration data is exported,
password information is exported in ciphertext.
● <edit-config>: submits the configuration file in a specified path to
<candidate/> or <running/>.
● <copy-config>: copies data in <candidate/> or <running/> to a file in a
specified path.
Currently, the SFTP, FTP, file, HTTP, and HTTPS protocols are supported.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 540
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● The SFTP or FTP protocol is used to query files on an SFTP or FTP server. The
path format is ftp://user name:password@IP address of the SFTP or FTP
server/file directory/file name.
● The file protocol is used to query local files. The path format is file:///file
directory/file name.
● The HTTP or HTTPS protocol is used to search for files on an HTTP or HTTPS
server. The path format is http (or https)://IP address of the HTTP or HTTPS
server (or DNS):port number/file directory/file name.
NOTE
The file name is a string of case-sensitive characters starting with an underscore (_) or a
letter. It supports only underscores, digits, and letters. The dot (.) can be used only in the
file name extension, and only one dot is supported. The file name including a path cannot
contain more than 256 characters.
For the <copy-config> operation, if the file specified in the <url> element does not exist, the
file is directly created. If the file exists, it is overwritten.
When you perform the <edit-config> operation, the file specified in <url> must exist.
The HTTP or HTTPS protocol supports only the <edit-config> operation in a YANG model.
Copy the data in the <running/> configuration database to the local abc.xml file.
● RPC request
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<copy-config>
<target>
<url>file:///abc.xml</url>
</target>
<source>
<running/>
</source>
</copy-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<ok/>
</rpc>
The following is an example of committing the content of the config.xml file on
the FTP server to the <candidate/> database.
● RPC request
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<edit-config>
<target>
<candidate/>
</target>
<url>ftp://root:[email protected]/config.xml</url>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<ok/>
</rpc>
The following is an example of committing the content of the config.xml file on
the HTTP server to the <candidate/> database.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 541
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● RPC request
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<edit-config>
<target>
<candidate/>
</target>
<url>http://192.168.1.1:8080/config.xml</url>
</edit-config>
</rpc>
● RPC reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<ok/>
</rpc>
Notification Capabilities
Notification 1.0
A device can send alarms and events to a client using the NETCONF notification
capability, thereby allowing the client to promptly detect device configuration or
other changes. You can perform the <create-subscription> operation to subscribe
to device alarms and events. If the <rpc-reply> element returned by the device
contains an <ok> element, the <create-subscription> operation is successful. In this
case, the device will proactively report the generated alarms and events to the
client through NETCONF.
1. Alarms and events can be subscribed to in either of the following modes:
long-term subscription and subscription within a specified period.
– Long-term subscription: After the subscription is successful, if the
<startTime> element is specified in the subscription message, the device
sends historical alarms and events to the NMS and then sends a
<replayComplete> message to notify the NMS that the replay is
complete. If a new alarm or event is generated, the device also sends it to
the NMS. If the <startTime> element is not specified in the subscription
message, the device sends all newly generated alarms and events to the
NMS. After a NETCONF session is terminated, the subscription is
automatically canceled.
– Subscription within a specified period: After the subscription is successful,
the device sends the alarms and events that are generated during the
specified period and that meet the filtering conditions to the NMS.
Because the <startTime> element is specified in the subscription message,
the device sends historical alarms and events to the NMS and then sends
a <replayComplete> message to notify the NMS that the replay is
complete. When the specified <stopTime> has been reached, the
NETCONF module sends a <notificationComplete> message to notify the
NMS that the subscription is terminated.
Historical alarms and events refer to those generated from the <startTime>
specified in the subscription message to when the user performs the
subscription operation. If <stopTime> is not specified, the subscription is a
long-term one. If both <startTime> and <stopTime> are specified, the
subscription is within a specified period. The format of the subscription
message sent by the device to the NMS is as follows:
RPC request (NETCONF subscription)
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 542
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<stream>NETCONF</stream>
<filter type="subtree">
<hwCPUUtilizationRisingAlarm xmlns="urn:huawei:yang:huawei-sem" />
</filter>
<startTime>2016-10-20T14:50:00Z</startTime>
<stopTime>2016-10-23T06:22:04Z</stopTime>
</create-subscription>
</rpc>
RPC reply (NETCONF subscription)
<rpc-reply message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
RPC request (NETCONF-WITH-RES-CONFIG subscription)
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<stream>NETCONF-WITH-RES-CONFIG</stream>
<filter type="subtree">
<netconf-config-change xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications"/>
</filter>
</create-subscription>
</rpc>
RPC reply (NETCONF-WITH-RES-CONFIG subscription)
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<ok/>
</rpc-reply>
Example of reporting a notification (NETCONF-WITH-RES-CONFIG
subscription)
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2020-12-09T20:41:14Z</eventTime>
<alt-resource-config xmlns="urn:huawei:yang:huawei-notification-common">
<notification-id>135598331</notification-id>
<notification-class>event</notification-class>
<event-level>informational</event-level>
</alt-resource-config>
<netconf-config-change xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications">
<changed-by>
<server/>
</changed-by>
<datastore>running</datastore>
</netconf-config-change>
</notification>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 543
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-66 Element descriptions
Element Description Value Range Mandatory Constraints
stream Event flow The value is No N/A
type a case-
sensitive
enumerated
type and can
be:
● NETCONF:
indicates
that the
NETCONF
notificatio
n
mechanis
m is used
to report
alarms
and
events.
● NETCONF
-WITH-
RES-
CONFIG:
indicates
that the
reported
alarms or
events
carry
Huawei's
proprietar
y
extension
attribute
huawei-
notificatio
n-
common.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 544
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Element Description Value Range Mandatory Constraints
filter Alarm or The value is No If no filter is
event filter a string of specified, all
characters in alarms and
the format of events that
<alarm name can be
xmlns=name reported
space of the through
alarm notifications
name/> or are
<event name subscribed
xmlns=name to.
space of the
event
name/>.
startTime Start time The value is No The start
in the time time must be
format. earlier than
the time
when the
subscription
operation is
performed.
stopTime End time The value is No The end time
in the time must be later
format. than the
start time.
2. After the subscription is successful, the device encapsulates the alarm or event
information into notification messages and sends them to the NMS.
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2016-11-26T13:51:00Z</eventTime>
<hwCPUUtilizationResume xmlns="urn:huawei:yang:huawei-sem">
<TrapSeverity>0</TrapSeverity>
<ProbableCause>0</ProbableCause>
<EventType>0</EventType>
<PhysicalIndex>0</PhysicalIndex>
<PhysicalName>SimulateStringData</PhysicalName>
<RelativeResource>SimulateStringData</RelativeResource>
<UsageType>0</UsageType>
<SubIndex>0</SubIndex>
<CpuUsage>0</CpuUsage>
<Unit>0</Unit>
<CpuUsageThreshold>0</CpuUsageThreshold>
</hwCPUUtilizationResume>
</notification>
3. After alarms and events are reported to the NMS, the NETCONF module
sends a subscription completion message to the NMS.
– After historical alarms and events are reported to the NMS, the NETCONF
module sends a replayComplete message to the NMS.
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2016-11-29T11:57:15Z</eventTime>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 545
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<replayComplete xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0" />
</notification>
– When <stopTime> specified in the subscription message has been
reached, the NETCONF module sends a notificationComplete message to
notify the NMS that the subscription is terminated.
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2016-11-29T11:57:25Z</eventTime>
<notificationComplete xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0" />
</notification>
Table 1-67 Element descriptions
Element Description Value Range Mandatory Constraints
replayCompl After N/A No N/A
ete historical
alarms and
events are
reported to
the NMS, the
NETCONF
module
sends a
replayCompl
ete message
to the NMS.
notificationC When N/A No N/A
omplete <stopTime>
specified in
the
subscription
message has
been
reached, the
NETCONF
module
sends a
notificationC
omplete
message to
notify the
NMS that
the
subscription
is
terminated.
Notification 2.0
Notification 1.0 cannot meet flexibility requirements. To modify a subscription, you
need to disable the connection and start a new subscription connection.
Notification 2.0 optimized the subscription mechanism. It supports modification,
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 546
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
deletion, and termination of subscriptions, configuration-based subscription,
subscription query, and subscription information authorization on the NACM.
Notification 2.0 supports the following subscription operations:
● <establish-subscription>: creates a dynamic subscription.
● <modify-subscription>: modifies a dynamic subscription.
● <delete-subscription>: deletes a dynamic subscription.
● <kill-subscription>: terminates a dynamic subscription.
Create a subscription and allow only alarms meeting the filter criteria to be
reported:
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<establish-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:2.0">
<filter type="subtree">
<hwCPUUtilizationRisingAlarm xmlns="urn:huawei:yang:huawei-sem" />
<hwCPUUtilizationResume xmlns="urn:huawei:yang:huawei-sem" />
<hwStorageUtilizationRisingAlarm xmlns="urn:huawei:yang:huawei-sem" />
</filter>
</establish-subscription>
</rpc>
● RPC reply
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<subscription-result xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">ok</
subscription-result>
<identifier xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">1</identifier>
</rpc-reply>
Notifications about the following types of changes in subscription statuses are
supported.
● subscription-terminated: The subscription is terminated.
● subscription-suspended: The subscription is suspended.
● subscription-resumed: The subscription is resumed.
● notification-complete: Notification sending is complete.
● replay-complete: Replay is complete.
A subscription is suspended, and a notification is reported.
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:2.0">
<subscription-suspended xmlns="urn:ietf:params:xml:ns:netconf:notification:2.0">
<identifier>52</identifier>
<error-id>3</error-id>
<filter-failure>Lack of resource</filter-failure>
</subscription-suspended>
</notification>
YANG-library
This capability indicates that a device can provide the YANG capabilities that it
supports. Basic information about YANG modules that a server supports can be
viewed on a NETCONF client. The information includes the module name, YANG
model version, namespace, and list of submodules and is saved in the local buffer.
Field description:
● revision: indicates the revision date. It is the same as the module revision
date.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 547
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● module-set-id: indicates the ID of a module set, which is used to identify the
set of YANG modules supported by the server. If the YANG module changes,
the module set ID changes accordingly.
The following is an XML example of querying the module-set-id value of the
YANG module whose name is ietf-yang-library and conformance-type is
implement and querying basic information about the YANG module huawei-aaa.
RPC request
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="23">
<get>
<filter type="subtree">
<modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library">
<module-set-id></module-set-id>
<module>
<name>ietf-yang-library</name>
<conformance-type>implement</conformance-type>
</module>
<module>
<name>huawei-aaa</name>
</module>
</modules-state>
</filter>
</get>
</rpc>
Information contained in the reply includes the module-set-id value, YANG module
version used, namespace, list of submodules, and revision date. If the reply does
not contain the YANG module version information, YANG1.0 is used by default.
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<modules-state xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-library">
<module-set-id>2148066159</module-set-id>
<module>
<name>ietf-yang-library</name>
<revision>2016-06-21</revision>
<namespace>urn:ietf:params:xml:ns:yang:ietf-yang-library</namespace>
<conformance-type>implement</conformance-type>
</module>
<module>
<name>huawei-aaa</name>
<revision>2020-03-23</revision>
<namespace>urn:huawei:yang:huawei-aaa</namespace>
<conformance-type>implement</conformance-type>
<deviation>
<name>huawei-aaa-deviations-cx</name>
<revision>2020-03-23</revision>
</deviation>
<submodule>
<name>huawei-aaa-lam</name>
<revision>2020-03-23</revision>
</submodule>
<submodule>
<name>huawei-aaa-type</name>
<revision>2020-03-23</revision>
</submodule>
</module>
</modules-state>
</data>
1.1.16.3.3 NETCONF Extended Capability Set
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 548
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Sync
This capability enables a device to perform full or incremental data
synchronization. Through data synchronization, the NMS or controller that
manages network devices can have the same configuration data with NEs in real
time.
Full Synchronization
The <sync-full> operation requests a device to implement full data
synchronization. After the NMS connects to an NE for the first time, it
synchronizes all data of the NE to the NMS.
The YANG model defines the capability in the huawei-netconf-sync.yang file.
After the server receives an <rpc> element containing a <sync-full> element, the
server performs a syntax check on the <rpc> element. If the element fails the
syntax check, the server returns an <rpc-reply> element containing an <rpc-error>
element to terminate processing. Otherwise, the server responds with an <rpc-
reply> element, obtains the synchronization data, and encapsulates the data into
XML files (one XML file per feature). The maximum size of each XML file is 300
MB. If the data exceeds 300 MB, it is written into multiple files, which are
compressed into a .zip file and then automatically transferred to a specified
directory using FTP or SFTP.
Full synchronization supports the following functions:
● Cancels a specific full data synchronization operation.
● Uploads a full data synchronization file.
● Queries the file upload progress.
Example of full data synchronization: The server uses FTP to automatically transfer
AAA module configurations in the obtained full synchronization data to the home
directory of the user root (password: root) on the server whose IP address is
10.1.1.1. The data is saved as a file named Multi_App_sync_full.zip.
● RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<sync-full xmlns="urn:huawei:yang:huawei-netconf-sync">
<target>
<user-name>root</user-name>
<password>root</password>
<target-addr>10.1.1.1</target-addr>
<path>/home</path>
</target>
<transfer-protocol>ftp</transfer-protocol>
<transfer-method>auto</transfer-method>
<filename-prefix>Multi_App_sync_full</filename-prefix>
<app-err-operation>stop-on-error</app-err-operation>
<filter>
<aaa xmlns="urn:huawei:yang:huawei-aaa"/>
</filter>
</sync-full>
</rpc>
● RPC reply
The RPC reply message carries a full data synchronization identifier assigned
by the NETCONF server. This message is returned using the <sync-full-id>
parameter.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 549
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
After full synchronization is triggered, the RPC reply message sent by the device carries
the nc-ext attribute.
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns:nc-sync="urn:huawei:yang:huawei-netconf-sync"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="2"
nc-ext:flow-id="32">
<nc-sync:sync-full-id>185</nc-sync:sync-full-id>
</rpc-reply>
The following is an example of using the cancel-synchronization operation to
cancel full synchronization with sync-full-id being 185.
● RPC request
<rpc message-id="cancel" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<cancel-synchronization xmlns="urn:huawei:yang:huawei-netconf-sync">
<sync-full-id>185</sync-full-id>
</cancel-synchronization>
</rpc>
● RPC reply
Success reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="cancel" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
The following is an example of uploading the full synchronization file through the
upload-sync-file operation.
● RPC request
<rpc message-id="upload" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<upload-sync-file xmlns="urn:huawei:yang:huawei-netconf-sync">
<sync-full-id>185</sync-full-id>
<result-save-time>1</result-save-time>
</upload-sync-file>
</rpc>
● RPC reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="upload" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
The following is an example of using the <get> operation to query the file upload
progress.
● RPC request
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="query_status185">
<get>
<filter type="subtree">
<synchronization xmlns="urn:huawei:yang:huawei-netconf-sync">
<file-transfer-statuss>
<file-transfer-status>
<sync-full-id>185</sync-full-id>
<status></status>
<progress></progress>
<error-message></error-message>
</file-transfer-status>
</file-transfer-statuss>
</synchronization>
</filter>
</get>
</rpc>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 550
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● RPC reply
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="query_status12" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data>
<synchronization xmlns="urn:huawei:yang:huawei-netconf-sync">
<file-transfer-statuss>
<file-transfer-status>
<sync-full-id>12</sync-full-id>
<status>In-Progress</status>
<progress>50</progress>
</file-transfer-status>
</file-transfer-statuss>
</synchronization>
</data>
</rpc-reply>
Incremental Synchronization
The <sync-increment> operation requests a device to synchronize incremental
configuration data. When the configuration changes, the client detects the change
through the configuration change identifier flow-id. Each time the configuration
changes, the value of flow-id increases by 1. If the client needs to obtain the
modified configuration, it synchronizes data incrementally.
If the <sync-increment> operation succeeds, the NETCONF server replies with an
<rpc-reply> element that contains the <data> element. The <data> element
contains the data that was changed between two configuration committing
operations. If the operation fails, the server returns an <rpc-reply> element
containing an <rpc-error> element.
<sync-increment> uses the difference attribute to identify the change operation of
a configuration data instance. The YANG model defines the capability in the
huawei-netconf-metadata.yang file.
The following is an example of an incremental data synchronization operation
that synchronizes IFM module configurations between change points 6 and 7.
● RPC request
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<sync-increment xmlns="urn:huawei:yang:huawei-netconf-sync">
<target>
<flow-id>7</flow-id>
</target>
<source>
<flow-id>6</flow-id>
</source>
<filter type="subtree">
<ifm xmlns="urn:huawei:yang:huawei-ifm"/>
</filter>
</sync-increment>
</rpc>
● RPC reply
<rpc-reply xmlns:nc-md="urn:huawei:yang:huawei-netconf-metadata">
<data xmlns="urn:huawei:yang:huawei-netconf-sync">
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaceName>Vlanif 1</interfaceName>
<ifAm4s>
<ifAm4 nc-md:difference="create">
<ipAddress>10.1.1.1</ipAddress>
<netMask>255.255.255.0</netMask>
<addressType/>
</ifAm4>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 551
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
</ifAm4s>
</interface>
</interfaces>
</ifm>
</data>
</rpc-reply>
Active Notification
The Active Notification capability enables a device to periodically send keepalive
messages to a client when the device is processing a time-consuming operation.
This prevents a timeout when the client does no receive a response from the
device. When the device processes time-consuming RPC requests, such as <copy-
config> and other operations, the device periodically (at an interval of 20s) sends
a netconf-rpc-keepalive notification message to the client to ensure that the
connection is active.
The YANG model defines the capability in the huawei-ietf-netconf-ext.yang file.
A client needs to subscribe to keepalive notification to receive keepalive messages
when it sends a time-consuming RPC request.
In the following example, the client subscribes to the netconf-rpc-keepalive
notification message and the server reports a keepalive message.
● RPC request
<netconf:rpc netconf:message-id="101" xmlns:netconf="urn:ietf:params:xml:ns:netconf:base:1.0">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<filter netconf:type="subtree">
<nc-ext:netconf-rpc-keepalive xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"/>
</filter>
</create-subscription>
</netconf:rpc>
● Notification reporting
<netconf:rpc netconf:message-id="101" xmlns:netconf="urn:ietf:params:xml:ns:netconf:base:1.0">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<filter netconf:type="subtree">
<nc-ext:netconf-rpc-keepalive xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"/>
</filter>
</create-subscription>
</netconf:rpc>
Commit-Description
The Commit-Description capability enables a user to specify a description when a
device performs a <commit> operation. The description can be used as a
mnemonic when rolling back configurations.
The description is carried in the description parameter of the commit operation.
The YANG model defines the capability in the huawei-ietf-netconf-ext.yang file.
● RPC request
<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<commit>
<description xmlns="urn:huawei:yang:huawei-ietf-netconf-ext">Config interfaces</description>
</commit>
</rpc>
● RPC reply
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="101"
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 552
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
nc-ext:flow-id="31"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
With-defaults
The <with-defaults> capability indicates that a device can process default values
of the model. The <get>, <get-config>, and <copy-config> operations can carry the
<with-defaults> parameter.
The available options of the <with-defaults> parameter are as follows:
● report-all: queries all nodes and does not perform any operation on the
nodes.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<get xmlns:wsss="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">
<filter type="subtree">
<system xmlns="urn:huawei:yang:huawei-system"/>
</filter>
<with-defaults xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">report-all</with-
defaults>
</get>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<data>
<system xmlns="urn:huawei:yang:huawei-system">
<systemInfo>
<lsRole>admin</lsRole>
<authenFlag>false</authenFlag>
</systemInfo>
</system>
</data>
</rpc-reply>
● trim: trims the nodes whose values equal the default ones from the query
results.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
<get xmlns:wsss="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">
<filter type="subtree">
<system xmlns="urn:huawei:yang:huawei-system"/>
</filter>
<with-defaults xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">trim</with-
defaults>
</get>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
<data>
<system xmlns="urn:huawei:yang:huawei-system">
<systemInfo>
<lsRole>admin</lsRole>
</systemInfo>
</system>
</data>
</rpc-reply>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 553
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● report-all-tagged: queries all nodes and uses namespace:default="true" to
identify the nodes whose values equal the default ones.
– RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<get xmlns:wsss="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">
<filter type="subtree">
<system xmlns="urn:huawei:yang:huawei-system"/>
</filter>
<with-defaults xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">report-all-
tagged</with-defaults>
</get>
</rpc>
– RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:wd="urn:ietf:params:xml:ns:netconf:default:1.0"
message-id="2">
<data>
<system xmlns="urn:huawei:yang:huawei-system">
<systemInfo>
<lsRole>admin</lsRole>
<authenFlag wd:default="true">false</authenFlag>
</systemInfo>
</system>
</data>
</rpc-reply>
If a node is identified using namespace:default="true", the <edit-config>
operation can identify the <default> attribute on the node and determine
whether the node value equals to the default one.
The operation attribute of the <edit-config> operation can only be create,
merge, or replace. If the operation attribute is set to remove or delete, <rpc-
error> is returned.
If the value of the default attribute is true or 1 and the value of the leaf node
is the same as the default value defined in the YANG file, the <edit-config>
operation returns <ok>. Otherwise, <rpc-error> is returned. It contains the
names and values of the leaf nodes whose values are different from the
default ones defined in the YANG file.
– The default value of the leaf node ifDf is true. In this example, the value
is false, which is the same as the default value defined in the YANG file.
After the <edit-config> operation is performed, <ok> is returned.
RPC request
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:wd="urn:ietf:params:xml:ns:netconf:default:1.0">
<target>
<running/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="merge">
<ifName>GigabitEthernet0/1/1</ifName>
<ifDf wd:default="true">false</ifDf>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 554
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id="2"
nc-ext:flow-id="31"
nc-ext:flow-id-time="2022-05-11T10:19:30Z">
<ok/>
</rpc-reply>
– The default value of the leaf node ifDf is true. In this example, the value
is true, which is different from the default value (false) defined in the
YANG file. After the <edit-config> operation is performed, <rpc-error> is
returned. error-para includes the incorrect node name and the actual
value.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:wd="urn:ietf:params:xml:ns:netconf:default:1.0">
<target>
<running/>
</target>
<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="merge">
<ifName>GigabitEthernet0/1/1</ifName>
<ifDf wd:default="true">true</ifDf>
</interface>
</interfaces>
</ifm>
</config>
</edit-config>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<rpc-error>
<error-type>application</error-type>
<error-tag>bad-element</error-tag>
<error-severity>error</error-severity>
<error-path xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
xmlns:ifm="urn:huawei:yang:huawei-ifm">/nc:rpc/nc:edit-config/nc:config/ifm:ifm/
ifm:interfaces/ifm:interface[ifm:ifName='Ethernet0/1/0']/ifm:ifDf</error-path>
<error-message xml:lang="en">ifDf has invalid value true.</error-message>
<error-info xmlns:nc-ext="urn:huawei:yang:huawei-ietf-netconf-ext">
<bad-element>ifDf</bad-element>
<nc-ext:error-info-code>317</nc-ext:error-info-code>
<nc-ext:error-paras>
<nc-ext:error-para>ifDf</nc-ext:error-para>
<nc-ext:error-para>true</nc-ext:error-para>
</nc-ext:error-paras>
</error-info>
</rpc-error>
</rpc-reply>
YANG Push
Based on the NETCONF client/server model, the YANG push capability
encapsulates the data that a user is interested in as notifications periodically or
according to the triggering conditions and sends them to the user.
The configuration and status data on a device can be expressed using the YANG
model. The client can use YANG to dynamically obtain configuration and status
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 555
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
data from the device. The client is expected to dynamically detect configuration or
status data changes or monitor changes of some key data. The YANG push
capability provides a mechanism to periodically report device YANG model data to
the client based on subscription conditions. The device periodically reports data
that is of interest to the user to the specified data receiver according to the
reporting mode, data type, and other information specified in the subscription
request packet.
NOTE
A device can proactively report data that a user is interested in only after the user
subscribes successfully.
The subscription is terminated after a device switchover or restart, or a NETCONF
connection is interrupted. If you need the device to continue to send change information,
you need to create a subscription again.
● Create a dynamic subscription and subscribe to the <running/> database
configuration changes of the system module. The end time is 2020-03-20, and
the subscription interval is 300 seconds. A subscription ID is returned in the
reply message.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<establish-subscription xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<yp:datastore xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">ds:running</yp:datastore>
<yp:datastore-xpath-filter xmlns:sys="urn:huawei:yang:huawei-system"
xmlns:t="urn:huawei:yang:huawei-acl">/sys:system|/t:acl</yp:datastore-xpath-
filter>
<encoding>encode-xml</encoding>
<yp:periodic>
<yp:period>300000</yp:period>
<yp:anchor-time>2020-03-20T08:00:00Z</yp:anchor-time>
</yp:periodic>
</establish-subscription>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<id xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">7</id>
</rpc-reply>
● Modify the dynamic subscription information. Specifically, change the value of
Subscription End Time to 2020-03-20 and change the value of Subscription
Period to 180 seconds.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
<modify-subscription xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications"
xmlns:yp="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<id>7</id>
<yp:datastore-xpath-filter xmlns:sys="urn:huawei:yang:huawei-system">/sys:system/
sys:systemInfo</yp:datastore-xpath-filter>
<yp:periodic>
<yp:period>180000</yp:period>
<yp:anchor-time>2020-03-20T08:00:00Z</yp:anchor-time>
</yp:periodic>
</modify-subscription>
</rpc>
RPC reply
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 556
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="3">
<ok/>
</rpc-reply
● Query all dynamic subscriptions and their information on the current device.
The reply message returns the dynamic subscription created on the device and
its detailed information.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<get>
<filter>
<subscriptions xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">
<subscription/>
</subscriptions>
</filter>
</get>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="4">
<data>
<subscriptions xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">
<subscription>
<id>7</id>
<datastore xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-push"
xmlns:ds="urn:ietf:params:xml:ns:yang:ietf-datastores">ds:running</datastore>
<datastore-xpath-filter xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-push"
xmlns:system="urn:huawei:yang:huawei-system">/system:system/
system:systemInfo</datastore-xpath-filter>
<encoding>encode-xml</encoding>
<periodic xmlns="urn:ietf:params:xml:ns:yang:ietf-yang-push">
<period>180000</period>
<anchor-time>2020-03-20T08:00:00Z</anchor-time>
</periodic>
</subscription>
</subscriptions>
</data>
</rpc-reply>
● Delete a dynamic subscription with a specified ID.
RPC request
<?xml version="1.0" encoding="utf-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<delete-subscription xmlns="urn:ietf:params:xml:ns:yang:ietf-subscribed-notifications">
<id>7</id>
</delete-subscription>
</rpc>
RPC reply
<?xml version="1.0" encoding="utf-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="5">
<ok/>
</rpc-reply>
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 557
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.16.4 Configuration Precautions for NETCONF
Feature Requirements
Table 1-68 Feature requirements
Feature Requirements Series Models
1. A maximum of 15 active alarms can be NetEngin NetEngine 8000
generated for NETCONF link disconnection. e 8000 M M14/NetEngine
When the number of active alarms reaches the 8000 M14K/
upper limit and a new link disconnection alarm NetEngine 8000
is generated, the earliest link disconnection M4/NetEngine
alarm is cleared. 8000 M8/
2. After a device is restarted, the alarms NetEngine 8000
generated before the restart are lost and are M8K/NetEngine
not reported again. 8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The primary master supports configuration, NetEngin NetEngine 8000
query, and maintenance operations, and the e 8000 M M14/NetEngine
secondary master supports only query and 8000 M14K/
maintenance operations. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
For NETCONF operations, if no service NetEngin NetEngine 8000
response is received within 32 seconds, a e 8000 M M14/NetEngine
timeout occurs. If a response is received before 8000 M14K/
the timeout, the device is reset. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 558
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
If a schema patch operation is performed when NetEngin NetEngine 8000
a user is performing a schema operation, the e 8000 M M14/NetEngine
schema operation will fail. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The size of a delivered RPC message cannot be NetEngin NetEngine 8000
greater than 30 MB. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The device can use only SSH as the transport NetEngin NetEngine 8000
protocol of NETCONF. Before using NETCONF e 8000 M M14/NetEngine
to manage network devices, you must 8000 M14K/
configure SSH. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 559
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
An end-to-end NETCONF operation must be NetEngin NetEngine 8000
completed within 60 minutes. Otherwise, a e 8000 M M14/NetEngine
timeout occurs. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
If the NMS client only notifies the base NetEngin NetEngine 8000
capability in compliance with the standard, the e 8000 M M14/NetEngine
YANG mode is used for interconnection. If the 8000 M14K/
exchange capability is advertised, the Huawei NetEngine 8000
proprietary schema mode is used for M4/NetEngine
interconnection. 8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
During schema patch installation, the database NetEngin NetEngine 8000
may be locked. In this case, operations such as e 8000 M M14/NetEngine
full synchronization and database locking 8000 M14K/
cannot be performed. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 560
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
1. If the capability set contained in the Hello NetEngin NetEngine 8000
packet sent by the peer contains extended e 8000 M M14/NetEngine
capabilities, the device replies with a schema 8000 M14K/
packet. NetEngine 8000
2. The exchange capability set is advertised to M4/NetEngine
differentiate large-scale data processing 8000 M8/
modes. NetEngine 8000
M8K/NetEngine
3. The sync capability set is advertised to 8000E M14/
determine whether the message returned by NetEngine 8000E
edit-config carries a flow ID. M8/NetEngine
8100 M14/
NetEngine 8100
M8
1.1.16.5 Installing ncclient
ncclient is an open-source Python library for NETCONF clients. It makes writing
network-management scripts easier by offering an intuitive API that maps the
XML-encoded nature of NETCONF to Python scripts.
ncclient functioning as the NETCONF client can establish a NETCONF session with
a device (NETCONF server).
Before performing NETCONF operations, you need to install Python and then
ncclient.
1.1.16.6 Establishing a NETCONF Session
1.1.16.6.1 Configuring an SSH User
Context
Configuring an SSH user includes the following tasks: creating an SSH user and
configuring the authentication mode for the SSH user. The authentication modes
supported by the device include RSA, password, password-rsa, DSA, password-dsa,
ECC, password-ecc, password-x509v3-rsa, x509v3-rsa, sm2, password-sm2, and all.
● password-rsa: The password authentication and RSA authentication
requirements must be met.
● password-dsa: The password authentication and DSA authentication
requirements must be met.
● password-ecc: The password authentication and ECC authentication
requirements must be met.
● password-x509v3-rsa: The password authentication and X509V3-SSH-RSA
authentication requirements must be met.
● password-sm2: The password authentication and SM2 authentication
requirements must be met.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 561
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● all: The requirements of any one of the authentication modes must be met.
The SSH protocol supports SSH1.X (earlier than SSH2.0) and SSH2.0
(recommended). In SSH2.0, the symmetric encryption algorithm using the CBC
mode may encounter plaintext recovery attacks and leak encrypted data.
Therefore, the CBC mode is not recommended for data encryption in SSH2.0.
RSA (1024 bits or less) is an insecure encryption algorithm. You are advised to use
a secure algorithm.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Create an SSH user.
ssh user user-name
Step 3 Configure an authentication mode for the SSH user.
ssh user user-name authentication-type { password | rsa | password-rsa | all | dsa | password-dsa | ecc |
password-ecc | password-x509v3-rsa | x509v3-rsa | sm2 | password-sm2 }
If no SSH user is configured using the ssh user user-name command, run the ssh
authentication-type default password command to configure password
authentication as the default authentication mode. This facilitates configuration if
multiple users need to use password authentication, because you only need to
configure AAA users.
● The password authentication mode is implemented based on AAA. When the
password, password-rsa, password-x509v3-rsa, password-dsa, password-sm2,
or password-ecc authentication mode is used to log in to the device, you need
to create a local user in the AAA view with the same name as the SSH user.
● If an SSH user is authenticated using the RSA, DSA, SM2, or ECC
authentication mode, both the SSH server and client need to generate the
local RSA, DSA, SM2, or ECC key pair and have each other's public key
configured locally.
Configure the authentication mode based on the preceding configuration. For
details, see Table 1-69.
Table 1-69 Configuration in different authentication modes
Authentication Mode Configuration Notes
password Create an AAA user with the same
username as the SSH user. For details,
see Table 1-70.
RSA, DSA, or ECC Configure the device to generate the
local RSA, DSA, SM2, or ECC key pair.
For details, see Table 1-71.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 562
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Authentication Mode Configuration Notes
password-rsa, password-dsa, Create an AAA user with the same
password-sm2, or password-ecc username as the SSH user and
generate a local RSA, DSA, SM2, or
ECC key pair. For details, see Table
1-70 and Table 1-71.
x509v3-rsa Bind the SSH user to the PKI realm.
For details, see Table 1-72.
password-x509v3-rsa Create an AAA user with the same
username as the SSH user and bind
the AAA user to the PKI realm. For
details, see Table 1-70 and Table
1-72.
Table 1-70 Creating a local user in the AAA view with the same name as the SSH
user
Step Command Description
Enter the system view. system-view -
Enter the AAA view. aaa -
local-user user-name
password [ cipher user- For security purposes,
Configure the local
password | irreversible- change the password
username and password.
cipher irreversible- periodically.
cipher-password ]
Configure a service type local-user user-name
-
for the local user. service-type ssh
Configure a privilege local-user user-name
-
level for the local user. level level
Return to the system
quit -
view.
Commit the commit -
configuration.
Table 1-71 Configuring the local RSA, DSA, SM2, or ECC key for the SSH user
Step Command Description
Enter the system view. system-view -
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 563
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step Command Description
By default, the
authentication type of
the SSH connection is
AAA.
When the authentication
type is AAA, only the
password authentication
mode can be configured.
If the public key
Configure an authentication mode is
ssh authorization-type
authentication type for used, perform either of
default { aaa | root }
the SSH connection. the following operations:
● Run this command
with the
authentication type
set to root.
● In the AAA view,
create a local user
with the same name
as the SSH user.
rsa peer-public-key key-
name [ encoding-type
enc-type ]
or
dsa peer-public-key
key-name encoding-
Enter the RSA, DSA, SM2, type enc-type
-
or ECC public key view. or
ecc peer-public-key key-
name [ encoding-type
enc-type ]
or
sm2 peer-public-key
keyname
Enter the public key
public-key-code begin -
editing view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 564
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step Command Description
● The public key must
be a hexadecimal
character string in the
public key encoding
format, and
generated by SSH
client software. For
detailed operations,
Edit the public key. hex-data see the help
documentation for
the SSH client
software.
● You must enter the
RSA, DSA, SM2, or
ECC public key on the
device functioning as
the SSH server.
● If hex-data is invalid,
the key cannot be
generated after you
run this command.
● If the key specified by
key-name has been
Exit the public key deleted in another
public-key-code end view, the system
editing view.
displays a message
indicating that the
key does not exist and
directly returns to the
system view when
you run this
command.
Return to the system
view from the public key peer-public-key end -
view.
ssh user user-name
Assign an RSA, DSA,
assign { rsa-key | dsa-
SM2, or ECC public key -
key | ecc-key | sm2-
to the SSH user.
key } key-name
Commit the commit -
configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 565
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-72 Binding a PKI realm to the SSH user
Step Command Description
Enter the system view. system-view -
Assign a PKI certificate to
Bind a PKI realm to the ssh user user-name the SSH server.
SSH user. assign pki pki-name The prerequisite is that
PKI has been configured.
Commit the commit -
configuration.
Step 4 Configure a service type for the SSH user.
ssh user user-name service-type { snetconf | all }
By default, no service type is configured for an SSH user.
Step 5 Commit the configuration.
commit
----End
1.1.16.6.2 Enabling NETCONF
Context
A NETCONF connection can be established between the client and server using
the well-known port 22 only after NETCONF is enabled on the server.
A device functioning as an SSH server can establish a NETCONF connection with a
client through the following two ports:
● Well-known port 22: Before the SSH server can set up a NETCONF session
with the client through this port, the snetconf server enable command must
be run on the SSH server.
● Well-known port 830: Only the protocol inbound ssh port 830 command
needs to be run on the SSH server (running the snetconf server enable
command is not required).
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable NETCONF.
Both the snetconf server enable and protocol inbound ssh port 830 commands
can enable NETCONF. If both commands are run, the client can use either port 22
or port 830 to set up a NETCONF connection with the server.
● Enable the NETCONF service of the SSH server so that the client can use TCP
port 22 to set up a NETCONF connection with the server.
snetconf [ ipv4 | ipv6 ] server enable
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 566
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Enable the NETCONF service of the SSH server so that the client can use TCP
port 830 to set up a NETCONF connection with the server.
netconf
protocol inbound ssh [ ipv4 | ipv6 ] port 830
quit
commit
NOTICE
After the NETCONF service of the SSH server is disabled on TCP port 22 or 830, all
clients connecting to port 22 or 830 through NETCONF are disconnected.
Step 3 (Optional) Set NETCONF parameters as required. Using default values is
recommended.
Table 1-73 NETCONF parameters
Operation Command Description
Configure the maximum netconf If the maximum number
number of NETCONF max-sessions count of users that are using
users that the NETCONF NETCONF is reached,
user interface supports. subsequent users are
prevented from using
NETCONF for device
operations. This
mechanism ensures
network management
security.
By default, a maximum
of fifteen NETCONF
users are permitted to
access the SSH server.
Configure a timeout netconf If no timeout period is
period for an idle idle-timeout minutes set for an idle NETCONF
NETCONF connection. [ seconds ] connection, other
authorized users may
not obtain idle NETCONF
connections. That is,
authorized users cannot
use NETCONF to
manage the device.
The default timeout
period is 10 minutes.
Step 4 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 567
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.16.6.3 (Optional) Enabling Proactive NETCONF Registration
Context
If an NMS does not support automatic device discovery, it cannot manage devices
as soon as they go online. To address this problem, you can configure proactive
NETCONF registration. This enables a device to send a NETCONF connection
request to the NMS when the device goes online, allowing the NMS to manage
the device.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the NETCONF user interface view.
netconf
Step 3 Create a callhome template and enter the callhome template view.
callhome callhome-name
Step 4 Configure the interval at which the device sends NETCONF connection requests to
the NMS.
reconnection interval interval
By default, a device sends a NETCONF connection request to the NMS at an
interval of 5s.
Step 5 Create a NETCONF connection instance and enter the NETCONF connection
instance view.
endpoint endpoint-name
Step 6 Configure a callhome keepalive interval.
keepalive-interval intervalTime
Step 7 Configure the number of callhome keepalive times.
keepalive-maxcount maxcount
Step 8 Configure the IP address and TCP port number of the NMS that establishes a
NETCONF connection with the device, as well as the device's source IP address and
VPN instance.
peer-ip ip-address port port-number [ [ local-address source-ip ] | [ vpn-instance vpn-instance | public-
net ] ] *
Step 9 Commit the configuration.
commit
----End
1.1.16.6.4 (Optional) Configuring NETCONF YANG Model Switching
Context
If there are multiple NETCONF YANG models, such as huawei-if-ip.yang and
huawei-ip.yang, you can perform the following operations to switch between the
models as required.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 568
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the NETCONF user interface view.
netconf
Step 3 Configure NETCONF YANG model switching.
activate module module-name
NOTE
Multiple models cannot take effect at the same time. When one model is activated, the
configurations and query functions of the other models are disabled.
----End
1.1.16.6.5 Logging In to the Server Using the NMS
Context
After the preceding configuration is complete, you can log in to the server from
the client using the NMS. This allows you to remotely configure devices.
The NMS can manage devices only after it has established a connection and can
communicate with them.
Before deploying NEs, divide the network into subnets as required. The physical
topology must be easy for routine maintenance in addition to showing the actual
network structure.
NOTE
If the Huawei NMS is used, creating NEs will consume specific upgrade licenses or NE
resource licenses. If there are no remaining NE resources or specific upgrade licenses, the
system displays a message indicating that it cannot create additional NEs. In this case,
apply for NE resources or specific upgrade licenses.
For installation and maintenance of the NMS, see the relevant installation
instruction and usage guidelines.
1.1.16.6.6 Configuring CLI-to-XML Translation
Context
CLI and NETCONF are two device management models, which have a mapping
relationship. To quickly obtain NETCONF YANG model packets corresponding to
configuration commands, perform the following steps.
Procedure
1. Enter the system view.
system-view
2. Enter the CLI-to-XML translation mode.
xml-translate begin
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 569
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
3. Run the configuration commands to be translated.
4. Run either of the following commands as needed:
– To translate the configuration commands into NETCONF YANG model
packets, run the following command:
xml-translate end
– To abort the CLI-to-XML translation and exit the translation mode, run
the following command:
xml-translate abort
1.1.16.6.7 Verifying the Configuration
Procedure
● Run the display ssh user-information [ username ] command on the SSH
server to check information about SSH users.
● Run the display ssh server status command on the SSH server to check its
global configuration.
● Run the display ssh server session command on the SSH server to check
information about sessions between the SSH server and the SSH client
(client).
● Run the display netconf capability command to check the capabilities that
the server supports.
● Run the display netconf session command to check information about all
NETCONF sessions.
● Run the display netconfc session [ peer-id peer-id ] command to check
NETCONFC session information.
----End
1.1.16.6.8 Example for Configuring a Device to Communicate with ncclient Using
NETCONF
Networking Requirements
When the NMS is used to centrally manage devices on a network that requires
high security and scalability, you can use NETCONF to ensure communication
between the NMS and the devices.
On the network shown in Figure 1-139, the NMS is deployed on the client that
functions as the SSH client. The server functions as the SSH server, which receives
connection requests from and establishes a connection with the SSH client,
implementing configuration file management using NETCONF. SSH is a secure
application-layer protocol, thereby enhancing the reliability of NETCONF.
Figure 1-139 Network diagram of configuration file management using NETCONF
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 570
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Precautions
An SSH user named client001 is used as an example. If password authentication is
used to authenticate the SSH user, the server needs to generate an Elliptic Curves
Cryptography (ECC) key.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IP address for the server interface connecting to the client so
that the Layer 3 route between the client and server is reachable.
2. Configure virtual type terminal (VTY) user interfaces on the server to support
SSH so that SSH users can be managed and monitored with better connection
security.
3. Deploy SSH on the server to improve NETCONF security.
a. Create an SSH user with administrative rights.
b. Create an ECC key pair.
c. Configure an authentication mode for the SSH user.
d. Configure a service type for the SSH user.
4. Enable NETCONF so that the client can log in to the server.
5. Deploy the NMS on the client to implement NMS-based network
management on the client.
6. Log in to the server using the NMS to manage configuration files remotely.
Procedure
Step 1 Configure an IP address for the server interface connecting to the client.
<HUAWEI> system-view
[~HUAWEI] sysname netconf-agent
[*HUAWEI] commit
[~netconf-agent] interface gigabitethernet 0/1/1
[*netconf-agent-GigabitEthernet0/1/1] ip address 10.1.1.1 24
[*netconf-agent-GigabitEthernet0/1/1] quit
[*netconf-agent] commit
Step 2 Configure VTY user interfaces on the server to support SSH.
[~netconf-agent] user-interface vty 0 4
[*netconf-agent-ui-vty0-4] authentication-mode aaa
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 571
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*netconf-agent-ui-vty0-4] protocol inbound ssh
[*netconf-agent-ui-vty0-4] commit
[~netconf-agent] quit
NOTE
After SSH is configured, the device automatically disables the Telnet function.
Step 3 Deploy SSH on the server.
1. Create an SSH user.
# Create the SSH user client001.
[~netconf-agent] ssh user client001
[*netconf-agent] aaa
[*netconf-agent-aaa] local-user client001 password irreversible-cipher ********
[*netconf-agent-aaa] local-user client001 service-type ssh
[*netconf-agent-aaa] local-user client001 privilege level 3
[*netconf-agent-aaa] commit
[~netconf-agent] quit
2. Create an ECC key pair.
[~netconf-agent] ecc local-key-pair create
The key name will be: Host_ECC
% ECC keys defined for Host_ECC already exist.
Confirm to replace them? Please select [Y/N]: Y
The key modulus can be any one of the following: 256, 384, 521.
Key pair generation will take a short while.
Please input the modulus [default=521]:521
[*netconf-agent] commit
After the ECC key pair is created, run the display ecc local-key-pair public
command to check information about the public key in the ECC key pair.
3. Configure an authentication mode for the SSH user.
[~netconf-agent] ssh user client001 authentication-type password
[*netconf-agent] commit
4. Configure a service type for the SSH user.
[~netconf-agent] ssh user client001 service-type all
[*netconf-agent] commit
Step 4 Enable NETCONF on the server.
[~netconf-agent] snetconf server enable
[*netconf-agent] commit
Step 5 Deploy the NMS on the client and log in to the server through the NMS.
The following uses ncclient as an example to describe how to establish a
NETCONF session. Before establishing a NETCONF session, check that the host
(the management network interface on the server) can be pinged to ensure Layer
3 communication between ncclient and the server.
Create an SSH connection with a destination IP address of 10.1.1.1. The
connection uses password authentication, with a username of client001 and a
password of YsHsjx_202206. When the connect function is invoked, the client
connects to the device and automatically establishes a NETCONF session. The
following two examples can be used as references. If a message like "No module
named XXX" is displayed during script running, run the pip install XXX command
to install the required module.
● Example 1: In this example, connection-related parameters are provided
during script execution.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 572
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
a. Create a file named huawei-connect-1.py and copy the following
content to it.
# -*- coding: utf-8 -*-
import sys
from ncclient import manager
from ncclient import operations
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def test_connect(host, port, user, password):
with huawei_connect(host, port=port, user=user, password=password) as m:
n = m._session.id
print("The session id is %s." % (n))
if __name__ == '__main__':
test_connect(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
Relevant parameters are as follows:
▪ host: IP address of the device functioning as a NETCONF server or
the device that is accessed through SSH.
▪ port: number of the port used to establish an SSH connection. The
default port number is 22 if you run the snetconf server enable
command to enable NETCONF, or 830 if you run the protocol
inbound ssh port 830 command to establish a NETCONF
connection.
▪ username: name of the configured SSH user.
▪ password: password of the SSH user.
b. Navigate to the path where the Python file resides and execute the file:
>python huawei-connect-1.py 10.1.1.1 830 client001 YsHsjx_202206
● Example 2: In this example, connection-related parameters are provided in a
script file.
a. Create a file named huawei-connect-2.py and copy the following
content to it.
# -*- coding: utf-8 -*-
import sys
from ncclient import manager
from ncclient import operations
def huawei_connect():
return manager.connect(host="10.1.1.1",
port=830,
username="client001",
password="YsHsjx_202206",
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def test_connect():
with huawei_connect() as m:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 573
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
n = m._session.id
print("The session id is %s." % (n))
if __name__ == '__main__':
test_connect()
b. Navigate to the path where the Python file resides and execute the file:
>python huawei-connect-2.py
----End
----End
Verifying the Configuration
After the preceding configuration is complete, you can log in to the remote device
using NETCONF to manage its configuration files remotely.
Run the following commands on the server (SSH server) to check configuration
information:
# Run the display users command to check information about users who have
logged in to the server.
[~netconf-agent] display users
NOTE:
User-Intf: The absolute number and the relative number of user interface
Authen: Whether the authentication passes
Author: Command line authorization flag
--------------------------------------------------------------------------------
User-Intf Delay Type Network Address Authen Author Username
--------------------------------------------------------------------------------
100 NCA 0 00:02:50 SSH 10.2.2.2 pass yes client001
# Run the display ssh user-information command to check SSH user information.
[~netconf-agent] display ssh user-information
--------------------------------------------------------------------------------
User Name : client001
Authentication-Type : password
User-public-key-name : -
User-public-key-type : -
Sftp-directory :-
Service-type : snetconf
--------------------------------------------------------------------------------
Total 1, 1 printed
# Run the display ssh server status command to check global configurations of
the SSH server.
[~netconf-agent] display ssh server status
SSH Version : 2.0
SSH authentication timeout (Seconds) : 60
SSH authentication retries (Times) :3
SSH server key generating interval (Hours) : 0
SSH version 1.x compatibility : Enable
SSH server keepalive : Disable
SFTP IPv4 server : Disable
SFTP IPv6 server : Disable
STELNET IPv4 server : Disable
STELNET IPv6 server : Disable
SNETCONF IPv4 server : Enable
SNETCONF IPv6 server : Enable
SNETCONF IPv4 server port(830) : Disable
SNETCONF IPv6 server port(830) : Disable
SSH IPv4 server port : 22
SSH IPv6 server port : 22
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 574
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
ACL name :
ACL number :
ACL6 name :
ACL6 number :
SSH server ip-block : Enable
# Run the display netconf capability command to check the capabilities that the
server supports.
[~netconf-agent] display netconf capability
--------------------------------------------------
Capability
--------------------------------------------------
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:base:1.1
urn:ietf:params:netconf:capability:writable-running:1.0
urn:ietf:params:netconf:capability:candidate:1.0
urn:ietf:params:netconf:capability:confirmed-commit:1.0
urn:ietf:params:netconf:capability:confirmed-commit:1.1
urn:ietf:params:netconf:capability:rollback-on-error:1.0
urn:ietf:params:netconf:capability:validate:1.0
urn:ietf:params:netconf:capability:validate:1.1
urn:ietf:params:netconf:capability:startup:1.0
urn:ietf:params:netconf:capability:url:1.0?scheme=file,ftp,sftp
urn:ietf:params:netconf:capability:xpath:1.0
urn:ietf:params:netconf:capability:notification:1.0
urn:ietf:params:netconf:capability:interleave:1.0
urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=report-all&also-supported=report-all-
tagged,trim
urn:ietf:params:netconf:capability:yang-library:1.0?revision=2016-06-21&module-set-id=1903662584
http://www.huawei.com/netconf/capability/sync/1.0
http://www.huawei.com/netconf/capability/sync/1.1
http://www.huawei.com/netconf/capability/sync/1.2
http://www.huawei.com/netconf/capability/sync/1.3
http://www.huawei.com/netconf/capability/exchange/1.0
http://www.huawei.com/netconf/capability/exchange/1.2
http://www.huawei.com/netconf/capability/active/1.0
http://www.huawei.com/netconf/capability/action/1.0
http://www.huawei.com/netconf/capability/discard-commit/1.0
http://www.huawei.com/netconf/capability/execute-cli/1.0
http://www.huawei.com/netconf/capability/update/1.0
http://www.huawei.com/netconf/capability/commit-description/1.0
http://www.huawei.com/netconf/capability/sync-config/1.0
http://www.huawei.com/netconf/capability/sync-config/1.1
http://www.huawei.com/netconf/capability/schema/1.0
--------------------------------------------------
Configuration Scripts
Server
#
sysname netconf-agent
#
aaa
local-user client001 password irreversible-cipher $1d$81&FR0T'4Jo#YvBu
$#xMPY2{x(9PKGM@fU0&PP^BH(*|7W+b1tAM91X+A$
local-user client001 service-type ssh
local-user client001 privilege level 3
#
interface GigabitEthernet0/1/1
ip address 10.1.1.1 255.255.255.255
#
snetconf server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type all
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 575
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.16.7 Configuring NETCONF Authorization
1.1.16.7.1 Understanding HUAWEI-NACM Authorization
NETCONF authorization is a mechanism used to restrict access for particular users
to pre-configured subsets of all available NETCONF protocol operations and
contents.
Overview
Huawei NETCONF Access Control Model (HUAWEI-NACM) supports the following
functions:
● Protocol operation authorization: allows user access within specified
NETCONF protocol operations.
Such operations include <edit-config>, <get>, <sync-full>, <sync-inc>, and
<commit>.
● Module authorization: authorizes users to access specific feature modules,
such as Telnet-client, L3VPN, OSPF, Fault-MGR, Device-MGR, and IS-IS.
● Data node authorization: authorizes users to query and modify specific data
nodes,
such as /ifm/interfaces/interface/ifAdminStatus/devm/globalPara/
maxChassisNum.
The rules for protocol operation authorization and data node authorization can be
configured using commands.
NOTE
By default, HUAWEI-NACM authorization is enabled.
Authorization is performed only for the delivered operations (it is not performed for all the
changed nodes in the model tree). For example, when a delete operation is performed for a
parent node, this operation automatically applies to its child nodes without authorization.
In this case, the data of both the parent node and its child nodes is deleted.
Implementation
HUAWEI-NACM authorization mechanism is similar to the task authorization
mechanism used to regulate command authorization. HUAWEI-NACM
authorization is designed based on the NETCONF access control model.
Authentication, authorization and accounting (AAA) defines tasks, task groups,
and user groups. The task authorization mechanism uses a three-layer permission
control model. This model organizes commands into tasks, tasks into task groups,
and task groups into user groups.
HUAWEI-NACM authorization is implemented based on the task authorization
mechanism. HUAWEI-NACM authorization subscribes to required authorization
information and stores the obtained information in its local data structures.
NETCONF operations are implemented based on NETCONF sessions established
using SSH. HUAWEI-NACM authorization applies only to SSH users.
● The user and user group are associated. After users are added to a user group,
they have the same permissions.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 576
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The operation permissions of a user are defined by the user group to which
the user belongs.
● The user group and task group are associated. A user group consists of
multiple task groups.
● The task group and task are associated.
A task group is a group of tasks. A task can be assigned one or more of the
following permissions when being added to a task group: read, write, and
execute.
Commands for each feature or module belong to a single task. Tasks are pre-
configured and cannot be added, modified, or deleted.
Figure 1-140 and Figure 1-141 show the HUAWEI-NACM authorization
mechanism, which adds NETCONF operation rules and data node rules based on
the task authorization mechanism.
Figure 1-140 HUAWEI-NACM authorization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 577
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-141 HUAWEI-NACM authorization
Benefits
HUAWEI-NACM authorization is a mechanism used to manage the permissions for
specific users to perform NETCONF operations and access NETCONF resources so
that these users can only execute or access a pre-configured subset of NETCONF-
defined protocol operations and capability sets.
1.1.16.7.2 Understanding IETF-NACM Authorization
Overview
IETF-NACM provides simple and easy-to-configure database access control rules. It
helps flexibly manage specific users' permissions to perform NETCONF operations
and access NETCONF resources.
The YANG model defines the capability in the ietf-netconf-acm.yang file.
IETF-NACM supports the following functions:
● Protocol operation authorization: authorizes users to perform specific
NETCONF operations.
Such operations include <get>, <get-config>, <edit-config>, <copy-config>,
<delete-config>, <lock>, and <action>.
● Module authorization: authorizes users to access specific feature modules.
● Data node authorization: authorizes users to query and modify specific data
nodes.
● Notification authorization: authorizes a system to report specified alarms or
events through the notification mechanism.
● Action authorization: authorizes users to define operations for data nodes
through "action" statements.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 578
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Emergency session recovery: authorizes users to directly initialize or repair the
IETF-NACM authorization configuration without the restriction of access
control rules.
Emergency session recovery is a process in which a management-level user or
a user in the manage-ug group bypasses the access control rule and
initializes or repairs the IETF-NACM authorization configuration.
Management-level users are level-3 users.
NOTE
By default, IETF-NACM authorization is disabled and the Huawei-NACM authorization
process is followed. If IETF-NACM authorization is enabled, the IETF-NACM authorization
process is followed.
If IETF-NACM authorization is enabled, this process is followed, and the access permission
on get/ietf-yang-library must be enabled during session establishment. Otherwise, session
establishment fails due to a lack of permissions.
Data Node Access
The access control permissions of IETF-NACM apply only to NETCONF databases
(<candidate/>, <running/>, and <startup/>). The local or remote file or database
accessed using the <url> parameter is not controlled by IETF-NACM.
The access permissions on data nodes are as follows:
● Create: allows a client to add new data nodes to a database.
● Read: allows a client to read a data node from a database or receive
notification events.
● Update: allows a client to update existing data nodes in a database.
● Delete: allows a client to delete a data node from a database.
● Exec: allows a client to perform protocol operations.
NOTE
Authorization is performed only for the delivered operations (it is not performed for all the
changed nodes in the model tree). For example, when a delete operation is performed for a
parent node, this operation automatically applies to its child nodes without authorization.
In this case, the data of both the parent node and its child nodes is deleted.
Components of IETF-NACM
Table 1-74 describes the components and functions of IETF-NACM.
Table 1-74 Description of IETF-NACM components
Name Description
User User defined in the NACM view. The user must be
an SSH user.
IETF-NACM authorizes only users. User
authentication is implemented in AAA.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 579
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Name Description
Group Group defined in the NACM view. This group
instead of a user performs protocol operations in a
NETCONF session.
The group identifier is a group name, which is
unique on the NETCONF server.
A user can be a member of multiple groups.
Global execution control Execution control can be:
● enable-nacm: enables or disables the IETF-
NACM authorization function. After IETF-NACM
authorization is enabled, all requests are
checked. Only the requests allowed by the
control rules can be executed. After IETF-NACM
authorization is disabled, the HUAWEI-NACM
authorization process is followed.
● read-default: sets the permission to view
configuration databases and notifications. If the
value is set to permit, NETCONF databases and
notification events can be viewed. If the value is
set to undo permit, NETCONF databases or
notification events cannot be viewed.
● write-default: sets the permission to modify
configuration databases. If the value is set to
permit, NETCONF databases can be modified. If
the value is set to undo permit, NETCONF
databases cannot be modified.
● exec-default: sets the default execution
permission for RPC operations. If the value is set
to permit, NETCONF operations can be
performed. If the value is set to undo permit,
NETCONF operations cannot be performed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 580
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Name Description
Access control rule There are five access control rules:
● Module name: specifies the control rule of the
YANG module, which is identified using a
module name.
For example, ietf-netconf.
● Protocol operation: specifies the control rule of
a protocol operation, which is identified using
an RPC operation name defined in the YANG
file.
For example, <get> or <get-config>.
● Data node: specifies the control rule of a data
node and whether an "action" statement can be
used to define operations for the data node. The
data node is identified using the XPath defined
in the YANG file.
For example, /ietf-netconf-acm:nacm/ietf-
netconf-acm:rule-list.
● Notification: specifies the control rule of a
notification event, which is identified using an
alarm or event name defined in the YANG file.
For example, hwCPUUtilizationRisingAlarm
defined by huawei-sem.
● Access control operation permission: specifies
the control rule of an operation type for objects
of NACM authorization.
For example, create, delete, read, update, and
exec.
Implementation
After a NETCONF session is established and a user passes the authentication, the
NETCONF server controls access permissions based on the username, group name,
and NACM authorization rule list. Authorization rules are associated with users
through the user group. The administrator of a user group can manage the
permissions of users in the group.
● An IETF-NACM user is associated with an IETF-NACM user group. After users
are added to a user group, they have the same permissions.
● An IETF-NACM user group is associated with an IETF-NACM authorization
rule list.
● An IETF-NACM authorization rule list is associated with IETF-NACM
authorization rules.
Various authorization rules can be added to an IETF-NACM authorization rule
list in the format of combinations. Users associated with the list can use the
rules it contains.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 581
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
IETF-NACM Authorization Process
Figure 1-142 shows the IETF-NACM authorization process.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 582
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-142 Process of IETF-NACM authorization
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 583
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
When a user group and an authorization rule list are traversed, if the username
that is the same as that carried in the request is not found or no rule that matches
the requested operation is detected, the operation performed varies with the
authorized content. For details, see Table 1-75.
Table 1-75 Operations performed for different authorized contents
Authorized Content Operation
Protocol operation ● If the RPC operation defined in the YANG file
contains the "nacm:default-deny-all" statement,
the RPC request is rejected.
● If the requested operation is <kill-session> or
<delete-config>, the RPC request is rejected.
● If the user has the default execution permission of
the RPC operation, the RPC request can be
executed. Otherwise, the RPC request is rejected.
Data node ● If the definition of the data node contains the
"nacm:default-deny-all" statement, the data node
does not support the read or write operation.
● If the definition of the data node contains the
"nacm:default-deny-write" statement, the data
node does not support the write operation.
● If the user has the query permission, the read
operation is allowed. Otherwise, the read
operation is rejected.
● If the user has the configuration permission, the
write operation is allowed. Otherwise, the write
operation is rejected.
Notification ● If the notification statement contains the
"nacm:default-deny-all" statement, the notification
cannot be reported.
● If the user has the query permission, the
notification can be reported. Otherwise, the
notification is discarded.
Action ● If the data node definition contains the
nacm:default-deny-all statement, no action
statement can be used to define operations for the
data node.
● If an action statement can be used to define
operations for a data node, the data node and
each of its parent nodes must have the read
permission, and the data node must also have the
execute permission. If either of the two
permissions is absent, operations for the data node
cannot be defined using the action statement.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 584
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.16.7.3 Configuring HUAWEI-NACM Authorization
Context
After a NETCONF session is established using SSH, all SSH users can use NETCONF
to manage devices, imposing security risks. To resolve this problem, you can
configure NETCONF authorization rules to authorize specific users to perform
NETCONF operations or access NETCONF resources.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the AAA view.
aaa
Step 3 Create a task group and enter the task group view.
task-group task-group-name
Step 4 Configure NETCONF authorization rules for protocol operation and data nodes,
and add the task to the task group.
netconf authorization-rule rule-name { { deny { rpc-operation rpc-oper-name | schema-path data-node-
path } } | { permit { rpc-operation rpc-oper-name | schema-path data-node-path access-operation { read
| write | execute }* } } } [ description description-text ]
Step 5 Return to the AAA view.
quit
Step 6 Commit the configuration.
commit
Step 7 Create a user group and enter the user group view.
user-group user-group-name
Step 8 Add a specified task group to the user group.
task-group task-group-name
Step 9 Return to the AAA view.
quit
Step 10 Commit the configuration.
commit
Step 11 Add the local user to the specified user group.
local-user user-name user-group user-group-name
Step 12 Commit the configuration.
commit
----End
Verifying the Configuration
● Run the display netconf authorization statistics command to check
NETCONF authorization information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 585
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display netconf authorization task-group-rules task-group-name
[ rule-name rulename ] command to check NETCONF authorization
information based on a specified authorization task group.
● Run the display netconf authorization user-group-rules user-group-name
[ rule-name rulename ] command to check NETCONF authorization
information based on a specified authorization user group.
1.1.16.7.4 Configuring IETF-NACM Authorization
Context
NACM authorization is an IETF-defined, more flexible authorization mode. NACM
authorization rules allow you to define NACM authorization rules to control
specific users' permissions to perform NETCONF operations and access NETCONF
resources.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the NETCONF user interface view.
netconf
Step 3 Enter the NACM view.
nacm
Step 4 Enable the NACM function.
nacm enable
Step 5 (Optional) Configure the operation permissions of a user as required.
Table 1-76 A user's operation permissions
Operation Command Description
Configure the user's read-default permit By default, the user's
permission on query permission on query
operations. operations is disabled.
Configure the user's write-default permit By default, a user's
permission on permission on
configuration operations. configuration operations
is disabled.
Configure the user's execute-default permit By default, the user's
default execution permission on RPC
permission on RPC operations is enabled.
operations.
Step 6 Create an NACM user group and enter the NACM user group view.
group-name group-name
Step 7 Create a user in the NACM user group.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 586
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
user-name user-name
Step 8 Exit the NACM user group view.
quit
Step 9 Commit the configuration.
commit
Step 10 Create a NACM authorization rule list and enter the NACM authorization rule list
view.
rule-list-name list-name
Step 11 Associate the NACM user group with the NACM authentication rule list.
group group-name
Step 12 Configure an NACM authorization rule name in the NACM authorization rule list
view.
rule-name rule-name action { permit | deny }
Step 13 (Optional) Configure a description for the NACM authorization rule list.
description description
Step 14 Configure the name of a feature module allowed for access.
module-name module-name
By default, the feature module name is an asterisk (*), indicating all features.
Step 15 Configure an NACM authorization rule type.
rule-type { rpc-name rpc-name | notification-name notification-name | path path }
Step 16 Configure protocol operations.
access-operation { { create | read | update | delete | exec } * | * }
Step 17 Commit the configuration.
commit
----End
1.1.16.8 Maintaining NETCONF
1.1.16.8.1 Enabling NETCONF Operation Log Query
Context
To query NETCONF operation logs, you need to enable NETCONF operation log
query.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable NETCONF.
snetconf server enable
Step 3 Enter the NETCONF user interface view.
netconf
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 587
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Enable NETCONF operation log query.
rpc-message log protocol-operation get
Step 5 Commit the configuration.
commit
----End
1.1.16.9 Examples for Basic NETCONF Operations
This section provides examples for using ncclient to compile a Python script,
connect to a device, establish a NETCONF session, and perform basic operations
such as configuration management, status query, and event notification. The
typical procedure is as follows:
1. Create a .py file (Python script) and import the dependent library.
2. Invoke the connect function to create a NETCONF session through SSH.
3. Construct different RPC messages.
4. Execute the Python script.
For details about how to establish a NETCONF session and execute the Python
script, see Establishing a NETCONF Session.
The following sections describe how to construct messages for different RPC
operations.
1.1.16.9.1 Modifying and Committing the Configuration
Basic Operations
Step 1 Construct the data to be configured, for example, the interface MTU. The
corresponding XPath is /ifm/interfaces/interface.
CREATE_INTERFACE = '''<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1500</mtu>
</interface>
</interfaces>
</ifm>
</config>'''
Step 2 Set the validation mode.
● Two-phase validation mode: You need to run the commit command for the
configuration to take effect after message are delivered.
a. Deliver an <edit-config> message to modify the <candidate/>
configuration database on the server and verify the returned message.
rpc_obj = m.edit_config(target='candidate', config=CREATE_INTERFACE)
_check_response(rpc_obj, 'CREATE_INTERFACE')
b. Run the commit command to commit the configuration.
m.commit()
● Trial running mode: You can perform or cancel trial running after messages
are delivered.
a. Deliver an <edit-config> message to modify the <candidate/>
configuration database on the server and verify the returned message.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 588
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
rpc_obj = m.edit_config(target='candidate', config=CREATE_INTERFACE)
_check_response(rpc_obj, 'CREATE_INTERFACE')
b. Commit trial running data or discard uncommitted data.
▪ Commit trial running data and set a trial running period.
m.commit(confirmed=True, timeout='300')
▪ Discard uncommitted data in the <candidate/> configuration
database.
m.discard_changes()
▪ Commit trial running data and set the persist parameter.
m.commit(confirmed=True,persist='IQ,d4668')
▪ Cancel a <commit> operation that is being acknowledged.
m.cancel_commit(persist_id='IQ,d4668')
In the preceding example, "m" indicates the following:
with huawei_connect(host, port=port, user=user, password=password) as m:
The values of host, port, user, and password are those configured for the
SSH user.
----End
Example
This example shows how to configure a simple Python script to connect to the
device and implement configuration.
# test_edit_config_running.py
import sys
import logging
from ncclient import manager
from ncclient import operations
log = logging.getLogger(__name__)
CREATE_INTERFACE = '''<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1500</mtu>
</interface>
</interfaces>
</ifm>qiant
</config>'''
#Fill the device information and establish a NETCONF session
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def _check_response(rpc_obj, snippet_name):
print("RPCReply for %s is %s" % (snippet_name, rpc_obj.xml))
xml_str = rpc_obj.xml
if "<ok/>" in xml_str:
print("%s successful" % snippet_name)
else:
print("Cannot successfully execute: %s" % snippet_name)
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 589
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
def test_edit_config_running(host, port, user, password):
#1.Create a NETCONF session
with huawei_connect(host, port=port, user=user, password=password) as m:
#2.Send RPC and check RPC reply
rpc_obj = m.edit_config(target='candidate', config=CREATE_INTERFACE)
_check_response(rpc_obj, 'CREATE_INTERFACE')
m.commit()
if __name__ == '__main__':
test_edit_config_running(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
1.1.16.9.2 Displaying Configuration or Status Data
Basic Operations
Step 1 Construct a filtering condition, for example, ifName, and then query details about
all interfaces. The corresponding XPath is /ifm/interfaces/interface.
If you do not need to filter query results, skip this step.
FILTER = '''<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name/>
</interface>
</interfaces>
</ifm>'''
Step 2 Construct a <get> or <get-config> packet and query current running data.
● Construct a <get> packet.
get_reply = m.get(FILTER)
● Construct a <get-config> packet.
get_reply = m.get_config(source='running', filter=(FILTER))
In the preceding example, "m" indicates the following:
with huawei_connect(host, port=port, user=user, password=password) as m:
----End
Example
This example shows how to configure a simple Python script to connect to the
device and implement query.
# test_get.py
import sys
import logging
from ncclient import manager
from ncclient import operations
log = logging.getLogger(__name__)
FILTER = '''<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name/>
<mtu/>
</interface>
</interfaces>
</ifm>'''
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 590
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
# Fill the device information and establish a NETCONF session
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def test_get(host, port, user, password):
#1.Create a NETCONF session
with huawei_connect(host, port=port, user=user, password=password) as m:
n = m._session.id
print("The session id is %s." % (n))
#2.Send get RPC and print RPC reply
get_reply = m.get(("subtree", FILTER))
print(get_reply)
if __name__ == '__main__':
test_get(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
1.1.16.9.3 Maintenance
Basic Operations
Step 1 Construct an RPC action message based on the corresponding data model. In this
example, action is set to save configuration. The corresponding XPath is /save/
filename.
ACTION = '''<rpc message-id="{}" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<save xmlns="urn:huawei:yang:huawei-cfg">
<filename>test.cfg</filename>
</save>
</rpc>'''
Step 2 Deliver the action message.
# Set the message-id for the rpc
msgId = 1001
rpc = ACTION.format(msgId)
# Send RPC
m._session.send(rpc)
----End
Example
This example shows how to configure a simple Python program to connect to the
device and implement maintenance.
# test_action.py
import sys
import logging
import time
from ncclient import manager
from ncclient import operations
log = logging.getLogger(__name__)
ACTION = '''<rpc message-id="{}" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<save xmlns="urn:huawei:yang:huawei-cfg">
<filename>test.cfg</filename>
</save>
</rpc>'''
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 591
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
def test_action(host, port, user, password):
#Fill the device information and establish a NETCONF session
with manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False) as m:
#Set the message-id for the rpc
msgId = 1001
rpc = ACTION.format(msgId)
#Send RPC
m._session.send(rpc)
time.sleep(2)
if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG)
test_action(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
1.1.16.9.4 Subscription Event Notification
Basic Operations
● Construct a notification subscription message.
CREATE_SUBSCRIPTION = '''<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="{}">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<stream>NETCONF</stream>
</create-subscription>
</rpc>'''
● Deliver the notification subscription message.
#Set the message-id for the rpc
msgId = 1001
rpc = CREATE_SUBSCRIPTION.format(msgId)
#create subscription
m._session.send(rpc)
● Wait for notification alarm reporting.
m.take_notification(block=True, timeout=None)
Example
This example shows how to configure a simple Python program to connect to the
device and implement event notification.
# test_notification.py
import sys
import logging
from ncclient import manager
from ncclient import operations
log = logging.getLogger(__name__)
CREATE_SUBSCRIPTION = '''<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="{}">
<create-subscription xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<stream>NETCONF</stream>
</create-subscription>
</rpc>'''
#Fill the device information and establish a NETCONF session
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 592
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def test_notification(host, port, user, password):
#1.Create a NETCONF session
with huawei_connect(host, port=port, user=user, password=password) as m:
#2.Set the message-id for the rpc
msgId = 1001
rpc = CREATE_SUBSCRIPTION.format(msgId)
#3.Send rpc
result = m._session.send(rpc)
#4.Attempt to retrieve one notification
m.take_notification(block=True, timeout=None)
if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG)
test_notification(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
1.1.16.9.5 Configuration Export
Basic Operations
Construct a copy-config message and deliver it.
m.copy_config(source="running", target="file:///1.xml")
Example
This example shows how to configure a simple Python program to connect to the
device and export the configuration.
# test_export_config.py
import sys
from ncclient import manager
#Fill the device information and establish a NETCONF session
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def test_export_config(host, port, user, password):
with huawei_connect(host, port=port, user=user, password=password) as m:
with m.locked("running"):
m.copy_config(source="running", target="file:///1.xml")
if __name__ == '__main__':
test_export_config(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 593
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.16.9.6 Configuration Validation
Basic Operations
Step 1 Construct the data to be configured, for example, the interface MTU. The
corresponding XPath is /ifm/interfaces/interface.
CREATE_INTERFACE = '''<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name></name>
<mtu>1300</mtu>
</interface>
</interfaces>
</ifm>
</config>'''
Step 2 Deliver an <edit-config> message in which the value of <test-option> is set.
rpc_obj = m.edit_config(target='candidate', config=CREATE_INTERFACE, test_option='set')
_check_response(rpc_obj, 'CREATE_INTERFACE')
Step 3 Deliver a validate message.
m.validate(source="candidate")
In the preceding example, "m" indicates the following:
with huawei_connect(host, port=port, user=user, password=password) as m:
----End
Example
This example shows how to configure a simple Python program to connect to the
device and validate the configuration.
# test_validate.py
import sys
import logging
from ncclient import manager
from ncclient import operations
log = logging.getLogger(__name__)
CREATE_INTERFACE = '''<config>
<ifm xmlns="urn:huawei:yang:huawei-ifm">
<interfaces>
<interface>
<name>GigabitEthernet0/1/1</name>
<mtu>1300</mtu>
</interface>
</interfaces>
</ifm>
</config>'''
#Fill the device information and establish a NETCONF session
def huawei_connect(host, port, user, password):
return manager.connect(host=host,
port=port,
username=user,
password=password,
hostkey_verify = False,
device_params={'name': "huaweiyang"},
allow_agent = False,
look_for_keys = False)
def _check_response(rpc_obj, snippet_name):
print("RPCReply for %s is %s" % (snippet_name, rpc_obj.xml))
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 594
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
xml_str = rpc_obj.xml
if "<ok/>" in xml_str:
print("%s successful" % snippet_name)
else:
print("Cannot successfully execute: %s" % snippet_name)
def test_validate(host, port, user, password):
#1.Create a NETCONF session
with huawei_connect(host, port=port, user=user, password=password) as m:
#2.Send RPC and check RPC reply
rpc_obj = m.edit_config(target='candidate', config=CREATE_INTERFACE, test_option='set')
_check_response(rpc_obj, 'CREATE_INTERFACE')
#validate check
m.validate(source="candidate")
m.commit()
if __name__ == '__main__':
test_validate(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
1.1.17 BootLoader Management Configuration
1.1.17.1 Overview of BootLoader
Definition
The BootLoader loads and upgrades system software, and commissions and
checks the system after power-on.
The BootLoader menu contains a series of operational menu options provided by
uBoot, the underlying control software. The uBoot program mainly provides two
functions: system software loading and menu control. During device startup, start
the uBoot program and load the system software through it. The menu control
function is presented by the BootLoader menu to facilitate the loading of system
software.
Purpose
In most cases, you do not need to use the BootLoader menu if the device can be
started normally. However, you can use the BootLoader menu to perform the
following operations:
● Restore or upgrade the system when it stops responding and the CLI cannot
be displayed.
1.1.17.2 Introduction of the BootLoader Menu
You have logged in to the device through the console port.
NOTE
For details about the console port connection mode, see "Logging In to the CLI" in
Configuration Guide - Basic Configurations. If third-party terminal emulation software is
used, set communication parameters correctly. If the parameter settings are incorrect, the
third-party terminal emulation software may enter excess characters when you are using
the BootLoader menu. As a result, BootLoader menu operations will be abnormal.
The actual command output varies depending on the device. The command output
provided in this section is only an example.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 595
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Shortcut Keys
You can use the following shortcut keys in any BootLoader menu:
● Ctrl+C: cancels the current setting.
BootLoader Main Menu
Restart the device. When the message Press Ctrl+B to enter BOOT menu is
displayed, press Ctrl+B within 3 seconds to enter the BootLoader main menu.
Press Ctrl+B to enter BOOT menu: 3
Info: The password is empty. For security purposes, change the password.
New password:
Confirm password:
Warning: The bootloader password will be written to the
device.
Continue now? Yes(y) or No(n): y
The password is changed successfully.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Enter your choice(1-7):
Table 1-77 BootLoader main menu
Item Description
Press Ctrl+B to enter Press Ctrl+B within 3 seconds to access the
BOOT menu BootLoader main menu.
You can access the BootLoader main menu to
perform operations such as a device upgrade when
failing to access the CLI on the device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 596
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Item Description
New password Set the BootLoader password. By default, there is no
Confirm password password. To improve security, set the password as
prompted upon the first login. The password must
contain at least eight characters, including at least
two types of the following: uppercase letters (A to
Z), lowercase letters (a to z), digits (0 to 9), and
special characters, such as exclamation marks (!), at
signs (@), number signs (#), dollar signs ($), and
percent signs (%).
If you enter incorrect passwords for three
consecutive times, the system restarts.
To change or clear the password, access the
Password manager submenu.
NOTE
To prevent unauthorized users from accessing the
BootLoader menu, you are advised to set the password and
update the password periodically after logging in to the
device.
Default startup Perform this operation to directly start the device
using the current configuration.
This operation does not restart the BootLoader, but
continues to start the system.
Serial submenu Access this submenu to change the serial port
transmission rate.
No configuration is required before performing
operations through the serial port. The serial port is
ready once a PC is connected to the device through
the serial port, but the file transmission rate is low.
After the transmission rate on the serial port is
modified, synchronize the transmission rate on the
PC to that on the serial port and re-establish the
connection.
You can perform the following operations:
● Modify baudrate: Modify the transmission rate on
the serial port. The default transmission rate is
9600 bit/s.
● Return: Return to the main menu.
Ethernet submenu Access this submenu to change the system software
or patch file.
This operation features fast file transmission rate,
but you must configure network parameters and an
SFTP or FTP server to ensure that the device and
server are reachable to each other.
For details about the operations that can be
performed after you access this submenu, see
Table2.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 597
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Item Description
Startup parameters Access this submenu to view or modify startup
submenu configuration.
You can perform the following operations:
● Display current startup configuration: Display the
system software, configuration file, and patch file
for device startup.
● Modify the startup file: Modify the system
software.
● Modify the configuration file: Modify the
configuration file.
● Modify the patch file: Modify the patch file.
● Return: Return to the main menu.
NOTE
The system software, configuration file, and patch file to
be set must exist on the storage device. Otherwise, the
setting fails.
To clear the current value, enter a period (.). To cancel the
operation under this menu, press Ctrl+C. To make the
current configuration take effect, press Enter.
List file Access this submenu to view the list of all files in the
flash memory.
Password manager Access this submenu to change the password for
submenu accessing the BootLoader menu, preventing
unauthorized users from accessing the BootLoader
menu.
You can perform the following operations:
● Modify bootloader password: Change the
password for accessing the BootLoader menu.
● Clear the console login password: Clear the
password for logging in to the device through the
console port when the login fails due to password
loss.
● Reset bootloader password: Clear the password of
the BootLoader menu.
● Return: Return to the main menu.
NOTICE
To prevent the console port login password from being
maliciously tampered with, keep the BootLoader password
in a safe place.
Reboot After you select Reboot, the BootLoader restarts and
the system continues to start. In most cases, you are
not advised to perform this operation.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 598
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-78 Ethernet submenu
Item Description
Update software When no system software or patch file exists in the
storage medium, access this menu to download the
required file from the server and specify the
downloaded file for next startup. The device will
start using this file.
If you do not need to specify the new system
software or patch file, press Enter and continue
operations. The device starts using the running
system software or patch file.
You can perform the following operations:
● Update system software: Upgrade the system
software.
● Update system software with disk format: Format
the flash memory and upgrade the system
software.
● Return: Return to the previous menu.
NOTICE
After the storage medium is formatted through the
Ethernet interface, all data in the storage medium,
including history system software and configuration files, is
deleted. Exercise caution when formatting the storage
medium.
Display parameters View Ethernet interface parameters.
You can use this menu to view the FTP service type,
IP address of the SFTP or FTP server, IP address of
the Ethernet port on the device, FTP username, and
FTP password.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 599
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Item Description
Modify parameters Modify Ethernet interface parameters. To enhance
security, you are advised to select SFTP as the FTP
service type.
● FTP type: indicates the FTP service type. The
value 0 indicates SFTP, and the value 1 indicates
FTP The default value is 0(SFTP).
● Server IP address: indicates the server IP address.
● Local IP address: indicates the IP address of the
local device.
● Local IP mask: indicates the IP address mask of
the local device.
● FTP username: indicates the username used to
log in to the FTP server.
● FTP password: indicates the password used to log
in to the FTP server.
NOTE
SFTP is recommended because it is more secure than FTP.
When setting Ethernet port parameters, do not enter
spaces in parameter values.
To clear the current value, enter a period (.). To cancel the
operation under this menu, press Ctrl+C. To make the
current configuration take effect, press Enter.
Return Return to the main menu.
1.1.17.3 Example for Changing the BootLoader Password During First Login
Networking Requirements
By default, the BootLoader has no password, and you are required to set one upon
the first login. To prevent unauthorized users from accessing the BootLoader
menu, you need to change the password periodically.
As shown in Figure 1-143, the serial port on a PC connects to the console port on
a device, and the network port on the PC connects to the management Ethernet
port on the device. You can log in to the device through the terminal emulation
software to change the BootLoader password.
Figure 1-143 Connecting a PC to a device through a console port
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 600
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTICE
After changing the password, ensure that it is retained securely.
For device security purposes, change the password periodically.
The actual command output varies depending on the device. The command
output provided in this section is only an example.
Procedure
Step 1 Log in to the device through the console port. When the message Press Ctrl+B to
enter BOOT menu is displayed during device startup, press Ctrl+B within 3
seconds to access the BootLoader main menu. Access the password management
submenu, enter the old password, and then enter the new password.
Press Ctrl+B to enter BOOT menu: 3
Info: The password is empty. For security purposes, change the password.
New password:
Confirm password:
Warning: The bootloader password will be written to the
device.
Continue now? Yes(y) or No(n): y
The password is changed successfully.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Enter your choice(1-7): 6 //Access the password management submenu.
Password manager submenu
1. Modify bootloader password
2. Reset bootloader password
3. Clear the console login password
0. Return
Enter your choice(0-3): 1
Old password: //Enter the old password.
New password: //Enter a new password. The new password cannot be the same as the old
password.
Confirm password:
Warning: The bootloader password will be written to the
device.
Continue now? Yes(y) or No(n): y
The password is changed successfully.
----End
Verifying the Configuration
You can use the new password to log in to the Bootloader menu.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 601
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.17.4 Example for Upgrading the System Software Through the
BootLoader Menu
Networking Requirements
The BootLoader menu enables you to upgrade the system software. This is useful
if you cannot access the command line interface (CLI) through the console port or
the system restarts repeatedly.
As shown in Figure 1-144, the serial port on a PC connects to the console port on
a device, and the network port on the PC connects to the management Ethernet
port on the device. You can log in to the device through the terminal emulation
software. The PC is configured as the FTP server, and the system software required
for the upgrade is copied to the FTP working directory.
NOTE
To enhance security, you are advised to select SFTP as the FTP service type.
The actual command outputs vary depending on the device. The command outputs
provided in this section are only examples.
Figure 1-144 Connecting a PC to a device through a console port
Procedure
Step 1 Restart the device. When the message Press Ctrl+B to enter BOOT menu is
displayed during device startup, press Ctrl+B within 3 seconds to access the
BootLoader main menu.
Press Ctrl+B to enter BOOT menu: 3
Info: The password is empty. For security purposes, change the password.
New password:
Confirm password:
Warning: The bootloader password will be written to the
device.
Continue now? Yes(y) or No(n): y
The password is changed successfully.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Enter your choice(1-7):
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 602
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Set FTP parameters on the device for setting up an SFTP connection with the PC.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Enter your choice(1-7): 3 //Access the Ethernet interface submenu.
Ethernet submenu
1. Update software
2. Display parameters
3. Modify parameters
0. Return
Enter your choice(0-3): 3 //Access the submenu for modifying parameters.
NOTE:
Net type define:
0(SFTP) 1(FTP)
Please check network parameters:
ENTER = no change; '.' = clear; Ctrl+C = quit
FTP type(0:SFTP 1:FTP) : 0 - //Specify SFTP as the FTP service type.
Server IP address : 192.168.1.12 - //Set the server IP address.
Local IP address : 192.168.1.110 - //Set the IP address of the local device.
Local IP mask : 255.255.255.0 - //Configure the IP address mask of the local device.
FTP username : root - //Set the username of the FTP server.
Step 3 Download the system software required for the upgrade from the server. The
device then starts with the system software.
Ethernet submenu
1. Update software
2. Display parameters
3. Modify parameters
0. Return
Enter your choice(0-3): 1 //Access the update software submenu.
Update software
1. Update system software
2. Update system software with disk format
0. Return
Enter your choice(0-2): 1 //Access the update system software submenu.
Current startup file is "software.cc".
Please input file name: softwarenew.cc //Enter the name of the system software required for the
upgrade.
Current patch file is "patchfile.PAT".
Please input patch name: //Enter the name of the patch file, or press Enter if patch
update is not required.
----End
Verifying the Configuration
After the device starts, run the display version command in the CLI to check
whether the device version is the target version.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 603
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.17.5 Example for Clearing the Console Port Login Password Through the
BootLoader Menu
Networking Requirements
If you attempt to log in to a device through the console port but enter an
incorrect console port login password, the login fails. If you cannot remember the
correct console port login password, you can access the BootLoader menu to clear
it. As shown in Figure 1, a PC is connected to a device through the console port,
and the device is powered on.
NOTE
The actual command outputs vary depending on the device. The command outputs
provided in this section are only examples.
Figure 1-145 Connecting to a device through the console port
Procedure
Step 1 Restart the device. When the message Press Ctrl+B to enter BOOT menu is
displayed during device startup, press Ctrl+B within 3 seconds to access the
BootLoader main menu.
Press Ctrl+B to enter BOOT menu: 3
Info: The password is empty. For security purposes, change the password.
New password:
Confirm password:
Warning: The bootloader password will be written to the
device.
Continue now? Yes(y) or No(n): y
The password is changed successfully.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Enter your choice(1-7):
Step 2 In the BootLoader main menu, enter 6 to access the password manager submenu.
Main Menu
1. Default startup
2. Serial submenu
3. Ethernet submenu
4. Startup parameters submenu
5. List file
6. Password manager submenu
7. Reboot
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 604
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Enter your choice(1-7): 6 //Access the password manager submenu.
Password manager submenu
1. Modify bootloader password
2. Reset bootloader password
3. Clear the console login password
0. Return
Enter your choice(0-3):
Step 3 In the password manager submenu, enter 3 to access the Clear the console login
password menu.
Password manager submenu
1. Modify bootloader password
2. Reset bootloader password
3. Clear the console login password
0. Return
Enter your choice(0-3): 3
Caution: A new console password must be set after the restart.
Continue now? Yes(y) or No(n):
Step 4 In the Clear the console login password menu, enter y to continue the device
startup.
Caution: A new console password must be set after the restart.
Continue now? Yes(y) or No(n): y
Password: //Enter the BootLoader password and press Enter to continue device startup.
Step 5 After the device starts, log in to the device and reset the console port login
password.
<HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[*HUAWEI-ui-console0] set authentication password
Please configure the login password (8-16)
Enter Password:
Confirm Password:
[~HUAWEI-ui-console0] commit
[~HUAWEI-ui-console0] return
Step 6 Save the configuration to prevent configuration loss after restart.
<HUAWEI> save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y
Now saving the current configuration to the slot 15
Info: Save the configuration successfully.
----End
Verifying the Configuration
After the configuration is complete, you can use the new password to log in to the
device through the console port.
1.1.18 Device Management Configuration
1.1.18.1 Device Management Description
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 605
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.18.1.1 Device Anti-Theft
Background
The theft of network devices can have severe consequences on network
operations, interrupting service continuity and affecting user experience. Stolen
devices are often sold on the black market and subsequently used illegally. The
device anti-theft function restricts the services of stolen devices upon
unauthorized use, thereby reducing the possibility of device theft.
NOTE
This feature is supported only by the NetEngine 8000 M8, NetEngine 8000 M14, NetEngine
8000E M8, NetEngine 8000E M14.
Definition
● Device anti-theft: By restricting the unauthorized use of stolen devices, the
anti-theft function reduces the possibility of device theft because unusable
devices have little value on the black market.
● The Rivest-Shamir-Adleman (RSA) encryption algorithm, an asymmetric
cryptographic algorithm, is widely used in public key encryption standards and
e-commerce. This algorithm can defend against all known password attacks
and is recommended as the public key data encryption standard by the
International Organization for Standardization (ISO).
Device Anti-Theft Fundamentals
You can either apply for public and private keys from a third-party company or use
an NMS to generate public and private keys through the RSA algorithm. The
public key is loaded to a device, and the private key is used by the NMS. After the
anti-theft function is enabled on the device, the device authenticates the NMS.
The NMS can manage the device only after the authentication succeeds. If the
authentication fails, the device cannot work normally. The public and private key
pair functions like a locking mechanism on the device. Only the correct key can be
used to open the lock. If an incorrect key is used, the device cannot be used.
Figure 1-146 Device anti-theft
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 606
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the device anti-theft function is enabled for the main control board of a
device, the function is automatically enabled for the service boards that support
the function.
Benefits
● Device anti-theft offers the following benefits to carriers:
– Reduces device theft and protects device investment.
– Ensures network stability.
● Benefits to users
Ensures service continuity.
1.1.18.2 Device Management Configuration
To allow devices to run stably, device management is required in routine
maintenance to expose potential hazards, in addition to proper network planning,
familiarizing yourself with the concept and operations of device management
helps you manage the device effectively and efficiently.
1.1.18.2.1 Overview of Device Management
Device management requires maintenance personnel to check alarms and take
measures accordingly to ensure that the device is running safely, stably, and
reliably.
Concept
Stable operation of the router depends on the mature network planning and
routine maintenance. In addition, fast detection of potential hazards is necessary.
Maintenance personnel must check alarm information immediately and deal with
faults properly to keep the device in normal operation and reduce the failure rate.
Then the system runs safely, stably, and reliably.
Device Management Operations
Device management operations include power-off operation, device monitoring,
device restart, board reset. These operations ensure the smooth device operation.
● Power-off operation
You can power on or power off a board using command lines to perform hot
swapping without interrupting services of the board with power on the router.
● Master/slave switchover
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M supports the
backup technology. The main control boards work in 1:1 backup mode, which
is the precondition of the master/slave switchover in the system.
● Device monitoring
In routine maintenance, you can run display commands to view the working
status of the router. This helps maintenance personnel fast locate the fault
during the troubleshooting procedure.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 607
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Device restart
In some special cases, for example, in system upgrade, a router must be
restarted for the configuration to take effect. In addition to being restarted
after being powered off, the NetEngine 8100 M, NetEngine 8000E M,
NetEngine 8000 M can be restarted through command lines.
● Board reset
When a board on the device malfunctions and cannot automatically recover,
it is recommended that the board be reset.
1.1.18.2.2 Configuration Precautions for Device Management
Feature Requirements
Table 1-79 Feature requirements
Feature Requirements Series Models
Do not insert, remove, power on, power off, or NetEngin NetEngine 8000
reset a board during the upgrade of the board e 8000 M M14/NetEngine
firmware. Otherwise, the board is damaged. In 8000 M14K/
this case, you need to run commands to NetEngine 8000
upgrade the board again or return the board M4/NetEngine
for repair. During a board firmware upgrade, a 8000 M8/
message is displayed when an attempt is made NetEngine 8000
to power on, power off, or reset the board by M8K/NetEngine
running the corresponding command. 8000E M14/
NetEngine 8000E
M8
Only one user is allowed to run an upgrade NetEngin NetEngine 8000
command at the same time. During the e 8000 M M14/NetEngine
upgrade of the board firmware, if the upgrade 8000 M14K/
command is delivered again, the corresponding NetEngine 8000
prompt is displayed. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
There is an extremely low probability that the NetEngin NetEngine 8000
electronic label fails to be manually loaded. If e 8000 M M14/NetEngine
the electronic label fails to be manually 8000 M14K/
loaded, execute the command for loading the NetEngine 8000
electronic label again. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 608
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
During the upgrade of the power module, do NetEngin NetEngine 8000
not perform operations such as power-off, e 8000 M M14/NetEngine
removal and insertion, switchover, and restart 8000 M14K/
to terminate the upgrade. NetEngine 8000
If the power module upgrade is terminated M4/NetEngine
abnormally, the power module upgrade will 8000 M8/
fail and the power module software may fail to NetEngine 8000
be restored. M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.18.2.3 Powering Off a Board
When a board fails or needs maintenance or a hardware upgrade, you need to
power off the board. Then, you can remove the board.
Usage Scenario
Determine the board to be powered off according to the actual situation.
In VS mode, this configuration process is supported only by the admin VS.
● Power off the main control board.
The device adopts 1:1 redundancy of main control boards. In the device
operation, one main control board functions as the master one and the other
functions as the slave one. You need to remove the main control board in any
of the following situations:
– The main control board needs maintenance, for example, dust cleaning.
– The hardware of the main control board needs an upgrade, for example,
memory capacity expansion.
– The main control board fails.
CAUTION
The router cannot work with a single main control board for a long time. If
the main control board fails, the entire system is broken down. Therefore,
after the slave main control board is powered off, you must finish required
operations and restore the slave main control board immediately.
● Power off the interface board.
Power off the interface board in any of the following situations:
– The interface board needs maintenance, for example, dust cleaning.
– The interface board fails and needs to be repaired or replaced.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 609
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Pre-configuration Tasks
Before powering off the board, complete the following tasks:
● Check the slot of the board to be powered off.
● Prepare a slave board if the board needs to be replaced.
Procedure
● Power off the main control board.
a. Run the system-view command to enter the system view.
b. (Optional) Run the slave switchover command to perform the master/
slave switchover.
This command is supported only on the Admin-VS.
Before powering off the main control board, you need to run the display
device command to view the status of the main control board. If the
main control board is the master main control board, perform the
master/slave switchover first.
c. Run the quit command to return to the system view.
d. Run the power off slot slot-id command to power off the slave main
control board.
● Power off the interface board.
After preparing a spare interface board, you can power off the interface
board.
a. Run the power off slot slot-id [ card card-id ] command to power off the
interface board
NOTE
If there is no terminal on the deployment site, you can power off the interface board
by pressing the OFL button. The OFL button is in the upper part of the panel of the
interface board. Press and hold the button for six seconds. If the OFL indicator lights, it
indicates that the interface board is powered off.
----End
Verifying the Configuration
After the power-off operation, run the display device command. If the slave main
control board is in the abnormal state, it means that the operation succeeds.
1.1.18.2.4 Changing the Password of the BootROM Menu
When you log in to the BootROM system for the first time, the device requires you
to set a password for the BOOTROM menu. If you need to change the password,
perform the following operations:
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 610
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run set boot password slot slot-id
The BootROM menu password is set for the main control board based on the slot
ID.
You can run the display device command to view slot information.
NOTE
The BootROM menu refers to the Ctrl+B menu.
For the Ctrl+B menu:
● When the device starts, press Ctrl+B and use the set password to enter the Ctrl+B menu
to change the password.
● When you log in to the Ctrl+B menu for the first time, you are required to set a
password. If the password is not set, the Ctrl+B menu cannot be accessed.
● After the device is upgraded, the password of the Ctrl+B menu before the upgrade is
still valid. You are advised to change the password after the upgrade.
● The password must be a string of eight or more characters that contain at least two of
the following: uppercase letters, lowercase letters, digits, and special characters.
● You can press Ctrl+R to restore the factory settings and clear the password configured
by a user.
----End
1.1.18.2.5 (Optional) Configuring the Default Slot Number for the SMB
You can set the default slot number of the SMB for the system restart.
Usage Scenario
If both main boards are available, the system determines which one is to be the
SMB when the router restarts. Set the default slot number of the SMB using the
command mentioned in this section.
In VS mode, this configuration task is supported only by the admin VS.
Pre-configuration Tasks
By configuring the default slot number for the SMB, complete the following tasks:
● Install the router and power it on.
● Ensure that both main boards are available.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run slave default slotid
The default slot number for the SMB is configured.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 611
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration
After configuring the default slot number of the SMB, check the configurations.
Run the display slave default command to check the default slot number of the
SMB.
1.1.18.2.6 Managing Online Devices
Manage online devices to ensure that the network works normally.
Usage Scenario
You can manage online devices by checking information about the device or
resetting a board to ensure that the network works normally.
Pre-configuration Tasks
Before managing online devices, install the router and power it on.
Checking Device Versions
You can check the system software version and hardware and software versions of
each component.
Procedure
Step 1 Run the display version [ slot slot-id ] command to check versions of the router.
You can run the display version [ slot slot-id ] command in any view to check
versions of the router. Versions of the router include:
● System software version
● Hardware and software versions of the main control boards
● Hardware and software versions of fan modules, and hardware version of the
backplane.
----End
Checking Basic Device Information
You can check basic information about the device, including the status of the
entire device and basic information about a module (for example, power module
or fan module) in a certain slot.
Procedure
Step 1 Run the display device [ pic-status | slot-id ] command to check basic
information about the router.
In practice, you can run this command in any view to view basic information about
the device. slot-id specifies the slot ID of a module.
● Run the display device slot-id command to view basic information of a board.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 612
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display device pic-status command to check basic information about
the subcards of each LPU on the router.
----End
Checking Electronic Labels
The electronic label of a board shows the type, bar code, Bill of Material (BOM)
code, description, production date, supplier name, issuing number, Common
Language Equipment Identification (CLEI) code, and sales BOM code of the board.
Context
In VS mode, this chapter applies only to the admin VS.
Procedure
Step 1 Run display elabel [ slotid | backplane | brief ]
The electronic label information is displayed.
You can run this command in the user view to check the electronic label of a
board. slotid specifies the slot ID of the board whose electronic label is to be
displayed.
NOTE
For the slot ID range of the router, see the Hardware Description.
Information in the electronic label of a board includes the type, bar code, BOM
number, description, production date, supplier name, issuing number, Common
Language Equipment Identification (CLEI) code, and sales BOM number of the
board.
Step 2 Run display elabel optical-module { brief | interface ifnum }
The electronic label of an optical module is displayed.
----End
Checking the Software Package ID
A software package ID uniquely identifies a software package and is the same as
the software package name released on the software package release platform.
Procedure
Step 1 Run display software info
The software package ID is displayed.
----End
Checking Memory Usage
During the routine maintenance of the device or when the device cannot run
normally, you can view the memory utilization statistics and the memory usage
configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 613
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
● You can view the memory usage in any of the following methods:
– Run the display memory-usage [ slave | slot slot-id ] command to view
the memory utilization statistics.
– Run the display memory-usage threshold [ slave | slot slot-id ]
command to view the memory usage threshold configuration.
NOTE
You can run the set memory-usage threshold threshold-value [ restore restore-
threshold-value ] [ slot slot-id ] command to set the overload threshold and
alarm recovery threshold of memory usage.
----End
Checking CPU Usage
During the routine maintenance of the device or when the device cannot run
normally, you can view the CPU utilization statistics and the CPU usage
configuration.
Procedure
● You can view the CPU utilization statistics and the CPU usage configuration in
any of the following methods:
– Run the display cpu-usage service [ slave | slot slot-id ] command to
view the CPU usage based on service types.
– Run the display cpu-usage history [ 1hour | 24hour | 72hour ] [ slave |
slot slot-id ] command to view CPU usage statistics within a period.
– Run the display cpu-usage configuration [ slave | slot slot-id ]
command to view the CPU usage configuration of a main control board
or interface board.
NOTE
You can run the set cpu-usage threshold threshold-value [ restore restore-
threshold-value ] [ interval interval-value ] [ slave | slot slot-id ] command to
set the overload threshold and alarm recovery threshold of CPU usage.
----End
Displaying the Usage of System Process Resources
This section describes how to view the usage of system process resources in
routine maintenance.
Procedure
● Run the monitor process information [ slot slotid | slave ] [ interval
intervalValue ] command to dynamically monitor the usage of system process
resources.
In VS mode, this command is supported only by the admin VS.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 614
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Checking Device Temperatures
By checking device temperatures, you can view the current temperature status,
temperature alarm threshold, and actual temperature of each board.
Procedure
Step 1 Run display temperature lpu, display temperature ap-id, display temperature
ipu
The working temperature of each module on the specified board is displayed.
In practice, you can run the display temperature command in any view to check
the current working temperatures of the router. The temperature information
includes the following contents:
● Current temperature status of a board
● Alarm threshold of the board temperature
● Actual temperature of the board
----End
Checking Device Voltages
By checking the voltage status of each board on the device, you can know the
number of voltage sensors for boards, voltage sensors in use, working status of
voltage sensors, alarm threshold of voltage, actual voltage, and normal working
temperature of voltage sensors.
Procedure
Step 1 Run display voltage lpu, display voltage ap-id, display voltage ipu
The voltage status of the specified board is displayed.
In practice, you can run the display voltage command in any view to check the
voltage status of all the boards on the router. The voltage information includes
the following:
● Number of voltage sensors for the boards
● Working voltage sensors for the boards
● Working status of voltage sensors for the boards
● Alarm threshold of the board voltage
● Actual board voltage
● Normal working temperature of the voltage sensors
----End
Checking a Power Module
By checking information about a power module of the device, you can view the
slot ID of the power module, whether the power module is in position, the
working mode of the power module, and the status of the cable for the power
module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 615
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Context
In VS mode, this chapter applies only to the admin VS.
Procedure
Step 1 Run the display power command to check the status of the power module for the
router.
The displayed information includes the following:
● Slot ID of the power module
● Whether the power module is in position
● Working mode of the power module
● Status of the cable for the power module
----End
Checking the Channel Status in the System
You can check the channel status in the system to determine whether the system
is running properly.
Context
In VS mode, only the admin VS supports the following procedure.
Procedure
Step 1 Run the check lcm channel command to check the status of all channels in the
system.
----End
Checking the Dying Gasp Alarm Information of a Device
This section describes how to check the dying gasp alarm information of a device.
Prerequisites
SNMP and the function of sending traps to the NMS have been correctly
configured on the device. For details, see 1.1.15.6.2 Configuring Basic SNMPv3
Functions.
Context
In actual application scenarios, box-shaped devices at the edge of a network are
prone to power failures due to poor power supply conditions. Through the NMS,
users can find that a device is unreachable after a period of time, but cannot
determine whether the fault is caused by a device fault (power-off) or a network
fault (fiber cut). To resolve this problem, the dying gasp function can be used.
With this function, after a device is powered off, the forwarding component sends
a dying gasp alarm to the NMS during the time (3 ms) where the capacitor
continues to supply power to the main control board.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 616
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
This function does not apply to the NetEngine 8000 M4.
Procedure
Step 1 Run display dying-gasp information
The dying gasp alarm information is displayed, including the IP address of the
NMS server that received the dying gasp alarm, the name of the user who sent
the dying gasp alarm, and the name of the VPN channel through which the SNMP
packet was sent.
----End
Restarting the Device
After the software of a router is upgraded, restart the router to validate the
configurations.
Context
NOTICE
Be cautious to use the reboot command because it can break down the entire
network for a short period. In addition, check whether configuration files need be
saved before restarting the device.
In VS mode, this chapter applies only to the admin VS.
Procedure
Step 1 Run reboot
The device is immediately restarted.
After the reboot command is run, the system checks whether the current
configuration is consistent with the configuration saved in the configuration file. If
the configuration is inconsistent with the configuration saved in the configuration
file, the system prompts you to save the current configuration. The system then
prompts you to confirm whether to save the current configuration in the
configuration file to be activated next time.
----End
Resetting a Board
During device maintenance, you can use a certain command to reset a board.
Before resetting a board, you need to save the configuration file on the board to
ensure that the configuration can automatically recover after the board is reset.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 617
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Background Information
When an operating board of the device fails, you are recommended to reset the
board by using the reset slot command.
In VS mode, this chapter applies only to the admin VS.
CAUTION
You need to back up important data before resetting a board.
Procedure
Step 1 Run the reset slot slot-id slot-id [ card card-id ] command in the user view to
reset the faulty board or subcard.
NOTE
● If this command is run to reset a master main control board and no slave main control
board exists, the master main control board is reset with the CPU being powered on. If a
slave main control board exists, this command performs the master-slave main control
board switchover.
● If the board is still abnormal after being reset, contact Huawei technical support
personnel.
----End
(Optional) Querying Board Resource Usage
This section describes how to query board resource usage.
Context
If a device is connected to the NMS, you can view board resource usage of the
device. If the device is not connected to the NMS, you can view board resource
usage of the device using a command.
Procedure
Step 1 In the user view, run the display table resources information command to check
the board resource usage.
----End
(Optional) Configuring Memory Usage Reliability
This section describes how to configure the notification threshold, overload
threshold, and exception threshold for memory usage reliability.
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 618
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run memory-usage reliability switch on
The memory usage reliability function is enabled.
Step 3 Run memory-usage reliability notice-threshold notice-threshold-value
overload-threshold overload-threshold-value exception-threshold exception-
threshold-value notice-recover notice-recover-value overload-recover overload-
recover-value exception-recover exception-recover-value [ slot slotId ]
The notification, overload, and exception thresholds and their recovery thresholds
are configured for memory usage reliability.
When the memory usage reaches the notification threshold or overload threshold,
the device notifies all components of the information about the components (a
maximum of 10 components) whose memory usage is greater than 5%. When the
memory usage of a board reaches the exception threshold, the board resets.
Step 4 Run memory-usage reliability slave-switch-over threshold threshold-value
The memory usage threshold for preferentially triggering an active/standby board
switchover is set.
If the memory usage of the standby board is lower than the set threshold and the
memory usage of the active board exceeds the overload threshold, an active/
standby board switchover is performed.
----End
Follow-up Procedure
Run the display current-configuration command to check the status and
thresholds of memory usage reliability.
(Optional) Configuring the Level-1 and Level-2 Notification Thresholds and
Detection Period for CPU Overload
This section describes how to configure the level-1 and level-2 notification
thresholds and detection period for CPU overload.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run set cpu-reliability first-recover first-recover-value first-alarm first-alarm-
value second-recover second-recover-value second-alarm second-alarm-value
period period-value [ slave | slot slotId ]
The level-1 and level-2 notification thresholds and their recovery thresholds as
well as the detection period are set for CPU overload.
----End
Follow-up Procedure
Run the display current-configuration command to check the level-1 and level-2
notification thresholds for CPU overload.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 619
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.18.2.7 (Optional) Configuring Automatic Board Power Off Under High
Temperature
This section describes how to configure automatic board power off under high
temperature, protecting boards from high temperature.
Context
The high-temperature working environment reduces the board lifespan. You can
run the display temperature command to view the temperature alarm thresholds
on each board. The alarm levels are minor, major, and fatal. When the board
temperature is higher than a specific threshold, the corresponding level of alarm
occurs. When the temperature is 5°C below the alarm threshold, the alarm is
cleared. After this function is enabled, a board powers off automatically when
temperatures of three or more monitoring nodes on the board are 5°C above the
fatal high temperature alarm threshold.
In VS mode, this configuration process is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run high-temperature power-off enable
Automatic board power off under high temperature is enabled.
----End
Example
Run the display temperature command to check temperature information.
1.1.18.2.8 Configuring the Detection of the Channel Status of the Slave Main
Control Board
This section describes how to enable the master main control board to check or
disable the master main control board from checking whether the slave main
control board is registered within 30 minutes.
Context
When an main control board is damaged, relevant spare parts need to be
replaced. As spare parts of the specified version are usually not delivered, the
received spare parts may be of a VRP V5 version. During the upgrade, the upgrade
process may be long if it involves operations, such as system upgrading, CF card
formatting, and file copy. If the master main control board detects no bootp
packets from the slave main control board, it resets the slave main control board
during the upgrade process. A command is provided to enable or disable the
monitoring function.
In VS mode, this configuration task is supported only by the admin VS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 620
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● After you configure this command, the master main control board will not reset the
slave main control board, if the slave main control board is not registered within 30
minutes.
● After you disable the monitoring function, it can be enabled through the specified
command or by restarting the device.
Procedure
Step 1 Run board-channel-check disable
The master main control board is disabled from checking whether the slave main
control board is registered within 30 minutes.
----End
Verifying the Configuration
Run the display board-channel-check command to detect whether the master
main control board can check that the slave main control board is registered
within 30 minutes.
1.1.18.2.9 Configuring the Alarm Threshold for the CPU Usage of a Board
This section describes how to configure the alarm threshold for the multi-core
CPU usage of a board regardless of service types.
Context
Configuring the alarm threshold for the multi-core CPU usage of a board
regardless of service types helps learn the CPU usage information. When the
multi-core CPU usage is high, measures such as expending board capacity or
adjusting services need to be taken timely to ensure proper service running.
In VS mode, this configuration process is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run forward alarm cpu-usage multi-core thresholdthreshold-value
The alarm threshold for the average usage across a multi-core CPU of the board
regardless of service types is configured.
Step 3 Optional: Run forward alarm cpu-usage multi-core { log | trap } disable
The function to report alarms or generate logs when the multi-core CPU usage
reaches the threshold regardless of service types is disabled.
Step 4 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 621
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.18.2.10 Configuring the Alarm Threshold for the Usage of a Single CPU on a
Board
This section describes how to configure the alarm threshold for the usage of a
single CPU core on a multi-core CPU-equipped board.
Context
When the usage of a single CPU core on a multi-core CPU-equipped board is too
high, measures must be taken to expand board capacity or adjust services to
ensure proper service running.
In VS mode, this configuration process is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run forward alarm vcpu-usage multi-core threshold threshold-value
The alarm threshold for the usage of a single CPU core on a multi-core CPU-
equipped board is configured.
Step 3 Optional: Run undo forward alarm vcpu-usage multi-core threshold
The default alarm threshold for the usage of a single CPU core on a multi-core
CPU-equipped board is restored.
Step 4 Run commit
The configuration is committed.
----End
1.1.18.2.11 Configuring Alarm Thresholds for Board Performance
You can configure alarm thresholds for the forwarding performance resource
usage, packet reassembly resource usage, traffic bandwidth on an entire board,
and value-added service bandwidth.
Context
Configuring alarm thresholds for the forwarding performance resource usage,
packet reassembly resource usage, traffic bandwidth on an entire board, and
value-added service bandwidth helps you learn the board performance in time. If
a performance threshold-crossing alarm is generated, take immediate measures to
prevent running services from being affected.
In VS mode, this configuration process is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 622
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run forward-alarm slot slot-id performance usage-rate alarm on onrate off
offrate
An alarm threshold is configured for the forwarding performance resource usage.
Step 3 Run forward-alarm slot slot-id packet reassembly resources usage-rate alarm
on onrate off offrate
An alarm threshold is configured for the packet reassembly resource usage.
Step 4 Run forward-alarm slot slot-id board flow output bandwidth usage-rate alarm
on onrate off offrate
An alarm threshold is configured for the traffic bandwidth on an entire board.
Step 5 Run forward-alarm slot slot-id service channel bandwidth usage-rate alarm on
onrate off offrate
An alarm threshold is configured for the value-added service bandwidth on a
board.
Step 6 Run commit
The configuration is committed.
----End
1.1.18.2.12 Configuring the Threshold of Memory Usage
You can set the memory usage threshold to monitor the memory usage.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run set memory-usage threshold threshold [ restore restore-threshold-value ]
[ slot slot-id ].
The overload threshold and alarm recovery threshold of memory usage is set.
By default, the overload threshold value of memory usage is 95, and the alarm
recovery threshold of memory usage is 75.
Step 3 Run commit
The configuration is committed.
----End
Result
● Run the display memory-usage [ threshold ] [ slot slot-id ] command to
check memory usage and the overload threshold value of memory usage.
● Run the display memory-monitor information [ all | slot slot-id ] command
to check the memory overloading status of boards.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 623
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.18.2.13 Configuring the Threshold of CPU Usage
Monitor CPU usage by configuring the threshold of CPU usage.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run monitor cpu-usage [ interval interval-value ] [ slot slot-id | slave ]
The CPU usage is dynamically monitored.
Step 3 Run set cpu-usage threshold threshold [ restore restore-threshold-value ]
[ interval interval-time ] [ slot slot-id ].
The overload threshold and alarm recovery threshold of CPU usage is set.
Step 4 Run set configuration operation cpu-limit { percent-value access-type snmp |
ncf-percent-value access-type netconf }
The rate decreasing threshold is set. When the CPU usage reaches the configured
threshold, the NMS-based data collection operation releases some CPU resources
to other services.
NOTE
This configuration process is supported only on the admin VS.
Step 5 Run commit
The configuration is committed.
----End
Result
● Run the display cpu-usage configuration [ slot slot-id ] command to check
the CPU utilization statistics and CPU usage configuration.
● Run thedisplay cpu-monitor information { slot slot-id | all } command to
check the CPU overloading status of boards.
● Run the reset cpu-usage record [ slot slot-id | all ] command to clear CPU
usage statistics.
1.1.18.2.14 Configuring the Multi-level Alarm Boolean Output
This section describes how to configure multi-level alarm Boolean output using
the maintenance assistant.
Context
When a router is connected to an external alarm device through the ALMO port
on a subcard, you can configure multi-level alarm Boolean output. In this way,
when the router generates an alarm, it outputs the alarm to the alarm device
through the ALMO port on a subcard.
In VS mode, this configuration task is supported only by the admin VS.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 624
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ops
The OPS view is displayed.
Step 3 Run enable
The maintenance assistant function is enabled.
Step 4 Run assistant task-name
A maintenance assistant is created.
Step 5 Set conditions to trigger the maintenance assistant.
● To specify an alarm severity, run the condition alarm level { eq | ge | gt | le |
lt | ne } { critical | major | minor | warning } command.
● To specify a time, run condition timer cron minutes hours days-of-month
months days-of-week [ years ]
Step 6 Run execute priority command command-string
The command to be executed by the maintenance assistant is specified.
For multi-level alarm Boolean output, set command-string to output-alarm slot
slot-id index index-num level compare-operator level-name to enable the
corresponding ALMO port on a subcard to output alarms of a specified severity.
Step 7 Run commit
The configuration is committed.
----End
1.1.18.2.15 Configuring a Port Bandwidth Allocation Mode
This section describes how to configure a bandwidth allocation mode of a port to
meet bandwidth requirements.
Context
CR8D00P8CFC1 subcards support the following port bandwidth allocation modes:
● pos-8x622M-mode: 8 valid ports, each with a bandwidth of 622 Mbit/s.
● pos-8x155M-mode: 8 valid ports, each with a bandwidth of 155 Mbit/s.
NOTE
Only the NetEngine 8000 M8, NetEngine 8000 M14, NetEngine 8000E M8, and NetEngine
8000E M14 support this feature.
Procedure
Step 1 Run system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 625
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The system view is displayed
Step 2 Run slot slot-id
The slot view is displayed.
Step 3 Run set service-mode card-bandwidth-mode bandmode-type card card-number
A port bandwidth allocation mode is configured.
Step 4 Run commit
The configuration is committed.
----End
Verifying the Configuration
Run the display service-mode card-bandwidth-mode slot slot-id card card-
number command to check the port bandwidth allocation mode.
1.1.18.2.16 Disable the Function to Use the OFL Button to Power On and Off a
Board
This section describes how to disable the function to use the OFL button to power
on and off a board. After the function is disabled, the OFL button becomes invalid.
Context
In a high-temperature and high-humidity environment, the small circuit card of
the OFL button may be short-circuited and causes the board to reset repeatedly.
After the function to use the OFL button to power on and off the board is
disabled, some faults can be quickly recovered. You can choose to enable or
disable the function.
In VS mode, this configuration process is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run set offline-check disable
The function to use the OFL button to power on and off a board is disabled.
To enable the function, run the undo set offline-check disable.
Step 3 Run commit
The configuration is committed.
----End
Verifying the Configuration
Run the display offline-check status command to check the status of the
function to use the OFL button to power on and off a board.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 626
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.18.2.17 (Optional) Disabling the Multi-Process Mode of the FEI Component
Context
The multi-process mode of the FEI component is enabled by default, which helps
improve the concurrent service processing capability of the device.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the undo set fei multi-thread enable command to disable the multi-process
mode of the FEI component.
To re-enable the multi-process mode of the FEI component, run the set fei multi-
thread enable command.
Step 3 Run the commit command to commit the configuration.
----End
1.1.18.2.18 Configuring Device Anti-Theft
This section describes how to configure the device anti-theft function.
Context
Device anti-theft allows users to create a pair of public and private keys using an
NMS for locking or unlocking devices. The public key is loaded to the device for
enabling the anti-theft function, and the private key is used to generate an
authorization file for unlocking the device. This pair of keys function as a lock
attached to the device. The device can only be used with the correct keys. The
anti-theft function effectively prevents devices from being stolen.
NOTE
This feature is supported only by the NetEngine 8000 M8, NetEngine 8000 M14, NetEngine
8000E M8, NetEngine 8000E M14.
Pre-configuration Tasks
Before configuring device anti-theft, complete the following tasks:
● Load the required anti-theft license, anti-theft enabling file, and authorization
file.
The display license resource information anti-theft command displays
license information required for device anti-theft.
● Generate a public key and a private key using an NMS, and send the public
key to the device.
Procedure
Step 1 Run anti-theft install enable file filename
Device anti-theft is enabled.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 627
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run anti-theft install authorization file filename
A temporary anti-theft authorization file is installed.
Step 3 Run commit
The configuration is committed.
----End
Verifying the Configuration
Run the display anti-theft status command to check the anti-theft status.
1.1.18.2.19 Configuration Examples for Device Management
This section provides router maintenance examples.
Example for Powering Off the Main Control Board
When the main control board fails or needs maintenance or a hardware upgrade,
you need to power off the board. Then you can remove the board.
Networking Requirements
After checking the alarm information, you find that the hardware on the master
main control board fails. Then, power off the master main control board and
check it.
Precautions
The NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M cannot work with
a single main control board for a long time. If the main control board fails, the
entire system is broken down. After the slave main control board is powered off,
you must finish required operations and restore the main control board
immediately.
Configuration Roadmap
The configuration roadmap is as follows:
1. Switch the master main control board to the slave main control board.
2. Power off the slave main control board.
Data Preparation
To complete the configuration, you need the slot ID of the master main control
board.
Procedure
Step 1 Perform a master/slave switchover on the router.
<HUAWEI> system-view
[~HUAWEI] slave switchover
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 628
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Before performing the master and slave switchover, check that user interfaces,
such as console and VTY interfaces, are connected to the two main control boards
of the router. Otherwise, users who use the interfaces connected with the former
master main control board automatically quit the login after the master and slave
switchover.
[*HUAWEI] commit
[~HUAWEI] quit
Step 2 Power off the faulty main control board.
<HUAWEI> power off slot slot-id-mpu
slot-id-mpu specifies the slot ID of the faulty main control board.
Step 3 Verify the configuration.
Check the registration status of the main control board on the router. The
command output shows that the main control board in slot is in the unregistered
and abnormal state. It means that the main control board is powered off.
<HUAWEI> display device
Device status:
-------------------------------------------------------------------------------
Slot # Type Online Register Status Role LsId Primary
-------------------------------------------------------------------------------
2 PIC Present Registered Normal OTHER 0 NA
3 PIC Present Registered Normal OTHER 0 NA
4 PIC Present Registered Normal OTHER 0 NA
5 PIC Present Registered Normal OTHER 0 NA
6 PIC Present Registered Normal OTHER 0 NA
11 IPU Present Registered Normal MMB 0 Master
12 IPU Present Registered Normal MMB 0 Slave
13 PWR Present Registered Normal OTHER 0 NA
15 FAN Present Registered Normal OTHER 0 NA
16 CLK Present Registered Normal OTHER 0 Master
17 CLK Present Registered Normal OTHER 0 Slave
-------------------------------------------------------------------------------
----End
Configuration Files
None
1.1.19 Information Management Configuration
1.1.19.1 Overview of Information Management
Definition
The information management (IM) module operates as the information hub of a
device. IM receives logs, traps, debugging messages, and other device-generated
information to implement unified management and flexible output.
Purpose
Immediate and accurate information about device operation facilitates
troubleshooting if an exception or fault occurs on a device. During device
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 629
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
operation, IM records relevant information generated by each module, including
logs, traps, and debugging messages. By configuring IM to classify or filter such
information based on information type and severity, you can obtain required
information through the console, user terminal, and log host, or other medium as
required. This enables you to easily monitor the device status and locate faults.
1.1.19.2 Understanding IM
1.1.19.2.1 IM Fundamentals
IM classifies information based on severity levels and sends it to corresponding
destinations through various information channels. As shown in Figure 1-147, IM's
working principles are as follows:
1. IM receives information generated by each module during device operation,
including logs, traps, and debugging messages, and stores this information in
the corresponding log, trap, and debugging queues.
2. IM outputs different types and severities of information to various
information channels, such as the console, monitor, log host, and trap buffer,
based on user settings.
3. IM outputs information to the console, log host, or other destination based on
the association between information channels and destinations.
Figure 1-147 IM working principles
1.1.19.2.2 Information Classification
The device generates three types of information: logs, traps, and debugging
messages. Table 1-80 describes these types of information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 630
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-80 Information classification
Information Description
Type
Log As defined in ITU-T, logs record the events and unexpected
activities of managed objects, providing information that
enables you to perform troubleshooting, obtain device running
status, manage system security, and maintain the system.
Some logs are intended for use by only technical support
personnel during troubleshooting. Consequently, users are not
notified when such logs are generated. For this reason, system
logs are classified as user logs, diagnostic logs, or O&M logs.
● User logs: During device operation, the log module in the
host software records all information related to the running
of the device in logs. Such logs are saved in the log buffer,
sent to the log host, reported to an NMS, and displayed on
the screen. Users can view the compressed log files and
content.
User logs related to security are called security logs, which
are mainly comprised of account management, protocol,
attack defense, and status logs.
– Account management security logs: record account
operations, including user accounts, IP addresses, login
and logout time, and operating time, content, and
results.
– Protocol security logs: record information related to
protocol security, including information about insecure
interaction modes or algorithms used by protocols.
– Attack defense security logs: record attack events, which
include the time an event occurred, attack locations and
sources, various IP attack types, and attack impacts.
– Status security logs: record software and hardware
abnormalities, real-time key performances indicators,
real-time indicators of key bandwidths, entries and
storage resources, and detected abnormal processes.
● Diagnostic logs: These logs record information after the
device starts but before the logserver component starts.
Such logs are recorded in the process-side black box, and
are not saved in the log buffer, sent to the log host,
reported to an NMS, or displayed on the screen. Users can
view the compressed log files and content.
● O&M logs: During device operation, the log module in the
host software records information about service running in
logs. Such logs are not saved in the log buffer, sent to the
log host, reported to an NMS, or displayed on the screen.
Users can view the compressed log files and content.
NOTE
The information recorded in diagnostic and O&M logs is used only for
troubleshooting and does not contain any sensitive information. To
obtain such logs, contact Huawei technical support.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 631
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Information Description
Type
Trap Traps are unsolicited messages that a managed device
proactively sends to an NMS server. When a critical or major
event occurs, the device generates a trap and sends it to the
specified server. A device typically generates a log at the same
time as the trap, which includes the same content and an
additional OID.
NOTE
Traps are classified as event traps or alarm traps, and IM traps are
classified as the former.
● Event trap: notifies users of changes on the managed device (for
example, a device restart). Such changes do not necessarily cause
exceptions or faults. These traps contain only trap OIDs (not alarm
OIDs) and cannot be acknowledged or cleared. IM traps are a type
of event trap.
● Alarm trap: indicates that an exception or fault has occurred on the
device and must be handled to prevent service exceptions. These
traps contain both trap OIDs and alarm OIDs. Unlike event traps,
alarm traps can be acknowledged and cleared.
Debugging Debugging messages record the internal running status of a
message device, such as information about service transmissions. These
messages help you obtain the running status of the device.
A device generates debugging messages only after debugging
is enabled for a specific service on the device.
1.1.19.2.3 Information Severity
If a device generates large amounts of information, it can be difficult to identify
the information you require. Setting information severities allows you to rapidly
identify such information.
Information is classified into eight severities, with a smaller value indicating a
higher severity. Table 1-81 describes information severity.
Table 1-81 Description of information severity
Value Severity Description
0 Emergency A fault prevents the device from running normally,
requiring a restart. For example, the device restarts
because of a program exception or a fault relating to
memory usage.
1 Alert A fault needs to be rectified immediately. For example,
memory usage of the system reaches the upper limit.
2 Critical A fault needs to be analyzed and processed. For
example, the device temperature falls below the lower
threshold or BFD detects that a device is unreachable.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 632
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Value Severity Description
3 Error An irregular operation is performed or exceptions occur
during service processing. The fault does not affect
services but needs to be analyzed. For example, users
enter incorrect commands or passwords, or error
protocol packets are detected.
4 Warning Some events or operations may affect operation of the
device or lead to service processing faults, and
therefore require attention. For example, a routing
process is disabled, BFD detects packet loss, or error
protocol packets are detected.
5 Notice A key operation is performed to ensure that the device
continues to run properly. For example, the shutdown
command is used on an interface, a neighbor is
discovered, or the protocol status is changed.
6 Information A normal operation is performed. For example, a
al display command is run.
7 Debugging The running status of a device is recorded when the
device is running properly.
After you set the severity value, the device outputs only the information with a
severity value less than or equal to the set value. For example, if you set the
severity value to 6, the device outputs only information with severity values 0 to 6.
1.1.19.2.4 Information Format
The information format is as follows:
<Int_16>TIMESTAMP HOSTNAME %%ddModule/Severity/Brief(l):CID=XXX;
Description
Table 1-82 describes each field of the information format.
Table 1-82 Information format description
Field Description Remarks
<Int_16> Leading character This character is added to information to
be sent to the log host. It is not added to
information saved locally.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 633
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description Remarks
TIMESTAMP Timestamp Date and time when information was
output.
Five timestamp formats are available:
● boot: expressed in relative time (in this
case, the time elapsed since system
startup). The format is xxxxxx.yyyyyy,
where xxxxxx is the leftmost 32 bits of
the milliseconds elapsed since system
startup, and yyyyyy is the rightmost 32
bits of the milliseconds elapsed since
system startup.
● date: expressed as the current system
date and time. The format is mm dd
yyyy hh:mm:ss.
● short-date: similar to the date format
but does not display the year.
● format-date: expressed in the format of
YYYY-MM-DD hh:mm:ss.
● None: No timestamp in output
information.
The timestamp and hostname are
separated by a space.
HOSTNAME Hostname The default value is HUAWEI.
%% Huawei identifier The information is output by a Huawei
device.
dd Version number Version number of the information.
Module Module name Name of a module that generates the
information.
Severity Information Information severity.
severity
Brief Brief description Brief description of the information.
(l) Information type The following information types are
available:
● l: log
● t: trap
● d: debugging message
● s: security log
● D: debugging log
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 634
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Field Description Remarks
CID=XXX Internal Internal component to which the
component ID information belongs.
XXX indicates the ID of an internal
component.
Description Detailed Detailed information about the message.
description
1.1.19.2.5 Information Filtering
IM enables you to flexibly control the output of information through the
information filtering function. During normal operation of the device, each module
reports information during service processing. To filter out unwanted information
about a service module or at a specific severity level, you can configure the
information filtering function.
IM filters information in channels using an information filtering table, which
classifies information based on the information type, severity, and source. This
allows the information to be output to various destinations (such as the console,
log host, and buffer). You can configure multiple information filtering tables and
map each one to one or more destinations as required.
An information filtering table contains the following:
● Number of the module that generates information
● Log output status
● Log severity
● Trap output status
● Trap severity
● Debugging message output status
● Debugging message severity
NOTE
A device can filter logs and traps, but cannot filter security logs.
1.1.19.2.6 Information Suppression
Some service modules, such as ARP and VRRP, generate a large number of
duplicate logs in quick succession in scenarios such as ARP attacks and route or
link faults. This consumes device storage space and CPU resources. To reduce the
number of such logs, you can configure information suppression.
By default, a device outputs a log immediately after receiving it. Before sending
logs generated by service modules to the IM module, the system checks whether
they are duplicates. If two consecutive logs contain different IDs or parameters,
the system considers them unique and immediately sends both to the IM module.
Conversely, the system considers them duplicate if they contain the same ID and
parameters. In this case, only the number of duplicate logs is recorded until other
logs are received.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 635
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
For example, a module may generate logs in the following order: A(T1) A(T2)
A(T2) B(T3) B(T4) B(T4) C1(T5) C2(T6) A(T7) B(T8) B(T8) B(T8) B(T9) A(T9)
B(T10) C3(T11) A(T11) A(T12) A(T12) A(T13) A(T14) A(T15) A(T16) A(T17)
A(T18) B(T18). Cn represents logs that do not repeat (C1 and C2 are two different
logs), and Tn represents the sequence number. The log information output by the
IM module is as follows:
T1:A
T3(1): last message repeated 2 times
T3:B
T5: last message repeated 2 times
T5:C1
T6:C2
T8:B
T9(1): last message repeated 3 times
T9:A
T10:B
T11:C3
T11:A
T13(2): last message repeated 3 times
T18(2): last message repeated 5 times
T18:B
According to the preceding log information, consecutive duplicate logs are
triggered in either of the following scenarios:
● If the next log is not a duplicate, the module will output statistics about
consecutive duplicate logs until the last duplicate log is generated. For
example, (1).
● If consecutive duplicate logs are generated again after a specific period of
time, the module will update the statistics. For example, (2).
The device resets the counter each time it outputs the statistics. In this case, log A
is repeated nine times (1 + 3 + 5) in the period from T11 to T18.
The logs output by the device are sorted in the same order of log generation,
facilitating subsequent review.
NOTE
Information suppression refers to the suppression about duplicate logs.
1.1.19.2.7 Information Output
Information generated by a device can be output to the console, remote terminal,
log buffer, log file, and SNMP agent. This section describes information channels,
output directions, output files, and typical application scenarios of information
output.
Relationships Between Default Channels and Output Directions
In order to facilitate information output in various directions, 10 information
channels are defined for IM, each of which operates independently. Information
channels are available only after information sources are specified. By default, the
system defines information sources for the first six channels (console, monitor, log
host, trap buffer, log buffer, and SNMP agent) and for channel 9 (log file), as
shown in Figure 1-148.
You can configure output rules so that information is output through different
channels and in different directions based on the information type and severity.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 636
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
For example, you can set the name of channel 6 to user1 and configure the device
to send information to the log host through this channel (instead of the default
channel 2).
By default, logs, traps, and debugging messages are output through default
channels. Table 1-83 describes the default information output channels.
Figure 1-148 Information output channels
Table 1-83 Default information output channels
Chan Default Output Description
nel ID Channel Destinat
Name ion
0 console Console Outputs logs, traps, and debugging messages
to the local console.
1 monitor Remote Outputs logs, traps, and debugging messages
terminal to a virtual type terminal (VTY) for remote
maintenance.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 637
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Chan Default Output Description
nel ID Channel Destinat
Name ion
2 loghost Log host Outputs logs and traps, but not debugging
messages, to a log host. The information is
saved to the log host as files for easy
reference.
You can specify the log host to which log
information is output by configuring the
server IP address, UDP port number,
information recording facility, and information
severity. This information helps you monitor
device operation and diagnose network faults.
In addition, you can configure different source
interfaces for devices that output log
information. This configuration allows the log
host to identify the device from which the
information is output.
3 trapbuffer Trap Outputs traps, but not logs or debugging
buffer messages, to the trap buffer.
4 logbuffer Log Outputs logs, but not traps or debugging
buffer messages, to the log buffer.
5 snmpagent SNMP Outputs traps, but not logs or debugging
agent messages, to an SNMP agent.
6 channel6 Not Reserved. You can specify a destination to
specified which the information is output.
7 channel7 Not Reserved. You can specify a destination to
specified which the information is output.
8 channel8 Not Reserved. You can specify a destination to
specified which the information is output.
9 channel9 Log file Outputs logs and traps, but not debugging
messages, to a storage device, which are
saved as a log file.
You can map channels with output destinations so that a type of information can
be output to the specified destination through the mapping channel. You can
change the names of the channels as well as the mappings between channels and
output destinations as required.
Information Output File
Information can be saved as log files on a device. Table 1-84 describes the log
files.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 638
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-84 Log files
Log File Description
log.log Stores the current system logs.
diag.log Stores diagnostic logs, which record exceptions that
occur during system startup and running.
pads.pads Stores O&M logs in .pads format, which are generated
during service running after the device is started.
log_SlotID_time.log.z If the size of a current log file reaches the upper limit,
ip the system automatically archives the file and names it
in the format log_SlotID_time.log.zip.
In the file name, SlotID indicates a slot ID and time
indicates when the file was archived and saved.
diag_SlotID_time.log If the size of the current diagnostic log file reaches the
.zip upper limit, the system automatically archives the file
and names it in the format diag_SlotID_time.log.zip.
In the file name, SlotID indicates a slot ID and time
indicates when the file was archived and saved.
pads_SlotID_time.pa If the size of the current O&M log file reaches the upper
ds.zip limit, the system automatically archives the file and
names it in the format pads_SlotID_time.pads.zip.
In the file name, SlotID indicates a slot ID and time
indicates when the file was archived and saved.
Application Scenarios of Information Output
This section describes the typical application scenarios of IM.
● Outputting logs to a log file
As shown in Figure 1-149, the IM module outputs logs to a log file, and
maintenance personnel uploads the log file to the FTP server. By querying
logs, maintenance personnel can learn about the running status of the device
and locate faults.
Figure 1-149 Outputting logs to a log file
● Outputting logs to a log host
As shown in Figure 1-150, the IM module sends logs to different log hosts.
The network administrator can query logs to learn about the device running
status and to rapidly locate faults.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 639
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-150 Outputting logs to a log host
● Outputting traps to the NMS
As shown in Figure 1-151, the IM module sends traps to an NMS and the
NMS, which monitors the operating status of the device based on the traps.
Figure 1-151 Outputting traps to the NMS
● Outputting debugging messages to the console
As shown in Figure 1-152, the IM module sends debugging messages to the
console, and the maintenance personnel debugs the device based on the
debugging messages.
Figure 1-152 Outputting debugging messages to the console
1.1.19.3 Configuration Precautions for Information management
Feature Requirements
None
1.1.19.4 Default Settings for IM
Table 1-85 describes the default settings of common IM parameters.
Table 1-85 Default settings for IM
Parameter Default Setting
Information management Enabled
Maximum number of logs in the log 512 records
buffer
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 640
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Parameter Default Setting
Maximum number of traps in the trap 256 records
buffer
Log file size 8 MB
Maximum number of log files that 200
can be saved
Log host IP address None
Timestamp format date
1.1.19.5 Configuring Log Output
1.1.19.5.1 Enabling IM
Context
The device outputs logs, traps, and debugging messages to the log host and
console only after IM is enabled. By default, the IM function is enabled.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the IM function.
info-center enable
Step 3 (Optional) Configure the name of the information channel with a specified
number.
info-center channel channel-number name channel-name
Step 4 (Optional) Set the output priority for IM packets.
info-center syslog packet-priority priority-level
By default, the output priority of IM packets is 0.
Step 5 (Optional) Configure log filtering.
info-center filter-id { filter-id | bymodule-alias modname alias }
By default, no log is filtered.
Step 6 (Optional) Set the timestamp format of logs.
info-center timestamp log { boot | { date | short-date | format-date | rfc-3339 } [ precision-time
{ tenth-second | millisecond | second } ] } [ without-timezone ]
By default, the date format is used as the timestamp format for output logs.
Step 7 (Optional) Set the log level.
info-center log-severity bymodule-alias module-name logname severity log-level
By default, the log buffer records log messages of levels 0 through 4.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 641
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 8 (Optional) Enable suppression of statistics about consecutive identical logs.
info-center statistic-suppress enable
The suppression of statistics about consecutive identical logs, whereby only one of
the repeated logs will be recorded, is enabled by default.
NOTE
Consecutive identical logs have the same log ID and parameters, and no other logs exist
between them.
Step 9 (Optional) Configure the log retention period.
info-center log-storage-time day-value
By default, the log retention period function is disabled. Set the log retention
period as required. Expired logs will be aged and deleted. Diagnosis logs and PADS
logs are not involved in retention period management.
Step 10 Commit the configuration.
commit
----End
1.1.19.5.2 Configuring the Device to Output Logs to the Log Buffer
Context
To view logs in the log buffer, configure the device to output logs to the log
buffer.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to output information to the log buffer.
info-center logbuffer
Step 3 Specify the channel used by the device to output logs to the log buffer.
info-center logbuffer channel { channel-number | channel-name } [ size logbuffersize ]
Step 4 Configure the rule for outputting logs to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } log { state
{ off | on } | level severity } *
Step 5 (Optional) Set the maximum number of logs in the log buffer.
info-center logbuffer size buffersize
By default, the log buffer can store a maximum of 512 logs.
Step 6 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 642
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.5.3 Configuring the Device to Output Logs to a Log File
Context
After a device is configured to output logs to a log file, the logs are saved as a file
on the device. If a fault occurs on a device, you can export and analyze the log file
to locate the fault.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel through which logs are output to a log file.
info-center logfile channel { channel-number | channel-name }
Step 3 Configure the rule for outputting logs to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } log { state
{ off | on } | level severity } *
Step 4 (Optional) Set the log file size.
info-center logfile [ security ] size size
If the size of a log file exceeds the configuration, the system automatically
compresses the log file into a .zip file.
Step 5 (Optional) Set the maximum number of log files that can be saved.
info-center max-logfile-number [ security ] filenumbers
If the number of log files generated on the device exceeds this limit, the system
deletes the earliest log files.
Step 6 Commit the configuration.
commit
Step 7 Return to the user view.
quit
Step 8 (Optional) Configure the device to save information in the log buffer to a log file.
save logfile
Logs are cached in the system memory before being written into log files. When
the buffer is full or if the log saving timer expires, the device immediately writes
the cached logs into log files. If the log buffer is not full or the timer does not
expire, run this command to manually write logs in the memory into information
files.
----End
Follow-up Procedure
After a log file is generated, you can run the display logfile command to view its
content. The format of the log file is log.log.
To delete log files, run the delete filename command in the user view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 643
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.5.4 Configuring the Device to Output Logs to a Log Host
Context
After configuring the device to output logs to a log host, you can view logs saved
on the log host to monitor device operation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the device to output logs to the log host.
● Configure the device to output logs to an IPv4 log host.
info-center loghost ipv4-address [ { local-time | utc } | channel { channel-number | channel-name }
| { public-net | vpn-instance vpn-instance-name } | source-ip source-ip-address | facility local-num |
level level-num | port server-port | transport { udp | tcp [ ssl-policy policy-name [ [ security ] |
[ verify-dns-name dns-name ] ] * ] } ] *
● Configure the device to output logs to an IPv6 log host.
info-center loghost ipv6 ipv6-address [ { local-time | utc } | channel { channel-number | channel-
name } | { public-net | vpn-instance vpn-instance-name } | source-ip source-ipv6-address | facility
local-num | level level-num | port server-port | transport { udp | tcp [ ssl-policy policy-name
[ [ security ] | [ verify-dns-name dns-name ] ] * ] } ] *
● Configure the device to output logs to a log host with a specified domain
name.
info-center loghost domain domain-name [ { local-time | utc } | channel { channel-number |
channel-name } | { public-net | vpn-instance vpn-instance-name } | facility local-num | level level-
num | port server-port | transport { udp | tcp [ ssl-policy policy-name [ [ security ] | [ verify-dns-
name dns-name ] ] * ] } ] *
Step 3 Configure the rule for outputting logs to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } log { state
{ off | on } | level severity } *
Step 4 (Optional) Configure the source interface used by the device to send logs to a log
host.
info-center loghost source { interface-name | interface-type interface-number }
By default, the source interface for a device to send logs to a log host is the actual
interface that sends the logs.
After the source interface is specified, the log host determines the device that
sends messages. In this way, the log host can easily retrieve received messages.
Step 5 (Optional) Configure the source port through which the device sends logs to the
log host.
info-center loghost source-port source-port
By default, the source port number is 38514.
Step 6 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 644
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.5.5 Configuring the Device to Output Logs to the Console
Context
After logs are output to the console, you can view logs on the console (the host
from which you can log in to the device through the console interface) to monitor
device operation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel through which logs are output to the console.
info-center console channel { channel-number | channel-name }
Step 3 Configure the rule for outputting logs to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } log { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the log display function of the terminal.
terminal logging
----End
1.1.19.5.6 Configuring the Device to Output Logs to a Terminal
Context
After logs are output to a user terminal, you can view logs on the user terminal
(the host from which you log in to the device through VTY or Telnet) to monitor
device operation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel through which logs are output to a user terminal.
info-center monitor channel { channel-number | channel-name }
Step 3 Configure the rule for outputting logs to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } log { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 645
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the log display function of the terminal.
terminal logging
----End
1.1.19.5.7 Verifying the Configuration
Procedure
● Run the display info-center [ statistics ] command to check IM statistics.
● Run the display channel [ channel-number | channel-name ] command to
check the information channel.
● Run the display logbuffer command to check information in the log buffer.
● Run the display logfile path [ offset ] * command to check information
recorded in the log file.
● Run the display logfile [ log | diagnose ] list starttime starttime-value
endtime endtime-value command to check the list of log files generated in a
specified period.
● Run the display channel command to check the channel configuration for
information management.
----End
1.1.19.5.8 Example for Configuring the Device to Output Logs to a Log File
Networking Requirements
Information can be saved as files on the device. If a fault occurs on the device, log
files can be exported and used for fault locating. As shown in Figure 1-153, log
information can be saved in the log file of DeviceA. If there are a large number of
log files, you can configure the device to send them to an external server (for
example, an SFTP server) to reduce the storage resource consumption and
implement unified maintenance. DeviceA is connected to the SFTP server through
a network, and there are reachable routes between DeviceA and the SFTP server.
Maintenance personnel can view logs generated on DeviceA on the SFTP server to
query the running status of DeviceA.
NOTE
In this example, interface 1 represents GigabitEthernet0/1/1.
Figure 1-153 Networking diagram of outputting logs to a log file
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 646
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IM function.
2. Configure a channel and a rule for outputting logs to a log file.
3. Configure the device to send log files to the SFTP server.
Procedure
Step 1 Configure a routing protocol to ensure that there are reachable routes between
the device and SFTP server. For details, see configuration files.
Step 2 Configure the SFTP server function and parameters, create an SSH user, and set
the authentication mode to password authentication.
Step 3 Enable the IM function.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] info-center enable
Step 4 Configure a channel and a rule for outputting logs to a log file.
# Specify a channel through which logs are output to a log file.
[~DeviceA] info-center logfile channel channel8
[*DeviceA] commit
# Configure a rule for outputting logs to an information channel, allowing the
output of IM information and information with a severity level higher than
warning.
[~DeviceA] info-center source im channel channel8 log level warning
[*DeviceA] commit
[~DeviceA] quit
Step 5 Configure the device to transfer the log file to the SFTP server.
# Switch to the save path of the log file.
<DeviceA> cd cfcard:
# Log in to the SFTP server.
<DeviceA> system-view
[~DeviceA] ssh client first-time enable
[*DeviceA] commit
[~DeviceA] sftp 10.2.1.2
Trying 10.2.1.2 ...
Press CTRL+K to abort
Connected to 10.2.1.2 ...
The server's public key does not match the one cached before.
The server is not authenticated. Continue to access it? [Y/N]:y
The keyname:10.2.1.2 already exists. Update it? [Y/N]:n
Please input the username: admin123
Enter password:
sftp-client>
# Configure the device to transfer the log file to the SFTP server.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 647
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
sftp-client> put log_17_20110504041811.log
sftp-client> quit
----End
Verifying the Configuration
# View the logs output through the channel.
<DeviceA> display info-center
Information Center:enabled
Log host:
10.0.0.1, channel number 2, channel name loghost,
language English , host facility local7
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 10240, current buffer size 512,
current messages 10, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 3, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 8, channel name : channel8, language : English
Information timestamp setting:
log - date, trap - date, debug - date millisecond
# View the log files received on the SFTP server. The configuration details are not
described here.
Configuration Scripts
#
sysname DeviceA
info-center enable
#
info-center logfile channel channel8
info-center source im channel channel8 log level warning
#
interface GigabitEthernet0/1/1
ip address 10.2.1.1 255.255.0.0
#
ssh client first-time enable
#
return
1.1.19.5.9 Example for Configuring the Device to Output Logs to a Log Host
Networking Requirements
DeviceA generates a large amount of information, but the storage space available
on DeviceA is limited. To avoid any storage-related issues, you can configure
DeviceA to output information to a log host, which will then collect information
about DeviceA. As shown in Figure 1-154, DeviceA is connected to four log hosts
through a network. The network administrator requires different log hosts to
receive logs of different types and severities so that the information generated by
various modules can be monitored in real time.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 648
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● DeviceA sends notification logs generated by the HWTACACS and IM modules
to the log host Server1. Server3 functions as the backup server of Server1.
● DeviceA sends warning logs generated by the PP4 and AAA modules to the
log host Server2. Server4 functions as the backup server of Server2.
To implement this function, you need to perform the configuration on both
DeviceA and the log host.
NOTE
In this example, interface 1 represents GigabitEthernet0/1/1.
Figure 1-154 Networking diagram of outputting logs to a log host
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IM function.
2. Configure a channel and a rule for outputting logs to a log host.
3. Configure the source interface used to send logs to a log host.
4. Configure the device to output logs to a specified log host.
5. Configure the log host.
Procedure
Step 1 Configure an IP address and a routing protocol to ensure that there is a reachable
route between Device A and the log host. For details, see configuration files.
Step 2 Enable the IM function.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] info-center enable
Step 3 Configure a channel and rules for outputting logs to a log host.
# Configure the information channel.
[~DeviceA] info-center channel 6 name loghost1
[*DeviceA] commit
# Configure rules for outputting logs to log hosts.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 649
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The log host channel outputs HWTACACS and IM module logs of the notification
level or higher to the log host.
[~DeviceA] info-center source hwtacacs channel loghost log level notification
[*DeviceA] info-center source im channel loghost log level notification
[*DeviceA] commit
The PP4 and AAA modules output logs of the warning level or higher to the log
host through the loghost1 channel.
[~DeviceA] info-center source pp4 channel loghost1 log level warning
[*DeviceA] info-center source aaa channel loghost1 log level warning
[*DeviceA] commit
Step 4 Configure the source interface used to send logs to a log host.
[~DeviceA] info-center loghost source gigabitethernet 0/1/1
[*DeviceA] commit
Step 5 Configure the device to output logs to a specified log host.
# Specify Server1 as the log host and Server3 as the backup log host for receiving
logs from HWTACACS and IM modules, and Local2 as the log recording tool.
[~DeviceA] info-center loghost 10.1.1.1 channel loghost facility local2
[*DeviceA] info-center loghost 10.1.1.2 channel loghost facility local2
[*DeviceA] commit
# Specify Server2 as the log host and Server4 as the backup log host for receiving
logs from PP4 and AAA modules, and Local4 as the log recording tool.
[~DeviceA] info-center loghost 10.2.1.1 channel loghost1 facility local4
[*DeviceA] info-center loghost 10.2.1.2 channel loghost1 facility local4
[*DeviceA] commit
Step 6 Configure a log host.
The log host can run the Unix or Linux operating system or third-party log
software. For details about the configuration procedure, see the relevant
documentation.
----End
Verifying the Configuration
# Display recorded information relating to IM.
[~DeviceA] display info-center
Information Center:enabled
Log host:
10.1.1.1, channel number 2, channel name loghost,
language English , host facility local2
10.1.1.2, channel number 2, channel name loghost,
language English , host facility local2
10.2.1.1, channel number 6, channel name loghost1,
language English , host facility local4
10.2.1.2, channel number 6, channel name loghost1,
language English , host facility local4
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 10240, current buffer size 512,
current messages 10, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 650
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 3, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 9, channel name : logfile, language : English
Information timestamp setting:
log - date, trap - date, debug - date millisecond
# Display the information received on the syslog server.
Configuration Scripts
#
sysname DeviceA
#
info-center channel 6 name loghost1
info-center source hwtacacs channel 2 log level notification
info-center source im channel 2 log level notification
info-center source pp4 channel 6 log level warning
info-center source aaa channel 6 log level warning
info-center loghost source GigabitEthernet0/1/1
info-center loghost 10.1.1.1 facility local2
info-center loghost 10.1.1.2 facility local2
info-center loghost 10.2.1.1 channel 6 facility local4
info-center loghost 10.2.1.2 channel 6 facility local4
#
interface GigabitEthernet0/1/1
ip address 10.3.1.1 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 172.16.0.2
ip route-static 10.2.1.0 255.255.255.0 172.16.0.2
#
return
1.1.19.5.10 Example for Configuring the Device to Output SSL-Encrypted Logs to
Log Hosts
Networking Requirements
As shown in Figure 1-155, DeviceA is connected to four log hosts and has
reachable routes to the log hosts. Different log hosts are expected to reliably
receive logs of different types and severities so that the network administrator can
monitor information generated by different modules in real time.
Figure 1-155 Networking diagram of outputting SSL-encrypted logs to log hosts
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 651
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
In this example, interface 1 represents GigabitEthernet0/1/1.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a client SSL policy to authenticate log hosts and ensure log
transmission security.
Assume that each log host has obtained a certificate from the CA, and the
corresponding trusted CA files 1_cacert_pem_rsa.pem and
1_rootcert_pem_rsa.pem have been uploaded to the security sub-directory
of DeviceA.
2. Enable the IM function.
3. Configure channels and rules for outputting logs to the log hosts.
4. Configure the source interface used to send logs to the log hosts.
5. Configure the log hosts.
Procedure
Step 1 Configure an IP address and a routing protocol to ensure that there is a reachable
route between DeviceA and each log host. For details, see configuration files.
Step 2 Configure a client SSL policy.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] ssl policy syslog_client
[*DeviceA-ssl-policy-syslog_client] trusted-ca load pem-ca 1_cacert_pem_rsa.pem
[*DeviceA-ssl-policy-syslog_client] trusted-ca load pem-ca 1_rootcert_pem_rsa.pem
[*DeviceA-ssl-policy-syslog_client] commit
[~DeviceA-ssl-policy-syslog_client] quit
You can run the display ssl policy command on DeviceA to display detailed
information about the trusted CA file in the command output.
[~DeviceA] display ssl policy
SSL Policy Name: syslog_client
Policy Applicants:
Key-pair Type:
Certificate File Type:
Certificate Type:
Certificate Filename:
Key-file Filename:
CRL File:
Trusted-CA File:
Trusted-CA File 1: Format = PEM, Filename = 1_cacert_pem_rsa.pem
Trusted-CA File 2: Format = PEM, Filename = 1_rootcert_pem_rsa.pem
Step 3 Enable the IM function.
[~DeviceA] info-center enable
Step 4 Configure channels and rules for outputting logs to the log hosts.
Configure DeviceA to send notification logs generated by the ARP module to
Server1, and specify Server3 as the backup of Server1. Configure DeviceA to send
warning logs generated by the AAA module to Server2, and specify Server4 as the
backup of Server2.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 652
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
# Configure information channels.
[~DeviceA] info-center channel 6 name loghost1
[*DeviceA] info-center channel 7 name loghost2
[*DeviceA] commit
# Configure information channels for outputting logs to the log hosts.
[~DeviceA] info-center loghost 10.1.1.1 channel loghost1 transport tcp ssl-policy syslog_client
[*DeviceA] info-center loghost 10.1.1.1 channel loghost1 transport tcp ssl-policy syslog_client
[*DeviceA] info-center loghost 10.2.1.2 channel loghost2 transport tcp ssl-policy syslog_client
[*DeviceA] info-center loghost 10.2.1.2 channel loghost2 transport tcp ssl-policy syslog_client
[*DeviceA] commit
# Configure rules for outputting logs to the log hosts.
[~DeviceA] info-center source arp channel loghost1 log level notification
[*DeviceA] info-center source aaa channel loghost2 log level warning
[*DeviceA] commit
Step 5 Configure the source interface used to send logs to the log hosts.
[~DeviceA] info-center loghost source gigabitethernet 0/1/1
[*DeviceA] commit
Step 6 Configure the log hosts.
The log hosts can run the Unix or Linux operating system or third-party log
software. For details about the configuration procedure, see the relevant
documentation.
----End
Verifying the Configuration
# Check recorded information related to IM.
[~DeviceA] display info-center
Information Center:enabled
Log host:
10.1.1.1, channel number 6, channel name loghost1,
language English , host facility local7, transport tcp ssl-policy syslog_client
10.1.1.2, channel number 6, channel name loghost1,
language English , host facility local7, transport tcp ssl-policy syslog_client
10.2.1.1, channel number 6, channel name loghost1,
language English , host facility local7, transport tcp ssl-policy syslog_client
10.2.1.2, channel number 6, channel name loghost1,
language English , host facility local7, transport tcp ssl-policy syslog_client
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 10240, current buffer size 512,
current messages 316, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 53
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 256, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 9, channel name : channel9, language : English
Information timestamp setting:
log - date, trap - date, debug - date millisecond
# Check information received on the syslog server.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 653
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Scripts
#
sysname DeviceA
#
ssl policy syslog_client
trusted-ca load pem-ca 1_cacert_pem_rsa.pem
trusted-ca load pem-ca 1_rootcert_pem_rsa.pem
#
info-center channel 6 name loghost1
info-center source hwtacacs channel 2 log level notification
info-center source im channel 2 log level notification
info-center source pp4 channel 6 log level warning
info-center source aaa channel 6 log level warning
info-center loghost source GigabitEthernet0/1/1
info-center loghost 10.1.1.1 channel 6 transport tcp ssl-policy syslog_client
info-center loghost 10.1.1.2 channel 6 transport tcp ssl-policy syslog_client
info-center loghost 10.2.1.1 channel 7 transport tcp ssl-policy syslog_client
info-center loghost 10.2.1.2 channel 7 transport tcp ssl-policy syslog_client
#
interface GigabitEthernet0/1/1
ip address 10.3.1.1 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 172.16.0.2
ip route-static 10.2.1.0 255.255.255.0 172.16.0.2
#
return
1.1.19.6 Configuring Trap Output
1.1.19.6.1 Enabling IM
Context
The device outputs logs, traps, and debugging messages to the log host and
console only after IM is enabled. By default, the IM function is enabled.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the IM function.
info-center enable
Step 3 (Optional) Configure the name of the information channel with a specified
number.
info-center channel channel-number name channel-name
Step 4 (Optional) Set the output priority for IM packets.
info-center syslog packet-priority priority-level
By default, the output priority of IM packets is 0.
Step 5 (Optional) Configure trap filtering.
info-center filter-id { filter-id | bymodule-alias modname alias }
By default, no log is filtered.
Step 6 (Optional) Set the timestamp format of traps.
info-center timestamp trap { boot | { date | short-date | format-date | rfc-3339 } [ precision-time
{ tenth-second | millisecond | second } ] } [ without-timezone ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 654
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
By default, the date format is used as the timestamp format for output traps.
Step 7 (Optional) Configure the log retention period.
info-center log-storage-time day-value
By default, the log retention period function is disabled. Set the log retention
period as required. Expired logs will be aged and deleted.
Step 8 Commit the configuration.
commit
----End
1.1.19.6.2 Configuring the Device to Output Traps to the Trap Buffer
Context
To view traps in the trap buffer, configure the device to output traps to the trap
buffer.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the device to output traps to the trap buffer.
info-center trapbuffer
Step 3 Specify the channel used by the device to output traps to the trap buffer.
info-center trapbuffer channel { channel-number | channel-name } [ size size ]
Step 4 Set a rule for outputting traps to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 5 (Optional) Set the maximum number of traps in the trap buffer.
info-center trapbuffer size size channel { channel-number | channel-name }
By default, a trap buffer allows a maximum of 256 traps.
Step 6 Commit the configuration.
commit
----End
1.1.19.6.3 Configuring the Device to Output Traps to an SNMP Agent
Context
After traps are output to the SNMP agent, you can view device information on the
NMS and locate device faults in a timely manner. Before configuring the device to
output traps to an NMS server, configure the device to output traps to an SNMP
agent. In this way, the SNMP agent sends traps to the NMS server.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 655
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify the channel used by the device to output traps to an SNMP agent.
info-center snmp channel { channel-number | channel-name }
Step 3 Specify the channel used by the device to output traps to the trap buffer.
info-center trapbuffer channel { channel-number | channel-name } [ size size ]
Step 4 Set a rule for outputting traps to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 5 Enable the SNMP agent function.
snmp-agent
The SNMP agent can work properly and receive traps only when the SNMP agent
function is enabled.
NOTE
For details on how to configure the SNMP agent, see "SNMP Configuration" in
Configuration Guide > System Management Configuration.
Step 6 Commit the configuration.
commit
----End
1.1.19.6.4 Configuring the Device to Output Traps to a Log File
Context
After traps are output to a log file, the log file is saved on the device. If a fault
occurs on the device, you can export and analyze log files to locate the fault.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify the channel through which traps are output to a log file.
info-center logfile channel { channel-number | channel-name }
Step 3 Set a rule for outputting traps to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 4 (Optional) Set the log file size.
info-center logfile [ security ] size size
If the size of a log file exceeds the configuration, the system automatically
compresses the log file into a .zip file.
Step 5 (Optional) Set the maximum number of log files that can be saved.
info-center max-logfile-number [ security ] filenumbers
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 656
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
If the number of log files generated on the device exceeds this limit, the system
deletes the earliest log file.
Step 6 Commit the configuration.
commit
Step 7 Return to the user view.
quit
Step 8 (Optional) Configure the device to save information in the trap buffer to a log file.
save logfile
Traps are cached in the system memory before being written into log files. When
the buffer is full or if the timer expires, the device immediately writes the cached
traps into log files. If the buffer is not full or the timer does not expire, run this
command to manually write traps in the memory into information files.
----End
Follow-up Procedure
After a log file is generated, you can run the display logfile command to view its
content. The format of the log file is log.log.
To delete log files, run the delete filename command in the user view.
1.1.19.6.5 Configuring the Device to Output Traps to a Log Host
Context
After configuring the device to output traps to a log host, you can view traps
saved on the log host to monitor device operation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the device to output traps to a log host.
● Configure the device to output traps to an IPv4 log host.
info-center loghost ipv4-address [ { local-time | utc } | channel { channel-number | channel-name }
| { public-net | vpn-instance vpn-instance-name } | source-ip source-ip-address | facility local-num |
level level-num | port server-port | transport { udp | tcp [ ssl-policy policy-name [ [ security ] |
[ verify-dns-name dns-name ] ] * ] } ] *
● Configure the device to output traps to an IPv6 log host.
info-center loghost ipv6 ipv6-address [ { local-time | utc } | channel { channel-number | channel-
name } | { public-net | vpn-instance vpn-instance-name } | source-ip source-ipv6-address | facility
local-num | level level-num | port server-port | transport { udp | tcp [ ssl-policy policy-name
[ [ security ] | [ verify-dns-name dns-name ] ] * ] } ] *
● Configure the device to output traps to the log host with the specified domain
name.
info-center loghost domain domain-name [ { local-time | utc } | channel { channel-number |
channel-name } | { public-net | vpn-instance vpn-instance-name } | facility local-num | level level-
num | port server-port | transport { udp | tcp [ ssl-policy policy-name [ [ security ] | [ verify-dns-
name dns-name ] ] * ] } ] *
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 657
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 3 Configure the rule for outputting traps to the specified channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 4 (Optional) Configure the source interface used by the device to send logs to a log
host.
info-center loghost source { interface-name | interface-type interface-number }
By default, the source interface for a device to send logs to a log host is the actual
interface that sends the logs.
After the source interface is specified, the log host determines the device that
sends messages. In this way, the log host can easily retrieve received messages.
Step 5 (Optional) Configure the source port through which the device sends traps to the
log host.
info-center loghost source-port source-port
By default, the source port number is 38514.
Step 6 Commit the configuration.
commit
----End
1.1.19.6.6 Configuring the Device to Output Traps to the Console
Context
After traps are output to the console, you can view traps on the console (host
from which you can log in to the device through the console interface) to monitor
device running.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel through which traps are output to the console.
info-center console channel { channel-number | channel-name }
Step 3 Set a rule for outputting traps to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the trap display function of the terminal.
terminal trapping
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 658
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.6.7 Configuring the Device to Output Traps to a Terminal
Context
After traps are output to a user terminal, you can view traps on the user terminal
(host from which you log in to the device through VTY or Telnet) to monitor
device running.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify the channel through which traps are output to a user terminal.
info-center monitor channel { channel-number | channel-name }
Step 3 Set a rule for outputting traps to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } trap { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the trap display function of the terminal.
terminal trapping
----End
1.1.19.6.8 Verifying the Configuration
Procedure
● Run the display info-center [ statistics ] command to check IM statistics.
● Run the display channel [ channel-number | channel-name ] command to
check the information channel.
● Run the display trapbuffer [ size buffersize ] command to check trap buffer
information.
● Run the display logfile path [ offset ] * command to check information
recorded in the log file.
● Run the display logfile [ log | diagnose ] list starttime starttime-value
endtime endtime-value command to check the list of log files generated in a
specified period.
● Run the display channel command to check the channel configuration for
information management.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 659
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.6.9 Example for Configuring the Device to Output Traps to an SNMP Agent
Networking Requirements
As shown in Figure 1-156, DeviceA is connected to the NMS through a network,
and reachable routes exist between DeviceA and the NMS. To enable the NMS to
monitor the traps of DeviceA in real time and locate faults in a timely manner,
configure the device to output traps to the SNMP agent. In this way, the SNMP
agent sends the traps to the NMS.
NOTE
● In this example, interface 1 represents GigabitEthernet0/1/1.
Figure 1-156 Networking diagram of outputting traps to the SNMP agent
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IM function.
2. Configure a channel and rule for outputting traps to the SNMP agent.
3. Output traps to the NMS through the SNMP agent.
Procedure
Step 1 Configure reachable routes between the device and NMS. For details, see
configuration files.
Step 2 Enable the IM function.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] info-center enable
Step 3 Configure a channel and rule for outputting traps to the SNMP agent.
# Specify the channel used by the device to output traps to an SNMP agent.
[~DeviceA] info-center snmp channel channel7
[*DeviceA] commit
# Set a rule for outputting traps to a channel.
# Output traps whose severity is informational or higher to channel 7.
[~DeviceA] info-center source im channel channel7 trap level informational
[*DeviceA] commit
Step 4 Output traps to the NMS through the SNMP agent.
# Enable the SNMP agent function, with the SNMP version of SNMPv3.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 660
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceA] snmp-agent sys-info version v3
[*DeviceA] commit
# Configure the SNMP agent to send traps.
[~DeviceA] snmp-agent trap enable
[~DeviceA] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3
[*DeviceA] commit
----End
Verifying the Configuration
# Display the channel through which traps are exported to the SNMP agent.
[~DeviceA] display info-center
Information Center:enabled
Log host:
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 7, channel name : channel7
Log buffer:
enabled,max buffer size 10240, current buffer size 512,
current messages 10, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 3, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 9, channel name : logfile, language : English
Information timestamp setting:
log - date, trap - date, debug - date millisecond
# Display the information output to the SNMP agent through the channel.
[~DeviceA] display channel 7
channel number:7, channel name:channel7
ModuID Name Enable LogLevel Enable TrapLevel Enable DebugLevel
ffffffff default Y debugging Y debugging N debugging
00000957 IM Y debugging Y informational N debugging
# Display trap information output by the SNMP agent to the NMS.
[~DeviceA] display snmp-agent target-host
Target-host NO. 1
-----------------------------------------------------------
Host-name : targetHost_2
IP-address : 10.1.1.1
Source interface :-
VPN instance :-
Security name : %+%#-(}fC-|38%RgqpW$+c^UU"AH()$q#K26fL2X5XK7%+%#
Port : 162
Type : trap
Version : v2c
Level : No authentication and privacy
NMS type : HW NMS
With ext-vb : No
Notification filter profile name : -
-----------------------------------------------------------
Configuration Scripts
#
sysname DeviceA
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 661
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
info-center source im channel 7 trap level informational
info-center snmp channel 7
#
interface GigabitEthernet0/1/1
ip address 10.1.1.2 255.255.255.0
#
snmp-agent
#
snmp-agent sys-info version v2c v3
snmp-agent target-host host-name __targetHost_1_24247 trap address udp-domain 10.1.1.1 params
securityname cipher %+%#-(}fC-|38%RgqpW$+c^UU"AH()$q#K26fL2X5XK7%+%#
#
snmp-agent trap enable
#
return
1.1.19.7 Configuring Debugging Message Output
1.1.19.7.1 Enabling IM
Context
The device outputs logs, traps, and debugging messages to the log host and
console only after IM is enabled. By default, the IM function is enabled.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enable the IM function.
info-center enable
Step 3 (Optional) Configure the name of the information channel with a specified
number.
info-center channel channel-number name channel-name
Step 4 (Optional) Set the output priority for IM packets.
info-center syslog packet-priority priority-level
By default, the output priority of IM packets is 0.
Step 5 (Optional) Set the timestamp format of debugging messages.
info-center timestamp debugging { boot | { date | short-date | format-date | rfc-3339 } [ precision-time
{ tenth-second | millisecond | second } ] } [ without-timezone ]
By default, the date format is used as the timestamp format for output debugging
messages.
Step 6 Commit the configuration.
commit
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 662
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.7.2 Configuring the Device to Output Debugging Messages to the Console
Context
After debugging messages are output to the console, you can view debugging
messages on the console (host from which you can log in to the device through
the console interface) to monitor device running.
CAUTION
Debugging occupies a device's CPU resources and affects system running. You are
advised to immediately run the undo debugging all command to disable
debugging after this function is performed.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel through which debugging messages are output to the console.
info-center console channel { channel-number | channel-name }
Step 3 Set a rule for outputting debugging messages to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } debug { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the debugging message display function of the terminal.
terminal debugging
----End
1.1.19.7.3 Configuring the Device to Output Debugging Messages to the Terminal
Context
After debugging messages are output to a user terminal, you can view debugging
messages on the user terminal (host from which you log in to the device through
VTY or Telnet) to monitor device running.
CAUTION
Debugging occupies a device's CPU resources and affects system running. You are
advised to immediately run the undo debugging all command to disable
debugging after this function is performed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 663
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Specify a channel used by the device to output debugging messages to a user
terminal.
info-center monitor channel { channel-number | channel-name }
Step 3 Set a rule for outputting debugging messages to a channel.
info-center source { module-name | default } channel { channel-number | channel-name } debug { state
{ off | on } | level severity } *
Step 4 Commit the configuration.
commit
Step 5 Return to the user view.
quit
Step 6 Enable the display of logs, traps, and debugging messages on the user terminal.
terminal monitor
Step 7 Enable the debugging message display function of the terminal.
terminal debugging
----End
1.1.19.7.4 Verifying the Configuration
Procedure
● Run the display info-center [ statistics ] command to check IM statistics.
● Run the display channel [ channel-number | channel-name ] command to
check the information channel.
● Run the display channel command to check the channel configuration for
information management.
----End
1.1.19.7.5 Example for Configuring the Device to Output Debugging Messages to
the Console
Networking Requirements
As shown in Figure 1-157, the PC is connected to DeviceA through the console
port. Users want to view debugging information about the ARP module on
DeviceA on a PC to locate faults.
Figure 1-157 Networking diagram of outputting debugging messages to the
console
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 664
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IM function.
2. Configure a channel and rule for outputting debugging messages to the
console.
3. Enable the terminal display function and debugging message display function.
4. Enable the debugging of the ARP module.
Procedure
Step 1 Enable the IM function.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] info-center enable
Step 2 Configure a channel and rule for outputting debugging messages to the console.
# Specify channel 0 to output debugging messages to the console.
[~DeviceA] info-center console channel 0
[*DeviceA] commit
# Configure a rule for outputting debugging messages to the information channel,
allow the debugging messages of the ARP module to be output on the console,
and set the severity level to debugging.
[~DeviceA] info-center source arp channel console debug level debugging
[*DeviceA] commit
[~DeviceA] quit
Step 3 Enable the terminal display function and debugging message display function.
<DeviceA> terminal monitor
<DeviceA> terminal debugging
Step 4 Enable the debugging of the ARP module.
<DeviceA> debugging arp packet
----End
Verifying the Configuration
# Display the channel information.
<DeviceA> display channel 0
channel number:0, channel name:console
ModuID Name Enable LogLevel Enable TrapLevel Enable DebugLevel
ffffffff default Y warning Y debugging Y debugging
00000859 ARP Y warning Y debugging Y debugging
Configuration Scripts
#
sysname DeviceA
#
info-center source arp channel 0
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 665
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.19.8 Configuring Log File Output
Context
Due to the limited detection scope and security inspection capability, a device
cannot identify whether the OS has been compromised. When a security event
occurs, logs need to be analyzed manually, which is slow and inefficient. To
address this issue, you can configure the device to periodically output log files to a
file server. In this way, you can view log information on the file server to monitor
the device running status and quickly diagnose network faults.
NOTE
The log files in this configuration are OS log files.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the device to upload log files to a specified file server.
● Configure the device to upload log files to an IPv4 file server.
info-center file-server ipv4 ipv4-addr [ vpn-instance vpn-instance-name ] transport-type sftp
[ port port-number ] username user-name password pass_word [ path destination-path ] file-type
os
● Configure the device to upload log files to an IPv6 file server.
info-center file-server ipv6 ipv6-addr [ vpn-instance vpn-instance-name ] transport-type sftp
[ port port-number ] username user-name password pass_word [ path destination-path ] file-type
os
By default, no log file server is configured on the device. Only one file server is
supported.
Step 3 Commit the configuration.
commit
Step 4 Return to the user view.
quit
----End
1.1.19.9 Configuring Delayed Event Reporting
Context
To control the frequency at which an event is reported, you can set a period after
which a generated event is reported.
If an event is repeatedly reported, you can enable delayed event reporting to
prevent a large number of invalid events from being reported.
Procedure
Step 1 Enter the system view.
system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 666
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Enter the event view.
event
Step 3 Enable delayed event reporting.
delay-suppression enable
Step 4 Configure a delay after which a generated event is reported.
suppression event-name event-name period seconds
Step 5 Commit the configuration.
commit
----End
1.1.19.10 Maintaining IM
Maintaining IM includes clearing IM statistics and monitoring IM.
Clearing Statistics
To delete statistics and information in the buffer, perform the following operations
in the user view:
CAUTION
Statistics and buffer information cannot be restored after being cleared. Therefore,
exercise caution when performing this operation.
Table 1-86 Clearing statistics
Operation Command
Clear IM statistics. reset info-center statistics
Clear information in the log reset logbuffer
buffer.
Delete traps in the trap buffer. reset trapbuffer
Monitoring IM
During routine maintenance, you can run the following commands in any view to
display the desired device information.
Table 1-87 Monitoring IM
Operation Command
View information in IM records. display info-center [ statistics ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 667
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operation Command
View information in the log display logbuffer
buffer.
View traps in the trap buffer. display trapbuffer [ size buffersize ]
display trapbuffer brief
View information recorded in display logfile path [ offset ] *
the log file.
View the list of log files display logfile [ log | diagnose ] list
generated in a specified period. starttime starttime-value endtime endtime-
value
Checking Security Log Files
NOTE
Currently, the command applies only to xxx.log and xxx.log.zip files.
To check whether a specified security log file has been tampered with, run the
following command.
Table 1-88 Checking Security Log Files
Operation Command
Check whether the specified security check logfile filepath
log file is tampered with.
1.1.20 Fault Management Configuration
1.1.20.1 Overview of Fault Management
Definition
The fault management (FM) function manages alarms generated by devices in a
centralized manner and provides guaranteed alarm reporting. It monitors the
operating status of devices and networks in real time and records abnormalities,
analyzes the abnormalities, and determines whether to generate and report
alarms. This feature also enables a device to report alarms to notify users of
faults, so that users can take measures to isolate and rectify faults for service
recovery.
Purpose
With the expansion of network scale and increase of network complexity, when a
device module is faulty, a large number of alarms may be generated on one or
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 668
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
more devices. The devices and NMS, however, may not be able to process all
alarms, resulting in loss of alarms during alarm transmission. If the alarms that
users are concerned about are lost, network management will be difficult. To
resolve this issue, a more intelligent and effective FM mechanism is required to
implement the following improvements:
● Fewer alarms generated
To prevent alarm loss and ensure that valuable fault information can be
collected quickly, you can configure alarm severities, alarm suppression, and
delayed alarm reporting on devices before these devices report alarms.
● Guaranteed alarm reporting
The internal reliability mechanism of the devices ensures that alarms are
displayed promptly and reliably to support quick and accurate fault locating
and diagnosis.
1.1.20.2 Understanding FM
FM Fundamentals
FM dynamically manages and reports alarms generated on devices in a centralized
manner. If a device does not run properly, the device generates alarms to notify
the maintenance personnel of the device's operating status, facilitating fault
locating.
The common types of alarms are as follows:
● Active alarm
An alarm indicating occurrence of a fault. For example, the hwFanInvalid
alarm indicates that a fan is faulty.
● Clear alarm
An alarm indicating that a fault is rectified. For example, the
hwFanInvalidResume alarm indicates that a fault on a fan is rectified. Each
active alarm has a corresponding clear alarm.
● Root alarm
An alarm that generates other alarms. For example, if a route becomes
unreachable due to a fault on an interface, the interface fault alarm is a root
alarm.
● Correlative alarm
An alarm generated by a root alarm. For example, if an interface fault causes
the generation of a route unreachability alarm, the route unreachability alarm
is a correlative alarm.
● Intermittent alarm
An alarm that is cleared shortly after being generated (the interval between
the alarm generation and clearance times is less than an intermittent
threshold). Intermittent alarms last for a short period of time.
● Flapping alarm
An alarm that is generated and cleared frequently within a specified period of
time (the number of alarm generation and clearance occurrences exceeds a
flapping threshold). Alarms with the same object and ID are considered
identical.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 669
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
FM receives alarms generated by devices, saves the alarms based on the default
severities, and records the time when alarms are generated. After the FM function
is configured, you can:
● Adjust the alarm severities on the device and configure filtering rules on the
NMS to filter out unnecessary alarms.
● Enable the delayed alarm reporting function to prevent alarms from being
reported repeatedly. The device reports only alarms that persist after the set
alarm reporting delay expires.
● Enable the device to identify root-cause and correlative alarms based on
alarm correlation and filter out correlative alarms so that the device reports
only root alarms to the NMS, improving the efficiency in locating faults.
Alarm Severity
Alarm information is classified to enable users to roughly determine the alarm
severity and take measures for prompt fault recovery. In this way, alarms of high
severity are handled at a high priority, preventing service interruption.
According to X.733, alarms are classified into four severities, as shown in Table
1-89. A smaller value indicates a higher severity.
Table 1-89 Definition of alarm severities
Value Severity Description
1 Critical Services have been affected, and an immediate
rectification measure is required.
2 Major Services are being affected, and an urgent rectification
measure is required.
3 Minor A fault that does not yet affect services has occurred,
and a rectification measure is required to prevent the
fault from affecting services.
4 Warning A potential fault that will affect services is detected.
Actions should be taken to further diagnose the fault
(if necessary) and rectify the fault before the fault
grows in severity and affects services.
Alarm Suppression
The device supports the alarm suppression function. Alarm suppression can be
classified into two types: jitter suppression and correlation suppression.
● Jitter suppression
Jitter suppression, focusing on analysis of alarm persistence, enables a device
to report only alarms that persist after a set interval expires. This prevents a
large number of invalid alarms from being reported.
Alarm persistence analysis provides a basis for a device to filter out non-
persistent alarms and report only persistent alarms. Figure 1-158 illustrates
principles of alarm persistence analysis.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 670
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-158 Alarm persistence analysis
Alarm persistence analysis measures the duration after an alarm (a fault
alarm or clear alarm) is generated. If the period defined for an alarm has
elapsed but the alarm persists, a notification is sent. If an alarm is cleared
within the defined period, the alarm is filtered out and no notification is sent.
That is, if an alarm persists for a short time, it is filtered out and no
notification is reported. Only stable fault information is displayed in the case
of fault flapping.
● Correlation suppression
Correlation suppression reduces the number of reported alarms and network
load, and facilitates fault locating.
An event may cause generation of multiple alarms. These alarms are
correlated. Alarm correlation analysis facilitates fault locating by
differentiating root alarms from correlative alarms.
Alarm correlation analyzes the relationships between alarms based on the
predefined alarm correlations.
After a device generates an alarm, it analyzes the alarm's correlation with
other existing alarms. After the analysis is complete, the alarm carries a tag
identifying whether it is a root or correlative alarm. If the alarm needs to be
sent to a Simple Network Management Protocol (SNMP) agent and
forwarded to the network management system (NMS), the device determines
whether NMS-based correlative alarm suppression is configured.
– If NMS-based correlative alarm suppression is configured, the device
filters out correlative alarms and reports only root alarms to the NMS.
– If NMS-based correlative alarm suppression is not configured, both
correlative alarms and root alarms are reported to the NMS.
1.1.20.3 Configuration Precautions for Fault Management
Feature Requirements
None
1.1.20.4 Default Settings for FM
Table 1-90 describes the default settings for FM.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 671
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-90 Default settings for FM
Parameter Default Setting
Delayed alarm reporting Enabled
Alarm correlation analysis Disabled
Wrap function of historical alarm Enabled
records
Alarm reporting function for CLI Enabled
terminal users
1.1.20.5 Configuring FM
1.1.20.5.1 Understanding FM
FM provides the following functions:
● Setting the alarm severity
Each alarm has a default alarm severity. You can set alarm severities on a
device and filter criteria on an NMS so that the NMS displays only alarms of a
specified severity, facilitating alarm reading.
● Configuring delayed alarm reporting
If an alarm is frequently reported, efficiency of fault locating is affected. After
an alarm reporting delay is configured, only alarms that persist after the set
alarm reporting delay elapses are reported to the NMS. This prevents a large
number of invalid alarms from being reported.
You can disable the delayed alarm reporting function for the alarms that you
are particularly concerned about, such as hardware- and environment-related
alarms.
After an alarm reporting delay is configured for an alarm, the following rules
apply:
– If the alarm is not cleared within the set delay, the alarm is reported after
the delay elapses.
– If the alarm is cleared within the set delay, the alarm and its clear alarm
are deleted from the alarm queue and are not reported to the NMS.
● Configuring correlative alarm suppression
Generally, a running device generates a large number of alarms and reports
them to an NMS. If you are not concerned about correlative alarms, you can
configure correlative alarm suppression to suppress correlative alarms. After
configuration, only root alarms are reported to the NMS.
● Disabling the wrap function of historical alarm records
By default, when the number of historical alarms reaches the maximum
value, subsequent historical alarms are discarded. To replace the earliest
alarms in the alarm list with the latest historical alarms, you can disable the
wrapping function of historical alarm records.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 672
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Disable the alarm reporting function for CLI terminal users
Configure this function if you do not want a CLI terminal to receive any
alarms from the device.
1.1.20.5.2 Configuring FM
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the alarm management view.
alarm
Step 3 (Optional) View the current alarm severity.
display alarm information [ name alarm-name ]
Step 4 Configure an alarm severity.
alarm-name alarm-name severity { critical | major | minor | warning }
Step 5 Configure one or more of the following functions as required:
● Configure delayed alarm reporting.
a. Enable delayed alarm reporting.
delay-suppression enable
b. (Optional) Configure an alarm reporting delay period.
suppression alarm-name alarm-name { cause-period cause-seconds | clear-period clear-
seconds }
By default, the alarm reporting delay period varies with applications. You
can run the undo suppression alarm-name command and then the
display alarm information command to view the default alarm
reporting delay period.
To configure the period of reporting delay for an active alarm, specify the
cause-period parameter. To configure the period of reporting delay for a
clear alarm, specify the clear-period parameter.
● Configure the function to mask all alarms.
Terminal users include CLI users and NMS users. If terminal users do not
expect any alarms sent from the device, they can configure the function to
mask all alarms.
– For a CLI user, run the following command in the user view:
undo terminal alarm
– For an NMS user whose host name is host-name, run the following
command in the alarm management view:
undo alarm snmp target-host host-name
● Configure the function to mask alarms based on an alarm masking table.
Terminal users include CLI users and NMS users. Different terminal users are
concerned about different types of alarms. Terminal users can configure an
alarm masking table to filter out the unwanted alarms.
Different terminal users can share the same alarm masking table, but each
terminal user can use only one alarm masking table.
a. Enter the alarm masking table view.
mask name mask-name
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 673
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
b. Run one or more of the following commands to mask specified alarms:
▪ Mask a specified alarm.
mask alarm-name alarm-name
To mask multiple alarm items, you can run this command multiple
times.
▪ Mask alarms of a specified service.
mask feature-name feature-name
To mask alarms of multiple services, you can run this command
multiple times.
▪ Mask alarms with a specified severity.
mask severity { Critical | Major | Minor | Warning }
The severity of an alarm can be critical, major, minor, or warning. To
mask alarms with multiple severities, you can run this command
multiple times.
c. Return to the alarm management view.
quit
d. Run the following commands to mask specified alarms based on the
terminal user type and function requirements:
▪ For a CLI user, run the following command:
terminal mask name mask-name
▪ For an NMS user whose host name is host-name, run the following
command:
snmp target-host host-name mask name mask-name
● Configure alarm inversion.
If an NE is configured with certain services but these services are not
accessed, corresponding service loss alarms are generated on the NE. In this
case, you can configure the alarm inversion function so that such alarms are
not reported.
a. Set the alarm inversion mode to automatic recovery.
reverse mode auto-resume
b. Enter the alarm inversion view.
reverse
c. Configure the alarm inversion function on an interface.
reverse interface interface-type interface-number
● Disable alarm correlation suppression.
a. Enable the alarm correlation analysis function.
correlation-analyze enable
b. Disable NMS host-based alarm correlation suppression.
undo alarm correlation-suppress enable target-host [ ipv6 ] ip-address securityname
{ security-name | cipher security-string } [ vpn-instance vpn-instance-name ]
By default, alarm correlation suppression is enabled.
● Disable the wrapping function of historical alarm records.
history record-wrap disable
● Enable the alarm status recheck function.
alarm alarm-name alarm-name initial-startup enable
Step 6 Commit the configuration.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 674
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
commit
----End
Verifying the Configuration
● Run the display alarm information [ name alarm-name ] command to
check the alarm configuration.
● Run the display this command in the alarm management view to check the
alarm configuration.
1.1.20.5.3 Example for Configuring FM
Networking Requirements
As shown in Figure 1-159, there are reachable routes between the user and
DeviceA. You can configure FM to help the user learn about the alarms generated
on DeviceA in a timely manner and locate faults.
Figure 1-159 Networking diagram for configuring FM
Configuration Roadmap
The configuration roadmap is as follows:
1. Set alarm suppression parameters.
2. Edit and use the alarm masking table.
3. Disable alarm correlation suppression.
Procedure
Step 1 Configure the severity and suppression period of the alarm
hwBgpPeerRouteExceed.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] alarm
[~DeviceA-alarm] alarm-name hwBgpPeerRouteExceed severity critical
[*DeviceA-alarm] suppression alarm-name hwBgpPeerRouteExceed cause-period 5
[*DeviceA-alarm] suppression alarm-name hwBgpPeerRouteExceed clear-period 15
[*DeviceA-alarm] commit
Step 2 Configure an alarm masking table.
[~DeviceA-alarm] mask name mask1
[~DeviceA-alarm-mask1] mask feature-name bgp
[*DeviceA-alarm-mask1] mask severity Minor
[*DeviceA-alarm-mask1] mask severity Warning
[*DeviceA-alarm-mask1] commit
[~DeviceA-alarm-mask1] quit
Step 3 Configure the NMS host named target-host1 to use the alarm masking table
named mask1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 675
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[~DeviceA-alarm] quit
[~DeviceA] snmp-agent target-host host-name target_host1 inform address udp-domain 192.168.3.1
params securityname aaa123 v3
[*DeviceA] alarm
[*DeviceA-alarm] snmp target-host target-host1 mask name mask1
[*DeviceA-alarm] commit
Step 4 Disable alarm correlation suppression for the NMS host whose IP address is
192.168.3.1 and username is aaa123.
[~DeviceA-alarm] correlation-analyze enable
[*DeviceA-alarm] undo alarm correlation-suppress enable target-host 192.168.3.1 securityname aaa123
[*DeviceA-alarm] commit
----End
Verifying the Configuration
Run the display alarm information command to check whether the configuration
is correct.
<DeviceA> display alarm information name hwBgpPeerRouteExceed
--------------------------------------------------------------------------------
Feature : BGP
AlarmName : hwBgpPeerRouteExceed
AlarmId : 0x801002B
Severity : Critical
Cause Suppress Time : 5
Clear Suppress Time : 15
--------------------------------------------------------------------------------
Configuration Scripts
#
sysname DeviceA
#
alarm
correlation-analyze enable
alarm-name hwBgpPeerRouteExceed severity Critical
suppression alarm-name hwBgpPeerRouteExceed cause-period 5
suppression alarm-name hwBgpPeerRouteExceed clear-period 15
snmp target-host target-host1 mask name mask1
undo alarm correlation-suppress enable target-host 192.168.3.1 securityname cipher %+%##!!!!!!!!!"!!!!"!!!!
*!!!!M'QCMk|;n!+ttaFN:B%L)q5F9-.u.Bc4Pd;!!!!!!!!!!!!!!!7!!!!:kiHA*OO]%"x:zHit670|z&=~0qG"G!!!!!!!!!!%+%#
#
mask name mask1
mask severity Minor
mask severity Warning
mask alarm-name hwBgpPeerAddrFamilyRouteThresholdExceed
mask alarm-name hwBgpPeerAddrFamilyRouteExceed
mask alarm-name hwBgpBackwardTransition
mask alarm-name hwBgpPeerAddrFamilyPerRouteThresholdExceed
mask alarm-name hwBgpPeerAddrFamilyPerRouteExceed
mask alarm-name hwBgpRouteLoopDetected
mask alarm-name hwBgpDiscardRecvRoute
mask alarm-name hwRpkiSessionROAExceed
mask alarm-name hwBgpPeerRouteNumThresholdExceed
mask alarm-name hwBgpPeerRouteExceed
mask alarm-name bgpBackwardTransition
mask alarm-name hwBgpVrfRouteNumReachThreshold
mask alarm-name hwBgpDynamicPeerSessionExceed
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 676
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.20.6 Maintaining FM
Clearing Alarms
After identifying alarms to be cleared, perform the following operations in the
alarm management view:
CAUTION
After an alarm is cleared, an NMS cannot obtain the alarm information. Cleared
alarms cannot be restored. In addition, the alarm is no longer reported even if the
original fault persists. Therefore, exercise caution when you run this command.
Table 1-91 Clearing alarms
Operation Command
Clear active alarms. clear alarm active { all | sequence-number
sequence-number }
Clear historical alarms. clear alarm history { all | sequence-number
sequence-number }
Clear alarm statistics. reset statistics [ name alarm-name ]
Monitoring Alarms
You can run the following commands in any view to check the alarm information
in routine maintenance.
Table 1-92 Monitoring alarms
Operation Command
View active alarms. display alarm active [ verbose ]
View active root alarms. display alarm active root [ verbose ]
View historical alarms. display alarm history [ verbose ]
View alarm configurations. display alarm information [ name alarm-
name ]
View alarm statistics. display alarm statistics [ name alarm-
name ]
1.1.21 Performance Management Configuration
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 677
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.21.1 Overview of Performance Management
Definition
The performance management (PM) function periodically collects statistics about
various system performance indicators, helping you query and analyze current or
historical performance statistics.
Purpose
PM provides current and historical system performance data, becoming a key
feature for improving device operation and maintenance (O&M) capabilities. You
can use this data to analyze the system's running status, locate faults, and
perform system configuration.
You can also analyze system performance trends based on collected performance
data. For example, by analyzing the peak and valley values of user traffic during a
specific day, you can predict the network's traffic growth and speed for at least the
next 30 days. More important, system performance data forms the foundation for
network configuration optimization and network expansion.
1.1.21.2 Understanding PM
To implement PM, a device needs to periodically collect performance statistics, so
the statistics collection function must be enabled.
The statistics collection function involves various performance statistics tasks. Each
task can be bound to multiple performance statistics instances, which the device
will monitor and collect from the system when a task is run. Statistics are
calculated once the performance statistics collection interval elapses, and are
periodically saved to statistics files.
The statistics files store the following statistics:
● Interface traffic statistics, for example, the number of packets sent and
received on an Ethernet interface
● Protocol traffic statistics, for example, the number of protocol-specific packets
● Device running statistics, for example, CPU usage, memory usage, and
temperature
The device uploads statistics files to a PM server through FTP or SFTP in either of
the following modes:
● Automatic mode: The device periodically generates statistics files and
automatically uploads the files to the PM server.
● Manual mode: The device periodically generates statistics files, which need to
be manually uploaded to the PM server.
NOTE
Using FTP to upload performance statistics files is not secure. Using SFTP is recommended.
In FIPS mode, files cannot be uploaded using FTP.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 678
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.21.3 Configuration Precautions for Performance Management
Feature Requirements
Table 1-93 Feature requirements
Feature Requirements Series Models
KPI files generated by the KPI diagnosis NetEngin NetEngine 8000
function are not independently saved by VS. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
VSs except the admin VS share system memory NetEngin NetEngine 8000
resources. Memory resources cannot be e 8000 M M14/NetEngine
separately allocated to the VSs. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Configurations cannot be concurrently NetEngin NetEngine 8000
committed for the admin VS and non-admin e 8000 M M14/NetEngine
VSs. 8000 M14K/
Configurations can be concurrently committed NetEngine 8000
for multiple non-admin VSs. However, if M4/NetEngine
configurations that affect the admin VS are 8000 M8/
modified for a non-admin VS, configurations NetEngine 8000
cannot be committed for other non-admin VSs M8K/NetEngine
during configuration commission for this non- 8000E M14/
admin VS. NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 679
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
A non-admin VS does not support fast startup NetEngin NetEngine 8000
in DAT mode. e 8000 M M14/NetEngine
8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
A maximum of 21 users are allowed to deliver NetEngin NetEngine 8000
configurations on a device. Other users can e 8000 M M14/NetEngine
only query configurations. The users in non- 8000 M14K/
admin VSs are in preemption mode. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8/NetEngine
8100 M14/
NetEngine 8100
M8
The system determines VS specifications based NetEngin NetEngine 8000
on the memory of the master main control e 8000 M M14/NetEngine
board. 8000 M14K/
1. If the memory of the main control board is NetEngine 8000
less than 8 GB, multiple VSs cannot be created. M4/NetEngine
8000 M8/
2. If the memory of the main control board is NetEngine 8000
greater than or equal to 8 GB and less than 16 M8K/NetEngine
GB, the system supports a maximum of four 8000E M14/
VSs. NetEngine 8000E
3. If the memory of the main control board is M8/NetEngine
greater than or equal to 16 GB, the system 8100 M14/
supports a maximum of eight VSs. NetEngine 8100
Properly plan VS resources. M8
1.1.21.4 Default Settings for PM
Table 1-94 describes the default settings for PM.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 680
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-94 Default settings for PM
Parameter Default Setting
Statistics collection function Disabled
Generation of statistics files Automatically generated and saved
Request for uploading statistics files No upload request is created.
to a specified PM server
Automatic upload of statistics files to Disabled
a specified PM server
Maximum number of retransmissions 3
of statistics files to a PM server
Format of statistics files text
1.1.21.5 Configuring PM
1.1.21.5.1 Configuring a Performance Statistics Task
Prerequisites
Reachable routes have been configured between the device and PM server.
Context
To collect and analyze performance statistics about system services, configure a
performance statistics task and bind the task to one or more instances. In the
performance statistics task, you can configure the performance statistics collection
interval, sampling interval, and parameters for statistics file generation.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the PM view.
pm
Step 3 Enable the data statistics function.
statistics enable
Step 4 Create a performance statistics task and enter the performance statistics task view.
statistics-task task-name
Step 5 (Optional) Configure a type for the performance statistics task.
task-type { pm-sdh | mon-history | mon-statistics }
By default, no type is specified for a performance statistics task.
After the task type is changed to pm-sdh, the performance statistics collection
interval for this task can only be 15 minutes or 24 hours.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 681
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
After the task type is changed to mon-statistics, the default settings are restored
for the statistics collection interval, file generation status, threshold alarm status,
file generation interval, automatic file upload status, and other items. In addition,
task attributes cannot be changed, and threshold alarm configurations cannot be
performed.
Step 6 Bind an instance to the performance statistics task.
binding instance-type instance-type { all | instance { vpn-instance-name } &<1-8> }
After an instance is bound to the performance statistics task, the system
immediately collects and records the performance statistics about the instance.
Step 7 (Optional) Disable measurement for a statistics indicator of the bound instance.
measure disable instance-type instance-type measure measure-name
By default, measurement is enabled for all statistics indicators of a bound
instance.
To view statistics indicators of a bound instance, run the display pm measure-
info instance-type instance-type-name command.
Step 8 (Optional) Enable the threshold alarm function for the performance statistics task.
threshold-alarm enable
By default, the threshold alarm function is disabled for a performance statistics
task.
The device can periodically monitor its running status. When the performance
statistics task meets certain alert conditions, the device sends an alarm to the
NMS. After the alert conditions are cleared, the device sends a clear alarm. For
example, you can configure the CPU usage of the monitoring system. The system
sends an alarm if the CPU usage reaches 80% and sends a clear alarm if the CPU
usage falls below 50%.
Step 9 (Optional) Configure a sampling interval.
sample-interval interval
By default:
● If the performance statistics collection interval is 5 minutes, the default
sampling interval is 1 minute.
● If the performance statistics collection interval is 10 minutes, the default
sampling interval is 2 minutes.
● If the performance statistics collection interval is 15 minutes, the default
sampling interval is 3 minutes.
● If the performance statistics collection interval is 30 minutes, the default
sampling interval is 5 minutes.
● If the performance statistics collection interval is 60 minutes, the default
sampling interval is 5 minutes.
● If the performance statistics collection interval is 1440 minutes, the default
sampling interval is 15 minutes.
Step 10 (Optional) Configure a performance statistics collection interval.
statistics-cycle cycle
By default, the performance statistics collection interval is 15 minutes.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 682
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 11 (Optional) Configure whether to generate performance statistics files.
● Disable the function to generate performance statistics files.
record-file disable
By default, performance statistics files are automatically generated and saved
on a device.
You can run this command to prevent performance statistics files from being
generated, reducing memory resource consumption.
● Set the number of performance statistics collection intervals when the
function to generate performance statistics files is enabled.
record-interval interval
By default:
– If a short interval (5, 10, 15, 30, or 60 minutes) is set for collecting
performance statistics, the system generates a performance statistics file
for every four intervals.
– If a long interval (1440 minutes) is set for collecting performance
statistics, the system generates a performance statistics file for every
interval.
After the command is run, the system generates a performance statistics file
at every cycle x interval minutes to automatically save the performance
statistics.
You can run the file-format { text | xml } command to set a format for
performance statistics files.
Step 12 Exit the PM view.
quit
Step 13 Commit the configuration.
commit
----End
1.1.21.5.2 Uploading Performance Statistics Files
Context
The system generates performance statistics files based on the collected
performance statistics at a specified interval. To view the performance statistics on
a PM server, upload the performance statistics files to the PM server.
The device uses FTP or SFTP to upload statistics files to a remote PM server in
either of the following modes:
● Automatic mode: The system periodically generates performance statistics
files and automatically uploads them to the PM server.
● Manual mode: The system periodically generates performance statistics files,
and the files can only be manually uploaded to the PM server.
NOTE
Using FTP to upload performance statistics files is not secure. Therefore, using SFTP is
recommended.
In FIPS mode, files cannot be uploaded in FTP mode.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 683
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the PM view.
pm
Step 3 Create a PM server process and enter its view.
pm-server server-name
Step 4 Configure the parameters of the PM server to which performance statistics files
will be uploaded.
● Configure the protocol, IP address, and port number used for uploading
performance statistics files to the PM server.
protocol { ftp | sftp } ip-address ip-address [ port port-number | { net-manager-vpn | vpn-instance
vpn-instance-name } ] *
By default, the port number of the PM server is 21 (using FTP) or 22 (using
SFTP).
If the IP address of the PM server is a private address, configure net-
manager-vpn to specify a network management VPN for uploading the
performance statistics files, or configure vpn-instance vpn-instance-name to
specify a VPN instance for uploading the performance statistics files.
● Configure a username and password for logging in to the PM server.
username user-name password [ password ]
NOTE
For security purposes, change the password periodically.
● Configure the destination path for saving performance statistics files on the
PM server.
path destination-path
● Configure the maximum number of retransmissions for a performance
statistics file.
retry retry-times
Step 5 Return to the PM view.
quit
Step 6 Commit the configuration.
commit
Step 7 Create a request for uploading performance statistics files to a specified PM server.
upload-config request-name server server-name
Step 8 Enable the device to upload performance statistics files to the PM server.
● Automatic mode
a. Enter the performance statistics task view.
statistics-task task-name
b. Enable the device to automatically upload performance statistics files to
the PM server.
upload auto request-name
● Manual mode
a. View the list of generated statistics files.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 684
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
display pm statistics-file [ task-name ]
b. Configure the device to upload performance statistics files to the PM
server.
upload request-name file { filename } &<1-16>
Step 9 Commit the configuration.
commit
----End
1.1.21.5.3 Configuring the Function of Viewing and Parsing Statistics Files
Context
By default, statistics files are saved in text format to cfcard:/pmdata. They can also
be saved in xml format. Statistics files are named in the format of
tasknameyyyymmddhhmmindexnum.xxx, where xxx represents either txt or xml
depending on the file type. You can view and parse statistics files to analyze
statistics and learn about a device's running status.
Procedure
Step 1 View the list of generated statistics files.
display pm statistics-file [ task-name ]
Step 2 Set the current working directory to pmdata.
cd pmdata
Step 3 View a statistics file's content.
more filename [offset]
Step 4 Parse the content of a statistics file.
The following is an example of a statistics file:
2020-02-21 14:08:25.371
FileFormatVersion=1.0
SysName=HUAWEI
Release_Number=V800R022C00
Start_Time=2020-02-21 13:00,2020-02-21 13:05,2020-02-21 13:10
Statics_Interval=5
Resource_type=6
Total_rows=3
Index List:
Index_rows=1
GigabitEthernet0/1/1
Indicator List:
Indicator_rows=41
393217
393218
393219
393220
393221
393222
393223
393224
393225
393226
393227
393228
393229
393230
393232
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 685
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
393233
393234
393235
393236
393237
393238
393239
393240
393241
393242
393243
393244
393245
393246
393247
393248
393249
393250
393251
393256
393257
393258
393252
393253
393254
393255
Value:
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
Table 1-95 describes the format of a statistics file.
Table 1-95 Format of a statistics file
Item Description
2020-02-21 14:08:25.371 Date and time when the statistics file
was generated.
FileFormatVersion Version number of the statistics file.
SysName Device name.
Release_Number Version number.
Start_Time Time when statistics were collected.
Statics_Interval Performance statistics collection
interval, in minutes.
Resource_type ID of a statistics object type.
Total_rows Number of performance statistics
collection intervals x Number of
performance statistics instances.
Index List List of statistics instances.
Index_rows Number of statistics instances.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 686
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Item Description
Indicator List List of statistics indicators.
Indicator_rows Number of statistics indicators.
Value Statistics indicator data.
----End
1.1.21.5.4 Verifying the Configuration
Prerequisites
PM has been configured.
Procedure
● Run the display pm brief command to check brief PM information.
● Run the display pm statistics-task [ task-name ] command to check
information about a performance statistics task.
● Run the display pm measure-info [ instance-type instance-type ] command
to check statistics about an instance.
● Run the display pm statistics task-name data-index index [ instance-type
instance-type-name [ measure measure-name | instance { vpn-instance-
name } &<1-8> ] * ] command to view PM statistics.
● Run the display pm statistics-file [ task-name ] command to check the list of
statistics files.
----End
1.1.21.5.5 Example for Configuring PM
Networking Requirements
To monitor the operating status of interfaces and collect performance statistics,
configure the PM function. This configuration enables a device to periodically
collect performance statistics, save the performance statistics to files, and send the
files to a PM server.
Figure 1-160 Networking diagram for PM
NOTE
In this example, interface1 represents GigabitEthernet0/1/1.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 687
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the data statistics function.
2. Configure basic data statistics functions.
3. Configure the device to upload statistics files to the PM server.
Procedure
Step 1 Enable the data statistics function.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] pm
[~DeviceA-pm] statistics enable
[*DeviceA-pm] commit
Step 2 Configure basic data statistics functions.
# Create a statistics task named test to collect traffic statistics on
GigabitEthernet0/1/1, with the statistics indicator in-all-pkts being excluded.
[~DeviceA-pm] statistics-task test
[*DeviceA-pm-statistics-test] binding instance-type interface instance gigabitethernet 0/1/1
[*DeviceA-pm-statistics-test] measure disable instance-type interface measure in-all-pkts
[*DeviceA-pm-statistics-test] commit
# Set the performance statistics collection interval to 5 minutes and the number
of performance statistics collection intervals to 3.
[~DeviceA-pm-statistics-test] statistics-cycle 5
Warning: All data of the statistics task will be deleted. Continue? [Y/N]:Y
[*DeviceA-pm-statistics-test] record-interval 3
Warning: This operation will cause some data to be lost. Continue? [Y/N]:Y
[*DeviceA-pm-statistics-test] quit
[*DeviceA-pm] quit
[*DeviceA] commit
Step 3 Configure the device to upload statistics files to the PM server.
# Create a PM server process and configure required parameters.
[~DeviceA] pm
[~DeviceA-pm] pm-server abc
[*DeviceA-pm-server-abc] protocol sftp ip-address 192.168.2.1 port 22
[*DeviceA-pm-server-abc] username user1 password pwd123
[*DeviceA-pm-server-abc] path /pmserver
[*DeviceA-pm-server-abc] retry 2
[*DeviceA-pm-server-abc] quit
[*DeviceA-pm] commit
# Enable the device to upload statistics files to the PM server.
[~DeviceA-pm] upload-config req1 server abc
[*DeviceA-pm] upload req1 file a120130525150004.txt
[*DeviceA-pm] commit
----End
Verifying the Configuration
After configuring PM functions, run the display pm statistics-task [ task-name ]
command to check the PM configurations. The following example uses the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 688
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
command output for a performance statistics task named huawei. The command
output shows the performance statistics task name, performance statistics
collection interval, and performance statistics instance type.
<DeviceA> display pm statistics-task test
Task Name : test
Task State : running
Record-file Status : enable
Task Cycle : 5 minutes
Sample Interval : 1 minutes
Instance Type : interface
Record Interval(cycle) : 3
File Format : text
File Name Prefix : test
File Transfer Mode : passive
Current File Name : a120130525150004.txt
In addition, the performance statistics file a120130525150004.txt has been
uploaded to the /pmserver path of the PM server.
2020-02-21 14:08:25.371
FileFormatVersion=1.0
SysName=HUAWEI
Release_Number=V800R022C00
Start_Time=2020-02-21 13:00,2020-02-21 13:05,2020-02-21 13:10
Statics_Interval=5
Resource_type=6
Total_rows=3
Index List:
Index_rows=1
GigabitEthernet0/1/1
Indicator List:
Indicator_rows=41
393217
393218
393219
393220
393221
393222
393223
393224
393225
393226
393227
393228
393229
393230
393232
393233
393234
393235
393236
393237
393238
393239
393240
393241
393242
393243
393244
393245
393246
393247
393248
393249
393250
393251
393256
393257
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 689
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
393258
393252
393253
393254
393255
Value:
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1410065408,2,1,0,0,0,0,0,0,0,0,0,0
,0,E3,E3,E3,E3
Configuration Scripts
#
sysname DeviceA
#
pm
statistics enable
pm-server abc
protocol sftp ip-address 192.168.2.1
username user1 password %+%#H2uA')+.Y#eq-BZ~MEKG7r1_@L:n0*]&i@Z\/z7#%+%#
retry 2
path /pmserver
upload-config req1 server abc
statistics-task test
statistics-cycle 5
record-interval 3
binding instance-type interface instance GigabitEthernet0/1/1
measure disable instance-type interface measure in-all-pkts
#
return
1.1.21.6 Maintaining PM
If a large number of performance statistics are collected on a device, you can run
the following reset command in the performance statistics task view to clear the
current or historical performance statistics.
CAUTION
The statistics cannot be restored after being cleared. Exercise caution when
running this command.
● Run the reset pm current-data [ instance-type instance-type-name
[ measure measure-name | instance { vpn-instance-name } &<1-8> ] * ]
command to clear specified PM statistics.
1.1.22 Upgrade Maintenance Configuration
1.1.22.1 Overview of Upgrade Maintenance
Definition
Upgrade maintenance refers to operations performed to upgrade or maintain a
device. It includes upgrading the basic software package, installing and upgrading
a feature software package, installing a patch, and installing a module.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 690
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Purpose
If faults or errors occur in the software running on a device, you need to rectify
them by modifying the software. And if the user environment changes, or you
want to add new features or optimize the device performance or functions to
meet new user requirements, you need to partially update the original device
software. Such operations are all implemented through upgrade maintenance.
Upgrade maintenance enables a device to meet users' service requirements,
improve device reliability, optimize device performance, and ensure robust device
operation on the live network.
1.1.22.2 Understanding Upgrade Maintenance
Upgrade maintenance is performed on software packages. Involved operations
include software package upgrade, installation, uninstallation, and rollback. You
can upgrade a software package in two modes: performing the upgrade on an in-
service device or specifying a software package that takes effect at the next
startup. In both modes, you need to obtain and upload the new software package.
Software Package Composition
● Basic software package: It is a software package that provides basic system
functionality. Specifically, it ensures the running of components and services
by providing hardware drivers, common components, an operating system, a
boot file, etc. A basic software package is used in initial deployment and
software upgrade scenarios, and is the basis for the running of components
and services, supporting an entire device.
● Feature software package: It is a software package that provides component-
based service capabilities for specific valuable features based on a basic
software package.
There are two types of feature software packages:
– Integrated feature software package: a feature package that is integrated
in and released with a basic software package. This type of package does
not need to be separately obtained or uploaded. An integrated feature
software package is generally developed for basic functions, such as
independent upgrade and independent evolution.
– Independent feature software package: a feature package that is
independently released and whose functions are not integrated in a basic
software package. One feature corresponds to one package, which needs
to be obtained and uploaded separately. An independent feature software
package is generally security-sensitive and developed for functions such
as component decoupling, fault isolation, and permission minimization. It
enables a device to support new features without requiring the basic
software package to be upgraded. In addition, it can be loaded,
uninstalled, and upgraded independently without interrupting services.
Unless otherwise specified, feature software packages mentioned in the
upgrade maintenance sections refer to independent feature software
packages. This also applies to 1.1.22.6 Configuring a Feature Software
Package.
● Patch: It is an independent file released to rectify certain defects in the system
software, such as to fix bugs or vulnerabilities. If a software problem is found
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 691
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
during product maintenance and the involved software package cannot be
replaced or upgraded to solve the problem, you can install a patch as a
solution.
● Module: It is a functional patch generated as a *.MOD file. A module uses the
patch mechanism to implement specific functions. It is generally released as
an extended package of the basic software package and is used to add major
functions to the current basic software package.
Figure 1-161 Software package composition
NOTE
When you install or upgrade a software package, enable log and alarm management
functions to record all installation or upgrade operations. The recorded information helps
you analyze and locate faults if the installation or upgrade fails.
Basic Upgrade Maintenance Operations
Basic upgrade maintenance operations include:
● Software package upgrade: If the current system software cannot meet the
live network or user service requirements, you can upgrade the system
software to a later version using a software package.
A software package upgrade can be performed in either of the following
ways:
– Specifying the software package that takes effect at the next startup: You
can specify the name of a new software package that takes effect at the
next startup. After the device is restarted, the system automatically uses
the new software package to upgrade the device. In this case, services are
interrupted, affecting service forwarding reliability. In this case, services
are interrupted, affecting service forwarding reliability.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 692
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
– In-service software package upgrade: You can upgrade a device without
restarting it. This approach shortens the service interruption time and
ensures service forwarding reliability.
● Software package installation: You can install a software package on a device
so that the device runs the system software.
Software package installation can be performed in either of the following
ways:
– Startup installation: To install a basic software package, you must restart
the device. In this case, services are interrupted, affecting device
reliability.
– In-service installation: You can install a software package without
restarting the device.
● Software package uninstallation: If a software package is no longer required,
you can uninstall it.
● Software package rollback: If the post-upgrade system software cannot meet
user service requirements or services cannot run properly, you can roll back
the system software to the source version to ensure normal service
forwarding.
NOTE
"In-service" in the upgrade maintenance sections indicates that the device does not
need to be restarted.
Basic Functions Supported by Software Packages
Based on software package types, the following basic functions are supported:
● Basic software package (*.cc): It can be installed only during device startup
and can be upgraded. It cannot be installed or uninstalled on an in-service
device.
● Feature software package (*.ccx): It can be installed, uninstalled, or upgraded
on an in-service device, can be rolled back, and can also be specified to take
effect at the next startup. It enables the rollout and upgrade of new device
features.
● Patch (*.PAT): It can be installed and uninstalled on an in-service device, can
be rolled back, and can also be specified to take effect at the next startup. It
enables rectification of system software defects.
● Module (*.MOD): It can be installed and uninstalled on an in-service device,
can be rolled back, and can also be specified to take effect at the next
startup. It enables enhancement of system software functions.
Integrity Verification
After a software package is released, it is susceptible to modification or tampering
during transmission, download, storage, and installation. To address this
possibility, digital signatures and hash values are used to verify the validity and
integrity of software packages during installation. Ensure that the software
installed on the device is secure and available by verifying the software before
using it.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 693
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● The digital signature mechanism ensures the validity and integrity of software
packages to ensure the security and availability of installed software. A digital
signature is packed into a software package before it is released and validated
before the software package is loaded to a device. The software package is
considered complete and trusted, and applications can be installed, only after
the verification succeeds.
● A hash value is a unique short character string consisting of random letters
and digits. When a software package is installed, the device verifies the hash
value. The software package is considered complete and trusted, and
applications can be installed, only after the verification succeeds.
1.1.22.3 Configuration Precautions for Upgrade Maintenance
Feature Requirements
Table 1-96 Feature requirements
Feature Requirements Series Models
Ensure that the root directory of the user has NetEngin NetEngine 8000
sufficient space for storing the system software e 8000 M M14/NetEngine
package, patch package, and MOD package. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
The MOD package version must match the NetEngin NetEngine 8000
system software package version. If the MOD e 8000 M M14/NetEngine
package version does not match the system 8000 M14K/
software package version, the MOD package NetEngine 8000
cannot be loaded. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 694
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
Patch operations cannot be performed during NetEngin NetEngine 8000
service configuration. Otherwise, the patch e 8000 M M14/NetEngine
operations may fail. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1. The license control items used for port NetEngin NetEngine 8000
activation are not permanently saved. After the e 8000 M M14/NetEngine
device is restarted, the system re-allocates 8000 M4/
license control items based on the port NetEngine 8000
sequence. The license control items contained M8/NetEngine
in the software package are preferentially 8000E M14/
allocated. Then, the license control items with NetEngine 8000E
more available ports are allocated. For M8
example, if one license control item contains
4*10GE resources and the other license control
item contains 2*10GE resources, the former is
preferentially allocated.
2. After the device is reset, the system reclaims
the license resources occupied by the excess
ports. The reclamation rule is the same as that
for the CM commercial mode. The license
resources of the port with a smaller ID are
preferentially activated, and the license
resources of the port with a larger ID are
reclaimed.
When resources are allocated between devices
on the live network, the number of license
resource items may decrease. In this case, after
the device is restarted, the system reclaims the
license resources occupied by the excess ports.
If you have requirements on the activated
ports, release the ports that are not in use
before the device is restarted.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 695
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
ISSU is not supported. Properly plan services. If NetEngin NetEngine 8000
an upgrade is required, restart the device and e 8000 M M14/NetEngine
interrupt services. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1. The license control items used for port NetEngin NetEngine 8000
activation are not permanently saved. After the e 8000 M M14/NetEngine
device is restarted, the system re-allocates 8000 M4/
license control items based on the port NetEngine 8000
sequence. The license control items contained M8/NetEngine
in the software package are preferentially 8000E M14/
allocated. Then, the license control items with NetEngine 8000E
more available ports are allocated. For M8
example, if one license control item contains
4*10GE resources and the other license control
item contains 2*10GE resources, the former is
preferentially allocated.
2. After the device is reset, the system reclaims
the license resources occupied by the excess
ports. The reclamation rule is the same as that
for the CM commercial mode. The license
resources of the port with a smaller ID are
preferentially activated, and the license
resources of the port with a larger ID are
reclaimed.
When you perform a downgrade, the device NetEngin NetEngine 8000
checks the hardware compatibility. e 8000 M M14/NetEngine
If the device has hardware (such as subcards 8000 M14K/
and boards) that is incompatible with the NetEngine 8000
system software package of an earlier version, M4/NetEngine
the device displays a message indicating that 8000 M8/
the operation fails when you set the startup NetEngine 8000
software package. M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
When a switch functions as a port extension NetEngin NetEngine 8000
AP, capacity expansion RTUs cannot be e 8000 M M14/NetEngine
configured. 8000 M8/
NetEngine 8000E
M14/NetEngine
8000E M8
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 696
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
If the NPU480-1T software package is used, NetEngin NetEngine 8000E
the upgrade or downgrade between a version e 8000 M M14/NetEngine
earlier than V800R010 and V800R013 or a 8000E M8
later version is not supported due to the
restrictions of the software package size and
disk partition size. If V800R013 or a later
version is directly downgraded to a version
earlier than V800R010, the following message
is displayed when you set the next startup
package: Error: The system software package
to be installed cannot be started because of
partition settings.
1. Use license 2.0. The license file type must be NetEngin NetEngine 8000
*.dat or *.zip. e 8000 M M14/NetEngine
2. The license file cannot be modified. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.22.4 Preparing for Upgrade Maintenance
To ensure the smooth upgrade maintenance of a device, make relevant
preparations based on requirements.
Upgrade Purpose Operation
Maintenance
Preparation
Check the existing Prevent an upgrade Run the display version
software version of failure due to a version command to check the existing
a device. mismatch. basic software version of the
device.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 697
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Upgrade Purpose Operation
Maintenance
Preparation
Check the CPU and Prevent upgrade Run the display health
memory usage of maintenance failures command to check the CPU and
the device. caused by high CPU memory usage. If the CPU and
and memory usage. memory usage is too high,
reduce the usage before
performing upgrade
maintenance operations. It is
recommended that the CPU
usage be less than or equal to
70%, and that the memory
usage be less than or equal to
90%.
Check the working Ensure that the device Run the display device
status of the works properly and command to check the running
device. prevent upgrade and status of the device. If the
maintenance failures Register field value is
caused by operations Unregistered, the board in the
such as hardware corresponding slot is not
unregistration or registered. If the Alarm field
device startup. value is Abnormal, the board in
the corresponding slot runs
abnormally.
Set up the SFTP Back up existing If SFTP is used for an upgrade:
environment. resource files before an ● If the device to be upgraded
upgrade and upload functions as a client and a PC
new resource files functions as a server, install
required for an the SFTP server application
upgrade. on the PC. The SFTP server
application is not delivered
with the device and must be
obtained separately.
● If the device to be upgraded
functions as an SFTP server
and a PC functions as an
SFTP client, the SFTP server
application does not need to
be installed on the PC. By
default, the SFTP server
function is disabled on the
device to be upgraded. To
enable this function, run the
sftp server enable command
in the system view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 698
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Upgrade Purpose Operation
Maintenance
Preparation
Back up important Prevent loss of Run the copy source-filename
data in the storage important data due to destination-filename command
medium on the upgrade maintenance. to back up important data in the
device to be storage medium of the device to
upgraded. be upgraded.
Check the Ensure that there is Run the dir [ /all ] [ filename ]
remaining space of sufficient space for command to check the
the storage storing upgrade remaining space in the storage
medium of the maintenance files. medium of the device to be
device to be upgraded. Ensure that there is
upgraded. sufficient space for storing the
software files to be uploaded
and related documents.
Stop service Prevent upgrade -
configurations. maintenance failures
due to service
configurations being
performed during an
upgrade.
Obtain the Obtain the required Obtain a system software
required upgrade upgrade maintenance package of a specified target
maintenance software package version and matching
software package. (such as a basic documentation from the Huawei
software package, a support website.
feature software
package, a patch, or a
*.MOD module file).
Obtain the Device upgrades are For details, see the official
upgrade guide. closely related to installation or upgrade guide
newly released released by Huawei.
versions. Each new
version comes with a
corresponding upgrade
guide, which provides
instructions for
performing an
upgrade.
Obtain the license Purchase and install For details, see License User
permission. licenses if you need Guide.
some service function
modules or capacity-
based capabilities that
are controlled by
licenses.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 699
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.22.5 Configuring a Basic Software Package
1.1.22.5.1 Understanding a Basic Software Package
A basic software package ensures the running of components and services by
providing hardware drivers, common components, an operating system, a boot
file, etc. This package is the basis for the running of feature software packages
(components and services), patches, and modules, supporting an entire device.
You can maintain and manage a basic software package separately. A basic
software package can be installed only during device startup and can be
upgraded. It cannot be installed or uninstalled on an in-service device.
Installing a Basic Software Package
When a device is started for the first time, you can install a basic software
package through the BIOS user interface. After the basic system is started, you can
use corresponding commands to configure service parameters.
When the device is restarted, the system automatically installs the specified next-
startup basic software package. Generally, this mode is used when a device is
upgraded.
Upgrading a Basic Software Package
Huawei releases new versions of a basic software package to support new features
or functions, optimize performance, or solve problems in the current version. An
upgrade of the basic software package running on a device need to be performed
based on user requirements or Huawei's version incorporation requirements. In
this case, you need to configure the basic software package of a later version that
takes effect at the next startup and then restart the device.
NOTE
Device upgrades are closely related to newly released versions. Each new version comes
with a corresponding upgrade guide, which provides instructions for performing an
upgrade.
1.1.22.5.2 Specifying the Basic Software Package That Takes Effect at the Next
Startup
Prerequisites
Before specifying the basic software package that takes effect at the next startup,
you have completed the following task:
● Prepare for upgrade maintenance.
Context
Upgrading the basic software package version of the device can improve device
performance, add new features, and eliminate defects existing because software in
the current version is not updated in time.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 700
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
● The basic software package on the active main control board must be the same as that
on the standby main control board. Otherwise, an upgrade fails.
● Ensure that the uploaded files are correct by comparing the file sizes and dates.
● Run the dir file-name command to check whether the names of the basic software
packages (*.cc) in the storage media of the active and standby main control boards are
the same as the name of the uploaded basic software package.
Procedure
Step 1 Upload a basic software package to the storage medium on the active main
control board. For details, see "File System Management Configuration" in
Configuration Guide > Basic Configuration.
Step 2 Copy the basic software package to a storage medium on the standby main
control board.
copy source-filename destination-filename
Step 3 (Optional) Enable the version rollback function and set a rollback timeout period
in an upgrade.
time-value
If you do not log in to a device within the timeout period after the device is
restarted, the system automatically rolls back to the source version.
Step 4 Specify the basic software package that takes effect at the next startup.
startup system-software name [ all | slave-board | slot slot-id ]
NOTE
If a feature software package has been installed on a device and the basic software
package needs to be upgraded, delete the existing feature software package before you
specify the basic software package that takes effect at the next startup. For details, see
1.1.22.6.5 Specifying the Feature Software Package That Takes Effect at the Next
Startup.
Step 5 (Optional) Specify the patch that takes effect at the next startup.
startup patch patch-name all
For an upgraded basic software package that has a patch installed before the
upgrade, if it is rolled back to the source version by specifying the basic software
package that takes effect at the next startup, run this command to make the
patch take effect.
Step 6 Restart the device.
reboot
----End
Verifying the Configuration
● Run the display startup command to check whether the displayed
information is the same as the file name of the basic software package to be
started.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 701
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Follow-up Procedure
To install and run a new PAF file after the system restarts, you can run the startup
paf { default | file-name } command to specify the PAF file to be used at the next
startup.
After a device is upgraded to a later version and starts running, you can run the
rollback command to roll back the device to the source version within the first 48
hours. The patch and configuration files are also rolled back.
1.1.22.6 Configuring a Feature Software Package
1.1.22.6.1 Understanding a Feature Software Package
A feature software package provides component-based service capabilities for
specific valuable features based on a basic software package. One package
corresponds to one feature and can be independently installed or uninstalled. See
Figure 1-162. Feature software packages can be installed, uninstalled, or
upgraded on an in-service device. To add new features or implement in-service
incremental upgrade of features based on service requirements, you can install or
upgrade feature software packages separately without requiring the basic
software package to be upgraded.
Figure 1-162 Feature software package
A feature software package supports the following basic functions:
● Online installation/uninstallation of a feature software package: After a
device starts, you can install a new feature software package (*.ccx) or
uninstall a loaded feature software package based on service requirements,
such as new features. After a feature software package is installed, its
function is automatically enabled. Similarly, after it is uninstalled, its function
is automatically disabled.
● In-service upgrade of a feature software package: Huawei releases later
versions of a feature software package to enhance feature capabilities,
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 702
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
optimize feature performance, or resolve feature package problems. You can
upgrade a feature software package based on service requirements.
● Rollback of a feature software package: If an exception occurs during the
upgrade of a feature software package, this package will be automatically
rolled back to the source version. After a feature software package is
upgraded, if the related features become abnormal or the package cannot
meet service requirements, you can roll back the package to the source
version.
This document describes only key upgrade operations. For details about a device
upgrade and each released version, obtain the corresponding upgrade guide.
1.1.22.6.2 Configuring In-Service Installation and Uninstallation of a Feature
Software Package
Prerequisites
Before configuring in-service installation of a feature software package, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
To use a feature that is not provided in the basic software package but in a
feature software package, you can install the feature software package on an in-
service device. In this case, services are not interrupted. If this feature is no longer
needed, uninstall the corresponding feature software package.
NOTE
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a feature software package to the storage medium on the active main
control board. For details, see "File System Management Configuration" in
Configuration Guide > Basic Configuration.
Step 2 (Optional) Copy the feature software package to a storage medium on the
standby main control board.
copy source-filename destination-filename
Step 3 Perform in-service installation of the specified feature software package.
install feature-software feature-file
----End
Verifying the Configuration
Run the display startup or display startup feature-software command to check
whether the displayed information is the same as the name of the desired feature
software package.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 703
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Follow-up Procedure
When a feature is no longer needed, you can run the uninstall feature-software
feature-file command to perform in-service uninstallation of the feature software
package.
1.1.22.6.3 Configuring In-Service Upgrade of a Feature Software Package
Prerequisites
Before configuring in-service upgrade of a feature software package, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
To optimize the feature software or remove defects in the existing feature version,
you can upgrade the feature software package separately so that the device can
provide new functions.
NOTE
If a feature software package is stored only in the storage medium on the active main
control board, the standby main control board synchronizes this package on the active main
control board during the in-service upgrade of this package.
If feature software packages are stored in storage media on both the active and standby
main control boards and the packages are different, the standby main control board
synchronizes the feature software package on the active main control board during the in-
service upgrade of this package.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a feature software package to the storage medium on the active main
control board. For details, see "File System Management Configuration" in
Configuration Guide > Basic Configuration.
Step 2 (Optional) Copy the feature software package to a storage medium on the
standby main control board.
copy source-filename destination-filename
Step 3 Perform in-service upgrade of the feature software package.
upgrade feature-software feature-file
----End
Verifying the Configuration
Run the display startup or display startup feature-software command to check
whether the displayed information is the same as the file name of the feature
software package to be upgraded.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 704
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.22.6.4 Configuring Hitless Upgrade of a Feature Software Package
Prerequisites
Before configuring hitless upgrade of a feature software package, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
Currently, during an in-service upgrade of a feature software package, the existing
feature software package is automatically deleted, which may cause service
interruption. If the hitless upgrade function is used, the feature software package
of the source version can be deleted after the feature software package of the
target version is installed. This ensures uninterrupted services and improves device
reliability.
NOTE
Ensure that the uploaded files are correct by comparing the file sizes and dates.
The hitless upgrade function takes effect only for a feature software package that supports
this function. Before an upgrade, ensure that a software package that supports the hitless
upgrade function has been installed on the device.
Procedure
Step 1 Upload a feature software package to the storage medium on the active main
control board. For details, see "File System Management Configuration" in
Configuration Guide > Basic Configuration.
Step 2 Configure the hitless upgrade function for a feature software package.
issu feature-software feature-file
----End
Verifying the Configuration
Run the display startup or display startup feature-software command to check
whether the displayed information is the same as the file name of the feature
software package to be upgraded.
1.1.22.6.5 Specifying the Feature Software Package That Takes Effect at the Next
Startup
Prerequisites
Before specifying the feature software package that takes effect at the next
startup, you have completed the following task:
● Prepare for upgrade maintenance.
Context
If an independent feature software package has been installed on a device and the
basic software package and independent feature software package need to be
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 705
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
upgraded, you can specify the feature software package that takes effect at the
next startup. In this scenario, you need to delete the existing feature software
package that takes effect at the next startup, specify the basic software package
that takes effect at the next startup, and then specify a feature software package
that matches this basic software package.
If only a feature software package needs to be upgraded, you are advised to use
the in-service upgrade mode.
NOTE
The feature software package on the active main control board must be the same as that
on the standby main control board. Otherwise, the feature software package cannot be
upgraded.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
An independent feature software package is one that can be displayed in the Next startup
feature software field of the display startup command output.
Procedure
Step 1 Upload the desired basic software package and matching feature software
package to the active main control board's storage. For details, see "File System
Management Configuration" in Configuration Guide > Basic Configuration.
Step 2 (Optional) Copy the packages to the standby main control board's storage.
copy source-filename destination-filename
Step 3 Delete the existing next-startup feature software package.
reset feature-software next-startup feature-file
NOTE
After the reset feature-software next-startup command is executed, the feature software
package will not be installed upon the next startup. If a feature is not integrated in the
next-startup basic software package, the configuration of this feature will be deleted during
a startup. To prevent configuration loss, run the startup feature-software name command
before you restart the device. If a feature is integrated into the next-startup basic software
package, it is automatically installed.
Step 4 Specify a next-startup basic software package.
startup system-software name [ all | slave-board | slot slot-id ]
Step 5 Specify a feature software package that matches the next-startup basic software
package.
startup feature-software name
NOTE
If a feature software package is not needed after you specify the next-startup basic
software package, you do not need to install the feature software package or run the
startup feature-software command. Instead, you can run the reboot command to restart
the device directly.
Step 6 Restart the device.
reboot
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 706
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration
Run the display startup or display startup feature-software command to check
whether the displayed information is the same as the file name of the
independent feature software package to be upgraded.
1.1.22.7 Configuring a Patch
1.1.22.7.1 Understanding a Patch
While a device is running, you may need to modify the device's system software.
For example, you may need to remove system defects or add new functions based
on service requirements. The conventional method is to disconnect a device from a
network and upgrade system software in offline mode. This method adversely
affects services and deteriorates communication service quality.
To address this issue, you can install a patch to system software to implement an
in-service system software upgrade, ensuring service continuity.
Patch Classification
Based on the impact of patch effectiveness on running services, patches are
classified into hot patches and cold patches.
● Hot patch (HP): takes effect without affecting or interrupting services. Using
hot patches helps reduce device upgrade costs and prevent upgrade risks.
● Cold patch (CP): takes effect only after a board is reset or a device is
restarted, which adversely affects services.
Based on patch dependency, patches are classified into incremental patches and
non-incremental patches.
● Incremental patch: is dependent on previous patches. An incremental patch
file must contain all patch information that is contained in the previous patch
file. You can install an incremental patch file without uninstalling the existing
patch file.
● Non-incremental patch: A device can have only one non-incremental patch
installed. Before installing another patch on a device that already has a non-
incremental patch, uninstall the existing non-incremental patch.
NOTE
All patches released for products are hot patches and incremental patches. All patches
mentioned in the following sections are such patches, unless otherwise specified.
Patch Status
Each patch has its own state that can be changed only with user intervention.
Table 1-97 describes patch states.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 707
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-97 Patch states
State Description State Transition
Idle A patch file is stored in a After the patches in the
storage medium of a device, storage device are installed
but patches in the file are not into the patch area in the
installed into the patch area memory, the patch state
in the memory. In this becomes running.
situation, the patches in the
file are in the idle state.
Running After the patches in the You can uninstall a running
storage device are installed patch file so that the device
into the patch area in the deletes the patches from the
memory, the patch state patch area in the memory and
becomes running. sets the patch state to idle.
After a board or device is
reset, the running state
remains if the patches were
in the running state before
the reset.
Figure 1-163 shows patch state transition.
Figure 1-163 Transition between patch states
Patch Installation
For basic software, you can install a patch in either of the following modes:
● In-service patch installation: You can install a patch on an in-service device,
without interrupting services. This mode is also called hot patch installation
and is usually used.
For details on how to install a patch in this mode, see the corresponding
patch installation guide that is released with a patch version.
● Next-startup patch installation: You can specify the patch that takes effect at
the next startup. This mode is also called cold patch installation. It is usually
used during a device upgrade.
Manual Patch Uninstallation
After a patch is installed, if services become abnormal due to the patch, you can
uninstall the patch to ensure normal services.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 708
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Automatic Patch Rollback
If an exception occurs during patch installation, the patch may fail to be installed.
In this case, the system automatically rolls back to the previous patch version.
1.1.22.7.2 Configuring In-Service Installation and Uninstallation of a Patch
Prerequisites
Before configuring in-service installation and uninstallation of a patch, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
While a device is running, you may need to modify the device's system software.
For example, you may need to remove system defects or add new functions based
on service requirements. Configuring in-service installation of a patch helps you
optimize software without interrupting device running.
NOTE
The patch files on the active and standby main control boards must be the same.
Otherwise, the patch operations will fail.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a patch file to the storage medium of the active main control board. For
details, see "File System Management Configuration" in Configuration Guide >
Basic Configuration.
Step 2 Copy the patch file to a storage medium on the standby main control board.
copy source-filename destination-filename
Step 3 Perform in-service patch installation.
patch load patch-name all run
NOTE
● During patch installation, the device checks whether the patch version is consistent with
the system software version. If they are not consistent, the device fails to install the
patch.
● For a non-incremental patch file, if a running patch file exists, the device displays a
message indicating a failure to install the patch. In this case, run the patch delete all
command to delete the existing patch file.
● This command can be used to install a hot or cold patch. After installing a cold patch,
you need to restart the device for the patch to take effect. If you run the reset patch-
configure next-startup command to delete the patch file from the device after the cold
patch is installed, you do not need to restart the device.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 709
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration
● Run the dir file-name command to check whether the file information on the
active and standby main control boards contains the name of the uploaded
patch file (*.PAT).
● Run the display patch-information verbose command to check whether
State is displayed as Running.
● Run the display startup command to check whether the displayed
information is consistent with the file name of the installed patch.
Follow-up Procedure
If an exception occurs after a patch is installed, run the patch delete all
command to delete the patch file and uninstall the patch.
If a patch has been installed on the active main control board and the space in the
root directory on a newly inserted standby main control board is insufficient, the
patch can be synchronized to the standby board but will be stored in the memory.
In this case, an alarm indicating insufficient disk space is reported. After you clear
the root directory to release sufficient space, run the patch configuration-
synchronize command to synchronize the patch file from the active main control
board to the root directory on the standby one and clear the alarm. You can run
the display alarm active command to query the alarm with the alarm ID of
0xD160004.
1.1.22.7.3 Specifying the Patch File That Takes Effect at the Next Startup
Prerequisites
Before specifying the patch file that takes effect at the next startup, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
While a device is running, you may need to modify the device's system software.
For example, you may need to remove system defects or add new functions based
on service requirements. You can specify the patch file that takes effect at the next
startup to optimize software.
NOTE
The patch files on the active and standby main control boards must be the same.
Otherwise, the patch operations will fail.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a patch file to the storage medium of the active main control board. For
details, see "File System Management Configuration" in Configuration Guide >
Basic Configuration.
Step 2 Copy the patch file to a storage medium on the standby main control board.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 710
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
copy source-filename destination-filename
Step 3 Specify the patch file that takes effect at the next startup.
startup patch patch-name all
Step 4 Restart the device.
reboot
----End
Verifying the Configuration
● Run the dir file-name command to check whether the file information on the
active and standby main control boards contains the name of the uploaded
patch file (*.PAT).
● Run the display patch-information verbose command to check whether
State is displayed as Running.
● Run the display startup command to check whether the displayed
information is consistent with the file name of the installed patch.
Follow-up Procedure
To disable a patch file from taking effect at the next startup, run the reset patch-
configure next-startup command to delete the patch configuration for the next
startup.
If a patch has been installed on the active main control board and the space in the
home directory on a newly inserted standby main control board is insufficient, the
patch can be synchronized to the standby board but will be stored in the memory.
In this case, an alarm indicating insufficient disk space is reported. After you clear
the home directory to release sufficient space, run the patch configuration-
synchronize command to synchronize the patch file from the active main control
board to the home directory on the standby one and clear the alarm. You can run
the display alarm active command to query the alarm with the alarm ID of
0xD160004.
1.1.22.7.4 (Optional) Configuring a CPU Overload Threshold for Patch Operations
Context
Patch installation or uninstallation may cause high CPU usage, leading to
interruption of other services.
After a CPU overload threshold is configured, if the CPU usage has exceeded this
threshold for more than 500 ms, the system gives up using CPU resources during
patch installation or uninstallation and hibernates for 500 ms. The system
continues to install or uninstall patches when the CPU is scheduled next time.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure a CPU overload threshold for patch installation or uninstallation.
set patch cpu-usage threshold thresholdValue [ slot slotId ]
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 711
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
By default, the CPU overload threshold for patch installation or uninstallation is
85%.
Step 3 Commit the configuration.
commit
----End
1.1.22.8 Configuring a Module
1.1.22.8.1 Understanding a Module
A module uses the patch mechanism to implement specific functions. It is
generated as a *.MOD file, which is released as an extended package of the basic
software package (*.cc). A module is a functional patch used to add major
functions to the current basic software. You can install a module for basic software
to implement an in-service basic software upgrade, ensuring service continuity.
Module Installation
For basic software, you can install a module in either of the following modes:
● In-service module installation: You can install a module on an in-service
device, without interrupting services. This mode is usually used.
For details on how to install a module in this mode, see the corresponding
module installation guide that is released with a module file.
● Next-startup module installation: You can specify the module that takes effect
at the next startup. This mode is usually used during a device upgrade.
Manual Module Uninstallation
After a module is installed, if services become abnormal due to the module, you
can uninstall the module to ensure normal services.
Automatic Module Rollback
If an exception occurs during module installation, the module may fail to be
installed. In this case, the system automatically rolls back to the previous module
version.
1.1.22.8.2 Configuring In-Service Installation and Uninstallation of a Module
Prerequisites
Before configuring in-service installation and uninstallation of a module, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
If a desired module does not exist the system, you can perform in-service
installation of the module so that the functions of the module can be used. In this
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 712
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
process, services are not interrupted. You can also perform in-service uninstallation
of a module if you no longer need it.
NOTE
The module files on the active and standby main control boards must be the same.
Otherwise, the module fails to be installed.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a module file to the storage medium of the active main control board (the
file must be saved in the $_install_mod directory). For details, see "File System
Management Configuration" in Configuration Guide > Basic Configuration.
Step 2 Copy the module file to a storage medium on the standby main control board.
copy source-filename destination-filename
Step 3 Perform in-service module installation.
install-module module-name
----End
Verifying the Configuration
● Run the dir file-name command in the $_install_mod directory to check
whether the file information on the active and standby main control boards
contains the name of the specified uploaded module file (*.MOD).
● Run the display module-information verbose command to check whether
the displayed information is consistent with the file name of the installed
module and whether the module takes effect.
Follow-up Procedure
If a module is no longer needed, run the uninstall-module { module-name | all }
command to perform in-service uninstallation of the module.
1.1.22.8.3 Specifying the Module That Takes Effect at the Next Startup
Prerequisites
Before specifying the module that takes effect at the next startup, you have
completed the following task:
● Prepare for upgrade maintenance.
Context
If a desired module does not exist in the system, you can configure the module to
take effect at the next startup so that the module is installed after the device is
restarted.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 713
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The module files on the active and standby main control boards must be the same.
Otherwise, the module fails to be installed.
Ensure that the uploaded files are correct by comparing the file sizes and dates.
Procedure
Step 1 Upload a module file to the storage medium of the active main control board (the
file must be saved in the $_install_mod directory). For details, see "File System
Management Configuration" in Configuration Guide > Basic Configuration.
Step 2 Copy the module file to a storage medium on the standby main control board.
copy source-filename destination-filename
Step 3 Specify the module that takes effect at the next startup.
install-module module-name next-startup
Step 4 Restart the device.
reboot
----End
Verifying the Configuration
● Run the dir file-name command in the $_install_mod directory to check
whether the file information on the active and standby main control boards
contains the name of the specified uploaded module file (*.MOD).
● Run the display module-information next-startup command to check
information about the next-startup module.
● Run the display module-information verbose command to check whether
the displayed information is consistent with the file name of the installed
module and whether the module takes effect.
Follow-up Procedure
If a module is no longer needed, run the uninstall-module module-name next-
startup command to uninstall the module that takes effect at the next startup.
1.1.22.9 Configuring Software Package Rollback and Rollback Prevention
1.1.22.9.1 Understanding Software Package Rollback and Rollback Prevention
A software package can be upgraded and rolled back. However, some
unauthenticated or unauthorized rollbacks may cause risks and adversely affect
device security. Therefore, a software package must support the rollback
prevention function.
● After a software package is upgraded, if the target version runs abnormally or
it cannot meet user requirements, the software package needs to be rolled
back to the source version. A software package rollback is implemented by
configuring a rollback point for the next startup. A rollback point is
automatically or manually generated for the software package running on a
device before upgrade maintenance. It records the version numbers and
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 714
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
configurations of the running basic software package, feature software
package, patch, and module. A generated rollback point can be used to roll
back a software package to the source version.
● If a software package is rolled back to an earlier version that contains a
vulnerability, attackers may exploit the vulnerability to penetrate the software
system. To ensure the system software stability and device security, you can
use the function that prevents system software from being rolled back to an
earlier version without authentication or authorization.
1.1.22.9.2 Configuring Software Package Rollback
Context
Software package rollback applies to the following scenarios:
● A device is functioning properly, but the current software package must be
rolled back to the source version to meet service requirements.
● After the system is upgraded, functions or services cannot be used properly,
requiring the current software package to be rolled back to the source
version.
You can roll back a software package in either of the following modes:
● Automatic mode: When a next-startup software package is specified or a
software package is upgraded on an in-service device, the system
automatically creates a rollback point. You can configure the rollback point
for the next startup to roll back the software package.
● Manual mode: You can manually create a rollback point and configure the
rollback point for the next startup to roll back a software package.
After a software package is successfully rolled back, the corresponding basic
software package, feature software package, patch, and module are all rolled back
to the source version.
Procedure
Step 1 Create a rollback point. Use either of the following methods to create a rollback
point.
● Configure the function of automatically creating a rollback point.
a. Configure the function of automatically creating a rollback point.
undo startup checkpoint auto-save disable
After you run this command to enable the function of automatically
creating a rollback point, the system automatically creates a rollback
point when you run the startup system-software, startup feature-
software, or upgrade feature-software command.
By default, the function of automatically creating a rollback point is
enabled. To disable this function, run the startup checkpoint auto-save
disable command.
b. Commit the configuration.
commit
● Manually create a rollback point.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 715
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
startup checkpoint checkpoint-name
If a rollback point is not required, run the undo startup checkpoint
checkpoint-name command to delete it.
Step 2 Check the rollback point information and confirm the rollback point to which a
software package needs to be rolled back.
display startup checkpoint [ checkpoint-name ] verbose
Step 3 (Optional) Verify the rollback point.
check startup checkpoint checkpoint-name
If the verification is successful, the rollback point can be used for rollback.
Otherwise, the rollback point cannot be used for rollback.
Step 4 Configure the rollback point for next startup.
restore startup checkpoint checkpoint-name
Step 5 Restart the device.
reboot
----End
Verifying the Configuration
Run the display startup command to check whether the displayed information is
the same as the file name of the software package to be rolled back.
1.1.22.9.3 Configuring Software Rollback Prevention
Context
Earlier software versions generally have more vulnerabilities. Attackers can exploit
the vulnerabilities to penetrate the software system. To significantly reduce this
risk, you can use the function that prevents system software from being rolled
back to an earlier version without authentication or authorization.
You can use the version revocation list (VRL) to prevent the system software from
being rolled back to an insecure earlier version.
The VRL file specifies the system software of an earlier version that has
vulnerabilities. After the VRL file is loaded to the device, the system software
cannot be rolled back to a version in the VRL file.
This mode applies to all software packages, including basic software packages,
feature software packages, patch files, and module files.
Procedure
● Load a VRL file to the system.
software vrl load vrl-name
----End
Verifying the Configuration
Run the display software vrl command to check information about the loaded
VRL file.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 716
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.22.10 (Optional) Loading a Digital Signature Certificate Revocation List
(CRL)
Prerequisites
Before loading a CRL, you have completed the following task:
● Upload the CRL to the flash path of the device.
Context
If an issued digital signature certificate needs to be revoked due to key disclosure
or other reasons, a third-party tool can be used to mark the certificate invalid and
add the certificate to the CRL. After you load the latest CRL to a device, the device
does not verify the digital signature certificate upon the next startup.
Procedure
Step 1 Load a CRL file to the system.
software crl load crl-name
----End
Verifying the Configuration
Run the display software crl command to check information about the loaded
CRL file.
1.1.22.11 Configuring Electronic Warranty Functions
Context
Electronic warranties are provided for devices to record the service life of products
and related components, better serving users in the information age. You can
activate electronic warranties and check the recorded hardware activation date,
committed hardware service life, and hardware warranty status.
NOTE
To facilitate the maintenance of product service life information during product inventory
management and service processes, an electronic warranty is provided to each live-network
device.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Enter the warranty view.
warranty
Step 3 Run either of the following commands:
● Activate the electronic warranty based on the serial number.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 717
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
activate warranty serial-number serial-number-value start-date start-date-value life-span life-span-
value
● Activate the electronic warranty based on the imported file.
import warranty file ewmfile
By default, electronic warranties are not activated.
Step 4 Enable the alarm function for electronic warranties.
undo alarm disable
By default, the alarm function is enabled for electronic warranties. If the alarm
function needs to be disabled, you need to reactivate the electronic warranties
within the service life to clear alarms first.
After the alarm function is enabled:
● The hwWarrantyToBeExpired alarm is reported when the service life of a
device is about to expire.
● The hwWarrantyExpired alarm is reported when the service life of a device
expires.
● The hwWarrantyMissingSession alarm is reported when the service life of a
device is missing.
Step 5 Commit the configuration.
commit
----End
Verifying the Configuration
Run the display warranty [ device | parts [ slot slot-id ] ] command to check
information about activated electronic warranties in the system.
1.1.22.12 Maintaining Software
Procedure
During routine maintenance, check the version number of the basic software
package and delete the software files that are no longer used to ensure the
normal running of the system.
Table 1-98 describes operations related to software package maintenance.
Table 1-98 Operations related to software package maintenance
Operation Command Description
Check the software display version [ slot You can view the current
version. slot-id ] software version to
determine whether the
device needs to be
upgraded or has been
upgraded successfully.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 718
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Operation Command Description
Check the device version display inventory This helps users learn
and the corresponding package about device information
patch information. during device
maintenance.
Delete the patch reset patch-configure -
package that takes effect next-startup
at the next startup.
Delete the feature reset feature-software -
package that takes effect next-startup
at the next startup.
Verify file integrity. check software file- System software
name file-name packages, patch files,
feature software
packages, and module
files can be verified.
Verify patch file integrity. check patch { filename | -
startup }
Verify module file check module -
integrity. { filename | startup }
Check whether the display software info -
running software
package is reliable.
Check whether the display upgrade -
rollback function is rollback
enabled on the device.
Check the digital display software crl -
signature certificate
revocation list (CRL).
1.1.23 DCN Configuration
1.1.23.1 DCN Description
1.1.23.1.1 Overview of DCN
Definition
The data communication network (DCN) refers to the network on which network
elements (NEs) exchange Operation, Administration and Maintenance (OAM)
information with the network management system (NMS). It is constructed for
communication between managing and managed devices.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 719
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
A DCN can be an external or internal DCN. In Figure 1-164, an external DCN is
between the NMS and an access point, and an internal DCN allows NEs to
exchange OAM information within it. In this document, internal DCNs are
described.
Figure 1-164 External DCN and internal DCN
Gateway network elements (GNEs) are connected to the NMS using protocols, for
example, the Simple Network Management Protocol (SNMP). GNEs are able to
forward data at the network or application layer. An NMS directly communicates
with a GNE and uses the GNE to deliver management information to non-GNEs.
Purpose
When constructing a large network, hardware engineers must install devices on
site, and software commissioning engineers must configure the devices also on
site. This network construction method requires significant human and material
resources, causing high capital expenditure (CAPEX) and operational expenditure
(OPEX). If a new NE is deployed but the NMS cannot detect the NE, the network
administrator cannot manage or control the NE. Plug-and-play can be used so
that the NMS can automatically detect new NEs and remotely commission the
NEs to reduce CAPEX and OPEX.
The DCN technique offers a mechanism to implement plug-and-play. After an NE
is installed and started, an IP address (NEIP address) mapped to the NEID of the
NE is automatically generated. Each NE adds its NEID and NEIP address to a link
state advertisement (LSA). Then, Open Shortest Path First (OSPF) advertises all
Type-10 LSAs to construct a core routing table that contains mappings between
NEIP addresses and NEIDs on each NE. After detecting a new NE, the GNE reports
the NE to the NMS. The NMS accesses the NE using the IP address of the GNE and
ID of the NE. To commission NEs, the NMS can use the GNE to remotely manage
the NEs on the network.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 720
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
To improve the system security, it is recommended that the NEIP address be changed to the
planned one.
Benefits
The NMS is able to manage NEs using service channels provided by the managed
NEs. No additional devices are required, reducing CAPEX and OPEX.
1.1.23.1.2 Understanding DCN
Basic Concepts
NEID and NEIP
● NEID
On a data communication network (DCN), a network element (NE) is
uniquely identified by an ID but not an IP address. This ID is called an NEID. A
24-bit NEID consists of a subnet number and a basic ID. The leftmost 8 bits of
an NEID indicate a subnet. The rightmost 16 bits of an NEID indicate a basic
ID. Each NE is assigned a default NEID before the NE is delivered.
As the unique identities of NEs on a DCN, NEIDs must be different from each
other. If the NEIDs of two NEs on a DCN are identical, route flapping occurs.
● NEIP
NEIP addresses help managed terminals access NEs and allow addressing
between NEs in IP networking. An NEIP address consists of a network number
and a host number. A network number uniquely identifies a physical or logical
link. All the NEs along the link have the same network number. A network
number is obtained using an AND operation on the 32-bit IP address and
subnet mask. A host number uniquely identifies a device on a link.
An NEIP address is derived from an NEID when an NE is being initialized. An
NEIP address is in the format of 128.subnet-number.basic-ID.
The following example uses the default NEID 0x09BFE0, which is
1001.10111111.11100000 in binary format. The basic ID is the 16 least
significant bits 10111111.11100000, which is 191.224 in decimal format. The
subnet number is the 8 most significant bits 00001001, which is 9 in decimal
format. Therefore, the NEIP address derived from 0x09BFE0 is 128.9.191.224.
Before the NEIP address is manually changed, the NEIP address and NEID are
associated; therefore, the NEIP address changes if the NEID is changed. Once
the NEIP address is manually changed, it no longer changes when the
associated NEID is changed.
NOTE
To improve the system security, it is recommended that the NEIP address be changed
to the planned one.
DCN Core Routing Table
A DCN core routing table consists of mappings between NEIP addresses and NEIDs
of NEs on a DCN.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 721
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
To use a GNE to access a non-GNE, an NMS searches the DCN core routing table
for the destination NEIP address that maps the target NEID. Then, the NMS sends
a UDP packet to the destination NEIP address. Therefore, to implement the DCN
feature, a DCN core routing tables must be available on each device.
DCN Fundamentals
Figure 1-165 Basic DCN principles
Huawei NEs can use serial interfaces or sub-interfaces numbered 4094 for DCN
communication. Non-Huawei NEs cannot use serial interfaces for DCN
communication. Therefore, to implement DCN communication between Huawei
NEs and non-Huawei NEs, sub-interfaces numbered 4094 must be configured.
Using Serial Interfaces for DCN Communication
The devices on a data communication network (DCN) communicate with each
other using the Point-to-Point Protocol (PPP) through single-hop logical channels.
Therefore, packets transmitted on the DCN are encapsulated into PPP frames and
forwarded through service ports at the data link layer.
As shown in Figure 1-165, the NMS uses a GNE to manage non-GNEs in the
following process:
1. When a device starts with base configuration, DCN is automatically enabled,
and the NEID configuration is generated based on device planning.
2. After the DCN function is enabled, a PPP channel and an OSPF neighbor
relationship are established between devices.
3. OSPF LSAs are sent between OSPF neighbors to learn host routes carrying
NEIP addresses to obtain mappings between NEIP addresses and NEIDs.
4. GNE sends the mappings to NMS, the NMS use a GNE to access non-GNEs.
A core routing table is generated in the following process:
1. After PPP Network Control Protocol (NCP) negotiation is complete, a point-
to-point route is generated without network segment restrictions.
2. An OSPF neighbor relationship is set up, and an OSPF route is generated for
the entire network.
3. NEIDs are advertised using OSPF LSAs, triggering the generation of a core
routing table.
Using Sub-Interfaces Numbered 4094 for DCN Communication
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 722
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
A sub-interface numbered 4094 is configured on a DCN-enabled interface and
used for DCN communication between NEs. After the sub-interface numbered
4094 is configured, it is automatically associated with VLAN 4094, and its
encapsulation type is dot1q VLAN tag termination. OSPF is enabled on the sub-
interface numbered 4094 by default.
As shown in Figure 1-165, the NMS uses a GNE to manage non-GNEs in the
following process:
1. Each neighbor learns host routes to NEIP addresses through OSPF, as well as
mapping relationships between NEIP addresses and NEIDs.
2. The GNE sends the mapping relationships to the NMS, the NMS use a GNE to
access non-GNEs.
A core routing table is generated in the following process:
1. An OSPF neighbor relationship is set up, and an OSPF route is generated for
the entire network.
2. NEIDs are advertised using OSPF link-state advertisements (LSAs), triggering
the generation of a core routing table.
1.1.23.1.3 Application Scenarios for DCN
DCN Application
During network deployment, every network element (NE) must be configured
with software and commissioned after hardware installation to ensure that all NEs
can communicate with each other. As a large number of NEs are deployed, on-site
deployment for each NE requires significant manpower and is time-consuming. In
order to reduce the on-site deployment times and the cost of operation and
maintenance, the DCN can be deployed.
Figure 1-166 Typical DCN application
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 723
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
In Figure 1-166, to improve reliability, active and standby GNEs can be deployed.
If the active GNE fails, the NMS can gracefully switch this function to the standby
GNE.
DCN Traversal over a Third-Party Layer 2 Network
Figure 1-167 DCN traversal over a third-party Layer 2 network
1. A DCN VLAN group is configured on the GNE, and the VLAN ID of the Dot1q
termination subinterface is the same as the DCN VLAN ID of the main
interface.
2. The GNE sends DCN negotiation packets to VLANs in the DCN VLAN group.
3. The DCN negotiation packets are sent to different leaf nodes through VLLs.
4. NEs learn the DCN VLAN ID sent by the GNE and establish DCN connections
with the GNE.
1.1.23.1.4 Terminology for DCN
Terms
Term Description
GNE Gateway network elements (GNEs) are able to
forward data at the network or application layer.
The NMS can use GNEs to manage remote NEs
connected through optical fibers.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 724
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Term Description
Core routing table A core routing table consists of mappings
between NEID and NEIP addresses of NEs on a
data communication network (DCN). Before
accessing a non-GNE through a GNE, the NMS
must search the core routing table for the NEIP
address of the non-GNE based on the destination
NEID.
Acronyms and Abbreviations
Acronym and Full Name
Abbreviation
DCN data communication network
GNE gateway network element
1.1.23.2 DCN Configuration
This section describes the principles, configuration procedures, and configuration
examples of the data communication network (DCN) feature.
Context
NOTE
This feature is supported only on the Admin-VS.
1.1.23.2.1 Overview of DCN
NMSs on a DCN use gateway network elements (GNEs) to manage NEs on the
network.
The construction of a large network requires significant human and material
resources if software commissioning engineers have to configure devices on site,
causing high operational expenditure (OPEX). DCN can reduce the OPEX by
allowing GNEs to manage NEs. DCN enables NMSs to rapidly detect new NEs and
remotely control and manage the NEs.
The DCN technique offers a mechanism to implement plug-and-play. After an NE
is installed and started, the NE generates an NEIP address based on its NEID,
creates a mapping entry for the NEID and NEIP address, and adds the mapping
entry to the DCN core routing table on the NE. Then the Open Shortest Path First
(OSPF) protocol automatically advertises the mapping entry to the DCN core
routing table on each NE, enabling the NE to communicate with all other NEs on
the DCN immediately after the NE starts.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 725
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
To improve the system security, it is recommended that the NEIP address be changed to the
planned one.
The DCN feature allows NMSs to use GNEs to manage NEs. A GNE supports the
automatic NE report function, enabling the GNE to automatically report a new
NE's information to NMSs immediately after the GNE detects the new NE. Then
the NMSs can rapidly be aware of and manage the new NE. In addition, a GNE
can send a trap to its interworking NMSs when the number of NEs connected to
the GNE reaches the alarm threshold. Then the NMSs will generate alarms to
inform users of this information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 726
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.23.2.2 Configuration Precautions for DCN
Feature Requirements
Table 1-99 Feature requirements
Feature Requirements Series Models
1. Telecom DCN cannot be enabled using the NetEngin NetEngine 8000
LLDP association mode on the AP. e 8000 M M14/NetEngine
(1) If a device has been configured as an AP, 8000 M14K/
telecom DCN cannot be enabled using the NetEngine 8000
LLDP association mode. M4/NetEngine
8000 M8/
(2) After a device on which telecom DCN has
NetEngine 8000
been enabled using the LLDP association mode
M8K/NetEngine
goes online as an AP, the telecom DCN
8000E M14/
configuration is automatically deleted.
NetEngine 8000E
2. You can enable telecom DCN using a PAF or M8
License file. However, this mode is not
recommended because it has the following
restrictions:
An interface enabled with telecom DCN
generates a VLAN 4094 sub-interface. If the
telecom DCN configurations on the AP and
master are different, the following restrictions
apply:
(1) When the AP's internal communication
interface is the default telecom DCN interface
and the telecom DCN function is not enabled
on the master's internal communication
interface, if the configuration delivered on the
master's internal communication interface
conflicts with the VLAN 4094 sub-interface, the
actual configuration on the AP's internal
communication interface does not take effect.
For example, the internal communication
interface of the master is added to a trunk
interface.
(2) When the AP's external communication
interface is the default telecom DCN interface
but the master's extended interface does not
support telecom DCN, if the configuration
delivered to the master's extended interface
conflicts with the VLAN 4094 sub-interface, the
actual configuration does not take effect on
the AP's external communication interface. For
example, the VLAN 4094 sub-interface is
configured on the master's extended interface.
If telecom DCN is enabled on an AP, internal
communication and external communication
interfaces on the AP may fail to be added to a
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 727
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
trunk interface, or the 4094 VLAN or 4094 sub-
interface configuration cannot be used on the
external communication interface. As a result,
service forwarding is affected.
Don't use the device that enables the telecom
DCN as the AP.
Destination ports (listening) TCP ports 5432 NetEngin NetEngine 8000
and 1400, UDP ports 1400 and 1500, and e 8000 M M14/NetEngine
source ports UDP ports 1405, 1400, 1401, and 8000 M14K/
1402 are well-known ports for the DCN feature NetEngine 8000
and cannot be occupied by users. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Security encryption function for GNEs and NEs: NetEngin NetEngine 8000
1. Disable channel encryption from the NE first e 8000 M M14/NetEngine
and then from the GNE. Otherwise, the NE 8000 M14K/
cannot process the packets sent by the GNE. NetEngine 8000
M8/NetEngine
2. If PTN devices and routers in transport mode 8000 M8K/
are not configured in sequence, NEs cannot NetEngine 8000E
process packets from the NMS. M14/NetEngine
3. After channel encryption is disabled from 8000E M8
the NE, the NE cannot parse the encrypted
packets sent from the GNE and discards the
packets until channel encryption is disabled on
the GNE.
In transport mode, physical interfaces' DCN NetEngin NetEngine 8000
VLANs and service VLANs are exclusive, and e 8000 M M14/NetEngine
physical interfaces' DCN VLANs cannot be 8000 M14K/
configured on sub-interfaces. NetEngine 8000
Commands related to service VLANs that are M4/NetEngine
exclusive with DCN VLANs: 8000 M8/
NetEngine 8000
Commands on main interfaces: M8K/NetEngine
port default vlan 8000E M14/
port trunk allow-pass vlan NetEngine 8000E
M8
Command on sub-interfaces:
vlan-type dot1q
Service VLANs cannot be configured after a
DCN VLAN is configured.Plan VLANs properly.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 728
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
A GNE can be managed by a maximum of 17 NetEngin NetEngine 8000
NMSs.The device fails to be maNoneged e 8000 M M14/NetEngine
through QX if there are more than 17 NMSs. 8000 M14K/
Wait for the expiry of invalid TCP connections. NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
Destination ports (listening) TCP ports 5432 NetEngin NetEngine 8000
and 1400, UDP ports 1400 and 1500, and e 8000 M M14/NetEngine
source ports UDP 1400 and 1401/1402 are 8000 M14K/
well-known ports for the DCN feature and NetEngine 8000
cannot be occupied by users. M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.23.2.3 Configuring Basic DCN Functions
This chapter describes how to enable DCN globally, enable DCN on an interface,
enable the automatic NE report function on a GNE, and configure NE IDs and NE
IP addresses.
Usage Scenario
The construction of a large network requires significant human and material
resources if software commissioning engineers have to configure devices on site,
causing high operational expenditure (OPEX). DCN can reduce the OPEX by
allowing GNEs to manage NEs. DCN enables NMSs to rapidly detect new NEs and
remotely manage the NEs.
The DCN technique offers a mechanism to implement plug-and-play. After each
NE is initialized, it generates an NE IP address based on its NE ID, creates a
mapping entry for the NE ID and NE IP address, adds the mapping entry to its
DCN core routing table, and uses OSPF to advertise the mapping entry to all other
NEs on the DCN. Therefore, all the NEs on the DCN can communicate with each
other.
The DCN feature allows NMSs to use GNEs to manage NEs. A GNE supports the
automatic NE report function, enabling the GNE to automatically report a new
NE's information to NMSs immediately after the GNE detects the new NE. Then
the NMSs can manage the new NE in time. In addition, a GNE can send a trap to
its interworking NMSs when the number of NEs connected to the GNE reaches the
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 729
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
alarm threshold. Then the NMSs will generate alarms to inform users of this
information.
Pre-configuration Tasks
Before configuring basic DCN functions, complete the following tasks:
● Configure reachable routes between the GNE and NMSs.
● Configure reachable routes between the GNE and NEs.
NOTE
When the GNE is connected to an NE for the first time, the SSH default user account is
used for login.
Procedure
Step 1 Enable DCN Globally.
1. Run system-view
The system view is displayed.
2. Run dcn
The DCN function is enabled globally.
3. Run commit
The configuration is committed.
Step 2 Enable DCN on an interface and specify a DCN VLAN.
By default, DCN is enabled on some interfaces. For details, see .
NOTE
After an interface is switched to a FLEX interface, the DCN status does not change.
The default DCN enabling rule of a subcard with adjustable interface bandwidth is the
same as that of a subcard with only one type of interface bandwidth and is not affected by
the adjustable bandwidth.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 730
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Table 1-100 Rules for enabling DCN on interfaces by default
Interfaces on Ethernet POS Interface on E1 and CPOS
Fixed Boards Interfaces on Flexible Cards Interfaces on
Flexible Cards Subcards That
Support the DCN
Function
DCN is enabled DCN is enabled DCN is enabled ● For
on all interfaces on all interfaces on all interfaces channelized
by default. by default. by default. interfaces, DCN
is enabled on
interfaces 2,
18, 34, and 50
by default.
● For non-
channelized
interfaces, DCN
is enabled on
interfaces 2
and 18 by
default in
transport
mode; DCN is
enabled on
interfaces 1
and 17 by
default in non-
transport
mode.
In router mode:
1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the
interface view.
3. Run the dcn (interface view) command to enable DCN on the interface.
4. Run the dcn vlan beginvlan-id or or dcn vlan { beginVlan [ to endVlan ] }
&<1–4094>command to specify a DCN VLAN.
5. Run the commit command to commit the configuration.
NOTE
In router mode, a DCN VLAN can be a service VLAN.
In transport mode:
1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the
interface view.
3. Run the dcn command to enable DCN on the interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 731
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
4. Run the dcn vlan beginvlan-id command to specify a DCN VLAN.
5. Run the commit command to commit the configuration.
NOTE
In transport mode, only one DCN VLAN can be configured. And it is conflicted with service
VLAN.
Step 3 Configure the automatic NE report function on a GNE.
1. Run system-view
The system view is displayed.
2. Run dcn
The DCN view is displayed.
3. Run auto-report
The automatic NE report function is enabled.
4. Run commit
The configuration is committed.
Step 4 Configure an NE ID and NE IP address.
1. Run system-view
The system view is displayed.
2. Run set neid ne-id
An NE ID is set.
3. Run dcn
The DCN view is displayed.
4. Run ne-ip ip-address { ip-mask | mask-length }
An NE IP address is set.
5. Run commit
The configuration is committed.
Step 5 (Optional) Configure the bandwidth for DCN interfaces to send packets.
1. Run system-view
The system view is displayed.
2. Run dcn
The DCN view is displayed.
3. Run bandwidth { ethernet bandwidth | pos bandwidth | serial bandwidth }
4. Run commit
The configuration is committed.
----End
Checking the Configurations
Perform the following operations to check the configurations:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 732
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display neid command to check the NE ID.
● Run the display dcn brief command to check configurations of the GNE.
● Run the display dcn ne-info command to check information about the DCN
core routing table.
● Run the display dcn global command to check whether DCN is enabled
globally.
● Run the display dcn default-port command to check the interface on which
DCN is enabled by default.
● Run the display dcn interface [ interface-type interface-number ] command
to check DCN configurations and traffic statistics of an interface.
● Run the display dcn warning command to check DCN trap information.
Follow-up Procedure
An NMS's IP address is a public IP address, and a GNE's NE IP address is a Layer 3
VPN address. To implement address conversion, specify the interface that connects
a GNE to an NMS, bind the interface to a DCN VPN instance, and set an IP
address for the interface. After DCN is enabled globally on the GNE, it
automatically generates a DCN VPN instance named __dcn_vpn__. Detailed
operations are as follows:
● Run the interface interface-type interface-number command to display the
interface view.
● Run the ip binding vpn-instance vpn-instance-name command to bind a
DCN VPN instance.
● Run the ip address { mask | mask-length } command to set an interface IP
address.
1.1.23.2.4 Configuring Extended DCN Functions
After configuring basic DCN functions, configure extended DCN functions as
required.
Usage Scenario
In addition to basic data communication network (DCN) functions, an NE supports
extended DCN functions.
● If a gateway network element (GNE) belongs to multiple processes and areas,
configure DCN with multiple processes and areas so that the GNE can
manage all the NEs in different processes and areas.
● When an NE functions as a GNE and manages RTN NEs, configure the GNE to
work in compatible mode.
● When a large number of NEs are attached to a GNE that resides on more
than one ring network, ring network services may affect each other. To
address this problem, configure DCN packet transparent transmission.
Pre-configuration Tasks
Before configuring extended DCN functions, globally enable DCN.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 733
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring Multi-Process and Multi-Area DCN
If a GNE belongs to multiple processes and areas, multi-process and multi-area
DCN can be configured so that the GNE can manage all the NEs in different
processes and areas.
Background Information
On large-scale DCNs, different NEs are usually deployed in multiple processes and
areas. In this situation, allocate interfaces on the GNE to different processes and
areas and enable the GNE to advertise its NEIP address to these processes and
areas so that the GNE can learn information about the DCN core routing tables of
all the NEs in these processes and areas and manage the NEs.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run dcn ospf enable [ process-id ] area area-id
A process and an area are specified for DCN serial interfaces or sub-interface
4094.
NOTE
In most cases, the network (OSPF) command adds an interface to the specified process
and area. However, this command does not apply to DCN serial interfaces or sub-interface
4094 because they borrow the same IP address.
Step 4 Run quit
The system view is displayed.
Step 5 Run dcn
The DCN view is displayed.
Step 6 Run advertise neip
The GNE is enabled to advertise its NEIP address to multiple processes and areas.
Step 7 Run commit
The configuration is committed.
----End
Configuring the DCN Compatible Mode on a GNE
The DCN compatible mode can be configured on a GNE so that it can manage
RTNs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 734
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Background Information
RTNs use microwave links for service transmission, and no cables are required,
which reduces network deployment cost.
A GNE can manage RTNs only when the DCN compatible mode is configured on
the GNE for DCN communication with the RTNs.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run set compatible mode
The DCN compatible mode is configured on the GNE.
Step 4 Run commit
The configuration is committed.
----End
Configuring an Entry for DCN Packet Transparent Transmission
To protect services of intersecting ring networks, configure an entry (mapping
between source and destination interfaces) for DCN packet transparent
transmission. After the entry is configured, the source interface transparently
transmits DCN packets to the destination interface.
Context
When a large number of NEs are deployed on a DCN network, the network needs
to be divided. After the network division, if a large number of NEs are attached to
a GNE that resides on more than one ring network, ring network services may
affect each other. To address this problem, configure DCN packet transparent
transmission.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run transparent-transmission interface [ interface-type1 interface-number1 |
interface-name1 ] to [ interface-type2 interface-number2 | interface-name2 ]
An entry is configured for DCN packet transparent transmission.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 735
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Run commit
The configuration is committed.
----End
Disabling Automatic Recovery of Default DCN Interfaces
The DCN plug-and-play function is implemented through automatic creation and
recovery of default DCN interfaces. If a default E1 channel of a CPOS or E1
subcard does not require DCN plug-and-play, disable automatic recovery of the
corresponding default DCN interface so that the interface can be reserved for
other purposes.
Context
After DCN is enabled on a CPOS or E1 subcard, default DCN E1 channels are
created automatically, DCN is enabled on the serial interfaces formed by E1
channels' timeslots, and DCN tunnels are established. If DCN tunnels are not
required on a CPOS or E1 subcard, disable automatic recovery of corresponding
default DCN interfaces.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN function is enabled globally, and the DCN view is displayed.
Step 3 Run auto-restore e1-channel-set disable
Automatic recovery is disabled for the default DCN interfaces formed by E1
channels' timeslots on a CPOS or E1 subcard.
After automatic recovery is disabled:
● If you delete the default DCN E1 channels that were created automatically,
save the configuration, and restart the device, automatic recovery is disabled.
● If you install a new CPOS or E1 subcard, the default DCN E1 channels will not
be created automatically.
Step 4 Run commit
The configuration is committed.
----End
Enabling DCN Communication Through Sub-interface 4094
This section describes how to configure a sub-interface numbered 4094 for each
Huawei and non-Huawei NE to implement DCN communication.
Usage Scenario
DCN communication uses the Huawei proprietary protocol. Therefore, Huawei NEs
cannot communicate with non-Huawei NEs. To implement DCN communication
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 736
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
between Huawei NEs and non-Huawei NEs, configure sub-interfaces numbered
4094.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run dcn mode vlan
A sub-interface numbered 4094 is configured.
Step 4 Run commit
The configuration is committed.
----End
Configuring an Authentication Message for the Private TLV That Supports NMS
Automatic NE Management in LLDP Packets
This section describes how to configure an authentication message for the private
TLV that supports NMS automatic NE management in LLDP packets.
Usage Scenario
When NEs use sub-interfaces numbered 4094 for DCN communication, an NE on
which NMS automatic NE management is configured encapsulates an
authentication message in the private TLV that supports NMS automatic NE
management in an LLDP packet before sending the LLDP packet to a downstream
NE. Upon receipt of the LLDP packet, the downstream NE parses the private TLV if
the downstream NE supports NMS automatic NE management. If the
authentication message carried in the LLDP packet is the same as the one
configured locally, NMS automatic NE management takes effect on the
downstream NE. If the authentication message carried in the LLDP packet is
different from the one configured locally, NMS automatic NE management does
not take effect on the downstream NE.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run lldp enable-dcn authentication authentication-string
An authentication message is configured for the private TLV that supports NMS
automatic NE management in LLDP packets.
Step 3 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 737
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Verifying the Configuration of Extended DCN Functions
After configuring extended DCN functions, verify the configuration.
Prerequisites
Extended DCN functions have been configured on all NEs.
Procedure
● Run the display dcn brief command to check configurations of the GNE.
● Run the display dcn ne-info command to check information about the DCN
core routing table.
● Run the display dcn interface [ interface-type interface-number ] command
to check DCN configurations and traffic statistics of an interface.
● Run the display dcn mode vlan interface command to view information
about sub-interfaces 4094.
● Run the display dcn element-info command to view details about all NEs
that use sub-interfaces 4094 for DCN communication.
1.1.23.2.5 Improving DCN Security
To improve DCN security, you can configure an alarm threshold for the number of
NEs connected to a GNE, SSL authentication, and OSPF interface authentication,
and optimize DCN routes on all NEs.
Usage Scenario
You can improve DCN security through the following methods:
● Configure an alarm threshold for the number of NEs connected to the GNE to
prevent the GNE from being overloaded with NEs. When the number of NEs
connected to the GNE reaches the alarm threshold, the GNE will send a trap
to its interworking NMSs.
● Configure Secure Sockets Layer (SSL) authentication and OSPF interface
authentication to improve DCN network security through the encryption and
authentication mechanisms.
● Configure OSPF parameters as required to optimize DCN routes.
● Adjust the forwarding priority of DCN packets as required to improve network
stability.
● Configure an ACL-based DCN policy to be used to filter DCN packets.
Pre-configuration Tasks
Before configuring related functions to improve DCN security, enable DCN
globally.
Configuring an Alarm Threshold for the Number of NEs Connected to a GNE
To prevent a GNE from being overloaded with NEs, configure an alarm threshold
for the number of NEs connected to the GNE. When the number of NEs connected
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 738
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
to the GNE reaches the alarm threshold, the GNE will send a trap to its
interworking NMSs.
Background Information
On a DCN, NMSs use GNEs to manage all common NEs. To prevent a GNE from
being overloaded with NEs, configure an alarm threshold for the number of NEs
connected to the GNE. When the number of NEs connected to the GNE reaches
the alarm threshold, the GNE will send a trap to its interworking NMSs.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run ne-number alarm threshold threshold
An alarm threshold is configured for the number of NEs connected to the GNE.
Step 4 Run commit
The configuration is committed.
----End
Configuring SSL Authentication on a GNE
After Secure Sockets Layer (SSL) authentication is configured on a GNE, the GNE
can communicate with its interworking NMSs only when the exchanged packets
are authenticated.
Prerequisites
Before configuring DCN SSL functions, configure an SSL policy and load a digital
certificate.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run bind ssl-policy ssl-policy-name
An SSL policy is bound to DCN.
NOTE
Load the certificate of the SSL policy to be bound to the NMSs and GNE, so DCN can use the
certificate to implement SSL handshake authentication after the SSL policy is bound to DCN.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 739
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 4 Run connect-mode { normal | security | both }
A connection mode is specified for the GNE to set up connections with NMSs.
● normal: indicates that SSL encryption is not applied to the TCP connection.
● security: indicates that SSL encryption is applied to the TCP connection.
● both: indicates that both normal and security are supported.
Step 5 Run ssl verify-mode { single | dual }
The SSL authentication mode is configured.
● single: indicates that SSL authentication applies only to the GNE.
● dual: indicates that SSL authentication applies both to the GNE and NMS.
Step 6 (Optional) Run ssl-auth-fail threshold-alarm report-times report-times
An alarm generation threshold is set for the number of SSL authentication failures
within 60s.
Step 7 Run commit
The configuration is committed.
----End
Binding a DTLS Policy to a GNE
After a DTLS policy is bound to a GNE in the DCN view, the NMS can
communicate with the GNE only after the policy is authenticated.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the dtls policy policyName command to enter the DTLS policy view.
Step 3 Run the pki-domain pki-domain command to bind a PKI domain to the DTLS
policy.
NOTE
After a PKI domain is bound to a DTLS policy, the policy uses the certificates and CRL in the
PKI domain.
Step 4 Run the commit command to commit the configuration.
Step 5 Run the quit command to return to the system view.
Step 6 Run the dcn command to enter the DCN view.
Step 7 Run the set compatible mode command to configure the DCN compatible mode
on the GNE.
Step 8 Run the bind client dtls-policy dtlsPolicyName command to bind a DTLS policy to
the domain.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 740
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
If the default configuration file for an unconfigured device contains the dcn security-mode
enable command, the bind client dtls-policy qx_dtls_client command is automatically
configured in the DCN view when the device starts with no configuration. In this case, you
do not need to run the bind client dtls-policy dtlsPolicyName command to unbind the
DTLS policy.
Step 9 Run the commit command to commit the configuration.
----End
Configuring OSPF Interface Authentication
A DCN runs OSPF and supports packet authentication. After an authentication
mode is specified, NEs accept only the OSPF packets that have been
authenticated. If packets fail to be authenticated, neighbor relationships cannot be
established.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run dcn (interface view) or dcn mode vlan
DCN is enabled on the interface or sub-interface 4094.
Step 4 Run any of the following commands:
● To configure simple authentication, run the dcn ospf authentication-mode
simple [ [ plain ] plain-text | cipher cipher-text ] command.
NOTE
– The new password is at least eight characters long and contains at least two of the
following types: upper-case letters, lower-case letters, digits, and special characters,
except the question mark (?) and space.
– For security purposes, you are advised to configure a password in ciphertext mode.
To further improve device security, periodically change the password.
● To configure Message Digest 5 (MD5) or Secure Hash Algorithm (SHA)
authentication, run the dcn ospf authentication-mode { { md5 | hmac-md5
| hmac-sha256 } [ key-id { plain plain-text | [ cipher ] cipher-text } ] }
command.
NOTE
To ensure higher security, you are advised not to use the MD5 algorithm. In this case,
you can run the undo crypto weak-algorithm disable command to enable the weak-
security algorithm function. To avoid security risks, you are advised to use the HMAC-
SHA256 algorithm.
● To configure null authentication, run the dcn ospf authentication-mode null
command. In null authentication mode, OSPF packets are not authenticated.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 741
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
OSPF interfaces on the same network segment must have the same
authentication mode and password.
By default, area authentication is not configured for OSPF. Configuring area
authentication is recommended to ensure system security.
Step 5 Run commit
The configuration is committed.
----End
Optimizing DCN Routes
To improve DCN performance, configure OSPF functions.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run dcn (interface view) or dcn mode vlan
DCN is enabled on the interface or sub-interface 4094
Step 4 Perform one or more of the following operations to configure OSPF functions.
● Run dcn ospf timer hellointerval
An interval at which hello packets are sent is configured.
● Run dcn ospf timer retransmitinterval
An interval at which an LSA packet is retransmitted to the neighboring router
is set.
● Run dcn ospf trans-delayinterval
An LSA transmission delay is set on the interface.
● Run dcn ospf timer deadinterval
The dead interval is set for a neighboring router.
If an interface does not receive Hello packets from an OSPF neighbor within
the specified interval, the interface considers the neighbor Down. This interval
is called an OSPF neighbor dead interval.
● Run dcn ospf timer pollinterval
The interval at which hello packets for polling are sent by an NBMA interface
is set.
Step 5 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 742
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring a Forwarding Priority for DCN Packets
If DCN packets are carried by IP packets, the forwarding priority of the DCN
packets is lower than other packets. In this scenario, configure a forwarding
priority, based on which a GNE forwards the DCN packets.
Context
Packets have protocol priorities, based on which they are transmitted. On a DCN
network, you can configure a forwarding priority for DCN packets as follows:
● If service packet transmission must be ensured, reduce the forwarding priority
of DCN packets to be lower than that of service packets, which prevents
service packet loss.
● If service packet transmission requirement is not high, increase the forwarding
priority of DCN packets to be higher than that of service packets, which
ensures the communication between NEs and between each NE and the NMS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run data-packet priority priority
A protocol priority is configured for DCN packets.
Step 4 Run commit
The configuration is committed.
----End
Configuring an ACL-based DCN Policy
An ACL-based DCN policy can be used to filter DCN packets. The DCN packets that
fail to match the ACL rule are discarded, improving DCN network security.
Prerequisites
Before configuring an ACL-based DCN policy, complete either of the following
tasks:
● Create a basic ACL using the acl (basic ACL) command and configure a rule
for the ACL using the rule (basic ACL view) command in the basic ACL view.
● Create an advanced ACL using the acl (advanced ACL) command and
configure a rule for the ACL using the rule (advanced ACL view) command
in the advanced ACL view.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 743
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run packet-policy { acl-name acl-name | basic-number | adv-number }
An ACL-based DCN policy is configured.
A basic or an advanced ACL can be specified in the command. ACLs numbered
2000 to 2999 are basic ACLs; ACLs numbered 3000 to 3999 are advanced ACLs.
Step 4 Run commit
The configuration is committed.
----End
Disabling Fast DCN Session Restart Triggered by DCN PPPoE Terminate Packets
Disabling fast DCN session restart triggered by DCN PPPoE Terminate packets
prevents such packets from being used to launch an attack, which improves device
reliability.
Background
DCN PPPoE Terminate packets are used to instruct a peer end to fast restart a
DCN session. Due to the lack of an authentication mechanism in DCN, if DCN
PPPoE Terminate packets are used to launch an attack, devices fail to be managed
by the NMS. To address this problem, disable fast DCN session restart triggered by
DCN PPPoE Terminate packets.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run fast-terminate disable
Fast DCN session restart triggered by DCN PPPoE Terminate packets is disabled.
Step 4 Run commit
The configuration is committed.
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 744
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuring Encryption for the Channel Between a GNE and an NE
To prevent malicious attacks and improve security, configure encryption for the
channel between the specified GNE and NE.
Context
If the DCN channel between a GNE and an NE is not encrypted, the channel is
prone to attacks. To improve security, configure encryption for the channel.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dcn
The DCN view is displayed.
Step 3 Run dcn encrypt neid neid authkey auth-key dh-algorithm { dh1024 | dh2048 }
*
Encryption is configured for the channel to the NE with a specified NEID.
Step 4 Run commit
The configuration is committed.
----End
Checking the Configurations
After configuring channel encryption, check the configurations.
Run the display dcn encrypt channel [ neid neid ] command to check the status
of the encrypted channel.
(Optional) Configuring Whitelist Session-CAR for QX TCP Connections
You can configure whitelist session-CAR for QX TCP Connections to limit the rate
of sessions. This configuration prevents bandwidth preemption among QX TCP
sessions if traffic bursts occur.
Context
If unauthorized QX TCP packets are used to launch a DDoS attack, authorized QX
TCP packets may not reach the QX component in a timely manner, interrupting
the QX TCP connection. To address this issue and ensure that authorized QX TCP
connections are not interrupted, configure the session-CAR function for QX TCP
connections.
Procedure
Step 1 Run system-view
The system view is displayed.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 745
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 2 Run whitelist session-car qx-tcp { cir cir-value | cbs cbs-value | pir pir-value | pbs
pbs-value } *
The whitelist session-CAR parameters for QX TCP connections are configured.
In normal cases, you are advised to use the default values.
Step 3 (Optional) Run whitelist session-car qx-tcp disable
Whitelist session-CAR is disabled for QX TCP connections.
By default, whitelist session-CAR is enabled for QX TCP connections. If this
function encounters an exception or adversely affects other services, disable it. In
normal cases, you are advised to keep this function enabled.
Step 4 Run commit
The configuration is committed.
----End
Result
Run the following command to check the preceding configuration.
Run the display cpu-defend whitelist session-car qx-tcp statistics slot slot-id
command to check statistics about whitelist session-CAR for QX TCP connections
on a specified interface board.
To check such statistics generated within a specific period of time, run the reset
cpu-defend whitelist session-car qx-tcp statistics slot slot-id command to clear
the existing statistics on the specified interface board. Then, after a certain period
of time, run the display cpu-defend whitelist session-car qx-tcp statistics slot
slot-id command.
NOTE
Cleared whitelist session-CAR statistics cannot be restored. Exercise caution when running
the reset command.
(Optional) Configuring Whitelist Session-CAR for QX UDP Connections
You can configure whitelist session-CAR for QX UDP Connections to limit the rate
of sessions. This configuration prevents bandwidth preemption among QX UDP
sessions if traffic bursts occur.
Context
If unauthorized QX UDP packets are used to launch a DDoS attack, authorized QX
UDP packets may not reach the QX component in a timely manner, interrupting
the QX UDP connection. To address this issue and ensure that authorized QX UDP
connections are not interrupted, configure the session-CAR function for QX UDP
connections.
Procedure
Step 1 Run system-view
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 746
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
The system view is displayed.
Step 2 Run whitelist session-car qx-udp { cir cir-value | cbs cbs-value | pir pir-value |
pbs pbs-value } *
The whitelist session-CAR parameters for QX UDP connections are configured.
In normal cases, you are advised to use the default values.
Step 3 (Optional) Run whitelist session-car qx-udp disable
Whitelist session-CAR is disabled for QX UDP connections.
By default, whitelist session-CAR is enabled for QX UDP connections. If this
function encounters an exception or adversely affects other services, disable it. In
normal cases, you are advised to keep this function enabled.
Step 4 Run commit
The configuration is committed.
----End
Result
Run the following command to check the preceding configuration.
Run the display cpu-defend whitelist session-car qx-udp statistics slot slot-id
command to check statistics about whitelist session-CAR for QX UDP connections
on a specified interface board.
To check such statistics generated within a specific period of time, run the reset
cpu-defend whitelist session-car qx-udp statistics slot slot-id command to clear
the existing statistics on the specified interface board. Then, after a certain period
of time, run the display cpu-defend whitelist session-car qx-udp statistics slot
slot-id command.
NOTE
Cleared whitelist session-CAR statistics cannot be restored. Exercise caution when running
the reset command.
Verifying the DCN Security Configuration
After configuring related functions to improve DCN security, verify the
configuration.
Prerequisites
Related functions to improve DCN security have been configured on all NEs.
Procedure
● Run the display this command to check configurations that improve DCN
security.
● Run the display dcn brief command to check configurations of the GNE.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 747
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.23.2.6 DCN Configuration Examples
This section provides data communication network (DCN) configuration examples.
Example for Configuring DCN
This section provides an example for configuring the data communication network
(DCN) feature.
Networking Requirements
As shown in Figure 1-168, the GNE is directly connected to an NMS and two NEs.
A static route is configured for communication between the NMS and GNE. After
the DCN function is configured, the NMS can manage the attached NEs through
the GNE and automatically discover new NEs.
Figure 1-168 Networking diagram for configuring DCN
Precautions
Before configuring DCN, note the following:
● An NMS's IP address is a public IP address, and a GNE's NEIP address is a
Layer 3 virtual private network (VPN) address. To implement address
conversion, you must specify a GNE's interface that is connected to an NMS,
bind the GNE's interface to a DCN VPN instance, and set an IP address for the
GNE's interface.
● The binding operation must be performed before you set an IP address for the
interface. Otherwise, this IP address will be deleted when you bind the
interface to the DCN VPN instance.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the DCN feature globally.
2. Bind the interface (connecting the GNE to the NMS) to a DCN VPN instance.
Then set an IP address for the interface.
3. Configure a static route for communication between the NMS and GNE.
4. Configure the automatic NE report function on the GNE.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 748
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Data Preparation
To complete the configuration, you need the following data:
● Name of the DCN VPN instance
NOTE
A DCN VPN instance named __dcn_vpn__ is automatically generated when the DCN
feature is enabled globally on the GNE.
You can run the display ip vpn-instance command on the GNE to view the DCN VPN
instance name.
● IP address of the interface connecting the GNE to the NMS
Procedure
Step 1 Enable the DCN feature globally.
# Enable the DCN feature globally. In this example, a GNE is used.
<HUAWEI> system-view
[~HUAWEI] sysname gne
[*HUAWEI] commit
[~gne] dcn
[*gne-dcn] ne-ip 10.1.1.2 24
[*gne-dcn] quit
Step 2 Bind the interface (connecting the GNE to the NMS) to DCN VPN instance
__dcn_vpn__. Then, set an IP address for the interface.
[*gne] interface GigabitEthernet 0/1/0
[*gne-GigabitEthernet0/1/0] ip binding vpn-instance __dcn_vpn__
[*gne-GigabitEthernet0/1/0] ip address 172.16.1.2 16
[*gne-GigabitEthernet0/1/0] commit
[~gne-GigabitEthernet0/1/0] quit
Step 3 Configure a static route for communication between the NMS and GNE. For
configuration details, see "Configuration Files" in this section.
Step 4 Configure the automatic NE report function on the GNE.
# Enable the automatic NE report function on the GNE.
[~gne] dcn
[*gne-dcn] auto-report
[*gne-GigabitEthernet0/1/0] commit
Step 5 Verify the configuration.
# View the configurations of the GNE.
<gne> display dcn brief
------------------------------------------------
NE-ID: 0x280FC
NE-IP: 10.1.1.2
Mask: 255.255.255.0
DCN-Interface: LoopBack2047
Auto-Report: Enable
------------------------------------------------
----End
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 749
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Configuration Files
● Configuration file of the GNE
#
ip dcn vpn-instance __dcn_vpn__
#
interface GigabitEthernet0/1/0
undo shutdown
dcn
ip binding vpn-instance __dcn_vpn__
ip address 172.16.1.2 255.255.0.0
#
interface LoopBack2047
description DCN loopback interface
ip binding vpn-instance __dcn_vpn__
ip address 10.1.1.2 255.255.255.0
#
ospf 65534 vpn-instance __dcn_vpn__
description DCN ospf create by default
opaque-capability enable
vpn-instance-capability simple
area 0.0.0.0
network 0.0.0.0 255.255.255.255
#
!The DCN function implements the capability of plug-and-play for this device.
!A NE IP address based on the unique NE ID is automatically generated in VPN
!of DCN. It is recommended that the NE IP address be changed to the planned
!one by running the ne-ip X.X.X.X <MASK> command after the device being online.
dcn
auto-report
ne-ip 10.1.1.2 255.255.255.0
#
return
● Configuration files of NE1 and NE2
#
interface GigabitEthernet0/1/1
undo shutdown
dcn
#
interface LoopBack2047
description DCN loopback interface
ip binding vpn-instance __dcn_vpn__
ip address 10.1.1.3 255.255.0.0
#
ospf 65534 vpn-instance __dcn_vpn__
description DCN ospf create by default
opaque-capability enable
hostname
vpn-instance-capability simple
area 0.0.0.0
network 0.0.0.0 255.255.255.255
#
!The DCN function implements the capability of plug-and-play for this device.
!A NE IP address based on the unique NE ID is automatically generated in VPN
!of DCN. It is recommended that the NE IP address be changed to the planned
!one by running the ne-ip X.X.X.X <MASK> command after the device being online.
dcn
#
return
Example for Configuring DCN Traversal over a Third-Party Layer 2 Network
This section provides an example for configuring DCN traversal over a third-party
Layer 2 network. This function enables NEs on target networks to learn the DCN
VLAN ID sent by a GNE and establish DCN connections with the GNE.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 750
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Networking Requirements
On the network shown in Figure 1-169, a DCN VLAN group is configured on the
GNE, and the GNE sends DCN negotiation packets carrying the IDs of VLANs in
the DCN VLAN group to a third-party network. On the third-party network, DCN
packets carrying different VLAN IDs are forwarded to leaf nodes through different
virtual leased lines (VLLs). The NE devices learn the DCN VLAN packets sent from
the GNE and establish DCN connections with the GNE.
Figure 1-169 Configuring DCN traversal over a third-party Layer 2 network
NOTE
● Interface1 in this example is GE 0/1/0.
Precautions
This function applies only to the router mode.
If an Ethernet sub-interface is configured as a Dot1q termination sub-interface,
the VLAN ID of the sub-interface can be the same as the DCN VLAN ID of the
main interface.
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 751
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Enable global DCN on the GNE, NE1, NE2, and NE3.
2. Enable interface-specific DCN on the interfaces connecting the GNE, NE1,
NE2, and NE3 to the third-party network.
3. Configure a DCN VLAN group on the GNE, with VLAN IDs in the group being
the same as the service VLAN IDs configured for involved sub-interfaces on
the GNE.
4. Configure the automatic NE report function on the GNE.
5. Configure the NEID and NEIP for the GNE.
Data Preparation
To complete the configuration, you need the following data:
● DCN VLAN ID
Procedure
Step 1 Enable the DCN feature globally.
# Enable the DCN feature globally. In this example, a GNE is used. Then, use the
same method to enable DCN feature globally for NE1, NE2, and NE3.
<HUAWEI> system-view
[~HUAWEI] dcn
[~HUAWEI-dcn] quit
Step 2 Enable interface-specific DCN.
# Enable interface-specific DCN. For example, enable DCN on GE0/1/0 of the GNE.
Then, use the same method to enable interface-specific DCN for NE1, NE2, and
NE3.
<HUAWEI> system-view
[~HUAWEI] interface gigabitethernet 0/1/0
[~HUAWEI-GigabitEthernet0/1/0] dcn
Step 3 Configure the DCN VLAN group on the GNE.
[~HUAWEI] interface GigabitEthernet 0/1/0
[~HUAWEI-GigabitEthernet0/1/0] dcn
[*HUAWEI-GigabitEthernet0/1/0] dcn vlan 1 to 3
[*HUAWEI-GigabitEthernet0/1/0] commit
[~HUAWEI-GigabitEthernet0/1/0] quit
[~HUAWEI] interface GigabitEthernet 0/1/0.1
[~HUAWEI-GigabitEthernet0/1/0.1] vlan-type dot1q 1 default
[*HUAWEI-GigabitEthernet0/1/0.1] commit
[~HUAWEI-GigabitEthernet0/1/0.1] quit
[~HUAWEI] interface GigabitEthernet 0/1/0.2
[~HUAWEI-GigabitEthernet0/1/0.2] vlan-type dot1q 2 default
[*HUAWEI-GigabitEthernet0/1/0.2] commit
[~HUAWEI-GigabitEthernet0/1/0.2] quit
[~HUAWEI] interface GigabitEthernet 0/1/0.3
[~HUAWEI-GigabitEthernet0/1/0.3] vlan-type dot1q 3 default
[*HUAWEI-GigabitEthernet0/1/0.3] commit
[~HUAWEI-GigabitEthernet0/1/0.3] quit
Step 4 Configure the automatic NE report function on the GNE.
[~HUAWEI] dcn
[*HUAWEI-dcn] auto-report
[*HUAWEI-dcn] commit
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 752
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Step 5 Configure NEID and NEIP on the GNE.
[~HUAWEI] set neid 111111
[*HUAWEI] dcn
[*HUAWEI-dcn] ne-ip 10.1.1.2 255.255.0.0
[*HUAWEI-dcn] commit
Step 6 Verify the configuration.
# Run the display dcn interface command on the GNE to check DCN interface
information.
<HUAWEI> display dcn interface
total 4 DCN physical interface
-----------------------------------------------------------------------------------------------------------------
interface Vid state logical-if
-----------------------------------------------------------------------------------------------------------------
GE0/1/1 0 up (Ready) DCN-Serial0/1/1:0 (Ready)
GE0/1/0 1 up (Ready) DCN-Serial0/1/0:0 (Ready)
2 up (Ready) DCN-Serial0/1/0:1 (Ready)
3 up (Ready) DCN-Serial0/1/0:2 (Ready)
-----------------------------------------------------------------------------------------------------------------
----End
Configuration Files
● Configuration file of the GNE
#
interface GigabitEthernet0/1/0
undo shutdown
dcn
dcn vlan 1 to 3
#
interface GigabitEthernet0/1/0.1
vlan-type dot1q 1
#
interface GigabitEthernet0/1/0.2
vlan-type dot1q 2 default
#
interface GigabitEthernet0/1/0.3
vlan-type dot1q 3 default
#
!The DCN function implements the capability of plug-and-play for this device.
!A NE IP address based on the unique NE ID is automatically generated in VPN
!of DCN. It is recommended that the NE IP address be changed to the planned
!one by running the ne-ip X.X.X.X <MASK> command after the device being online.
dcn
auto-report
ne-ip 10.1.1.2 255.255.0.0
#
return
● NE1 configuration file, which is the same as NE2/NE3 configuration file
#
interface GigabitEthernet0/1/0
undo shutdown
dcn
#
!The DCN function implements the capability of plug-and-play for this device.
!A NE IP address based on the unique NE ID is automatically generated in VPN
!of DCN. It is recommended that the NE IP address be changed to the planned
!one by running the ne-ip X.X.X.X <MASK> command after the device being online.
dcn
#
return
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 753
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.24 RMON Configuration
1.1.24.1 Overview of RMON
Definition
Remote Network Monitoring (RMON) is a widely used standard defined by the
Internet Engineering Task Force (IETF) for monitoring large-scale networks. It
enables network administrators to monitor data traffic on a network segment or
an entire network and is an enhancement of the Management Information Base II
(MIB II) specification.
Purpose
As networks become more and more distributed, the IETF developed RMON to
address the limitations of the Simple Network Management Protocol (SNMP). It
improves the availability of management information, lightens the burden on the
Network Management Station (NMS), and enables network administrators to
monitor multiple network segments.
With RMON, administrators can monitor remote network devices more efficiently
and proactively through SNMP. In addition, RMON provides a highly efficient
solution to monitor sub-networks. It decreases the volume of traffic between the
NMS and agents and facilitates large-size network management.
Benefits
RMON provides an efficient method for monitoring networks and brings the
following benefits:
● Expanded monitoring range: RMON MIBs expand the range of network
management to the data link layer, enabling administrators to monitor
networks more effectively.
● Offline operation: RMON Agent can continuously collect error, performance,
and configuration data even when the administrator is not querying network
statuses. RMON provides a solution for analyzing the traffic in a specific range
without consuming bandwidth resources.
● Data analysis: RMON Agent analyzes network problems and resource
consumption, providing information to diagnose faults and reducing the
overall workload of the NMS.
1.1.24.2 Understanding RMON
Background
The widely used SNMP collects network communication statistics using agent
software embedded in managed devices. By sending query signals to the Agent
Management Information Base (MIB) in polling mode, the management software
is able to obtain network management data. Although the MIB counter records
data statistics, it cannot analyze historical data. The NMS software continuously
polls the managed devices for data, which is then used to build an overall picture
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 754
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
of network traffic and traffic changes. This is then used to analyze the overall
network status.
SNMP-based polling has two disadvantages:
● SNMP consumes a significant amount of network resources. Polling involves
generating a large volume of packets on large-scale networks, leading to
network congestion or blocking. Consequently, SNMP is not suitable for
managing large-scale networks or reclaiming abundant data, such as the
routing table.
● SNMP increases the burden on the network administrator. During polling, the
network administrator must manually collect information using the NMS
software. This is labor-intensive, especially if the administrator monitors more
than three network segments.
To address these disadvantages, the IETF developed RMON for monitoring data
traffic on a network segment or across an entire network. It provides more
valuable management information, lightens the NMS workload, and allows the
network administrator to monitor multiple network segments.
● RMON is an enhancement of SNMP, and built based on the SNMP
architecture, making it compatible with the existing SNMP architecture.
RMON consists of two parts: the NMS and the Agent located on each device.
Because of the similarities between RMON and SNMP, an SNMP NMS can be
used as an RMON NMS, and the administrator does not need to learn a new
technology. This means that RMON is easy to implement.
● When an abnormality occurs on the monitored object, the RMON agent sends
trap messages to the NMS using the SNMP mechanism for transmitting trap
messages. Because SNMP typically uses the trap function to notify the
managed device of function and interface statuses, the monitored objects,
triggering conditions, and reported information differ between RMON and
SNMP.
● RMON enables SNMP to monitor remote network devices more efficiently
and proactively. Using RMON, managed devices automatically send trap
messages when a specific monitored value exceeds the alarm threshold.
Therefore, managing devices do not need to obtain MIB variables by
continuous polling and comparison. This implementation reduces the volume
of traffic sent between the managing and managed devices, and allows
administrators to manage large-scale networks more easily and effectively.
Related Concepts
● NMS: A workstation that runs the network management software.
● MIB: A specification that defines and organizes a collection of managed
objects.
● RMON Agent: A remote management process embedded in managed devices.
● Polling: The NMS queries managed devices by sending SNMP packets.
● RMON MIB: Network management medium of RMON. RMON Agent is
embedded in monitored devices that collect data and control the system
within a network segment, as defined by the MIB. The NMS obtains the
management information from the RMON Agent and controls the network
resources. The RMON MIB provides data link layer monitoring and diagnosis
of device faults. To facilitate network monitoring, Huawei has implemented
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 755
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
four of the nine groups defined in standard RMON MIB specifications:
statistics group, history group, event group, and alarm group.
Functions
Statistics function
Ethernet statistics (corresponding to the statistics group in RMON MIB): The
system continuously collects statistics about traffic on a network segment and the
types of packets, or the number of various error frames and collisions. The
statistics include network collisions, CRC error packets, the number of oversize or
undersize packets, the number of broadcast or multicast packets, and the number
of received bytes or packets.a
Historical sampling function (corresponding to the history group in the RMON
MIB): The system periodically samples network statuses and stores the
information for later queries. The system also periodically samples port traffic
data (specifically, bandwidth usage, the number of error packets, and the total
number of packets).
Alarm function
The function to process an event as recording a log or sending trap messages
(corresponding to the event group in the RMON MIB): The event group controls
the events and notifications, and provides all the events generated by the RMON
Agent. A log is generated or trap messages are sent to the NMS when an event
occurs.
Alarm threshold (corresponding to the alarm group in the RMON MIB): The
system monitors the objects of a specific alarm type. Once an alarm's upper and
lower thresholds are defined, the system samples the values of monitored objects
at a pre-defined interval (a sampled value can be either an absolute value or a
difference in values). If the sampled values reach or exceed the upper threshold, a
rising alarm is generated. Conversely, if the sampled values fall to or below the
lower threshold, a falling alarm is generated. The NMS processes these alarms
based on the definitions of the events. RMON Agent either records the
information as a log or sends trap messages to the NMS.
1.1.24.3 Configuration Precautions for RMON
Feature Requirements
None
1.1.24.4 Configuring RMON
1.1.24.4.1 Configuring the RMON Statistics Function
Context
Configuring the RMON statistics function helps to collect and record statistics of
an interface.
RMON statistics can be divided into the Ethernet statistics function and historical
sampling function.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 756
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Ethernet statistics function (corresponding to the statistics group in the
RMON MIB): The system collects the statistics about basic traffic on
monitored interfaces.
● Historical sampling function (corresponding to the history group in the RMON
MIB): The system samples the interface statuses on the network periodically
and stores the information for later queries.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Determine the interface on which statistics are collected and enter the interface
view.
interface interface-type interface-number
Step 3 Enable RMON statistics on the interface.
rmon-statistics enable
By default, the RMON statistics function is disabled on an interface.
If the RMON statistics function is not enabled, the Ethernet statistics and historical
sampling functions do not take effect.
Step 4 Configure the Ethernet statistics function.
rmon statistics entry-number [ owner owner-name ]
Step 5 Configure the historical sampling function.
rmon history entry-number buckets number interval sampling-interval [ owner owner-name ]
To reduce the impact of RMON on system performance, set a sampling interval
longer than 10 seconds and do not configure excessive historical sampling on an
interface. RMON specifications suggest a sampling interval of 30 seconds and
more than two historical samplings per interface.
Step 6 Exit the interface view.
quit
Step 7 Commit the configuration.
commit
----End
1.1.24.4.2 Configuring the RMON Alarm Function
Context
After the RMON alarm function is configured on a device, the device will generate
a log or an alarm if the sampling value exceeds the alarm threshold.
The RMON alarm function is implemented based on the event table and alarm
table.
● Event table (corresponding to the event group in the RMON MIB): When an
event occurs, the device generates a log or sends a trap message to the NMS.
● Alarm table (corresponding to the alarm group in the RMON MIB): A
specified alarm variable identified by its OID is monitored at a specified
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 757
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
sampling interval. When the monitored variable exceeds the defined
threshold, the device generates a log or alarm.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Configure the function of sending trap messages or recording logs for events.
rmon event entry-number [ description string ] { log | trap object | log-trap object | none } [ owner
owner-name ]
The event function is configured. The parameters in the command are described
as follows:
● log: The system only generates a log.
● log-trap: The system generates a log and sends a trap message to the NMS.
● none: The system does not take any action.
● trap: The system only sends a trap message to the NMS.
Step 3 Configure the alarm threshold function.
rmon alarm entry-number alarm-OID sampling-time { absolute | changeratio | delta } rising-threshold
threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ startup-alarm { falling |
rising | risingorfalling } ] [ owner owner-name ]
By default, the alarm threshold function is not configured.
If the events corresponding to the upper and lower alarm thresholds (event-entry1
and event-entry2) are not configured, no alarm is generated even if the alarm
conditions are satisfied. In this case, the alarm is in the Undercreation state rather
than in the Valid state.
If the event corresponding to either the upper or lower alarm threshold is
configured, an alarm is triggered once the alarm conditions are satisfied. In this
case, the alarm is in the Valid state. If an incorrect monitored object is configured
(for example, a nonexistent OID is specified), the alarm is in the Invalid state, and
no alarm is generated.
Step 4 Commit the configuration.
commit
----End
1.1.24.4.3 Verifying the RMON Configuration
Prerequisites
RMON configuration has been completed.
Procedure
● Run the display rmon statistics [ interface-type interface-number | interface-
name ] command to check RMON statistics.
● Run the display rmon history [ interface-type interface-number | interface-
name ] command to check RMON historical sampling information.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 758
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
● Run the display rmon event [ entry-number ] command to check the RMON
event processing mode (either recording a log or sending a trap message).
● Run the display rmon eventlog [ entry-number ] command to check details
about RMON logs.
● Run the display rmon alarm [ entry-number ] command to check RMON
alarm configurations.
----End
1.1.24.4.4 Example for Configuring RMON
Networking Requirements
On the network shown in Figure 1-170, the subnet connected to
GigabitEthernet0/1/2 of DeviceA needs to be monitored. This includes:
● Collecting real-time and historical statistics about specific traffic and various
packets.
● Monitoring broadcast and multicast traffic on the subnet and enabling the
alarm function for the total number of broadcast and multicast packets.
When the total number of such packets exceeds the configured threshold, the
system proactively reports alarm information to the NMS.
Figure 1-170 Networking diagram for configuring RMON
NOTE
Interface 1 and Interface 2 in this example are GigabitEthernet0/1/1 and
GigabitEthernet0/1/2, respectively.
To complete the configuration, you need the following data:
● Index (1) of the RMON statistics function
● Owner (userA) for the RMON statistics function
● Sampling interval (30 seconds)
● Index (1) of the RMON alarm function
● OID ID (1.3.6.1.2.1.2.2.1.4.3.5) of a monitored object
● Upper threshold (1000) and lower threshold (100) for triggering an event
● Owner (userA) for the RMON alarm function
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 759
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1. Ensure that there are reachable routes between the device and NMS.
2. Configure SNMP and usernames and ensure that the device can send trap
messages to the NMS.
3. Configure the RMON statistics function and collect traffic statistics on
interfaces.
4. Configure the RMON alarm function so that a trap message is sent to the
NMS when the sampling value exceeds the set threshold.
Procedure
Step 1 Configure reachable routes between the device and NMS. For details, see
Configuration Scripts.
Step 2 Configure the device to send trap messages to the NMS.
# Enable SNMP to send trap messages to the NMS.
<HUAWEI> system-view
[~HUAWEI] sysname DeviceA
[*DeviceA] snmp-agent
[*DeviceA] snmp-agent trap enable
[*DeviceA] commit
# Configure the device to send trap messages to the specified NMS.
[~DeviceA] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname nms2-
admin v3 privacy
[*DeviceA] commit
Step 3 Configure the RMON statistics function.
# Enable the RMON statistics function.
[~DeviceA] interface gigabitethernet 0/1/2
[~DeviceA-GigabitEthernet0/1/2] rmon-statistics enable
[*DeviceA-GigabitEthernet0/1/2] commit
# Configure the Ethernet statistics function.
[~DeviceA-GigabitEthernet0/1/2] rmon statistics 1 owner userA
[*DeviceA-GigabitEthernet0/1/2] commit
# Configure the historical traffic sampling function to sample the traffic on the
subnet at an interval of 30 seconds and save the 10 most recent historical entries.
[~DeviceA-GigabitEthernet0/1/2] rmon history 1 buckets 10 interval 30 owner userA
[*DeviceA-GigabitEthernet0/1/2] quit
[*DeviceA] commit
Step 4 Configure the RMON alarm function.
# Configure the device to send trap messages to the NMS when RMON event 1
occurs.
[~DeviceA] rmon event 1 description alarmofinterface trap nms2-admin owner userA
[*DeviceA] commit
# Set a sampling interval and thresholds for triggering event 1.
[~DeviceA] rmon alarm 1 1.3.6.1.2.1.2.2.1.4.3 5 absolute rising-threshold 1000 1 falling-threshold 100 1
owner userA
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 760
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
[*DeviceA] quit
[*DeviceA] commit
----End
Verifying the Configuration
# Check data traffic information on the subnet.
<DeviceA> display rmon statistics gigabitethernet 0/1/2
Statistics entry 1 owned by userA is valid.
Interface :GigabitEthernet0/1/2<ifEntry.402653698>
Received :
Octets :4294966296, Packets:316091
Broadcast packets :311839 , Multicast packets:666
Undersize packets :0 , Oversize packets :0
Fragments packets :0 , Jabbers packets :0
CRC alignment errors:0 , Collisions :0
Dropped packets (insufficient resources):0
Packets received according to length (octets):
64 :0 , 65-127 :0 , 128-255 :0
256-511:0 , 512-1023:0 , 1024-1518:0
# Check historical sampling records.
<DeviceA> display rmon history gigabitethernet 0/1/2
History control entry 1 owned by userA is valid
Sampled interface : GigabitEthernet0/1/2<ifEntry.402653698>
Sampling interval : 30(sec) with 10 buckets max
Last Sampling time : 0days 05h:17m:26s.30th
Latest sampled values :
Octets :1000 , Packets :100
Broadcast packets :100 , Multicast packets :100
Undersize packets :0 , Oversize packets :0
Fragments packets :0 , Jabbers packets :0
CRC alignment errors :0 , Collisions :0
Dropped packet :0 , Utilization :0
History record:
Record No.1 (Sample time: 0days 05h:13m:56s.56th)
Octets :1000 , Packets :100
Broadcast packets :100 , Multicast packets :100
Undersize packets :0 , Oversize packets :0
Fragments packets :0 , Jabbers packets :0
CRC alignment errors :0 , Collisions :0
Dropped packets :0 , Utilization :0
# Check RMON event information.
<DeviceA> display rmon event
Event table 1 owned by userA is valid.
Description: alarmofinterface.
Will cause snmp-trap when triggered, last triggered at 1days 04h:00m:00s.04th
# Check RMON alarm configurations.
<DeviceA> display rmon alarm 1
Alarm table 1 owned by userA is valid.
Samples absolute value : 1.3.6.1.2.1.2.2.1.4.3
Sampling interval : 5(sec)
Rising threshold : 1000(linked with event 1)
Falling threshold : 100(linked with event 1)
When startup enables : risingOrFallingAlarm
Latest value : 1500
Configuration Scripts
#
sysname DeviceA
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 761
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
#
interface GigabitEthernet0/1/1
undo shutdown
ip address 10.2.2.1 255.255.255.0
#
undo shutdown
ip address 10.3.3.1 255.255.255.0
rmon-statistics enable
rmon statistics 1 owner userA
rmon history 1 buckets 10 interval 30 owner userA
#
ip route-static 10.1.1.0 255.255.255.0 10.2.2.2
#
snmp-agent
#
snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname nms2-admin v3 privacy
#
rmon event 1 description alarmofinterface trap nms2-admin owner userA
rmon alarm 1 1.3.6.1.2.1.2.2.1.4.3 5 absolute rising-threshold 1000 1 falling-threshold 100 1 owner userA
#
return
1.1.25 SAID Configuration
1.1.25.1 SAID Description
1.1.25.1.1 Overview of SAID
Definition
System of active immunization and diagnosis (SAID) is an intelligent fault
diagnosis system that automatically diagnoses and rectifies severe device or
service faults by simulating human operations in troubleshooting.
Purpose
A network is prone to severe problems if it fails to recover from a service
interruption. At present, device reliability is implemented through various
detection functions. Once a device fault occurs, the device reports an alarm or
requires a reset for fault recovery. However, this mechanism is intended for fault
detection of a single module. When a service interruption occurs, the network may
fail to promptly recover from the fault, adversely affecting services.
In addition, after receiving a reported fault, maintenance engineers may face a
difficulty in collecting fault information, preventing problem locating and
adversely affecting device maintenance.
The SAID is promoted to address the preceding issues. The SAID achieves
automated device fault diagnosis, fault information collection, and service
recovery, comprehensively improving the self-healing capability and
maintainability of devices.
Benefits
The SAID can automatically detect, diagnose, and rectify device faults, greatly
improving network maintainability and reducing maintenance costs.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 762
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.25.1.2 Understanding SAID
Basic SAID Functions
Basic Concepts
● SAID node: detects, diagnoses, and rectifies faults on a device's modules in
the SAID. SAID nodes are classified into the following types:
– Module-level SAID node: defends against, detects, diagnoses, and rectifies
faults on a module.
– SAID-level SAID node: detects, diagnoses, and rectifies faults on multiple
modules.
● SAID node state machine: state triggered when a SAID node detects,
diagnoses, and rectifies faults. A SAID node involves seven states: initial,
detecting, diagnosing, invalid-diagnose, recovering, judging, and service
exception states.
● SAID tracing: The SAID collects and stores information generated when a
SAID node detects, diagnoses, and rectifies faults. The information can be
used to locate the root cause of a fault.
SAID
Fault locating in the SAID involves the fault detection, diagnosis, and recovery
phases. The SAID has multiple SAID nodes. Each time valid diagnosis is triggered
(that is, the recovery process has been triggered), the SAID records the diagnosis
process information for fault tracing. The SAID's main processes are described as
follows:
1. Defense startup phase: After the system runs, it instructs modules to deploy
fault defense (for example, periodic logic re-loading and entry
synchronization), starting the entire device's fault defense.
2. Detection phase: A SAID node detects faults and finds prerequisites for
problem occurrence. Fault detection is classified as periodic detection (for
example, periodic traffic decrease detection) or triggered detection (for
example, IS-IS Down detection).
3. Diagnosis phase: Once a SAID node detects a fault, the SAID node diagnoses
the fault and collects various fault entries to locate fault causes (only causes
based on which recovery measures can be taken need to be located).
4. Recovery phase: After recording information, the SAID node starts to rectify
the fault by level. After the recovery action is completed at each level, the
SAID node determines whether services recover (by determining whether the
fault symptom disappears). If the fault persists, the SAID node continues to
perform the recovery action at the next level until the fault is rectified. The
recovery action is gradually performed from a lightweight level to a
heavyweight level.
5. Tracing phase: If the SAID determines the fault and its cause, this fault
diagnosis is a valid diagnosis. The SAID then records the diagnosis process.
After entering the recovery phase, the SAID records the recovery process for
subsequent analysis.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 763
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
SAID Node State Machine
The fault detection, diagnosis, and recovery processes of a SAID node are
implemented through state machines.
Figure 1-171 Process of SAID node state transition
All state transition scenarios are as follows:
1. When detecting a trigger event in the initial state, the SAID node enters the
detecting state.
2. If the detection is not completed in the detecting state, the SAID node keeps
working in this state.
3. If a detection timeout occurs or no fault is detected in the detecting state, the
SAID node enters the initial state.
4. When detecting a fault in the detecting state, the SAID node enters the
diagnosing state.
5. If the diagnosis action is not completed in the diagnosing state, the SAID
node keeps working in this state.
6. If an environmental change occurs in the diagnosing state or another SAID
node enters the recovering state, the SAID node enters the invalid-diagnose
state.
7. If the diagnosis action is not completed in the invalid-diagnose state, the SAID
node keeps working in this state.
8. If no device exception is detected after the diagnosis action is completed in
the diagnosing state, the SAID node enters the initial state.
9. If a device exception is detected after the diagnosis action is completed in the
diagnosing state, the SAID node enters the recovering state.
10. If the recovery action is not completed in the recovering state, the SAID node
keeps working in this state.
11. If the recovery action is completed in the recovering state, the SAID node
enters the judging state.
12. If the judgment action is not completed in the judging state, the SAID node
keeps working in this state.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 764
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
13. If the service does not recover in the judging state and a secondary recovery
action exists, the SAID node enters the recovering state.
14. If the service does not recover in the judging state and no secondary recovery
action exists, the SAID node enters the service exception state.
15. In the service exception state, the SAID node periodically checks whether the
service recovers.
16. If the service recovers in the judging state, the SAID node enters the initial
state.
SAID for Ping
Background
The failure to ping a directly connected device often occurs on networks, causing
services to be interrupted for a long time and fail to automatically recover. The
ping process involves various IP forwarding phases. A ping failure may be caused
by a hardware entry error, board fault, or subcard fault on the local device or a
fault on an intermediate device or the peer device. Therefore, it is difficult to
locate or demarcate the specific fault.
Definition
The ping service node is a specific SAID service node. This node performs link-
heartbeat loopback detection to detect service faults, diagnoses each ping
forwarding phase to locate or demarcate faults, and takes corresponding recovery
actions.
Principles
For details about the SAID framework and principles, see Basic SAID Functions.
SAID uses IP packets in which the protocol number is 1, indicating ICMP. The ping
service node undergoes four phases (fault detection, fault diagnosis, fault
recovery, and service recovery determination) to implement automatic device
diagnosis, fault information collection, and service recovery.
● Fault detection
The ping service node performs link-heartbeat loopback detection to detect
service faults. The packets used are ICMP detection packets. There are 12
packet templates in total. Each template sends two packets in sequence
within a period of 30s. Therefore, a total of 24 packets are sent by the 12
templates within a period of 30s. After five periods, the system starts to
collect statistics on lost packets and modified packets.
Link-heartbeat loopback detection is classified as packet modification
detection or packet loss detection.
– Packet modification detection checks whether the content of received
heartbeat packets is the same as the content of sent heartbeat packets. If
one of the following conditions is met, a trigger message is sent to
instruct the SAID ping node to perform fault diagnosis:
▪ Modified packets are detected in each of the five periods.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 765
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
▪ Two or more packets are modified in a period.
– Packet loss detection checks whether the difference between the number
of received heartbeat packets and the number of sent heartbeat packets
is within the permitted range. If one of the following conditions is met, a
trigger message is sent to instruct the SAID ping node to perform fault
diagnosis:
▪ The total number of lost packets exceeds 3.
▪ After each packet sending period ends, the system checks the
protocol status and whether ARP entries exist on the interface and
find that there is no ARP in three consecutive periods.
▪ The absolute value of the difference between the number of lost
packets whose payload is all 0s and the number of lost packets
whose payload is all Fs is greater than 25% of the total number of
sent packets in five periods.
● Fault diagnosis
After receiving the triggered message in the fault detection state, the ping
service node enters the fault diagnosis state.
– If a packet loss error is detected on the device, the SAID ping node checks
whether a module (subcard, TM, or NP) on the device is faulty. If no
module is faulty, the system completes the diagnosis and returns to the
fault detection state.
– If a packet loss error is detected on the device, the SAID ping node checks
whether a module (subcard, TM, or NP) on the device is faulty. If a
module fault occurs, the system performs loopback diagnosis. If packet
loss or modification is detected during loopback, the local device is faulty.
The system then enters the fault recovery state. If no packet is lost during
loopback diagnosis, the system returns to the fault detection state.
– If a packet modification error is detected on the device, the SAID ping
node checks whether a module (subcard, TM, or NP) on the device is
faulty. Loopback diagnosis is performed regardless of whether a module
fault occurs. If packet loss or packet modification occurs during loopback,
the local device is faulty. The system then enters the fault recovery state.
If no packet is lost during the loopback, the system returns to the fault
detection state and generates a packet modification alarm.
● Fault recovery
If a fault is detected during loopback diagnosis, the ping service node
determines whether a counting error occurs on the associated subcard.
– If a counting error occurs on the subcard, the ping service node resets the
subcard for service recovery. Then, the node enters the service recovery
determination state and performs link-heartbeat loopback detection to
determine whether services recover. If services recover, the node returns
to the fault detection state. If services do not recover, the node returns to
the fault recovery state and takes a secondary recovery action. (For a
subcard reset, the secondary recovery action is board reset.)
– If no counting error occurs on the subcard, the ping service node resets
the involved board for service recovery. After the board starts, the node
enters the service recovery determination state and performs link-
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 766
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
heartbeat loopback detection to determine whether services recover. If
services recover, the node returns to the fault detection state. If services
do not recover, the node remains in the service recovery determination
state and periodically performs link-heartbeat loopback detection until
services recover.
● Service recovery determination
After fault recovery is complete, the ping service node uses the fault packet
template to send diagnostic packets. If a fault still exists and a subcard reset
is performed, the node generates an alarm and instructs the subcard to
perform a switching for self-healing. If a fault still exists but no subcard reset
is performed, the node generates an alarm only. If no fault exists, the node
instructs the link-heartbeat loopback function to return to the initiate state,
and the node itself returns to the fault detection state.
● Fault alarm
If link-heartbeat loopback detects packet loss, it triggers SAID ping diagnosis
and performs recovery operations (reset the subcard or board). However,
services fail to be recovered, and the device detects packet loss and reports an
alarm.
If link-heartbeat loopback detects packet modification, it triggers SAID ping
diagnosis and reports an alarm when any of the following conditions is met:
– If services fail to be restored after recovery operations (reset the subcard
or board), the device detects packet loss and reports an alarm.
– If a software error occurs, the device forcibly cancels link-heartbeat
loopback and reports an alarm if no other recovery operation is
performed within 8 minutes.
– If no packet loss or packet modification error occurs during link-heartbeat
loopback, the device cancels the recovery operation. If no other recovery
operation is performed within 8 minutes, the device reports an alarm.
– If the board does not support SAID ping, the device reports an alarm.
SAID for CFC
Background
A large number of forwarding failures occur on the network and cannot recover
automatically. As a result, services are interrupted and cannot be automatically
restored for a long time. A mechanism is required to detect forwarding failures
that cannot recover automatically. After a forwarding entry (such as route
forwarding entry and ARP forwarding entry) failure is detected, proper measures
are taken to rectify the fault quickly.
Definition
The control plane with forwarding plane consistency check (CFC) service node is a
specific service node in the SAID framework. The CFC node selects some typical
routes and compares the outbound interface, MAC address, and label
encapsulation information on the control plane with those on the forwarding
plane. If the information is inconsistent, the system enters the diagnosis state and
performs the consistency check for multiple times. If the comparison result
remains, an alarm is generated.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 767
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Principles
The SAID system diagnoses the CFC service node through three phases: flow
selection, check, and troubleshooting. In this case, devices can perform automatic
diagnosis, collect fault information automatically, and generate alarms.
● Flow selection
There are a large number of routes on the live network. The system selects
typical routes for the check.
Routes are selected based on the following priorities. Default route > 32-bit
direct route > Static route > Private routes > Others
The total number of 4000 flows can be selected, and the quota of each type
of flow is limited. The system delivers a flow selection task based on the
standard quota of each type of flow. If the quota of a type of flow is not used
up, the extra quota is used for other types of flows after summarizing the
results.
● Check
After summarizing the flow selection results of interface boards and obtaining
the final flow set to be checked, the main control board broadcasts the flow
selection information to each interface board. The interface boards start to
check the flows.
Data on the control plane is inconsistent with that on the forwarding plane in
the following situations:
a. The forwarding plane has the outbound interface, MAC address, and label
encapsulation information, but the control plane does not.
b. Data on the forwarding plane is incorrect (for example, an entry is
invalid), and no hardware forwarding result is obtained. If the outbound
interface, MAC address, and label encapsulation information can be
obtained, the data compared with that on the control plane. In normal
cases, the data on the forwarding plane is the same as or is a subset of
that on the control plane.
● Troubleshooting
After a fault occurs, the context information related to the fault is collected.
Then, the device enters the diagnosis state and repeatedly checks the
incorrect flow. If an entry error occurs for three consecutive times, the device
enters the recovery state. If no error occurs once, the flow is considered
normal and no further diagnosis is required.
After the fault is diagnosed, you can run commands to restart the interface to
rectify the fault.
After the fault recovery action is performed, the current flow needs to be
checked again after it keeps stable and does not change for 5 minutes. If the
fault persists, an alarm is generated and the context information related to
the fault is collected. If the fault is rectified, the system enters the detection
state again and continues to check the subsequent flows.
After an alarm is generated, the SAID system keeps checking the current flow
until the flow is correct. Then, the alarm is cleared and the system enters the
detection state.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 768
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
SAID for SEU
Background
As the manufacturing technique of electronic components evolves towards deep
submicron, the per-unit soft failure rate of storage units in such components has
been increasing. As a result, single event upset (SEU) faults often occur, adversely
affecting services.
Definition
If a subcard encounters an SEU fault, SAID for SEU performs loopbacks on all
interfaces of the subcard. If packet loss or modification occurs during loopback
detection, the subcard is reset for fault rectification.
Principles
The SAID system diagnoses an SEU fault through three phases: fault detection,
loopback detection, and troubleshooting. This enables devices to perform
automatic diagnosis and fault information collection.
● Fault detection
SAID for SEU detects an SEU fault on a logical subcard and starts loopback
detection.
● Loopback detection
Loopback detection is to send ICMP packets from the CPU on the involved
interface board to an interface on the faulty subcard and then loop back the
ICMP packets from the interface to the CPU.
● Troubleshooting
a. If packet loss or modification occurs, SAID for SEU performs either of the
following operations depending on the status of the involved interface:
i. If the interface is physically Up, SAID for SEU resets the subcard.
ii. If the interface is physically Down, SAID for SEU keeps the interface
Down until the fault is rectified.
b. If statistics about the sent and received loopback packets are properly
collected and packet verification is normal, the subcard does not need to
be reset.
1.1.25.1.3 Terminology for SAID
Terms
None.
Abbreviation
Abbreviatio Full Spelling
n
SAID System of Active Immunization and Diagnosis
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 769
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.25.2 SAID Configuration
1.1.25.2.1 Overview of SAID
Introduction
A network is prone to severe problems if it fails to recover from a service
interruption. At present, device reliability is implemented through various
detection functions. Once a device fault occurs, the device reports an alarm or
requires a reset for fault recovery. However, this mechanism is intended for fault
detection of a single module. When a service interruption occurs, the network may
fail to promptly recover from the fault, adversely affecting services.
In addition, after receiving a reported fault, maintenance engineers may face a
difficulty in collecting fault information, preventing problem locating and
adversely affecting device maintenance.
The SAID is promoted to address the preceding issues. The SAID achieves
automated device fault diagnosis, fault information collection, and service
recovery, comprehensively improving the self-healing capability and
maintainability of devices.
Basic Concepts
● SAID node: detects, diagnoses, and rectifies faults on a device's modules in
the SAID. SAID nodes are classified into the following types:
– Module-level SAID node: defends against, detects, diagnoses, and rectifies
faults on a module.
– SAID-level SAID node: detects, diagnoses, and rectifies faults on multiple
modules.
● SAID node state machine: state triggered when a SAID node detects,
diagnoses, and rectifies faults. A SAID node involves seven states: initial,
detecting, diagnosing, invalid-diagnose, recovering, judging, and service
exception states.
● SAID tracing: The SAID collects and stores information generated when a
SAID node detects, diagnoses, and rectifies faults. The information can be
used to locate the root cause of a fault.
SAID
Fault locating in the SAID involves the fault detection, diagnosis, and recovery
phases. The SAID has multiple SAID nodes. Each time valid diagnosis is triggered
(that is, the recovery process has been triggered), the SAID records the diagnosis
process information for fault tracing. The SAID's main processes are described as
follows:
1. Defense startup phase: After the system runs, it instructs modules to deploy
fault defense (for example, periodic logic re-loading and entry
synchronization), starting the entire device's fault defense.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 770
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
2. Detection phase: A SAID node detects faults and finds prerequisites for
problem occurrence. Fault detection is classified as periodic detection (for
example, periodic traffic decrease detection) or triggered detection (for
example, IS-IS Down detection).
3. Diagnosis phase: Once a SAID node detects a fault, the SAID node diagnoses
the fault and collects various fault entries to locate fault causes (only causes
based on which recovery measures can be taken need to be located).
4. Recovery phase: After recording information, the SAID node starts to rectify
the fault by level. After the recovery action is completed at each level, the
SAID node determines whether services recover (by determining whether the
fault symptom disappears). If the fault persists, the SAID node continues to
perform the recovery action at the next level until the fault is rectified. The
recovery action is gradually performed from a lightweight level to a
heavyweight level.
5. Tracing phase: If the SAID determines the fault and its cause, this fault
diagnosis is a valid diagnosis. The SAID then records the diagnosis process.
After entering the recovery phase, the SAID records the recovery process for
subsequent analysis.
1.1.25.2.2 Configuration Precautions for SAID
Feature Requirements
Table 1-101 Feature requirements
Feature Requirements Series Models
SEU-associated port loopback: NetEngin NetEngine 8000
1. When a loopback is configured on a e 8000 M M14/NetEngine
subcard's interface, there is a possibility that 8000 M14K/
the peer interface goes Down. NetEngine 8000
M4/NetEngine
2. When loopback is configured on a subcard's 8000 M8/
interface, the interface is blocked for 50 ms. As NetEngine 8000
a result, traffic is interrupted for 50 ms (when M8K/NetEngine
the peer interface does not go Down). 8000E M14/
3. Loopback can be set for a subcard interface NetEngine 8000E
at most once every 24 hours. M8
4. If a fault is detected, the subcard is reset.
The subcard can be reset at most once within
24 hours.
After a fault is detected, traffic is interrupted
for 50 ms and the subcard is reset.
Disable the corresponding function.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 771
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Feature Requirements Series Models
Service traffic is intermittently interrupted NetEngin NetEngine 8000
when SAID for ping detects a fault and e 8000 M M14/NetEngine
interface loopback is enabled. 8000 M14K/
NetEngine 8000
M4/NetEngine
8000 M8/
NetEngine 8000
M8K/NetEngine
8000E M14/
NetEngine 8000E
M8
1.1.25.2.3 Enabling/Disabling a SAID Node
This section describes how to enable or disable a system of active immunization
and diagnosis (SAID) node using commands.
Context
The diagnosis and recovery durations of a single SAID node must not exceed 10
and 30 minutes, respectively. If either duration is exceeded, the SAID node is
disabled by default. When a SAID node is processing a large number of services,
the processing efficiency of other SAID nodes may be reduced because of
performance insufficiency. To guarantee the processing efficiency, you can run the
set said-node command to disable this node.
If the node is not in the detecting state after being disabled, it automatically
returns to the detecting state upon completion of the operation in the current
phase. When the next SAID task is started to perform detection, the system
detects that the SAID node is disabled and therefore skips it.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run set said-node { all | said-name [ slot slot-id ] } disable
The SAID node is disabled.
In VS mode, this command is supported only by the admin VS.
----End
Checking the Configurations
After enabling/disabling a SAID node, check the configurations.
● Run the display said-node status command to check the status of the SAID
node.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 772
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.25.2.4 Enabling the CFC Node Recovery Function
This section describes how to enable the control plane and forwarding plane
inconsistency recovery function.
Prerequisites
Before enabling the CFC node recovery function, ensure that the function to check
the consistency between the control plane and forwarding plane has been
enabled. If the function is disabled, run the undo set said-node cfc disable
command to enable it.
Context
After the CFC node recovery function is enabled, if a fault occurs and the system
enters the diagnosis state, the interface is restarted after a flow is considered
faulty for three consecutive times.
In VS mode, this configuration task is supported only by the admin VS.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run set said-cfc recovery enable
The CFC node recovery function is enabled.
To disable the control plane and forwarding plane inconsistency recovery function,
run the undo set said-cfc recovery enable command.
Step 3 Run commit
The configuration is committed.
----End
1.1.26 PADS Configuration
1.1.26.1 Overview of PADS
Definition
The protocol-aided diagnosis system (PADS) is an intelligent diagnosis system. It
simulates experts in multiple fields to automatically prevent, discover, diagnose,
and rectify service faults 24/7.
Purpose
PADS is developed based on technical research on future-oriented O&M. Designed
based on common fault modes summarized from thousands of faults reported by
customers, it simulates experts to monitor the status of IP protocol-related
functional modules in real time. PADS aims to enable users to implement complex
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 773
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
protocol O&M. To achieve this, PADS provides a unified O&M interface,
hierarchical fault diagnosis, and capabilities to diagnose and process common
component, device, system, and network faults. Moreover, it can record and
analyze exception symptoms before a fault occurs, and automatically diagnose,
isolate, and rectify faults, achieving intelligent O&M of devices on the live
network.
Benefits
PADS simplifies O&M, improves O&M efficiency, and reduces O&M costs.
1.1.26.2 Understanding PADS
PADS Functions
PADS simulates experts to monitor the service status in real time. It also
proactively detects faults, and automatically diagnoses and rectifies them.
PADS provides the following functions:
● Self-diagnosis and self-recovery in specific fault modes
● Service health checks and self-recovery upon poor check results
The service health checks include:
● Abnormal service status check: Diagnostic logs are generated. The status of
the recent abnormal services can be queried using the CLI.
● Ongoing service status check: Diagnostic information is generated in the PADS
O&M file on the PADS-dedicated flash, which helps restore services.
Implementation
Figure 1-172 Implementation of PADS
1. The status of each service is saved in real time to the PADS O&M file on the
flash memory, and key information is backed up.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 774
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
2. The intelligent fault analysis/prevention unit monitors the running status of
each service in real time.
3. The intelligent fault diagnosis unit automatically starts end-to-end diagnosis
when detecting an exception. You can also run diagnostic commands to start
end-to-end fault analysis.
4. During fault diagnosis, the inter-component and inter-device communication
units can be used to collect information across components and devices for
analysis.
5. Diagnosis results can be queried using the CLI at any time. PADS
automatically restores services if faults are detected in the diagnosis result.
1.1.26.3 Configuring the PADS Function
Context
By default, the PADS function is enabled. To disable this function, perform the
following operations.
Procedure
Step 1 Enter the system view.
system-view
Step 2 Choose either of the following methods to disable the PADS function.
● Disable the PADS function globally.
pads disable
● Disable the PADS function for a specific functional module.
pads switch appName disable
NOTE
The command for configuring the PADS function for a specified functional module takes
precedence over the command for configuring the PADS function globally. That is, after the
pads switch command is configured for a specified functional module, the PADS status for
this functional module is not affected by the pads disable or pads enable command
configuration.
Step 3 Commit the configuration.
commit
----End
Follow-up Procedure
For more information about PADS diagnosis functions, see the Diagnostic
Command Reference.
1.1.27 CUSP Description
NOTE
The CUSP feature is only used to establish a communication channel between Huawei
forwarder and controller in a CU separation scenario.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 775
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.27.1 Overview of CUSP
Definition
Table 1-102 Basic CUSP concepts
Concept Definition
CU separation Control plane and user plane (CU)
separation is to separate the control
plane (CP) from the user plane (UP) of
multiple BRAS devices. The user
management functions of multiple
BRAS devices are extracted and
centralized to form a new control
plane. Other control-plane functions
and forwarding-plane functions on the
BRAS devices are reserved to form a
new forwarding plane for the devices.
CUSP CUSP is a protocol that allows the
control and forwarding planes to
communicate through standardized
open interfaces. CUSP separates the
control plane from the forwarding
plane and allows the former to
manage the latter.
Controller A controller is a CUSP server running
on the control plane.
Forwarder A forwarder is a CUSP device running
on the forwarding plane. The CUSP
agent is a component that is
responsible for CUSP protocol
management on the forwarder.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 776
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Concept Definition
CUSP flow table A CUSP flow table is a forwarding
table independent of service types. A
flow table contains match fields and
associated actions. A forwarder
matches packets against a specific
field in a flow table and performs a
specific action associated with the field
on matching packets. For example, if a
match field in a flow table is set to a
source MAC address, and the specified
action is to forward packets to a
specific interface, the forwarder will
forward packets that carry the
specified MAC address to the specific
interface. CUSP defines device
forwarding actions in a flow table. The
controller delivers flow table entries to
the forwarder to control the actions of
the forwarder.
Purpose
Traditional network devices have both built-in forwarding and control planes. The
forwarding plane varies according to the device and is therefore hard to be
opened. In terms of the control plane where forwarding entries are generated,
most devices do not allow a third-party control plane to replace the built-in
control plane. Hardware and software are closely coupled, reducing the upgrade
frequency of network devices but extending the time for the devices to support
new technologies. Nowadays, however, various network technologies continuously
emerge to meet new requirements. Customers are urged to solve existing network
problems with the new network technologies.
To address this issue, CUSP is introduced to provide communication channels for
the control and forwarding planes. Using standardized open interfaces, CUSP
separates the control plane from the forwarding plane and allows the former to
manage the latter.
In a CU separation scenario, CUSP channels are used for the communications
between the control and forwarding planes, so that the control plane delivers
service entries to the forwarding plane and the forwarding plane reports service
events to the control plane.
Benefits
This feature promotes the standardization and generalization of high-performance
forwarding planes through standard interfaces.
1.1.27.2 Understanding CUSP
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 777
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.27.2.1 CUSP Fundamentals
In Figure 1-173, each traditional network device consists of the control and
forwarding planes. The devices independently process various types of packets
through the two planes.
In a CU separation scenario, the user management functions of multiple BRAS
devices are extracted and centralized to form a new control plane. Other control-
plane functions and forwarding-plane functions on the BRAS devices are reserved
to form a new forwarding plane for the devices. CUSP channels are used for the
communications between the control and forwarding planes, so that the control
plane delivers service entries to the forwarding plane and the forwarding plane
reports service events to the control plane.
Figure 1-173 Comparison between a traditional network architecture and an SDN
network architecture
The controller uses Experimenter packets to deliver private flow tables to
forwarders, implementing service entry delivery.
A CUSP agent is a component on a forwarder used to manage the CUSP protocol.
The agent provides the following functions:
● Establishes a CUSP connection between the forwarder and controller.
● Reports local port information to the forwarder.
● Parses flow table information delivered by the controller.
● Transfers host packets related to the controller.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 778
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.27.2.2 Control channel Establishment and Maintenance
a control channel is established over a TCP connection. Devices on both ends of a
channel exchange heartbeat packets to maintain the connection. Figure 1-174
shows the process of control channel establishment and maintenance.
1. After the controller and forwarder are both configured, the controller and
forwarder establish a TCP connection.
2. The controller and forwarder exchange Hello packets carrying version
information over the TCP connection to negotiate a channel with each other.
3. After the negotiation is complete, the controller sends a Features Request
packet to query the attribute information of the forwarder. Upon receipt of
the packet, the forwarder replies with the requested attribute information,
such as the flow table format and buffer size, to the controller. Then, a
control channel is successfully established.
4. The controller and forwarder periodically send Echo Request packets to each
other to detect the connection status. After receiving an Echo Request packet
sent from the initiator, the peer returns an Echo Reply packet. If the initiator
neither receives an Echo_Reply packet nor receives any other valid CUSP
packet after a specified number of attempts, the initiator considers the peer
faulty and tears down the connection. If the initiator does not receive any
Echo_Reply packet but receives another valid CUSP packet, it does not tear
down the connection.
Figure 1-174 Flowchart for establishing and maintaining a CUSP connection
1.1.27.2.3 CUSP-based Port Information Reporting
CUSP allows a forwarder to report its port information to a controller through a
control channel.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 779
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
In Figure 1-175, after a control channel is established, the controller proactively
queries port information from the forwarder. To achieve this, the controller sends a
Multipart Request packet to query the port information of the forwarder. Upon
receipt of the packet, the forwarder returns Multipart Reply packets to bulk report
port information. If there are port changes, such as port status changes, the
forwarder proactively sends Port Status packets to notify the controller of the
changes.
Figure 1-175 Flowchart for reporting port information
1.1.27.2.4 CUSP Flow Table Delivery
A flow table contains actions that CUSP defines for forwarders, which is
independent of service types. Entries in the flow table are delivered by a controller
to a forwarder through a control channel.
Standard Flow Table Delivery
In Figure 1-176, a controller sends a Flow Mod packet carrying flow table
information to a forwarder. The packet contains basic flow table information (such
as the table ID and priority), match attributes, and instructions. The match
attributes contain information (such as MAC and IP addresses) to be matched
against entries in the flow table. Matching packets are processed using a specific
instruction. The instructions define how to process matching packets, such as
modifying packet attributes and forwarding packets through a specific outbound
interface.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 780
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Figure 1-176 Flowchart for delivering a flow table
Private Flow Table Delivery
The controller uses Experimenter packets to deliver private flow tables to
forwarders, with a private smoothing process supported. A private flow table
contains FES entries related to VXLAN services.
1.1.27.2.5 CUSP Reliability
A controller generates service data based on information (such as interface
information) reported by a forwarder and then delivers the service data to the
forwarder through a control channel. To minimize service interruptions caused by
a CUSP connection or controller fault, CUSP supports the following reliability
solutions.
Table 1-103 CUSP reliability solutions
Reliability Solution Usage Scenario
CUSP connection reliability This solution is used in CUSP
connection fault scenarios. The
controller backs up data. Before a
CUSP connection is reestablished, the
controller uses the backup data to
process services, which ensures the
continuity of services that have been
generated on the controller after
connection reestablishment.
CUSP non-stop routing (NSR) CUSP NSR applies to scenarios in
which a controller fails or an active/
standby control plane switchover is
performed. The active control plane
backs up data. If the active control
plane fails or an active/standby control
plane switchover is performed, the
standby control plane takes over, and
the service process continues to work
based on the data that was backed up
before the active control plane fails,
which ensures CUSP service continuity.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 781
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
CUSP Connection Reliability
The CUSP connection reliability solution backs up collected forwarder interface
information, bindings between the controller's logical interfaces and the
forwarder's physical interfaces, and the forwarder's connection management
information. The data is used to implement controller service functions.
In CUSP connection fault scenarios, CUSP connection reliability is implemented as
follows:
● Before a CUSP connection is reestablished, the controller uses the backed up
data to process services.
● After the CUSP connection is reestablished, the controller re-collects forwarder
information and updates original information to ensure that services are
properly processed.
CUSP NSR
The implementation process is as follows:
1. The active control plane backs up the following data in batches and in real
time:
– TCP and CUSP connection information. This backup ensures that the
CUSP connection is not interrupted after an active/standby control plane
switchover.
– Resource information reported by a forwarder. This backup ensures that
resource information is consistent before and after an active/standby
control plane switchover.
– Flow table data delivered by the controller. This backup ensures that flow
table data is consistent before and after an active/standby control plane
switchover.
2. If the active control plane fails or an active/standby control plane switchover
is performed, the standby control plane takes over, and the service process
continues to work based on the data that was backed up before the active
control plane fails and responds to service changes, which ensures service
continuity.
– If resource information changes during an active/standby control plane
switchover, the controller re-collects resource information from the
forwarder after the switchover and completes synchronization and aging.
– If flow table information changes during an active/standby control plane
switchover, the controller uses Experimenter packets to re-deliver all FES
entries to the forwarder after the switchover. The forwarder then
synchronizes and ages flow entry information.
– After an active/standby control plane switchover, the controller and
forwarder continue to send service protocol packets (such as ARP, ICMP,
and OSPF packets) to each other through the control channel.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 782
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
1.1.27.3 Terminology for CUSP
Terms
Term Definition
Flow table A table containing actions that CUSP
defines for forwarders, which is
independent of service types.
1.1.28 KPI Description
1.1.28.1 Overview of KPIs
Definition
Key performance indicators (KPIs) indicate the performance of a running device at
a specific time. A KPI may be obtained by aggregating multiple levels of KPIs. The
KPI data collected by the main control board and interface boards is saved as an
xxx.dat file and stored into the CF card on the main control board. The KPI parsing
tool parses the file according to a predefined parsing format and converts it into
an Excel file. The Excel file provides relevant fault and service impairment
information, facilitating fault locating.
Purpose
The KPI system records key device KPIs in real time, provides service impairment
information (for example, the fault generation time, service impairment scope/
type, relevant operation, and possible fault cause/location), and supports fast fault
locating.
Benefits
The KPI system helps carriers quickly learn service impairment information and
locate faults, so that they can effectively improve network maintainability and
reduce maintenance costs.
1.1.28.2 Understanding KPIs
KPI System
Key performance indicators (KPIs) are periodically collected at a specified time,
which slightly increases memory and CPU usage. However, if a large number of
KPIs are to be collected, services may be seriously affected. Therefore, when
memory or CPU usage exceeds 70%, enable the system to collect the KPIs of only
the CP-CAR traffic, message-queue, Memory Usage, and CPU Usage objects
that do not increase the memory or CPU usage.
The KPI system checks whether the receiving buffer area has data every 30
minutes. If the receiving buffer area has data, the system writes the data into a
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 783
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
data file and checks whether the data file size is greater than or equal to 4 MB. If
the data file size is greater than or equal to 4 MB, the system compresses the file
as a package named in the yyyy-mm-dd.hh-mm-ss.dat.zip format. After the
compression is complete, the system deletes the data file.
The KPI system obtains information about the size of the remaining CF card space
each time a file is generated.
● If the remaining CF card space is less than or equal to 50 MB, the KPI system
deletes the oldest packages compressed from data files.
● If the remaining CF card space is greater than 50 MB, the KPI system obtains
data files from the cfcard:/KPISTAT path and computes the total space used
by all the packages compressed from data files. If the space usage is greater
than or equal to 110 MB, the KPI system deletes the oldest packages.
Service Implementation Process
The KPI system provides periodic collection and storage interfaces for service
modules. After the desired service modules successfully register, the KPI system
starts periodic data collection and stores collected data.
Figure 1-177 Service implementation flowchart
1. The KPI system provides a registration mechanism for service modules. After
the modules register, the system collects service data at the specific collection
time through periodic collection and storage interfaces.
2. When the collection period of a service module expires, the KPI system
invokes the module to collect data. The module converts the collected data
into a desired KPI packet format and saves the data on the main control
board through the interface provided by the KPI system.
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 784
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
3. The KPI parsing tool parses the file based on a predefined format and
converts the file into an Excel one.
KPI Categories
KPIs are categorized as access service, traffic monitoring, system, unexpected
packet loss, resource. The monitoring period can be 1, 5, 10, 15, or 30 minutes. At
present, components (for example, NP and TM), services (for example, QoS), and
boards (for example, main control boards and interface boards) support KPI
collection.
Table 1-104 provides KPI examples.
Table 1-104 KPI examples
KPI KPI Board KPI KPI Monit Collec Repor Incre
Categ Sub- Collec oring ted ting menta
ory categ tion Period When Condit l/Total
ory Object CPU/ ion
Memo
ry
Usage
Is
Highe
r Than
70%
Traffic Physic Interfa GE0/1/ Inbou 5 No Report Increm
monit al ce 0 nd minut ed ental
oring interfa board Multic es when
ce ast the
Packet thresh
old
30,000
is
reache
d
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 785
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
KPI KPI Board KPI KPI Monit Collec Repor Incre
Categ Sub- Collec oring ted ting menta
ory categ tion Period When Condit l/Total
ory Object CPU/ ion
Memo
ry
Usage
Is
Highe
r Than
70%
Traffic Physic Interfa GE0/1/ Dropp 15 No Report Total
policin al ce 0 acket, minut ed
g interfa board Passra es when
ce te, an
and interfa
Dropra ce
te runs
(The traffic.
three
indicat
ors
can be
collect
ed for
an
entire
interfa
ce or
for
each
of the
eight
priorit
y
queue
s.)
Access Numb Main Numb Total 15 No Always Total
service er of contro er of numb minut report
access l access er es ed
users board users
suppor suppor
ted by ted by
a a
device device
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 786
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
KPI KPI Board KPI KPI Monit Collec Repor Incre
Categ Sub- Collec oring ted ting menta
ory categ tion Period When Condit l/Total
ory Object CPU/ ion
Memo
ry
Usage
Is
Highe
r Than
70%
Syste Messa Main messa LCM-2 30 Yes Report Total
m ge contro ge- minut ed
queue l queue es only
board CurLe when
n the
thresh
old is
exceed
ed
Unexp Physic Interfa GE0/1/ Inbou 5 No Report Increm
ected al ce 0 nd minut ed ental
packet interfa board Discar es when
loss ce ded the
Packet thresh
s old
300 is
reache
d
Resour QoS Interfa User- Inbou 30 No Report Total
ce resour ce Queue nd minut ed
ce board TM0 Alloca es upon
quanti ted chang
ty: N Numb es
(N ≤ er
16)
Available KPI reporting modes are as follows:
● Always: always reported
● Change report: reported upon changes
● Over threshold: reported when the threshold is reached
KPI Parsing Rules
KPI log files in the CF card are stored in binary format. Each file consists of the
following parts:
● File header
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 787
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
For details about the header format of the .dat file, see Table 1-105.
● Data file
– Packet header
For details about the packet header format, see Table 1-106.
– Data packet
For details about the packet format, see Table 1-107.
Table 1-108 describes the file format output after the system parses the source
file according to the data formats in Table 1-105, Table 1-106, and Table 1-107.
Table 1-105 Format of the KPI file header
Structure Definition Bytes Remarks
Header Start delimiter 4 0x05050505
Data content 2 NAME_LEN+4
length
Reserved 4 0
Header check 2 CRC check
(reserved)
Data T: type 2 0: NE name
content
L:V length 2 1-255
(NAME_LEN)
V:name NAME_LEN RO3-X16
(character string)
Tail End delimiter 4 0xa0a0a0a0
Table 1-106 Format of the KPI packet header
Structure Definition Bytes Remarks
Record Data collection 4 For example, the number of
header time seconds elapsed from
00:00:00 of January 1, 1970
Slot ID 2 In the case of 0x0, "global"
should be displayed.
Module ID 2 Query the module name in
the configuration file
according to the module ID.
Count data length 2 -
Storage format 1 The KPI collection version is 1.
version
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 788
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
Structure Definition Bytes Remarks
Reserved 1 -
Collection period 2 -
Table 1-107 Format of the KPI data packet
KPI Object Packet Format
KPI object KPI-object T USHORT
1
L UCHAR
V -
KPI quantity N - USHORT
KPI 1 KPI- T USHORT
indicator
L UCHAR
V -
KPI_VAL Seventh ● 0: increment
UE bit ● 1: total number
attribute
4 to 6 KPI-Value precision
bits Indicates that the KPI-
VALUE is the nth power
of 10 of the actual value.
0 to 3 Number of valid bytes in
bits KPI-Value
KPI- - -
Value
KPI 2
KPI...
KPI N
KPI object -
2
KPI -
object...
KPI object -
N
End 0xFFFF
delimiter
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 789
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
NOTE
The involved byte order is network order.
Table 1-108 Post-parsing data modes
D L F C Ve D C S M K K K K K T I R T K U
e o il o rsi a h l o P P P P P y n e h P n
vi o e ll on t a o d I- I- I- I- I- p t c r I- it
c p T e e s t u C S o I N e e o e V
e B y c T si l l u b D a r r s a
N a p t i s e a b j m v d h l
a c e D m s C e e a M o u
m k a e s l c l o l e
e I t a t d d
P e s e
s
H 1. K 2 V8 2 0 1 C S C C 2 C T 3 A N 6 %
U 1. P 0 00 0 P y P P 5 P o 0 l A
A 1. I 1 R0 1 U st U U 0 U t 0 w
W 1 L 7 22 7 P e U 8 U al a
E O / C0 - m s 8 s y
I G 4 0S 0 a a s
/ PC 4 g g
2 60 - e e
7 0 2
7
1
4:
4
7:
4
9
+
0
0:
0
0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 790
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
D L F C Ve D C S M K K K K K T I R T K U
e o il o rsi a h l o P P P P P y n e h P n
vi o e ll on t a o d I- I- I- I- I- p t c r I- it
c p T e e s t u C S o I N e e o e V
e B y c T si l l u b D a r r s a
N a p t i s e a b j m v d h l
a c e D m s C e e a M o u
m k a e s l c l o l e
e I t a t d d
P e s e
s
H 1. K 2 V8 2 0 1 M S M M 2 M T 3 A N 1 %
U 1. P 0 00 0 E y e e 5 e o 0 l A 6
A 1. I 1 R0 1 M st m m 0 m t 0 w
W 1 L 7 22 7 P e o o 8 o al a
E O / C0 - m r r 9 r y
I G 4 0S 0 y y y s
/ PC 4 U U
2 60 - s s
7 0 2 a a
7 g g
1 e e
4:
4
8:
4
9
+
0
0:
0
0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 791
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
D L F C Ve D C S M K K K K K T I R T K U
e o il o rsi a h l o P P P P P y n e h P n
vi o e ll on t a o d I- I- I- I- I- p t c r I- it
c p T e e s t u C S o I N e e o e V
e B y c T si l l u b D a r r s a
N a p t i s e a b j m v d h l
a c e D m s C e e a M o u
m k a e s l c l o l e
e I t a t d d
P e s e
s
H 1. K 2 V8 2 0 1 C S C C 2 C T 3 A N 6 %
U 1. P 0 00 0 P y P P 5 P o 0 l A
A 1. I 1 R0 1 U st U U 0 U t 0 w
W 1 L 7 22 7 P e U 8 U al a
E O / C0 - m s 8 s y
I G 4 0S 0 a a s
/ PC 4 g g
2 60 - e e
7 0 2
7
1
4:
4
9:
4
9
+
0
0:
0
0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 792
HUAWEI NetEngine 8100 M14/M8, NetEngine 8000
M14K/M14/M8K/M8/M4 & NetEngine 8000E
M14/M8 series
Configuration Guide 1 Configuration
D L F C Ve D C S M K K K K K T I R T K U
e o il o rsi a h l o P P P P P y n e h P n
vi o e ll on t a o d I- I- I- I- I- p t c r I- it
c p T e e s t u C S o I N e e o e V
e B y c T si l l u b D a r r s a
N a p t i s e a b j m v d h l
a c e D m s C e e a M o u
m k a e s l c l o l e
e I t a t d d
P e s e
s
H 1. K 2 V8 2 0 1 M S M M 2 M T 3 A N 1 %
U 1. P 0 00 0 E y e e 5 e o 0 l A 6
A 1. I 1 R0 1 M st m m 0 m t 0 w
W 1 L 7 22 7 P e o o 8 o al a
E O / C0 - m r r 9 r y
I G 4 0S 0 y y y s
/ PC 4 U U
2 60 - s s
7 0 2 a a
7 g g
1 e e
4:
5
0:
4
9
+
0
0:
0
0
Issue 01 (2022-10-31) Copyright © Huawei Technologies Co., Ltd. 793
You might also like
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 02 System ManagementNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 02 System Management825 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 01 Basic ConfigurationNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 01 Basic Configuration347 pages
- NE9000 V800R023C00SPC500 Configuration Guide 02 System ManagementNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 02 System Management607 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 05 LAN Access and MAN AccessNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 05 LAN Access and MAN Access1,578 pages
- NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 17 System MonitorNo ratings yetNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 17 System Monitor1,105 pages
- NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 22 Value-Added ServicesNo ratings yetNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 22 Value-Added Services167 pages
- NE40E V800R022C00 Configuration Guide 01 Basic ConfigurationNo ratings yetNE40E V800R022C00 Configuration Guide 01 Basic Configuration425 pages
- NetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 22 Value-Added ServicesNo ratings yetNetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 22 Value-Added Services185 pages
- NE9000 V800R022C00 Configuration Guide 01 Basic ConfigurationNo ratings yetNE9000 V800R022C00 Configuration Guide 01 Basic Configuration408 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 09 IP MulticastNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 09 IP Multicast2,237 pages
- NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 20 NAT and IPv6 TransitionNo ratings yetNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 20 NAT and IPv6 Transition622 pages
- NetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 20 NAT and IPv6 TransitionNo ratings yetNetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 20 NAT and IPv6 Transition842 pages
- NE5000E V800R022C00SPC500 Configuration Guide 02 System ManagementNo ratings yetNE5000E V800R022C00SPC500 Configuration Guide 02 System Management455 pages
- NetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 21 Virtual Cluster ChassisNo ratings yetNetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 21 Virtual Cluster Chassis4 pages
- NE9000 V800R023C00SPC500 Configuration Guide 01 Basic ConfigurationNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 01 Basic Configuration400 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 06 WAN AccessNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 06 WAN Access401 pages
- NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 19 User AccessNo ratings yetNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 19 User Access1,745 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 07 IP ServicesNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 07 IP Services751 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 03 Network ReliabilityNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 03 Network Reliability1,353 pages
- NetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 19 User AccessNo ratings yetNetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 19 User Access1,823 pages
- NetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 04 Interface and Data LinkNo ratings yetNetEngine 8000 M14, M8 and M4 V800R023C00SPC500 Configuration Guide 04 Interface and Data Link207 pages
- NE20E-S V800R022C00SPC600 Configuration Guide 01 Basic ConfigurationNo ratings yetNE20E-S V800R022C00SPC600 Configuration Guide 01 Basic Configuration422 pages
- NE5000E V800R022C00SPC500 Configuration Guide 01 Basic ConfigurationNo ratings yetNE5000E V800R022C00SPC500 Configuration Guide 01 Basic Configuration384 pages
- NE9000 V800R023C00SPC500 Configuration Guide 12 Application AwarenessNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 12 Application Awareness54 pages
- NetEngine 8000 F1A V800R022C10 Product DescriptionNo ratings yetNetEngine 8000 F1A V800R022C10 Product Description21 pages
- NE9000 V800R023C00SPC500 Configuration Guide 18 System MonitorNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 18 System Monitor687 pages
- NE9000 V800R023C00SPC500 Configuration Guide 17 SecurityNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 17 Security578 pages
- NetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 23 Security Hardening GuideNo ratings yetNetEngine 8000 M14K, M14, M8K, M8, M4, 8000E M14 M8, 8100 M14 M8 V800R022C00SPC600 Configuration Guide 23 Security Hardening Guide226 pages
- NE9000 V800R023C00SPC500 Configuration Guide 07 IP ServicesNo ratings yetNE9000 V800R023C00SPC500 Configuration Guide 07 IP Services483 pages
- NetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 23 Security Hardening GuideNo ratings yetNetEngine 8000 M14, M8 and M4 V800R022C10 Configuration Guide 23 Security Hardening Guide230 pages
- Automotive and Industrial Control Units: M - CAN Protocol Controller IP For CAN (FD)100% (1)Automotive and Industrial Control Units: M - CAN Protocol Controller IP For CAN (FD)2 pages
- Momentum Technologies: Data Centre SolutionsNo ratings yetMomentum Technologies: Data Centre Solutions15 pages
- Computer Assignment Packet Tracer FilesNo ratings yetComputer Assignment Packet Tracer Files18 pages
- 1.APN Settings in Jailbroken Iphone 3GSNo ratings yet1.APN Settings in Jailbroken Iphone 3GS18 pages
- Connect Allen Bradley PLC to NI OPC ServersNo ratings yetConnect Allen Bradley PLC to NI OPC Servers7 pages
- Application Layer - Computer Networks Questions & Answers - SanfoundryNo ratings yetApplication Layer - Computer Networks Questions & Answers - Sanfoundry8 pages
- SMTP Injection Via Recipient Email Addresses: MBSD Technical WhitepaperNo ratings yetSMTP Injection Via Recipient Email Addresses: MBSD Technical Whitepaper17 pages
- CyberArk Privileged Account Security Overview100% (2)CyberArk Privileged Account Security Overview8 pages
- 5G Cellular Technology: Basic Concept and Network ArchitectureNo ratings yet5G Cellular Technology: Basic Concept and Network Architecture4 pages
